Update October 2023
This commit is contained in:
parent
35df3f655c
commit
5e84854492
|
@ -58,7 +58,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -71,7 +71,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/systemrw/` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -73,10 +73,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -102,30 +102,28 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `/messageboard/view.php` | High
|
||||
17 | File | `/mhds/clinic/view_details.php` | High
|
||||
18 | File | `/mkshop/Men/profile.php` | High
|
||||
19 | File | `/modules/profile/index.php` | High
|
||||
20 | File | `/Noxen-master/users.php` | High
|
||||
21 | File | `/one_church/userregister.php` | High
|
||||
22 | File | `/out.php` | Medium
|
||||
23 | File | `/owa/auth/logon.aspx` | High
|
||||
24 | File | `/public/plugins/` | High
|
||||
25 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
26 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
28 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
29 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
30 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
|
||||
31 | File | `/textpattern/index.php` | High
|
||||
32 | File | `/upfile.cgi` | Medium
|
||||
33 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
34 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
35 | File | `4.edu.php` | Medium
|
||||
36 | File | `account_footer.php` | High
|
||||
37 | File | `adclick.php` | Medium
|
||||
38 | File | `add_edit_cat.asp` | High
|
||||
39 | File | `add_edit_user.asp` | High
|
||||
40 | ... | ... | ...
|
||||
19 | File | `/Noxen-master/users.php` | High
|
||||
20 | File | `/one_church/userregister.php` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/owa/auth/logon.aspx` | High
|
||||
23 | File | `/public/plugins/` | High
|
||||
24 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
25 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
27 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
28 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
|
||||
29 | File | `/textpattern/index.php` | High
|
||||
30 | File | `/upfile.cgi` | Medium
|
||||
31 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
32 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
33 | File | `4.edu.php` | Medium
|
||||
34 | File | `account_footer.php` | High
|
||||
35 | File | `adclick.php` | Medium
|
||||
36 | File | `add_edit_cat.asp` | High
|
||||
37 | File | `add_edit_user.asp` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 342 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -44,7 +44,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -40,6 +40,9 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1222 | CWE-276 | Permission Issues | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -49,10 +52,10 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/admin-profile.php` | High
|
||||
2 | File | `/search.php` | Medium
|
||||
3 | File | `index.php` | Medium
|
||||
3 | File | `/Tool/uploadfile.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 8 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ The following _campaigns_ are known and can be associated with APT28:
|
|||
|
||||
* Carberp
|
||||
* CVE-2022-30190
|
||||
* Fysbis
|
||||
* CVE-2023-38831
|
||||
* ...
|
||||
|
||||
There are 4 more campaign items available. Please use our online service to access the data.
|
||||
There are 5 more campaign items available. Please use our online service to access the data.
|
||||
|
||||
## Countries
|
||||
|
||||
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -84,7 +84,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
50 | [80.255.3.93](https://vuldb.com/?ip.80.255.3.93) | - | - | High
|
||||
51 | ... | ... | ... | ...
|
||||
|
||||
There are 198 more IOC items available. Please use our online service to access the data.
|
||||
There are 201 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -92,10 +92,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -107,68 +107,74 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/admin/subnets/ripe-query.php` | High
|
||||
3 | File | `/apply.cgi` | Medium
|
||||
4 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
5 | File | `/dashboard/updatelogo.php` | High
|
||||
6 | File | `/debug/pprof` | Medium
|
||||
7 | File | `/etc/openshift/server_priv.pem` | High
|
||||
8 | File | `/export` | Low
|
||||
9 | File | `/file?action=download&file` | High
|
||||
10 | File | `/hardware` | Medium
|
||||
11 | File | `/index.php` | Medium
|
||||
12 | File | `/librarian/bookdetails.php` | High
|
||||
13 | File | `/messageboard/view.php` | High
|
||||
14 | File | `/mgmt/tm/util/bash` | High
|
||||
15 | File | `/mkshop/Men/profile.php` | High
|
||||
16 | File | `/modules/projects/vw_files.php` | High
|
||||
17 | File | `/monitoring` | Medium
|
||||
18 | File | `/MTFWU` | Low
|
||||
19 | File | `/Noxen-master/users.php` | High
|
||||
20 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
21 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
22 | File | `/plugins/servlet/audit/resource` | High
|
||||
23 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
24 | File | `/REBOOTSYSTEM` | High
|
||||
25 | File | `/replication` | Medium
|
||||
26 | File | `/RestAPI` | Medium
|
||||
27 | File | `/servlet/webacc` | High
|
||||
28 | File | `/textpattern/index.php` | High
|
||||
29 | File | `/tmp/zarafa-vacation-*` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/upload` | Low
|
||||
32 | File | `/user/loader.php?api=1` | High
|
||||
33 | File | `/usr/bin/at` | Medium
|
||||
34 | File | `/var/log/nginx` | High
|
||||
35 | File | `/var/run/watchman.pid` | High
|
||||
36 | File | `/viewer/krpano.html` | High
|
||||
37 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
38 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
39 | File | `20review.asp` | Medium
|
||||
40 | File | `account.asp` | Medium
|
||||
41 | File | `ActivityManagerService.java` | High
|
||||
42 | File | `additem.asp` | Medium
|
||||
43 | File | `admin.a6mambocredits.php` | High
|
||||
44 | File | `admin.cropcanvas.php` | High
|
||||
45 | File | `admin.joomlaradiov5.php` | High
|
||||
46 | File | `admin.php` | Medium
|
||||
47 | File | `admin.remository.php` | High
|
||||
48 | File | `admin/addons/archive/archive.php` | High
|
||||
49 | File | `adminAvatars.php` | High
|
||||
50 | File | `AdxDSrv.exe` | Medium
|
||||
51 | ... | ... | ...
|
||||
1 | File | `/Admin/add-student.php` | High
|
||||
2 | File | `/admin/maintenance/view_designation.php` | High
|
||||
3 | File | `/admin/subnets/ripe-query.php` | High
|
||||
4 | File | `/api/v1/attack` | High
|
||||
5 | File | `/apply.cgi` | Medium
|
||||
6 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||
7 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
8 | File | `/classes/Master.php` | High
|
||||
9 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
10 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
11 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
12 | File | `/dashboard/updatelogo.php` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/etc/openshift/server_priv.pem` | High
|
||||
15 | File | `/export` | Low
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/goform/P2pListFilter` | High
|
||||
18 | File | `/goform/setSysAdm` | High
|
||||
19 | File | `/hardware` | Medium
|
||||
20 | File | `/hrm/controller/employee.php` | High
|
||||
21 | File | `/index.php` | Medium
|
||||
22 | File | `/kelas/data` | Medium
|
||||
23 | File | `/librarian/bookdetails.php` | High
|
||||
24 | File | `/login.php` | Medium
|
||||
25 | File | `/login/index.php` | High
|
||||
26 | File | `/messageboard/view.php` | High
|
||||
27 | File | `/mgmt/tm/util/bash` | High
|
||||
28 | File | `/mkshop/Men/profile.php` | High
|
||||
29 | File | `/modules/projects/vw_files.php` | High
|
||||
30 | File | `/MTFWU` | Low
|
||||
31 | File | `/mygym/admin/login.php` | High
|
||||
32 | File | `/Noxen-master/users.php` | High
|
||||
33 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
34 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
35 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
36 | File | `/release-x64/otfccdump` | High
|
||||
37 | File | `/servlet/webacc` | High
|
||||
38 | File | `/setNTP.cgi` | Medium
|
||||
39 | File | `/setting/setDeviceName` | High
|
||||
40 | File | `/SysManage/AddUpdateRole.aspx` | High
|
||||
41 | File | `/textpattern/index.php` | High
|
||||
42 | File | `/tmp/zarafa-vacation-*` | High
|
||||
43 | File | `/uncpath/` | Medium
|
||||
44 | File | `/upload` | Low
|
||||
45 | File | `/user/loader.php?api=1` | High
|
||||
46 | File | `/usr/bin/at` | Medium
|
||||
47 | File | `/var/log/nginx` | High
|
||||
48 | File | `/var/run/chrony` | High
|
||||
49 | File | `/var/run/watchman.pid` | High
|
||||
50 | File | `/view-property.php` | High
|
||||
51 | File | `/viewer/krpano.html` | High
|
||||
52 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
53 | File | `/xpdf/GfxState.cc` | High
|
||||
54 | File | `20review.asp` | Medium
|
||||
55 | ... | ... | ...
|
||||
|
||||
There are 439 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 479 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
|
||||
* https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/
|
||||
* https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/
|
||||
* https://blog.sekoia.io/apt28-leverages-multiple-phishing-techniques-to-target-ukrainian-civil-society/
|
||||
* https://cert.gov.ua/article/40102
|
||||
* https://cert.gov.ua/article/5702579
|
||||
* https://community.blueliv.com/#!/s/5f6b482482df413eb5350d3b
|
||||
* https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf
|
||||
* https://github.com/blackorbird/APT_REPORT/blob/master/APT28/IOC/2019-04-05-ioc-mark.txt
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -70,7 +70,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -79,52 +79,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/alphaware/summary.php` | High
|
||||
9 | File | `/api/` | Low
|
||||
10 | File | `/api/admin/store/product/list` | High
|
||||
11 | File | `/api/baskets/{name}` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/attachments` | Medium
|
||||
15 | File | `/bin/ate` | Medium
|
||||
16 | File | `/boat/login.php` | High
|
||||
17 | File | `/book-services.php` | High
|
||||
18 | File | `/booking/show_bookings/` | High
|
||||
19 | File | `/bsms_ci/index.php/book` | High
|
||||
20 | File | `/cgi-bin` | Medium
|
||||
21 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
24 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
25 | File | `/dashboard/add-blog.php` | High
|
||||
26 | File | `/debug/pprof` | Medium
|
||||
27 | File | `/DXR.axd` | Medium
|
||||
28 | File | `/en/blog-comment-4` | High
|
||||
29 | File | `/env` | Low
|
||||
30 | File | `/etc/hosts` | Medium
|
||||
31 | File | `/forum/away.php` | High
|
||||
32 | File | `/goform/setmac` | High
|
||||
33 | File | `/goform/wizard_end` | High
|
||||
34 | File | `/group1/uploa` | High
|
||||
35 | File | `/h/` | Low
|
||||
36 | File | `/manage-apartment.php` | High
|
||||
37 | File | `/medicines/profile.php` | High
|
||||
38 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
39 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
40 | File | `/owa/auth/logon.aspx` | High
|
||||
41 | File | `/pages/apply_vacancy.php` | High
|
||||
42 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
43 | File | `/project/PROJECTNAME/reports/` | High
|
||||
44 | File | `/proxy` | Low
|
||||
45 | ... | ... | ...
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/doctors.php` | High
|
||||
6 | File | `/admin/submit-articles` | High
|
||||
7 | File | `/alphaware/summary.php` | High
|
||||
8 | File | `/api/` | Low
|
||||
9 | File | `/api/admin/store/product/list` | High
|
||||
10 | File | `/api/baskets/{name}` | High
|
||||
11 | File | `/api/stl/actions/search` | High
|
||||
12 | File | `/api/v2/cli/commands` | High
|
||||
13 | File | `/attachments` | Medium
|
||||
14 | File | `/bin/ate` | Medium
|
||||
15 | File | `/boat/login.php` | High
|
||||
16 | File | `/book-services.php` | High
|
||||
17 | File | `/booking/show_bookings/` | High
|
||||
18 | File | `/bsms_ci/index.php/book` | High
|
||||
19 | File | `/cgi-bin` | Medium
|
||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
21 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
22 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
23 | File | `/dashboard/add-blog.php` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/DXR.axd` | Medium
|
||||
26 | File | `/en/blog-comment-4` | High
|
||||
27 | File | `/env` | Low
|
||||
28 | File | `/etc/hosts` | Medium
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/goform/setmac` | High
|
||||
31 | File | `/goform/wizard_end` | High
|
||||
32 | File | `/group1/uploa` | High
|
||||
33 | File | `/h/` | Low
|
||||
34 | File | `/medicines/profile.php` | High
|
||||
35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
36 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
37 | File | `/owa/auth/logon.aspx` | High
|
||||
38 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
39 | File | `/project/PROJECTNAME/reports/` | High
|
||||
40 | File | `/proxy` | Low
|
||||
41 | File | `/reservation/add_message.php` | High
|
||||
42 | File | `/resources//../` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 372 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -64,7 +64,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -49,7 +49,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `admin/index.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 20 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -96,7 +96,7 @@ ID | Type | Indicator | Confidence
|
|||
43 | File | `/out.php` | Medium
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -165,10 +165,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
There are 25 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -190,37 +190,34 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/authenticationendpoint/login.do` | High
|
||||
13 | File | `/billing/home.php` | High
|
||||
14 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
15 | File | `/cgi-bin/wapopen` | High
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/cgi.cgi` | Medium
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/cgi.cgi` | Medium
|
||||
17 | File | `/classes/Users.php` | High
|
||||
18 | File | `/collection/all` | High
|
||||
19 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
20 | File | `/ctcprotocol/Protocol` | High
|
||||
21 | File | `/dashboard/add-blog.php` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/dottie.js` | Medium
|
||||
24 | File | `/DXR.axd` | Medium
|
||||
25 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
26 | File | `/env` | Low
|
||||
27 | File | `/files/` | Low
|
||||
22 | File | `/dottie.js` | Medium
|
||||
23 | File | `/DXR.axd` | Medium
|
||||
24 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
25 | File | `/env` | Low
|
||||
26 | File | `/files/` | Low
|
||||
27 | File | `/forms/doLogin` | High
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/getcfg.php` | Medium
|
||||
30 | File | `/group1/uploa` | High
|
||||
31 | File | `/h/autoSaveDraft` | High
|
||||
32 | File | `/home/cavesConsole` | High
|
||||
33 | File | `/importexport.php` | High
|
||||
34 | File | `/index.php` | Medium
|
||||
35 | File | `/index.php/sysmanage/Login/login_auth/` | High
|
||||
36 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
37 | File | `/index.php?page=member` | High
|
||||
38 | File | `/items/search` | High
|
||||
39 | File | `/jurusanmatkul/data` | High
|
||||
40 | File | `/log/decodmail.php` | High
|
||||
41 | File | `/log/webmailattach.php` | High
|
||||
42 | File | `/login.php?do=login` | High
|
||||
43 | ... | ... | ...
|
||||
29 | File | `/group1/uploa` | High
|
||||
30 | File | `/h/autoSaveDraft` | High
|
||||
31 | File | `/home/cavesConsole` | High
|
||||
32 | File | `/importexport.php` | High
|
||||
33 | File | `/index.php` | Medium
|
||||
34 | File | `/index.php/sysmanage/Login/login_auth/` | High
|
||||
35 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
36 | File | `/items/search` | High
|
||||
37 | File | `/jurusanmatkul/data` | High
|
||||
38 | File | `/librarian/bookdetails.php` | High
|
||||
39 | File | `/log/decodmail.php` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 374 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -27,44 +27,45 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
4 | [5.42.64.33](https://vuldb.com/?ip.5.42.64.33) | - | - | High
|
||||
5 | [5.42.64.45](https://vuldb.com/?ip.5.42.64.45) | - | - | High
|
||||
6 | [5.42.65.1](https://vuldb.com/?ip.5.42.65.1) | - | - | High
|
||||
7 | [5.42.65.80](https://vuldb.com/?ip.5.42.65.80) | - | - | High
|
||||
8 | [5.42.92.67](https://vuldb.com/?ip.5.42.92.67) | - | - | High
|
||||
9 | [5.75.139.35](https://vuldb.com/?ip.5.75.139.35) | static.35.139.75.5.clients.your-server.de | - | High
|
||||
10 | [5.182.4.47](https://vuldb.com/?ip.5.182.4.47) | - | - | High
|
||||
11 | [5.188.118.7](https://vuldb.com/?ip.5.188.118.7) | - | - | High
|
||||
12 | [23.106.215.95](https://vuldb.com/?ip.23.106.215.95) | - | - | High
|
||||
13 | [31.41.244.15](https://vuldb.com/?ip.31.41.244.15) | - | - | High
|
||||
14 | [31.41.244.17](https://vuldb.com/?ip.31.41.244.17) | - | - | High
|
||||
15 | [31.41.244.60](https://vuldb.com/?ip.31.41.244.60) | - | - | High
|
||||
16 | [31.41.244.146](https://vuldb.com/?ip.31.41.244.146) | - | - | High
|
||||
17 | [31.41.244.158](https://vuldb.com/?ip.31.41.244.158) | - | - | High
|
||||
18 | [31.41.244.167](https://vuldb.com/?ip.31.41.244.167) | - | - | High
|
||||
19 | [31.41.244.200](https://vuldb.com/?ip.31.41.244.200) | - | - | High
|
||||
20 | [31.41.244.237](https://vuldb.com/?ip.31.41.244.237) | - | - | High
|
||||
21 | [37.220.87.85](https://vuldb.com/?ip.37.220.87.85) | ipn-37-220-87-85.artem-catv.ru | - | High
|
||||
22 | [45.9.74.5](https://vuldb.com/?ip.45.9.74.5) | - | - | High
|
||||
23 | [45.9.74.70](https://vuldb.com/?ip.45.9.74.70) | - | - | High
|
||||
24 | [45.9.74.80](https://vuldb.com/?ip.45.9.74.80) | - | - | High
|
||||
25 | [45.9.74.141](https://vuldb.com/?ip.45.9.74.141) | - | - | High
|
||||
26 | [45.9.74.164](https://vuldb.com/?ip.45.9.74.164) | - | - | High
|
||||
27 | [45.9.74.166](https://vuldb.com/?ip.45.9.74.166) | - | - | High
|
||||
28 | [45.9.74.182](https://vuldb.com/?ip.45.9.74.182) | - | - | High
|
||||
29 | [45.15.156.216](https://vuldb.com/?ip.45.15.156.216) | - | - | High
|
||||
30 | [45.32.200.113](https://vuldb.com/?ip.45.32.200.113) | 45.32.200.113.vultrusercontent.com | - | High
|
||||
31 | [45.66.230.123](https://vuldb.com/?ip.45.66.230.123) | - | - | High
|
||||
32 | [45.155.7.60](https://vuldb.com/?ip.45.155.7.60) | 7-60.static.ipcserver.net | - | High
|
||||
33 | [45.155.205.172](https://vuldb.com/?ip.45.155.205.172) | - | - | High
|
||||
34 | [45.227.255.49](https://vuldb.com/?ip.45.227.255.49) | - | - | High
|
||||
35 | [46.17.96.36](https://vuldb.com/?ip.46.17.96.36) | - | - | High
|
||||
36 | [49.12.117.51](https://vuldb.com/?ip.49.12.117.51) | static.51.117.12.49.clients.your-server.de | - | High
|
||||
37 | [49.13.60.242](https://vuldb.com/?ip.49.13.60.242) | static.242.60.13.49.clients.your-server.de | - | High
|
||||
38 | [62.182.156.152](https://vuldb.com/?ip.62.182.156.152) | - | - | High
|
||||
39 | [62.204.41.4](https://vuldb.com/?ip.62.204.41.4) | - | - | High
|
||||
40 | [62.204.41.5](https://vuldb.com/?ip.62.204.41.5) | - | - | High
|
||||
41 | [62.204.41.6](https://vuldb.com/?ip.62.204.41.6) | - | - | High
|
||||
42 | ... | ... | ... | ...
|
||||
7 | [5.42.65.28](https://vuldb.com/?ip.5.42.65.28) | - | - | High
|
||||
8 | [5.42.65.80](https://vuldb.com/?ip.5.42.65.80) | - | - | High
|
||||
9 | [5.42.92.67](https://vuldb.com/?ip.5.42.92.67) | - | - | High
|
||||
10 | [5.75.139.35](https://vuldb.com/?ip.5.75.139.35) | static.35.139.75.5.clients.your-server.de | - | High
|
||||
11 | [5.182.4.47](https://vuldb.com/?ip.5.182.4.47) | - | - | High
|
||||
12 | [5.188.118.7](https://vuldb.com/?ip.5.188.118.7) | - | - | High
|
||||
13 | [23.106.215.95](https://vuldb.com/?ip.23.106.215.95) | - | - | High
|
||||
14 | [31.41.244.15](https://vuldb.com/?ip.31.41.244.15) | - | - | High
|
||||
15 | [31.41.244.17](https://vuldb.com/?ip.31.41.244.17) | - | - | High
|
||||
16 | [31.41.244.60](https://vuldb.com/?ip.31.41.244.60) | - | - | High
|
||||
17 | [31.41.244.146](https://vuldb.com/?ip.31.41.244.146) | - | - | High
|
||||
18 | [31.41.244.158](https://vuldb.com/?ip.31.41.244.158) | - | - | High
|
||||
19 | [31.41.244.167](https://vuldb.com/?ip.31.41.244.167) | - | - | High
|
||||
20 | [31.41.244.200](https://vuldb.com/?ip.31.41.244.200) | - | - | High
|
||||
21 | [31.41.244.237](https://vuldb.com/?ip.31.41.244.237) | - | - | High
|
||||
22 | [37.220.87.85](https://vuldb.com/?ip.37.220.87.85) | ipn-37-220-87-85.artem-catv.ru | - | High
|
||||
23 | [45.9.74.5](https://vuldb.com/?ip.45.9.74.5) | - | - | High
|
||||
24 | [45.9.74.70](https://vuldb.com/?ip.45.9.74.70) | - | - | High
|
||||
25 | [45.9.74.80](https://vuldb.com/?ip.45.9.74.80) | - | - | High
|
||||
26 | [45.9.74.141](https://vuldb.com/?ip.45.9.74.141) | - | - | High
|
||||
27 | [45.9.74.164](https://vuldb.com/?ip.45.9.74.164) | - | - | High
|
||||
28 | [45.9.74.166](https://vuldb.com/?ip.45.9.74.166) | - | - | High
|
||||
29 | [45.9.74.182](https://vuldb.com/?ip.45.9.74.182) | - | - | High
|
||||
30 | [45.15.156.216](https://vuldb.com/?ip.45.15.156.216) | - | - | High
|
||||
31 | [45.32.200.113](https://vuldb.com/?ip.45.32.200.113) | 45.32.200.113.vultrusercontent.com | - | High
|
||||
32 | [45.66.230.123](https://vuldb.com/?ip.45.66.230.123) | - | - | High
|
||||
33 | [45.155.7.60](https://vuldb.com/?ip.45.155.7.60) | 7-60.static.ipcserver.net | - | High
|
||||
34 | [45.155.205.172](https://vuldb.com/?ip.45.155.205.172) | - | - | High
|
||||
35 | [45.227.255.49](https://vuldb.com/?ip.45.227.255.49) | - | - | High
|
||||
36 | [46.17.96.36](https://vuldb.com/?ip.46.17.96.36) | - | - | High
|
||||
37 | [49.12.117.51](https://vuldb.com/?ip.49.12.117.51) | static.51.117.12.49.clients.your-server.de | - | High
|
||||
38 | [49.13.60.242](https://vuldb.com/?ip.49.13.60.242) | static.242.60.13.49.clients.your-server.de | - | High
|
||||
39 | [62.182.156.152](https://vuldb.com/?ip.62.182.156.152) | - | - | High
|
||||
40 | [62.204.41.4](https://vuldb.com/?ip.62.204.41.4) | - | - | High
|
||||
41 | [62.204.41.5](https://vuldb.com/?ip.62.204.41.5) | - | - | High
|
||||
42 | [62.204.41.6](https://vuldb.com/?ip.62.204.41.6) | - | - | High
|
||||
43 | ... | ... | ... | ...
|
||||
|
||||
There are 163 more IOC items available. Please use our online service to access the data.
|
||||
There are 166 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -73,7 +74,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
|
@ -88,52 +89,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin/about-us.php` | High
|
||||
4 | File | `/admin/sys_sql_query.php` | High
|
||||
5 | File | `/api/baskets/{name}` | High
|
||||
6 | File | `/api/download` | High
|
||||
7 | File | `/api/stl/actions/search` | High
|
||||
8 | File | `/bin/ate` | Medium
|
||||
9 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
10 | File | `/booking/show_bookings/` | High
|
||||
11 | File | `/category.php` | High
|
||||
12 | File | `/cgi-bin` | Medium
|
||||
13 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
1 | File | `/admin/about-us.php` | High
|
||||
2 | File | `/admin/save.php` | High
|
||||
3 | File | `/admin/sys_sql_query.php` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/api/download` | High
|
||||
6 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
7 | File | `/bin/ate` | Medium
|
||||
8 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
9 | File | `/booking/show_bookings/` | High
|
||||
10 | File | `/category.php` | High
|
||||
11 | File | `/categorypage.php` | High
|
||||
12 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
13 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
14 | File | `/company/store` | High
|
||||
15 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
16 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
17 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
18 | File | `/csms/?page=contact_us` | High
|
||||
19 | File | `/dashboard/add-blog.php` | High
|
||||
20 | File | `/dcim/rack-roles/` | High
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/env` | Low
|
||||
23 | File | `/etc/passwd` | Medium
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/env` | Low
|
||||
22 | File | `/etc/passwd` | Medium
|
||||
23 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/group1/uploa` | High
|
||||
26 | File | `/h/` | Low
|
||||
27 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
27 | File | `/HNAP1` | Low
|
||||
28 | File | `/index.php` | Medium
|
||||
29 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
30 | File | `/index.php?page=category_list` | High
|
||||
31 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
32 | File | `/jobinfo/` | Medium
|
||||
33 | File | `/kelas/data` | Medium
|
||||
34 | File | `/Moosikay/order.php` | High
|
||||
35 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
36 | File | `/PreviewHandler.ashx` | High
|
||||
37 | File | `/recipe-result` | High
|
||||
38 | File | `/register.do` | Medium
|
||||
39 | File | `/resources//../` | High
|
||||
40 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
43 | File | `/staff/edit_book_details.php` | High
|
||||
30 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
31 | File | `/jobinfo/` | Medium
|
||||
32 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
33 | File | `/recipe-result` | High
|
||||
34 | File | `/register.do` | Medium
|
||||
35 | File | `/resources//../` | High
|
||||
36 | File | `/RPS2019Service/status.html` | High
|
||||
37 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
38 | File | `/sicweb-ajax/tmproot/` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
41 | File | `/staff/edit_book_details.php` | High
|
||||
42 | File | `/student/bookdetails.php` | High
|
||||
43 | File | `/SysManage/AddUpdateRole.aspx` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -141,6 +142,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://app.any.run/tasks/02899dcc-a26c-407a-b60c-3944a135f441
|
||||
* https://app.any.run/tasks/057f15c5-864c-4535-b8af-70405ead5fcd
|
||||
* https://app.any.run/tasks/5ef5240d-27b8-42f9-a436-f8b3e81308e2
|
||||
* https://app.any.run/tasks/6b4a52a0-4bbe-4c57-a196-a7c0e3425220
|
||||
* https://app.any.run/tasks/25aa27e9-a9e9-40cc-9152-d0373b9c7ebb
|
||||
* https://app.any.run/tasks/44ace516-679d-4a45-9c23-b3641ff4a094
|
||||
|
@ -154,6 +156,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://threatfox.abuse.ch
|
||||
* https://threatvector.cylance.com/en_us/home/threat-spotlight-amadey-bot.html
|
||||
* https://tracker.viriback.com/index.php?q=5.42.65.1
|
||||
* https://tracker.viriback.com/index.php?q=5.42.65.28
|
||||
* https://tracker.viriback.com/index.php?q=5.42.65.80
|
||||
* https://tracker.viriback.com/index.php?q=5.75.139.35
|
||||
* https://tracker.viriback.com/index.php?q=31.41.244.146
|
||||
|
@ -206,6 +209,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://tracker.viriback.com/index.php?q=77.91.68.78
|
||||
* https://tracker.viriback.com/index.php?q=77.91.78.118
|
||||
* https://tracker.viriback.com/index.php?q=77.91.78.242
|
||||
* https://tracker.viriback.com/index.php?q=77.91.124.1
|
||||
* https://tracker.viriback.com/index.php?q=77.91.124.20
|
||||
* https://tracker.viriback.com/index.php?q=77.91.124.207
|
||||
* https://tracker.viriback.com/index.php?q=77.91.124.242
|
||||
|
@ -214,6 +218,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://tracker.viriback.com/index.php?q=79.137.203.59
|
||||
* https://tracker.viriback.com/index.php?q=83.217.11.7
|
||||
* https://tracker.viriback.com/index.php?q=85.31.45.199
|
||||
* https://tracker.viriback.com/index.php?q=85.209.11.199
|
||||
* https://tracker.viriback.com/index.php?q=85.209.135.11
|
||||
* https://tracker.viriback.com/index.php?q=85.209.135.109
|
||||
* https://tracker.viriback.com/index.php?q=87.121.47.63
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -629,14 +629,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -647,58 +647,58 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/cashadvance_row.php` | High
|
||||
5 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/admin/report/index.php` | High
|
||||
8 | File | `/admin/sys_sql_query.php` | High
|
||||
9 | File | `/admin/userprofile.php` | High
|
||||
10 | File | `/api/baskets/{name}` | High
|
||||
11 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
12 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
13 | File | `/cgi-bin/wapopen` | High
|
||||
14 | File | `/classes/Master.php?f=delete_service` | High
|
||||
15 | File | `/classes/Master.php?f=save_course` | High
|
||||
16 | File | `/company/store` | High
|
||||
17 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
18 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
19 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
20 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
21 | File | `/etc/passwd` | Medium
|
||||
22 | File | `/feeds/post/publish` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/h/` | Low
|
||||
25 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
26 | File | `/inc/topBarNav.php` | High
|
||||
27 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
28 | File | `/index.php?page=category_list` | High
|
||||
29 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
30 | File | `/jobinfo/` | Medium
|
||||
31 | File | `/Moosikay/order.php` | High
|
||||
32 | File | `/opac/Actions.php?a=login` | High
|
||||
33 | File | `/PreviewHandler.ashx` | High
|
||||
34 | File | `/public/launchNewWindow.jsp` | High
|
||||
35 | File | `/recipe-result` | High
|
||||
36 | File | `/register.do` | Medium
|
||||
37 | File | `/reservation/add_message.php` | High
|
||||
38 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | File | `/student/bookdetails.php` | High
|
||||
41 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
|
||||
42 | File | `/uploads/exam_question/` | High
|
||||
43 | File | `/user/ticket/create` | High
|
||||
44 | File | `/user/updatePwd` | High
|
||||
45 | File | `/UserSelfServiceSettings.jsp` | High
|
||||
46 | File | `/var/lib/docker/<remapping>` | High
|
||||
47 | File | `/wp-admin/admin-ajax.php` | High
|
||||
48 | File | `/xxl-job-admin/user/add` | High
|
||||
49 | File | `a-forms.php` | Medium
|
||||
50 | File | `activenews_view.asp` | High
|
||||
51 | File | `adclick.php` | Medium
|
||||
52 | File | `admin.a6mambocredits.php` | High
|
||||
4 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
5 | File | `/admin/maintenance/view_designation.php` | High
|
||||
6 | File | `/admin/save.php` | High
|
||||
7 | File | `/admin/sys_sql_query.php` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/download` | High
|
||||
10 | File | `/api/runscript` | High
|
||||
11 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/category.php` | High
|
||||
14 | File | `/categorypage.php` | High
|
||||
15 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
16 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
17 | File | `/classes/Master.php?f=delete_service` | High
|
||||
18 | File | `/classes/Master.php?f=save_course` | High
|
||||
19 | File | `/company/store` | High
|
||||
20 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
21 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
22 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
23 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
24 | File | `/etc/passwd` | Medium
|
||||
25 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
26 | File | `/feeds/post/publish` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/h/` | Low
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
31 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
32 | File | `/index.php?page=category_list` | High
|
||||
33 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
34 | File | `/jobinfo/` | Medium
|
||||
35 | File | `/Moosikay/order.php` | High
|
||||
36 | File | `/opac/Actions.php?a=login` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/PreviewHandler.ashx` | High
|
||||
39 | File | `/recipe-result` | High
|
||||
40 | File | `/register.do` | Medium
|
||||
41 | File | `/reservation/add_message.php` | High
|
||||
42 | File | `/RPS2019Service/status.html` | High
|
||||
43 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
44 | File | `/sicweb-ajax/tmproot/` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | File | `/student/bookdetails.php` | High
|
||||
47 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
|
||||
48 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
|
||||
49 | File | `/uploads/exam_question/` | High
|
||||
50 | File | `/user/ticket/create` | High
|
||||
51 | File | `/UserSelfServiceSettings.jsp` | High
|
||||
52 | File | `/var/lib/docker/<remapping>` | High
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 460 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 461 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Azorult:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,20 +21,90 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
2 | [23.106.124.148](https://vuldb.com/?ip.23.106.124.148) | - | - | High
|
||||
3 | [23.221.227.176](https://vuldb.com/?ip.23.221.227.176) | a23-221-227-176.deploy.static.akamaitechnologies.com | - | High
|
||||
4 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
|
||||
5 | [37.140.192.153](https://vuldb.com/?ip.37.140.192.153) | scp59.hosting.reg.ru | - | High
|
||||
6 | [37.140.192.166](https://vuldb.com/?ip.37.140.192.166) | scp46.hosting.reg.ru | - | High
|
||||
7 | [45.76.18.39](https://vuldb.com/?ip.45.76.18.39) | 45.76.18.39.vultrusercontent.com | - | High
|
||||
8 | [45.139.236.14](https://vuldb.com/?ip.45.139.236.14) | - | - | High
|
||||
9 | [45.140.147.214](https://vuldb.com/?ip.45.140.147.214) | vm1329418.stark-industries.solutions | - | High
|
||||
10 | [46.183.220.70](https://vuldb.com/?ip.46.183.220.70) | - | - | High
|
||||
11 | [46.183.221.76](https://vuldb.com/?ip.46.183.221.76) | ip-221-76.dataclub.info | - | High
|
||||
12 | ... | ... | ... | ...
|
||||
1 | [3.104.54.134](https://vuldb.com/?ip.3.104.54.134) | ec2-3-104-54-134.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
2 | [3.122.247.28](https://vuldb.com/?ip.3.122.247.28) | ec2-3-122-247-28.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
3 | [3.123.254.92](https://vuldb.com/?ip.3.123.254.92) | ec2-3-123-254-92.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
4 | [3.126.249.36](https://vuldb.com/?ip.3.126.249.36) | ec2-3-126-249-36.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
5 | [5.8.88.26](https://vuldb.com/?ip.5.8.88.26) | - | - | High
|
||||
6 | [5.8.88.74](https://vuldb.com/?ip.5.8.88.74) | - | - | High
|
||||
7 | [5.8.88.90](https://vuldb.com/?ip.5.8.88.90) | - | - | High
|
||||
8 | [5.8.88.107](https://vuldb.com/?ip.5.8.88.107) | - | - | High
|
||||
9 | [5.8.88.144](https://vuldb.com/?ip.5.8.88.144) | - | - | High
|
||||
10 | [5.23.55.170](https://vuldb.com/?ip.5.23.55.170) | 112152-garant222.tmweb.ru | - | High
|
||||
11 | [5.34.177.120](https://vuldb.com/?ip.5.34.177.120) | unallocated.layer6.net | - | High
|
||||
12 | [5.39.218.162](https://vuldb.com/?ip.5.39.218.162) | - | - | High
|
||||
13 | [5.45.77.6](https://vuldb.com/?ip.5.45.77.6) | - | - | High
|
||||
14 | [5.56.134.65](https://vuldb.com/?ip.5.56.134.65) | - | - | High
|
||||
15 | [5.152.206.196](https://vuldb.com/?ip.5.152.206.196) | h5-152-206-196.host.redstation.co.uk | - | High
|
||||
16 | [5.188.60.41](https://vuldb.com/?ip.5.188.60.41) | - | - | High
|
||||
17 | [5.188.231.68](https://vuldb.com/?ip.5.188.231.68) | lax.4729 | - | High
|
||||
18 | [5.188.231.156](https://vuldb.com/?ip.5.188.231.156) | free.ds | - | High
|
||||
19 | [5.188.231.247](https://vuldb.com/?ip.5.188.231.247) | - | - | High
|
||||
20 | [5.188.231.253](https://vuldb.com/?ip.5.188.231.253) | - | - | High
|
||||
21 | [5.200.47.181](https://vuldb.com/?ip.5.200.47.181) | - | - | High
|
||||
22 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
23 | [13.229.153.16](https://vuldb.com/?ip.13.229.153.16) | ec2-13-229-153-16.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
24 | [15.236.142.224](https://vuldb.com/?ip.15.236.142.224) | ec2-15-236-142-224.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
25 | [18.159.53.170](https://vuldb.com/?ip.18.159.53.170) | ec2-18-159-53-170.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
26 | [18.185.149.145](https://vuldb.com/?ip.18.185.149.145) | ec2-18-185-149-145.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
27 | [18.192.122.2](https://vuldb.com/?ip.18.192.122.2) | ec2-18-192-122-2.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
28 | [18.216.84.23](https://vuldb.com/?ip.18.216.84.23) | ec2-18-216-84-23.us-east-2.compute.amazonaws.com | - | Medium
|
||||
29 | [18.218.130.236](https://vuldb.com/?ip.18.218.130.236) | ec2-18-218-130-236.us-east-2.compute.amazonaws.com | - | Medium
|
||||
30 | [18.220.44.88](https://vuldb.com/?ip.18.220.44.88) | ec2-18-220-44-88.us-east-2.compute.amazonaws.com | - | Medium
|
||||
31 | [20.36.46.115](https://vuldb.com/?ip.20.36.46.115) | - | - | High
|
||||
32 | [23.94.253.124](https://vuldb.com/?ip.23.94.253.124) | cbs.propause.bar | - | High
|
||||
33 | [23.95.88.121](https://vuldb.com/?ip.23.95.88.121) | aguug.fkjr121.glerlium.cfd | - | High
|
||||
34 | [23.106.122.215](https://vuldb.com/?ip.23.106.122.215) | - | - | High
|
||||
35 | [23.106.124.148](https://vuldb.com/?ip.23.106.124.148) | - | - | High
|
||||
36 | [23.106.160.1](https://vuldb.com/?ip.23.106.160.1) | v2013.er01.dal.ubiquity.io | - | High
|
||||
37 | [23.221.227.176](https://vuldb.com/?ip.23.221.227.176) | a23-221-227-176.deploy.static.akamaitechnologies.com | - | High
|
||||
38 | [23.247.102.18](https://vuldb.com/?ip.23.247.102.18) | pyprak.munisten.com | - | High
|
||||
39 | [23.249.162.26](https://vuldb.com/?ip.23.249.162.26) | - | - | High
|
||||
40 | [23.249.162.163](https://vuldb.com/?ip.23.249.162.163) | - | - | High
|
||||
41 | [31.148.220.50](https://vuldb.com/?ip.31.148.220.50) | - | - | High
|
||||
42 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
|
||||
43 | [35.228.218.42](https://vuldb.com/?ip.35.228.218.42) | 42.218.228.35.bc.googleusercontent.com | - | Medium
|
||||
44 | [37.0.10.51](https://vuldb.com/?ip.37.0.10.51) | - | - | High
|
||||
45 | [37.44.212.156](https://vuldb.com/?ip.37.44.212.156) | - | - | High
|
||||
46 | [37.46.150.14](https://vuldb.com/?ip.37.46.150.14) | - | - | High
|
||||
47 | [37.49.225.167](https://vuldb.com/?ip.37.49.225.167) | - | - | High
|
||||
48 | [37.49.225.178](https://vuldb.com/?ip.37.49.225.178) | - | - | High
|
||||
49 | [37.49.225.194](https://vuldb.com/?ip.37.49.225.194) | - | - | High
|
||||
50 | [37.97.190.174](https://vuldb.com/?ip.37.97.190.174) | 37-97-190-174.colo.transip.net | - | High
|
||||
51 | [37.140.192.153](https://vuldb.com/?ip.37.140.192.153) | scp59.hosting.reg.ru | - | High
|
||||
52 | [37.140.192.166](https://vuldb.com/?ip.37.140.192.166) | scp46.hosting.reg.ru | - | High
|
||||
53 | [38.68.39.209](https://vuldb.com/?ip.38.68.39.209) | - | - | High
|
||||
54 | [45.14.50.207](https://vuldb.com/?ip.45.14.50.207) | - | - | High
|
||||
55 | [45.56.89.165](https://vuldb.com/?ip.45.56.89.165) | 45-56-89-165.ip.linodeusercontent.com | - | High
|
||||
56 | [45.56.100.248](https://vuldb.com/?ip.45.56.100.248) | 45-56-100-248.ip.linodeusercontent.com | - | High
|
||||
57 | [45.56.106.128](https://vuldb.com/?ip.45.56.106.128) | 45-56-106-128.ip.linodeusercontent.com | - | High
|
||||
58 | [45.67.14.179](https://vuldb.com/?ip.45.67.14.179) | - | - | High
|
||||
59 | [45.67.14.181](https://vuldb.com/?ip.45.67.14.181) | - | - | High
|
||||
60 | [45.76.18.39](https://vuldb.com/?ip.45.76.18.39) | 45.76.18.39.vultrusercontent.com | - | High
|
||||
61 | [45.80.149.68](https://vuldb.com/?ip.45.80.149.68) | - | - | High
|
||||
62 | [45.81.226.17](https://vuldb.com/?ip.45.81.226.17) | vm4511296.34ssd.had.wf | - | High
|
||||
63 | [45.95.147.64](https://vuldb.com/?ip.45.95.147.64) | - | - | High
|
||||
64 | [45.95.168.162](https://vuldb.com/?ip.45.95.168.162) | server2.allianttgroup.com | - | High
|
||||
65 | [45.137.22.58](https://vuldb.com/?ip.45.137.22.58) | hosted-by.rootlayer.net | - | High
|
||||
66 | [45.139.236.14](https://vuldb.com/?ip.45.139.236.14) | - | - | High
|
||||
67 | [45.140.146.18](https://vuldb.com/?ip.45.140.146.18) | node.28 | - | High
|
||||
68 | [45.140.147.214](https://vuldb.com/?ip.45.140.147.214) | vm1329418.stark-industries.solutions | - | High
|
||||
69 | [45.145.185.26](https://vuldb.com/?ip.45.145.185.26) | - | - | High
|
||||
70 | [45.145.185.73](https://vuldb.com/?ip.45.145.185.73) | - | - | High
|
||||
71 | [45.145.185.111](https://vuldb.com/?ip.45.145.185.111) | - | - | High
|
||||
72 | [45.145.185.253](https://vuldb.com/?ip.45.145.185.253) | - | - | High
|
||||
73 | [45.147.228.74](https://vuldb.com/?ip.45.147.228.74) | - | - | High
|
||||
74 | [45.147.230.200](https://vuldb.com/?ip.45.147.230.200) | - | - | High
|
||||
75 | [45.153.203.81](https://vuldb.com/?ip.45.153.203.81) | - | - | High
|
||||
76 | [45.156.22.167](https://vuldb.com/?ip.45.156.22.167) | - | - | High
|
||||
77 | [46.17.43.102](https://vuldb.com/?ip.46.17.43.102) | - | - | High
|
||||
78 | [46.183.220.70](https://vuldb.com/?ip.46.183.220.70) | - | - | High
|
||||
79 | [46.183.221.76](https://vuldb.com/?ip.46.183.221.76) | ip-221-76.dataclub.info | - | High
|
||||
80 | [46.183.222.66](https://vuldb.com/?ip.46.183.222.66) | ip-222-66.dataclub.info | - | High
|
||||
81 | [46.183.223.7](https://vuldb.com/?ip.46.183.223.7) | ip-223-7.dataclub.info | - | High
|
||||
82 | ... | ... | ... | ...
|
||||
|
||||
There are 42 more IOC items available. Please use our online service to access the data.
|
||||
There are 325 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -42,12 +112,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -58,67 +128,73 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin/ajax.php` | High
|
||||
3 | File | `/admin/ajax.php?action=save_window` | High
|
||||
4 | File | `/admin/article.php` | High
|
||||
5 | File | `/admin/countrymanagement.php` | High
|
||||
6 | File | `/admin/deluser.php` | High
|
||||
7 | File | `/admin/transactions/track_shipment.php` | High
|
||||
8 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
|
||||
9 | File | `/admin/user/manage_user.php` | High
|
||||
10 | File | `/administration/settings_registration.php` | High
|
||||
11 | File | `/administration/theme.php` | High
|
||||
12 | File | `/ajax-files/postComment.php` | High
|
||||
13 | File | `/alert_check/action=delete_alert_checker/alert_test_id` | High
|
||||
14 | File | `/auparse/auparse.c` | High
|
||||
15 | File | `/aux` | Low
|
||||
16 | File | `/BindAccount/SuccessTips.js` | High
|
||||
17 | File | `/categorypage.php` | High
|
||||
18 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
19 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
20 | File | `/classes/Master.php` | High
|
||||
21 | File | `/collection/all` | High
|
||||
22 | File | `/config/list` | Medium
|
||||
23 | File | `/data/syslog.filter.json` | High
|
||||
24 | File | `/data/wps.setup.json` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/goform/QuickIndex` | High
|
||||
27 | File | `/goform/SetInternetLanInfo` | High
|
||||
28 | File | `/goform/setMacFilterCfg` | High
|
||||
29 | File | `/goform/SetNetControlList` | High
|
||||
30 | File | `/goform/WifiBasicSet` | High
|
||||
31 | File | `/home.php` | Medium
|
||||
32 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
33 | File | `/index.php` | Medium
|
||||
34 | File | `/iwgallery/pictures/details.asp` | High
|
||||
35 | File | `/list_temp_photo_pin_upload.php` | High
|
||||
36 | File | `/login.php` | Medium
|
||||
37 | File | `/manage/network-basic.php` | High
|
||||
38 | File | `/medical/inventories.php` | High
|
||||
39 | File | `/news-portal-script/information.php` | High
|
||||
40 | File | `/nova/bin/console` | High
|
||||
41 | File | `/pages.php` | Medium
|
||||
42 | File | `/pages/save_user.php` | High
|
||||
43 | File | `/patient/doctors.php` | High
|
||||
44 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||
45 | File | `/print.php` | Medium
|
||||
46 | File | `/public/login.htm` | High
|
||||
47 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
48 | File | `/rom-0` | Low
|
||||
49 | File | `/searchpin.php` | High
|
||||
50 | File | `/services/Card/findUser` | High
|
||||
51 | File | `/showfile.php` | High
|
||||
52 | File | `/show_group_members.php` | High
|
||||
53 | File | `/timeline2.php` | High
|
||||
54 | File | `/uncpath/` | Medium
|
||||
55 | File | `/uno/central.php` | High
|
||||
56 | File | `/user/profile` | High
|
||||
57 | File | `/user/ticket/create` | High
|
||||
58 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
59 | ... | ... | ...
|
||||
1 | File | `/?ajax-request=jnews` | High
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
4 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
5 | File | `/admin/?page=user/list` | High
|
||||
6 | File | `/admin/?page=user/manage` | High
|
||||
7 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
8 | File | `/admin/about-us.php` | High
|
||||
9 | File | `/admin/add-new.php` | High
|
||||
10 | File | `/admin/del_category.php` | High
|
||||
11 | File | `/admin/del_service.php` | High
|
||||
12 | File | `/admin/doctors.php` | High
|
||||
13 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
14 | File | `/admin/edit-services.php` | High
|
||||
15 | File | `/admin/edit_category.php` | High
|
||||
16 | File | `/admin/edit_subject.php` | High
|
||||
17 | File | `/admin/forgot-password.php` | High
|
||||
18 | File | `/admin/index.php` | High
|
||||
19 | File | `/admin/index3.php` | High
|
||||
20 | File | `/admin/login.php` | High
|
||||
21 | File | `/admin/products/manage_product.php` | High
|
||||
22 | File | `/admin/reg.php` | High
|
||||
23 | File | `/admin/search-appointment.php` | High
|
||||
24 | File | `/admin/sys_sql_query.php` | High
|
||||
25 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
26 | File | `/alphaware/summary.php` | High
|
||||
27 | File | `/api/` | Low
|
||||
28 | File | `/api/admin/store/product/list` | High
|
||||
29 | File | `/api/baskets/{name}` | High
|
||||
30 | File | `/api/stl/actions/search` | High
|
||||
31 | File | `/api/v2/cli/commands` | High
|
||||
32 | File | `/appliance/users?action=edit` | High
|
||||
33 | File | `/backup.pl` | Medium
|
||||
34 | File | `/bin/ate` | Medium
|
||||
35 | File | `/blog` | Low
|
||||
36 | File | `/boat/login.php` | High
|
||||
37 | File | `/booking/show_bookings/` | High
|
||||
38 | File | `/bsms_ci/index.php/book` | High
|
||||
39 | File | `/cgi-bin` | Medium
|
||||
40 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
41 | File | `/collection/all` | High
|
||||
42 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
43 | File | `/dashboard/add-blog.php` | High
|
||||
44 | File | `/debug/pprof` | Medium
|
||||
45 | File | `/dipam/athlete-profile.php` | High
|
||||
46 | File | `/DXR.axd` | Medium
|
||||
47 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
48 | File | `/edoc/doctor/patient.php` | High
|
||||
49 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
50 | File | `/env` | Low
|
||||
51 | File | `/forum/away.php` | High
|
||||
52 | File | `/fusion/portal/action/Link` | High
|
||||
53 | File | `/group1/uploa` | High
|
||||
54 | File | `/h/autoSaveDraft` | High
|
||||
55 | File | `/importexport.php` | High
|
||||
56 | File | `/index.php` | Medium
|
||||
57 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
58 | File | `/kelasdosen/data` | High
|
||||
59 | File | `/listplace/user/coverPhotoUpdate` | High
|
||||
60 | File | `/loginsave.php` | High
|
||||
61 | File | `/medicines/profile.php` | High
|
||||
62 | File | `/mhds/clinic/view_details.php` | High
|
||||
63 | File | `/osm/REGISTER.cmd` | High
|
||||
64 | File | `/out.php` | Medium
|
||||
65 | ... | ... | ...
|
||||
|
||||
There are 517 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 569 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LU](https://vuldb.com/?country.lu)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -44,7 +44,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -59,61 +59,63 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
3 | File | `/academy/home/courses` | High
|
||||
4 | File | `/act/ActDao.xml` | High
|
||||
5 | File | `/ad-list` | Medium
|
||||
4 | File | `/ad-list` | Medium
|
||||
5 | File | `/admin/?page=bike` | High
|
||||
6 | File | `/admin/?page=user/list` | High
|
||||
7 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
8 | File | `/admin/article/article-edit-run.php` | High
|
||||
9 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
10 | File | `/admin/edit-services.php` | High
|
||||
11 | File | `/admin/edit_product.php` | High
|
||||
12 | File | `/admin/index.php` | High
|
||||
13 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
14 | File | `/admin/modal_add_product.php` | High
|
||||
15 | File | `/admin/project/update/2` | High
|
||||
16 | File | `/admin/reg.php` | High
|
||||
8 | File | `/admin/ajax.php?action=confirm_order` | High
|
||||
9 | File | `/admin/article/article-edit-run.php` | High
|
||||
10 | File | `/admin/cms_admin.php` | High
|
||||
11 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
12 | File | `/admin/edit-services.php` | High
|
||||
13 | File | `/admin/edit_product.php` | High
|
||||
14 | File | `/admin/index.php` | High
|
||||
15 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
16 | File | `/admin/leancloud.php` | High
|
||||
17 | File | `/admin/sys_sql_query.php` | High
|
||||
18 | File | `/admin/test_status.php` | High
|
||||
19 | File | `/admin/upload.php` | High
|
||||
20 | File | `/admin/userprofile.php` | High
|
||||
21 | File | `/admin/vote_edit.php` | High
|
||||
22 | File | `/api/baskets/{name}` | High
|
||||
23 | File | `/api/sys/login` | High
|
||||
24 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
25 | File | `/author_posts.php` | High
|
||||
26 | File | `/bin/ate` | Medium
|
||||
27 | File | `/bin/sh` | Low
|
||||
18 | File | `/admin/TemplateController.java` | High
|
||||
19 | File | `/admin/test_status.php` | High
|
||||
20 | File | `/admin/upload.php` | High
|
||||
21 | File | `/admin/userprofile.php` | High
|
||||
22 | File | `/admin/vote_edit.php` | High
|
||||
23 | File | `/api/baskets/{name}` | High
|
||||
24 | File | `/api/sys/login` | High
|
||||
25 | File | `/api/sys/set_passwd` | High
|
||||
26 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
27 | File | `/autheditpwd.php` | High
|
||||
28 | File | `/blog` | Low
|
||||
29 | File | `/blog-single.php` | High
|
||||
30 | File | `/booking/show_bookings/` | High
|
||||
31 | File | `/browse` | Low
|
||||
30 | File | `/browse` | Low
|
||||
31 | File | `/cgi-bin/` | Medium
|
||||
32 | File | `/chaincity/user/ticket/create` | High
|
||||
33 | File | `/change-language/de_DE` | High
|
||||
33 | File | `/changePassword` | High
|
||||
34 | File | `/classes/Master.php?f=delete_category` | High
|
||||
35 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
36 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
37 | File | `/classes/Master.php?f=save_item` | High
|
||||
38 | File | `/collection/all` | High
|
||||
39 | File | `/company/store` | High
|
||||
40 | File | `/config` | Low
|
||||
41 | File | `/contact.php` | Medium
|
||||
42 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
43 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
44 | File | `/dashboard/add-blog.php` | High
|
||||
45 | File | `/debug/pprof` | Medium
|
||||
46 | File | `/dipam/save-delegates.php` | High
|
||||
47 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
|
||||
48 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
49 | File | `/ecommerce/support_ticket` | High
|
||||
50 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
51 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
|
||||
52 | File | `/file` | Low
|
||||
53 | File | `/file/upload/1` | High
|
||||
54 | File | `/find-a-match` | High
|
||||
55 | File | `/forum/away.php` | High
|
||||
56 | ... | ... | ...
|
||||
36 | File | `/collection/all` | High
|
||||
37 | File | `/company/store` | High
|
||||
38 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
39 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
40 | File | `/course/filterRecords/` | High
|
||||
41 | File | `/dashboard/add-blog.php` | High
|
||||
42 | File | `/debug/pprof` | Medium
|
||||
43 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
|
||||
44 | File | `/edit_user.php` | High
|
||||
45 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
46 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
|
||||
47 | File | `/file/upload/1` | High
|
||||
48 | File | `/find-a-match` | High
|
||||
49 | File | `/forum/away.php` | High
|
||||
50 | File | `/friends` | Medium
|
||||
51 | File | `/friends/ajax_invite` | High
|
||||
52 | File | `/fusion/portal/action/Link` | High
|
||||
53 | File | `/goform/SetSysTimeCfg` | High
|
||||
54 | File | `/group1/uploa` | High
|
||||
55 | File | `/home/courses` | High
|
||||
56 | File | `/home/filter_listings` | High
|
||||
57 | File | `/home/search` | Medium
|
||||
58 | ... | ... | ...
|
||||
|
||||
There are 492 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 511 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BazarBackdoor:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -174,13 +171,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -192,49 +188,49 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/admin/adclass.php` | High
|
||||
3 | File | `/admin/students/view_details.php` | High
|
||||
4 | File | `/ajax-files/followBoard.php` | High
|
||||
5 | File | `/ajax.php?action=read_msg` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/upload.php` | High
|
||||
8 | File | `/api?path=profile` | High
|
||||
9 | File | `/auth/callback` | High
|
||||
10 | File | `/authenticationendpoint/login.do` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/cgi.cgi` | Medium
|
||||
13 | File | `/ci_spms/admin/search/searching/` | High
|
||||
14 | File | `/classes/Master.php?f=save_brand` | High
|
||||
15 | File | `/collection/all` | High
|
||||
16 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
17 | File | `/ctcprotocol/Protocol` | High
|
||||
18 | File | `/DXR.axd` | Medium
|
||||
19 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
20 | File | `/etc/pki/pesign` | High
|
||||
21 | File | `/files/` | Low
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goform/setportList` | High
|
||||
24 | File | `/goform/set_LimitClient_cfg` | High
|
||||
25 | File | `/graphql` | Medium
|
||||
26 | File | `/h/autoSaveDraft` | High
|
||||
27 | File | `/home/cavesConsole` | High
|
||||
28 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
29 | File | `/index.php?page=member` | High
|
||||
30 | File | `/jurusanmatkul/data` | High
|
||||
31 | File | `/log/decodmail.php` | High
|
||||
32 | File | `/login.php?do=login` | High
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
35 | File | `/public/login.htm` | High
|
||||
36 | File | `/QueryView.php` | High
|
||||
37 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
38 | File | `/romfile.cfg` | Medium
|
||||
39 | File | `/scripts/unlock_tasks.php` | High
|
||||
40 | File | `/search.php` | Medium
|
||||
41 | File | `/sitecore/shell/Invoke.aspx` | High
|
||||
42 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
3 | File | `/admin/admin-profile.php` | High
|
||||
4 | File | `/admin/sales/view_details.php` | High
|
||||
5 | File | `/admin/students/view_details.php` | High
|
||||
6 | File | `/ajax-files/followBoard.php` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/api/cron/settings/setJob/` | High
|
||||
9 | File | `/api/v1/snapshots` | High
|
||||
10 | File | `/audit/log/log_management.php` | High
|
||||
11 | File | `/auth/callback` | High
|
||||
12 | File | `/authenticationendpoint/login.do` | High
|
||||
13 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/cgi.cgi` | Medium
|
||||
16 | File | `/classes/Users.php` | High
|
||||
17 | File | `/collection/all` | High
|
||||
18 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
19 | File | `/ctcprotocol/Protocol` | High
|
||||
20 | File | `/dottie.js` | Medium
|
||||
21 | File | `/DXR.axd` | Medium
|
||||
22 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
23 | File | `/env` | Low
|
||||
24 | File | `/files/` | Low
|
||||
25 | File | `/forms/doLogin` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/goform/setportList` | High
|
||||
28 | File | `/h/autoSaveDraft` | High
|
||||
29 | File | `/home/cavesConsole` | High
|
||||
30 | File | `/index.php` | Medium
|
||||
31 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
32 | File | `/index.php?page=member` | High
|
||||
33 | File | `/jurusanmatkul/data` | High
|
||||
34 | File | `/librarian/bookdetails.php` | High
|
||||
35 | File | `/log/decodmail.php` | High
|
||||
36 | File | `/log/webmailattach.php` | High
|
||||
37 | File | `/login.php?do=login` | High
|
||||
38 | File | `/php-opos/index.php` | High
|
||||
39 | File | `/public/login.htm` | High
|
||||
40 | File | `/QueryView.php` | High
|
||||
41 | File | `/recreate.php` | High
|
||||
42 | File | `/romfile.cfg` | Medium
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 371 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 370 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -23,110 +23,118 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.59.254.29](https://vuldb.com/?ip.2.59.254.29) | - | - | High
|
||||
2 | [3.72.105.50](https://vuldb.com/?ip.3.72.105.50) | ec2-3-72-105-50.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
3 | [3.82.108.57](https://vuldb.com/?ip.3.82.108.57) | ec2-3-82-108-57.compute-1.amazonaws.com | - | Medium
|
||||
4 | [3.109.108.143](https://vuldb.com/?ip.3.109.108.143) | ec2-3-109-108-143.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
5 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
6 | [3.236.161.7](https://vuldb.com/?ip.3.236.161.7) | ec2-3-236-161-7.compute-1.amazonaws.com | - | Medium
|
||||
7 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
8 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
|
||||
9 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
|
||||
10 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
|
||||
11 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
|
||||
12 | [5.181.20.110](https://vuldb.com/?ip.5.181.20.110) | - | - | High
|
||||
13 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
|
||||
14 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
|
||||
15 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
|
||||
16 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
|
||||
17 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
|
||||
18 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
|
||||
19 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
|
||||
20 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
|
||||
21 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
|
||||
22 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
|
||||
23 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
|
||||
24 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
|
||||
25 | [5.255.123.19](https://vuldb.com/?ip.5.255.123.19) | - | - | High
|
||||
26 | [13.38.36.123](https://vuldb.com/?ip.13.38.36.123) | ec2-13-38-36-123.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
27 | [13.38.37.128](https://vuldb.com/?ip.13.38.37.128) | ec2-13-38-37-128.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
28 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
29 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
30 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
31 | [13.212.116.128](https://vuldb.com/?ip.13.212.116.128) | ec2-13-212-116-128.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
32 | [13.215.227.78](https://vuldb.com/?ip.13.215.227.78) | ec2-13-215-227-78.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
33 | [13.215.228.73](https://vuldb.com/?ip.13.215.228.73) | ec2-13-215-228-73.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
34 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
35 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
36 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
37 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
|
||||
38 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
39 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
40 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
|
||||
41 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
|
||||
42 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
|
||||
43 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
|
||||
44 | [23.106.215.47](https://vuldb.com/?ip.23.106.215.47) | - | - | High
|
||||
45 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
|
||||
46 | [23.163.0.32](https://vuldb.com/?ip.23.163.0.32) | gods-cible.hotelalder.com | - | High
|
||||
47 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
|
||||
48 | [23.163.0.50](https://vuldb.com/?ip.23.163.0.50) | nordns.crowncloud.net | - | High
|
||||
49 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
|
||||
50 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
|
||||
51 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
|
||||
52 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
|
||||
53 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
|
||||
54 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
|
||||
55 | [23.227.203.245](https://vuldb.com/?ip.23.227.203.245) | 23-227-203-245.static.hvvc.us | - | High
|
||||
56 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
|
||||
57 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
|
||||
58 | [34.207.174.202](https://vuldb.com/?ip.34.207.174.202) | ec2-34-207-174-202.compute-1.amazonaws.com | - | Medium
|
||||
59 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
|
||||
60 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
61 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
62 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
63 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
64 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
65 | [37.1.220.35](https://vuldb.com/?ip.37.1.220.35) | - | - | High
|
||||
66 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
|
||||
67 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
|
||||
68 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
|
||||
69 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
|
||||
70 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
|
||||
71 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
|
||||
72 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
|
||||
73 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
|
||||
74 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
|
||||
75 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
|
||||
76 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
|
||||
77 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
|
||||
78 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
|
||||
79 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
|
||||
80 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
81 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
|
||||
82 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
|
||||
83 | [45.45.219.118](https://vuldb.com/?ip.45.45.219.118) | - | - | High
|
||||
84 | [45.56.162.16](https://vuldb.com/?ip.45.56.162.16) | sand-162016.sandartery.com | - | High
|
||||
85 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
|
||||
86 | [45.58.52.123](https://vuldb.com/?ip.45.58.52.123) | - | - | High
|
||||
87 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
|
||||
88 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
|
||||
89 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
|
||||
90 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
|
||||
91 | [45.80.151.49](https://vuldb.com/?ip.45.80.151.49) | - | - | High
|
||||
92 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
|
||||
93 | [45.82.153.168](https://vuldb.com/?ip.45.82.153.168) | - | - | High
|
||||
94 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
|
||||
95 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
|
||||
96 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
|
||||
97 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
|
||||
98 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
|
||||
99 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
|
||||
100 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
|
||||
101 | [45.128.156.43](https://vuldb.com/?ip.45.128.156.43) | buyetcapp.store | - | High
|
||||
102 | [45.134.174.99](https://vuldb.com/?ip.45.134.174.99) | dedicated.vsys.host | - | High
|
||||
103 | [45.138.172.80](https://vuldb.com/?ip.45.138.172.80) | - | - | High
|
||||
104 | ... | ... | ... | ...
|
||||
3 | [3.81.68.30](https://vuldb.com/?ip.3.81.68.30) | ec2-3-81-68-30.compute-1.amazonaws.com | - | Medium
|
||||
4 | [3.82.108.57](https://vuldb.com/?ip.3.82.108.57) | ec2-3-82-108-57.compute-1.amazonaws.com | - | Medium
|
||||
5 | [3.109.108.143](https://vuldb.com/?ip.3.109.108.143) | ec2-3-109-108-143.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
6 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
7 | [3.236.161.7](https://vuldb.com/?ip.3.236.161.7) | ec2-3-236-161-7.compute-1.amazonaws.com | - | Medium
|
||||
8 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
9 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
|
||||
10 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
|
||||
11 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
|
||||
12 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
|
||||
13 | [5.181.20.110](https://vuldb.com/?ip.5.181.20.110) | - | - | High
|
||||
14 | [5.182.39.10](https://vuldb.com/?ip.5.182.39.10) | vps.hostry.com | - | High
|
||||
15 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
|
||||
16 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
|
||||
17 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
|
||||
18 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
|
||||
19 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
|
||||
20 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
|
||||
21 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
|
||||
22 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
|
||||
23 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
|
||||
24 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
|
||||
25 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
|
||||
26 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
|
||||
27 | [5.255.123.19](https://vuldb.com/?ip.5.255.123.19) | - | - | High
|
||||
28 | [13.38.36.123](https://vuldb.com/?ip.13.38.36.123) | ec2-13-38-36-123.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
29 | [13.38.37.128](https://vuldb.com/?ip.13.38.37.128) | ec2-13-38-37-128.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
30 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
31 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
32 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
33 | [13.212.116.128](https://vuldb.com/?ip.13.212.116.128) | ec2-13-212-116-128.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
34 | [13.215.227.78](https://vuldb.com/?ip.13.215.227.78) | ec2-13-215-227-78.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
35 | [13.215.228.73](https://vuldb.com/?ip.13.215.228.73) | ec2-13-215-228-73.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
36 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
37 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
38 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
39 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
|
||||
40 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
41 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
42 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
|
||||
43 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
|
||||
44 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
|
||||
45 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
|
||||
46 | [23.106.215.47](https://vuldb.com/?ip.23.106.215.47) | - | - | High
|
||||
47 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
|
||||
48 | [23.163.0.32](https://vuldb.com/?ip.23.163.0.32) | gods-cible.hotelalder.com | - | High
|
||||
49 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
|
||||
50 | [23.163.0.50](https://vuldb.com/?ip.23.163.0.50) | nordns.crowncloud.net | - | High
|
||||
51 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
|
||||
52 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
|
||||
53 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
|
||||
54 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
|
||||
55 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
|
||||
56 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
|
||||
57 | [23.227.203.245](https://vuldb.com/?ip.23.227.203.245) | 23-227-203-245.static.hvvc.us | - | High
|
||||
58 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
|
||||
59 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
|
||||
60 | [34.207.174.202](https://vuldb.com/?ip.34.207.174.202) | ec2-34-207-174-202.compute-1.amazonaws.com | - | Medium
|
||||
61 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
|
||||
62 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
63 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
64 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
65 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
66 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
67 | [37.1.220.35](https://vuldb.com/?ip.37.1.220.35) | - | - | High
|
||||
68 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
|
||||
69 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
|
||||
70 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
|
||||
71 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
|
||||
72 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
|
||||
73 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
|
||||
74 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
|
||||
75 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
|
||||
76 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
|
||||
77 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
|
||||
78 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
|
||||
79 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
|
||||
80 | [44.203.127.31](https://vuldb.com/?ip.44.203.127.31) | ec2-44-203-127-31.compute-1.amazonaws.com | - | Medium
|
||||
81 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
|
||||
82 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
|
||||
83 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
84 | [45.12.2.230](https://vuldb.com/?ip.45.12.2.230) | iNfAcTor.disneybaby.com | - | High
|
||||
85 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
|
||||
86 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
|
||||
87 | [45.45.219.118](https://vuldb.com/?ip.45.45.219.118) | - | - | High
|
||||
88 | [45.45.219.141](https://vuldb.com/?ip.45.45.219.141) | - | - | High
|
||||
89 | [45.56.162.16](https://vuldb.com/?ip.45.56.162.16) | sand-162016.sandartery.com | - | High
|
||||
90 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
|
||||
91 | [45.56.165.30](https://vuldb.com/?ip.45.56.165.30) | nordns.crowncloud.net | - | High
|
||||
92 | [45.58.52.123](https://vuldb.com/?ip.45.58.52.123) | - | - | High
|
||||
93 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
|
||||
94 | [45.64.186.135](https://vuldb.com/?ip.45.64.186.135) | hml02.murrowirrime.info | - | High
|
||||
95 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
|
||||
96 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
|
||||
97 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
|
||||
98 | [45.80.151.49](https://vuldb.com/?ip.45.80.151.49) | - | - | High
|
||||
99 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
|
||||
100 | [45.82.153.168](https://vuldb.com/?ip.45.82.153.168) | - | - | High
|
||||
101 | [45.86.163.188](https://vuldb.com/?ip.45.86.163.188) | - | - | High
|
||||
102 | [45.86.163.224](https://vuldb.com/?ip.45.86.163.224) | - | - | High
|
||||
103 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
|
||||
104 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
|
||||
105 | [45.87.155.88](https://vuldb.com/?ip.45.87.155.88) | yarom.com | - | High
|
||||
106 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
|
||||
107 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
|
||||
108 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
|
||||
109 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
|
||||
110 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
|
||||
111 | [45.128.156.43](https://vuldb.com/?ip.45.128.156.43) | buyetcapp.store | - | High
|
||||
112 | ... | ... | ... | ...
|
||||
|
||||
There are 411 more IOC items available. Please use our online service to access the data.
|
||||
There are 445 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -135,12 +143,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -157,40 +164,35 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/admin/user/team` | High
|
||||
6 | File | `/AgilePointServer/Extension/FetchUsingEncodedData` | High
|
||||
7 | File | `/ajax_crud` | Medium
|
||||
8 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
9 | File | `/cgi-bin/user/Config.cgi` | High
|
||||
10 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
11 | File | `/config/php.ini` | High
|
||||
12 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/DXR.axd` | Medium
|
||||
15 | File | `/en/blog-comment-4` | High
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/goform/aspForm` | High
|
||||
18 | File | `/h/` | Low
|
||||
19 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
20 | File | `/htdocs/cgibin` | High
|
||||
21 | File | `/login/index.php` | High
|
||||
22 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
23 | File | `/ms/cms/content/list.do` | High
|
||||
24 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
25 | File | `/orms/` | Low
|
||||
26 | File | `/plesk-site-preview/` | High
|
||||
27 | File | `/project/PROJECTNAME/reports/` | High
|
||||
28 | File | `/school/model/get_admin_profile.php` | High
|
||||
29 | File | `/student-grading-system/rms.php?page=grade` | High
|
||||
30 | File | `/timeline2.php` | High
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
33 | File | `/usr/sbin/suexec` | High
|
||||
34 | File | `/videotalk` | Medium
|
||||
35 | File | `/WEB-INF/web.xml` | High
|
||||
36 | File | `/web/MCmsAction.java` | High
|
||||
37 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
38 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
39 | ... | ... | ...
|
||||
8 | File | `/book-services.php` | High
|
||||
9 | File | `/card_scan.php` | High
|
||||
10 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
13 | File | `/config/php.ini` | High
|
||||
14 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
15 | File | `/cwc/login` | Medium
|
||||
16 | File | `/debug/pprof` | Medium
|
||||
17 | File | `/download` | Medium
|
||||
18 | File | `/DXR.axd` | Medium
|
||||
19 | File | `/en/blog-comment-4` | High
|
||||
20 | File | `/etc/quagga` | Medium
|
||||
21 | File | `/forms/doLogin` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goform/aspForm` | High
|
||||
24 | File | `/h/` | Low
|
||||
25 | File | `/h/calendar` | Medium
|
||||
26 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
27 | File | `/inc/extensions.php` | High
|
||||
28 | File | `/login/index.php` | High
|
||||
29 | File | `/ms/cms/content/list.do` | High
|
||||
30 | File | `/nova/bin/console` | High
|
||||
31 | File | `/nova/bin/detnet` | High
|
||||
32 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
33 | File | `/orms/` | Low
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 335 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -200,9 +202,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://rhisac.org/threat-intelligence/bianlian-ransomware-expanding-c2-infrastructure-and-operational-tempo/
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a0ca093b2efdccb6a832251c03cab67f70af4d918a2158376f5521017fb65e2b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a08312fb4d7c732f34cbfe5d7a9f84b6638cf53c4b7a994a39d77de2aeb40e4b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a3a15bb2f45521954b0d9ed0d1b61aed81085f07d38554d6fde1b07efbff5696%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a4b8d09a8591152f354bf5916dd9a7f54cb3bb1c61252398ccdeaf612a37f2d0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a5c99795a81e94bdc2eab6d55494ecc40ef5346b51a15f31226002feb738c223%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a8a6dd7f1e20f24c866586b93479cec20c62a92821298973ceeb249e5789a844%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a8acf8933f1108fbf55a9c84b7fecaaa6fead1760af8d1b9da6fae6331bb3541%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a8edc058a81ca26ce7ce137aef48f09aab834dd9974929403203cef258623223%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a9f0dba902298a463c27d83b8c539ba267995f5e7ee65e6ac24b0fad9d4b83c4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a233c1de5f25d7fba906d79dae636dba6ee42bd794bbba44b7ff00270a0a7b45%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a6150f19c37c92bfbc6d92db21a83fea6d08116bfeec2e88443603fc9b65aef0%22
|
||||
|
@ -240,6 +245,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c04faf8ead904b3c44622c1c5300428f6b91955fcb70956b9015867f98fe8268%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c065cdbe05d569cdf0305b7cf54d7c087571bfd3e0baaca4fa5c2424eb494339%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c082b56316daa4f945464a5341edbfc777afa094303211e15999083829b6ac28%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c5f72eaf576e5bd2fefc5a2ebc2d0826544509784ceab9fc301f250cb87600b8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c7b44aeaaa1c88d4579d37705661b9c2821a6c65a586205e1eef92b0dca7bf92%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c9c617394a1c0af7dec708d6644863d98f43427e5f9f8d5a9d586b04538219d9%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c9cb3353676114a2dd6f4336677a34d369604ac9be7038ce76e0a189e1f4983e%22
|
||||
|
@ -262,6 +268,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22cd155b015ea2e8d4b4ad255bde80522605cce7dd45e63a553da19eb40f4ba164%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22cd274fe56f25f49fa8b2108e8692611aed1eff06908b1929b13701a7b8121757%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ce97cd23fb93eb9f406f25fe588758adcc842f7d299ccd14dec1dfa4634aa0c5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ce8364ed2af33a03926cfbd0f521477957a845583c52abe50714fdaf59d0ea20%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d0a1ce295d8cb17121c2d53fc57720071168552b851cb8dcb48d0d8291d19495%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d2bf58a36b12080403b522f39062c2a675656ee13190bdb48829077ed1ee1dd8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d2e05d4f95be739ccf38400ec3bff07850d45694b409919f7ffeeb2e045ad739%22
|
||||
|
@ -279,6 +286,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e1caf0308e9eb8602a988b80c1cc99b11123733769ffe2f970d969a5421e4c31%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e2e7399fae3b50cfb2d9f2055430ef5a10ff15f8f05e5b090615af121fef0454%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e5b3c9488f8014de65315d11f82217fa31cae4db8510d2db9cf078cf73d6a7e7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e5d150a8270e511074cf8bb528559b13030cd213fbf555a408e9a8e8158a0cd8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e6f731b90e1aaf44ffc5ad4e16eb783b7367de43ccf007f8fd1eec9852a8a658%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e9ee059af7f17eb82141660167684b7b3e4a4513996fa9b27d918c13b78a4def%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e9fe9545a439564a7c1052eb0e572b8b41609b0f0d96238cff2b8ff567612836%22
|
||||
|
@ -302,6 +310,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f9f04d3e49e14c95272fe577a704a5475fda0157e0bddf0ee53bfc94689e3f2a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f23ed6427518eefd9997a0b609323388fba9333491c39e1d43f8d3229545dcf7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f57b2b95a950bd6302f60f750df5f7d90b7f8183db725a4889d510e20bf1fbac%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f62d923b09f12f5749d62bd3ed80b8bf3b40c29ea0b87b2e77a193e5cf3a3eaa%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f73b5cd2e38c6dd81baf287222c19a13f5224ad157e07435c2d23ccddb64b34e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f88fcd9cdebfb4c3ba3d8e3f2bab9fdc9fff545a2cb508808c6cc1c4de8c9c60%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f712b515820652c318efaf8c5fa3e0e2af9b38068fee609ac51677ac82d824e4%22
|
||||
|
@ -309,13 +318,16 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f5774387001af3aaf2ee4f23b1e9049f444b24fb6af06978ce0f3282cda2e133%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fa1c8a1f4b99f38d747883b80c46b8e523f55e11e1020e481d5007b8e22c16d9%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb3e3847d4f2a20cd56b2e3ac03d24aa126e05115822d15bd7e72fb9a564be6d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb660ff81aba8f455b7920366ffea607055f49973d326f10a0118a5b29b3ce10%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb6815abaf3d9260cd76d0b9119c88e69ae4b66804c8d357c1662b4b6f11f439%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fcdd83167b92e1c7bdec56fc9d7f46ab044bca777ef3901d84debb12b60c8d43%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fdbfb2e037b1276e0a70cae3fb21ff4f8052df57117967e0af038d5999f8ae9a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fdffacdd96db3eb4c84ea257e4ecdfd2c18ccf184804e78315545be0026314b7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220b5b4b77e76fc323debdd6b60e05ce3c80d6d305512fd066259e25e7b91bb3b2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220bed903c9b43242ce2bf776bc1f8b826a47442ec472bf28e3d300221d45e5631%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220d14af885f4dfeeb07fb41dbbda265a4a44147d071ed80a822544b19d87f166e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220da3e944a7bf2a5772454f2e3b416580910b41232dd943b7d500a4c7558ee0ed%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220e2ece77aee436691480d7b07abcd4e2c6a3d2063bdb5003ec957dfa237b9d5f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220e7705888a9000b0a2c8ca2a4846d890920d19bd6af9c50fb34668b4673f54c7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220ebaabf79ecaccb878e0ecc68b6c868ef047ac8735a3347ff892c3420b47803f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221af6ae62dca201286d4b11ee20fd1e8dcf343d2e8500de51f9175bcf3d12e06f%22
|
||||
|
@ -327,6 +339,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221efe88adbb16d17952851e961e3a1937735bd63faf208fe7fa1efcfaa0180222%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221f45a7a12cc9bdd9712584e317a3d1f765f87af196682600728350bf86898f8e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221f168a4d8532e3222ce7b947eb6acb66f1ca41917e95bf19a1e6086896c43c46%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221fd7f24859223de432acd6da227f11efed092381066387d87323508534b539f7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222c4e0c64e1c5539d936bdeb6cb5917eb74b976572ff7c84e484caa0d86ed1b43%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222c48a71463075ecf6aac326807b2be06a966b5d53bdd99b61284fd1b3ca57ddd%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d02e5aa8065bca63541458fc190780583486548b3f1beae1c623ac915efc5a0%22
|
||||
|
@ -346,6 +359,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225bd3dde5e2ad26fbf78d1136c8e337c07b5fc55d1b4ac461a08c3f749003d794%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c4b8f572f297bb98b1d2e47075aec68b3b9da1fb76606e07d8176edbe1338c8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c538f273807d92a8626eacacce355c414210f29293c2ba2b8a7ec16bf31303f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c8474878a2a3e529486a7674026f8eb3a5b4d37e1af966646f3a1d3f22b979d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d3eb0b9bc00549d4f12f12f8eaf9a9a024258e648841b20bddf0cfe45d792dd%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d5ff125ad48581ab86d75669d2ca79c1e02de1be746508c5cdcf767fd6b1eb0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225e279697fbda136046542fc6db82a4bc3def212b9e15bd9e4f967c8a03e8dca7%22
|
||||
|
@ -357,10 +371,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a165551d34f38fd44b9fb1949685d14cc36220c99e0e6b05db8907229f7182d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226ad1b662e7636cd63d8ae71f3617dc58b334951b031a6ce22e898bcd35313de2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226af642c2cf73c24aded656e3945810dca3c5d51c28b3c7d28852463c98e76e4c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226b2f996084686d21e085e8cd9b97bd549d8752526a2ccb321d8214bb161b1109%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226b401e864cf63c438779b4935499f28f2f26dd685af330f311c9a80d55f6d7b5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226b5706c23d2c44d23360638793012e5df95c88f8408ad93c71113719f9ef02a2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226bf2c0222a11b931ebd7439cae3df34d91625fdcd19b7879611a0523b036ae9a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226c6d464110a46f813722131e8cce268bdccfdfeb705ce25fcc51cabe0b88c8e4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226c7f72691b8a7ce8293b2097063a090927c5359e5980d714b1c0932c02f4bb77%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226cbb0cef1838f2b253613796470b7fcc3cd4453d3f5be8220aeda52f383fb781%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226d64edc2a8867b924b85d762657e103ad3338e1bd40b3ffca92633df41e9003e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226e1be457dd210298ad9a471567719e10a579b0f4dd460b24e4119a3ed4cc0bf9%22
|
||||
|
@ -384,6 +400,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229c191ae9892430a18e2d466c5b3c0b230450ea178ffa2553a6babc31f6d4348c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ccaaf6ad700e922565d1947ac46839e4a8c8a18af7a94605f4ebfcbb916b4f4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229e0669706895d46f35764c53f31a85889132bbe9fe1794945d12794dfb0532b5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229e7de15ccd5e85229bfc60629f69b4adff4ccc48e7510d0385b19963156980da%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229e470e79949459e89b8fb0a496c6d21614c54148e7b5bf0d311f55ae225b8b5b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229f280c1d40c86e88f341db63b3a55cae35bdfcf345744a9006aa0410ca9a3bd2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2206fc02e9726474160349c6e7e545bf03d18ada8f74a3fa1159f9fb25a48e5b74%22
|
||||
|
@ -399,6 +416,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2218f3618dfd6257ef264e2b046d2acededb423e7558b0f3b405b9366953b74f8d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220cb8ebe1f1cc16e7650f45c75b3ca0e9d6308998bb58ac3f3fbb1c501f1a0dc%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2222e86fc171d87ccc9c172c719af38245ef9bf8161b54f60ca274e01891a94c08%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2223a8001e1dc233a132e3521e62fb7632ffe6c4879531ebd9506111a0071289cf%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2225abb180e92da37e426fc8f49970596a5fb1d989a4475a2c8c95d95edcbed5e4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2227b04ac57339ca7542a1c1a9ebd0cc84a4cb13f5add52da4a563e7a12d23b105%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2227b262ee97133072dff8ecef3062eeb69d658f0f240d618b6a7f0d5d7cbed34f%22
|
||||
|
@ -427,6 +445,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2284dd10727e6b29b3278e3f64dbbab293711957835f23cc755b3226b58ec5ef51%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2289f93e716d00ae70260a12db179e56169f551be3d16e405ae654e2f9745dc4d6%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2291e2fbc55cde47e1fdb40035c2f17068b03b92307e639862cbf22686bbe597d5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2292b673b4bd06a2dc2e9e12c3dc3c7b6bd29a757518e0c643921bc4cd2eb1fbe4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2295c5b6651cb9190a61b5a8bbda94815572ec7559150d3df8d56bd2c486ebda3d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296a14d3e7284923dfbd6c5b6775bf42b37ed0f6973d7d5f2a0e72e5aa57ed6af%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296af81d660c79e3f90f94b28c419a86b89071aa6c17648e95bcb961460d24152%22
|
||||
|
@ -435,11 +454,15 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296ef27ed06cda5e4679625ec4224f32a76c309436f97e15aff6c4b8a39778356%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2298af871908ffc7c141802d96f585def4a160491c875118ef88c545ce04194cd8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2299b3f3b85d0fc68918abbde16579009b2ebae3300d633fd0ed81d96ba98a38d8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22009c8a2e3fa145b581f92872496c315c7ce87635db83c520db2a1153d532e2b4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22090d7e7b16af3600510b612486eaeafe80b0106788d634aa3fade4a54a1d263c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22097cd9f2c1af35f7dd632fe16f83b9b3aef51e78f1b4393047c499ebb2be2fda%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22108f811bc2de45a7dab2156c4617ce3fa42cf3eb5abb72759839a63cefec4cad%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22155d39c0ae81244e4bced14ee9d3ee87e9af990335b815695740e937545f300a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22201a37230ec7663dba353891c6293d885113e390f6fc6bb5a56b66357c8183d1%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22208d6c5db554be6f3d835a70ab323799dff697b00e23cfaac014c7d970506e19%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22225ec72ef1adf4ab077107adb2784c35ff1c0db1c0a8efcba78c3cadac4a47a8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22236f6df4a662b67e33ae79a25e2f0044c43e594bbdae0a97c3aeb486e5ee11ca%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22354c6d8d9033668867406be1bb6238647e207cb5f2de6a776ae3d461637efa8e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22409e50ae1c3f70cf81350be6f3cd218b0c9ef15eb03439c15d53a6012bddae2f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22420a63db1bdd2f74731d1001e49ac2c1443b4d3ba810b67cb324a665ffe84382%22
|
||||
|
@ -455,12 +478,14 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22674a2fef172685c51fda91aba205c20fb95e0c63fa4f0ecb598fb6213775ede5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22723c18cc60cbfd6430123a2c5326ac021826f9b750f43159628fe4a0df882537%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22727f93738823de234b1ade5e45d5e5de82c86ce5baa7e52bbb4f9ef7a5e352d0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22737aa903ba42e1c108016e48749246b4823686fd7c08c27ce56c9165745a7a7c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22785ffc1cc3857a81cb96b04ec4126a56b6744ef1d83077799f0c731ca18f8b92%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22795d565f61de6456820bf2df946764ceb251073b7f46113275a0fe2d0030f3d4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22800f5e4b53f4eb3cec54b39687bdb55f56f39c636c1ee51547dea1122e6aee1d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22864a561ad370105ea07a7ed6dc230cb75b27f115e6c7f46720af0524385dfd77%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22875e3cfb1f6b9757aada57db20493a60717a4114b69931f8a7aabc56404ef42b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22890b0d66b3437ab8477a04d338024b8729d2732030abbfd134052e50e7bad0ab%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22891a64e34efebd507494a0b411ab067e085fc4ac7ae44171b1bbc6d78d493a60%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22951e8ff2808a5bd4f4e5b181be38cb429383d10b782708b484c16bc11bd6b77d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22953cc2d06cefe778ca24a6096ebec12743d4d130d0dd3e11f65bce20bdaa9f4c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220031daf0487b995130c142c52ca4b28a4cb7789ff9c0861554d7a36b1d54f73f%22
|
||||
|
@ -474,6 +499,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223130cf99bca84e6a6c2ce0b2dc7732af1b856fa3473560da0e965795e41cdb36%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223202a6af54e02d88858b8ab87adca351db9eb05f3368a7bf928bc5f5fa4715e7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223264f4065c115bbebd21e49f375bda46a7157fda6e51ed6a4e82b3cc6c1c5749%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223545e36ff9919d7de99a43e6bd1c66540d19834ad81006b4a9925a8859071734%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223894fa1237b19f6173003ffcb010e6ea426fa974914b70c104be17c9122cb240%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224615b87e15834285bc731a52377a0610119846a648eca2486fafdb3a7022b144%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224779babbd7d7db7fc16ae9bf3eb01051e71bc25906c0721d57cac33220435d87%22
|
||||
|
@ -486,9 +512,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228401e0832c27e16c0785e88c38134a87de66f197dfbddc9c224142f34676892a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229137e3566c17a08b37c85fd4ea64d5f2d45e54390b82dc326ab4f2544cb96d06%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229280bdf16dde768c7e0ab2015ea987ac7c8e853c6df18f39eeec502812c476b6%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229425b43e08e75e51143e88d0ef8fe248467fccdf233c4fb5fe6514143b0d4303%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2201031e2c5206b868aef93bfc97e7f336daaf90f54518e95bcc5c81806a53a536%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2203266e3ea0158c62f652064b0b78824d03b4aa26b15509036c40a281a6f42cb4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2212414ffbbb9d89905eccbb3529cbeec829e492e21f7f8ccce902eebb05061e59%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220743d0b9dbb07cafe875ba9ed1642b630c421c4956b20f3fb7a127b39350b9f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2224789e401b278e1d5222205e7478b02dfde72894d2b09fdfe3568d776c5881b0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2227618be62f75be7fe32e7bdf9ee57f1a4762bc45f79a255b77ccd4f943c6ec37%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2231081cb136ebb7f4be19b67a6276964bc79ced2809af089006aaa67d74d7db80%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2234127f3774e3587aff519739334fc5ad92b883b66c70472f91b34b3dc89e81ce%22
|
||||
|
@ -508,6 +537,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224053867fcc6f7a00de2fc98aa984fb81d2ec2e1017be5f225727e24c87dd62b8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224263547c11f8ac52f2bab40ecd263decc2271e1f6b4d624ff4a91cbd9836d8f4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226271256f5ca11039296e33c3a114a174f6b11c692bdd1f2f1901f650070944da%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228505807daf07f41a5f9dc5a7afab0f467767ad2396983ed2d54a30bf4d646145%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229595314db92bc0575aa07715462bdb5a5f4456becc3a8315e34da61616bd6291%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229938964cf749a2955b2dd351b2ecade122ff5891fca3d9dfaa02ebfef7857d8e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229982255b8a2b4c74121a63cb867d538a23a47660eea513ce81443a06ee51970e%22
|
||||
|
|
|
@ -57,54 +57,53 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/act/ActDao.xml` | High
|
||||
3 | File | `/admin/?n=logs&c=index&a=dode` | High
|
||||
4 | File | `/admin/index2.html` | High
|
||||
5 | File | `/ajax.php?action=read_msg` | High
|
||||
6 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
8 | File | `/api/gen/clients/{language}` | High
|
||||
9 | File | `/app/options.py` | High
|
||||
10 | File | `/bin/httpd` | Medium
|
||||
11 | File | `/cgi-bin/wapopen` | High
|
||||
12 | File | `/ci_spms/admin/category` | High
|
||||
13 | File | `/ci_spms/admin/search/searching/` | High
|
||||
14 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
15 | File | `/classes/Master.php?f=delete_train` | High
|
||||
16 | File | `/clients/editclient.php` | High
|
||||
17 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
18 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
19 | File | `/core/MY_Security.php` | High
|
||||
20 | File | `/ctcprotocol/Protocol` | High
|
||||
21 | File | `/dashboard/menu-list.php` | High
|
||||
22 | File | `/data/remove` | Medium
|
||||
23 | File | `/ebics-server/ebics.aspx` | High
|
||||
24 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/goform/net\_Web\_get_value` | High
|
||||
27 | File | `/goforms/rlminfo` | High
|
||||
28 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
29 | File | `/group1/uploa` | High
|
||||
30 | File | `/HNAP1` | Low
|
||||
31 | File | `/HNAP1/SetClientInfo` | High
|
||||
32 | File | `/Items/*/RemoteImages/Download` | High
|
||||
33 | File | `/menu.html` | Medium
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
35 | File | `/navigate/navigate_download.php` | High
|
||||
36 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
37 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/password.html` | High
|
||||
40 | File | `/PC/WebService.asmx` | High
|
||||
41 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
3 | File | `/admin/index2.html` | High
|
||||
4 | File | `/ajax.php?action=read_msg` | High
|
||||
5 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/gen/clients/{language}` | High
|
||||
8 | File | `/app/options.py` | High
|
||||
9 | File | `/bin/httpd` | Medium
|
||||
10 | File | `/cgi-bin/wapopen` | High
|
||||
11 | File | `/ci_spms/admin/category` | High
|
||||
12 | File | `/ci_spms/admin/search/searching/` | High
|
||||
13 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
14 | File | `/classes/Master.php?f=delete_train` | High
|
||||
15 | File | `/clients/editclient.php` | High
|
||||
16 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
17 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
18 | File | `/core/MY_Security.php` | High
|
||||
19 | File | `/ctcprotocol/Protocol` | High
|
||||
20 | File | `/dashboard/menu-list.php` | High
|
||||
21 | File | `/data/remove` | Medium
|
||||
22 | File | `/ebics-server/ebics.aspx` | High
|
||||
23 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/goform/net\_Web\_get_value` | High
|
||||
26 | File | `/goforms/rlminfo` | High
|
||||
27 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
28 | File | `/group1/uploa` | High
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/HNAP1/SetClientInfo` | High
|
||||
31 | File | `/Items/*/RemoteImages/Download` | High
|
||||
32 | File | `/menu.html` | Medium
|
||||
33 | File | `/modules/profile/index.php` | High
|
||||
34 | File | `/navigate/navigate_download.php` | High
|
||||
35 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
36 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/password.html` | High
|
||||
39 | File | `/PC/WebService.asmx` | High
|
||||
40 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
41 | File | `/plugin` | Low
|
||||
42 | File | `/property-list/property_view.php` | High
|
||||
43 | File | `/ptms/classes/Users.php` | High
|
||||
44 | File | `/resources//../` | High
|
||||
45 | File | `/rest/api/2/search` | High
|
||||
46 | File | `/s/` | Low
|
||||
47 | File | `/scripts/cpan_config` | High
|
||||
48 | ... | ... | ...
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 418 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 407 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -54,55 +54,55 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `.tin` | Low
|
||||
3 | File | `/admin/?page=orders/view_order` | High
|
||||
4 | File | `/admin/add-fee.php` | High
|
||||
5 | File | `/admin/ajax.php?action=delete_user` | High
|
||||
6 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
7 | File | `/admin/article/article-add.php` | High
|
||||
8 | File | `/admin/edit_members.php` | High
|
||||
9 | File | `/admin/edit_subject.php` | High
|
||||
10 | File | `/admin/fst_upload.inc.php` | High
|
||||
11 | File | `/admin/index.php` | High
|
||||
12 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
13 | File | `/admin/report/index.php` | High
|
||||
14 | File | `/admin/services/manage_service.php` | High
|
||||
15 | File | `/admin/user/manage_user.php` | High
|
||||
16 | File | `/admin/users/index.php` | High
|
||||
17 | File | `/asms/classes/Master.php?f=delete_service` | High
|
||||
18 | File | `/blog` | Low
|
||||
19 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
20 | File | `/classes/Master.php?f=delete_category` | High
|
||||
21 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
22 | File | `/classes/Users.php?f=delete_client` | High
|
||||
23 | File | `/clients/listclients.php` | High
|
||||
24 | File | `/clients/profile` | High
|
||||
25 | File | `/cms/category/list` | High
|
||||
26 | File | `/collection/all` | High
|
||||
27 | File | `/company/store` | High
|
||||
28 | File | `/contacts/listcontacts.php` | High
|
||||
29 | File | `/Default/Bd` | Medium
|
||||
30 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
31 | File | `/ext/phar/phar_object.c` | High
|
||||
32 | File | `/forum/away.php` | High
|
||||
33 | File | `/fos/admin/index.php?page=menu` | High
|
||||
34 | File | `/friends` | Medium
|
||||
35 | File | `/goform/AddSysLogRule` | High
|
||||
36 | File | `/goform/SafeEmailFilter` | High
|
||||
37 | File | `/goform/SetIpMacBind` | High
|
||||
38 | File | `/goform/setSnmpInfo` | High
|
||||
39 | File | `/goform/setUplinkInfo` | High
|
||||
40 | File | `/goform/SysToolReboot` | High
|
||||
41 | File | `/goform/WifiBasicSet` | High
|
||||
42 | File | `/graphql` | Medium
|
||||
43 | File | `/home/get_tasks_list` | High
|
||||
44 | File | `/hrm/employeeview.php` | High
|
||||
45 | File | `/hss/?page=categories` | High
|
||||
46 | File | `/hss/admin/brands/manage_brand.php` | High
|
||||
47 | File | `/importexport.php` | High
|
||||
48 | File | `/index.php?module=entities/entities` | High
|
||||
49 | File | `/index.php?module=global_lists/lists` | High
|
||||
50 | File | `/index.php?module=help_pages/pages&entities_id=24` | High
|
||||
5 | File | `/admin/ajax.php?action=confirm_order` | High
|
||||
6 | File | `/admin/ajax.php?action=delete_user` | High
|
||||
7 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
8 | File | `/admin/article/article-add.php` | High
|
||||
9 | File | `/admin/edit_members.php` | High
|
||||
10 | File | `/admin/edit_subject.php` | High
|
||||
11 | File | `/admin/fst_upload.inc.php` | High
|
||||
12 | File | `/admin/index.php` | High
|
||||
13 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
14 | File | `/admin/report/index.php` | High
|
||||
15 | File | `/admin/services/manage_service.php` | High
|
||||
16 | File | `/admin/user/manage_user.php` | High
|
||||
17 | File | `/admin/users/index.php` | High
|
||||
18 | File | `/asms/classes/Master.php?f=delete_service` | High
|
||||
19 | File | `/blog` | Low
|
||||
20 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
21 | File | `/classes/Master.php?f=delete_category` | High
|
||||
22 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
23 | File | `/classes/Users.php?f=delete_client` | High
|
||||
24 | File | `/clients/listclients.php` | High
|
||||
25 | File | `/clients/profile` | High
|
||||
26 | File | `/cms/category/list` | High
|
||||
27 | File | `/collection/all` | High
|
||||
28 | File | `/company/store` | High
|
||||
29 | File | `/contacts/listcontacts.php` | High
|
||||
30 | File | `/Default/Bd` | Medium
|
||||
31 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
32 | File | `/ext/phar/phar_object.c` | High
|
||||
33 | File | `/forum/away.php` | High
|
||||
34 | File | `/fos/admin/index.php?page=menu` | High
|
||||
35 | File | `/friends` | Medium
|
||||
36 | File | `/goform/AddSysLogRule` | High
|
||||
37 | File | `/goform/SafeEmailFilter` | High
|
||||
38 | File | `/goform/SetIpMacBind` | High
|
||||
39 | File | `/goform/setSnmpInfo` | High
|
||||
40 | File | `/goform/setUplinkInfo` | High
|
||||
41 | File | `/goform/SysToolReboot` | High
|
||||
42 | File | `/goform/WifiBasicSet` | High
|
||||
43 | File | `/graphql` | Medium
|
||||
44 | File | `/home/get_tasks_list` | High
|
||||
45 | File | `/hrm/employeeview.php` | High
|
||||
46 | File | `/hss/?page=categories` | High
|
||||
47 | File | `/hss/admin/brands/manage_brand.php` | High
|
||||
48 | File | `/importexport.php` | High
|
||||
49 | File | `/index.php?module=entities/entities` | High
|
||||
50 | File | `/index.php?module=global_lists/lists` | High
|
||||
51 | ... | ... | ...
|
||||
|
||||
There are 440 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 442 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -68,15 +68,15 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/service/upload` | High
|
||||
10 | File | `/tmp` | Low
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
13 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
14 | File | `admin.php` | Medium
|
||||
15 | File | `admin.php?s=/Channel/add.html` | High
|
||||
16 | File | `admin/class-bulk-editor-list-table.php` | High
|
||||
17 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
12 | File | `/user/updatePwd` | High
|
||||
13 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
14 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
15 | File | `admin.php` | Medium
|
||||
16 | File | `admin.php?s=/Channel/add.html` | High
|
||||
17 | File | `admin/class-bulk-editor-list-table.php` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 145 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 146 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BlueHero:
|
||||
|
||||
* [IN](https://vuldb.com/?country.in)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -23,7 +23,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
3 | [12.1.3.0](https://vuldb.com/?ip.12.1.3.0) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -31,14 +31,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -49,46 +48,42 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.FBCIndex` | Medium
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/?ajax-request=jnews` | High
|
||||
4 | File | `/Admin/add-student.php` | High
|
||||
5 | File | `/admin/blog/blogcategory/add/?_to_field=id&_popup=1` | High
|
||||
6 | File | `/admin/categories/manage_category.php` | High
|
||||
7 | File | `/admin/edit.php` | High
|
||||
8 | File | `/admin/edit_product.php` | High
|
||||
9 | File | `/admin/maintenance/view_designation.php` | High
|
||||
10 | File | `/admin/sales/manage_sale.php` | High
|
||||
11 | File | `/api/baskets/{name}` | High
|
||||
12 | File | `/aya/module/admin/fst_down.inc.php` | High
|
||||
13 | File | `/blog` | Low
|
||||
14 | File | `/boat/login.php` | High
|
||||
15 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
16 | File | `/cas/logout` | Medium
|
||||
17 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
18 | File | `/CPE` | Low
|
||||
19 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/ghost/preview` | High
|
||||
22 | File | `/goform/wizard_end` | High
|
||||
23 | File | `/home/search` | Medium
|
||||
24 | File | `/ims/login.php` | High
|
||||
25 | File | `/mhds/clinic/view_details.php` | High
|
||||
26 | File | `/modules/profile/index.php` | High
|
||||
27 | File | `/out.php` | Medium
|
||||
28 | File | `/php-opos/index.php` | High
|
||||
29 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
30 | File | `/shell` | Low
|
||||
31 | File | `/spip.php` | Medium
|
||||
32 | File | `/tourism/rate_review.php` | High
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/vdesk` | Low
|
||||
35 | File | `action-visitor.php` | High
|
||||
36 | ... | ... | ...
|
||||
4 | File | `/admin/categories/manage_category.php` | High
|
||||
5 | File | `/admin/edit_product.php` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/admin/sales/manage_sale.php` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/blog` | Low
|
||||
10 | File | `/boat/login.php` | High
|
||||
11 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
12 | File | `/cas/logout` | Medium
|
||||
13 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
14 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
15 | File | `/cgi-bin/upload_vpntar` | High
|
||||
16 | File | `/CPE` | Low
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/ghost/preview` | High
|
||||
20 | File | `/goform/Diagnosis` | High
|
||||
21 | File | `/home/search` | Medium
|
||||
22 | File | `/leaves/validate` | High
|
||||
23 | File | `/mail.php` | Medium
|
||||
24 | File | `/modules/profile/index.php` | High
|
||||
25 | File | `/out.php` | Medium
|
||||
26 | File | `/php-opos/index.php` | High
|
||||
27 | File | `/php-spms/admin/?page=user/` | High
|
||||
28 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
29 | File | `/shell` | Low
|
||||
30 | File | `/tourism/rate_review.php` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 264 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://s.tencent.com/research/report/675
|
||||
* https://www.zscaler.com/blogs/research/recent-bulehero-botnet-payload
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -38,44 +38,44 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
15 | [13.114.48.174](https://vuldb.com/?ip.13.114.48.174) | ec2-13-114-48-174.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
16 | [13.114.78.162](https://vuldb.com/?ip.13.114.78.162) | ec2-13-114-78-162.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
17 | [13.114.110.144](https://vuldb.com/?ip.13.114.110.144) | ec2-13-114-110-144.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
18 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
19 | [13.231.24.246](https://vuldb.com/?ip.13.231.24.246) | ec2-13-231-24-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
20 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
21 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
22 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
23 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
24 | [18.66.112.58](https://vuldb.com/?ip.18.66.112.58) | server-18-66-112-58.fra56.r.cloudfront.net | - | High
|
||||
25 | [18.66.112.89](https://vuldb.com/?ip.18.66.112.89) | server-18-66-112-89.fra56.r.cloudfront.net | - | High
|
||||
26 | [18.66.112.114](https://vuldb.com/?ip.18.66.112.114) | server-18-66-112-114.fra56.r.cloudfront.net | - | High
|
||||
27 | [18.66.112.122](https://vuldb.com/?ip.18.66.112.122) | server-18-66-112-122.fra56.r.cloudfront.net | - | High
|
||||
28 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
29 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
30 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
31 | [18.154.185.36](https://vuldb.com/?ip.18.154.185.36) | server-18-154-185-36.ord58.r.cloudfront.net | - | High
|
||||
32 | [18.154.185.115](https://vuldb.com/?ip.18.154.185.115) | server-18-154-185-115.ord58.r.cloudfront.net | - | High
|
||||
33 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
34 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
35 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
36 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
37 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
38 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
39 | [18.180.64.43](https://vuldb.com/?ip.18.180.64.43) | ec2-18-180-64-43.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
40 | [18.181.114.13](https://vuldb.com/?ip.18.181.114.13) | ec2-18-181-114-13.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
41 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
42 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
43 | [18.193.106.166](https://vuldb.com/?ip.18.193.106.166) | ec2-18-193-106-166.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
44 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
45 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
46 | [18.219.153.204](https://vuldb.com/?ip.18.219.153.204) | ec2-18-219-153-204.us-east-2.compute.amazonaws.com | - | Medium
|
||||
47 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
48 | [18.238.132.5](https://vuldb.com/?ip.18.238.132.5) | server-18-238-132-5.dfw57.r.cloudfront.net | - | High
|
||||
49 | [18.238.132.55](https://vuldb.com/?ip.18.238.132.55) | server-18-238-132-55.dfw57.r.cloudfront.net | - | High
|
||||
50 | [18.238.132.74](https://vuldb.com/?ip.18.238.132.74) | server-18-238-132-74.dfw57.r.cloudfront.net | - | High
|
||||
51 | [18.238.132.97](https://vuldb.com/?ip.18.238.132.97) | server-18-238-132-97.dfw57.r.cloudfront.net | - | High
|
||||
52 | [20.212.219.56](https://vuldb.com/?ip.20.212.219.56) | - | - | High
|
||||
18 | [13.114.224.91](https://vuldb.com/?ip.13.114.224.91) | ec2-13-114-224-91.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
19 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
20 | [13.231.24.246](https://vuldb.com/?ip.13.231.24.246) | ec2-13-231-24-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
21 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
22 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
23 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
24 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
25 | [18.66.112.58](https://vuldb.com/?ip.18.66.112.58) | server-18-66-112-58.fra56.r.cloudfront.net | - | High
|
||||
26 | [18.66.112.89](https://vuldb.com/?ip.18.66.112.89) | server-18-66-112-89.fra56.r.cloudfront.net | - | High
|
||||
27 | [18.66.112.114](https://vuldb.com/?ip.18.66.112.114) | server-18-66-112-114.fra56.r.cloudfront.net | - | High
|
||||
28 | [18.66.112.122](https://vuldb.com/?ip.18.66.112.122) | server-18-66-112-122.fra56.r.cloudfront.net | - | High
|
||||
29 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
30 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
31 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
32 | [18.154.185.36](https://vuldb.com/?ip.18.154.185.36) | server-18-154-185-36.ord58.r.cloudfront.net | - | High
|
||||
33 | [18.154.185.115](https://vuldb.com/?ip.18.154.185.115) | server-18-154-185-115.ord58.r.cloudfront.net | - | High
|
||||
34 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
35 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
36 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
37 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
38 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
39 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
40 | [18.180.64.43](https://vuldb.com/?ip.18.180.64.43) | ec2-18-180-64-43.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
41 | [18.181.114.13](https://vuldb.com/?ip.18.181.114.13) | ec2-18-181-114-13.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
42 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
43 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
44 | [18.193.106.166](https://vuldb.com/?ip.18.193.106.166) | ec2-18-193-106-166.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
45 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
46 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
47 | [18.219.153.204](https://vuldb.com/?ip.18.219.153.204) | ec2-18-219-153-204.us-east-2.compute.amazonaws.com | - | Medium
|
||||
48 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
49 | [18.238.132.5](https://vuldb.com/?ip.18.238.132.5) | server-18-238-132-5.dfw57.r.cloudfront.net | - | High
|
||||
50 | [18.238.132.55](https://vuldb.com/?ip.18.238.132.55) | server-18-238-132-55.dfw57.r.cloudfront.net | - | High
|
||||
51 | [18.238.132.74](https://vuldb.com/?ip.18.238.132.74) | server-18-238-132-74.dfw57.r.cloudfront.net | - | High
|
||||
52 | [18.238.132.97](https://vuldb.com/?ip.18.238.132.97) | server-18-238-132-97.dfw57.r.cloudfront.net | - | High
|
||||
53 | ... | ... | ... | ...
|
||||
|
||||
There are 207 more IOC items available. Please use our online service to access the data.
|
||||
There are 209 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -122,29 +122,29 @@ ID | Type | Indicator | Confidence
|
|||
22 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
23 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
24 | File | `/etc/passwd` | Medium
|
||||
25 | File | `/feeds/post/publish` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/h/` | Low
|
||||
28 | File | `/HNAP1` | Low
|
||||
29 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
30 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
31 | File | `/index.php?page=category_list` | High
|
||||
32 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
33 | File | `/jobinfo/` | Medium
|
||||
34 | File | `/Moosikay/order.php` | High
|
||||
35 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
25 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
26 | File | `/feeds/post/publish` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/h/` | Low
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
31 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
32 | File | `/index.php?page=category_list` | High
|
||||
33 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
34 | File | `/jobinfo/` | Medium
|
||||
35 | File | `/Moosikay/order.php` | High
|
||||
36 | File | `/opac/Actions.php?a=login` | High
|
||||
37 | File | `/php-opos/index.php` | High
|
||||
38 | File | `/PreviewHandler.ashx` | High
|
||||
39 | File | `/public/launchNewWindow.jsp` | High
|
||||
40 | File | `/recipe-result` | High
|
||||
41 | File | `/register.do` | Medium
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/RPS2019Service/status.html` | High
|
||||
44 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
45 | File | `/sicweb-ajax/tmproot/` | High
|
||||
46 | File | `/spip.php` | Medium
|
||||
47 | File | `/student/bookdetails.php` | High
|
||||
37 | File | `/PreviewHandler.ashx` | High
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/recipe-result` | High
|
||||
40 | File | `/register.do` | Medium
|
||||
41 | File | `/reservation/add_message.php` | High
|
||||
42 | File | `/RPS2019Service/status.html` | High
|
||||
43 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
44 | File | `/sicweb-ajax/tmproot/` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | File | `/student/bookdetails.php` | High
|
||||
47 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
|
||||
48 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
|
||||
49 | File | `/uploads/exam_question/` | High
|
||||
50 | File | `/user/ticket/create` | High
|
||||
|
@ -155,7 +155,7 @@ ID | Type | Indicator | Confidence
|
|||
55 | File | `/xxl-job-admin/user/add` | High
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 489 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 486 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -176,6 +176,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/13.114.48.174
|
||||
* https://search.censys.io/hosts/13.114.78.162
|
||||
* https://search.censys.io/hosts/13.114.110.144
|
||||
* https://search.censys.io/hosts/13.114.224.91
|
||||
* https://search.censys.io/hosts/13.230.243.50
|
||||
* https://search.censys.io/hosts/13.231.24.246
|
||||
* https://search.censys.io/hosts/15.164.245.79
|
||||
|
@ -325,6 +326,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/170.64.169.229
|
||||
* https://search.censys.io/hosts/172.86.123.8
|
||||
* https://search.censys.io/hosts/172.105.71.205
|
||||
* https://search.censys.io/hosts/172.111.143.246
|
||||
* https://search.censys.io/hosts/175.41.221.5
|
||||
* https://search.censys.io/hosts/176.113.115.53
|
||||
* https://search.censys.io/hosts/179.43.144.250
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LU](https://vuldb.com/?country.lu)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -38,14 +38,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -60,44 +60,42 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/admin/services/view_service.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
8 | File | `/auparse/auparse.c` | High
|
||||
9 | File | `/baseOpLog.do` | High
|
||||
10 | File | `/CCMAdmin/serverlist.asp` | High
|
||||
11 | File | `/cgi-bin/luci/api/auth` | High
|
||||
12 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/cgi/get_param.cgi` | High
|
||||
15 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
16 | File | `/csms/admin/inquiries/view_details.php` | High
|
||||
17 | File | `/cstecgi.cgi` | Medium
|
||||
18 | File | `/dashboard/contact` | High
|
||||
19 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
20 | File | `/env` | Low
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goform/setDiagnoseInfo` | High
|
||||
23 | File | `/goform/WifiBasicSet` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
25 | File | `/htdocs/cgibin` | High
|
||||
26 | File | `/importexport.php` | High
|
||||
27 | File | `/include/chart_generator.php` | High
|
||||
28 | File | `/index.php` | Medium
|
||||
29 | File | `/index.php?page=member` | High
|
||||
30 | File | `/librarian/bookdetails.php` | High
|
||||
31 | File | `/link/` | Low
|
||||
32 | File | `/matkul/data` | Medium
|
||||
33 | File | `/message/form/` | High
|
||||
34 | File | `/messageboard/view.php` | High
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/src/Illuminate/Laravel.php` | High
|
||||
37 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
|
||||
38 | File | `/system/dict/list` | High
|
||||
39 | File | `/system/user/resetPwd` | High
|
||||
40 | File | `/SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc` | High
|
||||
41 | File | `/SystemManage/Role/GetGridJson?keyword=&page=1&rows=20` | High
|
||||
42 | File | `/textpattern/index.php` | High
|
||||
43 | ... | ... | ...
|
||||
8 | File | `/baseOpLog.do` | High
|
||||
9 | File | `/CCMAdmin/serverlist.asp` | High
|
||||
10 | File | `/cgi-bin/luci/api/auth` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/cgi/get_param.cgi` | High
|
||||
13 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
14 | File | `/csms/admin/inquiries/view_details.php` | High
|
||||
15 | File | `/cstecgi.cgi` | Medium
|
||||
16 | File | `/dashboard/contact` | High
|
||||
17 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/goform/WifiBasicSet` | High
|
||||
20 | File | `/group1/uploa` | High
|
||||
21 | File | `/htdocs/cgibin` | High
|
||||
22 | File | `/importexport.php` | High
|
||||
23 | File | `/include/chart_generator.php` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/index.php?page=member` | High
|
||||
26 | File | `/librarian/bookdetails.php` | High
|
||||
27 | File | `/link/` | Low
|
||||
28 | File | `/matkul/data` | Medium
|
||||
29 | File | `/message/form/` | High
|
||||
30 | File | `/messageboard/view.php` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/src/Illuminate/Laravel.php` | High
|
||||
33 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
|
||||
34 | File | `/system/dict/list` | High
|
||||
35 | File | `/SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc` | High
|
||||
36 | File | `/SystemManage/Role/GetGridJson?keyword=&page=1&rows=20` | High
|
||||
37 | File | `/textpattern/index.php` | High
|
||||
38 | File | `/upfile.cgi` | Medium
|
||||
39 | File | `/upgrade_filter.asp` | High
|
||||
40 | File | `/v1/avatars/favicon` | High
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 373 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 356 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -389,14 +389,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -404,66 +404,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/cashadvance_row.php` | High
|
||||
5 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/admin/offenses/view_details.php` | High
|
||||
8 | File | `/admin/report/index.php` | High
|
||||
9 | File | `/admin/router.php` | High
|
||||
10 | File | `/admin/sales/view_details.php` | High
|
||||
11 | File | `/admin/sys_sql_query.php` | High
|
||||
12 | File | `/admin/userprofile.php` | High
|
||||
13 | File | `/api/baskets/{name}` | High
|
||||
14 | File | `/cgi-bin/DownloadFlash` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
1 | File | `/admin/router.php` | High
|
||||
2 | File | `/admin/save.php` | High
|
||||
3 | File | `/admin/sys_sql_query.php` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/api/download` | High
|
||||
6 | File | `/api/runscript` | High
|
||||
7 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
8 | File | `/bin/sh` | Low
|
||||
9 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
10 | File | `/category.php` | High
|
||||
11 | File | `/categorypage.php` | High
|
||||
12 | File | `/cgi-bin/DownloadFlash` | High
|
||||
13 | File | `/cgi-bin/login.cgi` | High
|
||||
14 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
15 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
16 | File | `/classes/Master.php?f=delete_category` | High
|
||||
17 | File | `/classes/Master.php?f=delete_service` | High
|
||||
18 | File | `/classes/Master.php?f=save_course` | High
|
||||
19 | File | `/company/store` | High
|
||||
20 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
17 | File | `/company/store` | High
|
||||
18 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
19 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
20 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
21 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
22 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
23 | File | `/Electron/download` | High
|
||||
24 | File | `/feeds/post/publish` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/h/` | Low
|
||||
27 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
28 | File | `/inc/topBarNav.php` | High
|
||||
24 | File | `/etc/passwd` | Medium
|
||||
25 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/h/` | Low
|
||||
28 | File | `/HNAP1` | Low
|
||||
29 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
30 | File | `/index.php?page=category_list` | High
|
||||
31 | File | `/jobinfo/` | Medium
|
||||
32 | File | `/KeepAlive.jsp` | High
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/Moosikay/order.php` | High
|
||||
35 | File | `/opac/Actions.php?a=login` | High
|
||||
36 | File | `/pms/admin/visits/view_visit.php` | High
|
||||
37 | File | `/PreviewHandler.ashx` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/recipe-result` | High
|
||||
40 | File | `/Repositories` | High
|
||||
41 | File | `/reservation/add_message.php` | High
|
||||
42 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
43 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
44 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
45 | File | `/student/bookdetails.php` | High
|
||||
46 | File | `/text/pdf/PdfReader.java` | High
|
||||
47 | File | `/uploads/exam_question/` | High
|
||||
48 | File | `/user/ticket/create` | High
|
||||
49 | File | `/user/updatePwd` | High
|
||||
50 | File | `/userRpm/WanDynamicIpV6CfgRpm` | High
|
||||
51 | File | `/var/lib/docker/<remapping>` | High
|
||||
52 | File | `/wp-admin/admin-ajax.php` | High
|
||||
53 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
54 | File | `a-forms.php` | Medium
|
||||
55 | File | `account.asp` | Medium
|
||||
56 | File | `adclick.php` | Medium
|
||||
57 | File | `admin.a6mambocredits.php` | High
|
||||
58 | ... | ... | ...
|
||||
31 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
32 | File | `/jobinfo/` | Medium
|
||||
33 | File | `/LogInOut.php` | High
|
||||
34 | File | `/out.php` | Medium
|
||||
35 | File | `/PreviewHandler.ashx` | High
|
||||
36 | File | `/recipe-result` | High
|
||||
37 | File | `/register.do` | Medium
|
||||
38 | File | `/RPS2019Service/status.html` | High
|
||||
39 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
40 | File | `/sicweb-ajax/tmproot/` | High
|
||||
41 | File | `/Side.php` | Medium
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/student/bookdetails.php` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 503 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 378 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -31,11 +31,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -46,45 +46,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/action/wirelessConnect` | High
|
||||
3 | File | `/admin/assign/assign.php` | High
|
||||
4 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
5 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
6 | File | `/admin/departments/view_department.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/suppliers/view_details.php` | High
|
||||
9 | File | `/admin/user/manage_user.php` | High
|
||||
10 | File | `/admin/user/uploadImg` | High
|
||||
11 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/admin/adclass.php` | High
|
||||
3 | File | `/admin/admin-profile.php` | High
|
||||
4 | File | `/admin/sales/view_details.php` | High
|
||||
5 | File | `/admin/students/view_details.php` | High
|
||||
6 | File | `/ajax-files/followBoard.php` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/api/cron/settings/setJob/` | High
|
||||
9 | File | `/api/v1/snapshots` | High
|
||||
10 | File | `/audit/log/log_management.php` | High
|
||||
11 | File | `/auth/callback` | High
|
||||
12 | File | `/authenticationendpoint/login.do` | High
|
||||
13 | File | `/bin/login` | Medium
|
||||
14 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
15 | File | `/cgi-bin/kerbynet` | High
|
||||
16 | File | `/cgi-bin/luci` | High
|
||||
17 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
18 | File | `/classes/Master.php` | High
|
||||
19 | File | `/classes/Master.php?f=delete_item` | High
|
||||
20 | File | `/config/getuser` | High
|
||||
21 | File | `/contact/store` | High
|
||||
22 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
23 | File | `/forms/doLogin` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/HNAP1` | Low
|
||||
26 | File | `/lan.asp` | Medium
|
||||
27 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
28 | File | `/login/index.php` | High
|
||||
29 | File | `/mc` | Low
|
||||
30 | File | `/menu.html` | Medium
|
||||
31 | File | `/mims/login.php` | High
|
||||
32 | File | `/out.php` | Medium
|
||||
33 | File | `/php-inventory-management-system/product.php` | High
|
||||
34 | File | `/plain` | Low
|
||||
35 | File | `/qsr_server/device/reboot` | High
|
||||
36 | File | `/spip.php` | Medium
|
||||
37 | ... | ... | ...
|
||||
13 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/cgi.cgi` | Medium
|
||||
16 | File | `/classes/Users.php` | High
|
||||
17 | File | `/collection/all` | High
|
||||
18 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
19 | File | `/ctcprotocol/Protocol` | High
|
||||
20 | File | `/dottie.js` | Medium
|
||||
21 | File | `/DXR.axd` | Medium
|
||||
22 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
23 | File | `/env` | Low
|
||||
24 | File | `/files/` | Low
|
||||
25 | File | `/forms/doLogin` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/goform/setportList` | High
|
||||
28 | File | `/h/autoSaveDraft` | High
|
||||
29 | File | `/index.php` | Medium
|
||||
30 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
31 | File | `/index.php?page=member` | High
|
||||
32 | File | `/jurusanmatkul/data` | High
|
||||
33 | File | `/librarian/bookdetails.php` | High
|
||||
34 | File | `/log/decodmail.php` | High
|
||||
35 | File | `/log/webmailattach.php` | High
|
||||
36 | File | `/login.php?do=login` | High
|
||||
37 | File | `/php-opos/index.php` | High
|
||||
38 | File | `/public/login.htm` | High
|
||||
39 | File | `/QueryView.php` | High
|
||||
40 | File | `/recreate.php` | High
|
||||
41 | File | `/romfile.cfg` | Medium
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 315 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 366 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,10 +21,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -1921,14 +1921,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -1936,50 +1937,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/act/ActDao.xml` | High
|
||||
2 | File | `/admin/sys_sql_query.php` | High
|
||||
3 | File | `/ajax.php?action=read_msg` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/bin/ate` | Medium
|
||||
1 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
2 | File | `/admin/save.php` | High
|
||||
3 | File | `/api/baskets/{name}` | High
|
||||
4 | File | `/api/download` | High
|
||||
5 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
6 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
7 | File | `/booking/show_bookings/` | High
|
||||
8 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
9 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
10 | File | `/classes/Master.php?f=delete_category` | High
|
||||
11 | File | `/company/store` | High
|
||||
12 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
13 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
14 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
8 | File | `/category.php` | High
|
||||
9 | File | `/categorypage.php` | High
|
||||
10 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
11 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
12 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
13 | File | `/cgi/networkDiag.cgi` | High
|
||||
14 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
15 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
16 | File | `/debug/pprof` | Medium
|
||||
17 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
18 | File | `/env` | Low
|
||||
19 | File | `/etc/passwd` | Medium
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/getcfg.php` | Medium
|
||||
22 | File | `/goform/AdvSetLanip` | High
|
||||
23 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
24 | File | `/goform/setmac` | High
|
||||
25 | File | `/goform/setMacFilterCfg` | High
|
||||
26 | File | `/goform/SetSysTimeCfg` | High
|
||||
27 | File | `/goform/WifiGuestSet` | High
|
||||
28 | File | `/group1/uploa` | High
|
||||
29 | File | `/h/` | Low
|
||||
30 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
31 | File | `/ipms/imageConvert/image` | High
|
||||
32 | File | `/jobinfo/` | Medium
|
||||
33 | File | `/kelasdosen/data` | High
|
||||
34 | File | `/net/sched/cls_fw.c` | High
|
||||
35 | File | `/news/*.html` | Medium
|
||||
36 | File | `/note/index/delete` | High
|
||||
37 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
38 | File | `/preview.php` | Medium
|
||||
39 | File | `/PreviewHandler.ashx` | High
|
||||
40 | File | `/recipe-result` | High
|
||||
41 | File | `/register.do` | Medium
|
||||
42 | ... | ... | ...
|
||||
16 | File | `/dashboard/add-blog.php` | High
|
||||
17 | File | `/data/remove` | Medium
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/ecommerce/admin/settings/setDiscount.php` | High
|
||||
20 | File | `/etc/passwd` | Medium
|
||||
21 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/getcfg.php` | Medium
|
||||
24 | File | `/goform/net\_Web\_get_value` | High
|
||||
25 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
26 | File | `/group1/uploa` | High
|
||||
27 | File | `/HNAP1` | Low
|
||||
28 | File | `/home/get_tasks_list` | High
|
||||
29 | File | `/index.php/sysmanage/Login/login_auth/` | High
|
||||
30 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
31 | File | `/net/sched/cls_fw.c` | High
|
||||
32 | File | `/plugin` | Low
|
||||
33 | File | `/preview.php` | Medium
|
||||
34 | File | `/recipe-result` | High
|
||||
35 | File | `/register.do` | Medium
|
||||
36 | File | `/resources//../` | High
|
||||
37 | File | `/RPS2019Service/status.html` | High
|
||||
38 | File | `/search.php` | Medium
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 367 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 332 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -54,37 +54,41 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin/forgot-password.php` | High
|
||||
5 | File | `/admin/index.php` | High
|
||||
6 | File | `/admin/lab.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/show.php` | High
|
||||
9 | File | `/default.php?idx=17` | High
|
||||
10 | File | `/download` | Medium
|
||||
11 | File | `/env` | Low
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/index.php` | Medium
|
||||
14 | File | `/opt/bin/cli` | Medium
|
||||
15 | File | `/p` | Low
|
||||
16 | File | `/patient/doctors.php` | High
|
||||
17 | File | `/phpinventory/editcategory.php` | High
|
||||
18 | File | `/product-list.php` | High
|
||||
19 | File | `/spip.php` | Medium
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/updown/upload.cgi` | High
|
||||
22 | File | `/user/del.php` | High
|
||||
23 | File | `/_next` | Low
|
||||
24 | File | `123flashchat.php` | High
|
||||
25 | File | `act.php` | Low
|
||||
26 | File | `admin/bad.php` | High
|
||||
27 | File | `admin/index.php` | High
|
||||
28 | File | `admin/index.php/user/del/1` | High
|
||||
29 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
30 | File | `administrator/index.php` | High
|
||||
31 | File | `agenda.php` | Medium
|
||||
32 | File | `ajax/render/widget_php` | High
|
||||
33 | File | `album_portal.php` | High
|
||||
34 | File | `api.php` | Low
|
||||
35 | ... | ... | ...
|
||||
7 | File | `/admin/login.php` | High
|
||||
8 | File | `/admin/payment.php` | High
|
||||
9 | File | `/admin/show.php` | High
|
||||
10 | File | `/default.php?idx=17` | High
|
||||
11 | File | `/download` | Medium
|
||||
12 | File | `/env` | Low
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/index.php` | Medium
|
||||
15 | File | `/opt/bin/cli` | Medium
|
||||
16 | File | `/p` | Low
|
||||
17 | File | `/patient/doctors.php` | High
|
||||
18 | File | `/phpinventory/editcategory.php` | High
|
||||
19 | File | `/product-list.php` | High
|
||||
20 | File | `/spip.php` | Medium
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/updown/upload.cgi` | High
|
||||
23 | File | `/user/del.php` | High
|
||||
24 | File | `/wp-admin/admin-ajax.php` | High
|
||||
25 | File | `/_next` | Low
|
||||
26 | File | `123flashchat.php` | High
|
||||
27 | File | `act.php` | Low
|
||||
28 | File | `admin.php/pay` | High
|
||||
29 | File | `admin/bad.php` | High
|
||||
30 | File | `admin/index.php` | High
|
||||
31 | File | `admin/index.php/user/del/1` | High
|
||||
32 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
33 | File | `administrator/index.php` | High
|
||||
34 | File | `agenda.php` | Medium
|
||||
35 | File | `ajax/render/widget_php` | High
|
||||
36 | File | `album_portal.php` | High
|
||||
37 | File | `api.php` | Low
|
||||
38 | File | `application/home/controller/debug.php` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 335 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -79,21 +79,21 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
5 | File | `/admin/subnets/ripe-query.php` | High
|
||||
6 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
7 | File | `/debug/pprof` | Medium
|
||||
8 | File | `/export` | Low
|
||||
9 | File | `/file?action=download&file` | High
|
||||
10 | File | `/hardware` | Medium
|
||||
11 | File | `/librarian/bookdetails.php` | High
|
||||
12 | File | `/medical/inventories.php` | High
|
||||
13 | File | `/monitoring` | Medium
|
||||
14 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
15 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
16 | File | `/plugins/servlet/audit/resource` | High
|
||||
17 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
18 | File | `/replication` | Medium
|
||||
19 | File | `/RestAPI` | Medium
|
||||
20 | File | `/tmp/speedtest_urls.xml` | High
|
||||
6 | File | `/apply.cgi` | Medium
|
||||
7 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
8 | File | `/debug/pprof` | Medium
|
||||
9 | File | `/export` | Low
|
||||
10 | File | `/file?action=download&file` | High
|
||||
11 | File | `/hardware` | Medium
|
||||
12 | File | `/librarian/bookdetails.php` | High
|
||||
13 | File | `/medical/inventories.php` | High
|
||||
14 | File | `/monitoring` | Medium
|
||||
15 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
16 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
17 | File | `/plugins/servlet/audit/resource` | High
|
||||
18 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
19 | File | `/replication` | Medium
|
||||
20 | File | `/RestAPI` | Medium
|
||||
21 | File | `/tmp/zarafa-vacation-*` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/upload` | Low
|
||||
|
@ -101,7 +101,7 @@ ID | Type | Indicator | Confidence
|
|||
25 | File | `/var/log/nginx` | High
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 221 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 220 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# ClearFake - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ClearFake](https://vuldb.com/?actor.clearfake). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.clearfake](https://vuldb.com/?actor.clearfake)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of ClearFake.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [109.248.206.138](https://vuldb.com/?ip.109.248.206.138) | 109.248.206.138.yadc.ru | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.sekoia.io/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -4,6 +4,17 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cloudeye](https://vuldb.com/?actor.cloudeye)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CloudEyE:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CloudEyE.
|
||||
|
@ -11,11 +22,39 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [194.55.224.183](https://vuldb.com/?ip.194.55.224.183) | - | - | High
|
||||
2 | [194.180.48.211](https://vuldb.com/?ip.194.180.48.211) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _CloudEyE_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by CloudEyE. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `assetmanager.asp` | High
|
||||
2 | File | `cryptocat.js` | Medium
|
||||
3 | File | `downloadFlile.cgi` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 21 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://research.checkpoint.com/2023/unveiling-the-shadows-the-dark-alliance-between-guloader-and-remcos/
|
||||
* https://threatfox.abuse.ch
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Group:
|
||||
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
@ -62,46 +62,48 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/admin/edit_category.php` | High
|
||||
11 | File | `/admin/edit_subject.php` | High
|
||||
12 | File | `/admin/modal_add_product.php` | High
|
||||
13 | File | `/admin/sales/view_details.php` | High
|
||||
14 | File | `/admin/service.php` | High
|
||||
15 | File | `/admin/sign/out` | High
|
||||
16 | File | `/admin/test_status.php` | High
|
||||
17 | File | `/api/common/ping` | High
|
||||
18 | File | `/api/v2/open/tablesInfo` | High
|
||||
19 | File | `/api/wechat/app_auth` | High
|
||||
20 | File | `/asms/classes/Master.php?f=delete_img` | High
|
||||
21 | File | `/catcompany.php` | High
|
||||
22 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
23 | File | `/classes/Master.php?f=save_item` | High
|
||||
24 | File | `/classes/Users.php` | High
|
||||
25 | File | `/cms/notify` | Medium
|
||||
26 | File | `/depotHead/list` | High
|
||||
27 | File | `/device/signin` | High
|
||||
28 | File | `/fusiondirectory/index.php` | High
|
||||
29 | File | `/general/ipanel/menu_code.php?MENU_TYPE=FAV` | High
|
||||
30 | File | `/goform/addressNat` | High
|
||||
31 | File | `/goform/RGFirewallEL` | High
|
||||
32 | File | `/goform/WifiBasicSet` | High
|
||||
33 | File | `/h/` | Low
|
||||
34 | File | `/HNAP1` | Low
|
||||
35 | File | `/hslist` | Low
|
||||
36 | File | `/importexport.php` | High
|
||||
37 | File | `/include/dialog/select_templets_post.php` | High
|
||||
38 | File | `/index.php/sysmanage/Login/login_auth/` | High
|
||||
39 | File | `/index.php?page=member` | High
|
||||
40 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
41 | File | `/lists/admin/` | High
|
||||
42 | File | `/log/decodmail.php` | High
|
||||
43 | File | `/login/index.php` | High
|
||||
44 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
45 | File | `/myAccount` | Medium
|
||||
46 | File | `/note/index/delete` | High
|
||||
47 | File | `/operations/travellers.php` | High
|
||||
48 | File | `/patient/appointment.php` | High
|
||||
49 | File | `/paysystem/datatable.php` | High
|
||||
50 | ... | ... | ...
|
||||
13 | File | `/admin/order.php` | High
|
||||
14 | File | `/admin/sales/view_details.php` | High
|
||||
15 | File | `/admin/service.php` | High
|
||||
16 | File | `/admin/sign/out` | High
|
||||
17 | File | `/admin/test_status.php` | High
|
||||
18 | File | `/api/common/ping` | High
|
||||
19 | File | `/api/v2/open/tablesInfo` | High
|
||||
20 | File | `/api/wechat/app_auth` | High
|
||||
21 | File | `/asms/classes/Master.php?f=delete_img` | High
|
||||
22 | File | `/catcompany.php` | High
|
||||
23 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
24 | File | `/classes/Master.php?f=save_item` | High
|
||||
25 | File | `/classes/Users.php` | High
|
||||
26 | File | `/cms/notify` | Medium
|
||||
27 | File | `/depotHead/list` | High
|
||||
28 | File | `/device/signin` | High
|
||||
29 | File | `/fusiondirectory/index.php` | High
|
||||
30 | File | `/general/ipanel/menu_code.php?MENU_TYPE=FAV` | High
|
||||
31 | File | `/goform/addressNat` | High
|
||||
32 | File | `/goform/RGFirewallEL` | High
|
||||
33 | File | `/goform/WifiBasicSet` | High
|
||||
34 | File | `/h/` | Low
|
||||
35 | File | `/HNAP1` | Low
|
||||
36 | File | `/hslist` | Low
|
||||
37 | File | `/importexport.php` | High
|
||||
38 | File | `/include/dialog/select_templets_post.php` | High
|
||||
39 | File | `/index.php/sysmanage/Login/login_auth/` | High
|
||||
40 | File | `/index.php?page=member` | High
|
||||
41 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
42 | File | `/lists/admin/` | High
|
||||
43 | File | `/log/decodmail.php` | High
|
||||
44 | File | `/login/index.php` | High
|
||||
45 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
46 | File | `/myAccount` | Medium
|
||||
47 | File | `/note/index/delete` | High
|
||||
48 | File | `/operations/travellers.php` | High
|
||||
49 | File | `/patient/appointment.php` | High
|
||||
50 | File | `/paysystem/datatable.php` | High
|
||||
51 | File | `/php-sms/admin/orders/update_status.php` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 438 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -54,39 +54,43 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin/forgot-password.php` | High
|
||||
5 | File | `/admin/index.php` | High
|
||||
6 | File | `/admin/lab.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/show.php` | High
|
||||
9 | File | `/default.php?idx=17` | High
|
||||
10 | File | `/download` | Medium
|
||||
11 | File | `/env` | Low
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/index.php` | Medium
|
||||
14 | File | `/opt/bin/cli` | Medium
|
||||
15 | File | `/p` | Low
|
||||
16 | File | `/patient/doctors.php` | High
|
||||
17 | File | `/phpinventory/editcategory.php` | High
|
||||
18 | File | `/product-list.php` | High
|
||||
19 | File | `/public/login.htm` | High
|
||||
20 | File | `/server-info` | Medium
|
||||
21 | File | `/spip.php` | Medium
|
||||
22 | File | `/tmp` | Low
|
||||
23 | File | `/tmp/sysstat.run` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/updown/upload.cgi` | High
|
||||
26 | File | `/user/del.php` | High
|
||||
27 | File | `/websocket/exec` | High
|
||||
28 | File | `/_next` | Low
|
||||
29 | File | `123flashchat.php` | High
|
||||
30 | File | `act.php` | Low
|
||||
31 | File | `add_vhost.php` | High
|
||||
32 | File | `admin/bad.php` | High
|
||||
33 | File | `admin/index.php` | High
|
||||
34 | File | `admin/index.php/user/del/1` | High
|
||||
35 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
36 | File | `administrator/index.php` | High
|
||||
37 | ... | ... | ...
|
||||
7 | File | `/admin/login.php` | High
|
||||
8 | File | `/admin/payment.php` | High
|
||||
9 | File | `/admin/show.php` | High
|
||||
10 | File | `/default.php?idx=17` | High
|
||||
11 | File | `/download` | Medium
|
||||
12 | File | `/env` | Low
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/index.php` | Medium
|
||||
15 | File | `/opt/bin/cli` | Medium
|
||||
16 | File | `/p` | Low
|
||||
17 | File | `/patient/doctors.php` | High
|
||||
18 | File | `/phpinventory/editcategory.php` | High
|
||||
19 | File | `/product-list.php` | High
|
||||
20 | File | `/public/login.htm` | High
|
||||
21 | File | `/server-info` | Medium
|
||||
22 | File | `/spip.php` | Medium
|
||||
23 | File | `/tmp` | Low
|
||||
24 | File | `/tmp/sysstat.run` | High
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/updown/upload.cgi` | High
|
||||
27 | File | `/user/del.php` | High
|
||||
28 | File | `/websocket/exec` | High
|
||||
29 | File | `/wp-admin/admin-ajax.php` | High
|
||||
30 | File | `/_next` | Low
|
||||
31 | File | `123flashchat.php` | High
|
||||
32 | File | `act.php` | Low
|
||||
33 | File | `add_vhost.php` | High
|
||||
34 | File | `admin.php/pay` | High
|
||||
35 | File | `admin/bad.php` | High
|
||||
36 | File | `admin/index.php` | High
|
||||
37 | File | `admin/index.php/user/del/1` | High
|
||||
38 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
39 | File | `administrator/index.php` | High
|
||||
40 | File | `agenda.php` | Medium
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 353 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -46,13 +46,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -64,48 +64,46 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `.plan` | Low
|
||||
3 | File | `.tin` | Low
|
||||
4 | File | `/admin/read.php?mudi=announContent` | High
|
||||
5 | File | `/cgi-bin/editBookmark` | High
|
||||
6 | File | `/cgi-bin/luci;stok=/locale` | High
|
||||
7 | File | `/classes/Login.php` | High
|
||||
8 | File | `/configs/application.ini` | High
|
||||
9 | File | `/goform/setPicListItem` | High
|
||||
10 | File | `/home/cavesConsole` | High
|
||||
11 | File | `/home/kickPlayer` | High
|
||||
12 | File | `/home/masterConsole` | High
|
||||
13 | File | `/home/sendBroadcast` | High
|
||||
14 | File | `/rapi/read_url` | High
|
||||
15 | File | `/services/Card/findUser` | High
|
||||
16 | File | `/spacecom/login.php` | High
|
||||
17 | File | `/sys/dict/queryTableData` | High
|
||||
18 | File | `/Taier/API/tenant/listTenant` | High
|
||||
19 | File | `/ucenter/active.php` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/user/updatePwd` | High
|
||||
22 | File | `/xampp/guestbook-en.pl` | High
|
||||
23 | File | `/zm/index.php` | High
|
||||
24 | File | `123flashchat.php` | High
|
||||
25 | File | `abook_database.php` | High
|
||||
26 | File | `action.php` | Medium
|
||||
27 | File | `admin.php` | Medium
|
||||
28 | File | `admin/admin_process.php` | High
|
||||
29 | File | `admin/profile_settings_net.html` | High
|
||||
30 | File | `admin/vqmods.app/vqmods.inc.php` | High
|
||||
31 | File | `af.cgi/alienform.cgi` | High
|
||||
32 | File | `afd.sys` | Low
|
||||
33 | File | `akocomment.php` | High
|
||||
34 | File | `app/routes/research.js` | High
|
||||
35 | File | `article.php` | Medium
|
||||
36 | File | `aviso.php` | Medium
|
||||
37 | File | `awredir.pl` | Medium
|
||||
38 | File | `bitmap/bdfread.c` | High
|
||||
39 | File | `blocks.php` | Medium
|
||||
40 | File | `blog.cgi` | Medium
|
||||
41 | File | `bluewrench-video-widget.php` | High
|
||||
42 | File | `browse.php` | Medium
|
||||
43 | File | `carsdetail.asp` | High
|
||||
44 | ... | ... | ...
|
||||
5 | File | `/ajaxGetFileByPath.php` | High
|
||||
6 | File | `/app/sys1.php` | High
|
||||
7 | File | `/cgi-bin/editBookmark` | High
|
||||
8 | File | `/cgi-bin/luci;stok=/locale` | High
|
||||
9 | File | `/classes/Login.php` | High
|
||||
10 | File | `/configs/application.ini` | High
|
||||
11 | File | `/home/cavesConsole` | High
|
||||
12 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
13 | File | `/home/kickPlayer` | High
|
||||
14 | File | `/home/masterConsole` | High
|
||||
15 | File | `/home/sendBroadcast` | High
|
||||
16 | File | `/rapi/read_url` | High
|
||||
17 | File | `/services/Card/findUser` | High
|
||||
18 | File | `/spacecom/login.php` | High
|
||||
19 | File | `/student/bookdetails.php` | High
|
||||
20 | File | `/sys/dict/queryTableData` | High
|
||||
21 | File | `/Taier/API/tenant/listTenant` | High
|
||||
22 | File | `/ucenter/active.php` | High
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/user/updatePwd` | High
|
||||
25 | File | `/userRpm/PingIframeRpm` | High
|
||||
26 | File | `/vm/admin/doctors.php` | High
|
||||
27 | File | `/xampp/guestbook-en.pl` | High
|
||||
28 | File | `/zm/index.php` | High
|
||||
29 | File | `123flashchat.php` | High
|
||||
30 | File | `abook_database.php` | High
|
||||
31 | File | `action.php` | Medium
|
||||
32 | File | `admin.php` | Medium
|
||||
33 | File | `admin/admin_process.php` | High
|
||||
34 | File | `admin/user.php` | High
|
||||
35 | File | `admin/vqmods.app/vqmods.inc.php` | High
|
||||
36 | File | `afd.sys` | Low
|
||||
37 | File | `akocomment.php` | High
|
||||
38 | File | `app/routes/research.js` | High
|
||||
39 | File | `article.php` | Medium
|
||||
40 | File | `aviso.php` | Medium
|
||||
41 | File | `awredir.pl` | Medium
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 359 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -419,14 +419,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -437,62 +437,53 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/` | Low
|
||||
5 | File | `/admin/cashadvance_row.php` | High
|
||||
6 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/report/index.php` | High
|
||||
9 | File | `/admin/userprofile.php` | High
|
||||
10 | File | `/APR/login.php` | High
|
||||
11 | File | `/APR/signup.php` | High
|
||||
12 | File | `/cgi-bin/wapopen` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/classes/Master.php?f=delete_service` | High
|
||||
15 | File | `/classes/Master.php?f=save_course` | High
|
||||
16 | File | `/company/store` | High
|
||||
17 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
18 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
19 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
20 | File | `/Electron/download` | High
|
||||
21 | File | `/feeds/post/publish` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/h/` | Low
|
||||
24 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
25 | File | `/inc/topBarNav.php` | High
|
||||
26 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
27 | File | `/index.php?page=category_list` | High
|
||||
28 | File | `/jobinfo/` | Medium
|
||||
29 | File | `/KK_LS9ReportingPortal/GetData` | High
|
||||
30 | File | `/Moosikay/order.php` | High
|
||||
31 | File | `/opac/Actions.php?a=login` | High
|
||||
32 | File | `/PreviewHandler.ashx` | High
|
||||
33 | File | `/proxy` | Low
|
||||
34 | File | `/public/launchNewWindow.jsp` | High
|
||||
35 | File | `/reservation/add_message.php` | High
|
||||
36 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
37 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
38 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | File | `/student/bookdetails.php` | High
|
||||
41 | File | `/text/pdf/PdfReader.java` | High
|
||||
42 | File | `/uploads/exam_question/` | High
|
||||
43 | File | `/user/ticket/create` | High
|
||||
44 | File | `/user/updatePwd` | High
|
||||
45 | File | `/var/lib/docker/<remapping>` | High
|
||||
46 | File | `/wp-admin/admin-ajax.php` | High
|
||||
47 | File | `a-forms.php` | Medium
|
||||
48 | File | `account/signup.php` | High
|
||||
49 | File | `activenews_view.asp` | High
|
||||
50 | File | `adclick.php` | Medium
|
||||
51 | File | `addentry.php` | Medium
|
||||
52 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
|
||||
53 | File | `admin.a6mambocredits.php` | High
|
||||
54 | File | `admin.cropcanvas.php` | High
|
||||
55 | File | `admin.jcomments.php` | High
|
||||
56 | File | `admin.php` | Medium
|
||||
57 | ... | ... | ...
|
||||
4 | File | `/admin/list_addr_fwresource_ip.php` | High
|
||||
5 | File | `/admin/save.php` | High
|
||||
6 | File | `/admin/sys_sql_query.php` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
8 | File | `/api/download` | High
|
||||
9 | File | `/api/runscript` | High
|
||||
10 | File | `/api/v1/alerts` | High
|
||||
11 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/category.php` | High
|
||||
14 | File | `/categorypage.php` | High
|
||||
15 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
16 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
17 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
18 | File | `/classes/Master.php?f=delete_service` | High
|
||||
19 | File | `/company/store` | High
|
||||
20 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
21 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
22 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
23 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
24 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
25 | File | `/Electron/download` | High
|
||||
26 | File | `/etc/passwd` | Medium
|
||||
27 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
28 | File | `/feeds/post/publish` | High
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/h/` | Low
|
||||
31 | File | `/HNAP1` | Low
|
||||
32 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
33 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
34 | File | `/index.php?page=category_list` | High
|
||||
35 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
36 | File | `/jobinfo/` | Medium
|
||||
37 | File | `/Moosikay/order.php` | High
|
||||
38 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
39 | File | `/opac/Actions.php?a=login` | High
|
||||
40 | File | `/out.php` | Medium
|
||||
41 | File | `/PreviewHandler.ashx` | High
|
||||
42 | File | `/recipe-result` | High
|
||||
43 | File | `/register.do` | Medium
|
||||
44 | File | `/reservation/add_message.php` | High
|
||||
45 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
46 | File | `/RPS2019Service/status.html` | High
|
||||
47 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 495 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 419 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,10 +17,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -511,9 +511,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
481 | [6.2.4.2](https://vuldb.com/?ip.6.2.4.2) | - | - | High
|
||||
482 | [6.2.4.27](https://vuldb.com/?ip.6.2.4.27) | - | - | High
|
||||
483 | [6.2.5.2](https://vuldb.com/?ip.6.2.5.2) | - | - | High
|
||||
484 | ... | ... | ... | ...
|
||||
484 | [6.2.16.1](https://vuldb.com/?ip.6.2.16.1) | - | - | High
|
||||
485 | ... | ... | ... | ...
|
||||
|
||||
There are 1930 more IOC items available. Please use our online service to access the data.
|
||||
There are 1935 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -537,63 +538,59 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?ajax-request=jnews` | High
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
4 | File | `/academy/tutor/filter` | High
|
||||
5 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
6 | File | `/admin/?page=user/list` | High
|
||||
7 | File | `/admin/?page=user/manage` | High
|
||||
8 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
9 | File | `/admin/about-us.php` | High
|
||||
10 | File | `/admin/add-new.php` | High
|
||||
11 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
12 | File | `/admin/del_category.php` | High
|
||||
13 | File | `/admin/del_service.php` | High
|
||||
14 | File | `/admin/departments/view_department.php` | High
|
||||
15 | File | `/admin/doctors.php` | High
|
||||
16 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
17 | File | `/admin/edit-services.php` | High
|
||||
18 | File | `/admin/edit_category.php` | High
|
||||
19 | File | `/admin/edit_subject.php` | High
|
||||
20 | File | `/admin/forgot-password.php` | High
|
||||
21 | File | `/admin/index.php` | High
|
||||
22 | File | `/admin/login.php` | High
|
||||
23 | File | `/admin/products/manage_product.php` | High
|
||||
24 | File | `/admin/reg.php` | High
|
||||
25 | File | `/admin/search-appointment.php` | High
|
||||
26 | File | `/admin/sys_sql_query.php` | High
|
||||
27 | File | `/admin/user/manage_user.php` | High
|
||||
28 | File | `/alphaware/summary.php` | High
|
||||
29 | File | `/api/` | Low
|
||||
30 | File | `/api/admin/store/product/list` | High
|
||||
31 | File | `/api/baskets/{name}` | High
|
||||
32 | File | `/api/stl/actions/search` | High
|
||||
33 | File | `/api/v2/cli/commands` | High
|
||||
34 | File | `/apply.cgi` | Medium
|
||||
35 | File | `/bin/ate` | Medium
|
||||
36 | File | `/blog` | Low
|
||||
37 | File | `/boat/login.php` | High
|
||||
38 | File | `/booking/show_bookings/` | High
|
||||
39 | File | `/cgi-bin` | Medium
|
||||
40 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
41 | File | `/classes/master.php?f=delete_order` | High
|
||||
42 | File | `/collection/all` | High
|
||||
43 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
44 | File | `/csms/?page=contact_us` | High
|
||||
45 | File | `/dashboard/add-blog.php` | High
|
||||
46 | File | `/debug/pprof` | Medium
|
||||
47 | File | `/dipam/athlete-profile.php` | High
|
||||
48 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
49 | File | `/edoc/doctor/patient.php` | High
|
||||
50 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
51 | File | `/env` | Low
|
||||
52 | File | `/forms/doLogin` | High
|
||||
53 | File | `/forum/away.php` | High
|
||||
54 | File | `/fusion/portal/action/Link` | High
|
||||
55 | ... | ... | ...
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
3 | File | `/academy/tutor/filter` | High
|
||||
4 | File | `/admin/?page=user/list` | High
|
||||
5 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
6 | File | `/admin/about-us.php` | High
|
||||
7 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
8 | File | `/admin/del_category.php` | High
|
||||
9 | File | `/admin/del_service.php` | High
|
||||
10 | File | `/admin/departments/view_department.php` | High
|
||||
11 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
12 | File | `/admin/edit-services.php` | High
|
||||
13 | File | `/admin/edit_category.php` | High
|
||||
14 | File | `/admin/edit_subject.php` | High
|
||||
15 | File | `/admin/forgot-password.php` | High
|
||||
16 | File | `/admin/index.php` | High
|
||||
17 | File | `/admin/login.php` | High
|
||||
18 | File | `/admin/products/manage_product.php` | High
|
||||
19 | File | `/admin/reg.php` | High
|
||||
20 | File | `/admin/search-appointment.php` | High
|
||||
21 | File | `/admin/sys_sql_query.php` | High
|
||||
22 | File | `/admin/user/manage_user.php` | High
|
||||
23 | File | `/api/` | Low
|
||||
24 | File | `/api/admin/store/product/list` | High
|
||||
25 | File | `/api/baskets/{name}` | High
|
||||
26 | File | `/api/stl/actions/search` | High
|
||||
27 | File | `/api/v2/cli/commands` | High
|
||||
28 | File | `/appliance/users?action=edit` | High
|
||||
29 | File | `/apply.cgi` | Medium
|
||||
30 | File | `/bin/ate` | Medium
|
||||
31 | File | `/blog` | Low
|
||||
32 | File | `/booking/show_bookings/` | High
|
||||
33 | File | `/cgi-bin` | Medium
|
||||
34 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
35 | File | `/classes/master.php?f=delete_order` | High
|
||||
36 | File | `/collection/all` | High
|
||||
37 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
38 | File | `/csms/?page=contact_us` | High
|
||||
39 | File | `/dashboard/add-blog.php` | High
|
||||
40 | File | `/debug/pprof` | Medium
|
||||
41 | File | `/dipam/athlete-profile.php` | High
|
||||
42 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
43 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
44 | File | `/env` | Low
|
||||
45 | File | `/forms/doLogin` | High
|
||||
46 | File | `/forum/away.php` | High
|
||||
47 | File | `/fusion/portal/action/Link` | High
|
||||
48 | File | `/group1/uploa` | High
|
||||
49 | File | `/h/autoSaveDraft` | High
|
||||
50 | File | `/importexport.php` | High
|
||||
51 | ... | ... | ...
|
||||
|
||||
There are 476 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 447 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -601,6 +598,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://ddanchev.blogspot.com/2022/02/exposing-conti-ransomware-gang-osint_28.html
|
||||
* https://ddanchev.blogspot.com/2022/06/how-to-take-down-conti-ransomware-gang.html
|
||||
* https://github.com/pan-unit42/iocs/blob/master/Conti_IOCs.txt
|
||||
* https://github.com/sophoslabs/IoCs/blob/master/Ransomware-Conti.csv
|
||||
* https://thedfirreport.com/2021/05/12/conti-ransomware/
|
||||
* https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/
|
||||
|
|
|
@ -25,19 +25,20 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
2 | [10.13.102.58](https://vuldb.com/?ip.10.13.102.58) | - | - | High
|
||||
3 | [10.14.100.20](https://vuldb.com/?ip.10.14.100.20) | - | - | High
|
||||
4 | [10.133.78.41](https://vuldb.com/?ip.10.133.78.41) | - | - | High
|
||||
5 | [23.227.198.246](https://vuldb.com/?ip.23.227.198.246) | 23-227-198-246.static.hvvc.us | - | High
|
||||
6 | [31.44.184.84](https://vuldb.com/?ip.31.44.184.84) | - | - | High
|
||||
7 | [31.44.184.100](https://vuldb.com/?ip.31.44.184.100) | - | - | High
|
||||
8 | [31.184.192.44](https://vuldb.com/?ip.31.184.192.44) | - | - | High
|
||||
9 | [31.184.194.42](https://vuldb.com/?ip.31.184.194.42) | - | - | High
|
||||
10 | [31.184.198.74](https://vuldb.com/?ip.31.184.198.74) | - | - | High
|
||||
11 | [31.184.198.80](https://vuldb.com/?ip.31.184.198.80) | directingme.com | - | High
|
||||
12 | [31.184.198.82](https://vuldb.com/?ip.31.184.198.82) | harms.directingme.com | - | High
|
||||
13 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
|
||||
14 | [31.184.198.84](https://vuldb.com/?ip.31.184.198.84) | - | - | High
|
||||
15 | ... | ... | ... | ...
|
||||
5 | [23.160.193.145](https://vuldb.com/?ip.23.160.193.145) | server1.wlook.com | - | High
|
||||
6 | [23.227.198.246](https://vuldb.com/?ip.23.227.198.246) | 23-227-198-246.static.hvvc.us | - | High
|
||||
7 | [31.44.184.84](https://vuldb.com/?ip.31.44.184.84) | - | - | High
|
||||
8 | [31.44.184.100](https://vuldb.com/?ip.31.44.184.100) | - | - | High
|
||||
9 | [31.184.192.44](https://vuldb.com/?ip.31.184.192.44) | - | - | High
|
||||
10 | [31.184.194.42](https://vuldb.com/?ip.31.184.194.42) | - | - | High
|
||||
11 | [31.184.198.74](https://vuldb.com/?ip.31.184.198.74) | - | - | High
|
||||
12 | [31.184.198.80](https://vuldb.com/?ip.31.184.198.80) | directingme.com | - | High
|
||||
13 | [31.184.198.82](https://vuldb.com/?ip.31.184.198.82) | harms.directingme.com | - | High
|
||||
14 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
|
||||
15 | [31.184.198.84](https://vuldb.com/?ip.31.184.198.84) | - | - | High
|
||||
16 | ... | ... | ... | ...
|
||||
|
||||
There are 58 more IOC items available. Please use our online service to access the data.
|
||||
There are 60 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -47,7 +48,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
@ -61,57 +62,57 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/ad-list` | Medium
|
||||
3 | File | `/admin/adclass.php` | High
|
||||
4 | File | `/admin/students/view_details.php` | High
|
||||
5 | File | `/ajax-files/followBoard.php` | High
|
||||
6 | File | `/ajax.php?action=read_msg` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
2 | File | `/admin/adclass.php` | High
|
||||
3 | File | `/admin/admin-profile.php` | High
|
||||
4 | File | `/admin/sales/view_details.php` | High
|
||||
5 | File | `/admin/students/view_details.php` | High
|
||||
6 | File | `/ajax-files/followBoard.php` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/api/cron/settings/setJob/` | High
|
||||
9 | File | `/api/upload.php` | High
|
||||
10 | File | `/auth/callback` | High
|
||||
11 | File | `/authenticationendpoint/login.do` | High
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/cgi.cgi` | Medium
|
||||
15 | File | `/ci_spms/admin/search/searching/` | High
|
||||
16 | File | `/collection/all` | High
|
||||
17 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
18 | File | `/ctcprotocol/Protocol` | High
|
||||
19 | File | `/dottie.js` | Medium
|
||||
20 | File | `/DXR.axd` | Medium
|
||||
21 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
22 | File | `/etc/pki/pesign` | High
|
||||
23 | File | `/files/` | Low
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/goform/setportList` | High
|
||||
26 | File | `/h/autoSaveDraft` | High
|
||||
27 | File | `/home/get_tasks_list` | High
|
||||
28 | File | `/index.php` | Medium
|
||||
29 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
30 | File | `/index.php?page=member` | High
|
||||
31 | File | `/jurusanmatkul/data` | High
|
||||
32 | File | `/log/decodmail.php` | High
|
||||
33 | File | `/log/webmailattach.php` | High
|
||||
34 | File | `/login.php?do=login` | High
|
||||
35 | File | `/modules/projects/vw_files.php` | High
|
||||
36 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
37 | File | `/public/login.htm` | High
|
||||
38 | File | `/QueryView.php` | High
|
||||
39 | File | `/romfile.cfg` | Medium
|
||||
40 | File | `/roomtype-details.php` | High
|
||||
41 | File | `/search` | Low
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
44 | File | `/staff/bookdetails.php` | High
|
||||
45 | ... | ... | ...
|
||||
9 | File | `/api/v1/snapshots` | High
|
||||
10 | File | `/audit/log/log_management.php` | High
|
||||
11 | File | `/auth/callback` | High
|
||||
12 | File | `/authenticationendpoint/login.do` | High
|
||||
13 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
14 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/cgi.cgi` | Medium
|
||||
17 | File | `/collection/all` | High
|
||||
18 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
19 | File | `/ctcprotocol/Protocol` | High
|
||||
20 | File | `/dottie.js` | Medium
|
||||
21 | File | `/DXR.axd` | Medium
|
||||
22 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
23 | File | `/env` | Low
|
||||
24 | File | `/files/` | Low
|
||||
25 | File | `/forms/doLogin` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/goform/setportList` | High
|
||||
28 | File | `/h/autoSaveDraft` | High
|
||||
29 | File | `/home/get_tasks_list` | High
|
||||
30 | File | `/index.php` | Medium
|
||||
31 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
32 | File | `/index.php?page=member` | High
|
||||
33 | File | `/jurusanmatkul/data` | High
|
||||
34 | File | `/librarian/bookdetails.php` | High
|
||||
35 | File | `/log/decodmail.php` | High
|
||||
36 | File | `/log/webmailattach.php` | High
|
||||
37 | File | `/login.php?do=login` | High
|
||||
38 | File | `/public/login.htm` | High
|
||||
39 | File | `/QueryView.php` | High
|
||||
40 | File | `/recreate.php` | High
|
||||
41 | File | `/romfile.cfg` | Medium
|
||||
42 | File | `/roomtype-details.php` | High
|
||||
43 | File | `/search` | Low
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://securelist.com/cuba-ransomware/110533/
|
||||
* https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -23,18 +23,18 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.2.68.68](https://vuldb.com/?ip.5.2.68.68) | - | - | High
|
||||
2 | [5.2.68.77](https://vuldb.com/?ip.5.2.68.77) | - | - | High
|
||||
3 | [5.34.178.21](https://vuldb.com/?ip.5.34.178.21) | udfurgqxmjzcc.pserver.ru | - | High
|
||||
4 | [5.188.87.58](https://vuldb.com/?ip.5.188.87.58) | - | - | High
|
||||
5 | [45.89.65.198](https://vuldb.com/?ip.45.89.65.198) | 2.server.com | - | High
|
||||
6 | [45.141.87.89](https://vuldb.com/?ip.45.141.87.89) | - | - | High
|
||||
7 | [54.39.198.245](https://vuldb.com/?ip.54.39.198.245) | ip245.ip-54-39-198.net | - | High
|
||||
8 | [64.190.113.154](https://vuldb.com/?ip.64.190.113.154) | - | - | High
|
||||
9 | [65.20.75.41](https://vuldb.com/?ip.65.20.75.41) | 65.20.75.41.vultrusercontent.com | - | High
|
||||
10 | [66.42.63.27](https://vuldb.com/?ip.66.42.63.27) | 66.42.63.27.dedic.cheap | - | High
|
||||
11 | [79.110.62.96](https://vuldb.com/?ip.79.110.62.96) | - | - | High
|
||||
3 | [5.2.68.89](https://vuldb.com/?ip.5.2.68.89) | - | - | High
|
||||
4 | [5.34.178.21](https://vuldb.com/?ip.5.34.178.21) | udfurgqxmjzcc.pserver.ru | - | High
|
||||
5 | [5.188.87.58](https://vuldb.com/?ip.5.188.87.58) | - | - | High
|
||||
6 | [45.89.65.198](https://vuldb.com/?ip.45.89.65.198) | 2.server.com | - | High
|
||||
7 | [45.141.87.89](https://vuldb.com/?ip.45.141.87.89) | - | - | High
|
||||
8 | [54.39.198.245](https://vuldb.com/?ip.54.39.198.245) | ip245.ip-54-39-198.net | - | High
|
||||
9 | [64.190.113.154](https://vuldb.com/?ip.64.190.113.154) | - | - | High
|
||||
10 | [65.20.75.41](https://vuldb.com/?ip.65.20.75.41) | 65.20.75.41.vultrusercontent.com | - | High
|
||||
11 | [66.42.63.27](https://vuldb.com/?ip.66.42.63.27) | 66.42.63.27.dedic.cheap | - | High
|
||||
12 | ... | ... | ... | ...
|
||||
|
||||
There are 43 more IOC items available. Please use our online service to access the data.
|
||||
There are 44 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -60,27 +60,27 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/cashadvance_row.php` | High
|
||||
5 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/admin/save.php` | High
|
||||
8 | File | `/admin/sys_sql_query.php` | High
|
||||
9 | File | `/admin/userprofile.php` | High
|
||||
10 | File | `/api/baskets/{name}` | High
|
||||
11 | File | `/api/download` | High
|
||||
12 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
13 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
14 | File | `/category.php` | High
|
||||
15 | File | `/categorypage.php` | High
|
||||
16 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
17 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
18 | File | `/classes/Master.php?f=save_item` | High
|
||||
19 | File | `/company/store` | High
|
||||
20 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
21 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
22 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
23 | File | `/DXR.axd` | Medium
|
||||
24 | File | `/etc/passwd` | Medium
|
||||
4 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
5 | File | `/admin/maintenance/view_designation.php` | High
|
||||
6 | File | `/admin/save.php` | High
|
||||
7 | File | `/admin/sys_sql_query.php` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/download` | High
|
||||
10 | File | `/api/v1/alerts` | High
|
||||
11 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/category.php` | High
|
||||
14 | File | `/categorypage.php` | High
|
||||
15 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
16 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
17 | File | `/classes/Master.php?f=save_item` | High
|
||||
18 | File | `/company/store` | High
|
||||
19 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
20 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
21 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
22 | File | `/DXR.axd` | Medium
|
||||
23 | File | `/etc/passwd` | Medium
|
||||
24 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
25 | File | `/feeds/post/publish` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/h/` | Low
|
||||
|
@ -92,23 +92,23 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `/jobinfo/` | Medium
|
||||
34 | File | `/load.php` | Medium
|
||||
35 | File | `/Moosikay/order.php` | High
|
||||
36 | File | `/opac/Actions.php?a=login` | High
|
||||
37 | File | `/PreviewHandler.ashx` | High
|
||||
38 | File | `/recipe-result` | High
|
||||
39 | File | `/register.do` | Medium
|
||||
40 | File | `/reservation/add_message.php` | High
|
||||
41 | File | `/resources//../` | High
|
||||
42 | File | `/RPS2019Service/status.html` | High
|
||||
43 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
44 | File | `/sicweb-ajax/tmproot/` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | File | `/student/bookdetails.php` | High
|
||||
47 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
|
||||
48 | File | `/uploads/exam_question/` | High
|
||||
49 | File | `/user/ticket/create` | High
|
||||
50 | File | `/user/updatePwd` | High
|
||||
51 | File | `/UserSelfServiceSettings.jsp` | High
|
||||
52 | File | `/var/lib/docker/<remapping>` | High
|
||||
36 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
37 | File | `/opac/Actions.php?a=login` | High
|
||||
38 | File | `/PreviewHandler.ashx` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/recipe-result` | High
|
||||
41 | File | `/register.do` | Medium
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/resources//../` | High
|
||||
44 | File | `/RPS2019Service/status.html` | High
|
||||
45 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
46 | File | `/sicweb-ajax/tmproot/` | High
|
||||
47 | File | `/spip.php` | Medium
|
||||
48 | File | `/student/bookdetails.php` | High
|
||||
49 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
|
||||
50 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
|
||||
51 | File | `/uploads/exam_question/` | High
|
||||
52 | File | `/user/ticket/create` | High
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 462 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
@ -130,6 +130,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://tria.ge/230811-bmv8ysbf8s/behavioral2
|
||||
* https://tria.ge/230822-xp3lpsgc6v/behavioral2
|
||||
* https://tria.ge/230828-zp22aaah9s/behavioral1
|
||||
* https://twitter.com/0xw4ifu/status/1714738953016746247
|
||||
* https://twitter.com/AnFam17/status/1701963227955945552
|
||||
* https://twitter.com/malwrhunterteam/status/1704231060865778097
|
||||
* https://twitter.com/malwrhunterteam/status/1704483766461173984
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
@ -64,27 +64,28 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/file?action=download&file` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/hardware` | Medium
|
||||
13 | File | `/include/makecvs.php` | High
|
||||
14 | File | `/librarian/bookdetails.php` | High
|
||||
15 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||
16 | File | `/monitoring` | Medium
|
||||
17 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
18 | File | `/out.php` | Medium
|
||||
19 | File | `/owa/auth/logon.aspx` | High
|
||||
20 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
21 | File | `/plugins/servlet/audit/resource` | High
|
||||
22 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
23 | File | `/recordings/index.php` | High
|
||||
24 | File | `/replication` | Medium
|
||||
25 | File | `/rest/api/1.0/render` | High
|
||||
26 | File | `/RestAPI` | Medium
|
||||
27 | File | `/server-status` | High
|
||||
28 | File | `/tmp/zarafa-vacation-*` | High
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/upload` | Low
|
||||
31 | ... | ... | ...
|
||||
13 | File | `/importexport.php` | High
|
||||
14 | File | `/include/makecvs.php` | High
|
||||
15 | File | `/librarian/bookdetails.php` | High
|
||||
16 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||
17 | File | `/monitoring` | Medium
|
||||
18 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
19 | File | `/out.php` | Medium
|
||||
20 | File | `/owa/auth/logon.aspx` | High
|
||||
21 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
22 | File | `/plugins/servlet/audit/resource` | High
|
||||
23 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
24 | File | `/recordings/index.php` | High
|
||||
25 | File | `/replication` | Medium
|
||||
26 | File | `/rest/api/1.0/render` | High
|
||||
27 | File | `/RestAPI` | Medium
|
||||
28 | File | `/search.php` | Medium
|
||||
29 | File | `/server-status` | High
|
||||
30 | File | `/tmp/zarafa-vacation-*` | High
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 274 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,72 @@
|
|||
# Echobot - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Echobot](https://vuldb.com/?actor.echobot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.echobot](https://vuldb.com/?actor.echobot)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Echobot:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Echobot.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.89.106.108](https://vuldb.com/?ip.45.89.106.108) | - | - | High
|
||||
2 | [80.82.67.184](https://vuldb.com/?ip.80.82.67.184) | - | - | High
|
||||
3 | [80.82.67.209](https://vuldb.com/?ip.80.82.67.209) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Echobot_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Echobot. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/download` | Medium
|
||||
3 | File | `/forum/away.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://unit42.paloaltonetworks.com/mirai-variant-echobot-resurfaces-with-13-previously-unexploited-vulnerabilities/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -954,14 +954,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-35, CWE-37 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -970,43 +970,40 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$HOME/.terminfo` | High
|
||||
2 | File | `/academy/tutor/filter` | High
|
||||
3 | File | `/api/baskets/{name}` | High
|
||||
2 | File | `/admin/admin-profile.php` | High
|
||||
3 | File | `/admin/sales/view_details.php` | High
|
||||
4 | File | `/api/cron/settings/setJob/` | High
|
||||
5 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
6 | File | `/bin/login` | Medium
|
||||
7 | File | `/bin/mini_upnpd` | High
|
||||
8 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
9 | File | `/collection/all` | High
|
||||
10 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
11 | File | `/ctcprotocol/Protocol` | High
|
||||
12 | File | `/dashboard/add-blog.php` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/DXR.axd` | Medium
|
||||
15 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
16 | File | `/filemanager/ajax_calls.php` | High
|
||||
17 | File | `/files/` | Low
|
||||
5 | File | `/api/v1/snapshots` | High
|
||||
6 | File | `/aqpg/users/login.php` | High
|
||||
7 | File | `/audit/log/log_management.php` | High
|
||||
8 | File | `/authUserAction!edit.action` | High
|
||||
9 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
10 | File | `/cgi-bin/upload_vpntar` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/cgi/networkDiag.cgi` | High
|
||||
13 | File | `/dashboard/add-blog.php` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/dottie.js` | Medium
|
||||
16 | File | `/env` | Low
|
||||
17 | File | `/forms/doLogin` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
20 | File | `/group1/uploa` | High
|
||||
21 | File | `/h/autoSaveDraft` | High
|
||||
22 | File | `/h/search?action` | High
|
||||
23 | File | `/hrm/controller/employee.php` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
25 | File | `/importexport.php` | High
|
||||
26 | File | `/index.php/sysmanage/Login/login_auth/` | High
|
||||
27 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
28 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
29 | File | `/jurusanmatkul/data` | High
|
||||
30 | File | `/log/decodmail.php` | High
|
||||
31 | File | `/login.php?do=login` | High
|
||||
32 | File | `/mc` | Low
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/php-opos/index.php` | High
|
||||
35 | File | `/preview.php` | Medium
|
||||
36 | ... | ... | ...
|
||||
19 | File | `/index.php` | Medium
|
||||
20 | File | `/install/index.php` | High
|
||||
21 | File | `/librarian/bookdetails.php` | High
|
||||
22 | File | `/log/webmailattach.php` | High
|
||||
23 | File | `/mc` | Low
|
||||
24 | File | `/mgmt/` | Low
|
||||
25 | File | `/preview.php` | Medium
|
||||
26 | File | `/project/tasks/list` | High
|
||||
27 | File | `/public/login.htm` | High
|
||||
28 | File | `/qsr_server/device/reboot` | High
|
||||
29 | File | `/recreate.php` | High
|
||||
30 | File | `/search.php` | Medium
|
||||
31 | File | `/spip.php` | Medium
|
||||
32 | File | `/student/bookdetails.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 306 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 285 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -35,14 +35,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -55,60 +55,59 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/cashadvance_row.php` | High
|
||||
5 | File | `/admin/maintenance/view_designation.php` | High
|
||||
6 | File | `/admin/sys_sql_query.php` | High
|
||||
7 | File | `/admin/userprofile.php` | High
|
||||
8 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
10 | File | `/api/baskets/{name}` | High
|
||||
11 | File | `/api/download` | High
|
||||
6 | File | `/admin/save.php` | High
|
||||
7 | File | `/admin/sys_sql_query.php` | High
|
||||
8 | File | `/admin/userprofile.php` | High
|
||||
9 | File | `/api/baskets/{name}` | High
|
||||
10 | File | `/api/download` | High
|
||||
11 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
12 | File | `/api/v2/cli/commands` | High
|
||||
13 | File | `/APR/login.php` | High
|
||||
14 | File | `/bin/httpd` | Medium
|
||||
15 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
16 | File | `/category.php` | High
|
||||
17 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
18 | File | `/cgi-bin/wapopen` | High
|
||||
19 | File | `/company/store` | High
|
||||
20 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
21 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
22 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
23 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
24 | File | `/Duty/AjaxHandle/Write/UploadFile.ashx` | High
|
||||
25 | File | `/etc/passwd` | Medium
|
||||
13 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
14 | File | `/category.php` | High
|
||||
15 | File | `/categorypage.php` | High
|
||||
16 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
17 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
18 | File | `/company/store` | High
|
||||
19 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
20 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
21 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
22 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
23 | File | `/Duty/AjaxHandle/Write/UploadFile.ashx` | High
|
||||
24 | File | `/etc/passwd` | Medium
|
||||
25 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
26 | File | `/feeds/post/publish` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/h/` | Low
|
||||
29 | File | `/home/masterConsole` | High
|
||||
30 | File | `/home/sendBroadcast` | High
|
||||
31 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
32 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
33 | File | `/index.php?page=category_list` | High
|
||||
34 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
35 | File | `/jobinfo/` | Medium
|
||||
36 | File | `/librarian/bookdetails.php` | High
|
||||
37 | File | `/Moosikay/order.php` | High
|
||||
38 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
39 | File | `/opac/Actions.php?a=login` | High
|
||||
40 | File | `/php-opos/index.php` | High
|
||||
41 | File | `/PreviewHandler.ashx` | High
|
||||
42 | File | `/public/launchNewWindow.jsp` | High
|
||||
43 | File | `/recipe-result` | High
|
||||
44 | File | `/register.do` | Medium
|
||||
45 | File | `/reservation/add_message.php` | High
|
||||
46 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
47 | File | `/spip.php` | Medium
|
||||
48 | File | `/student/bookdetails.php` | High
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
31 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
32 | File | `/index.php?page=category_list` | High
|
||||
33 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
34 | File | `/jobinfo/` | Medium
|
||||
35 | File | `/librarian/bookdetails.php` | High
|
||||
36 | File | `/Moosikay/order.php` | High
|
||||
37 | File | `/opac/Actions.php?a=login` | High
|
||||
38 | File | `/PreviewHandler.ashx` | High
|
||||
39 | File | `/public/launchNewWindow.jsp` | High
|
||||
40 | File | `/recipe-result` | High
|
||||
41 | File | `/register.do` | Medium
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/RPS2019Service/status.html` | High
|
||||
44 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
45 | File | `/sicweb-ajax/tmproot/` | High
|
||||
46 | File | `/spip.php` | Medium
|
||||
47 | File | `/student/bookdetails.php` | High
|
||||
48 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
|
||||
49 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
|
||||
50 | File | `/uncpath/` | Medium
|
||||
51 | File | `/uploads/exam_question/` | High
|
||||
52 | File | `/user/ticket/create` | High
|
||||
53 | File | `/user/updatePwd` | High
|
||||
54 | File | `/UserSelfServiceSettings.jsp` | High
|
||||
55 | File | `/var/lib/docker/<remapping>` | High
|
||||
56 | File | `/var/www/core/controller/index.php` | High
|
||||
57 | ... | ... | ...
|
||||
50 | File | `/uploads/exam_question/` | High
|
||||
51 | File | `/user/ticket/create` | High
|
||||
52 | File | `/user/updatePwd` | High
|
||||
53 | File | `/UserSelfServiceSettings.jsp` | High
|
||||
54 | File | `/var/lib/docker/<remapping>` | High
|
||||
55 | File | `/wp-admin/admin-ajax.php` | High
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 495 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 490 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -28,14 +28,15 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
5 | [23.146.184.29](https://vuldb.com/?ip.23.146.184.29) | - | - | High
|
||||
6 | [35.176.231.198](https://vuldb.com/?ip.35.176.231.198) | ec2-35-176-231-198.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
7 | [37.221.67.161](https://vuldb.com/?ip.37.221.67.161) | cryptogod.us | - | High
|
||||
8 | [45.77.195.105](https://vuldb.com/?ip.45.77.195.105) | 45.77.195.105.vultrusercontent.com | - | High
|
||||
9 | [45.90.57.160](https://vuldb.com/?ip.45.90.57.160) | khalasar.omega.spb.ru | - | High
|
||||
10 | [45.130.201.23](https://vuldb.com/?ip.45.130.201.23) | - | - | High
|
||||
11 | [45.130.201.24](https://vuldb.com/?ip.45.130.201.24) | - | - | High
|
||||
12 | [47.91.94.97](https://vuldb.com/?ip.47.91.94.97) | - | - | High
|
||||
13 | ... | ... | ... | ...
|
||||
8 | [45.77.52.227](https://vuldb.com/?ip.45.77.52.227) | 45.77.52.227.vultrusercontent.com | - | High
|
||||
9 | [45.77.195.105](https://vuldb.com/?ip.45.77.195.105) | 45.77.195.105.vultrusercontent.com | - | High
|
||||
10 | [45.90.57.160](https://vuldb.com/?ip.45.90.57.160) | khalasar.omega.spb.ru | - | High
|
||||
11 | [45.130.201.23](https://vuldb.com/?ip.45.130.201.23) | - | - | High
|
||||
12 | [45.130.201.24](https://vuldb.com/?ip.45.130.201.24) | - | - | High
|
||||
13 | [47.91.94.97](https://vuldb.com/?ip.47.91.94.97) | - | - | High
|
||||
14 | ... | ... | ... | ...
|
||||
|
||||
There are 48 more IOC items available. Please use our online service to access the data.
|
||||
There are 50 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -51,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -71,14 +72,14 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/admin/userprofile.php` | High
|
||||
11 | File | `/api/baskets/{name}` | High
|
||||
12 | File | `/apply.cgi` | Medium
|
||||
13 | File | `/catalog/admin/categories.php?cPath=&action=new_product` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/College/admin/teacher.php` | High
|
||||
16 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
17 | File | `/dcim/rack-roles/` | High
|
||||
18 | File | `/domains/index.fts` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/foundry/modules/news/newscolumns.php` | High
|
||||
13 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
14 | File | `/catalog/admin/categories.php?cPath=&action=new_product` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/College/admin/teacher.php` | High
|
||||
17 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
18 | File | `/dcim/rack-roles/` | High
|
||||
19 | File | `/domains/index.fts` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/ghost/preview` | High
|
||||
22 | File | `/goform/addUserName` | High
|
||||
23 | File | `/goform/aspForm` | High
|
||||
|
@ -92,28 +93,28 @@ ID | Type | Indicator | Confidence
|
|||
31 | File | `/jfinal_cms/system/role/list` | High
|
||||
32 | File | `/kelas/data` | Medium
|
||||
33 | File | `/Moosikay/order.php` | High
|
||||
34 | File | `/Mum.Geo.Services/DataAccessService.svc` | High
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/paysystem/datatable.php` | High
|
||||
37 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
38 | File | `/product_list.php` | High
|
||||
39 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
40 | File | `/server/ajax/events_manager.php` | High
|
||||
41 | File | `/server/ajax/user_manager.php` | High
|
||||
42 | File | `/smstest.html` | High
|
||||
43 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
44 | File | `/staff/edit_book_details.php` | High
|
||||
45 | File | `/SysManage/AddUpdateRole.aspx` | High
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/user/profile` | High
|
||||
48 | File | `/vloggers_merch/admin/?page=product/manage_product` | High
|
||||
49 | File | `/webman/info.cgi` | High
|
||||
50 | File | `/wp-admin/admin-ajax.php` | High
|
||||
51 | File | `acloudCosAction.php.SQL` | High
|
||||
52 | File | `ActiveServices.java` | High
|
||||
34 | File | `/out.php` | Medium
|
||||
35 | File | `/paysystem/datatable.php` | High
|
||||
36 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
37 | File | `/product_list.php` | High
|
||||
38 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
39 | File | `/server/ajax/events_manager.php` | High
|
||||
40 | File | `/server/ajax/user_manager.php` | High
|
||||
41 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
42 | File | `/staff/edit_book_details.php` | High
|
||||
43 | File | `/SysManage/AddUpdateRole.aspx` | High
|
||||
44 | File | `/sysmanage/importconf.php` | High
|
||||
45 | File | `/uncpath/` | Medium
|
||||
46 | File | `/user/profile` | High
|
||||
47 | File | `/vloggers_merch/admin/?page=product/manage_product` | High
|
||||
48 | File | `/webman/info.cgi` | High
|
||||
49 | File | `/wp-admin/admin-ajax.php` | High
|
||||
50 | File | `acloudCosAction.php.SQL` | High
|
||||
51 | File | `ActiveServices.java` | High
|
||||
52 | File | `adclick.php` | Medium
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 458 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 465 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -141,6 +142,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://twitter.com/threatcat_ch/status/1666706124836405248
|
||||
* https://twitter.com/threatcat_ch/status/1668596702696054785
|
||||
* https://urlscan.io/search/#ip%3A88.119.169.145
|
||||
* https://www.virustotal.com/gui/domain/2023.ebeenj.com/relations
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -101,7 +101,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -114,57 +115,53 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/save.php` | High
|
||||
6 | File | `/admin/sys_sql_query.php` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
8 | File | `/api/download` | High
|
||||
9 | File | `/api/stl/actions/search` | High
|
||||
10 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
11 | File | `/bin/ate` | Medium
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/booking/show_bookings/` | High
|
||||
14 | File | `/category.php` | High
|
||||
15 | File | `/categorypage.php` | High
|
||||
16 | File | `/cgi-bin` | Medium
|
||||
17 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
18 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
19 | File | `/company/store` | High
|
||||
20 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
21 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
22 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
23 | File | `/dashboard/add-blog.php` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/env` | Low
|
||||
26 | File | `/etc/passwd` | Medium
|
||||
27 | File | `/feeds/post/publish` | High
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/group1/uploa` | High
|
||||
30 | File | `/h/` | Low
|
||||
31 | File | `/HNAP1` | Low
|
||||
32 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
33 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
34 | File | `/index.php?page=category_list` | High
|
||||
35 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
36 | File | `/jobinfo/` | Medium
|
||||
37 | File | `/Moosikay/order.php` | High
|
||||
38 | File | `/opac/Actions.php?a=login` | High
|
||||
39 | File | `/pharmacy-sales-and-inventory-system/manage_user.php` | High
|
||||
40 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
41 | File | `/PreviewHandler.ashx` | High
|
||||
42 | File | `/recipe-result` | High
|
||||
43 | File | `/register.do` | Medium
|
||||
44 | File | `/reservation/add_message.php` | High
|
||||
45 | File | `/resources//../` | High
|
||||
46 | File | `/RPS2019Service/status.html` | High
|
||||
47 | File | `/scripts/unlock_tasks.php` | High
|
||||
48 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
49 | File | `/sicweb-ajax/tmproot/` | High
|
||||
50 | File | `/spip.php` | Medium
|
||||
51 | File | `/student/bookdetails.php` | High
|
||||
52 | ... | ... | ...
|
||||
4 | File | `/admin/save.php` | High
|
||||
5 | File | `/admin/sys_sql_query.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/download` | High
|
||||
8 | File | `/api/stl/actions/search` | High
|
||||
9 | File | `/api/sys/login` | High
|
||||
10 | File | `/api/sys/set_passwd` | High
|
||||
11 | File | `/api/v1/alerts` | High
|
||||
12 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
13 | File | `/bin/ate` | Medium
|
||||
14 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
15 | File | `/booking/show_bookings/` | High
|
||||
16 | File | `/category.php` | High
|
||||
17 | File | `/categorypage.php` | High
|
||||
18 | File | `/cgi-bin` | Medium
|
||||
19 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
20 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
21 | File | `/changePassword` | High
|
||||
22 | File | `/company/store` | High
|
||||
23 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
24 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
25 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
26 | File | `/dashboard/add-blog.php` | High
|
||||
27 | File | `/debug/pprof` | Medium
|
||||
28 | File | `/env` | Low
|
||||
29 | File | `/etc/passwd` | Medium
|
||||
30 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
31 | File | `/forum/away.php` | High
|
||||
32 | File | `/group1/uploa` | High
|
||||
33 | File | `/h/` | Low
|
||||
34 | File | `/HNAP1` | Low
|
||||
35 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
36 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
37 | File | `/index.php?page=category_list` | High
|
||||
38 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
39 | File | `/jobinfo/` | Medium
|
||||
40 | File | `/Moosikay/order.php` | High
|
||||
41 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
42 | File | `/opac/Actions.php?a=login` | High
|
||||
43 | File | `/pharmacy-sales-and-inventory-system/manage_user.php` | High
|
||||
44 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
45 | File | `/PreviewHandler.ashx` | High
|
||||
46 | File | `/proxy` | Low
|
||||
47 | File | `/recipe-result` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 454 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 416 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -42,7 +42,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
@ -58,44 +58,46 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
2 | File | `/admin.php/news/admin/topic/save` | High
|
||||
3 | File | `/admin/comn/service/update.json` | High
|
||||
4 | File | `/api/files/` | Medium
|
||||
5 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
6 | File | `/apply.cgi` | Medium
|
||||
7 | File | `/card_scan.php` | High
|
||||
8 | File | `/cgi-bin/luci/api/switch` | High
|
||||
9 | File | `/cgi-bin/sm_changepassword.cgi` | High
|
||||
10 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
13 | File | `/contact.php` | Medium
|
||||
14 | File | `/cwc/login` | Medium
|
||||
15 | File | `/dev/shm` | Medium
|
||||
16 | File | `/dl/dl_print.php` | High
|
||||
17 | File | `/download` | Medium
|
||||
18 | File | `/etc/quagga` | Medium
|
||||
19 | File | `/etc/shadow` | Medium
|
||||
20 | File | `/export` | Low
|
||||
21 | File | `/forms/doLogin` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/getcfg.php` | Medium
|
||||
24 | File | `/guest_auth/cfg/upLoadCfg.php` | High
|
||||
25 | File | `/h/calendar` | Medium
|
||||
26 | File | `/inc/extensions.php` | High
|
||||
27 | File | `/include/chart_generator.php` | High
|
||||
28 | File | `/index.php` | Medium
|
||||
29 | File | `/items/search` | High
|
||||
30 | File | `/jsonrpc` | Medium
|
||||
31 | File | `/load.php` | Medium
|
||||
32 | File | `/mims/login.php` | High
|
||||
33 | File | `/nova/bin/console` | High
|
||||
34 | File | `/nova/bin/detnet` | High
|
||||
35 | File | `/ofcms/company-c-47` | High
|
||||
36 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/pages/animals.php` | High
|
||||
39 | ... | ... | ...
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/api/files/` | Medium
|
||||
6 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
7 | File | `/apply.cgi` | Medium
|
||||
8 | File | `/card_scan.php` | High
|
||||
9 | File | `/cgi-bin/luci/api/switch` | High
|
||||
10 | File | `/cgi-bin/sm_changepassword.cgi` | High
|
||||
11 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
14 | File | `/contact.php` | Medium
|
||||
15 | File | `/cwc/login` | Medium
|
||||
16 | File | `/dev/shm` | Medium
|
||||
17 | File | `/dl/dl_print.php` | High
|
||||
18 | File | `/download` | Medium
|
||||
19 | File | `/etc/quagga` | Medium
|
||||
20 | File | `/etc/shadow` | Medium
|
||||
21 | File | `/export` | Low
|
||||
22 | File | `/forms/doLogin` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/getcfg.php` | Medium
|
||||
25 | File | `/guest_auth/cfg/upLoadCfg.php` | High
|
||||
26 | File | `/h/calendar` | Medium
|
||||
27 | File | `/inc/extensions.php` | High
|
||||
28 | File | `/include/chart_generator.php` | High
|
||||
29 | File | `/index.php` | Medium
|
||||
30 | File | `/items/search` | High
|
||||
31 | File | `/jsonrpc` | Medium
|
||||
32 | File | `/load.php` | Medium
|
||||
33 | File | `/mims/login.php` | High
|
||||
34 | File | `/nova/bin/console` | High
|
||||
35 | File | `/nova/bin/detnet` | High
|
||||
36 | File | `/ofcms/company-c-47` | High
|
||||
37 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/pages/animals.php` | High
|
||||
40 | File | `/rapi/read_url` | High
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 338 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 357 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
@ -82,10 +82,10 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `adminlogin.asp` | High
|
||||
24 | File | `Adminstrator/Users/Edit/` | High
|
||||
25 | File | `advsearch.php` | High
|
||||
26 | File | `append/override_content_security_policy_directives` | High
|
||||
26 | File | `AppDMClient` | Medium
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 224 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 228 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FritzFrog:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IN](https://vuldb.com/?country.in)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -328,14 +328,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -343,46 +343,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/act/ActDao.xml` | High
|
||||
4 | File | `/admin/bookings/manage_booking.php` | High
|
||||
5 | File | `/admin/edit_product.php` | High
|
||||
6 | File | `/admin/index.php` | High
|
||||
7 | File | `/admin/sys_sql_query.php` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/upload.php` | High
|
||||
10 | File | `/api?path=profile` | High
|
||||
11 | File | `/aya/module/admin/fst_down.inc.php` | High
|
||||
12 | File | `/blog` | Low
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/classes/Master.php?f=delete_category` | High
|
||||
15 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
16 | File | `/classes/Master.php?f=delete_item` | High
|
||||
17 | File | `/classes/Master.php?f=delete_service` | High
|
||||
18 | File | `/classes/Master.php?f=save_service` | High
|
||||
19 | File | `/classes/Users.php` | High
|
||||
20 | File | `/classes/Users.php?f=save` | High
|
||||
21 | File | `/company/store` | High
|
||||
22 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
23 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
24 | File | `/CPE` | Low
|
||||
25 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
26 | File | `/ecommerce/support_ticket` | High
|
||||
27 | File | `/etc/passwd` | Medium
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/FuguHub/cmsdocs/` | High
|
||||
30 | File | `/graphql` | Medium
|
||||
31 | File | `/group1/uploa` | High
|
||||
32 | File | `/h/` | Low
|
||||
33 | File | `/h/autoSaveDraft` | High
|
||||
34 | File | `/HNAP1` | Low
|
||||
35 | File | `/home/search` | Medium
|
||||
36 | File | `/index.php` | Medium
|
||||
37 | File | `/install/index.php` | High
|
||||
1 | File | `$HOME/.terminfo` | High
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/admin/admin-profile.php` | High
|
||||
4 | File | `/admin/sales/view_details.php` | High
|
||||
5 | File | `/admin/save.php` | High
|
||||
6 | File | `/admin/user.php` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
8 | File | `/api/cron/settings/setJob/` | High
|
||||
9 | File | `/api/v1/alerts` | High
|
||||
10 | File | `/api/v1/snapshots` | High
|
||||
11 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
12 | File | `/audit/log/log_management.php` | High
|
||||
13 | File | `/categorypage.php` | High
|
||||
14 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
15 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
16 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
17 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
18 | File | `/classes/Users.php` | High
|
||||
19 | File | `/dashboard/add-blog.php` | High
|
||||
20 | File | `/dottie.js` | Medium
|
||||
21 | File | `/env` | Low
|
||||
22 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
23 | File | `/forms/doLogin` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/goform/Diagnosis` | High
|
||||
26 | File | `/HNAP1` | Low
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/jerry-core/ecma/base/ecma-helpers-string.c` | High
|
||||
29 | File | `/leaves/validate` | High
|
||||
30 | File | `/librarian/bookdetails.php` | High
|
||||
31 | File | `/log/webmailattach.php` | High
|
||||
32 | File | `/mail.php` | Medium
|
||||
33 | File | `/mgmt/` | Low
|
||||
34 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/php-opos/index.php` | High
|
||||
37 | File | `/php-spms/admin/?page=user/` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 323 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -99,8 +99,7 @@ ID | Type | Indicator | Confidence
|
|||
32 | File | `adclick.php` | Medium
|
||||
33 | File | `admin.php` | Medium
|
||||
34 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
|
||||
35 | File | `admin/controller/pages/localisation/language.php` | High
|
||||
36 | ... | ... | ...
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -116,7 +116,7 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `$HOME/.terminfo` | High
|
||||
2 | File | `/act/ActDao.xml` | High
|
||||
3 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
4 | File | `/ajax.php?action=read_msg` | High
|
||||
4 | File | `/admin/user.php` | High
|
||||
5 | File | `/api/baskets/{name}` | High
|
||||
6 | File | `/bin/ate` | Medium
|
||||
7 | File | `/bin/login` | Medium
|
||||
|
@ -124,36 +124,37 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/booking/show_bookings/` | High
|
||||
10 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
11 | File | `/cgi/networkDiag.cgi` | High
|
||||
12 | File | `/classes/Master.php?f=delete_category` | High
|
||||
13 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
14 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
15 | File | `/dashboard/add-blog.php` | High
|
||||
16 | File | `/debug/pprof` | Medium
|
||||
17 | File | `/env` | Low
|
||||
18 | File | `/etc/passwd` | Medium
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/getcfg.php` | Medium
|
||||
21 | File | `/goform/AdvSetLanip` | High
|
||||
22 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
23 | File | `/goform/net\_Web\_get_value` | High
|
||||
24 | File | `/goform/setmac` | High
|
||||
25 | File | `/goform/setMacFilterCfg` | High
|
||||
26 | File | `/goform/SetSysTimeCfg` | High
|
||||
27 | File | `/goform/set_LimitClient_cfg` | High
|
||||
28 | File | `/goform/WifiGuestSet` | High
|
||||
29 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
30 | File | `/group1/uploa` | High
|
||||
31 | File | `/h/autoSaveDraft` | High
|
||||
32 | File | `/h/search?action` | High
|
||||
33 | File | `/hss/admin/?page=products/view_product` | High
|
||||
34 | File | `/importexport.php` | High
|
||||
35 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
36 | File | `/index.php/sysmanage/Login/login_auth/` | High
|
||||
37 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
38 | File | `/kelasdosen/data` | High
|
||||
39 | ... | ... | ...
|
||||
12 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
13 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
14 | File | `/dashboard/add-blog.php` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/env` | Low
|
||||
17 | File | `/etc/passwd` | Medium
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/getcfg.php` | Medium
|
||||
20 | File | `/goform/AdvSetLanip` | High
|
||||
21 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
22 | File | `/goform/net\_Web\_get_value` | High
|
||||
23 | File | `/goform/setmac` | High
|
||||
24 | File | `/goform/setMacFilterCfg` | High
|
||||
25 | File | `/goform/SetSysTimeCfg` | High
|
||||
26 | File | `/goform/set_LimitClient_cfg` | High
|
||||
27 | File | `/goform/WifiGuestSet` | High
|
||||
28 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
29 | File | `/group1/uploa` | High
|
||||
30 | File | `/h/autoSaveDraft` | High
|
||||
31 | File | `/h/search?action` | High
|
||||
32 | File | `/hss/admin/?page=products/view_product` | High
|
||||
33 | File | `/importexport.php` | High
|
||||
34 | File | `/index.php/sysmanage/Login/login_auth/` | High
|
||||
35 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
36 | File | `/kelasdosen/data` | High
|
||||
37 | File | `/mgmt/` | Low
|
||||
38 | File | `/net/sched/cls_fw.c` | High
|
||||
39 | File | `/owa/auth/logon.aspx` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 338 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 344 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -63,52 +63,50 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/api/download` | High
|
||||
13 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
14 | File | `/APR/login.php` | High
|
||||
15 | File | `/bin/httpd` | Medium
|
||||
16 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
17 | File | `/category.php` | High
|
||||
18 | File | `/categorypage.php` | High
|
||||
19 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
20 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
21 | File | `/cgi-bin/wapopen` | High
|
||||
22 | File | `/company/store` | High
|
||||
23 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
24 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
25 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
26 | File | `/etc/passwd` | Medium
|
||||
27 | File | `/feeds/post/publish` | High
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/h/` | Low
|
||||
30 | File | `/HNAP1` | Low
|
||||
31 | File | `/home/masterConsole` | High
|
||||
32 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
33 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
34 | File | `/index.php?page=category_list` | High
|
||||
35 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
36 | File | `/jobinfo/` | Medium
|
||||
37 | File | `/Moosikay/order.php` | High
|
||||
38 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
39 | File | `/opac/Actions.php?a=login` | High
|
||||
40 | File | `/php-opos/index.php` | High
|
||||
41 | File | `/PreviewHandler.ashx` | High
|
||||
42 | File | `/public/launchNewWindow.jsp` | High
|
||||
43 | File | `/recipe-result` | High
|
||||
44 | File | `/register.do` | Medium
|
||||
45 | File | `/reservation/add_message.php` | High
|
||||
46 | File | `/RPS2019Service/status.html` | High
|
||||
47 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
48 | File | `/sicweb-ajax/tmproot/` | High
|
||||
49 | File | `/spip.php` | Medium
|
||||
50 | File | `/student/bookdetails.php` | High
|
||||
51 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
|
||||
52 | File | `/uncpath/` | Medium
|
||||
53 | File | `/uploads/exam_question/` | High
|
||||
54 | File | `/user/ticket/create` | High
|
||||
55 | File | `/user/updatePwd` | High
|
||||
56 | File | `/UserSelfServiceSettings.jsp` | High
|
||||
57 | File | `/var/lib/docker/<remapping>` | High
|
||||
58 | ... | ... | ...
|
||||
15 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
16 | File | `/category.php` | High
|
||||
17 | File | `/categorypage.php` | High
|
||||
18 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
19 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
20 | File | `/cgi-bin/wapopen` | High
|
||||
21 | File | `/company/store` | High
|
||||
22 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
23 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
24 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
25 | File | `/etc/passwd` | Medium
|
||||
26 | File | `/feeds/post/publish` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/h/` | Low
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
31 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
32 | File | `/index.php?page=category_list` | High
|
||||
33 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
34 | File | `/jobinfo/` | Medium
|
||||
35 | File | `/Moosikay/order.php` | High
|
||||
36 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
37 | File | `/opac/Actions.php?a=login` | High
|
||||
38 | File | `/php-opos/index.php` | High
|
||||
39 | File | `/PreviewHandler.ashx` | High
|
||||
40 | File | `/public/launchNewWindow.jsp` | High
|
||||
41 | File | `/recipe-result` | High
|
||||
42 | File | `/register.do` | Medium
|
||||
43 | File | `/reservation/add_message.php` | High
|
||||
44 | File | `/RPS2019Service/status.html` | High
|
||||
45 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
46 | File | `/sicweb-ajax/tmproot/` | High
|
||||
47 | File | `/spip.php` | Medium
|
||||
48 | File | `/student/bookdetails.php` | High
|
||||
49 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
|
||||
50 | File | `/uploads/exam_question/` | High
|
||||
51 | File | `/user/ticket/create` | High
|
||||
52 | File | `/user/updatePwd` | High
|
||||
53 | File | `/UserSelfServiceSettings.jsp` | High
|
||||
54 | File | `/var/lib/docker/<remapping>` | High
|
||||
55 | File | `/wp-admin/admin-ajax.php` | High
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 503 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 492 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -160,9 +160,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -174,54 +175,57 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
4 | File | `/ad-list` | Medium
|
||||
5 | File | `/admin/attendance_row.php` | High
|
||||
6 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
7 | File | `/admin/edit-services.php` | High
|
||||
8 | File | `/admin/edit_subject.php` | High
|
||||
9 | File | `/admin/employee_row.php` | High
|
||||
10 | File | `/admin/login.php` | High
|
||||
11 | File | `/admin/maintenance/brand.php` | High
|
||||
12 | File | `/admin/maintenance/view_designation.php` | High
|
||||
13 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
14 | File | `/admin/orders/update_status.php` | High
|
||||
15 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
16 | File | `/admin/reportupload.aspx` | High
|
||||
17 | File | `/admin/service.php` | High
|
||||
18 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
19 | File | `/admin/test_status.php` | High
|
||||
20 | File | `/admin/transactions/track_shipment.php` | High
|
||||
21 | File | `/api/baskets/{name}` | High
|
||||
22 | File | `/api/crontab` | Medium
|
||||
23 | File | `/api/stl/actions/search` | High
|
||||
24 | File | `/api/v2/cli/commands` | High
|
||||
25 | File | `/api2/html/` | Medium
|
||||
26 | File | `/apply.cgi` | Medium
|
||||
27 | File | `/archibus/login.axvw` | High
|
||||
28 | File | `/bin/ate` | Medium
|
||||
29 | File | `/blog` | Low
|
||||
30 | File | `/booking/show_bookings/` | High
|
||||
31 | File | `/cgi-bin` | Medium
|
||||
32 | File | `/cgi-bin/nightled.cgi` | High
|
||||
33 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
34 | File | `/change-language/de_DE` | High
|
||||
35 | File | `/churchcrm/v2/family/not-found` | High
|
||||
36 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
37 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
38 | File | `/company/store` | High
|
||||
39 | File | `/config` | Low
|
||||
40 | File | `/config/php.ini` | High
|
||||
41 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
42 | File | `/csms/?page=contact_us` | High
|
||||
43 | File | `/dashboard/add-blog.php` | High
|
||||
44 | File | `/debug/pprof` | Medium
|
||||
45 | File | `/dipam/save-delegates.php` | High
|
||||
46 | File | `/env` | Low
|
||||
47 | File | `/file_manager/admin/save_user.php` | High
|
||||
48 | File | `/forum/away.php` | High
|
||||
49 | File | `/friends` | Medium
|
||||
50 | ... | ... | ...
|
||||
5 | File | `/admin/?page=bike` | High
|
||||
6 | File | `/admin/attendance_row.php` | High
|
||||
7 | File | `/admin/config/uploadicon.php` | High
|
||||
8 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
9 | File | `/admin/edit-services.php` | High
|
||||
10 | File | `/admin/edit_subject.php` | High
|
||||
11 | File | `/admin/employee_row.php` | High
|
||||
12 | File | `/admin/login.php` | High
|
||||
13 | File | `/admin/maintenance/brand.php` | High
|
||||
14 | File | `/admin/maintenance/view_designation.php` | High
|
||||
15 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
16 | File | `/admin/orders/update_status.php` | High
|
||||
17 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
18 | File | `/admin/reportupload.aspx` | High
|
||||
19 | File | `/admin/service.php` | High
|
||||
20 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
21 | File | `/admin/test_status.php` | High
|
||||
22 | File | `/admin/transactions/track_shipment.php` | High
|
||||
23 | File | `/api/baskets/{name}` | High
|
||||
24 | File | `/api/crontab` | Medium
|
||||
25 | File | `/api/stl/actions/search` | High
|
||||
26 | File | `/api/sys/login` | High
|
||||
27 | File | `/api/sys/set_passwd` | High
|
||||
28 | File | `/api/v2/cli/commands` | High
|
||||
29 | File | `/api2/html/` | Medium
|
||||
30 | File | `/apply.cgi` | Medium
|
||||
31 | File | `/archibus/login.axvw` | High
|
||||
32 | File | `/bin/ate` | Medium
|
||||
33 | File | `/blog` | Low
|
||||
34 | File | `/booking/show_bookings/` | High
|
||||
35 | File | `/cgi-bin` | Medium
|
||||
36 | File | `/cgi-bin/nightled.cgi` | High
|
||||
37 | File | `/change-language/de_DE` | High
|
||||
38 | File | `/changePassword` | High
|
||||
39 | File | `/churchcrm/v2/family/not-found` | High
|
||||
40 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
41 | File | `/company/store` | High
|
||||
42 | File | `/config` | Low
|
||||
43 | File | `/config/php.ini` | High
|
||||
44 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
45 | File | `/csms/?page=contact_us` | High
|
||||
46 | File | `/dashboard/add-blog.php` | High
|
||||
47 | File | `/debug/pprof` | Medium
|
||||
48 | File | `/dipam/save-delegates.php` | High
|
||||
49 | File | `/env` | Low
|
||||
50 | File | `/file_manager/admin/save_user.php` | High
|
||||
51 | File | `/forum/away.php` | High
|
||||
52 | File | `/friends` | Medium
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 437 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 465 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -23,10 +23,11 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.2.75.164](https://vuldb.com/?ip.5.2.75.164) | - | - | High
|
||||
2 | [5.8.8.100](https://vuldb.com/?ip.5.8.8.100) | - | - | High
|
||||
3 | [37.0.8.96](https://vuldb.com/?ip.37.0.8.96) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
3 | [23.254.227.202](https://vuldb.com/?ip.23.254.227.202) | client-23-254-227-202.hostwindsdns.com | - | High
|
||||
4 | [23.254.227.205](https://vuldb.com/?ip.23.254.227.205) | client-23-254-227-205.hostwindsdns.com | - | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
There are 15 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -35,12 +36,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -51,29 +53,35 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/admin/ajax.php?action=save_window` | High
|
||||
3 | File | `/admin/index2.html` | High
|
||||
4 | File | `/connectors/index.php` | High
|
||||
5 | File | `/dashboard/add-portfolio.php` | High
|
||||
6 | File | `/forum/away.php` | High
|
||||
7 | File | `/ghost/preview` | High
|
||||
8 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
|
||||
9 | File | `/login` | Low
|
||||
10 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
|
||||
11 | File | `/opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def` | High
|
||||
12 | File | `/sdm-ws-rest/preconfiguration` | High
|
||||
13 | File | `/settings` | Medium
|
||||
14 | File | `/uapi/doc` | Medium
|
||||
15 | File | `/uncpath/` | Medium
|
||||
16 | File | `/updownload/t.report` | High
|
||||
17 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
18 | File | `/woocommerce-stock-manager/trunk/admin/views/import-export.php` | High
|
||||
19 | ... | ... | ...
|
||||
4 | File | `/cgi/get_param.cgi` | High
|
||||
5 | File | `/common/download_agent_installer.php` | High
|
||||
6 | File | `/common/run_cross_report.php` | High
|
||||
7 | File | `/connectors/index.php` | High
|
||||
8 | File | `/dashboard/add-portfolio.php` | High
|
||||
9 | File | `/EXCU_SHELL` | Medium
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/ghost/preview` | High
|
||||
12 | File | `/goform/addressNat` | High
|
||||
13 | File | `/goform/NatStaticSetting` | High
|
||||
14 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
|
||||
15 | File | `/login` | Low
|
||||
16 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
|
||||
17 | File | `/opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def` | High
|
||||
18 | File | `/php-sms/admin/?page=services/manage_service` | High
|
||||
19 | File | `/sdm-ws-rest/preconfiguration` | High
|
||||
20 | File | `/settings` | Medium
|
||||
21 | File | `/uapi/doc` | Medium
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/updownload/t.report` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 155 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 197 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://any.run/cybersecurity-blog/deobfuscating-guloader/
|
||||
* https://asec.ahnlab.com/en/36042/
|
||||
* https://asec.ahnlab.com/en/36294/
|
||||
* https://asec.ahnlab.com/en/36785/
|
||||
|
|
|
@ -9,7 +9,6 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hexmen:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -33,12 +32,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1202 | CWE-77 | Command Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1202 | CWE-77 | Command Injection | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -50,62 +50,62 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/admin.php` | High
|
||||
2 | File | `/card_scan.php` | High
|
||||
3 | File | `/cgi-bin/viewcert` | High
|
||||
4 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
5 | File | `/cwc/login` | Medium
|
||||
6 | File | `/download` | Medium
|
||||
7 | File | `/DXR.axd` | Medium
|
||||
8 | File | `/etc/quagga` | Medium
|
||||
9 | File | `/etc/shadow` | Medium
|
||||
10 | File | `/forms/doLogin` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/h/calendar` | Medium
|
||||
13 | File | `/importexport.php` | High
|
||||
14 | File | `/inc/extensions.php` | High
|
||||
15 | File | `/log/decodmail.php` | High
|
||||
16 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
17 | File | `/nova/bin/console` | High
|
||||
18 | File | `/nova/bin/detnet` | High
|
||||
19 | File | `/out.php` | Medium
|
||||
20 | File | `/req_password_user.php` | High
|
||||
21 | File | `/rom-0` | Low
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/see_more_details.php` | High
|
||||
24 | File | `/servlet/webacc` | High
|
||||
25 | File | `/ServletAPI/accounts/login` | High
|
||||
26 | File | `/SysManage/AddUpdateRole.aspx` | High
|
||||
27 | File | `/TemplateManager/indexExternalLocation.jsp` | High
|
||||
28 | File | `/textpattern/index.php` | High
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/usr/syno/etc/mount.conf` | High
|
||||
31 | File | `/WEB-INF/web.xml` | High
|
||||
32 | File | `/wp-admin/options-general.php` | High
|
||||
33 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
34 | File | `/wp-json` | Medium
|
||||
35 | File | `adclick.php` | Medium
|
||||
36 | File | `adDetail.asp` | Medium
|
||||
37 | File | `adm.cgi` | Low
|
||||
38 | File | `admin.a6mambocredits.php` | High
|
||||
39 | File | `admin.color.php` | High
|
||||
40 | File | `admin.cropcanvas.php` | High
|
||||
41 | File | `admin.joomlaradiov5.php` | High
|
||||
42 | File | `admin.php` | Medium
|
||||
43 | File | `admin/addons/archive/archive.php` | High
|
||||
44 | File | `admin/general.php` | High
|
||||
45 | File | `admin/theme-edit.php` | High
|
||||
46 | File | `adminBanned.php` | High
|
||||
47 | File | `adminBoards.php` | High
|
||||
48 | File | `admincp.php?app=prop&do=add` | High
|
||||
49 | File | `adminForums.php` | High
|
||||
50 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
51 | File | `akocomments.php` | High
|
||||
52 | File | `album_portal.php` | High
|
||||
53 | File | `allopass-error.php` | High
|
||||
54 | File | `allopass.php` | Medium
|
||||
2 | File | `/admin/list_addr_fwresource_ip.php` | High
|
||||
3 | File | `/card_scan.php` | High
|
||||
4 | File | `/cgi-bin/viewcert` | High
|
||||
5 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
6 | File | `/cwc/login` | Medium
|
||||
7 | File | `/download` | Medium
|
||||
8 | File | `/DXR.axd` | Medium
|
||||
9 | File | `/etc/quagga` | Medium
|
||||
10 | File | `/etc/shadow` | Medium
|
||||
11 | File | `/forms/doLogin` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/h/calendar` | Medium
|
||||
14 | File | `/importexport.php` | High
|
||||
15 | File | `/inc/extensions.php` | High
|
||||
16 | File | `/log/decodmail.php` | High
|
||||
17 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
18 | File | `/nova/bin/console` | High
|
||||
19 | File | `/nova/bin/detnet` | High
|
||||
20 | File | `/out.php` | Medium
|
||||
21 | File | `/req_password_user.php` | High
|
||||
22 | File | `/rom-0` | Low
|
||||
23 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
24 | File | `/see_more_details.php` | High
|
||||
25 | File | `/servlet/webacc` | High
|
||||
26 | File | `/ServletAPI/accounts/login` | High
|
||||
27 | File | `/SysManage/AddUpdateRole.aspx` | High
|
||||
28 | File | `/TemplateManager/indexExternalLocation.jsp` | High
|
||||
29 | File | `/textpattern/index.php` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/usr/syno/etc/mount.conf` | High
|
||||
32 | File | `/WEB-INF/web.xml` | High
|
||||
33 | File | `/wp-admin/options-general.php` | High
|
||||
34 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
35 | File | `/wp-json` | Medium
|
||||
36 | File | `adclick.php` | Medium
|
||||
37 | File | `adDetail.asp` | Medium
|
||||
38 | File | `adm.cgi` | Low
|
||||
39 | File | `admin.a6mambocredits.php` | High
|
||||
40 | File | `admin.color.php` | High
|
||||
41 | File | `admin.cropcanvas.php` | High
|
||||
42 | File | `admin.joomlaradiov5.php` | High
|
||||
43 | File | `admin.php` | Medium
|
||||
44 | File | `admin/addons/archive/archive.php` | High
|
||||
45 | File | `admin/general.php` | High
|
||||
46 | File | `admin/theme-edit.php` | High
|
||||
47 | File | `adminBanned.php` | High
|
||||
48 | File | `adminBoards.php` | High
|
||||
49 | File | `admincp.php?app=prop&do=add` | High
|
||||
50 | File | `adminForums.php` | High
|
||||
51 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
52 | File | `akocomments.php` | High
|
||||
53 | File | `album_portal.php` | High
|
||||
54 | File | `allopass-error.php` | High
|
||||
55 | ... | ... | ...
|
||||
|
||||
There are 477 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 481 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -22,12 +22,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.59.254.111](https://vuldb.com/?ip.2.59.254.111) | - | - | High
|
||||
2 | [45.90.222.125](https://vuldb.com/?ip.45.90.222.125) | 45-90-222-125-hostedby.bcr.host | - | High
|
||||
3 | [45.90.222.131](https://vuldb.com/?ip.45.90.222.131) | 45-90-222-131-hostedby.bcr.host | - | High
|
||||
4 | [62.197.136.69](https://vuldb.com/?ip.62.197.136.69) | - | - | High
|
||||
2 | [41.216.188.103](https://vuldb.com/?ip.41.216.188.103) | - | - | High
|
||||
3 | [45.90.222.125](https://vuldb.com/?ip.45.90.222.125) | 45-90-222-125-hostedby.bcr.host | - | High
|
||||
4 | [45.90.222.131](https://vuldb.com/?ip.45.90.222.131) | 45-90-222-131-hostedby.bcr.host | - | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
There are 17 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -40,7 +40,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,18 +48,29 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/Admin/login.php` | High
|
||||
2 | File | `/admin/maintenance/view_designation.php` | High
|
||||
3 | File | `/debug/pprof` | Medium
|
||||
4 | File | `/etc/sudoers` | Medium
|
||||
5 | File | `/forum/away.php` | High
|
||||
6 | File | `/showfile.php` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | File | `adclick.php` | Medium
|
||||
9 | File | `admin-ajax.php` | High
|
||||
10 | ... | ... | ...
|
||||
1 | File | `/admin/inquiries/view_details.php` | High
|
||||
2 | File | `/Admin/login.php` | High
|
||||
3 | File | `/admin/maintenance/view_designation.php` | High
|
||||
4 | File | `/coreframe/app/order/admin/index.php` | High
|
||||
5 | File | `/debug/pprof` | Medium
|
||||
6 | File | `/dev/snd/seq` | Medium
|
||||
7 | File | `/etc/sudoers` | Medium
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/products/details.asp` | High
|
||||
10 | File | `/showfile.php` | High
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `/Wedding-Management/package_detail.php` | High
|
||||
13 | File | `adclick.php` | Medium
|
||||
14 | File | `admin-ajax.php` | High
|
||||
15 | File | `admin/abc.php` | High
|
||||
16 | File | `admin/news.php` | High
|
||||
17 | File | `artlinks.dispnew.php` | High
|
||||
18 | File | `auth.inc.php` | Medium
|
||||
19 | File | `bookPerPub.php` | High
|
||||
20 | File | `cart_content.php` | High
|
||||
21 | ... | ... | ...
|
||||
|
||||
There are 77 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 170 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -74,6 +85,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://tria.ge/220613-smnybadca4
|
||||
* https://twitter.com/suyog41/status/1692068700155965877
|
||||
* https://www.joesandbox.com/analysis/839457/0/html#TCP_Packets
|
||||
* https://www.virustotal.com/gui/file/00163dbf765b7011710330c18bad0a195208846e4aa471f4377eeb9d71b9fd34/detection
|
||||
* https://www.virustotal.com/gui/file/be8a02ffd80f9367a1a23aac1a4f6b51ad25482783ac42147b18e5b2b36c98d0/detection
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -175,206 +175,210 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
145 | [5.252.177.107](https://vuldb.com/?ip.5.252.177.107) | no-rdns.mivocloud.com | - | High
|
||||
146 | [5.252.177.233](https://vuldb.com/?ip.5.252.177.233) | 5-252-177-233.mivocloud.com | - | High
|
||||
147 | [5.252.178.142](https://vuldb.com/?ip.5.252.178.142) | no-rdns.mivocloud.com | - | High
|
||||
148 | [5.255.98.126](https://vuldb.com/?ip.5.255.98.126) | - | - | High
|
||||
149 | [5.255.99.21](https://vuldb.com/?ip.5.255.99.21) | - | - | High
|
||||
150 | [5.255.99.51](https://vuldb.com/?ip.5.255.99.51) | - | - | High
|
||||
151 | [5.255.99.108](https://vuldb.com/?ip.5.255.99.108) | - | - | High
|
||||
152 | [5.255.100.8](https://vuldb.com/?ip.5.255.100.8) | - | - | High
|
||||
153 | [5.255.100.32](https://vuldb.com/?ip.5.255.100.32) | - | - | High
|
||||
154 | [5.255.100.55](https://vuldb.com/?ip.5.255.100.55) | - | - | High
|
||||
155 | [5.255.100.65](https://vuldb.com/?ip.5.255.100.65) | - | - | High
|
||||
156 | [5.255.100.207](https://vuldb.com/?ip.5.255.100.207) | chronostech.io | - | High
|
||||
157 | [5.255.100.250](https://vuldb.com/?ip.5.255.100.250) | - | - | High
|
||||
158 | [5.255.101.31](https://vuldb.com/?ip.5.255.101.31) | - | - | High
|
||||
159 | [5.255.101.68](https://vuldb.com/?ip.5.255.101.68) | - | - | High
|
||||
160 | [5.255.102.88](https://vuldb.com/?ip.5.255.102.88) | - | - | High
|
||||
161 | [5.255.102.167](https://vuldb.com/?ip.5.255.102.167) | - | - | High
|
||||
162 | [5.255.103.75](https://vuldb.com/?ip.5.255.103.75) | - | - | High
|
||||
163 | [5.255.103.108](https://vuldb.com/?ip.5.255.103.108) | - | - | High
|
||||
164 | [5.255.103.144](https://vuldb.com/?ip.5.255.103.144) | - | - | High
|
||||
165 | [5.255.103.245](https://vuldb.com/?ip.5.255.103.245) | - | - | High
|
||||
166 | [5.255.104.11](https://vuldb.com/?ip.5.255.104.11) | - | - | High
|
||||
167 | [5.255.104.22](https://vuldb.com/?ip.5.255.104.22) | - | - | High
|
||||
168 | [5.255.104.45](https://vuldb.com/?ip.5.255.104.45) | - | - | High
|
||||
169 | [5.255.104.52](https://vuldb.com/?ip.5.255.104.52) | - | - | High
|
||||
170 | [5.255.104.93](https://vuldb.com/?ip.5.255.104.93) | - | - | High
|
||||
171 | [5.255.104.97](https://vuldb.com/?ip.5.255.104.97) | - | - | High
|
||||
172 | [5.255.104.113](https://vuldb.com/?ip.5.255.104.113) | - | - | High
|
||||
173 | [5.255.104.120](https://vuldb.com/?ip.5.255.104.120) | - | - | High
|
||||
174 | [5.255.104.130](https://vuldb.com/?ip.5.255.104.130) | - | - | High
|
||||
175 | [5.255.104.143](https://vuldb.com/?ip.5.255.104.143) | - | - | High
|
||||
176 | [5.255.104.145](https://vuldb.com/?ip.5.255.104.145) | - | - | High
|
||||
177 | [5.255.104.153](https://vuldb.com/?ip.5.255.104.153) | - | - | High
|
||||
178 | [5.255.104.184](https://vuldb.com/?ip.5.255.104.184) | - | - | High
|
||||
179 | [5.255.104.220](https://vuldb.com/?ip.5.255.104.220) | - | - | High
|
||||
180 | [5.255.104.233](https://vuldb.com/?ip.5.255.104.233) | - | - | High
|
||||
181 | [5.255.105.55](https://vuldb.com/?ip.5.255.105.55) | - | - | High
|
||||
182 | [5.255.105.239](https://vuldb.com/?ip.5.255.105.239) | - | - | High
|
||||
183 | [5.255.106.72](https://vuldb.com/?ip.5.255.106.72) | - | - | High
|
||||
184 | [5.255.106.78](https://vuldb.com/?ip.5.255.106.78) | smtp.gespollas.com | - | High
|
||||
185 | [5.255.106.136](https://vuldb.com/?ip.5.255.106.136) | - | - | High
|
||||
186 | [5.255.106.240](https://vuldb.com/?ip.5.255.106.240) | - | - | High
|
||||
187 | [5.255.107.149](https://vuldb.com/?ip.5.255.107.149) | - | - | High
|
||||
188 | [5.255.109.46](https://vuldb.com/?ip.5.255.109.46) | - | - | High
|
||||
189 | [5.255.109.175](https://vuldb.com/?ip.5.255.109.175) | - | - | High
|
||||
190 | [5.255.110.177](https://vuldb.com/?ip.5.255.110.177) | - | - | High
|
||||
191 | [5.255.111.220](https://vuldb.com/?ip.5.255.111.220) | - | - | High
|
||||
192 | [5.255.113.157](https://vuldb.com/?ip.5.255.113.157) | - | - | High
|
||||
193 | [5.255.115.226](https://vuldb.com/?ip.5.255.115.226) | - | - | High
|
||||
194 | [5.255.119.21](https://vuldb.com/?ip.5.255.119.21) | - | - | High
|
||||
195 | [5.255.120.33](https://vuldb.com/?ip.5.255.120.33) | - | - | High
|
||||
196 | [5.255.122.79](https://vuldb.com/?ip.5.255.122.79) | - | - | High
|
||||
197 | [5.255.124.55](https://vuldb.com/?ip.5.255.124.55) | - | - | High
|
||||
198 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
199 | [8.39.147.62](https://vuldb.com/?ip.8.39.147.62) | vyc1.achlycole.org.uk | - | High
|
||||
200 | [13.52.121.66](https://vuldb.com/?ip.13.52.121.66) | ec2-13-52-121-66.us-west-1.compute.amazonaws.com | - | Medium
|
||||
201 | [13.57.55.155](https://vuldb.com/?ip.13.57.55.155) | ec2-13-57-55-155.us-west-1.compute.amazonaws.com | - | Medium
|
||||
202 | [13.237.1.27](https://vuldb.com/?ip.13.237.1.27) | ec2-13-237-1-27.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
203 | [13.237.195.116](https://vuldb.com/?ip.13.237.195.116) | ec2-13-237-195-116.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
204 | [23.82.128.186](https://vuldb.com/?ip.23.82.128.186) | - | - | High
|
||||
205 | [23.82.128.215](https://vuldb.com/?ip.23.82.128.215) | - | - | High
|
||||
206 | [23.88.35.240](https://vuldb.com/?ip.23.88.35.240) | static.240.35.88.23.clients.your-server.de | - | High
|
||||
207 | [23.106.124.26](https://vuldb.com/?ip.23.106.124.26) | - | - | High
|
||||
208 | [23.106.124.168](https://vuldb.com/?ip.23.106.124.168) | - | - | High
|
||||
209 | [23.106.124.181](https://vuldb.com/?ip.23.106.124.181) | - | - | High
|
||||
210 | [23.106.215.93](https://vuldb.com/?ip.23.106.215.93) | - | - | High
|
||||
211 | [23.160.193.140](https://vuldb.com/?ip.23.160.193.140) | unknown.ip-xfer.net | - | High
|
||||
212 | [23.227.202.165](https://vuldb.com/?ip.23.227.202.165) | 23-227-202-165.static.hvvc.us | - | High
|
||||
213 | [23.227.203.131](https://vuldb.com/?ip.23.227.203.131) | 23-227-203-131.static.hvvc.us | - | High
|
||||
214 | [23.227.206.161](https://vuldb.com/?ip.23.227.206.161) | 23-227-206-161.static.hvvc.us | - | High
|
||||
215 | [23.227.206.195](https://vuldb.com/?ip.23.227.206.195) | 23-227-206-195.static.hvvc.us | - | High
|
||||
216 | [23.254.202.234](https://vuldb.com/?ip.23.254.202.234) | hwsrv-1055605.hostwindsdns.com | - | High
|
||||
217 | [23.254.211.137](https://vuldb.com/?ip.23.254.211.137) | hwsrv-1045976.hostwindsdns.com | - | High
|
||||
218 | [23.254.224.115](https://vuldb.com/?ip.23.254.224.115) | hwsrv-1031288.hostwindsdns.com | - | High
|
||||
219 | [23.254.224.148](https://vuldb.com/?ip.23.254.224.148) | client-23-254-224-148.hostwindsdns.com | - | High
|
||||
220 | [23.254.226.152](https://vuldb.com/?ip.23.254.226.152) | hwsrv-1069457.hostwindsdns.com | - | High
|
||||
221 | [23.254.229.208](https://vuldb.com/?ip.23.254.229.208) | hwsrv-1015537.hostwindsdns.com | - | High
|
||||
222 | [23.254.253.106](https://vuldb.com/?ip.23.254.253.106) | WIN-KP9WSUDC4N.com | - | High
|
||||
223 | [31.13.195.119](https://vuldb.com/?ip.31.13.195.119) | sm.cfconsult.net | - | High
|
||||
224 | [31.13.195.127](https://vuldb.com/?ip.31.13.195.127) | - | - | High
|
||||
225 | [31.24.224.12](https://vuldb.com/?ip.31.24.224.12) | 1f18e00c.setaptr.net | - | High
|
||||
226 | [31.24.228.170](https://vuldb.com/?ip.31.24.228.170) | 31.24.228.170.static.midphase.com | - | High
|
||||
227 | [31.184.199.11](https://vuldb.com/?ip.31.184.199.11) | dalesmanager.com | - | High
|
||||
228 | [37.1.192.40](https://vuldb.com/?ip.37.1.192.40) | - | - | High
|
||||
229 | [37.1.193.136](https://vuldb.com/?ip.37.1.193.136) | webcomdition.com | - | High
|
||||
230 | [37.1.195.84](https://vuldb.com/?ip.37.1.195.84) | - | - | High
|
||||
231 | [37.1.195.238](https://vuldb.com/?ip.37.1.195.238) | autoreflash.com | - | High
|
||||
232 | [37.1.205.217](https://vuldb.com/?ip.37.1.205.217) | - | - | High
|
||||
233 | [37.1.208.48](https://vuldb.com/?ip.37.1.208.48) | reveltip.com | - | High
|
||||
234 | [37.1.213.234](https://vuldb.com/?ip.37.1.213.234) | - | - | High
|
||||
235 | [37.1.221.209](https://vuldb.com/?ip.37.1.221.209) | - | - | High
|
||||
236 | [37.46.129.17](https://vuldb.com/?ip.37.46.129.17) | info50.fvds.ru | - | High
|
||||
237 | [37.61.229.95](https://vuldb.com/?ip.37.61.229.95) | zeno.igorclark.net | - | High
|
||||
238 | [37.120.222.100](https://vuldb.com/?ip.37.120.222.100) | - | - | High
|
||||
239 | [37.221.115.12](https://vuldb.com/?ip.37.221.115.12) | - | - | High
|
||||
240 | [37.235.55.75](https://vuldb.com/?ip.37.235.55.75) | 75.55.235.37.in-addr.arpa | - | High
|
||||
241 | [37.235.55.103](https://vuldb.com/?ip.37.235.55.103) | 103.55.235.37.in-addr.arpa | - | High
|
||||
242 | [37.235.56.30](https://vuldb.com/?ip.37.235.56.30) | 30.56.235.37.in-addr.arpa | - | High
|
||||
243 | [37.235.56.37](https://vuldb.com/?ip.37.235.56.37) | 37.56.235.37.in-addr.arpa | - | High
|
||||
244 | [37.235.56.94](https://vuldb.com/?ip.37.235.56.94) | 94.56.235.37.in-addr.arpa | - | High
|
||||
245 | [37.235.56.185](https://vuldb.com/?ip.37.235.56.185) | 185.56.235.37.in-addr.arpa | - | High
|
||||
246 | [37.252.5.228](https://vuldb.com/?ip.37.252.5.228) | - | - | High
|
||||
247 | [37.252.6.77](https://vuldb.com/?ip.37.252.6.77) | - | - | High
|
||||
248 | [37.252.10.231](https://vuldb.com/?ip.37.252.10.231) | - | - | High
|
||||
249 | [37.252.11.170](https://vuldb.com/?ip.37.252.11.170) | - | - | High
|
||||
250 | [37.252.11.221](https://vuldb.com/?ip.37.252.11.221) | - | - | High
|
||||
251 | [38.180.0.89](https://vuldb.com/?ip.38.180.0.89) | - | - | High
|
||||
252 | [38.180.8.107](https://vuldb.com/?ip.38.180.8.107) | - | - | High
|
||||
253 | [38.180.8.169](https://vuldb.com/?ip.38.180.8.169) | - | - | High
|
||||
254 | [38.180.34.14](https://vuldb.com/?ip.38.180.34.14) | - | - | High
|
||||
255 | [39.104.16.102](https://vuldb.com/?ip.39.104.16.102) | - | - | High
|
||||
256 | [39.104.17.212](https://vuldb.com/?ip.39.104.17.212) | - | - | High
|
||||
257 | [39.104.23.152](https://vuldb.com/?ip.39.104.23.152) | - | - | High
|
||||
258 | [39.104.27.24](https://vuldb.com/?ip.39.104.27.24) | - | - | High
|
||||
259 | [39.104.72.59](https://vuldb.com/?ip.39.104.72.59) | - | - | High
|
||||
260 | [39.104.94.83](https://vuldb.com/?ip.39.104.94.83) | - | - | High
|
||||
261 | [39.104.164.115](https://vuldb.com/?ip.39.104.164.115) | - | - | High
|
||||
262 | [45.8.158.140](https://vuldb.com/?ip.45.8.158.140) | mail.aeoncard-co-jp.com | - | High
|
||||
263 | [45.11.19.121](https://vuldb.com/?ip.45.11.19.121) | - | - | High
|
||||
264 | [45.11.19.168](https://vuldb.com/?ip.45.11.19.168) | - | - | High
|
||||
265 | [45.11.182.61](https://vuldb.com/?ip.45.11.182.61) | - | - | High
|
||||
266 | [45.11.182.114](https://vuldb.com/?ip.45.11.182.114) | - | - | High
|
||||
267 | [45.11.182.115](https://vuldb.com/?ip.45.11.182.115) | - | - | High
|
||||
268 | [45.11.182.117](https://vuldb.com/?ip.45.11.182.117) | - | - | High
|
||||
269 | [45.11.182.118](https://vuldb.com/?ip.45.11.182.118) | - | - | High
|
||||
270 | [45.11.182.119](https://vuldb.com/?ip.45.11.182.119) | - | - | High
|
||||
271 | [45.11.182.120](https://vuldb.com/?ip.45.11.182.120) | - | - | High
|
||||
272 | [45.11.182.121](https://vuldb.com/?ip.45.11.182.121) | - | - | High
|
||||
273 | [45.12.109.136](https://vuldb.com/?ip.45.12.109.136) | kemp.strongwallsys.com | - | High
|
||||
274 | [45.12.109.195](https://vuldb.com/?ip.45.12.109.195) | ryan.earthbroadcasting.com | - | High
|
||||
275 | [45.12.109.221](https://vuldb.com/?ip.45.12.109.221) | weaver.earthbroadcasting.com | - | High
|
||||
276 | [45.12.139.90](https://vuldb.com/?ip.45.12.139.90) | - | - | High
|
||||
277 | [45.15.161.254](https://vuldb.com/?ip.45.15.161.254) | - | - | High
|
||||
278 | [45.41.204.5](https://vuldb.com/?ip.45.41.204.5) | fastshipus.xyz | - | High
|
||||
279 | [45.55.42.13](https://vuldb.com/?ip.45.55.42.13) | - | - | High
|
||||
280 | [45.55.53.206](https://vuldb.com/?ip.45.55.53.206) | - | - | High
|
||||
281 | [45.55.56.244](https://vuldb.com/?ip.45.55.56.244) | - | - | High
|
||||
282 | [45.61.136.6](https://vuldb.com/?ip.45.61.136.6) | - | - | High
|
||||
283 | [45.61.136.22](https://vuldb.com/?ip.45.61.136.22) | - | - | High
|
||||
284 | [45.61.136.193](https://vuldb.com/?ip.45.61.136.193) | - | - | High
|
||||
285 | [45.61.137.95](https://vuldb.com/?ip.45.61.137.95) | - | - | High
|
||||
286 | [45.61.137.119](https://vuldb.com/?ip.45.61.137.119) | - | - | High
|
||||
287 | [45.61.137.159](https://vuldb.com/?ip.45.61.137.159) | - | - | High
|
||||
288 | [45.61.137.220](https://vuldb.com/?ip.45.61.137.220) | svenska.re | - | High
|
||||
289 | [45.61.137.225](https://vuldb.com/?ip.45.61.137.225) | - | - | High
|
||||
290 | [45.61.138.12](https://vuldb.com/?ip.45.61.138.12) | - | - | High
|
||||
291 | [45.61.138.171](https://vuldb.com/?ip.45.61.138.171) | - | - | High
|
||||
292 | [45.61.138.175](https://vuldb.com/?ip.45.61.138.175) | - | - | High
|
||||
293 | [45.61.138.181](https://vuldb.com/?ip.45.61.138.181) | - | - | High
|
||||
294 | [45.61.138.227](https://vuldb.com/?ip.45.61.138.227) | - | - | High
|
||||
295 | [45.61.139.138](https://vuldb.com/?ip.45.61.139.138) | - | - | High
|
||||
296 | [45.61.139.144](https://vuldb.com/?ip.45.61.139.144) | - | - | High
|
||||
297 | [45.61.139.179](https://vuldb.com/?ip.45.61.139.179) | - | - | High
|
||||
298 | [45.61.139.196](https://vuldb.com/?ip.45.61.139.196) | - | - | High
|
||||
299 | [45.61.139.232](https://vuldb.com/?ip.45.61.139.232) | - | - | High
|
||||
300 | [45.61.139.235](https://vuldb.com/?ip.45.61.139.235) | - | - | High
|
||||
301 | [45.61.139.243](https://vuldb.com/?ip.45.61.139.243) | - | - | High
|
||||
302 | [45.66.248.7](https://vuldb.com/?ip.45.66.248.7) | mta0.burjeela.gq | - | High
|
||||
303 | [45.66.248.37](https://vuldb.com/?ip.45.66.248.37) | mta0.quarrantinereport-center.gq | - | High
|
||||
304 | [45.66.248.64](https://vuldb.com/?ip.45.66.248.64) | 0n3reye0i0.alyanova.com | - | High
|
||||
305 | [45.66.248.69](https://vuldb.com/?ip.45.66.248.69) | outbound5.imaille.com | - | High
|
||||
306 | [45.66.248.71](https://vuldb.com/?ip.45.66.248.71) | - | - | High
|
||||
307 | [45.66.248.79](https://vuldb.com/?ip.45.66.248.79) | mta0.coldspikes.autos | - | High
|
||||
308 | [45.66.248.119](https://vuldb.com/?ip.45.66.248.119) | finixdeal.com | Nokoyawa | High
|
||||
309 | [45.66.248.148](https://vuldb.com/?ip.45.66.248.148) | QuanTs.defaultproduct.com | - | High
|
||||
310 | [45.66.248.244](https://vuldb.com/?ip.45.66.248.244) | mta0.axminster-carpets.cf | - | High
|
||||
311 | [45.66.249.26](https://vuldb.com/?ip.45.66.249.26) | 8axj5rsx1e.marketingforbreweries.com | - | High
|
||||
312 | [45.66.249.221](https://vuldb.com/?ip.45.66.249.221) | mta0.lizengeneering.com | - | High
|
||||
313 | [45.67.231.235](https://vuldb.com/?ip.45.67.231.235) | am-tun2.warwish.pro | - | High
|
||||
314 | [45.82.247.87](https://vuldb.com/?ip.45.82.247.87) | - | - | High
|
||||
315 | [45.82.247.121](https://vuldb.com/?ip.45.82.247.121) | - | - | High
|
||||
316 | [45.82.247.148](https://vuldb.com/?ip.45.82.247.148) | prostatehealth.click | - | High
|
||||
317 | [45.82.251.34](https://vuldb.com/?ip.45.82.251.34) | - | - | High
|
||||
318 | [45.82.251.36](https://vuldb.com/?ip.45.82.251.36) | - | - | High
|
||||
319 | [45.82.251.44](https://vuldb.com/?ip.45.82.251.44) | - | - | High
|
||||
320 | [45.86.229.46](https://vuldb.com/?ip.45.86.229.46) | - | - | High
|
||||
321 | [45.86.229.94](https://vuldb.com/?ip.45.86.229.94) | - | - | High
|
||||
322 | [45.86.229.105](https://vuldb.com/?ip.45.86.229.105) | 1lf7cf33e.northernstarmarketing.com | - | High
|
||||
323 | [45.86.229.180](https://vuldb.com/?ip.45.86.229.180) | - | - | High
|
||||
324 | [45.86.229.253](https://vuldb.com/?ip.45.86.229.253) | 32l.edUcated-352.insuranceforourfamily.com | - | High
|
||||
325 | [45.86.230.43](https://vuldb.com/?ip.45.86.230.43) | google.com | - | High
|
||||
326 | [45.86.230.141](https://vuldb.com/?ip.45.86.230.141) | mta0.ungho.cf | - | High
|
||||
327 | [45.86.230.149](https://vuldb.com/?ip.45.86.230.149) | - | - | High
|
||||
328 | [45.86.230.181](https://vuldb.com/?ip.45.86.230.181) | - | - | High
|
||||
329 | [45.86.231.210](https://vuldb.com/?ip.45.86.231.210) | - | - | High
|
||||
330 | [45.87.154.181](https://vuldb.com/?ip.45.87.154.181) | vm.solutions | - | High
|
||||
331 | [45.88.221.211](https://vuldb.com/?ip.45.88.221.211) | - | - | High
|
||||
332 | [45.89.98.138](https://vuldb.com/?ip.45.89.98.138) | ruiz.thegamersnet.com | - | High
|
||||
333 | [45.89.107.120](https://vuldb.com/?ip.45.89.107.120) | d120.lifedigitz.com | - | High
|
||||
334 | [45.92.162.84](https://vuldb.com/?ip.45.92.162.84) | butler.egnerarch.com | - | High
|
||||
335 | [45.92.163.123](https://vuldb.com/?ip.45.92.163.123) | vars-long-kks.currishfine.com | - | High
|
||||
336 | [45.92.163.233](https://vuldb.com/?ip.45.92.163.233) | landing-messy.samewaged.com | - | High
|
||||
337 | [45.92.163.238](https://vuldb.com/?ip.45.92.163.238) | sup-size.samewaged.com | - | High
|
||||
338 | [45.95.11.125](https://vuldb.com/?ip.45.95.11.125) | vm324206.pq.hosting | - | High
|
||||
339 | [45.129.99.241](https://vuldb.com/?ip.45.129.99.241) | 354851-vds-mamozw.gmhost.pp.ua | - | High
|
||||
340 | [45.129.199.13](https://vuldb.com/?ip.45.129.199.13) | - | - | High
|
||||
341 | [45.129.199.26](https://vuldb.com/?ip.45.129.199.26) | - | - | High
|
||||
342 | [45.129.199.67](https://vuldb.com/?ip.45.129.199.67) | - | - | High
|
||||
343 | [45.129.199.92](https://vuldb.com/?ip.45.129.199.92) | - | - | High
|
||||
344 | [45.138.172.179](https://vuldb.com/?ip.45.138.172.179) | - | - | High
|
||||
345 | ... | ... | ... | ...
|
||||
148 | [5.255.98.45](https://vuldb.com/?ip.5.255.98.45) | - | - | High
|
||||
149 | [5.255.98.126](https://vuldb.com/?ip.5.255.98.126) | - | - | High
|
||||
150 | [5.255.99.21](https://vuldb.com/?ip.5.255.99.21) | - | - | High
|
||||
151 | [5.255.99.51](https://vuldb.com/?ip.5.255.99.51) | - | - | High
|
||||
152 | [5.255.99.108](https://vuldb.com/?ip.5.255.99.108) | - | - | High
|
||||
153 | [5.255.100.8](https://vuldb.com/?ip.5.255.100.8) | - | - | High
|
||||
154 | [5.255.100.32](https://vuldb.com/?ip.5.255.100.32) | - | - | High
|
||||
155 | [5.255.100.55](https://vuldb.com/?ip.5.255.100.55) | - | - | High
|
||||
156 | [5.255.100.65](https://vuldb.com/?ip.5.255.100.65) | - | - | High
|
||||
157 | [5.255.100.207](https://vuldb.com/?ip.5.255.100.207) | chronostech.io | - | High
|
||||
158 | [5.255.100.250](https://vuldb.com/?ip.5.255.100.250) | - | - | High
|
||||
159 | [5.255.101.31](https://vuldb.com/?ip.5.255.101.31) | - | - | High
|
||||
160 | [5.255.101.68](https://vuldb.com/?ip.5.255.101.68) | - | - | High
|
||||
161 | [5.255.102.88](https://vuldb.com/?ip.5.255.102.88) | - | - | High
|
||||
162 | [5.255.102.167](https://vuldb.com/?ip.5.255.102.167) | - | - | High
|
||||
163 | [5.255.103.75](https://vuldb.com/?ip.5.255.103.75) | - | - | High
|
||||
164 | [5.255.103.108](https://vuldb.com/?ip.5.255.103.108) | - | - | High
|
||||
165 | [5.255.103.144](https://vuldb.com/?ip.5.255.103.144) | - | - | High
|
||||
166 | [5.255.103.245](https://vuldb.com/?ip.5.255.103.245) | - | - | High
|
||||
167 | [5.255.104.11](https://vuldb.com/?ip.5.255.104.11) | - | - | High
|
||||
168 | [5.255.104.22](https://vuldb.com/?ip.5.255.104.22) | - | - | High
|
||||
169 | [5.255.104.45](https://vuldb.com/?ip.5.255.104.45) | - | - | High
|
||||
170 | [5.255.104.52](https://vuldb.com/?ip.5.255.104.52) | - | - | High
|
||||
171 | [5.255.104.93](https://vuldb.com/?ip.5.255.104.93) | - | - | High
|
||||
172 | [5.255.104.97](https://vuldb.com/?ip.5.255.104.97) | - | - | High
|
||||
173 | [5.255.104.113](https://vuldb.com/?ip.5.255.104.113) | - | - | High
|
||||
174 | [5.255.104.120](https://vuldb.com/?ip.5.255.104.120) | - | - | High
|
||||
175 | [5.255.104.130](https://vuldb.com/?ip.5.255.104.130) | - | - | High
|
||||
176 | [5.255.104.143](https://vuldb.com/?ip.5.255.104.143) | - | - | High
|
||||
177 | [5.255.104.145](https://vuldb.com/?ip.5.255.104.145) | - | - | High
|
||||
178 | [5.255.104.153](https://vuldb.com/?ip.5.255.104.153) | - | - | High
|
||||
179 | [5.255.104.184](https://vuldb.com/?ip.5.255.104.184) | - | - | High
|
||||
180 | [5.255.104.220](https://vuldb.com/?ip.5.255.104.220) | - | - | High
|
||||
181 | [5.255.104.233](https://vuldb.com/?ip.5.255.104.233) | - | - | High
|
||||
182 | [5.255.105.55](https://vuldb.com/?ip.5.255.105.55) | - | - | High
|
||||
183 | [5.255.105.239](https://vuldb.com/?ip.5.255.105.239) | - | - | High
|
||||
184 | [5.255.106.72](https://vuldb.com/?ip.5.255.106.72) | - | - | High
|
||||
185 | [5.255.106.78](https://vuldb.com/?ip.5.255.106.78) | smtp.gespollas.com | - | High
|
||||
186 | [5.255.106.136](https://vuldb.com/?ip.5.255.106.136) | - | - | High
|
||||
187 | [5.255.106.240](https://vuldb.com/?ip.5.255.106.240) | - | - | High
|
||||
188 | [5.255.107.149](https://vuldb.com/?ip.5.255.107.149) | - | - | High
|
||||
189 | [5.255.109.46](https://vuldb.com/?ip.5.255.109.46) | - | - | High
|
||||
190 | [5.255.109.175](https://vuldb.com/?ip.5.255.109.175) | - | - | High
|
||||
191 | [5.255.110.177](https://vuldb.com/?ip.5.255.110.177) | - | - | High
|
||||
192 | [5.255.111.220](https://vuldb.com/?ip.5.255.111.220) | - | - | High
|
||||
193 | [5.255.113.157](https://vuldb.com/?ip.5.255.113.157) | - | - | High
|
||||
194 | [5.255.115.226](https://vuldb.com/?ip.5.255.115.226) | - | - | High
|
||||
195 | [5.255.119.21](https://vuldb.com/?ip.5.255.119.21) | - | - | High
|
||||
196 | [5.255.120.33](https://vuldb.com/?ip.5.255.120.33) | - | - | High
|
||||
197 | [5.255.122.79](https://vuldb.com/?ip.5.255.122.79) | - | - | High
|
||||
198 | [5.255.124.55](https://vuldb.com/?ip.5.255.124.55) | - | - | High
|
||||
199 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
200 | [8.39.147.62](https://vuldb.com/?ip.8.39.147.62) | vyc1.achlycole.org.uk | - | High
|
||||
201 | [13.52.121.66](https://vuldb.com/?ip.13.52.121.66) | ec2-13-52-121-66.us-west-1.compute.amazonaws.com | - | Medium
|
||||
202 | [13.57.55.155](https://vuldb.com/?ip.13.57.55.155) | ec2-13-57-55-155.us-west-1.compute.amazonaws.com | - | Medium
|
||||
203 | [13.237.1.27](https://vuldb.com/?ip.13.237.1.27) | ec2-13-237-1-27.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
204 | [13.237.195.116](https://vuldb.com/?ip.13.237.195.116) | ec2-13-237-195-116.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
205 | [23.82.128.186](https://vuldb.com/?ip.23.82.128.186) | - | - | High
|
||||
206 | [23.82.128.215](https://vuldb.com/?ip.23.82.128.215) | - | - | High
|
||||
207 | [23.88.35.240](https://vuldb.com/?ip.23.88.35.240) | static.240.35.88.23.clients.your-server.de | - | High
|
||||
208 | [23.106.124.26](https://vuldb.com/?ip.23.106.124.26) | - | - | High
|
||||
209 | [23.106.124.168](https://vuldb.com/?ip.23.106.124.168) | - | - | High
|
||||
210 | [23.106.124.181](https://vuldb.com/?ip.23.106.124.181) | - | - | High
|
||||
211 | [23.106.215.93](https://vuldb.com/?ip.23.106.215.93) | - | - | High
|
||||
212 | [23.160.193.140](https://vuldb.com/?ip.23.160.193.140) | unknown.ip-xfer.net | - | High
|
||||
213 | [23.164.240.130](https://vuldb.com/?ip.23.164.240.130) | - | - | High
|
||||
214 | [23.227.202.165](https://vuldb.com/?ip.23.227.202.165) | 23-227-202-165.static.hvvc.us | - | High
|
||||
215 | [23.227.203.131](https://vuldb.com/?ip.23.227.203.131) | 23-227-203-131.static.hvvc.us | - | High
|
||||
216 | [23.227.206.161](https://vuldb.com/?ip.23.227.206.161) | 23-227-206-161.static.hvvc.us | - | High
|
||||
217 | [23.227.206.195](https://vuldb.com/?ip.23.227.206.195) | 23-227-206-195.static.hvvc.us | - | High
|
||||
218 | [23.254.202.234](https://vuldb.com/?ip.23.254.202.234) | hwsrv-1055605.hostwindsdns.com | - | High
|
||||
219 | [23.254.211.137](https://vuldb.com/?ip.23.254.211.137) | hwsrv-1045976.hostwindsdns.com | - | High
|
||||
220 | [23.254.224.115](https://vuldb.com/?ip.23.254.224.115) | hwsrv-1031288.hostwindsdns.com | - | High
|
||||
221 | [23.254.224.148](https://vuldb.com/?ip.23.254.224.148) | client-23-254-224-148.hostwindsdns.com | - | High
|
||||
222 | [23.254.226.152](https://vuldb.com/?ip.23.254.226.152) | hwsrv-1069457.hostwindsdns.com | - | High
|
||||
223 | [23.254.229.208](https://vuldb.com/?ip.23.254.229.208) | hwsrv-1015537.hostwindsdns.com | - | High
|
||||
224 | [23.254.253.106](https://vuldb.com/?ip.23.254.253.106) | WIN-KP9WSUDC4N.com | - | High
|
||||
225 | [31.13.195.119](https://vuldb.com/?ip.31.13.195.119) | sm.cfconsult.net | - | High
|
||||
226 | [31.13.195.127](https://vuldb.com/?ip.31.13.195.127) | - | - | High
|
||||
227 | [31.24.224.12](https://vuldb.com/?ip.31.24.224.12) | 1f18e00c.setaptr.net | - | High
|
||||
228 | [31.24.228.170](https://vuldb.com/?ip.31.24.228.170) | 31.24.228.170.static.midphase.com | - | High
|
||||
229 | [31.184.199.11](https://vuldb.com/?ip.31.184.199.11) | dalesmanager.com | - | High
|
||||
230 | [37.1.192.40](https://vuldb.com/?ip.37.1.192.40) | - | - | High
|
||||
231 | [37.1.193.136](https://vuldb.com/?ip.37.1.193.136) | webcomdition.com | - | High
|
||||
232 | [37.1.195.84](https://vuldb.com/?ip.37.1.195.84) | - | - | High
|
||||
233 | [37.1.195.238](https://vuldb.com/?ip.37.1.195.238) | autoreflash.com | - | High
|
||||
234 | [37.1.205.217](https://vuldb.com/?ip.37.1.205.217) | - | - | High
|
||||
235 | [37.1.208.48](https://vuldb.com/?ip.37.1.208.48) | reveltip.com | - | High
|
||||
236 | [37.1.213.234](https://vuldb.com/?ip.37.1.213.234) | - | - | High
|
||||
237 | [37.1.221.209](https://vuldb.com/?ip.37.1.221.209) | - | - | High
|
||||
238 | [37.46.129.17](https://vuldb.com/?ip.37.46.129.17) | info50.fvds.ru | - | High
|
||||
239 | [37.61.229.95](https://vuldb.com/?ip.37.61.229.95) | zeno.igorclark.net | - | High
|
||||
240 | [37.120.222.100](https://vuldb.com/?ip.37.120.222.100) | - | - | High
|
||||
241 | [37.221.115.12](https://vuldb.com/?ip.37.221.115.12) | - | - | High
|
||||
242 | [37.235.55.75](https://vuldb.com/?ip.37.235.55.75) | 75.55.235.37.in-addr.arpa | - | High
|
||||
243 | [37.235.55.103](https://vuldb.com/?ip.37.235.55.103) | 103.55.235.37.in-addr.arpa | - | High
|
||||
244 | [37.235.56.30](https://vuldb.com/?ip.37.235.56.30) | 30.56.235.37.in-addr.arpa | - | High
|
||||
245 | [37.235.56.37](https://vuldb.com/?ip.37.235.56.37) | 37.56.235.37.in-addr.arpa | - | High
|
||||
246 | [37.235.56.94](https://vuldb.com/?ip.37.235.56.94) | 94.56.235.37.in-addr.arpa | - | High
|
||||
247 | [37.235.56.185](https://vuldb.com/?ip.37.235.56.185) | 185.56.235.37.in-addr.arpa | - | High
|
||||
248 | [37.252.5.228](https://vuldb.com/?ip.37.252.5.228) | - | - | High
|
||||
249 | [37.252.6.77](https://vuldb.com/?ip.37.252.6.77) | - | - | High
|
||||
250 | [37.252.10.231](https://vuldb.com/?ip.37.252.10.231) | - | - | High
|
||||
251 | [37.252.11.170](https://vuldb.com/?ip.37.252.11.170) | - | - | High
|
||||
252 | [37.252.11.221](https://vuldb.com/?ip.37.252.11.221) | - | - | High
|
||||
253 | [38.180.0.89](https://vuldb.com/?ip.38.180.0.89) | - | - | High
|
||||
254 | [38.180.8.107](https://vuldb.com/?ip.38.180.8.107) | - | - | High
|
||||
255 | [38.180.8.169](https://vuldb.com/?ip.38.180.8.169) | - | - | High
|
||||
256 | [38.180.34.14](https://vuldb.com/?ip.38.180.34.14) | - | - | High
|
||||
257 | [39.104.16.102](https://vuldb.com/?ip.39.104.16.102) | - | - | High
|
||||
258 | [39.104.17.212](https://vuldb.com/?ip.39.104.17.212) | - | - | High
|
||||
259 | [39.104.23.152](https://vuldb.com/?ip.39.104.23.152) | - | - | High
|
||||
260 | [39.104.27.24](https://vuldb.com/?ip.39.104.27.24) | - | - | High
|
||||
261 | [39.104.72.59](https://vuldb.com/?ip.39.104.72.59) | - | - | High
|
||||
262 | [39.104.94.83](https://vuldb.com/?ip.39.104.94.83) | - | - | High
|
||||
263 | [39.104.164.115](https://vuldb.com/?ip.39.104.164.115) | - | - | High
|
||||
264 | [45.8.158.140](https://vuldb.com/?ip.45.8.158.140) | mail.aeoncard-co-jp.com | - | High
|
||||
265 | [45.11.19.121](https://vuldb.com/?ip.45.11.19.121) | - | - | High
|
||||
266 | [45.11.19.168](https://vuldb.com/?ip.45.11.19.168) | - | - | High
|
||||
267 | [45.11.182.61](https://vuldb.com/?ip.45.11.182.61) | - | - | High
|
||||
268 | [45.11.182.114](https://vuldb.com/?ip.45.11.182.114) | - | - | High
|
||||
269 | [45.11.182.115](https://vuldb.com/?ip.45.11.182.115) | - | - | High
|
||||
270 | [45.11.182.117](https://vuldb.com/?ip.45.11.182.117) | - | - | High
|
||||
271 | [45.11.182.118](https://vuldb.com/?ip.45.11.182.118) | - | - | High
|
||||
272 | [45.11.182.119](https://vuldb.com/?ip.45.11.182.119) | - | - | High
|
||||
273 | [45.11.182.120](https://vuldb.com/?ip.45.11.182.120) | - | - | High
|
||||
274 | [45.11.182.121](https://vuldb.com/?ip.45.11.182.121) | - | - | High
|
||||
275 | [45.12.109.136](https://vuldb.com/?ip.45.12.109.136) | kemp.strongwallsys.com | - | High
|
||||
276 | [45.12.109.195](https://vuldb.com/?ip.45.12.109.195) | ryan.earthbroadcasting.com | - | High
|
||||
277 | [45.12.109.221](https://vuldb.com/?ip.45.12.109.221) | weaver.earthbroadcasting.com | - | High
|
||||
278 | [45.12.139.90](https://vuldb.com/?ip.45.12.139.90) | - | - | High
|
||||
279 | [45.15.161.254](https://vuldb.com/?ip.45.15.161.254) | - | - | High
|
||||
280 | [45.41.204.5](https://vuldb.com/?ip.45.41.204.5) | fastshipus.xyz | - | High
|
||||
281 | [45.55.42.13](https://vuldb.com/?ip.45.55.42.13) | - | - | High
|
||||
282 | [45.55.53.206](https://vuldb.com/?ip.45.55.53.206) | - | - | High
|
||||
283 | [45.55.56.244](https://vuldb.com/?ip.45.55.56.244) | - | - | High
|
||||
284 | [45.61.136.6](https://vuldb.com/?ip.45.61.136.6) | - | - | High
|
||||
285 | [45.61.136.22](https://vuldb.com/?ip.45.61.136.22) | - | - | High
|
||||
286 | [45.61.136.193](https://vuldb.com/?ip.45.61.136.193) | - | - | High
|
||||
287 | [45.61.137.95](https://vuldb.com/?ip.45.61.137.95) | - | - | High
|
||||
288 | [45.61.137.119](https://vuldb.com/?ip.45.61.137.119) | - | - | High
|
||||
289 | [45.61.137.158](https://vuldb.com/?ip.45.61.137.158) | - | - | High
|
||||
290 | [45.61.137.159](https://vuldb.com/?ip.45.61.137.159) | - | - | High
|
||||
291 | [45.61.137.220](https://vuldb.com/?ip.45.61.137.220) | svenska.re | - | High
|
||||
292 | [45.61.137.225](https://vuldb.com/?ip.45.61.137.225) | - | - | High
|
||||
293 | [45.61.138.12](https://vuldb.com/?ip.45.61.138.12) | - | - | High
|
||||
294 | [45.61.138.171](https://vuldb.com/?ip.45.61.138.171) | - | - | High
|
||||
295 | [45.61.138.175](https://vuldb.com/?ip.45.61.138.175) | - | - | High
|
||||
296 | [45.61.138.181](https://vuldb.com/?ip.45.61.138.181) | - | - | High
|
||||
297 | [45.61.138.227](https://vuldb.com/?ip.45.61.138.227) | - | - | High
|
||||
298 | [45.61.139.138](https://vuldb.com/?ip.45.61.139.138) | - | - | High
|
||||
299 | [45.61.139.144](https://vuldb.com/?ip.45.61.139.144) | - | - | High
|
||||
300 | [45.61.139.179](https://vuldb.com/?ip.45.61.139.179) | - | - | High
|
||||
301 | [45.61.139.196](https://vuldb.com/?ip.45.61.139.196) | - | - | High
|
||||
302 | [45.61.139.232](https://vuldb.com/?ip.45.61.139.232) | - | - | High
|
||||
303 | [45.61.139.235](https://vuldb.com/?ip.45.61.139.235) | - | - | High
|
||||
304 | [45.61.139.243](https://vuldb.com/?ip.45.61.139.243) | - | - | High
|
||||
305 | [45.66.248.7](https://vuldb.com/?ip.45.66.248.7) | mta0.burjeela.gq | - | High
|
||||
306 | [45.66.248.37](https://vuldb.com/?ip.45.66.248.37) | mta0.quarrantinereport-center.gq | - | High
|
||||
307 | [45.66.248.64](https://vuldb.com/?ip.45.66.248.64) | 0n3reye0i0.alyanova.com | - | High
|
||||
308 | [45.66.248.69](https://vuldb.com/?ip.45.66.248.69) | outbound5.imaille.com | - | High
|
||||
309 | [45.66.248.71](https://vuldb.com/?ip.45.66.248.71) | - | - | High
|
||||
310 | [45.66.248.79](https://vuldb.com/?ip.45.66.248.79) | mta0.coldspikes.autos | - | High
|
||||
311 | [45.66.248.119](https://vuldb.com/?ip.45.66.248.119) | finixdeal.com | Nokoyawa | High
|
||||
312 | [45.66.248.148](https://vuldb.com/?ip.45.66.248.148) | QuanTs.defaultproduct.com | - | High
|
||||
313 | [45.66.248.244](https://vuldb.com/?ip.45.66.248.244) | mta0.axminster-carpets.cf | - | High
|
||||
314 | [45.66.249.26](https://vuldb.com/?ip.45.66.249.26) | 8axj5rsx1e.marketingforbreweries.com | - | High
|
||||
315 | [45.66.249.221](https://vuldb.com/?ip.45.66.249.221) | mta0.lizengeneering.com | - | High
|
||||
316 | [45.67.231.235](https://vuldb.com/?ip.45.67.231.235) | am-tun2.warwish.pro | - | High
|
||||
317 | [45.82.247.87](https://vuldb.com/?ip.45.82.247.87) | - | - | High
|
||||
318 | [45.82.247.121](https://vuldb.com/?ip.45.82.247.121) | - | - | High
|
||||
319 | [45.82.247.148](https://vuldb.com/?ip.45.82.247.148) | prostatehealth.click | - | High
|
||||
320 | [45.82.251.34](https://vuldb.com/?ip.45.82.251.34) | - | - | High
|
||||
321 | [45.82.251.36](https://vuldb.com/?ip.45.82.251.36) | - | - | High
|
||||
322 | [45.82.251.44](https://vuldb.com/?ip.45.82.251.44) | - | - | High
|
||||
323 | [45.86.229.46](https://vuldb.com/?ip.45.86.229.46) | - | - | High
|
||||
324 | [45.86.229.94](https://vuldb.com/?ip.45.86.229.94) | - | - | High
|
||||
325 | [45.86.229.105](https://vuldb.com/?ip.45.86.229.105) | 1lf7cf33e.northernstarmarketing.com | - | High
|
||||
326 | [45.86.229.180](https://vuldb.com/?ip.45.86.229.180) | - | - | High
|
||||
327 | [45.86.229.253](https://vuldb.com/?ip.45.86.229.253) | 32l.edUcated-352.insuranceforourfamily.com | - | High
|
||||
328 | [45.86.230.43](https://vuldb.com/?ip.45.86.230.43) | google.com | - | High
|
||||
329 | [45.86.230.141](https://vuldb.com/?ip.45.86.230.141) | mta0.ungho.cf | - | High
|
||||
330 | [45.86.230.149](https://vuldb.com/?ip.45.86.230.149) | - | - | High
|
||||
331 | [45.86.230.181](https://vuldb.com/?ip.45.86.230.181) | - | - | High
|
||||
332 | [45.86.231.210](https://vuldb.com/?ip.45.86.231.210) | - | - | High
|
||||
333 | [45.87.154.181](https://vuldb.com/?ip.45.87.154.181) | vm.solutions | - | High
|
||||
334 | [45.88.221.211](https://vuldb.com/?ip.45.88.221.211) | - | - | High
|
||||
335 | [45.89.98.138](https://vuldb.com/?ip.45.89.98.138) | ruiz.thegamersnet.com | - | High
|
||||
336 | [45.89.107.120](https://vuldb.com/?ip.45.89.107.120) | d120.lifedigitz.com | - | High
|
||||
337 | [45.92.162.84](https://vuldb.com/?ip.45.92.162.84) | butler.egnerarch.com | - | High
|
||||
338 | [45.92.163.123](https://vuldb.com/?ip.45.92.163.123) | vars-long-kks.currishfine.com | - | High
|
||||
339 | [45.92.163.233](https://vuldb.com/?ip.45.92.163.233) | landing-messy.samewaged.com | - | High
|
||||
340 | [45.92.163.238](https://vuldb.com/?ip.45.92.163.238) | sup-size.samewaged.com | - | High
|
||||
341 | [45.95.11.125](https://vuldb.com/?ip.45.95.11.125) | vm324206.pq.hosting | - | High
|
||||
342 | [45.129.99.241](https://vuldb.com/?ip.45.129.99.241) | 354851-vds-mamozw.gmhost.pp.ua | - | High
|
||||
343 | [45.129.199.13](https://vuldb.com/?ip.45.129.199.13) | - | - | High
|
||||
344 | [45.129.199.26](https://vuldb.com/?ip.45.129.199.26) | - | - | High
|
||||
345 | [45.129.199.67](https://vuldb.com/?ip.45.129.199.67) | - | - | High
|
||||
346 | [45.129.199.92](https://vuldb.com/?ip.45.129.199.92) | - | - | High
|
||||
347 | [45.138.172.179](https://vuldb.com/?ip.45.138.172.179) | - | - | High
|
||||
348 | [45.138.172.240](https://vuldb.com/?ip.45.138.172.240) | - | - | High
|
||||
349 | ... | ... | ... | ...
|
||||
|
||||
There are 1376 more IOC items available. Please use our online service to access the data.
|
||||
There are 1390 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -398,53 +402,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin/about-us.php` | High
|
||||
4 | File | `/admin/save.php` | High
|
||||
5 | File | `/admin/sys_sql_query.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/download` | High
|
||||
8 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
9 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
10 | File | `/category.php` | High
|
||||
11 | File | `/categorypage.php` | High
|
||||
12 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
13 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
14 | File | `/company/store` | High
|
||||
15 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
16 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
17 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
18 | File | `/csms/?page=contact_us` | High
|
||||
19 | File | `/dcim/rack-roles/` | High
|
||||
20 | File | `/etc/passwd` | Medium
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/h/` | Low
|
||||
23 | File | `/HNAP1` | Low
|
||||
24 | File | `/home/cavesConsole` | High
|
||||
25 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
28 | File | `/index.php?page=category_list` | High
|
||||
29 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
30 | File | `/jobinfo/` | Medium
|
||||
31 | File | `/kelas/data` | Medium
|
||||
32 | File | `/mhds/clinic/view_details.php` | High
|
||||
33 | File | `/Moosikay/order.php` | High
|
||||
34 | File | `/PreviewHandler.ashx` | High
|
||||
35 | File | `/recipe-result` | High
|
||||
36 | File | `/register.do` | Medium
|
||||
37 | File | `/RPS2019Service/status.html` | High
|
||||
38 | File | `/scripts/unlock_tasks.php` | High
|
||||
39 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
40 | File | `/ServletAPI/accounts/login` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
43 | File | `/staff/edit_book_details.php` | High
|
||||
44 | File | `/student/bookdetails.php` | High
|
||||
45 | ... | ... | ...
|
||||
1 | File | `/admin/about-us.php` | High
|
||||
2 | File | `/admin/save.php` | High
|
||||
3 | File | `/admin/sys_sql_query.php` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/api/download` | High
|
||||
6 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
7 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
8 | File | `/category.php` | High
|
||||
9 | File | `/categorypage.php` | High
|
||||
10 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
11 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
12 | File | `/company/store` | High
|
||||
13 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
14 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
15 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
16 | File | `/csms/?page=contact_us` | High
|
||||
17 | File | `/dcim/rack-roles/` | High
|
||||
18 | File | `/etc/passwd` | Medium
|
||||
19 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/h/` | Low
|
||||
22 | File | `/HNAP1` | Low
|
||||
23 | File | `/home/cavesConsole` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
26 | File | `/index.php?page=category_list` | High
|
||||
27 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
28 | File | `/jobinfo/` | Medium
|
||||
29 | File | `/mhds/clinic/view_details.php` | High
|
||||
30 | File | `/PreviewHandler.ashx` | High
|
||||
31 | File | `/recipe-result` | High
|
||||
32 | File | `/register.do` | Medium
|
||||
33 | File | `/RPS2019Service/status.html` | High
|
||||
34 | File | `/scripts/unlock_tasks.php` | High
|
||||
35 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
36 | File | `/ServletAPI/accounts/login` | High
|
||||
37 | File | `/sicweb-ajax/tmproot/` | High
|
||||
38 | File | `/spip.php` | Medium
|
||||
39 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
40 | File | `/staff/edit_book_details.php` | High
|
||||
41 | File | `/student/bookdetails.php` | High
|
||||
42 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
|
||||
43 | File | `/SysManage/AddUpdateRole.aspx` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 389 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 379 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -15,9 +15,9 @@ The following _campaigns_ are known and can be associated with Inception:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Inception:
|
||||
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
@ -58,49 +58,51 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/action/import_xml_file/` | High
|
||||
2 | File | `/action/wirelessConnect` | High
|
||||
3 | File | `/admin/?page=user/manage_user` | High
|
||||
4 | File | `/admin/edit-services.php` | High
|
||||
5 | File | `/admin/edit_product.php` | High
|
||||
6 | File | `/admin/index.php` | High
|
||||
7 | File | `/admin/myaccount` | High
|
||||
8 | File | `/admin/orders/update_status.php` | High
|
||||
9 | File | `/admin/pages/sections_save.php` | High
|
||||
10 | File | `/admin/positions_row.php` | High
|
||||
11 | File | `/admin/settings/fields` | High
|
||||
12 | File | `/admin/userprofile.php` | High
|
||||
13 | File | `/ajax.php?action=save_company` | High
|
||||
14 | File | `/api/v1/chat.getThreadsList` | High
|
||||
15 | File | `/api/v2/cli/commands` | High
|
||||
16 | File | `/api/v2/open/rowsInfo` | High
|
||||
17 | File | `/api/v3/flows/instances/default-user-settings-flow/execute/` | High
|
||||
18 | File | `/api/wechat/app_auth` | High
|
||||
19 | File | `/asms/admin/?page=user/manage_user` | High
|
||||
20 | File | `/blog/comment` | High
|
||||
21 | File | `/classes/Login.php` | High
|
||||
22 | File | `/dosen/data` | Medium
|
||||
23 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
24 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
25 | File | `/env` | Low
|
||||
26 | File | `/etc/master.passwd` | High
|
||||
27 | File | `/etc/os-release` | High
|
||||
28 | File | `/file_manager/admin/save_user.php` | High
|
||||
29 | File | `/front/search.php` | High
|
||||
30 | File | `/garage/php_action/createBrand.php` | High
|
||||
31 | File | `/goform/addressNat` | High
|
||||
32 | File | `/goform/AdvSetWrlsafeset` | High
|
||||
33 | File | `/goform/editFileName` | High
|
||||
34 | File | `/goform/form2WizardStep54` | High
|
||||
35 | File | `/goform/setSysAdm` | High
|
||||
36 | File | `/goform/webExcptypemanFilter` | High
|
||||
37 | File | `/goform/WifiBasicSet` | High
|
||||
38 | File | `/goform/WifiMacFilterGet` | High
|
||||
39 | File | `/hss/admin/categories/view_category.php` | High
|
||||
40 | File | `/index.php` | Medium
|
||||
41 | File | `/isomedia/meta.c` | High
|
||||
42 | File | `/jurusanmatkul/data` | High
|
||||
43 | ... | ... | ...
|
||||
3 | File | `/admin/?page=bike` | High
|
||||
4 | File | `/admin/?page=user/manage_user` | High
|
||||
5 | File | `/admin/cms_content.php` | High
|
||||
6 | File | `/admin/edit-services.php` | High
|
||||
7 | File | `/admin/edit_product.php` | High
|
||||
8 | File | `/admin/index.php` | High
|
||||
9 | File | `/admin/orders/update_status.php` | High
|
||||
10 | File | `/admin/pages/sections_save.php` | High
|
||||
11 | File | `/admin/positions_row.php` | High
|
||||
12 | File | `/admin/settings/fields` | High
|
||||
13 | File | `/admin/userprofile.php` | High
|
||||
14 | File | `/ajax.php?action=save_company` | High
|
||||
15 | File | `/api/es/admin/v3/security/user/1` | High
|
||||
16 | File | `/api/v1/chat.getThreadsList` | High
|
||||
17 | File | `/api/v2/cli/commands` | High
|
||||
18 | File | `/api/v2/open/rowsInfo` | High
|
||||
19 | File | `/api/v3/flows/instances/default-user-settings-flow/execute/` | High
|
||||
20 | File | `/api/wechat/app_auth` | High
|
||||
21 | File | `/asms/admin/?page=user/manage_user` | High
|
||||
22 | File | `/blog/comment` | High
|
||||
23 | File | `/classes/Login.php` | High
|
||||
24 | File | `/course/filterRecords/` | High
|
||||
25 | File | `/dosen/data` | Medium
|
||||
26 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
27 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
28 | File | `/env` | Low
|
||||
29 | File | `/etc/master.passwd` | High
|
||||
30 | File | `/etc/os-release` | High
|
||||
31 | File | `/file_manager/admin/save_user.php` | High
|
||||
32 | File | `/front/search.php` | High
|
||||
33 | File | `/garage/php_action/createBrand.php` | High
|
||||
34 | File | `/goform/addressNat` | High
|
||||
35 | File | `/goform/AdvSetWrlsafeset` | High
|
||||
36 | File | `/goform/editFileName` | High
|
||||
37 | File | `/goform/form2WizardStep54` | High
|
||||
38 | File | `/goform/setSysAdm` | High
|
||||
39 | File | `/goform/webExcptypemanFilter` | High
|
||||
40 | File | `/goform/WifiBasicSet` | High
|
||||
41 | File | `/goform/WifiMacFilterGet` | High
|
||||
42 | File | `/hss/admin/categories/view_category.php` | High
|
||||
43 | File | `/index.php` | Medium
|
||||
44 | File | `/jurusanmatkul/data` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 373 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -62,17 +62,17 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `%PROGRAMDATA%\Razer Chroma\SDK\Apps` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/cgi-bin/webviewer_login_page` | High
|
||||
4 | File | `/mgmt/tm/util/bash` | High
|
||||
5 | File | `/recordings/index.php` | High
|
||||
6 | File | `/uncpath/` | Medium
|
||||
7 | File | `/webssh` | Low
|
||||
8 | File | `add_vhost.php` | High
|
||||
9 | File | `admin-ajax.php` | High
|
||||
10 | File | `and/or` | Low
|
||||
11 | File | `arsys/servlet/AttachServlet` | High
|
||||
4 | File | `/common/info.cgi` | High
|
||||
5 | File | `/mgmt/tm/util/bash` | High
|
||||
6 | File | `/recordings/index.php` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | File | `/webssh` | Low
|
||||
9 | File | `add_vhost.php` | High
|
||||
10 | File | `admin-ajax.php` | High
|
||||
11 | File | `and/or` | Low
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 90 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 91 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -1292,15 +1292,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-274, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -1308,56 +1307,58 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
3 | File | `/account/delivery` | High
|
||||
4 | File | `/admin/addproduct.php` | High
|
||||
5 | File | `/admin/add_user_modal.php` | High
|
||||
6 | File | `/admin/del_category.php` | High
|
||||
7 | File | `/admin/del_service.php` | High
|
||||
8 | File | `/admin/edit_product.php` | High
|
||||
9 | File | `/admin/forgot-password.php` | High
|
||||
10 | File | `/admin/index.php` | High
|
||||
11 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
12 | File | `/admin/read.php?mudi=announContent` | High
|
||||
13 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
14 | File | `/admin/reg.php` | High
|
||||
15 | File | `/admin/search-appointment.php` | High
|
||||
16 | File | `/admin/sys_sql_query.php` | High
|
||||
17 | File | `/admin/test_status.php` | High
|
||||
18 | File | `/api/baskets/{name}` | High
|
||||
19 | File | `/api/ping` | Medium
|
||||
20 | File | `/api/set-password` | High
|
||||
21 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
22 | File | `/author_posts.php` | High
|
||||
23 | File | `/bin/ate` | Medium
|
||||
24 | File | `/bin/boa` | Medium
|
||||
25 | File | `/blog` | Low
|
||||
26 | File | `/booking/show_bookings/` | High
|
||||
27 | File | `/browse` | Low
|
||||
28 | File | `/cgi-bin/adm.cgi` | High
|
||||
29 | File | `/chaincity/user/ticket/create` | High
|
||||
30 | File | `/cimom` | Low
|
||||
31 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
32 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
33 | File | `/classes/Master.php?f=save_item` | High
|
||||
34 | File | `/classes/Users.php?f=save` | High
|
||||
35 | File | `/company/store` | High
|
||||
36 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
37 | File | `/config` | Low
|
||||
38 | File | `/contact.php` | Medium
|
||||
39 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
1 | File | `/academy/tutor/filter` | High
|
||||
2 | File | `/activate_hook.php` | High
|
||||
3 | File | `/admin/?page=user` | High
|
||||
4 | File | `/admin/article/article-edit-run.php` | High
|
||||
5 | File | `/admin/cms_admin.php` | High
|
||||
6 | File | `/admin/cms_content.php` | High
|
||||
7 | File | `/admin/config/uploadicon.php` | High
|
||||
8 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
9 | File | `/admin/leancloud.php` | High
|
||||
10 | File | `/admin/list_addr_fwresource_ip.php` | High
|
||||
11 | File | `/admin/order.php` | High
|
||||
12 | File | `/admin/plugin.php` | High
|
||||
13 | File | `/admin/save.php` | High
|
||||
14 | File | `/admin/services/manage_service.php` | High
|
||||
15 | File | `/admin/user.php` | High
|
||||
16 | File | `/api/` | Low
|
||||
17 | File | `/api/download` | High
|
||||
18 | File | `/api/download/updateFile` | High
|
||||
19 | File | `/api/es/admin/v3/security/user/1` | High
|
||||
20 | File | `/api/installation/setThumbnailRc` | High
|
||||
21 | File | `/api/runscript` | High
|
||||
22 | File | `/api/thumbnail` | High
|
||||
23 | File | `/api/v1/alerts` | High
|
||||
24 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
25 | File | `/book-services.php` | High
|
||||
26 | File | `/category.php` | High
|
||||
27 | File | `/categorypage.php` | High
|
||||
28 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
29 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
30 | File | `/classes/master.php?f=delete_order` | High
|
||||
31 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
32 | File | `/classes/Master.php?f=save_brand` | High
|
||||
33 | File | `/classes/Master.php?f=save_category` | High
|
||||
34 | File | `/classes/Master.php?f=save_service` | High
|
||||
35 | File | `/classes/Master.php?f=update_order_status` | High
|
||||
36 | File | `/collection/all` | High
|
||||
37 | File | `/content/templates/` | High
|
||||
38 | File | `/course/filterRecords/` | High
|
||||
39 | File | `/dashboard/add-blog.php` | High
|
||||
40 | File | `/debug/pprof` | Medium
|
||||
41 | File | `/dipam/athlete-profile.php` | High
|
||||
42 | File | `/dipam/save-delegates.php` | High
|
||||
43 | File | `/Duty/AjaxHandle/UpLoadFloodPlanFile.ashx` | High
|
||||
44 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
45 | File | `/en/blog-comment-4` | High
|
||||
46 | File | `/etc/passwd` | Medium
|
||||
47 | File | `/forum/away.php` | High
|
||||
48 | ... | ... | ...
|
||||
41 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
42 | File | `/forum/away.php` | High
|
||||
43 | File | `/goform/Diagnosis` | High
|
||||
44 | File | `/goform/fast_setting_wifi_set` | High
|
||||
45 | File | `/goform/NatStaticSetting` | High
|
||||
46 | File | `/goform/PowerSaveSet` | High
|
||||
47 | File | `/goform/SetPptpServerCfg` | High
|
||||
48 | File | `/goform/SetStaticRouteCfg` | High
|
||||
49 | File | `/goform/WifiBasicSet` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 416 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 436 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -58,63 +58,64 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `%PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/.env` | Low
|
||||
4 | File | `/api/CONFIG/restore` | High
|
||||
5 | File | `/cgi-bin/activate.cgi` | High
|
||||
6 | File | `/cgi-bin/bcm_password` | High
|
||||
7 | File | `/cgi-bin/nobody` | High
|
||||
8 | File | `/cgi-bin/nobody/Search.cgi` | High
|
||||
9 | File | `/cgi-bin/webproc` | High
|
||||
10 | File | `/config/netconf.cmd` | High
|
||||
11 | File | `/etc/passwd` | Medium
|
||||
12 | File | `/etc/services/INET/inet_ipv4.php` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/get_getnetworkconf.cgi` | High
|
||||
15 | File | `/goform/saveParentControlInfo` | High
|
||||
16 | File | `/home.jsp` | Medium
|
||||
17 | File | `/horde/util/go.php` | High
|
||||
18 | File | `/include/stat/stat.php` | High
|
||||
19 | File | `/login` | Low
|
||||
20 | File | `/login.cgi?logout=1` | High
|
||||
21 | File | `/Login.do` | Medium
|
||||
22 | File | `/messageboard/view.php` | High
|
||||
23 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
24 | File | `/nova/bin/detnet` | High
|
||||
25 | File | `/pages.php` | Medium
|
||||
26 | File | `/pages/items` | Medium
|
||||
27 | File | `/proc/iomem` | Medium
|
||||
28 | File | `/profile/deleteWatch.do` | High
|
||||
29 | File | `/show_news.php` | High
|
||||
30 | File | `/status.js` | Medium
|
||||
31 | File | `/tmp` | Low
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
|
||||
34 | File | `/usr/local/ssl/openssl.cnf` | High
|
||||
35 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
36 | File | `/var/log/nginx` | High
|
||||
37 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
38 | File | `/wp-admin` | Medium
|
||||
39 | File | `/xampp/guestbook-en.pl` | High
|
||||
40 | File | `abook_database.php` | High
|
||||
41 | File | `account.asp` | Medium
|
||||
42 | File | `AccountStatus.jsp` | High
|
||||
43 | File | `action/usermanager.htm` | High
|
||||
44 | File | `add.php` | Low
|
||||
45 | File | `add_comment.php` | High
|
||||
46 | File | `admin.a6mambocredits.php` | High
|
||||
47 | File | `admin.cgi?action=config_restore` | High
|
||||
48 | File | `admin.cropcanvas.php` | High
|
||||
49 | File | `Admin.PHP` | Medium
|
||||
50 | File | `admin.php3` | Medium
|
||||
51 | File | `admin/add-news.php` | High
|
||||
52 | File | `admin/ajax/op_kandidat.php` | High
|
||||
53 | File | `admin/gv_mail.php` | High
|
||||
54 | File | `admin/manage-articles.php` | High
|
||||
55 | File | `admin/manage-departments.php` | High
|
||||
56 | File | `admin/systemOutOfBand.do` | High
|
||||
57 | File | `adminAvatars.php` | High
|
||||
58 | ... | ... | ...
|
||||
4 | File | `/admin/students/view_details.php` | High
|
||||
5 | File | `/api/CONFIG/restore` | High
|
||||
6 | File | `/cgi-bin/activate.cgi` | High
|
||||
7 | File | `/cgi-bin/bcm_password` | High
|
||||
8 | File | `/cgi-bin/nobody` | High
|
||||
9 | File | `/cgi-bin/nobody/Search.cgi` | High
|
||||
10 | File | `/cgi-bin/webproc` | High
|
||||
11 | File | `/config/netconf.cmd` | High
|
||||
12 | File | `/etc/passwd` | Medium
|
||||
13 | File | `/etc/services/INET/inet_ipv4.php` | High
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/get_getnetworkconf.cgi` | High
|
||||
16 | File | `/goform/saveParentControlInfo` | High
|
||||
17 | File | `/home.jsp` | Medium
|
||||
18 | File | `/horde/util/go.php` | High
|
||||
19 | File | `/include/stat/stat.php` | High
|
||||
20 | File | `/librarian/bookdetails.php` | High
|
||||
21 | File | `/login` | Low
|
||||
22 | File | `/login.cgi?logout=1` | High
|
||||
23 | File | `/Login.do` | Medium
|
||||
24 | File | `/messageboard/view.php` | High
|
||||
25 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
26 | File | `/nova/bin/detnet` | High
|
||||
27 | File | `/orrs/admin/reservations/view_details.php` | High
|
||||
28 | File | `/pages.php` | Medium
|
||||
29 | File | `/pages/items` | Medium
|
||||
30 | File | `/proc/iomem` | Medium
|
||||
31 | File | `/profile/deleteWatch.do` | High
|
||||
32 | File | `/show_news.php` | High
|
||||
33 | File | `/status.js` | Medium
|
||||
34 | File | `/tmp` | Low
|
||||
35 | File | `/uncpath/` | Medium
|
||||
36 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
|
||||
37 | File | `/usr/local/ssl/openssl.cnf` | High
|
||||
38 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
39 | File | `/var/log/nginx` | High
|
||||
40 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
41 | File | `/wp-admin` | Medium
|
||||
42 | File | `/xampp/guestbook-en.pl` | High
|
||||
43 | File | `abook_database.php` | High
|
||||
44 | File | `account.asp` | Medium
|
||||
45 | File | `AccountStatus.jsp` | High
|
||||
46 | File | `action/usermanager.htm` | High
|
||||
47 | File | `add.php` | Low
|
||||
48 | File | `add_comment.php` | High
|
||||
49 | File | `admin.a6mambocredits.php` | High
|
||||
50 | File | `admin.cgi?action=config_restore` | High
|
||||
51 | File | `admin.cropcanvas.php` | High
|
||||
52 | File | `Admin.PHP` | Medium
|
||||
53 | File | `admin.php3` | Medium
|
||||
54 | File | `admin/add-news.php` | High
|
||||
55 | File | `admin/ajax/op_kandidat.php` | High
|
||||
56 | File | `admin/gv_mail.php` | High
|
||||
57 | File | `admin/manage-articles.php` | High
|
||||
58 | File | `admin/manage-departments.php` | High
|
||||
59 | ... | ... | ...
|
||||
|
||||
There are 510 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 512 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -128,10 +128,9 @@ ID | Type | Indicator | Confidence
|
|||
55 | File | `admin.php` | Medium
|
||||
56 | File | `admin.php/comments/batchdel/` | High
|
||||
57 | File | `admin/aboutus.php` | High
|
||||
58 | File | `admin/adm/test.php` | High
|
||||
59 | ... | ... | ...
|
||||
58 | ... | ... | ...
|
||||
|
||||
There are 519 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 511 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -29,14 +29,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -44,52 +44,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin/upload/upload` | High
|
||||
3 | File | `/api/baskets/{name}` | High
|
||||
4 | File | `/api/gen/clients/{language}` | High
|
||||
5 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
6 | File | `/config/getuser` | High
|
||||
7 | File | `/config/myfield/test.php` | High
|
||||
8 | File | `/debug/pprof` | Medium
|
||||
9 | File | `/ecshop/admin/template.php` | High
|
||||
10 | File | `/file/upload/1` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/forum/PostPrivateMessage` | High
|
||||
13 | File | `/goform/set_LimitClient_cfg` | High
|
||||
14 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
15 | File | `/hss/admin/?page=products/view_product` | High
|
||||
16 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
17 | File | `/net-banking/customer_transactions.php` | High
|
||||
18 | File | `/obs/book.php` | High
|
||||
19 | File | `/ossn/administrator/com_installer` | High
|
||||
20 | File | `/owa/auth/logon.aspx` | High
|
||||
21 | File | `/pms/update_user.php?user_id=1` | High
|
||||
22 | File | `/preview.php` | Medium
|
||||
23 | File | `/requests.php` | High
|
||||
24 | File | `/spip.php` | Medium
|
||||
25 | File | `/sqlite3_aflpp/shell.c` | High
|
||||
26 | File | `/sre/params.php` | High
|
||||
27 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/user/upload/upload` | High
|
||||
30 | File | `/Users` | Low
|
||||
31 | File | `/var/spool/hylafax` | High
|
||||
32 | File | `/vendor` | Low
|
||||
33 | File | `AccessibilityManagerService.java` | High
|
||||
34 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
35 | File | `adclick.php` | Medium
|
||||
36 | File | `add_contestant.php` | High
|
||||
37 | File | `admin.php` | Medium
|
||||
38 | File | `admin/edit_category.php` | High
|
||||
39 | File | `admin/index.php` | High
|
||||
40 | File | `admin/make_payments.php` | High
|
||||
41 | File | `admin/_cmdstat.jsp` | High
|
||||
42 | File | `af_netlink.c` | Medium
|
||||
43 | File | `album_portal.php` | High
|
||||
44 | ... | ... | ...
|
||||
1 | File | `$HOME/.terminfo` | High
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/admin/upload/upload` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/api/gen/clients/{language}` | High
|
||||
6 | File | `/bin/login` | Medium
|
||||
7 | File | `/bin/mini_upnpd` | High
|
||||
8 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
9 | File | `/config/myfield/test.php` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/ecshop/admin/template.php` | High
|
||||
12 | File | `/file/upload/1` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/forum/PostPrivateMessage` | High
|
||||
15 | File | `/goform/set_LimitClient_cfg` | High
|
||||
16 | File | `/h/autoSaveDraft` | High
|
||||
17 | File | `/h/search?action` | High
|
||||
18 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
19 | File | `/hss/admin/?page=products/view_product` | High
|
||||
20 | File | `/importexport.php` | High
|
||||
21 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
22 | File | `/mgmt/` | Low
|
||||
23 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
24 | File | `/net-banking/customer_transactions.php` | High
|
||||
25 | File | `/obs/book.php` | High
|
||||
26 | File | `/ossn/administrator/com_installer` | High
|
||||
27 | File | `/owa/auth/logon.aspx` | High
|
||||
28 | File | `/pms/update_user.php?user_id=1` | High
|
||||
29 | File | `/preview.php` | Medium
|
||||
30 | File | `/requests.php` | High
|
||||
31 | File | `/secure/ViewCollectors` | High
|
||||
32 | File | `/spip.php` | Medium
|
||||
33 | File | `/sqlite3_aflpp/shell.c` | High
|
||||
34 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
35 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
|
||||
36 | File | `/sys/user/querySysUser?username=admin` | High
|
||||
37 | File | `/uncpath/` | Medium
|
||||
38 | File | `/user/upload/upload` | High
|
||||
39 | File | `/useratte/web.php` | High
|
||||
40 | File | `/usr/local/www/csrf/csrf-magic.php` | High
|
||||
41 | File | `/vendor` | Low
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 366 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -158,12 +158,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/uncpath/` | Medium
|
||||
2 | File | `/var/log/nginx` | High
|
||||
3 | File | `/_uuids` | Low
|
||||
1 | File | `/scheduler/index.php` | High
|
||||
2 | File | `/uncpath/` | Medium
|
||||
3 | File | `/var/log/nginx` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 14 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,11 +20,11 @@ There are 5 more campaign items available. Please use our online service to acce
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kwampirs:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [NZ](https://vuldb.com/?country.nz)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -137,13 +137,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -151,46 +152,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/?r=email/api/mark&op=delFromSend` | High
|
||||
3 | File | `/act/ActDao.xml` | High
|
||||
1 | File | `/act/ActDao.xml` | High
|
||||
2 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
3 | File | `/admin/add-category.php` | High
|
||||
4 | File | `/admin/edit.php` | High
|
||||
5 | File | `/admin/maintenance/view_designation.php` | High
|
||||
6 | File | `/ajax.php?action=read_msg` | High
|
||||
7 | File | `/analysisProject/pagingQueryData` | High
|
||||
8 | File | `/api/admin/system/store/order/list` | High
|
||||
5 | File | `/admin/orders/update_status.php` | High
|
||||
6 | File | `/admin/user.php` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/analysisProject/pagingQueryData` | High
|
||||
9 | File | `/api/baskets/{name}` | High
|
||||
10 | File | `/api/gen/clients/{language}` | High
|
||||
11 | File | `/api/geojson` | Medium
|
||||
12 | File | `/api/v2/cli/commands` | High
|
||||
13 | File | `/bin/ate` | Medium
|
||||
14 | File | `/bin/sh` | Low
|
||||
15 | File | `/booking/show_bookings/` | High
|
||||
16 | File | `/CFIDE/probe.cfm` | High
|
||||
17 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
18 | File | `/classes/Master.php?f=delete_category` | High
|
||||
19 | File | `/classes/Master.php?f=save_service` | High
|
||||
20 | File | `/common/sysFile/list` | High
|
||||
21 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
22 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
23 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
24 | File | `/data/remove` | Medium
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/Default/Bd` | Medium
|
||||
27 | File | `/ebics-server/ebics.aspx` | High
|
||||
28 | File | `/env` | Low
|
||||
29 | File | `/etc/openstack-dashboard/local_settings` | High
|
||||
30 | File | `/etc/passwd` | Medium
|
||||
31 | File | `/forum/away.php` | High
|
||||
32 | File | `/goform/addressNat` | High
|
||||
33 | File | `/goform/AdvSetLanip` | High
|
||||
34 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
35 | File | `/goform/setmac` | High
|
||||
36 | File | `/goform/setMacFilterCfg` | High
|
||||
37 | File | `/goform/SetSysTimeCfg` | High
|
||||
10 | File | `/billing/home.php` | High
|
||||
11 | File | `/bin/ate` | Medium
|
||||
12 | File | `/booking/show_bookings/` | High
|
||||
13 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
14 | File | `/cgi-bin/wapopen` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/cgi/networkDiag.cgi` | High
|
||||
17 | File | `/classes/Master.php?f=delete_category` | High
|
||||
18 | File | `/classes/Master.php?f=save_service` | High
|
||||
19 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
20 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
21 | File | `/dashboard/add-blog.php` | High
|
||||
22 | File | `/data/remove` | Medium
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/env` | Low
|
||||
25 | File | `/etc/passwd` | Medium
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/getcfg.php` | Medium
|
||||
28 | File | `/goform/AdvSetLanip` | High
|
||||
29 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
30 | File | `/goform/net\_Web\_get_value` | High
|
||||
31 | File | `/goform/setmac` | High
|
||||
32 | File | `/goform/setMacFilterCfg` | High
|
||||
33 | File | `/goform/SetSysTimeCfg` | High
|
||||
34 | File | `/goform/WifiGuestSet` | High
|
||||
35 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
36 | File | `/group1/uploa` | High
|
||||
37 | File | `/home/cavesConsole` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 323 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 327 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LACNIC Unknown:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
@ -174,11 +174,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -191,7 +191,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `cloudinit/config/cc_set_passwords.py` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 13 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LANDFALL:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [HU](https://vuldb.com/?country.hu)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CO](https://vuldb.com/?country.co)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
|
|
@ -30,14 +30,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-274, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -45,46 +45,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/ajax.php?action=read_msg` | High
|
||||
3 | File | `/api/baskets/{name}` | High
|
||||
4 | File | `/api/upload.php` | High
|
||||
5 | File | `/api?path=profile` | High
|
||||
6 | File | `/authenticationendpoint/login.do` | High
|
||||
7 | File | `/cgi-bin/luci` | High
|
||||
8 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
9 | File | `/ci_spms/admin/search/searching/` | High
|
||||
10 | File | `/classes/Master.php?f=save_brand` | High
|
||||
11 | File | `/contact/store` | High
|
||||
12 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
13 | File | `/ecommerce/support_ticket` | High
|
||||
14 | File | `/etc/pki/pesign` | High
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/FuguHub/cmsdocs/` | High
|
||||
17 | File | `/goform/set_LimitClient_cfg` | High
|
||||
18 | File | `/graphql` | Medium
|
||||
19 | File | `/h/autoSaveDraft` | High
|
||||
20 | File | `/HNAP1` | Low
|
||||
21 | File | `/index.php` | Medium
|
||||
22 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
23 | File | `/mc` | Low
|
||||
24 | File | `/modules/projects/vw_files.php` | High
|
||||
25 | File | `/php-inventory-management-system/product.php` | High
|
||||
26 | File | `/plain` | Low
|
||||
27 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
28 | File | `/registration.php` | High
|
||||
29 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
30 | File | `/search.php` | Medium
|
||||
31 | File | `/settings/account` | High
|
||||
32 | File | `/sitecore/shell/Invoke.aspx` | High
|
||||
33 | File | `/staff/edit_book_details.php` | High
|
||||
34 | File | `/student/bookdetails.php` | High
|
||||
35 | File | `/uncpath/` | Medium
|
||||
36 | File | `/userfs/bin/tcapi` | High
|
||||
37 | File | `/var/log/nginx` | High
|
||||
38 | ... | ... | ...
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/admin/adclass.php` | High
|
||||
3 | File | `/admin/admin-profile.php` | High
|
||||
4 | File | `/admin/sales/view_details.php` | High
|
||||
5 | File | `/admin/students/view_details.php` | High
|
||||
6 | File | `/ajax-files/followBoard.php` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/api/cron/settings/setJob/` | High
|
||||
9 | File | `/api/v1/snapshots` | High
|
||||
10 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
11 | File | `/audit/log/log_management.php` | High
|
||||
12 | File | `/auth/callback` | High
|
||||
13 | File | `/authenticationendpoint/login.do` | High
|
||||
14 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/cgi.cgi` | Medium
|
||||
17 | File | `/classes/Users.php` | High
|
||||
18 | File | `/collection/all` | High
|
||||
19 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
20 | File | `/ctcprotocol/Protocol` | High
|
||||
21 | File | `/dottie.js` | Medium
|
||||
22 | File | `/DXR.axd` | Medium
|
||||
23 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
24 | File | `/env` | Low
|
||||
25 | File | `/files/` | Low
|
||||
26 | File | `/forms/doLogin` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/goform/setportList` | High
|
||||
29 | File | `/h/autoSaveDraft` | High
|
||||
30 | File | `/index.php` | Medium
|
||||
31 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
32 | File | `/index.php?page=member` | High
|
||||
33 | File | `/jurusanmatkul/data` | High
|
||||
34 | File | `/librarian/bookdetails.php` | High
|
||||
35 | File | `/log/decodmail.php` | High
|
||||
36 | File | `/log/webmailattach.php` | High
|
||||
37 | File | `/login.php?do=login` | High
|
||||
38 | File | `/php-opos/index.php` | High
|
||||
39 | File | `/public/login.htm` | High
|
||||
40 | File | `/QueryView.php` | High
|
||||
41 | File | `/recreate.php` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 327 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 362 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -26,7 +26,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
3 | [45.159.189.105](https://vuldb.com/?ip.45.159.189.105) | . | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -39,9 +39,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -57,25 +58,25 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/admin/delete_user.php` | High
|
||||
7 | File | `/admin/doctors.php` | High
|
||||
8 | File | `/admin/submit-articles` | High
|
||||
9 | File | `/ad_js.php` | Medium
|
||||
10 | File | `/alphaware/summary.php` | High
|
||||
11 | File | `/api/` | Low
|
||||
12 | File | `/api/admin/store/product/list` | High
|
||||
13 | File | `/api/baskets/{name}` | High
|
||||
14 | File | `/api/stl/actions/search` | High
|
||||
15 | File | `/api/v2/cli/commands` | High
|
||||
16 | File | `/attachments` | Medium
|
||||
17 | File | `/bin/ate` | Medium
|
||||
18 | File | `/boat/login.php` | High
|
||||
19 | File | `/booking/show_bookings/` | High
|
||||
20 | File | `/bsms_ci/index.php/book` | High
|
||||
21 | File | `/cas/logout` | Medium
|
||||
22 | File | `/cgi-bin` | Medium
|
||||
23 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
24 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
25 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
26 | File | `/dashboard/reports/logs/view` | High
|
||||
27 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/baskets/{name}` | High
|
||||
13 | File | `/api/stl/actions/search` | High
|
||||
14 | File | `/api/v2/cli/commands` | High
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/booking/show_bookings/` | High
|
||||
19 | File | `/bsms_ci/index.php/book` | High
|
||||
20 | File | `/cas/logout` | Medium
|
||||
21 | File | `/cgi-bin` | Medium
|
||||
22 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
23 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
24 | File | `/collection/all` | High
|
||||
25 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
26 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
27 | File | `/dashboard/add-blog.php` | High
|
||||
28 | File | `/debug/pprof` | Medium
|
||||
29 | File | `/env` | Low
|
||||
30 | File | `/etc/gsissh/sshd_config` | High
|
||||
|
@ -84,18 +85,16 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `/goform/setmac` | High
|
||||
34 | File | `/goform/wizard_end` | High
|
||||
35 | File | `/group1/uploa` | High
|
||||
36 | File | `/manage-apartment.php` | High
|
||||
36 | File | `/hrm/controller/employee.php` | High
|
||||
37 | File | `/medicines/profile.php` | High
|
||||
38 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
39 | File | `/pages/apply_vacancy.php` | High
|
||||
39 | File | `/out.php` | Medium
|
||||
40 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
41 | File | `/proc/<PID>/mem` | High
|
||||
42 | File | `/proxy` | Low
|
||||
43 | File | `/reservation/add_message.php` | High
|
||||
44 | File | `/resources//../` | High
|
||||
45 | ... | ... | ...
|
||||
41 | File | `/proxy` | Low
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -104,6 +103,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://app.any.run/tasks/6c910d55-f846-46f8-bfa5-b6af3986466c
|
||||
* https://app.any.run/tasks/47c2c5a4-d752-4ba2-a2d4-15665bd5aac3
|
||||
* https://bazaar.abuse.ch/sample/bd7b6f6ef2d0adfb9b2e058fc46ad29ff1edffc648f9d7408745916bb8a2f310/
|
||||
* https://github.com/Cisco-Talos/IOCs/blob/main/2023/02/new-mortalkombat-ransomware-and-laplas-clipper-malware-threats.txt
|
||||
* https://threatfox.abuse.ch
|
||||
* https://twitter.com/1ZRR4H/status/1623067548781539339
|
||||
* https://twitter.com/crep1x/status/1636352242969108484
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -246,14 +246,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -264,64 +265,57 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
5 | File | `/admin.php/update/getFile.html` | High
|
||||
6 | File | `/admin/?page=user/manage` | High
|
||||
7 | File | `/admin/add-new.php` | High
|
||||
8 | File | `/admin/cashadvance_row.php` | High
|
||||
9 | File | `/admin/doctors.php` | High
|
||||
10 | File | `/admin/maintenance/view_designation.php` | High
|
||||
11 | File | `/admin/sys_sql_query.php` | High
|
||||
12 | File | `/admin/userprofile.php` | High
|
||||
13 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
14 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
15 | File | `/alphaware/summary.php` | High
|
||||
16 | File | `/api/` | Low
|
||||
17 | File | `/api/admin/store/product/list` | High
|
||||
18 | File | `/api/stl/actions/search` | High
|
||||
19 | File | `/api/v2/cli/commands` | High
|
||||
20 | File | `/APR/login.php` | High
|
||||
21 | File | `/bin/ate` | Medium
|
||||
22 | File | `/bin/httpd` | Medium
|
||||
23 | File | `/boat/login.php` | High
|
||||
24 | File | `/booking/show_bookings/` | High
|
||||
25 | File | `/cgi-bin` | Medium
|
||||
26 | File | `/cgi-bin/wapopen` | High
|
||||
27 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
28 | File | `/company/store` | High
|
||||
29 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
30 | File | `/debug/pprof` | Medium
|
||||
31 | File | `/env` | Low
|
||||
32 | File | `/etc/passwd` | Medium
|
||||
33 | File | `/feeds/post/publish` | High
|
||||
34 | File | `/forum/away.php` | High
|
||||
35 | File | `/h/` | Low
|
||||
36 | File | `/home/masterConsole` | High
|
||||
37 | File | `/home/sendBroadcast` | High
|
||||
38 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
39 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
40 | File | `/index.php?page=category_list` | High
|
||||
41 | File | `/jobinfo/` | Medium
|
||||
42 | File | `/Moosikay/order.php` | High
|
||||
43 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
44 | File | `/opac/Actions.php?a=login` | High
|
||||
45 | File | `/php-opos/index.php` | High
|
||||
46 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
47 | File | `/PreviewHandler.ashx` | High
|
||||
48 | File | `/public/launchNewWindow.jsp` | High
|
||||
49 | File | `/recipe-result` | High
|
||||
50 | File | `/reservation/add_message.php` | High
|
||||
51 | File | `/resources//../` | High
|
||||
52 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
53 | File | `/student/bookdetails.php` | High
|
||||
54 | File | `/uncpath/` | Medium
|
||||
55 | File | `/uploads/exam_question/` | High
|
||||
56 | File | `/user/ticket/create` | High
|
||||
57 | File | `/user/updatePwd` | High
|
||||
58 | File | `/var/lib/docker/<remapping>` | High
|
||||
59 | ... | ... | ...
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/save.php` | High
|
||||
6 | File | `/admin/sys_sql_query.php` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
8 | File | `/api/download` | High
|
||||
9 | File | `/api/stl/actions/search` | High
|
||||
10 | File | `/api/v1/alerts` | High
|
||||
11 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
12 | File | `/bin/ate` | Medium
|
||||
13 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
14 | File | `/booking/show_bookings/` | High
|
||||
15 | File | `/category.php` | High
|
||||
16 | File | `/categorypage.php` | High
|
||||
17 | File | `/cgi-bin` | Medium
|
||||
18 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
19 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
20 | File | `/company/store` | High
|
||||
21 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
22 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
23 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
24 | File | `/dashboard/add-blog.php` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/env` | Low
|
||||
27 | File | `/etc/passwd` | Medium
|
||||
28 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
29 | File | `/feeds/post/publish` | High
|
||||
30 | File | `/forum/away.php` | High
|
||||
31 | File | `/group1/uploa` | High
|
||||
32 | File | `/h/` | Low
|
||||
33 | File | `/HNAP1` | Low
|
||||
34 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
35 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
36 | File | `/index.php?page=category_list` | High
|
||||
37 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
38 | File | `/jobinfo/` | Medium
|
||||
39 | File | `/Moosikay/order.php` | High
|
||||
40 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
41 | File | `/opac/Actions.php?a=login` | High
|
||||
42 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
43 | File | `/PreviewHandler.ashx` | High
|
||||
44 | File | `/recipe-result` | High
|
||||
45 | File | `/register.do` | Medium
|
||||
46 | File | `/reservation/add_message.php` | High
|
||||
47 | File | `/resources//../` | High
|
||||
48 | File | `/RPS2019Service/status.html` | High
|
||||
49 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
50 | File | `/sicweb-ajax/tmproot/` | High
|
||||
51 | File | `/spip.php` | Medium
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 518 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 449 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -276,14 +276,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-35 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-29, CWE-35 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -294,52 +293,47 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/academy/tutor/filter` | High
|
||||
3 | File | `/adfs/ls` | Medium
|
||||
4 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
5 | File | `/admin/edit_product.php` | High
|
||||
4 | File | `/admin/index2.html` | High
|
||||
5 | File | `/admin/sales/view_details.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/common/ping` | High
|
||||
8 | File | `/api/sys/set_passwd` | High
|
||||
9 | File | `/app/search/table` | High
|
||||
10 | File | `/blog` | Low
|
||||
11 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
12 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
13 | File | `/cgi-bin/upload_vpntar` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/common/info.cgi` | High
|
||||
16 | File | `/CPE` | Low
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/goform/Diagnosis` | High
|
||||
21 | File | `/goform/net\_Web\_get_value` | High
|
||||
22 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
23 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
24 | File | `/group1/uploa` | High
|
||||
25 | File | `/home/search` | Medium
|
||||
26 | File | `/hrm/controller/employee.php` | High
|
||||
27 | File | `/hrm/employeeview.php` | High
|
||||
28 | File | `/importexport.php` | High
|
||||
29 | File | `/includes/db_connect.php` | High
|
||||
30 | File | `/includes/session.php` | High
|
||||
31 | File | `/mail.php` | Medium
|
||||
32 | File | `/mc` | Low
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/modules/public/calendar.php` | High
|
||||
35 | File | `/modules/public/date_format.php` | High
|
||||
36 | File | `/modules/tasks/gantt.php` | High
|
||||
37 | File | `/osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php` | High
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/pf/idprofile.ping` | High
|
||||
40 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
41 | File | `/php-spms/admin/?page=user/` | High
|
||||
42 | File | `/src/amf/amf-context.c` | High
|
||||
43 | File | `/SysManage/AddUpdateSites.aspx` | High
|
||||
44 | File | `/sysmanage/changelogo.php` | High
|
||||
45 | File | `/uncpath/` | Medium
|
||||
46 | File | `/v1/hotlink/proxy` | High
|
||||
47 | ... | ... | ...
|
||||
7 | File | `/api/sys/set_passwd` | High
|
||||
8 | File | `/app/search/table` | High
|
||||
9 | File | `/aqpg/users/login.php` | High
|
||||
10 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
11 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
12 | File | `/cgi-bin/upload_vpntar` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/common/info.cgi` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/goform/Diagnosis` | High
|
||||
18 | File | `/goform/net\_Web\_get_value` | High
|
||||
19 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
20 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
21 | File | `/group1/uploa` | High
|
||||
22 | File | `/hrm/controller/employee.php` | High
|
||||
23 | File | `/hrm/employeeview.php` | High
|
||||
24 | File | `/importexport.php` | High
|
||||
25 | File | `/includes/db_connect.php` | High
|
||||
26 | File | `/includes/session.php` | High
|
||||
27 | File | `/leaves/validate` | High
|
||||
28 | File | `/mail.php` | Medium
|
||||
29 | File | `/mc` | Low
|
||||
30 | File | `/modules/projects/vw_files.php` | High
|
||||
31 | File | `/modules/public/calendar.php` | High
|
||||
32 | File | `/modules/public/date_format.php` | High
|
||||
33 | File | `/modules/tasks/gantt.php` | High
|
||||
34 | File | `/out.php` | Medium
|
||||
35 | File | `/pf/idprofile.ping` | High
|
||||
36 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
37 | File | `/php-spms/admin/?page=user/` | High
|
||||
38 | File | `/plugin` | Low
|
||||
39 | File | `/project/tasks/list` | High
|
||||
40 | File | `/protocol/iscgwtunnel/uploadiscgwrouteconf.php` | High
|
||||
41 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 407 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 360 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -107,7 +107,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
@ -137,19 +137,19 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/wp-admin/admin-ajax.php` | High
|
||||
16 | File | `account-signup.php` | High
|
||||
17 | File | `account/signup.php` | High
|
||||
18 | File | `action.php` | Medium
|
||||
19 | File | `addentry.php` | Medium
|
||||
20 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
|
||||
21 | File | `admin.jcomments.php` | High
|
||||
22 | File | `admin.php` | Medium
|
||||
23 | File | `admin/admin_editor.php` | High
|
||||
24 | File | `admin/conf_users_edit.php` | High
|
||||
25 | File | `admin/data.php` | High
|
||||
26 | File | `admin/edit_category.php` | High
|
||||
27 | File | `admin/operations/currency.php` | High
|
||||
18 | File | `addentry.php` | Medium
|
||||
19 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
|
||||
20 | File | `admin.jcomments.php` | High
|
||||
21 | File | `admin.php` | Medium
|
||||
22 | File | `admin/admin_editor.php` | High
|
||||
23 | File | `admin/conf_users_edit.php` | High
|
||||
24 | File | `admin/data.php` | High
|
||||
25 | File | `admin/edit_category.php` | High
|
||||
26 | File | `admin/operations/currency.php` | High
|
||||
27 | File | `awstats.pl` | Medium
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 236 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 241 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -50,14 +50,14 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
2 | File | `/apply.cgi` | Medium
|
||||
3 | File | `/rapi/read_url` | High
|
||||
4 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
5 | File | `AjaxFileUploadHandler.axd` | High
|
||||
6 | File | `appserv/main.php` | High
|
||||
7 | File | `coders/png.c` | Medium
|
||||
8 | File | `customoid.inc.php` | High
|
||||
4 | File | `/scripts/unlock_tasks.php` | High
|
||||
5 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
6 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
7 | File | `AjaxFileUploadHandler.axd` | High
|
||||
8 | File | `appserv/main.php` | High
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 62 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -63,39 +63,43 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin/forgot-password.php` | High
|
||||
5 | File | `/admin/index.php` | High
|
||||
6 | File | `/admin/lab.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/show.php` | High
|
||||
9 | File | `/default.php?idx=17` | High
|
||||
10 | File | `/download` | Medium
|
||||
11 | File | `/env` | Low
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/goform/SetOnlineDevName` | High
|
||||
14 | File | `/index.php` | Medium
|
||||
15 | File | `/index.php/admins/Fields/get_fields.html` | High
|
||||
16 | File | `/opt/bin/cli` | Medium
|
||||
17 | File | `/p` | Low
|
||||
18 | File | `/patient/doctors.php` | High
|
||||
19 | File | `/phpinventory/editcategory.php` | High
|
||||
20 | File | `/php_action/createUser.php` | High
|
||||
21 | File | `/product-list.php` | High
|
||||
22 | File | `/spip.php` | Medium
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/updown/upload.cgi` | High
|
||||
25 | File | `/user/del.php` | High
|
||||
26 | File | `/_next` | Low
|
||||
27 | File | `123flashchat.php` | High
|
||||
28 | File | `act.php` | Low
|
||||
29 | File | `admin/bad.php` | High
|
||||
30 | File | `admin/index.php` | High
|
||||
31 | File | `admin/index.php/user/del/1` | High
|
||||
32 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
33 | File | `administrator/index.php` | High
|
||||
34 | File | `admin\posts\manage_post.php` | High
|
||||
35 | File | `agenda.php` | Medium
|
||||
36 | File | `ajax/render/widget_php` | High
|
||||
37 | ... | ... | ...
|
||||
7 | File | `/admin/login.php` | High
|
||||
8 | File | `/admin/payment.php` | High
|
||||
9 | File | `/admin/show.php` | High
|
||||
10 | File | `/default.php?idx=17` | High
|
||||
11 | File | `/download` | Medium
|
||||
12 | File | `/env` | Low
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/goform/SetOnlineDevName` | High
|
||||
15 | File | `/index.php` | Medium
|
||||
16 | File | `/index.php/admins/Fields/get_fields.html` | High
|
||||
17 | File | `/opt/bin/cli` | Medium
|
||||
18 | File | `/p` | Low
|
||||
19 | File | `/patient/doctors.php` | High
|
||||
20 | File | `/phpinventory/editcategory.php` | High
|
||||
21 | File | `/php_action/createUser.php` | High
|
||||
22 | File | `/product-list.php` | High
|
||||
23 | File | `/spip.php` | Medium
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/updown/upload.cgi` | High
|
||||
26 | File | `/user/del.php` | High
|
||||
27 | File | `/wp-admin/admin-ajax.php` | High
|
||||
28 | File | `/_next` | Low
|
||||
29 | File | `123flashchat.php` | High
|
||||
30 | File | `act.php` | Low
|
||||
31 | File | `admin.php/pay` | High
|
||||
32 | File | `admin/bad.php` | High
|
||||
33 | File | `admin/index.php` | High
|
||||
34 | File | `admin/index.php/user/del/1` | High
|
||||
35 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
36 | File | `administrator/index.php` | High
|
||||
37 | File | `admin\posts\manage_post.php` | High
|
||||
38 | File | `agenda.php` | Medium
|
||||
39 | File | `ajax/render/widget_php` | High
|
||||
40 | File | `album_portal.php` | High
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 352 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -70,38 +70,42 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/admin/forgot-password.php` | High
|
||||
6 | File | `/admin/index.php` | High
|
||||
7 | File | `/admin/lab.php` | High
|
||||
8 | File | `/admin/payment.php` | High
|
||||
9 | File | `/admin/show.php` | High
|
||||
10 | File | `/default.php?idx=17` | High
|
||||
11 | File | `/download` | Medium
|
||||
12 | File | `/env` | Low
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/index.php` | Medium
|
||||
15 | File | `/opt/bin/cli` | Medium
|
||||
16 | File | `/p` | Low
|
||||
17 | File | `/patient/doctors.php` | High
|
||||
18 | File | `/phpinventory/editcategory.php` | High
|
||||
19 | File | `/php_action/createUser.php` | High
|
||||
20 | File | `/product-list.php` | High
|
||||
21 | File | `/spip.php` | Medium
|
||||
22 | File | `/uapi/doc` | Medium
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/updown/upload.cgi` | High
|
||||
25 | File | `/user/del.php` | High
|
||||
26 | File | `/_next` | Low
|
||||
27 | File | `123flashchat.php` | High
|
||||
28 | File | `act.php` | Low
|
||||
29 | File | `admin/bad.php` | High
|
||||
30 | File | `admin/index.php` | High
|
||||
31 | File | `admin/index.php/user/del/1` | High
|
||||
32 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
33 | File | `administrator/index.php` | High
|
||||
34 | File | `agenda.php` | Medium
|
||||
35 | File | `ajax/render/widget_php` | High
|
||||
36 | File | `album_portal.php` | High
|
||||
37 | ... | ... | ...
|
||||
8 | File | `/admin/login.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/show.php` | High
|
||||
11 | File | `/default.php?idx=17` | High
|
||||
12 | File | `/download` | Medium
|
||||
13 | File | `/env` | Low
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/index.php` | Medium
|
||||
16 | File | `/opt/bin/cli` | Medium
|
||||
17 | File | `/p` | Low
|
||||
18 | File | `/patient/doctors.php` | High
|
||||
19 | File | `/phpinventory/editcategory.php` | High
|
||||
20 | File | `/php_action/createUser.php` | High
|
||||
21 | File | `/product-list.php` | High
|
||||
22 | File | `/spip.php` | Medium
|
||||
23 | File | `/uapi/doc` | Medium
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/updown/upload.cgi` | High
|
||||
26 | File | `/user/del.php` | High
|
||||
27 | File | `/wp-admin/admin-ajax.php` | High
|
||||
28 | File | `/_next` | Low
|
||||
29 | File | `123flashchat.php` | High
|
||||
30 | File | `act.php` | Low
|
||||
31 | File | `admin.php/pay` | High
|
||||
32 | File | `admin/bad.php` | High
|
||||
33 | File | `admin/index.php` | High
|
||||
34 | File | `admin/index.php/user/del/1` | High
|
||||
35 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
36 | File | `administrator/index.php` | High
|
||||
37 | File | `agenda.php` | Medium
|
||||
38 | File | `ajax/render/widget_php` | High
|
||||
39 | File | `album_portal.php` | High
|
||||
40 | File | `api.php` | Low
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Liberty Front Press:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -88,15 +88,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -104,56 +104,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/doctors.php` | High
|
||||
6 | File | `/admin/index3.php` | High
|
||||
7 | File | `/admin/upload/upload` | High
|
||||
8 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/baskets/{name}` | High
|
||||
13 | File | `/api/gen/clients/{language}` | High
|
||||
14 | File | `/api/stl/actions/search` | High
|
||||
15 | File | `/api/v2/cli/commands` | High
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/booking/show_bookings/` | High
|
||||
19 | File | `/bsms_ci/index.php/book` | High
|
||||
20 | File | `/cgi-bin` | Medium
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/config/myfield/test.php` | High
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/ecshop/admin/template.php` | High
|
||||
25 | File | `/env` | Low
|
||||
26 | File | `/file/upload/1` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/forum/PostPrivateMessage` | High
|
||||
29 | File | `/goform/set_LimitClient_cfg` | High
|
||||
30 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
31 | File | `/hss/admin/?page=products/view_product` | High
|
||||
32 | File | `/loginsave.php` | High
|
||||
33 | File | `/medicines/profile.php` | High
|
||||
34 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
35 | File | `/net-banking/customer_transactions.php` | High
|
||||
36 | File | `/obs/book.php` | High
|
||||
37 | File | `/owa/auth/logon.aspx` | High
|
||||
38 | File | `/param.file.tgz` | High
|
||||
39 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
40 | File | `/preview.php` | Medium
|
||||
41 | File | `/public_html/users.php` | High
|
||||
42 | File | `/requests.php` | High
|
||||
43 | File | `/reservation/add_message.php` | High
|
||||
44 | File | `/resources//../` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | File | `/sqlite3_aflpp/shell.c` | High
|
||||
47 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
|
||||
48 | ... | ... | ...
|
||||
1 | File | `$HOME/.terminfo` | High
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/api/` | Low
|
||||
4 | File | `/api/admin/store/product/list` | High
|
||||
5 | File | `/api/baskets/{name}` | High
|
||||
6 | File | `/api/gen/clients/{language}` | High
|
||||
7 | File | `/api/stl/actions/search` | High
|
||||
8 | File | `/api/v2/cli/commands` | High
|
||||
9 | File | `/bin/ate` | Medium
|
||||
10 | File | `/bin/login` | Medium
|
||||
11 | File | `/bin/mini_upnpd` | High
|
||||
12 | File | `/booking/show_bookings/` | High
|
||||
13 | File | `/cgi-bin` | Medium
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/config/myfield/test.php` | High
|
||||
16 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
17 | File | `/dashboard/add-blog.php` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/env` | Low
|
||||
20 | File | `/file/upload/1` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goform/set_LimitClient_cfg` | High
|
||||
23 | File | `/group1/uploa` | High
|
||||
24 | File | `/h/autoSaveDraft` | High
|
||||
25 | File | `/h/search?action` | High
|
||||
26 | File | `/hss/admin/?page=products/view_product` | High
|
||||
27 | File | `/importexport.php` | High
|
||||
28 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
29 | File | `/mgmt/` | Low
|
||||
30 | File | `/mhds/clinic/view_details.php` | High
|
||||
31 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
32 | File | `/owa/auth/logon.aspx` | High
|
||||
33 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
34 | File | `/preview.php` | Medium
|
||||
35 | File | `/requests.php` | High
|
||||
36 | File | `/resources//../` | High
|
||||
37 | File | `/secure/ViewCollectors` | High
|
||||
38 | File | `/server-status` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 415 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 348 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -59,49 +59,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/config.php?display=disa&view=form` | High
|
||||
2 | File | `/admin/link/link_ok.php` | High
|
||||
3 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
4 | File | `/cameras/XXXX/clips` | High
|
||||
5 | File | `/category_view.php` | High
|
||||
6 | File | `/cgi-bin/admin/testserver.cgi` | High
|
||||
7 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
8 | File | `/cimom` | Low
|
||||
9 | File | `/download` | Medium
|
||||
10 | File | `/etc/sudoers` | Medium
|
||||
11 | File | `/export` | Low
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/getcfg.php` | Medium
|
||||
14 | File | `/icingaweb2/navigation/add` | High
|
||||
15 | File | `/modules/projects/vw_files.php` | High
|
||||
16 | File | `/netflow/jspui/addMailSettings.jsp` | High
|
||||
17 | File | `/out.php` | Medium
|
||||
18 | File | `/owa/auth/logon.aspx` | High
|
||||
19 | File | `/recordings/index.php` | High
|
||||
20 | File | `/sec/content/sec_asa_users_local_db_add.html` | High
|
||||
21 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
22 | File | `/spip.php` | Medium
|
||||
23 | File | `/src/Illuminate/Laravel.php` | High
|
||||
24 | File | `/student/bookdetails.php` | High
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/usr/bin/pkexec` | High
|
||||
27 | File | `/var/log/nginx` | High
|
||||
28 | File | `/webmail/` | Medium
|
||||
29 | File | `/wp-admin/admin-ajax.php` | High
|
||||
30 | File | `/wp-admin/options.php` | High
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `adclick.php` | Medium
|
||||
33 | File | `addmem.php` | Medium
|
||||
34 | File | `add_user.php` | Medium
|
||||
35 | File | `admin.php` | Medium
|
||||
36 | File | `admin.remository.php` | High
|
||||
37 | File | `admin/admin.asp` | High
|
||||
38 | File | `adminHome.php` | High
|
||||
39 | File | `admin_add.php` | High
|
||||
40 | File | `affich.php` | Medium
|
||||
41 | ... | ... | ...
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin/config.php?display=disa&view=form` | High
|
||||
3 | File | `/admin/link/link_ok.php` | High
|
||||
4 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
5 | File | `/cameras/XXXX/clips` | High
|
||||
6 | File | `/category_view.php` | High
|
||||
7 | File | `/cgi-bin/admin/testserver.cgi` | High
|
||||
8 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
9 | File | `/cimom` | Low
|
||||
10 | File | `/download` | Medium
|
||||
11 | File | `/etc/sudoers` | Medium
|
||||
12 | File | `/export` | Low
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/getcfg.php` | Medium
|
||||
15 | File | `/icingaweb2/navigation/add` | High
|
||||
16 | File | `/modules/projects/vw_files.php` | High
|
||||
17 | File | `/netflow/jspui/addMailSettings.jsp` | High
|
||||
18 | File | `/out.php` | Medium
|
||||
19 | File | `/owa/auth/logon.aspx` | High
|
||||
20 | File | `/recordings/index.php` | High
|
||||
21 | File | `/sec/content/sec_asa_users_local_db_add.html` | High
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/spip.php` | Medium
|
||||
24 | File | `/src/Illuminate/Laravel.php` | High
|
||||
25 | File | `/student/bookdetails.php` | High
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/usr/bin/pkexec` | High
|
||||
28 | File | `/var/log/nginx` | High
|
||||
29 | File | `/webmail/` | Medium
|
||||
30 | File | `/wp-admin/admin-ajax.php` | High
|
||||
31 | File | `/wp-admin/options.php` | High
|
||||
32 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
33 | File | `adclick.php` | Medium
|
||||
34 | File | `addmem.php` | Medium
|
||||
35 | File | `add_user.php` | Medium
|
||||
36 | File | `admin.php` | Medium
|
||||
37 | File | `admin.remository.php` | High
|
||||
38 | File | `admin/admin.asp` | High
|
||||
39 | File | `adminHome.php` | High
|
||||
40 | File | `admin_add.php` | High
|
||||
41 | File | `affich.php` | Medium
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 360 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -80,17 +80,17 @@ ID | Type | Indicator | Confidence
|
|||
34 | File | `/out.php` | Medium
|
||||
35 | File | `/password.html` | High
|
||||
36 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
37 | File | `/proc/ioports` | High
|
||||
38 | File | `/property-list/property_view.php` | High
|
||||
39 | File | `/ptms/classes/Users.php` | High
|
||||
40 | File | `/resources//../` | High
|
||||
41 | File | `/rest/api/2/search` | High
|
||||
42 | File | `/s/` | Low
|
||||
43 | File | `/scripts/cpan_config` | High
|
||||
44 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
37 | File | `/plugin` | Low
|
||||
38 | File | `/proc/ioports` | High
|
||||
39 | File | `/property-list/property_view.php` | High
|
||||
40 | File | `/ptms/classes/Users.php` | High
|
||||
41 | File | `/resources//../` | High
|
||||
42 | File | `/rest/api/2/search` | High
|
||||
43 | File | `/s/` | Low
|
||||
44 | File | `/scripts/cpan_config` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 392 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 393 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -110,14 +110,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -137,41 +137,45 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/api/baskets/{name}` | High
|
||||
11 | File | `/api/stl/actions/search` | High
|
||||
12 | File | `/api/v2/cli/commands` | High
|
||||
13 | File | `/attachments` | Medium
|
||||
14 | File | `/bin/ate` | Medium
|
||||
15 | File | `/boat/login.php` | High
|
||||
16 | File | `/booking/show_bookings/` | High
|
||||
17 | File | `/bsms_ci/index.php/book` | High
|
||||
18 | File | `/cgi-bin` | Medium
|
||||
19 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
20 | File | `/csms/admin/inquiries/view_details.php` | High
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/env` | Low
|
||||
23 | File | `/etc/hosts` | Medium
|
||||
24 | File | `/forms/doLogin` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/include/chart_generator.php` | High
|
||||
27 | File | `/librarian/bookdetails.php` | High
|
||||
28 | File | `/medicines/profile.php` | High
|
||||
29 | File | `/messageboard/view.php` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
32 | File | `/reservation/add_message.php` | High
|
||||
33 | File | `/resources//../` | High
|
||||
34 | File | `/rom-0` | Low
|
||||
35 | File | `/ServletAPI/accounts/login` | High
|
||||
36 | File | `/spip.php` | Medium
|
||||
37 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
|
||||
38 | File | `/textpattern/index.php` | High
|
||||
39 | File | `/tmp` | Low
|
||||
40 | File | `/user/updatePwd` | High
|
||||
41 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
13 | File | `/bin/ate` | Medium
|
||||
14 | File | `/boat/login.php` | High
|
||||
15 | File | `/booking/show_bookings/` | High
|
||||
16 | File | `/CCMAdmin/serverlist.asp` | High
|
||||
17 | File | `/cgi-bin` | Medium
|
||||
18 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
19 | File | `/cgi/get_param.cgi` | High
|
||||
20 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
21 | File | `/csms/admin/inquiries/view_details.php` | High
|
||||
22 | File | `/cstecgi.cgi` | Medium
|
||||
23 | File | `/dashboard/add-blog.php` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/env` | Low
|
||||
26 | File | `/forms/doLogin` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/group1/uploa` | High
|
||||
29 | File | `/include/chart_generator.php` | High
|
||||
30 | File | `/librarian/bookdetails.php` | High
|
||||
31 | File | `/messageboard/view.php` | High
|
||||
32 | File | `/out.php` | Medium
|
||||
33 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
34 | File | `/reservation/add_message.php` | High
|
||||
35 | File | `/resources//../` | High
|
||||
36 | File | `/rom-0` | Low
|
||||
37 | File | `/ServletAPI/accounts/login` | High
|
||||
38 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
|
||||
39 | File | `/textpattern/index.php` | High
|
||||
40 | File | `/upfile.cgi` | Medium
|
||||
41 | File | `/user/updatePwd` | High
|
||||
42 | File | `/video-sharing-script/watch-video.php` | High
|
||||
43 | File | `/wireless/security.asp` | High
|
||||
44 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
45 | ... | ... | ...
|
||||
44 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
45 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
46 | File | `account_footer.php` | High
|
||||
47 | File | `AcquisiAction.class.php` | High
|
||||
48 | File | `acs.exe` | Low
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 425 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -25,10 +25,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
2 | [3.141.204.47](https://vuldb.com/?ip.3.141.204.47) | ec2-3-141-204-47.us-east-2.compute.amazonaws.com | - | Medium
|
||||
3 | [13.40.105.36](https://vuldb.com/?ip.13.40.105.36) | ec2-13-40-105-36.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
4 | [34.174.95.150](https://vuldb.com/?ip.34.174.95.150) | 150.95.174.34.bc.googleusercontent.com | - | Medium
|
||||
5 | [46.105.113.84](https://vuldb.com/?ip.46.105.113.84) | ns320209.ip-46-105-113.eu | - | High
|
||||
5 | [37.0.14.214](https://vuldb.com/?ip.37.0.14.214) | - | - | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more IOC items available. Please use our online service to access the data.
|
||||
There are 21 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -36,14 +36,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -52,64 +52,49 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
3 | File | `/admin/admin.php` | High
|
||||
4 | File | `/admin/casedetails.php` | High
|
||||
5 | File | `/admin/fields/manage_field.php` | High
|
||||
6 | File | `/admin/maintenance/brand.php` | High
|
||||
7 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
8 | File | `/admin/modal_add_product.php` | High
|
||||
9 | File | `/admin/offenses/view_details.php` | High
|
||||
10 | File | `/admin/positions_add.php` | High
|
||||
11 | File | `/admin/sales/index.php` | High
|
||||
12 | File | `/admin/user/manage_user.php` | High
|
||||
13 | File | `/admin/voters_row.php` | High
|
||||
14 | File | `/ad_js.php` | Medium
|
||||
15 | File | `/agc/vicidial.php` | High
|
||||
16 | File | `/ajax.php?action=save_company` | High
|
||||
17 | File | `/ajax.php?action=save_user` | High
|
||||
18 | File | `/ajax/myshop` | Medium
|
||||
19 | File | `/alumni/admin/ajax.php?action=save_settings` | High
|
||||
20 | File | `/api/gen/clients/{language}` | High
|
||||
21 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
22 | File | `/APR/signup.php` | High
|
||||
23 | File | `/authenticationendpoint/login.do` | High
|
||||
24 | File | `/aux` | Low
|
||||
25 | File | `/backup.pl` | Medium
|
||||
26 | File | `/blog` | Low
|
||||
27 | File | `/BRS_netgear_success.html` | High
|
||||
28 | File | `/cas/logout` | Medium
|
||||
29 | File | `/category.php` | High
|
||||
30 | File | `/categorypage.php` | High
|
||||
31 | File | `/cgi-bin/adm.cgi` | High
|
||||
32 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
33 | File | `/cha.php` | Medium
|
||||
34 | File | `/chaincity/user/ticket/create` | High
|
||||
35 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
36 | File | `/College/admin/teacher.php` | High
|
||||
37 | File | `/contactform/contactform.php` | High
|
||||
38 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
39 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
40 | File | `/drivers/block/floppy.c` | High
|
||||
41 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
42 | File | `/ecommerce/support_ticket` | High
|
||||
43 | File | `/etc/shadow` | Medium
|
||||
44 | File | `/files/list-file` | High
|
||||
45 | File | `/fos/admin/ajax.php` | High
|
||||
46 | File | `/friends/ajax_invite` | High
|
||||
47 | File | `/goform/aspForm` | High
|
||||
48 | File | `/goform/SetOnlineDevName` | High
|
||||
49 | File | `/goform/WifiGuestSet` | High
|
||||
50 | File | `/index.php` | Medium
|
||||
51 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
52 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
53 | File | `/kelasdosen/data` | High
|
||||
54 | File | `/libraries` | Medium
|
||||
55 | File | `/load.php` | Medium
|
||||
56 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
57 | ... | ... | ...
|
||||
2 | File | `/academy/home/courses` | High
|
||||
3 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
4 | File | `/admin/admin.php` | High
|
||||
5 | File | `/admin/casedetails.php` | High
|
||||
6 | File | `/admin/config/uploadicon.php` | High
|
||||
7 | File | `/admin/del_feedback.php` | High
|
||||
8 | File | `/admin/fields/manage_field.php` | High
|
||||
9 | File | `/admin/maintenance/brand.php` | High
|
||||
10 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
11 | File | `/admin/modal_add_product.php` | High
|
||||
12 | File | `/admin/offenses/view_details.php` | High
|
||||
13 | File | `/admin/plugin.php` | High
|
||||
14 | File | `/admin/positions_add.php` | High
|
||||
15 | File | `/admin/sales/index.php` | High
|
||||
16 | File | `/admin/user/manage_user.php` | High
|
||||
17 | File | `/admin/voters_row.php` | High
|
||||
18 | File | `/adv_resource` | High
|
||||
19 | File | `/ajax.php?action=save_company` | High
|
||||
20 | File | `/ajax.php?action=save_user` | High
|
||||
21 | File | `/ajax/myshop` | Medium
|
||||
22 | File | `/api/database` | High
|
||||
23 | File | `/api/gen/clients/{language}` | High
|
||||
24 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
25 | File | `/api/v4/opengraph` | High
|
||||
26 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
27 | File | `/authenticationendpoint/login.do` | High
|
||||
28 | File | `/backup.pl` | Medium
|
||||
29 | File | `/blog` | Low
|
||||
30 | File | `/BRS_netgear_success.html` | High
|
||||
31 | File | `/c/PluginsController.php` | High
|
||||
32 | File | `/cas/logout` | Medium
|
||||
33 | File | `/category.php` | High
|
||||
34 | File | `/cgi-bin/adm.cgi` | High
|
||||
35 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
36 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
37 | File | `/chaincity/user/ticket/create` | High
|
||||
38 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
39 | File | `/collection/all` | High
|
||||
40 | File | `/contactform/contactform.php` | High
|
||||
41 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 494 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -117,6 +102,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://app.any.run/tasks/0370524d-75ee-4ea2-ad99-01e40a8d6b4a
|
||||
* https://threatfox.abuse.ch
|
||||
* https://www.virustotal.com/gui/file/052fba70767b01cb674b9311a220181a87bdf47161280bb6335c6024e163139c/detection
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -107,7 +107,7 @@ ID | Type | Indicator | Confidence
|
|||
44 | File | `contact` | Low
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 393 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -93,28 +93,26 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
25 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
26 | File | `/dashboard/add-blog.php` | High
|
||||
27 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
28 | File | `/debug/pprof` | Medium
|
||||
29 | File | `/env` | Low
|
||||
30 | File | `/etc/hosts` | Medium
|
||||
31 | File | `/forum/away.php` | High
|
||||
32 | File | `/goform/setmac` | High
|
||||
33 | File | `/goform/wizard_end` | High
|
||||
34 | File | `/group1/uploa` | High
|
||||
35 | File | `/inc/parser/xhtml.php` | High
|
||||
36 | File | `/manage-apartment.php` | High
|
||||
37 | File | `/medicines/profile.php` | High
|
||||
38 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
39 | File | `/pages/apply_vacancy.php` | High
|
||||
40 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
41 | File | `/proxy` | Low
|
||||
42 | File | `/requests.php` | High
|
||||
43 | File | `/reservation/add_message.php` | High
|
||||
44 | File | `/resources//../` | High
|
||||
45 | File | `/Session` | Medium
|
||||
46 | ... | ... | ...
|
||||
27 | File | `/debug/pprof` | Medium
|
||||
28 | File | `/env` | Low
|
||||
29 | File | `/etc/hosts` | Medium
|
||||
30 | File | `/forum/away.php` | High
|
||||
31 | File | `/goform/setmac` | High
|
||||
32 | File | `/goform/wizard_end` | High
|
||||
33 | File | `/group1/uploa` | High
|
||||
34 | File | `/inc/parser/xhtml.php` | High
|
||||
35 | File | `/manage-apartment.php` | High
|
||||
36 | File | `/medicines/profile.php` | High
|
||||
37 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
38 | File | `/pages/apply_vacancy.php` | High
|
||||
39 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
40 | File | `/proxy` | Low
|
||||
41 | File | `/requests.php` | High
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/resources//../` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -567,14 +567,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -585,57 +585,52 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
5 | File | `/admin/maintenance/view_designation.php` | High
|
||||
6 | File | `/admin/sys_sql_query.php` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
8 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
|
||||
9 | File | `/bin/boa` | Medium
|
||||
10 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
11 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/cimom` | Low
|
||||
14 | File | `/classes/Master.php?f=delete_service` | High
|
||||
15 | File | `/classes/Master.php?f=save_course` | High
|
||||
16 | File | `/company/store` | High
|
||||
17 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
18 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
19 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
20 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
21 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
22 | File | `/Electron/download` | High
|
||||
23 | File | `/etc/passwd` | Medium
|
||||
24 | File | `/feeds/post/publish` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/h/` | Low
|
||||
27 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
28 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
29 | File | `/index.php?page=category_list` | High
|
||||
30 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
31 | File | `/jobinfo/` | Medium
|
||||
32 | File | `/Moosikay/order.php` | High
|
||||
33 | File | `/opac/Actions.php?a=login` | High
|
||||
34 | File | `/PreviewHandler.ashx` | High
|
||||
35 | File | `/proxy` | Low
|
||||
36 | File | `/recipe-result` | High
|
||||
37 | File | `/register.do` | Medium
|
||||
38 | File | `/reservation/add_message.php` | High
|
||||
39 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
40 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
41 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/student/bookdetails.php` | High
|
||||
44 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
|
||||
45 | File | `/text/pdf/PdfReader.java` | High
|
||||
46 | File | `/uploads/exam_question/` | High
|
||||
47 | File | `/user/ticket/create` | High
|
||||
48 | File | `/UserSelfServiceSettings.jsp` | High
|
||||
49 | File | `/var/lib/docker/<remapping>` | High
|
||||
50 | File | `/wp-admin/admin-ajax.php` | High
|
||||
51 | File | `/xxl-job-admin/user/add` | High
|
||||
52 | ... | ... | ...
|
||||
4 | File | `/admin/save.php` | High
|
||||
5 | File | `/admin/sys_sql_query.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/download` | High
|
||||
8 | File | `/api/runscript` | High
|
||||
9 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
10 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
|
||||
11 | File | `/bin/boa` | Medium
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/category.php` | High
|
||||
14 | File | `/categorypage.php` | High
|
||||
15 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
16 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
17 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
18 | File | `/cimom` | Low
|
||||
19 | File | `/classes/Master.php?f=delete_service` | High
|
||||
20 | File | `/company/store` | High
|
||||
21 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
22 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
23 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
24 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
25 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
26 | File | `/Electron/download` | High
|
||||
27 | File | `/etc/passwd` | Medium
|
||||
28 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
29 | File | `/feeds/post/publish` | High
|
||||
30 | File | `/forum/away.php` | High
|
||||
31 | File | `/h/` | Low
|
||||
32 | File | `/HNAP1` | Low
|
||||
33 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
34 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
35 | File | `/index.php?page=category_list` | High
|
||||
36 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
37 | File | `/jobinfo/` | Medium
|
||||
38 | File | `/Moosikay/order.php` | High
|
||||
39 | File | `/opac/Actions.php?a=login` | High
|
||||
40 | File | `/out.php` | Medium
|
||||
41 | File | `/PreviewHandler.ashx` | High
|
||||
42 | File | `/recipe-result` | High
|
||||
43 | File | `/register.do` | Medium
|
||||
44 | File | `/reservation/add_message.php` | High
|
||||
45 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
46 | File | `/RPS2019Service/status.html` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 411 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Meterpreter:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,42 +21,284 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.13.17.173](https://vuldb.com/?ip.1.13.17.173) | - | - | High
|
||||
2 | [1.117.145.220](https://vuldb.com/?ip.1.117.145.220) | - | - | High
|
||||
3 | [2.32.33.130](https://vuldb.com/?ip.2.32.33.130) | net-2-32-33-130.cust.vodafonedsl.it | - | High
|
||||
4 | [3.70.110.188](https://vuldb.com/?ip.3.70.110.188) | ec2-3-70-110-188.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
5 | [3.137.123.63](https://vuldb.com/?ip.3.137.123.63) | ec2-3-137-123-63.us-east-2.compute.amazonaws.com | - | Medium
|
||||
6 | [3.141.126.222](https://vuldb.com/?ip.3.141.126.222) | ec2-3-141-126-222.us-east-2.compute.amazonaws.com | - | Medium
|
||||
7 | [3.141.204.47](https://vuldb.com/?ip.3.141.204.47) | ec2-3-141-204-47.us-east-2.compute.amazonaws.com | - | Medium
|
||||
8 | [3.142.71.14](https://vuldb.com/?ip.3.142.71.14) | ec2-3-142-71-14.us-east-2.compute.amazonaws.com | - | Medium
|
||||
9 | [3.142.157.76](https://vuldb.com/?ip.3.142.157.76) | ec2-3-142-157-76.us-east-2.compute.amazonaws.com | - | Medium
|
||||
10 | [5.34.192.55](https://vuldb.com/?ip.5.34.192.55) | - | - | High
|
||||
11 | [5.42.92.181](https://vuldb.com/?ip.5.42.92.181) | . | - | High
|
||||
12 | [5.188.86.146](https://vuldb.com/?ip.5.188.86.146) | - | - | High
|
||||
13 | [8.130.105.57](https://vuldb.com/?ip.8.130.105.57) | - | - | High
|
||||
14 | [13.214.189.242](https://vuldb.com/?ip.13.214.189.242) | ec2-13-214-189-242.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
15 | [13.234.135.58](https://vuldb.com/?ip.13.234.135.58) | ec2-13-234-135-58.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
16 | [18.163.100.82](https://vuldb.com/?ip.18.163.100.82) | ec2-18-163-100-82.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
17 | [18.167.109.204](https://vuldb.com/?ip.18.167.109.204) | ec2-18-167-109-204.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
18 | [18.181.38.192](https://vuldb.com/?ip.18.181.38.192) | ec2-18-181-38-192.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
19 | [20.75.52.151](https://vuldb.com/?ip.20.75.52.151) | - | - | High
|
||||
20 | [23.94.107.211](https://vuldb.com/?ip.23.94.107.211) | read-variation.pickexit.com | - | High
|
||||
21 | [23.234.200.144](https://vuldb.com/?ip.23.234.200.144) | 144-200-234-23-dedicated.multacom.com | - | High
|
||||
22 | [23.234.205.20](https://vuldb.com/?ip.23.234.205.20) | 20-205-234-23-dedicated.multacom.com | - | High
|
||||
23 | [23.234.205.28](https://vuldb.com/?ip.23.234.205.28) | 28-205-234-23-dedicated.multacom.com | - | High
|
||||
24 | [27.124.7.107](https://vuldb.com/?ip.27.124.7.107) | - | - | High
|
||||
25 | [35.157.111.131](https://vuldb.com/?ip.35.157.111.131) | ec2-35-157-111-131.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
26 | [38.92.97.11](https://vuldb.com/?ip.38.92.97.11) | - | - | High
|
||||
27 | [39.107.118.209](https://vuldb.com/?ip.39.107.118.209) | - | - | High
|
||||
28 | [39.109.41.108](https://vuldb.com/?ip.39.109.41.108) | - | - | High
|
||||
29 | [43.138.154.3](https://vuldb.com/?ip.43.138.154.3) | - | - | High
|
||||
30 | [43.138.235.176](https://vuldb.com/?ip.43.138.235.176) | - | - | High
|
||||
31 | [43.143.237.87](https://vuldb.com/?ip.43.143.237.87) | - | - | High
|
||||
32 | [43.153.63.93](https://vuldb.com/?ip.43.153.63.93) | - | - | High
|
||||
33 | [43.153.222.28](https://vuldb.com/?ip.43.153.222.28) | - | - | High
|
||||
34 | ... | ... | ... | ...
|
||||
1 | [1.6.8.189](https://vuldb.com/?ip.1.6.8.189) | - | - | High
|
||||
2 | [1.13.5.159](https://vuldb.com/?ip.1.13.5.159) | - | - | High
|
||||
3 | [1.13.17.173](https://vuldb.com/?ip.1.13.17.173) | - | - | High
|
||||
4 | [1.13.23.211](https://vuldb.com/?ip.1.13.23.211) | - | - | High
|
||||
5 | [1.13.253.132](https://vuldb.com/?ip.1.13.253.132) | - | - | High
|
||||
6 | [1.15.12.73](https://vuldb.com/?ip.1.15.12.73) | - | - | High
|
||||
7 | [1.15.178.39](https://vuldb.com/?ip.1.15.178.39) | - | - | High
|
||||
8 | [1.16.5.62](https://vuldb.com/?ip.1.16.5.62) | - | - | High
|
||||
9 | [1.116.19.113](https://vuldb.com/?ip.1.116.19.113) | - | - | High
|
||||
10 | [1.117.93.65](https://vuldb.com/?ip.1.117.93.65) | - | - | High
|
||||
11 | [1.117.145.220](https://vuldb.com/?ip.1.117.145.220) | - | - | High
|
||||
12 | [1.180.204.161](https://vuldb.com/?ip.1.180.204.161) | - | - | High
|
||||
13 | [2.32.33.130](https://vuldb.com/?ip.2.32.33.130) | net-2-32-33-130.cust.vodafonedsl.it | - | High
|
||||
14 | [2.56.62.81](https://vuldb.com/?ip.2.56.62.81) | host-2-56-62-81.olfedns.com | - | High
|
||||
15 | [2.57.149.94](https://vuldb.com/?ip.2.57.149.94) | - | - | High
|
||||
16 | [2.146.43.54](https://vuldb.com/?ip.2.146.43.54) | - | - | High
|
||||
17 | [2.185.141.176](https://vuldb.com/?ip.2.185.141.176) | - | - | High
|
||||
18 | [2.185.148.243](https://vuldb.com/?ip.2.185.148.243) | - | - | High
|
||||
19 | [2.225.139.211](https://vuldb.com/?ip.2.225.139.211) | 2-225-139-211.ip176.fastwebnet.it | - | High
|
||||
20 | [3.1.1.19](https://vuldb.com/?ip.3.1.1.19) | ec2-3-1-1-19.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
21 | [3.6.115.182](https://vuldb.com/?ip.3.6.115.182) | ec2-3-6-115-182.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
22 | [3.10.251.35](https://vuldb.com/?ip.3.10.251.35) | ec2-3-10-251-35.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
23 | [3.13.191.225](https://vuldb.com/?ip.3.13.191.225) | ec2-3-13-191-225.us-east-2.compute.amazonaws.com | - | Medium
|
||||
24 | [3.14.182.203](https://vuldb.com/?ip.3.14.182.203) | ec2-3-14-182-203.us-east-2.compute.amazonaws.com | - | Medium
|
||||
25 | [3.17.7.232](https://vuldb.com/?ip.3.17.7.232) | ec2-3-17-7-232.us-east-2.compute.amazonaws.com | - | Medium
|
||||
26 | [3.17.117.250](https://vuldb.com/?ip.3.17.117.250) | ec2-3-17-117-250.us-east-2.compute.amazonaws.com | - | Medium
|
||||
27 | [3.19.3.150](https://vuldb.com/?ip.3.19.3.150) | ec2-3-19-3-150.us-east-2.compute.amazonaws.com | - | Medium
|
||||
28 | [3.19.130.43](https://vuldb.com/?ip.3.19.130.43) | ec2-3-19-130-43.us-east-2.compute.amazonaws.com | - | Medium
|
||||
29 | [3.20.98.123](https://vuldb.com/?ip.3.20.98.123) | ec2-3-20-98-123.us-east-2.compute.amazonaws.com | - | Medium
|
||||
30 | [3.22.53.161](https://vuldb.com/?ip.3.22.53.161) | ec2-3-22-53-161.us-east-2.compute.amazonaws.com | - | Medium
|
||||
31 | [3.60.11.44](https://vuldb.com/?ip.3.60.11.44) | - | - | High
|
||||
32 | [3.69.157.220](https://vuldb.com/?ip.3.69.157.220) | ec2-3-69-157-220.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
33 | [3.70.110.188](https://vuldb.com/?ip.3.70.110.188) | ec2-3-70-110-188.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
34 | [3.87.171.23](https://vuldb.com/?ip.3.87.171.23) | ec2-3-87-171-23.compute-1.amazonaws.com | - | Medium
|
||||
35 | [3.95.59.170](https://vuldb.com/?ip.3.95.59.170) | ec2-3-95-59-170.compute-1.amazonaws.com | - | Medium
|
||||
36 | [3.98.71.71](https://vuldb.com/?ip.3.98.71.71) | ec2-3-98-71-71.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
37 | [3.110.135.114](https://vuldb.com/?ip.3.110.135.114) | ec2-3-110-135-114.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
38 | [3.121.188.41](https://vuldb.com/?ip.3.121.188.41) | ec2-3-121-188-41.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
39 | [3.123.24.80](https://vuldb.com/?ip.3.123.24.80) | ec2-3-123-24-80.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
40 | [3.124.142.205](https://vuldb.com/?ip.3.124.142.205) | ec2-3-124-142-205.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
41 | [3.125.209.94](https://vuldb.com/?ip.3.125.209.94) | ec2-3-125-209-94.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
42 | [3.126.37.18](https://vuldb.com/?ip.3.126.37.18) | ec2-3-126-37-18.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
43 | [3.127.138.57](https://vuldb.com/?ip.3.127.138.57) | ec2-3-127-138-57.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
44 | [3.128.107.74](https://vuldb.com/?ip.3.128.107.74) | ec2-3-128-107-74.us-east-2.compute.amazonaws.com | - | Medium
|
||||
45 | [3.130.209.29](https://vuldb.com/?ip.3.130.209.29) | ec2-3-130-209-29.us-east-2.compute.amazonaws.com | - | Medium
|
||||
46 | [3.131.123.134](https://vuldb.com/?ip.3.131.123.134) | ec2-3-131-123-134.us-east-2.compute.amazonaws.com | - | Medium
|
||||
47 | [3.131.147.49](https://vuldb.com/?ip.3.131.147.49) | ec2-3-131-147-49.us-east-2.compute.amazonaws.com | - | Medium
|
||||
48 | [3.131.207.170](https://vuldb.com/?ip.3.131.207.170) | ec2-3-131-207-170.us-east-2.compute.amazonaws.com | - | Medium
|
||||
49 | [3.133.207.110](https://vuldb.com/?ip.3.133.207.110) | ec2-3-133-207-110.us-east-2.compute.amazonaws.com | - | Medium
|
||||
50 | [3.134.39.220](https://vuldb.com/?ip.3.134.39.220) | ec2-3-134-39-220.us-east-2.compute.amazonaws.com | - | Medium
|
||||
51 | [3.134.125.175](https://vuldb.com/?ip.3.134.125.175) | ec2-3-134-125-175.us-east-2.compute.amazonaws.com | - | Medium
|
||||
52 | [3.136.65.236](https://vuldb.com/?ip.3.136.65.236) | ec2-3-136-65-236.us-east-2.compute.amazonaws.com | - | Medium
|
||||
53 | [3.137.123.63](https://vuldb.com/?ip.3.137.123.63) | ec2-3-137-123-63.us-east-2.compute.amazonaws.com | - | Medium
|
||||
54 | [3.138.45.170](https://vuldb.com/?ip.3.138.45.170) | ec2-3-138-45-170.us-east-2.compute.amazonaws.com | - | Medium
|
||||
55 | [3.138.180.119](https://vuldb.com/?ip.3.138.180.119) | ec2-3-138-180-119.us-east-2.compute.amazonaws.com | - | Medium
|
||||
56 | [3.141.77.88](https://vuldb.com/?ip.3.141.77.88) | ec2-3-141-77-88.us-east-2.compute.amazonaws.com | - | Medium
|
||||
57 | [3.141.126.222](https://vuldb.com/?ip.3.141.126.222) | ec2-3-141-126-222.us-east-2.compute.amazonaws.com | - | Medium
|
||||
58 | [3.141.177.1](https://vuldb.com/?ip.3.141.177.1) | ec2-3-141-177-1.us-east-2.compute.amazonaws.com | - | Medium
|
||||
59 | [3.141.204.47](https://vuldb.com/?ip.3.141.204.47) | ec2-3-141-204-47.us-east-2.compute.amazonaws.com | - | Medium
|
||||
60 | [3.141.210.37](https://vuldb.com/?ip.3.141.210.37) | ec2-3-141-210-37.us-east-2.compute.amazonaws.com | - | Medium
|
||||
61 | [3.142.71.14](https://vuldb.com/?ip.3.142.71.14) | ec2-3-142-71-14.us-east-2.compute.amazonaws.com | - | Medium
|
||||
62 | [3.142.157.76](https://vuldb.com/?ip.3.142.157.76) | ec2-3-142-157-76.us-east-2.compute.amazonaws.com | - | Medium
|
||||
63 | [4.50.4.50](https://vuldb.com/?ip.4.50.4.50) | - | - | High
|
||||
64 | [4.194.155.161](https://vuldb.com/?ip.4.194.155.161) | - | - | High
|
||||
65 | [4.194.156.247](https://vuldb.com/?ip.4.194.156.247) | - | - | High
|
||||
66 | [5.6.7.8](https://vuldb.com/?ip.5.6.7.8) | dynamic-005-006-007-008.5.6.pool.telefonica.de | - | High
|
||||
67 | [5.8.18.118](https://vuldb.com/?ip.5.8.18.118) | - | - | High
|
||||
68 | [5.34.192.55](https://vuldb.com/?ip.5.34.192.55) | - | - | High
|
||||
69 | [5.39.216.203](https://vuldb.com/?ip.5.39.216.203) | - | - | High
|
||||
70 | [5.39.217.156](https://vuldb.com/?ip.5.39.217.156) | - | - | High
|
||||
71 | [5.42.67.9](https://vuldb.com/?ip.5.42.67.9) | - | - | High
|
||||
72 | [5.42.77.35](https://vuldb.com/?ip.5.42.77.35) | pigletserver.aeza.network | - | High
|
||||
73 | [5.42.92.181](https://vuldb.com/?ip.5.42.92.181) | . | - | High
|
||||
74 | [5.61.59.234](https://vuldb.com/?ip.5.61.59.234) | - | - | High
|
||||
75 | [5.133.9.52](https://vuldb.com/?ip.5.133.9.52) | d9052.artnet.gda.pl | - | High
|
||||
76 | [5.141.82.14](https://vuldb.com/?ip.5.141.82.14) | - | - | High
|
||||
77 | [5.152.216.120](https://vuldb.com/?ip.5.152.216.120) | h5-152-216-120.host.redstation.co.uk | - | High
|
||||
78 | [5.188.86.146](https://vuldb.com/?ip.5.188.86.146) | - | - | High
|
||||
79 | [5.188.86.194](https://vuldb.com/?ip.5.188.86.194) | - | - | High
|
||||
80 | [5.188.87.2](https://vuldb.com/?ip.5.188.87.2) | - | - | High
|
||||
81 | [5.189.184.60](https://vuldb.com/?ip.5.189.184.60) | vmi1333975.contaboserver.net | - | High
|
||||
82 | [5.199.170.149](https://vuldb.com/?ip.5.199.170.149) | - | - | High
|
||||
83 | [5.223.98.157](https://vuldb.com/?ip.5.223.98.157) | - | - | High
|
||||
84 | [5.230.72.64](https://vuldb.com/?ip.5.230.72.64) | placeholder.noezserver.de | - | High
|
||||
85 | [5.252.179.227](https://vuldb.com/?ip.5.252.179.227) | no-rdns.mivocloud.com | - | High
|
||||
86 | [5.255.109.67](https://vuldb.com/?ip.5.255.109.67) | - | - | High
|
||||
87 | [6.6.6.101](https://vuldb.com/?ip.6.6.6.101) | - | - | High
|
||||
88 | [8.130.105.57](https://vuldb.com/?ip.8.130.105.57) | - | - | High
|
||||
89 | [8.136.210.194](https://vuldb.com/?ip.8.136.210.194) | - | - | High
|
||||
90 | [8.142.11.136](https://vuldb.com/?ip.8.142.11.136) | - | - | High
|
||||
91 | [8.210.39.131](https://vuldb.com/?ip.8.210.39.131) | - | - | High
|
||||
92 | [8.210.181.149](https://vuldb.com/?ip.8.210.181.149) | - | - | High
|
||||
93 | [8.210.246.55](https://vuldb.com/?ip.8.210.246.55) | - | - | High
|
||||
94 | [12.110.150.235](https://vuldb.com/?ip.12.110.150.235) | - | - | High
|
||||
95 | [13.37.73.137](https://vuldb.com/?ip.13.37.73.137) | ec2-13-37-73-137.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
96 | [13.38.57.254](https://vuldb.com/?ip.13.38.57.254) | ec2-13-38-57-254.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
97 | [13.52.76.119](https://vuldb.com/?ip.13.52.76.119) | ec2-13-52-76-119.us-west-1.compute.amazonaws.com | - | Medium
|
||||
98 | [13.59.15.185](https://vuldb.com/?ip.13.59.15.185) | ec2-13-59-15-185.us-east-2.compute.amazonaws.com | - | Medium
|
||||
99 | [13.79.25.152](https://vuldb.com/?ip.13.79.25.152) | - | - | High
|
||||
100 | [13.211.254.84](https://vuldb.com/?ip.13.211.254.84) | ec2-13-211-254-84.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
101 | [13.214.189.242](https://vuldb.com/?ip.13.214.189.242) | ec2-13-214-189-242.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
102 | [13.233.233.161](https://vuldb.com/?ip.13.233.233.161) | ec2-13-233-233-161.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
103 | [13.234.135.58](https://vuldb.com/?ip.13.234.135.58) | ec2-13-234-135-58.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
104 | [14.0.21.109](https://vuldb.com/?ip.14.0.21.109) | - | - | High
|
||||
105 | [14.142.243.78](https://vuldb.com/?ip.14.142.243.78) | 14.142.243.78.static-Delhi.vsnl.net.in | - | High
|
||||
106 | [14.165.213.101](https://vuldb.com/?ip.14.165.213.101) | static.vnpt.vn | - | High
|
||||
107 | [15.204.49.129](https://vuldb.com/?ip.15.204.49.129) | ip129.ip-15-204-49.us | - | High
|
||||
108 | [15.222.66.186](https://vuldb.com/?ip.15.222.66.186) | ec2-15-222-66-186.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
109 | [16.170.40.227](https://vuldb.com/?ip.16.170.40.227) | ec2-16-170-40-227.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
110 | [17.253.144.10](https://vuldb.com/?ip.17.253.144.10) | apple.nl | - | High
|
||||
111 | [18.58.8.13](https://vuldb.com/?ip.18.58.8.13) | - | - | High
|
||||
112 | [18.117.9.33](https://vuldb.com/?ip.18.117.9.33) | ec2-18-117-9-33.us-east-2.compute.amazonaws.com | - | Medium
|
||||
113 | [18.139.9.214](https://vuldb.com/?ip.18.139.9.214) | ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
114 | [18.158.58.205](https://vuldb.com/?ip.18.158.58.205) | ec2-18-158-58-205.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
115 | [18.158.249.75](https://vuldb.com/?ip.18.158.249.75) | ec2-18-158-249-75.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
116 | [18.163.100.82](https://vuldb.com/?ip.18.163.100.82) | ec2-18-163-100-82.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
117 | [18.163.190.116](https://vuldb.com/?ip.18.163.190.116) | ec2-18-163-190-116.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
118 | [18.167.109.204](https://vuldb.com/?ip.18.167.109.204) | ec2-18-167-109-204.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
119 | [18.180.199.201](https://vuldb.com/?ip.18.180.199.201) | ec2-18-180-199-201.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
120 | [18.181.38.192](https://vuldb.com/?ip.18.181.38.192) | ec2-18-181-38-192.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
121 | [18.183.99.161](https://vuldb.com/?ip.18.183.99.161) | ec2-18-183-99-161.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
122 | [18.184.173.90](https://vuldb.com/?ip.18.184.173.90) | ec2-18-184-173-90.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
123 | [18.185.125.77](https://vuldb.com/?ip.18.185.125.77) | ec2-18-185-125-77.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
124 | [18.189.106.45](https://vuldb.com/?ip.18.189.106.45) | ec2-18-189-106-45.us-east-2.compute.amazonaws.com | - | Medium
|
||||
125 | [18.192.31.165](https://vuldb.com/?ip.18.192.31.165) | ec2-18-192-31-165.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
126 | [18.195.167.84](https://vuldb.com/?ip.18.195.167.84) | ec2-18-195-167-84.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
127 | [18.197.94.76](https://vuldb.com/?ip.18.197.94.76) | ec2-18-197-94-76.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
128 | [18.197.239.5](https://vuldb.com/?ip.18.197.239.5) | ec2-18-197-239-5.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
129 | [18.205.2.150](https://vuldb.com/?ip.18.205.2.150) | ec2-18-205-2-150.compute-1.amazonaws.com | - | Medium
|
||||
130 | [18.229.146.63](https://vuldb.com/?ip.18.229.146.63) | ec2-18-229-146-63.sa-east-1.compute.amazonaws.com | - | Medium
|
||||
131 | [18.231.93.153](https://vuldb.com/?ip.18.231.93.153) | ec2-18-231-93-153.sa-east-1.compute.amazonaws.com | - | Medium
|
||||
132 | [18.234.28.10](https://vuldb.com/?ip.18.234.28.10) | ec2-18-234-28-10.compute-1.amazonaws.com | - | Medium
|
||||
133 | [18.236.192.6](https://vuldb.com/?ip.18.236.192.6) | ec2-18-236-192-6.us-west-2.compute.amazonaws.com | - | Medium
|
||||
134 | [18.237.162.188](https://vuldb.com/?ip.18.237.162.188) | ec2-18-237-162-188.us-west-2.compute.amazonaws.com | - | Medium
|
||||
135 | [20.75.52.151](https://vuldb.com/?ip.20.75.52.151) | - | - | High
|
||||
136 | [20.83.148.22](https://vuldb.com/?ip.20.83.148.22) | - | - | High
|
||||
137 | [20.84.114.52](https://vuldb.com/?ip.20.84.114.52) | - | - | High
|
||||
138 | [20.93.17.3](https://vuldb.com/?ip.20.93.17.3) | - | - | High
|
||||
139 | [20.107.10.131](https://vuldb.com/?ip.20.107.10.131) | - | - | High
|
||||
140 | [20.125.139.231](https://vuldb.com/?ip.20.125.139.231) | - | - | High
|
||||
141 | [20.170.13.22](https://vuldb.com/?ip.20.170.13.22) | - | - | High
|
||||
142 | [20.187.113.223](https://vuldb.com/?ip.20.187.113.223) | - | - | High
|
||||
143 | [20.194.196.40](https://vuldb.com/?ip.20.194.196.40) | - | - | High
|
||||
144 | [20.203.0.22](https://vuldb.com/?ip.20.203.0.22) | - | - | High
|
||||
145 | [20.212.145.66](https://vuldb.com/?ip.20.212.145.66) | - | - | High
|
||||
146 | [20.219.131.67](https://vuldb.com/?ip.20.219.131.67) | - | - | High
|
||||
147 | [20.254.138.169](https://vuldb.com/?ip.20.254.138.169) | - | - | High
|
||||
148 | [23.22.19.250](https://vuldb.com/?ip.23.22.19.250) | ec2-23-22-19-250.compute-1.amazonaws.com | - | Medium
|
||||
149 | [23.94.107.211](https://vuldb.com/?ip.23.94.107.211) | read-variation.pickexit.com | - | High
|
||||
150 | [23.94.182.202](https://vuldb.com/?ip.23.94.182.202) | 23-94-182-202-host.colocrossing.com | - | High
|
||||
151 | [23.106.160.180](https://vuldb.com/?ip.23.106.160.180) | - | - | High
|
||||
152 | [23.224.49.26](https://vuldb.com/?ip.23.224.49.26) | - | - | High
|
||||
153 | [23.227.194.35](https://vuldb.com/?ip.23.227.194.35) | 23-227-194-35.static.hvvc.us | - | High
|
||||
154 | [23.227.194.115](https://vuldb.com/?ip.23.227.194.115) | 23-227-194-115.static.hvvc.us | - | High
|
||||
155 | [23.234.200.144](https://vuldb.com/?ip.23.234.200.144) | 144-200-234-23-dedicated.multacom.com | - | High
|
||||
156 | [23.234.205.20](https://vuldb.com/?ip.23.234.205.20) | 20-205-234-23-dedicated.multacom.com | - | High
|
||||
157 | [23.234.205.28](https://vuldb.com/?ip.23.234.205.28) | 28-205-234-23-dedicated.multacom.com | - | High
|
||||
158 | [23.251.52.242](https://vuldb.com/?ip.23.251.52.242) | - | - | High
|
||||
159 | [24.9.12.117](https://vuldb.com/?ip.24.9.12.117) | c-24-9-12-117.hsd1.co.comcast.net | - | High
|
||||
160 | [24.205.5.129](https://vuldb.com/?ip.24.205.5.129) | 024-205-005-129.res.spectrum.com | - | High
|
||||
161 | [27.102.114.63](https://vuldb.com/?ip.27.102.114.63) | - | - | High
|
||||
162 | [27.102.114.89](https://vuldb.com/?ip.27.102.114.89) | - | - | High
|
||||
163 | [27.102.127.240](https://vuldb.com/?ip.27.102.127.240) | - | - | High
|
||||
164 | [27.124.7.107](https://vuldb.com/?ip.27.124.7.107) | - | - | High
|
||||
165 | [27.255.79.204](https://vuldb.com/?ip.27.255.79.204) | - | - | High
|
||||
166 | [27.255.81.109](https://vuldb.com/?ip.27.255.81.109) | - | - | High
|
||||
167 | [28.0.2.82](https://vuldb.com/?ip.28.0.2.82) | - | - | High
|
||||
168 | [28.0.4.29](https://vuldb.com/?ip.28.0.4.29) | - | - | High
|
||||
169 | [31.14.40.55](https://vuldb.com/?ip.31.14.40.55) | ns52.countdch.net | - | High
|
||||
170 | [31.14.40.134](https://vuldb.com/?ip.31.14.40.134) | - | - | High
|
||||
171 | [31.44.184.48](https://vuldb.com/?ip.31.44.184.48) | - | - | High
|
||||
172 | [31.44.184.50](https://vuldb.com/?ip.31.44.184.50) | - | - | High
|
||||
173 | [31.44.184.56](https://vuldb.com/?ip.31.44.184.56) | - | - | High
|
||||
174 | [31.44.184.84](https://vuldb.com/?ip.31.44.184.84) | - | - | High
|
||||
175 | [31.44.184.123](https://vuldb.com/?ip.31.44.184.123) | - | - | High
|
||||
176 | [31.44.184.125](https://vuldb.com/?ip.31.44.184.125) | - | - | High
|
||||
177 | [31.44.184.131](https://vuldb.com/?ip.31.44.184.131) | - | - | High
|
||||
178 | [31.47.225.65](https://vuldb.com/?ip.31.47.225.65) | - | - | High
|
||||
179 | [31.168.84.153](https://vuldb.com/?ip.31.168.84.153) | bzq-84-168-31-153.red.bezeqint.net | - | High
|
||||
180 | [31.168.144.18](https://vuldb.com/?ip.31.168.144.18) | bzq-144-168-31-18.red.bezeqint.net | - | High
|
||||
181 | [31.172.80.104](https://vuldb.com/?ip.31.172.80.104) | - | - | High
|
||||
182 | [31.220.78.160](https://vuldb.com/?ip.31.220.78.160) | vmi1463291.contaboserver.net | - | High
|
||||
183 | [34.71.22.160](https://vuldb.com/?ip.34.71.22.160) | 160.22.71.34.bc.googleusercontent.com | - | Medium
|
||||
184 | [34.89.129.194](https://vuldb.com/?ip.34.89.129.194) | 194.129.89.34.bc.googleusercontent.com | - | Medium
|
||||
185 | [34.92.108.241](https://vuldb.com/?ip.34.92.108.241) | 241.108.92.34.bc.googleusercontent.com | - | Medium
|
||||
186 | [34.92.125.242](https://vuldb.com/?ip.34.92.125.242) | 242.125.92.34.bc.googleusercontent.com | - | Medium
|
||||
187 | [34.122.216.213](https://vuldb.com/?ip.34.122.216.213) | 213.216.122.34.bc.googleusercontent.com | - | Medium
|
||||
188 | [34.125.62.174](https://vuldb.com/?ip.34.125.62.174) | 174.62.125.34.bc.googleusercontent.com | - | Medium
|
||||
189 | [34.142.247.189](https://vuldb.com/?ip.34.142.247.189) | 189.247.142.34.bc.googleusercontent.com | - | Medium
|
||||
190 | [34.143.208.106](https://vuldb.com/?ip.34.143.208.106) | 106.208.143.34.bc.googleusercontent.com | - | Medium
|
||||
191 | [34.150.94.110](https://vuldb.com/?ip.34.150.94.110) | 110.94.150.34.bc.googleusercontent.com | - | Medium
|
||||
192 | [34.170.249.238](https://vuldb.com/?ip.34.170.249.238) | 238.249.170.34.bc.googleusercontent.com | - | Medium
|
||||
193 | [34.202.234.105](https://vuldb.com/?ip.34.202.234.105) | ec2-34-202-234-105.compute-1.amazonaws.com | - | Medium
|
||||
194 | [34.215.154.163](https://vuldb.com/?ip.34.215.154.163) | ec2-34-215-154-163.us-west-2.compute.amazonaws.com | - | Medium
|
||||
195 | [34.220.41.64](https://vuldb.com/?ip.34.220.41.64) | ec2-34-220-41-64.us-west-2.compute.amazonaws.com | - | Medium
|
||||
196 | [34.229.92.232](https://vuldb.com/?ip.34.229.92.232) | ec2-34-229-92-232.compute-1.amazonaws.com | - | Medium
|
||||
197 | [34.234.67.250](https://vuldb.com/?ip.34.234.67.250) | ec2-34-234-67-250.compute-1.amazonaws.com | - | Medium
|
||||
198 | [34.238.123.45](https://vuldb.com/?ip.34.238.123.45) | ec2-34-238-123-45.compute-1.amazonaws.com | - | Medium
|
||||
199 | [34.238.192.43](https://vuldb.com/?ip.34.238.192.43) | ec2-34-238-192-43.compute-1.amazonaws.com | - | Medium
|
||||
200 | [34.244.205.242](https://vuldb.com/?ip.34.244.205.242) | ec2-34-244-205-242.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
201 | [34.248.5.0](https://vuldb.com/?ip.34.248.5.0) | ec2-34-248-5-0.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
202 | [35.157.111.131](https://vuldb.com/?ip.35.157.111.131) | ec2-35-157-111-131.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
203 | [35.181.137.4](https://vuldb.com/?ip.35.181.137.4) | ec2-35-181-137-4.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
204 | [35.182.213.89](https://vuldb.com/?ip.35.182.213.89) | ec2-35-182-213-89.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
205 | [35.200.48.195](https://vuldb.com/?ip.35.200.48.195) | 195.48.200.35.bc.googleusercontent.com | - | Medium
|
||||
206 | [35.202.167.95](https://vuldb.com/?ip.35.202.167.95) | 95.167.202.35.bc.googleusercontent.com | - | Medium
|
||||
207 | [35.241.76.6](https://vuldb.com/?ip.35.241.76.6) | 6.76.241.35.bc.googleusercontent.com | - | Medium
|
||||
208 | [35.246.15.72](https://vuldb.com/?ip.35.246.15.72) | 72.15.246.35.bc.googleusercontent.com | - | Medium
|
||||
209 | [36.102.212.98](https://vuldb.com/?ip.36.102.212.98) | - | - | High
|
||||
210 | [36.238.76.46](https://vuldb.com/?ip.36.238.76.46) | 36-238-76-46.dynamic-ip.hinet.net | - | High
|
||||
211 | [37.1.209.130](https://vuldb.com/?ip.37.1.209.130) | - | - | High
|
||||
212 | [37.17.172.72](https://vuldb.com/?ip.37.17.172.72) | hostpost.hu | - | High
|
||||
213 | [37.21.225.245](https://vuldb.com/?ip.37.21.225.245) | - | - | High
|
||||
214 | [37.35.202.146](https://vuldb.com/?ip.37.35.202.146) | 146.202.35.37.dynamic.jazztel.es | - | High
|
||||
215 | [37.44.237.238](https://vuldb.com/?ip.37.44.237.238) | - | - | High
|
||||
216 | [37.77.51.178](https://vuldb.com/?ip.37.77.51.178) | - | - | High
|
||||
217 | [37.133.231.240](https://vuldb.com/?ip.37.133.231.240) | 240.231.133.37.dynamic.jazztel.es | - | High
|
||||
218 | [37.187.217.154](https://vuldb.com/?ip.37.187.217.154) | - | - | High
|
||||
219 | [38.6.155.219](https://vuldb.com/?ip.38.6.155.219) | - | - | High
|
||||
220 | [38.92.97.11](https://vuldb.com/?ip.38.92.97.11) | - | - | High
|
||||
221 | [39.98.91.83](https://vuldb.com/?ip.39.98.91.83) | - | - | High
|
||||
222 | [39.99.34.219](https://vuldb.com/?ip.39.99.34.219) | - | - | High
|
||||
223 | [39.101.174.221](https://vuldb.com/?ip.39.101.174.221) | - | - | High
|
||||
224 | [39.102.64.207](https://vuldb.com/?ip.39.102.64.207) | - | - | High
|
||||
225 | [39.107.118.209](https://vuldb.com/?ip.39.107.118.209) | - | - | High
|
||||
226 | [39.108.12.1](https://vuldb.com/?ip.39.108.12.1) | - | - | High
|
||||
227 | [39.108.60.64](https://vuldb.com/?ip.39.108.60.64) | - | - | High
|
||||
228 | [39.109.41.108](https://vuldb.com/?ip.39.109.41.108) | - | - | High
|
||||
229 | [40.113.230.218](https://vuldb.com/?ip.40.113.230.218) | - | - | High
|
||||
230 | [41.34.124.243](https://vuldb.com/?ip.41.34.124.243) | host-41.34.124.243.tedata.net | - | High
|
||||
231 | [41.96.243.229](https://vuldb.com/?ip.41.96.243.229) | - | - | High
|
||||
232 | [41.99.12.133](https://vuldb.com/?ip.41.99.12.133) | - | - | High
|
||||
233 | [41.99.52.202](https://vuldb.com/?ip.41.99.52.202) | - | - | High
|
||||
234 | [41.100.163.164](https://vuldb.com/?ip.41.100.163.164) | - | - | High
|
||||
235 | [41.107.155.58](https://vuldb.com/?ip.41.107.155.58) | - | - | High
|
||||
236 | [41.107.190.172](https://vuldb.com/?ip.41.107.190.172) | - | - | High
|
||||
237 | [41.108.43.125](https://vuldb.com/?ip.41.108.43.125) | - | - | High
|
||||
238 | [41.110.231.91](https://vuldb.com/?ip.41.110.231.91) | - | - | High
|
||||
239 | [41.200.64.139](https://vuldb.com/?ip.41.200.64.139) | - | - | High
|
||||
240 | [41.201.53.68](https://vuldb.com/?ip.41.201.53.68) | - | - | High
|
||||
241 | [41.214.200.152](https://vuldb.com/?ip.41.214.200.152) | - | - | High
|
||||
242 | [41.225.218.141](https://vuldb.com/?ip.41.225.218.141) | - | - | High
|
||||
243 | [41.233.213.12](https://vuldb.com/?ip.41.233.213.12) | host-41.233.213.12.tedata.net | - | High
|
||||
244 | [41.248.40.230](https://vuldb.com/?ip.41.248.40.230) | - | - | High
|
||||
245 | [42.51.67.111](https://vuldb.com/?ip.42.51.67.111) | - | - | High
|
||||
246 | [42.56.76.11](https://vuldb.com/?ip.42.56.76.11) | - | - | High
|
||||
247 | [42.192.149.244](https://vuldb.com/?ip.42.192.149.244) | - | - | High
|
||||
248 | [42.193.108.137](https://vuldb.com/?ip.42.193.108.137) | - | - | High
|
||||
249 | [42.193.118.132](https://vuldb.com/?ip.42.193.118.132) | - | - | High
|
||||
250 | [42.193.229.33](https://vuldb.com/?ip.42.193.229.33) | - | - | High
|
||||
251 | [42.194.199.231](https://vuldb.com/?ip.42.194.199.231) | - | - | High
|
||||
252 | [42.200.181.116](https://vuldb.com/?ip.42.200.181.116) | 42-200-181-116.static.imsbiz.com | - | High
|
||||
253 | [43.132.121.67](https://vuldb.com/?ip.43.132.121.67) | - | - | High
|
||||
254 | [43.136.102.148](https://vuldb.com/?ip.43.136.102.148) | - | - | High
|
||||
255 | [43.138.26.158](https://vuldb.com/?ip.43.138.26.158) | - | - | High
|
||||
256 | [43.138.154.3](https://vuldb.com/?ip.43.138.154.3) | - | - | High
|
||||
257 | [43.138.235.176](https://vuldb.com/?ip.43.138.235.176) | - | - | High
|
||||
258 | [43.139.19.125](https://vuldb.com/?ip.43.139.19.125) | - | - | High
|
||||
259 | [43.139.106.227](https://vuldb.com/?ip.43.139.106.227) | - | - | High
|
||||
260 | [43.139.167.77](https://vuldb.com/?ip.43.139.167.77) | - | - | High
|
||||
261 | [43.142.105.191](https://vuldb.com/?ip.43.142.105.191) | - | - | High
|
||||
262 | [43.143.66.207](https://vuldb.com/?ip.43.143.66.207) | - | - | High
|
||||
263 | [43.143.112.69](https://vuldb.com/?ip.43.143.112.69) | - | - | High
|
||||
264 | [43.143.115.63](https://vuldb.com/?ip.43.143.115.63) | - | - | High
|
||||
265 | [43.143.121.198](https://vuldb.com/?ip.43.143.121.198) | - | - | High
|
||||
266 | [43.143.237.87](https://vuldb.com/?ip.43.143.237.87) | - | - | High
|
||||
267 | [43.153.63.93](https://vuldb.com/?ip.43.153.63.93) | - | - | High
|
||||
268 | [43.153.222.28](https://vuldb.com/?ip.43.153.222.28) | - | - | High
|
||||
269 | [43.163.204.20](https://vuldb.com/?ip.43.163.204.20) | - | - | High
|
||||
270 | [43.205.116.24](https://vuldb.com/?ip.43.205.116.24) | ec2-43-205-116-24.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
271 | [43.205.116.244](https://vuldb.com/?ip.43.205.116.244) | ec2-43-205-116-244.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
272 | [43.205.117.235](https://vuldb.com/?ip.43.205.117.235) | ec2-43-205-117-235.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
273 | [43.207.166.142](https://vuldb.com/?ip.43.207.166.142) | ec2-43-207-166-142.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
274 | [43.224.156.163](https://vuldb.com/?ip.43.224.156.163) | - | - | High
|
||||
275 | [43.226.74.228](https://vuldb.com/?ip.43.226.74.228) | - | - | High
|
||||
276 | ... | ... | ... | ...
|
||||
|
||||
There are 133 more IOC items available. Please use our online service to access the data.
|
||||
There are 1099 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -64,11 +306,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -79,54 +321,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/ad_js.php` | Medium
|
||||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/baskets/{name}` | High
|
||||
13 | File | `/api/stl/actions/search` | High
|
||||
14 | File | `/api/v2/cli/commands` | High
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/booking/show_bookings/` | High
|
||||
19 | File | `/bsms_ci/index.php/book` | High
|
||||
20 | File | `/cgi-bin` | Medium
|
||||
21 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
24 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
25 | File | `/dashboard/add-blog.php` | High
|
||||
26 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
27 | File | `/debug/pprof` | Medium
|
||||
28 | File | `/env` | Low
|
||||
29 | File | `/etc/gsissh/sshd_config` | High
|
||||
30 | File | `/etc/hosts` | Medium
|
||||
31 | File | `/forum/away.php` | High
|
||||
32 | File | `/goform/setmac` | High
|
||||
33 | File | `/goform/wizard_end` | High
|
||||
34 | File | `/group1/uploa` | High
|
||||
35 | File | `/manage-apartment.php` | High
|
||||
36 | File | `/medicines/profile.php` | High
|
||||
37 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
38 | File | `/nova/bin/igmp-proxy` | High
|
||||
39 | File | `/out.php` | Medium
|
||||
40 | File | `/pages/apply_vacancy.php` | High
|
||||
41 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
42 | File | `/proxy` | Low
|
||||
43 | File | `/reservation/add_message.php` | High
|
||||
44 | File | `/resources//../` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | ... | ... | ...
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/admin/adclass.php` | High
|
||||
3 | File | `/admin/admin-profile.php` | High
|
||||
4 | File | `/admin/sales/view_details.php` | High
|
||||
5 | File | `/ajax-files/followBoard.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/cron/settings/setJob/` | High
|
||||
8 | File | `/api/v1/snapshots` | High
|
||||
9 | File | `/audit/log/log_management.php` | High
|
||||
10 | File | `/authenticationendpoint/login.do` | High
|
||||
11 | File | `/cgi-bin/login.cgi` | High
|
||||
12 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
13 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/cgi.cgi` | Medium
|
||||
16 | File | `/collection/all` | High
|
||||
17 | File | `/config/php.ini` | High
|
||||
18 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
19 | File | `/ctcprotocol/Protocol` | High
|
||||
20 | File | `/dashboard/add-blog.php` | High
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/dottie.js` | Medium
|
||||
23 | File | `/DXR.axd` | Medium
|
||||
24 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
25 | File | `/env` | Low
|
||||
26 | File | `/files/` | Low
|
||||
27 | File | `/forms/doLogin` | High
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/h/autoSaveDraft` | High
|
||||
30 | File | `/ims/login.php` | High
|
||||
31 | File | `/index.php` | Medium
|
||||
32 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
33 | File | `/jurusanmatkul/data` | High
|
||||
34 | File | `/log/decodmail.php` | High
|
||||
35 | File | `/log/webmailattach.php` | High
|
||||
36 | File | `/login.php?do=login` | High
|
||||
37 | File | `/public/login.htm` | High
|
||||
38 | File | `/QueryView.php` | High
|
||||
39 | File | `/recreate.php` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 341 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -50,8 +50,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -62,61 +61,61 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//` | Low
|
||||
2 | File | `/add_post_sql.php` | High
|
||||
3 | File | `/admin.php/pic/admin/pic/del` | High
|
||||
4 | File | `/admin.php/singer/admin/lists/zhuan` | High
|
||||
5 | File | `/admin.php/User/level_sort` | High
|
||||
6 | File | `/admin/communitymanagement.php` | High
|
||||
7 | File | `/admin/del_service.php` | High
|
||||
8 | File | `/admin/generalsettings.php` | High
|
||||
9 | File | `/admin/maintenance/view_designation.php` | High
|
||||
10 | File | `/admin/payment.php` | High
|
||||
11 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
2 | File | `/activate_hook.php` | High
|
||||
3 | File | `/add_post_sql.php` | High
|
||||
4 | File | `/admin.php/pic/admin/pic/del` | High
|
||||
5 | File | `/admin.php/singer/admin/lists/zhuan` | High
|
||||
6 | File | `/admin.php/User/level_sort` | High
|
||||
7 | File | `/admin/communitymanagement.php` | High
|
||||
8 | File | `/admin/del_service.php` | High
|
||||
9 | File | `/admin/generalsettings.php` | High
|
||||
10 | File | `/admin/maintenance/view_designation.php` | High
|
||||
11 | File | `/admin/payment.php` | High
|
||||
12 | File | `/admin/user/manage_user.php` | High
|
||||
13 | File | `/ajax.php?action=read_msg` | High
|
||||
14 | File | `/api/baskets/{name}` | High
|
||||
15 | File | `/blog/edit` | Medium
|
||||
16 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
17 | File | `/cgi-bin/wapopen` | High
|
||||
18 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
19 | File | `/classes/Master.php?f=delete_category` | High
|
||||
20 | File | `/classes/Master.php?f=save_item` | High
|
||||
21 | File | `/config/php.ini` | High
|
||||
22 | File | `/Default/Bd` | Medium
|
||||
23 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
24 | File | `/editprofile.php` | High
|
||||
25 | File | `/etc/networkd-dispatcher` | High
|
||||
26 | File | `/event/admin/?page=user/list` | High
|
||||
27 | File | `/filemanager/upload/drop` | High
|
||||
28 | File | `/food/admin/all_users.php` | High
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/getcfg.php` | Medium
|
||||
31 | File | `/goform/PowerSaveSet` | High
|
||||
32 | File | `/goform/SetClientState` | High
|
||||
33 | File | `/goform/SetFirewallCfg` | High
|
||||
34 | File | `/goform/setIPv6Status` | High
|
||||
35 | File | `/goform/wizard_end` | High
|
||||
36 | File | `/home/get_tasks_list` | High
|
||||
37 | File | `/hrm/employeeview.php` | High
|
||||
38 | File | `/index.php` | Medium
|
||||
39 | File | `/isms/classes/Users.php` | High
|
||||
40 | File | `/lists/index.php` | High
|
||||
41 | File | `/members/view_member.php` | High
|
||||
42 | File | `/messageboard/view.php` | High
|
||||
43 | File | `/mgmt/tm/util/bash` | High
|
||||
44 | File | `/modules/projects/vw_files.php` | High
|
||||
45 | File | `/ofrs/admin/?page=teams/view_team` | High
|
||||
46 | File | `/ordering/index.php?q=category` | High
|
||||
47 | File | `/owa/auth/logon.aspx` | High
|
||||
48 | File | `/picturesPreview` | High
|
||||
49 | File | `/public_html/animals` | High
|
||||
50 | File | `/public_html/apply_vacancy` | High
|
||||
51 | File | `/purchase_order/admin/?page=user` | High
|
||||
52 | File | `/purchase_order/classes/Master.php?f=delete_supplier` | High
|
||||
53 | File | `/simple_chat_bot/classes/Master.php?f=delete_response` | High
|
||||
15 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
16 | File | `/blog/edit` | Medium
|
||||
17 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
18 | File | `/cgi-bin/wapopen` | High
|
||||
19 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
20 | File | `/classes/Master.php?f=delete_category` | High
|
||||
21 | File | `/classes/Master.php?f=save_item` | High
|
||||
22 | File | `/conf/` | Low
|
||||
23 | File | `/config/php.ini` | High
|
||||
24 | File | `/controller/AdminController.php` | High
|
||||
25 | File | `/Default/Bd` | Medium
|
||||
26 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
27 | File | `/editprofile.php` | High
|
||||
28 | File | `/etc/networkd-dispatcher` | High
|
||||
29 | File | `/event/admin/?page=user/list` | High
|
||||
30 | File | `/filemanager/upload/drop` | High
|
||||
31 | File | `/food/admin/all_users.php` | High
|
||||
32 | File | `/forum/away.php` | High
|
||||
33 | File | `/getcfg.php` | Medium
|
||||
34 | File | `/goform/PowerSaveSet` | High
|
||||
35 | File | `/goform/SetClientState` | High
|
||||
36 | File | `/goform/SetFirewallCfg` | High
|
||||
37 | File | `/goform/wizard_end` | High
|
||||
38 | File | `/home/get_tasks_list` | High
|
||||
39 | File | `/hrm/employeeview.php` | High
|
||||
40 | File | `/index.php` | Medium
|
||||
41 | File | `/isms/classes/Users.php` | High
|
||||
42 | File | `/lists/index.php` | High
|
||||
43 | File | `/members/view_member.php` | High
|
||||
44 | File | `/messageboard/view.php` | High
|
||||
45 | File | `/mgmt/tm/util/bash` | High
|
||||
46 | File | `/mhds/clinic/view_details.php` | High
|
||||
47 | File | `/modules/projects/vw_files.php` | High
|
||||
48 | File | `/ofrs/admin/?page=teams/view_team` | High
|
||||
49 | File | `/ordering/index.php?q=category` | High
|
||||
50 | File | `/owa/auth/logon.aspx` | High
|
||||
51 | File | `/picturesPreview` | High
|
||||
52 | File | `/purchase_order/admin/?page=user` | High
|
||||
53 | File | `/purchase_order/classes/Master.php?f=delete_supplier` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 468 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 473 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -88,47 +88,48 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/config/getuser` | High
|
||||
18 | File | `/contact/store` | High
|
||||
19 | File | `/dashboard/settings` | High
|
||||
20 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
21 | File | `/Default/Bd` | Medium
|
||||
22 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
23 | File | `/FormLogin` | Medium
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/friends` | Medium
|
||||
26 | File | `/getcfg.php` | Medium
|
||||
27 | File | `/gfxpoly/stroke.c` | High
|
||||
28 | File | `/goform/form2Wan.cgi` | High
|
||||
29 | File | `/guest/s/default/` | High
|
||||
30 | File | `/h/compose` | Medium
|
||||
31 | File | `/index.php?module=entities/listing_types&entities_id=24` | High
|
||||
32 | File | `/index/jobfairol/show/` | High
|
||||
33 | File | `/leave_system/classes/Master.php?f=delete_department` | High
|
||||
34 | File | `/leave_system/classes/Users.php?f=save` | High
|
||||
35 | File | `/messageboard/view.php` | High
|
||||
36 | File | `/mgmt/tm/util/bash` | High
|
||||
37 | File | `/mhds/clinic/view_details.php` | High
|
||||
38 | File | `/modules/projects/vw_files.php` | High
|
||||
39 | File | `/MTFWU` | Low
|
||||
40 | File | `/nova/bin/console` | High
|
||||
41 | File | `/ofrs/admin/?page=teams/manage_team` | High
|
||||
42 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
43 | File | `/panel/fields/add` | High
|
||||
44 | File | `/patient/settings.php` | High
|
||||
45 | File | `/REBOOTSYSTEM` | High
|
||||
46 | File | `/reports/rwservlet` | High
|
||||
47 | File | `/sbin/acos_service` | High
|
||||
48 | File | `/school/model/get_teacher.php` | High
|
||||
49 | File | `/scripts/unlock_tasks.php` | High
|
||||
50 | File | `/servlet/webacc` | High
|
||||
51 | File | `/simple_chat_bot/admin/?page=responses/view_response` | High
|
||||
52 | File | `/textpattern/index.php` | High
|
||||
53 | File | `/uncpath/` | Medium
|
||||
54 | File | `/usr/bin/at` | Medium
|
||||
55 | File | `/usr/bin/pkexec` | High
|
||||
56 | File | `/var/lib/dpkg/info/` | High
|
||||
57 | File | `/var/log/demisto/` | High
|
||||
58 | ... | ... | ...
|
||||
20 | File | `/Default/Bd` | Medium
|
||||
21 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
22 | File | `/FormLogin` | Medium
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/friends` | Medium
|
||||
25 | File | `/getcfg.php` | Medium
|
||||
26 | File | `/gfxpoly/stroke.c` | High
|
||||
27 | File | `/goform/form2Wan.cgi` | High
|
||||
28 | File | `/guest/s/default/` | High
|
||||
29 | File | `/h/compose` | Medium
|
||||
30 | File | `/index.php?module=entities/listing_types&entities_id=24` | High
|
||||
31 | File | `/index/jobfairol/show/` | High
|
||||
32 | File | `/leave_system/classes/Master.php?f=delete_department` | High
|
||||
33 | File | `/leave_system/classes/Users.php?f=save` | High
|
||||
34 | File | `/messageboard/view.php` | High
|
||||
35 | File | `/mgmt/tm/util/bash` | High
|
||||
36 | File | `/mhds/clinic/view_details.php` | High
|
||||
37 | File | `/modules/projects/vw_files.php` | High
|
||||
38 | File | `/MTFWU` | Low
|
||||
39 | File | `/nova/bin/console` | High
|
||||
40 | File | `/ofrs/admin/?page=teams/manage_team` | High
|
||||
41 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
42 | File | `/panel/fields/add` | High
|
||||
43 | File | `/patient/settings.php` | High
|
||||
44 | File | `/REBOOTSYSTEM` | High
|
||||
45 | File | `/reports/rwservlet` | High
|
||||
46 | File | `/sbin/acos_service` | High
|
||||
47 | File | `/school/model/get_teacher.php` | High
|
||||
48 | File | `/scripts/unlock_tasks.php` | High
|
||||
49 | File | `/servlet/webacc` | High
|
||||
50 | File | `/simple_chat_bot/admin/?page=responses/view_response` | High
|
||||
51 | File | `/textpattern/index.php` | High
|
||||
52 | File | `/uncpath/` | Medium
|
||||
53 | File | `/usr/bin/at` | Medium
|
||||
54 | File | `/usr/bin/pkexec` | High
|
||||
55 | File | `/var/lib/dpkg/info/` | High
|
||||
56 | File | `/var/log/demisto/` | High
|
||||
57 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
58 | File | `/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2` | High
|
||||
59 | ... | ... | ...
|
||||
|
||||
There are 505 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 512 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -63,10 +63,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-24, CWE-36, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-36, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -78,66 +78,66 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
3 | File | `/academy/home/courses` | High
|
||||
4 | File | `/academy/tutor/filter` | High
|
||||
5 | File | `/account/delivery` | High
|
||||
6 | File | `/ad-list` | Medium
|
||||
7 | File | `/admin/?page=user/list` | High
|
||||
8 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
9 | File | `/admin/about-us.php` | High
|
||||
10 | File | `/admin/add-category.php` | High
|
||||
11 | File | `/admin/add-services.php` | High
|
||||
12 | File | `/admin/add_user_modal.php` | High
|
||||
13 | File | `/admin/admin-profile.php` | High
|
||||
14 | File | `/admin/article/article-edit-run.php` | High
|
||||
15 | File | `/admin/del_category.php` | High
|
||||
16 | File | `/admin/del_feedback.php` | High
|
||||
17 | File | `/admin/del_service.php` | High
|
||||
18 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
19 | File | `/admin/edit_category.php` | High
|
||||
20 | File | `/admin/edit_product.php` | High
|
||||
21 | File | `/admin/files` | Medium
|
||||
22 | File | `/admin/forgot-password.php` | High
|
||||
23 | File | `/admin/index.php` | High
|
||||
24 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
25 | File | `/admin/invoice.php` | High
|
||||
26 | File | `/admin/search-appointment.php` | High
|
||||
27 | File | `/admin/sys_sql_query.php` | High
|
||||
28 | File | `/admin/test_status.php` | High
|
||||
29 | File | `/api/baskets/{name}` | High
|
||||
30 | File | `/api/download/updateFile` | High
|
||||
31 | File | `/api/es/admin/v3/security/user/1` | High
|
||||
32 | File | `/api/installation/setThumbnailRc` | High
|
||||
33 | File | `/api/ping` | Medium
|
||||
34 | File | `/api/set-password` | High
|
||||
35 | File | `/api/sys/login` | High
|
||||
36 | File | `/api/sys/set_passwd` | High
|
||||
37 | File | `/api/thumbnail` | High
|
||||
38 | File | `/app/sys1.php` | High
|
||||
39 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
40 | File | `/author_posts.php` | High
|
||||
41 | File | `/blog` | Low
|
||||
42 | File | `/blog-single.php` | High
|
||||
43 | File | `/browse` | Low
|
||||
44 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
45 | File | `/chaincity/user/ticket/create` | High
|
||||
46 | File | `/classes/Master.php?f=delete_category` | High
|
||||
47 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
48 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
49 | File | `/classes/Master.php?f=save_item` | High
|
||||
50 | File | `/collection/all` | High
|
||||
51 | File | `/conf/` | Low
|
||||
52 | File | `/config` | Low
|
||||
53 | File | `/config/php.ini` | High
|
||||
54 | File | `/contact.php` | Medium
|
||||
55 | File | `/Duty/AjaxHandle/UpLoadFloodPlanFile.ashx` | High
|
||||
56 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
57 | File | `/en/blog-comment-4` | High
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/academy/tutor/filter` | High
|
||||
3 | File | `/ad-list` | Medium
|
||||
4 | File | `/admin/?page=bike` | High
|
||||
5 | File | `/admin/?page=user` | High
|
||||
6 | File | `/admin/?page=user/list` | High
|
||||
7 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
8 | File | `/admin/about-us.php` | High
|
||||
9 | File | `/admin/add-category.php` | High
|
||||
10 | File | `/admin/add-services.php` | High
|
||||
11 | File | `/admin/admin-profile.php` | High
|
||||
12 | File | `/admin/article/article-edit-run.php` | High
|
||||
13 | File | `/admin/cms_admin.php` | High
|
||||
14 | File | `/admin/cms_content.php` | High
|
||||
15 | File | `/admin/config/uploadicon.php` | High
|
||||
16 | File | `/admin/del_category.php` | High
|
||||
17 | File | `/admin/del_feedback.php` | High
|
||||
18 | File | `/admin/del_service.php` | High
|
||||
19 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
20 | File | `/admin/edit_category.php` | High
|
||||
21 | File | `/admin/edit_product.php` | High
|
||||
22 | File | `/admin/files` | Medium
|
||||
23 | File | `/admin/forgot-password.php` | High
|
||||
24 | File | `/admin/index.php` | High
|
||||
25 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
26 | File | `/admin/invoice.php` | High
|
||||
27 | File | `/admin/leancloud.php` | High
|
||||
28 | File | `/admin/list_addr_fwresource_ip.php` | High
|
||||
29 | File | `/admin/login.php` | High
|
||||
30 | File | `/admin/order.php` | High
|
||||
31 | File | `/admin/plugin.php` | High
|
||||
32 | File | `/admin/save.php` | High
|
||||
33 | File | `/admin/search-appointment.php` | High
|
||||
34 | File | `/admin/services/manage_service.php` | High
|
||||
35 | File | `/admin/sys_sql_query.php` | High
|
||||
36 | File | `/api/` | Low
|
||||
37 | File | `/api/download` | High
|
||||
38 | File | `/api/download/updateFile` | High
|
||||
39 | File | `/api/es/admin/v3/security/user/1` | High
|
||||
40 | File | `/api/installation/setThumbnailRc` | High
|
||||
41 | File | `/api/sys/login` | High
|
||||
42 | File | `/api/sys/set_passwd` | High
|
||||
43 | File | `/api/thumbnail` | High
|
||||
44 | File | `/app/sys1.php` | High
|
||||
45 | File | `/blog-single.php` | High
|
||||
46 | File | `/book-services.php` | High
|
||||
47 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
48 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
49 | File | `/classes/Master.php?f=delete_category` | High
|
||||
50 | File | `/classes/master.php?f=delete_order` | High
|
||||
51 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
52 | File | `/classes/Master.php?f=save_brand` | High
|
||||
53 | File | `/classes/Master.php?f=save_category` | High
|
||||
54 | File | `/classes/Master.php?f=save_service` | High
|
||||
55 | File | `/classes/Master.php?f=update_order_status` | High
|
||||
56 | File | `/collection/all` | High
|
||||
57 | File | `/conf/` | Low
|
||||
58 | ... | ... | ...
|
||||
|
||||
There are 508 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 509 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -151,7 +151,7 @@ ID | Type | Indicator | Confidence
|
|||
73 | File | `/home/<user>/SecurityOnion/setup/so-setup` | High
|
||||
74 | ... | ... | ...
|
||||
|
||||
There are 654 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 651 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,67 @@
|
|||
# NSAMsdMiner - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [NSAMsdMiner](https://vuldb.com/?actor.nsamsdminer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.nsamsdminer](https://vuldb.com/?actor.nsamsdminer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with NSAMsdMiner:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of NSAMsdMiner.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.0.144.122](https://vuldb.com/?ip.3.0.144.122) | ec2-3-0-144-122.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
2 | [45.35.4.107](https://vuldb.com/?ip.45.35.4.107) | - | - | High
|
||||
3 | [47.101.30.124](https://vuldb.com/?ip.47.101.30.124) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _NSAMsdMiner_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1078.001 | CWE-259 | Use of Hard-coded Password | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by NSAMsdMiner. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `addentry.php` | Medium
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `email.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://s.tencent.com/research/report/730
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -64,7 +64,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -95,7 +96,7 @@ ID | Type | Indicator | Confidence
|
|||
19 | File | `announce.php` | Medium
|
||||
20 | ... | ... | ...
|
||||
|
||||
There are 163 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 165 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -85,7 +85,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -113,50 +113,49 @@ ID | Type | Indicator | Confidence
|
|||
18 | File | `/admin/search-appointment.php` | High
|
||||
19 | File | `/admin/sys_sql_query.php` | High
|
||||
20 | File | `/api/baskets/{name}` | High
|
||||
21 | File | `/appliance/users?action=edit` | High
|
||||
22 | File | `/backup.pl` | Medium
|
||||
23 | File | `/blog` | Low
|
||||
24 | File | `/booking/show_bookings/` | High
|
||||
25 | File | `/CCMAdmin/serverlist.asp` | High
|
||||
26 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
27 | File | `/cgi/get_param.cgi` | High
|
||||
28 | File | `/classes/master.php?f=delete_order` | High
|
||||
29 | File | `/collection/all` | High
|
||||
30 | File | `/csms/admin/inquiries/view_details.php` | High
|
||||
31 | File | `/cstecgi.cgi` | Medium
|
||||
32 | File | `/dipam/athlete-profile.php` | High
|
||||
33 | File | `/DXR.axd` | Medium
|
||||
34 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
35 | File | `/edoc/doctor/patient.php` | High
|
||||
36 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
37 | File | `/etc/ldap.conf` | High
|
||||
38 | File | `/etc/shadow` | Medium
|
||||
21 | File | `/api/v4/users/ids` | High
|
||||
22 | File | `/appliance/users?action=edit` | High
|
||||
23 | File | `/apply.cgi` | Medium
|
||||
24 | File | `/backup.pl` | Medium
|
||||
25 | File | `/blog` | Low
|
||||
26 | File | `/booking/show_bookings/` | High
|
||||
27 | File | `/CCMAdmin/serverlist.asp` | High
|
||||
28 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
29 | File | `/cgi/get_param.cgi` | High
|
||||
30 | File | `/classes/master.php?f=delete_order` | High
|
||||
31 | File | `/collection/all` | High
|
||||
32 | File | `/csms/admin/inquiries/view_details.php` | High
|
||||
33 | File | `/cstecgi.cgi` | Medium
|
||||
34 | File | `/dipam/athlete-profile.php` | High
|
||||
35 | File | `/DXR.axd` | Medium
|
||||
36 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
37 | File | `/edoc/doctor/patient.php` | High
|
||||
38 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
39 | File | `/forum/away.php` | High
|
||||
40 | File | `/fusion/portal/action/Link` | High
|
||||
41 | File | `/importexport.php` | High
|
||||
42 | File | `/include/chart_generator.php` | High
|
||||
43 | File | `/index.php` | Medium
|
||||
44 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
45 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
46 | File | `/kelasdosen/data` | High
|
||||
47 | File | `/librarian/bookdetails.php` | High
|
||||
48 | File | `/listplace/user/coverPhotoUpdate` | High
|
||||
49 | File | `/messageboard/view.php` | High
|
||||
50 | File | `/MIME/INBOX-MM-1/` | High
|
||||
51 | File | `/osm/REGISTER.cmd` | High
|
||||
52 | File | `/out.php` | Medium
|
||||
53 | File | `/owa/auth/logon.aspx` | High
|
||||
54 | File | `/patient/appointment.php` | High
|
||||
55 | File | `/paysystem/datatable.php` | High
|
||||
56 | File | `/php-scrm/login.php` | High
|
||||
57 | File | `/reservation/add_message.php` | High
|
||||
58 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
59 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
60 | File | `/send_order.cgi?parameter=restart` | High
|
||||
61 | File | `/spcgi.cgi` | Medium
|
||||
62 | ... | ... | ...
|
||||
41 | File | `/h/autoSaveDraft` | High
|
||||
42 | File | `/importexport.php` | High
|
||||
43 | File | `/include/chart_generator.php` | High
|
||||
44 | File | `/index.php` | Medium
|
||||
45 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
46 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
47 | File | `/kelasdosen/data` | High
|
||||
48 | File | `/librarian/bookdetails.php` | High
|
||||
49 | File | `/listplace/user/coverPhotoUpdate` | High
|
||||
50 | File | `/messageboard/view.php` | High
|
||||
51 | File | `/MIME/INBOX-MM-1/` | High
|
||||
52 | File | `/osm/REGISTER.cmd` | High
|
||||
53 | File | `/out.php` | Medium
|
||||
54 | File | `/owa/auth/logon.aspx` | High
|
||||
55 | File | `/patient/appointment.php` | High
|
||||
56 | File | `/paysystem/datatable.php` | High
|
||||
57 | File | `/php-scrm/login.php` | High
|
||||
58 | File | `/protocol/iscgwtunnel/uploadiscgwrouteconf.php` | High
|
||||
59 | File | `/reservation/add_message.php` | High
|
||||
60 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 538 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 532 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -81,7 +81,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -108,13 +108,13 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/admin/reg.php` | High
|
||||
18 | File | `/admin/search-appointment.php` | High
|
||||
19 | File | `/admin/settings/save.php` | High
|
||||
20 | File | `/admin/students/manage.php` | High
|
||||
21 | File | `/admin/sys_sql_query.php` | High
|
||||
22 | File | `/admin/userprofile.php` | High
|
||||
23 | File | `/api/baskets/{name}` | High
|
||||
24 | File | `/appliance/users?action=edit` | High
|
||||
25 | File | `/apply.cgi` | Medium
|
||||
26 | File | `/backup.pl` | Medium
|
||||
20 | File | `/admin/sys_sql_query.php` | High
|
||||
21 | File | `/admin/userprofile.php` | High
|
||||
22 | File | `/api/baskets/{name}` | High
|
||||
23 | File | `/appliance/users?action=edit` | High
|
||||
24 | File | `/apply.cgi` | Medium
|
||||
25 | File | `/backup.pl` | Medium
|
||||
26 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
27 | File | `/blog` | Low
|
||||
28 | File | `/booking/show_bookings/` | High
|
||||
29 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
|
@ -149,7 +149,7 @@ ID | Type | Indicator | Confidence
|
|||
58 | File | `/php-scrm/login.php` | High
|
||||
59 | ... | ... | ...
|
||||
|
||||
There are 511 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 518 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
# Nimplant - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Nimplant](https://vuldb.com/?actor.nimplant). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.nimplant](https://vuldb.com/?actor.nimplant)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Nimplant:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Nimplant.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.106.215.199](https://vuldb.com/?ip.23.106.215.199) | - | - | High
|
||||
2 | [54.202.46.22](https://vuldb.com/?ip.54.202.46.22) | ec2-54-202-46-22.us-west-2.compute.amazonaws.com | - | Medium
|
||||
3 | [142.93.226.220](https://vuldb.com/?ip.142.93.226.220) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Nimplant_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Nimplant. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/bin/goahead` | Medium
|
||||
2 | File | `/common/info.cgi` | High
|
||||
3 | File | `/docs/captcha_(number).jpeg` | High
|
||||
4 | File | `/etc/config/image_sign` | High
|
||||
5 | File | `/home.jsp` | Medium
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 37 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://search.censys.io/hosts/23.106.215.199
|
||||
* https://search.censys.io/hosts/54.202.46.22
|
||||
* https://search.censys.io/hosts/142.93.226.220
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -48,68 +48,71 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/photo.php` | High
|
||||
2 | File | `/admin/upload.php` | High
|
||||
3 | File | `/admin/user/add` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/APP_Installation.asp` | High
|
||||
6 | File | `/blog` | Low
|
||||
7 | File | `/categorypage.php` | High
|
||||
8 | File | `/cm/delete` | Medium
|
||||
9 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
10 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
11 | File | `/download` | Medium
|
||||
12 | File | `/drivers/media/media-device.c` | High
|
||||
13 | File | `/etc/master.passwd` | High
|
||||
14 | File | `/filemanager/upload.php` | High
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/getcfg.php` | Medium
|
||||
17 | File | `/home.php` | Medium
|
||||
18 | File | `/homeaction.php` | High
|
||||
19 | File | `/modules/profile/index.php` | High
|
||||
20 | File | `/modules/tasks/summary.inc.php` | High
|
||||
21 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
22 | File | `/out.php` | Medium
|
||||
23 | File | `/p` | Low
|
||||
24 | File | `/preauth` | Medium
|
||||
25 | File | `/products/details.asp` | High
|
||||
26 | File | `/recordings/index.php` | High
|
||||
27 | File | `/see_more_details.php` | High
|
||||
28 | File | `/show_news.php` | High
|
||||
29 | File | `/tmp/before` | Medium
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/updownload/t.report` | High
|
||||
32 | File | `/user.profile.php` | High
|
||||
33 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
34 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
35 | File | `/wp-admin` | Medium
|
||||
36 | File | `/wp-admin/admin-ajax.php` | High
|
||||
37 | File | `account.asp` | Medium
|
||||
38 | File | `adclick.php` | Medium
|
||||
39 | File | `adm/systools.asp` | High
|
||||
40 | File | `admin.php` | Medium
|
||||
41 | File | `admin/admin.shtml` | High
|
||||
42 | File | `Admin/ADM_Pagina.php` | High
|
||||
43 | File | `admin/category.inc.php` | High
|
||||
44 | File | `admin/main.asp` | High
|
||||
45 | File | `admin/param/param_func.inc.php` | High
|
||||
46 | File | `admin/y_admin.asp` | High
|
||||
47 | File | `adminer.php` | Medium
|
||||
48 | File | `administration/admins.php` | High
|
||||
49 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
50 | File | `admin_ok.asp` | Medium
|
||||
51 | File | `album_portal.php` | High
|
||||
52 | File | `app/Core/Paginator.php` | High
|
||||
53 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
54 | File | `artlinks.dispnew.php` | High
|
||||
55 | File | `auth.php` | Medium
|
||||
56 | File | `bin/named/query.c` | High
|
||||
57 | File | `blank.php` | Medium
|
||||
58 | File | `blocklayered-ajax.php` | High
|
||||
59 | File | `blogger-importer.php` | High
|
||||
60 | ... | ... | ...
|
||||
1 | File | `/admin/manage_academic.php` | High
|
||||
2 | File | `/admin/photo.php` | High
|
||||
3 | File | `/admin/upload.php` | High
|
||||
4 | File | `/admin/user/add` | High
|
||||
5 | File | `/api/baskets/{name}` | High
|
||||
6 | File | `/APP_Installation.asp` | High
|
||||
7 | File | `/blog` | Low
|
||||
8 | File | `/categorypage.php` | High
|
||||
9 | File | `/cm/delete` | Medium
|
||||
10 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
11 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
12 | File | `/download` | Medium
|
||||
13 | File | `/drivers/media/media-device.c` | High
|
||||
14 | File | `/etc/master.passwd` | High
|
||||
15 | File | `/filemanager/upload.php` | High
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/getcfg.php` | Medium
|
||||
18 | File | `/home.php` | Medium
|
||||
19 | File | `/homeaction.php` | High
|
||||
20 | File | `/modules/profile/index.php` | High
|
||||
21 | File | `/modules/tasks/summary.inc.php` | High
|
||||
22 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
23 | File | `/out.php` | Medium
|
||||
24 | File | `/p` | Low
|
||||
25 | File | `/preauth` | Medium
|
||||
26 | File | `/products/details.asp` | High
|
||||
27 | File | `/recordings/index.php` | High
|
||||
28 | File | `/see_more_details.php` | High
|
||||
29 | File | `/show_news.php` | High
|
||||
30 | File | `/tmp/before` | Medium
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/updownload/t.report` | High
|
||||
33 | File | `/user.profile.php` | High
|
||||
34 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
35 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
36 | File | `/wp-admin` | Medium
|
||||
37 | File | `/wp-admin/admin-ajax.php` | High
|
||||
38 | File | `4.2.0.CP09` | Medium
|
||||
39 | File | `account.asp` | Medium
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `adm/systools.asp` | High
|
||||
42 | File | `admin.php` | Medium
|
||||
43 | File | `admin/admin.shtml` | High
|
||||
44 | File | `Admin/ADM_Pagina.php` | High
|
||||
45 | File | `admin/category.inc.php` | High
|
||||
46 | File | `admin/main.asp` | High
|
||||
47 | File | `admin/param/param_func.inc.php` | High
|
||||
48 | File | `admin/y_admin.asp` | High
|
||||
49 | File | `adminer.php` | Medium
|
||||
50 | File | `administration/admins.php` | High
|
||||
51 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
52 | File | `admin_ok.asp` | Medium
|
||||
53 | File | `album_portal.php` | High
|
||||
54 | File | `app/Core/Paginator.php` | High
|
||||
55 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
56 | File | `artlinks.dispnew.php` | High
|
||||
57 | File | `auth.php` | Medium
|
||||
58 | File | `bin/named/query.c` | High
|
||||
59 | File | `blank.php` | Medium
|
||||
60 | File | `blocklayered-ajax.php` | High
|
||||
61 | File | `blogger-importer.php` | High
|
||||
62 | File | `bluegate_seo.inc.php` | High
|
||||
63 | ... | ... | ...
|
||||
|
||||
There are 529 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 548 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
@ -74,16 +74,16 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
15 | File | `add.php` | Low
|
||||
16 | File | `admin.cgi/config.cgi` | High
|
||||
17 | File | `admin/admin.guestbook.php` | High
|
||||
18 | File | `admin/auth.php` | High
|
||||
19 | File | `admin/backupdb.php` | High
|
||||
20 | File | `admin/login.asp` | High
|
||||
21 | File | `admin/preview.php` | High
|
||||
22 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
23 | File | `archive_read_support_format_rar.c` | High
|
||||
17 | File | `admin.php` | Medium
|
||||
18 | File | `admin/admin.guestbook.php` | High
|
||||
19 | File | `admin/auth.php` | High
|
||||
20 | File | `admin/backupdb.php` | High
|
||||
21 | File | `admin/login.asp` | High
|
||||
22 | File | `admin/preview.php` | High
|
||||
23 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 200 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -55,9 +55,10 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/uncpath/` | Medium
|
||||
7 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
8 | File | `AppCompatCache.exe` | High
|
||||
9 | ... | ... | ...
|
||||
9 | File | `appserv/main.php` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 71 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
# Onyx Sleet - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Onyx Sleet](https://vuldb.com/?actor.onyx_sleet). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.onyx_sleet](https://vuldb.com/?actor.onyx_sleet)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with Onyx Sleet:
|
||||
|
||||
* CVE-2023-42793
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Onyx Sleet.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [147.78.149.201](https://vuldb.com/?ip.147.78.149.201) | - | CVE-2023-42793 | High
|
||||
2 | [162.19.71.175](https://vuldb.com/?ip.162.19.71.175) | - | CVE-2023-42793 | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -76,7 +76,7 @@ ID | Type | Indicator | Confidence
|
|||
25 | File | `/plesk-site-preview/` | High
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 222 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Ouroboros - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ouroboros](https://vuldb.com/?actor.ouroboros). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ouroboros](https://vuldb.com/?actor.ouroboros)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Ouroboros.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [176.31.68.30](https://vuldb.com/?ip.176.31.68.30) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://s.tencent.com/research/report/793
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue