Update October 2023

2023-10-27 13:52:44 +02:00 · 2023-10-27 13:52:44 +02:00 · 5e84854492
parent 35df3f655c
commit 5e84854492
428 changed files with 87503 additions and 82297 deletions
--- a/actors/APT1/README.md
+++ b/actors/APT1/README.md
@ -58,7 +58,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 8 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -71,7 +71,7 @@ ID | Type | Indicator | Confidence
 3 | File | `/systemrw/` | Medium
 4 | ... | ... | ...

-There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT10/README.md
+++ b/actors/APT10/README.md
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...

-There are 9 more country items available. Please use our online service to access the data.
+There are 7 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -73,10 +73,10 @@ ID | Technique | Weakness | Description | Confidence
 1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-94 | Cross Site Scripting | High
+4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | ... | ... | ... | ...

-There are 16 more TTP items available. Please use our online service to access the data.
+There are 15 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -102,30 +102,28 @@ ID | Type | Indicator | Confidence
 16 | File | `/messageboard/view.php` | High
 17 | File | `/mhds/clinic/view_details.php` | High
 18 | File | `/mkshop/Men/profile.php` | High
-19 | File | `/modules/profile/index.php` | High
-20 | File | `/Noxen-master/users.php` | High
-21 | File | `/one_church/userregister.php` | High
-22 | File | `/out.php` | Medium
-23 | File | `/owa/auth/logon.aspx` | High
-24 | File | `/public/plugins/` | High
-25 | File | `/SAP_Information_System/controllers/add_admin.php` | High
-26 | File | `/SASWebReportStudio/logonAndRender.do` | High
-27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-28 | File | `/secure/admin/ViewInstrumentation.jspa` | High
-29 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
-30 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
-31 | File | `/textpattern/index.php` | High
-32 | File | `/upfile.cgi` | Medium
-33 | File | `/v2/quantum/save-data-upload-big-file` | High
-34 | File | `/wordpress/wp-admin/admin.php` | High
-35 | File | `4.edu.php` | Medium
-36 | File | `account_footer.php` | High
-37 | File | `adclick.php` | Medium
-38 | File | `add_edit_cat.asp` | High
-39 | File | `add_edit_user.asp` | High
-40 | ... | ... | ...
+19 | File | `/Noxen-master/users.php` | High
+20 | File | `/one_church/userregister.php` | High
+21 | File | `/out.php` | Medium
+22 | File | `/owa/auth/logon.aspx` | High
+23 | File | `/public/plugins/` | High
+24 | File | `/SAP_Information_System/controllers/add_admin.php` | High
+25 | File | `/SASWebReportStudio/logonAndRender.do` | High
+26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+27 | File | `/secure/admin/ViewInstrumentation.jspa` | High
+28 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
+29 | File | `/textpattern/index.php` | High
+30 | File | `/upfile.cgi` | Medium
+31 | File | `/v2/quantum/save-data-upload-big-file` | High
+32 | File | `/wordpress/wp-admin/admin.php` | High
+33 | File | `4.edu.php` | Medium
+34 | File | `account_footer.php` | High
+35 | File | `adclick.php` | Medium
+36 | File | `add_edit_cat.asp` | High
+37 | File | `add_edit_user.asp` | High
+38 | ... | ... | ...

-There are 342 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT17/README.md
+++ b/actors/APT17/README.md
@ -44,7 +44,8 @@ ID | Technique | Weakness | Description | Confidence
 1 | T1006 | CWE-22 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | ... | ... | ... | ...
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

 There are 14 more TTP items available. Please use our online service to access the data.

--- a/actors/APT19/README.md
+++ b/actors/APT19/README.md
@ -40,6 +40,9 @@ ID | Technique | Weakness | Description | Confidence
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
 2 | T1222 | CWE-276 | Permission Issues | High
 3 | T1505 | CWE-89 | SQL Injection | High
+4 | ... | ... | ... | ...
+
+There are 1 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -49,10 +52,10 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/admin/admin-profile.php` | High
 2 | File | `/search.php` | Medium
-3 | File | `index.php` | Medium
+3 | File | `/Tool/uploadfile.php` | High
 4 | ... | ... | ...

-There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 8 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT28/README.md
+++ b/actors/APT28/README.md
@ -10,10 +10,10 @@ The following _campaigns_ are known and can be associated with APT28:

 * Carberp
 * CVE-2022-30190
-* Fysbis
+* CVE-2023-38831
 * ...

-There are 4 more campaign items available. Please use our online service to access the data.
+There are 5 more campaign items available. Please use our online service to access the data.

 ## Countries

@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * ...

-There are 7 more country items available. Please use our online service to access the data.
+There are 14 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -84,7 +84,7 @@ ID | IP address | Hostname | Campaign | Confidence
 50 | [80.255.3.93](https://vuldb.com/?ip.80.255.3.93) | - | - | High
 51 | ... | ... | ... | ...

-There are 198 more IOC items available. Please use our online service to access the data.
+There are 201 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -92,10 +92,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
 2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-94 | Cross Site Scripting | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

@ -107,68 +107,74 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.travis.yml` | Medium
-2 | File | `/admin/subnets/ripe-query.php` | High
-3 | File | `/apply.cgi` | Medium
-4 | File | `/core/conditions/AbstractWrapper.java` | High
-5 | File | `/dashboard/updatelogo.php` | High
-6 | File | `/debug/pprof` | Medium
-7 | File | `/etc/openshift/server_priv.pem` | High
-8 | File | `/export` | Low
-9 | File | `/file?action=download&file` | High
-10 | File | `/hardware` | Medium
-11 | File | `/index.php` | Medium
-12 | File | `/librarian/bookdetails.php` | High
-13 | File | `/messageboard/view.php` | High
-14 | File | `/mgmt/tm/util/bash` | High
-15 | File | `/mkshop/Men/profile.php` | High
-16 | File | `/modules/projects/vw_files.php` | High
-17 | File | `/monitoring` | Medium
-18 | File | `/MTFWU` | Low
-19 | File | `/Noxen-master/users.php` | High
-20 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
-21 | File | `/plugin/LiveChat/getChat.json.php` | High
-22 | File | `/plugins/servlet/audit/resource` | High
-23 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
-24 | File | `/REBOOTSYSTEM` | High
-25 | File | `/replication` | Medium
-26 | File | `/RestAPI` | Medium
-27 | File | `/servlet/webacc` | High
-28 | File | `/textpattern/index.php` | High
-29 | File | `/tmp/zarafa-vacation-*` | High
-30 | File | `/uncpath/` | Medium
-31 | File | `/upload` | Low
-32 | File | `/user/loader.php?api=1` | High
-33 | File | `/usr/bin/at` | Medium
-34 | File | `/var/log/nginx` | High
-35 | File | `/var/run/watchman.pid` | High
-36 | File | `/viewer/krpano.html` | High
-37 | File | `/wp-json/oembed/1.0/embed?url` | High
-38 | File | `/wp-json/wc/v3/webhooks` | High
-39 | File | `20review.asp` | Medium
-40 | File | `account.asp` | Medium
-41 | File | `ActivityManagerService.java` | High
-42 | File | `additem.asp` | Medium
-43 | File | `admin.a6mambocredits.php` | High
-44 | File | `admin.cropcanvas.php` | High
-45 | File | `admin.joomlaradiov5.php` | High
-46 | File | `admin.php` | Medium
-47 | File | `admin.remository.php` | High
-48 | File | `admin/addons/archive/archive.php` | High
-49 | File | `adminAvatars.php` | High
-50 | File | `AdxDSrv.exe` | Medium
-51 | ... | ... | ...
+1 | File | `/Admin/add-student.php` | High
+2 | File | `/admin/maintenance/view_designation.php` | High
+3 | File | `/admin/subnets/ripe-query.php` | High
+4 | File | `/api/v1/attack` | High
+5 | File | `/apply.cgi` | Medium
+6 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
+7 | File | `/cgi-bin/touchlist_sync.cgi` | High
+8 | File | `/classes/Master.php` | High
+9 | File | `/core/conditions/AbstractWrapper.java` | High
+10 | File | `/ctpms/admin/applications/update_status.php` | High
+11 | File | `/ctpms/classes/Master.php?f=delete_img` | High
+12 | File | `/dashboard/updatelogo.php` | High
+13 | File | `/debug/pprof` | Medium
+14 | File | `/etc/openshift/server_priv.pem` | High
+15 | File | `/export` | Low
+16 | File | `/forum/away.php` | High
+17 | File | `/goform/P2pListFilter` | High
+18 | File | `/goform/setSysAdm` | High
+19 | File | `/hardware` | Medium
+20 | File | `/hrm/controller/employee.php` | High
+21 | File | `/index.php` | Medium
+22 | File | `/kelas/data` | Medium
+23 | File | `/librarian/bookdetails.php` | High
+24 | File | `/login.php` | Medium
+25 | File | `/login/index.php` | High
+26 | File | `/messageboard/view.php` | High
+27 | File | `/mgmt/tm/util/bash` | High
+28 | File | `/mkshop/Men/profile.php` | High
+29 | File | `/modules/projects/vw_files.php` | High
+30 | File | `/MTFWU` | Low
+31 | File | `/mygym/admin/login.php` | High
+32 | File | `/Noxen-master/users.php` | High
+33 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
+34 | File | `/plugin/LiveChat/getChat.json.php` | High
+35 | File | `/product/savenewproduct.php?flag=1` | High
+36 | File | `/release-x64/otfccdump` | High
+37 | File | `/servlet/webacc` | High
+38 | File | `/setNTP.cgi` | Medium
+39 | File | `/setting/setDeviceName` | High
+40 | File | `/SysManage/AddUpdateRole.aspx` | High
+41 | File | `/textpattern/index.php` | High
+42 | File | `/tmp/zarafa-vacation-*` | High
+43 | File | `/uncpath/` | Medium
+44 | File | `/upload` | Low
+45 | File | `/user/loader.php?api=1` | High
+46 | File | `/usr/bin/at` | Medium
+47 | File | `/var/log/nginx` | High
+48 | File | `/var/run/chrony` | High
+49 | File | `/var/run/watchman.pid` | High
+50 | File | `/view-property.php` | High
+51 | File | `/viewer/krpano.html` | High
+52 | File | `/wp-json/oembed/1.0/embed?url` | High
+53 | File | `/xpdf/GfxState.cc` | High
+54 | File | `20review.asp` | Medium
+55 | ... | ... | ...

-There are 439 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 479 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

+* https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
 * https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/
 * https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/
 * https://blog.sekoia.io/apt28-leverages-multiple-phishing-techniques-to-target-ukrainian-civil-society/
 * https://cert.gov.ua/article/40102
+* https://cert.gov.ua/article/5702579
 * https://community.blueliv.com/#!/s/5f6b482482df413eb5350d3b
 * https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf
 * https://github.com/blackorbird/APT_REPORT/blob/master/APT28/IOC/2019-04-05-ioc-mark.txt
--- a/actors/APT29/README.md
+++ b/actors/APT29/README.md
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [LA](https://vuldb.com/?country.la)
 * ...

-There are 13 more country items available. Please use our online service to access the data.
+There are 12 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -70,7 +70,7 @@ ID | Technique | Weakness | Description | Confidence
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

-There are 21 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -79,52 +79,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/?p=products` | Medium
-2 | File | `/about.php` | Medium
-3 | File | `/admin.php/accessory/filesdel.html` | High
-4 | File | `/admin/?page=user/manage` | High
-5 | File | `/admin/add-new.php` | High
-6 | File | `/admin/doctors.php` | High
-7 | File | `/admin/submit-articles` | High
-8 | File | `/alphaware/summary.php` | High
-9 | File | `/api/` | Low
-10 | File | `/api/admin/store/product/list` | High
-11 | File | `/api/baskets/{name}` | High
-12 | File | `/api/stl/actions/search` | High
-13 | File | `/api/v2/cli/commands` | High
-14 | File | `/attachments` | Medium
-15 | File | `/bin/ate` | Medium
-16 | File | `/boat/login.php` | High
-17 | File | `/book-services.php` | High
-18 | File | `/booking/show_bookings/` | High
-19 | File | `/bsms_ci/index.php/book` | High
-20 | File | `/cgi-bin` | Medium
-21 | File | `/cgi-bin/luci/api/wireless` | High
-22 | File | `/cgi-bin/wlogin.cgi` | High
-23 | File | `/Content/Template/root/reverse-shell.aspx` | High
-24 | File | `/context/%2e/WEB-INF/web.xml` | High
-25 | File | `/dashboard/add-blog.php` | High
-26 | File | `/debug/pprof` | Medium
-27 | File | `/DXR.axd` | Medium
-28 | File | `/en/blog-comment-4` | High
-29 | File | `/env` | Low
-30 | File | `/etc/hosts` | Medium
-31 | File | `/forum/away.php` | High
-32 | File | `/goform/setmac` | High
-33 | File | `/goform/wizard_end` | High
-34 | File | `/group1/uploa` | High
-35 | File | `/h/` | Low
-36 | File | `/manage-apartment.php` | High
-37 | File | `/medicines/profile.php` | High
-38 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
-39 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
-40 | File | `/owa/auth/logon.aspx` | High
-41 | File | `/pages/apply_vacancy.php` | High
-42 | File | `/php-sms/admin/?page=user/manage_user` | High
-43 | File | `/project/PROJECTNAME/reports/` | High
-44 | File | `/proxy` | Low
-45 | ... | ... | ...
+2 | File | `/admin.php/accessory/filesdel.html` | High
+3 | File | `/admin/?page=user/manage` | High
+4 | File | `/admin/add-new.php` | High
+5 | File | `/admin/doctors.php` | High
+6 | File | `/admin/submit-articles` | High
+7 | File | `/alphaware/summary.php` | High
+8 | File | `/api/` | Low
+9 | File | `/api/admin/store/product/list` | High
+10 | File | `/api/baskets/{name}` | High
+11 | File | `/api/stl/actions/search` | High
+12 | File | `/api/v2/cli/commands` | High
+13 | File | `/attachments` | Medium
+14 | File | `/bin/ate` | Medium
+15 | File | `/boat/login.php` | High
+16 | File | `/book-services.php` | High
+17 | File | `/booking/show_bookings/` | High
+18 | File | `/bsms_ci/index.php/book` | High
+19 | File | `/cgi-bin` | Medium
+20 | File | `/cgi-bin/wlogin.cgi` | High
+21 | File | `/Content/Template/root/reverse-shell.aspx` | High
+22 | File | `/context/%2e/WEB-INF/web.xml` | High
+23 | File | `/dashboard/add-blog.php` | High
+24 | File | `/debug/pprof` | Medium
+25 | File | `/DXR.axd` | Medium
+26 | File | `/en/blog-comment-4` | High
+27 | File | `/env` | Low
+28 | File | `/etc/hosts` | Medium
+29 | File | `/forum/away.php` | High
+30 | File | `/goform/setmac` | High
+31 | File | `/goform/wizard_end` | High
+32 | File | `/group1/uploa` | High
+33 | File | `/h/` | Low
+34 | File | `/medicines/profile.php` | High
+35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
+36 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
+37 | File | `/owa/auth/logon.aspx` | High
+38 | File | `/php-sms/admin/?page=user/manage_user` | High
+39 | File | `/project/PROJECTNAME/reports/` | High
+40 | File | `/proxy` | Low
+41 | File | `/reservation/add_message.php` | High
+42 | File | `/resources//../` | High
+43 | ... | ... | ...

-There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 372 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT41/README.md
+++ b/actors/APT41/README.md
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...

-There are 7 more country items available. Please use our online service to access the data.
+There are 8 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -64,7 +64,7 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-22 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

 There are 12 more TTP items available. Please use our online service to access the data.
--- a/actors/AdKoob/README.md
+++ b/actors/AdKoob/README.md
@ -49,7 +49,7 @@ ID | Type | Indicator | Confidence
 3 | File | `admin/index.php` | High
 4 | ... | ... | ...

-There are 20 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Agent/README.md
+++ b/actors/Agent/README.md
@ -96,7 +96,7 @@ ID | Type | Indicator | Confidence
 43 | File | `/out.php` | Medium
 44 | ... | ... | ...

-There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Alien/README.md
+++ b/actors/Alien/README.md
@ -165,10 +165,10 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
 7 | ... | ... | ... | ...

-There are 23 more TTP items available. Please use our online service to access the data.
+There are 25 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -190,37 +190,34 @@ ID | Type | Indicator | Confidence
 12 | File | `/authenticationendpoint/login.do` | High
 13 | File | `/billing/home.php` | High
 14 | File | `/cgi-bin/mainfunction.cgi` | High
-15 | File | `/cgi-bin/wapopen` | High
-16 | File | `/cgi-bin/wlogin.cgi` | High
-17 | File | `/cgi.cgi` | Medium
+15 | File | `/cgi-bin/wlogin.cgi` | High
+16 | File | `/cgi.cgi` | Medium
+17 | File | `/classes/Users.php` | High
 18 | File | `/collection/all` | High
 19 | File | `/Content/Template/root/reverse-shell.aspx` | High
 20 | File | `/ctcprotocol/Protocol` | High
 21 | File | `/dashboard/add-blog.php` | High
-22 | File | `/debug/pprof` | Medium
-23 | File | `/dottie.js` | Medium
-24 | File | `/DXR.axd` | Medium
-25 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
-26 | File | `/env` | Low
-27 | File | `/files/` | Low
+22 | File | `/dottie.js` | Medium
+23 | File | `/DXR.axd` | Medium
+24 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
+25 | File | `/env` | Low
+26 | File | `/files/` | Low
+27 | File | `/forms/doLogin` | High
 28 | File | `/forum/away.php` | High
-29 | File | `/getcfg.php` | Medium
-30 | File | `/group1/uploa` | High
-31 | File | `/h/autoSaveDraft` | High
-32 | File | `/home/cavesConsole` | High
-33 | File | `/importexport.php` | High
-34 | File | `/index.php` | Medium
-35 | File | `/index.php/sysmanage/Login/login_auth/` | High
-36 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
-37 | File | `/index.php?page=member` | High
-38 | File | `/items/search` | High
-39 | File | `/jurusanmatkul/data` | High
-40 | File | `/log/decodmail.php` | High
-41 | File | `/log/webmailattach.php` | High
-42 | File | `/login.php?do=login` | High
-43 | ... | ... | ...
+29 | File | `/group1/uploa` | High
+30 | File | `/h/autoSaveDraft` | High
+31 | File | `/home/cavesConsole` | High
+32 | File | `/importexport.php` | High
+33 | File | `/index.php` | Medium
+34 | File | `/index.php/sysmanage/Login/login_auth/` | High
+35 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
+36 | File | `/items/search` | High
+37 | File | `/jurusanmatkul/data` | High
+38 | File | `/librarian/bookdetails.php` | High
+39 | File | `/log/decodmail.php` | High
+40 | ... | ... | ...

-There are 374 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Amadey/README.md
+++ b/actors/Amadey/README.md
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
-* [GB](https://vuldb.com/?country.gb)
+* [TR](https://vuldb.com/?country.tr)
 * ...

-There are 15 more country items available. Please use our online service to access the data.
+There are 16 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -27,44 +27,45 @@ ID | IP address | Hostname | Campaign | Confidence
 4 | [5.42.64.33](https://vuldb.com/?ip.5.42.64.33) | - | - | High
 5 | [5.42.64.45](https://vuldb.com/?ip.5.42.64.45) | - | - | High
 6 | [5.42.65.1](https://vuldb.com/?ip.5.42.65.1) | - | - | High
-7 | [5.42.65.80](https://vuldb.com/?ip.5.42.65.80) | - | - | High
-8 | [5.42.92.67](https://vuldb.com/?ip.5.42.92.67) | - | - | High
-9 | [5.75.139.35](https://vuldb.com/?ip.5.75.139.35) | static.35.139.75.5.clients.your-server.de | - | High
-10 | [5.182.4.47](https://vuldb.com/?ip.5.182.4.47) | - | - | High
-11 | [5.188.118.7](https://vuldb.com/?ip.5.188.118.7) | - | - | High
-12 | [23.106.215.95](https://vuldb.com/?ip.23.106.215.95) | - | - | High
-13 | [31.41.244.15](https://vuldb.com/?ip.31.41.244.15) | - | - | High
-14 | [31.41.244.17](https://vuldb.com/?ip.31.41.244.17) | - | - | High
-15 | [31.41.244.60](https://vuldb.com/?ip.31.41.244.60) | - | - | High
-16 | [31.41.244.146](https://vuldb.com/?ip.31.41.244.146) | - | - | High
-17 | [31.41.244.158](https://vuldb.com/?ip.31.41.244.158) | - | - | High
-18 | [31.41.244.167](https://vuldb.com/?ip.31.41.244.167) | - | - | High
-19 | [31.41.244.200](https://vuldb.com/?ip.31.41.244.200) | - | - | High
-20 | [31.41.244.237](https://vuldb.com/?ip.31.41.244.237) | - | - | High
-21 | [37.220.87.85](https://vuldb.com/?ip.37.220.87.85) | ipn-37-220-87-85.artem-catv.ru | - | High
-22 | [45.9.74.5](https://vuldb.com/?ip.45.9.74.5) | - | - | High
-23 | [45.9.74.70](https://vuldb.com/?ip.45.9.74.70) | - | - | High
-24 | [45.9.74.80](https://vuldb.com/?ip.45.9.74.80) | - | - | High
-25 | [45.9.74.141](https://vuldb.com/?ip.45.9.74.141) | - | - | High
-26 | [45.9.74.164](https://vuldb.com/?ip.45.9.74.164) | - | - | High
-27 | [45.9.74.166](https://vuldb.com/?ip.45.9.74.166) | - | - | High
-28 | [45.9.74.182](https://vuldb.com/?ip.45.9.74.182) | - | - | High
-29 | [45.15.156.216](https://vuldb.com/?ip.45.15.156.216) | - | - | High
-30 | [45.32.200.113](https://vuldb.com/?ip.45.32.200.113) | 45.32.200.113.vultrusercontent.com | - | High
-31 | [45.66.230.123](https://vuldb.com/?ip.45.66.230.123) | - | - | High
-32 | [45.155.7.60](https://vuldb.com/?ip.45.155.7.60) | 7-60.static.ipcserver.net | - | High
-33 | [45.155.205.172](https://vuldb.com/?ip.45.155.205.172) | - | - | High
-34 | [45.227.255.49](https://vuldb.com/?ip.45.227.255.49) | - | - | High
-35 | [46.17.96.36](https://vuldb.com/?ip.46.17.96.36) | - | - | High
-36 | [49.12.117.51](https://vuldb.com/?ip.49.12.117.51) | static.51.117.12.49.clients.your-server.de | - | High
-37 | [49.13.60.242](https://vuldb.com/?ip.49.13.60.242) | static.242.60.13.49.clients.your-server.de | - | High
-38 | [62.182.156.152](https://vuldb.com/?ip.62.182.156.152) | - | - | High
-39 | [62.204.41.4](https://vuldb.com/?ip.62.204.41.4) | - | - | High
-40 | [62.204.41.5](https://vuldb.com/?ip.62.204.41.5) | - | - | High
-41 | [62.204.41.6](https://vuldb.com/?ip.62.204.41.6) | - | - | High
-42 | ... | ... | ... | ...
+7 | [5.42.65.28](https://vuldb.com/?ip.5.42.65.28) | - | - | High
+8 | [5.42.65.80](https://vuldb.com/?ip.5.42.65.80) | - | - | High
+9 | [5.42.92.67](https://vuldb.com/?ip.5.42.92.67) | - | - | High
+10 | [5.75.139.35](https://vuldb.com/?ip.5.75.139.35) | static.35.139.75.5.clients.your-server.de | - | High
+11 | [5.182.4.47](https://vuldb.com/?ip.5.182.4.47) | - | - | High
+12 | [5.188.118.7](https://vuldb.com/?ip.5.188.118.7) | - | - | High
+13 | [23.106.215.95](https://vuldb.com/?ip.23.106.215.95) | - | - | High
+14 | [31.41.244.15](https://vuldb.com/?ip.31.41.244.15) | - | - | High
+15 | [31.41.244.17](https://vuldb.com/?ip.31.41.244.17) | - | - | High
+16 | [31.41.244.60](https://vuldb.com/?ip.31.41.244.60) | - | - | High
+17 | [31.41.244.146](https://vuldb.com/?ip.31.41.244.146) | - | - | High
+18 | [31.41.244.158](https://vuldb.com/?ip.31.41.244.158) | - | - | High
+19 | [31.41.244.167](https://vuldb.com/?ip.31.41.244.167) | - | - | High
+20 | [31.41.244.200](https://vuldb.com/?ip.31.41.244.200) | - | - | High
+21 | [31.41.244.237](https://vuldb.com/?ip.31.41.244.237) | - | - | High
+22 | [37.220.87.85](https://vuldb.com/?ip.37.220.87.85) | ipn-37-220-87-85.artem-catv.ru | - | High
+23 | [45.9.74.5](https://vuldb.com/?ip.45.9.74.5) | - | - | High
+24 | [45.9.74.70](https://vuldb.com/?ip.45.9.74.70) | - | - | High
+25 | [45.9.74.80](https://vuldb.com/?ip.45.9.74.80) | - | - | High
+26 | [45.9.74.141](https://vuldb.com/?ip.45.9.74.141) | - | - | High
+27 | [45.9.74.164](https://vuldb.com/?ip.45.9.74.164) | - | - | High
+28 | [45.9.74.166](https://vuldb.com/?ip.45.9.74.166) | - | - | High
+29 | [45.9.74.182](https://vuldb.com/?ip.45.9.74.182) | - | - | High
+30 | [45.15.156.216](https://vuldb.com/?ip.45.15.156.216) | - | - | High
+31 | [45.32.200.113](https://vuldb.com/?ip.45.32.200.113) | 45.32.200.113.vultrusercontent.com | - | High
+32 | [45.66.230.123](https://vuldb.com/?ip.45.66.230.123) | - | - | High
+33 | [45.155.7.60](https://vuldb.com/?ip.45.155.7.60) | 7-60.static.ipcserver.net | - | High
+34 | [45.155.205.172](https://vuldb.com/?ip.45.155.205.172) | - | - | High
+35 | [45.227.255.49](https://vuldb.com/?ip.45.227.255.49) | - | - | High
+36 | [46.17.96.36](https://vuldb.com/?ip.46.17.96.36) | - | - | High
+37 | [49.12.117.51](https://vuldb.com/?ip.49.12.117.51) | static.51.117.12.49.clients.your-server.de | - | High
+38 | [49.13.60.242](https://vuldb.com/?ip.49.13.60.242) | static.242.60.13.49.clients.your-server.de | - | High
+39 | [62.182.156.152](https://vuldb.com/?ip.62.182.156.152) | - | - | High
+40 | [62.204.41.4](https://vuldb.com/?ip.62.204.41.4) | - | - | High
+41 | [62.204.41.5](https://vuldb.com/?ip.62.204.41.5) | - | - | High
+42 | [62.204.41.6](https://vuldb.com/?ip.62.204.41.6) | - | - | High
+43 | ... | ... | ... | ...

-There are 163 more IOC items available. Please use our online service to access the data.
+There are 166 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -73,7 +74,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
-2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
@ -88,52 +89,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `//WEB-INF` | Medium
-2 | File | `/about.php` | Medium
-3 | File | `/admin/about-us.php` | High
-4 | File | `/admin/sys_sql_query.php` | High
-5 | File | `/api/baskets/{name}` | High
-6 | File | `/api/download` | High
-7 | File | `/api/stl/actions/search` | High
-8 | File | `/bin/ate` | Medium
-9 | File | `/bitrix/admin/ldap_server_edit.php` | High
-10 | File | `/booking/show_bookings/` | High
-11 | File | `/category.php` | High
-12 | File | `/cgi-bin` | Medium
-13 | File | `/cgi-bin/luci/api/wireless` | High
+1 | File | `/admin/about-us.php` | High
+2 | File | `/admin/save.php` | High
+3 | File | `/admin/sys_sql_query.php` | High
+4 | File | `/api/baskets/{name}` | High
+5 | File | `/api/download` | High
+6 | File | `/api/v1/terminal/sessions/?limit=1` | High
+7 | File | `/bin/ate` | Medium
+8 | File | `/bitrix/admin/ldap_server_edit.php` | High
+9 | File | `/booking/show_bookings/` | High
+10 | File | `/category.php` | High
+11 | File | `/categorypage.php` | High
+12 | File | `/cgi-bin/luci/api/wireless` | High
+13 | File | `/cgi-bin/vitogate.cgi` | High
 14 | File | `/company/store` | High
 15 | File | `/Content/Template/root/reverse-shell.aspx` | High
 16 | File | `/Controller/Ajaxfileupload.ashx` | High
 17 | File | `/core/conditions/AbstractWrapper.java` | High
 18 | File | `/csms/?page=contact_us` | High
 19 | File | `/dashboard/add-blog.php` | High
-20 | File | `/dcim/rack-roles/` | High
-21 | File | `/debug/pprof` | Medium
-22 | File | `/env` | Low
-23 | File | `/etc/passwd` | Medium
+20 | File | `/debug/pprof` | Medium
+21 | File | `/env` | Low
+22 | File | `/etc/passwd` | Medium
+23 | File | `/fcgi/scrut_fcgi.fcgi` | High
 24 | File | `/forum/away.php` | High
 25 | File | `/group1/uploa` | High
 26 | File | `/h/` | Low
-27 | File | `/inc/jquery/uploadify/uploadify.php` | High
+27 | File | `/HNAP1` | Low
 28 | File | `/index.php` | Medium
 29 | File | `/index.php?app=main&func=passport&action=login` | High
-30 | File | `/index.php?page=category_list` | High
-31 | File | `/jeecg-boot/sys/common/upload` | High
-32 | File | `/jobinfo/` | Medium
-33 | File | `/kelas/data` | Medium
-34 | File | `/Moosikay/order.php` | High
-35 | File | `/php-sms/admin/?page=user/manage_user` | High
-36 | File | `/PreviewHandler.ashx` | High
-37 | File | `/recipe-result` | High
-38 | File | `/register.do` | Medium
-39 | File | `/resources//../` | High
-40 | File | `/Service/ImageStationDataService.asmx` | High
-41 | File | `/spip.php` | Medium
-42 | File | `/squashfs-root/etc_ro/custom.conf` | High
-43 | File | `/staff/edit_book_details.php` | High
+30 | File | `/jeecg-boot/sys/common/upload` | High
+31 | File | `/jobinfo/` | Medium
+32 | File | `/php-sms/admin/?page=user/manage_user` | High
+33 | File | `/recipe-result` | High
+34 | File | `/register.do` | Medium
+35 | File | `/resources//../` | High
+36 | File | `/RPS2019Service/status.html` | High
+37 | File | `/Service/ImageStationDataService.asmx` | High
+38 | File | `/sicweb-ajax/tmproot/` | High
+39 | File | `/spip.php` | Medium
+40 | File | `/squashfs-root/etc_ro/custom.conf` | High
+41 | File | `/staff/edit_book_details.php` | High
+42 | File | `/student/bookdetails.php` | High
+43 | File | `/SysManage/AddUpdateRole.aspx` | High
 44 | ... | ... | ...

-There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -141,6 +142,7 @@ The following list contains _external sources_ which discuss the actor and the a

 * https://app.any.run/tasks/02899dcc-a26c-407a-b60c-3944a135f441
 * https://app.any.run/tasks/057f15c5-864c-4535-b8af-70405ead5fcd
+* https://app.any.run/tasks/5ef5240d-27b8-42f9-a436-f8b3e81308e2
 * https://app.any.run/tasks/6b4a52a0-4bbe-4c57-a196-a7c0e3425220
 * https://app.any.run/tasks/25aa27e9-a9e9-40cc-9152-d0373b9c7ebb
 * https://app.any.run/tasks/44ace516-679d-4a45-9c23-b3641ff4a094
@ -154,6 +156,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://threatfox.abuse.ch
 * https://threatvector.cylance.com/en_us/home/threat-spotlight-amadey-bot.html
 * https://tracker.viriback.com/index.php?q=5.42.65.1
+* https://tracker.viriback.com/index.php?q=5.42.65.28
 * https://tracker.viriback.com/index.php?q=5.42.65.80
 * https://tracker.viriback.com/index.php?q=5.75.139.35
 * https://tracker.viriback.com/index.php?q=31.41.244.146
@ -206,6 +209,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://tracker.viriback.com/index.php?q=77.91.68.78
 * https://tracker.viriback.com/index.php?q=77.91.78.118
 * https://tracker.viriback.com/index.php?q=77.91.78.242
+* https://tracker.viriback.com/index.php?q=77.91.124.1
 * https://tracker.viriback.com/index.php?q=77.91.124.20
 * https://tracker.viriback.com/index.php?q=77.91.124.207
 * https://tracker.viriback.com/index.php?q=77.91.124.242
@ -214,6 +218,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://tracker.viriback.com/index.php?q=79.137.203.59
 * https://tracker.viriback.com/index.php?q=83.217.11.7
 * https://tracker.viriback.com/index.php?q=85.31.45.199
+* https://tracker.viriback.com/index.php?q=85.209.11.199
 * https://tracker.viriback.com/index.php?q=85.209.135.11
 * https://tracker.viriback.com/index.php?q=85.209.135.109
 * https://tracker.viriback.com/index.php?q=87.121.47.63
--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...

-There are 17 more country items available. Please use our online service to access the data.
+There are 15 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -629,14 +629,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

-There are 19 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -647,58 +647,58 @@ ID | Type | Indicator | Confidence
 1 | File | `//WEB-INF` | Medium
 2 | File | `/about.php` | Medium
 3 | File | `/admin.php/update/getFile.html` | High
-4 | File | `/admin/cashadvance_row.php` | High
-5 | File | `/admin/inquiries/view_inquiry.php` | High
-6 | File | `/admin/maintenance/view_designation.php` | High
-7 | File | `/admin/report/index.php` | High
-8 | File | `/admin/sys_sql_query.php` | High
-9 | File | `/admin/userprofile.php` | High
-10 | File | `/api/baskets/{name}` | High
-11 | File | `/bitrix/admin/ldap_server_edit.php` | High
-12 | File | `/cgi-bin/luci/api/wireless` | High
-13 | File | `/cgi-bin/wapopen` | High
-14 | File | `/classes/Master.php?f=delete_service` | High
-15 | File | `/classes/Master.php?f=save_course` | High
-16 | File | `/company/store` | High
-17 | File | `/Content/Template/root/reverse-shell.aspx` | High
-18 | File | `/Controller/Ajaxfileupload.ashx` | High
-19 | File | `/core/conditions/AbstractWrapper.java` | High
-20 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
-21 | File | `/etc/passwd` | Medium
-22 | File | `/feeds/post/publish` | High
-23 | File | `/forum/away.php` | High
-24 | File | `/h/` | Low
-25 | File | `/inc/jquery/uploadify/uploadify.php` | High
-26 | File | `/inc/topBarNav.php` | High
-27 | File | `/index.php?app=main&func=passport&action=login` | High
-28 | File | `/index.php?page=category_list` | High
-29 | File | `/jeecg-boot/sys/common/upload` | High
-30 | File | `/jobinfo/` | Medium
-31 | File | `/Moosikay/order.php` | High
-32 | File | `/opac/Actions.php?a=login` | High
-33 | File | `/PreviewHandler.ashx` | High
-34 | File | `/public/launchNewWindow.jsp` | High
-35 | File | `/recipe-result` | High
-36 | File | `/register.do` | Medium
-37 | File | `/reservation/add_message.php` | High
-38 | File | `/Service/ImageStationDataService.asmx` | High
-39 | File | `/spip.php` | Medium
-40 | File | `/student/bookdetails.php` | High
-41 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
-42 | File | `/uploads/exam_question/` | High
-43 | File | `/user/ticket/create` | High
-44 | File | `/user/updatePwd` | High
-45 | File | `/UserSelfServiceSettings.jsp` | High
-46 | File | `/var/lib/docker/<remapping>` | High
-47 | File | `/wp-admin/admin-ajax.php` | High
-48 | File | `/xxl-job-admin/user/add` | High
-49 | File | `a-forms.php` | Medium
-50 | File | `activenews_view.asp` | High
-51 | File | `adclick.php` | Medium
-52 | File | `admin.a6mambocredits.php` | High
+4 | File | `/admin/inquiries/view_inquiry.php` | High
+5 | File | `/admin/maintenance/view_designation.php` | High
+6 | File | `/admin/save.php` | High
+7 | File | `/admin/sys_sql_query.php` | High
+8 | File | `/api/baskets/{name}` | High
+9 | File | `/api/download` | High
+10 | File | `/api/runscript` | High
+11 | File | `/api/v1/terminal/sessions/?limit=1` | High
+12 | File | `/bitrix/admin/ldap_server_edit.php` | High
+13 | File | `/category.php` | High
+14 | File | `/categorypage.php` | High
+15 | File | `/cgi-bin/luci/api/wireless` | High
+16 | File | `/cgi-bin/vitogate.cgi` | High
+17 | File | `/classes/Master.php?f=delete_service` | High
+18 | File | `/classes/Master.php?f=save_course` | High
+19 | File | `/company/store` | High
+20 | File | `/Content/Template/root/reverse-shell.aspx` | High
+21 | File | `/Controller/Ajaxfileupload.ashx` | High
+22 | File | `/core/conditions/AbstractWrapper.java` | High
+23 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
+24 | File | `/etc/passwd` | Medium
+25 | File | `/fcgi/scrut_fcgi.fcgi` | High
+26 | File | `/feeds/post/publish` | High
+27 | File | `/forum/away.php` | High
+28 | File | `/h/` | Low
+29 | File | `/HNAP1` | Low
+30 | File | `/inc/jquery/uploadify/uploadify.php` | High
+31 | File | `/index.php?app=main&func=passport&action=login` | High
+32 | File | `/index.php?page=category_list` | High
+33 | File | `/jeecg-boot/sys/common/upload` | High
+34 | File | `/jobinfo/` | Medium
+35 | File | `/Moosikay/order.php` | High
+36 | File | `/opac/Actions.php?a=login` | High
+37 | File | `/out.php` | Medium
+38 | File | `/PreviewHandler.ashx` | High
+39 | File | `/recipe-result` | High
+40 | File | `/register.do` | Medium
+41 | File | `/reservation/add_message.php` | High
+42 | File | `/RPS2019Service/status.html` | High
+43 | File | `/Service/ImageStationDataService.asmx` | High
+44 | File | `/sicweb-ajax/tmproot/` | High
+45 | File | `/spip.php` | Medium
+46 | File | `/student/bookdetails.php` | High
+47 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
+48 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
+49 | File | `/uploads/exam_question/` | High
+50 | File | `/user/ticket/create` | High
+51 | File | `/UserSelfServiceSettings.jsp` | High
+52 | File | `/var/lib/docker/<remapping>` | High
 53 | ... | ... | ...

-There are 460 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 461 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/AsyncRAT/README.md
+++ b/actors/AsyncRAT/README.md
--- a/actors/Azorult/README.md
+++ b/actors/Azorult/README.md
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Azorult:

 * [US](https://vuldb.com/?country.us)
-* [NL](https://vuldb.com/?country.nl)
-* [RU](https://vuldb.com/?country.ru)
+* [CN](https://vuldb.com/?country.cn)
+* [LA](https://vuldb.com/?country.la)
 * ...

-There are 15 more country items available. Please use our online service to access the data.
+There are 24 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -21,20 +21,90 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
-2 | [23.106.124.148](https://vuldb.com/?ip.23.106.124.148) | - | - | High
-3 | [23.221.227.176](https://vuldb.com/?ip.23.221.227.176) | a23-221-227-176.deploy.static.akamaitechnologies.com | - | High
-4 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
-5 | [37.140.192.153](https://vuldb.com/?ip.37.140.192.153) | scp59.hosting.reg.ru | - | High
-6 | [37.140.192.166](https://vuldb.com/?ip.37.140.192.166) | scp46.hosting.reg.ru | - | High
-7 | [45.76.18.39](https://vuldb.com/?ip.45.76.18.39) | 45.76.18.39.vultrusercontent.com | - | High
-8 | [45.139.236.14](https://vuldb.com/?ip.45.139.236.14) | - | - | High
-9 | [45.140.147.214](https://vuldb.com/?ip.45.140.147.214) | vm1329418.stark-industries.solutions | - | High
-10 | [46.183.220.70](https://vuldb.com/?ip.46.183.220.70) | - | - | High
-11 | [46.183.221.76](https://vuldb.com/?ip.46.183.221.76) | ip-221-76.dataclub.info | - | High
-12 | ... | ... | ... | ...
+1 | [3.104.54.134](https://vuldb.com/?ip.3.104.54.134) | ec2-3-104-54-134.ap-southeast-2.compute.amazonaws.com | - | Medium
+2 | [3.122.247.28](https://vuldb.com/?ip.3.122.247.28) | ec2-3-122-247-28.eu-central-1.compute.amazonaws.com | - | Medium
+3 | [3.123.254.92](https://vuldb.com/?ip.3.123.254.92) | ec2-3-123-254-92.eu-central-1.compute.amazonaws.com | - | Medium
+4 | [3.126.249.36](https://vuldb.com/?ip.3.126.249.36) | ec2-3-126-249-36.eu-central-1.compute.amazonaws.com | - | Medium
+5 | [5.8.88.26](https://vuldb.com/?ip.5.8.88.26) | - | - | High
+6 | [5.8.88.74](https://vuldb.com/?ip.5.8.88.74) | - | - | High
+7 | [5.8.88.90](https://vuldb.com/?ip.5.8.88.90) | - | - | High
+8 | [5.8.88.107](https://vuldb.com/?ip.5.8.88.107) | - | - | High
+9 | [5.8.88.144](https://vuldb.com/?ip.5.8.88.144) | - | - | High
+10 | [5.23.55.170](https://vuldb.com/?ip.5.23.55.170) | 112152-garant222.tmweb.ru | - | High
+11 | [5.34.177.120](https://vuldb.com/?ip.5.34.177.120) | unallocated.layer6.net | - | High
+12 | [5.39.218.162](https://vuldb.com/?ip.5.39.218.162) | - | - | High
+13 | [5.45.77.6](https://vuldb.com/?ip.5.45.77.6) | - | - | High
+14 | [5.56.134.65](https://vuldb.com/?ip.5.56.134.65) | - | - | High
+15 | [5.152.206.196](https://vuldb.com/?ip.5.152.206.196) | h5-152-206-196.host.redstation.co.uk | - | High
+16 | [5.188.60.41](https://vuldb.com/?ip.5.188.60.41) | - | - | High
+17 | [5.188.231.68](https://vuldb.com/?ip.5.188.231.68) | lax.4729 | - | High
+18 | [5.188.231.156](https://vuldb.com/?ip.5.188.231.156) | free.ds | - | High
+19 | [5.188.231.247](https://vuldb.com/?ip.5.188.231.247) | - | - | High
+20 | [5.188.231.253](https://vuldb.com/?ip.5.188.231.253) | - | - | High
+21 | [5.200.47.181](https://vuldb.com/?ip.5.200.47.181) | - | - | High
+22 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
+23 | [13.229.153.16](https://vuldb.com/?ip.13.229.153.16) | ec2-13-229-153-16.ap-southeast-1.compute.amazonaws.com | - | Medium
+24 | [15.236.142.224](https://vuldb.com/?ip.15.236.142.224) | ec2-15-236-142-224.eu-west-3.compute.amazonaws.com | - | Medium
+25 | [18.159.53.170](https://vuldb.com/?ip.18.159.53.170) | ec2-18-159-53-170.eu-central-1.compute.amazonaws.com | - | Medium
+26 | [18.185.149.145](https://vuldb.com/?ip.18.185.149.145) | ec2-18-185-149-145.eu-central-1.compute.amazonaws.com | - | Medium
+27 | [18.192.122.2](https://vuldb.com/?ip.18.192.122.2) | ec2-18-192-122-2.eu-central-1.compute.amazonaws.com | - | Medium
+28 | [18.216.84.23](https://vuldb.com/?ip.18.216.84.23) | ec2-18-216-84-23.us-east-2.compute.amazonaws.com | - | Medium
+29 | [18.218.130.236](https://vuldb.com/?ip.18.218.130.236) | ec2-18-218-130-236.us-east-2.compute.amazonaws.com | - | Medium
+30 | [18.220.44.88](https://vuldb.com/?ip.18.220.44.88) | ec2-18-220-44-88.us-east-2.compute.amazonaws.com | - | Medium
+31 | [20.36.46.115](https://vuldb.com/?ip.20.36.46.115) | - | - | High
+32 | [23.94.253.124](https://vuldb.com/?ip.23.94.253.124) | cbs.propause.bar | - | High
+33 | [23.95.88.121](https://vuldb.com/?ip.23.95.88.121) | aguug.fkjr121.glerlium.cfd | - | High
+34 | [23.106.122.215](https://vuldb.com/?ip.23.106.122.215) | - | - | High
+35 | [23.106.124.148](https://vuldb.com/?ip.23.106.124.148) | - | - | High
+36 | [23.106.160.1](https://vuldb.com/?ip.23.106.160.1) | v2013.er01.dal.ubiquity.io | - | High
+37 | [23.221.227.176](https://vuldb.com/?ip.23.221.227.176) | a23-221-227-176.deploy.static.akamaitechnologies.com | - | High
+38 | [23.247.102.18](https://vuldb.com/?ip.23.247.102.18) | pyprak.munisten.com | - | High
+39 | [23.249.162.26](https://vuldb.com/?ip.23.249.162.26) | - | - | High
+40 | [23.249.162.163](https://vuldb.com/?ip.23.249.162.163) | - | - | High
+41 | [31.148.220.50](https://vuldb.com/?ip.31.148.220.50) | - | - | High
+42 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
+43 | [35.228.218.42](https://vuldb.com/?ip.35.228.218.42) | 42.218.228.35.bc.googleusercontent.com | - | Medium
+44 | [37.0.10.51](https://vuldb.com/?ip.37.0.10.51) | - | - | High
+45 | [37.44.212.156](https://vuldb.com/?ip.37.44.212.156) | - | - | High
+46 | [37.46.150.14](https://vuldb.com/?ip.37.46.150.14) | - | - | High
+47 | [37.49.225.167](https://vuldb.com/?ip.37.49.225.167) | - | - | High
+48 | [37.49.225.178](https://vuldb.com/?ip.37.49.225.178) | - | - | High
+49 | [37.49.225.194](https://vuldb.com/?ip.37.49.225.194) | - | - | High
+50 | [37.97.190.174](https://vuldb.com/?ip.37.97.190.174) | 37-97-190-174.colo.transip.net | - | High
+51 | [37.140.192.153](https://vuldb.com/?ip.37.140.192.153) | scp59.hosting.reg.ru | - | High
+52 | [37.140.192.166](https://vuldb.com/?ip.37.140.192.166) | scp46.hosting.reg.ru | - | High
+53 | [38.68.39.209](https://vuldb.com/?ip.38.68.39.209) | - | - | High
+54 | [45.14.50.207](https://vuldb.com/?ip.45.14.50.207) | - | - | High
+55 | [45.56.89.165](https://vuldb.com/?ip.45.56.89.165) | 45-56-89-165.ip.linodeusercontent.com | - | High
+56 | [45.56.100.248](https://vuldb.com/?ip.45.56.100.248) | 45-56-100-248.ip.linodeusercontent.com | - | High
+57 | [45.56.106.128](https://vuldb.com/?ip.45.56.106.128) | 45-56-106-128.ip.linodeusercontent.com | - | High
+58 | [45.67.14.179](https://vuldb.com/?ip.45.67.14.179) | - | - | High
+59 | [45.67.14.181](https://vuldb.com/?ip.45.67.14.181) | - | - | High
+60 | [45.76.18.39](https://vuldb.com/?ip.45.76.18.39) | 45.76.18.39.vultrusercontent.com | - | High
+61 | [45.80.149.68](https://vuldb.com/?ip.45.80.149.68) | - | - | High
+62 | [45.81.226.17](https://vuldb.com/?ip.45.81.226.17) | vm4511296.34ssd.had.wf | - | High
+63 | [45.95.147.64](https://vuldb.com/?ip.45.95.147.64) | - | - | High
+64 | [45.95.168.162](https://vuldb.com/?ip.45.95.168.162) | server2.allianttgroup.com | - | High
+65 | [45.137.22.58](https://vuldb.com/?ip.45.137.22.58) | hosted-by.rootlayer.net | - | High
+66 | [45.139.236.14](https://vuldb.com/?ip.45.139.236.14) | - | - | High
+67 | [45.140.146.18](https://vuldb.com/?ip.45.140.146.18) | node.28 | - | High
+68 | [45.140.147.214](https://vuldb.com/?ip.45.140.147.214) | vm1329418.stark-industries.solutions | - | High
+69 | [45.145.185.26](https://vuldb.com/?ip.45.145.185.26) | - | - | High
+70 | [45.145.185.73](https://vuldb.com/?ip.45.145.185.73) | - | - | High
+71 | [45.145.185.111](https://vuldb.com/?ip.45.145.185.111) | - | - | High
+72 | [45.145.185.253](https://vuldb.com/?ip.45.145.185.253) | - | - | High
+73 | [45.147.228.74](https://vuldb.com/?ip.45.147.228.74) | - | - | High
+74 | [45.147.230.200](https://vuldb.com/?ip.45.147.230.200) | - | - | High
+75 | [45.153.203.81](https://vuldb.com/?ip.45.153.203.81) | - | - | High
+76 | [45.156.22.167](https://vuldb.com/?ip.45.156.22.167) | - | - | High
+77 | [46.17.43.102](https://vuldb.com/?ip.46.17.43.102) | - | - | High
+78 | [46.183.220.70](https://vuldb.com/?ip.46.183.220.70) | - | - | High
+79 | [46.183.221.76](https://vuldb.com/?ip.46.183.221.76) | ip-221-76.dataclub.info | - | High
+80 | [46.183.222.66](https://vuldb.com/?ip.46.183.222.66) | ip-222-66.dataclub.info | - | High
+81 | [46.183.223.7](https://vuldb.com/?ip.46.183.223.7) | ip-223-7.dataclub.info | - | High
+82 | ... | ... | ... | ...

-There are 42 more IOC items available. Please use our online service to access the data.
+There are 325 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -42,12 +112,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
-2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36, CWE-37 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
 7 | ... | ... | ... | ...

 There are 23 more TTP items available. Please use our online service to access the data.
@ -58,67 +128,73 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `/admin/ajax.php` | High
-3 | File | `/admin/ajax.php?action=save_window` | High
-4 | File | `/admin/article.php` | High
-5 | File | `/admin/countrymanagement.php` | High
-6 | File | `/admin/deluser.php` | High
-7 | File | `/admin/transactions/track_shipment.php` | High
-8 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
-9 | File | `/admin/user/manage_user.php` | High
-10 | File | `/administration/settings_registration.php` | High
-11 | File | `/administration/theme.php` | High
-12 | File | `/ajax-files/postComment.php` | High
-13 | File | `/alert_check/action=delete_alert_checker/alert_test_id` | High
-14 | File | `/auparse/auparse.c` | High
-15 | File | `/aux` | Low
-16 | File | `/BindAccount/SuccessTips.js` | High
-17 | File | `/categorypage.php` | High
-18 | File | `/cgi-bin/system_mgr.cgi` | High
-19 | File | `/cgi-bin/wlogin.cgi` | High
-20 | File | `/classes/Master.php` | High
-21 | File | `/collection/all` | High
-22 | File | `/config/list` | Medium
-23 | File | `/data/syslog.filter.json` | High
-24 | File | `/data/wps.setup.json` | High
-25 | File | `/forum/away.php` | High
-26 | File | `/goform/QuickIndex` | High
-27 | File | `/goform/SetInternetLanInfo` | High
-28 | File | `/goform/setMacFilterCfg` | High
-29 | File | `/goform/SetNetControlList` | High
-30 | File | `/goform/WifiBasicSet` | High
-31 | File | `/home.php` | Medium
-32 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
-33 | File | `/index.php` | Medium
-34 | File | `/iwgallery/pictures/details.asp` | High
-35 | File | `/list_temp_photo_pin_upload.php` | High
-36 | File | `/login.php` | Medium
-37 | File | `/manage/network-basic.php` | High
-38 | File | `/medical/inventories.php` | High
-39 | File | `/news-portal-script/information.php` | High
-40 | File | `/nova/bin/console` | High
-41 | File | `/pages.php` | Medium
-42 | File | `/pages/save_user.php` | High
-43 | File | `/patient/doctors.php` | High
-44 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
-45 | File | `/print.php` | Medium
-46 | File | `/public/login.htm` | High
-47 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
-48 | File | `/rom-0` | Low
-49 | File | `/searchpin.php` | High
-50 | File | `/services/Card/findUser` | High
-51 | File | `/showfile.php` | High
-52 | File | `/show_group_members.php` | High
-53 | File | `/timeline2.php` | High
-54 | File | `/uncpath/` | Medium
-55 | File | `/uno/central.php` | High
-56 | File | `/user/profile` | High
-57 | File | `/user/ticket/create` | High
-58 | File | `/usr/local/psa/admin/sbin/wrapper` | High
-59 | ... | ... | ...
+1 | File | `/?ajax-request=jnews` | High
+2 | File | `/?p=products` | Medium
+3 | File | `/?r=recruit/resume/edit&op=status` | High
+4 | File | `/admin.php/accessory/filesdel.html` | High
+5 | File | `/admin/?page=user/list` | High
+6 | File | `/admin/?page=user/manage` | High
+7 | File | `/admin/?page=user/manage_user&id=3` | High
+8 | File | `/admin/about-us.php` | High
+9 | File | `/admin/add-new.php` | High
+10 | File | `/admin/del_category.php` | High
+11 | File | `/admin/del_service.php` | High
+12 | File | `/admin/doctors.php` | High
+13 | File | `/admin/edit-accepted-appointment.php` | High
+14 | File | `/admin/edit-services.php` | High
+15 | File | `/admin/edit_category.php` | High
+16 | File | `/admin/edit_subject.php` | High
+17 | File | `/admin/forgot-password.php` | High
+18 | File | `/admin/index.php` | High
+19 | File | `/admin/index3.php` | High
+20 | File | `/admin/login.php` | High
+21 | File | `/admin/products/manage_product.php` | High
+22 | File | `/admin/reg.php` | High
+23 | File | `/admin/search-appointment.php` | High
+24 | File | `/admin/sys_sql_query.php` | High
+25 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+26 | File | `/alphaware/summary.php` | High
+27 | File | `/api/` | Low
+28 | File | `/api/admin/store/product/list` | High
+29 | File | `/api/baskets/{name}` | High
+30 | File | `/api/stl/actions/search` | High
+31 | File | `/api/v2/cli/commands` | High
+32 | File | `/appliance/users?action=edit` | High
+33 | File | `/backup.pl` | Medium
+34 | File | `/bin/ate` | Medium
+35 | File | `/blog` | Low
+36 | File | `/boat/login.php` | High
+37 | File | `/booking/show_bookings/` | High
+38 | File | `/bsms_ci/index.php/book` | High
+39 | File | `/cgi-bin` | Medium
+40 | File | `/cgi-bin/wlogin.cgi` | High
+41 | File | `/collection/all` | High
+42 | File | `/Content/Template/root/reverse-shell.aspx` | High
+43 | File | `/dashboard/add-blog.php` | High
+44 | File | `/debug/pprof` | Medium
+45 | File | `/dipam/athlete-profile.php` | High
+46 | File | `/DXR.axd` | Medium
+47 | File | `/E-mobile/App/System/File/downfile.php` | High
+48 | File | `/edoc/doctor/patient.php` | High
+49 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
+50 | File | `/env` | Low
+51 | File | `/forum/away.php` | High
+52 | File | `/fusion/portal/action/Link` | High
+53 | File | `/group1/uploa` | High
+54 | File | `/h/autoSaveDraft` | High
+55 | File | `/importexport.php` | High
+56 | File | `/index.php` | Medium
+57 | File | `/index.php?app=main&func=passport&action=login` | High
+58 | File | `/kelasdosen/data` | High
+59 | File | `/listplace/user/coverPhotoUpdate` | High
+60 | File | `/loginsave.php` | High
+61 | File | `/medicines/profile.php` | High
+62 | File | `/mhds/clinic/view_details.php` | High
+63 | File | `/osm/REGISTER.cmd` | High
+64 | File | `/out.php` | Medium
+65 | ... | ... | ...

-There are 517 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 569 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/B1txor20/README.md
+++ b/actors/B1txor20/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [LU](https://vuldb.com/?country.lu)
 * ...

-There are 10 more country items available. Please use our online service to access the data.
+There are 8 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -44,7 +44,7 @@ ID | Technique | Weakness | Description | Confidence
 1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

@ -59,61 +59,63 @@ ID | Type | Indicator | Confidence
 1 | File | `.github/workflows/comment.yml` | High
 2 | File | `/?r=recruit/resume/edit&op=status` | High
 3 | File | `/academy/home/courses` | High
-4 | File | `/act/ActDao.xml` | High
-5 | File | `/ad-list` | Medium
+4 | File | `/ad-list` | Medium
+5 | File | `/admin/?page=bike` | High
 6 | File | `/admin/?page=user/list` | High
 7 | File | `/admin/?page=user/manage_user&id=3` | High
-8 | File | `/admin/article/article-edit-run.php` | High
-9 | File | `/admin/edit-accepted-appointment.php` | High
-10 | File | `/admin/edit-services.php` | High
-11 | File | `/admin/edit_product.php` | High
-12 | File | `/admin/index.php` | High
-13 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
-14 | File | `/admin/modal_add_product.php` | High
-15 | File | `/admin/project/update/2` | High
-16 | File | `/admin/reg.php` | High
+8 | File | `/admin/ajax.php?action=confirm_order` | High
+9 | File | `/admin/article/article-edit-run.php` | High
+10 | File | `/admin/cms_admin.php` | High
+11 | File | `/admin/edit-accepted-appointment.php` | High
+12 | File | `/admin/edit-services.php` | High
+13 | File | `/admin/edit_product.php` | High
+14 | File | `/admin/index.php` | High
+15 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
+16 | File | `/admin/leancloud.php` | High
 17 | File | `/admin/sys_sql_query.php` | High
-18 | File | `/admin/test_status.php` | High
-19 | File | `/admin/upload.php` | High
-20 | File | `/admin/userprofile.php` | High
-21 | File | `/admin/vote_edit.php` | High
-22 | File | `/api/baskets/{name}` | High
-23 | File | `/api/sys/login` | High
-24 | File | `/App_Resource/UEditor/server/upload.aspx` | High
-25 | File | `/author_posts.php` | High
-26 | File | `/bin/ate` | Medium
-27 | File | `/bin/sh` | Low
+18 | File | `/admin/TemplateController.java` | High
+19 | File | `/admin/test_status.php` | High
+20 | File | `/admin/upload.php` | High
+21 | File | `/admin/userprofile.php` | High
+22 | File | `/admin/vote_edit.php` | High
+23 | File | `/api/baskets/{name}` | High
+24 | File | `/api/sys/login` | High
+25 | File | `/api/sys/set_passwd` | High
+26 | File | `/App_Resource/UEditor/server/upload.aspx` | High
+27 | File | `/autheditpwd.php` | High
 28 | File | `/blog` | Low
 29 | File | `/blog-single.php` | High
-30 | File | `/booking/show_bookings/` | High
-31 | File | `/browse` | Low
+30 | File | `/browse` | Low
+31 | File | `/cgi-bin/` | Medium
 32 | File | `/chaincity/user/ticket/create` | High
-33 | File | `/change-language/de_DE` | High
+33 | File | `/changePassword` | High
 34 | File | `/classes/Master.php?f=delete_category` | High
 35 | File | `/classes/Master.php?f=delete_inquiry` | High
-36 | File | `/classes/Master.php?f=save_inquiry` | High
-37 | File | `/classes/Master.php?f=save_item` | High
-38 | File | `/collection/all` | High
-39 | File | `/company/store` | High
-40 | File | `/config` | Low
-41 | File | `/contact.php` | Medium
-42 | File | `/Content/Template/root/reverse-shell.aspx` | High
-43 | File | `/Controller/Ajaxfileupload.ashx` | High
-44 | File | `/dashboard/add-blog.php` | High
-45 | File | `/debug/pprof` | Medium
-46 | File | `/dipam/save-delegates.php` | High
-47 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
-48 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
-49 | File | `/ecommerce/support_ticket` | High
-50 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
-51 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
-52 | File | `/file` | Low
-53 | File | `/file/upload/1` | High
-54 | File | `/find-a-match` | High
-55 | File | `/forum/away.php` | High
-56 | ... | ... | ...
+36 | File | `/collection/all` | High
+37 | File | `/company/store` | High
+38 | File | `/Content/Template/root/reverse-shell.aspx` | High
+39 | File | `/Controller/Ajaxfileupload.ashx` | High
+40 | File | `/course/filterRecords/` | High
+41 | File | `/dashboard/add-blog.php` | High
+42 | File | `/debug/pprof` | Medium
+43 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
+44 | File | `/edit_user.php` | High
+45 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
+46 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
+47 | File | `/file/upload/1` | High
+48 | File | `/find-a-match` | High
+49 | File | `/forum/away.php` | High
+50 | File | `/friends` | Medium
+51 | File | `/friends/ajax_invite` | High
+52 | File | `/fusion/portal/action/Link` | High
+53 | File | `/goform/SetSysTimeCfg` | High
+54 | File | `/group1/uploa` | High
+55 | File | `/home/courses` | High
+56 | File | `/home/filter_listings` | High
+57 | File | `/home/search` | Medium
+58 | ... | ... | ...

-There are 492 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 511 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/BazarBackdoor/README.md
+++ b/actors/BazarBackdoor/README.md
@ -9,11 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BazarBackdoor:

 * [VN](https://vuldb.com/?country.vn)
-* [CN](https://vuldb.com/?country.cn)
 * [US](https://vuldb.com/?country.us)
-* ...
-
-There are 1 more country items available. Please use our online service to access the data.
+* [CN](https://vuldb.com/?country.cn)

 ## IOC - Indicator of Compromise

@ -174,13 +171,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-36 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
 4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
-6 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-7 | ... | ... | ... | ...
+6 | ... | ... | ... | ...

 There are 22 more TTP items available. Please use our online service to access the data.

@ -192,49 +188,49 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/academy/home/courses` | High
 2 | File | `/admin/adclass.php` | High
-3 | File | `/admin/students/view_details.php` | High
-4 | File | `/ajax-files/followBoard.php` | High
-5 | File | `/ajax.php?action=read_msg` | High
-6 | File | `/api/baskets/{name}` | High
-7 | File | `/api/upload.php` | High
-8 | File | `/api?path=profile` | High
-9 | File | `/auth/callback` | High
-10 | File | `/authenticationendpoint/login.do` | High
-11 | File | `/cgi-bin/wlogin.cgi` | High
-12 | File | `/cgi.cgi` | Medium
-13 | File | `/ci_spms/admin/search/searching/` | High
-14 | File | `/classes/Master.php?f=save_brand` | High
-15 | File | `/collection/all` | High
-16 | File | `/Content/Template/root/reverse-shell.aspx` | High
-17 | File | `/ctcprotocol/Protocol` | High
-18 | File | `/DXR.axd` | Medium
-19 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
-20 | File | `/etc/pki/pesign` | High
-21 | File | `/files/` | Low
-22 | File | `/forum/away.php` | High
-23 | File | `/goform/setportList` | High
-24 | File | `/goform/set_LimitClient_cfg` | High
-25 | File | `/graphql` | Medium
-26 | File | `/h/autoSaveDraft` | High
-27 | File | `/home/cavesConsole` | High
-28 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
-29 | File | `/index.php?page=member` | High
-30 | File | `/jurusanmatkul/data` | High
-31 | File | `/log/decodmail.php` | High
-32 | File | `/login.php?do=login` | High
-33 | File | `/modules/projects/vw_files.php` | High
-34 | File | `/plugins/playbooks/api/v0/runs` | High
-35 | File | `/public/login.htm` | High
-36 | File | `/QueryView.php` | High
-37 | File | `/release-x64/otfccdump+0x61731f` | High
-38 | File | `/romfile.cfg` | Medium
-39 | File | `/scripts/unlock_tasks.php` | High
-40 | File | `/search.php` | Medium
-41 | File | `/sitecore/shell/Invoke.aspx` | High
-42 | File | `/squashfs-root/etc_ro/custom.conf` | High
+3 | File | `/admin/admin-profile.php` | High
+4 | File | `/admin/sales/view_details.php` | High
+5 | File | `/admin/students/view_details.php` | High
+6 | File | `/ajax-files/followBoard.php` | High
+7 | File | `/ajax.php?action=read_msg` | High
+8 | File | `/api/cron/settings/setJob/` | High
+9 | File | `/api/v1/snapshots` | High
+10 | File | `/audit/log/log_management.php` | High
+11 | File | `/auth/callback` | High
+12 | File | `/authenticationendpoint/login.do` | High
+13 | File | `/cgi-bin/mainfunction.cgi` | High
+14 | File | `/cgi-bin/wlogin.cgi` | High
+15 | File | `/cgi.cgi` | Medium
+16 | File | `/classes/Users.php` | High
+17 | File | `/collection/all` | High
+18 | File | `/Content/Template/root/reverse-shell.aspx` | High
+19 | File | `/ctcprotocol/Protocol` | High
+20 | File | `/dottie.js` | Medium
+21 | File | `/DXR.axd` | Medium
+22 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
+23 | File | `/env` | Low
+24 | File | `/files/` | Low
+25 | File | `/forms/doLogin` | High
+26 | File | `/forum/away.php` | High
+27 | File | `/goform/setportList` | High
+28 | File | `/h/autoSaveDraft` | High
+29 | File | `/home/cavesConsole` | High
+30 | File | `/index.php` | Medium
+31 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
+32 | File | `/index.php?page=member` | High
+33 | File | `/jurusanmatkul/data` | High
+34 | File | `/librarian/bookdetails.php` | High
+35 | File | `/log/decodmail.php` | High
+36 | File | `/log/webmailattach.php` | High
+37 | File | `/login.php?do=login` | High
+38 | File | `/php-opos/index.php` | High
+39 | File | `/public/login.htm` | High
+40 | File | `/QueryView.php` | High
+41 | File | `/recreate.php` | High
+42 | File | `/romfile.cfg` | Medium
 43 | ... | ... | ...

-There are 371 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 370 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/BianLian/README.md
+++ b/actors/BianLian/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...

-There are 17 more country items available. Please use our online service to access the data.
+There are 15 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -23,110 +23,118 @@ ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [2.59.254.29](https://vuldb.com/?ip.2.59.254.29) | - | - | High
 2 | [3.72.105.50](https://vuldb.com/?ip.3.72.105.50) | ec2-3-72-105-50.eu-central-1.compute.amazonaws.com | - | Medium
-3 | [3.82.108.57](https://vuldb.com/?ip.3.82.108.57) | ec2-3-82-108-57.compute-1.amazonaws.com | - | Medium
-4 | [3.109.108.143](https://vuldb.com/?ip.3.109.108.143) | ec2-3-109-108-143.ap-south-1.compute.amazonaws.com | - | Medium
-5 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
-6 | [3.236.161.7](https://vuldb.com/?ip.3.236.161.7) | ec2-3-236-161-7.compute-1.amazonaws.com | - | Medium
-7 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
-8 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
-9 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
-10 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
-11 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
-12 | [5.181.20.110](https://vuldb.com/?ip.5.181.20.110) | - | - | High
-13 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
-14 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
-15 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
-16 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
-17 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
-18 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
-19 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
-20 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
-21 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
-22 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
-23 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
-24 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
-25 | [5.255.123.19](https://vuldb.com/?ip.5.255.123.19) | - | - | High
-26 | [13.38.36.123](https://vuldb.com/?ip.13.38.36.123) | ec2-13-38-36-123.eu-west-3.compute.amazonaws.com | - | Medium
-27 | [13.38.37.128](https://vuldb.com/?ip.13.38.37.128) | ec2-13-38-37-128.eu-west-3.compute.amazonaws.com | - | Medium
-28 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
-29 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
-30 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
-31 | [13.212.116.128](https://vuldb.com/?ip.13.212.116.128) | ec2-13-212-116-128.ap-southeast-1.compute.amazonaws.com | - | Medium
-32 | [13.215.227.78](https://vuldb.com/?ip.13.215.227.78) | ec2-13-215-227-78.ap-southeast-1.compute.amazonaws.com | - | Medium
-33 | [13.215.228.73](https://vuldb.com/?ip.13.215.228.73) | ec2-13-215-228-73.ap-southeast-1.compute.amazonaws.com | - | Medium
-34 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
-35 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
-36 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
-37 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
-38 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
-39 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
-40 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
-41 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
-42 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
-43 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
-44 | [23.106.215.47](https://vuldb.com/?ip.23.106.215.47) | - | - | High
-45 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
-46 | [23.163.0.32](https://vuldb.com/?ip.23.163.0.32) | gods-cible.hotelalder.com | - | High
-47 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
-48 | [23.163.0.50](https://vuldb.com/?ip.23.163.0.50) | nordns.crowncloud.net | - | High
-49 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
-50 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
-51 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
-52 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
-53 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
-54 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
-55 | [23.227.203.245](https://vuldb.com/?ip.23.227.203.245) | 23-227-203-245.static.hvvc.us | - | High
-56 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
-57 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
-58 | [34.207.174.202](https://vuldb.com/?ip.34.207.174.202) | ec2-34-207-174-202.compute-1.amazonaws.com | - | Medium
-59 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
-60 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
-61 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
-62 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
-63 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
-64 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
-65 | [37.1.220.35](https://vuldb.com/?ip.37.1.220.35) | - | - | High
-66 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
-67 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
-68 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
-69 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
-70 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
-71 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
-72 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
-73 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
-74 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
-75 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
-76 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
-77 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
-78 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
-79 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
-80 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
-81 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
-82 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
-83 | [45.45.219.118](https://vuldb.com/?ip.45.45.219.118) | - | - | High
-84 | [45.56.162.16](https://vuldb.com/?ip.45.56.162.16) | sand-162016.sandartery.com | - | High
-85 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
-86 | [45.58.52.123](https://vuldb.com/?ip.45.58.52.123) | - | - | High
-87 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
-88 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
-89 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
-90 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
-91 | [45.80.151.49](https://vuldb.com/?ip.45.80.151.49) | - | - | High
-92 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
-93 | [45.82.153.168](https://vuldb.com/?ip.45.82.153.168) | - | - | High
-94 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
-95 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
-96 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
-97 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
-98 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
-99 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
-100 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
-101 | [45.128.156.43](https://vuldb.com/?ip.45.128.156.43) | buyetcapp.store | - | High
-102 | [45.134.174.99](https://vuldb.com/?ip.45.134.174.99) | dedicated.vsys.host | - | High
-103 | [45.138.172.80](https://vuldb.com/?ip.45.138.172.80) | - | - | High
-104 | ... | ... | ... | ...
+3 | [3.81.68.30](https://vuldb.com/?ip.3.81.68.30) | ec2-3-81-68-30.compute-1.amazonaws.com | - | Medium
+4 | [3.82.108.57](https://vuldb.com/?ip.3.82.108.57) | ec2-3-82-108-57.compute-1.amazonaws.com | - | Medium
+5 | [3.109.108.143](https://vuldb.com/?ip.3.109.108.143) | ec2-3-109-108-143.ap-south-1.compute.amazonaws.com | - | Medium
+6 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
+7 | [3.236.161.7](https://vuldb.com/?ip.3.236.161.7) | ec2-3-236-161-7.compute-1.amazonaws.com | - | Medium
+8 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
+9 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
+10 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
+11 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
+12 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
+13 | [5.181.20.110](https://vuldb.com/?ip.5.181.20.110) | - | - | High
+14 | [5.182.39.10](https://vuldb.com/?ip.5.182.39.10) | vps.hostry.com | - | High
+15 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
+16 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
+17 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
+18 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
+19 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
+20 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
+21 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
+22 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
+23 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
+24 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
+25 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
+26 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
+27 | [5.255.123.19](https://vuldb.com/?ip.5.255.123.19) | - | - | High
+28 | [13.38.36.123](https://vuldb.com/?ip.13.38.36.123) | ec2-13-38-36-123.eu-west-3.compute.amazonaws.com | - | Medium
+29 | [13.38.37.128](https://vuldb.com/?ip.13.38.37.128) | ec2-13-38-37-128.eu-west-3.compute.amazonaws.com | - | Medium
+30 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
+31 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
+32 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
+33 | [13.212.116.128](https://vuldb.com/?ip.13.212.116.128) | ec2-13-212-116-128.ap-southeast-1.compute.amazonaws.com | - | Medium
+34 | [13.215.227.78](https://vuldb.com/?ip.13.215.227.78) | ec2-13-215-227-78.ap-southeast-1.compute.amazonaws.com | - | Medium
+35 | [13.215.228.73](https://vuldb.com/?ip.13.215.228.73) | ec2-13-215-228-73.ap-southeast-1.compute.amazonaws.com | - | Medium
+36 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
+37 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
+38 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
+39 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
+40 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
+41 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
+42 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
+43 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
+44 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
+45 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
+46 | [23.106.215.47](https://vuldb.com/?ip.23.106.215.47) | - | - | High
+47 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
+48 | [23.163.0.32](https://vuldb.com/?ip.23.163.0.32) | gods-cible.hotelalder.com | - | High
+49 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
+50 | [23.163.0.50](https://vuldb.com/?ip.23.163.0.50) | nordns.crowncloud.net | - | High
+51 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
+52 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
+53 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
+54 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
+55 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
+56 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
+57 | [23.227.203.245](https://vuldb.com/?ip.23.227.203.245) | 23-227-203-245.static.hvvc.us | - | High
+58 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
+59 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
+60 | [34.207.174.202](https://vuldb.com/?ip.34.207.174.202) | ec2-34-207-174-202.compute-1.amazonaws.com | - | Medium
+61 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
+62 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
+63 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
+64 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
+65 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
+66 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
+67 | [37.1.220.35](https://vuldb.com/?ip.37.1.220.35) | - | - | High
+68 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
+69 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
+70 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
+71 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
+72 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
+73 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
+74 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
+75 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
+76 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
+77 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
+78 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
+79 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
+80 | [44.203.127.31](https://vuldb.com/?ip.44.203.127.31) | ec2-44-203-127-31.compute-1.amazonaws.com | - | Medium
+81 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
+82 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
+83 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
+84 | [45.12.2.230](https://vuldb.com/?ip.45.12.2.230) | iNfAcTor.disneybaby.com | - | High
+85 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
+86 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
+87 | [45.45.219.118](https://vuldb.com/?ip.45.45.219.118) | - | - | High
+88 | [45.45.219.141](https://vuldb.com/?ip.45.45.219.141) | - | - | High
+89 | [45.56.162.16](https://vuldb.com/?ip.45.56.162.16) | sand-162016.sandartery.com | - | High
+90 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
+91 | [45.56.165.30](https://vuldb.com/?ip.45.56.165.30) | nordns.crowncloud.net | - | High
+92 | [45.58.52.123](https://vuldb.com/?ip.45.58.52.123) | - | - | High
+93 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
+94 | [45.64.186.135](https://vuldb.com/?ip.45.64.186.135) | hml02.murrowirrime.info | - | High
+95 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
+96 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
+97 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
+98 | [45.80.151.49](https://vuldb.com/?ip.45.80.151.49) | - | - | High
+99 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
+100 | [45.82.153.168](https://vuldb.com/?ip.45.82.153.168) | - | - | High
+101 | [45.86.163.188](https://vuldb.com/?ip.45.86.163.188) | - | - | High
+102 | [45.86.163.224](https://vuldb.com/?ip.45.86.163.224) | - | - | High
+103 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
+104 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
+105 | [45.87.155.88](https://vuldb.com/?ip.45.87.155.88) | yarom.com | - | High
+106 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
+107 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
+108 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
+109 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
+110 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
+111 | [45.128.156.43](https://vuldb.com/?ip.45.128.156.43) | buyetcapp.store | - | High
+112 | ... | ... | ... | ...

-There are 411 more IOC items available. Please use our online service to access the data.
+There are 445 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -135,12 +143,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
-2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
-7 | ... | ... | ... | ...
+6 | ... | ... | ... | ...

 There are 22 more TTP items available. Please use our online service to access the data.

@ -157,40 +164,35 @@ ID | Type | Indicator | Confidence
 5 | File | `/admin/user/team` | High
 6 | File | `/AgilePointServer/Extension/FetchUsingEncodedData` | High
 7 | File | `/ajax_crud` | Medium
-8 | File | `/cgi-bin/system_mgr.cgi` | High
-9 | File | `/cgi-bin/user/Config.cgi` | High
-10 | File | `/common/logViewer/logViewer.jsf` | High
-11 | File | `/config/php.ini` | High
-12 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
-13 | File | `/debug/pprof` | Medium
-14 | File | `/DXR.axd` | Medium
-15 | File | `/en/blog-comment-4` | High
-16 | File | `/forum/away.php` | High
-17 | File | `/goform/aspForm` | High
-18 | File | `/h/` | Low
-19 | File | `/hocms/classes/Master.php?f=delete_collection` | High
-20 | File | `/htdocs/cgibin` | High
-21 | File | `/login/index.php` | High
-22 | File | `/mifs/c/i/reg/reg.html` | High
-23 | File | `/ms/cms/content/list.do` | High
-24 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
-25 | File | `/orms/` | Low
-26 | File | `/plesk-site-preview/` | High
-27 | File | `/project/PROJECTNAME/reports/` | High
-28 | File | `/school/model/get_admin_profile.php` | High
-29 | File | `/student-grading-system/rms.php?page=grade` | High
-30 | File | `/timeline2.php` | High
-31 | File | `/uncpath/` | Medium
-32 | File | `/usr/local/psa/admin/sbin/wrapper` | High
-33 | File | `/usr/sbin/suexec` | High
-34 | File | `/videotalk` | Medium
-35 | File | `/WEB-INF/web.xml` | High
-36 | File | `/web/MCmsAction.java` | High
-37 | File | `/wp-content/plugins/updraftplus/admin.php` | High
-38 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-39 | ... | ... | ...
+8 | File | `/book-services.php` | High
+9 | File | `/card_scan.php` | High
+10 | File | `/cgi-bin/system_mgr.cgi` | High
+11 | File | `/cgi-bin/wlogin.cgi` | High
+12 | File | `/common/logViewer/logViewer.jsf` | High
+13 | File | `/config/php.ini` | High
+14 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
+15 | File | `/cwc/login` | Medium
+16 | File | `/debug/pprof` | Medium
+17 | File | `/download` | Medium
+18 | File | `/DXR.axd` | Medium
+19 | File | `/en/blog-comment-4` | High
+20 | File | `/etc/quagga` | Medium
+21 | File | `/forms/doLogin` | High
+22 | File | `/forum/away.php` | High
+23 | File | `/goform/aspForm` | High
+24 | File | `/h/` | Low
+25 | File | `/h/calendar` | Medium
+26 | File | `/hocms/classes/Master.php?f=delete_collection` | High
+27 | File | `/inc/extensions.php` | High
+28 | File | `/login/index.php` | High
+29 | File | `/ms/cms/content/list.do` | High
+30 | File | `/nova/bin/console` | High
+31 | File | `/nova/bin/detnet` | High
+32 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
+33 | File | `/orms/` | Low
+34 | ... | ... | ...

-There are 335 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -200,9 +202,12 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://rhisac.org/threat-intelligence/bianlian-ransomware-expanding-c2-infrastructure-and-operational-tempo/
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a0ca093b2efdccb6a832251c03cab67f70af4d918a2158376f5521017fb65e2b%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a08312fb4d7c732f34cbfe5d7a9f84b6638cf53c4b7a994a39d77de2aeb40e4b%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a3a15bb2f45521954b0d9ed0d1b61aed81085f07d38554d6fde1b07efbff5696%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a4b8d09a8591152f354bf5916dd9a7f54cb3bb1c61252398ccdeaf612a37f2d0%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a5c99795a81e94bdc2eab6d55494ecc40ef5346b51a15f31226002feb738c223%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a8a6dd7f1e20f24c866586b93479cec20c62a92821298973ceeb249e5789a844%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a8acf8933f1108fbf55a9c84b7fecaaa6fead1760af8d1b9da6fae6331bb3541%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a8edc058a81ca26ce7ce137aef48f09aab834dd9974929403203cef258623223%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a9f0dba902298a463c27d83b8c539ba267995f5e7ee65e6ac24b0fad9d4b83c4%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a233c1de5f25d7fba906d79dae636dba6ee42bd794bbba44b7ff00270a0a7b45%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a6150f19c37c92bfbc6d92db21a83fea6d08116bfeec2e88443603fc9b65aef0%22
@ -240,6 +245,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c04faf8ead904b3c44622c1c5300428f6b91955fcb70956b9015867f98fe8268%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c065cdbe05d569cdf0305b7cf54d7c087571bfd3e0baaca4fa5c2424eb494339%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c082b56316daa4f945464a5341edbfc777afa094303211e15999083829b6ac28%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c5f72eaf576e5bd2fefc5a2ebc2d0826544509784ceab9fc301f250cb87600b8%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c7b44aeaaa1c88d4579d37705661b9c2821a6c65a586205e1eef92b0dca7bf92%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c9c617394a1c0af7dec708d6644863d98f43427e5f9f8d5a9d586b04538219d9%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c9cb3353676114a2dd6f4336677a34d369604ac9be7038ce76e0a189e1f4983e%22
@ -262,6 +268,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22cd155b015ea2e8d4b4ad255bde80522605cce7dd45e63a553da19eb40f4ba164%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22cd274fe56f25f49fa8b2108e8692611aed1eff06908b1929b13701a7b8121757%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ce97cd23fb93eb9f406f25fe588758adcc842f7d299ccd14dec1dfa4634aa0c5%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ce8364ed2af33a03926cfbd0f521477957a845583c52abe50714fdaf59d0ea20%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d0a1ce295d8cb17121c2d53fc57720071168552b851cb8dcb48d0d8291d19495%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d2bf58a36b12080403b522f39062c2a675656ee13190bdb48829077ed1ee1dd8%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d2e05d4f95be739ccf38400ec3bff07850d45694b409919f7ffeeb2e045ad739%22
@ -279,6 +286,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e1caf0308e9eb8602a988b80c1cc99b11123733769ffe2f970d969a5421e4c31%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e2e7399fae3b50cfb2d9f2055430ef5a10ff15f8f05e5b090615af121fef0454%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e5b3c9488f8014de65315d11f82217fa31cae4db8510d2db9cf078cf73d6a7e7%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e5d150a8270e511074cf8bb528559b13030cd213fbf555a408e9a8e8158a0cd8%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e6f731b90e1aaf44ffc5ad4e16eb783b7367de43ccf007f8fd1eec9852a8a658%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e9ee059af7f17eb82141660167684b7b3e4a4513996fa9b27d918c13b78a4def%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e9fe9545a439564a7c1052eb0e572b8b41609b0f0d96238cff2b8ff567612836%22
@ -302,6 +310,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f9f04d3e49e14c95272fe577a704a5475fda0157e0bddf0ee53bfc94689e3f2a%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f23ed6427518eefd9997a0b609323388fba9333491c39e1d43f8d3229545dcf7%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f57b2b95a950bd6302f60f750df5f7d90b7f8183db725a4889d510e20bf1fbac%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f62d923b09f12f5749d62bd3ed80b8bf3b40c29ea0b87b2e77a193e5cf3a3eaa%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f73b5cd2e38c6dd81baf287222c19a13f5224ad157e07435c2d23ccddb64b34e%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f88fcd9cdebfb4c3ba3d8e3f2bab9fdc9fff545a2cb508808c6cc1c4de8c9c60%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f712b515820652c318efaf8c5fa3e0e2af9b38068fee609ac51677ac82d824e4%22
@ -309,13 +318,16 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f5774387001af3aaf2ee4f23b1e9049f444b24fb6af06978ce0f3282cda2e133%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fa1c8a1f4b99f38d747883b80c46b8e523f55e11e1020e481d5007b8e22c16d9%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb3e3847d4f2a20cd56b2e3ac03d24aa126e05115822d15bd7e72fb9a564be6d%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb660ff81aba8f455b7920366ffea607055f49973d326f10a0118a5b29b3ce10%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb6815abaf3d9260cd76d0b9119c88e69ae4b66804c8d357c1662b4b6f11f439%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fcdd83167b92e1c7bdec56fc9d7f46ab044bca777ef3901d84debb12b60c8d43%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fdbfb2e037b1276e0a70cae3fb21ff4f8052df57117967e0af038d5999f8ae9a%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fdffacdd96db3eb4c84ea257e4ecdfd2c18ccf184804e78315545be0026314b7%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220b5b4b77e76fc323debdd6b60e05ce3c80d6d305512fd066259e25e7b91bb3b2%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220bed903c9b43242ce2bf776bc1f8b826a47442ec472bf28e3d300221d45e5631%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220d14af885f4dfeeb07fb41dbbda265a4a44147d071ed80a822544b19d87f166e%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220da3e944a7bf2a5772454f2e3b416580910b41232dd943b7d500a4c7558ee0ed%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220e2ece77aee436691480d7b07abcd4e2c6a3d2063bdb5003ec957dfa237b9d5f%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220e7705888a9000b0a2c8ca2a4846d890920d19bd6af9c50fb34668b4673f54c7%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220ebaabf79ecaccb878e0ecc68b6c868ef047ac8735a3347ff892c3420b47803f%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221af6ae62dca201286d4b11ee20fd1e8dcf343d2e8500de51f9175bcf3d12e06f%22
@ -327,6 +339,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221efe88adbb16d17952851e961e3a1937735bd63faf208fe7fa1efcfaa0180222%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221f45a7a12cc9bdd9712584e317a3d1f765f87af196682600728350bf86898f8e%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221f168a4d8532e3222ce7b947eb6acb66f1ca41917e95bf19a1e6086896c43c46%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221fd7f24859223de432acd6da227f11efed092381066387d87323508534b539f7%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222c4e0c64e1c5539d936bdeb6cb5917eb74b976572ff7c84e484caa0d86ed1b43%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222c48a71463075ecf6aac326807b2be06a966b5d53bdd99b61284fd1b3ca57ddd%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d02e5aa8065bca63541458fc190780583486548b3f1beae1c623ac915efc5a0%22
@ -346,6 +359,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225bd3dde5e2ad26fbf78d1136c8e337c07b5fc55d1b4ac461a08c3f749003d794%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c4b8f572f297bb98b1d2e47075aec68b3b9da1fb76606e07d8176edbe1338c8%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c538f273807d92a8626eacacce355c414210f29293c2ba2b8a7ec16bf31303f%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c8474878a2a3e529486a7674026f8eb3a5b4d37e1af966646f3a1d3f22b979d%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d3eb0b9bc00549d4f12f12f8eaf9a9a024258e648841b20bddf0cfe45d792dd%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d5ff125ad48581ab86d75669d2ca79c1e02de1be746508c5cdcf767fd6b1eb0%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225e279697fbda136046542fc6db82a4bc3def212b9e15bd9e4f967c8a03e8dca7%22
@ -357,10 +371,12 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a165551d34f38fd44b9fb1949685d14cc36220c99e0e6b05db8907229f7182d%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226ad1b662e7636cd63d8ae71f3617dc58b334951b031a6ce22e898bcd35313de2%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226af642c2cf73c24aded656e3945810dca3c5d51c28b3c7d28852463c98e76e4c%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226b2f996084686d21e085e8cd9b97bd549d8752526a2ccb321d8214bb161b1109%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226b401e864cf63c438779b4935499f28f2f26dd685af330f311c9a80d55f6d7b5%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226b5706c23d2c44d23360638793012e5df95c88f8408ad93c71113719f9ef02a2%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226bf2c0222a11b931ebd7439cae3df34d91625fdcd19b7879611a0523b036ae9a%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226c6d464110a46f813722131e8cce268bdccfdfeb705ce25fcc51cabe0b88c8e4%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226c7f72691b8a7ce8293b2097063a090927c5359e5980d714b1c0932c02f4bb77%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226cbb0cef1838f2b253613796470b7fcc3cd4453d3f5be8220aeda52f383fb781%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226d64edc2a8867b924b85d762657e103ad3338e1bd40b3ffca92633df41e9003e%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226e1be457dd210298ad9a471567719e10a579b0f4dd460b24e4119a3ed4cc0bf9%22
@ -384,6 +400,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229c191ae9892430a18e2d466c5b3c0b230450ea178ffa2553a6babc31f6d4348c%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ccaaf6ad700e922565d1947ac46839e4a8c8a18af7a94605f4ebfcbb916b4f4%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229e0669706895d46f35764c53f31a85889132bbe9fe1794945d12794dfb0532b5%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229e7de15ccd5e85229bfc60629f69b4adff4ccc48e7510d0385b19963156980da%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229e470e79949459e89b8fb0a496c6d21614c54148e7b5bf0d311f55ae225b8b5b%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229f280c1d40c86e88f341db63b3a55cae35bdfcf345744a9006aa0410ca9a3bd2%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2206fc02e9726474160349c6e7e545bf03d18ada8f74a3fa1159f9fb25a48e5b74%22
@ -399,6 +416,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2218f3618dfd6257ef264e2b046d2acededb423e7558b0f3b405b9366953b74f8d%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220cb8ebe1f1cc16e7650f45c75b3ca0e9d6308998bb58ac3f3fbb1c501f1a0dc%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2222e86fc171d87ccc9c172c719af38245ef9bf8161b54f60ca274e01891a94c08%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2223a8001e1dc233a132e3521e62fb7632ffe6c4879531ebd9506111a0071289cf%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2225abb180e92da37e426fc8f49970596a5fb1d989a4475a2c8c95d95edcbed5e4%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2227b04ac57339ca7542a1c1a9ebd0cc84a4cb13f5add52da4a563e7a12d23b105%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2227b262ee97133072dff8ecef3062eeb69d658f0f240d618b6a7f0d5d7cbed34f%22
@ -427,6 +445,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2284dd10727e6b29b3278e3f64dbbab293711957835f23cc755b3226b58ec5ef51%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2289f93e716d00ae70260a12db179e56169f551be3d16e405ae654e2f9745dc4d6%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2291e2fbc55cde47e1fdb40035c2f17068b03b92307e639862cbf22686bbe597d5%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2292b673b4bd06a2dc2e9e12c3dc3c7b6bd29a757518e0c643921bc4cd2eb1fbe4%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2295c5b6651cb9190a61b5a8bbda94815572ec7559150d3df8d56bd2c486ebda3d%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296a14d3e7284923dfbd6c5b6775bf42b37ed0f6973d7d5f2a0e72e5aa57ed6af%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296af81d660c79e3f90f94b28c419a86b89071aa6c17648e95bcb961460d24152%22
@ -435,11 +454,15 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296ef27ed06cda5e4679625ec4224f32a76c309436f97e15aff6c4b8a39778356%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2298af871908ffc7c141802d96f585def4a160491c875118ef88c545ce04194cd8%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2299b3f3b85d0fc68918abbde16579009b2ebae3300d633fd0ed81d96ba98a38d8%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22009c8a2e3fa145b581f92872496c315c7ce87635db83c520db2a1153d532e2b4%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22090d7e7b16af3600510b612486eaeafe80b0106788d634aa3fade4a54a1d263c%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22097cd9f2c1af35f7dd632fe16f83b9b3aef51e78f1b4393047c499ebb2be2fda%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22108f811bc2de45a7dab2156c4617ce3fa42cf3eb5abb72759839a63cefec4cad%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22155d39c0ae81244e4bced14ee9d3ee87e9af990335b815695740e937545f300a%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22201a37230ec7663dba353891c6293d885113e390f6fc6bb5a56b66357c8183d1%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22208d6c5db554be6f3d835a70ab323799dff697b00e23cfaac014c7d970506e19%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22225ec72ef1adf4ab077107adb2784c35ff1c0db1c0a8efcba78c3cadac4a47a8%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22236f6df4a662b67e33ae79a25e2f0044c43e594bbdae0a97c3aeb486e5ee11ca%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22354c6d8d9033668867406be1bb6238647e207cb5f2de6a776ae3d461637efa8e%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22409e50ae1c3f70cf81350be6f3cd218b0c9ef15eb03439c15d53a6012bddae2f%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22420a63db1bdd2f74731d1001e49ac2c1443b4d3ba810b67cb324a665ffe84382%22
@ -455,12 +478,14 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22674a2fef172685c51fda91aba205c20fb95e0c63fa4f0ecb598fb6213775ede5%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22723c18cc60cbfd6430123a2c5326ac021826f9b750f43159628fe4a0df882537%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22727f93738823de234b1ade5e45d5e5de82c86ce5baa7e52bbb4f9ef7a5e352d0%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22737aa903ba42e1c108016e48749246b4823686fd7c08c27ce56c9165745a7a7c%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22785ffc1cc3857a81cb96b04ec4126a56b6744ef1d83077799f0c731ca18f8b92%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22795d565f61de6456820bf2df946764ceb251073b7f46113275a0fe2d0030f3d4%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22800f5e4b53f4eb3cec54b39687bdb55f56f39c636c1ee51547dea1122e6aee1d%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22864a561ad370105ea07a7ed6dc230cb75b27f115e6c7f46720af0524385dfd77%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22875e3cfb1f6b9757aada57db20493a60717a4114b69931f8a7aabc56404ef42b%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22890b0d66b3437ab8477a04d338024b8729d2732030abbfd134052e50e7bad0ab%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22891a64e34efebd507494a0b411ab067e085fc4ac7ae44171b1bbc6d78d493a60%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22951e8ff2808a5bd4f4e5b181be38cb429383d10b782708b484c16bc11bd6b77d%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22953cc2d06cefe778ca24a6096ebec12743d4d130d0dd3e11f65bce20bdaa9f4c%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220031daf0487b995130c142c52ca4b28a4cb7789ff9c0861554d7a36b1d54f73f%22
@ -474,6 +499,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223130cf99bca84e6a6c2ce0b2dc7732af1b856fa3473560da0e965795e41cdb36%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223202a6af54e02d88858b8ab87adca351db9eb05f3368a7bf928bc5f5fa4715e7%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223264f4065c115bbebd21e49f375bda46a7157fda6e51ed6a4e82b3cc6c1c5749%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223545e36ff9919d7de99a43e6bd1c66540d19834ad81006b4a9925a8859071734%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223894fa1237b19f6173003ffcb010e6ea426fa974914b70c104be17c9122cb240%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224615b87e15834285bc731a52377a0610119846a648eca2486fafdb3a7022b144%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224779babbd7d7db7fc16ae9bf3eb01051e71bc25906c0721d57cac33220435d87%22
@ -486,9 +512,12 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228401e0832c27e16c0785e88c38134a87de66f197dfbddc9c224142f34676892a%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229137e3566c17a08b37c85fd4ea64d5f2d45e54390b82dc326ab4f2544cb96d06%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229280bdf16dde768c7e0ab2015ea987ac7c8e853c6df18f39eeec502812c476b6%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229425b43e08e75e51143e88d0ef8fe248467fccdf233c4fb5fe6514143b0d4303%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2201031e2c5206b868aef93bfc97e7f336daaf90f54518e95bcc5c81806a53a536%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2203266e3ea0158c62f652064b0b78824d03b4aa26b15509036c40a281a6f42cb4%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2212414ffbbb9d89905eccbb3529cbeec829e492e21f7f8ccce902eebb05061e59%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220743d0b9dbb07cafe875ba9ed1642b630c421c4956b20f3fb7a127b39350b9f%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2224789e401b278e1d5222205e7478b02dfde72894d2b09fdfe3568d776c5881b0%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2227618be62f75be7fe32e7bdf9ee57f1a4762bc45f79a255b77ccd4f943c6ec37%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2231081cb136ebb7f4be19b67a6276964bc79ced2809af089006aaa67d74d7db80%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2234127f3774e3587aff519739334fc5ad92b883b66c70472f91b34b3dc89e81ce%22
@ -508,6 +537,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224053867fcc6f7a00de2fc98aa984fb81d2ec2e1017be5f225727e24c87dd62b8%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224263547c11f8ac52f2bab40ecd263decc2271e1f6b4d624ff4a91cbd9836d8f4%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226271256f5ca11039296e33c3a114a174f6b11c692bdd1f2f1901f650070944da%22
+* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228505807daf07f41a5f9dc5a7afab0f467767ad2396983ed2d54a30bf4d646145%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229595314db92bc0575aa07715462bdb5a5f4456becc3a8315e34da61616bd6291%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229938964cf749a2955b2dd351b2ecade122ff5891fca3d9dfaa02ebfef7857d8e%22
 * https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229982255b8a2b4c74121a63cb867d538a23a47660eea513ce81443a06ee51970e%22
--- a/actors/Bl00dy/README.md
+++ b/actors/Bl00dy/README.md
@ -57,54 +57,53 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/+CSCOE+/logon.html` | High
 2 | File | `/act/ActDao.xml` | High
-3 | File | `/admin/?n=logs&c=index&a=dode` | High
-4 | File | `/admin/index2.html` | High
-5 | File | `/ajax.php?action=read_msg` | High
-6 | File | `/ajax/networking/get_netcfg.php` | High
-7 | File | `/api/baskets/{name}` | High
-8 | File | `/api/gen/clients/{language}` | High
-9 | File | `/app/options.py` | High
-10 | File | `/bin/httpd` | Medium
-11 | File | `/cgi-bin/wapopen` | High
-12 | File | `/ci_spms/admin/category` | High
-13 | File | `/ci_spms/admin/search/searching/` | High
-14 | File | `/classes/Master.php?f=delete_appointment` | High
-15 | File | `/classes/Master.php?f=delete_train` | High
-16 | File | `/clients/editclient.php` | High
-17 | File | `/concat?/%2557EB-INF/web.xml` | High
-18 | File | `/Content/Template/root/reverse-shell.aspx` | High
-19 | File | `/core/MY_Security.php` | High
-20 | File | `/ctcprotocol/Protocol` | High
-21 | File | `/dashboard/menu-list.php` | High
-22 | File | `/data/remove` | Medium
-23 | File | `/ebics-server/ebics.aspx` | High
-24 | File | `/ffos/classes/Master.php?f=save_category` | High
-25 | File | `/forum/away.php` | High
-26 | File | `/goform/net\_Web\_get_value` | High
-27 | File | `/goforms/rlminfo` | High
-28 | File | `/GponForm/usb_restore_Form?script/` | High
-29 | File | `/group1/uploa` | High
-30 | File | `/HNAP1` | Low
-31 | File | `/HNAP1/SetClientInfo` | High
-32 | File | `/Items/*/RemoteImages/Download` | High
-33 | File | `/menu.html` | Medium
-34 | File | `/modules/profile/index.php` | High
-35 | File | `/navigate/navigate_download.php` | High
-36 | File | `/ocwbs/admin/?page=user/manage_user` | High
-37 | File | `/ofrs/admin/?page=user/manage_user` | High
-38 | File | `/out.php` | Medium
-39 | File | `/password.html` | High
-40 | File | `/PC/WebService.asmx` | High
-41 | File | `/php_action/fetchSelectedUser.php` | High
+3 | File | `/admin/index2.html` | High
+4 | File | `/ajax.php?action=read_msg` | High
+5 | File | `/ajax/networking/get_netcfg.php` | High
+6 | File | `/api/baskets/{name}` | High
+7 | File | `/api/gen/clients/{language}` | High
+8 | File | `/app/options.py` | High
+9 | File | `/bin/httpd` | Medium
+10 | File | `/cgi-bin/wapopen` | High
+11 | File | `/ci_spms/admin/category` | High
+12 | File | `/ci_spms/admin/search/searching/` | High
+13 | File | `/classes/Master.php?f=delete_appointment` | High
+14 | File | `/classes/Master.php?f=delete_train` | High
+15 | File | `/clients/editclient.php` | High
+16 | File | `/concat?/%2557EB-INF/web.xml` | High
+17 | File | `/Content/Template/root/reverse-shell.aspx` | High
+18 | File | `/core/MY_Security.php` | High
+19 | File | `/ctcprotocol/Protocol` | High
+20 | File | `/dashboard/menu-list.php` | High
+21 | File | `/data/remove` | Medium
+22 | File | `/ebics-server/ebics.aspx` | High
+23 | File | `/ffos/classes/Master.php?f=save_category` | High
+24 | File | `/forum/away.php` | High
+25 | File | `/goform/net\_Web\_get_value` | High
+26 | File | `/goforms/rlminfo` | High
+27 | File | `/GponForm/usb_restore_Form?script/` | High
+28 | File | `/group1/uploa` | High
+29 | File | `/HNAP1` | Low
+30 | File | `/HNAP1/SetClientInfo` | High
+31 | File | `/Items/*/RemoteImages/Download` | High
+32 | File | `/menu.html` | Medium
+33 | File | `/modules/profile/index.php` | High
+34 | File | `/navigate/navigate_download.php` | High
+35 | File | `/ocwbs/admin/?page=user/manage_user` | High
+36 | File | `/ofrs/admin/?page=user/manage_user` | High
+37 | File | `/out.php` | Medium
+38 | File | `/password.html` | High
+39 | File | `/PC/WebService.asmx` | High
+40 | File | `/php_action/fetchSelectedUser.php` | High
+41 | File | `/plugin` | Low
 42 | File | `/property-list/property_view.php` | High
 43 | File | `/ptms/classes/Users.php` | High
 44 | File | `/resources//../` | High
 45 | File | `/rest/api/2/search` | High
 46 | File | `/s/` | Low
-47 | File | `/scripts/cpan_config` | High
-48 | ... | ... | ...
+47 | ... | ... | ...

-There are 418 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 407 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/BlackCat/README.md
+++ b/actors/BlackCat/README.md
@ -54,55 +54,55 @@ ID | Type | Indicator | Confidence
 2 | File | `.tin` | Low
 3 | File | `/admin/?page=orders/view_order` | High
 4 | File | `/admin/add-fee.php` | High
-5 | File | `/admin/ajax.php?action=delete_user` | High
-6 | File | `/admin/ajax.php?action=delete_window` | High
-7 | File | `/admin/article/article-add.php` | High
-8 | File | `/admin/edit_members.php` | High
-9 | File | `/admin/edit_subject.php` | High
-10 | File | `/admin/fst_upload.inc.php` | High
-11 | File | `/admin/index.php` | High
-12 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
-13 | File | `/admin/report/index.php` | High
-14 | File | `/admin/services/manage_service.php` | High
-15 | File | `/admin/user/manage_user.php` | High
-16 | File | `/admin/users/index.php` | High
-17 | File | `/asms/classes/Master.php?f=delete_service` | High
-18 | File | `/blog` | Low
-19 | File | `/bsms_ci/index.php/user/edit_user/` | High
-20 | File | `/classes/Master.php?f=delete_category` | High
-21 | File | `/classes/Master.php?f=delete_inquiry` | High
-22 | File | `/classes/Users.php?f=delete_client` | High
-23 | File | `/clients/listclients.php` | High
-24 | File | `/clients/profile` | High
-25 | File | `/cms/category/list` | High
-26 | File | `/collection/all` | High
-27 | File | `/company/store` | High
-28 | File | `/contacts/listcontacts.php` | High
-29 | File | `/Default/Bd` | Medium
-30 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
-31 | File | `/ext/phar/phar_object.c` | High
-32 | File | `/forum/away.php` | High
-33 | File | `/fos/admin/index.php?page=menu` | High
-34 | File | `/friends` | Medium
-35 | File | `/goform/AddSysLogRule` | High
-36 | File | `/goform/SafeEmailFilter` | High
-37 | File | `/goform/SetIpMacBind` | High
-38 | File | `/goform/setSnmpInfo` | High
-39 | File | `/goform/setUplinkInfo` | High
-40 | File | `/goform/SysToolReboot` | High
-41 | File | `/goform/WifiBasicSet` | High
-42 | File | `/graphql` | Medium
-43 | File | `/home/get_tasks_list` | High
-44 | File | `/hrm/employeeview.php` | High
-45 | File | `/hss/?page=categories` | High
-46 | File | `/hss/admin/brands/manage_brand.php` | High
-47 | File | `/importexport.php` | High
-48 | File | `/index.php?module=entities/entities` | High
-49 | File | `/index.php?module=global_lists/lists` | High
-50 | File | `/index.php?module=help_pages/pages&entities_id=24` | High
+5 | File | `/admin/ajax.php?action=confirm_order` | High
+6 | File | `/admin/ajax.php?action=delete_user` | High
+7 | File | `/admin/ajax.php?action=delete_window` | High
+8 | File | `/admin/article/article-add.php` | High
+9 | File | `/admin/edit_members.php` | High
+10 | File | `/admin/edit_subject.php` | High
+11 | File | `/admin/fst_upload.inc.php` | High
+12 | File | `/admin/index.php` | High
+13 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
+14 | File | `/admin/report/index.php` | High
+15 | File | `/admin/services/manage_service.php` | High
+16 | File | `/admin/user/manage_user.php` | High
+17 | File | `/admin/users/index.php` | High
+18 | File | `/asms/classes/Master.php?f=delete_service` | High
+19 | File | `/blog` | Low
+20 | File | `/bsms_ci/index.php/user/edit_user/` | High
+21 | File | `/classes/Master.php?f=delete_category` | High
+22 | File | `/classes/Master.php?f=delete_inquiry` | High
+23 | File | `/classes/Users.php?f=delete_client` | High
+24 | File | `/clients/listclients.php` | High
+25 | File | `/clients/profile` | High
+26 | File | `/cms/category/list` | High
+27 | File | `/collection/all` | High
+28 | File | `/company/store` | High
+29 | File | `/contacts/listcontacts.php` | High
+30 | File | `/Default/Bd` | Medium
+31 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
+32 | File | `/ext/phar/phar_object.c` | High
+33 | File | `/forum/away.php` | High
+34 | File | `/fos/admin/index.php?page=menu` | High
+35 | File | `/friends` | Medium
+36 | File | `/goform/AddSysLogRule` | High
+37 | File | `/goform/SafeEmailFilter` | High
+38 | File | `/goform/SetIpMacBind` | High
+39 | File | `/goform/setSnmpInfo` | High
+40 | File | `/goform/setUplinkInfo` | High
+41 | File | `/goform/SysToolReboot` | High
+42 | File | `/goform/WifiBasicSet` | High
+43 | File | `/graphql` | Medium
+44 | File | `/home/get_tasks_list` | High
+45 | File | `/hrm/employeeview.php` | High
+46 | File | `/hss/?page=categories` | High
+47 | File | `/hss/admin/brands/manage_brand.php` | High
+48 | File | `/importexport.php` | High
+49 | File | `/index.php?module=entities/entities` | High
+50 | File | `/index.php?module=global_lists/lists` | High
 51 | ... | ... | ...

-There are 440 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 442 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/BlackTech/README.md
+++ b/actors/BlackTech/README.md
@ -68,15 +68,15 @@ ID | Type | Indicator | Confidence
 9 | File | `/service/upload` | High
 10 | File | `/tmp` | Low
 11 | File | `/uncpath/` | Medium
-12 | File | `/wp-json/oembed/1.0/embed?url` | High
-13 | File | `a2billing/customer/iridium_threed.php` | High
-14 | File | `admin.php` | Medium
-15 | File | `admin.php?s=/Channel/add.html` | High
-16 | File | `admin/class-bulk-editor-list-table.php` | High
-17 | File | `administrator/components/com_media/helpers/media.php` | High
+12 | File | `/user/updatePwd` | High
+13 | File | `/wp-json/oembed/1.0/embed?url` | High
+14 | File | `a2billing/customer/iridium_threed.php` | High
+15 | File | `admin.php` | Medium
+16 | File | `admin.php?s=/Channel/add.html` | High
+17 | File | `admin/class-bulk-editor-list-table.php` | High
 18 | ... | ... | ...

-There are 145 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 146 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/BlueHero/README.md
+++ b/actors/BlueHero/README.md
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BlueHero:

 * [IN](https://vuldb.com/?country.in)
-* [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
+* [US](https://vuldb.com/?country.us)

 ## IOC - Indicator of Compromise

@ -23,7 +23,7 @@ ID | IP address | Hostname | Campaign | Confidence
 3 | [12.1.3.0](https://vuldb.com/?ip.12.1.3.0) | - | - | High
 4 | ... | ... | ... | ...

-There are 11 more IOC items available. Please use our online service to access the data.
+There are 14 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -31,14 +31,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Pathname Traversal | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
 3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
-6 | ... | ... | ... | ...
+5 | ... | ... | ... | ...

-There are 19 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -49,46 +48,42 @@ ID | Type | Indicator | Confidence
 1 | File | `.FBCIndex` | Medium
 2 | File | `/+CSCOE+/logon.html` | High
 3 | File | `/?ajax-request=jnews` | High
-4 | File | `/Admin/add-student.php` | High
-5 | File | `/admin/blog/blogcategory/add/?_to_field=id&_popup=1` | High
-6 | File | `/admin/categories/manage_category.php` | High
-7 | File | `/admin/edit.php` | High
-8 | File | `/admin/edit_product.php` | High
-9 | File | `/admin/maintenance/view_designation.php` | High
-10 | File | `/admin/sales/manage_sale.php` | High
-11 | File | `/api/baskets/{name}` | High
-12 | File | `/aya/module/admin/fst_down.inc.php` | High
-13 | File | `/blog` | Low
-14 | File | `/boat/login.php` | High
-15 | File | `/bsms_ci/index.php/user/edit_user/` | High
-16 | File | `/cas/logout` | Medium
-17 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
-18 | File | `/CPE` | Low
-19 | File | `/etc/tomcat8/Catalina/attack` | High
-20 | File | `/forum/away.php` | High
-21 | File | `/ghost/preview` | High
-22 | File | `/goform/wizard_end` | High
-23 | File | `/home/search` | Medium
-24 | File | `/ims/login.php` | High
-25 | File | `/mhds/clinic/view_details.php` | High
-26 | File | `/modules/profile/index.php` | High
-27 | File | `/out.php` | Medium
-28 | File | `/php-opos/index.php` | High
-29 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
-30 | File | `/shell` | Low
-31 | File | `/spip.php` | Medium
-32 | File | `/tourism/rate_review.php` | High
-33 | File | `/uncpath/` | Medium
-34 | File | `/vdesk` | Low
-35 | File | `action-visitor.php` | High
-36 | ... | ... | ...
+4 | File | `/admin/categories/manage_category.php` | High
+5 | File | `/admin/edit_product.php` | High
+6 | File | `/admin/maintenance/view_designation.php` | High
+7 | File | `/admin/sales/manage_sale.php` | High
+8 | File | `/api/baskets/{name}` | High
+9 | File | `/blog` | Low
+10 | File | `/boat/login.php` | High
+11 | File | `/bsms_ci/index.php/user/edit_user/` | High
+12 | File | `/cas/logout` | Medium
+13 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
+14 | File | `/cgi-bin/koha/catalogue/search.pl` | High
+15 | File | `/cgi-bin/upload_vpntar` | High
+16 | File | `/CPE` | Low
+17 | File | `/debug/pprof` | Medium
+18 | File | `/forum/away.php` | High
+19 | File | `/ghost/preview` | High
+20 | File | `/goform/Diagnosis` | High
+21 | File | `/home/search` | Medium
+22 | File | `/leaves/validate` | High
+23 | File | `/mail.php` | Medium
+24 | File | `/modules/profile/index.php` | High
+25 | File | `/out.php` | Medium
+26 | File | `/php-opos/index.php` | High
+27 | File | `/php-spms/admin/?page=user/` | High
+28 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
+29 | File | `/shell` | Low
+30 | File | `/tourism/rate_review.php` | High
+31 | ... | ... | ...

-There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 264 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

+* https://s.tencent.com/research/report/675
 * https://www.zscaler.com/blogs/research/recent-bulehero-botnet-payload

 ## Literature
--- a/actors/BlueNoroff/README.md
+++ b/actors/BlueNoroff/README.md
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [US](https://vuldb.com/?country.us)
 * [VN](https://vuldb.com/?country.vn)
-* [CN](https://vuldb.com/?country.cn)
+* [JP](https://vuldb.com/?country.jp)
 * ...

-There are 2 more country items available. Please use our online service to access the data.
+There are 3 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

--- a/C4/README.md
+++ b/C4/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...

-There are 20 more country items available. Please use our online service to access the data.
+There are 19 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -38,44 +38,44 @@ ID | IP address | Hostname | Campaign | Confidence
 15 | [13.114.48.174](https://vuldb.com/?ip.13.114.48.174) | ec2-13-114-48-174.ap-northeast-1.compute.amazonaws.com | - | Medium
 16 | [13.114.78.162](https://vuldb.com/?ip.13.114.78.162) | ec2-13-114-78-162.ap-northeast-1.compute.amazonaws.com | - | Medium
 17 | [13.114.110.144](https://vuldb.com/?ip.13.114.110.144) | ec2-13-114-110-144.ap-northeast-1.compute.amazonaws.com | - | Medium
-18 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
-19 | [13.231.24.246](https://vuldb.com/?ip.13.231.24.246) | ec2-13-231-24-246.ap-northeast-1.compute.amazonaws.com | - | Medium
-20 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
-21 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
-22 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
-23 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
-24 | [18.66.112.58](https://vuldb.com/?ip.18.66.112.58) | server-18-66-112-58.fra56.r.cloudfront.net | - | High
-25 | [18.66.112.89](https://vuldb.com/?ip.18.66.112.89) | server-18-66-112-89.fra56.r.cloudfront.net | - | High
-26 | [18.66.112.114](https://vuldb.com/?ip.18.66.112.114) | server-18-66-112-114.fra56.r.cloudfront.net | - | High
-27 | [18.66.112.122](https://vuldb.com/?ip.18.66.112.122) | server-18-66-112-122.fra56.r.cloudfront.net | - | High
-28 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
-29 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
-30 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
-31 | [18.154.185.36](https://vuldb.com/?ip.18.154.185.36) | server-18-154-185-36.ord58.r.cloudfront.net | - | High
-32 | [18.154.185.115](https://vuldb.com/?ip.18.154.185.115) | server-18-154-185-115.ord58.r.cloudfront.net | - | High
-33 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
-34 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
-35 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
-36 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
-37 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
-38 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
-39 | [18.180.64.43](https://vuldb.com/?ip.18.180.64.43) | ec2-18-180-64-43.ap-northeast-1.compute.amazonaws.com | - | Medium
-40 | [18.181.114.13](https://vuldb.com/?ip.18.181.114.13) | ec2-18-181-114-13.ap-northeast-1.compute.amazonaws.com | - | Medium
-41 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
-42 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
-43 | [18.193.106.166](https://vuldb.com/?ip.18.193.106.166) | ec2-18-193-106-166.eu-central-1.compute.amazonaws.com | - | Medium
-44 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
-45 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
-46 | [18.219.153.204](https://vuldb.com/?ip.18.219.153.204) | ec2-18-219-153-204.us-east-2.compute.amazonaws.com | - | Medium
-47 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
-48 | [18.238.132.5](https://vuldb.com/?ip.18.238.132.5) | server-18-238-132-5.dfw57.r.cloudfront.net | - | High
-49 | [18.238.132.55](https://vuldb.com/?ip.18.238.132.55) | server-18-238-132-55.dfw57.r.cloudfront.net | - | High
-50 | [18.238.132.74](https://vuldb.com/?ip.18.238.132.74) | server-18-238-132-74.dfw57.r.cloudfront.net | - | High
-51 | [18.238.132.97](https://vuldb.com/?ip.18.238.132.97) | server-18-238-132-97.dfw57.r.cloudfront.net | - | High
-52 | [20.212.219.56](https://vuldb.com/?ip.20.212.219.56) | - | - | High
+18 | [13.114.224.91](https://vuldb.com/?ip.13.114.224.91) | ec2-13-114-224-91.ap-northeast-1.compute.amazonaws.com | - | Medium
+19 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
+20 | [13.231.24.246](https://vuldb.com/?ip.13.231.24.246) | ec2-13-231-24-246.ap-northeast-1.compute.amazonaws.com | - | Medium
+21 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
+22 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
+23 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
+24 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
+25 | [18.66.112.58](https://vuldb.com/?ip.18.66.112.58) | server-18-66-112-58.fra56.r.cloudfront.net | - | High
+26 | [18.66.112.89](https://vuldb.com/?ip.18.66.112.89) | server-18-66-112-89.fra56.r.cloudfront.net | - | High
+27 | [18.66.112.114](https://vuldb.com/?ip.18.66.112.114) | server-18-66-112-114.fra56.r.cloudfront.net | - | High
+28 | [18.66.112.122](https://vuldb.com/?ip.18.66.112.122) | server-18-66-112-122.fra56.r.cloudfront.net | - | High
+29 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
+30 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
+31 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
+32 | [18.154.185.36](https://vuldb.com/?ip.18.154.185.36) | server-18-154-185-36.ord58.r.cloudfront.net | - | High
+33 | [18.154.185.115](https://vuldb.com/?ip.18.154.185.115) | server-18-154-185-115.ord58.r.cloudfront.net | - | High
+34 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
+35 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
+36 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
+37 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
+38 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
+39 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
+40 | [18.180.64.43](https://vuldb.com/?ip.18.180.64.43) | ec2-18-180-64-43.ap-northeast-1.compute.amazonaws.com | - | Medium
+41 | [18.181.114.13](https://vuldb.com/?ip.18.181.114.13) | ec2-18-181-114-13.ap-northeast-1.compute.amazonaws.com | - | Medium
+42 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
+43 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
+44 | [18.193.106.166](https://vuldb.com/?ip.18.193.106.166) | ec2-18-193-106-166.eu-central-1.compute.amazonaws.com | - | Medium
+45 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
+46 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
+47 | [18.219.153.204](https://vuldb.com/?ip.18.219.153.204) | ec2-18-219-153-204.us-east-2.compute.amazonaws.com | - | Medium
+48 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
+49 | [18.238.132.5](https://vuldb.com/?ip.18.238.132.5) | server-18-238-132-5.dfw57.r.cloudfront.net | - | High
+50 | [18.238.132.55](https://vuldb.com/?ip.18.238.132.55) | server-18-238-132-55.dfw57.r.cloudfront.net | - | High
+51 | [18.238.132.74](https://vuldb.com/?ip.18.238.132.74) | server-18-238-132-74.dfw57.r.cloudfront.net | - | High
+52 | [18.238.132.97](https://vuldb.com/?ip.18.238.132.97) | server-18-238-132-97.dfw57.r.cloudfront.net | - | High
 53 | ... | ... | ... | ...

-There are 207 more IOC items available. Please use our online service to access the data.
+There are 209 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -122,29 +122,29 @@ ID | Type | Indicator | Confidence
 22 | File | `/Controller/Ajaxfileupload.ashx` | High
 23 | File | `/core/conditions/AbstractWrapper.java` | High
 24 | File | `/etc/passwd` | Medium
-25 | File | `/feeds/post/publish` | High
-26 | File | `/forum/away.php` | High
-27 | File | `/h/` | Low
-28 | File | `/HNAP1` | Low
-29 | File | `/inc/jquery/uploadify/uploadify.php` | High
-30 | File | `/index.php?app=main&func=passport&action=login` | High
-31 | File | `/index.php?page=category_list` | High
-32 | File | `/jeecg-boot/sys/common/upload` | High
-33 | File | `/jobinfo/` | Medium
-34 | File | `/Moosikay/order.php` | High
-35 | File | `/mygym/admin/index.php?view_exercises` | High
+25 | File | `/fcgi/scrut_fcgi.fcgi` | High
+26 | File | `/feeds/post/publish` | High
+27 | File | `/forum/away.php` | High
+28 | File | `/h/` | Low
+29 | File | `/HNAP1` | Low
+30 | File | `/inc/jquery/uploadify/uploadify.php` | High
+31 | File | `/index.php?app=main&func=passport&action=login` | High
+32 | File | `/index.php?page=category_list` | High
+33 | File | `/jeecg-boot/sys/common/upload` | High
+34 | File | `/jobinfo/` | Medium
+35 | File | `/Moosikay/order.php` | High
 36 | File | `/opac/Actions.php?a=login` | High
-37 | File | `/php-opos/index.php` | High
-38 | File | `/PreviewHandler.ashx` | High
-39 | File | `/public/launchNewWindow.jsp` | High
-40 | File | `/recipe-result` | High
-41 | File | `/register.do` | Medium
-42 | File | `/reservation/add_message.php` | High
-43 | File | `/RPS2019Service/status.html` | High
-44 | File | `/Service/ImageStationDataService.asmx` | High
-45 | File | `/sicweb-ajax/tmproot/` | High
-46 | File | `/spip.php` | Medium
-47 | File | `/student/bookdetails.php` | High
+37 | File | `/PreviewHandler.ashx` | High
+38 | File | `/public/launchNewWindow.jsp` | High
+39 | File | `/recipe-result` | High
+40 | File | `/register.do` | Medium
+41 | File | `/reservation/add_message.php` | High
+42 | File | `/RPS2019Service/status.html` | High
+43 | File | `/Service/ImageStationDataService.asmx` | High
+44 | File | `/sicweb-ajax/tmproot/` | High
+45 | File | `/spip.php` | Medium
+46 | File | `/student/bookdetails.php` | High
+47 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
 48 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
 49 | File | `/uploads/exam_question/` | High
 50 | File | `/user/ticket/create` | High
@ -155,7 +155,7 @@ ID | Type | Indicator | Confidence
 55 | File | `/xxl-job-admin/user/add` | High
 56 | ... | ... | ...

-There are 489 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 486 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -176,6 +176,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/hosts/13.114.48.174
 * https://search.censys.io/hosts/13.114.78.162
 * https://search.censys.io/hosts/13.114.110.144
+* https://search.censys.io/hosts/13.114.224.91
 * https://search.censys.io/hosts/13.230.243.50
 * https://search.censys.io/hosts/13.231.24.246
 * https://search.censys.io/hosts/15.164.245.79
@ -325,6 +326,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://search.censys.io/hosts/170.64.169.229
 * https://search.censys.io/hosts/172.86.123.8
 * https://search.censys.io/hosts/172.105.71.205
+* https://search.censys.io/hosts/172.111.143.246
 * https://search.censys.io/hosts/175.41.221.5
 * https://search.censys.io/hosts/176.113.115.53
 * https://search.censys.io/hosts/179.43.144.250
--- a/actors/Chaos/README.md
+++ b/actors/Chaos/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [LU](https://vuldb.com/?country.lu)
 * ...

-There are 5 more country items available. Please use our online service to access the data.
+There are 4 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -38,14 +38,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-24 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

-There are 21 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -60,44 +60,42 @@ ID | Type | Indicator | Confidence
 5 | File | `/admin/services/view_service.php` | High
 6 | File | `/api/baskets/{name}` | High
 7 | File | `/api/v1/terminal/sessions/?limit=1` | High
-8 | File | `/auparse/auparse.c` | High
-9 | File | `/baseOpLog.do` | High
-10 | File | `/CCMAdmin/serverlist.asp` | High
-11 | File | `/cgi-bin/luci/api/auth` | High
-12 | File | `/cgi-bin/luci/api/wireless` | High
-13 | File | `/cgi-bin/wlogin.cgi` | High
-14 | File | `/cgi/get_param.cgi` | High
-15 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
-16 | File | `/csms/admin/inquiries/view_details.php` | High
-17 | File | `/cstecgi.cgi` | Medium
-18 | File | `/dashboard/contact` | High
-19 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
-20 | File | `/env` | Low
-21 | File | `/forum/away.php` | High
-22 | File | `/goform/setDiagnoseInfo` | High
-23 | File | `/goform/WifiBasicSet` | High
-24 | File | `/hrm/employeeview.php` | High
-25 | File | `/htdocs/cgibin` | High
-26 | File | `/importexport.php` | High
-27 | File | `/include/chart_generator.php` | High
-28 | File | `/index.php` | Medium
-29 | File | `/index.php?page=member` | High
-30 | File | `/librarian/bookdetails.php` | High
-31 | File | `/link/` | Low
-32 | File | `/matkul/data` | Medium
-33 | File | `/message/form/` | High
-34 | File | `/messageboard/view.php` | High
-35 | File | `/out.php` | Medium
-36 | File | `/src/Illuminate/Laravel.php` | High
-37 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
-38 | File | `/system/dict/list` | High
-39 | File | `/system/user/resetPwd` | High
-40 | File | `/SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc` | High
-41 | File | `/SystemManage/Role/GetGridJson?keyword=&page=1&rows=20` | High
-42 | File | `/textpattern/index.php` | High
-43 | ... | ... | ...
+8 | File | `/baseOpLog.do` | High
+9 | File | `/CCMAdmin/serverlist.asp` | High
+10 | File | `/cgi-bin/luci/api/auth` | High
+11 | File | `/cgi-bin/wlogin.cgi` | High
+12 | File | `/cgi/get_param.cgi` | High
+13 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
+14 | File | `/csms/admin/inquiries/view_details.php` | High
+15 | File | `/cstecgi.cgi` | Medium
+16 | File | `/dashboard/contact` | High
+17 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
+18 | File | `/forum/away.php` | High
+19 | File | `/goform/WifiBasicSet` | High
+20 | File | `/group1/uploa` | High
+21 | File | `/htdocs/cgibin` | High
+22 | File | `/importexport.php` | High
+23 | File | `/include/chart_generator.php` | High
+24 | File | `/index.php` | Medium
+25 | File | `/index.php?page=member` | High
+26 | File | `/librarian/bookdetails.php` | High
+27 | File | `/link/` | Low
+28 | File | `/matkul/data` | Medium
+29 | File | `/message/form/` | High
+30 | File | `/messageboard/view.php` | High
+31 | File | `/out.php` | Medium
+32 | File | `/src/Illuminate/Laravel.php` | High
+33 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
+34 | File | `/system/dict/list` | High
+35 | File | `/SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc` | High
+36 | File | `/SystemManage/Role/GetGridJson?keyword=&page=1&rows=20` | High
+37 | File | `/textpattern/index.php` | High
+38 | File | `/upfile.cgi` | Medium
+39 | File | `/upgrade_filter.asp` | High
+40 | File | `/v1/avatars/favicon` | High
+41 | ... | ... | ...

-There are 373 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 356 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...

-There are 21 more country items available. Please use our online service to access the data.
+There are 23 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -389,14 +389,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-36 | Pathname Traversal | High
-2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
-3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
 6 | ... | ... | ... | ...

-There are 19 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -404,66 +404,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `//WEB-INF` | Medium
-2 | File | `/about.php` | Medium
-3 | File | `/admin.php/update/getFile.html` | High
-4 | File | `/admin/cashadvance_row.php` | High
-5 | File | `/admin/inquiries/view_inquiry.php` | High
-6 | File | `/admin/maintenance/view_designation.php` | High
-7 | File | `/admin/offenses/view_details.php` | High
-8 | File | `/admin/report/index.php` | High
-9 | File | `/admin/router.php` | High
-10 | File | `/admin/sales/view_details.php` | High
-11 | File | `/admin/sys_sql_query.php` | High
-12 | File | `/admin/userprofile.php` | High
-13 | File | `/api/baskets/{name}` | High
-14 | File | `/cgi-bin/DownloadFlash` | High
-15 | File | `/cgi-bin/wlogin.cgi` | High
+1 | File | `/admin/router.php` | High
+2 | File | `/admin/save.php` | High
+3 | File | `/admin/sys_sql_query.php` | High
+4 | File | `/api/baskets/{name}` | High
+5 | File | `/api/download` | High
+6 | File | `/api/runscript` | High
+7 | File | `/api/v1/terminal/sessions/?limit=1` | High
+8 | File | `/bin/sh` | Low
+9 | File | `/bitrix/admin/ldap_server_edit.php` | High
+10 | File | `/category.php` | High
+11 | File | `/categorypage.php` | High
+12 | File | `/cgi-bin/DownloadFlash` | High
+13 | File | `/cgi-bin/login.cgi` | High
+14 | File | `/cgi-bin/luci/api/wireless` | High
+15 | File | `/cgi-bin/vitogate.cgi` | High
 16 | File | `/classes/Master.php?f=delete_category` | High
-17 | File | `/classes/Master.php?f=delete_service` | High
-18 | File | `/classes/Master.php?f=save_course` | High
-19 | File | `/company/store` | High
-20 | File | `/Controller/Ajaxfileupload.ashx` | High
+17 | File | `/company/store` | High
+18 | File | `/Content/Template/root/reverse-shell.aspx` | High
+19 | File | `/Controller/Ajaxfileupload.ashx` | High
+20 | File | `/core/conditions/AbstractWrapper.java` | High
 21 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
 22 | File | `/E-mobile/App/System/File/downfile.php` | High
 23 | File | `/Electron/download` | High
-24 | File | `/feeds/post/publish` | High
-25 | File | `/forum/away.php` | High
-26 | File | `/h/` | Low
-27 | File | `/inc/jquery/uploadify/uploadify.php` | High
-28 | File | `/inc/topBarNav.php` | High
+24 | File | `/etc/passwd` | Medium
+25 | File | `/fcgi/scrut_fcgi.fcgi` | High
+26 | File | `/forum/away.php` | High
+27 | File | `/h/` | Low
+28 | File | `/HNAP1` | Low
 29 | File | `/index.php?app=main&func=passport&action=login` | High
 30 | File | `/index.php?page=category_list` | High
-31 | File | `/jobinfo/` | Medium
-32 | File | `/KeepAlive.jsp` | High
-33 | File | `/modules/projects/vw_files.php` | High
-34 | File | `/Moosikay/order.php` | High
-35 | File | `/opac/Actions.php?a=login` | High
-36 | File | `/pms/admin/visits/view_visit.php` | High
-37 | File | `/PreviewHandler.ashx` | High
-38 | File | `/proxy` | Low
-39 | File | `/recipe-result` | High
-40 | File | `/Repositories` | High
-41 | File | `/reservation/add_message.php` | High
-42 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
-43 | File | `/send_order.cgi?parameter=access_detect` | High
-44 | File | `/Service/ImageStationDataService.asmx` | High
-45 | File | `/student/bookdetails.php` | High
-46 | File | `/text/pdf/PdfReader.java` | High
-47 | File | `/uploads/exam_question/` | High
-48 | File | `/user/ticket/create` | High
-49 | File | `/user/updatePwd` | High
-50 | File | `/userRpm/WanDynamicIpV6CfgRpm` | High
-51 | File | `/var/lib/docker/<remapping>` | High
-52 | File | `/wp-admin/admin-ajax.php` | High
-53 | File | `/wp-json/oembed/1.0/embed?url` | High
-54 | File | `a-forms.php` | Medium
-55 | File | `account.asp` | Medium
-56 | File | `adclick.php` | Medium
-57 | File | `admin.a6mambocredits.php` | High
-58 | ... | ... | ...
+31 | File | `/jeecg-boot/sys/common/upload` | High
+32 | File | `/jobinfo/` | Medium
+33 | File | `/LogInOut.php` | High
+34 | File | `/out.php` | Medium
+35 | File | `/PreviewHandler.ashx` | High
+36 | File | `/recipe-result` | High
+37 | File | `/register.do` | Medium
+38 | File | `/RPS2019Service/status.html` | High
+39 | File | `/Service/ImageStationDataService.asmx` | High
+40 | File | `/sicweb-ajax/tmproot/` | High
+41 | File | `/Side.php` | Medium
+42 | File | `/spip.php` | Medium
+43 | File | `/student/bookdetails.php` | High
+44 | ... | ... | ...

-There are 503 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 378 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Chimera/README.md
+++ b/actors/Chimera/README.md
@ -31,11 +31,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-37 | Pathname Traversal | High
-2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
-3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79 | Cross Site Scripting | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
 6 | ... | ... | ... | ...

 There are 22 more TTP items available. Please use our online service to access the data.
@ -46,45 +46,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `//proc/kcore` | Medium
-2 | File | `/action/wirelessConnect` | High
-3 | File | `/admin/assign/assign.php` | High
-4 | File | `/admin/contacts/organizations/edit/2` | High
-5 | File | `/admin/curriculum/view_curriculum.php` | High
-6 | File | `/admin/departments/view_department.php` | High
-7 | File | `/admin/maintenance/view_designation.php` | High
-8 | File | `/admin/suppliers/view_details.php` | High
-9 | File | `/admin/user/manage_user.php` | High
-10 | File | `/admin/user/uploadImg` | High
-11 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
+1 | File | `/academy/home/courses` | High
+2 | File | `/admin/adclass.php` | High
+3 | File | `/admin/admin-profile.php` | High
+4 | File | `/admin/sales/view_details.php` | High
+5 | File | `/admin/students/view_details.php` | High
+6 | File | `/ajax-files/followBoard.php` | High
+7 | File | `/ajax.php?action=read_msg` | High
+8 | File | `/api/cron/settings/setJob/` | High
+9 | File | `/api/v1/snapshots` | High
+10 | File | `/audit/log/log_management.php` | High
+11 | File | `/auth/callback` | High
 12 | File | `/authenticationendpoint/login.do` | High
-13 | File | `/bin/login` | Medium
-14 | File | `/cgi-bin/cstecgi.cgi` | High
-15 | File | `/cgi-bin/kerbynet` | High
-16 | File | `/cgi-bin/luci` | High
-17 | File | `/cgi-bin/wlogin.cgi` | High
-18 | File | `/classes/Master.php` | High
-19 | File | `/classes/Master.php?f=delete_item` | High
-20 | File | `/config/getuser` | High
-21 | File | `/contact/store` | High
-22 | File | `/Content/Template/root/reverse-shell.aspx` | High
-23 | File | `/forms/doLogin` | High
-24 | File | `/forum/away.php` | High
-25 | File | `/HNAP1` | Low
-26 | File | `/lan.asp` | Medium
-27 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
-28 | File | `/login/index.php` | High
-29 | File | `/mc` | Low
-30 | File | `/menu.html` | Medium
-31 | File | `/mims/login.php` | High
-32 | File | `/out.php` | Medium
-33 | File | `/php-inventory-management-system/product.php` | High
-34 | File | `/plain` | Low
-35 | File | `/qsr_server/device/reboot` | High
-36 | File | `/spip.php` | Medium
-37 | ... | ... | ...
+13 | File | `/cgi-bin/mainfunction.cgi` | High
+14 | File | `/cgi-bin/wlogin.cgi` | High
+15 | File | `/cgi.cgi` | Medium
+16 | File | `/classes/Users.php` | High
+17 | File | `/collection/all` | High
+18 | File | `/Content/Template/root/reverse-shell.aspx` | High
+19 | File | `/ctcprotocol/Protocol` | High
+20 | File | `/dottie.js` | Medium
+21 | File | `/DXR.axd` | Medium
+22 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
+23 | File | `/env` | Low
+24 | File | `/files/` | Low
+25 | File | `/forms/doLogin` | High
+26 | File | `/forum/away.php` | High
+27 | File | `/goform/setportList` | High
+28 | File | `/h/autoSaveDraft` | High
+29 | File | `/index.php` | Medium
+30 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
+31 | File | `/index.php?page=member` | High
+32 | File | `/jurusanmatkul/data` | High
+33 | File | `/librarian/bookdetails.php` | High
+34 | File | `/log/decodmail.php` | High
+35 | File | `/log/webmailattach.php` | High
+36 | File | `/login.php?do=login` | High
+37 | File | `/php-opos/index.php` | High
+38 | File | `/public/login.htm` | High
+39 | File | `/QueryView.php` | High
+40 | File | `/recreate.php` | High
+41 | File | `/romfile.cfg` | Medium
+42 | ... | ... | ...

-There are 315 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 366 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -21,10 +21,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [CN](https://vuldb.com/?country.cn)
 * [US](https://vuldb.com/?country.us)
-* [JP](https://vuldb.com/?country.jp)
+* [GB](https://vuldb.com/?country.gb)
 * ...

-There are 18 more country items available. Please use our online service to access the data.
+There are 14 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -1921,14 +1921,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
-6 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+7 | ... | ... | ... | ...

-There are 19 more TTP items available. Please use our online service to access the data.
+There are 23 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -1936,50 +1937,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/act/ActDao.xml` | High
-2 | File | `/admin/sys_sql_query.php` | High
-3 | File | `/ajax.php?action=read_msg` | High
-4 | File | `/api/baskets/{name}` | High
-5 | File | `/bin/ate` | Medium
+1 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
+2 | File | `/admin/save.php` | High
+3 | File | `/api/baskets/{name}` | High
+4 | File | `/api/download` | High
+5 | File | `/api/v1/terminal/sessions/?limit=1` | High
 6 | File | `/bitrix/admin/ldap_server_edit.php` | High
 7 | File | `/booking/show_bookings/` | High
-8 | File | `/cgi-bin/luci/api/wireless` | High
-9 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
-10 | File | `/classes/Master.php?f=delete_category` | High
-11 | File | `/company/store` | High
-12 | File | `/concat?/%2557EB-INF/web.xml` | High
-13 | File | `/Content/Template/root/reverse-shell.aspx` | High
-14 | File | `/Controller/Ajaxfileupload.ashx` | High
+8 | File | `/category.php` | High
+9 | File | `/categorypage.php` | High
+10 | File | `/cgi-bin/luci/api/wireless` | High
+11 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
+12 | File | `/cgi-bin/vitogate.cgi` | High
+13 | File | `/cgi/networkDiag.cgi` | High
+14 | File | `/Content/Template/root/reverse-shell.aspx` | High
 15 | File | `/core/conditions/AbstractWrapper.java` | High
-16 | File | `/debug/pprof` | Medium
-17 | File | `/E-mobile/App/System/File/downfile.php` | High
-18 | File | `/env` | Low
-19 | File | `/etc/passwd` | Medium
-20 | File | `/forum/away.php` | High
-21 | File | `/getcfg.php` | Medium
-22 | File | `/goform/AdvSetLanip` | High
-23 | File | `/goform/fromSetWirelessRepeat` | High
-24 | File | `/goform/setmac` | High
-25 | File | `/goform/setMacFilterCfg` | High
-26 | File | `/goform/SetSysTimeCfg` | High
-27 | File | `/goform/WifiGuestSet` | High
-28 | File | `/group1/uploa` | High
-29 | File | `/h/` | Low
-30 | File | `/index.php?app=main&func=passport&action=login` | High
-31 | File | `/ipms/imageConvert/image` | High
-32 | File | `/jobinfo/` | Medium
-33 | File | `/kelasdosen/data` | High
-34 | File | `/net/sched/cls_fw.c` | High
-35 | File | `/news/*.html` | Medium
-36 | File | `/note/index/delete` | High
-37 | File | `/php-sms/admin/?page=user/manage_user` | High
-38 | File | `/preview.php` | Medium
-39 | File | `/PreviewHandler.ashx` | High
-40 | File | `/recipe-result` | High
-41 | File | `/register.do` | Medium
-42 | ... | ... | ...
+16 | File | `/dashboard/add-blog.php` | High
+17 | File | `/data/remove` | Medium
+18 | File | `/debug/pprof` | Medium
+19 | File | `/ecommerce/admin/settings/setDiscount.php` | High
+20 | File | `/etc/passwd` | Medium
+21 | File | `/fcgi/scrut_fcgi.fcgi` | High
+22 | File | `/forum/away.php` | High
+23 | File | `/getcfg.php` | Medium
+24 | File | `/goform/net\_Web\_get_value` | High
+25 | File | `/GponForm/usb_restore_Form?script/` | High
+26 | File | `/group1/uploa` | High
+27 | File | `/HNAP1` | Low
+28 | File | `/home/get_tasks_list` | High
+29 | File | `/index.php/sysmanage/Login/login_auth/` | High
+30 | File | `/jeecg-boot/sys/common/upload` | High
+31 | File | `/net/sched/cls_fw.c` | High
+32 | File | `/plugin` | Low
+33 | File | `/preview.php` | Medium
+34 | File | `/recipe-result` | High
+35 | File | `/register.do` | Medium
+36 | File | `/resources//../` | High
+37 | File | `/RPS2019Service/status.html` | High
+38 | File | `/search.php` | Medium
+39 | ... | ... | ...

-There are 367 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 332 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -54,37 +54,41 @@ ID | Type | Indicator | Confidence
 4 | File | `/admin/forgot-password.php` | High
 5 | File | `/admin/index.php` | High
 6 | File | `/admin/lab.php` | High
-7 | File | `/admin/payment.php` | High
-8 | File | `/admin/show.php` | High
-9 | File | `/default.php?idx=17` | High
-10 | File | `/download` | Medium
-11 | File | `/env` | Low
-12 | File | `/forum/away.php` | High
-13 | File | `/index.php` | Medium
-14 | File | `/opt/bin/cli` | Medium
-15 | File | `/p` | Low
-16 | File | `/patient/doctors.php` | High
-17 | File | `/phpinventory/editcategory.php` | High
-18 | File | `/product-list.php` | High
-19 | File | `/spip.php` | Medium
-20 | File | `/uncpath/` | Medium
-21 | File | `/updown/upload.cgi` | High
-22 | File | `/user/del.php` | High
-23 | File | `/_next` | Low
-24 | File | `123flashchat.php` | High
-25 | File | `act.php` | Low
-26 | File | `admin/bad.php` | High
-27 | File | `admin/index.php` | High
-28 | File | `admin/index.php/user/del/1` | High
-29 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-30 | File | `administrator/index.php` | High
-31 | File | `agenda.php` | Medium
-32 | File | `ajax/render/widget_php` | High
-33 | File | `album_portal.php` | High
-34 | File | `api.php` | Low
-35 | ... | ... | ...
+7 | File | `/admin/login.php` | High
+8 | File | `/admin/payment.php` | High
+9 | File | `/admin/show.php` | High
+10 | File | `/default.php?idx=17` | High
+11 | File | `/download` | Medium
+12 | File | `/env` | Low
+13 | File | `/forum/away.php` | High
+14 | File | `/index.php` | Medium
+15 | File | `/opt/bin/cli` | Medium
+16 | File | `/p` | Low
+17 | File | `/patient/doctors.php` | High
+18 | File | `/phpinventory/editcategory.php` | High
+19 | File | `/product-list.php` | High
+20 | File | `/spip.php` | Medium
+21 | File | `/uncpath/` | Medium
+22 | File | `/updown/upload.cgi` | High
+23 | File | `/user/del.php` | High
+24 | File | `/wp-admin/admin-ajax.php` | High
+25 | File | `/_next` | Low
+26 | File | `123flashchat.php` | High
+27 | File | `act.php` | Low
+28 | File | `admin.php/pay` | High
+29 | File | `admin/bad.php` | High
+30 | File | `admin/index.php` | High
+31 | File | `admin/index.php/user/del/1` | High
+32 | File | `admin/index.php?id=themes&action=edit_chunk` | High
+33 | File | `administrator/index.php` | High
+34 | File | `agenda.php` | Medium
+35 | File | `ajax/render/widget_php` | High
+36 | File | `album_portal.php` | High
+37 | File | `api.php` | Low
+38 | File | `application/home/controller/debug.php` | High
+39 | ... | ... | ...

-There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 335 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Chthonic/README.md
+++ b/actors/Chthonic/README.md
@ -79,21 +79,21 @@ ID | Type | Indicator | Confidence
 3 | File | `/admin.php` | Medium
 4 | File | `/admin/read.php?mudi=getSignal` | High
 5 | File | `/admin/subnets/ripe-query.php` | High
-6 | File | `/core/conditions/AbstractWrapper.java` | High
-7 | File | `/debug/pprof` | Medium
-8 | File | `/export` | Low
-9 | File | `/file?action=download&file` | High
-10 | File | `/hardware` | Medium
-11 | File | `/librarian/bookdetails.php` | High
-12 | File | `/medical/inventories.php` | High
-13 | File | `/monitoring` | Medium
-14 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
-15 | File | `/plugin/LiveChat/getChat.json.php` | High
-16 | File | `/plugins/servlet/audit/resource` | High
-17 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
-18 | File | `/replication` | Medium
-19 | File | `/RestAPI` | Medium
-20 | File | `/tmp/speedtest_urls.xml` | High
+6 | File | `/apply.cgi` | Medium
+7 | File | `/core/conditions/AbstractWrapper.java` | High
+8 | File | `/debug/pprof` | Medium
+9 | File | `/export` | Low
+10 | File | `/file?action=download&file` | High
+11 | File | `/hardware` | Medium
+12 | File | `/librarian/bookdetails.php` | High
+13 | File | `/medical/inventories.php` | High
+14 | File | `/monitoring` | Medium
+15 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
+16 | File | `/plugin/LiveChat/getChat.json.php` | High
+17 | File | `/plugins/servlet/audit/resource` | High
+18 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
+19 | File | `/replication` | Medium
+20 | File | `/RestAPI` | Medium
 21 | File | `/tmp/zarafa-vacation-*` | High
 22 | File | `/uncpath/` | Medium
 23 | File | `/upload` | Low
@ -101,7 +101,7 @@ ID | Type | Indicator | Confidence
 25 | File | `/var/log/nginx` | High
 26 | ... | ... | ...

-There are 221 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 220 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/ClearFake/README.md
+++ b/actors/ClearFake/README.md
@ -0,0 +1,30 @@
+# ClearFake - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ClearFake](https://vuldb.com/?actor.clearfake). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.clearfake](https://vuldb.com/?actor.clearfake)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of ClearFake.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [109.248.206.138](https://vuldb.com/?ip.109.248.206.138) | 109.248.206.138.yadc.ru | - | High
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://blog.sekoia.io/clearfake-a-newcomer-to-the-fake-updates-threats-landscape/
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/CloudEyE/README.md
+++ b/actors/CloudEyE/README.md
@ -4,6 +4,17 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cloudeye](https://vuldb.com/?actor.cloudeye)

+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CloudEyE:
+
+* [US](https://vuldb.com/?country.us)
+* [SV](https://vuldb.com/?country.sv)
+* [DE](https://vuldb.com/?country.de)
+* ...
+
+There are 6 more country items available. Please use our online service to access the data.
+
 ## IOC - Indicator of Compromise

 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CloudEyE.
@ -11,11 +22,39 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [194.55.224.183](https://vuldb.com/?ip.194.55.224.183) | - | - | High
+2 | [194.180.48.211](https://vuldb.com/?ip.194.180.48.211) | - | - | High
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _CloudEyE_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
+
+There are 11 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by CloudEyE. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `assetmanager.asp` | High
+2 | File | `cryptocat.js` | Medium
+3 | File | `downloadFlile.cgi` | High
+4 | ... | ... | ...
+
+There are 21 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

+* https://research.checkpoint.com/2023/unveiling-the-shadows-the-dark-alliance-between-guloader-and-remcos/
 * https://threatfox.abuse.ch

 ## Literature
--- a/Group/README.md
+++ b/Group/README.md
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Group:

 * [PL](https://vuldb.com/?country.pl)
-* [DE](https://vuldb.com/?country.de)
 * [RU](https://vuldb.com/?country.ru)
+* [PT](https://vuldb.com/?country.pt)
 * ...

 There are 10 more country items available. Please use our online service to access the data.
@ -62,46 +62,48 @@ ID | Type | Indicator | Confidence
 10 | File | `/admin/edit_category.php` | High
 11 | File | `/admin/edit_subject.php` | High
 12 | File | `/admin/modal_add_product.php` | High
-13 | File | `/admin/sales/view_details.php` | High
-14 | File | `/admin/service.php` | High
-15 | File | `/admin/sign/out` | High
-16 | File | `/admin/test_status.php` | High
-17 | File | `/api/common/ping` | High
-18 | File | `/api/v2/open/tablesInfo` | High
-19 | File | `/api/wechat/app_auth` | High
-20 | File | `/asms/classes/Master.php?f=delete_img` | High
-21 | File | `/catcompany.php` | High
-22 | File | `/classes/Master.php?f=delete_appointment` | High
-23 | File | `/classes/Master.php?f=save_item` | High
-24 | File | `/classes/Users.php` | High
-25 | File | `/cms/notify` | Medium
-26 | File | `/depotHead/list` | High
-27 | File | `/device/signin` | High
-28 | File | `/fusiondirectory/index.php` | High
-29 | File | `/general/ipanel/menu_code.php?MENU_TYPE=FAV` | High
-30 | File | `/goform/addressNat` | High
-31 | File | `/goform/RGFirewallEL` | High
-32 | File | `/goform/WifiBasicSet` | High
-33 | File | `/h/` | Low
-34 | File | `/HNAP1` | Low
-35 | File | `/hslist` | Low
-36 | File | `/importexport.php` | High
-37 | File | `/include/dialog/select_templets_post.php` | High
-38 | File | `/index.php/sysmanage/Login/login_auth/` | High
-39 | File | `/index.php?page=member` | High
-40 | File | `/js/player/dmplayer/dmku/index.php` | High
-41 | File | `/lists/admin/` | High
-42 | File | `/log/decodmail.php` | High
-43 | File | `/login/index.php` | High
-44 | File | `/multi-vendor-shopping-script/product-list.php` | High
-45 | File | `/myAccount` | Medium
-46 | File | `/note/index/delete` | High
-47 | File | `/operations/travellers.php` | High
-48 | File | `/patient/appointment.php` | High
-49 | File | `/paysystem/datatable.php` | High
-50 | ... | ... | ...
+13 | File | `/admin/order.php` | High
+14 | File | `/admin/sales/view_details.php` | High
+15 | File | `/admin/service.php` | High
+16 | File | `/admin/sign/out` | High
+17 | File | `/admin/test_status.php` | High
+18 | File | `/api/common/ping` | High
+19 | File | `/api/v2/open/tablesInfo` | High
+20 | File | `/api/wechat/app_auth` | High
+21 | File | `/asms/classes/Master.php?f=delete_img` | High
+22 | File | `/catcompany.php` | High
+23 | File | `/classes/Master.php?f=delete_appointment` | High
+24 | File | `/classes/Master.php?f=save_item` | High
+25 | File | `/classes/Users.php` | High
+26 | File | `/cms/notify` | Medium
+27 | File | `/depotHead/list` | High
+28 | File | `/device/signin` | High
+29 | File | `/fusiondirectory/index.php` | High
+30 | File | `/general/ipanel/menu_code.php?MENU_TYPE=FAV` | High
+31 | File | `/goform/addressNat` | High
+32 | File | `/goform/RGFirewallEL` | High
+33 | File | `/goform/WifiBasicSet` | High
+34 | File | `/h/` | Low
+35 | File | `/HNAP1` | Low
+36 | File | `/hslist` | Low
+37 | File | `/importexport.php` | High
+38 | File | `/include/dialog/select_templets_post.php` | High
+39 | File | `/index.php/sysmanage/Login/login_auth/` | High
+40 | File | `/index.php?page=member` | High
+41 | File | `/js/player/dmplayer/dmku/index.php` | High
+42 | File | `/lists/admin/` | High
+43 | File | `/log/decodmail.php` | High
+44 | File | `/login/index.php` | High
+45 | File | `/multi-vendor-shopping-script/product-list.php` | High
+46 | File | `/myAccount` | Medium
+47 | File | `/note/index/delete` | High
+48 | File | `/operations/travellers.php` | High
+49 | File | `/patient/appointment.php` | High
+50 | File | `/paysystem/datatable.php` | High
+51 | File | `/php-sms/admin/orders/update_status.php` | High
+52 | ... | ... | ...

-There are 438 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Strike/README.md
+++ b/Strike/README.md
--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -54,39 +54,43 @@ ID | Type | Indicator | Confidence
 4 | File | `/admin/forgot-password.php` | High
 5 | File | `/admin/index.php` | High
 6 | File | `/admin/lab.php` | High
-7 | File | `/admin/payment.php` | High
-8 | File | `/admin/show.php` | High
-9 | File | `/default.php?idx=17` | High
-10 | File | `/download` | Medium
-11 | File | `/env` | Low
-12 | File | `/forum/away.php` | High
-13 | File | `/index.php` | Medium
-14 | File | `/opt/bin/cli` | Medium
-15 | File | `/p` | Low
-16 | File | `/patient/doctors.php` | High
-17 | File | `/phpinventory/editcategory.php` | High
-18 | File | `/product-list.php` | High
-19 | File | `/public/login.htm` | High
-20 | File | `/server-info` | Medium
-21 | File | `/spip.php` | Medium
-22 | File | `/tmp` | Low
-23 | File | `/tmp/sysstat.run` | High
-24 | File | `/uncpath/` | Medium
-25 | File | `/updown/upload.cgi` | High
-26 | File | `/user/del.php` | High
-27 | File | `/websocket/exec` | High
-28 | File | `/_next` | Low
-29 | File | `123flashchat.php` | High
-30 | File | `act.php` | Low
-31 | File | `add_vhost.php` | High
-32 | File | `admin/bad.php` | High
-33 | File | `admin/index.php` | High
-34 | File | `admin/index.php/user/del/1` | High
-35 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-36 | File | `administrator/index.php` | High
-37 | ... | ... | ...
+7 | File | `/admin/login.php` | High
+8 | File | `/admin/payment.php` | High
+9 | File | `/admin/show.php` | High
+10 | File | `/default.php?idx=17` | High
+11 | File | `/download` | Medium
+12 | File | `/env` | Low
+13 | File | `/forum/away.php` | High
+14 | File | `/index.php` | Medium
+15 | File | `/opt/bin/cli` | Medium
+16 | File | `/p` | Low
+17 | File | `/patient/doctors.php` | High
+18 | File | `/phpinventory/editcategory.php` | High
+19 | File | `/product-list.php` | High
+20 | File | `/public/login.htm` | High
+21 | File | `/server-info` | Medium
+22 | File | `/spip.php` | Medium
+23 | File | `/tmp` | Low
+24 | File | `/tmp/sysstat.run` | High
+25 | File | `/uncpath/` | Medium
+26 | File | `/updown/upload.cgi` | High
+27 | File | `/user/del.php` | High
+28 | File | `/websocket/exec` | High
+29 | File | `/wp-admin/admin-ajax.php` | High
+30 | File | `/_next` | Low
+31 | File | `123flashchat.php` | High
+32 | File | `act.php` | Low
+33 | File | `add_vhost.php` | High
+34 | File | `admin.php/pay` | High
+35 | File | `admin/bad.php` | High
+36 | File | `admin/index.php` | High
+37 | File | `admin/index.php/user/del/1` | High
+38 | File | `admin/index.php?id=themes&action=edit_chunk` | High
+39 | File | `administrator/index.php` | High
+40 | File | `agenda.php` | Medium
+41 | ... | ... | ...

-There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 353 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/CoinMiner/README.md
+++ b/actors/CoinMiner/README.md
@ -46,13 +46,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-94 | Cross Site Scripting | High
 5 | ... | ... | ... | ...

-There are 17 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -64,48 +64,46 @@ ID | Type | Indicator | Confidence
 2 | File | `.plan` | Low
 3 | File | `.tin` | Low
 4 | File | `/admin/read.php?mudi=announContent` | High
-5 | File | `/cgi-bin/editBookmark` | High
-6 | File | `/cgi-bin/luci;stok=/locale` | High
-7 | File | `/classes/Login.php` | High
-8 | File | `/configs/application.ini` | High
-9 | File | `/goform/setPicListItem` | High
-10 | File | `/home/cavesConsole` | High
-11 | File | `/home/kickPlayer` | High
-12 | File | `/home/masterConsole` | High
-13 | File | `/home/sendBroadcast` | High
-14 | File | `/rapi/read_url` | High
-15 | File | `/services/Card/findUser` | High
-16 | File | `/spacecom/login.php` | High
-17 | File | `/sys/dict/queryTableData` | High
-18 | File | `/Taier/API/tenant/listTenant` | High
-19 | File | `/ucenter/active.php` | High
-20 | File | `/uncpath/` | Medium
-21 | File | `/user/updatePwd` | High
-22 | File | `/xampp/guestbook-en.pl` | High
-23 | File | `/zm/index.php` | High
-24 | File | `123flashchat.php` | High
-25 | File | `abook_database.php` | High
-26 | File | `action.php` | Medium
-27 | File | `admin.php` | Medium
-28 | File | `admin/admin_process.php` | High
-29 | File | `admin/profile_settings_net.html` | High
-30 | File | `admin/vqmods.app/vqmods.inc.php` | High
-31 | File | `af.cgi/alienform.cgi` | High
-32 | File | `afd.sys` | Low
-33 | File | `akocomment.php` | High
-34 | File | `app/routes/research.js` | High
-35 | File | `article.php` | Medium
-36 | File | `aviso.php` | Medium
-37 | File | `awredir.pl` | Medium
-38 | File | `bitmap/bdfread.c` | High
-39 | File | `blocks.php` | Medium
-40 | File | `blog.cgi` | Medium
-41 | File | `bluewrench-video-widget.php` | High
-42 | File | `browse.php` | Medium
-43 | File | `carsdetail.asp` | High
-44 | ... | ... | ...
+5 | File | `/ajaxGetFileByPath.php` | High
+6 | File | `/app/sys1.php` | High
+7 | File | `/cgi-bin/editBookmark` | High
+8 | File | `/cgi-bin/luci;stok=/locale` | High
+9 | File | `/classes/Login.php` | High
+10 | File | `/configs/application.ini` | High
+11 | File | `/home/cavesConsole` | High
+12 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
+13 | File | `/home/kickPlayer` | High
+14 | File | `/home/masterConsole` | High
+15 | File | `/home/sendBroadcast` | High
+16 | File | `/rapi/read_url` | High
+17 | File | `/services/Card/findUser` | High
+18 | File | `/spacecom/login.php` | High
+19 | File | `/student/bookdetails.php` | High
+20 | File | `/sys/dict/queryTableData` | High
+21 | File | `/Taier/API/tenant/listTenant` | High
+22 | File | `/ucenter/active.php` | High
+23 | File | `/uncpath/` | Medium
+24 | File | `/user/updatePwd` | High
+25 | File | `/userRpm/PingIframeRpm` | High
+26 | File | `/vm/admin/doctors.php` | High
+27 | File | `/xampp/guestbook-en.pl` | High
+28 | File | `/zm/index.php` | High
+29 | File | `123flashchat.php` | High
+30 | File | `abook_database.php` | High
+31 | File | `action.php` | Medium
+32 | File | `admin.php` | Medium
+33 | File | `admin/admin_process.php` | High
+34 | File | `admin/user.php` | High
+35 | File | `admin/vqmods.app/vqmods.inc.php` | High
+36 | File | `afd.sys` | Low
+37 | File | `akocomment.php` | High
+38 | File | `app/routes/research.js` | High
+39 | File | `article.php` | Medium
+40 | File | `aviso.php` | Medium
+41 | File | `awredir.pl` | Medium
+42 | ... | ... | ...

-There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 359 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...

-There are 19 more country items available. Please use our online service to access the data.
+There are 20 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -419,14 +419,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

-There are 18 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -437,62 +437,53 @@ ID | Type | Indicator | Confidence
 1 | File | `//WEB-INF` | Medium
 2 | File | `/about.php` | Medium
 3 | File | `/admin.php/update/getFile.html` | High
-4 | File | `/admin/` | Low
-5 | File | `/admin/cashadvance_row.php` | High
-6 | File | `/admin/inquiries/view_inquiry.php` | High
-7 | File | `/admin/maintenance/view_designation.php` | High
-8 | File | `/admin/report/index.php` | High
-9 | File | `/admin/userprofile.php` | High
-10 | File | `/APR/login.php` | High
-11 | File | `/APR/signup.php` | High
-12 | File | `/cgi-bin/wapopen` | High
-13 | File | `/cgi-bin/wlogin.cgi` | High
-14 | File | `/classes/Master.php?f=delete_service` | High
-15 | File | `/classes/Master.php?f=save_course` | High
-16 | File | `/company/store` | High
-17 | File | `/Controller/Ajaxfileupload.ashx` | High
-18 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
-19 | File | `/E-mobile/App/System/File/downfile.php` | High
-20 | File | `/Electron/download` | High
-21 | File | `/feeds/post/publish` | High
-22 | File | `/forum/away.php` | High
-23 | File | `/h/` | Low
-24 | File | `/inc/jquery/uploadify/uploadify.php` | High
-25 | File | `/inc/topBarNav.php` | High
-26 | File | `/index.php?app=main&func=passport&action=login` | High
-27 | File | `/index.php?page=category_list` | High
-28 | File | `/jobinfo/` | Medium
-29 | File | `/KK_LS9ReportingPortal/GetData` | High
-30 | File | `/Moosikay/order.php` | High
-31 | File | `/opac/Actions.php?a=login` | High
-32 | File | `/PreviewHandler.ashx` | High
-33 | File | `/proxy` | Low
-34 | File | `/public/launchNewWindow.jsp` | High
-35 | File | `/reservation/add_message.php` | High
-36 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
-37 | File | `/send_order.cgi?parameter=access_detect` | High
-38 | File | `/Service/ImageStationDataService.asmx` | High
-39 | File | `/spip.php` | Medium
-40 | File | `/student/bookdetails.php` | High
-41 | File | `/text/pdf/PdfReader.java` | High
-42 | File | `/uploads/exam_question/` | High
-43 | File | `/user/ticket/create` | High
-44 | File | `/user/updatePwd` | High
-45 | File | `/var/lib/docker/<remapping>` | High
-46 | File | `/wp-admin/admin-ajax.php` | High
-47 | File | `a-forms.php` | Medium
-48 | File | `account/signup.php` | High
-49 | File | `activenews_view.asp` | High
-50 | File | `adclick.php` | Medium
-51 | File | `addentry.php` | Medium
-52 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
-53 | File | `admin.a6mambocredits.php` | High
-54 | File | `admin.cropcanvas.php` | High
-55 | File | `admin.jcomments.php` | High
-56 | File | `admin.php` | Medium
-57 | ... | ... | ...
+4 | File | `/admin/list_addr_fwresource_ip.php` | High
+5 | File | `/admin/save.php` | High
+6 | File | `/admin/sys_sql_query.php` | High
+7 | File | `/api/baskets/{name}` | High
+8 | File | `/api/download` | High
+9 | File | `/api/runscript` | High
+10 | File | `/api/v1/alerts` | High
+11 | File | `/api/v1/terminal/sessions/?limit=1` | High
+12 | File | `/bitrix/admin/ldap_server_edit.php` | High
+13 | File | `/category.php` | High
+14 | File | `/categorypage.php` | High
+15 | File | `/cgi-bin/luci/api/wireless` | High
+16 | File | `/cgi-bin/vitogate.cgi` | High
+17 | File | `/cgi-bin/wlogin.cgi` | High
+18 | File | `/classes/Master.php?f=delete_service` | High
+19 | File | `/company/store` | High
+20 | File | `/Content/Template/root/reverse-shell.aspx` | High
+21 | File | `/Controller/Ajaxfileupload.ashx` | High
+22 | File | `/core/conditions/AbstractWrapper.java` | High
+23 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
+24 | File | `/E-mobile/App/System/File/downfile.php` | High
+25 | File | `/Electron/download` | High
+26 | File | `/etc/passwd` | Medium
+27 | File | `/fcgi/scrut_fcgi.fcgi` | High
+28 | File | `/feeds/post/publish` | High
+29 | File | `/forum/away.php` | High
+30 | File | `/h/` | Low
+31 | File | `/HNAP1` | Low
+32 | File | `/inc/jquery/uploadify/uploadify.php` | High
+33 | File | `/index.php?app=main&func=passport&action=login` | High
+34 | File | `/index.php?page=category_list` | High
+35 | File | `/jeecg-boot/sys/common/upload` | High
+36 | File | `/jobinfo/` | Medium
+37 | File | `/Moosikay/order.php` | High
+38 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
+39 | File | `/opac/Actions.php?a=login` | High
+40 | File | `/out.php` | Medium
+41 | File | `/PreviewHandler.ashx` | High
+42 | File | `/recipe-result` | High
+43 | File | `/register.do` | Medium
+44 | File | `/reservation/add_message.php` | High
+45 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
+46 | File | `/RPS2019Service/status.html` | High
+47 | File | `/send_order.cgi?parameter=access_detect` | High
+48 | ... | ... | ...

-There are 495 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 419 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Conti/README.md
+++ b/actors/Conti/README.md
@ -17,10 +17,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
-* [NL](https://vuldb.com/?country.nl)
+* [RU](https://vuldb.com/?country.ru)
 * ...

-There are 18 more country items available. Please use our online service to access the data.
+There are 16 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -511,9 +511,10 @@ ID | IP address | Hostname | Campaign | Confidence
 481 | [6.2.4.2](https://vuldb.com/?ip.6.2.4.2) | - | - | High
 482 | [6.2.4.27](https://vuldb.com/?ip.6.2.4.27) | - | - | High
 483 | [6.2.5.2](https://vuldb.com/?ip.6.2.5.2) | - | - | High
-484 | ... | ... | ... | ...
+484 | [6.2.16.1](https://vuldb.com/?ip.6.2.16.1) | - | - | High
+485 | ... | ... | ... | ...

-There are 1930 more IOC items available. Please use our online service to access the data.
+There are 1935 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -537,63 +538,59 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/?ajax-request=jnews` | High
-2 | File | `/?p=products` | Medium
-3 | File | `/?r=recruit/resume/edit&op=status` | High
-4 | File | `/academy/tutor/filter` | High
-5 | File | `/admin.php/accessory/filesdel.html` | High
-6 | File | `/admin/?page=user/list` | High
-7 | File | `/admin/?page=user/manage` | High
-8 | File | `/admin/?page=user/manage_user&id=3` | High
-9 | File | `/admin/about-us.php` | High
-10 | File | `/admin/add-new.php` | High
-11 | File | `/admin/curriculum/view_curriculum.php` | High
-12 | File | `/admin/del_category.php` | High
-13 | File | `/admin/del_service.php` | High
-14 | File | `/admin/departments/view_department.php` | High
-15 | File | `/admin/doctors.php` | High
-16 | File | `/admin/edit-accepted-appointment.php` | High
-17 | File | `/admin/edit-services.php` | High
-18 | File | `/admin/edit_category.php` | High
-19 | File | `/admin/edit_subject.php` | High
-20 | File | `/admin/forgot-password.php` | High
-21 | File | `/admin/index.php` | High
-22 | File | `/admin/login.php` | High
-23 | File | `/admin/products/manage_product.php` | High
-24 | File | `/admin/reg.php` | High
-25 | File | `/admin/search-appointment.php` | High
-26 | File | `/admin/sys_sql_query.php` | High
-27 | File | `/admin/user/manage_user.php` | High
-28 | File | `/alphaware/summary.php` | High
-29 | File | `/api/` | Low
-30 | File | `/api/admin/store/product/list` | High
-31 | File | `/api/baskets/{name}` | High
-32 | File | `/api/stl/actions/search` | High
-33 | File | `/api/v2/cli/commands` | High
-34 | File | `/apply.cgi` | Medium
-35 | File | `/bin/ate` | Medium
-36 | File | `/blog` | Low
-37 | File | `/boat/login.php` | High
-38 | File | `/booking/show_bookings/` | High
-39 | File | `/cgi-bin` | Medium
-40 | File | `/cgi-bin/wlogin.cgi` | High
-41 | File | `/classes/master.php?f=delete_order` | High
-42 | File | `/collection/all` | High
-43 | File | `/Content/Template/root/reverse-shell.aspx` | High
-44 | File | `/csms/?page=contact_us` | High
-45 | File | `/dashboard/add-blog.php` | High
-46 | File | `/debug/pprof` | Medium
-47 | File | `/dipam/athlete-profile.php` | High
-48 | File | `/E-mobile/App/System/File/downfile.php` | High
-49 | File | `/edoc/doctor/patient.php` | High
-50 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
-51 | File | `/env` | Low
-52 | File | `/forms/doLogin` | High
-53 | File | `/forum/away.php` | High
-54 | File | `/fusion/portal/action/Link` | High
-55 | ... | ... | ...
+1 | File | `/?p=products` | Medium
+2 | File | `/?r=recruit/resume/edit&op=status` | High
+3 | File | `/academy/tutor/filter` | High
+4 | File | `/admin/?page=user/list` | High
+5 | File | `/admin/?page=user/manage_user&id=3` | High
+6 | File | `/admin/about-us.php` | High
+7 | File | `/admin/curriculum/view_curriculum.php` | High
+8 | File | `/admin/del_category.php` | High
+9 | File | `/admin/del_service.php` | High
+10 | File | `/admin/departments/view_department.php` | High
+11 | File | `/admin/edit-accepted-appointment.php` | High
+12 | File | `/admin/edit-services.php` | High
+13 | File | `/admin/edit_category.php` | High
+14 | File | `/admin/edit_subject.php` | High
+15 | File | `/admin/forgot-password.php` | High
+16 | File | `/admin/index.php` | High
+17 | File | `/admin/login.php` | High
+18 | File | `/admin/products/manage_product.php` | High
+19 | File | `/admin/reg.php` | High
+20 | File | `/admin/search-appointment.php` | High
+21 | File | `/admin/sys_sql_query.php` | High
+22 | File | `/admin/user/manage_user.php` | High
+23 | File | `/api/` | Low
+24 | File | `/api/admin/store/product/list` | High
+25 | File | `/api/baskets/{name}` | High
+26 | File | `/api/stl/actions/search` | High
+27 | File | `/api/v2/cli/commands` | High
+28 | File | `/appliance/users?action=edit` | High
+29 | File | `/apply.cgi` | Medium
+30 | File | `/bin/ate` | Medium
+31 | File | `/blog` | Low
+32 | File | `/booking/show_bookings/` | High
+33 | File | `/cgi-bin` | Medium
+34 | File | `/cgi-bin/wlogin.cgi` | High
+35 | File | `/classes/master.php?f=delete_order` | High
+36 | File | `/collection/all` | High
+37 | File | `/Content/Template/root/reverse-shell.aspx` | High
+38 | File | `/csms/?page=contact_us` | High
+39 | File | `/dashboard/add-blog.php` | High
+40 | File | `/debug/pprof` | Medium
+41 | File | `/dipam/athlete-profile.php` | High
+42 | File | `/E-mobile/App/System/File/downfile.php` | High
+43 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
+44 | File | `/env` | Low
+45 | File | `/forms/doLogin` | High
+46 | File | `/forum/away.php` | High
+47 | File | `/fusion/portal/action/Link` | High
+48 | File | `/group1/uploa` | High
+49 | File | `/h/autoSaveDraft` | High
+50 | File | `/importexport.php` | High
+51 | ... | ... | ...

-There are 476 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 447 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -601,6 +598,7 @@ The following list contains _external sources_ which discuss the actor and the a

 * https://ddanchev.blogspot.com/2022/02/exposing-conti-ransomware-gang-osint_28.html
 * https://ddanchev.blogspot.com/2022/06/how-to-take-down-conti-ransomware-gang.html
+* https://github.com/pan-unit42/iocs/blob/master/Conti_IOCs.txt
 * https://github.com/sophoslabs/IoCs/blob/master/Ransomware-Conti.csv
 * https://thedfirreport.com/2021/05/12/conti-ransomware/
 * https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/
--- a/Ransomware/README.md
+++ b/Ransomware/README.md
@ -25,19 +25,20 @@ ID | IP address | Hostname | Campaign | Confidence
 2 | [10.13.102.58](https://vuldb.com/?ip.10.13.102.58) | - | - | High
 3 | [10.14.100.20](https://vuldb.com/?ip.10.14.100.20) | - | - | High
 4 | [10.133.78.41](https://vuldb.com/?ip.10.133.78.41) | - | - | High
-5 | [23.227.198.246](https://vuldb.com/?ip.23.227.198.246) | 23-227-198-246.static.hvvc.us | - | High
-6 | [31.44.184.84](https://vuldb.com/?ip.31.44.184.84) | - | - | High
-7 | [31.44.184.100](https://vuldb.com/?ip.31.44.184.100) | - | - | High
-8 | [31.184.192.44](https://vuldb.com/?ip.31.184.192.44) | - | - | High
-9 | [31.184.194.42](https://vuldb.com/?ip.31.184.194.42) | - | - | High
-10 | [31.184.198.74](https://vuldb.com/?ip.31.184.198.74) | - | - | High
-11 | [31.184.198.80](https://vuldb.com/?ip.31.184.198.80) | directingme.com | - | High
-12 | [31.184.198.82](https://vuldb.com/?ip.31.184.198.82) | harms.directingme.com | - | High
-13 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
-14 | [31.184.198.84](https://vuldb.com/?ip.31.184.198.84) | - | - | High
-15 | ... | ... | ... | ...
+5 | [23.160.193.145](https://vuldb.com/?ip.23.160.193.145) | server1.wlook.com | - | High
+6 | [23.227.198.246](https://vuldb.com/?ip.23.227.198.246) | 23-227-198-246.static.hvvc.us | - | High
+7 | [31.44.184.84](https://vuldb.com/?ip.31.44.184.84) | - | - | High
+8 | [31.44.184.100](https://vuldb.com/?ip.31.44.184.100) | - | - | High
+9 | [31.184.192.44](https://vuldb.com/?ip.31.184.192.44) | - | - | High
+10 | [31.184.194.42](https://vuldb.com/?ip.31.184.194.42) | - | - | High
+11 | [31.184.198.74](https://vuldb.com/?ip.31.184.198.74) | - | - | High
+12 | [31.184.198.80](https://vuldb.com/?ip.31.184.198.80) | directingme.com | - | High
+13 | [31.184.198.82](https://vuldb.com/?ip.31.184.198.82) | harms.directingme.com | - | High
+14 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
+15 | [31.184.198.84](https://vuldb.com/?ip.31.184.198.84) | - | - | High
+16 | ... | ... | ... | ...

-There are 58 more IOC items available. Please use our online service to access the data.
+There are 60 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -47,7 +48,7 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
 4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
 6 | ... | ... | ... | ...
@ -61,57 +62,57 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/academy/home/courses` | High
-2 | File | `/ad-list` | Medium
-3 | File | `/admin/adclass.php` | High
-4 | File | `/admin/students/view_details.php` | High
-5 | File | `/ajax-files/followBoard.php` | High
-6 | File | `/ajax.php?action=read_msg` | High
-7 | File | `/api/baskets/{name}` | High
+2 | File | `/admin/adclass.php` | High
+3 | File | `/admin/admin-profile.php` | High
+4 | File | `/admin/sales/view_details.php` | High
+5 | File | `/admin/students/view_details.php` | High
+6 | File | `/ajax-files/followBoard.php` | High
+7 | File | `/ajax.php?action=read_msg` | High
 8 | File | `/api/cron/settings/setJob/` | High
-9 | File | `/api/upload.php` | High
-10 | File | `/auth/callback` | High
-11 | File | `/authenticationendpoint/login.do` | High
-12 | File | `/bitrix/admin/ldap_server_edit.php` | High
-13 | File | `/cgi-bin/wlogin.cgi` | High
-14 | File | `/cgi.cgi` | Medium
-15 | File | `/ci_spms/admin/search/searching/` | High
-16 | File | `/collection/all` | High
-17 | File | `/Content/Template/root/reverse-shell.aspx` | High
-18 | File | `/ctcprotocol/Protocol` | High
-19 | File | `/dottie.js` | Medium
-20 | File | `/DXR.axd` | Medium
-21 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
-22 | File | `/etc/pki/pesign` | High
-23 | File | `/files/` | Low
-24 | File | `/forum/away.php` | High
-25 | File | `/goform/setportList` | High
-26 | File | `/h/autoSaveDraft` | High
-27 | File | `/home/get_tasks_list` | High
-28 | File | `/index.php` | Medium
-29 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
-30 | File | `/index.php?page=member` | High
-31 | File | `/jurusanmatkul/data` | High
-32 | File | `/log/decodmail.php` | High
-33 | File | `/log/webmailattach.php` | High
-34 | File | `/login.php?do=login` | High
-35 | File | `/modules/projects/vw_files.php` | High
-36 | File | `/plugins/playbooks/api/v0/runs` | High
-37 | File | `/public/login.htm` | High
-38 | File | `/QueryView.php` | High
-39 | File | `/romfile.cfg` | Medium
-40 | File | `/roomtype-details.php` | High
-41 | File | `/search` | Low
-42 | File | `/spip.php` | Medium
-43 | File | `/squashfs-root/etc_ro/custom.conf` | High
-44 | File | `/staff/bookdetails.php` | High
-45 | ... | ... | ...
+9 | File | `/api/v1/snapshots` | High
+10 | File | `/audit/log/log_management.php` | High
+11 | File | `/auth/callback` | High
+12 | File | `/authenticationendpoint/login.do` | High
+13 | File | `/bitrix/admin/ldap_server_edit.php` | High
+14 | File | `/cgi-bin/mainfunction.cgi` | High
+15 | File | `/cgi-bin/wlogin.cgi` | High
+16 | File | `/cgi.cgi` | Medium
+17 | File | `/collection/all` | High
+18 | File | `/Content/Template/root/reverse-shell.aspx` | High
+19 | File | `/ctcprotocol/Protocol` | High
+20 | File | `/dottie.js` | Medium
+21 | File | `/DXR.axd` | Medium
+22 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
+23 | File | `/env` | Low
+24 | File | `/files/` | Low
+25 | File | `/forms/doLogin` | High
+26 | File | `/forum/away.php` | High
+27 | File | `/goform/setportList` | High
+28 | File | `/h/autoSaveDraft` | High
+29 | File | `/home/get_tasks_list` | High
+30 | File | `/index.php` | Medium
+31 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
+32 | File | `/index.php?page=member` | High
+33 | File | `/jurusanmatkul/data` | High
+34 | File | `/librarian/bookdetails.php` | High
+35 | File | `/log/decodmail.php` | High
+36 | File | `/log/webmailattach.php` | High
+37 | File | `/login.php?do=login` | High
+38 | File | `/public/login.htm` | High
+39 | File | `/QueryView.php` | High
+40 | File | `/recreate.php` | High
+41 | File | `/romfile.cfg` | Medium
+42 | File | `/roomtype-details.php` | High
+43 | File | `/search` | Low
+44 | ... | ... | ...

-There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

+* https://securelist.com/cuba-ransomware/110533/
 * https://www.cisa.gov/uscert/ncas/alerts/aa22-335a

 ## Literature
--- a/actors/DarkGate/README.md
+++ b/actors/DarkGate/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [LA](https://vuldb.com/?country.la)
 * ...

-There are 18 more country items available. Please use our online service to access the data.
+There are 17 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -23,18 +23,18 @@ ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [5.2.68.68](https://vuldb.com/?ip.5.2.68.68) | - | - | High
 2 | [5.2.68.77](https://vuldb.com/?ip.5.2.68.77) | - | - | High
-3 | [5.34.178.21](https://vuldb.com/?ip.5.34.178.21) | udfurgqxmjzcc.pserver.ru | - | High
-4 | [5.188.87.58](https://vuldb.com/?ip.5.188.87.58) | - | - | High
-5 | [45.89.65.198](https://vuldb.com/?ip.45.89.65.198) | 2.server.com | - | High
-6 | [45.141.87.89](https://vuldb.com/?ip.45.141.87.89) | - | - | High
-7 | [54.39.198.245](https://vuldb.com/?ip.54.39.198.245) | ip245.ip-54-39-198.net | - | High
-8 | [64.190.113.154](https://vuldb.com/?ip.64.190.113.154) | - | - | High
-9 | [65.20.75.41](https://vuldb.com/?ip.65.20.75.41) | 65.20.75.41.vultrusercontent.com | - | High
-10 | [66.42.63.27](https://vuldb.com/?ip.66.42.63.27) | 66.42.63.27.dedic.cheap | - | High
-11 | [79.110.62.96](https://vuldb.com/?ip.79.110.62.96) | - | - | High
+3 | [5.2.68.89](https://vuldb.com/?ip.5.2.68.89) | - | - | High
+4 | [5.34.178.21](https://vuldb.com/?ip.5.34.178.21) | udfurgqxmjzcc.pserver.ru | - | High
+5 | [5.188.87.58](https://vuldb.com/?ip.5.188.87.58) | - | - | High
+6 | [45.89.65.198](https://vuldb.com/?ip.45.89.65.198) | 2.server.com | - | High
+7 | [45.141.87.89](https://vuldb.com/?ip.45.141.87.89) | - | - | High
+8 | [54.39.198.245](https://vuldb.com/?ip.54.39.198.245) | ip245.ip-54-39-198.net | - | High
+9 | [64.190.113.154](https://vuldb.com/?ip.64.190.113.154) | - | - | High
+10 | [65.20.75.41](https://vuldb.com/?ip.65.20.75.41) | 65.20.75.41.vultrusercontent.com | - | High
+11 | [66.42.63.27](https://vuldb.com/?ip.66.42.63.27) | 66.42.63.27.dedic.cheap | - | High
 12 | ... | ... | ... | ...

-There are 43 more IOC items available. Please use our online service to access the data.
+There are 44 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -60,27 +60,27 @@ ID | Type | Indicator | Confidence
 1 | File | `//WEB-INF` | Medium
 2 | File | `/about.php` | Medium
 3 | File | `/admin.php/update/getFile.html` | High
-4 | File | `/admin/cashadvance_row.php` | High
-5 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
-6 | File | `/admin/maintenance/view_designation.php` | High
-7 | File | `/admin/save.php` | High
-8 | File | `/admin/sys_sql_query.php` | High
-9 | File | `/admin/userprofile.php` | High
-10 | File | `/api/baskets/{name}` | High
-11 | File | `/api/download` | High
-12 | File | `/api/v1/terminal/sessions/?limit=1` | High
-13 | File | `/bitrix/admin/ldap_server_edit.php` | High
-14 | File | `/category.php` | High
-15 | File | `/categorypage.php` | High
-16 | File | `/cgi-bin/luci/api/wireless` | High
-17 | File | `/cgi-bin/vitogate.cgi` | High
-18 | File | `/classes/Master.php?f=save_item` | High
-19 | File | `/company/store` | High
-20 | File | `/Content/Template/root/reverse-shell.aspx` | High
-21 | File | `/Controller/Ajaxfileupload.ashx` | High
-22 | File | `/core/conditions/AbstractWrapper.java` | High
-23 | File | `/DXR.axd` | Medium
-24 | File | `/etc/passwd` | Medium
+4 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
+5 | File | `/admin/maintenance/view_designation.php` | High
+6 | File | `/admin/save.php` | High
+7 | File | `/admin/sys_sql_query.php` | High
+8 | File | `/api/baskets/{name}` | High
+9 | File | `/api/download` | High
+10 | File | `/api/v1/alerts` | High
+11 | File | `/api/v1/terminal/sessions/?limit=1` | High
+12 | File | `/bitrix/admin/ldap_server_edit.php` | High
+13 | File | `/category.php` | High
+14 | File | `/categorypage.php` | High
+15 | File | `/cgi-bin/luci/api/wireless` | High
+16 | File | `/cgi-bin/vitogate.cgi` | High
+17 | File | `/classes/Master.php?f=save_item` | High
+18 | File | `/company/store` | High
+19 | File | `/Content/Template/root/reverse-shell.aspx` | High
+20 | File | `/Controller/Ajaxfileupload.ashx` | High
+21 | File | `/core/conditions/AbstractWrapper.java` | High
+22 | File | `/DXR.axd` | Medium
+23 | File | `/etc/passwd` | Medium
+24 | File | `/fcgi/scrut_fcgi.fcgi` | High
 25 | File | `/feeds/post/publish` | High
 26 | File | `/forum/away.php` | High
 27 | File | `/h/` | Low
@ -92,23 +92,23 @@ ID | Type | Indicator | Confidence
 33 | File | `/jobinfo/` | Medium
 34 | File | `/load.php` | Medium
 35 | File | `/Moosikay/order.php` | High
-36 | File | `/opac/Actions.php?a=login` | High
-37 | File | `/PreviewHandler.ashx` | High
-38 | File | `/recipe-result` | High
-39 | File | `/register.do` | Medium
-40 | File | `/reservation/add_message.php` | High
-41 | File | `/resources//../` | High
-42 | File | `/RPS2019Service/status.html` | High
-43 | File | `/Service/ImageStationDataService.asmx` | High
-44 | File | `/sicweb-ajax/tmproot/` | High
-45 | File | `/spip.php` | Medium
-46 | File | `/student/bookdetails.php` | High
-47 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
-48 | File | `/uploads/exam_question/` | High
-49 | File | `/user/ticket/create` | High
-50 | File | `/user/updatePwd` | High
-51 | File | `/UserSelfServiceSettings.jsp` | High
-52 | File | `/var/lib/docker/<remapping>` | High
+36 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
+37 | File | `/opac/Actions.php?a=login` | High
+38 | File | `/PreviewHandler.ashx` | High
+39 | File | `/proxy` | Low
+40 | File | `/recipe-result` | High
+41 | File | `/register.do` | Medium
+42 | File | `/reservation/add_message.php` | High
+43 | File | `/resources//../` | High
+44 | File | `/RPS2019Service/status.html` | High
+45 | File | `/Service/ImageStationDataService.asmx` | High
+46 | File | `/sicweb-ajax/tmproot/` | High
+47 | File | `/spip.php` | Medium
+48 | File | `/student/bookdetails.php` | High
+49 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
+50 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
+51 | File | `/uploads/exam_question/` | High
+52 | File | `/user/ticket/create` | High
 53 | ... | ... | ...

 There are 462 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
@ -130,6 +130,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://tria.ge/230811-bmv8ysbf8s/behavioral2
 * https://tria.ge/230822-xp3lpsgc6v/behavioral2
 * https://tria.ge/230828-zp22aaah9s/behavioral1
+* https://twitter.com/0xw4ifu/status/1714738953016746247
 * https://twitter.com/AnFam17/status/1701963227955945552
 * https://twitter.com/malwrhunterteam/status/1704231060865778097
 * https://twitter.com/malwrhunterteam/status/1704483766461173984
--- a/actors/Dorkbot/README.md
+++ b/actors/Dorkbot/README.md
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [NL](https://vuldb.com/?country.nl)
 * [US](https://vuldb.com/?country.us)
-* [ES](https://vuldb.com/?country.es)
+* [IR](https://vuldb.com/?country.ir)
 * ...

 There are 17 more country items available. Please use our online service to access the data.
@ -64,27 +64,28 @@ ID | Type | Indicator | Confidence
 10 | File | `/file?action=download&file` | High
 11 | File | `/forum/away.php` | High
 12 | File | `/hardware` | Medium
-13 | File | `/include/makecvs.php` | High
-14 | File | `/librarian/bookdetails.php` | High
-15 | File | `/MicroStrategyWS/happyaxis.jsp` | High
-16 | File | `/monitoring` | Medium
-17 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
-18 | File | `/out.php` | Medium
-19 | File | `/owa/auth/logon.aspx` | High
-20 | File | `/plugin/LiveChat/getChat.json.php` | High
-21 | File | `/plugins/servlet/audit/resource` | High
-22 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
-23 | File | `/recordings/index.php` | High
-24 | File | `/replication` | Medium
-25 | File | `/rest/api/1.0/render` | High
-26 | File | `/RestAPI` | Medium
-27 | File | `/server-status` | High
-28 | File | `/tmp/zarafa-vacation-*` | High
-29 | File | `/uncpath/` | Medium
-30 | File | `/upload` | Low
-31 | ... | ... | ...
+13 | File | `/importexport.php` | High
+14 | File | `/include/makecvs.php` | High
+15 | File | `/librarian/bookdetails.php` | High
+16 | File | `/MicroStrategyWS/happyaxis.jsp` | High
+17 | File | `/monitoring` | Medium
+18 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
+19 | File | `/out.php` | Medium
+20 | File | `/owa/auth/logon.aspx` | High
+21 | File | `/plugin/LiveChat/getChat.json.php` | High
+22 | File | `/plugins/servlet/audit/resource` | High
+23 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
+24 | File | `/recordings/index.php` | High
+25 | File | `/replication` | Medium
+26 | File | `/rest/api/1.0/render` | High
+27 | File | `/RestAPI` | Medium
+28 | File | `/search.php` | Medium
+29 | File | `/server-status` | High
+30 | File | `/tmp/zarafa-vacation-*` | High
+31 | File | `/uncpath/` | Medium
+32 | ... | ... | ...

-There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 274 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Echobot/README.md
+++ b/actors/Echobot/README.md
@ -0,0 +1,72 @@
+# Echobot - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Echobot](https://vuldb.com/?actor.echobot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.echobot](https://vuldb.com/?actor.echobot)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Echobot:
+
+* [US](https://vuldb.com/?country.us)
+* [IR](https://vuldb.com/?country.ir)
+* [CN](https://vuldb.com/?country.cn)
+* ...
+
+There are 1 more country items available. Please use our online service to access the data.
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Echobot.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [45.89.106.108](https://vuldb.com/?ip.45.89.106.108) | - | - | High
+2 | [80.82.67.184](https://vuldb.com/?ip.80.82.67.184) | - | - | High
+3 | [80.82.67.209](https://vuldb.com/?ip.80.82.67.209) | - | - | High
+4 | ... | ... | ... | ...
+
+There are 1 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Echobot_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
+
+There are 8 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Echobot. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `/+CSCOE+/logon.html` | High
+2 | File | `/download` | Medium
+3 | File | `/forum/away.php` | High
+4 | ... | ... | ...
+
+There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://unit42.paloaltonetworks.com/mirai-variant-echobot-resurfaces-with-13-previously-unexploited-vulnerabilities/
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Emotet/README.md
+++ b/actors/Emotet/README.md
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [VN](https://vuldb.com/?country.vn)
 * [US](https://vuldb.com/?country.us)
-* [CN](https://vuldb.com/?country.cn)
+* [ES](https://vuldb.com/?country.es)
 * ...

-There are 13 more country items available. Please use our online service to access the data.
+There are 10 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -954,14 +954,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-35, CWE-37 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-37 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

-There are 22 more TTP items available. Please use our online service to access the data.
+There are 21 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -970,43 +970,40 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `$HOME/.terminfo` | High
-2 | File | `/academy/tutor/filter` | High
-3 | File | `/api/baskets/{name}` | High
+2 | File | `/admin/admin-profile.php` | High
+3 | File | `/admin/sales/view_details.php` | High
 4 | File | `/api/cron/settings/setJob/` | High
-5 | File | `/api/v1/terminal/sessions/?limit=1` | High
-6 | File | `/bin/login` | Medium
-7 | File | `/bin/mini_upnpd` | High
-8 | File | `/cgi-bin/wlogin.cgi` | High
-9 | File | `/collection/all` | High
-10 | File | `/Content/Template/root/reverse-shell.aspx` | High
-11 | File | `/ctcprotocol/Protocol` | High
-12 | File | `/dashboard/add-blog.php` | High
-13 | File | `/debug/pprof` | Medium
-14 | File | `/DXR.axd` | Medium
-15 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
-16 | File | `/filemanager/ajax_calls.php` | High
-17 | File | `/files/` | Low
+5 | File | `/api/v1/snapshots` | High
+6 | File | `/aqpg/users/login.php` | High
+7 | File | `/audit/log/log_management.php` | High
+8 | File | `/authUserAction!edit.action` | High
+9 | File | `/cgi-bin/mainfunction.cgi` | High
+10 | File | `/cgi-bin/upload_vpntar` | High
+11 | File | `/cgi-bin/wlogin.cgi` | High
+12 | File | `/cgi/networkDiag.cgi` | High
+13 | File | `/dashboard/add-blog.php` | High
+14 | File | `/debug/pprof` | Medium
+15 | File | `/dottie.js` | Medium
+16 | File | `/env` | Low
+17 | File | `/forms/doLogin` | High
 18 | File | `/forum/away.php` | High
-19 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
-20 | File | `/group1/uploa` | High
-21 | File | `/h/autoSaveDraft` | High
-22 | File | `/h/search?action` | High
-23 | File | `/hrm/controller/employee.php` | High
-24 | File | `/hrm/employeeview.php` | High
-25 | File | `/importexport.php` | High
-26 | File | `/index.php/sysmanage/Login/login_auth/` | High
-27 | File | `/index.php?app=main&func=passport&action=login` | High
-28 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
-29 | File | `/jurusanmatkul/data` | High
-30 | File | `/log/decodmail.php` | High
-31 | File | `/login.php?do=login` | High
-32 | File | `/mc` | Low
-33 | File | `/modules/projects/vw_files.php` | High
-34 | File | `/php-opos/index.php` | High
-35 | File | `/preview.php` | Medium
-36 | ... | ... | ...
+19 | File | `/index.php` | Medium
+20 | File | `/install/index.php` | High
+21 | File | `/librarian/bookdetails.php` | High
+22 | File | `/log/webmailattach.php` | High
+23 | File | `/mc` | Low
+24 | File | `/mgmt/` | Low
+25 | File | `/preview.php` | Medium
+26 | File | `/project/tasks/list` | High
+27 | File | `/public/login.htm` | High
+28 | File | `/qsr_server/device/reboot` | High
+29 | File | `/recreate.php` | High
+30 | File | `/search.php` | Medium
+31 | File | `/spip.php` | Medium
+32 | File | `/student/bookdetails.php` | High
+33 | ... | ... | ...

-There are 306 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 285 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/EvilProxy/README.md
+++ b/actors/EvilProxy/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...

-There are 22 more country items available. Please use our online service to access the data.
+There are 18 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -35,14 +35,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

-There are 22 more TTP items available. Please use our online service to access the data.
+There are 21 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -55,60 +55,59 @@ ID | Type | Indicator | Confidence
 3 | File | `/admin.php/update/getFile.html` | High
 4 | File | `/admin/cashadvance_row.php` | High
 5 | File | `/admin/maintenance/view_designation.php` | High
-6 | File | `/admin/sys_sql_query.php` | High
-7 | File | `/admin/userprofile.php` | High
-8 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-10 | File | `/api/baskets/{name}` | High
-11 | File | `/api/download` | High
+6 | File | `/admin/save.php` | High
+7 | File | `/admin/sys_sql_query.php` | High
+8 | File | `/admin/userprofile.php` | High
+9 | File | `/api/baskets/{name}` | High
+10 | File | `/api/download` | High
+11 | File | `/api/v1/terminal/sessions/?limit=1` | High
 12 | File | `/api/v2/cli/commands` | High
-13 | File | `/APR/login.php` | High
-14 | File | `/bin/httpd` | Medium
-15 | File | `/bitrix/admin/ldap_server_edit.php` | High
-16 | File | `/category.php` | High
-17 | File | `/cgi-bin/luci/api/wireless` | High
-18 | File | `/cgi-bin/wapopen` | High
-19 | File | `/company/store` | High
-20 | File | `/Content/Template/root/reverse-shell.aspx` | High
-21 | File | `/Controller/Ajaxfileupload.ashx` | High
-22 | File | `/core/conditions/AbstractWrapper.java` | High
-23 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
-24 | File | `/Duty/AjaxHandle/Write/UploadFile.ashx` | High
-25 | File | `/etc/passwd` | Medium
+13 | File | `/bitrix/admin/ldap_server_edit.php` | High
+14 | File | `/category.php` | High
+15 | File | `/categorypage.php` | High
+16 | File | `/cgi-bin/luci/api/wireless` | High
+17 | File | `/cgi-bin/vitogate.cgi` | High
+18 | File | `/company/store` | High
+19 | File | `/Content/Template/root/reverse-shell.aspx` | High
+20 | File | `/Controller/Ajaxfileupload.ashx` | High
+21 | File | `/core/conditions/AbstractWrapper.java` | High
+22 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
+23 | File | `/Duty/AjaxHandle/Write/UploadFile.ashx` | High
+24 | File | `/etc/passwd` | Medium
+25 | File | `/fcgi/scrut_fcgi.fcgi` | High
 26 | File | `/feeds/post/publish` | High
 27 | File | `/forum/away.php` | High
 28 | File | `/h/` | Low
-29 | File | `/home/masterConsole` | High
-30 | File | `/home/sendBroadcast` | High
-31 | File | `/inc/jquery/uploadify/uploadify.php` | High
-32 | File | `/index.php?app=main&func=passport&action=login` | High
-33 | File | `/index.php?page=category_list` | High
-34 | File | `/jeecg-boot/sys/common/upload` | High
-35 | File | `/jobinfo/` | Medium
-36 | File | `/librarian/bookdetails.php` | High
-37 | File | `/Moosikay/order.php` | High
-38 | File | `/mygym/admin/index.php?view_exercises` | High
-39 | File | `/opac/Actions.php?a=login` | High
-40 | File | `/php-opos/index.php` | High
-41 | File | `/PreviewHandler.ashx` | High
-42 | File | `/public/launchNewWindow.jsp` | High
-43 | File | `/recipe-result` | High
-44 | File | `/register.do` | Medium
-45 | File | `/reservation/add_message.php` | High
-46 | File | `/Service/ImageStationDataService.asmx` | High
-47 | File | `/spip.php` | Medium
-48 | File | `/student/bookdetails.php` | High
+29 | File | `/HNAP1` | Low
+30 | File | `/inc/jquery/uploadify/uploadify.php` | High
+31 | File | `/index.php?app=main&func=passport&action=login` | High
+32 | File | `/index.php?page=category_list` | High
+33 | File | `/jeecg-boot/sys/common/upload` | High
+34 | File | `/jobinfo/` | Medium
+35 | File | `/librarian/bookdetails.php` | High
+36 | File | `/Moosikay/order.php` | High
+37 | File | `/opac/Actions.php?a=login` | High
+38 | File | `/PreviewHandler.ashx` | High
+39 | File | `/public/launchNewWindow.jsp` | High
+40 | File | `/recipe-result` | High
+41 | File | `/register.do` | Medium
+42 | File | `/reservation/add_message.php` | High
+43 | File | `/RPS2019Service/status.html` | High
+44 | File | `/Service/ImageStationDataService.asmx` | High
+45 | File | `/sicweb-ajax/tmproot/` | High
+46 | File | `/spip.php` | Medium
+47 | File | `/student/bookdetails.php` | High
+48 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
 49 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
-50 | File | `/uncpath/` | Medium
-51 | File | `/uploads/exam_question/` | High
-52 | File | `/user/ticket/create` | High
-53 | File | `/user/updatePwd` | High
-54 | File | `/UserSelfServiceSettings.jsp` | High
-55 | File | `/var/lib/docker/<remapping>` | High
-56 | File | `/var/www/core/controller/index.php` | High
-57 | ... | ... | ...
+50 | File | `/uploads/exam_question/` | High
+51 | File | `/user/ticket/create` | High
+52 | File | `/user/updatePwd` | High
+53 | File | `/UserSelfServiceSettings.jsp` | High
+54 | File | `/var/lib/docker/<remapping>` | High
+55 | File | `/wp-admin/admin-ajax.php` | High
+56 | ... | ... | ...

-There are 495 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 490 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/FAKEUPDATES/README.md
+++ b/actors/FAKEUPDATES/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [TR](https://vuldb.com/?country.tr)
 * ...

-There are 12 more country items available. Please use our online service to access the data.
+There are 13 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -28,14 +28,15 @@ ID | IP address | Hostname | Campaign | Confidence
 5 | [23.146.184.29](https://vuldb.com/?ip.23.146.184.29) | - | - | High
 6 | [35.176.231.198](https://vuldb.com/?ip.35.176.231.198) | ec2-35-176-231-198.eu-west-2.compute.amazonaws.com | - | Medium
 7 | [37.221.67.161](https://vuldb.com/?ip.37.221.67.161) | cryptogod.us | - | High
-8 | [45.77.195.105](https://vuldb.com/?ip.45.77.195.105) | 45.77.195.105.vultrusercontent.com | - | High
-9 | [45.90.57.160](https://vuldb.com/?ip.45.90.57.160) | khalasar.omega.spb.ru | - | High
-10 | [45.130.201.23](https://vuldb.com/?ip.45.130.201.23) | - | - | High
-11 | [45.130.201.24](https://vuldb.com/?ip.45.130.201.24) | - | - | High
-12 | [47.91.94.97](https://vuldb.com/?ip.47.91.94.97) | - | - | High
-13 | ... | ... | ... | ...
+8 | [45.77.52.227](https://vuldb.com/?ip.45.77.52.227) | 45.77.52.227.vultrusercontent.com | - | High
+9 | [45.77.195.105](https://vuldb.com/?ip.45.77.195.105) | 45.77.195.105.vultrusercontent.com | - | High
+10 | [45.90.57.160](https://vuldb.com/?ip.45.90.57.160) | khalasar.omega.spb.ru | - | High
+11 | [45.130.201.23](https://vuldb.com/?ip.45.130.201.23) | - | - | High
+12 | [45.130.201.24](https://vuldb.com/?ip.45.130.201.24) | - | - | High
+13 | [47.91.94.97](https://vuldb.com/?ip.47.91.94.97) | - | - | High
+14 | ... | ... | ... | ...

-There are 48 more IOC items available. Please use our online service to access the data.
+There are 50 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -51,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
 6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
 7 | ... | ... | ... | ...

-There are 23 more TTP items available. Please use our online service to access the data.
+There are 24 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -71,14 +72,14 @@ ID | Type | Indicator | Confidence
 10 | File | `/admin/userprofile.php` | High
 11 | File | `/api/baskets/{name}` | High
 12 | File | `/apply.cgi` | Medium
-13 | File | `/catalog/admin/categories.php?cPath=&action=new_product` | High
-14 | File | `/cgi-bin/wlogin.cgi` | High
-15 | File | `/College/admin/teacher.php` | High
-16 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
-17 | File | `/dcim/rack-roles/` | High
-18 | File | `/domains/index.fts` | High
-19 | File | `/forum/away.php` | High
-20 | File | `/foundry/modules/news/newscolumns.php` | High
+13 | File | `/bitrix/admin/ldap_server_edit.php` | High
+14 | File | `/catalog/admin/categories.php?cPath=&action=new_product` | High
+15 | File | `/cgi-bin/wlogin.cgi` | High
+16 | File | `/College/admin/teacher.php` | High
+17 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
+18 | File | `/dcim/rack-roles/` | High
+19 | File | `/domains/index.fts` | High
+20 | File | `/forum/away.php` | High
 21 | File | `/ghost/preview` | High
 22 | File | `/goform/addUserName` | High
 23 | File | `/goform/aspForm` | High
@ -92,28 +93,28 @@ ID | Type | Indicator | Confidence
 31 | File | `/jfinal_cms/system/role/list` | High
 32 | File | `/kelas/data` | Medium
 33 | File | `/Moosikay/order.php` | High
-34 | File | `/Mum.Geo.Services/DataAccessService.svc` | High
-35 | File | `/out.php` | Medium
-36 | File | `/paysystem/datatable.php` | High
-37 | File | `/php-sms/admin/quotes/manage_remark.php` | High
-38 | File | `/product_list.php` | High
-39 | File | `/secure/QueryComponent!Default.jspa` | High
-40 | File | `/server/ajax/events_manager.php` | High
-41 | File | `/server/ajax/user_manager.php` | High
-42 | File | `/smstest.html` | High
-43 | File | `/squashfs-root/etc_ro/custom.conf` | High
-44 | File | `/staff/edit_book_details.php` | High
-45 | File | `/SysManage/AddUpdateRole.aspx` | High
-46 | File | `/uncpath/` | Medium
-47 | File | `/user/profile` | High
-48 | File | `/vloggers_merch/admin/?page=product/manage_product` | High
-49 | File | `/webman/info.cgi` | High
-50 | File | `/wp-admin/admin-ajax.php` | High
-51 | File | `acloudCosAction.php.SQL` | High
-52 | File | `ActiveServices.java` | High
+34 | File | `/out.php` | Medium
+35 | File | `/paysystem/datatable.php` | High
+36 | File | `/php-sms/admin/quotes/manage_remark.php` | High
+37 | File | `/product_list.php` | High
+38 | File | `/secure/QueryComponent!Default.jspa` | High
+39 | File | `/server/ajax/events_manager.php` | High
+40 | File | `/server/ajax/user_manager.php` | High
+41 | File | `/squashfs-root/etc_ro/custom.conf` | High
+42 | File | `/staff/edit_book_details.php` | High
+43 | File | `/SysManage/AddUpdateRole.aspx` | High
+44 | File | `/sysmanage/importconf.php` | High
+45 | File | `/uncpath/` | Medium
+46 | File | `/user/profile` | High
+47 | File | `/vloggers_merch/admin/?page=product/manage_product` | High
+48 | File | `/webman/info.cgi` | High
+49 | File | `/wp-admin/admin-ajax.php` | High
+50 | File | `acloudCosAction.php.SQL` | High
+51 | File | `ActiveServices.java` | High
+52 | File | `adclick.php` | Medium
 53 | ... | ... | ...

-There are 458 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 465 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -141,6 +142,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://twitter.com/threatcat_ch/status/1666706124836405248
 * https://twitter.com/threatcat_ch/status/1668596702696054785
 * https://urlscan.io/search/#ip%3A88.119.169.145
+* https://www.virustotal.com/gui/domain/2023.ebeenj.com/relations

 ## Literature

--- a/actors/FIN7/README.md
+++ b/actors/FIN7/README.md
@ -101,7 +101,8 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+7 | ... | ... | ... | ...

 There are 22 more TTP items available. Please use our online service to access the data.

@ -114,57 +115,53 @@ ID | Type | Indicator | Confidence
 1 | File | `//WEB-INF` | Medium
 2 | File | `/?p=products` | Medium
 3 | File | `/about.php` | Medium
-4 | File | `/admin.php/update/getFile.html` | High
-5 | File | `/admin/save.php` | High
-6 | File | `/admin/sys_sql_query.php` | High
-7 | File | `/api/baskets/{name}` | High
-8 | File | `/api/download` | High
-9 | File | `/api/stl/actions/search` | High
-10 | File | `/api/v1/terminal/sessions/?limit=1` | High
-11 | File | `/bin/ate` | Medium
-12 | File | `/bitrix/admin/ldap_server_edit.php` | High
-13 | File | `/booking/show_bookings/` | High
-14 | File | `/category.php` | High
-15 | File | `/categorypage.php` | High
-16 | File | `/cgi-bin` | Medium
-17 | File | `/cgi-bin/luci/api/wireless` | High
-18 | File | `/cgi-bin/vitogate.cgi` | High
-19 | File | `/company/store` | High
-20 | File | `/Content/Template/root/reverse-shell.aspx` | High
-21 | File | `/Controller/Ajaxfileupload.ashx` | High
-22 | File | `/core/conditions/AbstractWrapper.java` | High
-23 | File | `/dashboard/add-blog.php` | High
-24 | File | `/debug/pprof` | Medium
-25 | File | `/env` | Low
-26 | File | `/etc/passwd` | Medium
-27 | File | `/feeds/post/publish` | High
-28 | File | `/forum/away.php` | High
-29 | File | `/group1/uploa` | High
-30 | File | `/h/` | Low
-31 | File | `/HNAP1` | Low
-32 | File | `/inc/jquery/uploadify/uploadify.php` | High
-33 | File | `/index.php?app=main&func=passport&action=login` | High
-34 | File | `/index.php?page=category_list` | High
-35 | File | `/jeecg-boot/sys/common/upload` | High
-36 | File | `/jobinfo/` | Medium
-37 | File | `/Moosikay/order.php` | High
-38 | File | `/opac/Actions.php?a=login` | High
-39 | File | `/pharmacy-sales-and-inventory-system/manage_user.php` | High
-40 | File | `/php-sms/admin/?page=user/manage_user` | High
-41 | File | `/PreviewHandler.ashx` | High
-42 | File | `/recipe-result` | High
-43 | File | `/register.do` | Medium
-44 | File | `/reservation/add_message.php` | High
-45 | File | `/resources//../` | High
-46 | File | `/RPS2019Service/status.html` | High
-47 | File | `/scripts/unlock_tasks.php` | High
-48 | File | `/Service/ImageStationDataService.asmx` | High
-49 | File | `/sicweb-ajax/tmproot/` | High
-50 | File | `/spip.php` | Medium
-51 | File | `/student/bookdetails.php` | High
-52 | ... | ... | ...
+4 | File | `/admin/save.php` | High
+5 | File | `/admin/sys_sql_query.php` | High
+6 | File | `/api/baskets/{name}` | High
+7 | File | `/api/download` | High
+8 | File | `/api/stl/actions/search` | High
+9 | File | `/api/sys/login` | High
+10 | File | `/api/sys/set_passwd` | High
+11 | File | `/api/v1/alerts` | High
+12 | File | `/api/v1/terminal/sessions/?limit=1` | High
+13 | File | `/bin/ate` | Medium
+14 | File | `/bitrix/admin/ldap_server_edit.php` | High
+15 | File | `/booking/show_bookings/` | High
+16 | File | `/category.php` | High
+17 | File | `/categorypage.php` | High
+18 | File | `/cgi-bin` | Medium
+19 | File | `/cgi-bin/luci/api/wireless` | High
+20 | File | `/cgi-bin/vitogate.cgi` | High
+21 | File | `/changePassword` | High
+22 | File | `/company/store` | High
+23 | File | `/Content/Template/root/reverse-shell.aspx` | High
+24 | File | `/Controller/Ajaxfileupload.ashx` | High
+25 | File | `/core/conditions/AbstractWrapper.java` | High
+26 | File | `/dashboard/add-blog.php` | High
+27 | File | `/debug/pprof` | Medium
+28 | File | `/env` | Low
+29 | File | `/etc/passwd` | Medium
+30 | File | `/fcgi/scrut_fcgi.fcgi` | High
+31 | File | `/forum/away.php` | High
+32 | File | `/group1/uploa` | High
+33 | File | `/h/` | Low
+34 | File | `/HNAP1` | Low
+35 | File | `/inc/jquery/uploadify/uploadify.php` | High
+36 | File | `/index.php?app=main&func=passport&action=login` | High
+37 | File | `/index.php?page=category_list` | High
+38 | File | `/jeecg-boot/sys/common/upload` | High
+39 | File | `/jobinfo/` | Medium
+40 | File | `/Moosikay/order.php` | High
+41 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
+42 | File | `/opac/Actions.php?a=login` | High
+43 | File | `/pharmacy-sales-and-inventory-system/manage_user.php` | High
+44 | File | `/php-sms/admin/?page=user/manage_user` | High
+45 | File | `/PreviewHandler.ashx` | High
+46 | File | `/proxy` | Low
+47 | File | `/recipe-result` | High
+48 | ... | ... | ...

-There are 454 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 416 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Stealer/README.md
+++ b/Stealer/README.md
@ -42,7 +42,7 @@ ID | Technique | Weakness | Description | Confidence
 1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
 7 | ... | ... | ... | ...
@ -58,44 +58,46 @@ ID | Type | Indicator | Confidence
 1 | File | `/acms/classes/Master.php?f=delete_cargo` | High
 2 | File | `/admin.php/news/admin/topic/save` | High
 3 | File | `/admin/comn/service/update.json` | High
-4 | File | `/api/files/` | Medium
-5 | File | `/api/RecordingList/DownloadRecord?file=` | High
-6 | File | `/apply.cgi` | Medium
-7 | File | `/card_scan.php` | High
-8 | File | `/cgi-bin/luci/api/switch` | High
-9 | File | `/cgi-bin/sm_changepassword.cgi` | High
-10 | File | `/cgi-bin/touchlist_sync.cgi` | High
-11 | File | `/cgi-bin/wlogin.cgi` | High
-12 | File | `/classes/Master.php?f=delete_inquiry` | High
-13 | File | `/contact.php` | Medium
-14 | File | `/cwc/login` | Medium
-15 | File | `/dev/shm` | Medium
-16 | File | `/dl/dl_print.php` | High
-17 | File | `/download` | Medium
-18 | File | `/etc/quagga` | Medium
-19 | File | `/etc/shadow` | Medium
-20 | File | `/export` | Low
-21 | File | `/forms/doLogin` | High
-22 | File | `/forum/away.php` | High
-23 | File | `/getcfg.php` | Medium
-24 | File | `/guest_auth/cfg/upLoadCfg.php` | High
-25 | File | `/h/calendar` | Medium
-26 | File | `/inc/extensions.php` | High
-27 | File | `/include/chart_generator.php` | High
-28 | File | `/index.php` | Medium
-29 | File | `/items/search` | High
-30 | File | `/jsonrpc` | Medium
-31 | File | `/load.php` | Medium
-32 | File | `/mims/login.php` | High
-33 | File | `/nova/bin/console` | High
-34 | File | `/nova/bin/detnet` | High
-35 | File | `/ofcms/company-c-47` | High
-36 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
-37 | File | `/out.php` | Medium
-38 | File | `/pages/animals.php` | High
-39 | ... | ... | ...
+4 | File | `/api/baskets/{name}` | High
+5 | File | `/api/files/` | Medium
+6 | File | `/api/RecordingList/DownloadRecord?file=` | High
+7 | File | `/apply.cgi` | Medium
+8 | File | `/card_scan.php` | High
+9 | File | `/cgi-bin/luci/api/switch` | High
+10 | File | `/cgi-bin/sm_changepassword.cgi` | High
+11 | File | `/cgi-bin/touchlist_sync.cgi` | High
+12 | File | `/cgi-bin/wlogin.cgi` | High
+13 | File | `/classes/Master.php?f=delete_inquiry` | High
+14 | File | `/contact.php` | Medium
+15 | File | `/cwc/login` | Medium
+16 | File | `/dev/shm` | Medium
+17 | File | `/dl/dl_print.php` | High
+18 | File | `/download` | Medium
+19 | File | `/etc/quagga` | Medium
+20 | File | `/etc/shadow` | Medium
+21 | File | `/export` | Low
+22 | File | `/forms/doLogin` | High
+23 | File | `/forum/away.php` | High
+24 | File | `/getcfg.php` | Medium
+25 | File | `/guest_auth/cfg/upLoadCfg.php` | High
+26 | File | `/h/calendar` | Medium
+27 | File | `/inc/extensions.php` | High
+28 | File | `/include/chart_generator.php` | High
+29 | File | `/index.php` | Medium
+30 | File | `/items/search` | High
+31 | File | `/jsonrpc` | Medium
+32 | File | `/load.php` | Medium
+33 | File | `/mims/login.php` | High
+34 | File | `/nova/bin/console` | High
+35 | File | `/nova/bin/detnet` | High
+36 | File | `/ofcms/company-c-47` | High
+37 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
+38 | File | `/out.php` | Medium
+39 | File | `/pages/animals.php` | High
+40 | File | `/rapi/read_url` | High
+41 | ... | ... | ...

-There are 338 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 357 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Stealer/README.md
+++ b/Stealer/README.md
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [US](https://vuldb.com/?country.us)
 * [RU](https://vuldb.com/?country.ru)
-* [PL](https://vuldb.com/?country.pl)
+* [CN](https://vuldb.com/?country.cn)
 * ...

 There are 7 more country items available. Please use our online service to access the data.
@ -82,10 +82,10 @@ ID | Type | Indicator | Confidence
 23 | File | `adminlogin.asp` | High
 24 | File | `Adminstrator/Users/Edit/` | High
 25 | File | `advsearch.php` | High
-26 | File | `append/override_content_security_policy_directives` | High
+26 | File | `AppDMClient` | Medium
 27 | ... | ... | ...

-There are 224 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 228 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/FritzFrog/README.md
+++ b/actors/FritzFrog/README.md
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FritzFrog:

 * [VN](https://vuldb.com/?country.vn)
-* [CN](https://vuldb.com/?country.cn)
+* [US](https://vuldb.com/?country.us)
 * [IN](https://vuldb.com/?country.in)
 * ...

-There are 16 more country items available. Please use our online service to access the data.
+There are 11 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -328,14 +328,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-36 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

-There are 19 more TTP items available. Please use our online service to access the data.
+There are 21 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -343,46 +343,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `//proc/kcore` | Medium
-3 | File | `/act/ActDao.xml` | High
-4 | File | `/admin/bookings/manage_booking.php` | High
-5 | File | `/admin/edit_product.php` | High
-6 | File | `/admin/index.php` | High
-7 | File | `/admin/sys_sql_query.php` | High
-8 | File | `/api/baskets/{name}` | High
-9 | File | `/api/upload.php` | High
-10 | File | `/api?path=profile` | High
-11 | File | `/aya/module/admin/fst_down.inc.php` | High
-12 | File | `/blog` | Low
-13 | File | `/cgi-bin/wlogin.cgi` | High
-14 | File | `/classes/Master.php?f=delete_category` | High
-15 | File | `/classes/Master.php?f=delete_inquiry` | High
-16 | File | `/classes/Master.php?f=delete_item` | High
-17 | File | `/classes/Master.php?f=delete_service` | High
-18 | File | `/classes/Master.php?f=save_service` | High
-19 | File | `/classes/Users.php` | High
-20 | File | `/classes/Users.php?f=save` | High
-21 | File | `/company/store` | High
-22 | File | `/concat?/%2557EB-INF/web.xml` | High
-23 | File | `/Controller/Ajaxfileupload.ashx` | High
-24 | File | `/CPE` | Low
-25 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
-26 | File | `/ecommerce/support_ticket` | High
-27 | File | `/etc/passwd` | Medium
-28 | File | `/forum/away.php` | High
-29 | File | `/FuguHub/cmsdocs/` | High
-30 | File | `/graphql` | Medium
-31 | File | `/group1/uploa` | High
-32 | File | `/h/` | Low
-33 | File | `/h/autoSaveDraft` | High
-34 | File | `/HNAP1` | Low
-35 | File | `/home/search` | Medium
-36 | File | `/index.php` | Medium
-37 | File | `/install/index.php` | High
+1 | File | `$HOME/.terminfo` | High
+2 | File | `/+CSCOE+/logon.html` | High
+3 | File | `/admin/admin-profile.php` | High
+4 | File | `/admin/sales/view_details.php` | High
+5 | File | `/admin/save.php` | High
+6 | File | `/admin/user.php` | High
+7 | File | `/api/baskets/{name}` | High
+8 | File | `/api/cron/settings/setJob/` | High
+9 | File | `/api/v1/alerts` | High
+10 | File | `/api/v1/snapshots` | High
+11 | File | `/api/v1/terminal/sessions/?limit=1` | High
+12 | File | `/audit/log/log_management.php` | High
+13 | File | `/categorypage.php` | High
+14 | File | `/cgi-bin/koha/catalogue/search.pl` | High
+15 | File | `/cgi-bin/mainfunction.cgi` | High
+16 | File | `/cgi-bin/vitogate.cgi` | High
+17 | File | `/cgi-bin/wlogin.cgi` | High
+18 | File | `/classes/Users.php` | High
+19 | File | `/dashboard/add-blog.php` | High
+20 | File | `/dottie.js` | Medium
+21 | File | `/env` | Low
+22 | File | `/fcgi/scrut_fcgi.fcgi` | High
+23 | File | `/forms/doLogin` | High
+24 | File | `/forum/away.php` | High
+25 | File | `/goform/Diagnosis` | High
+26 | File | `/HNAP1` | Low
+27 | File | `/index.php` | Medium
+28 | File | `/jerry-core/ecma/base/ecma-helpers-string.c` | High
+29 | File | `/leaves/validate` | High
+30 | File | `/librarian/bookdetails.php` | High
+31 | File | `/log/webmailattach.php` | High
+32 | File | `/mail.php` | Medium
+33 | File | `/mgmt/` | Low
+34 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
+35 | File | `/out.php` | Medium
+36 | File | `/php-opos/index.php` | High
+37 | File | `/php-spms/admin/?page=user/` | High
 38 | ... | ... | ...

-There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 323 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Gamarue/README.md
+++ b/actors/Gamarue/README.md
@ -99,8 +99,7 @@ ID | Type | Indicator | Confidence
 32 | File | `adclick.php` | Medium
 33 | File | `admin.php` | Medium
 34 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
-35 | File | `admin/controller/pages/localisation/language.php` | High
-36 | ... | ... | ...
+35 | ... | ... | ...

 There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

--- a/actors/Gh0stRAT/README.md
+++ b/actors/Gh0stRAT/README.md
@ -116,7 +116,7 @@ ID | Type | Indicator | Confidence
 1 | File | `$HOME/.terminfo` | High
 2 | File | `/act/ActDao.xml` | High
 3 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
-4 | File | `/ajax.php?action=read_msg` | High
+4 | File | `/admin/user.php` | High
 5 | File | `/api/baskets/{name}` | High
 6 | File | `/bin/ate` | Medium
 7 | File | `/bin/login` | Medium
@ -124,36 +124,37 @@ ID | Type | Indicator | Confidence
 9 | File | `/booking/show_bookings/` | High
 10 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
 11 | File | `/cgi/networkDiag.cgi` | High
-12 | File | `/classes/Master.php?f=delete_category` | High
-13 | File | `/concat?/%2557EB-INF/web.xml` | High
-14 | File | `/Controller/Ajaxfileupload.ashx` | High
-15 | File | `/dashboard/add-blog.php` | High
-16 | File | `/debug/pprof` | Medium
-17 | File | `/env` | Low
-18 | File | `/etc/passwd` | Medium
-19 | File | `/forum/away.php` | High
-20 | File | `/getcfg.php` | Medium
-21 | File | `/goform/AdvSetLanip` | High
-22 | File | `/goform/fromSetWirelessRepeat` | High
-23 | File | `/goform/net\_Web\_get_value` | High
-24 | File | `/goform/setmac` | High
-25 | File | `/goform/setMacFilterCfg` | High
-26 | File | `/goform/SetSysTimeCfg` | High
-27 | File | `/goform/set_LimitClient_cfg` | High
-28 | File | `/goform/WifiGuestSet` | High
-29 | File | `/GponForm/usb_restore_Form?script/` | High
-30 | File | `/group1/uploa` | High
-31 | File | `/h/autoSaveDraft` | High
-32 | File | `/h/search?action` | High
-33 | File | `/hss/admin/?page=products/view_product` | High
-34 | File | `/importexport.php` | High
-35 | File | `/inc/jquery/uploadify/uploadify.php` | High
-36 | File | `/index.php/sysmanage/Login/login_auth/` | High
-37 | File | `/index.php?app=main&func=passport&action=login` | High
-38 | File | `/kelasdosen/data` | High
-39 | ... | ... | ...
+12 | File | `/concat?/%2557EB-INF/web.xml` | High
+13 | File | `/Controller/Ajaxfileupload.ashx` | High
+14 | File | `/dashboard/add-blog.php` | High
+15 | File | `/debug/pprof` | Medium
+16 | File | `/env` | Low
+17 | File | `/etc/passwd` | Medium
+18 | File | `/forum/away.php` | High
+19 | File | `/getcfg.php` | Medium
+20 | File | `/goform/AdvSetLanip` | High
+21 | File | `/goform/fromSetWirelessRepeat` | High
+22 | File | `/goform/net\_Web\_get_value` | High
+23 | File | `/goform/setmac` | High
+24 | File | `/goform/setMacFilterCfg` | High
+25 | File | `/goform/SetSysTimeCfg` | High
+26 | File | `/goform/set_LimitClient_cfg` | High
+27 | File | `/goform/WifiGuestSet` | High
+28 | File | `/GponForm/usb_restore_Form?script/` | High
+29 | File | `/group1/uploa` | High
+30 | File | `/h/autoSaveDraft` | High
+31 | File | `/h/search?action` | High
+32 | File | `/hss/admin/?page=products/view_product` | High
+33 | File | `/importexport.php` | High
+34 | File | `/index.php/sysmanage/Login/login_auth/` | High
+35 | File | `/index.php?app=main&func=passport&action=login` | High
+36 | File | `/kelasdosen/data` | High
+37 | File | `/mgmt/` | Low
+38 | File | `/net/sched/cls_fw.c` | High
+39 | File | `/owa/auth/logon.aspx` | High
+40 | ... | ... | ...

-There are 338 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 344 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Grabit/README.md
+++ b/actors/Grabit/README.md
@ -63,52 +63,50 @@ ID | Type | Indicator | Confidence
 12 | File | `/api/download` | High
 13 | File | `/api/v1/terminal/sessions/?limit=1` | High
 14 | File | `/APR/login.php` | High
-15 | File | `/bin/httpd` | Medium
-16 | File | `/bitrix/admin/ldap_server_edit.php` | High
-17 | File | `/category.php` | High
-18 | File | `/categorypage.php` | High
-19 | File | `/cgi-bin/luci/api/wireless` | High
-20 | File | `/cgi-bin/vitogate.cgi` | High
-21 | File | `/cgi-bin/wapopen` | High
-22 | File | `/company/store` | High
-23 | File | `/Content/Template/root/reverse-shell.aspx` | High
-24 | File | `/Controller/Ajaxfileupload.ashx` | High
-25 | File | `/core/conditions/AbstractWrapper.java` | High
-26 | File | `/etc/passwd` | Medium
-27 | File | `/feeds/post/publish` | High
-28 | File | `/forum/away.php` | High
-29 | File | `/h/` | Low
-30 | File | `/HNAP1` | Low
-31 | File | `/home/masterConsole` | High
-32 | File | `/inc/jquery/uploadify/uploadify.php` | High
-33 | File | `/index.php?app=main&func=passport&action=login` | High
-34 | File | `/index.php?page=category_list` | High
-35 | File | `/jeecg-boot/sys/common/upload` | High
-36 | File | `/jobinfo/` | Medium
-37 | File | `/Moosikay/order.php` | High
-38 | File | `/mygym/admin/index.php?view_exercises` | High
-39 | File | `/opac/Actions.php?a=login` | High
-40 | File | `/php-opos/index.php` | High
-41 | File | `/PreviewHandler.ashx` | High
-42 | File | `/public/launchNewWindow.jsp` | High
-43 | File | `/recipe-result` | High
-44 | File | `/register.do` | Medium
-45 | File | `/reservation/add_message.php` | High
-46 | File | `/RPS2019Service/status.html` | High
-47 | File | `/Service/ImageStationDataService.asmx` | High
-48 | File | `/sicweb-ajax/tmproot/` | High
-49 | File | `/spip.php` | Medium
-50 | File | `/student/bookdetails.php` | High
-51 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
-52 | File | `/uncpath/` | Medium
-53 | File | `/uploads/exam_question/` | High
-54 | File | `/user/ticket/create` | High
-55 | File | `/user/updatePwd` | High
-56 | File | `/UserSelfServiceSettings.jsp` | High
-57 | File | `/var/lib/docker/<remapping>` | High
-58 | ... | ... | ...
+15 | File | `/bitrix/admin/ldap_server_edit.php` | High
+16 | File | `/category.php` | High
+17 | File | `/categorypage.php` | High
+18 | File | `/cgi-bin/luci/api/wireless` | High
+19 | File | `/cgi-bin/vitogate.cgi` | High
+20 | File | `/cgi-bin/wapopen` | High
+21 | File | `/company/store` | High
+22 | File | `/Content/Template/root/reverse-shell.aspx` | High
+23 | File | `/Controller/Ajaxfileupload.ashx` | High
+24 | File | `/core/conditions/AbstractWrapper.java` | High
+25 | File | `/etc/passwd` | Medium
+26 | File | `/feeds/post/publish` | High
+27 | File | `/forum/away.php` | High
+28 | File | `/h/` | Low
+29 | File | `/HNAP1` | Low
+30 | File | `/inc/jquery/uploadify/uploadify.php` | High
+31 | File | `/index.php?app=main&func=passport&action=login` | High
+32 | File | `/index.php?page=category_list` | High
+33 | File | `/jeecg-boot/sys/common/upload` | High
+34 | File | `/jobinfo/` | Medium
+35 | File | `/Moosikay/order.php` | High
+36 | File | `/mygym/admin/index.php?view_exercises` | High
+37 | File | `/opac/Actions.php?a=login` | High
+38 | File | `/php-opos/index.php` | High
+39 | File | `/PreviewHandler.ashx` | High
+40 | File | `/public/launchNewWindow.jsp` | High
+41 | File | `/recipe-result` | High
+42 | File | `/register.do` | Medium
+43 | File | `/reservation/add_message.php` | High
+44 | File | `/RPS2019Service/status.html` | High
+45 | File | `/Service/ImageStationDataService.asmx` | High
+46 | File | `/sicweb-ajax/tmproot/` | High
+47 | File | `/spip.php` | Medium
+48 | File | `/student/bookdetails.php` | High
+49 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
+50 | File | `/uploads/exam_question/` | High
+51 | File | `/user/ticket/create` | High
+52 | File | `/user/updatePwd` | High
+53 | File | `/UserSelfServiceSettings.jsp` | High
+54 | File | `/var/lib/docker/<remapping>` | High
+55 | File | `/wp-admin/admin-ajax.php` | High
+56 | ... | ... | ...

-There are 503 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 492 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Steppe/README.md
+++ b/Steppe/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * ...

-There are 11 more country items available. Please use our online service to access the data.
+There are 12 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -160,9 +160,10 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+7 | ... | ... | ... | ...

-There are 21 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -174,54 +175,57 @@ ID | Type | Indicator | Confidence
 2 | File | `/?p=products` | Medium
 3 | File | `/?r=recruit/resume/edit&op=status` | High
 4 | File | `/ad-list` | Medium
-5 | File | `/admin/attendance_row.php` | High
-6 | File | `/admin/edit-accepted-appointment.php` | High
-7 | File | `/admin/edit-services.php` | High
-8 | File | `/admin/edit_subject.php` | High
-9 | File | `/admin/employee_row.php` | High
-10 | File | `/admin/login.php` | High
-11 | File | `/admin/maintenance/brand.php` | High
-12 | File | `/admin/maintenance/view_designation.php` | High
-13 | File | `/admin/mechanics/manage_mechanic.php` | High
-14 | File | `/admin/orders/update_status.php` | High
-15 | File | `/admin/read.php?mudi=getSignal` | High
-16 | File | `/admin/reportupload.aspx` | High
-17 | File | `/admin/service.php` | High
-18 | File | `/admin/service_requests/manage_inventory.php` | High
-19 | File | `/admin/test_status.php` | High
-20 | File | `/admin/transactions/track_shipment.php` | High
-21 | File | `/api/baskets/{name}` | High
-22 | File | `/api/crontab` | Medium
-23 | File | `/api/stl/actions/search` | High
-24 | File | `/api/v2/cli/commands` | High
-25 | File | `/api2/html/` | Medium
-26 | File | `/apply.cgi` | Medium
-27 | File | `/archibus/login.axvw` | High
-28 | File | `/bin/ate` | Medium
-29 | File | `/blog` | Low
-30 | File | `/booking/show_bookings/` | High
-31 | File | `/cgi-bin` | Medium
-32 | File | `/cgi-bin/nightled.cgi` | High
-33 | File | `/cgi-bin/wlogin.cgi` | High
-34 | File | `/change-language/de_DE` | High
-35 | File | `/churchcrm/v2/family/not-found` | High
-36 | File | `/classes/Master.php?f=delete_inquiry` | High
-37 | File | `/classes/Master.php?f=delete_sub_category` | High
-38 | File | `/company/store` | High
-39 | File | `/config` | Low
-40 | File | `/config/php.ini` | High
-41 | File | `/Content/Template/root/reverse-shell.aspx` | High
-42 | File | `/csms/?page=contact_us` | High
-43 | File | `/dashboard/add-blog.php` | High
-44 | File | `/debug/pprof` | Medium
-45 | File | `/dipam/save-delegates.php` | High
-46 | File | `/env` | Low
-47 | File | `/file_manager/admin/save_user.php` | High
-48 | File | `/forum/away.php` | High
-49 | File | `/friends` | Medium
-50 | ... | ... | ...
+5 | File | `/admin/?page=bike` | High
+6 | File | `/admin/attendance_row.php` | High
+7 | File | `/admin/config/uploadicon.php` | High
+8 | File | `/admin/edit-accepted-appointment.php` | High
+9 | File | `/admin/edit-services.php` | High
+10 | File | `/admin/edit_subject.php` | High
+11 | File | `/admin/employee_row.php` | High
+12 | File | `/admin/login.php` | High
+13 | File | `/admin/maintenance/brand.php` | High
+14 | File | `/admin/maintenance/view_designation.php` | High
+15 | File | `/admin/mechanics/manage_mechanic.php` | High
+16 | File | `/admin/orders/update_status.php` | High
+17 | File | `/admin/read.php?mudi=getSignal` | High
+18 | File | `/admin/reportupload.aspx` | High
+19 | File | `/admin/service.php` | High
+20 | File | `/admin/service_requests/manage_inventory.php` | High
+21 | File | `/admin/test_status.php` | High
+22 | File | `/admin/transactions/track_shipment.php` | High
+23 | File | `/api/baskets/{name}` | High
+24 | File | `/api/crontab` | Medium
+25 | File | `/api/stl/actions/search` | High
+26 | File | `/api/sys/login` | High
+27 | File | `/api/sys/set_passwd` | High
+28 | File | `/api/v2/cli/commands` | High
+29 | File | `/api2/html/` | Medium
+30 | File | `/apply.cgi` | Medium
+31 | File | `/archibus/login.axvw` | High
+32 | File | `/bin/ate` | Medium
+33 | File | `/blog` | Low
+34 | File | `/booking/show_bookings/` | High
+35 | File | `/cgi-bin` | Medium
+36 | File | `/cgi-bin/nightled.cgi` | High
+37 | File | `/change-language/de_DE` | High
+38 | File | `/changePassword` | High
+39 | File | `/churchcrm/v2/family/not-found` | High
+40 | File | `/classes/Master.php?f=delete_inquiry` | High
+41 | File | `/company/store` | High
+42 | File | `/config` | Low
+43 | File | `/config/php.ini` | High
+44 | File | `/Content/Template/root/reverse-shell.aspx` | High
+45 | File | `/csms/?page=contact_us` | High
+46 | File | `/dashboard/add-blog.php` | High
+47 | File | `/debug/pprof` | Medium
+48 | File | `/dipam/save-delegates.php` | High
+49 | File | `/env` | Low
+50 | File | `/file_manager/admin/save_user.php` | High
+51 | File | `/forum/away.php` | High
+52 | File | `/friends` | Medium
+53 | ... | ... | ...

-There are 437 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 465 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/GuLoader/README.md
+++ b/actors/GuLoader/README.md
@ -23,10 +23,11 @@ ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [5.2.75.164](https://vuldb.com/?ip.5.2.75.164) | - | - | High
 2 | [5.8.8.100](https://vuldb.com/?ip.5.8.8.100) | - | - | High
-3 | [37.0.8.96](https://vuldb.com/?ip.37.0.8.96) | - | - | High
-4 | ... | ... | ... | ...
+3 | [23.254.227.202](https://vuldb.com/?ip.23.254.227.202) | client-23-254-227-202.hostwindsdns.com | - | High
+4 | [23.254.227.205](https://vuldb.com/?ip.23.254.227.205) | client-23-254-227-205.hostwindsdns.com | - | High
+5 | ... | ... | ... | ...

-There are 12 more IOC items available. Please use our online service to access the data.
+There are 15 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -35,12 +36,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-94 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | ... | ... | ... | ...
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 15 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -51,29 +53,35 @@ ID | Type | Indicator | Confidence
 1 | File | `.htaccess` | Medium
 2 | File | `/admin/ajax.php?action=save_window` | High
 3 | File | `/admin/index2.html` | High
-4 | File | `/connectors/index.php` | High
-5 | File | `/dashboard/add-portfolio.php` | High
-6 | File | `/forum/away.php` | High
-7 | File | `/ghost/preview` | High
-8 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
-9 | File | `/login` | Low
-10 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
-11 | File | `/opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def` | High
-12 | File | `/sdm-ws-rest/preconfiguration` | High
-13 | File | `/settings` | Medium
-14 | File | `/uapi/doc` | Medium
-15 | File | `/uncpath/` | Medium
-16 | File | `/updownload/t.report` | High
-17 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
-18 | File | `/woocommerce-stock-manager/trunk/admin/views/import-export.php` | High
-19 | ... | ... | ...
+4 | File | `/cgi/get_param.cgi` | High
+5 | File | `/common/download_agent_installer.php` | High
+6 | File | `/common/run_cross_report.php` | High
+7 | File | `/connectors/index.php` | High
+8 | File | `/dashboard/add-portfolio.php` | High
+9 | File | `/EXCU_SHELL` | Medium
+10 | File | `/forum/away.php` | High
+11 | File | `/ghost/preview` | High
+12 | File | `/goform/addressNat` | High
+13 | File | `/goform/NatStaticSetting` | High
+14 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
+15 | File | `/login` | Low
+16 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
+17 | File | `/opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def` | High
+18 | File | `/php-sms/admin/?page=services/manage_service` | High
+19 | File | `/sdm-ws-rest/preconfiguration` | High
+20 | File | `/settings` | Medium
+21 | File | `/uapi/doc` | Medium
+22 | File | `/uncpath/` | Medium
+23 | File | `/updownload/t.report` | High
+24 | ... | ... | ...

-There are 155 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 197 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

+* https://any.run/cybersecurity-blog/deobfuscating-guloader/
 * https://asec.ahnlab.com/en/36042/
 * https://asec.ahnlab.com/en/36294/
 * https://asec.ahnlab.com/en/36785/
--- a/actors/Hexmen/README.md
+++ b/actors/Hexmen/README.md
@ -9,7 +9,6 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hexmen:

 * [US](https://vuldb.com/?country.us)
-* [CN](https://vuldb.com/?country.cn)

 ## IOC - Indicator of Compromise

@ -33,12 +32,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-22 | Pathname Traversal | High
-2 | T1059.007 | CWE-79 | Cross Site Scripting | High
-3 | T1202 | CWE-77 | Command Injection | High
-4 | ... | ... | ... | ...
-
-There are 1 more TTP items available. Please use our online service to access the data.
+1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+2 | T1202 | CWE-77 | Command Injection | High
+3 | T1505 | CWE-89 | SQL Injection | High

 ## IOA - Indicator of Attack

--- a/actors/Hook/README.md
+++ b/actors/Hook/README.md
@ -50,62 +50,62 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/admin/admin.php` | High
-2 | File | `/card_scan.php` | High
-3 | File | `/cgi-bin/viewcert` | High
-4 | File | `/cgi-bin/wlogin.cgi` | High
-5 | File | `/cwc/login` | Medium
-6 | File | `/download` | Medium
-7 | File | `/DXR.axd` | Medium
-8 | File | `/etc/quagga` | Medium
-9 | File | `/etc/shadow` | Medium
-10 | File | `/forms/doLogin` | High
-11 | File | `/forum/away.php` | High
-12 | File | `/h/calendar` | Medium
-13 | File | `/importexport.php` | High
-14 | File | `/inc/extensions.php` | High
-15 | File | `/log/decodmail.php` | High
-16 | File | `/multi-vendor-shopping-script/product-list.php` | High
-17 | File | `/nova/bin/console` | High
-18 | File | `/nova/bin/detnet` | High
-19 | File | `/out.php` | Medium
-20 | File | `/req_password_user.php` | High
-21 | File | `/rom-0` | Low
-22 | File | `/secure/QueryComponent!Default.jspa` | High
-23 | File | `/see_more_details.php` | High
-24 | File | `/servlet/webacc` | High
-25 | File | `/ServletAPI/accounts/login` | High
-26 | File | `/SysManage/AddUpdateRole.aspx` | High
-27 | File | `/TemplateManager/indexExternalLocation.jsp` | High
-28 | File | `/textpattern/index.php` | High
-29 | File | `/uncpath/` | Medium
-30 | File | `/usr/syno/etc/mount.conf` | High
-31 | File | `/WEB-INF/web.xml` | High
-32 | File | `/wp-admin/options-general.php` | High
-33 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-34 | File | `/wp-json` | Medium
-35 | File | `adclick.php` | Medium
-36 | File | `adDetail.asp` | Medium
-37 | File | `adm.cgi` | Low
-38 | File | `admin.a6mambocredits.php` | High
-39 | File | `admin.color.php` | High
-40 | File | `admin.cropcanvas.php` | High
-41 | File | `admin.joomlaradiov5.php` | High
-42 | File | `admin.php` | Medium
-43 | File | `admin/addons/archive/archive.php` | High
-44 | File | `admin/general.php` | High
-45 | File | `admin/theme-edit.php` | High
-46 | File | `adminBanned.php` | High
-47 | File | `adminBoards.php` | High
-48 | File | `admincp.php?app=prop&do=add` | High
-49 | File | `adminForums.php` | High
-50 | File | `administrator/components/com_media/helpers/media.php` | High
-51 | File | `akocomments.php` | High
-52 | File | `album_portal.php` | High
-53 | File | `allopass-error.php` | High
-54 | File | `allopass.php` | Medium
+2 | File | `/admin/list_addr_fwresource_ip.php` | High
+3 | File | `/card_scan.php` | High
+4 | File | `/cgi-bin/viewcert` | High
+5 | File | `/cgi-bin/wlogin.cgi` | High
+6 | File | `/cwc/login` | Medium
+7 | File | `/download` | Medium
+8 | File | `/DXR.axd` | Medium
+9 | File | `/etc/quagga` | Medium
+10 | File | `/etc/shadow` | Medium
+11 | File | `/forms/doLogin` | High
+12 | File | `/forum/away.php` | High
+13 | File | `/h/calendar` | Medium
+14 | File | `/importexport.php` | High
+15 | File | `/inc/extensions.php` | High
+16 | File | `/log/decodmail.php` | High
+17 | File | `/multi-vendor-shopping-script/product-list.php` | High
+18 | File | `/nova/bin/console` | High
+19 | File | `/nova/bin/detnet` | High
+20 | File | `/out.php` | Medium
+21 | File | `/req_password_user.php` | High
+22 | File | `/rom-0` | Low
+23 | File | `/secure/QueryComponent!Default.jspa` | High
+24 | File | `/see_more_details.php` | High
+25 | File | `/servlet/webacc` | High
+26 | File | `/ServletAPI/accounts/login` | High
+27 | File | `/SysManage/AddUpdateRole.aspx` | High
+28 | File | `/TemplateManager/indexExternalLocation.jsp` | High
+29 | File | `/textpattern/index.php` | High
+30 | File | `/uncpath/` | Medium
+31 | File | `/usr/syno/etc/mount.conf` | High
+32 | File | `/WEB-INF/web.xml` | High
+33 | File | `/wp-admin/options-general.php` | High
+34 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+35 | File | `/wp-json` | Medium
+36 | File | `adclick.php` | Medium
+37 | File | `adDetail.asp` | Medium
+38 | File | `adm.cgi` | Low
+39 | File | `admin.a6mambocredits.php` | High
+40 | File | `admin.color.php` | High
+41 | File | `admin.cropcanvas.php` | High
+42 | File | `admin.joomlaradiov5.php` | High
+43 | File | `admin.php` | Medium
+44 | File | `admin/addons/archive/archive.php` | High
+45 | File | `admin/general.php` | High
+46 | File | `admin/theme-edit.php` | High
+47 | File | `adminBanned.php` | High
+48 | File | `adminBoards.php` | High
+49 | File | `admincp.php?app=prop&do=add` | High
+50 | File | `adminForums.php` | High
+51 | File | `administrator/components/com_media/helpers/media.php` | High
+52 | File | `akocomments.php` | High
+53 | File | `album_portal.php` | High
+54 | File | `allopass-error.php` | High
 55 | ... | ... | ...

-There are 477 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 481 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Houdini/README.md
+++ b/actors/Houdini/README.md
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [US](https://vuldb.com/?country.us)
 * [RU](https://vuldb.com/?country.ru)
-* [GB](https://vuldb.com/?country.gb)
+* [DE](https://vuldb.com/?country.de)
 * ...

-There are 7 more country items available. Please use our online service to access the data.
+There are 10 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -22,12 +22,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [2.59.254.111](https://vuldb.com/?ip.2.59.254.111) | - | - | High
-2 | [45.90.222.125](https://vuldb.com/?ip.45.90.222.125) | 45-90-222-125-hostedby.bcr.host | - | High
-3 | [45.90.222.131](https://vuldb.com/?ip.45.90.222.131) | 45-90-222-131-hostedby.bcr.host | - | High
-4 | [62.197.136.69](https://vuldb.com/?ip.62.197.136.69) | - | - | High
+2 | [41.216.188.103](https://vuldb.com/?ip.41.216.188.103) | - | - | High
+3 | [45.90.222.125](https://vuldb.com/?ip.45.90.222.125) | 45-90-222-125-hostedby.bcr.host | - | High
+4 | [45.90.222.131](https://vuldb.com/?ip.45.90.222.131) | 45-90-222-131-hostedby.bcr.host | - | High
 5 | ... | ... | ... | ...

-There are 14 more IOC items available. Please use our online service to access the data.
+There are 17 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -40,7 +40,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 10 more TTP items available. Please use our online service to access the data.
+There are 11 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -48,18 +48,29 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/Admin/login.php` | High
-2 | File | `/admin/maintenance/view_designation.php` | High
-3 | File | `/debug/pprof` | Medium
-4 | File | `/etc/sudoers` | Medium
-5 | File | `/forum/away.php` | High
-6 | File | `/showfile.php` | High
-7 | File | `/uncpath/` | Medium
-8 | File | `adclick.php` | Medium
-9 | File | `admin-ajax.php` | High
-10 | ... | ... | ...
+1 | File | `/admin/inquiries/view_details.php` | High
+2 | File | `/Admin/login.php` | High
+3 | File | `/admin/maintenance/view_designation.php` | High
+4 | File | `/coreframe/app/order/admin/index.php` | High
+5 | File | `/debug/pprof` | Medium
+6 | File | `/dev/snd/seq` | Medium
+7 | File | `/etc/sudoers` | Medium
+8 | File | `/forum/away.php` | High
+9 | File | `/products/details.asp` | High
+10 | File | `/showfile.php` | High
+11 | File | `/uncpath/` | Medium
+12 | File | `/Wedding-Management/package_detail.php` | High
+13 | File | `adclick.php` | Medium
+14 | File | `admin-ajax.php` | High
+15 | File | `admin/abc.php` | High
+16 | File | `admin/news.php` | High
+17 | File | `artlinks.dispnew.php` | High
+18 | File | `auth.inc.php` | Medium
+19 | File | `bookPerPub.php` | High
+20 | File | `cart_content.php` | High
+21 | ... | ... | ...

-There are 77 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 170 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -74,6 +85,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://tria.ge/220613-smnybadca4
 * https://twitter.com/suyog41/status/1692068700155965877
 * https://www.joesandbox.com/analysis/839457/0/html#TCP_Packets
+* https://www.virustotal.com/gui/file/00163dbf765b7011710330c18bad0a195208846e4aa471f4377eeb9d71b9fd34/detection
 * https://www.virustotal.com/gui/file/be8a02ffd80f9367a1a23aac1a4f6b51ad25482783ac42147b18e5b2b36c98d0/detection

 ## Literature
--- a/actors/IcedID/README.md
+++ b/actors/IcedID/README.md
@ -175,206 +175,210 @@ ID | IP address | Hostname | Campaign | Confidence
 145 | [5.252.177.107](https://vuldb.com/?ip.5.252.177.107) | no-rdns.mivocloud.com | - | High
 146 | [5.252.177.233](https://vuldb.com/?ip.5.252.177.233) | 5-252-177-233.mivocloud.com | - | High
 147 | [5.252.178.142](https://vuldb.com/?ip.5.252.178.142) | no-rdns.mivocloud.com | - | High
-148 | [5.255.98.126](https://vuldb.com/?ip.5.255.98.126) | - | - | High
-149 | [5.255.99.21](https://vuldb.com/?ip.5.255.99.21) | - | - | High
-150 | [5.255.99.51](https://vuldb.com/?ip.5.255.99.51) | - | - | High
-151 | [5.255.99.108](https://vuldb.com/?ip.5.255.99.108) | - | - | High
-152 | [5.255.100.8](https://vuldb.com/?ip.5.255.100.8) | - | - | High
-153 | [5.255.100.32](https://vuldb.com/?ip.5.255.100.32) | - | - | High
-154 | [5.255.100.55](https://vuldb.com/?ip.5.255.100.55) | - | - | High
-155 | [5.255.100.65](https://vuldb.com/?ip.5.255.100.65) | - | - | High
-156 | [5.255.100.207](https://vuldb.com/?ip.5.255.100.207) | chronostech.io | - | High
-157 | [5.255.100.250](https://vuldb.com/?ip.5.255.100.250) | - | - | High
-158 | [5.255.101.31](https://vuldb.com/?ip.5.255.101.31) | - | - | High
-159 | [5.255.101.68](https://vuldb.com/?ip.5.255.101.68) | - | - | High
-160 | [5.255.102.88](https://vuldb.com/?ip.5.255.102.88) | - | - | High
-161 | [5.255.102.167](https://vuldb.com/?ip.5.255.102.167) | - | - | High
-162 | [5.255.103.75](https://vuldb.com/?ip.5.255.103.75) | - | - | High
-163 | [5.255.103.108](https://vuldb.com/?ip.5.255.103.108) | - | - | High
-164 | [5.255.103.144](https://vuldb.com/?ip.5.255.103.144) | - | - | High
-165 | [5.255.103.245](https://vuldb.com/?ip.5.255.103.245) | - | - | High
-166 | [5.255.104.11](https://vuldb.com/?ip.5.255.104.11) | - | - | High
-167 | [5.255.104.22](https://vuldb.com/?ip.5.255.104.22) | - | - | High
-168 | [5.255.104.45](https://vuldb.com/?ip.5.255.104.45) | - | - | High
-169 | [5.255.104.52](https://vuldb.com/?ip.5.255.104.52) | - | - | High
-170 | [5.255.104.93](https://vuldb.com/?ip.5.255.104.93) | - | - | High
-171 | [5.255.104.97](https://vuldb.com/?ip.5.255.104.97) | - | - | High
-172 | [5.255.104.113](https://vuldb.com/?ip.5.255.104.113) | - | - | High
-173 | [5.255.104.120](https://vuldb.com/?ip.5.255.104.120) | - | - | High
-174 | [5.255.104.130](https://vuldb.com/?ip.5.255.104.130) | - | - | High
-175 | [5.255.104.143](https://vuldb.com/?ip.5.255.104.143) | - | - | High
-176 | [5.255.104.145](https://vuldb.com/?ip.5.255.104.145) | - | - | High
-177 | [5.255.104.153](https://vuldb.com/?ip.5.255.104.153) | - | - | High
-178 | [5.255.104.184](https://vuldb.com/?ip.5.255.104.184) | - | - | High
-179 | [5.255.104.220](https://vuldb.com/?ip.5.255.104.220) | - | - | High
-180 | [5.255.104.233](https://vuldb.com/?ip.5.255.104.233) | - | - | High
-181 | [5.255.105.55](https://vuldb.com/?ip.5.255.105.55) | - | - | High
-182 | [5.255.105.239](https://vuldb.com/?ip.5.255.105.239) | - | - | High
-183 | [5.255.106.72](https://vuldb.com/?ip.5.255.106.72) | - | - | High
-184 | [5.255.106.78](https://vuldb.com/?ip.5.255.106.78) | smtp.gespollas.com | - | High
-185 | [5.255.106.136](https://vuldb.com/?ip.5.255.106.136) | - | - | High
-186 | [5.255.106.240](https://vuldb.com/?ip.5.255.106.240) | - | - | High
-187 | [5.255.107.149](https://vuldb.com/?ip.5.255.107.149) | - | - | High
-188 | [5.255.109.46](https://vuldb.com/?ip.5.255.109.46) | - | - | High
-189 | [5.255.109.175](https://vuldb.com/?ip.5.255.109.175) | - | - | High
-190 | [5.255.110.177](https://vuldb.com/?ip.5.255.110.177) | - | - | High
-191 | [5.255.111.220](https://vuldb.com/?ip.5.255.111.220) | - | - | High
-192 | [5.255.113.157](https://vuldb.com/?ip.5.255.113.157) | - | - | High
-193 | [5.255.115.226](https://vuldb.com/?ip.5.255.115.226) | - | - | High
-194 | [5.255.119.21](https://vuldb.com/?ip.5.255.119.21) | - | - | High
-195 | [5.255.120.33](https://vuldb.com/?ip.5.255.120.33) | - | - | High
-196 | [5.255.122.79](https://vuldb.com/?ip.5.255.122.79) | - | - | High
-197 | [5.255.124.55](https://vuldb.com/?ip.5.255.124.55) | - | - | High
-198 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
-199 | [8.39.147.62](https://vuldb.com/?ip.8.39.147.62) | vyc1.achlycole.org.uk | - | High
-200 | [13.52.121.66](https://vuldb.com/?ip.13.52.121.66) | ec2-13-52-121-66.us-west-1.compute.amazonaws.com | - | Medium
-201 | [13.57.55.155](https://vuldb.com/?ip.13.57.55.155) | ec2-13-57-55-155.us-west-1.compute.amazonaws.com | - | Medium
-202 | [13.237.1.27](https://vuldb.com/?ip.13.237.1.27) | ec2-13-237-1-27.ap-southeast-2.compute.amazonaws.com | - | Medium
-203 | [13.237.195.116](https://vuldb.com/?ip.13.237.195.116) | ec2-13-237-195-116.ap-southeast-2.compute.amazonaws.com | - | Medium
-204 | [23.82.128.186](https://vuldb.com/?ip.23.82.128.186) | - | - | High
-205 | [23.82.128.215](https://vuldb.com/?ip.23.82.128.215) | - | - | High
-206 | [23.88.35.240](https://vuldb.com/?ip.23.88.35.240) | static.240.35.88.23.clients.your-server.de | - | High
-207 | [23.106.124.26](https://vuldb.com/?ip.23.106.124.26) | - | - | High
-208 | [23.106.124.168](https://vuldb.com/?ip.23.106.124.168) | - | - | High
-209 | [23.106.124.181](https://vuldb.com/?ip.23.106.124.181) | - | - | High
-210 | [23.106.215.93](https://vuldb.com/?ip.23.106.215.93) | - | - | High
-211 | [23.160.193.140](https://vuldb.com/?ip.23.160.193.140) | unknown.ip-xfer.net | - | High
-212 | [23.227.202.165](https://vuldb.com/?ip.23.227.202.165) | 23-227-202-165.static.hvvc.us | - | High
-213 | [23.227.203.131](https://vuldb.com/?ip.23.227.203.131) | 23-227-203-131.static.hvvc.us | - | High
-214 | [23.227.206.161](https://vuldb.com/?ip.23.227.206.161) | 23-227-206-161.static.hvvc.us | - | High
-215 | [23.227.206.195](https://vuldb.com/?ip.23.227.206.195) | 23-227-206-195.static.hvvc.us | - | High
-216 | [23.254.202.234](https://vuldb.com/?ip.23.254.202.234) | hwsrv-1055605.hostwindsdns.com | - | High
-217 | [23.254.211.137](https://vuldb.com/?ip.23.254.211.137) | hwsrv-1045976.hostwindsdns.com | - | High
-218 | [23.254.224.115](https://vuldb.com/?ip.23.254.224.115) | hwsrv-1031288.hostwindsdns.com | - | High
-219 | [23.254.224.148](https://vuldb.com/?ip.23.254.224.148) | client-23-254-224-148.hostwindsdns.com | - | High
-220 | [23.254.226.152](https://vuldb.com/?ip.23.254.226.152) | hwsrv-1069457.hostwindsdns.com | - | High
-221 | [23.254.229.208](https://vuldb.com/?ip.23.254.229.208) | hwsrv-1015537.hostwindsdns.com | - | High
-222 | [23.254.253.106](https://vuldb.com/?ip.23.254.253.106) | WIN-KP9WSUDC4N.com | - | High
-223 | [31.13.195.119](https://vuldb.com/?ip.31.13.195.119) | sm.cfconsult.net | - | High
-224 | [31.13.195.127](https://vuldb.com/?ip.31.13.195.127) | - | - | High
-225 | [31.24.224.12](https://vuldb.com/?ip.31.24.224.12) | 1f18e00c.setaptr.net | - | High
-226 | [31.24.228.170](https://vuldb.com/?ip.31.24.228.170) | 31.24.228.170.static.midphase.com | - | High
-227 | [31.184.199.11](https://vuldb.com/?ip.31.184.199.11) | dalesmanager.com | - | High
-228 | [37.1.192.40](https://vuldb.com/?ip.37.1.192.40) | - | - | High
-229 | [37.1.193.136](https://vuldb.com/?ip.37.1.193.136) | webcomdition.com | - | High
-230 | [37.1.195.84](https://vuldb.com/?ip.37.1.195.84) | - | - | High
-231 | [37.1.195.238](https://vuldb.com/?ip.37.1.195.238) | autoreflash.com | - | High
-232 | [37.1.205.217](https://vuldb.com/?ip.37.1.205.217) | - | - | High
-233 | [37.1.208.48](https://vuldb.com/?ip.37.1.208.48) | reveltip.com | - | High
-234 | [37.1.213.234](https://vuldb.com/?ip.37.1.213.234) | - | - | High
-235 | [37.1.221.209](https://vuldb.com/?ip.37.1.221.209) | - | - | High
-236 | [37.46.129.17](https://vuldb.com/?ip.37.46.129.17) | info50.fvds.ru | - | High
-237 | [37.61.229.95](https://vuldb.com/?ip.37.61.229.95) | zeno.igorclark.net | - | High
-238 | [37.120.222.100](https://vuldb.com/?ip.37.120.222.100) | - | - | High
-239 | [37.221.115.12](https://vuldb.com/?ip.37.221.115.12) | - | - | High
-240 | [37.235.55.75](https://vuldb.com/?ip.37.235.55.75) | 75.55.235.37.in-addr.arpa | - | High
-241 | [37.235.55.103](https://vuldb.com/?ip.37.235.55.103) | 103.55.235.37.in-addr.arpa | - | High
-242 | [37.235.56.30](https://vuldb.com/?ip.37.235.56.30) | 30.56.235.37.in-addr.arpa | - | High
-243 | [37.235.56.37](https://vuldb.com/?ip.37.235.56.37) | 37.56.235.37.in-addr.arpa | - | High
-244 | [37.235.56.94](https://vuldb.com/?ip.37.235.56.94) | 94.56.235.37.in-addr.arpa | - | High
-245 | [37.235.56.185](https://vuldb.com/?ip.37.235.56.185) | 185.56.235.37.in-addr.arpa | - | High
-246 | [37.252.5.228](https://vuldb.com/?ip.37.252.5.228) | - | - | High
-247 | [37.252.6.77](https://vuldb.com/?ip.37.252.6.77) | - | - | High
-248 | [37.252.10.231](https://vuldb.com/?ip.37.252.10.231) | - | - | High
-249 | [37.252.11.170](https://vuldb.com/?ip.37.252.11.170) | - | - | High
-250 | [37.252.11.221](https://vuldb.com/?ip.37.252.11.221) | - | - | High
-251 | [38.180.0.89](https://vuldb.com/?ip.38.180.0.89) | - | - | High
-252 | [38.180.8.107](https://vuldb.com/?ip.38.180.8.107) | - | - | High
-253 | [38.180.8.169](https://vuldb.com/?ip.38.180.8.169) | - | - | High
-254 | [38.180.34.14](https://vuldb.com/?ip.38.180.34.14) | - | - | High
-255 | [39.104.16.102](https://vuldb.com/?ip.39.104.16.102) | - | - | High
-256 | [39.104.17.212](https://vuldb.com/?ip.39.104.17.212) | - | - | High
-257 | [39.104.23.152](https://vuldb.com/?ip.39.104.23.152) | - | - | High
-258 | [39.104.27.24](https://vuldb.com/?ip.39.104.27.24) | - | - | High
-259 | [39.104.72.59](https://vuldb.com/?ip.39.104.72.59) | - | - | High
-260 | [39.104.94.83](https://vuldb.com/?ip.39.104.94.83) | - | - | High
-261 | [39.104.164.115](https://vuldb.com/?ip.39.104.164.115) | - | - | High
-262 | [45.8.158.140](https://vuldb.com/?ip.45.8.158.140) | mail.aeoncard-co-jp.com | - | High
-263 | [45.11.19.121](https://vuldb.com/?ip.45.11.19.121) | - | - | High
-264 | [45.11.19.168](https://vuldb.com/?ip.45.11.19.168) | - | - | High
-265 | [45.11.182.61](https://vuldb.com/?ip.45.11.182.61) | - | - | High
-266 | [45.11.182.114](https://vuldb.com/?ip.45.11.182.114) | - | - | High
-267 | [45.11.182.115](https://vuldb.com/?ip.45.11.182.115) | - | - | High
-268 | [45.11.182.117](https://vuldb.com/?ip.45.11.182.117) | - | - | High
-269 | [45.11.182.118](https://vuldb.com/?ip.45.11.182.118) | - | - | High
-270 | [45.11.182.119](https://vuldb.com/?ip.45.11.182.119) | - | - | High
-271 | [45.11.182.120](https://vuldb.com/?ip.45.11.182.120) | - | - | High
-272 | [45.11.182.121](https://vuldb.com/?ip.45.11.182.121) | - | - | High
-273 | [45.12.109.136](https://vuldb.com/?ip.45.12.109.136) | kemp.strongwallsys.com | - | High
-274 | [45.12.109.195](https://vuldb.com/?ip.45.12.109.195) | ryan.earthbroadcasting.com | - | High
-275 | [45.12.109.221](https://vuldb.com/?ip.45.12.109.221) | weaver.earthbroadcasting.com | - | High
-276 | [45.12.139.90](https://vuldb.com/?ip.45.12.139.90) | - | - | High
-277 | [45.15.161.254](https://vuldb.com/?ip.45.15.161.254) | - | - | High
-278 | [45.41.204.5](https://vuldb.com/?ip.45.41.204.5) | fastshipus.xyz | - | High
-279 | [45.55.42.13](https://vuldb.com/?ip.45.55.42.13) | - | - | High
-280 | [45.55.53.206](https://vuldb.com/?ip.45.55.53.206) | - | - | High
-281 | [45.55.56.244](https://vuldb.com/?ip.45.55.56.244) | - | - | High
-282 | [45.61.136.6](https://vuldb.com/?ip.45.61.136.6) | - | - | High
-283 | [45.61.136.22](https://vuldb.com/?ip.45.61.136.22) | - | - | High
-284 | [45.61.136.193](https://vuldb.com/?ip.45.61.136.193) | - | - | High
-285 | [45.61.137.95](https://vuldb.com/?ip.45.61.137.95) | - | - | High
-286 | [45.61.137.119](https://vuldb.com/?ip.45.61.137.119) | - | - | High
-287 | [45.61.137.159](https://vuldb.com/?ip.45.61.137.159) | - | - | High
-288 | [45.61.137.220](https://vuldb.com/?ip.45.61.137.220) | svenska.re | - | High
-289 | [45.61.137.225](https://vuldb.com/?ip.45.61.137.225) | - | - | High
-290 | [45.61.138.12](https://vuldb.com/?ip.45.61.138.12) | - | - | High
-291 | [45.61.138.171](https://vuldb.com/?ip.45.61.138.171) | - | - | High
-292 | [45.61.138.175](https://vuldb.com/?ip.45.61.138.175) | - | - | High
-293 | [45.61.138.181](https://vuldb.com/?ip.45.61.138.181) | - | - | High
-294 | [45.61.138.227](https://vuldb.com/?ip.45.61.138.227) | - | - | High
-295 | [45.61.139.138](https://vuldb.com/?ip.45.61.139.138) | - | - | High
-296 | [45.61.139.144](https://vuldb.com/?ip.45.61.139.144) | - | - | High
-297 | [45.61.139.179](https://vuldb.com/?ip.45.61.139.179) | - | - | High
-298 | [45.61.139.196](https://vuldb.com/?ip.45.61.139.196) | - | - | High
-299 | [45.61.139.232](https://vuldb.com/?ip.45.61.139.232) | - | - | High
-300 | [45.61.139.235](https://vuldb.com/?ip.45.61.139.235) | - | - | High
-301 | [45.61.139.243](https://vuldb.com/?ip.45.61.139.243) | - | - | High
-302 | [45.66.248.7](https://vuldb.com/?ip.45.66.248.7) | mta0.burjeela.gq | - | High
-303 | [45.66.248.37](https://vuldb.com/?ip.45.66.248.37) | mta0.quarrantinereport-center.gq | - | High
-304 | [45.66.248.64](https://vuldb.com/?ip.45.66.248.64) | 0n3reye0i0.alyanova.com | - | High
-305 | [45.66.248.69](https://vuldb.com/?ip.45.66.248.69) | outbound5.imaille.com | - | High
-306 | [45.66.248.71](https://vuldb.com/?ip.45.66.248.71) | - | - | High
-307 | [45.66.248.79](https://vuldb.com/?ip.45.66.248.79) | mta0.coldspikes.autos | - | High
-308 | [45.66.248.119](https://vuldb.com/?ip.45.66.248.119) | finixdeal.com | Nokoyawa | High
-309 | [45.66.248.148](https://vuldb.com/?ip.45.66.248.148) | QuanTs.defaultproduct.com | - | High
-310 | [45.66.248.244](https://vuldb.com/?ip.45.66.248.244) | mta0.axminster-carpets.cf | - | High
-311 | [45.66.249.26](https://vuldb.com/?ip.45.66.249.26) | 8axj5rsx1e.marketingforbreweries.com | - | High
-312 | [45.66.249.221](https://vuldb.com/?ip.45.66.249.221) | mta0.lizengeneering.com | - | High
-313 | [45.67.231.235](https://vuldb.com/?ip.45.67.231.235) | am-tun2.warwish.pro | - | High
-314 | [45.82.247.87](https://vuldb.com/?ip.45.82.247.87) | - | - | High
-315 | [45.82.247.121](https://vuldb.com/?ip.45.82.247.121) | - | - | High
-316 | [45.82.247.148](https://vuldb.com/?ip.45.82.247.148) | prostatehealth.click | - | High
-317 | [45.82.251.34](https://vuldb.com/?ip.45.82.251.34) | - | - | High
-318 | [45.82.251.36](https://vuldb.com/?ip.45.82.251.36) | - | - | High
-319 | [45.82.251.44](https://vuldb.com/?ip.45.82.251.44) | - | - | High
-320 | [45.86.229.46](https://vuldb.com/?ip.45.86.229.46) | - | - | High
-321 | [45.86.229.94](https://vuldb.com/?ip.45.86.229.94) | - | - | High
-322 | [45.86.229.105](https://vuldb.com/?ip.45.86.229.105) | 1lf7cf33e.northernstarmarketing.com | - | High
-323 | [45.86.229.180](https://vuldb.com/?ip.45.86.229.180) | - | - | High
-324 | [45.86.229.253](https://vuldb.com/?ip.45.86.229.253) | 32l.edUcated-352.insuranceforourfamily.com | - | High
-325 | [45.86.230.43](https://vuldb.com/?ip.45.86.230.43) | google.com | - | High
-326 | [45.86.230.141](https://vuldb.com/?ip.45.86.230.141) | mta0.ungho.cf | - | High
-327 | [45.86.230.149](https://vuldb.com/?ip.45.86.230.149) | - | - | High
-328 | [45.86.230.181](https://vuldb.com/?ip.45.86.230.181) | - | - | High
-329 | [45.86.231.210](https://vuldb.com/?ip.45.86.231.210) | - | - | High
-330 | [45.87.154.181](https://vuldb.com/?ip.45.87.154.181) | vm.solutions | - | High
-331 | [45.88.221.211](https://vuldb.com/?ip.45.88.221.211) | - | - | High
-332 | [45.89.98.138](https://vuldb.com/?ip.45.89.98.138) | ruiz.thegamersnet.com | - | High
-333 | [45.89.107.120](https://vuldb.com/?ip.45.89.107.120) | d120.lifedigitz.com | - | High
-334 | [45.92.162.84](https://vuldb.com/?ip.45.92.162.84) | butler.egnerarch.com | - | High
-335 | [45.92.163.123](https://vuldb.com/?ip.45.92.163.123) | vars-long-kks.currishfine.com | - | High
-336 | [45.92.163.233](https://vuldb.com/?ip.45.92.163.233) | landing-messy.samewaged.com | - | High
-337 | [45.92.163.238](https://vuldb.com/?ip.45.92.163.238) | sup-size.samewaged.com | - | High
-338 | [45.95.11.125](https://vuldb.com/?ip.45.95.11.125) | vm324206.pq.hosting | - | High
-339 | [45.129.99.241](https://vuldb.com/?ip.45.129.99.241) | 354851-vds-mamozw.gmhost.pp.ua | - | High
-340 | [45.129.199.13](https://vuldb.com/?ip.45.129.199.13) | - | - | High
-341 | [45.129.199.26](https://vuldb.com/?ip.45.129.199.26) | - | - | High
-342 | [45.129.199.67](https://vuldb.com/?ip.45.129.199.67) | - | - | High
-343 | [45.129.199.92](https://vuldb.com/?ip.45.129.199.92) | - | - | High
-344 | [45.138.172.179](https://vuldb.com/?ip.45.138.172.179) | - | - | High
-345 | ... | ... | ... | ...
+148 | [5.255.98.45](https://vuldb.com/?ip.5.255.98.45) | - | - | High
+149 | [5.255.98.126](https://vuldb.com/?ip.5.255.98.126) | - | - | High
+150 | [5.255.99.21](https://vuldb.com/?ip.5.255.99.21) | - | - | High
+151 | [5.255.99.51](https://vuldb.com/?ip.5.255.99.51) | - | - | High
+152 | [5.255.99.108](https://vuldb.com/?ip.5.255.99.108) | - | - | High
+153 | [5.255.100.8](https://vuldb.com/?ip.5.255.100.8) | - | - | High
+154 | [5.255.100.32](https://vuldb.com/?ip.5.255.100.32) | - | - | High
+155 | [5.255.100.55](https://vuldb.com/?ip.5.255.100.55) | - | - | High
+156 | [5.255.100.65](https://vuldb.com/?ip.5.255.100.65) | - | - | High
+157 | [5.255.100.207](https://vuldb.com/?ip.5.255.100.207) | chronostech.io | - | High
+158 | [5.255.100.250](https://vuldb.com/?ip.5.255.100.250) | - | - | High
+159 | [5.255.101.31](https://vuldb.com/?ip.5.255.101.31) | - | - | High
+160 | [5.255.101.68](https://vuldb.com/?ip.5.255.101.68) | - | - | High
+161 | [5.255.102.88](https://vuldb.com/?ip.5.255.102.88) | - | - | High
+162 | [5.255.102.167](https://vuldb.com/?ip.5.255.102.167) | - | - | High
+163 | [5.255.103.75](https://vuldb.com/?ip.5.255.103.75) | - | - | High
+164 | [5.255.103.108](https://vuldb.com/?ip.5.255.103.108) | - | - | High
+165 | [5.255.103.144](https://vuldb.com/?ip.5.255.103.144) | - | - | High
+166 | [5.255.103.245](https://vuldb.com/?ip.5.255.103.245) | - | - | High
+167 | [5.255.104.11](https://vuldb.com/?ip.5.255.104.11) | - | - | High
+168 | [5.255.104.22](https://vuldb.com/?ip.5.255.104.22) | - | - | High
+169 | [5.255.104.45](https://vuldb.com/?ip.5.255.104.45) | - | - | High
+170 | [5.255.104.52](https://vuldb.com/?ip.5.255.104.52) | - | - | High
+171 | [5.255.104.93](https://vuldb.com/?ip.5.255.104.93) | - | - | High
+172 | [5.255.104.97](https://vuldb.com/?ip.5.255.104.97) | - | - | High
+173 | [5.255.104.113](https://vuldb.com/?ip.5.255.104.113) | - | - | High
+174 | [5.255.104.120](https://vuldb.com/?ip.5.255.104.120) | - | - | High
+175 | [5.255.104.130](https://vuldb.com/?ip.5.255.104.130) | - | - | High
+176 | [5.255.104.143](https://vuldb.com/?ip.5.255.104.143) | - | - | High
+177 | [5.255.104.145](https://vuldb.com/?ip.5.255.104.145) | - | - | High
+178 | [5.255.104.153](https://vuldb.com/?ip.5.255.104.153) | - | - | High
+179 | [5.255.104.184](https://vuldb.com/?ip.5.255.104.184) | - | - | High
+180 | [5.255.104.220](https://vuldb.com/?ip.5.255.104.220) | - | - | High
+181 | [5.255.104.233](https://vuldb.com/?ip.5.255.104.233) | - | - | High
+182 | [5.255.105.55](https://vuldb.com/?ip.5.255.105.55) | - | - | High
+183 | [5.255.105.239](https://vuldb.com/?ip.5.255.105.239) | - | - | High
+184 | [5.255.106.72](https://vuldb.com/?ip.5.255.106.72) | - | - | High
+185 | [5.255.106.78](https://vuldb.com/?ip.5.255.106.78) | smtp.gespollas.com | - | High
+186 | [5.255.106.136](https://vuldb.com/?ip.5.255.106.136) | - | - | High
+187 | [5.255.106.240](https://vuldb.com/?ip.5.255.106.240) | - | - | High
+188 | [5.255.107.149](https://vuldb.com/?ip.5.255.107.149) | - | - | High
+189 | [5.255.109.46](https://vuldb.com/?ip.5.255.109.46) | - | - | High
+190 | [5.255.109.175](https://vuldb.com/?ip.5.255.109.175) | - | - | High
+191 | [5.255.110.177](https://vuldb.com/?ip.5.255.110.177) | - | - | High
+192 | [5.255.111.220](https://vuldb.com/?ip.5.255.111.220) | - | - | High
+193 | [5.255.113.157](https://vuldb.com/?ip.5.255.113.157) | - | - | High
+194 | [5.255.115.226](https://vuldb.com/?ip.5.255.115.226) | - | - | High
+195 | [5.255.119.21](https://vuldb.com/?ip.5.255.119.21) | - | - | High
+196 | [5.255.120.33](https://vuldb.com/?ip.5.255.120.33) | - | - | High
+197 | [5.255.122.79](https://vuldb.com/?ip.5.255.122.79) | - | - | High
+198 | [5.255.124.55](https://vuldb.com/?ip.5.255.124.55) | - | - | High
+199 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
+200 | [8.39.147.62](https://vuldb.com/?ip.8.39.147.62) | vyc1.achlycole.org.uk | - | High
+201 | [13.52.121.66](https://vuldb.com/?ip.13.52.121.66) | ec2-13-52-121-66.us-west-1.compute.amazonaws.com | - | Medium
+202 | [13.57.55.155](https://vuldb.com/?ip.13.57.55.155) | ec2-13-57-55-155.us-west-1.compute.amazonaws.com | - | Medium
+203 | [13.237.1.27](https://vuldb.com/?ip.13.237.1.27) | ec2-13-237-1-27.ap-southeast-2.compute.amazonaws.com | - | Medium
+204 | [13.237.195.116](https://vuldb.com/?ip.13.237.195.116) | ec2-13-237-195-116.ap-southeast-2.compute.amazonaws.com | - | Medium
+205 | [23.82.128.186](https://vuldb.com/?ip.23.82.128.186) | - | - | High
+206 | [23.82.128.215](https://vuldb.com/?ip.23.82.128.215) | - | - | High
+207 | [23.88.35.240](https://vuldb.com/?ip.23.88.35.240) | static.240.35.88.23.clients.your-server.de | - | High
+208 | [23.106.124.26](https://vuldb.com/?ip.23.106.124.26) | - | - | High
+209 | [23.106.124.168](https://vuldb.com/?ip.23.106.124.168) | - | - | High
+210 | [23.106.124.181](https://vuldb.com/?ip.23.106.124.181) | - | - | High
+211 | [23.106.215.93](https://vuldb.com/?ip.23.106.215.93) | - | - | High
+212 | [23.160.193.140](https://vuldb.com/?ip.23.160.193.140) | unknown.ip-xfer.net | - | High
+213 | [23.164.240.130](https://vuldb.com/?ip.23.164.240.130) | - | - | High
+214 | [23.227.202.165](https://vuldb.com/?ip.23.227.202.165) | 23-227-202-165.static.hvvc.us | - | High
+215 | [23.227.203.131](https://vuldb.com/?ip.23.227.203.131) | 23-227-203-131.static.hvvc.us | - | High
+216 | [23.227.206.161](https://vuldb.com/?ip.23.227.206.161) | 23-227-206-161.static.hvvc.us | - | High
+217 | [23.227.206.195](https://vuldb.com/?ip.23.227.206.195) | 23-227-206-195.static.hvvc.us | - | High
+218 | [23.254.202.234](https://vuldb.com/?ip.23.254.202.234) | hwsrv-1055605.hostwindsdns.com | - | High
+219 | [23.254.211.137](https://vuldb.com/?ip.23.254.211.137) | hwsrv-1045976.hostwindsdns.com | - | High
+220 | [23.254.224.115](https://vuldb.com/?ip.23.254.224.115) | hwsrv-1031288.hostwindsdns.com | - | High
+221 | [23.254.224.148](https://vuldb.com/?ip.23.254.224.148) | client-23-254-224-148.hostwindsdns.com | - | High
+222 | [23.254.226.152](https://vuldb.com/?ip.23.254.226.152) | hwsrv-1069457.hostwindsdns.com | - | High
+223 | [23.254.229.208](https://vuldb.com/?ip.23.254.229.208) | hwsrv-1015537.hostwindsdns.com | - | High
+224 | [23.254.253.106](https://vuldb.com/?ip.23.254.253.106) | WIN-KP9WSUDC4N.com | - | High
+225 | [31.13.195.119](https://vuldb.com/?ip.31.13.195.119) | sm.cfconsult.net | - | High
+226 | [31.13.195.127](https://vuldb.com/?ip.31.13.195.127) | - | - | High
+227 | [31.24.224.12](https://vuldb.com/?ip.31.24.224.12) | 1f18e00c.setaptr.net | - | High
+228 | [31.24.228.170](https://vuldb.com/?ip.31.24.228.170) | 31.24.228.170.static.midphase.com | - | High
+229 | [31.184.199.11](https://vuldb.com/?ip.31.184.199.11) | dalesmanager.com | - | High
+230 | [37.1.192.40](https://vuldb.com/?ip.37.1.192.40) | - | - | High
+231 | [37.1.193.136](https://vuldb.com/?ip.37.1.193.136) | webcomdition.com | - | High
+232 | [37.1.195.84](https://vuldb.com/?ip.37.1.195.84) | - | - | High
+233 | [37.1.195.238](https://vuldb.com/?ip.37.1.195.238) | autoreflash.com | - | High
+234 | [37.1.205.217](https://vuldb.com/?ip.37.1.205.217) | - | - | High
+235 | [37.1.208.48](https://vuldb.com/?ip.37.1.208.48) | reveltip.com | - | High
+236 | [37.1.213.234](https://vuldb.com/?ip.37.1.213.234) | - | - | High
+237 | [37.1.221.209](https://vuldb.com/?ip.37.1.221.209) | - | - | High
+238 | [37.46.129.17](https://vuldb.com/?ip.37.46.129.17) | info50.fvds.ru | - | High
+239 | [37.61.229.95](https://vuldb.com/?ip.37.61.229.95) | zeno.igorclark.net | - | High
+240 | [37.120.222.100](https://vuldb.com/?ip.37.120.222.100) | - | - | High
+241 | [37.221.115.12](https://vuldb.com/?ip.37.221.115.12) | - | - | High
+242 | [37.235.55.75](https://vuldb.com/?ip.37.235.55.75) | 75.55.235.37.in-addr.arpa | - | High
+243 | [37.235.55.103](https://vuldb.com/?ip.37.235.55.103) | 103.55.235.37.in-addr.arpa | - | High
+244 | [37.235.56.30](https://vuldb.com/?ip.37.235.56.30) | 30.56.235.37.in-addr.arpa | - | High
+245 | [37.235.56.37](https://vuldb.com/?ip.37.235.56.37) | 37.56.235.37.in-addr.arpa | - | High
+246 | [37.235.56.94](https://vuldb.com/?ip.37.235.56.94) | 94.56.235.37.in-addr.arpa | - | High
+247 | [37.235.56.185](https://vuldb.com/?ip.37.235.56.185) | 185.56.235.37.in-addr.arpa | - | High
+248 | [37.252.5.228](https://vuldb.com/?ip.37.252.5.228) | - | - | High
+249 | [37.252.6.77](https://vuldb.com/?ip.37.252.6.77) | - | - | High
+250 | [37.252.10.231](https://vuldb.com/?ip.37.252.10.231) | - | - | High
+251 | [37.252.11.170](https://vuldb.com/?ip.37.252.11.170) | - | - | High
+252 | [37.252.11.221](https://vuldb.com/?ip.37.252.11.221) | - | - | High
+253 | [38.180.0.89](https://vuldb.com/?ip.38.180.0.89) | - | - | High
+254 | [38.180.8.107](https://vuldb.com/?ip.38.180.8.107) | - | - | High
+255 | [38.180.8.169](https://vuldb.com/?ip.38.180.8.169) | - | - | High
+256 | [38.180.34.14](https://vuldb.com/?ip.38.180.34.14) | - | - | High
+257 | [39.104.16.102](https://vuldb.com/?ip.39.104.16.102) | - | - | High
+258 | [39.104.17.212](https://vuldb.com/?ip.39.104.17.212) | - | - | High
+259 | [39.104.23.152](https://vuldb.com/?ip.39.104.23.152) | - | - | High
+260 | [39.104.27.24](https://vuldb.com/?ip.39.104.27.24) | - | - | High
+261 | [39.104.72.59](https://vuldb.com/?ip.39.104.72.59) | - | - | High
+262 | [39.104.94.83](https://vuldb.com/?ip.39.104.94.83) | - | - | High
+263 | [39.104.164.115](https://vuldb.com/?ip.39.104.164.115) | - | - | High
+264 | [45.8.158.140](https://vuldb.com/?ip.45.8.158.140) | mail.aeoncard-co-jp.com | - | High
+265 | [45.11.19.121](https://vuldb.com/?ip.45.11.19.121) | - | - | High
+266 | [45.11.19.168](https://vuldb.com/?ip.45.11.19.168) | - | - | High
+267 | [45.11.182.61](https://vuldb.com/?ip.45.11.182.61) | - | - | High
+268 | [45.11.182.114](https://vuldb.com/?ip.45.11.182.114) | - | - | High
+269 | [45.11.182.115](https://vuldb.com/?ip.45.11.182.115) | - | - | High
+270 | [45.11.182.117](https://vuldb.com/?ip.45.11.182.117) | - | - | High
+271 | [45.11.182.118](https://vuldb.com/?ip.45.11.182.118) | - | - | High
+272 | [45.11.182.119](https://vuldb.com/?ip.45.11.182.119) | - | - | High
+273 | [45.11.182.120](https://vuldb.com/?ip.45.11.182.120) | - | - | High
+274 | [45.11.182.121](https://vuldb.com/?ip.45.11.182.121) | - | - | High
+275 | [45.12.109.136](https://vuldb.com/?ip.45.12.109.136) | kemp.strongwallsys.com | - | High
+276 | [45.12.109.195](https://vuldb.com/?ip.45.12.109.195) | ryan.earthbroadcasting.com | - | High
+277 | [45.12.109.221](https://vuldb.com/?ip.45.12.109.221) | weaver.earthbroadcasting.com | - | High
+278 | [45.12.139.90](https://vuldb.com/?ip.45.12.139.90) | - | - | High
+279 | [45.15.161.254](https://vuldb.com/?ip.45.15.161.254) | - | - | High
+280 | [45.41.204.5](https://vuldb.com/?ip.45.41.204.5) | fastshipus.xyz | - | High
+281 | [45.55.42.13](https://vuldb.com/?ip.45.55.42.13) | - | - | High
+282 | [45.55.53.206](https://vuldb.com/?ip.45.55.53.206) | - | - | High
+283 | [45.55.56.244](https://vuldb.com/?ip.45.55.56.244) | - | - | High
+284 | [45.61.136.6](https://vuldb.com/?ip.45.61.136.6) | - | - | High
+285 | [45.61.136.22](https://vuldb.com/?ip.45.61.136.22) | - | - | High
+286 | [45.61.136.193](https://vuldb.com/?ip.45.61.136.193) | - | - | High
+287 | [45.61.137.95](https://vuldb.com/?ip.45.61.137.95) | - | - | High
+288 | [45.61.137.119](https://vuldb.com/?ip.45.61.137.119) | - | - | High
+289 | [45.61.137.158](https://vuldb.com/?ip.45.61.137.158) | - | - | High
+290 | [45.61.137.159](https://vuldb.com/?ip.45.61.137.159) | - | - | High
+291 | [45.61.137.220](https://vuldb.com/?ip.45.61.137.220) | svenska.re | - | High
+292 | [45.61.137.225](https://vuldb.com/?ip.45.61.137.225) | - | - | High
+293 | [45.61.138.12](https://vuldb.com/?ip.45.61.138.12) | - | - | High
+294 | [45.61.138.171](https://vuldb.com/?ip.45.61.138.171) | - | - | High
+295 | [45.61.138.175](https://vuldb.com/?ip.45.61.138.175) | - | - | High
+296 | [45.61.138.181](https://vuldb.com/?ip.45.61.138.181) | - | - | High
+297 | [45.61.138.227](https://vuldb.com/?ip.45.61.138.227) | - | - | High
+298 | [45.61.139.138](https://vuldb.com/?ip.45.61.139.138) | - | - | High
+299 | [45.61.139.144](https://vuldb.com/?ip.45.61.139.144) | - | - | High
+300 | [45.61.139.179](https://vuldb.com/?ip.45.61.139.179) | - | - | High
+301 | [45.61.139.196](https://vuldb.com/?ip.45.61.139.196) | - | - | High
+302 | [45.61.139.232](https://vuldb.com/?ip.45.61.139.232) | - | - | High
+303 | [45.61.139.235](https://vuldb.com/?ip.45.61.139.235) | - | - | High
+304 | [45.61.139.243](https://vuldb.com/?ip.45.61.139.243) | - | - | High
+305 | [45.66.248.7](https://vuldb.com/?ip.45.66.248.7) | mta0.burjeela.gq | - | High
+306 | [45.66.248.37](https://vuldb.com/?ip.45.66.248.37) | mta0.quarrantinereport-center.gq | - | High
+307 | [45.66.248.64](https://vuldb.com/?ip.45.66.248.64) | 0n3reye0i0.alyanova.com | - | High
+308 | [45.66.248.69](https://vuldb.com/?ip.45.66.248.69) | outbound5.imaille.com | - | High
+309 | [45.66.248.71](https://vuldb.com/?ip.45.66.248.71) | - | - | High
+310 | [45.66.248.79](https://vuldb.com/?ip.45.66.248.79) | mta0.coldspikes.autos | - | High
+311 | [45.66.248.119](https://vuldb.com/?ip.45.66.248.119) | finixdeal.com | Nokoyawa | High
+312 | [45.66.248.148](https://vuldb.com/?ip.45.66.248.148) | QuanTs.defaultproduct.com | - | High
+313 | [45.66.248.244](https://vuldb.com/?ip.45.66.248.244) | mta0.axminster-carpets.cf | - | High
+314 | [45.66.249.26](https://vuldb.com/?ip.45.66.249.26) | 8axj5rsx1e.marketingforbreweries.com | - | High
+315 | [45.66.249.221](https://vuldb.com/?ip.45.66.249.221) | mta0.lizengeneering.com | - | High
+316 | [45.67.231.235](https://vuldb.com/?ip.45.67.231.235) | am-tun2.warwish.pro | - | High
+317 | [45.82.247.87](https://vuldb.com/?ip.45.82.247.87) | - | - | High
+318 | [45.82.247.121](https://vuldb.com/?ip.45.82.247.121) | - | - | High
+319 | [45.82.247.148](https://vuldb.com/?ip.45.82.247.148) | prostatehealth.click | - | High
+320 | [45.82.251.34](https://vuldb.com/?ip.45.82.251.34) | - | - | High
+321 | [45.82.251.36](https://vuldb.com/?ip.45.82.251.36) | - | - | High
+322 | [45.82.251.44](https://vuldb.com/?ip.45.82.251.44) | - | - | High
+323 | [45.86.229.46](https://vuldb.com/?ip.45.86.229.46) | - | - | High
+324 | [45.86.229.94](https://vuldb.com/?ip.45.86.229.94) | - | - | High
+325 | [45.86.229.105](https://vuldb.com/?ip.45.86.229.105) | 1lf7cf33e.northernstarmarketing.com | - | High
+326 | [45.86.229.180](https://vuldb.com/?ip.45.86.229.180) | - | - | High
+327 | [45.86.229.253](https://vuldb.com/?ip.45.86.229.253) | 32l.edUcated-352.insuranceforourfamily.com | - | High
+328 | [45.86.230.43](https://vuldb.com/?ip.45.86.230.43) | google.com | - | High
+329 | [45.86.230.141](https://vuldb.com/?ip.45.86.230.141) | mta0.ungho.cf | - | High
+330 | [45.86.230.149](https://vuldb.com/?ip.45.86.230.149) | - | - | High
+331 | [45.86.230.181](https://vuldb.com/?ip.45.86.230.181) | - | - | High
+332 | [45.86.231.210](https://vuldb.com/?ip.45.86.231.210) | - | - | High
+333 | [45.87.154.181](https://vuldb.com/?ip.45.87.154.181) | vm.solutions | - | High
+334 | [45.88.221.211](https://vuldb.com/?ip.45.88.221.211) | - | - | High
+335 | [45.89.98.138](https://vuldb.com/?ip.45.89.98.138) | ruiz.thegamersnet.com | - | High
+336 | [45.89.107.120](https://vuldb.com/?ip.45.89.107.120) | d120.lifedigitz.com | - | High
+337 | [45.92.162.84](https://vuldb.com/?ip.45.92.162.84) | butler.egnerarch.com | - | High
+338 | [45.92.163.123](https://vuldb.com/?ip.45.92.163.123) | vars-long-kks.currishfine.com | - | High
+339 | [45.92.163.233](https://vuldb.com/?ip.45.92.163.233) | landing-messy.samewaged.com | - | High
+340 | [45.92.163.238](https://vuldb.com/?ip.45.92.163.238) | sup-size.samewaged.com | - | High
+341 | [45.95.11.125](https://vuldb.com/?ip.45.95.11.125) | vm324206.pq.hosting | - | High
+342 | [45.129.99.241](https://vuldb.com/?ip.45.129.99.241) | 354851-vds-mamozw.gmhost.pp.ua | - | High
+343 | [45.129.199.13](https://vuldb.com/?ip.45.129.199.13) | - | - | High
+344 | [45.129.199.26](https://vuldb.com/?ip.45.129.199.26) | - | - | High
+345 | [45.129.199.67](https://vuldb.com/?ip.45.129.199.67) | - | - | High
+346 | [45.129.199.92](https://vuldb.com/?ip.45.129.199.92) | - | - | High
+347 | [45.138.172.179](https://vuldb.com/?ip.45.138.172.179) | - | - | High
+348 | [45.138.172.240](https://vuldb.com/?ip.45.138.172.240) | - | - | High
+349 | ... | ... | ... | ...

-There are 1376 more IOC items available. Please use our online service to access the data.
+There are 1390 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -398,53 +402,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `//WEB-INF` | Medium
-2 | File | `/about.php` | Medium
-3 | File | `/admin/about-us.php` | High
-4 | File | `/admin/save.php` | High
-5 | File | `/admin/sys_sql_query.php` | High
-6 | File | `/api/baskets/{name}` | High
-7 | File | `/api/download` | High
-8 | File | `/api/v1/terminal/sessions/?limit=1` | High
-9 | File | `/bitrix/admin/ldap_server_edit.php` | High
-10 | File | `/category.php` | High
-11 | File | `/categorypage.php` | High
-12 | File | `/cgi-bin/luci/api/wireless` | High
-13 | File | `/cgi-bin/vitogate.cgi` | High
-14 | File | `/company/store` | High
-15 | File | `/Content/Template/root/reverse-shell.aspx` | High
-16 | File | `/Controller/Ajaxfileupload.ashx` | High
-17 | File | `/core/conditions/AbstractWrapper.java` | High
-18 | File | `/csms/?page=contact_us` | High
-19 | File | `/dcim/rack-roles/` | High
-20 | File | `/etc/passwd` | Medium
-21 | File | `/forum/away.php` | High
-22 | File | `/h/` | Low
-23 | File | `/HNAP1` | Low
-24 | File | `/home/cavesConsole` | High
-25 | File | `/inc/jquery/uploadify/uploadify.php` | High
-26 | File | `/index.php` | Medium
-27 | File | `/index.php?app=main&func=passport&action=login` | High
-28 | File | `/index.php?page=category_list` | High
-29 | File | `/jeecg-boot/sys/common/upload` | High
-30 | File | `/jobinfo/` | Medium
-31 | File | `/kelas/data` | Medium
-32 | File | `/mhds/clinic/view_details.php` | High
-33 | File | `/Moosikay/order.php` | High
-34 | File | `/PreviewHandler.ashx` | High
-35 | File | `/recipe-result` | High
-36 | File | `/register.do` | Medium
-37 | File | `/RPS2019Service/status.html` | High
-38 | File | `/scripts/unlock_tasks.php` | High
-39 | File | `/Service/ImageStationDataService.asmx` | High
-40 | File | `/ServletAPI/accounts/login` | High
-41 | File | `/spip.php` | Medium
-42 | File | `/squashfs-root/etc_ro/custom.conf` | High
-43 | File | `/staff/edit_book_details.php` | High
-44 | File | `/student/bookdetails.php` | High
-45 | ... | ... | ...
+1 | File | `/admin/about-us.php` | High
+2 | File | `/admin/save.php` | High
+3 | File | `/admin/sys_sql_query.php` | High
+4 | File | `/api/baskets/{name}` | High
+5 | File | `/api/download` | High
+6 | File | `/api/v1/terminal/sessions/?limit=1` | High
+7 | File | `/bitrix/admin/ldap_server_edit.php` | High
+8 | File | `/category.php` | High
+9 | File | `/categorypage.php` | High
+10 | File | `/cgi-bin/luci/api/wireless` | High
+11 | File | `/cgi-bin/vitogate.cgi` | High
+12 | File | `/company/store` | High
+13 | File | `/Content/Template/root/reverse-shell.aspx` | High
+14 | File | `/Controller/Ajaxfileupload.ashx` | High
+15 | File | `/core/conditions/AbstractWrapper.java` | High
+16 | File | `/csms/?page=contact_us` | High
+17 | File | `/dcim/rack-roles/` | High
+18 | File | `/etc/passwd` | Medium
+19 | File | `/fcgi/scrut_fcgi.fcgi` | High
+20 | File | `/forum/away.php` | High
+21 | File | `/h/` | Low
+22 | File | `/HNAP1` | Low
+23 | File | `/home/cavesConsole` | High
+24 | File | `/index.php` | Medium
+25 | File | `/index.php?app=main&func=passport&action=login` | High
+26 | File | `/index.php?page=category_list` | High
+27 | File | `/jeecg-boot/sys/common/upload` | High
+28 | File | `/jobinfo/` | Medium
+29 | File | `/mhds/clinic/view_details.php` | High
+30 | File | `/PreviewHandler.ashx` | High
+31 | File | `/recipe-result` | High
+32 | File | `/register.do` | Medium
+33 | File | `/RPS2019Service/status.html` | High
+34 | File | `/scripts/unlock_tasks.php` | High
+35 | File | `/Service/ImageStationDataService.asmx` | High
+36 | File | `/ServletAPI/accounts/login` | High
+37 | File | `/sicweb-ajax/tmproot/` | High
+38 | File | `/spip.php` | Medium
+39 | File | `/squashfs-root/etc_ro/custom.conf` | High
+40 | File | `/staff/edit_book_details.php` | High
+41 | File | `/student/bookdetails.php` | High
+42 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
+43 | File | `/SysManage/AddUpdateRole.aspx` | High
+44 | ... | ... | ...

-There are 389 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 379 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Inception/README.md
+++ b/actors/Inception/README.md
@ -15,9 +15,9 @@ The following _campaigns_ are known and can be associated with Inception:

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Inception:

-* [FR](https://vuldb.com/?country.fr)
-* [AR](https://vuldb.com/?country.ar)
 * [PT](https://vuldb.com/?country.pt)
+* [AR](https://vuldb.com/?country.ar)
+* [FR](https://vuldb.com/?country.fr)
 * ...

 There are 7 more country items available. Please use our online service to access the data.
@ -58,49 +58,51 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/action/import_xml_file/` | High
 2 | File | `/action/wirelessConnect` | High
-3 | File | `/admin/?page=user/manage_user` | High
-4 | File | `/admin/edit-services.php` | High
-5 | File | `/admin/edit_product.php` | High
-6 | File | `/admin/index.php` | High
-7 | File | `/admin/myaccount` | High
-8 | File | `/admin/orders/update_status.php` | High
-9 | File | `/admin/pages/sections_save.php` | High
-10 | File | `/admin/positions_row.php` | High
-11 | File | `/admin/settings/fields` | High
-12 | File | `/admin/userprofile.php` | High
-13 | File | `/ajax.php?action=save_company` | High
-14 | File | `/api/v1/chat.getThreadsList` | High
-15 | File | `/api/v2/cli/commands` | High
-16 | File | `/api/v2/open/rowsInfo` | High
-17 | File | `/api/v3/flows/instances/default-user-settings-flow/execute/` | High
-18 | File | `/api/wechat/app_auth` | High
-19 | File | `/asms/admin/?page=user/manage_user` | High
-20 | File | `/blog/comment` | High
-21 | File | `/classes/Login.php` | High
-22 | File | `/dosen/data` | Medium
-23 | File | `/E-mobile/App/System/File/downfile.php` | High
-24 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
-25 | File | `/env` | Low
-26 | File | `/etc/master.passwd` | High
-27 | File | `/etc/os-release` | High
-28 | File | `/file_manager/admin/save_user.php` | High
-29 | File | `/front/search.php` | High
-30 | File | `/garage/php_action/createBrand.php` | High
-31 | File | `/goform/addressNat` | High
-32 | File | `/goform/AdvSetWrlsafeset` | High
-33 | File | `/goform/editFileName` | High
-34 | File | `/goform/form2WizardStep54` | High
-35 | File | `/goform/setSysAdm` | High
-36 | File | `/goform/webExcptypemanFilter` | High
-37 | File | `/goform/WifiBasicSet` | High
-38 | File | `/goform/WifiMacFilterGet` | High
-39 | File | `/hss/admin/categories/view_category.php` | High
-40 | File | `/index.php` | Medium
-41 | File | `/isomedia/meta.c` | High
-42 | File | `/jurusanmatkul/data` | High
-43 | ... | ... | ...
+3 | File | `/admin/?page=bike` | High
+4 | File | `/admin/?page=user/manage_user` | High
+5 | File | `/admin/cms_content.php` | High
+6 | File | `/admin/edit-services.php` | High
+7 | File | `/admin/edit_product.php` | High
+8 | File | `/admin/index.php` | High
+9 | File | `/admin/orders/update_status.php` | High
+10 | File | `/admin/pages/sections_save.php` | High
+11 | File | `/admin/positions_row.php` | High
+12 | File | `/admin/settings/fields` | High
+13 | File | `/admin/userprofile.php` | High
+14 | File | `/ajax.php?action=save_company` | High
+15 | File | `/api/es/admin/v3/security/user/1` | High
+16 | File | `/api/v1/chat.getThreadsList` | High
+17 | File | `/api/v2/cli/commands` | High
+18 | File | `/api/v2/open/rowsInfo` | High
+19 | File | `/api/v3/flows/instances/default-user-settings-flow/execute/` | High
+20 | File | `/api/wechat/app_auth` | High
+21 | File | `/asms/admin/?page=user/manage_user` | High
+22 | File | `/blog/comment` | High
+23 | File | `/classes/Login.php` | High
+24 | File | `/course/filterRecords/` | High
+25 | File | `/dosen/data` | Medium
+26 | File | `/E-mobile/App/System/File/downfile.php` | High
+27 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
+28 | File | `/env` | Low
+29 | File | `/etc/master.passwd` | High
+30 | File | `/etc/os-release` | High
+31 | File | `/file_manager/admin/save_user.php` | High
+32 | File | `/front/search.php` | High
+33 | File | `/garage/php_action/createBrand.php` | High
+34 | File | `/goform/addressNat` | High
+35 | File | `/goform/AdvSetWrlsafeset` | High
+36 | File | `/goform/editFileName` | High
+37 | File | `/goform/form2WizardStep54` | High
+38 | File | `/goform/setSysAdm` | High
+39 | File | `/goform/webExcptypemanFilter` | High
+40 | File | `/goform/WifiBasicSet` | High
+41 | File | `/goform/WifiMacFilterGet` | High
+42 | File | `/hss/admin/categories/view_category.php` | High
+43 | File | `/index.php` | Medium
+44 | File | `/jurusanmatkul/data` | High
+45 | ... | ... | ...

-There are 373 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Police/README.md
+++ b/Police/README.md
@ -62,17 +62,17 @@ ID | Type | Indicator | Confidence
 1 | File | `%PROGRAMDATA%\Razer Chroma\SDK\Apps` | High
 2 | File | `.htaccess` | Medium
 3 | File | `/cgi-bin/webviewer_login_page` | High
-4 | File | `/mgmt/tm/util/bash` | High
-5 | File | `/recordings/index.php` | High
-6 | File | `/uncpath/` | Medium
-7 | File | `/webssh` | Low
-8 | File | `add_vhost.php` | High
-9 | File | `admin-ajax.php` | High
-10 | File | `and/or` | Low
-11 | File | `arsys/servlet/AttachServlet` | High
+4 | File | `/common/info.cgi` | High
+5 | File | `/mgmt/tm/util/bash` | High
+6 | File | `/recordings/index.php` | High
+7 | File | `/uncpath/` | Medium
+8 | File | `/webssh` | Low
+9 | File | `add_vhost.php` | High
+10 | File | `admin-ajax.php` | High
+11 | File | `and/or` | Low
 12 | ... | ... | ...

-There are 90 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 91 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...

-There are 24 more country items available. Please use our online service to access the data.
+There are 21 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -1292,15 +1292,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-425 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | T1068 | CWE-264, CWE-269, CWE-274, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
-7 | ... | ... | ... | ...
+6 | ... | ... | ... | ...

-There are 22 more TTP items available. Please use our online service to access the data.
+There are 21 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -1308,56 +1307,58 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.github/workflows/comment.yml` | High
-2 | File | `/?r=recruit/resume/edit&op=status` | High
-3 | File | `/account/delivery` | High
-4 | File | `/admin/addproduct.php` | High
-5 | File | `/admin/add_user_modal.php` | High
-6 | File | `/admin/del_category.php` | High
-7 | File | `/admin/del_service.php` | High
-8 | File | `/admin/edit_product.php` | High
-9 | File | `/admin/forgot-password.php` | High
-10 | File | `/admin/index.php` | High
-11 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
-12 | File | `/admin/read.php?mudi=announContent` | High
-13 | File | `/admin/read.php?mudi=getSignal` | High
-14 | File | `/admin/reg.php` | High
-15 | File | `/admin/search-appointment.php` | High
-16 | File | `/admin/sys_sql_query.php` | High
-17 | File | `/admin/test_status.php` | High
-18 | File | `/api/baskets/{name}` | High
-19 | File | `/api/ping` | Medium
-20 | File | `/api/set-password` | High
-21 | File | `/App_Resource/UEditor/server/upload.aspx` | High
-22 | File | `/author_posts.php` | High
-23 | File | `/bin/ate` | Medium
-24 | File | `/bin/boa` | Medium
-25 | File | `/blog` | Low
-26 | File | `/booking/show_bookings/` | High
-27 | File | `/browse` | Low
-28 | File | `/cgi-bin/adm.cgi` | High
-29 | File | `/chaincity/user/ticket/create` | High
-30 | File | `/cimom` | Low
-31 | File | `/classes/Master.php?f=delete_inquiry` | High
-32 | File | `/classes/Master.php?f=save_inquiry` | High
-33 | File | `/classes/Master.php?f=save_item` | High
-34 | File | `/classes/Users.php?f=save` | High
-35 | File | `/company/store` | High
-36 | File | `/concat?/%2557EB-INF/web.xml` | High
-37 | File | `/config` | Low
-38 | File | `/contact.php` | Medium
-39 | File | `/Controller/Ajaxfileupload.ashx` | High
+1 | File | `/academy/tutor/filter` | High
+2 | File | `/activate_hook.php` | High
+3 | File | `/admin/?page=user` | High
+4 | File | `/admin/article/article-edit-run.php` | High
+5 | File | `/admin/cms_admin.php` | High
+6 | File | `/admin/cms_content.php` | High
+7 | File | `/admin/config/uploadicon.php` | High
+8 | File | `/admin/inquiries/view_inquiry.php` | High
+9 | File | `/admin/leancloud.php` | High
+10 | File | `/admin/list_addr_fwresource_ip.php` | High
+11 | File | `/admin/order.php` | High
+12 | File | `/admin/plugin.php` | High
+13 | File | `/admin/save.php` | High
+14 | File | `/admin/services/manage_service.php` | High
+15 | File | `/admin/user.php` | High
+16 | File | `/api/` | Low
+17 | File | `/api/download` | High
+18 | File | `/api/download/updateFile` | High
+19 | File | `/api/es/admin/v3/security/user/1` | High
+20 | File | `/api/installation/setThumbnailRc` | High
+21 | File | `/api/runscript` | High
+22 | File | `/api/thumbnail` | High
+23 | File | `/api/v1/alerts` | High
+24 | File | `/api/v1/terminal/sessions/?limit=1` | High
+25 | File | `/book-services.php` | High
+26 | File | `/category.php` | High
+27 | File | `/categorypage.php` | High
+28 | File | `/cgi-bin/koha/catalogue/search.pl` | High
+29 | File | `/cgi-bin/vitogate.cgi` | High
+30 | File | `/classes/master.php?f=delete_order` | High
+31 | File | `/classes/Master.php?f=delete_sub_category` | High
+32 | File | `/classes/Master.php?f=save_brand` | High
+33 | File | `/classes/Master.php?f=save_category` | High
+34 | File | `/classes/Master.php?f=save_service` | High
+35 | File | `/classes/Master.php?f=update_order_status` | High
+36 | File | `/collection/all` | High
+37 | File | `/content/templates/` | High
+38 | File | `/course/filterRecords/` | High
+39 | File | `/dashboard/add-blog.php` | High
 40 | File | `/debug/pprof` | Medium
-41 | File | `/dipam/athlete-profile.php` | High
-42 | File | `/dipam/save-delegates.php` | High
-43 | File | `/Duty/AjaxHandle/UpLoadFloodPlanFile.ashx` | High
-44 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
-45 | File | `/en/blog-comment-4` | High
-46 | File | `/etc/passwd` | Medium
-47 | File | `/forum/away.php` | High
-48 | ... | ... | ...
+41 | File | `/fcgi/scrut_fcgi.fcgi` | High
+42 | File | `/forum/away.php` | High
+43 | File | `/goform/Diagnosis` | High
+44 | File | `/goform/fast_setting_wifi_set` | High
+45 | File | `/goform/NatStaticSetting` | High
+46 | File | `/goform/PowerSaveSet` | High
+47 | File | `/goform/SetPptpServerCfg` | High
+48 | File | `/goform/SetStaticRouteCfg` | High
+49 | File | `/goform/WifiBasicSet` | High
+50 | ... | ... | ...

-There are 416 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 436 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/InvisiMole/README.md
+++ b/actors/InvisiMole/README.md
@ -58,63 +58,64 @@ ID | Type | Indicator | Confidence
 1 | File | `%PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10` | High
 2 | File | `.htaccess` | Medium
 3 | File | `/.env` | Low
-4 | File | `/api/CONFIG/restore` | High
-5 | File | `/cgi-bin/activate.cgi` | High
-6 | File | `/cgi-bin/bcm_password` | High
-7 | File | `/cgi-bin/nobody` | High
-8 | File | `/cgi-bin/nobody/Search.cgi` | High
-9 | File | `/cgi-bin/webproc` | High
-10 | File | `/config/netconf.cmd` | High
-11 | File | `/etc/passwd` | Medium
-12 | File | `/etc/services/INET/inet_ipv4.php` | High
-13 | File | `/forum/away.php` | High
-14 | File | `/get_getnetworkconf.cgi` | High
-15 | File | `/goform/saveParentControlInfo` | High
-16 | File | `/home.jsp` | Medium
-17 | File | `/horde/util/go.php` | High
-18 | File | `/include/stat/stat.php` | High
-19 | File | `/login` | Low
-20 | File | `/login.cgi?logout=1` | High
-21 | File | `/Login.do` | Medium
-22 | File | `/messageboard/view.php` | High
-23 | File | `/mifs/c/i/reg/reg.html` | High
-24 | File | `/nova/bin/detnet` | High
-25 | File | `/pages.php` | Medium
-26 | File | `/pages/items` | Medium
-27 | File | `/proc/iomem` | Medium
-28 | File | `/profile/deleteWatch.do` | High
-29 | File | `/show_news.php` | High
-30 | File | `/status.js` | Medium
-31 | File | `/tmp` | Low
-32 | File | `/uncpath/` | Medium
-33 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
-34 | File | `/usr/local/ssl/openssl.cnf` | High
-35 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
-36 | File | `/var/log/nginx` | High
-37 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
-38 | File | `/wp-admin` | Medium
-39 | File | `/xampp/guestbook-en.pl` | High
-40 | File | `abook_database.php` | High
-41 | File | `account.asp` | Medium
-42 | File | `AccountStatus.jsp` | High
-43 | File | `action/usermanager.htm` | High
-44 | File | `add.php` | Low
-45 | File | `add_comment.php` | High
-46 | File | `admin.a6mambocredits.php` | High
-47 | File | `admin.cgi?action=config_restore` | High
-48 | File | `admin.cropcanvas.php` | High
-49 | File | `Admin.PHP` | Medium
-50 | File | `admin.php3` | Medium
-51 | File | `admin/add-news.php` | High
-52 | File | `admin/ajax/op_kandidat.php` | High
-53 | File | `admin/gv_mail.php` | High
-54 | File | `admin/manage-articles.php` | High
-55 | File | `admin/manage-departments.php` | High
-56 | File | `admin/systemOutOfBand.do` | High
-57 | File | `adminAvatars.php` | High
-58 | ... | ... | ...
+4 | File | `/admin/students/view_details.php` | High
+5 | File | `/api/CONFIG/restore` | High
+6 | File | `/cgi-bin/activate.cgi` | High
+7 | File | `/cgi-bin/bcm_password` | High
+8 | File | `/cgi-bin/nobody` | High
+9 | File | `/cgi-bin/nobody/Search.cgi` | High
+10 | File | `/cgi-bin/webproc` | High
+11 | File | `/config/netconf.cmd` | High
+12 | File | `/etc/passwd` | Medium
+13 | File | `/etc/services/INET/inet_ipv4.php` | High
+14 | File | `/forum/away.php` | High
+15 | File | `/get_getnetworkconf.cgi` | High
+16 | File | `/goform/saveParentControlInfo` | High
+17 | File | `/home.jsp` | Medium
+18 | File | `/horde/util/go.php` | High
+19 | File | `/include/stat/stat.php` | High
+20 | File | `/librarian/bookdetails.php` | High
+21 | File | `/login` | Low
+22 | File | `/login.cgi?logout=1` | High
+23 | File | `/Login.do` | Medium
+24 | File | `/messageboard/view.php` | High
+25 | File | `/mifs/c/i/reg/reg.html` | High
+26 | File | `/nova/bin/detnet` | High
+27 | File | `/orrs/admin/reservations/view_details.php` | High
+28 | File | `/pages.php` | Medium
+29 | File | `/pages/items` | Medium
+30 | File | `/proc/iomem` | Medium
+31 | File | `/profile/deleteWatch.do` | High
+32 | File | `/show_news.php` | High
+33 | File | `/status.js` | Medium
+34 | File | `/tmp` | Low
+35 | File | `/uncpath/` | Medium
+36 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
+37 | File | `/usr/local/ssl/openssl.cnf` | High
+38 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
+39 | File | `/var/log/nginx` | High
+40 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+41 | File | `/wp-admin` | Medium
+42 | File | `/xampp/guestbook-en.pl` | High
+43 | File | `abook_database.php` | High
+44 | File | `account.asp` | Medium
+45 | File | `AccountStatus.jsp` | High
+46 | File | `action/usermanager.htm` | High
+47 | File | `add.php` | Low
+48 | File | `add_comment.php` | High
+49 | File | `admin.a6mambocredits.php` | High
+50 | File | `admin.cgi?action=config_restore` | High
+51 | File | `admin.cropcanvas.php` | High
+52 | File | `Admin.PHP` | Medium
+53 | File | `admin.php3` | Medium
+54 | File | `admin/add-news.php` | High
+55 | File | `admin/ajax/op_kandidat.php` | High
+56 | File | `admin/gv_mail.php` | High
+57 | File | `admin/manage-articles.php` | High
+58 | File | `admin/manage-departments.php` | High
+59 | ... | ... | ...

-There are 510 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 512 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Kinsing/README.md
+++ b/actors/Kinsing/README.md
@ -128,10 +128,9 @@ ID | Type | Indicator | Confidence
 55 | File | `admin.php` | Medium
 56 | File | `admin.php/comments/batchdel/` | High
 57 | File | `admin/aboutus.php` | High
-58 | File | `admin/adm/test.php` | High
-59 | ... | ... | ...
+58 | ... | ... | ...

-There are 519 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 511 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/2.0/README.md
+++ b/2.0/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...

-There are 9 more country items available. Please use our online service to access the data.
+There are 11 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -29,14 +29,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29, CWE-36 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
 3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
 4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
 6 | ... | ... | ... | ...

-There are 19 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -44,52 +44,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `/admin/upload/upload` | High
-3 | File | `/api/baskets/{name}` | High
-4 | File | `/api/gen/clients/{language}` | High
-5 | File | `/cgi-bin/wlogin.cgi` | High
-6 | File | `/config/getuser` | High
-7 | File | `/config/myfield/test.php` | High
-8 | File | `/debug/pprof` | Medium
-9 | File | `/ecshop/admin/template.php` | High
-10 | File | `/file/upload/1` | High
-11 | File | `/forum/away.php` | High
-12 | File | `/forum/PostPrivateMessage` | High
-13 | File | `/goform/set_LimitClient_cfg` | High
-14 | File | `/home/www/cgi-bin/login.cgi` | High
-15 | File | `/hss/admin/?page=products/view_product` | High
-16 | File | `/multi-vendor-shopping-script/product-list.php` | High
-17 | File | `/net-banking/customer_transactions.php` | High
-18 | File | `/obs/book.php` | High
-19 | File | `/ossn/administrator/com_installer` | High
-20 | File | `/owa/auth/logon.aspx` | High
-21 | File | `/pms/update_user.php?user_id=1` | High
-22 | File | `/preview.php` | Medium
-23 | File | `/requests.php` | High
-24 | File | `/spip.php` | Medium
-25 | File | `/sqlite3_aflpp/shell.c` | High
-26 | File | `/sre/params.php` | High
-27 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
-28 | File | `/uncpath/` | Medium
-29 | File | `/user/upload/upload` | High
-30 | File | `/Users` | Low
-31 | File | `/var/spool/hylafax` | High
-32 | File | `/vendor` | Low
-33 | File | `AccessibilityManagerService.java` | High
-34 | File | `accountrecoveryendpoint/recoverpassword.do` | High
-35 | File | `adclick.php` | Medium
-36 | File | `add_contestant.php` | High
-37 | File | `admin.php` | Medium
-38 | File | `admin/edit_category.php` | High
-39 | File | `admin/index.php` | High
-40 | File | `admin/make_payments.php` | High
-41 | File | `admin/_cmdstat.jsp` | High
-42 | File | `af_netlink.c` | Medium
-43 | File | `album_portal.php` | High
-44 | ... | ... | ...
+1 | File | `$HOME/.terminfo` | High
+2 | File | `/+CSCOE+/logon.html` | High
+3 | File | `/admin/upload/upload` | High
+4 | File | `/api/baskets/{name}` | High
+5 | File | `/api/gen/clients/{language}` | High
+6 | File | `/bin/login` | Medium
+7 | File | `/bin/mini_upnpd` | High
+8 | File | `/cgi-bin/wlogin.cgi` | High
+9 | File | `/config/myfield/test.php` | High
+10 | File | `/debug/pprof` | Medium
+11 | File | `/ecshop/admin/template.php` | High
+12 | File | `/file/upload/1` | High
+13 | File | `/forum/away.php` | High
+14 | File | `/forum/PostPrivateMessage` | High
+15 | File | `/goform/set_LimitClient_cfg` | High
+16 | File | `/h/autoSaveDraft` | High
+17 | File | `/h/search?action` | High
+18 | File | `/home/www/cgi-bin/login.cgi` | High
+19 | File | `/hss/admin/?page=products/view_product` | High
+20 | File | `/importexport.php` | High
+21 | File | `/index.php?app=main&func=passport&action=login` | High
+22 | File | `/mgmt/` | Low
+23 | File | `/multi-vendor-shopping-script/product-list.php` | High
+24 | File | `/net-banking/customer_transactions.php` | High
+25 | File | `/obs/book.php` | High
+26 | File | `/ossn/administrator/com_installer` | High
+27 | File | `/owa/auth/logon.aspx` | High
+28 | File | `/pms/update_user.php?user_id=1` | High
+29 | File | `/preview.php` | Medium
+30 | File | `/requests.php` | High
+31 | File | `/secure/ViewCollectors` | High
+32 | File | `/spip.php` | Medium
+33 | File | `/sqlite3_aflpp/shell.c` | High
+34 | File | `/squashfs-root/etc_ro/custom.conf` | High
+35 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
+36 | File | `/sys/user/querySysUser?username=admin` | High
+37 | File | `/uncpath/` | Medium
+38 | File | `/user/upload/upload` | High
+39 | File | `/useratte/web.php` | High
+40 | File | `/usr/local/www/csrf/csrf-magic.php` | High
+41 | File | `/vendor` | Low
+42 | ... | ... | ...

-There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 366 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...

-There are 2 more country items available. Please use our online service to access the data.
+There are 3 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -158,12 +158,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/uncpath/` | Medium
-2 | File | `/var/log/nginx` | High
-3 | File | `/_uuids` | Low
+1 | File | `/scheduler/index.php` | High
+2 | File | `/uncpath/` | Medium
+3 | File | `/var/log/nginx` | High
 4 | ... | ... | ...

-There are 14 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Kwampirs/README.md
+++ b/actors/Kwampirs/README.md
@ -20,11 +20,11 @@ There are 5 more campaign items available. Please use our online service to acce
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kwampirs:

 * [CN](https://vuldb.com/?country.cn)
-* [US](https://vuldb.com/?country.us)
 * [NZ](https://vuldb.com/?country.nz)
+* [US](https://vuldb.com/?country.us)
 * ...

-There are 7 more country items available. Please use our online service to access the data.
+There are 8 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -137,13 +137,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 18 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -151,46 +152,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.htaccess` | Medium
-2 | File | `/?r=email/api/mark&op=delFromSend` | High
-3 | File | `/act/ActDao.xml` | High
+1 | File | `/act/ActDao.xml` | High
+2 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
+3 | File | `/admin/add-category.php` | High
 4 | File | `/admin/edit.php` | High
-5 | File | `/admin/maintenance/view_designation.php` | High
-6 | File | `/ajax.php?action=read_msg` | High
-7 | File | `/analysisProject/pagingQueryData` | High
-8 | File | `/api/admin/system/store/order/list` | High
+5 | File | `/admin/orders/update_status.php` | High
+6 | File | `/admin/user.php` | High
+7 | File | `/ajax.php?action=read_msg` | High
+8 | File | `/analysisProject/pagingQueryData` | High
 9 | File | `/api/baskets/{name}` | High
-10 | File | `/api/gen/clients/{language}` | High
-11 | File | `/api/geojson` | Medium
-12 | File | `/api/v2/cli/commands` | High
-13 | File | `/bin/ate` | Medium
-14 | File | `/bin/sh` | Low
-15 | File | `/booking/show_bookings/` | High
-16 | File | `/CFIDE/probe.cfm` | High
-17 | File | `/cgi-bin/system_mgr.cgi` | High
-18 | File | `/classes/Master.php?f=delete_category` | High
-19 | File | `/classes/Master.php?f=save_service` | High
-20 | File | `/common/sysFile/list` | High
-21 | File | `/concat?/%2557EB-INF/web.xml` | High
-22 | File | `/context/%2e/WEB-INF/web.xml` | High
-23 | File | `/Controller/Ajaxfileupload.ashx` | High
-24 | File | `/data/remove` | Medium
-25 | File | `/debug/pprof` | Medium
-26 | File | `/Default/Bd` | Medium
-27 | File | `/ebics-server/ebics.aspx` | High
-28 | File | `/env` | Low
-29 | File | `/etc/openstack-dashboard/local_settings` | High
-30 | File | `/etc/passwd` | Medium
-31 | File | `/forum/away.php` | High
-32 | File | `/goform/addressNat` | High
-33 | File | `/goform/AdvSetLanip` | High
-34 | File | `/goform/fromSetWirelessRepeat` | High
-35 | File | `/goform/setmac` | High
-36 | File | `/goform/setMacFilterCfg` | High
-37 | File | `/goform/SetSysTimeCfg` | High
+10 | File | `/billing/home.php` | High
+11 | File | `/bin/ate` | Medium
+12 | File | `/booking/show_bookings/` | High
+13 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
+14 | File | `/cgi-bin/wapopen` | High
+15 | File | `/cgi-bin/wlogin.cgi` | High
+16 | File | `/cgi/networkDiag.cgi` | High
+17 | File | `/classes/Master.php?f=delete_category` | High
+18 | File | `/classes/Master.php?f=save_service` | High
+19 | File | `/concat?/%2557EB-INF/web.xml` | High
+20 | File | `/Controller/Ajaxfileupload.ashx` | High
+21 | File | `/dashboard/add-blog.php` | High
+22 | File | `/data/remove` | Medium
+23 | File | `/debug/pprof` | Medium
+24 | File | `/env` | Low
+25 | File | `/etc/passwd` | Medium
+26 | File | `/forum/away.php` | High
+27 | File | `/getcfg.php` | Medium
+28 | File | `/goform/AdvSetLanip` | High
+29 | File | `/goform/fromSetWirelessRepeat` | High
+30 | File | `/goform/net\_Web\_get_value` | High
+31 | File | `/goform/setmac` | High
+32 | File | `/goform/setMacFilterCfg` | High
+33 | File | `/goform/SetSysTimeCfg` | High
+34 | File | `/goform/WifiGuestSet` | High
+35 | File | `/GponForm/usb_restore_Form?script/` | High
+36 | File | `/group1/uploa` | High
+37 | File | `/home/cavesConsole` | High
 38 | ... | ... | ...

-There are 323 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 327 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LACNIC Unknown:

-* [RU](https://vuldb.com/?country.ru)
 * [US](https://vuldb.com/?country.us)
+* [RU](https://vuldb.com/?country.ru)
 * [AR](https://vuldb.com/?country.ar)

 ## IOC - Indicator of Compromise
@ -174,11 +174,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-22 | Pathname Traversal | High
-2 | T1059.007 | CWE-79 | Cross Site Scripting | High
-3 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 2 more TTP items available. Please use our online service to access the data.
+There are 5 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -191,7 +191,7 @@ ID | Type | Indicator | Confidence
 3 | File | `cloudinit/config/cc_set_passwords.py` | High
 4 | ... | ... | ...

-There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 13 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/LANDFALL/README.md
+++ b/actors/LANDFALL/README.md
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LANDFALL:

-* [US](https://vuldb.com/?country.us)
 * [HU](https://vuldb.com/?country.hu)
+* [US](https://vuldb.com/?country.us)
 * [CO](https://vuldb.com/?country.co)

 ## IOC - Indicator of Compromise
--- a/actors/LabRat/README.md
+++ b/actors/LabRat/README.md
@ -30,14 +30,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-36 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
 4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-264, CWE-269, CWE-274, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
 6 | ... | ... | ... | ...

-There are 18 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -45,46 +45,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `//proc/kcore` | Medium
-2 | File | `/ajax.php?action=read_msg` | High
-3 | File | `/api/baskets/{name}` | High
-4 | File | `/api/upload.php` | High
-5 | File | `/api?path=profile` | High
-6 | File | `/authenticationendpoint/login.do` | High
-7 | File | `/cgi-bin/luci` | High
-8 | File | `/cgi-bin/wlogin.cgi` | High
-9 | File | `/ci_spms/admin/search/searching/` | High
-10 | File | `/classes/Master.php?f=save_brand` | High
-11 | File | `/contact/store` | High
-12 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
-13 | File | `/ecommerce/support_ticket` | High
-14 | File | `/etc/pki/pesign` | High
-15 | File | `/forum/away.php` | High
-16 | File | `/FuguHub/cmsdocs/` | High
-17 | File | `/goform/set_LimitClient_cfg` | High
-18 | File | `/graphql` | Medium
-19 | File | `/h/autoSaveDraft` | High
-20 | File | `/HNAP1` | Low
-21 | File | `/index.php` | Medium
-22 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
-23 | File | `/mc` | Low
-24 | File | `/modules/projects/vw_files.php` | High
-25 | File | `/php-inventory-management-system/product.php` | High
-26 | File | `/plain` | Low
-27 | File | `/plugins/playbooks/api/v0/runs` | High
-28 | File | `/registration.php` | High
-29 | File | `/release-x64/otfccdump+0x61731f` | High
-30 | File | `/search.php` | Medium
-31 | File | `/settings/account` | High
-32 | File | `/sitecore/shell/Invoke.aspx` | High
-33 | File | `/staff/edit_book_details.php` | High
-34 | File | `/student/bookdetails.php` | High
-35 | File | `/uncpath/` | Medium
-36 | File | `/userfs/bin/tcapi` | High
-37 | File | `/var/log/nginx` | High
-38 | ... | ... | ...
+1 | File | `/academy/home/courses` | High
+2 | File | `/admin/adclass.php` | High
+3 | File | `/admin/admin-profile.php` | High
+4 | File | `/admin/sales/view_details.php` | High
+5 | File | `/admin/students/view_details.php` | High
+6 | File | `/ajax-files/followBoard.php` | High
+7 | File | `/ajax.php?action=read_msg` | High
+8 | File | `/api/cron/settings/setJob/` | High
+9 | File | `/api/v1/snapshots` | High
+10 | File | `/api/v1/terminal/sessions/?limit=1` | High
+11 | File | `/audit/log/log_management.php` | High
+12 | File | `/auth/callback` | High
+13 | File | `/authenticationendpoint/login.do` | High
+14 | File | `/cgi-bin/mainfunction.cgi` | High
+15 | File | `/cgi-bin/wlogin.cgi` | High
+16 | File | `/cgi.cgi` | Medium
+17 | File | `/classes/Users.php` | High
+18 | File | `/collection/all` | High
+19 | File | `/Content/Template/root/reverse-shell.aspx` | High
+20 | File | `/ctcprotocol/Protocol` | High
+21 | File | `/dottie.js` | Medium
+22 | File | `/DXR.axd` | Medium
+23 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
+24 | File | `/env` | Low
+25 | File | `/files/` | Low
+26 | File | `/forms/doLogin` | High
+27 | File | `/forum/away.php` | High
+28 | File | `/goform/setportList` | High
+29 | File | `/h/autoSaveDraft` | High
+30 | File | `/index.php` | Medium
+31 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
+32 | File | `/index.php?page=member` | High
+33 | File | `/jurusanmatkul/data` | High
+34 | File | `/librarian/bookdetails.php` | High
+35 | File | `/log/decodmail.php` | High
+36 | File | `/log/webmailattach.php` | High
+37 | File | `/login.php?do=login` | High
+38 | File | `/php-opos/index.php` | High
+39 | File | `/public/login.htm` | High
+40 | File | `/QueryView.php` | High
+41 | File | `/recreate.php` | High
+42 | ... | ... | ...

-There are 327 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 362 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/LaplasClipper/README.md
+++ b/actors/LaplasClipper/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...

-There are 15 more country items available. Please use our online service to access the data.
+There are 13 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -26,7 +26,7 @@ ID | IP address | Hostname | Campaign | Confidence
 3 | [45.159.189.105](https://vuldb.com/?ip.45.159.189.105) | . | - | High
 4 | ... | ... | ... | ...

-There are 7 more IOC items available. Please use our online service to access the data.
+There are 9 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -39,9 +39,10 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+7 | ... | ... | ... | ...

-There are 20 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -57,25 +58,25 @@ ID | Type | Indicator | Confidence
 6 | File | `/admin/delete_user.php` | High
 7 | File | `/admin/doctors.php` | High
 8 | File | `/admin/submit-articles` | High
-9 | File | `/ad_js.php` | Medium
-10 | File | `/alphaware/summary.php` | High
-11 | File | `/api/` | Low
-12 | File | `/api/admin/store/product/list` | High
-13 | File | `/api/baskets/{name}` | High
-14 | File | `/api/stl/actions/search` | High
-15 | File | `/api/v2/cli/commands` | High
-16 | File | `/attachments` | Medium
-17 | File | `/bin/ate` | Medium
-18 | File | `/boat/login.php` | High
-19 | File | `/booking/show_bookings/` | High
-20 | File | `/bsms_ci/index.php/book` | High
-21 | File | `/cas/logout` | Medium
-22 | File | `/cgi-bin` | Medium
-23 | File | `/cgi-bin/luci/api/wireless` | High
-24 | File | `/cgi-bin/wlogin.cgi` | High
-25 | File | `/context/%2e/WEB-INF/web.xml` | High
-26 | File | `/dashboard/reports/logs/view` | High
-27 | File | `/debian/patches/load_ppp_generic_if_needed` | High
+9 | File | `/alphaware/summary.php` | High
+10 | File | `/api/` | Low
+11 | File | `/api/admin/store/product/list` | High
+12 | File | `/api/baskets/{name}` | High
+13 | File | `/api/stl/actions/search` | High
+14 | File | `/api/v2/cli/commands` | High
+15 | File | `/attachments` | Medium
+16 | File | `/bin/ate` | Medium
+17 | File | `/boat/login.php` | High
+18 | File | `/booking/show_bookings/` | High
+19 | File | `/bsms_ci/index.php/book` | High
+20 | File | `/cas/logout` | Medium
+21 | File | `/cgi-bin` | Medium
+22 | File | `/cgi-bin/luci/api/wireless` | High
+23 | File | `/cgi-bin/wlogin.cgi` | High
+24 | File | `/collection/all` | High
+25 | File | `/Content/Template/root/reverse-shell.aspx` | High
+26 | File | `/context/%2e/WEB-INF/web.xml` | High
+27 | File | `/dashboard/add-blog.php` | High
 28 | File | `/debug/pprof` | Medium
 29 | File | `/env` | Low
 30 | File | `/etc/gsissh/sshd_config` | High
@ -84,18 +85,16 @@ ID | Type | Indicator | Confidence
 33 | File | `/goform/setmac` | High
 34 | File | `/goform/wizard_end` | High
 35 | File | `/group1/uploa` | High
-36 | File | `/manage-apartment.php` | High
+36 | File | `/hrm/controller/employee.php` | High
 37 | File | `/medicines/profile.php` | High
 38 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
-39 | File | `/pages/apply_vacancy.php` | High
+39 | File | `/out.php` | Medium
 40 | File | `/php-sms/admin/?page=user/manage_user` | High
-41 | File | `/proc/<PID>/mem` | High
-42 | File | `/proxy` | Low
-43 | File | `/reservation/add_message.php` | High
-44 | File | `/resources//../` | High
-45 | ... | ... | ...
+41 | File | `/proxy` | Low
+42 | File | `/reservation/add_message.php` | High
+43 | ... | ... | ...

-There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -104,6 +103,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://app.any.run/tasks/6c910d55-f846-46f8-bfa5-b6af3986466c
 * https://app.any.run/tasks/47c2c5a4-d752-4ba2-a2d4-15665bd5aac3
 * https://bazaar.abuse.ch/sample/bd7b6f6ef2d0adfb9b2e058fc46ad29ff1edffc648f9d7408745916bb8a2f310/
+* https://github.com/Cisco-Talos/IOCs/blob/main/2023/02/new-mortalkombat-ransomware-and-laplas-clipper-malware-threats.txt
 * https://threatfox.abuse.ch
 * https://twitter.com/1ZRR4H/status/1623067548781539339
 * https://twitter.com/crep1x/status/1636352242969108484
--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...

-There are 21 more country items available. Please use our online service to access the data.
+There are 18 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -246,14 +246,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
-2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+7 | ... | ... | ... | ...

-There are 20 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -264,64 +265,57 @@ ID | Type | Indicator | Confidence
 1 | File | `//WEB-INF` | Medium
 2 | File | `/?p=products` | Medium
 3 | File | `/about.php` | Medium
-4 | File | `/admin.php/accessory/filesdel.html` | High
-5 | File | `/admin.php/update/getFile.html` | High
-6 | File | `/admin/?page=user/manage` | High
-7 | File | `/admin/add-new.php` | High
-8 | File | `/admin/cashadvance_row.php` | High
-9 | File | `/admin/doctors.php` | High
-10 | File | `/admin/maintenance/view_designation.php` | High
-11 | File | `/admin/sys_sql_query.php` | High
-12 | File | `/admin/userprofile.php` | High
-13 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-14 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-15 | File | `/alphaware/summary.php` | High
-16 | File | `/api/` | Low
-17 | File | `/api/admin/store/product/list` | High
-18 | File | `/api/stl/actions/search` | High
-19 | File | `/api/v2/cli/commands` | High
-20 | File | `/APR/login.php` | High
-21 | File | `/bin/ate` | Medium
-22 | File | `/bin/httpd` | Medium
-23 | File | `/boat/login.php` | High
-24 | File | `/booking/show_bookings/` | High
-25 | File | `/cgi-bin` | Medium
-26 | File | `/cgi-bin/wapopen` | High
-27 | File | `/cgi-bin/wlogin.cgi` | High
-28 | File | `/company/store` | High
-29 | File | `/Controller/Ajaxfileupload.ashx` | High
-30 | File | `/debug/pprof` | Medium
-31 | File | `/env` | Low
-32 | File | `/etc/passwd` | Medium
-33 | File | `/feeds/post/publish` | High
-34 | File | `/forum/away.php` | High
-35 | File | `/h/` | Low
-36 | File | `/home/masterConsole` | High
-37 | File | `/home/sendBroadcast` | High
-38 | File | `/inc/jquery/uploadify/uploadify.php` | High
-39 | File | `/index.php?app=main&func=passport&action=login` | High
-40 | File | `/index.php?page=category_list` | High
-41 | File | `/jobinfo/` | Medium
-42 | File | `/Moosikay/order.php` | High
-43 | File | `/mygym/admin/index.php?view_exercises` | High
-44 | File | `/opac/Actions.php?a=login` | High
-45 | File | `/php-opos/index.php` | High
-46 | File | `/php-sms/admin/?page=user/manage_user` | High
-47 | File | `/PreviewHandler.ashx` | High
-48 | File | `/public/launchNewWindow.jsp` | High
-49 | File | `/recipe-result` | High
-50 | File | `/reservation/add_message.php` | High
-51 | File | `/resources//../` | High
-52 | File | `/Service/ImageStationDataService.asmx` | High
-53 | File | `/student/bookdetails.php` | High
-54 | File | `/uncpath/` | Medium
-55 | File | `/uploads/exam_question/` | High
-56 | File | `/user/ticket/create` | High
-57 | File | `/user/updatePwd` | High
-58 | File | `/var/lib/docker/<remapping>` | High
-59 | ... | ... | ...
+4 | File | `/admin.php/update/getFile.html` | High
+5 | File | `/admin/save.php` | High
+6 | File | `/admin/sys_sql_query.php` | High
+7 | File | `/api/baskets/{name}` | High
+8 | File | `/api/download` | High
+9 | File | `/api/stl/actions/search` | High
+10 | File | `/api/v1/alerts` | High
+11 | File | `/api/v1/terminal/sessions/?limit=1` | High
+12 | File | `/bin/ate` | Medium
+13 | File | `/bitrix/admin/ldap_server_edit.php` | High
+14 | File | `/booking/show_bookings/` | High
+15 | File | `/category.php` | High
+16 | File | `/categorypage.php` | High
+17 | File | `/cgi-bin` | Medium
+18 | File | `/cgi-bin/luci/api/wireless` | High
+19 | File | `/cgi-bin/vitogate.cgi` | High
+20 | File | `/company/store` | High
+21 | File | `/Content/Template/root/reverse-shell.aspx` | High
+22 | File | `/Controller/Ajaxfileupload.ashx` | High
+23 | File | `/core/conditions/AbstractWrapper.java` | High
+24 | File | `/dashboard/add-blog.php` | High
+25 | File | `/debug/pprof` | Medium
+26 | File | `/env` | Low
+27 | File | `/etc/passwd` | Medium
+28 | File | `/fcgi/scrut_fcgi.fcgi` | High
+29 | File | `/feeds/post/publish` | High
+30 | File | `/forum/away.php` | High
+31 | File | `/group1/uploa` | High
+32 | File | `/h/` | Low
+33 | File | `/HNAP1` | Low
+34 | File | `/inc/jquery/uploadify/uploadify.php` | High
+35 | File | `/index.php?app=main&func=passport&action=login` | High
+36 | File | `/index.php?page=category_list` | High
+37 | File | `/jeecg-boot/sys/common/upload` | High
+38 | File | `/jobinfo/` | Medium
+39 | File | `/Moosikay/order.php` | High
+40 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
+41 | File | `/opac/Actions.php?a=login` | High
+42 | File | `/php-sms/admin/?page=user/manage_user` | High
+43 | File | `/PreviewHandler.ashx` | High
+44 | File | `/recipe-result` | High
+45 | File | `/register.do` | Medium
+46 | File | `/reservation/add_message.php` | High
+47 | File | `/resources//../` | High
+48 | File | `/RPS2019Service/status.html` | High
+49 | File | `/Service/ImageStationDataService.asmx` | High
+50 | File | `/sicweb-ajax/tmproot/` | High
+51 | File | `/spip.php` | Medium
+52 | ... | ... | ...

-There are 518 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 449 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Lazarus/README.md
+++ b/actors/Lazarus/README.md
@ -276,14 +276,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-35 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-29, CWE-35 | Pathname Traversal | High
 2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+5 | ... | ... | ... | ...

-There are 20 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -294,52 +293,47 @@ ID | Type | Indicator | Confidence
 1 | File | `/+CSCOE+/logon.html` | High
 2 | File | `/academy/tutor/filter` | High
 3 | File | `/adfs/ls` | Medium
-4 | File | `/admin/?page=user/manage_user&id=3` | High
-5 | File | `/admin/edit_product.php` | High
+4 | File | `/admin/index2.html` | High
+5 | File | `/admin/sales/view_details.php` | High
 6 | File | `/api/baskets/{name}` | High
-7 | File | `/api/common/ping` | High
-8 | File | `/api/sys/set_passwd` | High
-9 | File | `/app/search/table` | High
-10 | File | `/blog` | Low
-11 | File | `/bsms_ci/index.php/user/edit_user/` | High
-12 | File | `/cgi-bin/koha/catalogue/search.pl` | High
-13 | File | `/cgi-bin/upload_vpntar` | High
-14 | File | `/cgi-bin/wlogin.cgi` | High
-15 | File | `/common/info.cgi` | High
-16 | File | `/CPE` | Low
-17 | File | `/debug/pprof` | Medium
-18 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
-19 | File | `/forum/away.php` | High
-20 | File | `/goform/Diagnosis` | High
-21 | File | `/goform/net\_Web\_get_value` | High
-22 | File | `/GponForm/usb_restore_Form?script/` | High
-23 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
-24 | File | `/group1/uploa` | High
-25 | File | `/home/search` | Medium
-26 | File | `/hrm/controller/employee.php` | High
-27 | File | `/hrm/employeeview.php` | High
-28 | File | `/importexport.php` | High
-29 | File | `/includes/db_connect.php` | High
-30 | File | `/includes/session.php` | High
-31 | File | `/mail.php` | Medium
-32 | File | `/mc` | Low
-33 | File | `/modules/projects/vw_files.php` | High
-34 | File | `/modules/public/calendar.php` | High
-35 | File | `/modules/public/date_format.php` | High
-36 | File | `/modules/tasks/gantt.php` | High
-37 | File | `/osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php` | High
-38 | File | `/out.php` | Medium
-39 | File | `/pf/idprofile.ping` | High
-40 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
-41 | File | `/php-spms/admin/?page=user/` | High
-42 | File | `/src/amf/amf-context.c` | High
-43 | File | `/SysManage/AddUpdateSites.aspx` | High
-44 | File | `/sysmanage/changelogo.php` | High
-45 | File | `/uncpath/` | Medium
-46 | File | `/v1/hotlink/proxy` | High
-47 | ... | ... | ...
+7 | File | `/api/sys/set_passwd` | High
+8 | File | `/app/search/table` | High
+9 | File | `/aqpg/users/login.php` | High
+10 | File | `/bsms_ci/index.php/user/edit_user/` | High
+11 | File | `/cgi-bin/koha/catalogue/search.pl` | High
+12 | File | `/cgi-bin/upload_vpntar` | High
+13 | File | `/cgi-bin/wlogin.cgi` | High
+14 | File | `/common/info.cgi` | High
+15 | File | `/debug/pprof` | Medium
+16 | File | `/forum/away.php` | High
+17 | File | `/goform/Diagnosis` | High
+18 | File | `/goform/net\_Web\_get_value` | High
+19 | File | `/GponForm/usb_restore_Form?script/` | High
+20 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
+21 | File | `/group1/uploa` | High
+22 | File | `/hrm/controller/employee.php` | High
+23 | File | `/hrm/employeeview.php` | High
+24 | File | `/importexport.php` | High
+25 | File | `/includes/db_connect.php` | High
+26 | File | `/includes/session.php` | High
+27 | File | `/leaves/validate` | High
+28 | File | `/mail.php` | Medium
+29 | File | `/mc` | Low
+30 | File | `/modules/projects/vw_files.php` | High
+31 | File | `/modules/public/calendar.php` | High
+32 | File | `/modules/public/date_format.php` | High
+33 | File | `/modules/tasks/gantt.php` | High
+34 | File | `/out.php` | Medium
+35 | File | `/pf/idprofile.ping` | High
+36 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
+37 | File | `/php-spms/admin/?page=user/` | High
+38 | File | `/plugin` | Low
+39 | File | `/project/tasks/list` | High
+40 | File | `/protocol/iscgwtunnel/uploadiscgwrouteconf.php` | High
+41 | File | `/secure/QueryComponent!Default.jspa` | High
+42 | ... | ... | ...

-There are 407 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 360 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...

-There are 4 more country items available. Please use our online service to access the data.
+There are 5 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -107,7 +107,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
 3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
@ -137,19 +137,19 @@ ID | Type | Indicator | Confidence
 15 | File | `/wp-admin/admin-ajax.php` | High
 16 | File | `account-signup.php` | High
 17 | File | `account/signup.php` | High
-18 | File | `action.php` | Medium
-19 | File | `addentry.php` | Medium
-20 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
-21 | File | `admin.jcomments.php` | High
-22 | File | `admin.php` | Medium
-23 | File | `admin/admin_editor.php` | High
-24 | File | `admin/conf_users_edit.php` | High
-25 | File | `admin/data.php` | High
-26 | File | `admin/edit_category.php` | High
-27 | File | `admin/operations/currency.php` | High
+18 | File | `addentry.php` | Medium
+19 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
+20 | File | `admin.jcomments.php` | High
+21 | File | `admin.php` | Medium
+22 | File | `admin/admin_editor.php` | High
+23 | File | `admin/conf_users_edit.php` | High
+24 | File | `admin/data.php` | High
+25 | File | `admin/edit_category.php` | High
+26 | File | `admin/operations/currency.php` | High
+27 | File | `awstats.pl` | Medium
 28 | ... | ... | ...

-There are 236 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 241 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/LeetHozer/README.md
+++ b/actors/LeetHozer/README.md
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 10 more TTP items available. Please use our online service to access the data.
+There are 11 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -50,14 +50,14 @@ ID | Type | Indicator | Confidence
 1 | File | `/api/RecordingList/DownloadRecord?file=` | High
 2 | File | `/apply.cgi` | Medium
 3 | File | `/rapi/read_url` | High
-4 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
-5 | File | `AjaxFileUploadHandler.axd` | High
-6 | File | `appserv/main.php` | High
-7 | File | `coders/png.c` | Medium
-8 | File | `customoid.inc.php` | High
+4 | File | `/scripts/unlock_tasks.php` | High
+5 | File | `/system/user/modules/mod_users/controller.php` | High
+6 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
+7 | File | `AjaxFileUploadHandler.axd` | High
+8 | File | `appserv/main.php` | High
 9 | ... | ... | ...

-There are 62 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -63,39 +63,43 @@ ID | Type | Indicator | Confidence
 4 | File | `/admin/forgot-password.php` | High
 5 | File | `/admin/index.php` | High
 6 | File | `/admin/lab.php` | High
-7 | File | `/admin/payment.php` | High
-8 | File | `/admin/show.php` | High
-9 | File | `/default.php?idx=17` | High
-10 | File | `/download` | Medium
-11 | File | `/env` | Low
-12 | File | `/forum/away.php` | High
-13 | File | `/goform/SetOnlineDevName` | High
-14 | File | `/index.php` | Medium
-15 | File | `/index.php/admins/Fields/get_fields.html` | High
-16 | File | `/opt/bin/cli` | Medium
-17 | File | `/p` | Low
-18 | File | `/patient/doctors.php` | High
-19 | File | `/phpinventory/editcategory.php` | High
-20 | File | `/php_action/createUser.php` | High
-21 | File | `/product-list.php` | High
-22 | File | `/spip.php` | Medium
-23 | File | `/uncpath/` | Medium
-24 | File | `/updown/upload.cgi` | High
-25 | File | `/user/del.php` | High
-26 | File | `/_next` | Low
-27 | File | `123flashchat.php` | High
-28 | File | `act.php` | Low
-29 | File | `admin/bad.php` | High
-30 | File | `admin/index.php` | High
-31 | File | `admin/index.php/user/del/1` | High
-32 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-33 | File | `administrator/index.php` | High
-34 | File | `admin\posts\manage_post.php` | High
-35 | File | `agenda.php` | Medium
-36 | File | `ajax/render/widget_php` | High
-37 | ... | ... | ...
+7 | File | `/admin/login.php` | High
+8 | File | `/admin/payment.php` | High
+9 | File | `/admin/show.php` | High
+10 | File | `/default.php?idx=17` | High
+11 | File | `/download` | Medium
+12 | File | `/env` | Low
+13 | File | `/forum/away.php` | High
+14 | File | `/goform/SetOnlineDevName` | High
+15 | File | `/index.php` | Medium
+16 | File | `/index.php/admins/Fields/get_fields.html` | High
+17 | File | `/opt/bin/cli` | Medium
+18 | File | `/p` | Low
+19 | File | `/patient/doctors.php` | High
+20 | File | `/phpinventory/editcategory.php` | High
+21 | File | `/php_action/createUser.php` | High
+22 | File | `/product-list.php` | High
+23 | File | `/spip.php` | Medium
+24 | File | `/uncpath/` | Medium
+25 | File | `/updown/upload.cgi` | High
+26 | File | `/user/del.php` | High
+27 | File | `/wp-admin/admin-ajax.php` | High
+28 | File | `/_next` | Low
+29 | File | `123flashchat.php` | High
+30 | File | `act.php` | Low
+31 | File | `admin.php/pay` | High
+32 | File | `admin/bad.php` | High
+33 | File | `admin/index.php` | High
+34 | File | `admin/index.php/user/del/1` | High
+35 | File | `admin/index.php?id=themes&action=edit_chunk` | High
+36 | File | `administrator/index.php` | High
+37 | File | `admin\posts\manage_post.php` | High
+38 | File | `agenda.php` | Medium
+39 | File | `ajax/render/widget_php` | High
+40 | File | `album_portal.php` | High
+41 | ... | ... | ...

-There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 352 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -70,38 +70,42 @@ ID | Type | Indicator | Confidence
 5 | File | `/admin/forgot-password.php` | High
 6 | File | `/admin/index.php` | High
 7 | File | `/admin/lab.php` | High
-8 | File | `/admin/payment.php` | High
-9 | File | `/admin/show.php` | High
-10 | File | `/default.php?idx=17` | High
-11 | File | `/download` | Medium
-12 | File | `/env` | Low
-13 | File | `/forum/away.php` | High
-14 | File | `/index.php` | Medium
-15 | File | `/opt/bin/cli` | Medium
-16 | File | `/p` | Low
-17 | File | `/patient/doctors.php` | High
-18 | File | `/phpinventory/editcategory.php` | High
-19 | File | `/php_action/createUser.php` | High
-20 | File | `/product-list.php` | High
-21 | File | `/spip.php` | Medium
-22 | File | `/uapi/doc` | Medium
-23 | File | `/uncpath/` | Medium
-24 | File | `/updown/upload.cgi` | High
-25 | File | `/user/del.php` | High
-26 | File | `/_next` | Low
-27 | File | `123flashchat.php` | High
-28 | File | `act.php` | Low
-29 | File | `admin/bad.php` | High
-30 | File | `admin/index.php` | High
-31 | File | `admin/index.php/user/del/1` | High
-32 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-33 | File | `administrator/index.php` | High
-34 | File | `agenda.php` | Medium
-35 | File | `ajax/render/widget_php` | High
-36 | File | `album_portal.php` | High
-37 | ... | ... | ...
+8 | File | `/admin/login.php` | High
+9 | File | `/admin/payment.php` | High
+10 | File | `/admin/show.php` | High
+11 | File | `/default.php?idx=17` | High
+12 | File | `/download` | Medium
+13 | File | `/env` | Low
+14 | File | `/forum/away.php` | High
+15 | File | `/index.php` | Medium
+16 | File | `/opt/bin/cli` | Medium
+17 | File | `/p` | Low
+18 | File | `/patient/doctors.php` | High
+19 | File | `/phpinventory/editcategory.php` | High
+20 | File | `/php_action/createUser.php` | High
+21 | File | `/product-list.php` | High
+22 | File | `/spip.php` | Medium
+23 | File | `/uapi/doc` | Medium
+24 | File | `/uncpath/` | Medium
+25 | File | `/updown/upload.cgi` | High
+26 | File | `/user/del.php` | High
+27 | File | `/wp-admin/admin-ajax.php` | High
+28 | File | `/_next` | Low
+29 | File | `123flashchat.php` | High
+30 | File | `act.php` | Low
+31 | File | `admin.php/pay` | High
+32 | File | `admin/bad.php` | High
+33 | File | `admin/index.php` | High
+34 | File | `admin/index.php/user/del/1` | High
+35 | File | `admin/index.php?id=themes&action=edit_chunk` | High
+36 | File | `administrator/index.php` | High
+37 | File | `agenda.php` | Medium
+38 | File | `ajax/render/widget_php` | High
+39 | File | `album_portal.php` | High
+40 | File | `api.php` | Low
+41 | ... | ... | ...

-There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Press/README.md
+++ b/Press/README.md
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Liberty Front Press:

 * [US](https://vuldb.com/?country.us)
-* [CN](https://vuldb.com/?country.cn)
 * [VN](https://vuldb.com/?country.vn)
+* [CN](https://vuldb.com/?country.cn)
 * ...

-There are 14 more country items available. Please use our online service to access the data.
+There are 13 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -88,15 +88,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High
-2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-29, CWE-36 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
+6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
 7 | ... | ... | ... | ...

-There are 22 more TTP items available. Please use our online service to access the data.
+There are 24 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -104,56 +104,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/?p=products` | Medium
-2 | File | `/admin.php/accessory/filesdel.html` | High
-3 | File | `/admin/?page=user/manage` | High
-4 | File | `/admin/add-new.php` | High
-5 | File | `/admin/doctors.php` | High
-6 | File | `/admin/index3.php` | High
-7 | File | `/admin/upload/upload` | High
-8 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-9 | File | `/alphaware/summary.php` | High
-10 | File | `/api/` | Low
-11 | File | `/api/admin/store/product/list` | High
-12 | File | `/api/baskets/{name}` | High
-13 | File | `/api/gen/clients/{language}` | High
-14 | File | `/api/stl/actions/search` | High
-15 | File | `/api/v2/cli/commands` | High
-16 | File | `/bin/ate` | Medium
-17 | File | `/boat/login.php` | High
-18 | File | `/booking/show_bookings/` | High
-19 | File | `/bsms_ci/index.php/book` | High
-20 | File | `/cgi-bin` | Medium
-21 | File | `/cgi-bin/wlogin.cgi` | High
-22 | File | `/config/myfield/test.php` | High
-23 | File | `/debug/pprof` | Medium
-24 | File | `/ecshop/admin/template.php` | High
-25 | File | `/env` | Low
-26 | File | `/file/upload/1` | High
-27 | File | `/forum/away.php` | High
-28 | File | `/forum/PostPrivateMessage` | High
-29 | File | `/goform/set_LimitClient_cfg` | High
-30 | File | `/home/www/cgi-bin/login.cgi` | High
-31 | File | `/hss/admin/?page=products/view_product` | High
-32 | File | `/loginsave.php` | High
-33 | File | `/medicines/profile.php` | High
-34 | File | `/multi-vendor-shopping-script/product-list.php` | High
-35 | File | `/net-banking/customer_transactions.php` | High
-36 | File | `/obs/book.php` | High
-37 | File | `/owa/auth/logon.aspx` | High
-38 | File | `/param.file.tgz` | High
-39 | File | `/php-sms/admin/?page=user/manage_user` | High
-40 | File | `/preview.php` | Medium
-41 | File | `/public_html/users.php` | High
-42 | File | `/requests.php` | High
-43 | File | `/reservation/add_message.php` | High
-44 | File | `/resources//../` | High
-45 | File | `/spip.php` | Medium
-46 | File | `/sqlite3_aflpp/shell.c` | High
-47 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
-48 | ... | ... | ...
+1 | File | `$HOME/.terminfo` | High
+2 | File | `/?p=products` | Medium
+3 | File | `/api/` | Low
+4 | File | `/api/admin/store/product/list` | High
+5 | File | `/api/baskets/{name}` | High
+6 | File | `/api/gen/clients/{language}` | High
+7 | File | `/api/stl/actions/search` | High
+8 | File | `/api/v2/cli/commands` | High
+9 | File | `/bin/ate` | Medium
+10 | File | `/bin/login` | Medium
+11 | File | `/bin/mini_upnpd` | High
+12 | File | `/booking/show_bookings/` | High
+13 | File | `/cgi-bin` | Medium
+14 | File | `/cgi-bin/wlogin.cgi` | High
+15 | File | `/config/myfield/test.php` | High
+16 | File | `/Content/Template/root/reverse-shell.aspx` | High
+17 | File | `/dashboard/add-blog.php` | High
+18 | File | `/debug/pprof` | Medium
+19 | File | `/env` | Low
+20 | File | `/file/upload/1` | High
+21 | File | `/forum/away.php` | High
+22 | File | `/goform/set_LimitClient_cfg` | High
+23 | File | `/group1/uploa` | High
+24 | File | `/h/autoSaveDraft` | High
+25 | File | `/h/search?action` | High
+26 | File | `/hss/admin/?page=products/view_product` | High
+27 | File | `/importexport.php` | High
+28 | File | `/index.php?app=main&func=passport&action=login` | High
+29 | File | `/mgmt/` | Low
+30 | File | `/mhds/clinic/view_details.php` | High
+31 | File | `/multi-vendor-shopping-script/product-list.php` | High
+32 | File | `/owa/auth/logon.aspx` | High
+33 | File | `/php-sms/admin/?page=user/manage_user` | High
+34 | File | `/preview.php` | Medium
+35 | File | `/requests.php` | High
+36 | File | `/resources//../` | High
+37 | File | `/secure/ViewCollectors` | High
+38 | File | `/server-status` | High
+39 | File | `/spip.php` | Medium
+40 | ... | ... | ...

-There are 415 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 348 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/LockBit/README.md
+++ b/actors/LockBit/README.md
@ -59,49 +59,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin/config.php?display=disa&view=form` | High
-2 | File | `/admin/link/link_ok.php` | High
-3 | File | `/advanced-tools/nova/bin/netwatch` | High
-4 | File | `/cameras/XXXX/clips` | High
-5 | File | `/category_view.php` | High
-6 | File | `/cgi-bin/admin/testserver.cgi` | High
-7 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
-8 | File | `/cimom` | Low
-9 | File | `/download` | Medium
-10 | File | `/etc/sudoers` | Medium
-11 | File | `/export` | Low
-12 | File | `/forum/away.php` | High
-13 | File | `/getcfg.php` | Medium
-14 | File | `/icingaweb2/navigation/add` | High
-15 | File | `/modules/projects/vw_files.php` | High
-16 | File | `/netflow/jspui/addMailSettings.jsp` | High
-17 | File | `/out.php` | Medium
-18 | File | `/owa/auth/logon.aspx` | High
-19 | File | `/recordings/index.php` | High
-20 | File | `/sec/content/sec_asa_users_local_db_add.html` | High
-21 | File | `/secure/QueryComponent!Default.jspa` | High
-22 | File | `/spip.php` | Medium
-23 | File | `/src/Illuminate/Laravel.php` | High
-24 | File | `/student/bookdetails.php` | High
-25 | File | `/uncpath/` | Medium
-26 | File | `/usr/bin/pkexec` | High
-27 | File | `/var/log/nginx` | High
-28 | File | `/webmail/` | Medium
-29 | File | `/wp-admin/admin-ajax.php` | High
-30 | File | `/wp-admin/options.php` | High
-31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-32 | File | `adclick.php` | Medium
-33 | File | `addmem.php` | Medium
-34 | File | `add_user.php` | Medium
-35 | File | `admin.php` | Medium
-36 | File | `admin.remository.php` | High
-37 | File | `admin/admin.asp` | High
-38 | File | `adminHome.php` | High
-39 | File | `admin_add.php` | High
-40 | File | `affich.php` | Medium
-41 | ... | ... | ...
+1 | File | `/+CSCOE+/logon.html` | High
+2 | File | `/admin/config.php?display=disa&view=form` | High
+3 | File | `/admin/link/link_ok.php` | High
+4 | File | `/advanced-tools/nova/bin/netwatch` | High
+5 | File | `/cameras/XXXX/clips` | High
+6 | File | `/category_view.php` | High
+7 | File | `/cgi-bin/admin/testserver.cgi` | High
+8 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
+9 | File | `/cimom` | Low
+10 | File | `/download` | Medium
+11 | File | `/etc/sudoers` | Medium
+12 | File | `/export` | Low
+13 | File | `/forum/away.php` | High
+14 | File | `/getcfg.php` | Medium
+15 | File | `/icingaweb2/navigation/add` | High
+16 | File | `/modules/projects/vw_files.php` | High
+17 | File | `/netflow/jspui/addMailSettings.jsp` | High
+18 | File | `/out.php` | Medium
+19 | File | `/owa/auth/logon.aspx` | High
+20 | File | `/recordings/index.php` | High
+21 | File | `/sec/content/sec_asa_users_local_db_add.html` | High
+22 | File | `/secure/QueryComponent!Default.jspa` | High
+23 | File | `/spip.php` | Medium
+24 | File | `/src/Illuminate/Laravel.php` | High
+25 | File | `/student/bookdetails.php` | High
+26 | File | `/uncpath/` | Medium
+27 | File | `/usr/bin/pkexec` | High
+28 | File | `/var/log/nginx` | High
+29 | File | `/webmail/` | Medium
+30 | File | `/wp-admin/admin-ajax.php` | High
+31 | File | `/wp-admin/options.php` | High
+32 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+33 | File | `adclick.php` | Medium
+34 | File | `addmem.php` | Medium
+35 | File | `add_user.php` | Medium
+36 | File | `admin.php` | Medium
+37 | File | `admin.remository.php` | High
+38 | File | `admin/admin.asp` | High
+39 | File | `adminHome.php` | High
+40 | File | `admin_add.php` | High
+41 | File | `affich.php` | Medium
+42 | ... | ... | ...

-There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 360 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/LockFile/README.md
+++ b/actors/LockFile/README.md
@ -80,17 +80,17 @@ ID | Type | Indicator | Confidence
 34 | File | `/out.php` | Medium
 35 | File | `/password.html` | High
 36 | File | `/php_action/fetchSelectedUser.php` | High
-37 | File | `/proc/ioports` | High
-38 | File | `/property-list/property_view.php` | High
-39 | File | `/ptms/classes/Users.php` | High
-40 | File | `/resources//../` | High
-41 | File | `/rest/api/2/search` | High
-42 | File | `/s/` | Low
-43 | File | `/scripts/cpan_config` | High
-44 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+37 | File | `/plugin` | Low
+38 | File | `/proc/ioports` | High
+39 | File | `/property-list/property_view.php` | High
+40 | File | `/ptms/classes/Users.php` | High
+41 | File | `/resources//../` | High
+42 | File | `/rest/api/2/search` | High
+43 | File | `/s/` | Low
+44 | File | `/scripts/cpan_config` | High
 45 | ... | ... | ...

-There are 392 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 393 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Locky/README.md
+++ b/actors/Locky/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...

-There are 11 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -110,14 +110,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
 2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

-There are 18 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -137,41 +137,45 @@ ID | Type | Indicator | Confidence
 10 | File | `/api/baskets/{name}` | High
 11 | File | `/api/stl/actions/search` | High
 12 | File | `/api/v2/cli/commands` | High
-13 | File | `/attachments` | Medium
-14 | File | `/bin/ate` | Medium
-15 | File | `/boat/login.php` | High
-16 | File | `/booking/show_bookings/` | High
-17 | File | `/bsms_ci/index.php/book` | High
-18 | File | `/cgi-bin` | Medium
-19 | File | `/cgi-bin/wlogin.cgi` | High
-20 | File | `/csms/admin/inquiries/view_details.php` | High
-21 | File | `/debug/pprof` | Medium
-22 | File | `/env` | Low
-23 | File | `/etc/hosts` | Medium
-24 | File | `/forms/doLogin` | High
-25 | File | `/forum/away.php` | High
-26 | File | `/include/chart_generator.php` | High
-27 | File | `/librarian/bookdetails.php` | High
-28 | File | `/medicines/profile.php` | High
-29 | File | `/messageboard/view.php` | High
-30 | File | `/out.php` | Medium
-31 | File | `/php-sms/admin/?page=user/manage_user` | High
-32 | File | `/reservation/add_message.php` | High
-33 | File | `/resources//../` | High
-34 | File | `/rom-0` | Low
-35 | File | `/ServletAPI/accounts/login` | High
-36 | File | `/spip.php` | Medium
-37 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
-38 | File | `/textpattern/index.php` | High
-39 | File | `/tmp` | Low
-40 | File | `/user/updatePwd` | High
-41 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+13 | File | `/bin/ate` | Medium
+14 | File | `/boat/login.php` | High
+15 | File | `/booking/show_bookings/` | High
+16 | File | `/CCMAdmin/serverlist.asp` | High
+17 | File | `/cgi-bin` | Medium
+18 | File | `/cgi-bin/wlogin.cgi` | High
+19 | File | `/cgi/get_param.cgi` | High
+20 | File | `/Content/Template/root/reverse-shell.aspx` | High
+21 | File | `/csms/admin/inquiries/view_details.php` | High
+22 | File | `/cstecgi.cgi` | Medium
+23 | File | `/dashboard/add-blog.php` | High
+24 | File | `/debug/pprof` | Medium
+25 | File | `/env` | Low
+26 | File | `/forms/doLogin` | High
+27 | File | `/forum/away.php` | High
+28 | File | `/group1/uploa` | High
+29 | File | `/include/chart_generator.php` | High
+30 | File | `/librarian/bookdetails.php` | High
+31 | File | `/messageboard/view.php` | High
+32 | File | `/out.php` | Medium
+33 | File | `/php-sms/admin/?page=user/manage_user` | High
+34 | File | `/reservation/add_message.php` | High
+35 | File | `/resources//../` | High
+36 | File | `/rom-0` | Low
+37 | File | `/ServletAPI/accounts/login` | High
+38 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
+39 | File | `/textpattern/index.php` | High
+40 | File | `/upfile.cgi` | Medium
+41 | File | `/user/updatePwd` | High
 42 | File | `/video-sharing-script/watch-video.php` | High
 43 | File | `/wireless/security.asp` | High
-44 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-45 | ... | ... | ...
+44 | File | `/wordpress/wp-admin/admin.php` | High
+45 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+46 | File | `account_footer.php` | High
+47 | File | `AcquisiAction.class.php` | High
+48 | File | `acs.exe` | Low
+49 | ... | ... | ...

-There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 425 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Loda/README.md
+++ b/actors/Loda/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...

-There are 5 more country items available. Please use our online service to access the data.
+There are 8 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -25,10 +25,10 @@ ID | IP address | Hostname | Campaign | Confidence
 2 | [3.141.204.47](https://vuldb.com/?ip.3.141.204.47) | ec2-3-141-204-47.us-east-2.compute.amazonaws.com | - | Medium
 3 | [13.40.105.36](https://vuldb.com/?ip.13.40.105.36) | ec2-13-40-105-36.eu-west-2.compute.amazonaws.com | - | Medium
 4 | [34.174.95.150](https://vuldb.com/?ip.34.174.95.150) | 150.95.174.34.bc.googleusercontent.com | - | Medium
-5 | [46.105.113.84](https://vuldb.com/?ip.46.105.113.84) | ns320209.ip-46-105-113.eu | - | High
+5 | [37.0.14.214](https://vuldb.com/?ip.37.0.14.214) | - | - | High
 6 | ... | ... | ... | ...

-There are 20 more IOC items available. Please use our online service to access the data.
+There are 21 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -36,14 +36,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

-There are 20 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -52,64 +52,49 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/?p=products` | Medium
-2 | File | `/admin/?page=product/manage_product&id=2` | High
-3 | File | `/admin/admin.php` | High
-4 | File | `/admin/casedetails.php` | High
-5 | File | `/admin/fields/manage_field.php` | High
-6 | File | `/admin/maintenance/brand.php` | High
-7 | File | `/admin/mechanics/manage_mechanic.php` | High
-8 | File | `/admin/modal_add_product.php` | High
-9 | File | `/admin/offenses/view_details.php` | High
-10 | File | `/admin/positions_add.php` | High
-11 | File | `/admin/sales/index.php` | High
-12 | File | `/admin/user/manage_user.php` | High
-13 | File | `/admin/voters_row.php` | High
-14 | File | `/ad_js.php` | Medium
-15 | File | `/agc/vicidial.php` | High
-16 | File | `/ajax.php?action=save_company` | High
-17 | File | `/ajax.php?action=save_user` | High
-18 | File | `/ajax/myshop` | Medium
-19 | File | `/alumni/admin/ajax.php?action=save_settings` | High
-20 | File | `/api/gen/clients/{language}` | High
-21 | File | `/App_Resource/UEditor/server/upload.aspx` | High
-22 | File | `/APR/signup.php` | High
-23 | File | `/authenticationendpoint/login.do` | High
-24 | File | `/aux` | Low
-25 | File | `/backup.pl` | Medium
-26 | File | `/blog` | Low
-27 | File | `/BRS_netgear_success.html` | High
-28 | File | `/cas/logout` | Medium
-29 | File | `/category.php` | High
-30 | File | `/categorypage.php` | High
-31 | File | `/cgi-bin/adm.cgi` | High
-32 | File | `/cgi-bin/system_mgr.cgi` | High
-33 | File | `/cha.php` | Medium
-34 | File | `/chaincity/user/ticket/create` | High
-35 | File | `/classes/Master.php?f=delete_sub_category` | High
-36 | File | `/College/admin/teacher.php` | High
-37 | File | `/contactform/contactform.php` | High
-38 | File | `/Controller/Ajaxfileupload.ashx` | High
-39 | File | `/dayrui/Fcms/View/system_log.html` | High
-40 | File | `/drivers/block/floppy.c` | High
-41 | File | `/ecommerce/admin/category/controller.php` | High
-42 | File | `/ecommerce/support_ticket` | High
-43 | File | `/etc/shadow` | Medium
-44 | File | `/files/list-file` | High
-45 | File | `/fos/admin/ajax.php` | High
-46 | File | `/friends/ajax_invite` | High
-47 | File | `/goform/aspForm` | High
-48 | File | `/goform/SetOnlineDevName` | High
-49 | File | `/goform/WifiGuestSet` | High
-50 | File | `/index.php` | Medium
-51 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
-52 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
-53 | File | `/kelasdosen/data` | High
-54 | File | `/libraries` | Medium
-55 | File | `/load.php` | Medium
-56 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
-57 | ... | ... | ...
+2 | File | `/academy/home/courses` | High
+3 | File | `/admin/?page=product/manage_product&id=2` | High
+4 | File | `/admin/admin.php` | High
+5 | File | `/admin/casedetails.php` | High
+6 | File | `/admin/config/uploadicon.php` | High
+7 | File | `/admin/del_feedback.php` | High
+8 | File | `/admin/fields/manage_field.php` | High
+9 | File | `/admin/maintenance/brand.php` | High
+10 | File | `/admin/mechanics/manage_mechanic.php` | High
+11 | File | `/admin/modal_add_product.php` | High
+12 | File | `/admin/offenses/view_details.php` | High
+13 | File | `/admin/plugin.php` | High
+14 | File | `/admin/positions_add.php` | High
+15 | File | `/admin/sales/index.php` | High
+16 | File | `/admin/user/manage_user.php` | High
+17 | File | `/admin/voters_row.php` | High
+18 | File | `/adv_resource` | High
+19 | File | `/ajax.php?action=save_company` | High
+20 | File | `/ajax.php?action=save_user` | High
+21 | File | `/ajax/myshop` | Medium
+22 | File | `/api/database` | High
+23 | File | `/api/gen/clients/{language}` | High
+24 | File | `/api/v1/terminal/sessions/?limit=1` | High
+25 | File | `/api/v4/opengraph` | High
+26 | File | `/App_Resource/UEditor/server/upload.aspx` | High
+27 | File | `/authenticationendpoint/login.do` | High
+28 | File | `/backup.pl` | Medium
+29 | File | `/blog` | Low
+30 | File | `/BRS_netgear_success.html` | High
+31 | File | `/c/PluginsController.php` | High
+32 | File | `/cas/logout` | Medium
+33 | File | `/category.php` | High
+34 | File | `/cgi-bin/adm.cgi` | High
+35 | File | `/cgi-bin/system_mgr.cgi` | High
+36 | File | `/cgi-bin/vitogate.cgi` | High
+37 | File | `/chaincity/user/ticket/create` | High
+38 | File | `/classes/Master.php?f=delete_sub_category` | High
+39 | File | `/collection/all` | High
+40 | File | `/contactform/contactform.php` | High
+41 | File | `/Controller/Ajaxfileupload.ashx` | High
+42 | ... | ... | ...

-There are 494 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -117,6 +102,7 @@ The following list contains _external sources_ which discuss the actor and the a

 * https://app.any.run/tasks/0370524d-75ee-4ea2-ad99-01e40a8d6b4a
 * https://threatfox.abuse.ch
+* https://www.virustotal.com/gui/file/052fba70767b01cb674b9311a220181a87bdf47161280bb6335c6024e163139c/detection

 ## Literature

--- a/Blossom/README.md
+++ b/Blossom/README.md
@ -107,7 +107,7 @@ ID | Type | Indicator | Confidence
 44 | File | `contact` | Low
 45 | ... | ... | ...

-There are 393 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Magecart/README.md
+++ b/actors/Magecart/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...

-There are 13 more country items available. Please use our online service to access the data.
+There are 12 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -93,28 +93,26 @@ ID | Type | Indicator | Confidence
 24 | File | `/Content/Template/root/reverse-shell.aspx` | High
 25 | File | `/context/%2e/WEB-INF/web.xml` | High
 26 | File | `/dashboard/add-blog.php` | High
-27 | File | `/debian/patches/load_ppp_generic_if_needed` | High
-28 | File | `/debug/pprof` | Medium
-29 | File | `/env` | Low
-30 | File | `/etc/hosts` | Medium
-31 | File | `/forum/away.php` | High
-32 | File | `/goform/setmac` | High
-33 | File | `/goform/wizard_end` | High
-34 | File | `/group1/uploa` | High
-35 | File | `/inc/parser/xhtml.php` | High
-36 | File | `/manage-apartment.php` | High
-37 | File | `/medicines/profile.php` | High
-38 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
-39 | File | `/pages/apply_vacancy.php` | High
-40 | File | `/php-sms/admin/?page=user/manage_user` | High
-41 | File | `/proxy` | Low
-42 | File | `/requests.php` | High
-43 | File | `/reservation/add_message.php` | High
-44 | File | `/resources//../` | High
-45 | File | `/Session` | Medium
-46 | ... | ... | ...
+27 | File | `/debug/pprof` | Medium
+28 | File | `/env` | Low
+29 | File | `/etc/hosts` | Medium
+30 | File | `/forum/away.php` | High
+31 | File | `/goform/setmac` | High
+32 | File | `/goform/wizard_end` | High
+33 | File | `/group1/uploa` | High
+34 | File | `/inc/parser/xhtml.php` | High
+35 | File | `/manage-apartment.php` | High
+36 | File | `/medicines/profile.php` | High
+37 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
+38 | File | `/pages/apply_vacancy.php` | High
+39 | File | `/php-sms/admin/?page=user/manage_user` | High
+40 | File | `/proxy` | Low
+41 | File | `/requests.php` | High
+42 | File | `/reservation/add_message.php` | High
+43 | File | `/resources//../` | High
+44 | ... | ... | ...

-There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...

-There are 20 more country items available. Please use our online service to access the data.
+There are 19 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -567,14 +567,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

-There are 19 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -585,57 +585,52 @@ ID | Type | Indicator | Confidence
 1 | File | `//WEB-INF` | Medium
 2 | File | `/about.php` | Medium
 3 | File | `/admin.php/update/getFile.html` | High
-4 | File | `/admin/inquiries/view_inquiry.php` | High
-5 | File | `/admin/maintenance/view_designation.php` | High
-6 | File | `/admin/sys_sql_query.php` | High
-7 | File | `/api/baskets/{name}` | High
-8 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
-9 | File | `/bin/boa` | Medium
-10 | File | `/bitrix/admin/ldap_server_edit.php` | High
-11 | File | `/cgi-bin/luci/api/wireless` | High
-12 | File | `/cgi-bin/wlogin.cgi` | High
-13 | File | `/cimom` | Low
-14 | File | `/classes/Master.php?f=delete_service` | High
-15 | File | `/classes/Master.php?f=save_course` | High
-16 | File | `/company/store` | High
-17 | File | `/Content/Template/root/reverse-shell.aspx` | High
-18 | File | `/Controller/Ajaxfileupload.ashx` | High
-19 | File | `/core/conditions/AbstractWrapper.java` | High
-20 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
-21 | File | `/E-mobile/App/System/File/downfile.php` | High
-22 | File | `/Electron/download` | High
-23 | File | `/etc/passwd` | Medium
-24 | File | `/feeds/post/publish` | High
-25 | File | `/forum/away.php` | High
-26 | File | `/h/` | Low
-27 | File | `/inc/jquery/uploadify/uploadify.php` | High
-28 | File | `/index.php?app=main&func=passport&action=login` | High
-29 | File | `/index.php?page=category_list` | High
-30 | File | `/jeecg-boot/sys/common/upload` | High
-31 | File | `/jobinfo/` | Medium
-32 | File | `/Moosikay/order.php` | High
-33 | File | `/opac/Actions.php?a=login` | High
-34 | File | `/PreviewHandler.ashx` | High
-35 | File | `/proxy` | Low
-36 | File | `/recipe-result` | High
-37 | File | `/register.do` | Medium
-38 | File | `/reservation/add_message.php` | High
-39 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
-40 | File | `/send_order.cgi?parameter=access_detect` | High
-41 | File | `/Service/ImageStationDataService.asmx` | High
-42 | File | `/spip.php` | Medium
-43 | File | `/student/bookdetails.php` | High
-44 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
-45 | File | `/text/pdf/PdfReader.java` | High
-46 | File | `/uploads/exam_question/` | High
-47 | File | `/user/ticket/create` | High
-48 | File | `/UserSelfServiceSettings.jsp` | High
-49 | File | `/var/lib/docker/<remapping>` | High
-50 | File | `/wp-admin/admin-ajax.php` | High
-51 | File | `/xxl-job-admin/user/add` | High
-52 | ... | ... | ...
+4 | File | `/admin/save.php` | High
+5 | File | `/admin/sys_sql_query.php` | High
+6 | File | `/api/baskets/{name}` | High
+7 | File | `/api/download` | High
+8 | File | `/api/runscript` | High
+9 | File | `/api/v1/terminal/sessions/?limit=1` | High
+10 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
+11 | File | `/bin/boa` | Medium
+12 | File | `/bitrix/admin/ldap_server_edit.php` | High
+13 | File | `/category.php` | High
+14 | File | `/categorypage.php` | High
+15 | File | `/cgi-bin/luci/api/wireless` | High
+16 | File | `/cgi-bin/vitogate.cgi` | High
+17 | File | `/cgi-bin/wlogin.cgi` | High
+18 | File | `/cimom` | Low
+19 | File | `/classes/Master.php?f=delete_service` | High
+20 | File | `/company/store` | High
+21 | File | `/Content/Template/root/reverse-shell.aspx` | High
+22 | File | `/Controller/Ajaxfileupload.ashx` | High
+23 | File | `/core/conditions/AbstractWrapper.java` | High
+24 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
+25 | File | `/E-mobile/App/System/File/downfile.php` | High
+26 | File | `/Electron/download` | High
+27 | File | `/etc/passwd` | Medium
+28 | File | `/fcgi/scrut_fcgi.fcgi` | High
+29 | File | `/feeds/post/publish` | High
+30 | File | `/forum/away.php` | High
+31 | File | `/h/` | Low
+32 | File | `/HNAP1` | Low
+33 | File | `/inc/jquery/uploadify/uploadify.php` | High
+34 | File | `/index.php?app=main&func=passport&action=login` | High
+35 | File | `/index.php?page=category_list` | High
+36 | File | `/jeecg-boot/sys/common/upload` | High
+37 | File | `/jobinfo/` | Medium
+38 | File | `/Moosikay/order.php` | High
+39 | File | `/opac/Actions.php?a=login` | High
+40 | File | `/out.php` | Medium
+41 | File | `/PreviewHandler.ashx` | High
+42 | File | `/recipe-result` | High
+43 | File | `/register.do` | Medium
+44 | File | `/reservation/add_message.php` | High
+45 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
+46 | File | `/RPS2019Service/status.html` | High
+47 | ... | ... | ...

-There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 411 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Meterpreter/README.md
+++ b/actors/Meterpreter/README.md
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Meterpreter:

-* [CN](https://vuldb.com/?country.cn)
+* [VN](https://vuldb.com/?country.vn)
 * [US](https://vuldb.com/?country.us)
-* [NL](https://vuldb.com/?country.nl)
+* [CN](https://vuldb.com/?country.cn)
 * ...

-There are 17 more country items available. Please use our online service to access the data.
+There are 7 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -21,42 +21,284 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [1.13.17.173](https://vuldb.com/?ip.1.13.17.173) | - | - | High
-2 | [1.117.145.220](https://vuldb.com/?ip.1.117.145.220) | - | - | High
-3 | [2.32.33.130](https://vuldb.com/?ip.2.32.33.130) | net-2-32-33-130.cust.vodafonedsl.it | - | High
-4 | [3.70.110.188](https://vuldb.com/?ip.3.70.110.188) | ec2-3-70-110-188.eu-central-1.compute.amazonaws.com | - | Medium
-5 | [3.137.123.63](https://vuldb.com/?ip.3.137.123.63) | ec2-3-137-123-63.us-east-2.compute.amazonaws.com | - | Medium
-6 | [3.141.126.222](https://vuldb.com/?ip.3.141.126.222) | ec2-3-141-126-222.us-east-2.compute.amazonaws.com | - | Medium
-7 | [3.141.204.47](https://vuldb.com/?ip.3.141.204.47) | ec2-3-141-204-47.us-east-2.compute.amazonaws.com | - | Medium
-8 | [3.142.71.14](https://vuldb.com/?ip.3.142.71.14) | ec2-3-142-71-14.us-east-2.compute.amazonaws.com | - | Medium
-9 | [3.142.157.76](https://vuldb.com/?ip.3.142.157.76) | ec2-3-142-157-76.us-east-2.compute.amazonaws.com | - | Medium
-10 | [5.34.192.55](https://vuldb.com/?ip.5.34.192.55) | - | - | High
-11 | [5.42.92.181](https://vuldb.com/?ip.5.42.92.181) | . | - | High
-12 | [5.188.86.146](https://vuldb.com/?ip.5.188.86.146) | - | - | High
-13 | [8.130.105.57](https://vuldb.com/?ip.8.130.105.57) | - | - | High
-14 | [13.214.189.242](https://vuldb.com/?ip.13.214.189.242) | ec2-13-214-189-242.ap-southeast-1.compute.amazonaws.com | - | Medium
-15 | [13.234.135.58](https://vuldb.com/?ip.13.234.135.58) | ec2-13-234-135-58.ap-south-1.compute.amazonaws.com | - | Medium
-16 | [18.163.100.82](https://vuldb.com/?ip.18.163.100.82) | ec2-18-163-100-82.ap-east-1.compute.amazonaws.com | - | Medium
-17 | [18.167.109.204](https://vuldb.com/?ip.18.167.109.204) | ec2-18-167-109-204.ap-east-1.compute.amazonaws.com | - | Medium
-18 | [18.181.38.192](https://vuldb.com/?ip.18.181.38.192) | ec2-18-181-38-192.ap-northeast-1.compute.amazonaws.com | - | Medium
-19 | [20.75.52.151](https://vuldb.com/?ip.20.75.52.151) | - | - | High
-20 | [23.94.107.211](https://vuldb.com/?ip.23.94.107.211) | read-variation.pickexit.com | - | High
-21 | [23.234.200.144](https://vuldb.com/?ip.23.234.200.144) | 144-200-234-23-dedicated.multacom.com | - | High
-22 | [23.234.205.20](https://vuldb.com/?ip.23.234.205.20) | 20-205-234-23-dedicated.multacom.com | - | High
-23 | [23.234.205.28](https://vuldb.com/?ip.23.234.205.28) | 28-205-234-23-dedicated.multacom.com | - | High
-24 | [27.124.7.107](https://vuldb.com/?ip.27.124.7.107) | - | - | High
-25 | [35.157.111.131](https://vuldb.com/?ip.35.157.111.131) | ec2-35-157-111-131.eu-central-1.compute.amazonaws.com | - | Medium
-26 | [38.92.97.11](https://vuldb.com/?ip.38.92.97.11) | - | - | High
-27 | [39.107.118.209](https://vuldb.com/?ip.39.107.118.209) | - | - | High
-28 | [39.109.41.108](https://vuldb.com/?ip.39.109.41.108) | - | - | High
-29 | [43.138.154.3](https://vuldb.com/?ip.43.138.154.3) | - | - | High
-30 | [43.138.235.176](https://vuldb.com/?ip.43.138.235.176) | - | - | High
-31 | [43.143.237.87](https://vuldb.com/?ip.43.143.237.87) | - | - | High
-32 | [43.153.63.93](https://vuldb.com/?ip.43.153.63.93) | - | - | High
-33 | [43.153.222.28](https://vuldb.com/?ip.43.153.222.28) | - | - | High
-34 | ... | ... | ... | ...
+1 | [1.6.8.189](https://vuldb.com/?ip.1.6.8.189) | - | - | High
+2 | [1.13.5.159](https://vuldb.com/?ip.1.13.5.159) | - | - | High
+3 | [1.13.17.173](https://vuldb.com/?ip.1.13.17.173) | - | - | High
+4 | [1.13.23.211](https://vuldb.com/?ip.1.13.23.211) | - | - | High
+5 | [1.13.253.132](https://vuldb.com/?ip.1.13.253.132) | - | - | High
+6 | [1.15.12.73](https://vuldb.com/?ip.1.15.12.73) | - | - | High
+7 | [1.15.178.39](https://vuldb.com/?ip.1.15.178.39) | - | - | High
+8 | [1.16.5.62](https://vuldb.com/?ip.1.16.5.62) | - | - | High
+9 | [1.116.19.113](https://vuldb.com/?ip.1.116.19.113) | - | - | High
+10 | [1.117.93.65](https://vuldb.com/?ip.1.117.93.65) | - | - | High
+11 | [1.117.145.220](https://vuldb.com/?ip.1.117.145.220) | - | - | High
+12 | [1.180.204.161](https://vuldb.com/?ip.1.180.204.161) | - | - | High
+13 | [2.32.33.130](https://vuldb.com/?ip.2.32.33.130) | net-2-32-33-130.cust.vodafonedsl.it | - | High
+14 | [2.56.62.81](https://vuldb.com/?ip.2.56.62.81) | host-2-56-62-81.olfedns.com | - | High
+15 | [2.57.149.94](https://vuldb.com/?ip.2.57.149.94) | - | - | High
+16 | [2.146.43.54](https://vuldb.com/?ip.2.146.43.54) | - | - | High
+17 | [2.185.141.176](https://vuldb.com/?ip.2.185.141.176) | - | - | High
+18 | [2.185.148.243](https://vuldb.com/?ip.2.185.148.243) | - | - | High
+19 | [2.225.139.211](https://vuldb.com/?ip.2.225.139.211) | 2-225-139-211.ip176.fastwebnet.it | - | High
+20 | [3.1.1.19](https://vuldb.com/?ip.3.1.1.19) | ec2-3-1-1-19.ap-southeast-1.compute.amazonaws.com | - | Medium
+21 | [3.6.115.182](https://vuldb.com/?ip.3.6.115.182) | ec2-3-6-115-182.ap-south-1.compute.amazonaws.com | - | Medium
+22 | [3.10.251.35](https://vuldb.com/?ip.3.10.251.35) | ec2-3-10-251-35.eu-west-2.compute.amazonaws.com | - | Medium
+23 | [3.13.191.225](https://vuldb.com/?ip.3.13.191.225) | ec2-3-13-191-225.us-east-2.compute.amazonaws.com | - | Medium
+24 | [3.14.182.203](https://vuldb.com/?ip.3.14.182.203) | ec2-3-14-182-203.us-east-2.compute.amazonaws.com | - | Medium
+25 | [3.17.7.232](https://vuldb.com/?ip.3.17.7.232) | ec2-3-17-7-232.us-east-2.compute.amazonaws.com | - | Medium
+26 | [3.17.117.250](https://vuldb.com/?ip.3.17.117.250) | ec2-3-17-117-250.us-east-2.compute.amazonaws.com | - | Medium
+27 | [3.19.3.150](https://vuldb.com/?ip.3.19.3.150) | ec2-3-19-3-150.us-east-2.compute.amazonaws.com | - | Medium
+28 | [3.19.130.43](https://vuldb.com/?ip.3.19.130.43) | ec2-3-19-130-43.us-east-2.compute.amazonaws.com | - | Medium
+29 | [3.20.98.123](https://vuldb.com/?ip.3.20.98.123) | ec2-3-20-98-123.us-east-2.compute.amazonaws.com | - | Medium
+30 | [3.22.53.161](https://vuldb.com/?ip.3.22.53.161) | ec2-3-22-53-161.us-east-2.compute.amazonaws.com | - | Medium
+31 | [3.60.11.44](https://vuldb.com/?ip.3.60.11.44) | - | - | High
+32 | [3.69.157.220](https://vuldb.com/?ip.3.69.157.220) | ec2-3-69-157-220.eu-central-1.compute.amazonaws.com | - | Medium
+33 | [3.70.110.188](https://vuldb.com/?ip.3.70.110.188) | ec2-3-70-110-188.eu-central-1.compute.amazonaws.com | - | Medium
+34 | [3.87.171.23](https://vuldb.com/?ip.3.87.171.23) | ec2-3-87-171-23.compute-1.amazonaws.com | - | Medium
+35 | [3.95.59.170](https://vuldb.com/?ip.3.95.59.170) | ec2-3-95-59-170.compute-1.amazonaws.com | - | Medium
+36 | [3.98.71.71](https://vuldb.com/?ip.3.98.71.71) | ec2-3-98-71-71.ca-central-1.compute.amazonaws.com | - | Medium
+37 | [3.110.135.114](https://vuldb.com/?ip.3.110.135.114) | ec2-3-110-135-114.ap-south-1.compute.amazonaws.com | - | Medium
+38 | [3.121.188.41](https://vuldb.com/?ip.3.121.188.41) | ec2-3-121-188-41.eu-central-1.compute.amazonaws.com | - | Medium
+39 | [3.123.24.80](https://vuldb.com/?ip.3.123.24.80) | ec2-3-123-24-80.eu-central-1.compute.amazonaws.com | - | Medium
+40 | [3.124.142.205](https://vuldb.com/?ip.3.124.142.205) | ec2-3-124-142-205.eu-central-1.compute.amazonaws.com | - | Medium
+41 | [3.125.209.94](https://vuldb.com/?ip.3.125.209.94) | ec2-3-125-209-94.eu-central-1.compute.amazonaws.com | - | Medium
+42 | [3.126.37.18](https://vuldb.com/?ip.3.126.37.18) | ec2-3-126-37-18.eu-central-1.compute.amazonaws.com | - | Medium
+43 | [3.127.138.57](https://vuldb.com/?ip.3.127.138.57) | ec2-3-127-138-57.eu-central-1.compute.amazonaws.com | - | Medium
+44 | [3.128.107.74](https://vuldb.com/?ip.3.128.107.74) | ec2-3-128-107-74.us-east-2.compute.amazonaws.com | - | Medium
+45 | [3.130.209.29](https://vuldb.com/?ip.3.130.209.29) | ec2-3-130-209-29.us-east-2.compute.amazonaws.com | - | Medium
+46 | [3.131.123.134](https://vuldb.com/?ip.3.131.123.134) | ec2-3-131-123-134.us-east-2.compute.amazonaws.com | - | Medium
+47 | [3.131.147.49](https://vuldb.com/?ip.3.131.147.49) | ec2-3-131-147-49.us-east-2.compute.amazonaws.com | - | Medium
+48 | [3.131.207.170](https://vuldb.com/?ip.3.131.207.170) | ec2-3-131-207-170.us-east-2.compute.amazonaws.com | - | Medium
+49 | [3.133.207.110](https://vuldb.com/?ip.3.133.207.110) | ec2-3-133-207-110.us-east-2.compute.amazonaws.com | - | Medium
+50 | [3.134.39.220](https://vuldb.com/?ip.3.134.39.220) | ec2-3-134-39-220.us-east-2.compute.amazonaws.com | - | Medium
+51 | [3.134.125.175](https://vuldb.com/?ip.3.134.125.175) | ec2-3-134-125-175.us-east-2.compute.amazonaws.com | - | Medium
+52 | [3.136.65.236](https://vuldb.com/?ip.3.136.65.236) | ec2-3-136-65-236.us-east-2.compute.amazonaws.com | - | Medium
+53 | [3.137.123.63](https://vuldb.com/?ip.3.137.123.63) | ec2-3-137-123-63.us-east-2.compute.amazonaws.com | - | Medium
+54 | [3.138.45.170](https://vuldb.com/?ip.3.138.45.170) | ec2-3-138-45-170.us-east-2.compute.amazonaws.com | - | Medium
+55 | [3.138.180.119](https://vuldb.com/?ip.3.138.180.119) | ec2-3-138-180-119.us-east-2.compute.amazonaws.com | - | Medium
+56 | [3.141.77.88](https://vuldb.com/?ip.3.141.77.88) | ec2-3-141-77-88.us-east-2.compute.amazonaws.com | - | Medium
+57 | [3.141.126.222](https://vuldb.com/?ip.3.141.126.222) | ec2-3-141-126-222.us-east-2.compute.amazonaws.com | - | Medium
+58 | [3.141.177.1](https://vuldb.com/?ip.3.141.177.1) | ec2-3-141-177-1.us-east-2.compute.amazonaws.com | - | Medium
+59 | [3.141.204.47](https://vuldb.com/?ip.3.141.204.47) | ec2-3-141-204-47.us-east-2.compute.amazonaws.com | - | Medium
+60 | [3.141.210.37](https://vuldb.com/?ip.3.141.210.37) | ec2-3-141-210-37.us-east-2.compute.amazonaws.com | - | Medium
+61 | [3.142.71.14](https://vuldb.com/?ip.3.142.71.14) | ec2-3-142-71-14.us-east-2.compute.amazonaws.com | - | Medium
+62 | [3.142.157.76](https://vuldb.com/?ip.3.142.157.76) | ec2-3-142-157-76.us-east-2.compute.amazonaws.com | - | Medium
+63 | [4.50.4.50](https://vuldb.com/?ip.4.50.4.50) | - | - | High
+64 | [4.194.155.161](https://vuldb.com/?ip.4.194.155.161) | - | - | High
+65 | [4.194.156.247](https://vuldb.com/?ip.4.194.156.247) | - | - | High
+66 | [5.6.7.8](https://vuldb.com/?ip.5.6.7.8) | dynamic-005-006-007-008.5.6.pool.telefonica.de | - | High
+67 | [5.8.18.118](https://vuldb.com/?ip.5.8.18.118) | - | - | High
+68 | [5.34.192.55](https://vuldb.com/?ip.5.34.192.55) | - | - | High
+69 | [5.39.216.203](https://vuldb.com/?ip.5.39.216.203) | - | - | High
+70 | [5.39.217.156](https://vuldb.com/?ip.5.39.217.156) | - | - | High
+71 | [5.42.67.9](https://vuldb.com/?ip.5.42.67.9) | - | - | High
+72 | [5.42.77.35](https://vuldb.com/?ip.5.42.77.35) | pigletserver.aeza.network | - | High
+73 | [5.42.92.181](https://vuldb.com/?ip.5.42.92.181) | . | - | High
+74 | [5.61.59.234](https://vuldb.com/?ip.5.61.59.234) | - | - | High
+75 | [5.133.9.52](https://vuldb.com/?ip.5.133.9.52) | d9052.artnet.gda.pl | - | High
+76 | [5.141.82.14](https://vuldb.com/?ip.5.141.82.14) | - | - | High
+77 | [5.152.216.120](https://vuldb.com/?ip.5.152.216.120) | h5-152-216-120.host.redstation.co.uk | - | High
+78 | [5.188.86.146](https://vuldb.com/?ip.5.188.86.146) | - | - | High
+79 | [5.188.86.194](https://vuldb.com/?ip.5.188.86.194) | - | - | High
+80 | [5.188.87.2](https://vuldb.com/?ip.5.188.87.2) | - | - | High
+81 | [5.189.184.60](https://vuldb.com/?ip.5.189.184.60) | vmi1333975.contaboserver.net | - | High
+82 | [5.199.170.149](https://vuldb.com/?ip.5.199.170.149) | - | - | High
+83 | [5.223.98.157](https://vuldb.com/?ip.5.223.98.157) | - | - | High
+84 | [5.230.72.64](https://vuldb.com/?ip.5.230.72.64) | placeholder.noezserver.de | - | High
+85 | [5.252.179.227](https://vuldb.com/?ip.5.252.179.227) | no-rdns.mivocloud.com | - | High
+86 | [5.255.109.67](https://vuldb.com/?ip.5.255.109.67) | - | - | High
+87 | [6.6.6.101](https://vuldb.com/?ip.6.6.6.101) | - | - | High
+88 | [8.130.105.57](https://vuldb.com/?ip.8.130.105.57) | - | - | High
+89 | [8.136.210.194](https://vuldb.com/?ip.8.136.210.194) | - | - | High
+90 | [8.142.11.136](https://vuldb.com/?ip.8.142.11.136) | - | - | High
+91 | [8.210.39.131](https://vuldb.com/?ip.8.210.39.131) | - | - | High
+92 | [8.210.181.149](https://vuldb.com/?ip.8.210.181.149) | - | - | High
+93 | [8.210.246.55](https://vuldb.com/?ip.8.210.246.55) | - | - | High
+94 | [12.110.150.235](https://vuldb.com/?ip.12.110.150.235) | - | - | High
+95 | [13.37.73.137](https://vuldb.com/?ip.13.37.73.137) | ec2-13-37-73-137.eu-west-3.compute.amazonaws.com | - | Medium
+96 | [13.38.57.254](https://vuldb.com/?ip.13.38.57.254) | ec2-13-38-57-254.eu-west-3.compute.amazonaws.com | - | Medium
+97 | [13.52.76.119](https://vuldb.com/?ip.13.52.76.119) | ec2-13-52-76-119.us-west-1.compute.amazonaws.com | - | Medium
+98 | [13.59.15.185](https://vuldb.com/?ip.13.59.15.185) | ec2-13-59-15-185.us-east-2.compute.amazonaws.com | - | Medium
+99 | [13.79.25.152](https://vuldb.com/?ip.13.79.25.152) | - | - | High
+100 | [13.211.254.84](https://vuldb.com/?ip.13.211.254.84) | ec2-13-211-254-84.ap-southeast-2.compute.amazonaws.com | - | Medium
+101 | [13.214.189.242](https://vuldb.com/?ip.13.214.189.242) | ec2-13-214-189-242.ap-southeast-1.compute.amazonaws.com | - | Medium
+102 | [13.233.233.161](https://vuldb.com/?ip.13.233.233.161) | ec2-13-233-233-161.ap-south-1.compute.amazonaws.com | - | Medium
+103 | [13.234.135.58](https://vuldb.com/?ip.13.234.135.58) | ec2-13-234-135-58.ap-south-1.compute.amazonaws.com | - | Medium
+104 | [14.0.21.109](https://vuldb.com/?ip.14.0.21.109) | - | - | High
+105 | [14.142.243.78](https://vuldb.com/?ip.14.142.243.78) | 14.142.243.78.static-Delhi.vsnl.net.in | - | High
+106 | [14.165.213.101](https://vuldb.com/?ip.14.165.213.101) | static.vnpt.vn | - | High
+107 | [15.204.49.129](https://vuldb.com/?ip.15.204.49.129) | ip129.ip-15-204-49.us | - | High
+108 | [15.222.66.186](https://vuldb.com/?ip.15.222.66.186) | ec2-15-222-66-186.ca-central-1.compute.amazonaws.com | - | Medium
+109 | [16.170.40.227](https://vuldb.com/?ip.16.170.40.227) | ec2-16-170-40-227.eu-north-1.compute.amazonaws.com | - | Medium
+110 | [17.253.144.10](https://vuldb.com/?ip.17.253.144.10) | apple.nl | - | High
+111 | [18.58.8.13](https://vuldb.com/?ip.18.58.8.13) | - | - | High
+112 | [18.117.9.33](https://vuldb.com/?ip.18.117.9.33) | ec2-18-117-9-33.us-east-2.compute.amazonaws.com | - | Medium
+113 | [18.139.9.214](https://vuldb.com/?ip.18.139.9.214) | ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com | - | Medium
+114 | [18.158.58.205](https://vuldb.com/?ip.18.158.58.205) | ec2-18-158-58-205.eu-central-1.compute.amazonaws.com | - | Medium
+115 | [18.158.249.75](https://vuldb.com/?ip.18.158.249.75) | ec2-18-158-249-75.eu-central-1.compute.amazonaws.com | - | Medium
+116 | [18.163.100.82](https://vuldb.com/?ip.18.163.100.82) | ec2-18-163-100-82.ap-east-1.compute.amazonaws.com | - | Medium
+117 | [18.163.190.116](https://vuldb.com/?ip.18.163.190.116) | ec2-18-163-190-116.ap-east-1.compute.amazonaws.com | - | Medium
+118 | [18.167.109.204](https://vuldb.com/?ip.18.167.109.204) | ec2-18-167-109-204.ap-east-1.compute.amazonaws.com | - | Medium
+119 | [18.180.199.201](https://vuldb.com/?ip.18.180.199.201) | ec2-18-180-199-201.ap-northeast-1.compute.amazonaws.com | - | Medium
+120 | [18.181.38.192](https://vuldb.com/?ip.18.181.38.192) | ec2-18-181-38-192.ap-northeast-1.compute.amazonaws.com | - | Medium
+121 | [18.183.99.161](https://vuldb.com/?ip.18.183.99.161) | ec2-18-183-99-161.ap-northeast-1.compute.amazonaws.com | - | Medium
+122 | [18.184.173.90](https://vuldb.com/?ip.18.184.173.90) | ec2-18-184-173-90.eu-central-1.compute.amazonaws.com | - | Medium
+123 | [18.185.125.77](https://vuldb.com/?ip.18.185.125.77) | ec2-18-185-125-77.eu-central-1.compute.amazonaws.com | - | Medium
+124 | [18.189.106.45](https://vuldb.com/?ip.18.189.106.45) | ec2-18-189-106-45.us-east-2.compute.amazonaws.com | - | Medium
+125 | [18.192.31.165](https://vuldb.com/?ip.18.192.31.165) | ec2-18-192-31-165.eu-central-1.compute.amazonaws.com | - | Medium
+126 | [18.195.167.84](https://vuldb.com/?ip.18.195.167.84) | ec2-18-195-167-84.eu-central-1.compute.amazonaws.com | - | Medium
+127 | [18.197.94.76](https://vuldb.com/?ip.18.197.94.76) | ec2-18-197-94-76.eu-central-1.compute.amazonaws.com | - | Medium
+128 | [18.197.239.5](https://vuldb.com/?ip.18.197.239.5) | ec2-18-197-239-5.eu-central-1.compute.amazonaws.com | - | Medium
+129 | [18.205.2.150](https://vuldb.com/?ip.18.205.2.150) | ec2-18-205-2-150.compute-1.amazonaws.com | - | Medium
+130 | [18.229.146.63](https://vuldb.com/?ip.18.229.146.63) | ec2-18-229-146-63.sa-east-1.compute.amazonaws.com | - | Medium
+131 | [18.231.93.153](https://vuldb.com/?ip.18.231.93.153) | ec2-18-231-93-153.sa-east-1.compute.amazonaws.com | - | Medium
+132 | [18.234.28.10](https://vuldb.com/?ip.18.234.28.10) | ec2-18-234-28-10.compute-1.amazonaws.com | - | Medium
+133 | [18.236.192.6](https://vuldb.com/?ip.18.236.192.6) | ec2-18-236-192-6.us-west-2.compute.amazonaws.com | - | Medium
+134 | [18.237.162.188](https://vuldb.com/?ip.18.237.162.188) | ec2-18-237-162-188.us-west-2.compute.amazonaws.com | - | Medium
+135 | [20.75.52.151](https://vuldb.com/?ip.20.75.52.151) | - | - | High
+136 | [20.83.148.22](https://vuldb.com/?ip.20.83.148.22) | - | - | High
+137 | [20.84.114.52](https://vuldb.com/?ip.20.84.114.52) | - | - | High
+138 | [20.93.17.3](https://vuldb.com/?ip.20.93.17.3) | - | - | High
+139 | [20.107.10.131](https://vuldb.com/?ip.20.107.10.131) | - | - | High
+140 | [20.125.139.231](https://vuldb.com/?ip.20.125.139.231) | - | - | High
+141 | [20.170.13.22](https://vuldb.com/?ip.20.170.13.22) | - | - | High
+142 | [20.187.113.223](https://vuldb.com/?ip.20.187.113.223) | - | - | High
+143 | [20.194.196.40](https://vuldb.com/?ip.20.194.196.40) | - | - | High
+144 | [20.203.0.22](https://vuldb.com/?ip.20.203.0.22) | - | - | High
+145 | [20.212.145.66](https://vuldb.com/?ip.20.212.145.66) | - | - | High
+146 | [20.219.131.67](https://vuldb.com/?ip.20.219.131.67) | - | - | High
+147 | [20.254.138.169](https://vuldb.com/?ip.20.254.138.169) | - | - | High
+148 | [23.22.19.250](https://vuldb.com/?ip.23.22.19.250) | ec2-23-22-19-250.compute-1.amazonaws.com | - | Medium
+149 | [23.94.107.211](https://vuldb.com/?ip.23.94.107.211) | read-variation.pickexit.com | - | High
+150 | [23.94.182.202](https://vuldb.com/?ip.23.94.182.202) | 23-94-182-202-host.colocrossing.com | - | High
+151 | [23.106.160.180](https://vuldb.com/?ip.23.106.160.180) | - | - | High
+152 | [23.224.49.26](https://vuldb.com/?ip.23.224.49.26) | - | - | High
+153 | [23.227.194.35](https://vuldb.com/?ip.23.227.194.35) | 23-227-194-35.static.hvvc.us | - | High
+154 | [23.227.194.115](https://vuldb.com/?ip.23.227.194.115) | 23-227-194-115.static.hvvc.us | - | High
+155 | [23.234.200.144](https://vuldb.com/?ip.23.234.200.144) | 144-200-234-23-dedicated.multacom.com | - | High
+156 | [23.234.205.20](https://vuldb.com/?ip.23.234.205.20) | 20-205-234-23-dedicated.multacom.com | - | High
+157 | [23.234.205.28](https://vuldb.com/?ip.23.234.205.28) | 28-205-234-23-dedicated.multacom.com | - | High
+158 | [23.251.52.242](https://vuldb.com/?ip.23.251.52.242) | - | - | High
+159 | [24.9.12.117](https://vuldb.com/?ip.24.9.12.117) | c-24-9-12-117.hsd1.co.comcast.net | - | High
+160 | [24.205.5.129](https://vuldb.com/?ip.24.205.5.129) | 024-205-005-129.res.spectrum.com | - | High
+161 | [27.102.114.63](https://vuldb.com/?ip.27.102.114.63) | - | - | High
+162 | [27.102.114.89](https://vuldb.com/?ip.27.102.114.89) | - | - | High
+163 | [27.102.127.240](https://vuldb.com/?ip.27.102.127.240) | - | - | High
+164 | [27.124.7.107](https://vuldb.com/?ip.27.124.7.107) | - | - | High
+165 | [27.255.79.204](https://vuldb.com/?ip.27.255.79.204) | - | - | High
+166 | [27.255.81.109](https://vuldb.com/?ip.27.255.81.109) | - | - | High
+167 | [28.0.2.82](https://vuldb.com/?ip.28.0.2.82) | - | - | High
+168 | [28.0.4.29](https://vuldb.com/?ip.28.0.4.29) | - | - | High
+169 | [31.14.40.55](https://vuldb.com/?ip.31.14.40.55) | ns52.countdch.net | - | High
+170 | [31.14.40.134](https://vuldb.com/?ip.31.14.40.134) | - | - | High
+171 | [31.44.184.48](https://vuldb.com/?ip.31.44.184.48) | - | - | High
+172 | [31.44.184.50](https://vuldb.com/?ip.31.44.184.50) | - | - | High
+173 | [31.44.184.56](https://vuldb.com/?ip.31.44.184.56) | - | - | High
+174 | [31.44.184.84](https://vuldb.com/?ip.31.44.184.84) | - | - | High
+175 | [31.44.184.123](https://vuldb.com/?ip.31.44.184.123) | - | - | High
+176 | [31.44.184.125](https://vuldb.com/?ip.31.44.184.125) | - | - | High
+177 | [31.44.184.131](https://vuldb.com/?ip.31.44.184.131) | - | - | High
+178 | [31.47.225.65](https://vuldb.com/?ip.31.47.225.65) | - | - | High
+179 | [31.168.84.153](https://vuldb.com/?ip.31.168.84.153) | bzq-84-168-31-153.red.bezeqint.net | - | High
+180 | [31.168.144.18](https://vuldb.com/?ip.31.168.144.18) | bzq-144-168-31-18.red.bezeqint.net | - | High
+181 | [31.172.80.104](https://vuldb.com/?ip.31.172.80.104) | - | - | High
+182 | [31.220.78.160](https://vuldb.com/?ip.31.220.78.160) | vmi1463291.contaboserver.net | - | High
+183 | [34.71.22.160](https://vuldb.com/?ip.34.71.22.160) | 160.22.71.34.bc.googleusercontent.com | - | Medium
+184 | [34.89.129.194](https://vuldb.com/?ip.34.89.129.194) | 194.129.89.34.bc.googleusercontent.com | - | Medium
+185 | [34.92.108.241](https://vuldb.com/?ip.34.92.108.241) | 241.108.92.34.bc.googleusercontent.com | - | Medium
+186 | [34.92.125.242](https://vuldb.com/?ip.34.92.125.242) | 242.125.92.34.bc.googleusercontent.com | - | Medium
+187 | [34.122.216.213](https://vuldb.com/?ip.34.122.216.213) | 213.216.122.34.bc.googleusercontent.com | - | Medium
+188 | [34.125.62.174](https://vuldb.com/?ip.34.125.62.174) | 174.62.125.34.bc.googleusercontent.com | - | Medium
+189 | [34.142.247.189](https://vuldb.com/?ip.34.142.247.189) | 189.247.142.34.bc.googleusercontent.com | - | Medium
+190 | [34.143.208.106](https://vuldb.com/?ip.34.143.208.106) | 106.208.143.34.bc.googleusercontent.com | - | Medium
+191 | [34.150.94.110](https://vuldb.com/?ip.34.150.94.110) | 110.94.150.34.bc.googleusercontent.com | - | Medium
+192 | [34.170.249.238](https://vuldb.com/?ip.34.170.249.238) | 238.249.170.34.bc.googleusercontent.com | - | Medium
+193 | [34.202.234.105](https://vuldb.com/?ip.34.202.234.105) | ec2-34-202-234-105.compute-1.amazonaws.com | - | Medium
+194 | [34.215.154.163](https://vuldb.com/?ip.34.215.154.163) | ec2-34-215-154-163.us-west-2.compute.amazonaws.com | - | Medium
+195 | [34.220.41.64](https://vuldb.com/?ip.34.220.41.64) | ec2-34-220-41-64.us-west-2.compute.amazonaws.com | - | Medium
+196 | [34.229.92.232](https://vuldb.com/?ip.34.229.92.232) | ec2-34-229-92-232.compute-1.amazonaws.com | - | Medium
+197 | [34.234.67.250](https://vuldb.com/?ip.34.234.67.250) | ec2-34-234-67-250.compute-1.amazonaws.com | - | Medium
+198 | [34.238.123.45](https://vuldb.com/?ip.34.238.123.45) | ec2-34-238-123-45.compute-1.amazonaws.com | - | Medium
+199 | [34.238.192.43](https://vuldb.com/?ip.34.238.192.43) | ec2-34-238-192-43.compute-1.amazonaws.com | - | Medium
+200 | [34.244.205.242](https://vuldb.com/?ip.34.244.205.242) | ec2-34-244-205-242.eu-west-1.compute.amazonaws.com | - | Medium
+201 | [34.248.5.0](https://vuldb.com/?ip.34.248.5.0) | ec2-34-248-5-0.eu-west-1.compute.amazonaws.com | - | Medium
+202 | [35.157.111.131](https://vuldb.com/?ip.35.157.111.131) | ec2-35-157-111-131.eu-central-1.compute.amazonaws.com | - | Medium
+203 | [35.181.137.4](https://vuldb.com/?ip.35.181.137.4) | ec2-35-181-137-4.eu-west-3.compute.amazonaws.com | - | Medium
+204 | [35.182.213.89](https://vuldb.com/?ip.35.182.213.89) | ec2-35-182-213-89.ca-central-1.compute.amazonaws.com | - | Medium
+205 | [35.200.48.195](https://vuldb.com/?ip.35.200.48.195) | 195.48.200.35.bc.googleusercontent.com | - | Medium
+206 | [35.202.167.95](https://vuldb.com/?ip.35.202.167.95) | 95.167.202.35.bc.googleusercontent.com | - | Medium
+207 | [35.241.76.6](https://vuldb.com/?ip.35.241.76.6) | 6.76.241.35.bc.googleusercontent.com | - | Medium
+208 | [35.246.15.72](https://vuldb.com/?ip.35.246.15.72) | 72.15.246.35.bc.googleusercontent.com | - | Medium
+209 | [36.102.212.98](https://vuldb.com/?ip.36.102.212.98) | - | - | High
+210 | [36.238.76.46](https://vuldb.com/?ip.36.238.76.46) | 36-238-76-46.dynamic-ip.hinet.net | - | High
+211 | [37.1.209.130](https://vuldb.com/?ip.37.1.209.130) | - | - | High
+212 | [37.17.172.72](https://vuldb.com/?ip.37.17.172.72) | hostpost.hu | - | High
+213 | [37.21.225.245](https://vuldb.com/?ip.37.21.225.245) | - | - | High
+214 | [37.35.202.146](https://vuldb.com/?ip.37.35.202.146) | 146.202.35.37.dynamic.jazztel.es | - | High
+215 | [37.44.237.238](https://vuldb.com/?ip.37.44.237.238) | - | - | High
+216 | [37.77.51.178](https://vuldb.com/?ip.37.77.51.178) | - | - | High
+217 | [37.133.231.240](https://vuldb.com/?ip.37.133.231.240) | 240.231.133.37.dynamic.jazztel.es | - | High
+218 | [37.187.217.154](https://vuldb.com/?ip.37.187.217.154) | - | - | High
+219 | [38.6.155.219](https://vuldb.com/?ip.38.6.155.219) | - | - | High
+220 | [38.92.97.11](https://vuldb.com/?ip.38.92.97.11) | - | - | High
+221 | [39.98.91.83](https://vuldb.com/?ip.39.98.91.83) | - | - | High
+222 | [39.99.34.219](https://vuldb.com/?ip.39.99.34.219) | - | - | High
+223 | [39.101.174.221](https://vuldb.com/?ip.39.101.174.221) | - | - | High
+224 | [39.102.64.207](https://vuldb.com/?ip.39.102.64.207) | - | - | High
+225 | [39.107.118.209](https://vuldb.com/?ip.39.107.118.209) | - | - | High
+226 | [39.108.12.1](https://vuldb.com/?ip.39.108.12.1) | - | - | High
+227 | [39.108.60.64](https://vuldb.com/?ip.39.108.60.64) | - | - | High
+228 | [39.109.41.108](https://vuldb.com/?ip.39.109.41.108) | - | - | High
+229 | [40.113.230.218](https://vuldb.com/?ip.40.113.230.218) | - | - | High
+230 | [41.34.124.243](https://vuldb.com/?ip.41.34.124.243) | host-41.34.124.243.tedata.net | - | High
+231 | [41.96.243.229](https://vuldb.com/?ip.41.96.243.229) | - | - | High
+232 | [41.99.12.133](https://vuldb.com/?ip.41.99.12.133) | - | - | High
+233 | [41.99.52.202](https://vuldb.com/?ip.41.99.52.202) | - | - | High
+234 | [41.100.163.164](https://vuldb.com/?ip.41.100.163.164) | - | - | High
+235 | [41.107.155.58](https://vuldb.com/?ip.41.107.155.58) | - | - | High
+236 | [41.107.190.172](https://vuldb.com/?ip.41.107.190.172) | - | - | High
+237 | [41.108.43.125](https://vuldb.com/?ip.41.108.43.125) | - | - | High
+238 | [41.110.231.91](https://vuldb.com/?ip.41.110.231.91) | - | - | High
+239 | [41.200.64.139](https://vuldb.com/?ip.41.200.64.139) | - | - | High
+240 | [41.201.53.68](https://vuldb.com/?ip.41.201.53.68) | - | - | High
+241 | [41.214.200.152](https://vuldb.com/?ip.41.214.200.152) | - | - | High
+242 | [41.225.218.141](https://vuldb.com/?ip.41.225.218.141) | - | - | High
+243 | [41.233.213.12](https://vuldb.com/?ip.41.233.213.12) | host-41.233.213.12.tedata.net | - | High
+244 | [41.248.40.230](https://vuldb.com/?ip.41.248.40.230) | - | - | High
+245 | [42.51.67.111](https://vuldb.com/?ip.42.51.67.111) | - | - | High
+246 | [42.56.76.11](https://vuldb.com/?ip.42.56.76.11) | - | - | High
+247 | [42.192.149.244](https://vuldb.com/?ip.42.192.149.244) | - | - | High
+248 | [42.193.108.137](https://vuldb.com/?ip.42.193.108.137) | - | - | High
+249 | [42.193.118.132](https://vuldb.com/?ip.42.193.118.132) | - | - | High
+250 | [42.193.229.33](https://vuldb.com/?ip.42.193.229.33) | - | - | High
+251 | [42.194.199.231](https://vuldb.com/?ip.42.194.199.231) | - | - | High
+252 | [42.200.181.116](https://vuldb.com/?ip.42.200.181.116) | 42-200-181-116.static.imsbiz.com | - | High
+253 | [43.132.121.67](https://vuldb.com/?ip.43.132.121.67) | - | - | High
+254 | [43.136.102.148](https://vuldb.com/?ip.43.136.102.148) | - | - | High
+255 | [43.138.26.158](https://vuldb.com/?ip.43.138.26.158) | - | - | High
+256 | [43.138.154.3](https://vuldb.com/?ip.43.138.154.3) | - | - | High
+257 | [43.138.235.176](https://vuldb.com/?ip.43.138.235.176) | - | - | High
+258 | [43.139.19.125](https://vuldb.com/?ip.43.139.19.125) | - | - | High
+259 | [43.139.106.227](https://vuldb.com/?ip.43.139.106.227) | - | - | High
+260 | [43.139.167.77](https://vuldb.com/?ip.43.139.167.77) | - | - | High
+261 | [43.142.105.191](https://vuldb.com/?ip.43.142.105.191) | - | - | High
+262 | [43.143.66.207](https://vuldb.com/?ip.43.143.66.207) | - | - | High
+263 | [43.143.112.69](https://vuldb.com/?ip.43.143.112.69) | - | - | High
+264 | [43.143.115.63](https://vuldb.com/?ip.43.143.115.63) | - | - | High
+265 | [43.143.121.198](https://vuldb.com/?ip.43.143.121.198) | - | - | High
+266 | [43.143.237.87](https://vuldb.com/?ip.43.143.237.87) | - | - | High
+267 | [43.153.63.93](https://vuldb.com/?ip.43.153.63.93) | - | - | High
+268 | [43.153.222.28](https://vuldb.com/?ip.43.153.222.28) | - | - | High
+269 | [43.163.204.20](https://vuldb.com/?ip.43.163.204.20) | - | - | High
+270 | [43.205.116.24](https://vuldb.com/?ip.43.205.116.24) | ec2-43-205-116-24.ap-south-1.compute.amazonaws.com | - | Medium
+271 | [43.205.116.244](https://vuldb.com/?ip.43.205.116.244) | ec2-43-205-116-244.ap-south-1.compute.amazonaws.com | - | Medium
+272 | [43.205.117.235](https://vuldb.com/?ip.43.205.117.235) | ec2-43-205-117-235.ap-south-1.compute.amazonaws.com | - | Medium
+273 | [43.207.166.142](https://vuldb.com/?ip.43.207.166.142) | ec2-43-207-166-142.ap-northeast-1.compute.amazonaws.com | - | Medium
+274 | [43.224.156.163](https://vuldb.com/?ip.43.224.156.163) | - | - | High
+275 | [43.226.74.228](https://vuldb.com/?ip.43.226.74.228) | - | - | High
+276 | ... | ... | ... | ...

-There are 133 more IOC items available. Please use our online service to access the data.
+There are 1099 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -64,11 +306,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
-2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
-3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
 6 | ... | ... | ... | ...

 There are 22 more TTP items available. Please use our online service to access the data.
@ -79,54 +321,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/?p=products` | Medium
-2 | File | `/about.php` | Medium
-3 | File | `/admin.php/accessory/filesdel.html` | High
-4 | File | `/admin/?page=user/manage` | High
-5 | File | `/admin/add-new.php` | High
-6 | File | `/admin/doctors.php` | High
-7 | File | `/admin/submit-articles` | High
-8 | File | `/ad_js.php` | Medium
-9 | File | `/alphaware/summary.php` | High
-10 | File | `/api/` | Low
-11 | File | `/api/admin/store/product/list` | High
-12 | File | `/api/baskets/{name}` | High
-13 | File | `/api/stl/actions/search` | High
-14 | File | `/api/v2/cli/commands` | High
-15 | File | `/attachments` | Medium
-16 | File | `/bin/ate` | Medium
-17 | File | `/boat/login.php` | High
-18 | File | `/booking/show_bookings/` | High
-19 | File | `/bsms_ci/index.php/book` | High
-20 | File | `/cgi-bin` | Medium
-21 | File | `/cgi-bin/luci/api/wireless` | High
-22 | File | `/cgi-bin/wlogin.cgi` | High
-23 | File | `/Content/Template/root/reverse-shell.aspx` | High
-24 | File | `/context/%2e/WEB-INF/web.xml` | High
-25 | File | `/dashboard/add-blog.php` | High
-26 | File | `/debian/patches/load_ppp_generic_if_needed` | High
-27 | File | `/debug/pprof` | Medium
-28 | File | `/env` | Low
-29 | File | `/etc/gsissh/sshd_config` | High
-30 | File | `/etc/hosts` | Medium
-31 | File | `/forum/away.php` | High
-32 | File | `/goform/setmac` | High
-33 | File | `/goform/wizard_end` | High
-34 | File | `/group1/uploa` | High
-35 | File | `/manage-apartment.php` | High
-36 | File | `/medicines/profile.php` | High
-37 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
-38 | File | `/nova/bin/igmp-proxy` | High
-39 | File | `/out.php` | Medium
-40 | File | `/pages/apply_vacancy.php` | High
-41 | File | `/php-sms/admin/?page=user/manage_user` | High
-42 | File | `/proxy` | Low
-43 | File | `/reservation/add_message.php` | High
-44 | File | `/resources//../` | High
-45 | File | `/spip.php` | Medium
-46 | ... | ... | ...
+1 | File | `/academy/home/courses` | High
+2 | File | `/admin/adclass.php` | High
+3 | File | `/admin/admin-profile.php` | High
+4 | File | `/admin/sales/view_details.php` | High
+5 | File | `/ajax-files/followBoard.php` | High
+6 | File | `/api/baskets/{name}` | High
+7 | File | `/api/cron/settings/setJob/` | High
+8 | File | `/api/v1/snapshots` | High
+9 | File | `/audit/log/log_management.php` | High
+10 | File | `/authenticationendpoint/login.do` | High
+11 | File | `/cgi-bin/login.cgi` | High
+12 | File | `/cgi-bin/mainfunction.cgi` | High
+13 | File | `/cgi-bin/vitogate.cgi` | High
+14 | File | `/cgi-bin/wlogin.cgi` | High
+15 | File | `/cgi.cgi` | Medium
+16 | File | `/collection/all` | High
+17 | File | `/config/php.ini` | High
+18 | File | `/Content/Template/root/reverse-shell.aspx` | High
+19 | File | `/ctcprotocol/Protocol` | High
+20 | File | `/dashboard/add-blog.php` | High
+21 | File | `/debug/pprof` | Medium
+22 | File | `/dottie.js` | Medium
+23 | File | `/DXR.axd` | Medium
+24 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
+25 | File | `/env` | Low
+26 | File | `/files/` | Low
+27 | File | `/forms/doLogin` | High
+28 | File | `/forum/away.php` | High
+29 | File | `/h/autoSaveDraft` | High
+30 | File | `/ims/login.php` | High
+31 | File | `/index.php` | Medium
+32 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
+33 | File | `/jurusanmatkul/data` | High
+34 | File | `/log/decodmail.php` | High
+35 | File | `/log/webmailattach.php` | High
+36 | File | `/login.php?do=login` | High
+37 | File | `/public/login.htm` | High
+38 | File | `/QueryView.php` | High
+39 | File | `/recreate.php` | High
+40 | ... | ... | ...

-There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 341 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Mirai/README.md
+++ b/actors/Mirai/README.md
--- a/actors/Moobot/README.md
+++ b/actors/Moobot/README.md
@ -50,8 +50,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
-7 | ... | ... | ... | ...
+6 | ... | ... | ... | ...

 There are 22 more TTP items available. Please use our online service to access the data.

@ -62,61 +61,61 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `//` | Low
-2 | File | `/add_post_sql.php` | High
-3 | File | `/admin.php/pic/admin/pic/del` | High
-4 | File | `/admin.php/singer/admin/lists/zhuan` | High
-5 | File | `/admin.php/User/level_sort` | High
-6 | File | `/admin/communitymanagement.php` | High
-7 | File | `/admin/del_service.php` | High
-8 | File | `/admin/generalsettings.php` | High
-9 | File | `/admin/maintenance/view_designation.php` | High
-10 | File | `/admin/payment.php` | High
-11 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
+2 | File | `/activate_hook.php` | High
+3 | File | `/add_post_sql.php` | High
+4 | File | `/admin.php/pic/admin/pic/del` | High
+5 | File | `/admin.php/singer/admin/lists/zhuan` | High
+6 | File | `/admin.php/User/level_sort` | High
+7 | File | `/admin/communitymanagement.php` | High
+8 | File | `/admin/del_service.php` | High
+9 | File | `/admin/generalsettings.php` | High
+10 | File | `/admin/maintenance/view_designation.php` | High
+11 | File | `/admin/payment.php` | High
 12 | File | `/admin/user/manage_user.php` | High
 13 | File | `/ajax.php?action=read_msg` | High
 14 | File | `/api/baskets/{name}` | High
-15 | File | `/blog/edit` | Medium
-16 | File | `/bsms_ci/index.php/user/edit_user/` | High
-17 | File | `/cgi-bin/wapopen` | High
-18 | File | `/cgi-bin/wlogin.cgi` | High
-19 | File | `/classes/Master.php?f=delete_category` | High
-20 | File | `/classes/Master.php?f=save_item` | High
-21 | File | `/config/php.ini` | High
-22 | File | `/Default/Bd` | Medium
-23 | File | `/dms/admin/reports/daily_collection_report.php` | High
-24 | File | `/editprofile.php` | High
-25 | File | `/etc/networkd-dispatcher` | High
-26 | File | `/event/admin/?page=user/list` | High
-27 | File | `/filemanager/upload/drop` | High
-28 | File | `/food/admin/all_users.php` | High
-29 | File | `/forum/away.php` | High
-30 | File | `/getcfg.php` | Medium
-31 | File | `/goform/PowerSaveSet` | High
-32 | File | `/goform/SetClientState` | High
-33 | File | `/goform/SetFirewallCfg` | High
-34 | File | `/goform/setIPv6Status` | High
-35 | File | `/goform/wizard_end` | High
-36 | File | `/home/get_tasks_list` | High
-37 | File | `/hrm/employeeview.php` | High
-38 | File | `/index.php` | Medium
-39 | File | `/isms/classes/Users.php` | High
-40 | File | `/lists/index.php` | High
-41 | File | `/members/view_member.php` | High
-42 | File | `/messageboard/view.php` | High
-43 | File | `/mgmt/tm/util/bash` | High
-44 | File | `/modules/projects/vw_files.php` | High
-45 | File | `/ofrs/admin/?page=teams/view_team` | High
-46 | File | `/ordering/index.php?q=category` | High
-47 | File | `/owa/auth/logon.aspx` | High
-48 | File | `/picturesPreview` | High
-49 | File | `/public_html/animals` | High
-50 | File | `/public_html/apply_vacancy` | High
-51 | File | `/purchase_order/admin/?page=user` | High
-52 | File | `/purchase_order/classes/Master.php?f=delete_supplier` | High
-53 | File | `/simple_chat_bot/classes/Master.php?f=delete_response` | High
+15 | File | `/bitrix/admin/ldap_server_edit.php` | High
+16 | File | `/blog/edit` | Medium
+17 | File | `/bsms_ci/index.php/user/edit_user/` | High
+18 | File | `/cgi-bin/wapopen` | High
+19 | File | `/cgi-bin/wlogin.cgi` | High
+20 | File | `/classes/Master.php?f=delete_category` | High
+21 | File | `/classes/Master.php?f=save_item` | High
+22 | File | `/conf/` | Low
+23 | File | `/config/php.ini` | High
+24 | File | `/controller/AdminController.php` | High
+25 | File | `/Default/Bd` | Medium
+26 | File | `/dms/admin/reports/daily_collection_report.php` | High
+27 | File | `/editprofile.php` | High
+28 | File | `/etc/networkd-dispatcher` | High
+29 | File | `/event/admin/?page=user/list` | High
+30 | File | `/filemanager/upload/drop` | High
+31 | File | `/food/admin/all_users.php` | High
+32 | File | `/forum/away.php` | High
+33 | File | `/getcfg.php` | Medium
+34 | File | `/goform/PowerSaveSet` | High
+35 | File | `/goform/SetClientState` | High
+36 | File | `/goform/SetFirewallCfg` | High
+37 | File | `/goform/wizard_end` | High
+38 | File | `/home/get_tasks_list` | High
+39 | File | `/hrm/employeeview.php` | High
+40 | File | `/index.php` | Medium
+41 | File | `/isms/classes/Users.php` | High
+42 | File | `/lists/index.php` | High
+43 | File | `/members/view_member.php` | High
+44 | File | `/messageboard/view.php` | High
+45 | File | `/mgmt/tm/util/bash` | High
+46 | File | `/mhds/clinic/view_details.php` | High
+47 | File | `/modules/projects/vw_files.php` | High
+48 | File | `/ofrs/admin/?page=teams/view_team` | High
+49 | File | `/ordering/index.php?q=category` | High
+50 | File | `/owa/auth/logon.aspx` | High
+51 | File | `/picturesPreview` | High
+52 | File | `/purchase_order/admin/?page=user` | High
+53 | File | `/purchase_order/classes/Master.php?f=delete_supplier` | High
 54 | ... | ... | ...

-There are 468 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 473 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Libra/README.md
+++ b/Libra/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...

-There are 10 more country items available. Please use our online service to access the data.
+There are 12 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -88,47 +88,48 @@ ID | Type | Indicator | Confidence
 17 | File | `/config/getuser` | High
 18 | File | `/contact/store` | High
 19 | File | `/dashboard/settings` | High
-20 | File | `/debian/patches/load_ppp_generic_if_needed` | High
-21 | File | `/Default/Bd` | Medium
-22 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-23 | File | `/FormLogin` | Medium
-24 | File | `/forum/away.php` | High
-25 | File | `/friends` | Medium
-26 | File | `/getcfg.php` | Medium
-27 | File | `/gfxpoly/stroke.c` | High
-28 | File | `/goform/form2Wan.cgi` | High
-29 | File | `/guest/s/default/` | High
-30 | File | `/h/compose` | Medium
-31 | File | `/index.php?module=entities/listing_types&entities_id=24` | High
-32 | File | `/index/jobfairol/show/` | High
-33 | File | `/leave_system/classes/Master.php?f=delete_department` | High
-34 | File | `/leave_system/classes/Users.php?f=save` | High
-35 | File | `/messageboard/view.php` | High
-36 | File | `/mgmt/tm/util/bash` | High
-37 | File | `/mhds/clinic/view_details.php` | High
-38 | File | `/modules/projects/vw_files.php` | High
-39 | File | `/MTFWU` | Low
-40 | File | `/nova/bin/console` | High
-41 | File | `/ofrs/admin/?page=teams/manage_team` | High
-42 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
-43 | File | `/panel/fields/add` | High
-44 | File | `/patient/settings.php` | High
-45 | File | `/REBOOTSYSTEM` | High
-46 | File | `/reports/rwservlet` | High
-47 | File | `/sbin/acos_service` | High
-48 | File | `/school/model/get_teacher.php` | High
-49 | File | `/scripts/unlock_tasks.php` | High
-50 | File | `/servlet/webacc` | High
-51 | File | `/simple_chat_bot/admin/?page=responses/view_response` | High
-52 | File | `/textpattern/index.php` | High
-53 | File | `/uncpath/` | Medium
-54 | File | `/usr/bin/at` | Medium
-55 | File | `/usr/bin/pkexec` | High
-56 | File | `/var/lib/dpkg/info/` | High
-57 | File | `/var/log/demisto/` | High
-58 | ... | ... | ...
+20 | File | `/Default/Bd` | Medium
+21 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+22 | File | `/FormLogin` | Medium
+23 | File | `/forum/away.php` | High
+24 | File | `/friends` | Medium
+25 | File | `/getcfg.php` | Medium
+26 | File | `/gfxpoly/stroke.c` | High
+27 | File | `/goform/form2Wan.cgi` | High
+28 | File | `/guest/s/default/` | High
+29 | File | `/h/compose` | Medium
+30 | File | `/index.php?module=entities/listing_types&entities_id=24` | High
+31 | File | `/index/jobfairol/show/` | High
+32 | File | `/leave_system/classes/Master.php?f=delete_department` | High
+33 | File | `/leave_system/classes/Users.php?f=save` | High
+34 | File | `/messageboard/view.php` | High
+35 | File | `/mgmt/tm/util/bash` | High
+36 | File | `/mhds/clinic/view_details.php` | High
+37 | File | `/modules/projects/vw_files.php` | High
+38 | File | `/MTFWU` | Low
+39 | File | `/nova/bin/console` | High
+40 | File | `/ofrs/admin/?page=teams/manage_team` | High
+41 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
+42 | File | `/panel/fields/add` | High
+43 | File | `/patient/settings.php` | High
+44 | File | `/REBOOTSYSTEM` | High
+45 | File | `/reports/rwservlet` | High
+46 | File | `/sbin/acos_service` | High
+47 | File | `/school/model/get_teacher.php` | High
+48 | File | `/scripts/unlock_tasks.php` | High
+49 | File | `/servlet/webacc` | High
+50 | File | `/simple_chat_bot/admin/?page=responses/view_response` | High
+51 | File | `/textpattern/index.php` | High
+52 | File | `/uncpath/` | Medium
+53 | File | `/usr/bin/at` | Medium
+54 | File | `/usr/bin/pkexec` | High
+55 | File | `/var/lib/dpkg/info/` | High
+56 | File | `/var/log/demisto/` | High
+57 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+58 | File | `/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2` | High
+59 | ... | ... | ...

-There are 505 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 512 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/MuddyWater/README.md
+++ b/actors/MuddyWater/README.md
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...

-There are 25 more country items available. Please use our online service to access the data.
+There are 24 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -63,10 +63,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-22, CWE-24, CWE-36, CWE-425 | Pathname Traversal | High
+1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-36, CWE-425 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

@ -78,66 +78,66 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.github/workflows/comment.yml` | High
-2 | File | `/?r=recruit/resume/edit&op=status` | High
-3 | File | `/academy/home/courses` | High
-4 | File | `/academy/tutor/filter` | High
-5 | File | `/account/delivery` | High
-6 | File | `/ad-list` | Medium
-7 | File | `/admin/?page=user/list` | High
-8 | File | `/admin/?page=user/manage_user&id=3` | High
-9 | File | `/admin/about-us.php` | High
-10 | File | `/admin/add-category.php` | High
-11 | File | `/admin/add-services.php` | High
-12 | File | `/admin/add_user_modal.php` | High
-13 | File | `/admin/admin-profile.php` | High
-14 | File | `/admin/article/article-edit-run.php` | High
-15 | File | `/admin/del_category.php` | High
-16 | File | `/admin/del_feedback.php` | High
-17 | File | `/admin/del_service.php` | High
-18 | File | `/admin/edit-accepted-appointment.php` | High
-19 | File | `/admin/edit_category.php` | High
-20 | File | `/admin/edit_product.php` | High
-21 | File | `/admin/files` | Medium
-22 | File | `/admin/forgot-password.php` | High
-23 | File | `/admin/index.php` | High
-24 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
-25 | File | `/admin/invoice.php` | High
-26 | File | `/admin/search-appointment.php` | High
-27 | File | `/admin/sys_sql_query.php` | High
-28 | File | `/admin/test_status.php` | High
-29 | File | `/api/baskets/{name}` | High
-30 | File | `/api/download/updateFile` | High
-31 | File | `/api/es/admin/v3/security/user/1` | High
-32 | File | `/api/installation/setThumbnailRc` | High
-33 | File | `/api/ping` | Medium
-34 | File | `/api/set-password` | High
-35 | File | `/api/sys/login` | High
-36 | File | `/api/sys/set_passwd` | High
-37 | File | `/api/thumbnail` | High
-38 | File | `/app/sys1.php` | High
-39 | File | `/App_Resource/UEditor/server/upload.aspx` | High
-40 | File | `/author_posts.php` | High
-41 | File | `/blog` | Low
-42 | File | `/blog-single.php` | High
-43 | File | `/browse` | Low
-44 | File | `/cgi-bin/koha/catalogue/search.pl` | High
-45 | File | `/chaincity/user/ticket/create` | High
-46 | File | `/classes/Master.php?f=delete_category` | High
-47 | File | `/classes/Master.php?f=delete_inquiry` | High
-48 | File | `/classes/Master.php?f=save_inquiry` | High
-49 | File | `/classes/Master.php?f=save_item` | High
-50 | File | `/collection/all` | High
-51 | File | `/conf/` | Low
-52 | File | `/config` | Low
-53 | File | `/config/php.ini` | High
-54 | File | `/contact.php` | Medium
-55 | File | `/Duty/AjaxHandle/UpLoadFloodPlanFile.ashx` | High
-56 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
-57 | File | `/en/blog-comment-4` | High
+1 | File | `/academy/home/courses` | High
+2 | File | `/academy/tutor/filter` | High
+3 | File | `/ad-list` | Medium
+4 | File | `/admin/?page=bike` | High
+5 | File | `/admin/?page=user` | High
+6 | File | `/admin/?page=user/list` | High
+7 | File | `/admin/?page=user/manage_user&id=3` | High
+8 | File | `/admin/about-us.php` | High
+9 | File | `/admin/add-category.php` | High
+10 | File | `/admin/add-services.php` | High
+11 | File | `/admin/admin-profile.php` | High
+12 | File | `/admin/article/article-edit-run.php` | High
+13 | File | `/admin/cms_admin.php` | High
+14 | File | `/admin/cms_content.php` | High
+15 | File | `/admin/config/uploadicon.php` | High
+16 | File | `/admin/del_category.php` | High
+17 | File | `/admin/del_feedback.php` | High
+18 | File | `/admin/del_service.php` | High
+19 | File | `/admin/edit-accepted-appointment.php` | High
+20 | File | `/admin/edit_category.php` | High
+21 | File | `/admin/edit_product.php` | High
+22 | File | `/admin/files` | Medium
+23 | File | `/admin/forgot-password.php` | High
+24 | File | `/admin/index.php` | High
+25 | File | `/admin/inquiries/view_inquiry.php` | High
+26 | File | `/admin/invoice.php` | High
+27 | File | `/admin/leancloud.php` | High
+28 | File | `/admin/list_addr_fwresource_ip.php` | High
+29 | File | `/admin/login.php` | High
+30 | File | `/admin/order.php` | High
+31 | File | `/admin/plugin.php` | High
+32 | File | `/admin/save.php` | High
+33 | File | `/admin/search-appointment.php` | High
+34 | File | `/admin/services/manage_service.php` | High
+35 | File | `/admin/sys_sql_query.php` | High
+36 | File | `/api/` | Low
+37 | File | `/api/download` | High
+38 | File | `/api/download/updateFile` | High
+39 | File | `/api/es/admin/v3/security/user/1` | High
+40 | File | `/api/installation/setThumbnailRc` | High
+41 | File | `/api/sys/login` | High
+42 | File | `/api/sys/set_passwd` | High
+43 | File | `/api/thumbnail` | High
+44 | File | `/app/sys1.php` | High
+45 | File | `/blog-single.php` | High
+46 | File | `/book-services.php` | High
+47 | File | `/cgi-bin/koha/catalogue/search.pl` | High
+48 | File | `/cgi-bin/vitogate.cgi` | High
+49 | File | `/classes/Master.php?f=delete_category` | High
+50 | File | `/classes/master.php?f=delete_order` | High
+51 | File | `/classes/Master.php?f=delete_sub_category` | High
+52 | File | `/classes/Master.php?f=save_brand` | High
+53 | File | `/classes/Master.php?f=save_category` | High
+54 | File | `/classes/Master.php?f=save_service` | High
+55 | File | `/classes/Master.php?f=update_order_status` | High
+56 | File | `/collection/all` | High
+57 | File | `/conf/` | Low
 58 | ... | ... | ...

-There are 508 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 509 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Panda/README.md
+++ b/Panda/README.md
@ -151,7 +151,7 @@ ID | Type | Indicator | Confidence
 73 | File | `/home/<user>/SecurityOnion/setup/so-setup` | High
 74 | ... | ... | ...

-There are 654 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 651 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/NSAMsdMiner/README.md
+++ b/actors/NSAMsdMiner/README.md
@ -0,0 +1,67 @@
+# NSAMsdMiner - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [NSAMsdMiner](https://vuldb.com/?actor.nsamsdminer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.nsamsdminer](https://vuldb.com/?actor.nsamsdminer)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with NSAMsdMiner:
+
+* [US](https://vuldb.com/?country.us)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of NSAMsdMiner.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [3.0.144.122](https://vuldb.com/?ip.3.0.144.122) | ec2-3-0-144-122.ap-southeast-1.compute.amazonaws.com | - | Medium
+2 | [45.35.4.107](https://vuldb.com/?ip.45.35.4.107) | - | - | High
+3 | [47.101.30.124](https://vuldb.com/?ip.47.101.30.124) | - | - | High
+4 | ... | ... | ... | ...
+
+There are 1 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _NSAMsdMiner_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059 | CWE-94 | Cross Site Scripting | High
+2 | T1078.001 | CWE-259 | Use of Hard-coded Password | High
+3 | T1505 | CWE-89 | SQL Injection | High
+4 | ... | ... | ... | ...
+
+There are 1 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by NSAMsdMiner. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `addentry.php` | Medium
+2 | File | `data/gbconfiguration.dat` | High
+3 | File | `email.php` | Medium
+4 | ... | ... | ...
+
+There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://s.tencent.com/research/report/730
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/NetSupportManager
+++ b/actors/NetSupportManager
@ -64,7 +64,8 @@ ID | Technique | Weakness | Description | Confidence
 1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | ... | ... | ... | ...
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

 There are 14 more TTP items available. Please use our online service to access the data.

@ -95,7 +96,7 @@ ID | Type | Indicator | Confidence
 19 | File | `announce.php` | Medium
 20 | ... | ... | ...

-There are 163 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 165 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/NetWire
+++ b/actors/NetWire
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...

-There are 18 more country items available. Please use our online service to access the data.
+There are 17 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -85,7 +85,7 @@ ID | Technique | Weakness | Description | Confidence
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...

-There are 20 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -113,50 +113,49 @@ ID | Type | Indicator | Confidence
 18 | File | `/admin/search-appointment.php` | High
 19 | File | `/admin/sys_sql_query.php` | High
 20 | File | `/api/baskets/{name}` | High
-21 | File | `/appliance/users?action=edit` | High
-22 | File | `/backup.pl` | Medium
-23 | File | `/blog` | Low
-24 | File | `/booking/show_bookings/` | High
-25 | File | `/CCMAdmin/serverlist.asp` | High
-26 | File | `/cgi-bin/wlogin.cgi` | High
-27 | File | `/cgi/get_param.cgi` | High
-28 | File | `/classes/master.php?f=delete_order` | High
-29 | File | `/collection/all` | High
-30 | File | `/csms/admin/inquiries/view_details.php` | High
-31 | File | `/cstecgi.cgi` | Medium
-32 | File | `/dipam/athlete-profile.php` | High
-33 | File | `/DXR.axd` | Medium
-34 | File | `/E-mobile/App/System/File/downfile.php` | High
-35 | File | `/edoc/doctor/patient.php` | High
-36 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
-37 | File | `/etc/ldap.conf` | High
-38 | File | `/etc/shadow` | Medium
+21 | File | `/api/v4/users/ids` | High
+22 | File | `/appliance/users?action=edit` | High
+23 | File | `/apply.cgi` | Medium
+24 | File | `/backup.pl` | Medium
+25 | File | `/blog` | Low
+26 | File | `/booking/show_bookings/` | High
+27 | File | `/CCMAdmin/serverlist.asp` | High
+28 | File | `/cgi-bin/wlogin.cgi` | High
+29 | File | `/cgi/get_param.cgi` | High
+30 | File | `/classes/master.php?f=delete_order` | High
+31 | File | `/collection/all` | High
+32 | File | `/csms/admin/inquiries/view_details.php` | High
+33 | File | `/cstecgi.cgi` | Medium
+34 | File | `/dipam/athlete-profile.php` | High
+35 | File | `/DXR.axd` | Medium
+36 | File | `/E-mobile/App/System/File/downfile.php` | High
+37 | File | `/edoc/doctor/patient.php` | High
+38 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
 39 | File | `/forum/away.php` | High
 40 | File | `/fusion/portal/action/Link` | High
-41 | File | `/importexport.php` | High
-42 | File | `/include/chart_generator.php` | High
-43 | File | `/index.php` | Medium
-44 | File | `/index.php?app=main&func=passport&action=login` | High
-45 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
-46 | File | `/kelasdosen/data` | High
-47 | File | `/librarian/bookdetails.php` | High
-48 | File | `/listplace/user/coverPhotoUpdate` | High
-49 | File | `/messageboard/view.php` | High
-50 | File | `/MIME/INBOX-MM-1/` | High
-51 | File | `/osm/REGISTER.cmd` | High
-52 | File | `/out.php` | Medium
-53 | File | `/owa/auth/logon.aspx` | High
-54 | File | `/patient/appointment.php` | High
-55 | File | `/paysystem/datatable.php` | High
-56 | File | `/php-scrm/login.php` | High
-57 | File | `/reservation/add_message.php` | High
-58 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
-59 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
-60 | File | `/send_order.cgi?parameter=restart` | High
-61 | File | `/spcgi.cgi` | Medium
-62 | ... | ... | ...
+41 | File | `/h/autoSaveDraft` | High
+42 | File | `/importexport.php` | High
+43 | File | `/include/chart_generator.php` | High
+44 | File | `/index.php` | Medium
+45 | File | `/index.php?app=main&func=passport&action=login` | High
+46 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
+47 | File | `/kelasdosen/data` | High
+48 | File | `/librarian/bookdetails.php` | High
+49 | File | `/listplace/user/coverPhotoUpdate` | High
+50 | File | `/messageboard/view.php` | High
+51 | File | `/MIME/INBOX-MM-1/` | High
+52 | File | `/osm/REGISTER.cmd` | High
+53 | File | `/out.php` | Medium
+54 | File | `/owa/auth/logon.aspx` | High
+55 | File | `/patient/appointment.php` | High
+56 | File | `/paysystem/datatable.php` | High
+57 | File | `/php-scrm/login.php` | High
+58 | File | `/protocol/iscgwtunnel/uploadiscgwrouteconf.php` | High
+59 | File | `/reservation/add_message.php` | High
+60 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
+61 | ... | ... | ...

-There are 538 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 532 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/NetWire/README.md
+++ b/actors/NetWire/README.md
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...

-There are 18 more country items available. Please use our online service to access the data.
+There are 20 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -81,7 +81,7 @@ ID | Technique | Weakness | Description | Confidence
 6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
 7 | ... | ... | ... | ...

-There are 23 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -108,13 +108,13 @@ ID | Type | Indicator | Confidence
 17 | File | `/admin/reg.php` | High
 18 | File | `/admin/search-appointment.php` | High
 19 | File | `/admin/settings/save.php` | High
-20 | File | `/admin/students/manage.php` | High
-21 | File | `/admin/sys_sql_query.php` | High
-22 | File | `/admin/userprofile.php` | High
-23 | File | `/api/baskets/{name}` | High
-24 | File | `/appliance/users?action=edit` | High
-25 | File | `/apply.cgi` | Medium
-26 | File | `/backup.pl` | Medium
+20 | File | `/admin/sys_sql_query.php` | High
+21 | File | `/admin/userprofile.php` | High
+22 | File | `/api/baskets/{name}` | High
+23 | File | `/appliance/users?action=edit` | High
+24 | File | `/apply.cgi` | Medium
+25 | File | `/backup.pl` | Medium
+26 | File | `/bitrix/admin/ldap_server_edit.php` | High
 27 | File | `/blog` | Low
 28 | File | `/booking/show_bookings/` | High
 29 | File | `/cgi-bin/wlogin.cgi` | High
@ -149,7 +149,7 @@ ID | Type | Indicator | Confidence
 58 | File | `/php-scrm/login.php` | High
 59 | ... | ... | ...

-There are 511 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 518 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Nimplant/README.md
+++ b/actors/Nimplant/README.md
@ -0,0 +1,69 @@
+# Nimplant - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Nimplant](https://vuldb.com/?actor.nimplant). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.nimplant](https://vuldb.com/?actor.nimplant)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Nimplant:
+
+* [US](https://vuldb.com/?country.us)
+* [RU](https://vuldb.com/?country.ru)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Nimplant.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [23.106.215.199](https://vuldb.com/?ip.23.106.215.199) | - | - | High
+2 | [54.202.46.22](https://vuldb.com/?ip.54.202.46.22) | ec2-54-202-46-22.us-west-2.compute.amazonaws.com | - | Medium
+3 | [142.93.226.220](https://vuldb.com/?ip.142.93.226.220) | - | - | High
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Nimplant_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
+
+There are 6 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Nimplant. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `/bin/goahead` | Medium
+2 | File | `/common/info.cgi` | High
+3 | File | `/docs/captcha_(number).jpeg` | High
+4 | File | `/etc/config/image_sign` | High
+5 | File | `/home.jsp` | Medium
+6 | ... | ... | ...
+
+There are 37 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://search.censys.io/hosts/23.106.215.199
+* https://search.censys.io/hosts/54.202.46.22
+* https://search.censys.io/hosts/142.93.226.220
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [DE](https://vuldb.com/?country.de)
 * ...

-There are 21 more country items available. Please use our online service to access the data.
+There are 22 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -48,68 +48,71 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin/photo.php` | High
-2 | File | `/admin/upload.php` | High
-3 | File | `/admin/user/add` | High
-4 | File | `/api/baskets/{name}` | High
-5 | File | `/APP_Installation.asp` | High
-6 | File | `/blog` | Low
-7 | File | `/categorypage.php` | High
-8 | File | `/cm/delete` | Medium
-9 | File | `/common/logViewer/logViewer.jsf` | High
-10 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
-11 | File | `/download` | Medium
-12 | File | `/drivers/media/media-device.c` | High
-13 | File | `/etc/master.passwd` | High
-14 | File | `/filemanager/upload.php` | High
-15 | File | `/forum/away.php` | High
-16 | File | `/getcfg.php` | Medium
-17 | File | `/home.php` | Medium
-18 | File | `/homeaction.php` | High
-19 | File | `/modules/profile/index.php` | High
-20 | File | `/modules/tasks/summary.inc.php` | High
-21 | File | `/multi-vendor-shopping-script/product-list.php` | High
-22 | File | `/out.php` | Medium
-23 | File | `/p` | Low
-24 | File | `/preauth` | Medium
-25 | File | `/products/details.asp` | High
-26 | File | `/recordings/index.php` | High
-27 | File | `/see_more_details.php` | High
-28 | File | `/show_news.php` | High
-29 | File | `/tmp/before` | Medium
-30 | File | `/uncpath/` | Medium
-31 | File | `/updownload/t.report` | High
-32 | File | `/user.profile.php` | High
-33 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
-34 | File | `/wordpress/wp-admin/options-general.php` | High
-35 | File | `/wp-admin` | Medium
-36 | File | `/wp-admin/admin-ajax.php` | High
-37 | File | `account.asp` | Medium
-38 | File | `adclick.php` | Medium
-39 | File | `adm/systools.asp` | High
-40 | File | `admin.php` | Medium
-41 | File | `admin/admin.shtml` | High
-42 | File | `Admin/ADM_Pagina.php` | High
-43 | File | `admin/category.inc.php` | High
-44 | File | `admin/main.asp` | High
-45 | File | `admin/param/param_func.inc.php` | High
-46 | File | `admin/y_admin.asp` | High
-47 | File | `adminer.php` | Medium
-48 | File | `administration/admins.php` | High
-49 | File | `administrator/components/com_media/helpers/media.php` | High
-50 | File | `admin_ok.asp` | Medium
-51 | File | `album_portal.php` | High
-52 | File | `app/Core/Paginator.php` | High
-53 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
-54 | File | `artlinks.dispnew.php` | High
-55 | File | `auth.php` | Medium
-56 | File | `bin/named/query.c` | High
-57 | File | `blank.php` | Medium
-58 | File | `blocklayered-ajax.php` | High
-59 | File | `blogger-importer.php` | High
-60 | ... | ... | ...
+1 | File | `/admin/manage_academic.php` | High
+2 | File | `/admin/photo.php` | High
+3 | File | `/admin/upload.php` | High
+4 | File | `/admin/user/add` | High
+5 | File | `/api/baskets/{name}` | High
+6 | File | `/APP_Installation.asp` | High
+7 | File | `/blog` | Low
+8 | File | `/categorypage.php` | High
+9 | File | `/cm/delete` | Medium
+10 | File | `/common/logViewer/logViewer.jsf` | High
+11 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
+12 | File | `/download` | Medium
+13 | File | `/drivers/media/media-device.c` | High
+14 | File | `/etc/master.passwd` | High
+15 | File | `/filemanager/upload.php` | High
+16 | File | `/forum/away.php` | High
+17 | File | `/getcfg.php` | Medium
+18 | File | `/home.php` | Medium
+19 | File | `/homeaction.php` | High
+20 | File | `/modules/profile/index.php` | High
+21 | File | `/modules/tasks/summary.inc.php` | High
+22 | File | `/multi-vendor-shopping-script/product-list.php` | High
+23 | File | `/out.php` | Medium
+24 | File | `/p` | Low
+25 | File | `/preauth` | Medium
+26 | File | `/products/details.asp` | High
+27 | File | `/recordings/index.php` | High
+28 | File | `/see_more_details.php` | High
+29 | File | `/show_news.php` | High
+30 | File | `/tmp/before` | Medium
+31 | File | `/uncpath/` | Medium
+32 | File | `/updownload/t.report` | High
+33 | File | `/user.profile.php` | High
+34 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
+35 | File | `/wordpress/wp-admin/options-general.php` | High
+36 | File | `/wp-admin` | Medium
+37 | File | `/wp-admin/admin-ajax.php` | High
+38 | File | `4.2.0.CP09` | Medium
+39 | File | `account.asp` | Medium
+40 | File | `adclick.php` | Medium
+41 | File | `adm/systools.asp` | High
+42 | File | `admin.php` | Medium
+43 | File | `admin/admin.shtml` | High
+44 | File | `Admin/ADM_Pagina.php` | High
+45 | File | `admin/category.inc.php` | High
+46 | File | `admin/main.asp` | High
+47 | File | `admin/param/param_func.inc.php` | High
+48 | File | `admin/y_admin.asp` | High
+49 | File | `adminer.php` | Medium
+50 | File | `administration/admins.php` | High
+51 | File | `administrator/components/com_media/helpers/media.php` | High
+52 | File | `admin_ok.asp` | Medium
+53 | File | `album_portal.php` | High
+54 | File | `app/Core/Paginator.php` | High
+55 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
+56 | File | `artlinks.dispnew.php` | High
+57 | File | `auth.php` | Medium
+58 | File | `bin/named/query.c` | High
+59 | File | `blank.php` | Medium
+60 | File | `blocklayered-ajax.php` | High
+61 | File | `blogger-importer.php` | High
+62 | File | `bluegate_seo.inc.php` | High
+63 | ... | ... | ...

-There are 529 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 548 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Novter/README.md
+++ b/actors/Novter/README.md
@ -45,7 +45,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
 3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
@ -74,16 +74,16 @@ ID | Type | Indicator | Confidence
 14 | File | `/wp-content/plugins/updraftplus/admin.php` | High
 15 | File | `add.php` | Low
 16 | File | `admin.cgi/config.cgi` | High
-17 | File | `admin/admin.guestbook.php` | High
-18 | File | `admin/auth.php` | High
-19 | File | `admin/backupdb.php` | High
-20 | File | `admin/login.asp` | High
-21 | File | `admin/preview.php` | High
-22 | File | `administrator/components/com_media/helpers/media.php` | High
-23 | File | `archive_read_support_format_rar.c` | High
+17 | File | `admin.php` | Medium
+18 | File | `admin/admin.guestbook.php` | High
+19 | File | `admin/auth.php` | High
+20 | File | `admin/backupdb.php` | High
+21 | File | `admin/login.asp` | High
+22 | File | `admin/preview.php` | High
+23 | File | `administrator/components/com_media/helpers/media.php` | High
 24 | ... | ... | ...

-There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 200 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/OldGremlin/README.md
+++ b/actors/OldGremlin/README.md
@ -55,9 +55,10 @@ ID | Type | Indicator | Confidence
 6 | File | `/uncpath/` | Medium
 7 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
 8 | File | `AppCompatCache.exe` | High
-9 | ... | ... | ...
+9 | File | `appserv/main.php` | High
+10 | ... | ... | ...

-There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 71 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Sleet/README.md
+++ b/Sleet/README.md
@ -0,0 +1,37 @@
+# Onyx Sleet - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Onyx Sleet](https://vuldb.com/?actor.onyx_sleet). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.onyx_sleet](https://vuldb.com/?actor.onyx_sleet)
+
+## Campaigns
+
+The following _campaigns_ are known and can be associated with Onyx Sleet:
+
+* CVE-2023-42793
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Onyx Sleet.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [147.78.149.201](https://vuldb.com/?ip.147.78.149.201) | - | CVE-2023-42793 | High
+2 | [162.19.71.175](https://vuldb.com/?ip.162.19.71.175) | - | CVE-2023-42793 | High
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Orchard/README.md
+++ b/actors/Orchard/README.md
@ -76,7 +76,7 @@ ID | Type | Indicator | Confidence
 25 | File | `/plesk-site-preview/` | High
 26 | ... | ... | ...

-There are 222 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Ouroboros/README.md
+++ b/actors/Ouroboros/README.md
@ -0,0 +1,30 @@
+# Ouroboros - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ouroboros](https://vuldb.com/?actor.ouroboros). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ouroboros](https://vuldb.com/?actor.ouroboros)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Ouroboros.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [176.31.68.30](https://vuldb.com/?ip.176.31.68.30) | - | - | High
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://s.tencent.com/research/report/793
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/Show More
+++ b/Show More