Update
This commit is contained in:
parent
ba3bbfbe2c
commit
6e04b1ea5a
|
@ -133,7 +133,7 @@ ID | Type | Indicator | Confidence
|
||||||
28 | File | `/viewer/krpano.html` | High
|
28 | File | `/viewer/krpano.html` | High
|
||||||
29 | ... | ... | ...
|
29 | ... | ... | ...
|
||||||
|
|
||||||
There are 243 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 241 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -17,8 +17,8 @@ The following _campaigns_ are known and can be associated with APT33:
|
||||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
|
||||||
|
|
||||||
* [PL](https://vuldb.com/?country.pl)
|
* [PL](https://vuldb.com/?country.pl)
|
||||||
* [RU](https://vuldb.com/?country.ru)
|
|
||||||
* [AR](https://vuldb.com/?country.ar)
|
* [AR](https://vuldb.com/?country.ar)
|
||||||
|
* [SV](https://vuldb.com/?country.sv)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 7 more country items available. Please use our online service to access the data.
|
There are 7 more country items available. Please use our online service to access the data.
|
||||||
|
@ -61,7 +61,7 @@ ID | Technique | Weakness | Description | Confidence
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 21 more TTP items available. Please use our online service to access the data.
|
There are 22 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -72,23 +72,23 @@ ID | Type | Indicator | Confidence
|
||||||
1 | File | `/admin/?page=user/manage_user` | High
|
1 | File | `/admin/?page=user/manage_user` | High
|
||||||
2 | File | `/admin/del.php` | High
|
2 | File | `/admin/del.php` | High
|
||||||
3 | File | `/admin/delstu.php` | High
|
3 | File | `/admin/delstu.php` | High
|
||||||
4 | File | `/admin/image.php` | High
|
4 | File | `/admin/lab.php` | High
|
||||||
5 | File | `/admin/lab.php` | High
|
5 | File | `/asan/asan_interceptors_memintrinsics.cpp` | High
|
||||||
6 | File | `/asan/asan_interceptors_memintrinsics.cpp` | High
|
6 | File | `/asan/asan_new_delete.cpp` | High
|
||||||
7 | File | `/asan/asan_new_delete.cpp` | High
|
7 | File | `/blog/blogpublish.php` | High
|
||||||
8 | File | `/blog/blogpublish.php` | High
|
8 | File | `/categories/view_category.php` | High
|
||||||
9 | File | `/categories/view_category.php` | High
|
9 | File | `/classes/Master.php?f=delete_category` | High
|
||||||
10 | File | `/classes/Master.php?f=delete_category` | High
|
10 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||||
11 | File | `/classes/Master.php?f=delete_schedule` | High
|
11 | File | `/classes/Users.php?f=save_client` | High
|
||||||
12 | File | `/classes/Users.php?f=save_client` | High
|
12 | File | `/dashboard/contact` | High
|
||||||
13 | File | `/dashboard/contact` | High
|
13 | File | `/dede/co_do.php` | High
|
||||||
14 | File | `/dede/co_do.php` | High
|
14 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||||
15 | File | `/etc/init0.d/S80telnetd.sh` | High
|
15 | File | `/etc/shadow.sample` | High
|
||||||
16 | File | `/etc/shadow.sample` | High
|
16 | File | `/frm/` | Low
|
||||||
17 | File | `/frm/` | Low
|
17 | File | `/goform/saveParentControlInfo` | High
|
||||||
18 | File | `/goform/setAutoPing` | High
|
18 | File | `/goform/setAutoPing` | High
|
||||||
19 | File | `/goform/wifiSSIDset` | High
|
19 | File | `/goform/SetIpMacBind` | High
|
||||||
20 | File | `/inc/design.inc.php` | High
|
20 | File | `/goform/wifiSSIDset` | High
|
||||||
21 | File | `/includes/db_utils.php` | High
|
21 | File | `/includes/db_utils.php` | High
|
||||||
22 | File | `/includes/utils.php` | High
|
22 | File | `/includes/utils.php` | High
|
||||||
23 | File | `/index.php` | Medium
|
23 | File | `/index.php` | Medium
|
||||||
|
@ -117,17 +117,9 @@ ID | Type | Indicator | Confidence
|
||||||
46 | File | `/var/backup/tower` | High
|
46 | File | `/var/backup/tower` | High
|
||||||
47 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
47 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
||||||
48 | File | `/viewReport.php` | High
|
48 | File | `/viewReport.php` | High
|
||||||
49 | File | `/webmail/server/webmail.php` | High
|
49 | ... | ... | ...
|
||||||
50 | File | `/whbs/?page=contact_us` | High
|
|
||||||
51 | File | `/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2` | High
|
|
||||||
52 | File | `/xpdf/Lexer.cc` | High
|
|
||||||
53 | File | `/xpdf/Stream.cc` | High
|
|
||||||
54 | File | `addphotosform.php` | High
|
|
||||||
55 | File | `addreviewsform.php` | High
|
|
||||||
56 | File | `adm.cgi` | Low
|
|
||||||
57 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 499 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 428 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -65,7 +65,7 @@ ID | Type | Indicator | Confidence
|
||||||
9 | File | `/server-status` | High
|
9 | File | `/server-status` | High
|
||||||
10 | ... | ... | ...
|
10 | ... | ... | ...
|
||||||
|
|
||||||
There are 73 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 75 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
|
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* [CN](https://vuldb.com/?country.cn)
|
* [CN](https://vuldb.com/?country.cn)
|
||||||
* [RU](https://vuldb.com/?country.ru)
|
* [SV](https://vuldb.com/?country.sv)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 11 more country items available. Please use our online service to access the data.
|
There are 8 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||||
|
@ -65,36 +65,36 @@ ID | Type | Indicator | Confidence
|
||||||
2 | File | `/admin/?page=reports/stockout` | High
|
2 | File | `/admin/?page=reports/stockout` | High
|
||||||
3 | File | `/admin/?page=reports/waste` | High
|
3 | File | `/admin/?page=reports/waste` | High
|
||||||
4 | File | `/admin/?page=user/manage_user` | High
|
4 | File | `/admin/?page=user/manage_user` | High
|
||||||
5 | File | `/admin/del.php` | High
|
5 | File | `/admin/addemployee.php` | High
|
||||||
6 | File | `/admin/delete.php` | High
|
6 | File | `/admin/article/list` | High
|
||||||
7 | File | `/admin/delstu.php` | High
|
7 | File | `/admin/article/list_approve` | High
|
||||||
8 | File | `/admin/history.php` | High
|
8 | File | `/admin/contact/list` | High
|
||||||
9 | File | `/admin/login.php` | High
|
9 | File | `/admin/del.php` | High
|
||||||
10 | File | `/admin/modify.php` | High
|
10 | File | `/admin/delete.php` | High
|
||||||
11 | File | `/admin/modify1.php` | High
|
11 | File | `/admin/delstu.php` | High
|
||||||
12 | File | `/admin/products/controller.php?action=add` | High
|
12 | File | `/admin/foldernotice/list` | High
|
||||||
13 | File | `/advanced-tools/nova/bin/netwatch` | High
|
13 | File | `/admin/folderrollpicture/list` | High
|
||||||
14 | File | `/api/v1/user` | Medium
|
14 | File | `/admin/image/list` | High
|
||||||
15 | File | `/appConfig/userDB.json` | High
|
15 | File | `/admin/imagealbum/list` | High
|
||||||
16 | File | `/blog/edit` | Medium
|
16 | File | `/admin/login.php` | High
|
||||||
17 | File | `/blogengine/api/posts` | High
|
17 | File | `/admin/products/controller.php?action=add` | High
|
||||||
18 | File | `/brand.php` | Medium
|
18 | File | `/admin/site/list` | High
|
||||||
19 | File | `/cgi-bin/DownloadFlash` | High
|
19 | File | `/admin/videoalbum/list` | High
|
||||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
20 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||||
21 | File | `/classes/Master.php?f=delete_account` | High
|
21 | File | `/api/upload-resource` | High
|
||||||
22 | File | `/classes/Master.php?f=delete_category` | High
|
22 | File | `/appConfig/userDB.json` | High
|
||||||
23 | File | `/classes/Master.php?f=delete_img` | High
|
23 | File | `/bd_genie_create_account.cgi` | High
|
||||||
24 | File | `/classes/Master.php?f=delete_payment` | High
|
24 | File | `/bin/boa` | Medium
|
||||||
25 | File | `/classes/Master.php?f=delete_schedule` | High
|
25 | File | `/blog/edit` | Medium
|
||||||
26 | File | `/classes/Master.php?f=delete_student` | High
|
26 | File | `/blogengine/api/posts` | High
|
||||||
27 | File | `/classes/Master.php?f=delete_waste` | High
|
27 | File | `/brand.php` | Medium
|
||||||
28 | File | `/classes/Users.php?f=save_client` | High
|
28 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||||
29 | File | `/client.php` | Medium
|
29 | File | `/cgi-bin/DownloadFlash` | High
|
||||||
30 | File | `/etc/ciel.cfg` | High
|
30 | File | `/cgi-bin/wlogin.cgi` | High
|
||||||
31 | File | `/etc/init0.d/S80telnetd.sh` | High
|
31 | File | `/classes/Master.php?f=delete_account` | High
|
||||||
32 | ... | ... | ...
|
32 | ... | ... | ...
|
||||||
|
|
||||||
There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 273 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -34,14 +34,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 19 more TTP items available. Please use our online service to access the data.
|
There are 20 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -49,39 +49,36 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
|
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `%ProgramData%\GOG.com` | High
|
1 | File | `/admin/?page=reports/stockin` | High
|
||||||
2 | File | `/addQuestion.php` | High
|
2 | File | `/admin/?page=reports/waste` | High
|
||||||
3 | File | `/admin/?page=reports/stockin` | High
|
3 | File | `/admin/?page=user/manage_user` | High
|
||||||
4 | File | `/admin/?page=reports/waste` | High
|
4 | File | `/admin/addemployee.php` | High
|
||||||
5 | File | `/admin/?page=user/manage_user` | High
|
5 | File | `/admin/del.php` | High
|
||||||
6 | File | `/admin/del.php` | High
|
6 | File | `/admin/delete.php` | High
|
||||||
7 | File | `/admin/delete.php` | High
|
7 | File | `/admin/delstu.php` | High
|
||||||
8 | File | `/admin/delstu.php` | High
|
8 | File | `/admin/history.php` | High
|
||||||
9 | File | `/admin/history.php` | High
|
9 | File | `/admin/login.php` | High
|
||||||
10 | File | `/admin/login.php` | High
|
10 | File | `/admin/modify.php` | High
|
||||||
11 | File | `/admin/modify.php` | High
|
11 | File | `/admin/modify1.php` | High
|
||||||
12 | File | `/admin/modify1.php` | High
|
12 | File | `/admin/products/controller.php?action=add` | High
|
||||||
13 | File | `/admin/products/controller.php?action=add` | High
|
13 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||||
14 | File | `/advanced-tools/nova/bin/netwatch` | High
|
14 | File | `/api/v1/user` | Medium
|
||||||
15 | File | `/api/v1/user` | Medium
|
15 | File | `/appConfig/userDB.json` | High
|
||||||
16 | File | `/appConfig/userDB.json` | High
|
16 | File | `/assets` | Low
|
||||||
17 | File | `/assets` | Low
|
17 | File | `/bin/boa` | Medium
|
||||||
18 | File | `/bits/stl_vector.h` | High
|
18 | File | `/blog/edit` | Medium
|
||||||
19 | File | `/blog/edit` | Medium
|
19 | File | `/blogengine/api/posts` | High
|
||||||
20 | File | `/blogengine/api/posts` | High
|
20 | File | `/blotter/blotter.php` | High
|
||||||
21 | File | `/blotter/blotter.php` | High
|
21 | File | `/brand.php` | Medium
|
||||||
22 | File | `/brand.php` | Medium
|
22 | File | `/cgi-bin/DownloadFlash` | High
|
||||||
23 | File | `/cgi-bin/DownloadFlash` | High
|
23 | File | `/cgi-bin/wlogin.cgi` | High
|
||||||
24 | File | `/cgi-bin/wlogin.cgi` | High
|
24 | File | `/classes/Master.php?f=delete_account` | High
|
||||||
25 | File | `/classes/Master.php?f=delete_account` | High
|
25 | File | `/classes/Master.php?f=delete_category` | High
|
||||||
26 | File | `/classes/Master.php?f=delete_category` | High
|
26 | File | `/classes/Master.php?f=delete_img` | High
|
||||||
27 | File | `/classes/Master.php?f=delete_img` | High
|
27 | File | `/classes/Master.php?f=delete_payment` | High
|
||||||
28 | File | `/classes/Master.php?f=delete_payment` | High
|
28 | ... | ... | ...
|
||||||
29 | File | `/classes/Master.php?f=delete_schedule` | High
|
|
||||||
30 | File | `/classes/Master.php?f=delete_student` | High
|
|
||||||
31 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 262 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -84,7 +84,7 @@ ID | Type | Indicator | Confidence
|
||||||
32 | File | `/goform/WifiExtraSet` | High
|
32 | File | `/goform/WifiExtraSet` | High
|
||||||
33 | ... | ... | ...
|
33 | ... | ... | ...
|
||||||
|
|
||||||
There are 278 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
|
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* [SC](https://vuldb.com/?country.sc)
|
* [SC](https://vuldb.com/?country.sc)
|
||||||
* [TR](https://vuldb.com/?country.tr)
|
* [ES](https://vuldb.com/?country.es)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 11 more country items available. Please use our online service to access the data.
|
There are 11 more country items available. Please use our online service to access the data.
|
||||||
|
@ -64,16 +64,16 @@ ID | Type | Indicator | Confidence
|
||||||
3 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
3 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||||
4 | File | `/addsrv` | Low
|
4 | File | `/addsrv` | Low
|
||||||
5 | File | `/admin.php/news/admin/topic/save` | High
|
5 | File | `/admin.php/news/admin/topic/save` | High
|
||||||
6 | File | `/admin/comn/service/update.json` | High
|
6 | File | `/admin/addemployee.php` | High
|
||||||
7 | File | `/Admin/Views/FileEditor/` | High
|
7 | File | `/admin/comn/service/update.json` | High
|
||||||
8 | File | `/api/user/{ID}` | High
|
8 | File | `/Admin/Views/FileEditor/` | High
|
||||||
9 | File | `/article/add` | Medium
|
9 | File | `/api/user/{ID}` | High
|
||||||
10 | File | `/cgi-bin/uploadWeiXinPic` | High
|
10 | File | `/article/add` | Medium
|
||||||
11 | File | `/controller/pay.class.php` | High
|
11 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||||
12 | File | `/ctpms/admin/?page=applications/view_application` | High
|
12 | File | `/controller/pay.class.php` | High
|
||||||
13 | File | `/dev/block/mmcblk0rpmb` | High
|
13 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||||
14 | File | `/dev/kmem` | Medium
|
14 | File | `/dev/block/mmcblk0rpmb` | High
|
||||||
15 | File | `/dev/shm` | Medium
|
15 | File | `/dev/kmem` | Medium
|
||||||
16 | File | `/dev/snd/seq` | Medium
|
16 | File | `/dev/snd/seq` | Medium
|
||||||
17 | File | `/device/device=140/tab=wifi/view` | High
|
17 | File | `/device/device=140/tab=wifi/view` | High
|
||||||
18 | File | `/dl/dl_print.php` | High
|
18 | File | `/dl/dl_print.php` | High
|
||||||
|
@ -81,21 +81,21 @@ ID | Type | Indicator | Confidence
|
||||||
20 | File | `/goform/addressNat` | High
|
20 | File | `/goform/addressNat` | High
|
||||||
21 | File | `/goform/SetClientState` | High
|
21 | File | `/goform/SetClientState` | High
|
||||||
22 | File | `/htdocs/admin/dict.php?id=3` | High
|
22 | File | `/htdocs/admin/dict.php?id=3` | High
|
||||||
23 | File | `/include/menu_v.inc.php` | High
|
23 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||||
24 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
24 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
|
||||||
25 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
|
25 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
|
||||||
26 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
|
26 | File | `/librarian/bookdetails.php` | High
|
||||||
27 | File | `/librarian/bookdetails.php` | High
|
27 | File | `/librarian/lab.php` | High
|
||||||
28 | File | `/librarian/lab.php` | High
|
28 | File | `/login` | Low
|
||||||
29 | File | `/login` | Low
|
29 | File | `/mngset/authset` | High
|
||||||
30 | File | `/mngset/authset` | High
|
30 | File | `/module/module_frame/index.php` | High
|
||||||
31 | File | `/module/module_frame/index.php` | High
|
31 | File | `/nova/bin/sniffer` | High
|
||||||
32 | File | `/nova/bin/sniffer` | High
|
32 | File | `/ofcms/company-c-47` | High
|
||||||
33 | File | `/ofcms/company-c-47` | High
|
33 | File | `/patient/settings.php` | High
|
||||||
34 | File | `/patient/settings.php` | High
|
34 | File | `/proc/*/cmdline"` | High
|
||||||
35 | ... | ... | ...
|
35 | ... | ... | ...
|
||||||
|
|
||||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -38,7 +38,7 @@ ID | Technique | Weakness | Description | Confidence
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 22 more TTP items available. Please use our online service to access the data.
|
There are 21 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -47,45 +47,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `.python-version` | High
|
1 | File | `.python-version` | High
|
||||||
2 | File | `/admin.php/news/admin/topic/save` | High
|
2 | File | `/admin/inc/include.php` | High
|
||||||
3 | File | `/admin/inc/include.php` | High
|
3 | File | `/admin/index.php` | High
|
||||||
4 | File | `/admin/index.php` | High
|
4 | File | `/alarm_pi/alarmService.php` | High
|
||||||
5 | File | `/alarm_pi/alarmService.php` | High
|
5 | File | `/app/controller/Books.php` | High
|
||||||
6 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
6 | File | `/appliance/users?action=edit` | High
|
||||||
7 | File | `/app/controller/Books.php` | High
|
7 | File | `/ATL/VQ23` | Medium
|
||||||
8 | File | `/appliance/users?action=edit` | High
|
8 | File | `/bin/login` | Medium
|
||||||
9 | File | `/ATL/VQ23` | Medium
|
9 | File | `/catcompany.php` | High
|
||||||
10 | File | `/bin/login` | Medium
|
10 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||||
11 | File | `/catcompany.php` | High
|
11 | File | `/cgi-bin/kerbynet` | High
|
||||||
12 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
12 | File | `/cgi-bin/luci/api/wireless` | High
|
||||||
13 | File | `/cgi-bin/kerbynet` | High
|
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||||
14 | File | `/cgi-bin/luci/api/wireless` | High
|
14 | File | `/coreframe/app/pay/admin/index.php` | High
|
||||||
15 | File | `/coreframe/app/pay/admin/index.php` | High
|
15 | File | `/debug/pprof` | Medium
|
||||||
16 | File | `/debug/pprof` | Medium
|
16 | File | `/etc/hosts` | Medium
|
||||||
17 | File | `/etc/hosts` | Medium
|
17 | File | `/etc/quagga` | Medium
|
||||||
18 | File | `/etc/quagga` | Medium
|
18 | File | `/etc/shadow` | Medium
|
||||||
19 | File | `/filemanager/php/connector.php` | High
|
19 | File | `/filemanager/php/connector.php` | High
|
||||||
20 | File | `/forum/away.php` | High
|
20 | File | `/forum/away.php` | High
|
||||||
21 | File | `/h/search?action` | High
|
21 | File | `/h/search?action` | High
|
||||||
22 | File | `/index.php?action=seomatic/file/seo-file-link` | High
|
22 | File | `/home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf` | High
|
||||||
23 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
23 | File | `/index.php?action=seomatic/file/seo-file-link` | High
|
||||||
24 | File | `/language/lang` | High
|
24 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||||
25 | File | `/loginsave.php` | High
|
25 | File | `/language/lang` | High
|
||||||
26 | File | `/menu.html` | Medium
|
26 | File | `/loginsave.php` | High
|
||||||
27 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
27 | File | `/loginVaLidation.php` | High
|
||||||
28 | File | `/modules/projects/vw_files.php` | High
|
28 | File | `/menu.html` | Medium
|
||||||
29 | File | `/owa/auth/logon.aspx` | High
|
29 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||||
30 | File | `/ows-bin` | Medium
|
30 | File | `/modules/projects/vw_files.php` | High
|
||||||
31 | File | `/public/plugins/` | High
|
31 | File | `/owa/auth/logon.aspx` | High
|
||||||
32 | File | `/recreate.php` | High
|
32 | File | `/ows-bin` | Medium
|
||||||
33 | File | `/secure/QueryComponent!Default.jspa` | High
|
33 | File | `/public/plugins/` | High
|
||||||
34 | File | `/sql/sql_string.h` | High
|
34 | File | `/recreate.php` | High
|
||||||
35 | File | `/sql/sql_type.cc` | High
|
35 | File | `/rest/collectors/1.0/template/custom` | High
|
||||||
36 | File | `/strings/ctype-latin1.c` | High
|
36 | File | `/sql/sql_string.h` | High
|
||||||
37 | File | `/strings/ctype-simple.c` | High
|
37 | File | `/sql/sql_type.cc` | High
|
||||||
38 | ... | ... | ...
|
38 | ... | ... | ...
|
||||||
|
|
||||||
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 326 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
* [GB](https://vuldb.com/?country.gb)
|
* [GB](https://vuldb.com/?country.gb)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 10 more country items available. Please use our online service to access the data.
|
There are 11 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -68,10 +68,10 @@ ID | Technique | Weakness | Description | Confidence
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||||
7 | ... | ... | ... | ...
|
7 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 23 more TTP items available. Please use our online service to access the data.
|
There are 25 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -88,32 +88,34 @@ ID | Type | Indicator | Confidence
|
||||||
7 | File | `/admin/showbad.php` | High
|
7 | File | `/admin/showbad.php` | High
|
||||||
8 | File | `/advanced-tools/nova/bin/netwatch` | High
|
8 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||||
9 | File | `/api/v1/user` | Medium
|
9 | File | `/api/v1/user` | Medium
|
||||||
10 | File | `/card_scan.php` | High
|
10 | File | `/bd_genie_create_account.cgi` | High
|
||||||
11 | File | `/categories/view_category.php` | High
|
11 | File | `/card_scan.php` | High
|
||||||
12 | File | `/category/controller.php?action=edit` | High
|
12 | File | `/categories/view_category.php` | High
|
||||||
13 | File | `/cgi-bin-sdb/ExportSettings.sh` | High
|
13 | File | `/category/controller.php?action=edit` | High
|
||||||
14 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
14 | File | `/cgi-bin-sdb/ExportSettings.sh` | High
|
||||||
15 | File | `/claire_blake` | High
|
15 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||||
16 | File | `/classes/Master.php?f=delete_account` | High
|
16 | File | `/claire_blake` | High
|
||||||
17 | File | `/classes/Master.php?f=delete_schedule` | High
|
17 | File | `/classes/Master.php?f=delete_account` | High
|
||||||
18 | File | `/coreframe/app/attachment/admin/index.php` | High
|
18 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||||
19 | File | `/dashboard/add-service.php` | High
|
19 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||||
20 | File | `/dashboard/settings` | High
|
20 | File | `/dashboard/add-service.php` | High
|
||||||
21 | File | `/edituser.php` | High
|
21 | File | `/dashboard/settings` | High
|
||||||
22 | File | `/etc/shadow.sample` | High
|
22 | File | `/edituser.php` | High
|
||||||
23 | File | `/forum/away.php` | High
|
23 | File | `/etc/shadow.sample` | High
|
||||||
24 | File | `/fw.login.php` | High
|
24 | File | `/forum/away.php` | High
|
||||||
25 | File | `/goform/aspForm` | High
|
25 | File | `/fw.login.php` | High
|
||||||
26 | File | `/goform/NTPSyncWithHost` | High
|
26 | File | `/goform/aspForm` | High
|
||||||
27 | File | `/goform/SetLEDCfg` | High
|
27 | File | `/goform/NTPSyncWithHost` | High
|
||||||
28 | File | `/index.php` | Medium
|
28 | File | `/goform/saveParentControlInfo` | High
|
||||||
29 | File | `/index.php/?p=report` | High
|
29 | File | `/goform/SetLEDCfg` | High
|
||||||
30 | File | `/Items/*/RemoteImages/Download` | High
|
30 | File | `/goform/SetVirtualServerCfg` | High
|
||||||
31 | File | `/master/index.php` | High
|
31 | File | `/index.php` | Medium
|
||||||
32 | File | `/mkshop/Men/profile.php` | High
|
32 | File | `/index.php/?p=report` | High
|
||||||
33 | ... | ... | ...
|
33 | File | `/Items/*/RemoteImages/Download` | High
|
||||||
|
34 | File | `/master/index.php` | High
|
||||||
|
35 | ... | ... | ...
|
||||||
|
|
||||||
There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 299 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -106,18 +106,14 @@ ID | Type | Indicator | Confidence
|
||||||
44 | File | `AdClass.php` | Medium
|
44 | File | `AdClass.php` | Medium
|
||||||
45 | File | `adclick.php` | Medium
|
45 | File | `adclick.php` | Medium
|
||||||
46 | File | `add.exe` | Low
|
46 | File | `add.exe` | Low
|
||||||
47 | File | `admin.color.php` | High
|
47 | File | `admin.php?m=Food&a=addsave` | High
|
||||||
48 | File | `admin.joomlaradiov5.php` | High
|
48 | File | `admin/conf_users_edit.php` | High
|
||||||
49 | File | `admin.php?m=Food&a=addsave` | High
|
49 | File | `admin/index.php` | High
|
||||||
50 | File | `admin/conf_users_edit.php` | High
|
50 | File | `admin/limits.php` | High
|
||||||
51 | File | `admin/index.php` | High
|
51 | File | `admin/write-post.php` | High
|
||||||
52 | File | `admin/limits.php` | High
|
52 | ... | ... | ...
|
||||||
53 | File | `admin/write-post.php` | High
|
|
||||||
54 | File | `administrator/components/com_media/helpers/media.php` | High
|
|
||||||
55 | File | `allopass-error.php` | High
|
|
||||||
56 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 487 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 457 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
* [CN](https://vuldb.com/?country.cn)
|
* [CN](https://vuldb.com/?country.cn)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 22 more country items available. Please use our online service to access the data.
|
There are 21 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -524,8 +524,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
|
@ -573,10 +573,9 @@ ID | Type | Indicator | Confidence
|
||||||
32 | File | `/index/jobfairol/show/` | High
|
32 | File | `/index/jobfairol/show/` | High
|
||||||
33 | File | `/librarian/bookdetails.php` | High
|
33 | File | `/librarian/bookdetails.php` | High
|
||||||
34 | File | `/loginVaLidation.php` | High
|
34 | File | `/loginVaLidation.php` | High
|
||||||
35 | File | `/manage-apartment.php` | High
|
35 | ... | ... | ...
|
||||||
36 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 307 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -15,8 +15,8 @@ The following _campaigns_ are known and can be associated with CopyKittens:
|
||||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CopyKittens:
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CopyKittens:
|
||||||
|
|
||||||
* [ES](https://vuldb.com/?country.es)
|
* [ES](https://vuldb.com/?country.es)
|
||||||
* [SV](https://vuldb.com/?country.sv)
|
|
||||||
* [PT](https://vuldb.com/?country.pt)
|
* [PT](https://vuldb.com/?country.pt)
|
||||||
|
* [SV](https://vuldb.com/?country.sv)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 8 more country items available. Please use our online service to access the data.
|
There are 8 more country items available. Please use our online service to access the data.
|
||||||
|
@ -74,54 +74,54 @@ ID | Type | Indicator | Confidence
|
||||||
2 | File | `/admin/add_trainers.php` | High
|
2 | File | `/admin/add_trainers.php` | High
|
||||||
3 | File | `/admin/header.inc.php` | High
|
3 | File | `/admin/header.inc.php` | High
|
||||||
4 | File | `/admin/vca/license/license_tok.cgi` | High
|
4 | File | `/admin/vca/license/license_tok.cgi` | High
|
||||||
5 | File | `/AJAX/ajaxget` | High
|
5 | File | `/admin/video/list` | High
|
||||||
6 | File | `/api/plugin/uninstall` | High
|
6 | File | `/AJAX/ajaxget` | High
|
||||||
7 | File | `/api/v2/config` | High
|
7 | File | `/api/plugin/uninstall` | High
|
||||||
8 | File | `/belegungsplan/wochenuebersicht.inc.php` | High
|
8 | File | `/api/upload-resource` | High
|
||||||
9 | File | `/cgi-bin/readfile.tcl` | High
|
9 | File | `/api/v2/config` | High
|
||||||
10 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
10 | File | `/belegungsplan/wochenuebersicht.inc.php` | High
|
||||||
11 | File | `/classes/Users.php?f=save_client` | High
|
11 | File | `/cgi-bin/readfile.tcl` | High
|
||||||
12 | File | `/coreframe/app/attachment/admin/index.php` | High
|
12 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||||
13 | File | `/dishes.php` | Medium
|
13 | File | `/classes/Users.php?f=save_client` | High
|
||||||
14 | File | `/etc/quagga` | Medium
|
14 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||||
15 | File | `/etc/shadow.sample` | High
|
15 | File | `/dishes.php` | Medium
|
||||||
16 | File | `/fax/fax_send.php` | High
|
16 | File | `/etc/quagga` | Medium
|
||||||
17 | File | `/gfxpoly/stroke.c` | High
|
17 | File | `/etc/shadow.sample` | High
|
||||||
18 | File | `/goform/addRouting` | High
|
18 | File | `/fax/fax_send.php` | High
|
||||||
19 | File | `/goform/form2Wan.cgi` | High
|
19 | File | `/gfxpoly/stroke.c` | High
|
||||||
20 | File | `/htdocs/utils/Files.php` | High
|
20 | File | `/goform/addRouting` | High
|
||||||
21 | File | `/include/menu_u.inc.php` | High
|
21 | File | `/goform/form2Wan.cgi` | High
|
||||||
22 | File | `/includes/db_connect.php` | High
|
22 | File | `/htdocs/utils/Files.php` | High
|
||||||
23 | File | `/includes/images.php` | High
|
23 | File | `/include/menu_u.inc.php` | High
|
||||||
24 | File | `/ip/admin/` | Medium
|
24 | File | `/includes/db_connect.php` | High
|
||||||
25 | File | `/isms/admin/stocks/view_stock.php` | High
|
25 | File | `/includes/images.php` | High
|
||||||
26 | File | `/login.php` | Medium
|
26 | File | `/index.php` | Medium
|
||||||
27 | File | `/oa/setup/checkPool?database` | High
|
27 | File | `/ip/admin/` | Medium
|
||||||
28 | File | `/pages/class_sched.php` | High
|
28 | File | `/isms/admin/stocks/view_stock.php` | High
|
||||||
29 | File | `/pages/faculty_sched.php` | High
|
29 | File | `/login.php` | Medium
|
||||||
30 | File | `/pages/permit/permit.php` | High
|
30 | File | `/oa/setup/checkPool?database` | High
|
||||||
31 | File | `/patient/booking.php` | High
|
31 | File | `/pages/class_sched.php` | High
|
||||||
32 | File | `/pms/update_medicine.php` | High
|
32 | File | `/pages/faculty_sched.php` | High
|
||||||
33 | File | `/pms/update_user.php` | High
|
33 | File | `/pages/permit/permit.php` | High
|
||||||
34 | File | `/qr/I/` | Low
|
34 | File | `/patient/booking.php` | High
|
||||||
35 | File | `/release-x64/otfccdump` | High
|
35 | File | `/pms/update_medicine.php` | High
|
||||||
36 | File | `/session/sendmail` | High
|
36 | File | `/pms/update_user.php` | High
|
||||||
37 | File | `/sistema/flash/reboot` | High
|
37 | File | `/qr/I/` | Low
|
||||||
38 | File | `/sys/ui/extend/varkind/custom.jsp` | High
|
38 | File | `/release-x64/otfccdump` | High
|
||||||
39 | File | `/templates/default/html/windows/right.php` | High
|
39 | File | `/session/sendmail` | High
|
||||||
40 | File | `/vicidial/user_stats.php` | High
|
40 | File | `/sistema/flash/reboot` | High
|
||||||
41 | File | `/web/api/v1/upload/UploadHandler.php` | High
|
41 | File | `/sys/ui/extend/varkind/custom.jsp` | High
|
||||||
42 | File | `/webmail/server/webmail.php` | High
|
42 | File | `/templates/default/html/windows/right.php` | High
|
||||||
43 | File | `/whbs/?page=my_bookings` | High
|
43 | File | `/vicidial/user_stats.php` | High
|
||||||
44 | File | `/www/cgi-bin/popen.cgi` | High
|
44 | File | `/web/api/v1/upload/UploadHandler.php` | High
|
||||||
45 | File | `/xpdf/Stream.cc` | High
|
45 | File | `/WebApp/SettingsFileMonitor/GetFileMonitorProfiles` | High
|
||||||
46 | File | `access_token.php` | High
|
46 | File | `/webmail/server/webmail.php` | High
|
||||||
47 | File | `add_edit_download.asp` | High
|
47 | File | `/whbs/?page=my_bookings` | High
|
||||||
48 | File | `add_edit_user.asp` | High
|
48 | File | `/www/cgi-bin/popen.cgi` | High
|
||||||
49 | File | `admin.php` | Medium
|
49 | File | `/xpdf/Stream.cc` | High
|
||||||
50 | ... | ... | ...
|
50 | ... | ... | ...
|
||||||
|
|
||||||
There are 433 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 437 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
|
|
||||||
* [IT](https://vuldb.com/?country.it)
|
* [IT](https://vuldb.com/?country.it)
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* [FR](https://vuldb.com/?country.fr)
|
* [DE](https://vuldb.com/?country.de)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 6 more country items available. Please use our online service to access the data.
|
There are 6 more country items available. Please use our online service to access the data.
|
||||||
|
@ -77,7 +77,7 @@ ID | Type | Indicator | Confidence
|
||||||
22 | File | `/novel-admin/src/main/java/com/java2nb/common/controller/FileController.java` | High
|
22 | File | `/novel-admin/src/main/java/com/java2nb/common/controller/FileController.java` | High
|
||||||
23 | ... | ... | ...
|
23 | ... | ... | ...
|
||||||
|
|
||||||
There are 187 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 189 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 5 more country items available. Please use our online service to access the data.
|
There are 6 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -461,13 +461,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 21 more TTP items available. Please use our online service to access the data.
|
There are 20 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -475,32 +475,33 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
|
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `/admin/?page=reports/stockin` | High
|
1 | File | `/admin/addemployee.php` | High
|
||||||
2 | File | `/admin/?page=reports/stockout` | High
|
2 | File | `/admin/del.php` | High
|
||||||
3 | File | `/admin/?page=reports/waste` | High
|
3 | File | `/admin/delete.php` | High
|
||||||
4 | File | `/admin/?page=user/manage_user` | High
|
4 | File | `/admin/delstu.php` | High
|
||||||
5 | File | `/admin/addemployee.php` | High
|
5 | File | `/admin/login.php` | High
|
||||||
6 | File | `/admin/del.php` | High
|
6 | File | `/admin/products/controller.php?action=add` | High
|
||||||
7 | File | `/admin/delete.php` | High
|
7 | File | `/bd_genie_create_account.cgi` | High
|
||||||
8 | File | `/admin/delstu.php` | High
|
8 | File | `/categories/view_category.php` | High
|
||||||
9 | File | `/admin/login.php` | High
|
9 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||||
10 | File | `/admin/products/controller.php?action=add` | High
|
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||||
11 | File | `/categories/view_category.php` | High
|
11 | File | `/classes/Master.php?f=delete_img` | High
|
||||||
12 | File | `/cgi-bin/ExportSettings.sh` | High
|
12 | File | `/debug/pprof` | Medium
|
||||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
13 | File | `/defaultui/player/modern.html` | High
|
||||||
14 | File | `/classes/Master.php?f=delete_img` | High
|
14 | File | `/etc/ciel.cfg` | High
|
||||||
15 | File | `/debug/pprof` | Medium
|
15 | File | `/etc/srapi/config/system.conf` | High
|
||||||
16 | File | `/defaultui/player/modern.html` | High
|
16 | File | `/filemanager/ajax_calls.php` | High
|
||||||
17 | File | `/etc/ciel.cfg` | High
|
17 | File | `/goform/addRouting` | High
|
||||||
18 | File | `/etc/srapi/config/system.conf` | High
|
18 | File | `/goform/Diagnosis` | High
|
||||||
19 | File | `/filemanager/ajax_calls.php` | High
|
19 | File | `/goform/form2userconfig.cgi` | High
|
||||||
20 | File | `/goform/addRouting` | High
|
20 | File | `/goform/NTPSyncWithHost` | High
|
||||||
21 | File | `/goform/Diagnosis` | High
|
21 | File | `/goform/SetIpMacBind` | High
|
||||||
22 | File | `/goform/form2userconfig.cgi` | High
|
22 | File | `/goform/setMAC` | High
|
||||||
23 | File | `/goform/NTPSyncWithHost` | High
|
23 | File | `/goform/setPptpUserList` | High
|
||||||
24 | ... | ... | ...
|
24 | File | `/goform/SystemCommand` | High
|
||||||
|
25 | ... | ... | ...
|
||||||
|
|
||||||
There are 203 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 213 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -122,7 +122,7 @@ ID | Type | Indicator | Confidence
|
||||||
53 | File | `admin.htm` | Medium
|
53 | File | `admin.htm` | Medium
|
||||||
54 | ... | ... | ...
|
54 | ... | ... | ...
|
||||||
|
|
||||||
There are 468 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 470 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -98,13 +98,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||||
2 | T1055 | CWE-74 | Injection | High
|
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 20 more TTP items available. Please use our online service to access the data.
|
There are 21 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -113,46 +113,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `.htaccess` | Medium
|
1 | File | `.htaccess` | Medium
|
||||||
2 | File | `/admin/students/view_student.php` | High
|
2 | File | `/admin/lab.php` | High
|
||||||
3 | File | `/app/options.py` | High
|
3 | File | `/admin/students/view_student.php` | High
|
||||||
4 | File | `/ci_spms/admin/category` | High
|
4 | File | `/app/options.py` | High
|
||||||
5 | File | `/ci_spms/admin/search/searching/` | High
|
5 | File | `/bd_genie_create_account.cgi` | High
|
||||||
6 | File | `/claire_blake` | High
|
6 | File | `/ci_spms/admin/category` | High
|
||||||
7 | File | `/classes/Master.php?f=delete_train` | High
|
7 | File | `/ci_spms/admin/search/searching/` | High
|
||||||
8 | File | `/coreframe/app/attachment/admin/index.php` | High
|
8 | File | `/claire_blake` | High
|
||||||
9 | File | `/dashboard/menu-list.php` | High
|
9 | File | `/classes/Master.php?f=delete_train` | High
|
||||||
10 | File | `/debug/pprof` | Medium
|
10 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||||
11 | File | `/etc/config/image_sign` | High
|
11 | File | `/dashboard/menu-list.php` | High
|
||||||
12 | File | `/etc/init0.d/S80telnetd.sh` | High
|
12 | File | `/debug/pprof` | Medium
|
||||||
13 | File | `/etc/shadow.sample` | High
|
13 | File | `/defaultui/player/modern.html` | High
|
||||||
14 | File | `/ffos/classes/Master.php?f=save_category` | High
|
14 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||||
15 | File | `/gaia-job-admin/user/add` | High
|
15 | File | `/etc/shadow.sample` | High
|
||||||
16 | File | `/ghost/preview` | High
|
16 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||||
17 | File | `/goform/setmac` | High
|
17 | File | `/gaia-job-admin/user/add` | High
|
||||||
18 | File | `/htdocs/utils/Files.php` | High
|
18 | File | `/ghost/preview` | High
|
||||||
19 | File | `/Items/*/RemoteImages/Download` | High
|
19 | File | `/goform/SetIpMacBind` | High
|
||||||
20 | File | `/jfinal_cms/system/role/list` | High
|
20 | File | `/goform/setmac` | High
|
||||||
21 | File | `/librarian/edit_book_details.php` | High
|
21 | File | `/htdocs/utils/Files.php` | High
|
||||||
22 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
22 | File | `/Items/*/RemoteImages/Download` | High
|
||||||
23 | File | `/management/api/rcx_management/global_config_query` | High
|
23 | File | `/jfinal_cms/system/role/list` | High
|
||||||
24 | File | `/master/index.php` | High
|
24 | File | `/librarian/edit_book_details.php` | High
|
||||||
25 | File | `/mkshop/Men/profile.php` | High
|
25 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||||
26 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
26 | File | `/management/api/rcx_management/global_config_query` | High
|
||||||
27 | File | `/ofrs/admin/?page=user/manage_user` | High
|
27 | File | `/master/index.php` | High
|
||||||
28 | File | `/p1/p2/:name` | Medium
|
28 | File | `/mkshop/Men/profile.php` | High
|
||||||
29 | File | `/pages/faculty_sched.php` | High
|
29 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||||
30 | File | `/php_action/createUser.php` | High
|
30 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||||
31 | File | `/rdms/admin/?page=user/manage_user` | High
|
31 | File | `/p1/p2/:name` | Medium
|
||||||
32 | File | `/redbin/rpwebutilities.exe/text` | High
|
32 | File | `/pages/faculty_sched.php` | High
|
||||||
33 | File | `/requests.php` | High
|
33 | File | `/pages/processlogin.php` | High
|
||||||
34 | File | `/servlet/AdapterHTTP` | High
|
34 | File | `/php_action/createUser.php` | High
|
||||||
35 | File | `/setting/setDeviceName` | High
|
35 | File | `/rdms/admin/?page=user/manage_user` | High
|
||||||
36 | File | `/setting/setLanguageCfg` | High
|
36 | File | `/redbin/rpwebutilities.exe/text` | High
|
||||||
37 | File | `/setting/setUploadSetting` | High
|
37 | ... | ... | ...
|
||||||
38 | File | `/spip.php` | Medium
|
|
||||||
39 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 332 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 315 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -70,20 +70,20 @@ ID | Type | Indicator | Confidence
|
||||||
18 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
18 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||||
19 | File | `/index/jobfairol/show/` | High
|
19 | File | `/index/jobfairol/show/` | High
|
||||||
20 | File | `/librarian/bookdetails.php` | High
|
20 | File | `/librarian/bookdetails.php` | High
|
||||||
21 | File | `/mgmt/tm/util/bash` | High
|
21 | File | `/manage-apartment.php` | High
|
||||||
22 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
22 | File | `/mgmt/tm/util/bash` | High
|
||||||
23 | File | `/php_action/editProductImage.php` | High
|
23 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||||
24 | File | `/proc/<PID>/mem` | High
|
24 | File | `/pages/apply_vacancy.php` | High
|
||||||
25 | File | `/proc/<pid>/status` | High
|
25 | File | `/php_action/editProductImage.php` | High
|
||||||
26 | File | `/public/plugins/` | High
|
26 | File | `/proc/<PID>/mem` | High
|
||||||
27 | File | `/REBOOTSYSTEM` | High
|
27 | File | `/public/plugins/` | High
|
||||||
28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
28 | File | `/REBOOTSYSTEM` | High
|
||||||
29 | File | `/secure/QueryComponent!Default.jspa` | High
|
29 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||||
30 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
30 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||||
31 | File | `/spip.php` | Medium
|
31 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||||
32 | ... | ... | ...
|
32 | ... | ... | ...
|
||||||
|
|
||||||
There are 276 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
||||||
|
|
||||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grizzly Steppe:
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grizzly Steppe:
|
||||||
|
|
||||||
* [CN](https://vuldb.com/?country.cn)
|
|
||||||
* [ES](https://vuldb.com/?country.es)
|
|
||||||
* [RU](https://vuldb.com/?country.ru)
|
* [RU](https://vuldb.com/?country.ru)
|
||||||
|
* [CN](https://vuldb.com/?country.cn)
|
||||||
|
* [US](https://vuldb.com/?country.us)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 12 more country items available. Please use our online service to access the data.
|
There are 14 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -173,37 +173,41 @@ ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `.forward` | Medium
|
1 | File | `.forward` | Medium
|
||||||
2 | File | `/#/network?tab=network_node_list.html` | High
|
2 | File | `/#/network?tab=network_node_list.html` | High
|
||||||
3 | File | `/admin/del.php` | High
|
3 | File | `/admin/addemployee.php` | High
|
||||||
4 | File | `/admin/lab.php` | High
|
4 | File | `/admin/del.php` | High
|
||||||
5 | File | `/admin/login.php` | High
|
5 | File | `/admin/lab.php` | High
|
||||||
6 | File | `/admin/searchview.php` | High
|
6 | File | `/admin/login.php` | High
|
||||||
7 | File | `/advanced-tools/nova/bin/netwatch` | High
|
7 | File | `/admin/searchview.php` | High
|
||||||
8 | File | `/ad_js.php` | Medium
|
8 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||||
9 | File | `/api/` | Low
|
9 | File | `/ad_js.php` | Medium
|
||||||
10 | File | `/api/plugin/uninstall` | High
|
10 | File | `/api/` | Low
|
||||||
11 | File | `/app/options.py` | High
|
11 | File | `/api/plugin/uninstall` | High
|
||||||
12 | File | `/blog/edit` | Medium
|
12 | File | `/app/options.py` | High
|
||||||
13 | File | `/catcompany.php` | High
|
13 | File | `/blog/edit` | Medium
|
||||||
14 | File | `/category/controller.php?action=edit` | High
|
14 | File | `/catcompany.php` | High
|
||||||
15 | File | `/cgi/get_param.cgi` | High
|
15 | File | `/category/controller.php?action=edit` | High
|
||||||
16 | File | `/chart` | Low
|
16 | File | `/cgi/get_param.cgi` | High
|
||||||
17 | File | `/ci_spms/admin/category` | High
|
17 | File | `/chart` | Low
|
||||||
18 | File | `/ci_spms/admin/search/searching/` | High
|
18 | File | `/ci_spms/admin/category` | High
|
||||||
19 | File | `/classes/Master.php?f=delete_account` | High
|
19 | File | `/ci_spms/admin/search/searching/` | High
|
||||||
20 | File | `/dashboard/reports/logs/view` | High
|
20 | File | `/classes/Master.php?f=delete_account` | High
|
||||||
21 | File | `/dashboard/updatelogo.php` | High
|
21 | File | `/dashboard/reports/logs/view` | High
|
||||||
22 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
22 | File | `/dashboard/updatelogo.php` | High
|
||||||
23 | File | `/dede/co_do.php` | High
|
23 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||||
24 | File | `/etc/hosts` | Medium
|
24 | File | `/debug/pprof` | Medium
|
||||||
25 | File | `/etc/init.d/sshd_service` | High
|
25 | File | `/dede/co_do.php` | High
|
||||||
26 | File | `/goform/SystemCommand` | High
|
26 | File | `/etc/hosts` | Medium
|
||||||
27 | File | `/index.php` | Medium
|
27 | File | `/etc/init.d/sshd_service` | High
|
||||||
28 | File | `/librarian/lab.php` | High
|
28 | File | `/goform/addRouting` | High
|
||||||
29 | File | `/mgmt/tm/util/bash` | High
|
29 | File | `/goform/saveParentControlInfo` | High
|
||||||
30 | File | `/mkshop/Men/profile.php` | High
|
30 | File | `/goform/SystemCommand` | High
|
||||||
31 | ... | ... | ...
|
31 | File | `/index.php` | Medium
|
||||||
|
32 | File | `/interview/editQuestion.php` | High
|
||||||
|
33 | File | `/librarian/lab.php` | High
|
||||||
|
34 | File | `/login.php` | Medium
|
||||||
|
35 | ... | ... | ...
|
||||||
|
|
||||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -107,7 +107,7 @@ ID | Type | Indicator | Confidence
|
||||||
33 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
33 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||||
34 | ... | ... | ...
|
34 | ... | ... | ...
|
||||||
|
|
||||||
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -4,16 +4,22 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
||||||
|
|
||||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.iran_unknown](https://vuldb.com/?actor.iran_unknown)
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.iran_unknown](https://vuldb.com/?actor.iran_unknown)
|
||||||
|
|
||||||
|
## Campaigns
|
||||||
|
|
||||||
|
The following _campaigns_ are known and can be associated with Iran Unknown:
|
||||||
|
|
||||||
|
* Albanian Government
|
||||||
|
|
||||||
## Countries
|
## Countries
|
||||||
|
|
||||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Iran Unknown:
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Iran Unknown:
|
||||||
|
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* [RU](https://vuldb.com/?country.ru)
|
* [RU](https://vuldb.com/?country.ru)
|
||||||
* [CH](https://vuldb.com/?country.ch)
|
* [ES](https://vuldb.com/?country.es)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 1 more country items available. Please use our online service to access the data.
|
There are 7 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -21,9 +27,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
||||||
|
|
||||||
ID | IP address | Hostname | Campaign | Confidence
|
ID | IP address | Hostname | Campaign | Confidence
|
||||||
-- | ---------- | -------- | -------- | ----------
|
-- | ---------- | -------- | -------- | ----------
|
||||||
1 | [91.214.124.143](https://vuldb.com/?ip.91.214.124.143) | - | - | High
|
1 | [46.30.189.66](https://vuldb.com/?ip.46.30.189.66) | - | Albanian Government | High
|
||||||
2 | [154.16.192.70](https://vuldb.com/?ip.154.16.192.70) | - | - | High
|
2 | [91.214.124.143](https://vuldb.com/?ip.91.214.124.143) | - | - | High
|
||||||
3 | [162.55.137.20](https://vuldb.com/?ip.162.55.137.20) | static.20.137.55.162.clients.your-server.de | - | High
|
3 | [144.76.6.34](https://vuldb.com/?ip.144.76.6.34) | static.34.6.76.144.clients.your-server.de | Albanian Government | High
|
||||||
|
4 | ... | ... | ... | ...
|
||||||
|
|
||||||
|
There are 8 more IOC items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## TTP - Tactics, Techniques, Procedures
|
## TTP - Tactics, Techniques, Procedures
|
||||||
|
|
||||||
|
@ -31,12 +40,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||||
3 | T1211 | CWE-358 | 7PK Security Features | High
|
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
4 | ... | ... | ... | ...
|
4 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 1 more TTP items available. Please use our online service to access the data.
|
There are 11 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -46,16 +55,23 @@ ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `/administration/theme.php` | High
|
1 | File | `/administration/theme.php` | High
|
||||||
2 | File | `/cgi-bin/webproc` | High
|
2 | File | `/cgi-bin/webproc` | High
|
||||||
3 | File | `basic/unit-name.c` | High
|
3 | File | `/index.php` | Medium
|
||||||
4 | ... | ... | ...
|
4 | File | `/ofrs/admin/?page=requests/manage_request` | High
|
||||||
|
5 | File | `/spip.php` | Medium
|
||||||
|
6 | File | `/wp-admin/admin-ajax.php` | High
|
||||||
|
7 | File | `announcement.php` | High
|
||||||
|
8 | File | `attachment.php` | High
|
||||||
|
9 | File | `auth-gss2.c` | Medium
|
||||||
|
10 | ... | ... | ...
|
||||||
|
|
||||||
There are 17 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 71 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||||
|
|
||||||
* https://us-cert.cisa.gov/ncas/alerts/aa21-321a
|
* https://us-cert.cisa.gov/ncas/alerts/aa21-321a
|
||||||
|
* https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/
|
||||||
|
|
||||||
## Literature
|
## Literature
|
||||||
|
|
||||||
|
|
|
@ -55,11 +55,11 @@ ID | Type | Indicator | Confidence
|
||||||
9 | File | `/secure/admin/ImporterFinishedPage.jspa` | High
|
9 | File | `/secure/admin/ImporterFinishedPage.jspa` | High
|
||||||
10 | File | `/uncpath/` | Medium
|
10 | File | `/uncpath/` | Medium
|
||||||
11 | File | `admin/admin.shtml` | High
|
11 | File | `admin/admin.shtml` | High
|
||||||
12 | File | `admin/import/class-import-settings.php` | High
|
12 | File | `admin/area.php` | High
|
||||||
13 | File | `Administration/Controllers/ImportController.cs` | High
|
13 | File | `admin/import/class-import-settings.php` | High
|
||||||
14 | ... | ... | ...
|
14 | ... | ... | ...
|
||||||
|
|
||||||
There are 113 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 114 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -12,6 +12,7 @@ The following _campaigns_ are known and can be associated with Lazarus:
|
||||||
* Chemical Sector
|
* Chemical Sector
|
||||||
* Fallchill
|
* Fallchill
|
||||||
* Hidden Cobra
|
* Hidden Cobra
|
||||||
|
* Hoplight
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 9 more campaign items available. Please use our online service to access the data.
|
There are 9 more campaign items available. Please use our online service to access the data.
|
||||||
|
@ -25,7 +26,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 5 more country items available. Please use our online service to access the data.
|
There are 6 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -163,96 +164,99 @@ ID | IP address | Hostname | Campaign | Confidence
|
||||||
128 | [37.235.21.166](https://vuldb.com/?ip.37.235.21.166) | - | Volgmer | High
|
128 | [37.235.21.166](https://vuldb.com/?ip.37.235.21.166) | - | Volgmer | High
|
||||||
129 | [37.238.135.70](https://vuldb.com/?ip.37.238.135.70) | - | - | High
|
129 | [37.238.135.70](https://vuldb.com/?ip.37.238.135.70) | - | - | High
|
||||||
130 | [38.132.124.161](https://vuldb.com/?ip.38.132.124.161) | - | TraderTraitor | High
|
130 | [38.132.124.161](https://vuldb.com/?ip.38.132.124.161) | - | TraderTraitor | High
|
||||||
131 | [41.57.108.68](https://vuldb.com/?ip.41.57.108.68) | - | Hidden Cobra | High
|
131 | [40.121.90.194](https://vuldb.com/?ip.40.121.90.194) | - | - | High
|
||||||
132 | [41.67.136.38](https://vuldb.com/?ip.41.67.136.38) | netcomafrica.com | Hidden Cobra | High
|
132 | [41.57.108.68](https://vuldb.com/?ip.41.57.108.68) | - | Hidden Cobra | High
|
||||||
133 | [41.67.136.39](https://vuldb.com/?ip.41.67.136.39) | netcomafrica.com | Hidden Cobra | High
|
133 | [41.67.136.38](https://vuldb.com/?ip.41.67.136.38) | netcomafrica.com | Hidden Cobra | High
|
||||||
134 | [41.72.99.5](https://vuldb.com/?ip.41.72.99.5) | - | Hidden Cobra | High
|
134 | [41.67.136.39](https://vuldb.com/?ip.41.67.136.39) | netcomafrica.com | Hidden Cobra | High
|
||||||
135 | [41.72.101.138](https://vuldb.com/?ip.41.72.101.138) | - | Hidden Cobra | High
|
135 | [41.72.99.5](https://vuldb.com/?ip.41.72.99.5) | - | Hidden Cobra | High
|
||||||
136 | [41.74.166.253](https://vuldb.com/?ip.41.74.166.253) | - | Hidden Cobra | High
|
136 | [41.72.101.138](https://vuldb.com/?ip.41.72.101.138) | - | Hidden Cobra | High
|
||||||
137 | [41.92.208.194](https://vuldb.com/?ip.41.92.208.194) | - | Fallchill | High
|
137 | [41.74.166.253](https://vuldb.com/?ip.41.74.166.253) | - | Hidden Cobra | High
|
||||||
138 | [41.92.208.196](https://vuldb.com/?ip.41.92.208.196) | - | Fallchill | High
|
138 | [41.92.208.194](https://vuldb.com/?ip.41.92.208.194) | - | Fallchill | High
|
||||||
139 | [41.92.208.197](https://vuldb.com/?ip.41.92.208.197) | - | Fallchill | High
|
139 | [41.92.208.196](https://vuldb.com/?ip.41.92.208.196) | - | Fallchill | High
|
||||||
140 | [41.110.179.197](https://vuldb.com/?ip.41.110.179.197) | - | Hidden Cobra | High
|
140 | [41.92.208.197](https://vuldb.com/?ip.41.92.208.197) | - | Fallchill | High
|
||||||
141 | [41.128.226.60](https://vuldb.com/?ip.41.128.226.60) | - | Hidden Cobra | High
|
141 | [41.110.179.197](https://vuldb.com/?ip.41.110.179.197) | - | Hidden Cobra | High
|
||||||
142 | [41.131.49.228](https://vuldb.com/?ip.41.131.49.228) | host-41-131-49-228.static.link.com.eg | Hidden Cobra | High
|
142 | [41.128.226.60](https://vuldb.com/?ip.41.128.226.60) | - | Hidden Cobra | High
|
||||||
143 | [41.131.164.156](https://vuldb.com/?ip.41.131.164.156) | - | Hidden Cobra | High
|
143 | [41.131.49.228](https://vuldb.com/?ip.41.131.49.228) | host-41-131-49-228.static.link.com.eg | Hidden Cobra | High
|
||||||
144 | [41.134.208.234](https://vuldb.com/?ip.41.134.208.234) | 41-134-208-234.dsl.mweb.co.za | Hidden Cobra | High
|
144 | [41.131.164.156](https://vuldb.com/?ip.41.131.164.156) | - | Hidden Cobra | High
|
||||||
145 | [41.182.252.56](https://vuldb.com/?ip.41.182.252.56) | ADSL-41-182-252-56.ipb.na | Hidden Cobra | High
|
145 | [41.134.208.234](https://vuldb.com/?ip.41.134.208.234) | 41-134-208-234.dsl.mweb.co.za | Hidden Cobra | High
|
||||||
146 | [41.205.139.34](https://vuldb.com/?ip.41.205.139.34) | ADSL-41-205-139-34.ipb.na | Hidden Cobra | High
|
146 | [41.182.252.56](https://vuldb.com/?ip.41.182.252.56) | ADSL-41-182-252-56.ipb.na | Hidden Cobra | High
|
||||||
147 | [41.208.106.68](https://vuldb.com/?ip.41.208.106.68) | owa.altaqnya.com.ly | Hidden Cobra | High
|
147 | [41.205.139.34](https://vuldb.com/?ip.41.205.139.34) | ADSL-41-205-139-34.ipb.na | Hidden Cobra | High
|
||||||
148 | [41.208.106.70](https://vuldb.com/?ip.41.208.106.70) | dc1.Mail.dsmhlc.ly | Hidden Cobra | High
|
148 | [41.208.106.68](https://vuldb.com/?ip.41.208.106.68) | owa.altaqnya.com.ly | Hidden Cobra | High
|
||||||
149 | [41.215.250.40](https://vuldb.com/?ip.41.215.250.40) | - | Hidden Cobra | High
|
149 | [41.208.106.70](https://vuldb.com/?ip.41.208.106.70) | dc1.Mail.dsmhlc.ly | Hidden Cobra | High
|
||||||
150 | [41.223.30.20](https://vuldb.com/?ip.41.223.30.20) | host30-20.creolink.com | Hidden Cobra | High
|
150 | [41.215.250.40](https://vuldb.com/?ip.41.215.250.40) | - | Hidden Cobra | High
|
||||||
151 | [41.224.254.90](https://vuldb.com/?ip.41.224.254.90) | - | Hidden Cobra | High
|
151 | [41.223.30.20](https://vuldb.com/?ip.41.223.30.20) | host30-20.creolink.com | Hidden Cobra | High
|
||||||
152 | [43.249.216.6](https://vuldb.com/?ip.43.249.216.6) | - | Volgmer | High
|
152 | [41.224.254.90](https://vuldb.com/?ip.41.224.254.90) | - | Hidden Cobra | High
|
||||||
153 | [45.33.2.79](https://vuldb.com/?ip.45.33.2.79) | li956-79.members.linode.com | AppleJeus | High
|
153 | [43.249.216.6](https://vuldb.com/?ip.43.249.216.6) | - | Volgmer | High
|
||||||
154 | [45.33.23.183](https://vuldb.com/?ip.45.33.23.183) | li977-183.members.linode.com | AppleJeus | High
|
154 | [45.33.2.79](https://vuldb.com/?ip.45.33.2.79) | li956-79.members.linode.com | AppleJeus | High
|
||||||
155 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | AppleJeus | High
|
155 | [45.33.23.183](https://vuldb.com/?ip.45.33.23.183) | li977-183.members.linode.com | AppleJeus | High
|
||||||
156 | [45.58.112.77](https://vuldb.com/?ip.45.58.112.77) | - | - | High
|
156 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | AppleJeus | High
|
||||||
157 | [45.79.19.196](https://vuldb.com/?ip.45.79.19.196) | li1118-196.members.linode.com | AppleJeus | High
|
157 | [45.58.112.77](https://vuldb.com/?ip.45.58.112.77) | - | - | High
|
||||||
158 | [45.118.34.215](https://vuldb.com/?ip.45.118.34.215) | - | Volgmer | High
|
158 | [45.79.19.196](https://vuldb.com/?ip.45.79.19.196) | li1118-196.members.linode.com | AppleJeus | High
|
||||||
159 | [45.120.61.145](https://vuldb.com/?ip.45.120.61.145) | - | Hidden Cobra | High
|
159 | [45.118.34.215](https://vuldb.com/?ip.45.118.34.215) | - | Volgmer | High
|
||||||
160 | [45.122.138.130](https://vuldb.com/?ip.45.122.138.130) | - | - | High
|
160 | [45.120.61.145](https://vuldb.com/?ip.45.120.61.145) | - | Hidden Cobra | High
|
||||||
161 | [45.124.169.36](https://vuldb.com/?ip.45.124.169.36) | - | Volgmer | High
|
161 | [45.122.138.130](https://vuldb.com/?ip.45.122.138.130) | - | - | High
|
||||||
162 | [45.128.156.27](https://vuldb.com/?ip.45.128.156.27) | smtp.flatmeadow.com | - | High
|
162 | [45.124.169.36](https://vuldb.com/?ip.45.124.169.36) | - | Volgmer | High
|
||||||
163 | [45.199.63.220](https://vuldb.com/?ip.45.199.63.220) | - | AppleJeus | High
|
163 | [45.128.156.27](https://vuldb.com/?ip.45.128.156.27) | smtp.flatmeadow.com | - | High
|
||||||
164 | [46.16.62.238](https://vuldb.com/?ip.46.16.62.238) | fnadh-35.srv.cat | TraderTraitor | High
|
164 | [45.199.63.220](https://vuldb.com/?ip.45.199.63.220) | - | AppleJeus | High
|
||||||
165 | [46.19.101.186](https://vuldb.com/?ip.46.19.101.186) | ip-46-19-101-186.gnc.net | Hidden Cobra | High
|
165 | [46.16.62.238](https://vuldb.com/?ip.46.16.62.238) | fnadh-35.srv.cat | TraderTraitor | High
|
||||||
166 | [46.21.147.161](https://vuldb.com/?ip.46.21.147.161) | 46-21-147-161.static.hvvc.us | - | High
|
166 | [46.19.101.186](https://vuldb.com/?ip.46.19.101.186) | ip-46-19-101-186.gnc.net | Hidden Cobra | High
|
||||||
167 | [46.21.153.87](https://vuldb.com/?ip.46.21.153.87) | 87.153.21.46.static.swiftway.net | - | High
|
167 | [46.21.147.161](https://vuldb.com/?ip.46.21.147.161) | 46-21-147-161.static.hvvc.us | - | High
|
||||||
168 | [46.52.131.102](https://vuldb.com/?ip.46.52.131.102) | - | Hidden Cobra | High
|
168 | [46.21.153.87](https://vuldb.com/?ip.46.21.153.87) | 87.153.21.46.static.swiftway.net | - | High
|
||||||
169 | [46.121.242.180](https://vuldb.com/?ip.46.121.242.180) | 46-121-242-180.static.012.net.il | Hidden Cobra | High
|
169 | [46.52.131.102](https://vuldb.com/?ip.46.52.131.102) | - | Hidden Cobra | High
|
||||||
170 | [46.174.116.60](https://vuldb.com/?ip.46.174.116.60) | - | Hidden Cobra | High
|
170 | [46.121.242.180](https://vuldb.com/?ip.46.121.242.180) | 46-121-242-180.static.012.net.il | Hidden Cobra | High
|
||||||
171 | [46.174.116.87](https://vuldb.com/?ip.46.174.116.87) | - | Hidden Cobra | High
|
171 | [46.174.116.60](https://vuldb.com/?ip.46.174.116.60) | - | Hidden Cobra | High
|
||||||
172 | [46.174.116.90](https://vuldb.com/?ip.46.174.116.90) | - | Hidden Cobra | High
|
172 | [46.174.116.87](https://vuldb.com/?ip.46.174.116.87) | - | Hidden Cobra | High
|
||||||
173 | [46.174.116.99](https://vuldb.com/?ip.46.174.116.99) | - | Hidden Cobra | High
|
173 | [46.174.116.90](https://vuldb.com/?ip.46.174.116.90) | - | Hidden Cobra | High
|
||||||
174 | [46.174.116.221](https://vuldb.com/?ip.46.174.116.221) | - | Hidden Cobra | High
|
174 | [46.174.116.99](https://vuldb.com/?ip.46.174.116.99) | - | Hidden Cobra | High
|
||||||
175 | [46.174.116.231](https://vuldb.com/?ip.46.174.116.231) | - | Hidden Cobra | High
|
175 | [46.174.116.221](https://vuldb.com/?ip.46.174.116.221) | - | Hidden Cobra | High
|
||||||
176 | [46.174.116.234](https://vuldb.com/?ip.46.174.116.234) | - | Hidden Cobra | High
|
176 | [46.174.116.231](https://vuldb.com/?ip.46.174.116.231) | - | Hidden Cobra | High
|
||||||
177 | [46.174.117.15](https://vuldb.com/?ip.46.174.117.15) | - | Hidden Cobra | High
|
177 | [46.174.116.234](https://vuldb.com/?ip.46.174.116.234) | - | Hidden Cobra | High
|
||||||
178 | [46.174.117.32](https://vuldb.com/?ip.46.174.117.32) | - | Hidden Cobra | High
|
178 | [46.174.117.15](https://vuldb.com/?ip.46.174.117.15) | - | Hidden Cobra | High
|
||||||
179 | [46.174.117.36](https://vuldb.com/?ip.46.174.117.36) | - | Hidden Cobra | High
|
179 | [46.174.117.32](https://vuldb.com/?ip.46.174.117.32) | - | Hidden Cobra | High
|
||||||
180 | [46.174.117.42](https://vuldb.com/?ip.46.174.117.42) | - | Hidden Cobra | High
|
180 | [46.174.117.36](https://vuldb.com/?ip.46.174.117.36) | - | Hidden Cobra | High
|
||||||
181 | [46.174.117.44](https://vuldb.com/?ip.46.174.117.44) | - | Hidden Cobra | High
|
181 | [46.174.117.42](https://vuldb.com/?ip.46.174.117.42) | - | Hidden Cobra | High
|
||||||
182 | [46.174.117.50](https://vuldb.com/?ip.46.174.117.50) | - | Hidden Cobra | High
|
182 | [46.174.117.44](https://vuldb.com/?ip.46.174.117.44) | - | Hidden Cobra | High
|
||||||
183 | [46.174.117.61](https://vuldb.com/?ip.46.174.117.61) | - | Hidden Cobra | High
|
183 | [46.174.117.50](https://vuldb.com/?ip.46.174.117.50) | - | Hidden Cobra | High
|
||||||
184 | [46.174.117.77](https://vuldb.com/?ip.46.174.117.77) | - | Hidden Cobra | High
|
184 | [46.174.117.61](https://vuldb.com/?ip.46.174.117.61) | - | Hidden Cobra | High
|
||||||
185 | [46.174.117.80](https://vuldb.com/?ip.46.174.117.80) | - | Hidden Cobra | High
|
185 | [46.174.117.77](https://vuldb.com/?ip.46.174.117.77) | - | Hidden Cobra | High
|
||||||
186 | [46.174.117.97](https://vuldb.com/?ip.46.174.117.97) | - | Hidden Cobra | High
|
186 | [46.174.117.80](https://vuldb.com/?ip.46.174.117.80) | - | Hidden Cobra | High
|
||||||
187 | [46.174.117.98](https://vuldb.com/?ip.46.174.117.98) | - | Hidden Cobra | High
|
187 | [46.174.117.97](https://vuldb.com/?ip.46.174.117.97) | - | Hidden Cobra | High
|
||||||
188 | [46.174.117.103](https://vuldb.com/?ip.46.174.117.103) | - | Hidden Cobra | High
|
188 | [46.174.117.98](https://vuldb.com/?ip.46.174.117.98) | - | Hidden Cobra | High
|
||||||
189 | [46.174.117.116](https://vuldb.com/?ip.46.174.117.116) | - | Hidden Cobra | High
|
189 | [46.174.117.103](https://vuldb.com/?ip.46.174.117.103) | - | Hidden Cobra | High
|
||||||
190 | [46.174.117.121](https://vuldb.com/?ip.46.174.117.121) | - | Hidden Cobra | High
|
190 | [46.174.117.116](https://vuldb.com/?ip.46.174.117.116) | - | Hidden Cobra | High
|
||||||
191 | [46.174.117.129](https://vuldb.com/?ip.46.174.117.129) | - | Hidden Cobra | High
|
191 | [46.174.117.121](https://vuldb.com/?ip.46.174.117.121) | - | Hidden Cobra | High
|
||||||
192 | [46.174.117.134](https://vuldb.com/?ip.46.174.117.134) | - | Hidden Cobra | High
|
192 | [46.174.117.129](https://vuldb.com/?ip.46.174.117.129) | - | Hidden Cobra | High
|
||||||
193 | [46.174.117.153](https://vuldb.com/?ip.46.174.117.153) | - | Hidden Cobra | High
|
193 | [46.174.117.134](https://vuldb.com/?ip.46.174.117.134) | - | Hidden Cobra | High
|
||||||
194 | [46.174.117.164](https://vuldb.com/?ip.46.174.117.164) | - | Hidden Cobra | High
|
194 | [46.174.117.153](https://vuldb.com/?ip.46.174.117.153) | - | Hidden Cobra | High
|
||||||
195 | [46.218.127.110](https://vuldb.com/?ip.46.218.127.110) | reverse.completel.fr | Hidden Cobra | High
|
195 | [46.174.117.164](https://vuldb.com/?ip.46.174.117.164) | - | Hidden Cobra | High
|
||||||
196 | [47.206.4.145](https://vuldb.com/?ip.47.206.4.145) | static-47-206-4-145.srst.fl.frontiernet.net | Hoplight | High
|
196 | [46.183.221.109](https://vuldb.com/?ip.46.183.221.109) | ip-221-109.dataclub.info | - | High
|
||||||
197 | [49.206.1.61](https://vuldb.com/?ip.49.206.1.61) | 49.206.1.61.actcorp.in | Hidden Cobra | High
|
197 | [46.218.127.110](https://vuldb.com/?ip.46.218.127.110) | reverse.completel.fr | Hidden Cobra | High
|
||||||
198 | [49.247.9.177](https://vuldb.com/?ip.49.247.9.177) | - | - | High
|
198 | [47.206.4.145](https://vuldb.com/?ip.47.206.4.145) | static-47-206-4-145.srst.fl.frontiernet.net | Hoplight | High
|
||||||
199 | [50.62.168.157](https://vuldb.com/?ip.50.62.168.157) | p3nwvpweb145.shr.prod.phx3.secureserver.net | Fallchill | High
|
199 | [49.206.1.61](https://vuldb.com/?ip.49.206.1.61) | 49.206.1.61.actcorp.in | Hidden Cobra | High
|
||||||
200 | [50.87.144.227](https://vuldb.com/?ip.50.87.144.227) | somethingaboutmarketing.com | - | High
|
200 | [49.247.9.177](https://vuldb.com/?ip.49.247.9.177) | - | - | High
|
||||||
201 | [51.38.234.8](https://vuldb.com/?ip.51.38.234.8) | hydra.skok.pl | - | High
|
201 | [50.62.168.157](https://vuldb.com/?ip.50.62.168.157) | p3nwvpweb145.shr.prod.phx3.secureserver.net | Fallchill | High
|
||||||
202 | [51.235.1.216](https://vuldb.com/?ip.51.235.1.216) | - | Hidden Cobra | High
|
202 | [50.87.144.227](https://vuldb.com/?ip.50.87.144.227) | somethingaboutmarketing.com | - | High
|
||||||
203 | [51.235.13.162](https://vuldb.com/?ip.51.235.13.162) | - | Hidden Cobra | High
|
203 | [51.38.234.8](https://vuldb.com/?ip.51.38.234.8) | hydra.skok.pl | - | High
|
||||||
204 | [51.235.17.133](https://vuldb.com/?ip.51.235.17.133) | - | Hidden Cobra | High
|
204 | [51.235.1.216](https://vuldb.com/?ip.51.235.1.216) | - | Hidden Cobra | High
|
||||||
205 | [51.235.19.202](https://vuldb.com/?ip.51.235.19.202) | - | Hidden Cobra | High
|
205 | [51.235.13.162](https://vuldb.com/?ip.51.235.13.162) | - | Hidden Cobra | High
|
||||||
206 | [51.235.33.226](https://vuldb.com/?ip.51.235.33.226) | - | Hidden Cobra | High
|
206 | [51.235.17.133](https://vuldb.com/?ip.51.235.17.133) | - | Hidden Cobra | High
|
||||||
207 | [51.235.49.202](https://vuldb.com/?ip.51.235.49.202) | - | Hidden Cobra | High
|
207 | [51.235.19.202](https://vuldb.com/?ip.51.235.19.202) | - | Hidden Cobra | High
|
||||||
208 | [52.79.118.195](https://vuldb.com/?ip.52.79.118.195) | ec2-52-79-118-195.ap-northeast-2.compute.amazonaws.com | Chemical Sector | Medium
|
208 | [51.235.33.226](https://vuldb.com/?ip.51.235.33.226) | - | Hidden Cobra | High
|
||||||
209 | [54.38.11.132](https://vuldb.com/?ip.54.38.11.132) | ip132.ip-54-38-11.eu | - | High
|
209 | [51.235.49.202](https://vuldb.com/?ip.51.235.49.202) | - | Hidden Cobra | High
|
||||||
210 | [54.39.204.190](https://vuldb.com/?ip.54.39.204.190) | ip190.ip-54-39-204.net | - | High
|
210 | [52.79.118.195](https://vuldb.com/?ip.52.79.118.195) | ec2-52-79-118-195.ap-northeast-2.compute.amazonaws.com | Chemical Sector | Medium
|
||||||
211 | [54.64.30.175](https://vuldb.com/?ip.54.64.30.175) | vega.mh-tec.co.jp | - | High
|
211 | [52.202.193.124](https://vuldb.com/?ip.52.202.193.124) | ec2-52-202-193-124.compute-1.amazonaws.com | MagicRAT | Medium
|
||||||
212 | [58.82.155.98](https://vuldb.com/?ip.58.82.155.98) | 98.155.82.58.static-corp.jastel.co.th | Volgmer | High
|
212 | [54.38.11.132](https://vuldb.com/?ip.54.38.11.132) | ip132.ip-54-38-11.eu | - | High
|
||||||
213 | [58.185.197.210](https://vuldb.com/?ip.58.185.197.210) | - | Volgmer | High
|
213 | [54.39.204.190](https://vuldb.com/?ip.54.39.204.190) | ip190.ip-54-39-204.net | - | High
|
||||||
214 | [59.8.194.228](https://vuldb.com/?ip.59.8.194.228) | - | - | High
|
214 | [54.64.30.175](https://vuldb.com/?ip.54.64.30.175) | vega.mh-tec.co.jp | - | High
|
||||||
215 | [59.90.93.97](https://vuldb.com/?ip.59.90.93.97) | static.bb.knl.59.90.93.97.bsnl.in | Typeframe | High
|
215 | [54.68.42.4](https://vuldb.com/?ip.54.68.42.4) | ec2-54-68-42-4.us-west-2.compute.amazonaws.com | - | Medium
|
||||||
216 | [59.90.93.138](https://vuldb.com/?ip.59.90.93.138) | static.bb.knl.59.90.93.138.bsnl.in | Fallchill | High
|
216 | [58.82.155.98](https://vuldb.com/?ip.58.82.155.98) | 98.155.82.58.static-corp.jastel.co.th | Volgmer | High
|
||||||
217 | [59.90.93.248](https://vuldb.com/?ip.59.90.93.248) | static.bb.knl.59.90.93.248.bsnl.in | Hidden Cobra | High
|
217 | [58.185.197.210](https://vuldb.com/?ip.58.185.197.210) | - | Volgmer | High
|
||||||
218 | ... | ... | ... | ...
|
218 | [59.8.194.228](https://vuldb.com/?ip.59.8.194.228) | - | - | High
|
||||||
|
219 | [59.90.93.97](https://vuldb.com/?ip.59.90.93.97) | static.bb.knl.59.90.93.97.bsnl.in | Typeframe | High
|
||||||
|
220 | [59.90.93.138](https://vuldb.com/?ip.59.90.93.138) | static.bb.knl.59.90.93.138.bsnl.in | Fallchill | High
|
||||||
|
221 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 869 more IOC items available. Please use our online service to access the data.
|
There are 880 more IOC items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## TTP - Tactics, Techniques, Procedures
|
## TTP - Tactics, Techniques, Procedures
|
||||||
|
|
||||||
|
@ -260,14 +264,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 20 more TTP items available. Please use our online service to access the data.
|
There are 19 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -279,27 +283,26 @@ ID | Type | Indicator | Confidence
|
||||||
2 | File | `/admin/?page=reports/stockout` | High
|
2 | File | `/admin/?page=reports/stockout` | High
|
||||||
3 | File | `/admin/?page=reports/waste` | High
|
3 | File | `/admin/?page=reports/waste` | High
|
||||||
4 | File | `/admin/?page=user/manage_user` | High
|
4 | File | `/admin/?page=user/manage_user` | High
|
||||||
5 | File | `/admin/del.php` | High
|
5 | File | `/admin/addemployee.php` | High
|
||||||
6 | File | `/admin/delete.php` | High
|
6 | File | `/admin/del.php` | High
|
||||||
7 | File | `/admin/delstu.php` | High
|
7 | File | `/admin/delete.php` | High
|
||||||
8 | File | `/admin/login.php` | High
|
8 | File | `/admin/delstu.php` | High
|
||||||
9 | File | `/admin/products/controller.php?action=add` | High
|
9 | File | `/admin/login.php` | High
|
||||||
10 | File | `/api/v1/user` | Medium
|
10 | File | `/admin/products/controller.php?action=add` | High
|
||||||
11 | File | `/categories/view_category.php` | High
|
11 | File | `/bd_genie_create_account.cgi` | High
|
||||||
12 | File | `/cgi-bin/ExportSettings.sh` | High
|
12 | File | `/categories/view_category.php` | High
|
||||||
13 | File | `/classes/Master.php?f=delete_account` | High
|
13 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||||
14 | File | `/classes/Master.php?f=delete_category` | High
|
14 | File | `/classes/Master.php?f=delete_img` | High
|
||||||
15 | File | `/classes/Master.php?f=delete_img` | High
|
15 | File | `/defaultui/player/modern.html` | High
|
||||||
16 | File | `/classes/Master.php?f=delete_payment` | High
|
16 | File | `/etc/ciel.cfg` | High
|
||||||
17 | File | `/classes/Master.php?f=delete_schedule` | High
|
17 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||||
18 | File | `/classes/Master.php?f=delete_student` | High
|
18 | File | `/etc/srapi/config/system.conf` | High
|
||||||
19 | File | `/classes/Users.php?f=save_client` | High
|
19 | File | `/goform/addRouting` | High
|
||||||
20 | File | `/etc/ciel.cfg` | High
|
20 | File | `/goform/Diagnosis` | High
|
||||||
21 | File | `/etc/init0.d/S80telnetd.sh` | High
|
21 | File | `/goform/form2userconfig.cgi` | High
|
||||||
22 | File | `/etc/srapi/config/system.conf` | High
|
22 | ... | ... | ...
|
||||||
23 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 188 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 183 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
@ -309,6 +312,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
||||||
* https://1275.ru/ioc/237/lazarus-apt-iocs-part-2/
|
* https://1275.ru/ioc/237/lazarus-apt-iocs-part-2/
|
||||||
* https://asec.ahnlab.com/en/33801/
|
* https://asec.ahnlab.com/en/33801/
|
||||||
* https://asec.ahnlab.com/en/34461/
|
* https://asec.ahnlab.com/en/34461/
|
||||||
|
* https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html
|
||||||
|
* https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html
|
||||||
* https://blogs.jpcert.or.jp/ja/2022/06/yamabot.html
|
* https://blogs.jpcert.or.jp/ja/2022/06/yamabot.html
|
||||||
* https://community.blueliv.com/#!/s/60c8c76482df413eb5356c34
|
* https://community.blueliv.com/#!/s/60c8c76482df413eb5356c34
|
||||||
* https://community.blueliv.com/#!/s/603fdde582df413eb5355915
|
* https://community.blueliv.com/#!/s/603fdde582df413eb5355915
|
||||||
|
|
|
@ -47,12 +47,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
2 | T1055 | CWE-74 | Injection | High
|
||||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||||
4 | ... | ... | ... | ...
|
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
|
5 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 3 more TTP items available. Please use our online service to access the data.
|
There are 15 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -108,10 +109,9 @@ ID | Type | Indicator | Confidence
|
||||||
46 | File | `data/gbconfiguration.dat` | High
|
46 | File | `data/gbconfiguration.dat` | High
|
||||||
47 | File | `Debug_command_page.asp` | High
|
47 | File | `Debug_command_page.asp` | High
|
||||||
48 | File | `details_view.php` | High
|
48 | File | `details_view.php` | High
|
||||||
49 | File | `Diagnose.exe` | Medium
|
49 | ... | ... | ...
|
||||||
50 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 432 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -17,11 +17,11 @@ The following _campaigns_ are known and can be associated with Mirai:
|
||||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mirai:
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mirai:
|
||||||
|
|
||||||
* [VN](https://vuldb.com/?country.vn)
|
* [VN](https://vuldb.com/?country.vn)
|
||||||
* [CN](https://vuldb.com/?country.cn)
|
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
|
* [CN](https://vuldb.com/?country.cn)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 2 more country items available. Please use our online service to access the data.
|
There are 5 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -214,7 +214,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-36 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
|
@ -229,15 +229,15 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `/admin/addemployee.php` | High
|
1 | File | `/admin/addemployee.php` | High
|
||||||
2 | File | `/admin/del.php` | High
|
2 | File | `/admin/lab.php` | High
|
||||||
3 | File | `/admin/delete.php` | High
|
3 | File | `/admin/login.php` | High
|
||||||
4 | File | `/admin/delstu.php` | High
|
4 | File | `/admin/products/controller.php?action=add` | High
|
||||||
5 | File | `/admin/login.php` | High
|
5 | File | `/admin/videoalbum/list` | High
|
||||||
6 | File | `/admin/products/controller.php?action=add` | High
|
6 | File | `/bd_genie_create_account.cgi` | High
|
||||||
7 | File | `/categories/view_category.php` | High
|
7 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||||
8 | File | `/cgi-bin/ExportSettings.sh` | High
|
8 | File | `/categories/view_category.php` | High
|
||||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
9 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||||
10 | File | `/classes/Master.php?f=delete_img` | High
|
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||||
11 | File | `/debug/pprof` | Medium
|
11 | File | `/debug/pprof` | Medium
|
||||||
12 | File | `/defaultui/player/modern.html` | High
|
12 | File | `/defaultui/player/modern.html` | High
|
||||||
13 | File | `/etc/ciel.cfg` | High
|
13 | File | `/etc/ciel.cfg` | High
|
||||||
|
@ -246,14 +246,18 @@ ID | Type | Indicator | Confidence
|
||||||
16 | File | `/goform/Diagnosis` | High
|
16 | File | `/goform/Diagnosis` | High
|
||||||
17 | File | `/goform/form2userconfig.cgi` | High
|
17 | File | `/goform/form2userconfig.cgi` | High
|
||||||
18 | File | `/goform/NTPSyncWithHost` | High
|
18 | File | `/goform/NTPSyncWithHost` | High
|
||||||
19 | File | `/goform/SetLEDCfg` | High
|
19 | File | `/goform/saveParentControlInfo` | High
|
||||||
20 | File | `/goform/setMAC` | High
|
20 | File | `/goform/SetIpMacBind` | High
|
||||||
21 | File | `/goform/setPptpUserList` | High
|
21 | File | `/goform/SetLEDCfg` | High
|
||||||
22 | File | `/goform/SystemCommand` | High
|
22 | File | `/goform/setMAC` | High
|
||||||
23 | File | `/goform/WanParameterSetting` | High
|
23 | File | `/goform/setPptpUserList` | High
|
||||||
24 | ... | ... | ...
|
24 | File | `/goform/SetVirtualServerCfg` | High
|
||||||
|
25 | File | `/goform/SystemCommand` | High
|
||||||
|
26 | File | `/goform/WanParameterSetting` | High
|
||||||
|
27 | File | `/goform/wizard_end` | High
|
||||||
|
28 | ... | ... | ...
|
||||||
|
|
||||||
There are 201 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 239 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -89,9 +89,10 @@ ID | Type | Indicator | Confidence
|
||||||
16 | File | `/rest/api/2/user/picker` | High
|
16 | File | `/rest/api/2/user/picker` | High
|
||||||
17 | File | `/service/upload` | High
|
17 | File | `/service/upload` | High
|
||||||
18 | File | `/settings` | Medium
|
18 | File | `/settings` | Medium
|
||||||
19 | ... | ... | ...
|
19 | File | `/tmp` | Low
|
||||||
|
20 | ... | ... | ...
|
||||||
|
|
||||||
There are 160 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 161 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
|
|
||||||
* [FR](https://vuldb.com/?country.fr)
|
* [FR](https://vuldb.com/?country.fr)
|
||||||
* [CN](https://vuldb.com/?country.cn)
|
* [CN](https://vuldb.com/?country.cn)
|
||||||
* [CH](https://vuldb.com/?country.ch)
|
* [US](https://vuldb.com/?country.us)
|
||||||
|
* ...
|
||||||
|
|
||||||
|
There are 1 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -39,13 +42,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-36 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1055 | CWE-74 | Injection | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 19 more TTP items available. Please use our online service to access the data.
|
There are 21 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -60,47 +63,45 @@ ID | Type | Indicator | Confidence
|
||||||
5 | File | `/admin/edit.php` | High
|
5 | File | `/admin/edit.php` | High
|
||||||
6 | File | `/admin/students/view_student.php` | High
|
6 | File | `/admin/students/view_student.php` | High
|
||||||
7 | File | `/advanced-tools/nova/bin/netwatch` | High
|
7 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||||
8 | File | `/categories/view_category.php` | High
|
8 | File | `/bd_genie_create_account.cgi` | High
|
||||||
9 | File | `/cgi-bin/editBookmark` | High
|
9 | File | `/categories/view_category.php` | High
|
||||||
10 | File | `/claire_blake` | High
|
10 | File | `/category_view.php` | High
|
||||||
11 | File | `/classes/Master.php?f=delete_category` | High
|
11 | File | `/cgi-bin/editBookmark` | High
|
||||||
12 | File | `/dashboard/add-blog.php` | High
|
12 | File | `/claire_blake` | High
|
||||||
13 | File | `/dashboard/add-portfolio.php` | High
|
13 | File | `/classes/Master.php?f=delete_category` | High
|
||||||
14 | File | `/dashboard/add-service.php` | High
|
14 | File | `/dashboard/add-blog.php` | High
|
||||||
15 | File | `/dashboard/contact` | High
|
15 | File | `/dashboard/add-portfolio.php` | High
|
||||||
16 | File | `/dashboard/settings` | High
|
16 | File | `/dashboard/add-service.php` | High
|
||||||
17 | File | `/dashboard/updatelogo.php` | High
|
17 | File | `/dashboard/contact` | High
|
||||||
18 | File | `/etc/shadow.sample` | High
|
18 | File | `/dashboard/settings` | High
|
||||||
19 | File | `/etc/srapi/config/system.conf` | High
|
19 | File | `/dashboard/updatelogo.php` | High
|
||||||
20 | File | `/fax/fax_send.php` | High
|
20 | File | `/etc/shadow.sample` | High
|
||||||
21 | File | `/framework/mod/db/DBMapper.xml` | High
|
21 | File | `/etc/srapi/config/system.conf` | High
|
||||||
22 | File | `/gasmark/assets/myimages/oneWord.php` | High
|
22 | File | `/fax/fax_send.php` | High
|
||||||
23 | File | `/goform/aspForm` | High
|
23 | File | `/framework/mod/db/DBMapper.xml` | High
|
||||||
24 | File | `/goform/form2userconfig.cgi` | High
|
24 | File | `/gasmark/assets/myimages/oneWord.php` | High
|
||||||
25 | File | `/goform/formWifiBasicSet` | High
|
25 | File | `/goform/aspForm` | High
|
||||||
26 | File | `/goform/setAutoPing` | High
|
26 | File | `/goform/form2userconfig.cgi` | High
|
||||||
27 | File | `/guestmanagement/front.php` | High
|
27 | File | `/goform/formWifiBasicSet` | High
|
||||||
28 | File | `/Home/debit_credit_p` | High
|
28 | File | `/goform/setAutoPing` | High
|
||||||
29 | File | `/home/www/cgi-bin/diagnostics.cgi` | High
|
29 | File | `/guestmanagement/front.php` | High
|
||||||
30 | File | `/htdocs/utils/Files.php` | High
|
30 | File | `/Home/debit_credit_p` | High
|
||||||
31 | File | `/htmldoc/htmldoc/html.cxx` | High
|
31 | File | `/home/www/cgi-bin/diagnostics.cgi` | High
|
||||||
32 | File | `/include/menu_v.inc.php` | High
|
32 | File | `/htdocs/utils/Files.php` | High
|
||||||
33 | File | `/includes/utils.php` | High
|
33 | File | `/htmldoc/htmldoc/html.cxx` | High
|
||||||
34 | File | `/index.php` | Medium
|
34 | File | `/includes/utils.php` | High
|
||||||
35 | File | `/items/manage_item.php` | High
|
35 | File | `/index.php` | Medium
|
||||||
36 | File | `/librarian/lab.php` | High
|
36 | File | `/items/manage_item.php` | High
|
||||||
37 | File | `/login.php` | Medium
|
37 | File | `/librarian/lab.php` | High
|
||||||
38 | File | `/loginVaLidation.php` | High
|
38 | File | `/login.php` | Medium
|
||||||
39 | File | `/manage-apartment.php` | High
|
39 | File | `/loginVaLidation.php` | High
|
||||||
40 | File | `/management/api/rcx_management/global_config_query` | High
|
40 | File | `/manage-apartment.php` | High
|
||||||
41 | File | `/mdiy/page/verify` | High
|
41 | File | `/management/api/rcx_management/global_config_query` | High
|
||||||
42 | File | `/mkshop/Men/profile.php` | High
|
42 | File | `/mdiy/page/verify` | High
|
||||||
43 | File | `/mkshope/login.php` | High
|
43 | File | `/mkshop/Men/profile.php` | High
|
||||||
44 | File | `/mygym/admin/index.php` | High
|
44 | ... | ... | ...
|
||||||
45 | File | `/mygym/admin/index.php?view_exercises` | High
|
|
||||||
46 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 398 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -68,7 +68,7 @@ ID | Type | Indicator | Confidence
|
||||||
17 | File | `/rest/api/2/search` | High
|
17 | File | `/rest/api/2/search` | High
|
||||||
18 | ... | ... | ...
|
18 | ... | ... | ...
|
||||||
|
|
||||||
There are 147 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 148 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
|
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* [PT](https://vuldb.com/?country.pt)
|
* [PT](https://vuldb.com/?country.pt)
|
||||||
* [RU](https://vuldb.com/?country.ru)
|
* [FR](https://vuldb.com/?country.fr)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 9 more country items available. Please use our online service to access the data.
|
There are 8 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -39,7 +39,8 @@ ID | Technique | Weakness | Description | Confidence
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | T1068 | CWE-250, CWE-264, CWE-268, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||||
|
7 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 22 more TTP items available. Please use our online service to access the data.
|
There are 22 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
|
@ -55,33 +56,34 @@ ID | Type | Indicator | Confidence
|
||||||
4 | File | `/advanced-tools/nova/bin/netwatch` | High
|
4 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||||
5 | File | `/api/plugin/uninstall` | High
|
5 | File | `/api/plugin/uninstall` | High
|
||||||
6 | File | `/artist-display.php` | High
|
6 | File | `/artist-display.php` | High
|
||||||
7 | File | `/bmis/pages/resident/resident.php` | High
|
7 | File | `/bd_genie_create_account.cgi` | High
|
||||||
8 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
8 | File | `/bmis/pages/resident/resident.php` | High
|
||||||
9 | File | `/claire_blake` | High
|
9 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||||
10 | File | `/classes/Master.php?f=delete_account` | High
|
10 | File | `/claire_blake` | High
|
||||||
11 | File | `/classes/Master.php?f=delete_category` | High
|
11 | File | `/classes/Master.php?f=delete_account` | High
|
||||||
12 | File | `/classes/Master.php?f=delete_schedule` | High
|
12 | File | `/classes/Master.php?f=delete_category` | High
|
||||||
13 | File | `/classes/Master.php?f=delete_student` | High
|
13 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||||
14 | File | `/classes/Master.php?f=delete_waste` | High
|
14 | File | `/classes/Master.php?f=delete_student` | High
|
||||||
15 | File | `/classes/Users.php?f=save_client` | High
|
15 | File | `/classes/Master.php?f=delete_waste` | High
|
||||||
16 | File | `/client.php` | Medium
|
16 | File | `/classes/Users.php?f=save_client` | High
|
||||||
17 | File | `/dashboard/menu-list.php` | High
|
17 | File | `/client.php` | Medium
|
||||||
18 | File | `/doping.asp` | Medium
|
18 | File | `/dashboard/menu-list.php` | High
|
||||||
19 | File | `/dotrace.asp` | Medium
|
19 | File | `/doping.asp` | Medium
|
||||||
20 | File | `/editbrand.php` | High
|
20 | File | `/dotrace.asp` | Medium
|
||||||
21 | File | `/edituser.php` | High
|
21 | File | `/editbrand.php` | High
|
||||||
22 | File | `/etc/lighttpd.d/ca.pem` | High
|
22 | File | `/edituser.php` | High
|
||||||
23 | File | `/etc/shadow.sample` | High
|
23 | File | `/etc/lighttpd.d/ca.pem` | High
|
||||||
24 | File | `/goform/aspForm` | High
|
24 | File | `/etc/shadow.sample` | High
|
||||||
25 | File | `/goform/exeCommand` | High
|
25 | File | `/goform/aspForm` | High
|
||||||
26 | File | `/goform/form2userconfig.cgi` | High
|
26 | File | `/goform/exeCommand` | High
|
||||||
27 | File | `/goform/WanParameterSetting` | High
|
27 | File | `/goform/form2userconfig.cgi` | High
|
||||||
28 | File | `/Home/debit_credit_p` | High
|
28 | File | `/goform/SetStaticRouteCfg` | High
|
||||||
29 | File | `/index.php` | Medium
|
29 | File | `/goform/WanParameterSetting` | High
|
||||||
30 | File | `/login.php` | Medium
|
30 | File | `/Home/debit_credit_p` | High
|
||||||
31 | ... | ... | ...
|
31 | File | `/index.php` | Medium
|
||||||
|
32 | ... | ... | ...
|
||||||
|
|
||||||
There are 266 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 273 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with Prophet Spider:
|
||||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Prophet Spider:
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Prophet Spider:
|
||||||
|
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* [IT](https://vuldb.com/?country.it)
|
* [SC](https://vuldb.com/?country.sc)
|
||||||
* [RU](https://vuldb.com/?country.ru)
|
* [RU](https://vuldb.com/?country.ru)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 9 more country items available. Please use our online service to access the data.
|
There are 7 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||||
|
@ -61,37 +61,40 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
|
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `/admin/?page=reports/waste` | High
|
1 | File | `/admin/?page=reports/stockin` | High
|
||||||
2 | File | `/admin/?page=user/manage_user` | High
|
2 | File | `/admin/?page=reports/waste` | High
|
||||||
3 | File | `/admin/del.php` | High
|
3 | File | `/admin/?page=user/manage_user` | High
|
||||||
4 | File | `/admin/delete.php` | High
|
4 | File | `/admin/addemployee.php` | High
|
||||||
5 | File | `/admin/delstu.php` | High
|
5 | File | `/admin/del.php` | High
|
||||||
6 | File | `/admin/history.php` | High
|
6 | File | `/admin/delete.php` | High
|
||||||
7 | File | `/admin/login.php` | High
|
7 | File | `/admin/delstu.php` | High
|
||||||
8 | File | `/admin/modify.php` | High
|
8 | File | `/admin/history.php` | High
|
||||||
9 | File | `/admin/modify1.php` | High
|
9 | File | `/admin/login.php` | High
|
||||||
10 | File | `/admin/products/controller.php?action=add` | High
|
10 | File | `/admin/modify.php` | High
|
||||||
11 | File | `/advanced-tools/nova/bin/netwatch` | High
|
11 | File | `/admin/modify1.php` | High
|
||||||
12 | File | `/api/v1/user` | Medium
|
12 | File | `/admin/products/controller.php?action=add` | High
|
||||||
13 | File | `/assets` | Low
|
13 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||||
14 | File | `/blogengine/api/posts` | High
|
14 | File | `/api/v1/user` | Medium
|
||||||
15 | File | `/cgi-bin/DownloadFlash` | High
|
15 | File | `/appConfig/userDB.json` | High
|
||||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
16 | File | `/bd_genie_create_account.cgi` | High
|
||||||
17 | File | `/classes/Master.php?f=delete_account` | High
|
17 | File | `/bin/boa` | Medium
|
||||||
18 | File | `/classes/Master.php?f=delete_category` | High
|
18 | File | `/blog/edit` | Medium
|
||||||
19 | File | `/classes/Master.php?f=delete_img` | High
|
19 | File | `/blogengine/api/posts` | High
|
||||||
20 | File | `/classes/Master.php?f=delete_payment` | High
|
20 | File | `/brand.php` | Medium
|
||||||
21 | File | `/classes/Master.php?f=delete_schedule` | High
|
21 | File | `/cgi-bin/DownloadFlash` | High
|
||||||
22 | File | `/classes/Master.php?f=delete_student` | High
|
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||||
23 | File | `/classes/Master.php?f=delete_waste` | High
|
23 | File | `/classes/Master.php?f=delete_account` | High
|
||||||
24 | File | `/classes/Users.php?f=save_client` | High
|
24 | File | `/classes/Master.php?f=delete_category` | High
|
||||||
25 | File | `/etc/ciel.cfg` | High
|
25 | File | `/classes/Master.php?f=delete_img` | High
|
||||||
26 | File | `/etc/init0.d/S80telnetd.sh` | High
|
26 | File | `/classes/Master.php?f=delete_payment` | High
|
||||||
27 | File | `/etc/shadow.sample` | High
|
27 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||||
28 | File | `/etc/srapi/config/system.conf` | High
|
28 | File | `/classes/Master.php?f=delete_student` | High
|
||||||
29 | ... | ... | ...
|
29 | File | `/classes/Master.php?f=delete_waste` | High
|
||||||
|
30 | File | `/classes/Users.php?f=save_client` | High
|
||||||
|
31 | File | `/client.php` | Medium
|
||||||
|
32 | ... | ... | ...
|
||||||
|
|
||||||
There are 248 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 272 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
||||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Purple Fox:
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Purple Fox:
|
||||||
|
|
||||||
* [VN](https://vuldb.com/?country.vn)
|
* [VN](https://vuldb.com/?country.vn)
|
||||||
* [CN](https://vuldb.com/?country.cn)
|
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
|
* [CN](https://vuldb.com/?country.cn)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 12 more country items available. Please use our online service to access the data.
|
There are 11 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -437,13 +437,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||||
2 | T1055 | CWE-74 | Injection | High
|
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 20 more TTP items available. Please use our online service to access the data.
|
There are 21 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -457,24 +457,24 @@ ID | Type | Indicator | Confidence
|
||||||
4 | File | `/ad_js.php` | Medium
|
4 | File | `/ad_js.php` | Medium
|
||||||
5 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
5 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||||
6 | File | `/appliance/users?action=edit` | High
|
6 | File | `/appliance/users?action=edit` | High
|
||||||
7 | File | `/bin/login` | Medium
|
7 | File | `/bd_genie_create_account.cgi` | High
|
||||||
8 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
8 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||||
9 | File | `/cgi-bin/kerbynet` | High
|
9 | File | `/cgi-bin/kerbynet` | High
|
||||||
10 | File | `/cgi-bin/luci/api/wireless` | High
|
10 | File | `/cgi-bin/nightled.cgi` | High
|
||||||
11 | File | `/cgi-bin/nightled.cgi` | High
|
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
12 | File | `/claire_blake` | High
|
||||||
13 | File | `/claire_blake` | High
|
13 | File | `/configs/application.ini` | High
|
||||||
14 | File | `/configs/application.ini` | High
|
14 | File | `/controller/OnlinePreviewController.java` | High
|
||||||
15 | File | `/controller/OnlinePreviewController.java` | High
|
15 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||||
16 | File | `/coreframe/app/attachment/admin/index.php` | High
|
16 | File | `/coreframe/app/pay/admin/index.php` | High
|
||||||
17 | File | `/coreframe/app/pay/admin/index.php` | High
|
17 | File | `/debug/pprof` | Medium
|
||||||
18 | File | `/debug/pprof` | Medium
|
18 | File | `/defaultui/player/modern.html` | High
|
||||||
19 | File | `/defaultui/player/modern.html` | High
|
19 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||||
20 | File | `/etc/init0.d/S80telnetd.sh` | High
|
20 | File | `/etc/shadow` | Medium
|
||||||
21 | File | `/etc/shadow` | Medium
|
21 | File | `/etc/shadow.sample` | High
|
||||||
22 | File | `/etc/shadow.sample` | High
|
22 | File | `/filemanager/ajax_calls.php` | High
|
||||||
23 | File | `/filemanager/ajax_calls.php` | High
|
23 | File | `/forum/away.php` | High
|
||||||
24 | File | `/forum/away.php` | High
|
24 | File | `/goform/SetIpMacBind` | High
|
||||||
25 | File | `/goform/setmac` | High
|
25 | File | `/goform/setmac` | High
|
||||||
26 | File | `/h/search?action` | High
|
26 | File | `/h/search?action` | High
|
||||||
27 | File | `/home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf` | High
|
27 | File | `/home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf` | High
|
||||||
|
@ -489,15 +489,11 @@ ID | Type | Indicator | Confidence
|
||||||
36 | File | `/mkshop/Men/profile.php` | High
|
36 | File | `/mkshop/Men/profile.php` | High
|
||||||
37 | File | `/ows-bin` | Medium
|
37 | File | `/ows-bin` | Medium
|
||||||
38 | File | `/pages/apply_vacancy.php` | High
|
38 | File | `/pages/apply_vacancy.php` | High
|
||||||
39 | File | `/pages/faculty_sched.php` | High
|
39 | File | `/pages/processlogin.php` | High
|
||||||
40 | File | `/pages/processlogin.php` | High
|
40 | File | `/redbin/rpwebutilities.exe/text` | High
|
||||||
41 | File | `/redbin/rpwebutilities.exe/text` | High
|
41 | ... | ... | ...
|
||||||
42 | File | `/resources//../` | High
|
|
||||||
43 | File | `/rest/collectors/1.0/template/custom` | High
|
|
||||||
44 | File | `/uncpath/` | Medium
|
|
||||||
45 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 389 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 354 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
* [IN](https://vuldb.com/?country.in)
|
* [IN](https://vuldb.com/?country.in)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 19 more country items available. Please use our online service to access the data.
|
There are 16 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -1122,34 +1122,32 @@ ID | Type | Indicator | Confidence
|
||||||
8 | File | `/admin/showbad.php` | High
|
8 | File | `/admin/showbad.php` | High
|
||||||
9 | File | `/admin/students/view_student.php` | High
|
9 | File | `/admin/students/view_student.php` | High
|
||||||
10 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
10 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||||
11 | File | `/cgi-bin/kerbynet` | High
|
11 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||||
12 | File | `/coreframe/app/attachment/admin/index.php` | High
|
12 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||||
13 | File | `/etc/tomcat8/Catalina/attack` | High
|
13 | File | `/forum/away.php` | High
|
||||||
14 | File | `/forum/away.php` | High
|
14 | File | `/index.php` | Medium
|
||||||
15 | File | `/index.php` | Medium
|
15 | File | `/Items/*/RemoteImages/Download` | High
|
||||||
16 | File | `/Items/*/RemoteImages/Download` | High
|
16 | File | `/lists/index.php` | High
|
||||||
17 | File | `/lists/admin/` | High
|
17 | File | `/MagickCore/image.c` | High
|
||||||
18 | File | `/lists/index.php` | High
|
18 | File | `/members/view_member.php` | High
|
||||||
19 | File | `/MagickCore/image.c` | High
|
19 | File | `/out.php` | Medium
|
||||||
20 | File | `/members/view_member.php` | High
|
20 | File | `/owa/auth/logon.aspx` | High
|
||||||
21 | File | `/out.php` | Medium
|
21 | File | `/p1/p2/:name` | Medium
|
||||||
22 | File | `/owa/auth/logon.aspx` | High
|
22 | File | `/public/launchNewWindow.jsp` | High
|
||||||
23 | File | `/p1/p2/:name` | Medium
|
23 | File | `/rdms/admin/?page=user/manage_user` | High
|
||||||
24 | File | `/public/launchNewWindow.jsp` | High
|
24 | File | `/redbin/rpwebutilities.exe/text` | High
|
||||||
25 | File | `/rdms/admin/?page=user/manage_user` | High
|
25 | File | `/spip.php` | Medium
|
||||||
26 | File | `/redbin/rpwebutilities.exe/text` | High
|
26 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||||
27 | File | `/spip.php` | Medium
|
27 | File | `/trx_addons/v2/get/sc_layout` | High
|
||||||
28 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
28 | File | `/upload` | Low
|
||||||
29 | File | `/trx_addons/v2/get/sc_layout` | High
|
29 | File | `/WEB-INF/web.xml` | High
|
||||||
30 | File | `/upload` | Low
|
30 | File | `/wp-admin/admin-ajax.php` | High
|
||||||
31 | File | `/WEB-INF/web.xml` | High
|
31 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||||
32 | File | `/wp-admin/admin-ajax.php` | High
|
32 | File | `?location=search` | High
|
||||||
33 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
33 | File | `AdClass.php` | Medium
|
||||||
34 | File | `?location=search` | High
|
34 | ... | ... | ...
|
||||||
35 | File | `AdClass.php` | Medium
|
|
||||||
36 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 306 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 294 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -53,7 +53,7 @@ ID | Technique | Weakness | Description | Confidence
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 19 more TTP items available. Please use our online service to access the data.
|
There are 18 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -73,30 +73,28 @@ ID | Type | Indicator | Confidence
|
||||||
10 | File | `/config/config.php` | High
|
10 | File | `/config/config.php` | High
|
||||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||||
12 | File | `/core/conditions/AbstractWrapper.java` | High
|
12 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||||
13 | File | `/customers/index.php` | High
|
13 | File | `/DataHandler/AM/AM_Handler.ashx` | High
|
||||||
14 | File | `/DataHandler/AM/AM_Handler.ashx` | High
|
14 | File | `/DataHandler/HandlerAlarmGroup.ashx` | High
|
||||||
15 | File | `/DataHandler/HandlerAlarmGroup.ashx` | High
|
15 | File | `/DataHandler/HandlerEnergyType.ashx` | High
|
||||||
16 | File | `/DataHandler/HandlerEnergyType.ashx` | High
|
16 | File | `/DataHandler/Handler_CFG.ashx` | High
|
||||||
17 | File | `/DataHandler/Handler_CFG.ashx` | High
|
17 | File | `/ECT_Provider/` | High
|
||||||
18 | File | `/ECT_Provider/` | High
|
18 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||||
19 | File | `/fuel/index.php/fuel/logs/items` | High
|
19 | File | `/fuel/index.php/fuel/pages/items` | High
|
||||||
20 | File | `/fuel/index.php/fuel/pages/items` | High
|
20 | File | `/goform/openSchedWifi` | High
|
||||||
21 | File | `/goform/openSchedWifi` | High
|
21 | File | `/goform/SetNetControlList` | High
|
||||||
22 | File | `/goform/SetNetControlList` | High
|
22 | File | `/image_zoom.php` | High
|
||||||
23 | File | `/image_zoom.php` | High
|
23 | File | `/include/config.cache.php` | High
|
||||||
24 | File | `/include/config.cache.php` | High
|
24 | File | `/index.php` | Medium
|
||||||
25 | File | `/json/profile/removeStarAjax.do` | High
|
25 | File | `/mkshop/Men/profile.php` | High
|
||||||
26 | File | `/plugin/ajax.php` | High
|
26 | File | `/plugin/ajax.php` | High
|
||||||
27 | File | `/preauth` | Medium
|
27 | File | `/preauth` | Medium
|
||||||
28 | File | `/proc/ioports` | High
|
28 | File | `/proxy/` | Low
|
||||||
29 | File | `/proxy/` | Low
|
29 | File | `/public/plugins/` | High
|
||||||
30 | File | `/public/plugins/` | High
|
30 | File | `/rest/api/2/search` | High
|
||||||
31 | File | `/rest/api/2/search` | High
|
31 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||||
32 | File | `/rest/api/latest/projectvalidate/key` | High
|
32 | ... | ... | ...
|
||||||
33 | File | `/rom-0` | Low
|
|
||||||
34 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -58,88 +58,88 @@ ID | Type | Indicator | Confidence
|
||||||
10 | File | `/dl/dl_print.php` | High
|
10 | File | `/dl/dl_print.php` | High
|
||||||
11 | File | `/etc/master.passwd` | High
|
11 | File | `/etc/master.passwd` | High
|
||||||
12 | File | `/etc/passwd` | Medium
|
12 | File | `/etc/passwd` | Medium
|
||||||
13 | File | `/Hospital-Management-System-master/contact.php` | High
|
13 | File | `/goform/Diagnosis` | High
|
||||||
14 | File | `/include/friends.inc.php` | High
|
14 | File | `/Hospital-Management-System-master/contact.php` | High
|
||||||
15 | File | `/members/view_member.php` | High
|
15 | File | `/include/friends.inc.php` | High
|
||||||
16 | File | `/servlet/webacc` | High
|
16 | File | `/members/view_member.php` | High
|
||||||
17 | File | `/sitemagic/upgrade.php` | High
|
17 | File | `/servlet/webacc` | High
|
||||||
18 | File | `/userui/ticket_list.php` | High
|
18 | File | `/sitemagic/upgrade.php` | High
|
||||||
19 | File | `/wp-admin/options-general.php` | High
|
19 | File | `/userui/ticket_list.php` | High
|
||||||
20 | File | `/zm/index.php` | High
|
20 | File | `/wp-admin/options-general.php` | High
|
||||||
21 | File | `abook_database.php` | High
|
21 | File | `/zm/index.php` | High
|
||||||
22 | File | `accounts/inc/include.php` | High
|
22 | File | `abook_database.php` | High
|
||||||
23 | File | `adaptive-images-script.php` | High
|
23 | File | `accounts/inc/include.php` | High
|
||||||
24 | File | `additem.asp` | Medium
|
24 | File | `adaptive-images-script.php` | High
|
||||||
25 | File | `addtocart.asp` | High
|
25 | File | `additem.asp` | Medium
|
||||||
26 | File | `adherents/subscription/info.php` | High
|
26 | File | `addtocart.asp` | High
|
||||||
27 | File | `admin.asp` | Medium
|
27 | File | `adherents/subscription/info.php` | High
|
||||||
28 | File | `admin.php` | Medium
|
28 | File | `admin.asp` | Medium
|
||||||
29 | File | `admin/admin.php` | High
|
29 | File | `admin.php` | Medium
|
||||||
30 | File | `admin/admin_users.php` | High
|
30 | File | `admin/admin.php` | High
|
||||||
31 | File | `admin/general.php` | High
|
31 | File | `admin/admin_users.php` | High
|
||||||
32 | File | `admin/header.php` | High
|
32 | File | `admin/general.php` | High
|
||||||
33 | File | `admin/inc/change_action.php` | High
|
33 | File | `admin/header.php` | High
|
||||||
34 | File | `admin/index.php` | High
|
34 | File | `admin/inc/change_action.php` | High
|
||||||
35 | File | `admin/info.php` | High
|
35 | File | `admin/index.php` | High
|
||||||
36 | File | `admin/login.asp` | High
|
36 | File | `admin/info.php` | High
|
||||||
37 | File | `admin/manage-comments.php` | High
|
37 | File | `admin/login.asp` | High
|
||||||
38 | File | `admin/manage-news.php` | High
|
38 | File | `admin/manage-comments.php` | High
|
||||||
39 | File | `admin/plugin-settings.php` | High
|
39 | File | `admin/manage-news.php` | High
|
||||||
40 | File | `admin/specials.php` | High
|
40 | File | `admin/plugin-settings.php` | High
|
||||||
41 | File | `admin:de` | Medium
|
41 | File | `admin/specials.php` | High
|
||||||
42 | File | `admincp/auth/checklogin.php` | High
|
42 | File | `admin:de` | Medium
|
||||||
43 | File | `admincp/auth/secure.php` | High
|
43 | File | `admincp/auth/checklogin.php` | High
|
||||||
44 | File | `administrator/components/com_media/helpers/media.php` | High
|
44 | File | `admincp/auth/secure.php` | High
|
||||||
45 | File | `administrator/index.php` | High
|
45 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||||
46 | File | `admin_login.asp` | High
|
46 | File | `administrator/index.php` | High
|
||||||
47 | File | `adv_search.asp` | High
|
47 | File | `admin_login.asp` | High
|
||||||
48 | File | `ajax_url.php` | Medium
|
48 | File | `adv_search.asp` | High
|
||||||
49 | File | `album_portal.php` | High
|
49 | File | `ajax_url.php` | Medium
|
||||||
50 | File | `al_initialize.php` | High
|
50 | File | `album_portal.php` | High
|
||||||
51 | File | `anjel.index.php` | High
|
51 | File | `al_initialize.php` | High
|
||||||
52 | File | `annonces-p-f.php` | High
|
52 | File | `anjel.index.php` | High
|
||||||
53 | File | `announce.php` | Medium
|
53 | File | `annonces-p-f.php` | High
|
||||||
54 | File | `announcement.php` | High
|
54 | File | `announce.php` | Medium
|
||||||
55 | File | `announcements.php` | High
|
55 | File | `announcement.php` | High
|
||||||
56 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
|
56 | File | `announcements.php` | High
|
||||||
57 | File | `application/config/config.php` | High
|
57 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
|
||||||
58 | File | `apply.cgi` | Medium
|
58 | File | `application/config/config.php` | High
|
||||||
59 | File | `apps/app_article/controller/rating.php` | High
|
59 | File | `apply.cgi` | Medium
|
||||||
60 | File | `article.php` | Medium
|
60 | File | `apps/app_article/controller/rating.php` | High
|
||||||
61 | File | `articles.php` | Medium
|
61 | File | `article.php` | Medium
|
||||||
62 | File | `artikel_anzeige.php` | High
|
62 | File | `articles.php` | Medium
|
||||||
63 | File | `auktion.cgi` | Medium
|
63 | File | `artikel_anzeige.php` | High
|
||||||
64 | File | `auth.php` | Medium
|
64 | File | `auktion.cgi` | Medium
|
||||||
65 | File | `authfiles/login.asp` | High
|
65 | File | `auth.php` | Medium
|
||||||
66 | File | `basket.php` | Medium
|
66 | File | `authfiles/login.asp` | High
|
||||||
67 | File | `boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php` | High
|
67 | File | `basket.php` | Medium
|
||||||
68 | File | `books.php` | Medium
|
68 | File | `boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php` | High
|
||||||
69 | File | `browse-category.php` | High
|
69 | File | `books.php` | Medium
|
||||||
70 | File | `browse.php` | Medium
|
70 | File | `browse-category.php` | High
|
||||||
71 | File | `browse_videos.php` | High
|
71 | File | `browse.php` | Medium
|
||||||
72 | File | `BrudaNews/BrudaGB` | High
|
72 | File | `browse_videos.php` | High
|
||||||
73 | File | `bwlist_inc.html` | High
|
73 | File | `BrudaNews/BrudaGB` | High
|
||||||
74 | File | `calendar.php` | Medium
|
74 | File | `bwlist_inc.html` | High
|
||||||
75 | File | `callme_page.php` | High
|
75 | File | `calendar.php` | Medium
|
||||||
76 | File | `cart.php` | Medium
|
76 | File | `callme_page.php` | High
|
||||||
77 | File | `cart_add.php` | Medium
|
77 | File | `cart.php` | Medium
|
||||||
78 | File | `case.filemanager.php` | High
|
78 | File | `cart_add.php` | Medium
|
||||||
79 | File | `catalog.php` | Medium
|
79 | File | `case.filemanager.php` | High
|
||||||
80 | File | `catalogshop.php` | High
|
80 | File | `catalog.php` | Medium
|
||||||
81 | File | `catalogue.asp` | High
|
81 | File | `catalogshop.php` | High
|
||||||
82 | File | `category.cfm` | Medium
|
82 | File | `catalogue.asp` | High
|
||||||
83 | File | `category.php` | Medium
|
83 | File | `category.cfm` | Medium
|
||||||
84 | File | `category_list.php` | High
|
84 | File | `category.php` | Medium
|
||||||
85 | File | `cgi-bin/awstats.pl` | High
|
85 | File | `category_list.php` | High
|
||||||
86 | File | `channel.asp` | Medium
|
86 | File | `cgi-bin/awstats.pl` | High
|
||||||
87 | File | `ChooseCpSearch.php` | High
|
87 | File | `channel.asp` | Medium
|
||||||
88 | File | `comentarii.php` | High
|
88 | File | `ChooseCpSearch.php` | High
|
||||||
89 | File | `comments.php` | Medium
|
89 | File | `comentarii.php` | High
|
||||||
90 | File | `config.inc.php` | High
|
90 | File | `comments.php` | Medium
|
||||||
91 | File | `config.php` | Medium
|
91 | File | `config.inc.php` | High
|
||||||
92 | ... | ... | ...
|
92 | ... | ... | ...
|
||||||
|
|
||||||
There are 816 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 817 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -68,7 +68,7 @@ ID | Type | Indicator | Confidence
|
||||||
18 | File | `/usr/sbin/sendmail` | High
|
18 | File | `/usr/sbin/sendmail` | High
|
||||||
19 | ... | ... | ...
|
19 | ... | ... | ...
|
||||||
|
|
||||||
There are 157 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 159 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -108,10 +108,9 @@ ID | Type | Indicator | Confidence
|
||||||
38 | File | `app/call_centers/cmd.php` | High
|
38 | File | `app/call_centers/cmd.php` | High
|
||||||
39 | File | `apply.cgi` | Medium
|
39 | File | `apply.cgi` | Medium
|
||||||
40 | File | `appointment.php` | High
|
40 | File | `appointment.php` | High
|
||||||
41 | File | `arch/x86/kvm/hyperv.c` | High
|
41 | ... | ... | ...
|
||||||
42 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 357 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 4 more country items available. Please use our online service to access the data.
|
There are 5 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -250,33 +250,33 @@ ID | Type | Indicator | Confidence
|
||||||
3 | File | `/admin/del.php` | High
|
3 | File | `/admin/del.php` | High
|
||||||
4 | File | `/admin/delete.php` | High
|
4 | File | `/admin/delete.php` | High
|
||||||
5 | File | `/admin/delstu.php` | High
|
5 | File | `/admin/delstu.php` | High
|
||||||
6 | File | `/admin/list_key.html` | High
|
6 | File | `/admin/login.php` | High
|
||||||
7 | File | `/admin/login.php` | High
|
7 | File | `/admin/products/controller.php?action=add` | High
|
||||||
8 | File | `/admin/products/controller.php?action=add` | High
|
8 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||||
9 | File | `/advanced-tools/nova/bin/netwatch` | High
|
9 | File | `/assets` | Low
|
||||||
10 | File | `/assets` | Low
|
10 | File | `/blog/post/edit` | High
|
||||||
11 | File | `/blog/post/edit` | High
|
11 | File | `/categories/view_category.php` | High
|
||||||
12 | File | `/categories/view_category.php` | High
|
12 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||||
13 | File | `/cgi-bin/ExportSettings.sh` | High
|
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
14 | File | `/classes/Master.php?f=delete_img` | High
|
||||||
15 | File | `/classes/Master.php?f=delete_img` | High
|
15 | File | `/debug/pprof` | Medium
|
||||||
16 | File | `/debug/pprof` | Medium
|
16 | File | `/etc/ciel.cfg` | High
|
||||||
17 | File | `/etc/ciel.cfg` | High
|
17 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||||
18 | File | `/etc/init0.d/S80telnetd.sh` | High
|
18 | File | `/etc/shadow.sample` | High
|
||||||
19 | File | `/etc/shadow.sample` | High
|
19 | File | `/fax/fax_send.php` | High
|
||||||
20 | File | `/fax/fax_send.php` | High
|
20 | File | `/forum/away.php` | High
|
||||||
21 | File | `/forum/away.php` | High
|
21 | File | `/framework/mod/db/DBMapper.xml` | High
|
||||||
22 | File | `/framework/mod/db/DBMapper.xml` | High
|
22 | File | `/goform/addRouting` | High
|
||||||
23 | File | `/goform/addRouting` | High
|
23 | File | `/goform/Diagnosis` | High
|
||||||
24 | File | `/goform/Diagnosis` | High
|
24 | File | `/goform/doReboot` | High
|
||||||
25 | File | `/goform/doReboot` | High
|
25 | File | `/goform/form2userconfig.cgi` | High
|
||||||
26 | File | `/goform/form2userconfig.cgi` | High
|
26 | File | `/goform/form2Wan.cgi` | High
|
||||||
27 | File | `/goform/form2Wan.cgi` | High
|
27 | File | `/goform/formWifiBasicSet` | High
|
||||||
28 | File | `/goform/formWifiBasicSet` | High
|
28 | File | `/goform/NTPSyncWithHost` | High
|
||||||
29 | File | `/goform/NTPSyncWithHost` | High
|
29 | File | `/goform/SetIpMacBind` | High
|
||||||
30 | ... | ... | ...
|
30 | ... | ... | ...
|
||||||
|
|
||||||
There are 253 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -154,7 +154,7 @@ ID | Type | Indicator | Confidence
|
||||||
96 | File | `category.cfm` | Medium
|
96 | File | `category.cfm` | Medium
|
||||||
97 | ... | ... | ...
|
97 | ... | ... | ...
|
||||||
|
|
||||||
There are 859 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 861 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -325,14 +325,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 21 more TTP items available. Please use our online service to access the data.
|
There are 20 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -344,51 +344,54 @@ ID | Type | Indicator | Confidence
|
||||||
2 | File | `/addQuestion.php` | High
|
2 | File | `/addQuestion.php` | High
|
||||||
3 | File | `/adm/setmain.php` | High
|
3 | File | `/adm/setmain.php` | High
|
||||||
4 | File | `/admin` | Low
|
4 | File | `/admin` | Low
|
||||||
5 | File | `/admin/` | Low
|
5 | File | `/admin/add_exercises.php` | High
|
||||||
6 | File | `/admin/add_exercises.php` | High
|
6 | File | `/admin/add_trainers.php` | High
|
||||||
7 | File | `/admin/add_trainers.php` | High
|
7 | File | `/admin/conferences/get-all-status/` | High
|
||||||
8 | File | `/admin/cms.php` | High
|
8 | File | `/admin/conferences/list/` | High
|
||||||
9 | File | `/admin/conferences/get-all-status/` | High
|
9 | File | `/admin/edit.php` | High
|
||||||
10 | File | `/admin/conferences/list/` | High
|
10 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||||
11 | File | `/admin/countrymanagement.php` | High
|
11 | File | `/admin/general.cgi` | High
|
||||||
12 | File | `/admin/edit.php` | High
|
12 | File | `/admin/general/change-lang` | High
|
||||||
13 | File | `/admin/edit_admin_details.php?id=admin` | High
|
13 | File | `/admin/group/list/` | High
|
||||||
14 | File | `/admin/featured.php` | High
|
14 | File | `/admin/lab.php` | High
|
||||||
15 | File | `/admin/general.cgi` | High
|
15 | File | `/admin/newsletter1.php` | High
|
||||||
16 | File | `/admin/general/change-lang` | High
|
16 | File | `/admin/scheprofile.cgi` | High
|
||||||
17 | File | `/admin/group/list/` | High
|
17 | File | `/admin/searchview.php` | High
|
||||||
18 | File | `/admin/newsletter1.php` | High
|
18 | File | `/admin/service/stop/` | High
|
||||||
19 | File | `/admin/photo.php` | High
|
19 | File | `/admin/students/view_student.php` | High
|
||||||
20 | File | `/admin/renewaldue.php` | High
|
20 | File | `/admin/usermanagement.php` | High
|
||||||
21 | File | `/admin/scheprofile.cgi` | High
|
21 | File | `/api/` | Low
|
||||||
22 | File | `/admin/searchview.php` | High
|
22 | File | `/api/user/userData?userCode=admin` | High
|
||||||
23 | File | `/admin/service/stop/` | High
|
23 | File | `/api/v1/user` | Medium
|
||||||
24 | File | `/admin/students/view_student.php` | High
|
24 | File | `/artist-display.php` | High
|
||||||
25 | File | `/admin/usermanagement.php` | High
|
25 | File | `/catcompany.php` | High
|
||||||
26 | File | `/Ap4RtpAtom.cpp` | High
|
26 | File | `/category.php` | High
|
||||||
27 | File | `/api/` | Low
|
27 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||||
28 | File | `/api/user/userData?userCode=admin` | High
|
28 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||||
29 | File | `/artist-display.php` | High
|
29 | File | `/cgi-bin/nightled.cgi` | High
|
||||||
30 | File | `/catcompany.php` | High
|
30 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||||
31 | File | `/category.php` | High
|
31 | File | `/ci_hms/massage_room/edit/1` | High
|
||||||
32 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
32 | File | `/ci_hms/search` | High
|
||||||
33 | File | `/cgi-bin/kerbynet` | High
|
33 | File | `/ci_spms/admin/category` | High
|
||||||
34 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
34 | File | `/ci_spms/admin/search/searching/` | High
|
||||||
35 | File | `/cgi-bin/nightled.cgi` | High
|
35 | File | `/claire_blake` | High
|
||||||
36 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
36 | File | `/config/getuser` | High
|
||||||
37 | File | `/ci_hms/massage_room/edit/1` | High
|
37 | File | `/dashboard/add-portfolio.php` | High
|
||||||
38 | File | `/ci_hms/search` | High
|
38 | File | `/dashboard/add-service.php` | High
|
||||||
39 | File | `/ci_spms/admin/category` | High
|
39 | File | `/dashboard/settings` | High
|
||||||
40 | File | `/ci_spms/admin/search/searching/` | High
|
40 | File | `/dashboard/updatelogo.php` | High
|
||||||
41 | File | `/claire_blake` | High
|
41 | File | `/ecrire` | Low
|
||||||
42 | File | `/config/getuser` | High
|
42 | File | `/editbrand.php` | High
|
||||||
43 | File | `/dashboard/add-portfolio.php` | High
|
43 | File | `/edituser.php` | High
|
||||||
44 | File | `/dashboard/add-service.php` | High
|
44 | File | `/etc/networkd-dispatcher` | High
|
||||||
45 | File | `/dashboard/settings` | High
|
45 | File | `/etc/shadow` | Medium
|
||||||
46 | File | `/dashboard/updatelogo.php` | High
|
46 | File | `/etc/shadow.sample` | High
|
||||||
47 | ... | ... | ...
|
47 | File | `/film-rating.php` | High
|
||||||
|
48 | File | `/front/roomtype-details.php` | High
|
||||||
|
49 | File | `/fw.login.php` | High
|
||||||
|
50 | ... | ... | ...
|
||||||
|
|
||||||
There are 408 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 432 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
30744
actors/Unknown/README.md
30744
actors/Unknown/README.md
File diff suppressed because it is too large
Load Diff
|
@ -117,7 +117,7 @@ ID | Type | Indicator | Confidence
|
||||||
30 | File | `/tmp` | Low
|
30 | File | `/tmp` | Low
|
||||||
31 | ... | ... | ...
|
31 | ... | ... | ...
|
||||||
|
|
||||||
There are 265 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 264 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -44,60 +44,60 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
|
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `/admin/header.inc.php` | High
|
1 | File | `/admin/comment/list` | High
|
||||||
2 | File | `/admin/login.php` | High
|
2 | File | `/admin/header.inc.php` | High
|
||||||
3 | File | `/admin/plugins/NP_Referrer.php` | High
|
3 | File | `/admin/login.php` | High
|
||||||
4 | File | `/admin/products/controller.php?action=add` | High
|
4 | File | `/admin/plugins/NP_Referrer.php` | High
|
||||||
5 | File | `/AJAX/ajaxget` | High
|
5 | File | `/admin/products/controller.php?action=add` | High
|
||||||
6 | File | `/ajax/clear_tools_log/` | High
|
6 | File | `/admin/site/list` | High
|
||||||
7 | File | `/api/` | Low
|
7 | File | `/AJAX/ajaxget` | High
|
||||||
8 | File | `/api/v2/labels/` | High
|
8 | File | `/ajax/clear_tools_log/` | High
|
||||||
9 | File | `/bin/posix/src/ports/POSIX/OpENer` | High
|
9 | File | `/api/` | Low
|
||||||
10 | File | `/cgi-bin/ExportSettings.sh` | High
|
10 | File | `/api/v2/labels/` | High
|
||||||
11 | File | `/claire_blake` | High
|
11 | File | `/bin/posix/src/ports/POSIX/OpENer` | High
|
||||||
12 | File | `/classes/Master.php?f=delete_train` | High
|
12 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||||
13 | File | `/common/bbox.cpp` | High
|
13 | File | `/claire_blake` | High
|
||||||
14 | File | `/dashboard/blocks/stacks/view_details/` | High
|
14 | File | `/classes/Master.php?f=delete_train` | High
|
||||||
15 | File | `/dotrace.asp` | Medium
|
15 | File | `/common/bbox.cpp` | High
|
||||||
16 | File | `/etc/fstab` | Medium
|
16 | File | `/dotrace.asp` | Medium
|
||||||
17 | File | `/etc/origin/master/master-config.yaml` | High
|
17 | File | `/etc/fstab` | Medium
|
||||||
18 | File | `/etc/shadow.sample` | High
|
18 | File | `/etc/origin/master/master-config.yaml` | High
|
||||||
19 | File | `/footer.inc.php` | High
|
19 | File | `/etc/shadow.sample` | High
|
||||||
20 | File | `/gasmark/assets/myimages/oneWord.php` | High
|
20 | File | `/footer.inc.php` | High
|
||||||
21 | File | `/goform/formWifiBasicSet` | High
|
21 | File | `/gasmark/assets/myimages/oneWord.php` | High
|
||||||
22 | File | `/home/www/cgi-bin/login.cgi` | High
|
22 | File | `/goform/formWifiBasicSet` | High
|
||||||
23 | File | `/htdocs/utils/Files.php` | High
|
23 | File | `/goform/saveParentControlInfo` | High
|
||||||
24 | File | `/include/notify.inc.php` | High
|
24 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||||
25 | File | `/index.php?route=extension/module/so_filter_shop_by/filter_data` | High
|
25 | File | `/htdocs/utils/Files.php` | High
|
||||||
26 | File | `/list` | Low
|
26 | File | `/include/notify.inc.php` | High
|
||||||
27 | File | `/master/index.php` | High
|
27 | File | `/index.php?route=extension/module/so_filter_shop_by/filter_data` | High
|
||||||
28 | File | `/mcategory.php` | High
|
28 | File | `/list` | Low
|
||||||
29 | File | `/mdiy/model/delete` | High
|
29 | File | `/master/index.php` | High
|
||||||
30 | File | `/modules/tasks/gantt.php` | High
|
30 | File | `/mdiy/model/delete` | High
|
||||||
31 | File | `/net/nfc/netlink.c` | High
|
31 | File | `/modules/tasks/gantt.php` | High
|
||||||
32 | File | `/pages/permit/permit.php` | High
|
32 | File | `/net/nfc/netlink.c` | High
|
||||||
33 | File | `/patient/settings.php` | High
|
33 | File | `/pages/permit/permit.php` | High
|
||||||
34 | File | `/pms/update_user.php?user_id=1` | High
|
34 | File | `/patient/settings.php` | High
|
||||||
35 | File | `/ptipupgrade.cgi` | High
|
35 | File | `/pms/update_user.php?user_id=1` | High
|
||||||
36 | File | `/release-x64/otfccdump` | High
|
36 | File | `/ptipupgrade.cgi` | High
|
||||||
37 | File | `/staff/lab.php` | High
|
37 | File | `/release-x64/otfccdump` | High
|
||||||
38 | File | `/student/dele.php` | High
|
38 | File | `/staff/lab.php` | High
|
||||||
39 | File | `/superguestconfig` | High
|
39 | File | `/student/dele.php` | High
|
||||||
40 | File | `/tmp` | Low
|
40 | File | `/superguestconfig` | High
|
||||||
41 | File | `/upload/admin.php?/deal/` | High
|
41 | File | `/tmp` | Low
|
||||||
42 | File | `/usr/sbin/sendmail` | High
|
42 | File | `/upload/admin.php?/deal/` | High
|
||||||
43 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
43 | File | `/usr/sbin/sendmail` | High
|
||||||
44 | File | `/var/run/watchman.pid` | High
|
44 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
||||||
45 | File | `/www/cgi-bin/popen.cgi` | High
|
45 | File | `/var/run/watchman.pid` | High
|
||||||
46 | File | `/xpdf/AcroForm.cc` | High
|
46 | File | `/www/cgi-bin/popen.cgi` | High
|
||||||
47 | File | `/xpdf/Stream.cc` | High
|
47 | File | `/xpdf/AcroForm.cc` | High
|
||||||
48 | File | `add.php` | Low
|
48 | File | `/xpdf/Stream.cc` | High
|
||||||
49 | File | `addlinksform.php` | High
|
49 | File | `action-visitor.php` | High
|
||||||
50 | File | `addlyricsform.php` | High
|
50 | File | `add.php` | Low
|
||||||
51 | File | `addons/sidebar.php` | High
|
51 | File | `addlinksform.php` | High
|
||||||
52 | ... | ... | ...
|
52 | ... | ... | ...
|
||||||
|
|
||||||
There are 456 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -47,7 +47,7 @@ ID | Technique | Weakness | Description | Confidence
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 19 more TTP items available. Please use our online service to access the data.
|
There are 20 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -55,37 +55,36 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
|
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `%ProgramData%\GOG.com` | High
|
1 | File | `/admin/?page=reports/stockin` | High
|
||||||
2 | File | `/admin/?page=reports/stockin` | High
|
2 | File | `/admin/?page=reports/waste` | High
|
||||||
3 | File | `/admin/?page=reports/waste` | High
|
3 | File | `/admin/?page=user/manage_user` | High
|
||||||
4 | File | `/admin/?page=user/manage_user` | High
|
4 | File | `/admin/addemployee.php` | High
|
||||||
5 | File | `/admin/addemployee.php` | High
|
5 | File | `/admin/del.php` | High
|
||||||
6 | File | `/admin/del.php` | High
|
6 | File | `/admin/delete.php` | High
|
||||||
7 | File | `/admin/delete.php` | High
|
7 | File | `/admin/delstu.php` | High
|
||||||
8 | File | `/admin/delstu.php` | High
|
8 | File | `/admin/history.php` | High
|
||||||
9 | File | `/admin/history.php` | High
|
9 | File | `/admin/login.php` | High
|
||||||
10 | File | `/admin/login.php` | High
|
10 | File | `/admin/modify.php` | High
|
||||||
11 | File | `/admin/modify.php` | High
|
11 | File | `/admin/modify1.php` | High
|
||||||
12 | File | `/admin/modify1.php` | High
|
12 | File | `/admin/products/controller.php?action=add` | High
|
||||||
13 | File | `/admin/products/controller.php?action=add` | High
|
13 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||||
14 | File | `/advanced-tools/nova/bin/netwatch` | High
|
14 | File | `/api/v1/user` | Medium
|
||||||
15 | File | `/api/v1/user` | Medium
|
15 | File | `/appConfig/userDB.json` | High
|
||||||
16 | File | `/appConfig/userDB.json` | High
|
16 | File | `/assets` | Low
|
||||||
17 | File | `/assets` | Low
|
17 | File | `/bin/boa` | Medium
|
||||||
18 | File | `/bits/stl_vector.h` | High
|
18 | File | `/blog/edit` | Medium
|
||||||
19 | File | `/blog/edit` | Medium
|
19 | File | `/blogengine/api/posts` | High
|
||||||
20 | File | `/blogengine/api/posts` | High
|
20 | File | `/blotter/blotter.php` | High
|
||||||
21 | File | `/blotter/blotter.php` | High
|
21 | File | `/brand.php` | Medium
|
||||||
22 | File | `/brand.php` | Medium
|
22 | File | `/cgi-bin/DownloadFlash` | High
|
||||||
23 | File | `/cgi-bin/DownloadFlash` | High
|
23 | File | `/cgi-bin/wlogin.cgi` | High
|
||||||
24 | File | `/cgi-bin/wlogin.cgi` | High
|
24 | File | `/classes/Master.php?f=delete_account` | High
|
||||||
25 | File | `/classes/Master.php?f=delete_account` | High
|
25 | File | `/classes/Master.php?f=delete_category` | High
|
||||||
26 | File | `/classes/Master.php?f=delete_category` | High
|
26 | File | `/classes/Master.php?f=delete_img` | High
|
||||||
27 | File | `/classes/Master.php?f=delete_img` | High
|
27 | File | `/classes/Master.php?f=delete_payment` | High
|
||||||
28 | File | `/classes/Master.php?f=delete_payment` | High
|
28 | ... | ... | ...
|
||||||
29 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 246 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 236 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -170,7 +170,7 @@ ID | Type | Indicator | Confidence
|
||||||
49 | File | `/wp-admin/admin-ajax.php` | High
|
49 | File | `/wp-admin/admin-ajax.php` | High
|
||||||
50 | ... | ... | ...
|
50 | ... | ... | ...
|
||||||
|
|
||||||
There are 439 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 434 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -160,7 +160,7 @@ ID | Type | Indicator | Confidence
|
||||||
33 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
33 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||||
34 | ... | ... | ...
|
34 | ... | ... | ...
|
||||||
|
|
||||||
There are 288 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -16,10 +16,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
|
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* [RU](https://vuldb.com/?country.ru)
|
* [RU](https://vuldb.com/?country.ru)
|
||||||
* [CN](https://vuldb.com/?country.cn)
|
* [ES](https://vuldb.com/?country.es)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 32 more country items available. Please use our online service to access the data.
|
There are 31 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -63,45 +63,47 @@ ID | Type | Indicator | Confidence
|
||||||
2 | File | `.procmailrc` | Medium
|
2 | File | `.procmailrc` | Medium
|
||||||
3 | File | `/+CSCOE+/logon.html` | High
|
3 | File | `/+CSCOE+/logon.html` | High
|
||||||
4 | File | `/6/api.php?function=command&class=remote&Cc='ls'` | High
|
4 | File | `/6/api.php?function=command&class=remote&Cc='ls'` | High
|
||||||
5 | File | `/about.php` | Medium
|
5 | File | `/admin.php?action=themeinstall` | High
|
||||||
6 | File | `/admin.php?action=themeinstall` | High
|
6 | File | `/admin/` | Low
|
||||||
7 | File | `/admin/` | Low
|
7 | File | `/admin/communitymanagement.php` | High
|
||||||
8 | File | `/admin/communitymanagement.php` | High
|
8 | File | `/admin/contenttemp` | High
|
||||||
9 | File | `/admin/contenttemp` | High
|
9 | File | `/admin/extended` | High
|
||||||
10 | File | `/admin/extended` | High
|
10 | File | `/admin/featured.php` | High
|
||||||
11 | File | `/admin/featured.php` | High
|
11 | File | `/admin/generalsettings.php` | High
|
||||||
12 | File | `/admin/generalsettings.php` | High
|
12 | File | `/admin/login.php` | High
|
||||||
13 | File | `/admin/modules/system/custom_field.php` | High
|
13 | File | `/admin/modules/system/custom_field.php` | High
|
||||||
14 | File | `/admin/newsletter1.php` | High
|
14 | File | `/admin/newsletter1.php` | High
|
||||||
15 | File | `/admin/payment.php` | High
|
15 | File | `/admin/payment.php` | High
|
||||||
16 | File | `/admin/renewaldue.php` | High
|
16 | File | `/admin/renewaldue.php` | High
|
||||||
17 | File | `/admin/usermanagement.php` | High
|
17 | File | `/admin/students/view_student.php` | High
|
||||||
18 | File | `/api/addusers` | High
|
18 | File | `/admin/usermanagement.php` | High
|
||||||
19 | File | `/api/crontab` | Medium
|
19 | File | `/api/addusers` | High
|
||||||
20 | File | `/category_view.php` | High
|
20 | File | `/api/crontab` | Medium
|
||||||
21 | File | `/cgi-bin/wapopen` | High
|
21 | File | `/bits/stl_vector.h` | High
|
||||||
22 | File | `/cgi-mod/lookup.cgi` | High
|
22 | File | `/category_view.php` | High
|
||||||
23 | File | `/common/info.cgi` | High
|
23 | File | `/cgi-bin/wapopen` | High
|
||||||
24 | File | `/designer/add/layout` | High
|
24 | File | `/cgi-bin/wlogin.cgi` | High
|
||||||
25 | File | `/filemanager/upload/drop` | High
|
25 | File | `/cgi-mod/lookup.cgi` | High
|
||||||
26 | File | `/getImage` | Medium
|
26 | File | `/common/info.cgi` | High
|
||||||
27 | File | `/htmldoc/htmldoc/html.cxx` | High
|
27 | File | `/dashboard/updatelogo.php` | High
|
||||||
28 | File | `/interface/main/backup.php` | High
|
28 | File | `/designer/add/layout` | High
|
||||||
29 | File | `/librarian/bookdetails.php` | High
|
29 | File | `/filemanager/upload/drop` | High
|
||||||
30 | File | `/login.php` | Medium
|
30 | File | `/getImage` | Medium
|
||||||
31 | File | `/mcategory.php` | High
|
31 | File | `/htmldoc/htmldoc/html.cxx` | High
|
||||||
32 | File | `/new` | Low
|
32 | File | `/interface/main/backup.php` | High
|
||||||
33 | File | `/out.php` | Medium
|
33 | File | `/librarian/bookdetails.php` | High
|
||||||
34 | File | `/php_action/createUser.php` | High
|
34 | File | `/login.php` | Medium
|
||||||
35 | File | `/platform.cgi` | High
|
35 | File | `/loginVaLidation.php` | High
|
||||||
36 | File | `/public/login.htm` | High
|
36 | File | `/manage-apartment.php` | High
|
||||||
37 | File | `/public/plugins/` | High
|
37 | File | `/mcategory.php` | High
|
||||||
38 | File | `/requests.php` | High
|
38 | File | `/mkshop/Men/profile.php` | High
|
||||||
39 | File | `/scripts/cpan_config` | High
|
39 | File | `/new` | Low
|
||||||
40 | File | `/secure/QueryComponent!Default.jspa` | High
|
40 | File | `/Noxen-master/users.php` | High
|
||||||
41 | ... | ... | ...
|
41 | File | `/out.php` | Medium
|
||||||
|
42 | File | `/pages/animals.php` | High
|
||||||
|
43 | ... | ... | ...
|
||||||
|
|
||||||
There are 352 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -72,30 +72,30 @@ ID | Type | Indicator | Confidence
|
||||||
14 | File | `/debug/pprof` | Medium
|
14 | File | `/debug/pprof` | Medium
|
||||||
15 | File | `/DLSnap` | Low
|
15 | File | `/DLSnap` | Low
|
||||||
16 | File | `/exec/` | Low
|
16 | File | `/exec/` | Low
|
||||||
17 | File | `/ldclient/ldprov.cgi` | High
|
17 | File | `/items/view_item.php` | High
|
||||||
18 | File | `/librarian/bookdetails.php` | High
|
18 | File | `/ldclient/ldprov.cgi` | High
|
||||||
19 | File | `/login` | Low
|
19 | File | `/librarian/bookdetails.php` | High
|
||||||
20 | File | `/mail/index.html` | High
|
20 | File | `/login` | Low
|
||||||
21 | File | `/mgmt/tm/util/bash` | High
|
21 | File | `/mail/index.html` | High
|
||||||
22 | File | `/plugin/extended-choice-parameter/js/` | High
|
22 | File | `/mgmt/tm/util/bash` | High
|
||||||
23 | File | `/plugins/servlet/gadgets/makeRequest` | High
|
23 | File | `/plugin/extended-choice-parameter/js/` | High
|
||||||
24 | File | `/PreviewHandler.ashx` | High
|
24 | File | `/plugins/servlet/gadgets/makeRequest` | High
|
||||||
25 | File | `/products/details.asp` | High
|
25 | File | `/PreviewHandler.ashx` | High
|
||||||
26 | File | `/rest/api/2/user/picker` | High
|
26 | File | `/products/details.asp` | High
|
||||||
27 | File | `/rest/api/latest/groupuserpicker` | High
|
27 | File | `/rest/api/2/user/picker` | High
|
||||||
28 | File | `/rom-0` | Low
|
28 | File | `/rest/api/latest/groupuserpicker` | High
|
||||||
29 | File | `/secure/QueryComponent!Default.jspa` | High
|
29 | File | `/rom-0` | Low
|
||||||
30 | File | `/services/details.asp` | High
|
30 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||||
31 | File | `/student/bookdetails.php` | High
|
31 | File | `/services/details.asp` | High
|
||||||
32 | File | `/templates/header.inc.php` | High
|
32 | File | `/student/bookdetails.php` | High
|
||||||
33 | File | `/uncpath/` | Medium
|
33 | File | `/templates/header.inc.php` | High
|
||||||
34 | File | `/usr/bin/pkexec` | High
|
34 | File | `/uncpath/` | Medium
|
||||||
35 | File | `/usr/local/contego/scripts/mgrconfig.pl` | High
|
35 | File | `/usr/bin/pkexec` | High
|
||||||
36 | File | `/var/log/nginx` | High
|
36 | File | `/usr/local/contego/scripts/mgrconfig.pl` | High
|
||||||
37 | File | `/ViewUserHover.jspa` | High
|
37 | File | `/var/log/nginx` | High
|
||||||
38 | ... | ... | ...
|
38 | ... | ... | ...
|
||||||
|
|
||||||
There are 325 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,83 @@
|
||||||
|
# Albanian Government - Cyber Threat Intelligence
|
||||||
|
|
||||||
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the campaign known as _Albanian Government_. The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||||
|
|
||||||
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor](https://vuldb.com/?actor)
|
||||||
|
|
||||||
|
## Countries
|
||||||
|
|
||||||
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Albanian Government:
|
||||||
|
|
||||||
|
* [US](https://vuldb.com/?country.us)
|
||||||
|
* [RU](https://vuldb.com/?country.ru)
|
||||||
|
* [ES](https://vuldb.com/?country.es)
|
||||||
|
* ...
|
||||||
|
|
||||||
|
There are 6 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
|
## Actors
|
||||||
|
|
||||||
|
These _actors_ are associated with Albanian Government or other actors linked to the campaign.
|
||||||
|
|
||||||
|
ID | Actor | Confidence
|
||||||
|
-- | ----- | ----------
|
||||||
|
1 | [Iran Unknown](https://vuldb.com/?actor.iran_unknown) | High
|
||||||
|
|
||||||
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Albanian Government.
|
||||||
|
|
||||||
|
ID | IP address | Hostname | Actor | Confidence
|
||||||
|
-- | ---------- | -------- | ----- | ----------
|
||||||
|
1 | [46.30.189.66](https://vuldb.com/?ip.46.30.189.66) | - | [Iran Unknown](https://vuldb.com/?actor.iran_unknown) | High
|
||||||
|
2 | [144.76.6.34](https://vuldb.com/?ip.144.76.6.34) | static.34.6.76.144.clients.your-server.de | [Iran Unknown](https://vuldb.com/?actor.iran_unknown) | High
|
||||||
|
3 | [148.251.232.252](https://vuldb.com/?ip.148.251.232.252) | prox-dxers01.infra.dxers.ug | [Iran Unknown](https://vuldb.com/?actor.iran_unknown) | High
|
||||||
|
4 | ... | ... | ... | ...
|
||||||
|
|
||||||
|
There are 5 more IOC items available. Please use our online service to access the data.
|
||||||
|
|
||||||
|
## TTP - Tactics, Techniques, Procedures
|
||||||
|
|
||||||
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used within Albanian Government. This data is unique as it uses our predictive model for actor profiling.
|
||||||
|
|
||||||
|
ID | Technique | Weakness | Description | Confidence
|
||||||
|
-- | --------- | -------- | ----------- | ----------
|
||||||
|
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||||
|
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||||
|
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
|
4 | ... | ... | ... | ...
|
||||||
|
|
||||||
|
There are 8 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during Albanian Government. This data is unique as it uses our predictive model for actor profiling.
|
||||||
|
|
||||||
|
ID | Type | Indicator | Confidence
|
||||||
|
-- | ---- | --------- | ----------
|
||||||
|
1 | File | `/index.php` | Medium
|
||||||
|
2 | File | `/wp-admin/admin-ajax.php` | High
|
||||||
|
3 | File | `announcement.php` | High
|
||||||
|
4 | File | `attachment.php` | High
|
||||||
|
5 | File | `auth-gss2.c` | Medium
|
||||||
|
6 | File | `catalog.asp` | Medium
|
||||||
|
7 | ... | ... | ...
|
||||||
|
|
||||||
|
There are 49 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
|
## References
|
||||||
|
|
||||||
|
The following list contains _external sources_ which discuss the campaign and the associated activities:
|
||||||
|
|
||||||
|
* https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/
|
||||||
|
|
||||||
|
## Literature
|
||||||
|
|
||||||
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||||
|
|
||||||
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||||
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
|
|
||||||
* [VN](https://vuldb.com/?country.vn)
|
* [VN](https://vuldb.com/?country.vn)
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* [RU](https://vuldb.com/?country.ru)
|
* [GB](https://vuldb.com/?country.gb)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 4 more country items available. Please use our online service to access the data.
|
There are 5 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## Actors
|
## Actors
|
||||||
|
|
||||||
|
@ -164,11 +164,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||||
5 | T1068 | CWE-250, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 19 more TTP items available. Please use our online service to access the data.
|
There are 19 more TTP items available. Please use our online service to access the data.
|
||||||
|
@ -179,32 +179,31 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
|
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `/admin/?page=reports/stockin` | High
|
1 | File | `/admin/addemployee.php` | High
|
||||||
2 | File | `/admin/?page=reports/stockout` | High
|
2 | File | `/admin/del.php` | High
|
||||||
3 | File | `/admin/?page=reports/waste` | High
|
3 | File | `/admin/delete.php` | High
|
||||||
4 | File | `/admin/?page=user/manage_user` | High
|
4 | File | `/admin/delstu.php` | High
|
||||||
5 | File | `/admin/addemployee.php` | High
|
5 | File | `/admin/lab.php` | High
|
||||||
6 | File | `/admin/del.php` | High
|
6 | File | `/admin/login.php` | High
|
||||||
7 | File | `/admin/delete.php` | High
|
7 | File | `/admin/products/controller.php?action=add` | High
|
||||||
8 | File | `/admin/delstu.php` | High
|
8 | File | `/bd_genie_create_account.cgi` | High
|
||||||
9 | File | `/admin/login.php` | High
|
9 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||||
10 | File | `/admin/products/controller.php?action=add` | High
|
10 | File | `/categories/view_category.php` | High
|
||||||
11 | File | `/categories/view_category.php` | High
|
11 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||||
12 | File | `/cgi-bin/ExportSettings.sh` | High
|
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
13 | File | `/classes/Master.php?f=delete_img` | High
|
||||||
14 | File | `/classes/Master.php?f=delete_img` | High
|
14 | File | `/defaultui/player/modern.html` | High
|
||||||
15 | File | `/defaultui/player/modern.html` | High
|
15 | File | `/etc/ciel.cfg` | High
|
||||||
16 | File | `/etc/ciel.cfg` | High
|
16 | File | `/etc/srapi/config/system.conf` | High
|
||||||
17 | File | `/etc/init0.d/S80telnetd.sh` | High
|
17 | File | `/goform/addRouting` | High
|
||||||
18 | File | `/etc/shadow` | Medium
|
18 | File | `/goform/Diagnosis` | High
|
||||||
19 | File | `/etc/srapi/config/system.conf` | High
|
19 | File | `/goform/form2userconfig.cgi` | High
|
||||||
20 | File | `/goform/addRouting` | High
|
20 | File | `/goform/NTPSyncWithHost` | High
|
||||||
21 | File | `/goform/Diagnosis` | High
|
21 | File | `/goform/SetIpMacBind` | High
|
||||||
22 | File | `/goform/form2userconfig.cgi` | High
|
22 | File | `/goform/setMAC` | High
|
||||||
23 | File | `/goform/NTPSyncWithHost` | High
|
23 | ... | ... | ...
|
||||||
24 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 200 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 191 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 8 more country items available. Please use our online service to access the data.
|
There are 9 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## Actors
|
## Actors
|
||||||
|
|
||||||
|
|
|
@ -43,7 +43,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||||
5 | ... | ... | ... | ...
|
5 | ... | ... | ... | ...
|
||||||
|
@ -75,7 +75,7 @@ ID | Type | Indicator | Confidence
|
||||||
17 | File | `/h/search?action` | High
|
17 | File | `/h/search?action` | High
|
||||||
18 | ... | ... | ...
|
18 | ... | ... | ...
|
||||||
|
|
||||||
There are 143 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 150 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -86,17 +86,17 @@ ID | Type | Indicator | Confidence
|
||||||
18 | File | `/etc/init0.d/S80telnetd.sh` | High
|
18 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||||
19 | File | `/goform/wizard_end` | High
|
19 | File | `/goform/wizard_end` | High
|
||||||
20 | File | `/guest_auth/cfg/upLoadCfg.php` | High
|
20 | File | `/guest_auth/cfg/upLoadCfg.php` | High
|
||||||
21 | File | `/index.php?route=extension/module/so_filter_shop_by/filter_data` | High
|
21 | File | `/htdocs/upnpinc/gena.php` | High
|
||||||
22 | File | `/jfinal_cms/system/user/list` | High
|
22 | File | `/index.php?route=extension/module/so_filter_shop_by/filter_data` | High
|
||||||
23 | File | `/lists/admin/` | High
|
23 | File | `/jfinal_cms/system/user/list` | High
|
||||||
24 | File | `/mdiy/page/verify` | High
|
24 | File | `/lists/admin/` | High
|
||||||
25 | File | `/mgmt/tm/util/bash` | High
|
25 | File | `/mdiy/page/verify` | High
|
||||||
26 | File | `/mkshope/login.php` | High
|
26 | File | `/mgmt/tm/util/bash` | High
|
||||||
27 | File | `/module/module_frame/index.php` | High
|
27 | File | `/mkshope/login.php` | High
|
||||||
28 | File | `/Noxen-master/users.php` | High
|
28 | File | `/module/module_frame/index.php` | High
|
||||||
29 | ... | ... | ...
|
29 | ... | ... | ...
|
||||||
|
|
||||||
There are 245 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 244 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
||||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Camerashy:
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Camerashy:
|
||||||
|
|
||||||
* [FR](https://vuldb.com/?country.fr)
|
* [FR](https://vuldb.com/?country.fr)
|
||||||
|
* [US](https://vuldb.com/?country.us)
|
||||||
|
|
||||||
## Actors
|
## Actors
|
||||||
|
|
||||||
|
@ -44,7 +45,7 @@ ID | Technique | Weakness | Description | Confidence
|
||||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 19 more TTP items available. Please use our online service to access the data.
|
There are 20 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -57,10 +58,10 @@ ID | Type | Indicator | Confidence
|
||||||
3 | File | `/admin/add_exercises.php` | High
|
3 | File | `/admin/add_exercises.php` | High
|
||||||
4 | File | `/admin/add_trainers.php` | High
|
4 | File | `/admin/add_trainers.php` | High
|
||||||
5 | File | `/admin/edit.php` | High
|
5 | File | `/admin/edit.php` | High
|
||||||
6 | File | `/admin/edit_admin_details.php?id=admin` | High
|
6 | File | `/admin/lab.php` | High
|
||||||
7 | File | `/admin/lab.php` | High
|
7 | File | `/admin/students/view_student.php` | High
|
||||||
8 | File | `/admin/students/view_student.php` | High
|
8 | File | `/api/` | Low
|
||||||
9 | File | `/api/` | Low
|
9 | File | `/bd_genie_create_account.cgi` | High
|
||||||
10 | File | `/categories/view_category.php` | High
|
10 | File | `/categories/view_category.php` | High
|
||||||
11 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
11 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||||
12 | File | `/cgi-bin/nightled.cgi` | High
|
12 | File | `/cgi-bin/nightled.cgi` | High
|
||||||
|
@ -95,17 +96,16 @@ ID | Type | Indicator | Confidence
|
||||||
41 | File | `/index.php` | Medium
|
41 | File | `/index.php` | Medium
|
||||||
42 | File | `/index.php?route=extension/module/so_filter_shop_by/filter_data` | High
|
42 | File | `/index.php?route=extension/module/so_filter_shop_by/filter_data` | High
|
||||||
43 | File | `/items/manage_item.php` | High
|
43 | File | `/items/manage_item.php` | High
|
||||||
44 | File | `/librarian/bookdetails.php` | High
|
44 | File | `/login.php` | Medium
|
||||||
45 | File | `/login.php` | Medium
|
45 | File | `/loginVaLidation.php` | High
|
||||||
46 | File | `/loginVaLidation.php` | High
|
46 | File | `/manage-apartment.php` | High
|
||||||
47 | File | `/manage-apartment.php` | High
|
47 | File | `/management/api/rcx_management/global_config_query` | High
|
||||||
48 | File | `/management/api/rcx_management/global_config_query` | High
|
48 | File | `/mdiy/page/verify` | High
|
||||||
49 | File | `/mdiy/page/verify` | High
|
49 | File | `/mkshop/Men/profile.php` | High
|
||||||
50 | File | `/mkshop/Men/profile.php` | High
|
50 | File | `/mkshope/login.php` | High
|
||||||
51 | File | `/mkshope/login.php` | High
|
51 | ... | ... | ...
|
||||||
52 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 456 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 446 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -62,7 +62,7 @@ ID | Type | Indicator | Confidence
|
||||||
5 | File | `base/ErrorHandler.php` | High
|
5 | File | `base/ErrorHandler.php` | High
|
||||||
6 | ... | ... | ...
|
6 | ... | ... | ...
|
||||||
|
|
||||||
There are 39 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 41 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -92,7 +92,7 @@ ID | Type | Indicator | Confidence
|
||||||
39 | File | `email.php` | Medium
|
39 | File | `email.php` | Medium
|
||||||
40 | ... | ... | ...
|
40 | ... | ... | ...
|
||||||
|
|
||||||
There are 343 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 344 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -43,12 +43,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
|
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `arch/x86/platform/efi/efi.c` | High
|
1 | File | `/admin/addemployee.php` | High
|
||||||
2 | File | `cp-demangle.c` | High
|
2 | File | `arch/x86/platform/efi/efi.c` | High
|
||||||
3 | File | `jumpin.php` | Medium
|
3 | File | `cp-demangle.c` | High
|
||||||
4 | ... | ... | ...
|
4 | ... | ... | ...
|
||||||
|
|
||||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -66,7 +66,7 @@ ID | Type | Indicator | Confidence
|
||||||
8 | File | `/Main_AdmStatus_Content.asp` | High
|
8 | File | `/Main_AdmStatus_Content.asp` | High
|
||||||
9 | ... | ... | ...
|
9 | ... | ... | ...
|
||||||
|
|
||||||
There are 68 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
* [RU](https://vuldb.com/?country.ru)
|
* [RU](https://vuldb.com/?country.ru)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 13 more country items available. Please use our online service to access the data.
|
There are 12 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## Actors
|
## Actors
|
||||||
|
|
||||||
|
@ -109,9 +109,10 @@ ID | Type | Indicator | Confidence
|
||||||
44 | File | `ashnews.php/ashheadlines.php` | High
|
44 | File | `ashnews.php/ashheadlines.php` | High
|
||||||
45 | File | `auction_details.php` | High
|
45 | File | `auction_details.php` | High
|
||||||
46 | File | `auktion.cgi` | Medium
|
46 | File | `auktion.cgi` | Medium
|
||||||
47 | ... | ... | ...
|
47 | File | `authform.inc.php` | High
|
||||||
|
48 | ... | ... | ...
|
||||||
|
|
||||||
There are 412 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 416 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -89,10 +89,10 @@ ID | Technique | Weakness | Description | Confidence
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||||
7 | ... | ... | ... | ...
|
7 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 23 more TTP items available. Please use our online service to access the data.
|
There are 25 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -104,38 +104,39 @@ ID | Type | Indicator | Confidence
|
||||||
2 | File | `/admin/?page=reports/waste` | High
|
2 | File | `/admin/?page=reports/waste` | High
|
||||||
3 | File | `/admin/add_trainers.php` | High
|
3 | File | `/admin/add_trainers.php` | High
|
||||||
4 | File | `/admin/curltest.cgi` | High
|
4 | File | `/admin/curltest.cgi` | High
|
||||||
5 | File | `/admin/lab.php` | High
|
5 | File | `/admin/imagealbum/list` | High
|
||||||
6 | File | `/admin/modify.php` | High
|
6 | File | `/admin/lab.php` | High
|
||||||
7 | File | `/admin/showbad.php` | High
|
7 | File | `/admin/modify.php` | High
|
||||||
8 | File | `/advanced-tools/nova/bin/netwatch` | High
|
8 | File | `/admin/showbad.php` | High
|
||||||
9 | File | `/api/v1/user` | Medium
|
9 | File | `/admin/video/list` | High
|
||||||
10 | File | `/card_scan.php` | High
|
10 | File | `/admin/videoalbum/list` | High
|
||||||
11 | File | `/categories/view_category.php` | High
|
11 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||||
12 | File | `/category/controller.php?action=edit` | High
|
12 | File | `/api/v1/user` | Medium
|
||||||
13 | File | `/cgi-bin-sdb/ExportSettings.sh` | High
|
13 | File | `/bd_genie_create_account.cgi` | High
|
||||||
14 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
14 | File | `/card_scan.php` | High
|
||||||
15 | File | `/claire_blake` | High
|
15 | File | `/categories/view_category.php` | High
|
||||||
16 | File | `/classes/Master.php?f=delete_account` | High
|
16 | File | `/category/controller.php?action=edit` | High
|
||||||
17 | File | `/classes/Master.php?f=delete_schedule` | High
|
17 | File | `/cgi-bin-sdb/ExportSettings.sh` | High
|
||||||
18 | File | `/coreframe/app/attachment/admin/index.php` | High
|
18 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||||
19 | File | `/dashboard/add-service.php` | High
|
19 | File | `/claire_blake` | High
|
||||||
20 | File | `/dashboard/settings` | High
|
20 | File | `/classes/Master.php?f=delete_account` | High
|
||||||
21 | File | `/edituser.php` | High
|
21 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||||
22 | File | `/etc/shadow.sample` | High
|
22 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||||
23 | File | `/forum/away.php` | High
|
23 | File | `/dashboard/add-service.php` | High
|
||||||
24 | File | `/fw.login.php` | High
|
24 | File | `/dashboard/settings` | High
|
||||||
25 | File | `/goform/aspForm` | High
|
25 | File | `/edituser.php` | High
|
||||||
26 | File | `/goform/NTPSyncWithHost` | High
|
26 | File | `/etc/shadow.sample` | High
|
||||||
27 | File | `/goform/SetLEDCfg` | High
|
27 | File | `/forum/away.php` | High
|
||||||
28 | File | `/index.php` | Medium
|
28 | File | `/fw.login.php` | High
|
||||||
29 | File | `/index.php/?p=report` | High
|
29 | File | `/goform/aspForm` | High
|
||||||
30 | File | `/Items/*/RemoteImages/Download` | High
|
30 | File | `/goform/NTPSyncWithHost` | High
|
||||||
31 | File | `/master/index.php` | High
|
31 | File | `/goform/saveParentControlInfo` | High
|
||||||
32 | File | `/mkshop/Men/profile.php` | High
|
32 | File | `/goform/SetLEDCfg` | High
|
||||||
33 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
33 | File | `/goform/SetVirtualServerCfg` | High
|
||||||
34 | ... | ... | ...
|
34 | File | `/index.php` | Medium
|
||||||
|
35 | ... | ... | ...
|
||||||
|
|
||||||
There are 290 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 301 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -154,10 +154,10 @@ ID | Type | Indicator | Confidence
|
||||||
91 | File | `category_list.php` | High
|
91 | File | `category_list.php` | High
|
||||||
92 | File | `cgi-bin/awstats.pl` | High
|
92 | File | `cgi-bin/awstats.pl` | High
|
||||||
93 | File | `channel.asp` | Medium
|
93 | File | `channel.asp` | Medium
|
||||||
94 | File | `ChooseCpSearch.php` | High
|
94 | File | `charts.swf` | Medium
|
||||||
95 | ... | ... | ...
|
95 | ... | ... | ...
|
||||||
|
|
||||||
There are 837 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 838 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
||||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Fallchill:
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Fallchill:
|
||||||
|
|
||||||
* [VN](https://vuldb.com/?country.vn)
|
* [VN](https://vuldb.com/?country.vn)
|
||||||
|
* [ES](https://vuldb.com/?country.es)
|
||||||
|
|
||||||
## Actors
|
## Actors
|
||||||
|
|
||||||
|
@ -51,14 +52,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1068 | CWE-264, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 20 more TTP items available. Please use our online service to access the data.
|
There are 18 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -70,26 +71,27 @@ ID | Type | Indicator | Confidence
|
||||||
2 | File | `/admin/?page=reports/stockout` | High
|
2 | File | `/admin/?page=reports/stockout` | High
|
||||||
3 | File | `/admin/?page=reports/waste` | High
|
3 | File | `/admin/?page=reports/waste` | High
|
||||||
4 | File | `/admin/?page=user/manage_user` | High
|
4 | File | `/admin/?page=user/manage_user` | High
|
||||||
5 | File | `/admin/del.php` | High
|
5 | File | `/admin/addemployee.php` | High
|
||||||
6 | File | `/admin/delete.php` | High
|
6 | File | `/admin/del.php` | High
|
||||||
7 | File | `/admin/delstu.php` | High
|
7 | File | `/admin/delete.php` | High
|
||||||
8 | File | `/admin/login.php` | High
|
8 | File | `/admin/delstu.php` | High
|
||||||
9 | File | `/admin/products/controller.php?action=add` | High
|
9 | File | `/admin/login.php` | High
|
||||||
10 | File | `/api/v1/user` | Medium
|
10 | File | `/admin/products/controller.php?action=add` | High
|
||||||
11 | File | `/categories/view_category.php` | High
|
11 | File | `/bd_genie_create_account.cgi` | High
|
||||||
12 | File | `/cgi-bin/ExportSettings.sh` | High
|
12 | File | `/categories/view_category.php` | High
|
||||||
13 | File | `/classes/Master.php?f=delete_account` | High
|
13 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||||
14 | File | `/classes/Master.php?f=delete_category` | High
|
14 | File | `/classes/Master.php?f=delete_img` | High
|
||||||
15 | File | `/classes/Master.php?f=delete_img` | High
|
15 | File | `/classes/Master.php?f=delete_payment` | High
|
||||||
16 | File | `/classes/Master.php?f=delete_payment` | High
|
16 | File | `/classes/Master.php?f=delete_student` | High
|
||||||
17 | File | `/classes/Master.php?f=delete_schedule` | High
|
17 | File | `/classes/Users.php?f=save_client` | High
|
||||||
18 | File | `/classes/Master.php?f=delete_student` | High
|
18 | File | `/defaultui/player/modern.html` | High
|
||||||
19 | File | `/classes/Users.php?f=save_client` | High
|
19 | File | `/etc/ciel.cfg` | High
|
||||||
20 | File | `/etc/ciel.cfg` | High
|
20 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||||
21 | File | `/etc/init0.d/S80telnetd.sh` | High
|
21 | File | `/etc/srapi/config/system.conf` | High
|
||||||
22 | ... | ... | ...
|
22 | File | `/goform/addRouting` | High
|
||||||
|
23 | ... | ... | ...
|
||||||
|
|
||||||
There are 180 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 195 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
||||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with India Power Grid:
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with India Power Grid:
|
||||||
|
|
||||||
* [CN](https://vuldb.com/?country.cn)
|
* [CN](https://vuldb.com/?country.cn)
|
||||||
|
* [KR](https://vuldb.com/?country.kr)
|
||||||
|
|
||||||
## Actors
|
## Actors
|
||||||
|
|
||||||
|
@ -39,7 +40,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||||
2 | T1202 | CWE-77, CWE-78 | Command Injection | High
|
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||||
|
3 | T1202 | CWE-77, CWE-78 | Command Injection | High
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -47,9 +49,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
|
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `lists/admin/template.php` | High
|
1 | File | `channels/chan_iax2.c` | High
|
||||||
2 | File | `PSOutputDev.cc` | High
|
2 | File | `lists/admin/template.php` | High
|
||||||
3 | Argument | `hostName` | Medium
|
3 | File | `PSOutputDev.cc` | High
|
||||||
|
4 | ... | ... | ...
|
||||||
|
|
||||||
|
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -74,7 +74,7 @@ ID | Type | Indicator | Confidence
|
||||||
12 | File | `/WEB-INF/web.xml` | High
|
12 | File | `/WEB-INF/web.xml` | High
|
||||||
13 | ... | ... | ...
|
13 | ... | ... | ...
|
||||||
|
|
||||||
There are 102 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 103 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
* [DE](https://vuldb.com/?country.de)
|
* [DE](https://vuldb.com/?country.de)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 15 more country items available. Please use our online service to access the data.
|
There are 14 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## Actors
|
## Actors
|
||||||
|
|
||||||
|
@ -104,7 +104,7 @@ ID | Technique | Weakness | Description | Confidence
|
||||||
6 | T1068 | CWE-264, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
6 | T1068 | CWE-264, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
||||||
7 | ... | ... | ... | ...
|
7 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 23 more TTP items available. Please use our online service to access the data.
|
There are 22 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -114,16 +114,16 @@ ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `%ProgramData%\GOG.com` | High
|
1 | File | `%ProgramData%\GOG.com` | High
|
||||||
2 | File | `/addQuestion.php` | High
|
2 | File | `/addQuestion.php` | High
|
||||||
3 | File | `/admin` | Low
|
3 | File | `/admin/?page=reports/stockin` | High
|
||||||
4 | File | `/admin/?page=reports/stockin` | High
|
4 | File | `/admin/list_key.html` | High
|
||||||
5 | File | `/admin/list_key.html` | High
|
5 | File | `/admin/products/controller.php?action=add` | High
|
||||||
6 | File | `/admin/products/controller.php?action=add` | High
|
6 | File | `/admin/students/view_student.php` | High
|
||||||
7 | File | `/admin/students/view_student.php` | High
|
7 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||||
8 | File | `/advanced-tools/nova/bin/netwatch` | High
|
8 | File | `/api/v1/user` | Medium
|
||||||
9 | File | `/api/v1/user` | Medium
|
9 | File | `/appConfig/userDB.json` | High
|
||||||
10 | File | `/appConfig/userDB.json` | High
|
10 | File | `/artist-display.php` | High
|
||||||
11 | File | `/artist-display.php` | High
|
11 | File | `/assets` | Low
|
||||||
12 | File | `/assets` | Low
|
12 | File | `/bd_genie_create_account.cgi` | High
|
||||||
13 | File | `/bits/stl_vector.h` | High
|
13 | File | `/bits/stl_vector.h` | High
|
||||||
14 | File | `/blog/edit` | Medium
|
14 | File | `/blog/edit` | Medium
|
||||||
15 | File | `/blotter/blotter.php` | High
|
15 | File | `/blotter/blotter.php` | High
|
||||||
|
@ -144,7 +144,7 @@ ID | Type | Indicator | Confidence
|
||||||
30 | File | `/goform/addRouting` | High
|
30 | File | `/goform/addRouting` | High
|
||||||
31 | ... | ... | ...
|
31 | ... | ... | ...
|
||||||
|
|
||||||
There are 262 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 266 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
|
|
||||||
* [VN](https://vuldb.com/?country.vn)
|
* [VN](https://vuldb.com/?country.vn)
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* [CN](https://vuldb.com/?country.cn)
|
* [ES](https://vuldb.com/?country.es)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 18 more country items available. Please use our online service to access the data.
|
There are 25 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## Actors
|
## Actors
|
||||||
|
|
||||||
|
@ -22,6 +22,7 @@ These _actors_ are associated with Log4j or other actors linked to the campaign.
|
||||||
ID | Actor | Confidence
|
ID | Actor | Confidence
|
||||||
-- | ----- | ----------
|
-- | ----- | ----------
|
||||||
1 | [Unknown](https://vuldb.com/?actor.unknown) | High
|
1 | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
2 | [MuddyWater](https://vuldb.com/?actor.muddywater) | High
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -4898,9 +4899,10 @@ ID | IP address | Hostname | Actor | Confidence
|
||||||
4867 | [45.137.22.131](https://vuldb.com/?ip.45.137.22.131) | hosted-by.rootlayer.net | [Unknown](https://vuldb.com/?actor.unknown) | High
|
4867 | [45.137.22.131](https://vuldb.com/?ip.45.137.22.131) | hosted-by.rootlayer.net | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
4868 | [45.137.22.142](https://vuldb.com/?ip.45.137.22.142) | hosted-by.rootlayer.net | [Unknown](https://vuldb.com/?actor.unknown) | High
|
4868 | [45.137.22.142](https://vuldb.com/?ip.45.137.22.142) | hosted-by.rootlayer.net | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
4869 | [45.137.22.146](https://vuldb.com/?ip.45.137.22.146) | host.nectonline.ga | [Unknown](https://vuldb.com/?actor.unknown) | High
|
4869 | [45.137.22.146](https://vuldb.com/?ip.45.137.22.146) | host.nectonline.ga | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
4870 | ... | ... | ... | ...
|
4870 | [45.137.64.165](https://vuldb.com/?ip.45.137.64.165) | chx12.aalid.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
4871 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 19477 more IOC items available. Please use our online service to access the data.
|
There are 19478 more IOC items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## TTP - Tactics, Techniques, Procedures
|
## TTP - Tactics, Techniques, Procedures
|
||||||
|
|
||||||
|
@ -4908,8 +4910,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
|
@ -4923,43 +4925,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
|
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `/admin/?page=reports/stockin` | High
|
1 | File | `/admin/addemployee.php` | High
|
||||||
2 | File | `/admin/?page=reports/waste` | High
|
2 | File | `/admin/login.php` | High
|
||||||
3 | File | `/admin/?page=user/manage_user` | High
|
3 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||||
4 | File | `/admin/changestock.php` | High
|
4 | File | `/appConfig/userDB.json` | High
|
||||||
5 | File | `/admin/history.php` | High
|
5 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
|
||||||
6 | File | `/admin/modify.php` | High
|
6 | File | `/bd_genie_create_account.cgi` | High
|
||||||
7 | File | `/admin/modify1.php` | High
|
7 | File | `/bin/boa` | Medium
|
||||||
8 | File | `/admin/search.php` | High
|
8 | File | `/blog/edit` | Medium
|
||||||
9 | File | `/advanced-tools/nova/bin/netwatch` | High
|
9 | File | `/brand.php` | Medium
|
||||||
10 | File | `/api/v1/user` | Medium
|
10 | File | `/categories/view_category.php` | High
|
||||||
11 | File | `/card_scan.php` | High
|
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||||
12 | File | `/cgi-bin/ExportSettings.sh` | High
|
12 | File | `/cgi/get_param.cgi` | High
|
||||||
13 | File | `/classes/Master.php?f=delete_account` | High
|
13 | File | `/client.php` | Medium
|
||||||
14 | File | `/classes/Master.php?f=delete_category` | High
|
14 | File | `/debug/pprof` | Medium
|
||||||
15 | File | `/classes/Master.php?f=delete_item` | High
|
15 | File | `/dede/co_do.php` | High
|
||||||
16 | File | `/classes/Master.php?f=delete_payment` | High
|
16 | File | `/defaultui/player/modern.html` | High
|
||||||
17 | File | `/classes/Master.php?f=delete_schedule` | High
|
17 | File | `/etc/srapi/config/system.conf` | High
|
||||||
18 | File | `/classes/Master.php?f=delete_stockin` | High
|
18 | File | `/goform/addRouting` | High
|
||||||
19 | File | `/classes/Master.php?f=delete_stockout` | High
|
19 | File | `/goform/NTPSyncWithHost` | High
|
||||||
20 | File | `/classes/Master.php?f=delete_student` | High
|
20 | File | `/goform/PowerSaveSet` | High
|
||||||
21 | File | `/classes/Master.php?f=delete_waste` | High
|
21 | File | `/goform/SetIpMacBind` | High
|
||||||
22 | File | `/classes/Users.php?f=save_client` | High
|
22 | File | `/goform/SystemCommand` | High
|
||||||
23 | File | `/coreframe/app/attachment/admin/index.php` | High
|
23 | File | `/Home/debit_credit_p` | High
|
||||||
24 | File | `/etc/ciel.cfg` | High
|
24 | File | `/home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf` | High
|
||||||
25 | File | `/etc/init0.d/S80telnetd.sh` | High
|
25 | File | `/list/<path:folderpath>` | High
|
||||||
26 | File | `/etc/networkd-dispatcher` | High
|
26 | File | `/login.php` | Medium
|
||||||
27 | File | `/etc/shadow` | Medium
|
27 | File | `/manage-apartment.php` | High
|
||||||
28 | File | `/etc/shadow.sample` | High
|
28 | ... | ... | ...
|
||||||
29 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 242 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 234 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
The following list contains _external sources_ which discuss the campaign and the associated activities:
|
The following list contains _external sources_ which discuss the campaign and the associated activities:
|
||||||
|
|
||||||
* https://github.com/MelihOzturk/cyber-security-ip-blacklist/blob/main/log4j.txt
|
* https://github.com/MelihOzturk/cyber-security-ip-blacklist/blob/main/log4j.txt
|
||||||
|
* https://www.microsoft.com/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations/
|
||||||
|
|
||||||
## Literature
|
## Literature
|
||||||
|
|
||||||
|
|
|
@ -77,9 +77,10 @@ ID | Type | Indicator | Confidence
|
||||||
14 | File | `add_edit_cat.asp` | High
|
14 | File | `add_edit_cat.asp` | High
|
||||||
15 | File | `admin.php?mod=user&act=del` | High
|
15 | File | `admin.php?mod=user&act=del` | High
|
||||||
16 | File | `admin/admin_process.php` | High
|
16 | File | `admin/admin_process.php` | High
|
||||||
17 | ... | ... | ...
|
17 | File | `allocator.cc` | Medium
|
||||||
|
18 | ... | ... | ...
|
||||||
|
|
||||||
There are 142 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 143 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,113 @@
|
||||||
|
# MagicRAT - Cyber Threat Intelligence
|
||||||
|
|
||||||
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the campaign known as _MagicRAT_. The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||||
|
|
||||||
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor](https://vuldb.com/?actor)
|
||||||
|
|
||||||
|
## Countries
|
||||||
|
|
||||||
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MagicRAT:
|
||||||
|
|
||||||
|
* [US](https://vuldb.com/?country.us)
|
||||||
|
* [PL](https://vuldb.com/?country.pl)
|
||||||
|
* [FR](https://vuldb.com/?country.fr)
|
||||||
|
* ...
|
||||||
|
|
||||||
|
There are 3 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
|
## Actors
|
||||||
|
|
||||||
|
These _actors_ are associated with MagicRAT or other actors linked to the campaign.
|
||||||
|
|
||||||
|
ID | Actor | Confidence
|
||||||
|
-- | ----- | ----------
|
||||||
|
1 | [Lazarus](https://vuldb.com/?actor.lazarus) | High
|
||||||
|
|
||||||
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of MagicRAT.
|
||||||
|
|
||||||
|
ID | IP address | Hostname | Actor | Confidence
|
||||||
|
-- | ---------- | -------- | ----- | ----------
|
||||||
|
1 | [52.202.193.124](https://vuldb.com/?ip.52.202.193.124) | ec2-52-202-193-124.compute-1.amazonaws.com | [Lazarus](https://vuldb.com/?actor.lazarus) | Medium
|
||||||
|
2 | [64.188.27.73](https://vuldb.com/?ip.64.188.27.73) | 64.188.27.73.static.quadranet.com | [Lazarus](https://vuldb.com/?actor.lazarus) | High
|
||||||
|
3 | [66.154.102.91](https://vuldb.com/?ip.66.154.102.91) | 66.154.102.91.static.quadranet.com | [Lazarus](https://vuldb.com/?actor.lazarus) | High
|
||||||
|
4 | ... | ... | ... | ...
|
||||||
|
|
||||||
|
There are 2 more IOC items available. Please use our online service to access the data.
|
||||||
|
|
||||||
|
## TTP - Tactics, Techniques, Procedures
|
||||||
|
|
||||||
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used within MagicRAT. This data is unique as it uses our predictive model for actor profiling.
|
||||||
|
|
||||||
|
ID | Technique | Weakness | Description | Confidence
|
||||||
|
-- | --------- | -------- | ----------- | ----------
|
||||||
|
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||||
|
2 | T1055 | CWE-74 | Injection | High
|
||||||
|
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||||
|
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
|
5 | ... | ... | ... | ...
|
||||||
|
|
||||||
|
There are 16 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during MagicRAT. This data is unique as it uses our predictive model for actor profiling.
|
||||||
|
|
||||||
|
ID | Type | Indicator | Confidence
|
||||||
|
-- | ---- | --------- | ----------
|
||||||
|
1 | File | `.htaccess` | Medium
|
||||||
|
2 | File | `/admin/loginc.php` | High
|
||||||
|
3 | File | `/admin/students/view_student.php` | High
|
||||||
|
4 | File | `/Applications/Calculator.app/Contents/MacOS/Calculator` | High
|
||||||
|
5 | File | `/cgi-bin/` | Medium
|
||||||
|
6 | File | `/cgi-bin/luci` | High
|
||||||
|
7 | File | `/common/info.cgi` | High
|
||||||
|
8 | File | `/config.cgi?webmin` | High
|
||||||
|
9 | File | `/data/inc/images.php` | High
|
||||||
|
10 | File | `/dev/block/mmcblk0rpmb` | High
|
||||||
|
11 | File | `/edit` | Low
|
||||||
|
12 | File | `/etc/passwd` | Medium
|
||||||
|
13 | File | `/etc/stunnel.key` | High
|
||||||
|
14 | File | `/etc/sysconfig/btrfsmaintenance` | High
|
||||||
|
15 | File | `/framework/modules/notfound/controllers/notfoundController.php` | High
|
||||||
|
16 | File | `/gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php` | High
|
||||||
|
17 | File | `/job-details` | Medium
|
||||||
|
18 | File | `/mib.db` | Low
|
||||||
|
19 | File | `/page/add` | Medium
|
||||||
|
20 | File | `/squashfs-root/www/HNAP1/control/SetWizardConfig.php` | High
|
||||||
|
21 | File | `/system-info/health` | High
|
||||||
|
22 | File | `/tmp/s48lose.tmp` | High
|
||||||
|
23 | File | `/tmp/xbindkeysrc-tmp` | High
|
||||||
|
24 | File | `/uncpath/` | Medium
|
||||||
|
25 | File | `/usr/local` | Medium
|
||||||
|
26 | File | `/var/log/nginx` | High
|
||||||
|
27 | File | `/var/run/jboss-eap/` | High
|
||||||
|
28 | File | `admin-ajax.php` | High
|
||||||
|
29 | File | `admin.jcomments.php` | High
|
||||||
|
30 | File | `admin.php` | Medium
|
||||||
|
31 | File | `admin/?n=language&c=language_general&a=doSearchParameter` | High
|
||||||
|
32 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||||
|
33 | File | `admin/admin_log/index.html?user_id` | High
|
||||||
|
34 | File | `admin/admin_menu.php` | High
|
||||||
|
35 | File | `admin/config.php` | High
|
||||||
|
36 | ... | ... | ...
|
||||||
|
|
||||||
|
There are 308 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
|
## References
|
||||||
|
|
||||||
|
The following list contains _external sources_ which discuss the campaign and the associated activities:
|
||||||
|
|
||||||
|
* https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html
|
||||||
|
|
||||||
|
## Literature
|
||||||
|
|
||||||
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||||
|
|
||||||
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||||
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -64,14 +64,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 22 more TTP items available. Please use our online service to access the data.
|
There are 21 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -82,12 +82,12 @@ ID | Type | Indicator | Confidence
|
||||||
1 | File | `/admin/addemployee.php` | High
|
1 | File | `/admin/addemployee.php` | High
|
||||||
2 | File | `/admin/add_trainers.php` | High
|
2 | File | `/admin/add_trainers.php` | High
|
||||||
3 | File | `/admin/header.inc.php` | High
|
3 | File | `/admin/header.inc.php` | High
|
||||||
4 | File | `/admin/vca/license/license_tok.cgi` | High
|
4 | File | `/admin/video/list` | High
|
||||||
5 | File | `/AJAX/ajaxget` | High
|
5 | File | `/api/plugin/uninstall` | High
|
||||||
6 | File | `/api/plugin/uninstall` | High
|
6 | File | `/api/upload-resource` | High
|
||||||
7 | File | `/api/v2/config` | High
|
7 | File | `/api/v2/config` | High
|
||||||
8 | File | `/belegungsplan/wochenuebersicht.inc.php` | High
|
8 | File | `/bd_genie_create_account.cgi` | High
|
||||||
9 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
9 | File | `/belegungsplan/wochenuebersicht.inc.php` | High
|
||||||
10 | File | `/claire_blake` | High
|
10 | File | `/claire_blake` | High
|
||||||
11 | File | `/classes/Users.php?f=save_client` | High
|
11 | File | `/classes/Users.php?f=save_client` | High
|
||||||
12 | File | `/coreframe/app/attachment/admin/index.php` | High
|
12 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||||
|
@ -101,39 +101,40 @@ ID | Type | Indicator | Confidence
|
||||||
20 | File | `/gfxpoly/stroke.c` | High
|
20 | File | `/gfxpoly/stroke.c` | High
|
||||||
21 | File | `/goform/addRouting` | High
|
21 | File | `/goform/addRouting` | High
|
||||||
22 | File | `/goform/form2Wan.cgi` | High
|
22 | File | `/goform/form2Wan.cgi` | High
|
||||||
23 | File | `/htdocs/utils/Files.php` | High
|
23 | File | `/goform/SetIpMacBind` | High
|
||||||
24 | File | `/include/menu_u.inc.php` | High
|
24 | File | `/htdocs/utils/Files.php` | High
|
||||||
25 | File | `/includes/db_connect.php` | High
|
25 | File | `/include/menu_u.inc.php` | High
|
||||||
26 | File | `/includes/images.php` | High
|
26 | File | `/includes/db_connect.php` | High
|
||||||
27 | File | `/ip/admin/` | Medium
|
27 | File | `/includes/images.php` | High
|
||||||
28 | File | `/jfinal_cms/system/role/list` | High
|
28 | File | `/index.php` | Medium
|
||||||
29 | File | `/librarian/edit_book_details.php` | High
|
29 | File | `/ip/admin/` | Medium
|
||||||
30 | File | `/login.php` | Medium
|
30 | File | `/jfinal_cms/system/role/list` | High
|
||||||
31 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
31 | File | `/librarian/edit_book_details.php` | High
|
||||||
32 | File | `/master/index.php` | High
|
32 | File | `/login.php` | Medium
|
||||||
33 | File | `/mkshop/Men/profile.php` | High
|
33 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||||
34 | File | `/oa/setup/checkPool?database` | High
|
34 | File | `/master/index.php` | High
|
||||||
35 | File | `/pages/class_sched.php` | High
|
35 | File | `/mkshop/Men/profile.php` | High
|
||||||
36 | File | `/pages/faculty_sched.php` | High
|
36 | File | `/oa/setup/checkPool?database` | High
|
||||||
37 | File | `/pages/permit/permit.php` | High
|
37 | File | `/pages/class_sched.php` | High
|
||||||
38 | File | `/pages/processlogin.php` | High
|
38 | File | `/pages/faculty_sched.php` | High
|
||||||
39 | File | `/patient/booking.php` | High
|
39 | File | `/pages/permit/permit.php` | High
|
||||||
40 | File | `/php_action/createUser.php` | High
|
40 | File | `/pages/processlogin.php` | High
|
||||||
41 | File | `/pms/update_medicine.php` | High
|
41 | File | `/patient/booking.php` | High
|
||||||
42 | File | `/pms/update_user.php` | High
|
42 | File | `/php_action/createUser.php` | High
|
||||||
43 | File | `/qr/I/` | Low
|
43 | File | `/pms/update_medicine.php` | High
|
||||||
44 | File | `/release-x64/otfccdump` | High
|
44 | File | `/pms/update_user.php` | High
|
||||||
45 | File | `/see_more_details.php` | High
|
45 | File | `/qr/I/` | Low
|
||||||
46 | File | `/servlet/AdapterHTTP` | High
|
46 | File | `/release-x64/otfccdump` | High
|
||||||
47 | File | `/session/sendmail` | High
|
47 | File | `/see_more_details.php` | High
|
||||||
48 | File | `/sistema/flash/reboot` | High
|
48 | File | `/servlet/AdapterHTTP` | High
|
||||||
49 | File | `/sys/ui/extend/varkind/custom.jsp` | High
|
49 | File | `/session/sendmail` | High
|
||||||
50 | File | `/templates/default/html/windows/right.php` | High
|
50 | File | `/sistema/flash/reboot` | High
|
||||||
51 | File | `/ubus/uci.apply` | High
|
51 | File | `/sys/ui/extend/varkind/custom.jsp` | High
|
||||||
52 | File | `/web/api/v1/upload/UploadHandler.php` | High
|
52 | File | `/templates/default/html/windows/right.php` | High
|
||||||
53 | ... | ... | ...
|
53 | File | `/WebApp/SettingsFileMonitor/GetFileMonitorProfiles` | High
|
||||||
|
54 | ... | ... | ...
|
||||||
|
|
||||||
There are 462 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 469 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -66,47 +66,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
|
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `/admin.php` | Medium
|
1 | File | `/admin/info.php` | High
|
||||||
2 | File | `/admin/info.php` | High
|
2 | File | `/admin/user_list_backend.php` | High
|
||||||
3 | File | `/admin/user_list_backend.php` | High
|
3 | File | `/cgi?` | Low
|
||||||
4 | File | `/cgi?` | Low
|
4 | File | `/etc/controller-agent/agent.conf` | High
|
||||||
5 | File | `/etc/controller-agent/agent.conf` | High
|
5 | File | `/forms/web_importTFTP` | High
|
||||||
6 | File | `/forms/web_importTFTP` | High
|
6 | File | `/graphql` | Medium
|
||||||
7 | File | `/graphql` | Medium
|
7 | File | `/individual` | Medium
|
||||||
8 | File | `/individual` | Medium
|
8 | File | `/jeecg-boot/jmreport/view` | High
|
||||||
9 | File | `/jeecg-boot/jmreport/view` | High
|
9 | File | `/localhost/u` | Medium
|
||||||
10 | File | `/localhost/u` | Medium
|
10 | File | `/net` | Low
|
||||||
11 | File | `/net` | Low
|
11 | File | `/opt/bin/cli` | Medium
|
||||||
12 | File | `/opt/bin/cli` | Medium
|
12 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||||
13 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
13 | File | `/public/plugins/` | High
|
||||||
14 | File | `/public/plugins/` | High
|
14 | File | `/public_html/admin/plugins/bad_behavior2/blacklist.php` | High
|
||||||
15 | File | `/public_html/admin/plugins/bad_behavior2/blacklist.php` | High
|
15 | File | `/root/run/adm.php?admin-ediy&part=exdiy` | High
|
||||||
16 | File | `/root/run/adm.php?admin-ediy&part=exdiy` | High
|
16 | File | `/templates/header.inc.php` | High
|
||||||
17 | File | `/templates/header.inc.php` | High
|
17 | File | `/uncpath/` | Medium
|
||||||
18 | File | `/uncpath/` | Medium
|
18 | File | `/v2/devices/add` | High
|
||||||
19 | File | `/v2/devices/add` | High
|
19 | File | `/var/ipfire/backup/bin/backup.pl` | High
|
||||||
20 | File | `/var/ipfire/backup/bin/backup.pl` | High
|
20 | File | `/wp-json/wc/v3/webhooks` | High
|
||||||
21 | File | `/wp-json/wc/v3/webhooks` | High
|
21 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||||
22 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
22 | File | `account.php` | Medium
|
||||||
23 | File | `account.php` | Medium
|
23 | File | `accounts/view_details.php` | High
|
||||||
24 | File | `accounts/view_details.php` | High
|
24 | File | `AddEvent.php` | Medium
|
||||||
25 | File | `AddEvent.php` | Medium
|
25 | File | `admin.jcomments.php` | High
|
||||||
26 | File | `admin.jcomments.php` | High
|
26 | File | `admin.php` | Medium
|
||||||
27 | File | `admin.php` | Medium
|
27 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
||||||
28 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
28 | File | `admin.php?mod=product&act=state` | High
|
||||||
29 | File | `admin.php?mod=product&act=state` | High
|
29 | File | `admin/conf_users_edit.php` | High
|
||||||
30 | File | `admin/admin_process.php` | High
|
30 | File | `admin/cp-functions/event-add.php` | High
|
||||||
31 | File | `admin/conf_users_edit.php` | High
|
31 | File | `admin/index.php` | High
|
||||||
32 | File | `admin/cp-functions/event-add.php` | High
|
32 | File | `admin/modules/tools/ip_history_logs.php` | High
|
||||||
33 | File | `admin/index.php` | High
|
33 | File | `admin/netbase/clean.php` | High
|
||||||
34 | File | `admin/modules/tools/ip_history_logs.php` | High
|
34 | File | `admin/scripts/FileUploader/php.php` | High
|
||||||
35 | File | `admin/netbase/clean.php` | High
|
35 | File | `admin/ueditor/uploadFile` | High
|
||||||
36 | File | `admin/scripts/FileUploader/php.php` | High
|
36 | File | `admin/user_perm.php` | High
|
||||||
37 | File | `admin/ueditor/uploadFile` | High
|
37 | File | `admin_main.php` | High
|
||||||
38 | File | `admin/user_perm.php` | High
|
38 | ... | ... | ...
|
||||||
39 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 332 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 328 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
||||||
|
|
||||||
* [US](https://vuldb.com/?country.us)
|
* [US](https://vuldb.com/?country.us)
|
||||||
* [CN](https://vuldb.com/?country.cn)
|
* [CN](https://vuldb.com/?country.cn)
|
||||||
* [GB](https://vuldb.com/?country.gb)
|
* [ES](https://vuldb.com/?country.es)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 23 more country items available. Please use our online service to access the data.
|
There are 16 more country items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## Actors
|
## Actors
|
||||||
|
|
||||||
|
@ -35,13 +35,48 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
||||||
ID | IP address | Hostname | Actor | Confidence
|
ID | IP address | Hostname | Actor | Confidence
|
||||||
-- | ---------- | -------- | ----- | ----------
|
-- | ---------- | -------- | ----- | ----------
|
||||||
1 | [3.37.215.204](https://vuldb.com/?ip.3.37.215.204) | ec2-3-37-215-204.ap-northeast-2.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
1 | [3.37.215.204](https://vuldb.com/?ip.3.37.215.204) | ec2-3-37-215-204.ap-northeast-2.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
2 | [16.162.223.161](https://vuldb.com/?ip.16.162.223.161) | ec2-16-162-223-161.ap-east-1.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
2 | [3.112.205.66](https://vuldb.com/?ip.3.112.205.66) | ec2-3-112-205-66.ap-northeast-1.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
3 | [18.229.249.186](https://vuldb.com/?ip.18.229.249.186) | ec2-18-229-249-186.sa-east-1.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
3 | [3.112.229.159](https://vuldb.com/?ip.3.112.229.159) | ec2-3-112-229-159.ap-northeast-1.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
4 | [23.235.221.158](https://vuldb.com/?ip.23.235.221.158) | vps53141.inmotionhosting.com | [Nanocore](https://vuldb.com/?actor.nanocore) | High
|
4 | [3.115.76.186](https://vuldb.com/?ip.3.115.76.186) | ec2-3-115-76-186.ap-northeast-1.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
5 | [45.76.84.233](https://vuldb.com/?ip.45.76.84.233) | 45.76.84.233.vultrusercontent.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
5 | [13.112.95.58](https://vuldb.com/?ip.13.112.95.58) | ec2-13-112-95-58.ap-northeast-1.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
6 | ... | ... | ... | ...
|
6 | [16.162.223.161](https://vuldb.com/?ip.16.162.223.161) | ec2-16-162-223-161.ap-east-1.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
|
7 | [18.176.61.150](https://vuldb.com/?ip.18.176.61.150) | ec2-18-176-61-150.ap-northeast-1.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
|
8 | [18.229.249.186](https://vuldb.com/?ip.18.229.249.186) | ec2-18-229-249-186.sa-east-1.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
|
9 | [23.94.136.110](https://vuldb.com/?ip.23.94.136.110) | 23-94-136-110-host.colocrossing.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
10 | [23.224.160.154](https://vuldb.com/?ip.23.224.160.154) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
11 | [23.235.221.158](https://vuldb.com/?ip.23.235.221.158) | vps53141.inmotionhosting.com | [Nanocore](https://vuldb.com/?actor.nanocore) | High
|
||||||
|
12 | [27.120.99.179](https://vuldb.com/?ip.27.120.99.179) | v-27-120-99-179.ub-freebit.net | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
13 | [27.254.33.56](https://vuldb.com/?ip.27.254.33.56) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
14 | [34.85.36.111](https://vuldb.com/?ip.34.85.36.111) | 111.36.85.34.bc.googleusercontent.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
|
15 | [35.200.121.203](https://vuldb.com/?ip.35.200.121.203) | 203.121.200.35.bc.googleusercontent.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
|
16 | [36.55.235.159](https://vuldb.com/?ip.36.55.235.159) | v-36-55-235-159.ub-freebit.net | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
17 | [37.143.130.36](https://vuldb.com/?ip.37.143.130.36) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
18 | [38.27.101.191](https://vuldb.com/?ip.38.27.101.191) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
19 | [38.108.181.103](https://vuldb.com/?ip.38.108.181.103) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
20 | [38.143.68.21](https://vuldb.com/?ip.38.143.68.21) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
21 | [38.143.68.60](https://vuldb.com/?ip.38.143.68.60) | onox.mywire.org | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
22 | [38.143.68.131](https://vuldb.com/?ip.38.143.68.131) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
23 | [38.143.68.158](https://vuldb.com/?ip.38.143.68.158) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
24 | [45.32.19.47](https://vuldb.com/?ip.45.32.19.47) | 45.32.19.47.vultrusercontent.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
25 | [45.32.28.231](https://vuldb.com/?ip.45.32.28.231) | 45.32.28.231.vultrusercontent.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
26 | [45.63.124.21](https://vuldb.com/?ip.45.63.124.21) | 45.63.124.21.vultrusercontent.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
27 | [45.76.55.235](https://vuldb.com/?ip.45.76.55.235) | 45.76.55.235.vultrusercontent.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
28 | [45.76.84.233](https://vuldb.com/?ip.45.76.84.233) | 45.76.84.233.vultrusercontent.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
29 | [45.76.204.127](https://vuldb.com/?ip.45.76.204.127) | dns.virtualshield.dev | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
30 | [45.76.206.45](https://vuldb.com/?ip.45.76.206.45) | 45.76.206.45.vultrusercontent.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
31 | [45.80.191.19](https://vuldb.com/?ip.45.80.191.19) | 45.80.191.19.static.xtom.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
32 | [45.80.191.73](https://vuldb.com/?ip.45.80.191.73) | 45.80.191.73.static.xtom.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
33 | [45.141.156.195](https://vuldb.com/?ip.45.141.156.195) | . | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
34 | [45.146.165.91](https://vuldb.com/?ip.45.146.165.91) | - | [Lorec53](https://vuldb.com/?actor.lorec53) | High
|
||||||
|
35 | [47.74.40.74](https://vuldb.com/?ip.47.74.40.74) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
36 | [47.91.19.174](https://vuldb.com/?ip.47.91.19.174) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
37 | [52.79.102.70](https://vuldb.com/?ip.52.79.102.70) | ec2-52-79-102-70.ap-northeast-2.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
|
38 | [52.119.1.112](https://vuldb.com/?ip.52.119.1.112) | 112.1.119.52.ptr.fantomservers.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||||
|
39 | [52.199.58.10](https://vuldb.com/?ip.52.199.58.10) | ec2-52-199-58-10.ap-northeast-1.compute.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
|
40 | [54.162.106.88](https://vuldb.com/?ip.54.162.106.88) | ec2-54-162-106-88.compute-1.amazonaws.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
|
||||||
|
41 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 21 more IOC items available. Please use our online service to access the data.
|
There are 158 more IOC items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## TTP - Tactics, Techniques, Procedures
|
## TTP - Tactics, Techniques, Procedures
|
||||||
|
|
||||||
|
@ -49,13 +84,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||||
5 | ... | ... | ... | ...
|
5 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 16 more TTP items available. Please use our online service to access the data.
|
There are 17 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -63,67 +98,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
|
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `/+CSCOE+/logon.html` | High
|
1 | File | `.htaccess` | Medium
|
||||||
2 | File | `/cgi-bin/wapopen` | High
|
2 | File | `//proc/kcore` | Medium
|
||||||
3 | File | `/ClickAndBanexDemo/admin/admin.asp` | High
|
3 | File | `/admin/conferences/list/` | High
|
||||||
4 | File | `/concat?/%2557EB-INF/web.xml` | High
|
4 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||||
5 | File | `/configs/application.ini` | High
|
5 | File | `/admin/generalsettings.php` | High
|
||||||
6 | File | `/context/%2e/WEB-INF/web.xml` | High
|
6 | File | `/admin/payment.php` | High
|
||||||
7 | File | `/etc/ajenti/config.yml` | High
|
7 | File | `/admin/reports.php` | High
|
||||||
8 | File | `/forum/away.php` | High
|
8 | File | `/admin/showbad.php` | High
|
||||||
9 | File | `/goform/telnet` | High
|
9 | File | `/ad_js.php` | Medium
|
||||||
10 | File | `/HNAP1` | Low
|
10 | File | `/Ap4RtpAtom.cpp` | High
|
||||||
11 | File | `/iissamples/sdk/asp/interaction/Form_JScript.asp` | High
|
11 | File | `/app/options.py` | High
|
||||||
12 | File | `/index.php` | Medium
|
12 | File | `/bsms/?page=manage_account` | High
|
||||||
13 | File | `/iwgallery/admin/pictures_edit.asp` | High
|
13 | File | `/cgi-bin/kerbynet` | High
|
||||||
14 | File | `/mail/index.html` | High
|
14 | File | `/cgi-bin/login.cgi` | High
|
||||||
15 | File | `/modules/profile/index.php` | High
|
15 | File | `/ci_hms/massage_room/edit/1` | High
|
||||||
16 | File | `/public/plugins/` | High
|
16 | File | `/dashboard/reports/logs/view` | High
|
||||||
17 | File | `/replication` | Medium
|
17 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||||
18 | File | `/rom-0` | Low
|
18 | File | `/debug/pprof` | Medium
|
||||||
19 | File | `/TeamMate/Upload/DomainObjectDocumentUpload.ashx` | High
|
19 | File | `/etc/hosts` | Medium
|
||||||
20 | File | `/tmp/phpglibccheck` | High
|
20 | File | `/forum/away.php` | High
|
||||||
21 | File | `/uncpath/` | Medium
|
21 | File | `/fuel/sitevariables/delete/4` | High
|
||||||
22 | File | `/uploads/dede` | High
|
22 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||||
23 | File | `/var/tmp/sess_*` | High
|
23 | File | `/index.php` | Medium
|
||||||
24 | File | `/WEB-INF/web.xml` | High
|
24 | File | `/index/jobfairol/show/` | High
|
||||||
25 | File | `AccessPoint.aspx` | High
|
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||||
26 | File | `actionphp/download.File.php` | High
|
26 | File | `/librarian/bookdetails.php` | High
|
||||||
27 | File | `activateuser.aspx` | High
|
27 | File | `/lists/admin/` | High
|
||||||
28 | File | `adclick.php` | Medium
|
28 | File | `/MagickCore/image.c` | High
|
||||||
29 | File | `add_comment.php` | High
|
29 | File | `/manage-apartment.php` | High
|
||||||
30 | File | `AdHocQuery_Processor.aspx` | High
|
30 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||||
31 | File | `admin` | Low
|
31 | File | `/out.php` | Medium
|
||||||
32 | File | `admin.asp` | Medium
|
32 | File | `/pages/apply_vacancy.php` | High
|
||||||
33 | File | `admin/admin.asp` | High
|
33 | ... | ... | ...
|
||||||
34 | File | `admin/admin.php` | High
|
|
||||||
35 | File | `admin/content.php` | High
|
|
||||||
36 | File | `admin/gallery.php` | High
|
|
||||||
37 | File | `admin/images.aspx` | High
|
|
||||||
38 | File | `admin/index.php` | High
|
|
||||||
39 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
|
||||||
40 | File | `admin/login.asp` | High
|
|
||||||
41 | File | `admin/manage-departments.php` | High
|
|
||||||
42 | File | `admin/sellerupd.php` | High
|
|
||||||
43 | File | `admin/sitesettings.php` | High
|
|
||||||
44 | File | `advsearch.asp` | High
|
|
||||||
45 | File | `AEAgent.cpp` | Medium
|
|
||||||
46 | File | `affich.php` | Medium
|
|
||||||
47 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
|
||||||
48 | File | `ajax.php` | Medium
|
|
||||||
49 | File | `ajax_calls.php` | High
|
|
||||||
50 | File | `ajax_cmd.php` | Medium
|
|
||||||
51 | File | `album_portal.php` | High
|
|
||||||
52 | File | `appfeed.c` | Medium
|
|
||||||
53 | File | `ara.asp` | Low
|
|
||||||
54 | File | `aspx` | Low
|
|
||||||
55 | File | `auction_details.php` | High
|
|
||||||
56 | File | `auth.inc.php` | Medium
|
|
||||||
57 | File | `backend/utilities/terminal.js` | High
|
|
||||||
58 | File | `blocking.asp` | Medium
|
|
||||||
59 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 518 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 280 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
@ -132,6 +141,17 @@ The following list contains _external sources_ which discuss the campaign and th
|
||||||
* https://community.riskiq.com/article/e3a7ceea/indicators
|
* https://community.riskiq.com/article/e3a7ceea/indicators
|
||||||
* https://ddanchev.blogspot.com/2008/02/inside-botnet-phishing-activities.html
|
* https://ddanchev.blogspot.com/2008/02/inside-botnet-phishing-activities.html
|
||||||
* https://github.com/hvs-consulting/ioc_signatures/blob/main/M365_MFA_Phishing/HvS_M365_MFA_Phishing_2022-01_IOCs.csv
|
* https://github.com/hvs-consulting/ioc_signatures/blob/main/M365_MFA_Phishing/HvS_M365_MFA_Phishing_2022-01_IOCs.csv
|
||||||
|
* https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201901.csv
|
||||||
|
* https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201902.csv
|
||||||
|
* https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201904.csv
|
||||||
|
* https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201905.csv
|
||||||
|
* https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201906.csv
|
||||||
|
* https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201907.csv
|
||||||
|
* https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201908.csv
|
||||||
|
* https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201909.csv
|
||||||
|
* https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201910.csv
|
||||||
|
* https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201911.csv
|
||||||
|
* https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201912.csv
|
||||||
* https://nsfocusglobal.com/apt-retrospection-lorec53-an-active-russian-hack-group-launched-phishing-attacks-against-georgian-government/
|
* https://nsfocusglobal.com/apt-retrospection-lorec53-an-active-russian-hack-group-launched-phishing-attacks-against-georgian-government/
|
||||||
* https://twitter.com/__0XYC__/status/1502593457201811459
|
* https://twitter.com/__0XYC__/status/1502593457201811459
|
||||||
* https://unit42.paloaltonetworks.com/nanocorerat-behind-an-increase-in-tax-themed-phishing-e-mails/
|
* https://unit42.paloaltonetworks.com/nanocorerat-behind-an-increase-in-tax-themed-phishing-e-mails/
|
||||||
|
|
|
@ -109,7 +109,7 @@ ID | Type | Indicator | Confidence
|
||||||
49 | File | `4.edu.php\conn\function.php` | High
|
49 | File | `4.edu.php\conn\function.php` | High
|
||||||
50 | ... | ... | ...
|
50 | ... | ... | ...
|
||||||
|
|
||||||
There are 431 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 432 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -109,7 +109,7 @@ ID | Type | Indicator | Confidence
|
||||||
49 | File | `4.edu.php\conn\function.php` | High
|
49 | File | `4.edu.php\conn\function.php` | High
|
||||||
50 | ... | ... | ...
|
50 | ... | ... | ...
|
||||||
|
|
||||||
There are 431 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 432 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
||||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Russia and Ukraine Conflict:
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Russia and Ukraine Conflict:
|
||||||
|
|
||||||
* [VN](https://vuldb.com/?country.vn)
|
* [VN](https://vuldb.com/?country.vn)
|
||||||
|
* [US](https://vuldb.com/?country.us)
|
||||||
* [DE](https://vuldb.com/?country.de)
|
* [DE](https://vuldb.com/?country.de)
|
||||||
|
|
||||||
## Actors
|
## Actors
|
||||||
|
@ -53,14 +54,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||||
4 | T1059 | CWE-1321 | Cross Site Scripting | High
|
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1068 | CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 19 more TTP items available. Please use our online service to access the data.
|
There are 18 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -69,32 +70,30 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
||||||
ID | Type | Indicator | Confidence
|
ID | Type | Indicator | Confidence
|
||||||
-- | ---- | --------- | ----------
|
-- | ---- | --------- | ----------
|
||||||
1 | File | `/admin/?page=reports/stockin` | High
|
1 | File | `/admin/?page=reports/stockin` | High
|
||||||
2 | File | `/admin/?page=user/manage_user` | High
|
2 | File | `/admin/?page=reports/stockout` | High
|
||||||
3 | File | `/admin/changestock.php` | High
|
3 | File | `/admin/?page=reports/waste` | High
|
||||||
4 | File | `/admin/history.php` | High
|
4 | File | `/admin/?page=user/manage_user` | High
|
||||||
5 | File | `/admin/modify.php` | High
|
5 | File | `/admin/addemployee.php` | High
|
||||||
6 | File | `/admin/modify1.php` | High
|
6 | File | `/admin/del.php` | High
|
||||||
7 | File | `/admin/search.php` | High
|
7 | File | `/admin/delete.php` | High
|
||||||
8 | File | `/advanced-tools/nova/bin/netwatch` | High
|
8 | File | `/admin/delstu.php` | High
|
||||||
9 | File | `/api/v1/user` | Medium
|
9 | File | `/admin/login.php` | High
|
||||||
10 | File | `/card_scan.php` | High
|
10 | File | `/admin/products/controller.php?action=add` | High
|
||||||
11 | File | `/categories/manage_category.php` | High
|
11 | File | `/bd_genie_create_account.cgi` | High
|
||||||
12 | File | `/categories/view_category.php` | High
|
12 | File | `/categories/view_category.php` | High
|
||||||
13 | File | `/cgi-bin/ExportSettings.sh` | High
|
13 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||||
14 | File | `/classes/Master.php?f=delete_account` | High
|
14 | File | `/classes/Master.php?f=delete_img` | High
|
||||||
15 | File | `/classes/Master.php?f=delete_category` | High
|
15 | File | `/classes/Master.php?f=delete_payment` | High
|
||||||
16 | File | `/classes/Master.php?f=delete_item` | High
|
16 | File | `/classes/Master.php?f=delete_student` | High
|
||||||
17 | File | `/classes/Master.php?f=delete_payment` | High
|
17 | File | `/classes/Users.php?f=save_client` | High
|
||||||
18 | File | `/classes/Master.php?f=delete_schedule` | High
|
18 | File | `/defaultui/player/modern.html` | High
|
||||||
19 | File | `/classes/Master.php?f=delete_stockin` | High
|
19 | File | `/etc/ciel.cfg` | High
|
||||||
20 | File | `/classes/Master.php?f=delete_stockout` | High
|
20 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||||
21 | File | `/classes/Master.php?f=delete_student` | High
|
21 | File | `/etc/srapi/config/system.conf` | High
|
||||||
22 | File | `/classes/Master.php?f=delete_waste` | High
|
22 | File | `/goform/addRouting` | High
|
||||||
23 | File | `/classes/Users.php?f=save_client` | High
|
23 | ... | ... | ...
|
||||||
24 | File | `/coreframe/app/attachment/admin/index.php` | High
|
|
||||||
25 | ... | ... | ...
|
|
||||||
|
|
||||||
There are 209 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 194 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -68,11 +68,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1068 | CWE-264, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 18 more TTP items available. Please use our online service to access the data.
|
There are 18 more TTP items available. Please use our online service to access the data.
|
||||||
|
@ -87,25 +87,27 @@ ID | Type | Indicator | Confidence
|
||||||
2 | File | `/admin/?page=reports/stockout` | High
|
2 | File | `/admin/?page=reports/stockout` | High
|
||||||
3 | File | `/admin/?page=reports/waste` | High
|
3 | File | `/admin/?page=reports/waste` | High
|
||||||
4 | File | `/admin/?page=user/manage_user` | High
|
4 | File | `/admin/?page=user/manage_user` | High
|
||||||
5 | File | `/admin/del.php` | High
|
5 | File | `/admin/addemployee.php` | High
|
||||||
6 | File | `/admin/delete.php` | High
|
6 | File | `/admin/del.php` | High
|
||||||
7 | File | `/admin/delstu.php` | High
|
7 | File | `/admin/delete.php` | High
|
||||||
8 | File | `/admin/login.php` | High
|
8 | File | `/admin/delstu.php` | High
|
||||||
9 | File | `/admin/products/controller.php?action=add` | High
|
9 | File | `/admin/login.php` | High
|
||||||
10 | File | `/api/v1/user` | Medium
|
10 | File | `/admin/products/controller.php?action=add` | High
|
||||||
11 | File | `/categories/view_category.php` | High
|
11 | File | `/bd_genie_create_account.cgi` | High
|
||||||
12 | File | `/cgi-bin/ExportSettings.sh` | High
|
12 | File | `/categories/view_category.php` | High
|
||||||
13 | File | `/classes/Master.php?f=delete_account` | High
|
13 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||||
14 | File | `/classes/Master.php?f=delete_category` | High
|
14 | File | `/classes/Master.php?f=delete_img` | High
|
||||||
15 | File | `/classes/Master.php?f=delete_img` | High
|
15 | File | `/classes/Master.php?f=delete_payment` | High
|
||||||
16 | File | `/classes/Master.php?f=delete_payment` | High
|
16 | File | `/classes/Master.php?f=delete_student` | High
|
||||||
17 | File | `/classes/Master.php?f=delete_schedule` | High
|
17 | File | `/classes/Users.php?f=save_client` | High
|
||||||
18 | File | `/classes/Master.php?f=delete_student` | High
|
18 | File | `/defaultui/player/modern.html` | High
|
||||||
19 | File | `/classes/Users.php?f=save_client` | High
|
19 | File | `/etc/ciel.cfg` | High
|
||||||
20 | File | `/etc/ciel.cfg` | High
|
20 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||||
21 | ... | ... | ...
|
21 | File | `/etc/srapi/config/system.conf` | High
|
||||||
|
22 | File | `/goform/addRouting` | High
|
||||||
|
23 | ... | ... | ...
|
||||||
|
|
||||||
There are 177 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 192 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -325,14 +325,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
|
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1055 | CWE-74 | Injection | High
|
3 | T1055 | CWE-74 | Injection | High
|
||||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 21 more TTP items available. Please use our online service to access the data.
|
There are 20 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -344,51 +344,54 @@ ID | Type | Indicator | Confidence
|
||||||
2 | File | `/addQuestion.php` | High
|
2 | File | `/addQuestion.php` | High
|
||||||
3 | File | `/adm/setmain.php` | High
|
3 | File | `/adm/setmain.php` | High
|
||||||
4 | File | `/admin` | Low
|
4 | File | `/admin` | Low
|
||||||
5 | File | `/admin/` | Low
|
5 | File | `/admin/add_exercises.php` | High
|
||||||
6 | File | `/admin/add_exercises.php` | High
|
6 | File | `/admin/add_trainers.php` | High
|
||||||
7 | File | `/admin/add_trainers.php` | High
|
7 | File | `/admin/conferences/get-all-status/` | High
|
||||||
8 | File | `/admin/cms.php` | High
|
8 | File | `/admin/conferences/list/` | High
|
||||||
9 | File | `/admin/conferences/get-all-status/` | High
|
9 | File | `/admin/edit.php` | High
|
||||||
10 | File | `/admin/conferences/list/` | High
|
10 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||||
11 | File | `/admin/countrymanagement.php` | High
|
11 | File | `/admin/general.cgi` | High
|
||||||
12 | File | `/admin/edit.php` | High
|
12 | File | `/admin/general/change-lang` | High
|
||||||
13 | File | `/admin/edit_admin_details.php?id=admin` | High
|
13 | File | `/admin/group/list/` | High
|
||||||
14 | File | `/admin/featured.php` | High
|
14 | File | `/admin/lab.php` | High
|
||||||
15 | File | `/admin/general.cgi` | High
|
15 | File | `/admin/newsletter1.php` | High
|
||||||
16 | File | `/admin/general/change-lang` | High
|
16 | File | `/admin/scheprofile.cgi` | High
|
||||||
17 | File | `/admin/group/list/` | High
|
17 | File | `/admin/searchview.php` | High
|
||||||
18 | File | `/admin/newsletter1.php` | High
|
18 | File | `/admin/service/stop/` | High
|
||||||
19 | File | `/admin/photo.php` | High
|
19 | File | `/admin/students/view_student.php` | High
|
||||||
20 | File | `/admin/renewaldue.php` | High
|
20 | File | `/admin/usermanagement.php` | High
|
||||||
21 | File | `/admin/scheprofile.cgi` | High
|
21 | File | `/api/` | Low
|
||||||
22 | File | `/admin/searchview.php` | High
|
22 | File | `/api/user/userData?userCode=admin` | High
|
||||||
23 | File | `/admin/service/stop/` | High
|
23 | File | `/api/v1/user` | Medium
|
||||||
24 | File | `/admin/students/view_student.php` | High
|
24 | File | `/artist-display.php` | High
|
||||||
25 | File | `/admin/usermanagement.php` | High
|
25 | File | `/catcompany.php` | High
|
||||||
26 | File | `/Ap4RtpAtom.cpp` | High
|
26 | File | `/category.php` | High
|
||||||
27 | File | `/api/` | Low
|
27 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||||
28 | File | `/api/user/userData?userCode=admin` | High
|
28 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||||
29 | File | `/artist-display.php` | High
|
29 | File | `/cgi-bin/nightled.cgi` | High
|
||||||
30 | File | `/catcompany.php` | High
|
30 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||||
31 | File | `/category.php` | High
|
31 | File | `/ci_hms/massage_room/edit/1` | High
|
||||||
32 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
32 | File | `/ci_hms/search` | High
|
||||||
33 | File | `/cgi-bin/kerbynet` | High
|
33 | File | `/ci_spms/admin/category` | High
|
||||||
34 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
34 | File | `/ci_spms/admin/search/searching/` | High
|
||||||
35 | File | `/cgi-bin/nightled.cgi` | High
|
35 | File | `/claire_blake` | High
|
||||||
36 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
36 | File | `/config/getuser` | High
|
||||||
37 | File | `/ci_hms/massage_room/edit/1` | High
|
37 | File | `/dashboard/add-portfolio.php` | High
|
||||||
38 | File | `/ci_hms/search` | High
|
38 | File | `/dashboard/add-service.php` | High
|
||||||
39 | File | `/ci_spms/admin/category` | High
|
39 | File | `/dashboard/settings` | High
|
||||||
40 | File | `/ci_spms/admin/search/searching/` | High
|
40 | File | `/dashboard/updatelogo.php` | High
|
||||||
41 | File | `/claire_blake` | High
|
41 | File | `/ecrire` | Low
|
||||||
42 | File | `/config/getuser` | High
|
42 | File | `/editbrand.php` | High
|
||||||
43 | File | `/dashboard/add-portfolio.php` | High
|
43 | File | `/edituser.php` | High
|
||||||
44 | File | `/dashboard/add-service.php` | High
|
44 | File | `/etc/networkd-dispatcher` | High
|
||||||
45 | File | `/dashboard/settings` | High
|
45 | File | `/etc/shadow` | Medium
|
||||||
46 | File | `/dashboard/updatelogo.php` | High
|
46 | File | `/etc/shadow.sample` | High
|
||||||
47 | ... | ... | ...
|
47 | File | `/film-rating.php` | High
|
||||||
|
48 | File | `/front/roomtype-details.php` | High
|
||||||
|
49 | File | `/fw.login.php` | High
|
||||||
|
50 | ... | ... | ...
|
||||||
|
|
||||||
There are 409 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 431 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ ID | Actor | Confidence
|
||||||
6 | [Ripprbot](https://vuldb.com/?actor.ripprbot) | High
|
6 | [Ripprbot](https://vuldb.com/?actor.ripprbot) | High
|
||||||
7 | ... | ...
|
7 | ... | ...
|
||||||
|
|
||||||
There are 12 more actor items available. Please use our online service to access the data.
|
There are 13 more actor items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOC - Indicator of Compromise
|
## IOC - Indicator of Compromise
|
||||||
|
|
||||||
|
@ -76,7 +76,7 @@ ID | IP address | Hostname | Actor | Confidence
|
||||||
37 | [45.146.164.37](https://vuldb.com/?ip.45.146.164.37) | - | [UAC-0056](https://vuldb.com/?actor.uac-0056) | High
|
37 | [45.146.164.37](https://vuldb.com/?ip.45.146.164.37) | - | [UAC-0056](https://vuldb.com/?actor.uac-0056) | High
|
||||||
38 | ... | ... | ... | ...
|
38 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 147 more IOC items available. Please use our online service to access the data.
|
There are 148 more IOC items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## TTP - Tactics, Techniques, Procedures
|
## TTP - Tactics, Techniques, Procedures
|
||||||
|
|
||||||
|
@ -85,13 +85,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
||||||
ID | Technique | Weakness | Description | Confidence
|
ID | Technique | Weakness | Description | Confidence
|
||||||
-- | --------- | -------- | ----------- | ----------
|
-- | --------- | -------- | ----------- | ----------
|
||||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||||
5 | T1068 | CWE-264, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
5 | T1068 | CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
||||||
6 | ... | ... | ... | ...
|
6 | ... | ... | ... | ...
|
||||||
|
|
||||||
There are 19 more TTP items available. Please use our online service to access the data.
|
There are 18 more TTP items available. Please use our online service to access the data.
|
||||||
|
|
||||||
## IOA - Indicator of Attack
|
## IOA - Indicator of Attack
|
||||||
|
|
||||||
|
@ -109,26 +109,27 @@ ID | Type | Indicator | Confidence
|
||||||
8 | File | `/admin/delstu.php` | High
|
8 | File | `/admin/delstu.php` | High
|
||||||
9 | File | `/admin/login.php` | High
|
9 | File | `/admin/login.php` | High
|
||||||
10 | File | `/admin/products/controller.php?action=add` | High
|
10 | File | `/admin/products/controller.php?action=add` | High
|
||||||
11 | File | `/categories/view_category.php` | High
|
11 | File | `/bd_genie_create_account.cgi` | High
|
||||||
12 | File | `/cgi-bin/ExportSettings.sh` | High
|
12 | File | `/categories/view_category.php` | High
|
||||||
13 | File | `/classes/Master.php?f=delete_account` | High
|
13 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||||
14 | File | `/classes/Master.php?f=delete_category` | High
|
14 | File | `/classes/Master.php?f=delete_img` | High
|
||||||
15 | File | `/classes/Master.php?f=delete_img` | High
|
15 | File | `/classes/Master.php?f=delete_payment` | High
|
||||||
16 | File | `/classes/Master.php?f=delete_payment` | High
|
16 | File | `/classes/Master.php?f=delete_student` | High
|
||||||
17 | File | `/classes/Master.php?f=delete_schedule` | High
|
17 | File | `/classes/Users.php?f=save_client` | High
|
||||||
18 | File | `/classes/Master.php?f=delete_student` | High
|
18 | File | `/defaultui/player/modern.html` | High
|
||||||
19 | File | `/classes/Users.php?f=save_client` | High
|
19 | File | `/etc/ciel.cfg` | High
|
||||||
20 | File | `/defaultui/player/modern.html` | High
|
20 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||||
21 | File | `/etc/ciel.cfg` | High
|
21 | File | `/etc/srapi/config/system.conf` | High
|
||||||
22 | File | `/etc/init0.d/S80telnetd.sh` | High
|
22 | File | `/goform/addRouting` | High
|
||||||
23 | ... | ... | ...
|
23 | ... | ... | ...
|
||||||
|
|
||||||
There are 192 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 193 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
The following list contains _external sources_ which discuss the campaign and the associated activities:
|
The following list contains _external sources_ which discuss the campaign and the associated activities:
|
||||||
|
|
||||||
|
* https://blog.google/threat-analysis-group/initial-access-broker-repurposing-techniques-in-targeted-attacks-against-ukraine/
|
||||||
* https://blog.malwarebytes.com/threat-intelligence/2022/03/formbook-spam-campaign-targets-citizens-of-ukraine%ef%b8%8f/
|
* https://blog.malwarebytes.com/threat-intelligence/2022/03/formbook-spam-campaign-targets-citizens-of-ukraine%ef%b8%8f/
|
||||||
* https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/
|
* https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/
|
||||||
* https://blog.talosintelligence.com/2018/02/coinhoarder.html
|
* https://blog.talosintelligence.com/2018/02/coinhoarder.html
|
||||||
|
|
|
@ -105,7 +105,7 @@ ID | Type | Indicator | Confidence
|
||||||
27 | File | `/WEB-INF/web.xml` | High
|
27 | File | `/WEB-INF/web.xml` | High
|
||||||
28 | ... | ... | ...
|
28 | ... | ... | ...
|
||||||
|
|
||||||
There are 238 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 236 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -69,7 +69,7 @@ ID | Type | Indicator | Confidence
|
||||||
6 | File | `/setSystemAdmin` | High
|
6 | File | `/setSystemAdmin` | High
|
||||||
7 | ... | ... | ...
|
7 | ... | ... | ...
|
||||||
|
|
||||||
There are 46 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 47 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
||||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Wilted Tulip:
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Wilted Tulip:
|
||||||
|
|
||||||
* [ES](https://vuldb.com/?country.es)
|
* [ES](https://vuldb.com/?country.es)
|
||||||
* [SV](https://vuldb.com/?country.sv)
|
|
||||||
* [PT](https://vuldb.com/?country.pt)
|
* [PT](https://vuldb.com/?country.pt)
|
||||||
|
* [SV](https://vuldb.com/?country.sv)
|
||||||
* ...
|
* ...
|
||||||
|
|
||||||
There are 8 more country items available. Please use our online service to access the data.
|
There are 8 more country items available. Please use our online service to access the data.
|
||||||
|
@ -73,54 +73,54 @@ ID | Type | Indicator | Confidence
|
||||||
2 | File | `/admin/add_trainers.php` | High
|
2 | File | `/admin/add_trainers.php` | High
|
||||||
3 | File | `/admin/header.inc.php` | High
|
3 | File | `/admin/header.inc.php` | High
|
||||||
4 | File | `/admin/vca/license/license_tok.cgi` | High
|
4 | File | `/admin/vca/license/license_tok.cgi` | High
|
||||||
5 | File | `/AJAX/ajaxget` | High
|
5 | File | `/admin/video/list` | High
|
||||||
6 | File | `/api/plugin/uninstall` | High
|
6 | File | `/AJAX/ajaxget` | High
|
||||||
7 | File | `/api/v2/config` | High
|
7 | File | `/api/plugin/uninstall` | High
|
||||||
8 | File | `/belegungsplan/wochenuebersicht.inc.php` | High
|
8 | File | `/api/upload-resource` | High
|
||||||
9 | File | `/cgi-bin/readfile.tcl` | High
|
9 | File | `/api/v2/config` | High
|
||||||
10 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
10 | File | `/belegungsplan/wochenuebersicht.inc.php` | High
|
||||||
11 | File | `/classes/Users.php?f=save_client` | High
|
11 | File | `/cgi-bin/readfile.tcl` | High
|
||||||
12 | File | `/coreframe/app/attachment/admin/index.php` | High
|
12 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||||
13 | File | `/dishes.php` | Medium
|
13 | File | `/classes/Users.php?f=save_client` | High
|
||||||
14 | File | `/etc/quagga` | Medium
|
14 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||||
15 | File | `/etc/shadow.sample` | High
|
15 | File | `/dishes.php` | Medium
|
||||||
16 | File | `/fax/fax_send.php` | High
|
16 | File | `/etc/quagga` | Medium
|
||||||
17 | File | `/gfxpoly/stroke.c` | High
|
17 | File | `/etc/shadow.sample` | High
|
||||||
18 | File | `/goform/addRouting` | High
|
18 | File | `/fax/fax_send.php` | High
|
||||||
19 | File | `/goform/form2Wan.cgi` | High
|
19 | File | `/gfxpoly/stroke.c` | High
|
||||||
20 | File | `/htdocs/utils/Files.php` | High
|
20 | File | `/goform/addRouting` | High
|
||||||
21 | File | `/include/menu_u.inc.php` | High
|
21 | File | `/goform/form2Wan.cgi` | High
|
||||||
22 | File | `/includes/db_connect.php` | High
|
22 | File | `/htdocs/utils/Files.php` | High
|
||||||
23 | File | `/includes/images.php` | High
|
23 | File | `/include/menu_u.inc.php` | High
|
||||||
24 | File | `/ip/admin/` | Medium
|
24 | File | `/includes/db_connect.php` | High
|
||||||
25 | File | `/isms/admin/stocks/view_stock.php` | High
|
25 | File | `/includes/images.php` | High
|
||||||
26 | File | `/login.php` | Medium
|
26 | File | `/index.php` | Medium
|
||||||
27 | File | `/oa/setup/checkPool?database` | High
|
27 | File | `/ip/admin/` | Medium
|
||||||
28 | File | `/pages/class_sched.php` | High
|
28 | File | `/isms/admin/stocks/view_stock.php` | High
|
||||||
29 | File | `/pages/faculty_sched.php` | High
|
29 | File | `/login.php` | Medium
|
||||||
30 | File | `/pages/permit/permit.php` | High
|
30 | File | `/oa/setup/checkPool?database` | High
|
||||||
31 | File | `/patient/booking.php` | High
|
31 | File | `/pages/class_sched.php` | High
|
||||||
32 | File | `/pms/update_medicine.php` | High
|
32 | File | `/pages/faculty_sched.php` | High
|
||||||
33 | File | `/pms/update_user.php` | High
|
33 | File | `/pages/permit/permit.php` | High
|
||||||
34 | File | `/qr/I/` | Low
|
34 | File | `/patient/booking.php` | High
|
||||||
35 | File | `/release-x64/otfccdump` | High
|
35 | File | `/pms/update_medicine.php` | High
|
||||||
36 | File | `/session/sendmail` | High
|
36 | File | `/pms/update_user.php` | High
|
||||||
37 | File | `/sistema/flash/reboot` | High
|
37 | File | `/qr/I/` | Low
|
||||||
38 | File | `/sys/ui/extend/varkind/custom.jsp` | High
|
38 | File | `/release-x64/otfccdump` | High
|
||||||
39 | File | `/templates/default/html/windows/right.php` | High
|
39 | File | `/session/sendmail` | High
|
||||||
40 | File | `/vicidial/user_stats.php` | High
|
40 | File | `/sistema/flash/reboot` | High
|
||||||
41 | File | `/web/api/v1/upload/UploadHandler.php` | High
|
41 | File | `/sys/ui/extend/varkind/custom.jsp` | High
|
||||||
42 | File | `/webmail/server/webmail.php` | High
|
42 | File | `/templates/default/html/windows/right.php` | High
|
||||||
43 | File | `/whbs/?page=my_bookings` | High
|
43 | File | `/vicidial/user_stats.php` | High
|
||||||
44 | File | `/www/cgi-bin/popen.cgi` | High
|
44 | File | `/web/api/v1/upload/UploadHandler.php` | High
|
||||||
45 | File | `/xpdf/Stream.cc` | High
|
45 | File | `/WebApp/SettingsFileMonitor/GetFileMonitorProfiles` | High
|
||||||
46 | File | `access_token.php` | High
|
46 | File | `/webmail/server/webmail.php` | High
|
||||||
47 | File | `add_edit_download.asp` | High
|
47 | File | `/whbs/?page=my_bookings` | High
|
||||||
48 | File | `add_edit_user.asp` | High
|
48 | File | `/www/cgi-bin/popen.cgi` | High
|
||||||
49 | File | `admin.php` | Medium
|
49 | File | `/xpdf/Stream.cc` | High
|
||||||
50 | ... | ... | ...
|
50 | ... | ... | ...
|
||||||
|
|
||||||
There are 433 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
There are 437 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue