Update
This commit is contained in:
parent
a5a5219532
commit
7622f0a54f
|
@ -29,6 +29,16 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
|
||||
There are 2 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _8220 Gang_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
3 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by 8220 Gang. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,12 +34,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -47,69 +49,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
4 | File | `/assets/ctx` | Medium
|
||||
5 | File | `/bsms/?page=products` | High
|
||||
6 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
7 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
8 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
9 | File | `/config/getuser` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
12 | File | `/ext/phar/phar_object.c` | High
|
||||
13 | File | `/filemanager/php/connector.php` | High
|
||||
14 | File | `/get_getnetworkconf.cgi` | High
|
||||
15 | File | `/HNAP1` | Low
|
||||
16 | File | `/include/chart_generator.php` | High
|
||||
17 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
18 | File | `/info.cgi` | Medium
|
||||
19 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
20 | File | `/mgmt/tm/util/bash` | High
|
||||
21 | File | `/modx/manager/index.php` | High
|
||||
22 | File | `/osm/REGISTER.cmd` | High
|
||||
23 | File | `/replication` | Medium
|
||||
24 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
25 | File | `/spip.php` | Medium
|
||||
26 | File | `/supervisor/procesa_carga.php` | High
|
||||
27 | File | `/type.php` | Medium
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/usr/bin/pkexec` | High
|
||||
30 | File | `/Wedding-Management/package_detail.php` | High
|
||||
31 | File | `/zm/index.php` | High
|
||||
32 | File | `4.2.0.CP09` | Medium
|
||||
33 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
34 | File | `802dot1xclientcert.cgi` | High
|
||||
35 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
36 | File | `add.exe` | Low
|
||||
37 | File | `admin-ajax.php` | High
|
||||
38 | File | `admin.color.php` | High
|
||||
39 | File | `admin.cropcanvas.php` | High
|
||||
40 | File | `admin.joomlaradiov5.php` | High
|
||||
41 | File | `admin.php` | Medium
|
||||
42 | File | `admin.php?m=Food&a=addsave` | High
|
||||
43 | File | `admin/conf_users_edit.php` | High
|
||||
44 | File | `admin/index.php` | High
|
||||
45 | File | `admin/limits.php` | High
|
||||
46 | File | `admin/user.php` | High
|
||||
47 | File | `admin/write-post.php` | High
|
||||
48 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
49 | File | `admin_events.php` | High
|
||||
50 | File | `akocomments.php` | High
|
||||
51 | File | `allopass-error.php` | High
|
||||
52 | File | `announcement.php` | High
|
||||
53 | File | `apply.cgi` | Medium
|
||||
54 | File | `appointment.php` | High
|
||||
55 | File | `archiver\index.php` | High
|
||||
56 | File | `artlinks.dispnew.php` | High
|
||||
57 | File | `auth.inc.php` | Medium
|
||||
58 | File | `authorization.do` | High
|
||||
59 | File | `bb_usage_stats.php` | High
|
||||
60 | File | `binder.c` | Medium
|
||||
61 | ... | ... | ...
|
||||
3 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
4 | File | `/admin/generalsettings.php` | High
|
||||
5 | File | `/admin/payment.php` | High
|
||||
6 | File | `/admin/reports.php` | High
|
||||
7 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
8 | File | `/assets/ctx` | Medium
|
||||
9 | File | `/bsms/?page=products` | High
|
||||
10 | File | `/cgi-bin/kerbynet` | High
|
||||
11 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
12 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
13 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
14 | File | `/config/getuser` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
17 | File | `/ext/phar/phar_object.c` | High
|
||||
18 | File | `/filemanager/php/connector.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/get_getnetworkconf.cgi` | High
|
||||
21 | File | `/HNAP1` | Low
|
||||
22 | File | `/include/chart_generator.php` | High
|
||||
23 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
24 | File | `/info.cgi` | Medium
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/lists/admin/` | High
|
||||
27 | File | `/MagickCore/image.c` | High
|
||||
28 | File | `/mgmt/tm/util/bash` | High
|
||||
29 | File | `/modx/manager/index.php` | High
|
||||
30 | File | `/osm/REGISTER.cmd` | High
|
||||
31 | File | `/replication` | Medium
|
||||
32 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
33 | File | `/spip.php` | Medium
|
||||
34 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
35 | File | `/type.php` | Medium
|
||||
36 | File | `/uncpath/` | Medium
|
||||
37 | File | `/usr/bin/pkexec` | High
|
||||
38 | File | `/Wedding-Management/package_detail.php` | High
|
||||
39 | File | `4.2.0.CP09` | Medium
|
||||
40 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
41 | File | `802dot1xclientcert.cgi` | High
|
||||
42 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
43 | File | `AdClass.php` | Medium
|
||||
44 | File | `add.exe` | Low
|
||||
45 | File | `admin-ajax.php` | High
|
||||
46 | File | `admin.color.php` | High
|
||||
47 | File | `admin.cropcanvas.php` | High
|
||||
48 | File | `admin.joomlaradiov5.php` | High
|
||||
49 | File | `admin.php` | Medium
|
||||
50 | File | `admin.php?m=Food&a=addsave` | High
|
||||
51 | File | `admin/conf_users_edit.php` | High
|
||||
52 | File | `admin/index.php` | High
|
||||
53 | File | `admin/limits.php` | High
|
||||
54 | File | `admin/user.php` | High
|
||||
55 | File | `admin/write-post.php` | High
|
||||
56 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
57 | File | `admin_events.php` | High
|
||||
58 | File | `akocomments.php` | High
|
||||
59 | File | `allopass-error.php` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 530 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 522 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -50,12 +50,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -68,7 +68,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `adm/boardgroup_form_update.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 19 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 20 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -38,6 +38,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1202 | CWE-77 | Command Injection | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -41,12 +41,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -30,6 +30,14 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _APT19_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1222 | CWE-276 | Permission Issues | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
|
|
@ -89,12 +89,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -105,25 +106,25 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/file?action=download&file` | High
|
||||
5 | File | `/filemanager/upload.php` | High
|
||||
4 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
5 | File | `/file?action=download&file` | High
|
||||
6 | File | `/medical/inventories.php` | High
|
||||
7 | File | `/mgmt/tm/util/bash` | High
|
||||
8 | File | `/monitoring` | Medium
|
||||
9 | File | `/NAGErrors` | Medium
|
||||
10 | File | `/plugins/servlet/audit/resource` | High
|
||||
11 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
12 | File | `/REBOOTSYSTEM` | High
|
||||
13 | File | `/replication` | Medium
|
||||
14 | File | `/reports/rwservlet` | High
|
||||
15 | File | `/RestAPI` | Medium
|
||||
16 | File | `/tmp` | Low
|
||||
17 | File | `/tmp/speedtest_urls.xml` | High
|
||||
18 | File | `/tmp/zarafa-vacation-*` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/upload` | Low
|
||||
21 | File | `/usr/bin/at` | Medium
|
||||
22 | File | `/var/log/nginx` | High
|
||||
9 | File | `/plugins/servlet/audit/resource` | High
|
||||
10 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
11 | File | `/REBOOTSYSTEM` | High
|
||||
12 | File | `/replication` | Medium
|
||||
13 | File | `/reports/rwservlet` | High
|
||||
14 | File | `/RestAPI` | Medium
|
||||
15 | File | `/tmp` | Low
|
||||
16 | File | `/tmp/speedtest_urls.xml` | High
|
||||
17 | File | `/tmp/zarafa-vacation-*` | High
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/upload` | Low
|
||||
20 | File | `/usr/bin/at` | Medium
|
||||
21 | File | `/var/log/nginx` | High
|
||||
22 | File | `/var/run/watchman.pid` | High
|
||||
23 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
24 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
25 | File | `admin/app/mediamanager` | High
|
||||
|
@ -134,7 +135,7 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `api/sms/send-sms` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -63,12 +63,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -81,40 +82,39 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin/dl_sendmail.php` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/admin/produts/controller.php` | High
|
||||
6 | File | `/admin/user/team` | High
|
||||
7 | File | `/Ap4RtpAtom.cpp` | High
|
||||
8 | File | `/bcms/admin/?page=user/list` | High
|
||||
9 | File | `/bsms/?page=manage_account` | High
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/dashboard/reports/logs/view` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
14 | File | `/fuel/sitevariables/delete/4` | High
|
||||
15 | File | `/goform/aspForm` | High
|
||||
16 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
17 | File | `/librarian/bookdetails.php` | High
|
||||
18 | File | `/mgmt/tm/util/bash` | High
|
||||
19 | File | `/monitoring` | Medium
|
||||
20 | File | `/ms/cms/content/list.do` | High
|
||||
21 | File | `/new` | Low
|
||||
22 | File | `/orms/` | Low
|
||||
23 | File | `/plesk-site-preview/` | High
|
||||
24 | File | `/proc/<pid>/status` | High
|
||||
25 | File | `/public/plugins/` | High
|
||||
26 | File | `/school/model/get_admin_profile.php` | High
|
||||
27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
28 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
29 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
30 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
31 | File | `/student-grading-system/rms.php?page=grade` | High
|
||||
32 | File | `/timeline2.php` | High
|
||||
33 | File | `/tmp` | Low
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
36 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
37 | ... | ... | ...
|
||||
6 | File | `/Ap4RtpAtom.cpp` | High
|
||||
7 | File | `/bcms/admin/?page=user/list` | High
|
||||
8 | File | `/bsms/?page=manage_account` | High
|
||||
9 | File | `/cgi-bin/login.cgi` | High
|
||||
10 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/dashboard/reports/logs/view` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
15 | File | `/fuel/sitevariables/delete/4` | High
|
||||
16 | File | `/goform/aspForm` | High
|
||||
17 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
18 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
19 | File | `/index/jobfairol/show/` | High
|
||||
20 | File | `/librarian/bookdetails.php` | High
|
||||
21 | File | `/mgmt/tm/util/bash` | High
|
||||
22 | File | `/monitoring` | Medium
|
||||
23 | File | `/ms/cms/content/list.do` | High
|
||||
24 | File | `/new` | Low
|
||||
25 | File | `/orms/` | Low
|
||||
26 | File | `/plesk-site-preview/` | High
|
||||
27 | File | `/proc/<pid>/status` | High
|
||||
28 | File | `/public/plugins/` | High
|
||||
29 | File | `/school/model/get_admin_profile.php` | High
|
||||
30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
31 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
32 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
33 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
34 | File | `/student-grading-system/rms.php?page=grade` | High
|
||||
35 | File | `/timeline2.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,8 +17,8 @@ The following _campaigns_ are known and can be associated with APT33:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
|
||||
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
@ -54,12 +54,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -68,42 +69,39 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `../FILEDIR` | Medium
|
||||
2 | File | `/admin.php/pic/admin/lists/zhuan` | High
|
||||
3 | File | `/admin.php/pic/admin/type/save` | High
|
||||
4 | File | `/admin.php/singer/admin/lists/zhuan` | High
|
||||
5 | File | `/admin.php/singer/admin/singer/del` | High
|
||||
6 | File | `/admin/?page=system_info/contact_info` | High
|
||||
7 | File | `/admin/add_post.php` | High
|
||||
8 | File | `/admin/conferences/list/` | High
|
||||
9 | File | `/admin/dl_sendmail.php` | High
|
||||
10 | File | `/admin/dl_sendsms.php` | High
|
||||
11 | File | `/admin/featured.php` | High
|
||||
12 | File | `/admin/general.cgi` | High
|
||||
13 | File | `/admin/general/change-lang` | High
|
||||
14 | File | `/admin/renewaldue.php` | High
|
||||
15 | File | `/admin/showbad.php` | High
|
||||
16 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
17 | File | `/Ap4RtpAtom.cpp` | High
|
||||
18 | File | `/api/programs/orgUnits?programs` | High
|
||||
19 | File | `/asms/classes/Master.php?f=save_product` | High
|
||||
20 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
|
||||
21 | File | `/bsms/?page=manage_account` | High
|
||||
22 | File | `/car-rental-management-system/admin/manage_booking.php` | High
|
||||
23 | File | `/car-rental-management-system/admin/manage_user.php` | High
|
||||
24 | File | `/cardo/api` | Medium
|
||||
25 | File | `/cgi-bin` | Medium
|
||||
26 | File | `/checklogin.jsp` | High
|
||||
27 | File | `/ctpms/classes/Users.php?f=save` | High
|
||||
28 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
29 | File | `/expense_action.php` | High
|
||||
30 | File | `/ffos/admin/sales/receipt.php` | High
|
||||
31 | File | `/food/admin/all_users.php` | High
|
||||
32 | File | `/goform/aspForm` | High
|
||||
33 | File | `/goform/RgDhcp` | High
|
||||
34 | File | `/goform/RgUrlBlock.asp` | High
|
||||
35 | ... | ... | ...
|
||||
2 | File | `/(((a\2)|(a*)\g</-1>/))*/` | High
|
||||
3 | File | `/admin/?page=system_info/contact_info` | High
|
||||
4 | File | `/admin/add_post.php` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/dl_sendmail.php` | High
|
||||
7 | File | `/admin/featured.php` | High
|
||||
8 | File | `/admin/general.cgi` | High
|
||||
9 | File | `/admin/general/change-lang` | High
|
||||
10 | File | `/admin/renewaldue.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
12 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
13 | File | `/ajax/config_rollback/` | High
|
||||
14 | File | `/ajax/remove_sniffer_raw_log/` | High
|
||||
15 | File | `/Ap4RtpAtom.cpp` | High
|
||||
16 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
|
||||
17 | File | `/bsms/?page=manage_account` | High
|
||||
18 | File | `/car-rental-management-system/admin/manage_booking.php` | High
|
||||
19 | File | `/car-rental-management-system/admin/manage_user.php` | High
|
||||
20 | File | `/category.php` | High
|
||||
21 | File | `/cgi-bin` | Medium
|
||||
22 | File | `/checklogin.jsp` | High
|
||||
23 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
24 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
25 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
26 | File | `/ffos/admin/sales/receipt.php` | High
|
||||
27 | File | `/goform/aspForm` | High
|
||||
28 | File | `/goform/RgDhcp` | High
|
||||
29 | File | `/goform/RgUrlBlock.asp` | High
|
||||
30 | File | `/hprms/admin/rooms/manage_room.php` | High
|
||||
31 | File | `/hprms/admin/rooms/view_room.php` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 299 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [IR](https://vuldb.com/?country.ir)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -61,32 +61,32 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/bdswebui/assignusers/` | High
|
||||
5 | File | `/etc/fstab` | Medium
|
||||
6 | File | `/file?action=download&file` | High
|
||||
7 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
8 | File | `/medical/inventories.php` | High
|
||||
9 | File | `/mgmt/tm/util/bash` | High
|
||||
10 | File | `/monitoring` | Medium
|
||||
11 | File | `/plugins/servlet/audit/resource` | High
|
||||
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
13 | File | `/replication` | Medium
|
||||
14 | File | `/RestAPI` | Medium
|
||||
15 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
16 | File | `/scas/admin/` | Medium
|
||||
17 | File | `/tmp/speedtest_urls.xml` | High
|
||||
18 | File | `/tmp/zarafa-vacation-*` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/upload` | Low
|
||||
21 | File | `/var/log/nginx` | High
|
||||
22 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
23 | File | `actions.hsp` | Medium
|
||||
24 | File | `add_to_cart.php` | High
|
||||
25 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
26 | File | `ajax.php` | Medium
|
||||
4 | File | `/admin/countrymanagement.php` | High
|
||||
5 | File | `/admin/generalsettings.php` | High
|
||||
6 | File | `/admin/newsletter1.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/bdswebui/assignusers/` | High
|
||||
9 | File | `/etc/fstab` | Medium
|
||||
10 | File | `/file?action=download&file` | High
|
||||
11 | File | `/filemanager/upload/drop` | High
|
||||
12 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
13 | File | `/medical/inventories.php` | High
|
||||
14 | File | `/mgmt/tm/util/bash` | High
|
||||
15 | File | `/monitoring` | Medium
|
||||
16 | File | `/plugins/servlet/audit/resource` | High
|
||||
17 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
18 | File | `/replication` | Medium
|
||||
19 | File | `/RestAPI` | Medium
|
||||
20 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
21 | File | `/scas/admin/` | Medium
|
||||
22 | File | `/tmp/speedtest_urls.xml` | High
|
||||
23 | File | `/tmp/zarafa-vacation-*` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/upload` | Low
|
||||
26 | File | `/var/log/nginx` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 230 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -61,12 +61,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-267, CWE-269, CWE-270, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -119,7 +121,7 @@ ID | Type | Indicator | Confidence
|
|||
43 | File | `admin.php/comments/batchdel/` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 379 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -31,12 +31,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1587.003 | CWE-295 | Improper Certificate Validation | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -77,7 +77,7 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 49 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 50 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -66,42 +66,43 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/anony/mjpg.cgi` | High
|
||||
5 | File | `/customer_demo/index2.html` | High
|
||||
6 | File | `/file?action=download&file` | High
|
||||
7 | File | `/html/Solar_Ftp.php` | High
|
||||
8 | File | `/layout/class.xblogcomment.php` | High
|
||||
9 | File | `/manager/jsp/test.jsp` | High
|
||||
10 | File | `/medical/inventories.php` | High
|
||||
11 | File | `/monitoring` | Medium
|
||||
12 | File | `/plugins/servlet/audit/resource` | High
|
||||
13 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
14 | File | `/public/login.htm` | High
|
||||
15 | File | `/replication` | Medium
|
||||
16 | File | `/RestAPI` | Medium
|
||||
17 | File | `/tmp/speedtest_urls.xml` | High
|
||||
18 | File | `/tmp/zarafa-vacation-*` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/upload` | Low
|
||||
21 | File | `/usr/bin/at` | Medium
|
||||
22 | File | `/var/log/nginx` | High
|
||||
23 | File | `/_vti_pvt/access.cnf` | High
|
||||
24 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
25 | File | `admin/e_mesaj_yaz.asp` | High
|
||||
26 | File | `admin/profile.php` | High
|
||||
27 | File | `admin/salesadmin.php` | High
|
||||
28 | File | `admin/systemWebAdminConfig.do` | High
|
||||
29 | File | `admin11.cgi` | Medium
|
||||
30 | File | `admincp/auth/checklogin.php` | High
|
||||
31 | File | `agenda2.php3` | Medium
|
||||
32 | File | `ajax-actions.php` | High
|
||||
33 | File | `ajax/deletePage.php` | High
|
||||
34 | File | `ajouter_tva.php` | High
|
||||
35 | File | `apcupsd.pid` | Medium
|
||||
36 | File | `api/sms/send-sms` | High
|
||||
37 | File | `api/v1/alarms` | High
|
||||
38 | ... | ... | ...
|
||||
5 | File | `/file?action=download&file` | High
|
||||
6 | File | `/html/Solar_Ftp.php` | High
|
||||
7 | File | `/layout/class.xblogcomment.php` | High
|
||||
8 | File | `/manager/jsp/test.jsp` | High
|
||||
9 | File | `/medical/inventories.php` | High
|
||||
10 | File | `/monitoring` | Medium
|
||||
11 | File | `/plugins/servlet/audit/resource` | High
|
||||
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
13 | File | `/public/login.htm` | High
|
||||
14 | File | `/replication` | Medium
|
||||
15 | File | `/RestAPI` | Medium
|
||||
16 | File | `/tmp/speedtest_urls.xml` | High
|
||||
17 | File | `/tmp/zarafa-vacation-*` | High
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/upload` | Low
|
||||
20 | File | `/usr/bin/at` | Medium
|
||||
21 | File | `/var/log/nginx` | High
|
||||
22 | File | `/_vti_pvt/access.cnf` | High
|
||||
23 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
24 | File | `admin/e_mesaj_yaz.asp` | High
|
||||
25 | File | `admin/profile.php` | High
|
||||
26 | File | `admin/salesadmin.php` | High
|
||||
27 | File | `admin/systemWebAdminConfig.do` | High
|
||||
28 | File | `admin11.cgi` | Medium
|
||||
29 | File | `admincp/auth/checklogin.php` | High
|
||||
30 | File | `agenda2.php3` | Medium
|
||||
31 | File | `ajax-actions.php` | High
|
||||
32 | File | `ajax/deletePage.php` | High
|
||||
33 | File | `ajouter_tva.php` | High
|
||||
34 | File | `apcupsd.pid` | Medium
|
||||
35 | File | `api/sms/send-sms` | High
|
||||
36 | File | `api/v1/alarms` | High
|
||||
37 | File | `application/controller/InstallerController.php` | High
|
||||
38 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 332 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -45,12 +45,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -103,7 +104,7 @@ ID | Type | Indicator | Confidence
|
|||
43 | File | `cart_add.php` | Medium
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -18,6 +18,15 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.99.133.83](https://vuldb.com/?ip.185.99.133.83) | rns.nz.zappiehost.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AmmyyRAT_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1574 | CWE-426 | Untrusted Search Path | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AmmyyRAT. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Arkei:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,9 +21,15 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [37.252.15.126](https://vuldb.com/?ip.37.252.15.126) | google.com | - | High
|
||||
2 | [85.208.185.13](https://vuldb.com/?ip.85.208.185.13) | vm3155616.1nvme.had.wf | - | High
|
||||
3 | [185.7.214.239](https://vuldb.com/?ip.185.7.214.239) | - | - | High
|
||||
1 | [5.79.66.145](https://vuldb.com/?ip.5.79.66.145) | mail.zzz.com.ua | - | High
|
||||
2 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
3 | [37.252.15.126](https://vuldb.com/?ip.37.252.15.126) | google.com | - | High
|
||||
4 | [72.21.81.240](https://vuldb.com/?ip.72.21.81.240) | - | - | High
|
||||
5 | [74.125.155.202](https://vuldb.com/?ip.74.125.155.202) | - | - | High
|
||||
6 | [74.125.155.216](https://vuldb.com/?ip.74.125.155.216) | - | - | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -31,8 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -46,12 +56,13 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `data/gbconfiguration.dat` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 29 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 31 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html
|
||||
* https://blogs.blackberry.com/en/2022/02/threat-thursday-arkei-infostealer
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -19,6 +19,14 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [94.130.207.164](https://vuldb.com/?ip.94.130.207.164) | static.164.207.130.94.clients.your-server.de | - | High
|
||||
2 | [141.95.89.79](https://vuldb.com/?ip.141.95.89.79) | ip79.ip-141-95-89.eu | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AsyncRAT_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AsyncRAT. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
|
|
@ -39,12 +39,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -45,12 +45,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -58,43 +60,35 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin/scheprofile.cgi` | High
|
||||
3 | File | `/admin/showbad.php` | High
|
||||
4 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
5 | File | `/alarm_pi/alarmService.php` | High
|
||||
6 | File | `/bsms/?page=manage_account` | High
|
||||
7 | File | `/cgi-bin/webproc` | High
|
||||
8 | File | `/cgi/get_param.cgi` | High
|
||||
9 | File | `/company` | Medium
|
||||
10 | File | `/company/down_resume/total/nature` | High
|
||||
11 | File | `/company/service/increment/add/im` | High
|
||||
12 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
13 | File | `/dashboard/reports/logs/view` | High
|
||||
14 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
15 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
|
||||
16 | File | `/defaultui/player/modern.html` | High
|
||||
17 | File | `/dl/dl_sendmail.php` | High
|
||||
18 | File | `/dl/dl_sendsms.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fuel/sitevariables/delete/4` | High
|
||||
21 | File | `/goform/aspForm` | High
|
||||
22 | File | `/goform/SetFirewallCfg` | High
|
||||
23 | File | `/goform/wlanPrimaryNetwork` | High
|
||||
24 | File | `/home/campus/campus_job` | High
|
||||
25 | File | `/home/job/index` | High
|
||||
26 | File | `/home/job/map` | High
|
||||
27 | File | `/IISADMPWD` | Medium
|
||||
28 | File | `/images/background/1.php` | High
|
||||
29 | File | `/index.php/weblinks-categories` | High
|
||||
30 | File | `/index.php?action=seomatic/file/seo-file-link` | High
|
||||
31 | File | `/index/notice/show` | High
|
||||
32 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
33 | File | `/job` | Low
|
||||
34 | File | `/linkedcontent/editfolder.php` | High
|
||||
35 | ... | ... | ...
|
||||
1 | File | `/action/import_https_cert_file/` | High
|
||||
2 | File | `/action/remove/` | High
|
||||
3 | File | `/admin/featured.php` | High
|
||||
4 | File | `/admin/inquiries/view_details.php` | High
|
||||
5 | File | `/ajax/config_rollback/` | High
|
||||
6 | File | `/alarm_pi/alarmService.php` | High
|
||||
7 | File | `/api/admin/attachments/upload` | High
|
||||
8 | File | `/bsms/?page=manage_account` | High
|
||||
9 | File | `/cgi-bin/login.cgi` | High
|
||||
10 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
11 | File | `/ci_hms/search` | High
|
||||
12 | File | `/classes/Master.php?f=delete_reservation` | High
|
||||
13 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
14 | File | `/classes/Master.php?f=delete_train` | High
|
||||
15 | File | `/College/admin/teacher.php` | High
|
||||
16 | File | `/company` | Medium
|
||||
17 | File | `/company/down_resume/total/nature` | High
|
||||
18 | File | `/company/service/increment/add/im` | High
|
||||
19 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
20 | File | `/dashboard/reports/logs/view` | High
|
||||
21 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/home/campus/campus_job` | High
|
||||
24 | File | `/home/job/index` | High
|
||||
25 | File | `/home/job/map` | High
|
||||
26 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 230 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -47,23 +47,23 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php/admin/plog/index.html` | High
|
||||
2 | File | `/admin.php/admin/ulog/index.html` | High
|
||||
3 | File | `/admin.php/Label/js_del` | High
|
||||
4 | File | `/admin.php/Label/page_del` | High
|
||||
5 | File | `/admin.php/user/zu_del` | High
|
||||
6 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
|
||||
7 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
|
||||
8 | File | `/admin/edit.php` | High
|
||||
9 | File | `/admin/inbox.php&action=read` | High
|
||||
10 | File | `/admin/new-content` | High
|
||||
11 | File | `/admin/posts.php` | High
|
||||
12 | File | `/admin/posts.php&action=delete` | High
|
||||
13 | File | `/admin/run_ajax.php` | High
|
||||
14 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
15 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
||||
16 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
|
||||
17 | File | `/api/programs/orgUnits?programs` | High
|
||||
1 | File | `/admin.php/Label/js_del` | High
|
||||
2 | File | `/admin.php/Label/page_del` | High
|
||||
3 | File | `/admin.php/user/zu_del` | High
|
||||
4 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
|
||||
5 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
|
||||
6 | File | `/admin/edit.php` | High
|
||||
7 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
8 | File | `/admin/inbox.php&action=read` | High
|
||||
9 | File | `/admin/new-content` | High
|
||||
10 | File | `/admin/posts.php` | High
|
||||
11 | File | `/admin/posts.php&action=delete` | High
|
||||
12 | File | `/admin/run_ajax.php` | High
|
||||
13 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
14 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
||||
15 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
|
||||
16 | File | `/api/programs/orgUnits?programs` | High
|
||||
17 | File | `/application/controllers/Users.php` | High
|
||||
18 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
19 | File | `/bcms/admin/?page=service_transactions/manage_service_transaction` | High
|
||||
20 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
|
||||
|
@ -73,19 +73,19 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `/cgi/get_param.cgi` | High
|
||||
25 | File | `/checklogin.jsp` | High
|
||||
26 | File | `/cms/classes/Master.php?f=delete_service` | High
|
||||
27 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
28 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
29 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
30 | File | `/etc/ajenti/config.yml` | High
|
||||
31 | File | `/fuel/sitevariables/delete/4` | High
|
||||
32 | File | `/goform/AdvSetLanIp` | High
|
||||
33 | File | `/goform/aspForm` | High
|
||||
34 | File | `/goform/SetNetControlList` | High
|
||||
35 | File | `/goform/setNetworkLan` | High
|
||||
36 | File | `/goform/websURLFilterAddDel` | High
|
||||
27 | File | `/company/account/safety/trade` | High
|
||||
28 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
29 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
30 | File | `/dashboard/reports/logs/view` | High
|
||||
31 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
32 | File | `/etc/ajenti/config.yml` | High
|
||||
33 | File | `/fuel/sitevariables/delete/4` | High
|
||||
34 | File | `/goform/AdvSetLanIp` | High
|
||||
35 | File | `/goform/aspForm` | High
|
||||
36 | File | `/goform/SetNetControlList` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -59,35 +59,35 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/api/upload` | Medium
|
||||
8 | File | `/bcms/admin/?page=user/list` | High
|
||||
9 | File | `/bsms/?page=manage_account` | High
|
||||
10 | File | `/cgi-bin` | Medium
|
||||
10 | File | `/cgi-bin/login.cgi` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/dashboard/reports/logs/view` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
15 | File | `/fuel/sitevariables/delete/4` | High
|
||||
16 | File | `/librarian/bookdetails.php` | High
|
||||
17 | File | `/mgmt/tm/util/bash` | High
|
||||
18 | File | `/monitoring` | Medium
|
||||
19 | File | `/new` | Low
|
||||
20 | File | `/proc/<pid>/status` | High
|
||||
21 | File | `/public/plugins/` | High
|
||||
22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
23 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
24 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
25 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
26 | File | `/tmp` | Low
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/usr/bin/pkexec` | High
|
||||
29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
30 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `AccountManagerService.java` | High
|
||||
33 | File | `actions/CompanyDetailsSave.php` | High
|
||||
34 | File | `ActiveServices.java` | High
|
||||
35 | File | `ActivityManagerService.java` | High
|
||||
16 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
17 | File | `/index/jobfairol/show/` | High
|
||||
18 | File | `/librarian/bookdetails.php` | High
|
||||
19 | File | `/mgmt/tm/util/bash` | High
|
||||
20 | File | `/monitoring` | Medium
|
||||
21 | File | `/new` | Low
|
||||
22 | File | `/proc/<pid>/status` | High
|
||||
23 | File | `/public/plugins/` | High
|
||||
24 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
25 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
26 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
27 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
28 | File | `/tmp` | Low
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/usr/bin/pkexec` | High
|
||||
31 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
32 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
33 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
34 | File | `AccountManagerService.java` | High
|
||||
35 | File | `actions/CompanyDetailsSave.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 305 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -73,7 +73,7 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `authent.php4` | Medium
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 211 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 212 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,72 @@
|
|||
# Bronze Starlight - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bronze Starlight](https://vuldb.com/?actor.bronze_starlight). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bronze_starlight](https://vuldb.com/?actor.bronze_starlight)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with Bronze Starlight:
|
||||
|
||||
* HUI Loader
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bronze Starlight:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bronze Starlight.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.32.101.191](https://vuldb.com/?ip.45.32.101.191) | 45.32.101.191.vultrusercontent.com | HUI Loader | High
|
||||
2 | [45.61.139.38](https://vuldb.com/?ip.45.61.139.38) | - | HUI Loader | High
|
||||
3 | [172.105.229.30](https://vuldb.com/?ip.172.105.229.30) | 172-105-229-30.ip.linodeusercontent.com | HUI Loader | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Bronze Starlight_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1548.002 | CWE-285 | Improper Authorization | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bronze Starlight. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/bl-plugins/backup/plugin.php` | High
|
||||
2 | File | `adm/config_form_update.php` | High
|
||||
3 | File | `blocking_request.cgi` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bumblebee:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 34 more country items available. Please use our online service to access the data.
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,7 +21,104 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.81.246.187](https://vuldb.com/?ip.23.81.246.187) | - | - | High
|
||||
1 | [0.42.131.123](https://vuldb.com/?ip.0.42.131.123) | - | - | High
|
||||
2 | [0.134.23.62](https://vuldb.com/?ip.0.134.23.62) | - | - | High
|
||||
3 | [0.151.228.146](https://vuldb.com/?ip.0.151.228.146) | - | - | High
|
||||
4 | [1.32.39.22](https://vuldb.com/?ip.1.32.39.22) | - | - | High
|
||||
5 | [1.39.166.217](https://vuldb.com/?ip.1.39.166.217) | 1-39-166-217.live.vodafone.in | - | High
|
||||
6 | [2.97.24.126](https://vuldb.com/?ip.2.97.24.126) | host-2-97-24-126.as13285.net | - | High
|
||||
7 | [2.190.89.140](https://vuldb.com/?ip.2.190.89.140) | - | - | High
|
||||
8 | [2.211.111.213](https://vuldb.com/?ip.2.211.111.213) | dynamic-002-211-111-213.2.211.pool.telefonica.de | - | High
|
||||
9 | [3.172.226.46](https://vuldb.com/?ip.3.172.226.46) | - | - | High
|
||||
10 | [4.165.175.212](https://vuldb.com/?ip.4.165.175.212) | - | - | High
|
||||
11 | [5.152.80.211](https://vuldb.com/?ip.5.152.80.211) | - | - | High
|
||||
12 | [5.239.33.172](https://vuldb.com/?ip.5.239.33.172) | - | - | High
|
||||
13 | [6.30.139.246](https://vuldb.com/?ip.6.30.139.246) | - | - | High
|
||||
14 | [6.249.22.42](https://vuldb.com/?ip.6.249.22.42) | - | - | High
|
||||
15 | [7.233.9.154](https://vuldb.com/?ip.7.233.9.154) | - | - | High
|
||||
16 | [8.12.181.20](https://vuldb.com/?ip.8.12.181.20) | - | - | High
|
||||
17 | [9.63.15.101](https://vuldb.com/?ip.9.63.15.101) | - | - | High
|
||||
18 | [9.240.112.25](https://vuldb.com/?ip.9.240.112.25) | - | - | High
|
||||
19 | [10.28.17.62](https://vuldb.com/?ip.10.28.17.62) | - | - | High
|
||||
20 | [11.1.201.27](https://vuldb.com/?ip.11.1.201.27) | - | - | High
|
||||
21 | [12.75.186.131](https://vuldb.com/?ip.12.75.186.131) | 131.newark-21-23rs.nj.dial-access.att.net | - | High
|
||||
22 | [12.115.36.174](https://vuldb.com/?ip.12.115.36.174) | - | - | High
|
||||
23 | [12.153.80.238](https://vuldb.com/?ip.12.153.80.238) | - | - | High
|
||||
24 | [12.202.229.195](https://vuldb.com/?ip.12.202.229.195) | - | - | High
|
||||
25 | [12.236.242.155](https://vuldb.com/?ip.12.236.242.155) | - | - | High
|
||||
26 | [13.2.200.200](https://vuldb.com/?ip.13.2.200.200) | - | - | High
|
||||
27 | [13.218.205.215](https://vuldb.com/?ip.13.218.205.215) | - | - | High
|
||||
28 | [14.7.69.141](https://vuldb.com/?ip.14.7.69.141) | - | - | High
|
||||
29 | [14.40.68.19](https://vuldb.com/?ip.14.40.68.19) | - | - | High
|
||||
30 | [14.102.170.127](https://vuldb.com/?ip.14.102.170.127) | cache-ipnet01.nexlogic.ph | - | High
|
||||
31 | [14.155.143.74](https://vuldb.com/?ip.14.155.143.74) | - | - | High
|
||||
32 | [14.163.179.250](https://vuldb.com/?ip.14.163.179.250) | static.vnpt.vn | - | High
|
||||
33 | [15.209.19.148](https://vuldb.com/?ip.15.209.19.148) | - | - | High
|
||||
34 | [18.8.71.243](https://vuldb.com/?ip.18.8.71.243) | - | - | High
|
||||
35 | [18.127.96.221](https://vuldb.com/?ip.18.127.96.221) | - | - | High
|
||||
36 | [19.32.56.182](https://vuldb.com/?ip.19.32.56.182) | - | - | High
|
||||
37 | [19.71.13.153](https://vuldb.com/?ip.19.71.13.153) | - | - | High
|
||||
38 | [20.150.149.28](https://vuldb.com/?ip.20.150.149.28) | - | - | High
|
||||
39 | [21.21.141.32](https://vuldb.com/?ip.21.21.141.32) | - | - | High
|
||||
40 | [21.29.238.98](https://vuldb.com/?ip.21.29.238.98) | - | - | High
|
||||
41 | [21.175.22.99](https://vuldb.com/?ip.21.175.22.99) | - | - | High
|
||||
42 | [21.246.85.34](https://vuldb.com/?ip.21.246.85.34) | - | - | High
|
||||
43 | [22.83.186.45](https://vuldb.com/?ip.22.83.186.45) | - | - | High
|
||||
44 | [22.175.0.90](https://vuldb.com/?ip.22.175.0.90) | - | - | High
|
||||
45 | [23.81.246.187](https://vuldb.com/?ip.23.81.246.187) | - | - | High
|
||||
46 | [23.254.201.97](https://vuldb.com/?ip.23.254.201.97) | hwsrv-974106.hostwindsdns.com | - | High
|
||||
47 | [23.254.217.222](https://vuldb.com/?ip.23.254.217.222) | hwsrv-976272.hostwindsdns.com | - | High
|
||||
48 | [24.4.68.32](https://vuldb.com/?ip.24.4.68.32) | c-24-4-68-32.hsd1.ca.comcast.net | - | High
|
||||
49 | [24.57.185.167](https://vuldb.com/?ip.24.57.185.167) | d24-57-185-167.home.cgocable.net | - | High
|
||||
50 | [24.121.25.160](https://vuldb.com/?ip.24.121.25.160) | 24-121-25-160.sdoncmtk01.com.dyn.suddenlink.net | - | High
|
||||
51 | [25.5.198.104](https://vuldb.com/?ip.25.5.198.104) | - | - | High
|
||||
52 | [25.170.215.18](https://vuldb.com/?ip.25.170.215.18) | - | - | High
|
||||
53 | [25.181.64.39](https://vuldb.com/?ip.25.181.64.39) | - | - | High
|
||||
54 | [26.6.83.53](https://vuldb.com/?ip.26.6.83.53) | - | - | High
|
||||
55 | [28.53.120.108](https://vuldb.com/?ip.28.53.120.108) | - | - | High
|
||||
56 | [28.107.38.196](https://vuldb.com/?ip.28.107.38.196) | - | - | High
|
||||
57 | [28.148.236.16](https://vuldb.com/?ip.28.148.236.16) | - | - | High
|
||||
58 | [29.64.0.111](https://vuldb.com/?ip.29.64.0.111) | - | - | High
|
||||
59 | [29.122.243.158](https://vuldb.com/?ip.29.122.243.158) | - | - | High
|
||||
60 | [30.17.4.146](https://vuldb.com/?ip.30.17.4.146) | - | - | High
|
||||
61 | [30.65.48.152](https://vuldb.com/?ip.30.65.48.152) | - | - | High
|
||||
62 | [30.205.76.70](https://vuldb.com/?ip.30.205.76.70) | - | - | High
|
||||
63 | [31.228.253.114](https://vuldb.com/?ip.31.228.253.114) | - | - | High
|
||||
64 | [32.181.245.23](https://vuldb.com/?ip.32.181.245.23) | - | - | High
|
||||
65 | [33.93.97.183](https://vuldb.com/?ip.33.93.97.183) | - | - | High
|
||||
66 | [33.145.184.132](https://vuldb.com/?ip.33.145.184.132) | - | - | High
|
||||
67 | [34.229.154.31](https://vuldb.com/?ip.34.229.154.31) | ec2-34-229-154-31.compute-1.amazonaws.com | - | Medium
|
||||
68 | [35.120.155.220](https://vuldb.com/?ip.35.120.155.220) | - | - | High
|
||||
69 | [36.110.58.103](https://vuldb.com/?ip.36.110.58.103) | 103.58.110.36.static.bjtelecom.net | - | High
|
||||
70 | [37.64.220.2](https://vuldb.com/?ip.37.64.220.2) | 2.220.64.37.rev.sfr.net | - | High
|
||||
71 | [37.72.174.23](https://vuldb.com/?ip.37.72.174.23) | 37-72-174-23.static.hvvc.us | - | High
|
||||
72 | [37.120.198.248](https://vuldb.com/?ip.37.120.198.248) | - | - | High
|
||||
73 | [38.12.57.131](https://vuldb.com/?ip.38.12.57.131) | - | - | High
|
||||
74 | [39.57.152.217](https://vuldb.com/?ip.39.57.152.217) | - | - | High
|
||||
75 | [40.72.17.141](https://vuldb.com/?ip.40.72.17.141) | - | - | High
|
||||
76 | [41.28.188.77](https://vuldb.com/?ip.41.28.188.77) | vc-gp-s-41-28-188-77.umts.vodacom.co.za | - | High
|
||||
77 | [41.56.181.200](https://vuldb.com/?ip.41.56.181.200) | - | - | High
|
||||
78 | [45.3.236.177](https://vuldb.com/?ip.45.3.236.177) | 045-003-236-177.biz.spectrum.com | - | High
|
||||
79 | [45.84.0.13](https://vuldb.com/?ip.45.84.0.13) | vm523902.stark-industries.solutions | - | High
|
||||
80 | [45.138.172.246](https://vuldb.com/?ip.45.138.172.246) | - | - | High
|
||||
81 | [45.142.214.120](https://vuldb.com/?ip.45.142.214.120) | vm516885.stark-industries.solutions | - | High
|
||||
82 | [45.142.214.167](https://vuldb.com/?ip.45.142.214.167) | - | - | High
|
||||
83 | [45.147.229.50](https://vuldb.com/?ip.45.147.229.50) | - | - | High
|
||||
84 | [45.147.229.101](https://vuldb.com/?ip.45.147.229.101) | - | - | High
|
||||
85 | [45.147.229.199](https://vuldb.com/?ip.45.147.229.199) | - | - | High
|
||||
86 | [45.147.231.202](https://vuldb.com/?ip.45.147.231.202) | - | - | High
|
||||
87 | [45.153.240.139](https://vuldb.com/?ip.45.153.240.139) | - | - | High
|
||||
88 | [45.153.241.187](https://vuldb.com/?ip.45.153.241.187) | - | - | High
|
||||
89 | [45.153.241.234](https://vuldb.com/?ip.45.153.241.234) | - | - | High
|
||||
90 | [46.21.153.145](https://vuldb.com/?ip.46.21.153.145) | 145.153.21.46.static.swiftway.net | - | High
|
||||
91 | [46.44.240.53](https://vuldb.com/?ip.46.44.240.53) | 46-44-240-53.ip.welcomeitalia.it | - | High
|
||||
92 | [47.27.63.45](https://vuldb.com/?ip.47.27.63.45) | 047-027-063-045.res.spectrum.com | - | High
|
||||
93 | [47.58.200.234](https://vuldb.com/?ip.47.58.200.234) | 47-58-200-234.red-acceso.airtel.net | - | High
|
||||
94 | [48.165.175.199](https://vuldb.com/?ip.48.165.175.199) | - | - | High
|
||||
95 | [48.209.106.172](https://vuldb.com/?ip.48.209.106.172) | - | - | High
|
||||
96 | ... | ... | ... | ...
|
||||
|
||||
There are 382 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -29,12 +126,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -42,58 +140,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/6/api.php?function=command&class=remote&Cc='ls'` | High
|
||||
4 | File | `/about.php` | Medium
|
||||
5 | File | `/admin.php?action=themeinstall` | High
|
||||
6 | File | `/admin/contenttemp` | High
|
||||
7 | File | `/admin/modules/system/custom_field.php` | High
|
||||
8 | File | `/api/crontab` | Medium
|
||||
9 | File | `/bin/boa` | Medium
|
||||
10 | File | `/category_view.php` | High
|
||||
11 | File | `/cgi-bin/wapopen` | High
|
||||
12 | File | `/cgi-mod/lookup.cgi` | High
|
||||
13 | File | `/common/info.cgi` | High
|
||||
14 | File | `/common/ticket_associated_tickets.php` | High
|
||||
15 | File | `/config/getuser` | High
|
||||
16 | File | `/debug/pprof` | Medium
|
||||
17 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
18 | File | `/iissamples` | Medium
|
||||
19 | File | `/interface/main/backup.php` | High
|
||||
20 | File | `/new` | Low
|
||||
21 | File | `/platform.cgi` | High
|
||||
22 | File | `/public/plugins/` | High
|
||||
23 | File | `/requests.php` | High
|
||||
24 | File | `/sbin/gs_config` | High
|
||||
25 | File | `/scripts/cpan_config` | High
|
||||
26 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
27 | File | `/spip.php` | Medium
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/usr/bin/pkexec` | High
|
||||
30 | File | `/usr/sbin/nagios` | High
|
||||
31 | File | `/usr/sbin/suexec` | High
|
||||
32 | File | `/WEB-INF/web.xml` | High
|
||||
33 | File | `/webman/info.cgi` | High
|
||||
34 | File | `/wp-admin/admin-ajax.php` | High
|
||||
35 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
36 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
37 | File | `/_internal` | Medium
|
||||
38 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
39 | File | `adclick.php` | Medium
|
||||
40 | File | `admin.php?page=languages` | High
|
||||
41 | File | `admin/admin_users.php` | High
|
||||
42 | File | `admin/conf_users_edit.php` | High
|
||||
43 | File | `admin/index.php` | High
|
||||
44 | ... | ... | ...
|
||||
1 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
2 | File | `/ci_hms/search` | High
|
||||
3 | File | `/ci_ssms/index.php/orders/create` | High
|
||||
4 | File | `/College/admin/teacher.php` | High
|
||||
5 | File | `/pdfalto/src/pdfalto.cc` | High
|
||||
6 | File | `/pms/index.php` | High
|
||||
7 | File | `/pms/update_user.php?user_id=1` | High
|
||||
8 | File | `/resources//../` | High
|
||||
9 | File | `/storage/innobase/handler/handler0alter.cc` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 77 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_01.06.2022.txt
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_02.06.2022.txt
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_03.06.2022.txt
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_07.06.2022.txt
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_09.06.2022.txt
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_13.06.2022.txt
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_14.06.2022.txt
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_15.06.2022.txt
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_16.06.2022.txt
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_17.06.2022.txt
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_23.06.2022.txt
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_27.05.2022.txt
|
||||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_27.06.2022.txt
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -43,12 +43,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -84,17 +87,17 @@ ID | Type | Indicator | Confidence
|
|||
26 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
27 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
|
||||
28 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
|
||||
29 | File | `/login` | Low
|
||||
30 | File | `/mngset/authset` | High
|
||||
31 | File | `/module/module_frame/index.php` | High
|
||||
32 | File | `/notice-edit.php` | High
|
||||
29 | File | `/librarian/bookdetails.php` | High
|
||||
30 | File | `/login` | Low
|
||||
31 | File | `/mngset/authset` | High
|
||||
32 | File | `/module/module_frame/index.php` | High
|
||||
33 | File | `/nova/bin/sniffer` | High
|
||||
34 | File | `/ofcms/company-c-47` | High
|
||||
35 | File | `/proc/*/cmdline"` | High
|
||||
36 | File | `/proc/pid/syscall` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [SE](https://vuldb.com/?country.se)
|
||||
* ...
|
||||
|
||||
There are 29 more country items available. Please use our online service to access the data.
|
||||
There are 30 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -37,12 +37,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -55,14 +55,15 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `//etc/RT2870STA.dat` | High
|
||||
2 | File | `/admin/index.php?id=themes&action=edit_template&filename=blog` | High
|
||||
3 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
|
||||
4 | File | `/jquery_file_upload/server/php/index.php` | High
|
||||
5 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
6 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | ... | ... | ...
|
||||
3 | File | `/bin/boa` | Medium
|
||||
4 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
|
||||
5 | File | `/jquery_file_upload/server/php/index.php` | High
|
||||
6 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
7 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
8 | File | `/uncpath/` | Medium
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 59 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 62 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -104,7 +104,7 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 258 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 256 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Group:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* ...
|
||||
|
||||
|
@ -35,12 +35,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,43 +50,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php/Label/js_del` | High
|
||||
2 | File | `/admin.php/news/admin/topic/save` | High
|
||||
3 | File | `/admin/comn/service/update.json` | High
|
||||
4 | File | `/admin/customers.php?page=1&cID` | High
|
||||
5 | File | `/admin/link/link_ok.php` | High
|
||||
6 | File | `/admin/show.php` | High
|
||||
7 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
8 | File | `/app/register.php` | High
|
||||
9 | File | `/bcms/admin/courts/view_court.php` | High
|
||||
10 | File | `/CommunitySSORedirect.jsp` | High
|
||||
11 | File | `/config` | Low
|
||||
12 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
13 | File | `/data/sqldata` | High
|
||||
14 | File | `/feedback/post/` | High
|
||||
15 | File | `/goform/saveParentControlInfo` | High
|
||||
16 | File | `/goform/SetClientState` | High
|
||||
17 | File | `/goform/setDeviceSettings` | High
|
||||
18 | File | `/goform/SetPptpServerCfg` | High
|
||||
19 | File | `/help/treecontent.jsp` | High
|
||||
20 | File | `/home/jobfairol/resumelist` | High
|
||||
21 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
22 | File | `/index.php?page=reserve` | High
|
||||
23 | File | `/ip/car-rental-management-system/admin/ajax.php?action=login` | High
|
||||
24 | File | `/ocwbs/admin/?page=bookings/view_details` | High
|
||||
25 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
26 | File | `/ocwbs/admin/services/manage_service.php` | High
|
||||
27 | File | `/ocwbs/classes/Master.php?f=delete_booking` | High
|
||||
28 | File | `/ocwbs/classes/Master.php?f=delete_vehicle` | High
|
||||
29 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
30 | File | `/ordering/admin/stockin/index.php?view=edit` | High
|
||||
31 | File | `/public/launchNewWindow.jsp` | High
|
||||
32 | File | `/purchase_order/admin/?page=user` | High
|
||||
33 | File | `/rdms/admin/incident_reports/view_report.php` | High
|
||||
34 | File | `/rdms/admin/respondent_types/manage_respondent_type.php` | High
|
||||
35 | ... | ... | ...
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin.php/Label/js_del` | High
|
||||
3 | File | `/admin.php/news/admin/topic/save` | High
|
||||
4 | File | `/admin/comn/service/update.json` | High
|
||||
5 | File | `/admin/general.cgi` | High
|
||||
6 | File | `/admin/reports.php` | High
|
||||
7 | File | `/admin/service/stop/` | High
|
||||
8 | File | `/admin/usermanagement.php` | High
|
||||
9 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
10 | File | `/bcms/admin/courts/view_court.php` | High
|
||||
11 | File | `/category.php` | High
|
||||
12 | File | `/CommunitySSORedirect.jsp` | High
|
||||
13 | File | `/config` | Low
|
||||
14 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
15 | File | `/filemanager/upload/drop` | High
|
||||
16 | File | `/freelance/resume_list` | High
|
||||
17 | File | `/goform/aspForm` | High
|
||||
18 | File | `/goform/saveParentControlInfo` | High
|
||||
19 | File | `/goform/SetClientState` | High
|
||||
20 | File | `/goform/setDeviceSettings` | High
|
||||
21 | File | `/help/treecontent.jsp` | High
|
||||
22 | File | `/home/jobfairol/resumelist` | High
|
||||
23 | File | `/hprms/admin/rooms/view_room.php` | High
|
||||
24 | File | `/hprms/classes/Master.php?f=delete_message` | High
|
||||
25 | File | `/images/background/1.php` | High
|
||||
26 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
27 | File | `/ip/car-rental-management-system/admin/ajax.php?action=login` | High
|
||||
28 | File | `/lists/admin/` | High
|
||||
29 | File | `/modules/mindmap/index.php` | High
|
||||
30 | File | `/ocwbs/admin/?page=bookings/view_details` | High
|
||||
31 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
32 | File | `/ocwbs/admin/services/manage_service.php` | High
|
||||
33 | File | `/ocwbs/classes/Master.php?f=delete_booking` | High
|
||||
34 | File | `/ocwbs/classes/Master.php?f=delete_vehicle` | High
|
||||
35 | File | `/odfs/classes/Master.php?f=save_category` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 297 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
@ -44,7 +44,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
21 | [51.68.93.185](https://vuldb.com/?ip.51.68.93.185) | - | - | High
|
||||
22 | ... | ... | ... | ...
|
||||
|
||||
There are 84 more IOC items available. Please use our online service to access the data.
|
||||
There are 85 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -52,12 +52,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -66,43 +68,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
4 | File | `/admin.php/Label/page_del` | High
|
||||
5 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
6 | File | `/admin/dl_sendmail.php` | High
|
||||
7 | File | `/admin/dl_sendsms.php` | High
|
||||
8 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
9 | File | `/api/part_categories` | High
|
||||
10 | File | `/api/programs/orgUnits?programs` | High
|
||||
11 | File | `/api/students/me/courses/` | High
|
||||
12 | File | `/Applications/Utilities/Terminal` | High
|
||||
13 | File | `/asms/classes/Master.php?f=delete_product` | High
|
||||
14 | File | `/asms/classes/Master.php?f=save_product` | High
|
||||
15 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
16 | File | `/bsms/?page=manage_account` | High
|
||||
17 | File | `/cgi-bin/kerbynet` | High
|
||||
18 | File | `/checklogin.jsp` | High
|
||||
19 | File | `/classes/master.php?f=delete_facility` | High
|
||||
20 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
21 | File | `/company` | Medium
|
||||
22 | File | `/company/service/increment/add/im` | High
|
||||
23 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
24 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
25 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
26 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
27 | File | `/ecrire` | Low
|
||||
28 | File | `/eris/index.php?q=result&searchfor=advancesearch` | High
|
||||
29 | File | `/goform/aspForm` | High
|
||||
30 | File | `/goform/saveParentControlInfo` | High
|
||||
31 | File | `/goform/SetClientState` | High
|
||||
32 | File | `/htdocs/cgibin` | High
|
||||
33 | File | `/html/Solar_Ftp.php` | High
|
||||
34 | File | `/hub/api/user` | High
|
||||
35 | File | `/include/chart_generator.php` | High
|
||||
36 | ... | ... | ...
|
||||
2 | File | `/.dbus-keyrings` | High
|
||||
3 | File | `//proc/kcore` | Medium
|
||||
4 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
5 | File | `/admin.php/Label/page_del` | High
|
||||
6 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
7 | File | `/admin/dl_sendmail.php` | High
|
||||
8 | File | `/admin/dl_sendsms.php` | High
|
||||
9 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
10 | File | `/admin/generalsettings.php` | High
|
||||
11 | File | `/admin/payment.php` | High
|
||||
12 | File | `/admin/reports.php` | High
|
||||
13 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
14 | File | `/api/part_categories` | High
|
||||
15 | File | `/api/programs/orgUnits?programs` | High
|
||||
16 | File | `/api/students/me/courses/` | High
|
||||
17 | File | `/api/user/userData?userCode=admin` | High
|
||||
18 | File | `/Applications/Utilities/Terminal` | High
|
||||
19 | File | `/asms/classes/Master.php?f=delete_product` | High
|
||||
20 | File | `/asms/classes/Master.php?f=save_product` | High
|
||||
21 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
22 | File | `/bsms/?page=manage_account` | High
|
||||
23 | File | `/cgi-bin/kerbynet` | High
|
||||
24 | File | `/checklogin.jsp` | High
|
||||
25 | File | `/classes/master.php?f=delete_facility` | High
|
||||
26 | File | `/classes/Master.php?f=delete_reservation` | High
|
||||
27 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
28 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
29 | File | `/company` | Medium
|
||||
30 | File | `/company/service/increment/add/im` | High
|
||||
31 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
32 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
33 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
34 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
|
||||
35 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
36 | File | `/ecrire` | Low
|
||||
37 | File | `/forum/away.php` | High
|
||||
38 | File | `/goform/aspForm` | High
|
||||
39 | File | `/goform/saveParentControlInfo` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -129,6 +135,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-29%20Hancitor%20IOCs
|
||||
* https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
|
||||
* https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752/
|
||||
* https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/
|
||||
* https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/
|
||||
* https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/
|
||||
* https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/
|
||||
|
|
|
@ -17,10 +17,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -524,12 +524,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -537,43 +538,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/admin/contenttemp` | High
|
||||
4 | File | `/admin/modules/system/custom_field.php` | High
|
||||
5 | File | `/admin/user/UserAdmin.do` | High
|
||||
6 | File | `/Ap4RtpAtom.cpp` | High
|
||||
7 | File | `/api/crontab` | Medium
|
||||
8 | File | `/bcms/admin/?page=user/list` | High
|
||||
9 | File | `/cgi-bin/wapopen` | High
|
||||
10 | File | `/cgi-mod/lookup.cgi` | High
|
||||
11 | File | `/controller/Index.php` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/devices/acurite.c` | High
|
||||
14 | File | `/example/editor` | High
|
||||
15 | File | `/file?action=download&file` | High
|
||||
16 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
17 | File | `/fuel/sitevariables/delete/4` | High
|
||||
18 | File | `/goform/login_process` | High
|
||||
19 | File | `/goform/rlmswitchr_process` | High
|
||||
20 | File | `/goforms/rlminfo` | High
|
||||
21 | File | `/include/chart_generator.php` | High
|
||||
22 | File | `/mgmt/tm/util/bash` | High
|
||||
23 | File | `/mhds/clinic/view_details.php` | High
|
||||
24 | File | `/newsDia.php` | Medium
|
||||
25 | File | `/nova/bin/console` | High
|
||||
26 | File | `/product_list.php` | High
|
||||
27 | File | `/ptms/?page=user` | High
|
||||
28 | File | `/scas/admin/` | Medium
|
||||
29 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
31 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
32 | File | `/tmp/zarafa-vacation-*` | High
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/upload` | Low
|
||||
35 | ... | ... | ...
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin/` | Low
|
||||
3 | File | `/admin/communitymanagement.php` | High
|
||||
4 | File | `/admin/contenttemp` | High
|
||||
5 | File | `/admin/extended` | High
|
||||
6 | File | `/admin/featured.php` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/admin/newsletter1.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/user/UserAdmin.do` | High
|
||||
11 | File | `/admin/usermanagement.php` | High
|
||||
12 | File | `/Ap4RtpAtom.cpp` | High
|
||||
13 | File | `/api/crontab` | Medium
|
||||
14 | File | `/bcms/admin/?page=user/list` | High
|
||||
15 | File | `/bsms/?page=manage_account` | High
|
||||
16 | File | `/cgi-bin/login.cgi` | High
|
||||
17 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
18 | File | `/controller/Index.php` | High
|
||||
19 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
20 | File | `/dashboard/reports/logs/view` | High
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/designer/add/layout` | High
|
||||
23 | File | `/devices/acurite.c` | High
|
||||
24 | File | `/example/editor` | High
|
||||
25 | File | `/filemanager/upload/drop` | High
|
||||
26 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
27 | File | `/fuel/sitevariables/delete/4` | High
|
||||
28 | File | `/goform/login_process` | High
|
||||
29 | File | `/goform/rlmswitchr_process` | High
|
||||
30 | File | `/goforms/rlminfo` | High
|
||||
31 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
32 | File | `/include/chart_generator.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 300 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
@ -54,12 +54,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -68,42 +70,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?module=fileman§ion=get&page=grid` | High
|
||||
2 | File | `/admin.php/singer/admin/singer/hy` | High
|
||||
3 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
4 | File | `/admin/deluser.php` | High
|
||||
5 | File | `/admin/edit.php` | High
|
||||
6 | File | `/admin/googleads.php` | High
|
||||
7 | File | `/admin/new-content` | High
|
||||
8 | File | `/admin/operations/tax.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/scheprofile.cgi` | High
|
||||
11 | File | `/admin/weixin.php` | High
|
||||
12 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
13 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
14 | File | `/bcms/admin/courts/manage_court.php` | High
|
||||
15 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
|
||||
16 | File | `/car-rental-management-system/admin/manage_booking.php` | High
|
||||
17 | File | `/cgi-bin/kerbynet` | High
|
||||
18 | File | `/classes/Users.php?f=save` | High
|
||||
19 | File | `/cms/classes/Master.php?f=delete_client` | High
|
||||
20 | File | `/config` | Low
|
||||
21 | File | `/defaultui/player/modern.html` | High
|
||||
22 | File | `/ffos/admin/categories/manage_category.php` | High
|
||||
23 | File | `/ffos/admin/menus/view_menu.php` | High
|
||||
24 | File | `/gaia-job-admin/user/add` | High
|
||||
25 | File | `/goform/aspForm` | High
|
||||
26 | File | `/goform/login_process` | High
|
||||
27 | File | `/goform/setNetworkLan` | High
|
||||
28 | File | `/goform/SetSysTimeCfg` | High
|
||||
29 | File | `/html/Solar_Ftp.php` | High
|
||||
30 | File | `/lists/admin/` | High
|
||||
31 | File | `/mngset/authset` | High
|
||||
32 | File | `/mtms/admin/?page=transaction/send` | High
|
||||
33 | File | `/orrs/admin/trains/manage_train.php` | High
|
||||
34 | File | `/otps/classes/Master.php?f=delete_team` | High
|
||||
35 | ... | ... | ...
|
||||
2 | File | `/action/import_sdk_file/` | High
|
||||
3 | File | `/admin.php/singer/admin/singer/hy` | High
|
||||
4 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/deluser.php` | High
|
||||
7 | File | `/admin/edit.php` | High
|
||||
8 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
9 | File | `/admin/googleads.php` | High
|
||||
10 | File | `/admin/new-content` | High
|
||||
11 | File | `/admin/operations/tax.php` | High
|
||||
12 | File | `/admin/payment.php` | High
|
||||
13 | File | `/admin/scheprofile.cgi` | High
|
||||
14 | File | `/admin/weixin.php` | High
|
||||
15 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
16 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
17 | File | `/bcms/admin/courts/manage_court.php` | High
|
||||
18 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
|
||||
19 | File | `/car-rental-management-system/admin/manage_booking.php` | High
|
||||
20 | File | `/catcompany.php` | High
|
||||
21 | File | `/cgi-bin/kerbynet` | High
|
||||
22 | File | `/classes/Users.php?f=save` | High
|
||||
23 | File | `/cms/classes/Master.php?f=delete_client` | High
|
||||
24 | File | `/config` | Low
|
||||
25 | File | `/defaultui/player/modern.html` | High
|
||||
26 | File | `/ffos/admin/categories/manage_category.php` | High
|
||||
27 | File | `/ffos/admin/menus/view_menu.php` | High
|
||||
28 | File | `/gaia-job-admin/user/add` | High
|
||||
29 | File | `/goform/aspForm` | High
|
||||
30 | File | `/goform/setNetworkLan` | High
|
||||
31 | File | `/goform/SetSysTimeCfg` | High
|
||||
32 | File | `/html/Solar_Ftp.php` | High
|
||||
33 | File | `/lists/admin/` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -37,12 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1548.002 | CWE-285 | Improper Authorization | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -38,12 +38,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -31,8 +31,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
3 | T1222 | CWE-275 | Permission Issues | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -38,12 +38,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -37,12 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1222 | CWE-275 | Permission Issues | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -20,6 +20,14 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [95.181.198.115](https://vuldb.com/?ip.95.181.198.115) | - | - | High
|
||||
2 | [192.162.244.171](https://vuldb.com/?ip.192.162.244.171) | free.datacheap.ru | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Dijo_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Dijo. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -184,219 +184,221 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
161 | [45.76.176.10](https://vuldb.com/?ip.45.76.176.10) | 45.76.176.10.vultrusercontent.com | - | High
|
||||
162 | [45.77.154.161](https://vuldb.com/?ip.45.77.154.161) | 45.77.154.161.vultrusercontent.com | - | High
|
||||
163 | [45.79.95.107](https://vuldb.com/?ip.45.79.95.107) | li1194-107.members.linode.com | - | High
|
||||
164 | [45.79.188.67](https://vuldb.com/?ip.45.79.188.67) | li1287-67.members.linode.com | - | High
|
||||
165 | [45.80.148.200](https://vuldb.com/?ip.45.80.148.200) | - | - | High
|
||||
166 | [45.118.115.99](https://vuldb.com/?ip.45.118.115.99) | - | - | High
|
||||
167 | [45.118.135.203](https://vuldb.com/?ip.45.118.135.203) | 45-118-135-203.ip.linodeusercontent.com | - | High
|
||||
168 | [45.118.136.92](https://vuldb.com/?ip.45.118.136.92) | - | - | High
|
||||
169 | [45.119.83.237](https://vuldb.com/?ip.45.119.83.237) | - | - | High
|
||||
170 | [45.142.114.231](https://vuldb.com/?ip.45.142.114.231) | mail.dounutmail.de | - | High
|
||||
171 | [45.176.232.124](https://vuldb.com/?ip.45.176.232.124) | - | - | High
|
||||
172 | [45.230.45.171](https://vuldb.com/?ip.45.230.45.171) | - | - | High
|
||||
173 | [45.252.251.10](https://vuldb.com/?ip.45.252.251.10) | - | - | High
|
||||
174 | [46.4.100.178](https://vuldb.com/?ip.46.4.100.178) | support.wizard-shopservice.de | - | High
|
||||
175 | [46.4.192.185](https://vuldb.com/?ip.46.4.192.185) | static.185.192.4.46.clients.your-server.de | - | High
|
||||
176 | [46.28.111.142](https://vuldb.com/?ip.46.28.111.142) | enkindu.jsuchy.net | - | High
|
||||
177 | [46.30.213.132](https://vuldb.com/?ip.46.30.213.132) | - | - | High
|
||||
178 | [46.32.229.152](https://vuldb.com/?ip.46.32.229.152) | 094882.vps-10.com | - | High
|
||||
179 | [46.32.233.226](https://vuldb.com/?ip.46.32.233.226) | yetitoolusa.com | - | High
|
||||
180 | [46.38.238.8](https://vuldb.com/?ip.46.38.238.8) | v2202109122001163131.happysrv.de | - | High
|
||||
181 | [46.43.2.95](https://vuldb.com/?ip.46.43.2.95) | chris.default.cjenkinson.uk0.bigv.io | - | High
|
||||
182 | [46.49.124.53](https://vuldb.com/?ip.46.49.124.53) | - | - | High
|
||||
183 | [46.55.222.11](https://vuldb.com/?ip.46.55.222.11) | - | - | High
|
||||
184 | [46.101.58.37](https://vuldb.com/?ip.46.101.58.37) | 46.101.58.37-e1-8080 | - | High
|
||||
185 | [46.105.81.76](https://vuldb.com/?ip.46.105.81.76) | myu0.cylipo.sbs | - | High
|
||||
186 | [46.105.114.137](https://vuldb.com/?ip.46.105.114.137) | ns3188253.ip-46-105-114.eu | - | High
|
||||
187 | [46.105.131.68](https://vuldb.com/?ip.46.105.131.68) | http.adven.fr | - | High
|
||||
188 | [46.105.131.69](https://vuldb.com/?ip.46.105.131.69) | epouventaille.adven.fr | - | High
|
||||
189 | [46.105.131.79](https://vuldb.com/?ip.46.105.131.79) | relay.adven.fr | - | High
|
||||
190 | [46.105.131.87](https://vuldb.com/?ip.46.105.131.87) | pop.adven.fr | - | High
|
||||
191 | [46.105.236.18](https://vuldb.com/?ip.46.105.236.18) | - | - | High
|
||||
192 | [46.165.212.76](https://vuldb.com/?ip.46.165.212.76) | - | - | High
|
||||
193 | [46.165.254.206](https://vuldb.com/?ip.46.165.254.206) | - | - | High
|
||||
194 | [46.214.107.142](https://vuldb.com/?ip.46.214.107.142) | 46-214-107-142.next-gen.ro | - | High
|
||||
195 | [47.36.140.164](https://vuldb.com/?ip.47.36.140.164) | 047-036-140-164.res.spectrum.com | - | High
|
||||
196 | [47.52.19.221](https://vuldb.com/?ip.47.52.19.221) | - | - | High
|
||||
197 | [47.146.32.175](https://vuldb.com/?ip.47.146.32.175) | - | - | High
|
||||
198 | [47.146.39.147](https://vuldb.com/?ip.47.146.39.147) | - | - | High
|
||||
199 | [47.150.11.161](https://vuldb.com/?ip.47.150.11.161) | - | - | High
|
||||
200 | [47.188.131.94](https://vuldb.com/?ip.47.188.131.94) | - | - | High
|
||||
201 | [47.201.208.154](https://vuldb.com/?ip.47.201.208.154) | - | - | High
|
||||
202 | [47.246.24.225](https://vuldb.com/?ip.47.246.24.225) | - | - | High
|
||||
203 | [47.246.24.226](https://vuldb.com/?ip.47.246.24.226) | - | - | High
|
||||
204 | [47.246.24.230](https://vuldb.com/?ip.47.246.24.230) | - | - | High
|
||||
205 | [47.246.24.232](https://vuldb.com/?ip.47.246.24.232) | - | - | High
|
||||
206 | [49.12.121.47](https://vuldb.com/?ip.49.12.121.47) | filezilla-project.org | - | High
|
||||
207 | [49.50.209.131](https://vuldb.com/?ip.49.50.209.131) | 131.host-49-50-209.euba.megatel.co.nz | - | High
|
||||
208 | [49.212.135.76](https://vuldb.com/?ip.49.212.135.76) | os3-321-50322.vs.sakura.ne.jp | - | High
|
||||
209 | [49.212.155.94](https://vuldb.com/?ip.49.212.155.94) | os3-325-52340.vs.sakura.ne.jp | - | High
|
||||
210 | [50.22.35.194](https://vuldb.com/?ip.50.22.35.194) | c2.23.1632.ip4.static.sl-reverse.com | - | High
|
||||
211 | [50.23.248.182](https://vuldb.com/?ip.50.23.248.182) | b6.f8.1732.ip4.static.sl-reverse.com | - | High
|
||||
212 | [50.28.51.143](https://vuldb.com/?ip.50.28.51.143) | - | - | High
|
||||
213 | [50.30.40.196](https://vuldb.com/?ip.50.30.40.196) | usve255301.serverprofi24.com | - | High
|
||||
214 | [50.31.146.101](https://vuldb.com/?ip.50.31.146.101) | mail.brillinjurylaw.com | - | High
|
||||
215 | [50.31.174.165](https://vuldb.com/?ip.50.31.174.165) | priva28.privatednsorg.com | - | High
|
||||
216 | [50.56.135.44](https://vuldb.com/?ip.50.56.135.44) | - | - | High
|
||||
217 | [50.62.176.42](https://vuldb.com/?ip.50.62.176.42) | p3plcpnl0515.prod.phx3.secureserver.net | - | High
|
||||
218 | [50.62.176.244](https://vuldb.com/?ip.50.62.176.244) | p3plcpnl0728.prod.phx3.secureserver.net | - | High
|
||||
219 | [50.62.194.30](https://vuldb.com/?ip.50.62.194.30) | ip-50-62-194-30.ip.secureserver.net | - | High
|
||||
220 | [50.63.8.21](https://vuldb.com/?ip.50.63.8.21) | ip-50-63-8-21.ip.secureserver.net | - | High
|
||||
221 | [50.78.167.65](https://vuldb.com/?ip.50.78.167.65) | millcreek.cc | - | High
|
||||
222 | [50.87.59.65](https://vuldb.com/?ip.50.87.59.65) | 50-87-59-65.unifiedlayer.com | - | High
|
||||
223 | [50.87.144.137](https://vuldb.com/?ip.50.87.144.137) | gator3103.hostgator.com | - | High
|
||||
224 | [50.87.144.197](https://vuldb.com/?ip.50.87.144.197) | gator3161.hostgator.com | - | High
|
||||
225 | [50.87.150.177](https://vuldb.com/?ip.50.87.150.177) | 50-87-150-177.unifiedlayer.com | - | High
|
||||
226 | [50.91.114.38](https://vuldb.com/?ip.50.91.114.38) | 050-091-114-038.res.spectrum.com | - | High
|
||||
227 | [50.92.101.60](https://vuldb.com/?ip.50.92.101.60) | d50-92-101-60.bchsia.telus.net | - | High
|
||||
228 | [50.116.54.215](https://vuldb.com/?ip.50.116.54.215) | li440-215.members.linode.com | - | High
|
||||
229 | [50.116.78.109](https://vuldb.com/?ip.50.116.78.109) | intersearchmedia.com | - | High
|
||||
230 | [50.116.86.205](https://vuldb.com/?ip.50.116.86.205) | template3.domain.com | - | High
|
||||
231 | [50.121.220.50](https://vuldb.com/?ip.50.121.220.50) | static-50-121-220-50.clbg.wv.frontiernet.net | - | High
|
||||
232 | [50.245.107.73](https://vuldb.com/?ip.50.245.107.73) | 50-245-107-73-static.hfc.comcastbusiness.net | - | High
|
||||
233 | [51.15.4.22](https://vuldb.com/?ip.51.15.4.22) | 51-15-4-22.rev.poneytelecom.eu | - | High
|
||||
234 | [51.15.7.145](https://vuldb.com/?ip.51.15.7.145) | 51-15-7-145.rev.poneytelecom.eu | - | High
|
||||
235 | [51.38.124.206](https://vuldb.com/?ip.51.38.124.206) | 206.ip-51-38-124.eu | - | High
|
||||
236 | [51.38.201.19](https://vuldb.com/?ip.51.38.201.19) | ip19.ip-51-38-201.eu | - | High
|
||||
237 | [51.68.175.8](https://vuldb.com/?ip.51.68.175.8) | vps-9dba3732.vps.ovh.net | - | High
|
||||
238 | [51.68.220.244](https://vuldb.com/?ip.51.68.220.244) | vps-7a400d57.vps.ovh.net | - | High
|
||||
239 | [51.75.33.120](https://vuldb.com/?ip.51.75.33.120) | ip120.ip-51-75-33.eu | - | High
|
||||
240 | [51.75.33.127](https://vuldb.com/?ip.51.75.33.127) | ip127.ip-51-75-33.eu | - | High
|
||||
241 | [51.77.113.100](https://vuldb.com/?ip.51.77.113.100) | titan40.fastworldwideweb.com | - | High
|
||||
242 | [51.89.36.180](https://vuldb.com/?ip.51.89.36.180) | ip180.ip-51-89-36.eu | - | High
|
||||
243 | [51.89.199.141](https://vuldb.com/?ip.51.89.199.141) | ip141.ip-51-89-199.eu | - | High
|
||||
244 | [51.91.7.5](https://vuldb.com/?ip.51.91.7.5) | ns3147667.ip-51-91-7.eu | - | High
|
||||
245 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
|
||||
246 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
|
||||
247 | [51.159.35.157](https://vuldb.com/?ip.51.159.35.157) | 51-159-35-157.rev.poneytelecom.eu | - | High
|
||||
248 | [51.254.137.156](https://vuldb.com/?ip.51.254.137.156) | mail.unolan.net | - | High
|
||||
249 | [51.254.140.238](https://vuldb.com/?ip.51.254.140.238) | 238.ip-51-254-140.eu | - | High
|
||||
250 | [51.255.50.164](https://vuldb.com/?ip.51.255.50.164) | vps-b6cfe010.vps.ovh.net | - | High
|
||||
251 | [51.255.165.160](https://vuldb.com/?ip.51.255.165.160) | 160.ip-51-255-165.eu | - | High
|
||||
252 | [52.31.99.185](https://vuldb.com/?ip.52.31.99.185) | ec2-52-31-99-185.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
253 | [52.66.202.63](https://vuldb.com/?ip.52.66.202.63) | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
254 | [52.96.38.82](https://vuldb.com/?ip.52.96.38.82) | - | - | High
|
||||
255 | [52.96.40.242](https://vuldb.com/?ip.52.96.40.242) | - | - | High
|
||||
256 | [52.96.62.226](https://vuldb.com/?ip.52.96.62.226) | - | - | High
|
||||
257 | [54.36.185.60](https://vuldb.com/?ip.54.36.185.60) | ip60.ip-54-36-185.eu | - | High
|
||||
258 | [54.38.94.197](https://vuldb.com/?ip.54.38.94.197) | ns3140984.ip-54-38-94.eu | - | High
|
||||
259 | [54.38.143.245](https://vuldb.com/?ip.54.38.143.245) | tools.inovato.me | - | High
|
||||
260 | [54.88.144.211](https://vuldb.com/?ip.54.88.144.211) | va-smtp01.263.net | - | High
|
||||
261 | [58.27.215.3](https://vuldb.com/?ip.58.27.215.3) | 58-27-215-3.wateen.net | - | High
|
||||
262 | [58.94.58.13](https://vuldb.com/?ip.58.94.58.13) | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High
|
||||
263 | [58.96.74.42](https://vuldb.com/?ip.58.96.74.42) | 42.74.96.58.static.exetel.com.au | - | High
|
||||
264 | [58.171.38.26](https://vuldb.com/?ip.58.171.38.26) | - | - | High
|
||||
265 | [58.216.16.130](https://vuldb.com/?ip.58.216.16.130) | - | - | High
|
||||
266 | [58.227.42.236](https://vuldb.com/?ip.58.227.42.236) | - | - | High
|
||||
267 | [59.110.18.236](https://vuldb.com/?ip.59.110.18.236) | - | - | High
|
||||
268 | [59.120.5.154](https://vuldb.com/?ip.59.120.5.154) | 59-120-5-154.hinet-ip.hinet.net | - | High
|
||||
269 | [59.124.1.19](https://vuldb.com/?ip.59.124.1.19) | 59-124-1-19.hinet-ip.hinet.net | - | High
|
||||
270 | [59.148.253.194](https://vuldb.com/?ip.59.148.253.194) | 059148253194.ctinets.com | - | High
|
||||
271 | [59.152.93.46](https://vuldb.com/?ip.59.152.93.46) | 46.93.152.59.zipnetltd.com | - | High
|
||||
272 | [60.36.166.212](https://vuldb.com/?ip.60.36.166.212) | imail.mail.plala.or.jp | - | High
|
||||
273 | [60.93.23.51](https://vuldb.com/?ip.60.93.23.51) | softbank060093023051.bbtec.net | - | High
|
||||
274 | [60.108.128.186](https://vuldb.com/?ip.60.108.128.186) | softbank060108128186.bbtec.net | - | High
|
||||
275 | [60.125.114.64](https://vuldb.com/?ip.60.125.114.64) | softbank060125114064.bbtec.net | - | High
|
||||
276 | [60.249.78.226](https://vuldb.com/?ip.60.249.78.226) | 60-249-78-226.hinet-ip.hinet.net | - | High
|
||||
277 | [61.19.246.238](https://vuldb.com/?ip.61.19.246.238) | - | - | High
|
||||
278 | [61.197.37.169](https://vuldb.com/?ip.61.197.37.169) | pl937.ag1001.nttpc.ne.jp | - | High
|
||||
279 | [62.28.40.155](https://vuldb.com/?ip.62.28.40.155) | exchange.ptasp.com | - | High
|
||||
280 | [62.30.7.67](https://vuldb.com/?ip.62.30.7.67) | 67.7-30-62.static.virginmediabusiness.co.uk | - | High
|
||||
281 | [62.75.141.82](https://vuldb.com/?ip.62.75.141.82) | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High
|
||||
282 | [62.84.75.50](https://vuldb.com/?ip.62.84.75.50) | mail.saadegrp.com.lb | - | High
|
||||
283 | [62.141.45.103](https://vuldb.com/?ip.62.141.45.103) | vps2009743.fastwebserver.de | - | High
|
||||
284 | [62.149.128.42](https://vuldb.com/?ip.62.149.128.42) | imaps.aruba.it | - | High
|
||||
285 | [62.149.128.72](https://vuldb.com/?ip.62.149.128.72) | mxd4.aruba.it | - | High
|
||||
286 | [62.149.128.179](https://vuldb.com/?ip.62.149.128.179) | pop3s.aruba.it | - | High
|
||||
287 | [62.149.128.200](https://vuldb.com/?ip.62.149.128.200) | smtp1.aruba.it | - | High
|
||||
288 | [62.149.128.210](https://vuldb.com/?ip.62.149.128.210) | smtpa1.aruba.it | - | High
|
||||
289 | [62.149.152.151](https://vuldb.com/?ip.62.149.152.151) | - | - | High
|
||||
290 | [62.149.152.152](https://vuldb.com/?ip.62.149.152.152) | - | - | High
|
||||
291 | [62.149.157.55](https://vuldb.com/?ip.62.149.157.55) | - | - | High
|
||||
292 | [62.171.142.179](https://vuldb.com/?ip.62.171.142.179) | vmi499457.contaboserver.net | - | High
|
||||
293 | [62.171.178.147](https://vuldb.com/?ip.62.171.178.147) | vmi365451.contaboserver.net | - | High
|
||||
294 | [62.210.127.136](https://vuldb.com/?ip.62.210.127.136) | 62-210-127-136.rev.poneytelecom.eu | - | High
|
||||
295 | [62.212.34.102](https://vuldb.com/?ip.62.212.34.102) | - | - | High
|
||||
296 | [62.234.99.30](https://vuldb.com/?ip.62.234.99.30) | - | - | High
|
||||
297 | [63.142.253.122](https://vuldb.com/?ip.63.142.253.122) | - | - | High
|
||||
298 | [64.4.244.68](https://vuldb.com/?ip.64.4.244.68) | - | - | High
|
||||
299 | [64.26.60.221](https://vuldb.com/?ip.64.26.60.221) | pop5.csee.onr.siteprotect.com | - | High
|
||||
300 | [64.41.126.110](https://vuldb.com/?ip.64.41.126.110) | securesmtp.csee.siteprotect.com | - | High
|
||||
301 | [64.59.136.142](https://vuldb.com/?ip.64.59.136.142) | mail.shaw.ca | - | High
|
||||
302 | [64.60.82.82](https://vuldb.com/?ip.64.60.82.82) | 64-60-82-82.static-ip.telepacific.net | - | High
|
||||
303 | [64.71.36.11](https://vuldb.com/?ip.64.71.36.11) | - | - | High
|
||||
304 | [64.85.73.16](https://vuldb.com/?ip.64.85.73.16) | - | - | High
|
||||
305 | [64.88.202.250](https://vuldb.com/?ip.64.88.202.250) | - | - | High
|
||||
306 | [64.90.62.162](https://vuldb.com/?ip.64.90.62.162) | pop.dreamhost.com | - | High
|
||||
307 | [64.91.228.45](https://vuldb.com/?ip.64.91.228.45) | - | - | High
|
||||
308 | [64.98.36.5](https://vuldb.com/?ip.64.98.36.5) | mail.b.hostedemail.com | - | High
|
||||
309 | [64.98.36.173](https://vuldb.com/?ip.64.98.36.173) | mail.lawyers-mail.com | - | High
|
||||
310 | [64.183.73.122](https://vuldb.com/?ip.64.183.73.122) | rrcs-64-183-73-122.west.biz.rr.com | - | High
|
||||
311 | [64.190.63.136](https://vuldb.com/?ip.64.190.63.136) | - | - | High
|
||||
312 | [64.207.182.168](https://vuldb.com/?ip.64.207.182.168) | - | - | High
|
||||
313 | [64.250.117.68](https://vuldb.com/?ip.64.250.117.68) | smtp.movistarcloud.com.ve | - | High
|
||||
314 | [65.49.60.163](https://vuldb.com/?ip.65.49.60.163) | 65-49-60-163.ip.linodeusercontent.com | - | High
|
||||
315 | [65.55.72.183](https://vuldb.com/?ip.65.55.72.183) | origin.sn134w.snt134.mail.live.com | - | High
|
||||
316 | [65.182.102.90](https://vuldb.com/?ip.65.182.102.90) | mail.geantes.com | - | High
|
||||
317 | [65.254.228.100](https://vuldb.com/?ip.65.254.228.100) | customer.hostcentric.com | - | High
|
||||
318 | [66.23.200.58](https://vuldb.com/?ip.66.23.200.58) | - | - | High
|
||||
319 | [66.42.55.5](https://vuldb.com/?ip.66.42.55.5) | 66.42.55.5.vultrusercontent.com | - | High
|
||||
320 | [66.50.57.73](https://vuldb.com/?ip.66.50.57.73) | 66-50-57-73.prtc.net | - | High
|
||||
321 | [66.54.51.172](https://vuldb.com/?ip.66.54.51.172) | - | - | High
|
||||
322 | [66.71.241.102](https://vuldb.com/?ip.66.71.241.102) | mail.nixhost.net | - | High
|
||||
323 | [66.76.26.33](https://vuldb.com/?ip.66.76.26.33) | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High
|
||||
324 | [66.96.134.1](https://vuldb.com/?ip.66.96.134.1) | 1.134.96.66.static.eigbox.net | - | High
|
||||
325 | [66.96.147.103](https://vuldb.com/?ip.66.96.147.103) | 103.147.96.66.static.eigbox.net | - | High
|
||||
326 | [66.96.147.110](https://vuldb.com/?ip.66.96.147.110) | 110.147.96.66.static.eigbox.net | - | High
|
||||
327 | [66.195.202.115](https://vuldb.com/?ip.66.195.202.115) | mail.navarac.com | - | High
|
||||
328 | [66.209.69.165](https://vuldb.com/?ip.66.209.69.165) | - | - | High
|
||||
329 | [66.216.234.131](https://vuldb.com/?ip.66.216.234.131) | 066-216-234-131.res.spectrum.com | - | High
|
||||
330 | [66.220.110.56](https://vuldb.com/?ip.66.220.110.56) | h66-220-110-56.bendor.broadband.dynamic.tds.net | - | High
|
||||
331 | [66.228.32.31](https://vuldb.com/?ip.66.228.32.31) | li282-31.members.linode.com | - | High
|
||||
332 | [66.228.45.129](https://vuldb.com/?ip.66.228.45.129) | li326-129.members.linode.com | - | High
|
||||
333 | [66.228.61.248](https://vuldb.com/?ip.66.228.61.248) | li318-248.members.linode.com | - | High
|
||||
334 | [67.19.105.107](https://vuldb.com/?ip.67.19.105.107) | ns2.datatrust.com.br | - | High
|
||||
335 | [67.68.235.25](https://vuldb.com/?ip.67.68.235.25) | bas10-montrealak-67-68-235-25.dsl.bell.ca | - | High
|
||||
336 | [67.163.161.107](https://vuldb.com/?ip.67.163.161.107) | c-67-163-161-107.hsd1.pa.comcast.net | - | High
|
||||
337 | [67.170.250.203](https://vuldb.com/?ip.67.170.250.203) | c-67-170-250-203.hsd1.ca.comcast.net | - | High
|
||||
338 | [67.177.71.77](https://vuldb.com/?ip.67.177.71.77) | c-67-177-71-77.hsd1.al.comcast.net | - | High
|
||||
339 | [67.195.197.75](https://vuldb.com/?ip.67.195.197.75) | p9ats-i.geo.vip.bf1.yahoo.com | - | High
|
||||
340 | [67.195.228.95](https://vuldb.com/?ip.67.195.228.95) | unknown.yahoo.com | - | High
|
||||
341 | [67.212.168.237](https://vuldb.com/?ip.67.212.168.237) | 237.168.212.67.unassigned.ord.singlehop.net | - | High
|
||||
342 | [67.216.131.134](https://vuldb.com/?ip.67.216.131.134) | 134.131.216.67.134.static.hargray.net | - | High
|
||||
343 | [67.222.2.148](https://vuldb.com/?ip.67.222.2.148) | - | - | High
|
||||
344 | [67.225.218.50](https://vuldb.com/?ip.67.225.218.50) | lb01.parklogic.com | - | High
|
||||
345 | [67.225.221.173](https://vuldb.com/?ip.67.225.221.173) | host.hddpool2.net | - | High
|
||||
346 | [67.225.229.55](https://vuldb.com/?ip.67.225.229.55) | - | - | High
|
||||
347 | [67.241.81.253](https://vuldb.com/?ip.67.241.81.253) | cpe-67-241-81-253.twcny.res.rr.com | - | High
|
||||
348 | [68.2.97.91](https://vuldb.com/?ip.68.2.97.91) | ip68-2-97-91.ph.ph.cox.net | - | High
|
||||
349 | [68.44.137.144](https://vuldb.com/?ip.68.44.137.144) | c-68-44-137-144.hsd1.in.comcast.net | - | High
|
||||
350 | [68.66.194.12](https://vuldb.com/?ip.68.66.194.12) | 68.66.194.12.static.a2webhosting.com | - | High
|
||||
351 | [68.66.248.6](https://vuldb.com/?ip.68.66.248.6) | nl1-ls1.a2hosting.com | - | High
|
||||
352 | [68.178.213.203](https://vuldb.com/?ip.68.178.213.203) | p3plibsmtp03-v01.prod.phx3.secureserver.net | - | High
|
||||
353 | [68.183.62.61](https://vuldb.com/?ip.68.183.62.61) | - | - | High
|
||||
354 | [68.183.170.114](https://vuldb.com/?ip.68.183.170.114) | 68.183.170.114-e1-8080-keep-up | - | High
|
||||
355 | [68.183.190.199](https://vuldb.com/?ip.68.183.190.199) | 68.183.190.199-e1-8080-keep-up | - | High
|
||||
356 | [69.16.228.14](https://vuldb.com/?ip.69.16.228.14) | kurt.duplika.com | - | High
|
||||
357 | [69.16.254.127](https://vuldb.com/?ip.69.16.254.127) | cloudvpsserver.etelligens.in | - | High
|
||||
358 | [69.17.170.58](https://vuldb.com/?ip.69.17.170.58) | unallocated-static.rogers.com | - | High
|
||||
359 | [69.43.168.200](https://vuldb.com/?ip.69.43.168.200) | ns0.imunplugged.com | - | High
|
||||
360 | [69.43.168.232](https://vuldb.com/?ip.69.43.168.232) | - | - | High
|
||||
361 | [69.45.19.251](https://vuldb.com/?ip.69.45.19.251) | coastinet.com | - | High
|
||||
362 | [69.61.0.198](https://vuldb.com/?ip.69.61.0.198) | alpha01.serverparlor.net | - | High
|
||||
363 | [69.147.92.11](https://vuldb.com/?ip.69.147.92.11) | e1.ycpi.vip.dca.yahoo.com | - | High
|
||||
364 | [69.147.92.12](https://vuldb.com/?ip.69.147.92.12) | e2.ycpi.vip.dca.yahoo.com | - | High
|
||||
365 | [69.156.240.33](https://vuldb.com/?ip.69.156.240.33) | smtp.transportalliance.ca | - | High
|
||||
366 | [69.163.33.82](https://vuldb.com/?ip.69.163.33.82) | - | - | High
|
||||
367 | [69.167.152.111](https://vuldb.com/?ip.69.167.152.111) | - | - | High
|
||||
368 | [69.168.106.36](https://vuldb.com/?ip.69.168.106.36) | mail.windstream.syn-alias.com | - | High
|
||||
369 | [69.175.31.212](https://vuldb.com/?ip.69.175.31.212) | 212.31.175.69.unassigned.ord.singlehop.net | - | High
|
||||
370 | [69.198.17.20](https://vuldb.com/?ip.69.198.17.20) | 69-198-17-20.customerip.birch.net | - | High
|
||||
371 | [69.198.17.49](https://vuldb.com/?ip.69.198.17.49) | 69-198-17-49.customerip.birch.net | - | High
|
||||
372 | [70.32.84.74](https://vuldb.com/?ip.70.32.84.74) | - | - | High
|
||||
373 | [70.32.89.105](https://vuldb.com/?ip.70.32.89.105) | parties-at-sea.com | - | High
|
||||
374 | ... | ... | ... | ...
|
||||
164 | [45.79.173.200](https://vuldb.com/?ip.45.79.173.200) | 45-79-173-200.ip.linodeusercontent.com | - | High
|
||||
165 | [45.79.188.67](https://vuldb.com/?ip.45.79.188.67) | li1287-67.members.linode.com | - | High
|
||||
166 | [45.80.148.200](https://vuldb.com/?ip.45.80.148.200) | - | - | High
|
||||
167 | [45.118.115.99](https://vuldb.com/?ip.45.118.115.99) | - | - | High
|
||||
168 | [45.118.135.203](https://vuldb.com/?ip.45.118.135.203) | 45-118-135-203.ip.linodeusercontent.com | - | High
|
||||
169 | [45.118.136.92](https://vuldb.com/?ip.45.118.136.92) | - | - | High
|
||||
170 | [45.119.83.237](https://vuldb.com/?ip.45.119.83.237) | - | - | High
|
||||
171 | [45.142.114.231](https://vuldb.com/?ip.45.142.114.231) | mail.dounutmail.de | - | High
|
||||
172 | [45.176.232.124](https://vuldb.com/?ip.45.176.232.124) | - | - | High
|
||||
173 | [45.230.45.171](https://vuldb.com/?ip.45.230.45.171) | - | - | High
|
||||
174 | [45.252.251.10](https://vuldb.com/?ip.45.252.251.10) | - | - | High
|
||||
175 | [46.4.100.178](https://vuldb.com/?ip.46.4.100.178) | support.wizard-shopservice.de | - | High
|
||||
176 | [46.4.192.185](https://vuldb.com/?ip.46.4.192.185) | static.185.192.4.46.clients.your-server.de | - | High
|
||||
177 | [46.28.111.142](https://vuldb.com/?ip.46.28.111.142) | enkindu.jsuchy.net | - | High
|
||||
178 | [46.30.213.132](https://vuldb.com/?ip.46.30.213.132) | - | - | High
|
||||
179 | [46.32.229.152](https://vuldb.com/?ip.46.32.229.152) | 094882.vps-10.com | - | High
|
||||
180 | [46.32.233.226](https://vuldb.com/?ip.46.32.233.226) | yetitoolusa.com | - | High
|
||||
181 | [46.38.238.8](https://vuldb.com/?ip.46.38.238.8) | v2202109122001163131.happysrv.de | - | High
|
||||
182 | [46.43.2.95](https://vuldb.com/?ip.46.43.2.95) | chris.default.cjenkinson.uk0.bigv.io | - | High
|
||||
183 | [46.49.124.53](https://vuldb.com/?ip.46.49.124.53) | - | - | High
|
||||
184 | [46.55.222.11](https://vuldb.com/?ip.46.55.222.11) | - | - | High
|
||||
185 | [46.101.58.37](https://vuldb.com/?ip.46.101.58.37) | 46.101.58.37-e1-8080 | - | High
|
||||
186 | [46.105.81.76](https://vuldb.com/?ip.46.105.81.76) | myu0.cylipo.sbs | - | High
|
||||
187 | [46.105.114.137](https://vuldb.com/?ip.46.105.114.137) | ns3188253.ip-46-105-114.eu | - | High
|
||||
188 | [46.105.131.68](https://vuldb.com/?ip.46.105.131.68) | http.adven.fr | - | High
|
||||
189 | [46.105.131.69](https://vuldb.com/?ip.46.105.131.69) | epouventaille.adven.fr | - | High
|
||||
190 | [46.105.131.79](https://vuldb.com/?ip.46.105.131.79) | relay.adven.fr | - | High
|
||||
191 | [46.105.131.87](https://vuldb.com/?ip.46.105.131.87) | pop.adven.fr | - | High
|
||||
192 | [46.105.236.18](https://vuldb.com/?ip.46.105.236.18) | - | - | High
|
||||
193 | [46.165.212.76](https://vuldb.com/?ip.46.165.212.76) | - | - | High
|
||||
194 | [46.165.254.206](https://vuldb.com/?ip.46.165.254.206) | - | - | High
|
||||
195 | [46.214.107.142](https://vuldb.com/?ip.46.214.107.142) | 46-214-107-142.next-gen.ro | - | High
|
||||
196 | [47.36.140.164](https://vuldb.com/?ip.47.36.140.164) | 047-036-140-164.res.spectrum.com | - | High
|
||||
197 | [47.52.19.221](https://vuldb.com/?ip.47.52.19.221) | - | - | High
|
||||
198 | [47.146.32.175](https://vuldb.com/?ip.47.146.32.175) | - | - | High
|
||||
199 | [47.146.39.147](https://vuldb.com/?ip.47.146.39.147) | - | - | High
|
||||
200 | [47.150.11.161](https://vuldb.com/?ip.47.150.11.161) | - | - | High
|
||||
201 | [47.188.131.94](https://vuldb.com/?ip.47.188.131.94) | - | - | High
|
||||
202 | [47.201.208.154](https://vuldb.com/?ip.47.201.208.154) | - | - | High
|
||||
203 | [47.246.24.225](https://vuldb.com/?ip.47.246.24.225) | - | - | High
|
||||
204 | [47.246.24.226](https://vuldb.com/?ip.47.246.24.226) | - | - | High
|
||||
205 | [47.246.24.230](https://vuldb.com/?ip.47.246.24.230) | - | - | High
|
||||
206 | [47.246.24.232](https://vuldb.com/?ip.47.246.24.232) | - | - | High
|
||||
207 | [49.12.121.47](https://vuldb.com/?ip.49.12.121.47) | filezilla-project.org | - | High
|
||||
208 | [49.50.209.131](https://vuldb.com/?ip.49.50.209.131) | 131.host-49-50-209.euba.megatel.co.nz | - | High
|
||||
209 | [49.212.135.76](https://vuldb.com/?ip.49.212.135.76) | os3-321-50322.vs.sakura.ne.jp | - | High
|
||||
210 | [49.212.155.94](https://vuldb.com/?ip.49.212.155.94) | os3-325-52340.vs.sakura.ne.jp | - | High
|
||||
211 | [50.22.35.194](https://vuldb.com/?ip.50.22.35.194) | c2.23.1632.ip4.static.sl-reverse.com | - | High
|
||||
212 | [50.23.248.182](https://vuldb.com/?ip.50.23.248.182) | b6.f8.1732.ip4.static.sl-reverse.com | - | High
|
||||
213 | [50.28.51.143](https://vuldb.com/?ip.50.28.51.143) | - | - | High
|
||||
214 | [50.30.40.196](https://vuldb.com/?ip.50.30.40.196) | usve255301.serverprofi24.com | - | High
|
||||
215 | [50.31.146.101](https://vuldb.com/?ip.50.31.146.101) | mail.brillinjurylaw.com | - | High
|
||||
216 | [50.31.174.165](https://vuldb.com/?ip.50.31.174.165) | priva28.privatednsorg.com | - | High
|
||||
217 | [50.56.135.44](https://vuldb.com/?ip.50.56.135.44) | - | - | High
|
||||
218 | [50.62.176.42](https://vuldb.com/?ip.50.62.176.42) | p3plcpnl0515.prod.phx3.secureserver.net | - | High
|
||||
219 | [50.62.176.244](https://vuldb.com/?ip.50.62.176.244) | p3plcpnl0728.prod.phx3.secureserver.net | - | High
|
||||
220 | [50.62.194.30](https://vuldb.com/?ip.50.62.194.30) | ip-50-62-194-30.ip.secureserver.net | - | High
|
||||
221 | [50.63.8.21](https://vuldb.com/?ip.50.63.8.21) | ip-50-63-8-21.ip.secureserver.net | - | High
|
||||
222 | [50.78.167.65](https://vuldb.com/?ip.50.78.167.65) | millcreek.cc | - | High
|
||||
223 | [50.87.59.65](https://vuldb.com/?ip.50.87.59.65) | 50-87-59-65.unifiedlayer.com | - | High
|
||||
224 | [50.87.144.137](https://vuldb.com/?ip.50.87.144.137) | gator3103.hostgator.com | - | High
|
||||
225 | [50.87.144.197](https://vuldb.com/?ip.50.87.144.197) | gator3161.hostgator.com | - | High
|
||||
226 | [50.87.150.177](https://vuldb.com/?ip.50.87.150.177) | 50-87-150-177.unifiedlayer.com | - | High
|
||||
227 | [50.91.114.38](https://vuldb.com/?ip.50.91.114.38) | 050-091-114-038.res.spectrum.com | - | High
|
||||
228 | [50.92.101.60](https://vuldb.com/?ip.50.92.101.60) | d50-92-101-60.bchsia.telus.net | - | High
|
||||
229 | [50.116.54.215](https://vuldb.com/?ip.50.116.54.215) | li440-215.members.linode.com | - | High
|
||||
230 | [50.116.78.109](https://vuldb.com/?ip.50.116.78.109) | intersearchmedia.com | - | High
|
||||
231 | [50.116.86.205](https://vuldb.com/?ip.50.116.86.205) | template3.domain.com | - | High
|
||||
232 | [50.121.220.50](https://vuldb.com/?ip.50.121.220.50) | static-50-121-220-50.clbg.wv.frontiernet.net | - | High
|
||||
233 | [50.245.107.73](https://vuldb.com/?ip.50.245.107.73) | 50-245-107-73-static.hfc.comcastbusiness.net | - | High
|
||||
234 | [51.15.4.22](https://vuldb.com/?ip.51.15.4.22) | 51-15-4-22.rev.poneytelecom.eu | - | High
|
||||
235 | [51.15.7.145](https://vuldb.com/?ip.51.15.7.145) | 51-15-7-145.rev.poneytelecom.eu | - | High
|
||||
236 | [51.38.124.206](https://vuldb.com/?ip.51.38.124.206) | 206.ip-51-38-124.eu | - | High
|
||||
237 | [51.38.201.19](https://vuldb.com/?ip.51.38.201.19) | ip19.ip-51-38-201.eu | - | High
|
||||
238 | [51.68.175.8](https://vuldb.com/?ip.51.68.175.8) | vps-9dba3732.vps.ovh.net | - | High
|
||||
239 | [51.68.220.244](https://vuldb.com/?ip.51.68.220.244) | vps-7a400d57.vps.ovh.net | - | High
|
||||
240 | [51.75.33.120](https://vuldb.com/?ip.51.75.33.120) | ip120.ip-51-75-33.eu | - | High
|
||||
241 | [51.75.33.127](https://vuldb.com/?ip.51.75.33.127) | ip127.ip-51-75-33.eu | - | High
|
||||
242 | [51.77.113.100](https://vuldb.com/?ip.51.77.113.100) | titan40.fastworldwideweb.com | - | High
|
||||
243 | [51.89.36.180](https://vuldb.com/?ip.51.89.36.180) | ip180.ip-51-89-36.eu | - | High
|
||||
244 | [51.89.199.141](https://vuldb.com/?ip.51.89.199.141) | ip141.ip-51-89-199.eu | - | High
|
||||
245 | [51.91.7.5](https://vuldb.com/?ip.51.91.7.5) | ns3147667.ip-51-91-7.eu | - | High
|
||||
246 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
|
||||
247 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
|
||||
248 | [51.159.35.157](https://vuldb.com/?ip.51.159.35.157) | 51-159-35-157.rev.poneytelecom.eu | - | High
|
||||
249 | [51.254.137.156](https://vuldb.com/?ip.51.254.137.156) | mail.unolan.net | - | High
|
||||
250 | [51.254.140.238](https://vuldb.com/?ip.51.254.140.238) | 238.ip-51-254-140.eu | - | High
|
||||
251 | [51.255.50.164](https://vuldb.com/?ip.51.255.50.164) | vps-b6cfe010.vps.ovh.net | - | High
|
||||
252 | [51.255.165.160](https://vuldb.com/?ip.51.255.165.160) | 160.ip-51-255-165.eu | - | High
|
||||
253 | [52.31.99.185](https://vuldb.com/?ip.52.31.99.185) | ec2-52-31-99-185.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
254 | [52.66.202.63](https://vuldb.com/?ip.52.66.202.63) | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
255 | [52.96.38.82](https://vuldb.com/?ip.52.96.38.82) | - | - | High
|
||||
256 | [52.96.40.242](https://vuldb.com/?ip.52.96.40.242) | - | - | High
|
||||
257 | [52.96.62.226](https://vuldb.com/?ip.52.96.62.226) | - | - | High
|
||||
258 | [54.36.185.60](https://vuldb.com/?ip.54.36.185.60) | ip60.ip-54-36-185.eu | - | High
|
||||
259 | [54.38.94.197](https://vuldb.com/?ip.54.38.94.197) | ns3140984.ip-54-38-94.eu | - | High
|
||||
260 | [54.38.143.245](https://vuldb.com/?ip.54.38.143.245) | tools.inovato.me | - | High
|
||||
261 | [54.88.144.211](https://vuldb.com/?ip.54.88.144.211) | va-smtp01.263.net | - | High
|
||||
262 | [58.27.215.3](https://vuldb.com/?ip.58.27.215.3) | 58-27-215-3.wateen.net | - | High
|
||||
263 | [58.94.58.13](https://vuldb.com/?ip.58.94.58.13) | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High
|
||||
264 | [58.96.74.42](https://vuldb.com/?ip.58.96.74.42) | 42.74.96.58.static.exetel.com.au | - | High
|
||||
265 | [58.171.38.26](https://vuldb.com/?ip.58.171.38.26) | - | - | High
|
||||
266 | [58.216.16.130](https://vuldb.com/?ip.58.216.16.130) | - | - | High
|
||||
267 | [58.227.42.236](https://vuldb.com/?ip.58.227.42.236) | - | - | High
|
||||
268 | [59.110.18.236](https://vuldb.com/?ip.59.110.18.236) | - | - | High
|
||||
269 | [59.120.5.154](https://vuldb.com/?ip.59.120.5.154) | 59-120-5-154.hinet-ip.hinet.net | - | High
|
||||
270 | [59.124.1.19](https://vuldb.com/?ip.59.124.1.19) | 59-124-1-19.hinet-ip.hinet.net | - | High
|
||||
271 | [59.148.253.194](https://vuldb.com/?ip.59.148.253.194) | 059148253194.ctinets.com | - | High
|
||||
272 | [59.152.93.46](https://vuldb.com/?ip.59.152.93.46) | 46.93.152.59.zipnetltd.com | - | High
|
||||
273 | [60.36.166.212](https://vuldb.com/?ip.60.36.166.212) | imail.mail.plala.or.jp | - | High
|
||||
274 | [60.93.23.51](https://vuldb.com/?ip.60.93.23.51) | softbank060093023051.bbtec.net | - | High
|
||||
275 | [60.108.128.186](https://vuldb.com/?ip.60.108.128.186) | softbank060108128186.bbtec.net | - | High
|
||||
276 | [60.125.114.64](https://vuldb.com/?ip.60.125.114.64) | softbank060125114064.bbtec.net | - | High
|
||||
277 | [60.249.78.226](https://vuldb.com/?ip.60.249.78.226) | 60-249-78-226.hinet-ip.hinet.net | - | High
|
||||
278 | [61.19.246.238](https://vuldb.com/?ip.61.19.246.238) | - | - | High
|
||||
279 | [61.197.37.169](https://vuldb.com/?ip.61.197.37.169) | pl937.ag1001.nttpc.ne.jp | - | High
|
||||
280 | [62.28.40.155](https://vuldb.com/?ip.62.28.40.155) | exchange.ptasp.com | - | High
|
||||
281 | [62.30.7.67](https://vuldb.com/?ip.62.30.7.67) | 67.7-30-62.static.virginmediabusiness.co.uk | - | High
|
||||
282 | [62.75.141.82](https://vuldb.com/?ip.62.75.141.82) | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High
|
||||
283 | [62.84.75.50](https://vuldb.com/?ip.62.84.75.50) | mail.saadegrp.com.lb | - | High
|
||||
284 | [62.141.45.103](https://vuldb.com/?ip.62.141.45.103) | vps2009743.fastwebserver.de | - | High
|
||||
285 | [62.149.128.42](https://vuldb.com/?ip.62.149.128.42) | imaps.aruba.it | - | High
|
||||
286 | [62.149.128.72](https://vuldb.com/?ip.62.149.128.72) | mxd4.aruba.it | - | High
|
||||
287 | [62.149.128.179](https://vuldb.com/?ip.62.149.128.179) | pop3s.aruba.it | - | High
|
||||
288 | [62.149.128.200](https://vuldb.com/?ip.62.149.128.200) | smtp1.aruba.it | - | High
|
||||
289 | [62.149.128.210](https://vuldb.com/?ip.62.149.128.210) | smtpa1.aruba.it | - | High
|
||||
290 | [62.149.152.151](https://vuldb.com/?ip.62.149.152.151) | - | - | High
|
||||
291 | [62.149.152.152](https://vuldb.com/?ip.62.149.152.152) | - | - | High
|
||||
292 | [62.149.157.55](https://vuldb.com/?ip.62.149.157.55) | - | - | High
|
||||
293 | [62.171.142.179](https://vuldb.com/?ip.62.171.142.179) | vmi499457.contaboserver.net | - | High
|
||||
294 | [62.171.178.147](https://vuldb.com/?ip.62.171.178.147) | vmi365451.contaboserver.net | - | High
|
||||
295 | [62.210.127.136](https://vuldb.com/?ip.62.210.127.136) | 62-210-127-136.rev.poneytelecom.eu | - | High
|
||||
296 | [62.212.34.102](https://vuldb.com/?ip.62.212.34.102) | - | - | High
|
||||
297 | [62.234.99.30](https://vuldb.com/?ip.62.234.99.30) | - | - | High
|
||||
298 | [63.142.253.122](https://vuldb.com/?ip.63.142.253.122) | - | - | High
|
||||
299 | [64.4.244.68](https://vuldb.com/?ip.64.4.244.68) | - | - | High
|
||||
300 | [64.26.60.221](https://vuldb.com/?ip.64.26.60.221) | pop5.csee.onr.siteprotect.com | - | High
|
||||
301 | [64.41.126.110](https://vuldb.com/?ip.64.41.126.110) | securesmtp.csee.siteprotect.com | - | High
|
||||
302 | [64.59.136.142](https://vuldb.com/?ip.64.59.136.142) | mail.shaw.ca | - | High
|
||||
303 | [64.60.82.82](https://vuldb.com/?ip.64.60.82.82) | 64-60-82-82.static-ip.telepacific.net | - | High
|
||||
304 | [64.71.36.11](https://vuldb.com/?ip.64.71.36.11) | - | - | High
|
||||
305 | [64.85.73.16](https://vuldb.com/?ip.64.85.73.16) | - | - | High
|
||||
306 | [64.88.202.250](https://vuldb.com/?ip.64.88.202.250) | - | - | High
|
||||
307 | [64.90.62.162](https://vuldb.com/?ip.64.90.62.162) | pop.dreamhost.com | - | High
|
||||
308 | [64.91.228.45](https://vuldb.com/?ip.64.91.228.45) | - | - | High
|
||||
309 | [64.98.36.5](https://vuldb.com/?ip.64.98.36.5) | mail.b.hostedemail.com | - | High
|
||||
310 | [64.98.36.173](https://vuldb.com/?ip.64.98.36.173) | mail.lawyers-mail.com | - | High
|
||||
311 | [64.183.73.122](https://vuldb.com/?ip.64.183.73.122) | rrcs-64-183-73-122.west.biz.rr.com | - | High
|
||||
312 | [64.190.63.136](https://vuldb.com/?ip.64.190.63.136) | - | - | High
|
||||
313 | [64.207.182.168](https://vuldb.com/?ip.64.207.182.168) | - | - | High
|
||||
314 | [64.250.117.68](https://vuldb.com/?ip.64.250.117.68) | smtp.movistarcloud.com.ve | - | High
|
||||
315 | [65.49.60.163](https://vuldb.com/?ip.65.49.60.163) | 65-49-60-163.ip.linodeusercontent.com | - | High
|
||||
316 | [65.55.72.183](https://vuldb.com/?ip.65.55.72.183) | origin.sn134w.snt134.mail.live.com | - | High
|
||||
317 | [65.182.102.90](https://vuldb.com/?ip.65.182.102.90) | mail.geantes.com | - | High
|
||||
318 | [65.254.228.100](https://vuldb.com/?ip.65.254.228.100) | customer.hostcentric.com | - | High
|
||||
319 | [66.23.200.58](https://vuldb.com/?ip.66.23.200.58) | - | - | High
|
||||
320 | [66.42.55.5](https://vuldb.com/?ip.66.42.55.5) | 66.42.55.5.vultrusercontent.com | - | High
|
||||
321 | [66.50.57.73](https://vuldb.com/?ip.66.50.57.73) | 66-50-57-73.prtc.net | - | High
|
||||
322 | [66.54.51.172](https://vuldb.com/?ip.66.54.51.172) | - | - | High
|
||||
323 | [66.71.241.102](https://vuldb.com/?ip.66.71.241.102) | mail.nixhost.net | - | High
|
||||
324 | [66.76.26.33](https://vuldb.com/?ip.66.76.26.33) | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High
|
||||
325 | [66.96.134.1](https://vuldb.com/?ip.66.96.134.1) | 1.134.96.66.static.eigbox.net | - | High
|
||||
326 | [66.96.147.103](https://vuldb.com/?ip.66.96.147.103) | 103.147.96.66.static.eigbox.net | - | High
|
||||
327 | [66.96.147.110](https://vuldb.com/?ip.66.96.147.110) | 110.147.96.66.static.eigbox.net | - | High
|
||||
328 | [66.195.202.115](https://vuldb.com/?ip.66.195.202.115) | mail.navarac.com | - | High
|
||||
329 | [66.209.69.165](https://vuldb.com/?ip.66.209.69.165) | - | - | High
|
||||
330 | [66.216.234.131](https://vuldb.com/?ip.66.216.234.131) | 066-216-234-131.res.spectrum.com | - | High
|
||||
331 | [66.220.110.56](https://vuldb.com/?ip.66.220.110.56) | h66-220-110-56.bendor.broadband.dynamic.tds.net | - | High
|
||||
332 | [66.228.32.31](https://vuldb.com/?ip.66.228.32.31) | li282-31.members.linode.com | - | High
|
||||
333 | [66.228.45.129](https://vuldb.com/?ip.66.228.45.129) | li326-129.members.linode.com | - | High
|
||||
334 | [66.228.61.248](https://vuldb.com/?ip.66.228.61.248) | li318-248.members.linode.com | - | High
|
||||
335 | [67.19.105.107](https://vuldb.com/?ip.67.19.105.107) | ns2.datatrust.com.br | - | High
|
||||
336 | [67.68.235.25](https://vuldb.com/?ip.67.68.235.25) | bas10-montrealak-67-68-235-25.dsl.bell.ca | - | High
|
||||
337 | [67.163.161.107](https://vuldb.com/?ip.67.163.161.107) | c-67-163-161-107.hsd1.pa.comcast.net | - | High
|
||||
338 | [67.170.250.203](https://vuldb.com/?ip.67.170.250.203) | c-67-170-250-203.hsd1.ca.comcast.net | - | High
|
||||
339 | [67.177.71.77](https://vuldb.com/?ip.67.177.71.77) | c-67-177-71-77.hsd1.al.comcast.net | - | High
|
||||
340 | [67.195.197.75](https://vuldb.com/?ip.67.195.197.75) | p9ats-i.geo.vip.bf1.yahoo.com | - | High
|
||||
341 | [67.195.228.95](https://vuldb.com/?ip.67.195.228.95) | unknown.yahoo.com | - | High
|
||||
342 | [67.212.168.237](https://vuldb.com/?ip.67.212.168.237) | 237.168.212.67.unassigned.ord.singlehop.net | - | High
|
||||
343 | [67.216.131.134](https://vuldb.com/?ip.67.216.131.134) | 134.131.216.67.134.static.hargray.net | - | High
|
||||
344 | [67.222.2.148](https://vuldb.com/?ip.67.222.2.148) | - | - | High
|
||||
345 | [67.225.218.50](https://vuldb.com/?ip.67.225.218.50) | lb01.parklogic.com | - | High
|
||||
346 | [67.225.221.173](https://vuldb.com/?ip.67.225.221.173) | host.hddpool2.net | - | High
|
||||
347 | [67.225.229.55](https://vuldb.com/?ip.67.225.229.55) | - | - | High
|
||||
348 | [67.241.81.253](https://vuldb.com/?ip.67.241.81.253) | cpe-67-241-81-253.twcny.res.rr.com | - | High
|
||||
349 | [68.2.97.91](https://vuldb.com/?ip.68.2.97.91) | ip68-2-97-91.ph.ph.cox.net | - | High
|
||||
350 | [68.44.137.144](https://vuldb.com/?ip.68.44.137.144) | c-68-44-137-144.hsd1.in.comcast.net | - | High
|
||||
351 | [68.66.194.12](https://vuldb.com/?ip.68.66.194.12) | 68.66.194.12.static.a2webhosting.com | - | High
|
||||
352 | [68.66.248.6](https://vuldb.com/?ip.68.66.248.6) | nl1-ls1.a2hosting.com | - | High
|
||||
353 | [68.178.213.203](https://vuldb.com/?ip.68.178.213.203) | p3plibsmtp03-v01.prod.phx3.secureserver.net | - | High
|
||||
354 | [68.183.62.61](https://vuldb.com/?ip.68.183.62.61) | - | - | High
|
||||
355 | [68.183.170.114](https://vuldb.com/?ip.68.183.170.114) | 68.183.170.114-e1-8080-keep-up | - | High
|
||||
356 | [68.183.190.199](https://vuldb.com/?ip.68.183.190.199) | 68.183.190.199-e1-8080-keep-up | - | High
|
||||
357 | [69.16.228.14](https://vuldb.com/?ip.69.16.228.14) | kurt.duplika.com | - | High
|
||||
358 | [69.16.254.127](https://vuldb.com/?ip.69.16.254.127) | cloudvpsserver.etelligens.in | - | High
|
||||
359 | [69.17.170.58](https://vuldb.com/?ip.69.17.170.58) | unallocated-static.rogers.com | - | High
|
||||
360 | [69.43.168.200](https://vuldb.com/?ip.69.43.168.200) | ns0.imunplugged.com | - | High
|
||||
361 | [69.43.168.232](https://vuldb.com/?ip.69.43.168.232) | - | - | High
|
||||
362 | [69.45.19.251](https://vuldb.com/?ip.69.45.19.251) | coastinet.com | - | High
|
||||
363 | [69.61.0.198](https://vuldb.com/?ip.69.61.0.198) | alpha01.serverparlor.net | - | High
|
||||
364 | [69.147.92.11](https://vuldb.com/?ip.69.147.92.11) | e1.ycpi.vip.dca.yahoo.com | - | High
|
||||
365 | [69.147.92.12](https://vuldb.com/?ip.69.147.92.12) | e2.ycpi.vip.dca.yahoo.com | - | High
|
||||
366 | [69.156.240.33](https://vuldb.com/?ip.69.156.240.33) | smtp.transportalliance.ca | - | High
|
||||
367 | [69.163.33.82](https://vuldb.com/?ip.69.163.33.82) | - | - | High
|
||||
368 | [69.167.152.111](https://vuldb.com/?ip.69.167.152.111) | - | - | High
|
||||
369 | [69.168.106.36](https://vuldb.com/?ip.69.168.106.36) | mail.windstream.syn-alias.com | - | High
|
||||
370 | [69.175.31.212](https://vuldb.com/?ip.69.175.31.212) | 212.31.175.69.unassigned.ord.singlehop.net | - | High
|
||||
371 | [69.198.17.20](https://vuldb.com/?ip.69.198.17.20) | 69-198-17-20.customerip.birch.net | - | High
|
||||
372 | [69.198.17.49](https://vuldb.com/?ip.69.198.17.49) | 69-198-17-49.customerip.birch.net | - | High
|
||||
373 | [70.32.84.74](https://vuldb.com/?ip.70.32.84.74) | - | - | High
|
||||
374 | [70.32.89.105](https://vuldb.com/?ip.70.32.89.105) | parties-at-sea.com | - | High
|
||||
375 | [70.32.92.133](https://vuldb.com/?ip.70.32.92.133) | popdesigngroup.com | - | High
|
||||
376 | ... | ... | ... | ...
|
||||
|
||||
There are 1492 more IOC items available. Please use our online service to access the data.
|
||||
There are 1498 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -404,12 +406,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1222 | CWE-275 | Permission Issues | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -417,20 +420,21 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
2 | File | `/alarm_pi/alarmService.php` | High
|
||||
3 | File | `/blog/blog.php` | High
|
||||
4 | File | `/bsms/?page=manage_account` | High
|
||||
5 | File | `/company` | Medium
|
||||
6 | File | `/company/account/safety/trade` | High
|
||||
7 | File | `/company/down_resume/total/nature` | High
|
||||
8 | File | `/company/service/increment/add/im` | High
|
||||
9 | File | `/company/view_be_browsed/total` | High
|
||||
10 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
11 | File | `/dashboard/reports/logs/view` | High
|
||||
12 | ... | ... | ...
|
||||
1 | File | `/action/import_cert_file/` | High
|
||||
2 | File | `/action/import_https_cert_file/` | High
|
||||
3 | File | `/action/remove/` | High
|
||||
4 | File | `/admin/inquiries/view_details.php` | High
|
||||
5 | File | `/api/user/userData?userCode=admin` | High
|
||||
6 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
7 | File | `/ci_hms/search` | High
|
||||
8 | File | `/ci_ssms/index.php/orders/create` | High
|
||||
9 | File | `/classes/Master.php?f=delete_message` | High
|
||||
10 | File | `/classes/Master.php?f=delete_reservation` | High
|
||||
11 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
12 | File | `/classes/Master.php?f=delete_service` | High
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 95 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 100 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -526,6 +530,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://community.blueliv.com/#!/s/5fb2ee2482df413eaf344b29
|
||||
* https://cyber.wtf/2021/11/15/guess-whos-back/
|
||||
* https://ddanchev.blogspot.com/2022/01/profiling-emotet-botnet-c.html
|
||||
* https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_05.02.2022.txt
|
||||
* https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_24.03.2022.txt
|
||||
* https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
|
||||
* https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
|
||||
|
|
|
@ -31,12 +31,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -63,7 +64,7 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `AdvancedBluetoothDetailsHeaderController.java` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 143 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 145 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -63,12 +63,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -35,7 +35,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
2 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -42,12 +42,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1222 | CWE-275 | Permission Issues | High
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -62,12 +62,12 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/LogoStore/search.php` | High
|
||||
6 | File | `/modules/projects/vw_files.php` | High
|
||||
7 | File | `/sm/api/v1/firewall/zone/services` | High
|
||||
8 | File | `admin/limits.php` | High
|
||||
9 | File | `AjaxFileUploadHandler.axd` | High
|
||||
10 | File | `auth-gss2.c` | Medium
|
||||
8 | File | `/usr/bin/pkexec` | High
|
||||
9 | File | `admin/limits.php` | High
|
||||
10 | File | `AjaxFileUploadHandler.axd` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -42,7 +42,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
19 | [52.230.217.195](https://vuldb.com/?ip.52.230.217.195) | - | - | High
|
||||
20 | ... | ... | ... | ...
|
||||
|
||||
There are 75 more IOC items available. Please use our online service to access the data.
|
||||
There are 77 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -50,12 +50,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -73,28 +75,28 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/cgi-bin/wapopen` | High
|
||||
9 | File | `/config/netconf.cmd` | High
|
||||
10 | File | `/etc/config/image_sign` | High
|
||||
11 | File | `/etc/sudoers` | Medium
|
||||
12 | File | `/folder/list` | Medium
|
||||
13 | File | `/forms/nslookupHandler` | High
|
||||
14 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
15 | File | `/group/comment` | High
|
||||
16 | File | `/icingaweb2/navigation/add` | High
|
||||
17 | File | `/lookin/info` | Medium
|
||||
18 | File | `/plugins/servlet/jira-blockers/` | High
|
||||
19 | File | `/register.do` | Medium
|
||||
20 | File | `/sessions/sess_<sessionid>` | High
|
||||
21 | File | `/themes/<php_file_name>` | High
|
||||
22 | File | `/tmp/speedtest_urls.xml` | High
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/upload` | Low
|
||||
25 | File | `/var/log/nginx` | High
|
||||
26 | File | `/wbg/core/_includes/authorization.inc.php` | High
|
||||
27 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||
28 | File | `/wp-admin/admin.php` | High
|
||||
29 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
11 | File | `/folder/list` | Medium
|
||||
12 | File | `/forms/nslookupHandler` | High
|
||||
13 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
14 | File | `/group/comment` | High
|
||||
15 | File | `/icingaweb2/navigation/add` | High
|
||||
16 | File | `/lookin/info` | Medium
|
||||
17 | File | `/plugins/servlet/jira-blockers/` | High
|
||||
18 | File | `/register.do` | Medium
|
||||
19 | File | `/sessions/sess_<sessionid>` | High
|
||||
20 | File | `/themes/<php_file_name>` | High
|
||||
21 | File | `/tmp/speedtest_urls.xml` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/upload` | Low
|
||||
24 | File | `/var/log/nginx` | High
|
||||
25 | File | `/wbg/core/_includes/authorization.inc.php` | High
|
||||
26 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||
27 | File | `/wp-admin/admin.php` | High
|
||||
28 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
29 | File | `account.asp` | Medium
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 256 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -111,6 +113,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html
|
||||
* https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
|
||||
* https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
|
||||
* https://blog.talosintelligence.com/2022/06/threat-roundup-0617-0624.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -28,6 +28,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1202 | CWE-77 | Command Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -97,12 +97,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -116,48 +118,48 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/cgi-bin/luci/api/auth` | High
|
||||
6 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
7 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
8 | File | `/debug/pprof` | Medium
|
||||
9 | File | `/dev/tty` | Medium
|
||||
10 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
|
||||
7 | File | `/classes/Master.php?f=delete_train` | High
|
||||
8 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/dev/tty` | Medium
|
||||
11 | File | `/etc/config/image_sign` | High
|
||||
12 | File | `/etc/groups` | Medium
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/gaia-job-admin/user/add` | High
|
||||
15 | File | `/goforms/rlminfo` | High
|
||||
16 | File | `/HNAP1` | Low
|
||||
17 | File | `/login` | Low
|
||||
18 | File | `/login.html` | Medium
|
||||
19 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
20 | File | `/member/index/login.html` | High
|
||||
21 | File | `/mgmt/tm/util/bash` | High
|
||||
22 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
23 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
24 | File | `/p1/p2/:name` | Medium
|
||||
25 | File | `/php/passport/index.php` | High
|
||||
26 | File | `/rdms/admin/?page=user/manage_user` | High
|
||||
27 | File | `/requests.php` | High
|
||||
28 | File | `/saml/login` | Medium
|
||||
29 | File | `/ScadaBR/login.htm` | High
|
||||
30 | File | `/setting/setDeviceName` | High
|
||||
31 | File | `/setting/setLanguageCfg` | High
|
||||
32 | File | `/setting/setUploadSetting` | High
|
||||
33 | File | `/upload` | Low
|
||||
34 | File | `/user-utils/users/md5.json` | High
|
||||
35 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
36 | File | `/var/adm/btmp` | High
|
||||
37 | File | `/vloggers_merch/?p=view_product` | High
|
||||
38 | File | `/wp-admin/admin-ajax.php` | High
|
||||
39 | File | `account/login.php` | High
|
||||
40 | File | `ad/login.asp` | Medium
|
||||
41 | File | `admin.inc.php` | High
|
||||
42 | File | `admin/?page=students` | High
|
||||
43 | File | `admin/admin_ping.php` | High
|
||||
44 | File | `admin/conf_users_edit.php` | High
|
||||
45 | File | `admin/index.php` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/gaia-job-admin/user/add` | High
|
||||
14 | File | `/goforms/rlminfo` | High
|
||||
15 | File | `/HNAP1` | Low
|
||||
16 | File | `/login` | Low
|
||||
17 | File | `/member/index/login.html` | High
|
||||
18 | File | `/mgmt/tm/util/bash` | High
|
||||
19 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
20 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
21 | File | `/p1/p2/:name` | Medium
|
||||
22 | File | `/php/passport/index.php` | High
|
||||
23 | File | `/rdms/admin/?page=user/manage_user` | High
|
||||
24 | File | `/requests.php` | High
|
||||
25 | File | `/saml/login` | Medium
|
||||
26 | File | `/ScadaBR/login.htm` | High
|
||||
27 | File | `/setting/setDeviceName` | High
|
||||
28 | File | `/setting/setLanguageCfg` | High
|
||||
29 | File | `/setting/setUploadSetting` | High
|
||||
30 | File | `/spip.php` | Medium
|
||||
31 | File | `/upload` | Low
|
||||
32 | File | `/user-utils/users/md5.json` | High
|
||||
33 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
34 | File | `/var/adm/btmp` | High
|
||||
35 | File | `/vloggers_merch/?p=view_product` | High
|
||||
36 | File | `/wp-admin/admin-ajax.php` | High
|
||||
37 | File | `account/login.php` | High
|
||||
38 | File | `ad/login.asp` | Medium
|
||||
39 | File | `admin.inc.php` | High
|
||||
40 | File | `admin/?page=students` | High
|
||||
41 | File | `admin/admin_ping.php` | High
|
||||
42 | File | `admin/conf_users_edit.php` | High
|
||||
43 | File | `admin/index.php` | High
|
||||
44 | File | `admin/login.php` | High
|
||||
45 | File | `admin/navbar.php?action=add_page` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 397 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grizzly Steppe:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -155,12 +155,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -172,40 +174,38 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
4 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
|
||||
5 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
6 | File | `/anony/mjpg.cgi` | High
|
||||
5 | File | `/admin/` | Low
|
||||
6 | File | `/admin/photo.php` | High
|
||||
7 | File | `/Ap4RtpAtom.cpp` | High
|
||||
8 | File | `/api/students/me/messages/` | High
|
||||
9 | File | `/bcms/admin/?page=user/list` | High
|
||||
8 | File | `/bcms/admin/?page=user/list` | High
|
||||
9 | File | `/bsms/?page=manage_account` | High
|
||||
10 | File | `/car-rental-management-system/admin/manage_user.php` | High
|
||||
11 | File | `/category.php` | High
|
||||
12 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
13 | File | `/cdsms/classes/Master.php?f=delete_package` | High
|
||||
14 | File | `/cgi-bin/kerbynet` | High
|
||||
15 | File | `/cgi-bin/login.cgi` | High
|
||||
16 | File | `/cgi-bin/luci/api/switch` | High
|
||||
17 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
18 | File | `/cms/admin/?page=invoice/manage_invoice` | High
|
||||
19 | File | `/cms/classes/Master.php?f=delete_invoice` | High
|
||||
20 | File | `/cms/classes/Users.php?f=delete` | High
|
||||
21 | File | `/common/info.cgi` | High
|
||||
22 | File | `/course/api/upload/pic` | High
|
||||
23 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
24 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/cgi-bin/kerbynet` | High
|
||||
12 | File | `/cgi-bin/login.cgi` | High
|
||||
13 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
14 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
15 | File | `/cms/admin/?page=invoice/manage_invoice` | High
|
||||
16 | File | `/cms/classes/Master.php?f=delete_invoice` | High
|
||||
17 | File | `/cms/classes/Users.php?f=delete` | High
|
||||
18 | File | `/company/down_resume/total/nature` | High
|
||||
19 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
20 | File | `/course/api/upload/pic` | High
|
||||
21 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
22 | File | `/dashboard/reports/logs/view` | High
|
||||
23 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
27 | File | `/fuel/sitevariables/delete/4` | High
|
||||
28 | File | `/getcfg.php` | Medium
|
||||
29 | File | `/goform/SetFirewallCfg` | High
|
||||
30 | File | `/goform/WifiExtraSet` | High
|
||||
31 | File | `/guest/s/default/` | High
|
||||
30 | File | `/guest/s/default/` | High
|
||||
31 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
32 | File | `/hub/api/user` | High
|
||||
33 | File | `/include/chart_generator.php` | High
|
||||
34 | File | `/Items/*/RemoteImages/Download` | High
|
||||
35 | File | `/itop/webservices/export-v2.php` | High
|
||||
36 | ... | ... | ...
|
||||
33 | File | `/index/jobfairol/show/` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 288 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -57,12 +57,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -87,27 +89,27 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/objects/getImageMP4.php` | High
|
||||
16 | File | `/one_church/userregister.php` | High
|
||||
17 | File | `/out.php` | Medium
|
||||
18 | File | `/public/plugins/` | High
|
||||
19 | File | `/replication` | Medium
|
||||
20 | File | `/req_password_user.php` | High
|
||||
21 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
22 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
23 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
24 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
25 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
26 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
27 | File | `/tmp` | Low
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/usr/syno/etc/mount.conf` | High
|
||||
30 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
31 | File | `/WEB-INF/web.xml` | High
|
||||
32 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||
33 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
34 | File | `4.edu.php` | Medium
|
||||
35 | File | `adclick.php` | Medium
|
||||
18 | File | `/owa/auth/logon.aspx` | High
|
||||
19 | File | `/public/plugins/` | High
|
||||
20 | File | `/replication` | Medium
|
||||
21 | File | `/req_password_user.php` | High
|
||||
22 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
23 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
24 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
25 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
26 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
27 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
28 | File | `/tmp` | Low
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/usr/syno/etc/mount.conf` | High
|
||||
31 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
32 | File | `/WEB-INF/web.xml` | High
|
||||
33 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||
34 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
35 | File | `4.edu.php` | Medium
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 307 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 305 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ The following _campaigns_ are known and can be associated with Inception:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Inception:
|
||||
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* ...
|
||||
|
||||
|
@ -40,12 +40,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -64,31 +66,29 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/admin/inbox.php&action=read` | High
|
||||
10 | File | `/admin/usermanagement.php` | High
|
||||
11 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
12 | File | `/api/part_categories` | High
|
||||
13 | File | `/api/programs/orgUnits?programs` | High
|
||||
14 | File | `/api/students/me/courses/` | High
|
||||
15 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
16 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
17 | File | `/bcms/admin/?page=service_transactions/view_details` | High
|
||||
18 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
|
||||
19 | File | `/blog/blog.php` | High
|
||||
20 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
21 | File | `/cgi-bin/main.cgi` | High
|
||||
22 | File | `/cgi-mod/lookup.cgi` | High
|
||||
23 | File | `/cgi/ansi` | Medium
|
||||
24 | File | `/cms/classes/Master.php?f=delete_designation` | High
|
||||
25 | File | `/controller/Adv.php` | High
|
||||
26 | File | `/createnewaccount` | High
|
||||
27 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
28 | File | `/dev/urandom` | Medium
|
||||
29 | File | `/dl/dl_sendmail.php` | High
|
||||
30 | File | `/dvcset/sysset/set.cgi` | High
|
||||
31 | File | `/ecrire` | Low
|
||||
32 | File | `/etc/sudoers` | Medium
|
||||
33 | File | `/example/editor` | High
|
||||
34 | ... | ... | ...
|
||||
12 | File | `/ajax/clear_tools_log/` | High
|
||||
13 | File | `/api/part_categories` | High
|
||||
14 | File | `/api/programs/orgUnits?programs` | High
|
||||
15 | File | `/api/students/me/courses/` | High
|
||||
16 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
17 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
18 | File | `/bcms/admin/?page=service_transactions/view_details` | High
|
||||
19 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
|
||||
20 | File | `/blog/blog.php` | High
|
||||
21 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
22 | File | `/cgi-bin/main.cgi` | High
|
||||
23 | File | `/cgi-mod/lookup.cgi` | High
|
||||
24 | File | `/cgi/ansi` | Medium
|
||||
25 | File | `/classes/Master.php?f=delete_train` | High
|
||||
26 | File | `/cms/classes/Master.php?f=delete_designation` | High
|
||||
27 | File | `/controller/Adv.php` | High
|
||||
28 | File | `/createnewaccount` | High
|
||||
29 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
30 | File | `/dev/urandom` | Medium
|
||||
31 | File | `/dl/dl_sendmail.php` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,91 @@
|
|||
# India Police - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [India Police](https://vuldb.com/?actor.india_police). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.india_police](https://vuldb.com/?actor.india_police)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with India Police:
|
||||
|
||||
* Spyware
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with India Police:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [AU](https://vuldb.com/?country.au)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of India Police.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.1.82.106](https://vuldb.com/?ip.5.1.82.106) | 5-1-82-106.static.creoline.net | Spyware | High
|
||||
2 | [8.5.1.33](https://vuldb.com/?ip.8.5.1.33) | - | Spyware | High
|
||||
3 | [8.5.1.49](https://vuldb.com/?ip.8.5.1.49) | - | Spyware | High
|
||||
4 | [34.246.254.156](https://vuldb.com/?ip.34.246.254.156) | ec2-34-246-254-156.eu-west-1.compute.amazonaws.com | Spyware | Medium
|
||||
5 | [36.86.63.182](https://vuldb.com/?ip.36.86.63.182) | - | Spyware | High
|
||||
6 | [52.4.209.250](https://vuldb.com/?ip.52.4.209.250) | ec2-52-4-209-250.compute-1.amazonaws.com | Spyware | Medium
|
||||
7 | [54.210.47.225](https://vuldb.com/?ip.54.210.47.225) | ec2-54-210-47-225.compute-1.amazonaws.com | Spyware | Medium
|
||||
8 | [64.15.205.100](https://vuldb.com/?ip.64.15.205.100) | - | Spyware | High
|
||||
9 | [64.15.205.101](https://vuldb.com/?ip.64.15.205.101) | - | Spyware | High
|
||||
10 | ... | ... | ... | ...
|
||||
|
||||
There are 35 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _India Police_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by India Police. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\Razer Chroma\SDK\Apps` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/cgi-bin/webviewer_login_page` | High
|
||||
4 | File | `/mgmt/tm/util/bash` | High
|
||||
5 | File | `/recordings/index.php` | High
|
||||
6 | File | `/uncpath/` | Medium
|
||||
7 | File | `add_vhost.php` | High
|
||||
8 | File | `admin-ajax.php` | High
|
||||
9 | File | `and/or` | Low
|
||||
10 | File | `arsys/servlet/AttachServlet` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 87 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://ddanchev.blogspot.com/2022/06/exposing-indian-police-spyware-cyber.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,70 @@
|
|||
# Indra - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Indra](https://vuldb.com/?actor.indra). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.indra](https://vuldb.com/?actor.indra)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with Indra:
|
||||
|
||||
* Iran
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Indra:
|
||||
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [TH](https://vuldb.com/?country.th)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Indra.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [68.183.79.77](https://vuldb.com/?ip.68.183.79.77) | - | Iran | High
|
||||
2 | [139.59.89.238](https://vuldb.com/?ip.139.59.89.238) | 481010.cloudwaysapps.com | Iran | High
|
||||
3 | [167.172.177.158](https://vuldb.com/?ip.167.172.177.158) | - | Iran | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Indra_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Indra. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | Argument | `PAGE_SIZE` | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://research.checkpoint.com/2021/indra-hackers-behind-recent-attacks-on-iran/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -31,12 +31,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -45,17 +48,17 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\ASUS\GamingCenterLib` | High
|
||||
2 | File | `/account/login` | High
|
||||
3 | File | `/adherents/note.php?id=1` | High
|
||||
4 | File | `/admin/ajax.php` | High
|
||||
5 | File | `/Api/ASF` | Medium
|
||||
6 | File | `/bin/sh` | Low
|
||||
2 | File | `../FILEDIR` | Medium
|
||||
3 | File | `/account/login` | High
|
||||
4 | File | `/adherents/note.php?id=1` | High
|
||||
5 | File | `/admin/ajax.php` | High
|
||||
6 | File | `/Api/ASF` | Medium
|
||||
7 | File | `/cgi-bin/cgiServer.exx` | High
|
||||
8 | File | `/cgi?1&5` | Medium
|
||||
9 | File | `/clients/editclient.php` | High
|
||||
10 | File | `/CommunitySSORedirect.jsp` | High
|
||||
11 | File | `/dl/dl_sendmail.php` | High
|
||||
12 | File | `/downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language` | High
|
||||
11 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
12 | File | `/dl/dl_sendmail.php` | High
|
||||
13 | File | `/formStaticDHCP` | High
|
||||
14 | File | `/formVirtualApp` | High
|
||||
15 | File | `/formVirtualServ` | High
|
||||
|
@ -67,18 +70,18 @@ ID | Type | Indicator | Confidence
|
|||
21 | File | `/master/core/PostHandler.php` | High
|
||||
22 | File | `/medianet/sgcontentset.aspx` | High
|
||||
23 | File | `/Nodes-Traffic.php` | High
|
||||
24 | File | `/proc` | Low
|
||||
25 | File | `/proc/pid/syscall` | High
|
||||
26 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
|
||||
27 | File | `/rss.xml` | Medium
|
||||
28 | File | `/send_join` | Medium
|
||||
29 | File | `/settings/profile` | High
|
||||
30 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c` | High
|
||||
31 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
|
||||
32 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c` | High
|
||||
24 | File | `/proc/pid/syscall` | High
|
||||
25 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
|
||||
26 | File | `/rss.xml` | Medium
|
||||
27 | File | `/settings/profile` | High
|
||||
28 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c` | High
|
||||
29 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
|
||||
30 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c` | High
|
||||
31 | File | `/sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c` | High
|
||||
32 | File | `/tmp/swhks.pid` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 284 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 281 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -23,6 +23,14 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Janeleiro_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Janeleiro. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
|
|
@ -62,29 +62,29 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/?/admin/snippet/add` | High
|
||||
3 | File | `/assets/something/services/AppModule.class` | High
|
||||
4 | File | `/bin/false` | Medium
|
||||
5 | File | `/cgi-bin/webproc` | High
|
||||
6 | File | `/editsettings` | High
|
||||
7 | File | `/expert_wizard.php` | High
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/images/browserslide.jpg` | High
|
||||
10 | File | `/includes/lib/get.php` | High
|
||||
11 | File | `/login` | Low
|
||||
12 | File | `/main?cmd=invalid_browser` | High
|
||||
13 | File | `/manager?action=getlogcat` | High
|
||||
14 | File | `/mc` | Low
|
||||
15 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
16 | File | `/public/plugins/` | High
|
||||
17 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
|
||||
18 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
19 | File | `/scas/admin/` | Medium
|
||||
20 | File | `/tlogin.cgi` | Medium
|
||||
21 | File | `/tmp/scfgdndf` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/upload` | Low
|
||||
24 | File | `/usr/ucb/mail` | High
|
||||
5 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
6 | File | `/cgi-bin/webproc` | High
|
||||
7 | File | `/editsettings` | High
|
||||
8 | File | `/expert_wizard.php` | High
|
||||
9 | File | `/forum/away.php` | High
|
||||
10 | File | `/images/browserslide.jpg` | High
|
||||
11 | File | `/includes/lib/get.php` | High
|
||||
12 | File | `/login` | Low
|
||||
13 | File | `/main?cmd=invalid_browser` | High
|
||||
14 | File | `/manager?action=getlogcat` | High
|
||||
15 | File | `/mc` | Low
|
||||
16 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
17 | File | `/public/plugins/` | High
|
||||
18 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
|
||||
19 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
20 | File | `/scas/admin/` | Medium
|
||||
21 | File | `/tlogin.cgi` | Medium
|
||||
22 | File | `/tmp/scfgdndf` | High
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/upload` | Low
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 210 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 212 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,8 +21,11 @@ There are 8 more campaign items available. Please use our online service to acce
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lazarus:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IN](https://vuldb.com/?country.in)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -225,12 +228,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -238,22 +242,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/alarm_pi/alarmService.php` | High
|
||||
2 | File | `/bsms/?page=manage_account` | High
|
||||
3 | File | `/company` | Medium
|
||||
4 | File | `/company/account/safety/trade` | High
|
||||
5 | File | `/company/down_resume/total/nature` | High
|
||||
6 | File | `/company/service/increment/add/im` | High
|
||||
7 | File | `/company/view_be_browsed/total` | High
|
||||
8 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
|
||||
9 | File | `/fm-data.lua` | Medium
|
||||
10 | File | `/freelance/resume_list` | High
|
||||
11 | File | `/home/campus/campus_job` | High
|
||||
12 | File | `/home/job/index` | High
|
||||
13 | File | `/home/job/map` | High
|
||||
14 | ... | ... | ...
|
||||
1 | File | `/action/import_cert_file/` | High
|
||||
2 | File | `/action/import_https_cert_file/` | High
|
||||
3 | File | `/action/remove/` | High
|
||||
4 | File | `/admin/inquiries/view_details.php` | High
|
||||
5 | File | `/api/user/userData?userCode=admin` | High
|
||||
6 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
7 | File | `/ci_hms/search` | High
|
||||
8 | File | `/ci_ssms/index.php/orders/create` | High
|
||||
9 | File | `/classes/Master.php?f=delete_message` | High
|
||||
10 | File | `/classes/Master.php?f=delete_reservation` | High
|
||||
11 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 108 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Liberty Front Press:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -103,38 +103,39 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.ssh/authorized_keys` | High
|
||||
2 | File | `/admin.php` | Medium
|
||||
3 | File | `/bcms/admin/?page=user/list` | High
|
||||
4 | File | `/cgi-bin/luci/api/auth` | High
|
||||
5 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
6 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
7 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
8 | File | `/core/admin/categories.php` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/etc/config/image_sign` | High
|
||||
11 | File | `/etc/groups` | Medium
|
||||
12 | File | `/filemanager/php/connector.php` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
15 | File | `/mgmt/tm/util/bash` | High
|
||||
16 | File | `/MTFWU` | Low
|
||||
17 | File | `/php/passport/index.php` | High
|
||||
18 | File | `/proc/<pid>/status` | High
|
||||
19 | File | `/public/plugins/` | High
|
||||
20 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
21 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
22 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
23 | File | `/tmp` | Low
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/updown/upload.cgi` | High
|
||||
26 | File | `/user-utils/users/md5.json` | High
|
||||
27 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
28 | File | `/usr/bin/pkexec` | High
|
||||
29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
30 | ... | ... | ...
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/admin/` | Low
|
||||
5 | File | `/admin/photo.php` | High
|
||||
6 | File | `/Ap4RtpAtom.cpp` | High
|
||||
7 | File | `/bcms/admin/?page=user/list` | High
|
||||
8 | File | `/bsms/?page=manage_account` | High
|
||||
9 | File | `/cgi-bin/login.cgi` | High
|
||||
10 | File | `/cgi-bin/luci/api/auth` | High
|
||||
11 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
12 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
13 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
14 | File | `/core/admin/categories.php` | High
|
||||
15 | File | `/dashboard/reports/logs/view` | High
|
||||
16 | File | `/debug/pprof` | Medium
|
||||
17 | File | `/etc/config/image_sign` | High
|
||||
18 | File | `/etc/groups` | Medium
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
21 | File | `/fuel/sitevariables/delete/4` | High
|
||||
22 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
23 | File | `/index/jobfairol/show/` | High
|
||||
24 | File | `/librarian/bookdetails.php` | High
|
||||
25 | File | `/mgmt/tm/util/bash` | High
|
||||
26 | File | `/MTFWU` | Low
|
||||
27 | File | `/owa/auth/logon.aspx` | High
|
||||
28 | File | `/php/passport/index.php` | High
|
||||
29 | File | `/public/plugins/` | High
|
||||
30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 255 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -34,9 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1557 | CWE-300 | Channel Accessible by Non-Endpoint | High
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -114,37 +114,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.ssh/authorized_keys` | High
|
||||
2 | File | `/Ap4RtpAtom.cpp` | High
|
||||
3 | File | `/bcms/admin/?page=user/list` | High
|
||||
4 | File | `/cgi-bin/luci/api/auth` | High
|
||||
5 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
6 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
7 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
8 | File | `/core/admin/categories.php` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/etc/config/image_sign` | High
|
||||
11 | File | `/etc/groups` | Medium
|
||||
12 | File | `/filemanager/php/connector.php` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
15 | File | `/mgmt/tm/util/bash` | High
|
||||
16 | File | `/MTFWU` | Low
|
||||
17 | File | `/php/passport/index.php` | High
|
||||
18 | File | `/proc/<pid>/status` | High
|
||||
19 | File | `/public/login.htm` | High
|
||||
20 | File | `/public/plugins/` | High
|
||||
21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
24 | File | `/tmp` | Low
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/updown/upload.cgi` | High
|
||||
27 | File | `/user-utils/users/md5.json` | High
|
||||
28 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
29 | File | `/usr/bin/pkexec` | High
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/Ap4RtpAtom.cpp` | High
|
||||
4 | File | `/bcms/admin/?page=user/list` | High
|
||||
5 | File | `/bsms/?page=manage_account` | High
|
||||
6 | File | `/cgi-bin/login.cgi` | High
|
||||
7 | File | `/cgi-bin/luci/api/auth` | High
|
||||
8 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
9 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/core/admin/categories.php` | High
|
||||
12 | File | `/dashboard/reports/logs/view` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/etc/config/image_sign` | High
|
||||
15 | File | `/etc/groups` | Medium
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
18 | File | `/fuel/sitevariables/delete/4` | High
|
||||
19 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
20 | File | `/index/jobfairol/show/` | High
|
||||
21 | File | `/librarian/bookdetails.php` | High
|
||||
22 | File | `/mgmt/tm/util/bash` | High
|
||||
23 | File | `/MTFWU` | Low
|
||||
24 | File | `/php/passport/index.php` | High
|
||||
25 | File | `/public/login.htm` | High
|
||||
26 | File | `/public/plugins/` | High
|
||||
27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
28 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
29 | File | `/setting/setDeviceName` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 252 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -38,7 +38,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1202 | CWE-77, CWE-78 | Command Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -49,12 +49,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -63,22 +64,22 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `../FILEDIR` | Medium
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
2 | File | `/(((a\2)|(a*)\g</-1>/))*/` | High
|
||||
3 | File | `//proc/kcore` | Medium
|
||||
4 | File | `/admin.php/pic/admin/type/del` | High
|
||||
5 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
6 | File | `/admin.php?p=/User/index` | High
|
||||
7 | File | `/admin/communitymanagement.php` | High
|
||||
8 | File | `/admin/conferences/get-all-status/` | High
|
||||
9 | File | `/Ap4RtpAtom.cpp` | High
|
||||
10 | File | `/assets/partials/_handleLogin.php` | High
|
||||
11 | File | `/bcms/admin/?page=user/list` | High
|
||||
12 | File | `/bcms/admin/?page=user/manage_user` | High
|
||||
13 | File | `/bcms/admin/services/view_service.php` | High
|
||||
14 | File | `/bsms/?page=manage_account` | High
|
||||
15 | File | `/cardo/api` | Medium
|
||||
16 | File | `/cgi-bin/editBookmark` | High
|
||||
17 | File | `/cms/classes/Master.php?f=delete_designation` | High
|
||||
10 | File | `/bcms/admin/?page=user/list` | High
|
||||
11 | File | `/bcms/admin/?page=user/manage_user` | High
|
||||
12 | File | `/bcms/admin/services/view_service.php` | High
|
||||
13 | File | `/bsms/?page=manage_account` | High
|
||||
14 | File | `/cardo/api` | Medium
|
||||
15 | File | `/cgi-bin/login.cgi` | High
|
||||
16 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
17 | File | `/classes/Master.php?f=delete_train` | High
|
||||
18 | File | `/company` | Medium
|
||||
19 | File | `/dashboard/reports/logs/view` | High
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
|
@ -88,16 +89,16 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `/fuel/sitevariables/delete/4` | High
|
||||
25 | File | `/getImage` | Medium
|
||||
26 | File | `/goform/aspForm` | High
|
||||
27 | File | `/goform/setpptpservercfg` | High
|
||||
28 | File | `/help/treecontent.jsp` | High
|
||||
29 | File | `/hprms/admin/?page=patients/view_patient` | High
|
||||
30 | File | `/hprms/admin/patients/manage_patient.php` | High
|
||||
31 | File | `/insurance/editNominee.php` | High
|
||||
32 | File | `/librarian/bookdetails.php` | High
|
||||
33 | File | `/lists/admin/` | High
|
||||
27 | File | `/hprms/admin/?page=patients/view_patient` | High
|
||||
28 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
29 | File | `/hprms/admin/patients/manage_patient.php` | High
|
||||
30 | File | `/index/jobfairol/show/` | High
|
||||
31 | File | `/librarian/bookdetails.php` | High
|
||||
32 | File | `/lists/admin/` | High
|
||||
33 | File | `/mgmt/tm/util/bash` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 292 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -59,12 +59,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -86,18 +87,18 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/goform/login_process` | High
|
||||
13 | File | `/goform/rlmswitchr_process` | High
|
||||
14 | File | `/goforms/rlminfo` | High
|
||||
15 | File | `/plugin` | Low
|
||||
16 | File | `/rating.php` | Medium
|
||||
17 | File | `/scas/admin/` | Medium
|
||||
18 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
19 | File | `/services/prefs.php` | High
|
||||
20 | File | `/src/njs_object.c` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/wordpress-gallery-transformation/gallery.php` | High
|
||||
23 | File | `adclick.php` | Medium
|
||||
15 | File | `/newsDia.php` | Medium
|
||||
16 | File | `/plugin` | Low
|
||||
17 | File | `/rating.php` | Medium
|
||||
18 | File | `/scas/admin/` | Medium
|
||||
19 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
20 | File | `/services/prefs.php` | High
|
||||
21 | File | `/src/njs_object.c` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/wordpress-gallery-transformation/gallery.php` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 201 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,7 +24,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -36,6 +36,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1202 | CWE-77 | Command Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -24,7 +24,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1204.001 | CWE-601 | Open Redirect | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -0,0 +1,99 @@
|
|||
# MedusaLocker - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MedusaLocker](https://vuldb.com/?actor.medusalocker). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.medusalocker](https://vuldb.com/?actor.medusalocker)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MedusaLocker:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of MedusaLocker.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [40.92.90.105](https://vuldb.com/?ip.40.92.90.105) | mail-vi1eur05olkn2105.outbound.protection.outlook.com | - | High
|
||||
2 | [45.146.164.141](https://vuldb.com/?ip.45.146.164.141) | - | - | High
|
||||
3 | [50.80.219.149](https://vuldb.com/?ip.50.80.219.149) | 50-80-219-149.client.mchsi.com | - | High
|
||||
4 | [84.38.189.52](https://vuldb.com/?ip.84.38.189.52) | wmw10.empresagozalez.miami | - | High
|
||||
5 | [87.251.75.71](https://vuldb.com/?ip.87.251.75.71) | - | - | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _MedusaLocker_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by MedusaLocker. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/action/import_https_cert_file/` | High
|
||||
2 | File | `/action/remove/` | High
|
||||
3 | File | `/admin/featured.php` | High
|
||||
4 | File | `/admin/scheprofile.cgi` | High
|
||||
5 | File | `/admin/showbad.php` | High
|
||||
6 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
7 | File | `/ajax/config_rollback/` | High
|
||||
8 | File | `/alarm_pi/alarmService.php` | High
|
||||
9 | File | `/cgi-bin/webproc` | High
|
||||
10 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
11 | File | `/ci_hms/search` | High
|
||||
12 | File | `/company` | Medium
|
||||
13 | File | `/company/service/increment/add/im` | High
|
||||
14 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
15 | File | `/dashboard/reports/logs/view` | High
|
||||
16 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
17 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
|
||||
18 | File | `/dl/dl_sendmail.php` | High
|
||||
19 | File | `/dl/dl_sendsms.php` | High
|
||||
20 | File | `/home/campus/campus_job` | High
|
||||
21 | File | `/home/job/index` | High
|
||||
22 | File | `/IISADMPWD` | Medium
|
||||
23 | File | `/images/background/1.php` | High
|
||||
24 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
25 | File | `/job` | Low
|
||||
26 | File | `/linkedcontent/editfolder.php` | High
|
||||
27 | File | `/loginsave.php` | High
|
||||
28 | File | `/mobilebroker/ServiceToBroker.svc/Json/Connect` | High
|
||||
29 | File | `/modules/mindmap/index.php` | High
|
||||
30 | File | `/odfs/posts/view_post.php` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 259 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cisa.gov/uscert/ncas/alerts/aa22-181a
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
@ -47,12 +47,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,42 +63,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?module=fileman§ion=get&page=grid` | High
|
||||
2 | File | `/admin.php/singer/admin/singer/hy` | High
|
||||
3 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
4 | File | `/admin/deluser.php` | High
|
||||
5 | File | `/admin/edit.php` | High
|
||||
6 | File | `/admin/googleads.php` | High
|
||||
7 | File | `/admin/new-content` | High
|
||||
8 | File | `/admin/operations/tax.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/scheprofile.cgi` | High
|
||||
11 | File | `/admin/weixin.php` | High
|
||||
12 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
13 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
14 | File | `/bcms/admin/courts/manage_court.php` | High
|
||||
15 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
|
||||
16 | File | `/car-rental-management-system/admin/manage_booking.php` | High
|
||||
17 | File | `/cgi-bin/kerbynet` | High
|
||||
18 | File | `/classes/Users.php?f=save` | High
|
||||
19 | File | `/cms/classes/Master.php?f=delete_client` | High
|
||||
20 | File | `/config` | Low
|
||||
21 | File | `/defaultui/player/modern.html` | High
|
||||
22 | File | `/ffos/admin/categories/manage_category.php` | High
|
||||
23 | File | `/ffos/admin/menus/view_menu.php` | High
|
||||
24 | File | `/gaia-job-admin/user/add` | High
|
||||
25 | File | `/goform/aspForm` | High
|
||||
26 | File | `/goform/login_process` | High
|
||||
27 | File | `/goform/setNetworkLan` | High
|
||||
28 | File | `/goform/SetSysTimeCfg` | High
|
||||
29 | File | `/html/Solar_Ftp.php` | High
|
||||
30 | File | `/lists/admin/` | High
|
||||
31 | File | `/mngset/authset` | High
|
||||
32 | File | `/mtms/admin/?page=transaction/send` | High
|
||||
33 | File | `/orrs/admin/trains/manage_train.php` | High
|
||||
34 | File | `/otps/classes/Master.php?f=delete_team` | High
|
||||
35 | ... | ... | ...
|
||||
2 | File | `/action/import_sdk_file/` | High
|
||||
3 | File | `/admin.php/singer/admin/singer/hy` | High
|
||||
4 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/deluser.php` | High
|
||||
7 | File | `/admin/edit.php` | High
|
||||
8 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
9 | File | `/admin/googleads.php` | High
|
||||
10 | File | `/admin/new-content` | High
|
||||
11 | File | `/admin/operations/tax.php` | High
|
||||
12 | File | `/admin/payment.php` | High
|
||||
13 | File | `/admin/scheprofile.cgi` | High
|
||||
14 | File | `/admin/weixin.php` | High
|
||||
15 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
16 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
17 | File | `/bcms/admin/courts/manage_court.php` | High
|
||||
18 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
|
||||
19 | File | `/car-rental-management-system/admin/manage_booking.php` | High
|
||||
20 | File | `/catcompany.php` | High
|
||||
21 | File | `/cgi-bin/kerbynet` | High
|
||||
22 | File | `/classes/Users.php?f=save` | High
|
||||
23 | File | `/cms/classes/Master.php?f=delete_client` | High
|
||||
24 | File | `/config` | Low
|
||||
25 | File | `/defaultui/player/modern.html` | High
|
||||
26 | File | `/ffos/admin/categories/manage_category.php` | High
|
||||
27 | File | `/ffos/admin/menus/view_menu.php` | High
|
||||
28 | File | `/gaia-job-admin/user/add` | High
|
||||
29 | File | `/goform/aspForm` | High
|
||||
30 | File | `/goform/setNetworkLan` | High
|
||||
31 | File | `/goform/SetSysTimeCfg` | High
|
||||
32 | File | `/html/Solar_Ftp.php` | High
|
||||
33 | File | `/lists/admin/` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,8 +17,8 @@ The following _campaigns_ are known and can be associated with Mirai:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mirai:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
@ -48,12 +48,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,42 +62,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/.ssh/authorized_keys` | High
|
||||
1 | File | `/.dbus-keyrings` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `//proc/kcore` | Medium
|
||||
4 | File | `/adm/setmain.php` | High
|
||||
5 | File | `/admin.php/Label/page_del` | High
|
||||
6 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
7 | File | `/admin/?page=system_info/contact_info` | High
|
||||
8 | File | `/admin/comn/service/update.json` | High
|
||||
9 | File | `/admin/dl_sendmail.php` | High
|
||||
10 | File | `/admin/dl_sendsms.php` | High
|
||||
11 | File | `/Ap4RtpAtom.cpp` | High
|
||||
12 | File | `/api/part_categories` | High
|
||||
13 | File | `/api/programs/orgUnits?programs` | High
|
||||
14 | File | `/api/students/me/courses/` | High
|
||||
15 | File | `/asms/classes/Master.php?f=delete_product` | High
|
||||
16 | File | `/asms/classes/Master.php?f=save_product` | High
|
||||
17 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
18 | File | `/bcms/admin/?page=user/list` | High
|
||||
19 | File | `/checklogin.jsp` | High
|
||||
20 | File | `/classes/master.php?f=delete_facility` | High
|
||||
21 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
22 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/dl/dl_sendmail.php` | High
|
||||
25 | File | `/ecrire` | Low
|
||||
26 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
27 | File | `/fuel/sitevariables/delete/4` | High
|
||||
28 | File | `/goform/aspForm` | High
|
||||
29 | File | `/goform/saveParentControlInfo` | High
|
||||
30 | File | `/goform/SetClientState` | High
|
||||
31 | File | `/htdocs/cgibin` | High
|
||||
32 | File | `/hub/api/user` | High
|
||||
33 | File | `/includes/init.php` | High
|
||||
34 | ... | ... | ...
|
||||
4 | File | `/admin.php/Label/page_del` | High
|
||||
5 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
6 | File | `/admin/?page=system_info/contact_info` | High
|
||||
7 | File | `/admin/comn/service/update.json` | High
|
||||
8 | File | `/admin/dl_sendmail.php` | High
|
||||
9 | File | `/admin/dl_sendsms.php` | High
|
||||
10 | File | `/Ap4RtpAtom.cpp` | High
|
||||
11 | File | `/api/part_categories` | High
|
||||
12 | File | `/api/programs/orgUnits?programs` | High
|
||||
13 | File | `/api/user/userData?userCode=admin` | High
|
||||
14 | File | `/asms/classes/Master.php?f=save_product` | High
|
||||
15 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
16 | File | `/bsms/?page=manage_account` | High
|
||||
17 | File | `/cgi-bin/login.cgi` | High
|
||||
18 | File | `/checklogin.jsp` | High
|
||||
19 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
20 | File | `/classes/Master.php?f=delete_reservation` | High
|
||||
21 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
22 | File | `/company` | Medium
|
||||
23 | File | `/company/service/increment/add/im` | High
|
||||
24 | File | `/dashboard/reports/logs/view` | High
|
||||
25 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
|
||||
26 | File | `/debug/pprof` | Medium
|
||||
27 | File | `/dl/dl_sendmail.php` | High
|
||||
28 | File | `/fuel/sitevariables/delete/4` | High
|
||||
29 | File | `/goform/aspForm` | High
|
||||
30 | File | `/goform/saveParentControlInfo` | High
|
||||
31 | File | `/goform/SetClientState` | High
|
||||
32 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 293 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -46,12 +46,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -30,8 +30,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -56,12 +56,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [HU](https://vuldb.com/?country.hu)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
@ -86,19 +86,20 @@ ID | Type | Indicator | Confidence
|
|||
18 | File | `/rating.php` | Medium
|
||||
19 | File | `/rom-0` | Low
|
||||
20 | File | `/secure/admin/ConfigureBatching!default.jspa` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
23 | File | `/var/log/nginx` | High
|
||||
24 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
25 | File | `/xyhai.php?s=/Auth/editUser` | High
|
||||
26 | File | `/_next` | Low
|
||||
27 | File | `actionHandler/ajax_managed_services.php` | High
|
||||
28 | File | `actions.hsp` | Medium
|
||||
29 | File | `addtocart.asp` | High
|
||||
30 | File | `admin/admin.shtml` | High
|
||||
31 | ... | ... | ...
|
||||
21 | File | `/staff/tools/custom-fields` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
24 | File | `/var/log/nginx` | High
|
||||
25 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
26 | File | `/xyhai.php?s=/Auth/editUser` | High
|
||||
27 | File | `/_next` | Low
|
||||
28 | File | `actionHandler/ajax_managed_services.php` | High
|
||||
29 | File | `actions.hsp` | Medium
|
||||
30 | File | `addtocart.asp` | High
|
||||
31 | File | `admin/admin.shtml` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 271 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -45,12 +45,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -63,23 +63,24 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/getcfg.php` | Medium
|
||||
4 | File | `/index.php/weblinks-categories` | High
|
||||
5 | File | `/iwguestbook/admin/messages_edit.asp` | High
|
||||
6 | File | `/public/plugins/` | High
|
||||
7 | File | `/scripts/iisadmin/bdir.htr` | High
|
||||
8 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
9 | File | `add.php` | Low
|
||||
10 | File | `admin.cgi/config.cgi` | High
|
||||
11 | File | `admin/admin.guestbook.php` | High
|
||||
12 | File | `admin/auth.php` | High
|
||||
13 | File | `admin/backupdb.php` | High
|
||||
14 | File | `admin/login.asp` | High
|
||||
15 | File | `admin/preview.php` | High
|
||||
16 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
17 | File | `archive_read_support_format_rar.c` | High
|
||||
18 | File | `auth.py` | Low
|
||||
19 | File | `authenticate.php` | High
|
||||
20 | ... | ... | ...
|
||||
6 | File | `/odfs/classes/Master.php?f=delete_team` | High
|
||||
7 | File | `/public/plugins/` | High
|
||||
8 | File | `/scripts/iisadmin/bdir.htr` | High
|
||||
9 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
10 | File | `add.php` | Low
|
||||
11 | File | `admin.cgi/config.cgi` | High
|
||||
12 | File | `admin/admin.guestbook.php` | High
|
||||
13 | File | `admin/auth.php` | High
|
||||
14 | File | `admin/backupdb.php` | High
|
||||
15 | File | `admin/login.asp` | High
|
||||
16 | File | `admin/preview.php` | High
|
||||
17 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
18 | File | `archive_read_support_format_rar.c` | High
|
||||
19 | File | `auth.py` | Low
|
||||
20 | File | `authenticate.php` | High
|
||||
21 | ... | ... | ...
|
||||
|
||||
There are 169 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 171 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -59,8 +59,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -30,12 +30,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PYSA:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
@ -30,12 +31,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -47,41 +50,40 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
||||
3 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
4 | File | `/admin/?page=system_info/contact_info` | High
|
||||
5 | File | `/Ap4RtpAtom.cpp` | High
|
||||
6 | File | `/api/part_categories` | High
|
||||
7 | File | `/auditLogAction.do` | High
|
||||
8 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
9 | File | `/cgi-bin` | Medium
|
||||
10 | File | `/cgi-bin/webproc` | High
|
||||
11 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
12 | File | `/cms/admin/?page=client/view_client` | High
|
||||
13 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
14 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
15 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
16 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
17 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
18 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
19 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
20 | File | `/etc/cron.daily/upstart` | High
|
||||
21 | File | `/fuel/sitevariables/delete/4` | High
|
||||
22 | File | `/goform/aspForm` | High
|
||||
23 | File | `/IISADMPWD` | Medium
|
||||
24 | File | `/index.php?page=reserve` | High
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/job` | Low
|
||||
27 | File | `/linkedcontent/editfolder.php` | High
|
||||
28 | File | `/mdiy/dict/listExcludeApp` | High
|
||||
29 | File | `/mgmt/tm/util/bash` | High
|
||||
30 | File | `/ofrs/admin/?page=reports` | High
|
||||
31 | File | `/PC/WebService.asmx` | High
|
||||
32 | File | `/pms/admin/inmates/manage_inmate.php` | High
|
||||
33 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
34 | File | `/scbs/classes/Users.php?f=delete_client` | High
|
||||
35 | File | `/school/model/get_events.php` | High
|
||||
36 | File | `/scms/student.php` | High
|
||||
37 | ... | ... | ...
|
||||
5 | File | `/admin/featured.php` | High
|
||||
6 | File | `/ajax/config_rollback/` | High
|
||||
7 | File | `/Ap4RtpAtom.cpp` | High
|
||||
8 | File | `/api/part_categories` | High
|
||||
9 | File | `/auditLogAction.do` | High
|
||||
10 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
11 | File | `/cgi-bin` | Medium
|
||||
12 | File | `/cgi-bin/webproc` | High
|
||||
13 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
14 | File | `/cms/admin/?page=client/view_client` | High
|
||||
15 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
16 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
17 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
18 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
19 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
20 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
21 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
22 | File | `/etc/cron.daily/upstart` | High
|
||||
23 | File | `/fuel/sitevariables/delete/4` | High
|
||||
24 | File | `/goform/aspForm` | High
|
||||
25 | File | `/IISADMPWD` | Medium
|
||||
26 | File | `/index.php?page=reserve` | High
|
||||
27 | File | `/Items/*/RemoteImages/Download` | High
|
||||
28 | File | `/job` | Low
|
||||
29 | File | `/linkedcontent/editfolder.php` | High
|
||||
30 | File | `/mdiy/dict/listExcludeApp` | High
|
||||
31 | File | `/mgmt/tm/util/bash` | High
|
||||
32 | File | `/ofrs/admin/?page=reports` | High
|
||||
33 | File | `/PC/WebService.asmx` | High
|
||||
34 | File | `/pms/admin/actions/view_action.php` | High
|
||||
35 | File | `/pms/admin/cells/manage_cell.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -101,7 +101,7 @@ ID | Type | Indicator | Confidence
|
|||
44 | File | `admin/admin/fileUploadAction_fileUpload.action` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -37,8 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -26,7 +26,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1600 | CWE-310 | Cryptographic Issues | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1204.001 | CWE-601 | Open Redirect | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -34,8 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -44,28 +44,28 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
3 | File | `/cgi/get_param.cgi` | High
|
||||
4 | File | `/edit-db.php` | Medium
|
||||
5 | File | `/ext/phar/phar_object.c` | High
|
||||
6 | File | `/files/password` | High
|
||||
7 | File | `/guest_auth/cfg/upLoadCfg.php` | High
|
||||
8 | File | `/hocms/classes/Master.php?f=delete_member` | High
|
||||
9 | File | `/lists/admin/` | High
|
||||
10 | File | `/phppath/php` | Medium
|
||||
11 | File | `/services/getFile.cmd` | High
|
||||
12 | File | `/sns/classes/Master.php?f=delete_img` | High
|
||||
13 | File | `/usr/bin/pkexec` | High
|
||||
14 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
15 | File | `/var/log/messages` | High
|
||||
16 | File | `/web/jquery/uploader/multi_uploadify.php` | High
|
||||
17 | File | `/webconsole/Controller` | High
|
||||
18 | File | `/wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC` | High
|
||||
19 | File | `abook_database.php` | High
|
||||
20 | File | `acl/save_user.cgi` | High
|
||||
21 | File | `adaptive-images-script.php` | High
|
||||
22 | File | `admin/auth.php` | High
|
||||
23 | File | `admin/cgi-bin/listdir.pl` | High
|
||||
24 | File | `adminuseredit.php?usertoedit=XSS` | High
|
||||
25 | File | `AvastSvc.exe` | Medium
|
||||
26 | File | `backupsettings.conf` | High
|
||||
5 | File | `/files/password` | High
|
||||
6 | File | `/guest_auth/cfg/upLoadCfg.php` | High
|
||||
7 | File | `/hocms/classes/Master.php?f=delete_member` | High
|
||||
8 | File | `/lists/admin/` | High
|
||||
9 | File | `/phppath/php` | Medium
|
||||
10 | File | `/services/getFile.cmd` | High
|
||||
11 | File | `/sns/classes/Master.php?f=delete_img` | High
|
||||
12 | File | `/usr/bin/pkexec` | High
|
||||
13 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
14 | File | `/var/log/messages` | High
|
||||
15 | File | `/web/jquery/uploader/multi_uploadify.php` | High
|
||||
16 | File | `/webconsole/Controller` | High
|
||||
17 | File | `/wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC` | High
|
||||
18 | File | `abook_database.php` | High
|
||||
19 | File | `acl/save_user.cgi` | High
|
||||
20 | File | `adaptive-images-script.php` | High
|
||||
21 | File | `admin/auth.php` | High
|
||||
22 | File | `admin/cgi-bin/listdir.pl` | High
|
||||
23 | File | `adminuseredit.php?usertoedit=XSS` | High
|
||||
24 | File | `AvastSvc.exe` | Medium
|
||||
25 | File | `backupsettings.conf` | High
|
||||
26 | File | `base/ErrorHandler.php` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 225 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [SC](https://vuldb.com/?country.sc)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
@ -46,12 +46,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -59,39 +61,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin/scheprofile.cgi` | High
|
||||
3 | File | `/admin/showbad.php` | High
|
||||
4 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
5 | File | `/alarm_pi/alarmService.php` | High
|
||||
6 | File | `/Ap4RtpAtom.cpp` | High
|
||||
7 | File | `/api/part_categories` | High
|
||||
8 | File | `/cgi-bin/kerbynet` | High
|
||||
9 | File | `/cgi-bin/webproc` | High
|
||||
10 | File | `/cgi/get_param.cgi` | High
|
||||
11 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
12 | File | `/company` | Medium
|
||||
13 | File | `/company/account/safety/trade` | High
|
||||
14 | File | `/company/service/increment/add/im` | High
|
||||
15 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
16 | File | `/dashboard/reports/logs/view` | High
|
||||
17 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
18 | File | `/defaultui/player/modern.html` | High
|
||||
19 | File | `/dl/dl_sendmail.php` | High
|
||||
20 | File | `/dl/dl_sendsms.php` | High
|
||||
21 | File | `/fuel/sitevariables/delete/4` | High
|
||||
22 | File | `/goform/aspForm` | High
|
||||
23 | File | `/home/campus/campus_job` | High
|
||||
24 | File | `/home/job/index` | High
|
||||
25 | File | `/IISADMPWD` | Medium
|
||||
26 | File | `/images/background/1.php` | High
|
||||
27 | File | `/index.php?action=seomatic/file/seo-file-link` | High
|
||||
1 | File | `/action/import_https_cert_file/` | High
|
||||
2 | File | `/action/remove/` | High
|
||||
3 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
4 | File | `/admin/featured.php` | High
|
||||
5 | File | `/admin/scheprofile.cgi` | High
|
||||
6 | File | `/admin/showbad.php` | High
|
||||
7 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
8 | File | `/ajax/config_rollback/` | High
|
||||
9 | File | `/ajax/set_sys_time/` | High
|
||||
10 | File | `/alarm_pi/alarmService.php` | High
|
||||
11 | File | `/application/controllers/Users.php` | High
|
||||
12 | File | `/cgi-bin/webproc` | High
|
||||
13 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
14 | File | `/ci_hms/search` | High
|
||||
15 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
16 | File | `/company` | Medium
|
||||
17 | File | `/company/account/safety/trade` | High
|
||||
18 | File | `/company/service/increment/add/im` | High
|
||||
19 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
20 | File | `/dashboard/reports/logs/view` | High
|
||||
21 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
22 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
|
||||
23 | File | `/dl/dl_sendmail.php` | High
|
||||
24 | File | `/dl/dl_sendsms.php` | High
|
||||
25 | File | `/home/campus/campus_job` | High
|
||||
26 | File | `/home/job/index` | High
|
||||
27 | File | `/images/background/1.php` | High
|
||||
28 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
29 | File | `/itop/webservices/export-v2.php` | High
|
||||
30 | File | `/job` | Low
|
||||
31 | ... | ... | ...
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 241 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -47,12 +47,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -81,7 +82,7 @@ ID | Type | Indicator | Confidence
|
|||
19 | File | `admin.asp` | Medium
|
||||
20 | ... | ... | ...
|
||||
|
||||
There are 160 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 161 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,93 @@
|
|||
# Raccoon Stealer - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Raccoon Stealer](https://vuldb.com/?actor.raccoon_stealer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.raccoon_stealer](https://vuldb.com/?actor.raccoon_stealer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Raccoon Stealer:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Raccoon Stealer.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.252.22.62](https://vuldb.com/?ip.5.252.22.62) | vm523526.stark-industries.solutions | - | High
|
||||
2 | [45.142.212.100](https://vuldb.com/?ip.45.142.212.100) | pikpik.top | - | High
|
||||
3 | [51.81.143.169](https://vuldb.com/?ip.51.81.143.169) | ip169.ip-51-81-143.us | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Raccoon Stealer_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Raccoon Stealer. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/account/register` | High
|
||||
2 | File | `/admin.php/pic/admin/pic/del` | High
|
||||
3 | File | `/admin/deluser.php` | High
|
||||
4 | File | `/admin/sign/out` | High
|
||||
5 | File | `/admin/web_config.php&` | High
|
||||
6 | File | `/apps/` | Low
|
||||
7 | File | `/bsms/?page=manage_account` | High
|
||||
8 | File | `/cmscp/ext/collect/fetch_url.do` | High
|
||||
9 | File | `/controllers/MgrDiagnosticTools.php` | High
|
||||
10 | File | `/convert/html` | High
|
||||
11 | File | `/course/api/upload/pic` | High
|
||||
12 | File | `/etc/init.d/S50dropbear.sh` | High
|
||||
13 | File | `/goform/rlmswitchr_process` | High
|
||||
14 | File | `/hocms/classes/Master.php?f=delete_phase` | High
|
||||
15 | File | `/hub/api/user` | High
|
||||
16 | File | `/modules/mindmap/index.php` | High
|
||||
17 | File | `/modules/tasks/summary.inc.php` | High
|
||||
18 | File | `/password.html` | High
|
||||
19 | File | `/pms/admin/inmates/manage_record.php` | High
|
||||
20 | File | `/pms/admin/prisons/manage_prison.php` | High
|
||||
21 | File | `/root/.keeper/` | High
|
||||
22 | File | `/rss.xml` | Medium
|
||||
23 | ... | ... | ...
|
||||
|
||||
There are 194 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.zerofox.com/blog/brief-raccoon-stealer-version-2-0/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -81,7 +81,7 @@ ID | Type | Indicator | Confidence
|
|||
27 | File | `bits.c` | Low
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 237 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 240 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -37,12 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -112,29 +112,29 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/admin.php` | High
|
||||
2 | File | `/admin/imageslider/file.php` | High
|
||||
3 | File | `/cgi-bin/luci` | High
|
||||
4 | File | `/cgi-bin/viewcert` | High
|
||||
5 | File | `/config/getuser` | High
|
||||
6 | File | `/core/vb/vurl.php` | High
|
||||
7 | File | `/etc/gsissh/sshd_config` | High
|
||||
8 | File | `/etc/ldap.conf` | High
|
||||
9 | File | `/getcfg.php` | Medium
|
||||
10 | File | `/goform/telnet` | High
|
||||
11 | File | `/goform/WanParameterSetting` | High
|
||||
12 | File | `/importTool/preview` | High
|
||||
13 | File | `/include/makecvs.php` | High
|
||||
14 | File | `/mgmt/tm/util/bash` | High
|
||||
15 | File | `/mods/_core/courses/users/create_course.php` | High
|
||||
16 | File | `/monitoring` | Medium
|
||||
17 | File | `/phppath/php` | Medium
|
||||
18 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
19 | File | `/server-status` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `adclick.php` | Medium
|
||||
22 | File | `addentry.php` | Medium
|
||||
3 | File | `/admin/sign/out` | High
|
||||
4 | File | `/cgi-bin/luci` | High
|
||||
5 | File | `/cgi-bin/viewcert` | High
|
||||
6 | File | `/config/getuser` | High
|
||||
7 | File | `/core/vb/vurl.php` | High
|
||||
8 | File | `/etc/gsissh/sshd_config` | High
|
||||
9 | File | `/etc/ldap.conf` | High
|
||||
10 | File | `/getcfg.php` | Medium
|
||||
11 | File | `/goform/telnet` | High
|
||||
12 | File | `/goform/WanParameterSetting` | High
|
||||
13 | File | `/importTool/preview` | High
|
||||
14 | File | `/include/makecvs.php` | High
|
||||
15 | File | `/mgmt/tm/util/bash` | High
|
||||
16 | File | `/mods/_core/courses/users/create_course.php` | High
|
||||
17 | File | `/monitoring` | Medium
|
||||
18 | File | `/phppath/php` | Medium
|
||||
19 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
20 | File | `/server-status` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `adclick.php` | Medium
|
||||
23 | ... | ... | ...
|
||||
|
||||
There are 189 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 190 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -116,12 +116,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -132,29 +134,28 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.procmailrc` | Medium
|
||||
2 | File | `/anony/mjpg.cgi` | High
|
||||
3 | File | `/bin/mail` | Medium
|
||||
4 | File | `/common/info.cgi` | High
|
||||
5 | File | `/data/vendor/tcl` | High
|
||||
6 | File | `/dev/random` | Medium
|
||||
4 | File | `/blog/blog.php` | High
|
||||
5 | File | `/common/info.cgi` | High
|
||||
6 | File | `/data/vendor/tcl` | High
|
||||
7 | File | `/etc/hosts` | Medium
|
||||
8 | File | `/etc/passwd` | Medium
|
||||
9 | File | `/etc/password` | High
|
||||
10 | File | `/files.md5` | Medium
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/include/chart_generator.php` | High
|
||||
13 | File | `/mgmt/tm/util/bash` | High
|
||||
14 | File | `/op/op.LockDocument.php` | High
|
||||
15 | File | `/plesk-site-preview/` | High
|
||||
16 | File | `/proc/self/setgroups` | High
|
||||
17 | File | `/proc/stat` | Medium
|
||||
18 | File | `/ram/pckg/security/nova/bin/ipsec` | High
|
||||
19 | File | `/rest/api/2/search` | High
|
||||
20 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
21 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
22 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
23 | File | `/tmp` | Low
|
||||
24 | ... | ... | ...
|
||||
12 | File | `/hy-cgi/devices.cgi` | High
|
||||
13 | File | `/include/chart_generator.php` | High
|
||||
14 | File | `/mgmt/tm/util/bash` | High
|
||||
15 | File | `/op/op.LockDocument.php` | High
|
||||
16 | File | `/plesk-site-preview/` | High
|
||||
17 | File | `/proc/self/setgroups` | High
|
||||
18 | File | `/proc/stat` | Medium
|
||||
19 | File | `/ram/pckg/security/nova/bin/ipsec` | High
|
||||
20 | File | `/rest/api/2/search` | High
|
||||
21 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
22 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
23 | ... | ... | ...
|
||||
|
||||
There are 199 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 191 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -32,12 +32,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.sage](https://vuldb.com/?actor.sage)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Sage:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Sage.
|
||||
|
@ -11,13 +17,18 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.45.6.138](https://vuldb.com/?ip.5.45.6.138) | 138-006-045-005.ip-addr.inexio.net | - | High
|
||||
2 | [5.45.24.236](https://vuldb.com/?ip.5.45.24.236) | - | - | High
|
||||
3 | [5.45.129.52](https://vuldb.com/?ip.5.45.129.52) | - | - | High
|
||||
4 | [5.45.140.6](https://vuldb.com/?ip.5.45.140.6) | - | - | High
|
||||
5 | [5.45.159.19](https://vuldb.com/?ip.5.45.159.19) | - | - | High
|
||||
6 | ... | ... | ... | ...
|
||||
2 | [5.45.17.36](https://vuldb.com/?ip.5.45.17.36) | - | - | High
|
||||
3 | [5.45.24.236](https://vuldb.com/?ip.5.45.24.236) | - | - | High
|
||||
4 | [5.45.100.133](https://vuldb.com/?ip.5.45.100.133) | domain-butler.com | - | High
|
||||
5 | [5.45.107.161](https://vuldb.com/?ip.5.45.107.161) | nobody.yourvserver.net | - | High
|
||||
6 | [5.45.107.167](https://vuldb.com/?ip.5.45.107.167) | v22014011960816232.yourvserver.net | - | High
|
||||
7 | [5.45.129.52](https://vuldb.com/?ip.5.45.129.52) | - | - | High
|
||||
8 | [5.45.140.6](https://vuldb.com/?ip.5.45.140.6) | - | - | High
|
||||
9 | [5.45.159.19](https://vuldb.com/?ip.5.45.159.19) | - | - | High
|
||||
10 | [5.45.208.36](https://vuldb.com/?ip.5.45.208.36) | proxy-minsk03.cdn.yandex.net | - | High
|
||||
11 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more IOC items available. Please use our online service to access the data.
|
||||
There are 40 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -25,12 +36,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -38,43 +49,28 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php/admin/art/data.html` | High
|
||||
2 | File | `/admin/login.php` | High
|
||||
3 | File | `/admin/maintenance_actions.php` | High
|
||||
4 | File | `/debug` | Low
|
||||
5 | File | `/home.asp` | Medium
|
||||
6 | File | `/include/up.php` | High
|
||||
7 | File | `/install/index.php` | High
|
||||
8 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
9 | File | `/TMS/admin/user/Update2` | High
|
||||
10 | File | `/u8sl/WebHelp` | High
|
||||
11 | File | `/wp-content/uploads/jobmonster/` | High
|
||||
12 | File | `admin/config` | Medium
|
||||
13 | File | `admin/htaccess/bpsunlock.php` | High
|
||||
14 | File | `admin/maintenance/manage_branch.php` | High
|
||||
15 | File | `adminpasswd.cgi` | High
|
||||
16 | File | `adm_config_report.php` | High
|
||||
17 | File | `ad_manage.php` | High
|
||||
18 | File | `application/config/config.php` | High
|
||||
19 | File | `attendancy.php` | High
|
||||
20 | File | `basicDDNS.html` | High
|
||||
21 | File | `bitfield.c` | Medium
|
||||
22 | File | `BKFSim_vhfd.exe` | High
|
||||
23 | File | `blocklayered-ajax.php` | High
|
||||
24 | File | `bug_report.php` | High
|
||||
25 | File | `categories-x.php` | High
|
||||
26 | File | `categorymenu.php` | High
|
||||
27 | File | `client.inc.php` | High
|
||||
28 | File | `common.c` | Medium
|
||||
29 | ... | ... | ...
|
||||
1 | File | `/admin/inquiries/view_details.php` | High
|
||||
2 | File | `/tmp/zarafa-vacation-*` | High
|
||||
3 | File | `apl_42.c` | Medium
|
||||
4 | File | `arch/arm/p2m.c` | High
|
||||
5 | File | `arch/powerpc/kernel/process.c` | High
|
||||
6 | File | `arch/x86/mm/guest_walk.c` | High
|
||||
7 | File | `auth.c` | Low
|
||||
8 | File | `block/qcow.c` | Medium
|
||||
9 | File | `cgi-bin/webproc` | High
|
||||
10 | File | `cgi_main.c` | Medium
|
||||
11 | File | `class.phpmailer.php` | High
|
||||
12 | File | `content/content.systempreferences.php` | High
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 100 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
|
||||
* https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -35,12 +35,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -35,7 +35,8 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
5 | [5.149.254.114](https://vuldb.com/?ip.5.149.254.114) | mail1.auditoriavanzada.info | BlackEnergy | High
|
||||
6 | [5.255.87.39](https://vuldb.com/?ip.5.255.87.39) | - | BlackEnergy | High
|
||||
7 | [31.210.111.154](https://vuldb.com/?ip.31.210.111.154) | . | BlackEnergy | High
|
||||
8 | ... | ... | ... | ...
|
||||
8 | [37.220.34.56](https://vuldb.com/?ip.37.220.34.56) | - | BlackEnergy | High
|
||||
9 | ... | ... | ... | ...
|
||||
|
||||
There are 30 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -59,47 +60,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
3 | File | `/admin.php?mod=user&` | High
|
||||
4 | File | `/admin/dl_sendmail.php` | High
|
||||
5 | File | `/Ap4RtpAtom.cpp` | High
|
||||
6 | File | `/bcms/admin/?page=user/list` | High
|
||||
7 | File | `/bsms/?page=manage_account` | High
|
||||
2 | File | `/admin.php?mod=user&` | High
|
||||
3 | File | `/admin/dl_sendmail.php` | High
|
||||
4 | File | `/Ap4RtpAtom.cpp` | High
|
||||
5 | File | `/bcms/admin/?page=user/list` | High
|
||||
6 | File | `/bsms/?page=manage_account` | High
|
||||
7 | File | `/cgi-bin/login.cgi` | High
|
||||
8 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
9 | File | `/dashboard/reports/logs/view` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/dl/dl_print.php` | High
|
||||
12 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
13 | File | `/fuel/sitevariables/delete/4` | High
|
||||
14 | File | `/mgmt/tm/util/bash` | High
|
||||
15 | File | `/moddable/xs/sources/xsDebug.c` | High
|
||||
16 | File | `/monitoring` | Medium
|
||||
17 | File | `/new` | Low
|
||||
18 | File | `/odfs/classes/Master.php?f=save_category` | High
|
||||
19 | File | `/proc/<pid>/status` | High
|
||||
20 | File | `/public/plugins/` | High
|
||||
21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
24 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
25 | File | `/StdC/Ap4StdCFileByteStream.cpp` | High
|
||||
26 | File | `/tmp` | Low
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/usr/bin/pkexec` | High
|
||||
29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
30 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `AccountManagerService.java` | High
|
||||
33 | File | `actions/CompanyDetailsSave.php` | High
|
||||
34 | File | `ActiveServices.java` | High
|
||||
14 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
15 | File | `/index/jobfairol/show/` | High
|
||||
16 | File | `/librarian/bookdetails.php` | High
|
||||
17 | File | `/mgmt/tm/util/bash` | High
|
||||
18 | File | `/moddable/xs/sources/xsDebug.c` | High
|
||||
19 | File | `/monitoring` | Medium
|
||||
20 | File | `/new` | Low
|
||||
21 | File | `/odfs/classes/Master.php?f=save_category` | High
|
||||
22 | File | `/proc/<pid>/status` | High
|
||||
23 | File | `/public/plugins/` | High
|
||||
24 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
25 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
26 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
27 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
28 | File | `/StdC/Ap4StdCFileByteStream.cpp` | High
|
||||
29 | File | `/tmp` | Low
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/usr/bin/pkexec` | High
|
||||
32 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
33 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
34 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 299 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://ddanchev.blogspot.com/2022/06/exclusive-exposing-grus-unit-74455.html
|
||||
* https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf
|
||||
* https://otx.alienvault.com/pulse/62552abdd7e44d9aba08636d
|
||||
* https://www.threatminer.org/report.php?q=BlackEnergy2_Plugins_Router.pdf&y=2014
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
# SessionManager - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [SessionManager](https://vuldb.com/?actor.sessionmanager). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.sessionmanager](https://vuldb.com/?actor.sessionmanager)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with SessionManager:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of SessionManager.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [202.182.123.185](https://vuldb.com/?ip.202.182.123.185) | 202.182.123.185.vultrusercontent.com | - | High
|
||||
2 | [207.148.109.111](https://vuldb.com/?ip.207.148.109.111) | 207.148.109.111.vultrusercontent.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _SessionManager_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by SessionManager. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `admin.php` | Medium
|
||||
2 | File | `index.php` | Medium
|
||||
3 | File | `index.php?m=home&c=message&a=add` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://securelist.com/the-sessionmanager-iis-backdoor/106868/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -31,7 +31,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -43,12 +43,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1495 | CWE-494 | Download of Code Without Integrity Check | High
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -65,13 +65,13 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin/admin_login.php` | High
|
||||
5 | File | `/advanced/adv_dns.xgi` | High
|
||||
6 | File | `/CFIDE/probe.cfm` | High
|
||||
7 | File | `/computer/(agent-name)/api` | High
|
||||
7 | File | `/cgi-bin/kerbynet` | High
|
||||
8 | File | `/dev/snd/seq` | Medium
|
||||
9 | File | `/error` | Low
|
||||
10 | File | `/etc/config/rpcd` | High
|
||||
11 | File | `/goform/saveParentControlInfo` | High
|
||||
12 | File | `/htdocs/admin/dict.php?id=3` | High
|
||||
13 | File | `/includes/rrdtool.inc.php` | High
|
||||
12 | File | `/goform/SetFirewallCfg` | High
|
||||
13 | File | `/htdocs/admin/dict.php?id=3` | High
|
||||
14 | File | `/module/module_frame/index.php` | High
|
||||
15 | File | `/nidp/app/login` | High
|
||||
16 | File | `/proc` | Low
|
||||
|
@ -95,13 +95,13 @@ ID | Type | Indicator | Confidence
|
|||
34 | File | `administrative` | High
|
||||
35 | File | `Alias.asmx` | Medium
|
||||
36 | File | `aolfix.exe` | Medium
|
||||
37 | File | `Array.prototype.concat` | High
|
||||
38 | File | `AudioService.java` | High
|
||||
39 | File | `awhost32.exe` | Medium
|
||||
40 | File | `bidhistory.php` | High
|
||||
37 | File | `app/models/user.rb` | High
|
||||
38 | File | `apply.cgi` | Medium
|
||||
39 | File | `Array.prototype.concat` | High
|
||||
40 | File | `AudioService.java` | High
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 350 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 351 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue