Update

2022-07-06 11:19:10 +02:00 · 2022-07-06 11:19:10 +02:00 · 7622f0a54f
parent a5a5219532
commit 7622f0a54f
248 changed files with 4614 additions and 3067 deletions
--- a/Gang/README.md
+++ b/Gang/README.md
@ -29,6 +29,16 @@ ID | IP address | Hostname | Campaign | Confidence

 There are 2 more IOC items available. Please use our online service to access the data.

+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _8220 Gang_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059 | CWE-94 | Cross Site Scripting | High
+2 | T1505 | CWE-89 | SQL Injection | High
+3 | T1592 | CWE-200 | Configuration | High
+
 ## IOA - Indicator of Attack

 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by 8220 Gang. This data is unique as it uses our predictive model for actor profiling.
--- a/actors/APT-C-36/README.md
+++ b/actors/APT-C-36/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [DE](https://vuldb.com/?country.de)
 * ...

-There are 21 more country items available. Please use our online service to access the data.
+There are 23 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -34,12 +34,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -47,69 +49,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
+1 | File | `.htaccess` | Medium
 2 | File | `/+CSCOE+/logon.html` | High
-3 | File | `/admin_page/all-files-update-ajax.php` | High
-4 | File | `/assets/ctx` | Medium
-5 | File | `/bsms/?page=products` | High
-6 | File | `/cgi-bin/system_mgr.cgi` | High
-7 | File | `/cloud_config/router_post/check_reg_verify_code` | High
-8 | File | `/concat?/%2557EB-INF/web.xml` | High
-9 | File | `/config/getuser` | High
-10 | File | `/debug/pprof` | Medium
-11 | File | `/dms/admin/reports/daily_collection_report.php` | High
-12 | File | `/ext/phar/phar_object.c` | High
-13 | File | `/filemanager/php/connector.php` | High
-14 | File | `/get_getnetworkconf.cgi` | High
-15 | File | `/HNAP1` | Low
-16 | File | `/include/chart_generator.php` | High
-17 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
-18 | File | `/info.cgi` | Medium
-19 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
-20 | File | `/mgmt/tm/util/bash` | High
-21 | File | `/modx/manager/index.php` | High
-22 | File | `/osm/REGISTER.cmd` | High
-23 | File | `/replication` | Medium
-24 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
-25 | File | `/spip.php` | Medium
-26 | File | `/supervisor/procesa_carga.php` | High
-27 | File | `/type.php` | Medium
-28 | File | `/uncpath/` | Medium
-29 | File | `/usr/bin/pkexec` | High
-30 | File | `/Wedding-Management/package_detail.php` | High
-31 | File | `/zm/index.php` | High
-32 | File | `4.2.0.CP09` | Medium
-33 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-34 | File | `802dot1xclientcert.cgi` | High
-35 | File | `a2billing/customer/iridium_threed.php` | High
-36 | File | `add.exe` | Low
-37 | File | `admin-ajax.php` | High
-38 | File | `admin.color.php` | High
-39 | File | `admin.cropcanvas.php` | High
-40 | File | `admin.joomlaradiov5.php` | High
-41 | File | `admin.php` | Medium
-42 | File | `admin.php?m=Food&a=addsave` | High
-43 | File | `admin/conf_users_edit.php` | High
-44 | File | `admin/index.php` | High
-45 | File | `admin/limits.php` | High
-46 | File | `admin/user.php` | High
-47 | File | `admin/write-post.php` | High
-48 | File | `administrator/components/com_media/helpers/media.php` | High
-49 | File | `admin_events.php` | High
-50 | File | `akocomments.php` | High
-51 | File | `allopass-error.php` | High
-52 | File | `announcement.php` | High
-53 | File | `apply.cgi` | Medium
-54 | File | `appointment.php` | High
-55 | File | `archiver\index.php` | High
-56 | File | `artlinks.dispnew.php` | High
-57 | File | `auth.inc.php` | Medium
-58 | File | `authorization.do` | High
-59 | File | `bb_usage_stats.php` | High
-60 | File | `binder.c` | Medium
-61 | ... | ... | ...
+3 | File | `/admin/edit_admin_details.php?id=admin` | High
+4 | File | `/admin/generalsettings.php` | High
+5 | File | `/admin/payment.php` | High
+6 | File | `/admin/reports.php` | High
+7 | File | `/admin_page/all-files-update-ajax.php` | High
+8 | File | `/assets/ctx` | Medium
+9 | File | `/bsms/?page=products` | High
+10 | File | `/cgi-bin/kerbynet` | High
+11 | File | `/cgi-bin/system_mgr.cgi` | High
+12 | File | `/cloud_config/router_post/check_reg_verify_code` | High
+13 | File | `/concat?/%2557EB-INF/web.xml` | High
+14 | File | `/config/getuser` | High
+15 | File | `/debug/pprof` | Medium
+16 | File | `/dms/admin/reports/daily_collection_report.php` | High
+17 | File | `/ext/phar/phar_object.c` | High
+18 | File | `/filemanager/php/connector.php` | High
+19 | File | `/forum/away.php` | High
+20 | File | `/get_getnetworkconf.cgi` | High
+21 | File | `/HNAP1` | Low
+22 | File | `/include/chart_generator.php` | High
+23 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
+24 | File | `/info.cgi` | Medium
+25 | File | `/Items/*/RemoteImages/Download` | High
+26 | File | `/lists/admin/` | High
+27 | File | `/MagickCore/image.c` | High
+28 | File | `/mgmt/tm/util/bash` | High
+29 | File | `/modx/manager/index.php` | High
+30 | File | `/osm/REGISTER.cmd` | High
+31 | File | `/replication` | Medium
+32 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
+33 | File | `/spip.php` | Medium
+34 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
+35 | File | `/type.php` | Medium
+36 | File | `/uncpath/` | Medium
+37 | File | `/usr/bin/pkexec` | High
+38 | File | `/Wedding-Management/package_detail.php` | High
+39 | File | `4.2.0.CP09` | Medium
+40 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+41 | File | `802dot1xclientcert.cgi` | High
+42 | File | `a2billing/customer/iridium_threed.php` | High
+43 | File | `AdClass.php` | Medium
+44 | File | `add.exe` | Low
+45 | File | `admin-ajax.php` | High
+46 | File | `admin.color.php` | High
+47 | File | `admin.cropcanvas.php` | High
+48 | File | `admin.joomlaradiov5.php` | High
+49 | File | `admin.php` | Medium
+50 | File | `admin.php?m=Food&a=addsave` | High
+51 | File | `admin/conf_users_edit.php` | High
+52 | File | `admin/index.php` | High
+53 | File | `admin/limits.php` | High
+54 | File | `admin/user.php` | High
+55 | File | `admin/write-post.php` | High
+56 | File | `administrator/components/com_media/helpers/media.php` | High
+57 | File | `admin_events.php` | High
+58 | File | `akocomments.php` | High
+59 | File | `allopass-error.php` | High
+60 | ... | ... | ...

-There are 530 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 522 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT1/README.md
+++ b/actors/APT1/README.md
@ -50,12 +50,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 2 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -68,7 +68,7 @@ ID | Type | Indicator | Confidence
 3 | File | `adm/boardgroup_form_update.php` | High
 4 | ... | ... | ...

-There are 19 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 20 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT12/README.md
+++ b/actors/APT12/README.md
@ -38,6 +38,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+2 | T1202 | CWE-77 | Command Injection | High
+3 | T1505 | CWE-89 | SQL Injection | High
+4 | ... | ... | ... | ...
+
+There are 1 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/APT17/README.md
+++ b/actors/APT17/README.md
@ -41,12 +41,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
-3 | T1211 | CWE-254 | 7PK Security Features | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 1 more TTP items available. Please use our online service to access the data.
+There are 13 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/APT19/README.md
+++ b/actors/APT19/README.md
@ -30,6 +30,14 @@ ID | IP address | Hostname | Campaign | Confidence

 There are 4 more IOC items available. Please use our online service to access the data.

+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _APT19_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1222 | CWE-276 | Permission Issues | High
+
 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:
--- a/actors/APT28/README.md
+++ b/actors/APT28/README.md
@ -89,12 +89,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
+4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 15 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -105,25 +106,25 @@ ID | Type | Indicator | Confidence
 1 | File | `.travis.yml` | Medium
 2 | File | `/.env` | Low
 3 | File | `/admin.php` | Medium
-4 | File | `/file?action=download&file` | High
-5 | File | `/filemanager/upload.php` | High
+4 | File | `/core/conditions/AbstractWrapper.java` | High
+5 | File | `/file?action=download&file` | High
 6 | File | `/medical/inventories.php` | High
 7 | File | `/mgmt/tm/util/bash` | High
 8 | File | `/monitoring` | Medium
-9 | File | `/NAGErrors` | Medium
-10 | File | `/plugins/servlet/audit/resource` | High
-11 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
-12 | File | `/REBOOTSYSTEM` | High
-13 | File | `/replication` | Medium
-14 | File | `/reports/rwservlet` | High
-15 | File | `/RestAPI` | Medium
-16 | File | `/tmp` | Low
-17 | File | `/tmp/speedtest_urls.xml` | High
-18 | File | `/tmp/zarafa-vacation-*` | High
-19 | File | `/uncpath/` | Medium
-20 | File | `/upload` | Low
-21 | File | `/usr/bin/at` | Medium
-22 | File | `/var/log/nginx` | High
+9 | File | `/plugins/servlet/audit/resource` | High
+10 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
+11 | File | `/REBOOTSYSTEM` | High
+12 | File | `/replication` | Medium
+13 | File | `/reports/rwservlet` | High
+14 | File | `/RestAPI` | Medium
+15 | File | `/tmp` | Low
+16 | File | `/tmp/speedtest_urls.xml` | High
+17 | File | `/tmp/zarafa-vacation-*` | High
+18 | File | `/uncpath/` | Medium
+19 | File | `/upload` | Low
+20 | File | `/usr/bin/at` | Medium
+21 | File | `/var/log/nginx` | High
+22 | File | `/var/run/watchman.pid` | High
 23 | File | `/wp-json/wc/v3/webhooks` | High
 24 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
 25 | File | `admin/app/mediamanager` | High
@ -134,7 +135,7 @@ ID | Type | Indicator | Confidence
 30 | File | `api/sms/send-sms` | High
 31 | ... | ... | ...

-There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT29/README.md
+++ b/actors/APT29/README.md
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...

-There are 22 more country items available. Please use our online service to access the data.
+There are 21 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -63,12 +63,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -81,40 +82,39 @@ ID | Type | Indicator | Confidence
 3 | File | `/admin/dl_sendmail.php` | High
 4 | File | `/admin/login.php` | High
 5 | File | `/admin/produts/controller.php` | High
-6 | File | `/admin/user/team` | High
-7 | File | `/Ap4RtpAtom.cpp` | High
-8 | File | `/bcms/admin/?page=user/list` | High
-9 | File | `/bsms/?page=manage_account` | High
-10 | File | `/context/%2e/WEB-INF/web.xml` | High
-11 | File | `/dashboard/reports/logs/view` | High
-12 | File | `/debug/pprof` | Medium
-13 | File | `/fuel/index.php/fuel/logs/items` | High
-14 | File | `/fuel/sitevariables/delete/4` | High
-15 | File | `/goform/aspForm` | High
-16 | File | `/hocms/classes/Master.php?f=delete_collection` | High
-17 | File | `/librarian/bookdetails.php` | High
-18 | File | `/mgmt/tm/util/bash` | High
-19 | File | `/monitoring` | Medium
-20 | File | `/ms/cms/content/list.do` | High
-21 | File | `/new` | Low
-22 | File | `/orms/` | Low
-23 | File | `/plesk-site-preview/` | High
-24 | File | `/proc/<pid>/status` | High
-25 | File | `/public/plugins/` | High
-26 | File | `/school/model/get_admin_profile.php` | High
-27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-28 | File | `/secure/QueryComponent!Default.jspa` | High
-29 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
-30 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-31 | File | `/student-grading-system/rms.php?page=grade` | High
-32 | File | `/timeline2.php` | High
-33 | File | `/tmp` | Low
-34 | File | `/uncpath/` | Medium
-35 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
-36 | File | `/wp-json/wc/v3/webhooks` | High
-37 | ... | ... | ...
+6 | File | `/Ap4RtpAtom.cpp` | High
+7 | File | `/bcms/admin/?page=user/list` | High
+8 | File | `/bsms/?page=manage_account` | High
+9 | File | `/cgi-bin/login.cgi` | High
+10 | File | `/ci_hms/massage_room/edit/1` | High
+11 | File | `/context/%2e/WEB-INF/web.xml` | High
+12 | File | `/dashboard/reports/logs/view` | High
+13 | File | `/debug/pprof` | Medium
+14 | File | `/fuel/index.php/fuel/logs/items` | High
+15 | File | `/fuel/sitevariables/delete/4` | High
+16 | File | `/goform/aspForm` | High
+17 | File | `/hocms/classes/Master.php?f=delete_collection` | High
+18 | File | `/hprms/admin/doctors/manage_doctor.php` | High
+19 | File | `/index/jobfairol/show/` | High
+20 | File | `/librarian/bookdetails.php` | High
+21 | File | `/mgmt/tm/util/bash` | High
+22 | File | `/monitoring` | Medium
+23 | File | `/ms/cms/content/list.do` | High
+24 | File | `/new` | Low
+25 | File | `/orms/` | Low
+26 | File | `/plesk-site-preview/` | High
+27 | File | `/proc/<pid>/status` | High
+28 | File | `/public/plugins/` | High
+29 | File | `/school/model/get_admin_profile.php` | High
+30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+31 | File | `/secure/QueryComponent!Default.jspa` | High
+32 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
+33 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+34 | File | `/student-grading-system/rms.php?page=grade` | High
+35 | File | `/timeline2.php` | High
+36 | ... | ... | ...

-There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT33/README.md
+++ b/actors/APT33/README.md
@ -17,8 +17,8 @@ The following _campaigns_ are known and can be associated with APT33:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:

 * [PT](https://vuldb.com/?country.pt)
-* [SV](https://vuldb.com/?country.sv)
 * [FR](https://vuldb.com/?country.fr)
+* [SV](https://vuldb.com/?country.sv)
 * ...

 There are 7 more country items available. Please use our online service to access the data.
@ -54,12 +54,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 16 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -68,42 +69,39 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `../FILEDIR` | Medium
-2 | File | `/admin.php/pic/admin/lists/zhuan` | High
-3 | File | `/admin.php/pic/admin/type/save` | High
-4 | File | `/admin.php/singer/admin/lists/zhuan` | High
-5 | File | `/admin.php/singer/admin/singer/del` | High
-6 | File | `/admin/?page=system_info/contact_info` | High
-7 | File | `/admin/add_post.php` | High
-8 | File | `/admin/conferences/list/` | High
-9 | File | `/admin/dl_sendmail.php` | High
-10 | File | `/admin/dl_sendsms.php` | High
-11 | File | `/admin/featured.php` | High
-12 | File | `/admin/general.cgi` | High
-13 | File | `/admin/general/change-lang` | High
-14 | File | `/admin/renewaldue.php` | High
-15 | File | `/admin/showbad.php` | High
-16 | File | `/admin/ztliuyan_sendmail.php` | High
-17 | File | `/Ap4RtpAtom.cpp` | High
-18 | File | `/api/programs/orgUnits?programs` | High
-19 | File | `/asms/classes/Master.php?f=save_product` | High
-20 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
-21 | File | `/bsms/?page=manage_account` | High
-22 | File | `/car-rental-management-system/admin/manage_booking.php` | High
-23 | File | `/car-rental-management-system/admin/manage_user.php` | High
-24 | File | `/cardo/api` | Medium
-25 | File | `/cgi-bin` | Medium
-26 | File | `/checklogin.jsp` | High
-27 | File | `/ctpms/classes/Users.php?f=save` | High
-28 | File | `/dashboard/blocks/stacks/view_details/` | High
-29 | File | `/expense_action.php` | High
-30 | File | `/ffos/admin/sales/receipt.php` | High
-31 | File | `/food/admin/all_users.php` | High
-32 | File | `/goform/aspForm` | High
-33 | File | `/goform/RgDhcp` | High
-34 | File | `/goform/RgUrlBlock.asp` | High
-35 | ... | ... | ...
+2 | File | `/(((a\2)|(a*)\g&lt/-1&gt/))*/` | High
+3 | File | `/admin/?page=system_info/contact_info` | High
+4 | File | `/admin/add_post.php` | High
+5 | File | `/admin/conferences/list/` | High
+6 | File | `/admin/dl_sendmail.php` | High
+7 | File | `/admin/featured.php` | High
+8 | File | `/admin/general.cgi` | High
+9 | File | `/admin/general/change-lang` | High
+10 | File | `/admin/renewaldue.php` | High
+11 | File | `/admin/showbad.php` | High
+12 | File | `/admin/ztliuyan_sendmail.php` | High
+13 | File | `/ajax/config_rollback/` | High
+14 | File | `/ajax/remove_sniffer_raw_log/` | High
+15 | File | `/Ap4RtpAtom.cpp` | High
+16 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
+17 | File | `/bsms/?page=manage_account` | High
+18 | File | `/car-rental-management-system/admin/manage_booking.php` | High
+19 | File | `/car-rental-management-system/admin/manage_user.php` | High
+20 | File | `/category.php` | High
+21 | File | `/cgi-bin` | Medium
+22 | File | `/checklogin.jsp` | High
+23 | File | `/ci_hms/massage_room/edit/1` | High
+24 | File | `/classes/Master.php?f=delete_schedule` | High
+25 | File | `/dashboard/blocks/stacks/view_details/` | High
+26 | File | `/ffos/admin/sales/receipt.php` | High
+27 | File | `/goform/aspForm` | High
+28 | File | `/goform/RgDhcp` | High
+29 | File | `/goform/RgUrlBlock.asp` | High
+30 | File | `/hprms/admin/rooms/manage_room.php` | High
+31 | File | `/hprms/admin/rooms/view_room.php` | High
+32 | ... | ... | ...

-There are 299 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT34/README.md
+++ b/actors/APT34/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [IR](https://vuldb.com/?country.ir)
 * ...

-There are 10 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -61,32 +61,32 @@ ID | Type | Indicator | Confidence
 1 | File | `.travis.yml` | Medium
 2 | File | `/.env` | Low
 3 | File | `/admin.php` | Medium
-4 | File | `/bdswebui/assignusers/` | High
-5 | File | `/etc/fstab` | Medium
-6 | File | `/file?action=download&file` | High
-7 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
-8 | File | `/medical/inventories.php` | High
-9 | File | `/mgmt/tm/util/bash` | High
-10 | File | `/monitoring` | Medium
-11 | File | `/plugins/servlet/audit/resource` | High
-12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
-13 | File | `/replication` | Medium
-14 | File | `/RestAPI` | Medium
-15 | File | `/SASWebReportStudio/logonAndRender.do` | High
-16 | File | `/scas/admin/` | Medium
-17 | File | `/tmp/speedtest_urls.xml` | High
-18 | File | `/tmp/zarafa-vacation-*` | High
-19 | File | `/uncpath/` | Medium
-20 | File | `/upload` | Low
-21 | File | `/var/log/nginx` | High
-22 | File | `/wp-content/plugins/updraftplus/admin.php` | High
-23 | File | `actions.hsp` | Medium
-24 | File | `add_to_cart.php` | High
-25 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
-26 | File | `ajax.php` | Medium
+4 | File | `/admin/countrymanagement.php` | High
+5 | File | `/admin/generalsettings.php` | High
+6 | File | `/admin/newsletter1.php` | High
+7 | File | `/admin/payment.php` | High
+8 | File | `/bdswebui/assignusers/` | High
+9 | File | `/etc/fstab` | Medium
+10 | File | `/file?action=download&file` | High
+11 | File | `/filemanager/upload/drop` | High
+12 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
+13 | File | `/medical/inventories.php` | High
+14 | File | `/mgmt/tm/util/bash` | High
+15 | File | `/monitoring` | Medium
+16 | File | `/plugins/servlet/audit/resource` | High
+17 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
+18 | File | `/replication` | Medium
+19 | File | `/RestAPI` | Medium
+20 | File | `/SASWebReportStudio/logonAndRender.do` | High
+21 | File | `/scas/admin/` | Medium
+22 | File | `/tmp/speedtest_urls.xml` | High
+23 | File | `/tmp/zarafa-vacation-*` | High
+24 | File | `/uncpath/` | Medium
+25 | File | `/upload` | Low
+26 | File | `/var/log/nginx` | High
 27 | ... | ... | ...

-There are 230 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT41/README.md
+++ b/actors/APT41/README.md
@ -61,12 +61,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+5 | T1068 | CWE-264, CWE-267, CWE-269, CWE-270, CWE-284 | Execution with Unnecessary Privileges | High
+6 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -119,7 +121,7 @@ ID | Type | Indicator | Confidence
 43 | File | `admin.php/comments/batchdel/` | High
 44 | ... | ... | ...

-There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 379 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/ActionRAT/README.md
+++ b/actors/ActionRAT/README.md
@ -31,12 +31,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1587.003 | CWE-295 | Improper Certificate Validation | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 1 more TTP items available. Please use our online service to access the data.
+There are 6 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Adwind/README.md
+++ b/actors/Adwind/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [FR](https://vuldb.com/?country.fr)
 * ...

-There are 16 more country items available. Please use our online service to access the data.
+There are 17 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -77,7 +77,7 @@ ID | Type | Indicator | Confidence
 6 | File | `administrator/components/com_media/helpers/media.php` | High
 7 | ... | ... | ...

-There are 49 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 50 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -66,42 +66,43 @@ ID | Type | Indicator | Confidence
 2 | File | `/.env` | Low
 3 | File | `/admin.php` | Medium
 4 | File | `/anony/mjpg.cgi` | High
-5 | File | `/customer_demo/index2.html` | High
-6 | File | `/file?action=download&file` | High
-7 | File | `/html/Solar_Ftp.php` | High
-8 | File | `/layout/class.xblogcomment.php` | High
-9 | File | `/manager/jsp/test.jsp` | High
-10 | File | `/medical/inventories.php` | High
-11 | File | `/monitoring` | Medium
-12 | File | `/plugins/servlet/audit/resource` | High
-13 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
-14 | File | `/public/login.htm` | High
-15 | File | `/replication` | Medium
-16 | File | `/RestAPI` | Medium
-17 | File | `/tmp/speedtest_urls.xml` | High
-18 | File | `/tmp/zarafa-vacation-*` | High
-19 | File | `/uncpath/` | Medium
-20 | File | `/upload` | Low
-21 | File | `/usr/bin/at` | Medium
-22 | File | `/var/log/nginx` | High
-23 | File | `/_vti_pvt/access.cnf` | High
-24 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
-25 | File | `admin/e_mesaj_yaz.asp` | High
-26 | File | `admin/profile.php` | High
-27 | File | `admin/salesadmin.php` | High
-28 | File | `admin/systemWebAdminConfig.do` | High
-29 | File | `admin11.cgi` | Medium
-30 | File | `admincp/auth/checklogin.php` | High
-31 | File | `agenda2.php3` | Medium
-32 | File | `ajax-actions.php` | High
-33 | File | `ajax/deletePage.php` | High
-34 | File | `ajouter_tva.php` | High
-35 | File | `apcupsd.pid` | Medium
-36 | File | `api/sms/send-sms` | High
-37 | File | `api/v1/alarms` | High
-38 | ... | ... | ...
+5 | File | `/file?action=download&file` | High
+6 | File | `/html/Solar_Ftp.php` | High
+7 | File | `/layout/class.xblogcomment.php` | High
+8 | File | `/manager/jsp/test.jsp` | High
+9 | File | `/medical/inventories.php` | High
+10 | File | `/monitoring` | Medium
+11 | File | `/plugins/servlet/audit/resource` | High
+12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
+13 | File | `/public/login.htm` | High
+14 | File | `/replication` | Medium
+15 | File | `/RestAPI` | Medium
+16 | File | `/tmp/speedtest_urls.xml` | High
+17 | File | `/tmp/zarafa-vacation-*` | High
+18 | File | `/uncpath/` | Medium
+19 | File | `/upload` | Low
+20 | File | `/usr/bin/at` | Medium
+21 | File | `/var/log/nginx` | High
+22 | File | `/_vti_pvt/access.cnf` | High
+23 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
+24 | File | `admin/e_mesaj_yaz.asp` | High
+25 | File | `admin/profile.php` | High
+26 | File | `admin/salesadmin.php` | High
+27 | File | `admin/systemWebAdminConfig.do` | High
+28 | File | `admin11.cgi` | Medium
+29 | File | `admincp/auth/checklogin.php` | High
+30 | File | `agenda2.php3` | Medium
+31 | File | `ajax-actions.php` | High
+32 | File | `ajax/deletePage.php` | High
+33 | File | `ajouter_tva.php` | High
+34 | File | `apcupsd.pid` | Medium
+35 | File | `api/sms/send-sms` | High
+36 | File | `api/v1/alarms` | High
+37 | File | `application/controller/InstallerController.php` | High
+38 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
+39 | ... | ... | ...

-There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 332 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Tesla/README.md
+++ b/Tesla/README.md
@ -45,12 +45,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 4 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -103,7 +104,7 @@ ID | Type | Indicator | Confidence
 43 | File | `cart_add.php` | Medium
 44 | ... | ... | ...

-There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/AmmyyRAT/README.md
+++ b/actors/AmmyyRAT/README.md
@ -18,6 +18,15 @@ ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [185.99.133.83](https://vuldb.com/?ip.185.99.133.83) | rns.nz.zappiehost.com | - | High

+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AmmyyRAT_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1574 | CWE-426 | Untrusted Search Path | High
+
 ## IOA - Indicator of Attack

 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AmmyyRAT. This data is unique as it uses our predictive model for actor profiling.
--- a/actors/Arkei/README.md
+++ b/actors/Arkei/README.md
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Arkei:

 * [US](https://vuldb.com/?country.us)
-* [CN](https://vuldb.com/?country.cn)
 * [FR](https://vuldb.com/?country.fr)
+* [CN](https://vuldb.com/?country.cn)
 * ...

-There are 4 more country items available. Please use our online service to access the data.
+There are 6 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -21,9 +21,15 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [37.252.15.126](https://vuldb.com/?ip.37.252.15.126) | google.com | - | High
-2 | [85.208.185.13](https://vuldb.com/?ip.85.208.185.13) | vm3155616.1nvme.had.wf | - | High
-3 | [185.7.214.239](https://vuldb.com/?ip.185.7.214.239) | - | - | High
+1 | [5.79.66.145](https://vuldb.com/?ip.5.79.66.145) | mail.zzz.com.ua | - | High
+2 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
+3 | [37.252.15.126](https://vuldb.com/?ip.37.252.15.126) | google.com | - | High
+4 | [72.21.81.240](https://vuldb.com/?ip.72.21.81.240) | - | - | High
+5 | [74.125.155.202](https://vuldb.com/?ip.74.125.155.202) | - | - | High
+6 | [74.125.155.216](https://vuldb.com/?ip.74.125.155.216) | - | - | High
+7 | ... | ... | ... | ...
+
+There are 22 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -31,8 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
+
+There are 4 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -46,12 +56,13 @@ ID | Type | Indicator | Confidence
 4 | File | `data/gbconfiguration.dat` | High
 5 | ... | ... | ...

-There are 29 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 31 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

+* https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html
 * https://blogs.blackberry.com/en/2022/02/threat-thursday-arkei-infostealer

 ## Literature
--- a/actors/AsyncRAT/README.md
+++ b/actors/AsyncRAT/README.md
@ -19,6 +19,14 @@ ID | IP address | Hostname | Campaign | Confidence
 1 | [94.130.207.164](https://vuldb.com/?ip.94.130.207.164) | static.164.207.130.94.clients.your-server.de | - | High
 2 | [141.95.89.79](https://vuldb.com/?ip.141.95.89.79) | ip79.ip-141-95-89.eu | - | High

+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AsyncRAT_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1592 | CWE-200 | Configuration | High
+
 ## IOA - Indicator of Attack

 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AsyncRAT. This data is unique as it uses our predictive model for actor profiling.
--- a/actors/Autoit/README.md
+++ b/actors/Autoit/README.md
@ -39,12 +39,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/B1txor20/README.md
+++ b/actors/B1txor20/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...

-There are 5 more country items available. Please use our online service to access the data.
+There are 8 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -45,12 +45,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1008 | CWE-757 | Algorithm Downgrade | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -58,43 +60,35 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `//proc/kcore` | Medium
-2 | File | `/admin/scheprofile.cgi` | High
-3 | File | `/admin/showbad.php` | High
-4 | File | `/admin/ztliuyan_sendmail.php` | High
-5 | File | `/alarm_pi/alarmService.php` | High
-6 | File | `/bsms/?page=manage_account` | High
-7 | File | `/cgi-bin/webproc` | High
-8 | File | `/cgi/get_param.cgi` | High
-9 | File | `/company` | Medium
-10 | File | `/company/down_resume/total/nature` | High
-11 | File | `/company/service/increment/add/im` | High
-12 | File | `/dashboard/blocks/stacks/view_details/` | High
-13 | File | `/dashboard/reports/logs/view` | High
-14 | File | `/dashboard/snapshot/*?orgId=0` | High
-15 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
-16 | File | `/defaultui/player/modern.html` | High
-17 | File | `/dl/dl_sendmail.php` | High
-18 | File | `/dl/dl_sendsms.php` | High
-19 | File | `/forum/away.php` | High
-20 | File | `/fuel/sitevariables/delete/4` | High
-21 | File | `/goform/aspForm` | High
-22 | File | `/goform/SetFirewallCfg` | High
-23 | File | `/goform/wlanPrimaryNetwork` | High
-24 | File | `/home/campus/campus_job` | High
-25 | File | `/home/job/index` | High
-26 | File | `/home/job/map` | High
-27 | File | `/IISADMPWD` | Medium
-28 | File | `/images/background/1.php` | High
-29 | File | `/index.php/weblinks-categories` | High
-30 | File | `/index.php?action=seomatic/file/seo-file-link` | High
-31 | File | `/index/notice/show` | High
-32 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
-33 | File | `/job` | Low
-34 | File | `/linkedcontent/editfolder.php` | High
-35 | ... | ... | ...
+1 | File | `/action/import_https_cert_file/` | High
+2 | File | `/action/remove/` | High
+3 | File | `/admin/featured.php` | High
+4 | File | `/admin/inquiries/view_details.php` | High
+5 | File | `/ajax/config_rollback/` | High
+6 | File | `/alarm_pi/alarmService.php` | High
+7 | File | `/api/admin/attachments/upload` | High
+8 | File | `/bsms/?page=manage_account` | High
+9 | File | `/cgi-bin/login.cgi` | High
+10 | File | `/ci_hms/massage_room/edit/1` | High
+11 | File | `/ci_hms/search` | High
+12 | File | `/classes/Master.php?f=delete_reservation` | High
+13 | File | `/classes/Master.php?f=delete_schedule` | High
+14 | File | `/classes/Master.php?f=delete_train` | High
+15 | File | `/College/admin/teacher.php` | High
+16 | File | `/company` | Medium
+17 | File | `/company/down_resume/total/nature` | High
+18 | File | `/company/service/increment/add/im` | High
+19 | File | `/dashboard/blocks/stacks/view_details/` | High
+20 | File | `/dashboard/reports/logs/view` | High
+21 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
+22 | File | `/forum/away.php` | High
+23 | File | `/home/campus/campus_job` | High
+24 | File | `/home/job/index` | High
+25 | File | `/home/job/map` | High
+26 | File | `/hprms/admin/doctors/manage_doctor.php` | High
+27 | ... | ... | ...

-There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 230 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Bitter/README.md
+++ b/actors/Bitter/README.md
@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 3 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/BlackCat/README.md
+++ b/actors/BlackCat/README.md
@ -47,23 +47,23 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin.php/admin/plog/index.html` | High
-2 | File | `/admin.php/admin/ulog/index.html` | High
-3 | File | `/admin.php/Label/js_del` | High
-4 | File | `/admin.php/Label/page_del` | High
-5 | File | `/admin.php/user/zu_del` | High
-6 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
-7 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
-8 | File | `/admin/edit.php` | High
-9 | File | `/admin/inbox.php&action=read` | High
-10 | File | `/admin/new-content` | High
-11 | File | `/admin/posts.php` | High
-12 | File | `/admin/posts.php&action=delete` | High
-13 | File | `/admin/run_ajax.php` | High
-14 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-15 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
-16 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
-17 | File | `/api/programs/orgUnits?programs` | High
+1 | File | `/admin.php/Label/js_del` | High
+2 | File | `/admin.php/Label/page_del` | High
+3 | File | `/admin.php/user/zu_del` | High
+4 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
+5 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
+6 | File | `/admin/edit.php` | High
+7 | File | `/admin/edit_admin_details.php?id=admin` | High
+8 | File | `/admin/inbox.php&action=read` | High
+9 | File | `/admin/new-content` | High
+10 | File | `/admin/posts.php` | High
+11 | File | `/admin/posts.php&action=delete` | High
+12 | File | `/admin/run_ajax.php` | High
+13 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
+14 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
+15 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
+16 | File | `/api/programs/orgUnits?programs` | High
+17 | File | `/application/controllers/Users.php` | High
 18 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
 19 | File | `/bcms/admin/?page=service_transactions/manage_service_transaction` | High
 20 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
@ -73,19 +73,19 @@ ID | Type | Indicator | Confidence
 24 | File | `/cgi/get_param.cgi` | High
 25 | File | `/checklogin.jsp` | High
 26 | File | `/cms/classes/Master.php?f=delete_service` | High
-27 | File | `/ctpms/admin/?page=individuals/view_individual` | High
-28 | File | `/ctpms/classes/Master.php?f=delete_img` | High
-29 | File | `/dashboard/snapshot/*?orgId=0` | High
-30 | File | `/etc/ajenti/config.yml` | High
-31 | File | `/fuel/sitevariables/delete/4` | High
-32 | File | `/goform/AdvSetLanIp` | High
-33 | File | `/goform/aspForm` | High
-34 | File | `/goform/SetNetControlList` | High
-35 | File | `/goform/setNetworkLan` | High
-36 | File | `/goform/websURLFilterAddDel` | High
+27 | File | `/company/account/safety/trade` | High
+28 | File | `/ctpms/admin/?page=individuals/view_individual` | High
+29 | File | `/ctpms/classes/Master.php?f=delete_img` | High
+30 | File | `/dashboard/reports/logs/view` | High
+31 | File | `/dashboard/snapshot/*?orgId=0` | High
+32 | File | `/etc/ajenti/config.yml` | High
+33 | File | `/fuel/sitevariables/delete/4` | High
+34 | File | `/goform/AdvSetLanIp` | High
+35 | File | `/goform/aspForm` | High
+36 | File | `/goform/SetNetControlList` | High
 37 | ... | ... | ...

-There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/BlackEnergy/README.md
+++ b/actors/BlackEnergy/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...

-There are 24 more country items available. Please use our online service to access the data.
+There are 23 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -59,35 +59,35 @@ ID | Type | Indicator | Confidence
 7 | File | `/api/upload` | Medium
 8 | File | `/bcms/admin/?page=user/list` | High
 9 | File | `/bsms/?page=manage_account` | High
-10 | File | `/cgi-bin` | Medium
+10 | File | `/cgi-bin/login.cgi` | High
 11 | File | `/context/%2e/WEB-INF/web.xml` | High
 12 | File | `/dashboard/reports/logs/view` | High
 13 | File | `/debug/pprof` | Medium
 14 | File | `/fuel/index.php/fuel/logs/items` | High
 15 | File | `/fuel/sitevariables/delete/4` | High
-16 | File | `/librarian/bookdetails.php` | High
-17 | File | `/mgmt/tm/util/bash` | High
-18 | File | `/monitoring` | Medium
-19 | File | `/new` | Low
-20 | File | `/proc/<pid>/status` | High
-21 | File | `/public/plugins/` | High
-22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-23 | File | `/secure/QueryComponent!Default.jspa` | High
-24 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
-25 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-26 | File | `/tmp` | Low
-27 | File | `/uncpath/` | Medium
-28 | File | `/usr/bin/pkexec` | High
-29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
-30 | File | `/wp-json/wc/v3/webhooks` | High
-31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-32 | File | `AccountManagerService.java` | High
-33 | File | `actions/CompanyDetailsSave.php` | High
-34 | File | `ActiveServices.java` | High
-35 | File | `ActivityManagerService.java` | High
+16 | File | `/hprms/admin/doctors/manage_doctor.php` | High
+17 | File | `/index/jobfairol/show/` | High
+18 | File | `/librarian/bookdetails.php` | High
+19 | File | `/mgmt/tm/util/bash` | High
+20 | File | `/monitoring` | Medium
+21 | File | `/new` | Low
+22 | File | `/proc/<pid>/status` | High
+23 | File | `/public/plugins/` | High
+24 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+25 | File | `/secure/QueryComponent!Default.jspa` | High
+26 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
+27 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+28 | File | `/tmp` | Low
+29 | File | `/uncpath/` | Medium
+30 | File | `/usr/bin/pkexec` | High
+31 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
+32 | File | `/wp-json/wc/v3/webhooks` | High
+33 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+34 | File | `AccountManagerService.java` | High
+35 | File | `actions/CompanyDetailsSave.php` | High
 36 | ... | ... | ...

-There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 305 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Bouncing
+++ b/actors/Bouncing
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 5 more TTP items available. Please use our online service to access the data.
+There are 6 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -73,7 +73,7 @@ ID | Type | Indicator | Confidence
 24 | File | `authent.php4` | Medium
 25 | ... | ... | ...

-There are 211 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 212 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Starlight/README.md
+++ b/Starlight/README.md
@ -0,0 +1,72 @@
+# Bronze Starlight - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bronze Starlight](https://vuldb.com/?actor.bronze_starlight). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bronze_starlight](https://vuldb.com/?actor.bronze_starlight)
+
+## Campaigns
+
+The following _campaigns_ are known and can be associated with Bronze Starlight:
+
+* HUI Loader
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bronze Starlight:
+
+* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)
+* [RU](https://vuldb.com/?country.ru)
+* ...
+
+There are 4 more country items available. Please use our online service to access the data.
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bronze Starlight.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [45.32.101.191](https://vuldb.com/?ip.45.32.101.191) | 45.32.101.191.vultrusercontent.com | HUI Loader | High
+2 | [45.61.139.38](https://vuldb.com/?ip.45.61.139.38) | - | HUI Loader | High
+3 | [172.105.229.30](https://vuldb.com/?ip.172.105.229.30) | 172-105-229-30.ip.linodeusercontent.com | HUI Loader | High
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Bronze Starlight_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1548.002 | CWE-285 | Improper Authorization | High
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bronze Starlight. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `/bl-plugins/backup/plugin.php` | High
+2 | File | `adm/config_form_update.php` | High
+3 | File | `blocking_request.cgi` | High
+4 | ... | ... | ...
+
+There are 8 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Bumblebee/README.md
+++ b/actors/Bumblebee/README.md
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bumblebee:

+* [VN](https://vuldb.com/?country.vn)
 * [US](https://vuldb.com/?country.us)
-* [RU](https://vuldb.com/?country.ru)
-* [CN](https://vuldb.com/?country.cn)
+* [NL](https://vuldb.com/?country.nl)
 * ...

-There are 34 more country items available. Please use our online service to access the data.
+There are 2 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -21,7 +21,104 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [23.81.246.187](https://vuldb.com/?ip.23.81.246.187) | - | - | High
+1 | [0.42.131.123](https://vuldb.com/?ip.0.42.131.123) | - | - | High
+2 | [0.134.23.62](https://vuldb.com/?ip.0.134.23.62) | - | - | High
+3 | [0.151.228.146](https://vuldb.com/?ip.0.151.228.146) | - | - | High
+4 | [1.32.39.22](https://vuldb.com/?ip.1.32.39.22) | - | - | High
+5 | [1.39.166.217](https://vuldb.com/?ip.1.39.166.217) | 1-39-166-217.live.vodafone.in | - | High
+6 | [2.97.24.126](https://vuldb.com/?ip.2.97.24.126) | host-2-97-24-126.as13285.net | - | High
+7 | [2.190.89.140](https://vuldb.com/?ip.2.190.89.140) | - | - | High
+8 | [2.211.111.213](https://vuldb.com/?ip.2.211.111.213) | dynamic-002-211-111-213.2.211.pool.telefonica.de | - | High
+9 | [3.172.226.46](https://vuldb.com/?ip.3.172.226.46) | - | - | High
+10 | [4.165.175.212](https://vuldb.com/?ip.4.165.175.212) | - | - | High
+11 | [5.152.80.211](https://vuldb.com/?ip.5.152.80.211) | - | - | High
+12 | [5.239.33.172](https://vuldb.com/?ip.5.239.33.172) | - | - | High
+13 | [6.30.139.246](https://vuldb.com/?ip.6.30.139.246) | - | - | High
+14 | [6.249.22.42](https://vuldb.com/?ip.6.249.22.42) | - | - | High
+15 | [7.233.9.154](https://vuldb.com/?ip.7.233.9.154) | - | - | High
+16 | [8.12.181.20](https://vuldb.com/?ip.8.12.181.20) | - | - | High
+17 | [9.63.15.101](https://vuldb.com/?ip.9.63.15.101) | - | - | High
+18 | [9.240.112.25](https://vuldb.com/?ip.9.240.112.25) | - | - | High
+19 | [10.28.17.62](https://vuldb.com/?ip.10.28.17.62) | - | - | High
+20 | [11.1.201.27](https://vuldb.com/?ip.11.1.201.27) | - | - | High
+21 | [12.75.186.131](https://vuldb.com/?ip.12.75.186.131) | 131.newark-21-23rs.nj.dial-access.att.net | - | High
+22 | [12.115.36.174](https://vuldb.com/?ip.12.115.36.174) | - | - | High
+23 | [12.153.80.238](https://vuldb.com/?ip.12.153.80.238) | - | - | High
+24 | [12.202.229.195](https://vuldb.com/?ip.12.202.229.195) | - | - | High
+25 | [12.236.242.155](https://vuldb.com/?ip.12.236.242.155) | - | - | High
+26 | [13.2.200.200](https://vuldb.com/?ip.13.2.200.200) | - | - | High
+27 | [13.218.205.215](https://vuldb.com/?ip.13.218.205.215) | - | - | High
+28 | [14.7.69.141](https://vuldb.com/?ip.14.7.69.141) | - | - | High
+29 | [14.40.68.19](https://vuldb.com/?ip.14.40.68.19) | - | - | High
+30 | [14.102.170.127](https://vuldb.com/?ip.14.102.170.127) | cache-ipnet01.nexlogic.ph | - | High
+31 | [14.155.143.74](https://vuldb.com/?ip.14.155.143.74) | - | - | High
+32 | [14.163.179.250](https://vuldb.com/?ip.14.163.179.250) | static.vnpt.vn | - | High
+33 | [15.209.19.148](https://vuldb.com/?ip.15.209.19.148) | - | - | High
+34 | [18.8.71.243](https://vuldb.com/?ip.18.8.71.243) | - | - | High
+35 | [18.127.96.221](https://vuldb.com/?ip.18.127.96.221) | - | - | High
+36 | [19.32.56.182](https://vuldb.com/?ip.19.32.56.182) | - | - | High
+37 | [19.71.13.153](https://vuldb.com/?ip.19.71.13.153) | - | - | High
+38 | [20.150.149.28](https://vuldb.com/?ip.20.150.149.28) | - | - | High
+39 | [21.21.141.32](https://vuldb.com/?ip.21.21.141.32) | - | - | High
+40 | [21.29.238.98](https://vuldb.com/?ip.21.29.238.98) | - | - | High
+41 | [21.175.22.99](https://vuldb.com/?ip.21.175.22.99) | - | - | High
+42 | [21.246.85.34](https://vuldb.com/?ip.21.246.85.34) | - | - | High
+43 | [22.83.186.45](https://vuldb.com/?ip.22.83.186.45) | - | - | High
+44 | [22.175.0.90](https://vuldb.com/?ip.22.175.0.90) | - | - | High
+45 | [23.81.246.187](https://vuldb.com/?ip.23.81.246.187) | - | - | High
+46 | [23.254.201.97](https://vuldb.com/?ip.23.254.201.97) | hwsrv-974106.hostwindsdns.com | - | High
+47 | [23.254.217.222](https://vuldb.com/?ip.23.254.217.222) | hwsrv-976272.hostwindsdns.com | - | High
+48 | [24.4.68.32](https://vuldb.com/?ip.24.4.68.32) | c-24-4-68-32.hsd1.ca.comcast.net | - | High
+49 | [24.57.185.167](https://vuldb.com/?ip.24.57.185.167) | d24-57-185-167.home.cgocable.net | - | High
+50 | [24.121.25.160](https://vuldb.com/?ip.24.121.25.160) | 24-121-25-160.sdoncmtk01.com.dyn.suddenlink.net | - | High
+51 | [25.5.198.104](https://vuldb.com/?ip.25.5.198.104) | - | - | High
+52 | [25.170.215.18](https://vuldb.com/?ip.25.170.215.18) | - | - | High
+53 | [25.181.64.39](https://vuldb.com/?ip.25.181.64.39) | - | - | High
+54 | [26.6.83.53](https://vuldb.com/?ip.26.6.83.53) | - | - | High
+55 | [28.53.120.108](https://vuldb.com/?ip.28.53.120.108) | - | - | High
+56 | [28.107.38.196](https://vuldb.com/?ip.28.107.38.196) | - | - | High
+57 | [28.148.236.16](https://vuldb.com/?ip.28.148.236.16) | - | - | High
+58 | [29.64.0.111](https://vuldb.com/?ip.29.64.0.111) | - | - | High
+59 | [29.122.243.158](https://vuldb.com/?ip.29.122.243.158) | - | - | High
+60 | [30.17.4.146](https://vuldb.com/?ip.30.17.4.146) | - | - | High
+61 | [30.65.48.152](https://vuldb.com/?ip.30.65.48.152) | - | - | High
+62 | [30.205.76.70](https://vuldb.com/?ip.30.205.76.70) | - | - | High
+63 | [31.228.253.114](https://vuldb.com/?ip.31.228.253.114) | - | - | High
+64 | [32.181.245.23](https://vuldb.com/?ip.32.181.245.23) | - | - | High
+65 | [33.93.97.183](https://vuldb.com/?ip.33.93.97.183) | - | - | High
+66 | [33.145.184.132](https://vuldb.com/?ip.33.145.184.132) | - | - | High
+67 | [34.229.154.31](https://vuldb.com/?ip.34.229.154.31) | ec2-34-229-154-31.compute-1.amazonaws.com | - | Medium
+68 | [35.120.155.220](https://vuldb.com/?ip.35.120.155.220) | - | - | High
+69 | [36.110.58.103](https://vuldb.com/?ip.36.110.58.103) | 103.58.110.36.static.bjtelecom.net | - | High
+70 | [37.64.220.2](https://vuldb.com/?ip.37.64.220.2) | 2.220.64.37.rev.sfr.net | - | High
+71 | [37.72.174.23](https://vuldb.com/?ip.37.72.174.23) | 37-72-174-23.static.hvvc.us | - | High
+72 | [37.120.198.248](https://vuldb.com/?ip.37.120.198.248) | - | - | High
+73 | [38.12.57.131](https://vuldb.com/?ip.38.12.57.131) | - | - | High
+74 | [39.57.152.217](https://vuldb.com/?ip.39.57.152.217) | - | - | High
+75 | [40.72.17.141](https://vuldb.com/?ip.40.72.17.141) | - | - | High
+76 | [41.28.188.77](https://vuldb.com/?ip.41.28.188.77) | vc-gp-s-41-28-188-77.umts.vodacom.co.za | - | High
+77 | [41.56.181.200](https://vuldb.com/?ip.41.56.181.200) | - | - | High
+78 | [45.3.236.177](https://vuldb.com/?ip.45.3.236.177) | 045-003-236-177.biz.spectrum.com | - | High
+79 | [45.84.0.13](https://vuldb.com/?ip.45.84.0.13) | vm523902.stark-industries.solutions | - | High
+80 | [45.138.172.246](https://vuldb.com/?ip.45.138.172.246) | - | - | High
+81 | [45.142.214.120](https://vuldb.com/?ip.45.142.214.120) | vm516885.stark-industries.solutions | - | High
+82 | [45.142.214.167](https://vuldb.com/?ip.45.142.214.167) | - | - | High
+83 | [45.147.229.50](https://vuldb.com/?ip.45.147.229.50) | - | - | High
+84 | [45.147.229.101](https://vuldb.com/?ip.45.147.229.101) | - | - | High
+85 | [45.147.229.199](https://vuldb.com/?ip.45.147.229.199) | - | - | High
+86 | [45.147.231.202](https://vuldb.com/?ip.45.147.231.202) | - | - | High
+87 | [45.153.240.139](https://vuldb.com/?ip.45.153.240.139) | - | - | High
+88 | [45.153.241.187](https://vuldb.com/?ip.45.153.241.187) | - | - | High
+89 | [45.153.241.234](https://vuldb.com/?ip.45.153.241.234) | - | - | High
+90 | [46.21.153.145](https://vuldb.com/?ip.46.21.153.145) | 145.153.21.46.static.swiftway.net | - | High
+91 | [46.44.240.53](https://vuldb.com/?ip.46.44.240.53) | 46-44-240-53.ip.welcomeitalia.it | - | High
+92 | [47.27.63.45](https://vuldb.com/?ip.47.27.63.45) | 047-027-063-045.res.spectrum.com | - | High
+93 | [47.58.200.234](https://vuldb.com/?ip.47.58.200.234) | 47-58-200-234.red-acceso.airtel.net | - | High
+94 | [48.165.175.199](https://vuldb.com/?ip.48.165.175.199) | - | - | High
+95 | [48.209.106.172](https://vuldb.com/?ip.48.209.106.172) | - | - | High
+96 | ... | ... | ... | ...
+
+There are 382 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -29,12 +126,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -42,58 +140,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
-2 | File | `/+CSCOE+/logon.html` | High
-3 | File | `/6/api.php?function=command&class=remote&Cc='ls'` | High
-4 | File | `/about.php` | Medium
-5 | File | `/admin.php?action=themeinstall` | High
-6 | File | `/admin/contenttemp` | High
-7 | File | `/admin/modules/system/custom_field.php` | High
-8 | File | `/api/crontab` | Medium
-9 | File | `/bin/boa` | Medium
-10 | File | `/category_view.php` | High
-11 | File | `/cgi-bin/wapopen` | High
-12 | File | `/cgi-mod/lookup.cgi` | High
-13 | File | `/common/info.cgi` | High
-14 | File | `/common/ticket_associated_tickets.php` | High
-15 | File | `/config/getuser` | High
-16 | File | `/debug/pprof` | Medium
-17 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
-18 | File | `/iissamples` | Medium
-19 | File | `/interface/main/backup.php` | High
-20 | File | `/new` | Low
-21 | File | `/platform.cgi` | High
-22 | File | `/public/plugins/` | High
-23 | File | `/requests.php` | High
-24 | File | `/sbin/gs_config` | High
-25 | File | `/scripts/cpan_config` | High
-26 | File | `/secure/QueryComponent!Default.jspa` | High
-27 | File | `/spip.php` | Medium
-28 | File | `/uncpath/` | Medium
-29 | File | `/usr/bin/pkexec` | High
-30 | File | `/usr/sbin/nagios` | High
-31 | File | `/usr/sbin/suexec` | High
-32 | File | `/WEB-INF/web.xml` | High
-33 | File | `/webman/info.cgi` | High
-34 | File | `/wp-admin/admin-ajax.php` | High
-35 | File | `/wp-json/oembed/1.0/embed?url` | High
-36 | File | `/wp-json/wc/v3/webhooks` | High
-37 | File | `/_internal` | Medium
-38 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-39 | File | `adclick.php` | Medium
-40 | File | `admin.php?page=languages` | High
-41 | File | `admin/admin_users.php` | High
-42 | File | `admin/conf_users_edit.php` | High
-43 | File | `admin/index.php` | High
-44 | ... | ... | ...
+1 | File | `/ci_hms/massage_room/edit/1` | High
+2 | File | `/ci_hms/search` | High
+3 | File | `/ci_ssms/index.php/orders/create` | High
+4 | File | `/College/admin/teacher.php` | High
+5 | File | `/pdfalto/src/pdfalto.cc` | High
+6 | File | `/pms/index.php` | High
+7 | File | `/pms/update_user.php?user_id=1` | High
+8 | File | `/resources//../` | High
+9 | File | `/storage/innobase/handler/handler0alter.cc` | High
+10 | ... | ... | ...

-There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 77 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

 * https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_01.06.2022.txt
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_02.06.2022.txt
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_03.06.2022.txt
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_07.06.2022.txt
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_09.06.2022.txt
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_13.06.2022.txt
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_14.06.2022.txt
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_15.06.2022.txt
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_16.06.2022.txt
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_17.06.2022.txt
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_23.06.2022.txt
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_27.05.2022.txt
+* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_27.06.2022.txt

 ## Literature

--- a/actors/Candiru/README.md
+++ b/actors/Candiru/README.md
@ -43,12 +43,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
+7 | ... | ... | ... | ...

-There are 9 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -84,17 +87,17 @@ ID | Type | Indicator | Confidence
 26 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
 27 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
 28 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
-29 | File | `/login` | Low
-30 | File | `/mngset/authset` | High
-31 | File | `/module/module_frame/index.php` | High
-32 | File | `/notice-edit.php` | High
+29 | File | `/librarian/bookdetails.php` | High
+30 | File | `/login` | Low
+31 | File | `/mngset/authset` | High
+32 | File | `/module/module_frame/index.php` | High
 33 | File | `/nova/bin/sniffer` | High
 34 | File | `/ofcms/company-c-47` | High
 35 | File | `/proc/*/cmdline"` | High
 36 | File | `/proc/pid/syscall` | High
 37 | ... | ... | ...

-There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Carbanak/README.md
+++ b/actors/Carbanak/README.md
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [SE](https://vuldb.com/?country.se)
 * ...

-There are 29 more country items available. Please use our online service to access the data.
+There are 30 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

--- a/actors/ChaChi/README.md
+++ b/actors/ChaChi/README.md
@ -37,12 +37,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Chafer/README.md
+++ b/actors/Chafer/README.md
@ -55,14 +55,15 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `//etc/RT2870STA.dat` | High
 2 | File | `/admin/index.php?id=themes&action=edit_template&filename=blog` | High
-3 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
-4 | File | `/jquery_file_upload/server/php/index.php` | High
-5 | File | `/magnoliaPublic/travel/members/login.html` | High
-6 | File | `/Main_AdmStatus_Content.asp` | High
-7 | File | `/uncpath/` | Medium
-8 | ... | ... | ...
+3 | File | `/bin/boa` | Medium
+4 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
+5 | File | `/jquery_file_upload/server/php/index.php` | High
+6 | File | `/magnoliaPublic/travel/members/login.html` | High
+7 | File | `/Main_AdmStatus_Content.asp` | High
+8 | File | `/uncpath/` | Medium
+9 | ... | ... | ...

-There are 59 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 62 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Chthonic/README.md
+++ b/actors/Chthonic/README.md
@ -104,7 +104,7 @@ ID | Type | Indicator | Confidence
 29 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
 30 | ... | ... | ...

-There are 258 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 256 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Group/README.md
+++ b/Group/README.md
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Group:

+* [ES](https://vuldb.com/?country.es)
 * [SV](https://vuldb.com/?country.sv)
-* [FR](https://vuldb.com/?country.fr)
 * [IT](https://vuldb.com/?country.it)
 * ...

@ -35,12 +35,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 10 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -48,43 +50,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin.php/Label/js_del` | High
-2 | File | `/admin.php/news/admin/topic/save` | High
-3 | File | `/admin/comn/service/update.json` | High
-4 | File | `/admin/customers.php?page=1&cID` | High
-5 | File | `/admin/link/link_ok.php` | High
-6 | File | `/admin/show.php` | High
-7 | File | `/administrator/alerts/alertLightbox.php` | High
-8 | File | `/app/register.php` | High
-9 | File | `/bcms/admin/courts/view_court.php` | High
-10 | File | `/CommunitySSORedirect.jsp` | High
-11 | File | `/config` | Low
-12 | File | `/ctpms/admin/individuals/update_status.php` | High
-13 | File | `/data/sqldata` | High
-14 | File | `/feedback/post/` | High
-15 | File | `/goform/saveParentControlInfo` | High
-16 | File | `/goform/SetClientState` | High
-17 | File | `/goform/setDeviceSettings` | High
-18 | File | `/goform/SetPptpServerCfg` | High
-19 | File | `/help/treecontent.jsp` | High
-20 | File | `/home/jobfairol/resumelist` | High
-21 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
-22 | File | `/index.php?page=reserve` | High
-23 | File | `/ip/car-rental-management-system/admin/ajax.php?action=login` | High
-24 | File | `/ocwbs/admin/?page=bookings/view_details` | High
-25 | File | `/ocwbs/admin/?page=user/manage_user` | High
-26 | File | `/ocwbs/admin/services/manage_service.php` | High
-27 | File | `/ocwbs/classes/Master.php?f=delete_booking` | High
-28 | File | `/ocwbs/classes/Master.php?f=delete_vehicle` | High
-29 | File | `/ofrs/admin/?page=user/manage_user` | High
-30 | File | `/ordering/admin/stockin/index.php?view=edit` | High
-31 | File | `/public/launchNewWindow.jsp` | High
-32 | File | `/purchase_order/admin/?page=user` | High
-33 | File | `/rdms/admin/incident_reports/view_report.php` | High
-34 | File | `/rdms/admin/respondent_types/manage_respondent_type.php` | High
-35 | ... | ... | ...
+1 | File | `//proc/kcore` | Medium
+2 | File | `/admin.php/Label/js_del` | High
+3 | File | `/admin.php/news/admin/topic/save` | High
+4 | File | `/admin/comn/service/update.json` | High
+5 | File | `/admin/general.cgi` | High
+6 | File | `/admin/reports.php` | High
+7 | File | `/admin/service/stop/` | High
+8 | File | `/admin/usermanagement.php` | High
+9 | File | `/administrator/alerts/alertLightbox.php` | High
+10 | File | `/bcms/admin/courts/view_court.php` | High
+11 | File | `/category.php` | High
+12 | File | `/CommunitySSORedirect.jsp` | High
+13 | File | `/config` | Low
+14 | File | `/ctpms/admin/individuals/update_status.php` | High
+15 | File | `/filemanager/upload/drop` | High
+16 | File | `/freelance/resume_list` | High
+17 | File | `/goform/aspForm` | High
+18 | File | `/goform/saveParentControlInfo` | High
+19 | File | `/goform/SetClientState` | High
+20 | File | `/goform/setDeviceSettings` | High
+21 | File | `/help/treecontent.jsp` | High
+22 | File | `/home/jobfairol/resumelist` | High
+23 | File | `/hprms/admin/rooms/view_room.php` | High
+24 | File | `/hprms/classes/Master.php?f=delete_message` | High
+25 | File | `/images/background/1.php` | High
+26 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
+27 | File | `/ip/car-rental-management-system/admin/ajax.php?action=login` | High
+28 | File | `/lists/admin/` | High
+29 | File | `/modules/mindmap/index.php` | High
+30 | File | `/ocwbs/admin/?page=bookings/view_details` | High
+31 | File | `/ocwbs/admin/?page=user/manage_user` | High
+32 | File | `/ocwbs/admin/services/manage_service.php` | High
+33 | File | `/ocwbs/classes/Master.php?f=delete_booking` | High
+34 | File | `/ocwbs/classes/Master.php?f=delete_vehicle` | High
+35 | File | `/odfs/classes/Master.php?f=save_category` | High
+36 | ... | ... | ...

-There are 297 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Strike/README.md
+++ b/Strike/README.md
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
-* [DE](https://vuldb.com/?country.de)
+* [JP](https://vuldb.com/?country.jp)
 * ...

 There are 9 more country items available. Please use our online service to access the data.
@ -44,7 +44,7 @@ ID | IP address | Hostname | Campaign | Confidence
 21 | [51.68.93.185](https://vuldb.com/?ip.51.68.93.185) | - | - | High
 22 | ... | ... | ... | ...

-There are 84 more IOC items available. Please use our online service to access the data.
+There are 85 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -52,12 +52,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -66,43 +68,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.htaccess` | Medium
-2 | File | `//proc/kcore` | Medium
-3 | File | `/acms/classes/Master.php?f=delete_img` | High
-4 | File | `/admin.php/Label/page_del` | High
-5 | File | `/admin.php/vod/admin/topic/del` | High
-6 | File | `/admin/dl_sendmail.php` | High
-7 | File | `/admin/dl_sendsms.php` | High
-8 | File | `/admin_page/all-files-update-ajax.php` | High
-9 | File | `/api/part_categories` | High
-10 | File | `/api/programs/orgUnits?programs` | High
-11 | File | `/api/students/me/courses/` | High
-12 | File | `/Applications/Utilities/Terminal` | High
-13 | File | `/asms/classes/Master.php?f=delete_product` | High
-14 | File | `/asms/classes/Master.php?f=save_product` | High
-15 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
-16 | File | `/bsms/?page=manage_account` | High
-17 | File | `/cgi-bin/kerbynet` | High
-18 | File | `/checklogin.jsp` | High
-19 | File | `/classes/master.php?f=delete_facility` | High
-20 | File | `/College_Management_System/admin/display-teacher.php` | High
-21 | File | `/company` | Medium
-22 | File | `/company/service/increment/add/im` | High
-23 | File | `/ctpms/admin/?page=applications/view_application` | High
-24 | File | `/ctpms/admin/?page=individuals/view_individual` | High
-25 | File | `/ctpms/admin/individuals/update_status.php` | High
-26 | File | `/dms/admin/reports/daily_collection_report.php` | High
-27 | File | `/ecrire` | Low
-28 | File | `/eris/index.php?q=result&searchfor=advancesearch` | High
-29 | File | `/goform/aspForm` | High
-30 | File | `/goform/saveParentControlInfo` | High
-31 | File | `/goform/SetClientState` | High
-32 | File | `/htdocs/cgibin` | High
-33 | File | `/html/Solar_Ftp.php` | High
-34 | File | `/hub/api/user` | High
-35 | File | `/include/chart_generator.php` | High
-36 | ... | ... | ...
+2 | File | `/.dbus-keyrings` | High
+3 | File | `//proc/kcore` | Medium
+4 | File | `/acms/classes/Master.php?f=delete_img` | High
+5 | File | `/admin.php/Label/page_del` | High
+6 | File | `/admin.php/vod/admin/topic/del` | High
+7 | File | `/admin/dl_sendmail.php` | High
+8 | File | `/admin/dl_sendsms.php` | High
+9 | File | `/admin/edit_admin_details.php?id=admin` | High
+10 | File | `/admin/generalsettings.php` | High
+11 | File | `/admin/payment.php` | High
+12 | File | `/admin/reports.php` | High
+13 | File | `/admin_page/all-files-update-ajax.php` | High
+14 | File | `/api/part_categories` | High
+15 | File | `/api/programs/orgUnits?programs` | High
+16 | File | `/api/students/me/courses/` | High
+17 | File | `/api/user/userData?userCode=admin` | High
+18 | File | `/Applications/Utilities/Terminal` | High
+19 | File | `/asms/classes/Master.php?f=delete_product` | High
+20 | File | `/asms/classes/Master.php?f=save_product` | High
+21 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
+22 | File | `/bsms/?page=manage_account` | High
+23 | File | `/cgi-bin/kerbynet` | High
+24 | File | `/checklogin.jsp` | High
+25 | File | `/classes/master.php?f=delete_facility` | High
+26 | File | `/classes/Master.php?f=delete_reservation` | High
+27 | File | `/classes/Master.php?f=delete_schedule` | High
+28 | File | `/College_Management_System/admin/display-teacher.php` | High
+29 | File | `/company` | Medium
+30 | File | `/company/service/increment/add/im` | High
+31 | File | `/ctpms/admin/?page=applications/view_application` | High
+32 | File | `/ctpms/admin/?page=individuals/view_individual` | High
+33 | File | `/ctpms/admin/individuals/update_status.php` | High
+34 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
+35 | File | `/dms/admin/reports/daily_collection_report.php` | High
+36 | File | `/ecrire` | Low
+37 | File | `/forum/away.php` | High
+38 | File | `/goform/aspForm` | High
+39 | File | `/goform/saveParentControlInfo` | High
+40 | ... | ... | ...

-There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -129,6 +135,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-29%20Hancitor%20IOCs
 * https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
 * https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752/
+* https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/
 * https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/
 * https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/
 * https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/
--- a/actors/Conti/README.md
+++ b/actors/Conti/README.md
@ -17,10 +17,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [US](https://vuldb.com/?country.us)
 * [NL](https://vuldb.com/?country.nl)
-* [CN](https://vuldb.com/?country.cn)
+* [ES](https://vuldb.com/?country.es)
 * ...

-There are 21 more country items available. Please use our online service to access the data.
+There are 20 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -524,12 +524,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 17 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -537,43 +538,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
-2 | File | `//proc/kcore` | Medium
-3 | File | `/admin/contenttemp` | High
-4 | File | `/admin/modules/system/custom_field.php` | High
-5 | File | `/admin/user/UserAdmin.do` | High
-6 | File | `/Ap4RtpAtom.cpp` | High
-7 | File | `/api/crontab` | Medium
-8 | File | `/bcms/admin/?page=user/list` | High
-9 | File | `/cgi-bin/wapopen` | High
-10 | File | `/cgi-mod/lookup.cgi` | High
-11 | File | `/controller/Index.php` | High
-12 | File | `/debug/pprof` | Medium
-13 | File | `/devices/acurite.c` | High
-14 | File | `/example/editor` | High
-15 | File | `/file?action=download&file` | High
-16 | File | `/fuel/index.php/fuel/logs/items` | High
-17 | File | `/fuel/sitevariables/delete/4` | High
-18 | File | `/goform/login_process` | High
-19 | File | `/goform/rlmswitchr_process` | High
-20 | File | `/goforms/rlminfo` | High
-21 | File | `/include/chart_generator.php` | High
-22 | File | `/mgmt/tm/util/bash` | High
-23 | File | `/mhds/clinic/view_details.php` | High
-24 | File | `/newsDia.php` | Medium
-25 | File | `/nova/bin/console` | High
-26 | File | `/product_list.php` | High
-27 | File | `/ptms/?page=user` | High
-28 | File | `/scas/admin/` | Medium
-29 | File | `/scas/classes/Users.php?f=save_user` | High
-30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-31 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
-32 | File | `/tmp/zarafa-vacation-*` | High
-33 | File | `/uncpath/` | Medium
-34 | File | `/upload` | Low
-35 | ... | ... | ...
+1 | File | `//proc/kcore` | Medium
+2 | File | `/admin/` | Low
+3 | File | `/admin/communitymanagement.php` | High
+4 | File | `/admin/contenttemp` | High
+5 | File | `/admin/extended` | High
+6 | File | `/admin/featured.php` | High
+7 | File | `/admin/generalsettings.php` | High
+8 | File | `/admin/newsletter1.php` | High
+9 | File | `/admin/payment.php` | High
+10 | File | `/admin/user/UserAdmin.do` | High
+11 | File | `/admin/usermanagement.php` | High
+12 | File | `/Ap4RtpAtom.cpp` | High
+13 | File | `/api/crontab` | Medium
+14 | File | `/bcms/admin/?page=user/list` | High
+15 | File | `/bsms/?page=manage_account` | High
+16 | File | `/cgi-bin/login.cgi` | High
+17 | File | `/ci_hms/massage_room/edit/1` | High
+18 | File | `/controller/Index.php` | High
+19 | File | `/core/conditions/AbstractWrapper.java` | High
+20 | File | `/dashboard/reports/logs/view` | High
+21 | File | `/debug/pprof` | Medium
+22 | File | `/designer/add/layout` | High
+23 | File | `/devices/acurite.c` | High
+24 | File | `/example/editor` | High
+25 | File | `/filemanager/upload/drop` | High
+26 | File | `/fuel/index.php/fuel/logs/items` | High
+27 | File | `/fuel/sitevariables/delete/4` | High
+28 | File | `/goform/login_process` | High
+29 | File | `/goform/rlmswitchr_process` | High
+30 | File | `/goforms/rlminfo` | High
+31 | File | `/hprms/admin/doctors/manage_doctor.php` | High
+32 | File | `/include/chart_generator.php` | High
+33 | ... | ... | ...

-There are 300 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/CopyKittens/README.md
+++ b/actors/CopyKittens/README.md
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [ES](https://vuldb.com/?country.es)
 * [PT](https://vuldb.com/?country.pt)
-* [SV](https://vuldb.com/?country.sv)
+* [AR](https://vuldb.com/?country.ar)
 * ...

 There are 8 more country items available. Please use our online service to access the data.
@ -54,12 +54,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -68,42 +70,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/?module=fileman&section=get&page=grid` | High
-2 | File | `/admin.php/singer/admin/singer/hy` | High
-3 | File | `/admin.php/vod/admin/topic/del` | High
-4 | File | `/admin/deluser.php` | High
-5 | File | `/admin/edit.php` | High
-6 | File | `/admin/googleads.php` | High
-7 | File | `/admin/new-content` | High
-8 | File | `/admin/operations/tax.php` | High
-9 | File | `/admin/payment.php` | High
-10 | File | `/admin/scheprofile.cgi` | High
-11 | File | `/admin/weixin.php` | High
-12 | File | `/apps/acs-commons/content/page-compare.html` | High
-13 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
-14 | File | `/bcms/admin/courts/manage_court.php` | High
-15 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
-16 | File | `/car-rental-management-system/admin/manage_booking.php` | High
-17 | File | `/cgi-bin/kerbynet` | High
-18 | File | `/classes/Users.php?f=save` | High
-19 | File | `/cms/classes/Master.php?f=delete_client` | High
-20 | File | `/config` | Low
-21 | File | `/defaultui/player/modern.html` | High
-22 | File | `/ffos/admin/categories/manage_category.php` | High
-23 | File | `/ffos/admin/menus/view_menu.php` | High
-24 | File | `/gaia-job-admin/user/add` | High
-25 | File | `/goform/aspForm` | High
-26 | File | `/goform/login_process` | High
-27 | File | `/goform/setNetworkLan` | High
-28 | File | `/goform/SetSysTimeCfg` | High
-29 | File | `/html/Solar_Ftp.php` | High
-30 | File | `/lists/admin/` | High
-31 | File | `/mngset/authset` | High
-32 | File | `/mtms/admin/?page=transaction/send` | High
-33 | File | `/orrs/admin/trains/manage_train.php` | High
-34 | File | `/otps/classes/Master.php?f=delete_team` | High
-35 | ... | ... | ...
+2 | File | `/action/import_sdk_file/` | High
+3 | File | `/admin.php/singer/admin/singer/hy` | High
+4 | File | `/admin.php/vod/admin/topic/del` | High
+5 | File | `/admin/conferences/list/` | High
+6 | File | `/admin/deluser.php` | High
+7 | File | `/admin/edit.php` | High
+8 | File | `/admin/edit_admin_details.php?id=admin` | High
+9 | File | `/admin/googleads.php` | High
+10 | File | `/admin/new-content` | High
+11 | File | `/admin/operations/tax.php` | High
+12 | File | `/admin/payment.php` | High
+13 | File | `/admin/scheprofile.cgi` | High
+14 | File | `/admin/weixin.php` | High
+15 | File | `/apps/acs-commons/content/page-compare.html` | High
+16 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
+17 | File | `/bcms/admin/courts/manage_court.php` | High
+18 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
+19 | File | `/car-rental-management-system/admin/manage_booking.php` | High
+20 | File | `/catcompany.php` | High
+21 | File | `/cgi-bin/kerbynet` | High
+22 | File | `/classes/Users.php?f=save` | High
+23 | File | `/cms/classes/Master.php?f=delete_client` | High
+24 | File | `/config` | Low
+25 | File | `/defaultui/player/modern.html` | High
+26 | File | `/ffos/admin/categories/manage_category.php` | High
+27 | File | `/ffos/admin/menus/view_menu.php` | High
+28 | File | `/gaia-job-admin/user/add` | High
+29 | File | `/goform/aspForm` | High
+30 | File | `/goform/setNetworkLan` | High
+31 | File | `/goform/SetSysTimeCfg` | High
+32 | File | `/html/Solar_Ftp.php` | High
+33 | File | `/lists/admin/` | High
+34 | ... | ... | ...

-There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/DEV-0322/README.md
+++ b/actors/DEV-0322/README.md
@ -37,12 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1548.002 | CWE-285 | Improper Authorization | High
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 1 more TTP items available. Please use our online service to access the data.
+There are 10 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/DanaBot/README.md
+++ b/actors/DanaBot/README.md
@ -38,12 +38,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 4 more TTP items available. Please use our online service to access the data.
+There are 16 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/DarkHotel/README.md
+++ b/actors/DarkHotel/README.md
@ -31,8 +31,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
+1 | T1059 | CWE-94 | Cross Site Scripting | High
+2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+3 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
+4 | ... | ... | ... | ...
+
+There are 4 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Darkkomet/README.md
+++ b/actors/Darkkomet/README.md
@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1211 | CWE-254 | 7PK Security Features | High
-3 | T1222 | CWE-275 | Permission Issues | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 1 more TTP items available. Please use our online service to access the data.
+There are 6 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Dealply/README.md
+++ b/actors/Dealply/README.md
@ -38,12 +38,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79 | Cross Site Scripting | High
-2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+4 | T1059.007 | CWE-79 | Cross Site Scripting | High
+5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
+6 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/Panda/README.md
+++ b/Panda/README.md
@ -37,12 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1222 | CWE-275 | Permission Issues | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 1 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Dijo/README.md
+++ b/actors/Dijo/README.md
@ -20,6 +20,14 @@ ID | IP address | Hostname | Campaign | Confidence
 1 | [95.181.198.115](https://vuldb.com/?ip.95.181.198.115) | - | - | High
 2 | [192.162.244.171](https://vuldb.com/?ip.192.162.244.171) | free.datacheap.ru | - | High

+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Dijo_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1592 | CWE-200 | Configuration | High
+
 ## IOA - Indicator of Attack

 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Dijo. This data is unique as it uses our predictive model for actor profiling.
--- a/actors/Emotet/README.md
+++ b/actors/Emotet/README.md
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [VN](https://vuldb.com/?country.vn)
 * [ES](https://vuldb.com/?country.es)
-* [CN](https://vuldb.com/?country.cn)
+* [US](https://vuldb.com/?country.us)
 * ...

-There are 5 more country items available. Please use our online service to access the data.
+There are 3 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -184,219 +184,221 @@ ID | IP address | Hostname | Campaign | Confidence
 161 | [45.76.176.10](https://vuldb.com/?ip.45.76.176.10) | 45.76.176.10.vultrusercontent.com | - | High
 162 | [45.77.154.161](https://vuldb.com/?ip.45.77.154.161) | 45.77.154.161.vultrusercontent.com | - | High
 163 | [45.79.95.107](https://vuldb.com/?ip.45.79.95.107) | li1194-107.members.linode.com | - | High
-164 | [45.79.188.67](https://vuldb.com/?ip.45.79.188.67) | li1287-67.members.linode.com | - | High
-165 | [45.80.148.200](https://vuldb.com/?ip.45.80.148.200) | - | - | High
-166 | [45.118.115.99](https://vuldb.com/?ip.45.118.115.99) | - | - | High
-167 | [45.118.135.203](https://vuldb.com/?ip.45.118.135.203) | 45-118-135-203.ip.linodeusercontent.com | - | High
-168 | [45.118.136.92](https://vuldb.com/?ip.45.118.136.92) | - | - | High
-169 | [45.119.83.237](https://vuldb.com/?ip.45.119.83.237) | - | - | High
-170 | [45.142.114.231](https://vuldb.com/?ip.45.142.114.231) | mail.dounutmail.de | - | High
-171 | [45.176.232.124](https://vuldb.com/?ip.45.176.232.124) | - | - | High
-172 | [45.230.45.171](https://vuldb.com/?ip.45.230.45.171) | - | - | High
-173 | [45.252.251.10](https://vuldb.com/?ip.45.252.251.10) | - | - | High
-174 | [46.4.100.178](https://vuldb.com/?ip.46.4.100.178) | support.wizard-shopservice.de | - | High
-175 | [46.4.192.185](https://vuldb.com/?ip.46.4.192.185) | static.185.192.4.46.clients.your-server.de | - | High
-176 | [46.28.111.142](https://vuldb.com/?ip.46.28.111.142) | enkindu.jsuchy.net | - | High
-177 | [46.30.213.132](https://vuldb.com/?ip.46.30.213.132) | - | - | High
-178 | [46.32.229.152](https://vuldb.com/?ip.46.32.229.152) | 094882.vps-10.com | - | High
-179 | [46.32.233.226](https://vuldb.com/?ip.46.32.233.226) | yetitoolusa.com | - | High
-180 | [46.38.238.8](https://vuldb.com/?ip.46.38.238.8) | v2202109122001163131.happysrv.de | - | High
-181 | [46.43.2.95](https://vuldb.com/?ip.46.43.2.95) | chris.default.cjenkinson.uk0.bigv.io | - | High
-182 | [46.49.124.53](https://vuldb.com/?ip.46.49.124.53) | - | - | High
-183 | [46.55.222.11](https://vuldb.com/?ip.46.55.222.11) | - | - | High
-184 | [46.101.58.37](https://vuldb.com/?ip.46.101.58.37) | 46.101.58.37-e1-8080 | - | High
-185 | [46.105.81.76](https://vuldb.com/?ip.46.105.81.76) | myu0.cylipo.sbs | - | High
-186 | [46.105.114.137](https://vuldb.com/?ip.46.105.114.137) | ns3188253.ip-46-105-114.eu | - | High
-187 | [46.105.131.68](https://vuldb.com/?ip.46.105.131.68) | http.adven.fr | - | High
-188 | [46.105.131.69](https://vuldb.com/?ip.46.105.131.69) | epouventaille.adven.fr | - | High
-189 | [46.105.131.79](https://vuldb.com/?ip.46.105.131.79) | relay.adven.fr | - | High
-190 | [46.105.131.87](https://vuldb.com/?ip.46.105.131.87) | pop.adven.fr | - | High
-191 | [46.105.236.18](https://vuldb.com/?ip.46.105.236.18) | - | - | High
-192 | [46.165.212.76](https://vuldb.com/?ip.46.165.212.76) | - | - | High
-193 | [46.165.254.206](https://vuldb.com/?ip.46.165.254.206) | - | - | High
-194 | [46.214.107.142](https://vuldb.com/?ip.46.214.107.142) | 46-214-107-142.next-gen.ro | - | High
-195 | [47.36.140.164](https://vuldb.com/?ip.47.36.140.164) | 047-036-140-164.res.spectrum.com | - | High
-196 | [47.52.19.221](https://vuldb.com/?ip.47.52.19.221) | - | - | High
-197 | [47.146.32.175](https://vuldb.com/?ip.47.146.32.175) | - | - | High
-198 | [47.146.39.147](https://vuldb.com/?ip.47.146.39.147) | - | - | High
-199 | [47.150.11.161](https://vuldb.com/?ip.47.150.11.161) | - | - | High
-200 | [47.188.131.94](https://vuldb.com/?ip.47.188.131.94) | - | - | High
-201 | [47.201.208.154](https://vuldb.com/?ip.47.201.208.154) | - | - | High
-202 | [47.246.24.225](https://vuldb.com/?ip.47.246.24.225) | - | - | High
-203 | [47.246.24.226](https://vuldb.com/?ip.47.246.24.226) | - | - | High
-204 | [47.246.24.230](https://vuldb.com/?ip.47.246.24.230) | - | - | High
-205 | [47.246.24.232](https://vuldb.com/?ip.47.246.24.232) | - | - | High
-206 | [49.12.121.47](https://vuldb.com/?ip.49.12.121.47) | filezilla-project.org | - | High
-207 | [49.50.209.131](https://vuldb.com/?ip.49.50.209.131) | 131.host-49-50-209.euba.megatel.co.nz | - | High
-208 | [49.212.135.76](https://vuldb.com/?ip.49.212.135.76) | os3-321-50322.vs.sakura.ne.jp | - | High
-209 | [49.212.155.94](https://vuldb.com/?ip.49.212.155.94) | os3-325-52340.vs.sakura.ne.jp | - | High
-210 | [50.22.35.194](https://vuldb.com/?ip.50.22.35.194) | c2.23.1632.ip4.static.sl-reverse.com | - | High
-211 | [50.23.248.182](https://vuldb.com/?ip.50.23.248.182) | b6.f8.1732.ip4.static.sl-reverse.com | - | High
-212 | [50.28.51.143](https://vuldb.com/?ip.50.28.51.143) | - | - | High
-213 | [50.30.40.196](https://vuldb.com/?ip.50.30.40.196) | usve255301.serverprofi24.com | - | High
-214 | [50.31.146.101](https://vuldb.com/?ip.50.31.146.101) | mail.brillinjurylaw.com | - | High
-215 | [50.31.174.165](https://vuldb.com/?ip.50.31.174.165) | priva28.privatednsorg.com | - | High
-216 | [50.56.135.44](https://vuldb.com/?ip.50.56.135.44) | - | - | High
-217 | [50.62.176.42](https://vuldb.com/?ip.50.62.176.42) | p3plcpnl0515.prod.phx3.secureserver.net | - | High
-218 | [50.62.176.244](https://vuldb.com/?ip.50.62.176.244) | p3plcpnl0728.prod.phx3.secureserver.net | - | High
-219 | [50.62.194.30](https://vuldb.com/?ip.50.62.194.30) | ip-50-62-194-30.ip.secureserver.net | - | High
-220 | [50.63.8.21](https://vuldb.com/?ip.50.63.8.21) | ip-50-63-8-21.ip.secureserver.net | - | High
-221 | [50.78.167.65](https://vuldb.com/?ip.50.78.167.65) | millcreek.cc | - | High
-222 | [50.87.59.65](https://vuldb.com/?ip.50.87.59.65) | 50-87-59-65.unifiedlayer.com | - | High
-223 | [50.87.144.137](https://vuldb.com/?ip.50.87.144.137) | gator3103.hostgator.com | - | High
-224 | [50.87.144.197](https://vuldb.com/?ip.50.87.144.197) | gator3161.hostgator.com | - | High
-225 | [50.87.150.177](https://vuldb.com/?ip.50.87.150.177) | 50-87-150-177.unifiedlayer.com | - | High
-226 | [50.91.114.38](https://vuldb.com/?ip.50.91.114.38) | 050-091-114-038.res.spectrum.com | - | High
-227 | [50.92.101.60](https://vuldb.com/?ip.50.92.101.60) | d50-92-101-60.bchsia.telus.net | - | High
-228 | [50.116.54.215](https://vuldb.com/?ip.50.116.54.215) | li440-215.members.linode.com | - | High
-229 | [50.116.78.109](https://vuldb.com/?ip.50.116.78.109) | intersearchmedia.com | - | High
-230 | [50.116.86.205](https://vuldb.com/?ip.50.116.86.205) | template3.domain.com | - | High
-231 | [50.121.220.50](https://vuldb.com/?ip.50.121.220.50) | static-50-121-220-50.clbg.wv.frontiernet.net | - | High
-232 | [50.245.107.73](https://vuldb.com/?ip.50.245.107.73) | 50-245-107-73-static.hfc.comcastbusiness.net | - | High
-233 | [51.15.4.22](https://vuldb.com/?ip.51.15.4.22) | 51-15-4-22.rev.poneytelecom.eu | - | High
-234 | [51.15.7.145](https://vuldb.com/?ip.51.15.7.145) | 51-15-7-145.rev.poneytelecom.eu | - | High
-235 | [51.38.124.206](https://vuldb.com/?ip.51.38.124.206) | 206.ip-51-38-124.eu | - | High
-236 | [51.38.201.19](https://vuldb.com/?ip.51.38.201.19) | ip19.ip-51-38-201.eu | - | High
-237 | [51.68.175.8](https://vuldb.com/?ip.51.68.175.8) | vps-9dba3732.vps.ovh.net | - | High
-238 | [51.68.220.244](https://vuldb.com/?ip.51.68.220.244) | vps-7a400d57.vps.ovh.net | - | High
-239 | [51.75.33.120](https://vuldb.com/?ip.51.75.33.120) | ip120.ip-51-75-33.eu | - | High
-240 | [51.75.33.127](https://vuldb.com/?ip.51.75.33.127) | ip127.ip-51-75-33.eu | - | High
-241 | [51.77.113.100](https://vuldb.com/?ip.51.77.113.100) | titan40.fastworldwideweb.com | - | High
-242 | [51.89.36.180](https://vuldb.com/?ip.51.89.36.180) | ip180.ip-51-89-36.eu | - | High
-243 | [51.89.199.141](https://vuldb.com/?ip.51.89.199.141) | ip141.ip-51-89-199.eu | - | High
-244 | [51.91.7.5](https://vuldb.com/?ip.51.91.7.5) | ns3147667.ip-51-91-7.eu | - | High
-245 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
-246 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
-247 | [51.159.35.157](https://vuldb.com/?ip.51.159.35.157) | 51-159-35-157.rev.poneytelecom.eu | - | High
-248 | [51.254.137.156](https://vuldb.com/?ip.51.254.137.156) | mail.unolan.net | - | High
-249 | [51.254.140.238](https://vuldb.com/?ip.51.254.140.238) | 238.ip-51-254-140.eu | - | High
-250 | [51.255.50.164](https://vuldb.com/?ip.51.255.50.164) | vps-b6cfe010.vps.ovh.net | - | High
-251 | [51.255.165.160](https://vuldb.com/?ip.51.255.165.160) | 160.ip-51-255-165.eu | - | High
-252 | [52.31.99.185](https://vuldb.com/?ip.52.31.99.185) | ec2-52-31-99-185.eu-west-1.compute.amazonaws.com | - | Medium
-253 | [52.66.202.63](https://vuldb.com/?ip.52.66.202.63) | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium
-254 | [52.96.38.82](https://vuldb.com/?ip.52.96.38.82) | - | - | High
-255 | [52.96.40.242](https://vuldb.com/?ip.52.96.40.242) | - | - | High
-256 | [52.96.62.226](https://vuldb.com/?ip.52.96.62.226) | - | - | High
-257 | [54.36.185.60](https://vuldb.com/?ip.54.36.185.60) | ip60.ip-54-36-185.eu | - | High
-258 | [54.38.94.197](https://vuldb.com/?ip.54.38.94.197) | ns3140984.ip-54-38-94.eu | - | High
-259 | [54.38.143.245](https://vuldb.com/?ip.54.38.143.245) | tools.inovato.me | - | High
-260 | [54.88.144.211](https://vuldb.com/?ip.54.88.144.211) | va-smtp01.263.net | - | High
-261 | [58.27.215.3](https://vuldb.com/?ip.58.27.215.3) | 58-27-215-3.wateen.net | - | High
-262 | [58.94.58.13](https://vuldb.com/?ip.58.94.58.13) | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High
-263 | [58.96.74.42](https://vuldb.com/?ip.58.96.74.42) | 42.74.96.58.static.exetel.com.au | - | High
-264 | [58.171.38.26](https://vuldb.com/?ip.58.171.38.26) | - | - | High
-265 | [58.216.16.130](https://vuldb.com/?ip.58.216.16.130) | - | - | High
-266 | [58.227.42.236](https://vuldb.com/?ip.58.227.42.236) | - | - | High
-267 | [59.110.18.236](https://vuldb.com/?ip.59.110.18.236) | - | - | High
-268 | [59.120.5.154](https://vuldb.com/?ip.59.120.5.154) | 59-120-5-154.hinet-ip.hinet.net | - | High
-269 | [59.124.1.19](https://vuldb.com/?ip.59.124.1.19) | 59-124-1-19.hinet-ip.hinet.net | - | High
-270 | [59.148.253.194](https://vuldb.com/?ip.59.148.253.194) | 059148253194.ctinets.com | - | High
-271 | [59.152.93.46](https://vuldb.com/?ip.59.152.93.46) | 46.93.152.59.zipnetltd.com | - | High
-272 | [60.36.166.212](https://vuldb.com/?ip.60.36.166.212) | imail.mail.plala.or.jp | - | High
-273 | [60.93.23.51](https://vuldb.com/?ip.60.93.23.51) | softbank060093023051.bbtec.net | - | High
-274 | [60.108.128.186](https://vuldb.com/?ip.60.108.128.186) | softbank060108128186.bbtec.net | - | High
-275 | [60.125.114.64](https://vuldb.com/?ip.60.125.114.64) | softbank060125114064.bbtec.net | - | High
-276 | [60.249.78.226](https://vuldb.com/?ip.60.249.78.226) | 60-249-78-226.hinet-ip.hinet.net | - | High
-277 | [61.19.246.238](https://vuldb.com/?ip.61.19.246.238) | - | - | High
-278 | [61.197.37.169](https://vuldb.com/?ip.61.197.37.169) | pl937.ag1001.nttpc.ne.jp | - | High
-279 | [62.28.40.155](https://vuldb.com/?ip.62.28.40.155) | exchange.ptasp.com | - | High
-280 | [62.30.7.67](https://vuldb.com/?ip.62.30.7.67) | 67.7-30-62.static.virginmediabusiness.co.uk | - | High
-281 | [62.75.141.82](https://vuldb.com/?ip.62.75.141.82) | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High
-282 | [62.84.75.50](https://vuldb.com/?ip.62.84.75.50) | mail.saadegrp.com.lb | - | High
-283 | [62.141.45.103](https://vuldb.com/?ip.62.141.45.103) | vps2009743.fastwebserver.de | - | High
-284 | [62.149.128.42](https://vuldb.com/?ip.62.149.128.42) | imaps.aruba.it | - | High
-285 | [62.149.128.72](https://vuldb.com/?ip.62.149.128.72) | mxd4.aruba.it | - | High
-286 | [62.149.128.179](https://vuldb.com/?ip.62.149.128.179) | pop3s.aruba.it | - | High
-287 | [62.149.128.200](https://vuldb.com/?ip.62.149.128.200) | smtp1.aruba.it | - | High
-288 | [62.149.128.210](https://vuldb.com/?ip.62.149.128.210) | smtpa1.aruba.it | - | High
-289 | [62.149.152.151](https://vuldb.com/?ip.62.149.152.151) | - | - | High
-290 | [62.149.152.152](https://vuldb.com/?ip.62.149.152.152) | - | - | High
-291 | [62.149.157.55](https://vuldb.com/?ip.62.149.157.55) | - | - | High
-292 | [62.171.142.179](https://vuldb.com/?ip.62.171.142.179) | vmi499457.contaboserver.net | - | High
-293 | [62.171.178.147](https://vuldb.com/?ip.62.171.178.147) | vmi365451.contaboserver.net | - | High
-294 | [62.210.127.136](https://vuldb.com/?ip.62.210.127.136) | 62-210-127-136.rev.poneytelecom.eu | - | High
-295 | [62.212.34.102](https://vuldb.com/?ip.62.212.34.102) | - | - | High
-296 | [62.234.99.30](https://vuldb.com/?ip.62.234.99.30) | - | - | High
-297 | [63.142.253.122](https://vuldb.com/?ip.63.142.253.122) | - | - | High
-298 | [64.4.244.68](https://vuldb.com/?ip.64.4.244.68) | - | - | High
-299 | [64.26.60.221](https://vuldb.com/?ip.64.26.60.221) | pop5.csee.onr.siteprotect.com | - | High
-300 | [64.41.126.110](https://vuldb.com/?ip.64.41.126.110) | securesmtp.csee.siteprotect.com | - | High
-301 | [64.59.136.142](https://vuldb.com/?ip.64.59.136.142) | mail.shaw.ca | - | High
-302 | [64.60.82.82](https://vuldb.com/?ip.64.60.82.82) | 64-60-82-82.static-ip.telepacific.net | - | High
-303 | [64.71.36.11](https://vuldb.com/?ip.64.71.36.11) | - | - | High
-304 | [64.85.73.16](https://vuldb.com/?ip.64.85.73.16) | - | - | High
-305 | [64.88.202.250](https://vuldb.com/?ip.64.88.202.250) | - | - | High
-306 | [64.90.62.162](https://vuldb.com/?ip.64.90.62.162) | pop.dreamhost.com | - | High
-307 | [64.91.228.45](https://vuldb.com/?ip.64.91.228.45) | - | - | High
-308 | [64.98.36.5](https://vuldb.com/?ip.64.98.36.5) | mail.b.hostedemail.com | - | High
-309 | [64.98.36.173](https://vuldb.com/?ip.64.98.36.173) | mail.lawyers-mail.com | - | High
-310 | [64.183.73.122](https://vuldb.com/?ip.64.183.73.122) | rrcs-64-183-73-122.west.biz.rr.com | - | High
-311 | [64.190.63.136](https://vuldb.com/?ip.64.190.63.136) | - | - | High
-312 | [64.207.182.168](https://vuldb.com/?ip.64.207.182.168) | - | - | High
-313 | [64.250.117.68](https://vuldb.com/?ip.64.250.117.68) | smtp.movistarcloud.com.ve | - | High
-314 | [65.49.60.163](https://vuldb.com/?ip.65.49.60.163) | 65-49-60-163.ip.linodeusercontent.com | - | High
-315 | [65.55.72.183](https://vuldb.com/?ip.65.55.72.183) | origin.sn134w.snt134.mail.live.com | - | High
-316 | [65.182.102.90](https://vuldb.com/?ip.65.182.102.90) | mail.geantes.com | - | High
-317 | [65.254.228.100](https://vuldb.com/?ip.65.254.228.100) | customer.hostcentric.com | - | High
-318 | [66.23.200.58](https://vuldb.com/?ip.66.23.200.58) | - | - | High
-319 | [66.42.55.5](https://vuldb.com/?ip.66.42.55.5) | 66.42.55.5.vultrusercontent.com | - | High
-320 | [66.50.57.73](https://vuldb.com/?ip.66.50.57.73) | 66-50-57-73.prtc.net | - | High
-321 | [66.54.51.172](https://vuldb.com/?ip.66.54.51.172) | - | - | High
-322 | [66.71.241.102](https://vuldb.com/?ip.66.71.241.102) | mail.nixhost.net | - | High
-323 | [66.76.26.33](https://vuldb.com/?ip.66.76.26.33) | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High
-324 | [66.96.134.1](https://vuldb.com/?ip.66.96.134.1) | 1.134.96.66.static.eigbox.net | - | High
-325 | [66.96.147.103](https://vuldb.com/?ip.66.96.147.103) | 103.147.96.66.static.eigbox.net | - | High
-326 | [66.96.147.110](https://vuldb.com/?ip.66.96.147.110) | 110.147.96.66.static.eigbox.net | - | High
-327 | [66.195.202.115](https://vuldb.com/?ip.66.195.202.115) | mail.navarac.com | - | High
-328 | [66.209.69.165](https://vuldb.com/?ip.66.209.69.165) | - | - | High
-329 | [66.216.234.131](https://vuldb.com/?ip.66.216.234.131) | 066-216-234-131.res.spectrum.com | - | High
-330 | [66.220.110.56](https://vuldb.com/?ip.66.220.110.56) | h66-220-110-56.bendor.broadband.dynamic.tds.net | - | High
-331 | [66.228.32.31](https://vuldb.com/?ip.66.228.32.31) | li282-31.members.linode.com | - | High
-332 | [66.228.45.129](https://vuldb.com/?ip.66.228.45.129) | li326-129.members.linode.com | - | High
-333 | [66.228.61.248](https://vuldb.com/?ip.66.228.61.248) | li318-248.members.linode.com | - | High
-334 | [67.19.105.107](https://vuldb.com/?ip.67.19.105.107) | ns2.datatrust.com.br | - | High
-335 | [67.68.235.25](https://vuldb.com/?ip.67.68.235.25) | bas10-montrealak-67-68-235-25.dsl.bell.ca | - | High
-336 | [67.163.161.107](https://vuldb.com/?ip.67.163.161.107) | c-67-163-161-107.hsd1.pa.comcast.net | - | High
-337 | [67.170.250.203](https://vuldb.com/?ip.67.170.250.203) | c-67-170-250-203.hsd1.ca.comcast.net | - | High
-338 | [67.177.71.77](https://vuldb.com/?ip.67.177.71.77) | c-67-177-71-77.hsd1.al.comcast.net | - | High
-339 | [67.195.197.75](https://vuldb.com/?ip.67.195.197.75) | p9ats-i.geo.vip.bf1.yahoo.com | - | High
-340 | [67.195.228.95](https://vuldb.com/?ip.67.195.228.95) | unknown.yahoo.com | - | High
-341 | [67.212.168.237](https://vuldb.com/?ip.67.212.168.237) | 237.168.212.67.unassigned.ord.singlehop.net | - | High
-342 | [67.216.131.134](https://vuldb.com/?ip.67.216.131.134) | 134.131.216.67.134.static.hargray.net | - | High
-343 | [67.222.2.148](https://vuldb.com/?ip.67.222.2.148) | - | - | High
-344 | [67.225.218.50](https://vuldb.com/?ip.67.225.218.50) | lb01.parklogic.com | - | High
-345 | [67.225.221.173](https://vuldb.com/?ip.67.225.221.173) | host.hddpool2.net | - | High
-346 | [67.225.229.55](https://vuldb.com/?ip.67.225.229.55) | - | - | High
-347 | [67.241.81.253](https://vuldb.com/?ip.67.241.81.253) | cpe-67-241-81-253.twcny.res.rr.com | - | High
-348 | [68.2.97.91](https://vuldb.com/?ip.68.2.97.91) | ip68-2-97-91.ph.ph.cox.net | - | High
-349 | [68.44.137.144](https://vuldb.com/?ip.68.44.137.144) | c-68-44-137-144.hsd1.in.comcast.net | - | High
-350 | [68.66.194.12](https://vuldb.com/?ip.68.66.194.12) | 68.66.194.12.static.a2webhosting.com | - | High
-351 | [68.66.248.6](https://vuldb.com/?ip.68.66.248.6) | nl1-ls1.a2hosting.com | - | High
-352 | [68.178.213.203](https://vuldb.com/?ip.68.178.213.203) | p3plibsmtp03-v01.prod.phx3.secureserver.net | - | High
-353 | [68.183.62.61](https://vuldb.com/?ip.68.183.62.61) | - | - | High
-354 | [68.183.170.114](https://vuldb.com/?ip.68.183.170.114) | 68.183.170.114-e1-8080-keep-up | - | High
-355 | [68.183.190.199](https://vuldb.com/?ip.68.183.190.199) | 68.183.190.199-e1-8080-keep-up | - | High
-356 | [69.16.228.14](https://vuldb.com/?ip.69.16.228.14) | kurt.duplika.com | - | High
-357 | [69.16.254.127](https://vuldb.com/?ip.69.16.254.127) | cloudvpsserver.etelligens.in | - | High
-358 | [69.17.170.58](https://vuldb.com/?ip.69.17.170.58) | unallocated-static.rogers.com | - | High
-359 | [69.43.168.200](https://vuldb.com/?ip.69.43.168.200) | ns0.imunplugged.com | - | High
-360 | [69.43.168.232](https://vuldb.com/?ip.69.43.168.232) | - | - | High
-361 | [69.45.19.251](https://vuldb.com/?ip.69.45.19.251) | coastinet.com | - | High
-362 | [69.61.0.198](https://vuldb.com/?ip.69.61.0.198) | alpha01.serverparlor.net | - | High
-363 | [69.147.92.11](https://vuldb.com/?ip.69.147.92.11) | e1.ycpi.vip.dca.yahoo.com | - | High
-364 | [69.147.92.12](https://vuldb.com/?ip.69.147.92.12) | e2.ycpi.vip.dca.yahoo.com | - | High
-365 | [69.156.240.33](https://vuldb.com/?ip.69.156.240.33) | smtp.transportalliance.ca | - | High
-366 | [69.163.33.82](https://vuldb.com/?ip.69.163.33.82) | - | - | High
-367 | [69.167.152.111](https://vuldb.com/?ip.69.167.152.111) | - | - | High
-368 | [69.168.106.36](https://vuldb.com/?ip.69.168.106.36) | mail.windstream.syn-alias.com | - | High
-369 | [69.175.31.212](https://vuldb.com/?ip.69.175.31.212) | 212.31.175.69.unassigned.ord.singlehop.net | - | High
-370 | [69.198.17.20](https://vuldb.com/?ip.69.198.17.20) | 69-198-17-20.customerip.birch.net | - | High
-371 | [69.198.17.49](https://vuldb.com/?ip.69.198.17.49) | 69-198-17-49.customerip.birch.net | - | High
-372 | [70.32.84.74](https://vuldb.com/?ip.70.32.84.74) | - | - | High
-373 | [70.32.89.105](https://vuldb.com/?ip.70.32.89.105) | parties-at-sea.com | - | High
-374 | ... | ... | ... | ...
+164 | [45.79.173.200](https://vuldb.com/?ip.45.79.173.200) | 45-79-173-200.ip.linodeusercontent.com | - | High
+165 | [45.79.188.67](https://vuldb.com/?ip.45.79.188.67) | li1287-67.members.linode.com | - | High
+166 | [45.80.148.200](https://vuldb.com/?ip.45.80.148.200) | - | - | High
+167 | [45.118.115.99](https://vuldb.com/?ip.45.118.115.99) | - | - | High
+168 | [45.118.135.203](https://vuldb.com/?ip.45.118.135.203) | 45-118-135-203.ip.linodeusercontent.com | - | High
+169 | [45.118.136.92](https://vuldb.com/?ip.45.118.136.92) | - | - | High
+170 | [45.119.83.237](https://vuldb.com/?ip.45.119.83.237) | - | - | High
+171 | [45.142.114.231](https://vuldb.com/?ip.45.142.114.231) | mail.dounutmail.de | - | High
+172 | [45.176.232.124](https://vuldb.com/?ip.45.176.232.124) | - | - | High
+173 | [45.230.45.171](https://vuldb.com/?ip.45.230.45.171) | - | - | High
+174 | [45.252.251.10](https://vuldb.com/?ip.45.252.251.10) | - | - | High
+175 | [46.4.100.178](https://vuldb.com/?ip.46.4.100.178) | support.wizard-shopservice.de | - | High
+176 | [46.4.192.185](https://vuldb.com/?ip.46.4.192.185) | static.185.192.4.46.clients.your-server.de | - | High
+177 | [46.28.111.142](https://vuldb.com/?ip.46.28.111.142) | enkindu.jsuchy.net | - | High
+178 | [46.30.213.132](https://vuldb.com/?ip.46.30.213.132) | - | - | High
+179 | [46.32.229.152](https://vuldb.com/?ip.46.32.229.152) | 094882.vps-10.com | - | High
+180 | [46.32.233.226](https://vuldb.com/?ip.46.32.233.226) | yetitoolusa.com | - | High
+181 | [46.38.238.8](https://vuldb.com/?ip.46.38.238.8) | v2202109122001163131.happysrv.de | - | High
+182 | [46.43.2.95](https://vuldb.com/?ip.46.43.2.95) | chris.default.cjenkinson.uk0.bigv.io | - | High
+183 | [46.49.124.53](https://vuldb.com/?ip.46.49.124.53) | - | - | High
+184 | [46.55.222.11](https://vuldb.com/?ip.46.55.222.11) | - | - | High
+185 | [46.101.58.37](https://vuldb.com/?ip.46.101.58.37) | 46.101.58.37-e1-8080 | - | High
+186 | [46.105.81.76](https://vuldb.com/?ip.46.105.81.76) | myu0.cylipo.sbs | - | High
+187 | [46.105.114.137](https://vuldb.com/?ip.46.105.114.137) | ns3188253.ip-46-105-114.eu | - | High
+188 | [46.105.131.68](https://vuldb.com/?ip.46.105.131.68) | http.adven.fr | - | High
+189 | [46.105.131.69](https://vuldb.com/?ip.46.105.131.69) | epouventaille.adven.fr | - | High
+190 | [46.105.131.79](https://vuldb.com/?ip.46.105.131.79) | relay.adven.fr | - | High
+191 | [46.105.131.87](https://vuldb.com/?ip.46.105.131.87) | pop.adven.fr | - | High
+192 | [46.105.236.18](https://vuldb.com/?ip.46.105.236.18) | - | - | High
+193 | [46.165.212.76](https://vuldb.com/?ip.46.165.212.76) | - | - | High
+194 | [46.165.254.206](https://vuldb.com/?ip.46.165.254.206) | - | - | High
+195 | [46.214.107.142](https://vuldb.com/?ip.46.214.107.142) | 46-214-107-142.next-gen.ro | - | High
+196 | [47.36.140.164](https://vuldb.com/?ip.47.36.140.164) | 047-036-140-164.res.spectrum.com | - | High
+197 | [47.52.19.221](https://vuldb.com/?ip.47.52.19.221) | - | - | High
+198 | [47.146.32.175](https://vuldb.com/?ip.47.146.32.175) | - | - | High
+199 | [47.146.39.147](https://vuldb.com/?ip.47.146.39.147) | - | - | High
+200 | [47.150.11.161](https://vuldb.com/?ip.47.150.11.161) | - | - | High
+201 | [47.188.131.94](https://vuldb.com/?ip.47.188.131.94) | - | - | High
+202 | [47.201.208.154](https://vuldb.com/?ip.47.201.208.154) | - | - | High
+203 | [47.246.24.225](https://vuldb.com/?ip.47.246.24.225) | - | - | High
+204 | [47.246.24.226](https://vuldb.com/?ip.47.246.24.226) | - | - | High
+205 | [47.246.24.230](https://vuldb.com/?ip.47.246.24.230) | - | - | High
+206 | [47.246.24.232](https://vuldb.com/?ip.47.246.24.232) | - | - | High
+207 | [49.12.121.47](https://vuldb.com/?ip.49.12.121.47) | filezilla-project.org | - | High
+208 | [49.50.209.131](https://vuldb.com/?ip.49.50.209.131) | 131.host-49-50-209.euba.megatel.co.nz | - | High
+209 | [49.212.135.76](https://vuldb.com/?ip.49.212.135.76) | os3-321-50322.vs.sakura.ne.jp | - | High
+210 | [49.212.155.94](https://vuldb.com/?ip.49.212.155.94) | os3-325-52340.vs.sakura.ne.jp | - | High
+211 | [50.22.35.194](https://vuldb.com/?ip.50.22.35.194) | c2.23.1632.ip4.static.sl-reverse.com | - | High
+212 | [50.23.248.182](https://vuldb.com/?ip.50.23.248.182) | b6.f8.1732.ip4.static.sl-reverse.com | - | High
+213 | [50.28.51.143](https://vuldb.com/?ip.50.28.51.143) | - | - | High
+214 | [50.30.40.196](https://vuldb.com/?ip.50.30.40.196) | usve255301.serverprofi24.com | - | High
+215 | [50.31.146.101](https://vuldb.com/?ip.50.31.146.101) | mail.brillinjurylaw.com | - | High
+216 | [50.31.174.165](https://vuldb.com/?ip.50.31.174.165) | priva28.privatednsorg.com | - | High
+217 | [50.56.135.44](https://vuldb.com/?ip.50.56.135.44) | - | - | High
+218 | [50.62.176.42](https://vuldb.com/?ip.50.62.176.42) | p3plcpnl0515.prod.phx3.secureserver.net | - | High
+219 | [50.62.176.244](https://vuldb.com/?ip.50.62.176.244) | p3plcpnl0728.prod.phx3.secureserver.net | - | High
+220 | [50.62.194.30](https://vuldb.com/?ip.50.62.194.30) | ip-50-62-194-30.ip.secureserver.net | - | High
+221 | [50.63.8.21](https://vuldb.com/?ip.50.63.8.21) | ip-50-63-8-21.ip.secureserver.net | - | High
+222 | [50.78.167.65](https://vuldb.com/?ip.50.78.167.65) | millcreek.cc | - | High
+223 | [50.87.59.65](https://vuldb.com/?ip.50.87.59.65) | 50-87-59-65.unifiedlayer.com | - | High
+224 | [50.87.144.137](https://vuldb.com/?ip.50.87.144.137) | gator3103.hostgator.com | - | High
+225 | [50.87.144.197](https://vuldb.com/?ip.50.87.144.197) | gator3161.hostgator.com | - | High
+226 | [50.87.150.177](https://vuldb.com/?ip.50.87.150.177) | 50-87-150-177.unifiedlayer.com | - | High
+227 | [50.91.114.38](https://vuldb.com/?ip.50.91.114.38) | 050-091-114-038.res.spectrum.com | - | High
+228 | [50.92.101.60](https://vuldb.com/?ip.50.92.101.60) | d50-92-101-60.bchsia.telus.net | - | High
+229 | [50.116.54.215](https://vuldb.com/?ip.50.116.54.215) | li440-215.members.linode.com | - | High
+230 | [50.116.78.109](https://vuldb.com/?ip.50.116.78.109) | intersearchmedia.com | - | High
+231 | [50.116.86.205](https://vuldb.com/?ip.50.116.86.205) | template3.domain.com | - | High
+232 | [50.121.220.50](https://vuldb.com/?ip.50.121.220.50) | static-50-121-220-50.clbg.wv.frontiernet.net | - | High
+233 | [50.245.107.73](https://vuldb.com/?ip.50.245.107.73) | 50-245-107-73-static.hfc.comcastbusiness.net | - | High
+234 | [51.15.4.22](https://vuldb.com/?ip.51.15.4.22) | 51-15-4-22.rev.poneytelecom.eu | - | High
+235 | [51.15.7.145](https://vuldb.com/?ip.51.15.7.145) | 51-15-7-145.rev.poneytelecom.eu | - | High
+236 | [51.38.124.206](https://vuldb.com/?ip.51.38.124.206) | 206.ip-51-38-124.eu | - | High
+237 | [51.38.201.19](https://vuldb.com/?ip.51.38.201.19) | ip19.ip-51-38-201.eu | - | High
+238 | [51.68.175.8](https://vuldb.com/?ip.51.68.175.8) | vps-9dba3732.vps.ovh.net | - | High
+239 | [51.68.220.244](https://vuldb.com/?ip.51.68.220.244) | vps-7a400d57.vps.ovh.net | - | High
+240 | [51.75.33.120](https://vuldb.com/?ip.51.75.33.120) | ip120.ip-51-75-33.eu | - | High
+241 | [51.75.33.127](https://vuldb.com/?ip.51.75.33.127) | ip127.ip-51-75-33.eu | - | High
+242 | [51.77.113.100](https://vuldb.com/?ip.51.77.113.100) | titan40.fastworldwideweb.com | - | High
+243 | [51.89.36.180](https://vuldb.com/?ip.51.89.36.180) | ip180.ip-51-89-36.eu | - | High
+244 | [51.89.199.141](https://vuldb.com/?ip.51.89.199.141) | ip141.ip-51-89-199.eu | - | High
+245 | [51.91.7.5](https://vuldb.com/?ip.51.91.7.5) | ns3147667.ip-51-91-7.eu | - | High
+246 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
+247 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
+248 | [51.159.35.157](https://vuldb.com/?ip.51.159.35.157) | 51-159-35-157.rev.poneytelecom.eu | - | High
+249 | [51.254.137.156](https://vuldb.com/?ip.51.254.137.156) | mail.unolan.net | - | High
+250 | [51.254.140.238](https://vuldb.com/?ip.51.254.140.238) | 238.ip-51-254-140.eu | - | High
+251 | [51.255.50.164](https://vuldb.com/?ip.51.255.50.164) | vps-b6cfe010.vps.ovh.net | - | High
+252 | [51.255.165.160](https://vuldb.com/?ip.51.255.165.160) | 160.ip-51-255-165.eu | - | High
+253 | [52.31.99.185](https://vuldb.com/?ip.52.31.99.185) | ec2-52-31-99-185.eu-west-1.compute.amazonaws.com | - | Medium
+254 | [52.66.202.63](https://vuldb.com/?ip.52.66.202.63) | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium
+255 | [52.96.38.82](https://vuldb.com/?ip.52.96.38.82) | - | - | High
+256 | [52.96.40.242](https://vuldb.com/?ip.52.96.40.242) | - | - | High
+257 | [52.96.62.226](https://vuldb.com/?ip.52.96.62.226) | - | - | High
+258 | [54.36.185.60](https://vuldb.com/?ip.54.36.185.60) | ip60.ip-54-36-185.eu | - | High
+259 | [54.38.94.197](https://vuldb.com/?ip.54.38.94.197) | ns3140984.ip-54-38-94.eu | - | High
+260 | [54.38.143.245](https://vuldb.com/?ip.54.38.143.245) | tools.inovato.me | - | High
+261 | [54.88.144.211](https://vuldb.com/?ip.54.88.144.211) | va-smtp01.263.net | - | High
+262 | [58.27.215.3](https://vuldb.com/?ip.58.27.215.3) | 58-27-215-3.wateen.net | - | High
+263 | [58.94.58.13](https://vuldb.com/?ip.58.94.58.13) | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High
+264 | [58.96.74.42](https://vuldb.com/?ip.58.96.74.42) | 42.74.96.58.static.exetel.com.au | - | High
+265 | [58.171.38.26](https://vuldb.com/?ip.58.171.38.26) | - | - | High
+266 | [58.216.16.130](https://vuldb.com/?ip.58.216.16.130) | - | - | High
+267 | [58.227.42.236](https://vuldb.com/?ip.58.227.42.236) | - | - | High
+268 | [59.110.18.236](https://vuldb.com/?ip.59.110.18.236) | - | - | High
+269 | [59.120.5.154](https://vuldb.com/?ip.59.120.5.154) | 59-120-5-154.hinet-ip.hinet.net | - | High
+270 | [59.124.1.19](https://vuldb.com/?ip.59.124.1.19) | 59-124-1-19.hinet-ip.hinet.net | - | High
+271 | [59.148.253.194](https://vuldb.com/?ip.59.148.253.194) | 059148253194.ctinets.com | - | High
+272 | [59.152.93.46](https://vuldb.com/?ip.59.152.93.46) | 46.93.152.59.zipnetltd.com | - | High
+273 | [60.36.166.212](https://vuldb.com/?ip.60.36.166.212) | imail.mail.plala.or.jp | - | High
+274 | [60.93.23.51](https://vuldb.com/?ip.60.93.23.51) | softbank060093023051.bbtec.net | - | High
+275 | [60.108.128.186](https://vuldb.com/?ip.60.108.128.186) | softbank060108128186.bbtec.net | - | High
+276 | [60.125.114.64](https://vuldb.com/?ip.60.125.114.64) | softbank060125114064.bbtec.net | - | High
+277 | [60.249.78.226](https://vuldb.com/?ip.60.249.78.226) | 60-249-78-226.hinet-ip.hinet.net | - | High
+278 | [61.19.246.238](https://vuldb.com/?ip.61.19.246.238) | - | - | High
+279 | [61.197.37.169](https://vuldb.com/?ip.61.197.37.169) | pl937.ag1001.nttpc.ne.jp | - | High
+280 | [62.28.40.155](https://vuldb.com/?ip.62.28.40.155) | exchange.ptasp.com | - | High
+281 | [62.30.7.67](https://vuldb.com/?ip.62.30.7.67) | 67.7-30-62.static.virginmediabusiness.co.uk | - | High
+282 | [62.75.141.82](https://vuldb.com/?ip.62.75.141.82) | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High
+283 | [62.84.75.50](https://vuldb.com/?ip.62.84.75.50) | mail.saadegrp.com.lb | - | High
+284 | [62.141.45.103](https://vuldb.com/?ip.62.141.45.103) | vps2009743.fastwebserver.de | - | High
+285 | [62.149.128.42](https://vuldb.com/?ip.62.149.128.42) | imaps.aruba.it | - | High
+286 | [62.149.128.72](https://vuldb.com/?ip.62.149.128.72) | mxd4.aruba.it | - | High
+287 | [62.149.128.179](https://vuldb.com/?ip.62.149.128.179) | pop3s.aruba.it | - | High
+288 | [62.149.128.200](https://vuldb.com/?ip.62.149.128.200) | smtp1.aruba.it | - | High
+289 | [62.149.128.210](https://vuldb.com/?ip.62.149.128.210) | smtpa1.aruba.it | - | High
+290 | [62.149.152.151](https://vuldb.com/?ip.62.149.152.151) | - | - | High
+291 | [62.149.152.152](https://vuldb.com/?ip.62.149.152.152) | - | - | High
+292 | [62.149.157.55](https://vuldb.com/?ip.62.149.157.55) | - | - | High
+293 | [62.171.142.179](https://vuldb.com/?ip.62.171.142.179) | vmi499457.contaboserver.net | - | High
+294 | [62.171.178.147](https://vuldb.com/?ip.62.171.178.147) | vmi365451.contaboserver.net | - | High
+295 | [62.210.127.136](https://vuldb.com/?ip.62.210.127.136) | 62-210-127-136.rev.poneytelecom.eu | - | High
+296 | [62.212.34.102](https://vuldb.com/?ip.62.212.34.102) | - | - | High
+297 | [62.234.99.30](https://vuldb.com/?ip.62.234.99.30) | - | - | High
+298 | [63.142.253.122](https://vuldb.com/?ip.63.142.253.122) | - | - | High
+299 | [64.4.244.68](https://vuldb.com/?ip.64.4.244.68) | - | - | High
+300 | [64.26.60.221](https://vuldb.com/?ip.64.26.60.221) | pop5.csee.onr.siteprotect.com | - | High
+301 | [64.41.126.110](https://vuldb.com/?ip.64.41.126.110) | securesmtp.csee.siteprotect.com | - | High
+302 | [64.59.136.142](https://vuldb.com/?ip.64.59.136.142) | mail.shaw.ca | - | High
+303 | [64.60.82.82](https://vuldb.com/?ip.64.60.82.82) | 64-60-82-82.static-ip.telepacific.net | - | High
+304 | [64.71.36.11](https://vuldb.com/?ip.64.71.36.11) | - | - | High
+305 | [64.85.73.16](https://vuldb.com/?ip.64.85.73.16) | - | - | High
+306 | [64.88.202.250](https://vuldb.com/?ip.64.88.202.250) | - | - | High
+307 | [64.90.62.162](https://vuldb.com/?ip.64.90.62.162) | pop.dreamhost.com | - | High
+308 | [64.91.228.45](https://vuldb.com/?ip.64.91.228.45) | - | - | High
+309 | [64.98.36.5](https://vuldb.com/?ip.64.98.36.5) | mail.b.hostedemail.com | - | High
+310 | [64.98.36.173](https://vuldb.com/?ip.64.98.36.173) | mail.lawyers-mail.com | - | High
+311 | [64.183.73.122](https://vuldb.com/?ip.64.183.73.122) | rrcs-64-183-73-122.west.biz.rr.com | - | High
+312 | [64.190.63.136](https://vuldb.com/?ip.64.190.63.136) | - | - | High
+313 | [64.207.182.168](https://vuldb.com/?ip.64.207.182.168) | - | - | High
+314 | [64.250.117.68](https://vuldb.com/?ip.64.250.117.68) | smtp.movistarcloud.com.ve | - | High
+315 | [65.49.60.163](https://vuldb.com/?ip.65.49.60.163) | 65-49-60-163.ip.linodeusercontent.com | - | High
+316 | [65.55.72.183](https://vuldb.com/?ip.65.55.72.183) | origin.sn134w.snt134.mail.live.com | - | High
+317 | [65.182.102.90](https://vuldb.com/?ip.65.182.102.90) | mail.geantes.com | - | High
+318 | [65.254.228.100](https://vuldb.com/?ip.65.254.228.100) | customer.hostcentric.com | - | High
+319 | [66.23.200.58](https://vuldb.com/?ip.66.23.200.58) | - | - | High
+320 | [66.42.55.5](https://vuldb.com/?ip.66.42.55.5) | 66.42.55.5.vultrusercontent.com | - | High
+321 | [66.50.57.73](https://vuldb.com/?ip.66.50.57.73) | 66-50-57-73.prtc.net | - | High
+322 | [66.54.51.172](https://vuldb.com/?ip.66.54.51.172) | - | - | High
+323 | [66.71.241.102](https://vuldb.com/?ip.66.71.241.102) | mail.nixhost.net | - | High
+324 | [66.76.26.33](https://vuldb.com/?ip.66.76.26.33) | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High
+325 | [66.96.134.1](https://vuldb.com/?ip.66.96.134.1) | 1.134.96.66.static.eigbox.net | - | High
+326 | [66.96.147.103](https://vuldb.com/?ip.66.96.147.103) | 103.147.96.66.static.eigbox.net | - | High
+327 | [66.96.147.110](https://vuldb.com/?ip.66.96.147.110) | 110.147.96.66.static.eigbox.net | - | High
+328 | [66.195.202.115](https://vuldb.com/?ip.66.195.202.115) | mail.navarac.com | - | High
+329 | [66.209.69.165](https://vuldb.com/?ip.66.209.69.165) | - | - | High
+330 | [66.216.234.131](https://vuldb.com/?ip.66.216.234.131) | 066-216-234-131.res.spectrum.com | - | High
+331 | [66.220.110.56](https://vuldb.com/?ip.66.220.110.56) | h66-220-110-56.bendor.broadband.dynamic.tds.net | - | High
+332 | [66.228.32.31](https://vuldb.com/?ip.66.228.32.31) | li282-31.members.linode.com | - | High
+333 | [66.228.45.129](https://vuldb.com/?ip.66.228.45.129) | li326-129.members.linode.com | - | High
+334 | [66.228.61.248](https://vuldb.com/?ip.66.228.61.248) | li318-248.members.linode.com | - | High
+335 | [67.19.105.107](https://vuldb.com/?ip.67.19.105.107) | ns2.datatrust.com.br | - | High
+336 | [67.68.235.25](https://vuldb.com/?ip.67.68.235.25) | bas10-montrealak-67-68-235-25.dsl.bell.ca | - | High
+337 | [67.163.161.107](https://vuldb.com/?ip.67.163.161.107) | c-67-163-161-107.hsd1.pa.comcast.net | - | High
+338 | [67.170.250.203](https://vuldb.com/?ip.67.170.250.203) | c-67-170-250-203.hsd1.ca.comcast.net | - | High
+339 | [67.177.71.77](https://vuldb.com/?ip.67.177.71.77) | c-67-177-71-77.hsd1.al.comcast.net | - | High
+340 | [67.195.197.75](https://vuldb.com/?ip.67.195.197.75) | p9ats-i.geo.vip.bf1.yahoo.com | - | High
+341 | [67.195.228.95](https://vuldb.com/?ip.67.195.228.95) | unknown.yahoo.com | - | High
+342 | [67.212.168.237](https://vuldb.com/?ip.67.212.168.237) | 237.168.212.67.unassigned.ord.singlehop.net | - | High
+343 | [67.216.131.134](https://vuldb.com/?ip.67.216.131.134) | 134.131.216.67.134.static.hargray.net | - | High
+344 | [67.222.2.148](https://vuldb.com/?ip.67.222.2.148) | - | - | High
+345 | [67.225.218.50](https://vuldb.com/?ip.67.225.218.50) | lb01.parklogic.com | - | High
+346 | [67.225.221.173](https://vuldb.com/?ip.67.225.221.173) | host.hddpool2.net | - | High
+347 | [67.225.229.55](https://vuldb.com/?ip.67.225.229.55) | - | - | High
+348 | [67.241.81.253](https://vuldb.com/?ip.67.241.81.253) | cpe-67-241-81-253.twcny.res.rr.com | - | High
+349 | [68.2.97.91](https://vuldb.com/?ip.68.2.97.91) | ip68-2-97-91.ph.ph.cox.net | - | High
+350 | [68.44.137.144](https://vuldb.com/?ip.68.44.137.144) | c-68-44-137-144.hsd1.in.comcast.net | - | High
+351 | [68.66.194.12](https://vuldb.com/?ip.68.66.194.12) | 68.66.194.12.static.a2webhosting.com | - | High
+352 | [68.66.248.6](https://vuldb.com/?ip.68.66.248.6) | nl1-ls1.a2hosting.com | - | High
+353 | [68.178.213.203](https://vuldb.com/?ip.68.178.213.203) | p3plibsmtp03-v01.prod.phx3.secureserver.net | - | High
+354 | [68.183.62.61](https://vuldb.com/?ip.68.183.62.61) | - | - | High
+355 | [68.183.170.114](https://vuldb.com/?ip.68.183.170.114) | 68.183.170.114-e1-8080-keep-up | - | High
+356 | [68.183.190.199](https://vuldb.com/?ip.68.183.190.199) | 68.183.190.199-e1-8080-keep-up | - | High
+357 | [69.16.228.14](https://vuldb.com/?ip.69.16.228.14) | kurt.duplika.com | - | High
+358 | [69.16.254.127](https://vuldb.com/?ip.69.16.254.127) | cloudvpsserver.etelligens.in | - | High
+359 | [69.17.170.58](https://vuldb.com/?ip.69.17.170.58) | unallocated-static.rogers.com | - | High
+360 | [69.43.168.200](https://vuldb.com/?ip.69.43.168.200) | ns0.imunplugged.com | - | High
+361 | [69.43.168.232](https://vuldb.com/?ip.69.43.168.232) | - | - | High
+362 | [69.45.19.251](https://vuldb.com/?ip.69.45.19.251) | coastinet.com | - | High
+363 | [69.61.0.198](https://vuldb.com/?ip.69.61.0.198) | alpha01.serverparlor.net | - | High
+364 | [69.147.92.11](https://vuldb.com/?ip.69.147.92.11) | e1.ycpi.vip.dca.yahoo.com | - | High
+365 | [69.147.92.12](https://vuldb.com/?ip.69.147.92.12) | e2.ycpi.vip.dca.yahoo.com | - | High
+366 | [69.156.240.33](https://vuldb.com/?ip.69.156.240.33) | smtp.transportalliance.ca | - | High
+367 | [69.163.33.82](https://vuldb.com/?ip.69.163.33.82) | - | - | High
+368 | [69.167.152.111](https://vuldb.com/?ip.69.167.152.111) | - | - | High
+369 | [69.168.106.36](https://vuldb.com/?ip.69.168.106.36) | mail.windstream.syn-alias.com | - | High
+370 | [69.175.31.212](https://vuldb.com/?ip.69.175.31.212) | 212.31.175.69.unassigned.ord.singlehop.net | - | High
+371 | [69.198.17.20](https://vuldb.com/?ip.69.198.17.20) | 69-198-17-20.customerip.birch.net | - | High
+372 | [69.198.17.49](https://vuldb.com/?ip.69.198.17.49) | 69-198-17-49.customerip.birch.net | - | High
+373 | [70.32.84.74](https://vuldb.com/?ip.70.32.84.74) | - | - | High
+374 | [70.32.89.105](https://vuldb.com/?ip.70.32.89.105) | parties-at-sea.com | - | High
+375 | [70.32.92.133](https://vuldb.com/?ip.70.32.92.133) | popdesigngroup.com | - | High
+376 | ... | ... | ... | ...

-There are 1492 more IOC items available. Please use our online service to access the data.
+There are 1498 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -404,12 +406,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-250, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1222 | CWE-275 | Permission Issues | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 4 more TTP items available. Please use our online service to access the data.
+There are 17 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -417,20 +420,21 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin/edit_admin_details.php?id=admin` | High
-2 | File | `/alarm_pi/alarmService.php` | High
-3 | File | `/blog/blog.php` | High
-4 | File | `/bsms/?page=manage_account` | High
-5 | File | `/company` | Medium
-6 | File | `/company/account/safety/trade` | High
-7 | File | `/company/down_resume/total/nature` | High
-8 | File | `/company/service/increment/add/im` | High
-9 | File | `/company/view_be_browsed/total` | High
-10 | File | `/dashboard/blocks/stacks/view_details/` | High
-11 | File | `/dashboard/reports/logs/view` | High
-12 | ... | ... | ...
+1 | File | `/action/import_cert_file/` | High
+2 | File | `/action/import_https_cert_file/` | High
+3 | File | `/action/remove/` | High
+4 | File | `/admin/inquiries/view_details.php` | High
+5 | File | `/api/user/userData?userCode=admin` | High
+6 | File | `/ci_hms/massage_room/edit/1` | High
+7 | File | `/ci_hms/search` | High
+8 | File | `/ci_ssms/index.php/orders/create` | High
+9 | File | `/classes/Master.php?f=delete_message` | High
+10 | File | `/classes/Master.php?f=delete_reservation` | High
+11 | File | `/classes/Master.php?f=delete_schedule` | High
+12 | File | `/classes/Master.php?f=delete_service` | High
+13 | ... | ... | ...

-There are 95 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 100 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -526,6 +530,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://community.blueliv.com/#!/s/5fb2ee2482df413eaf344b29
 * https://cyber.wtf/2021/11/15/guess-whos-back/
 * https://ddanchev.blogspot.com/2022/01/profiling-emotet-botnet-c.html
+* https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_05.02.2022.txt
 * https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_24.03.2022.txt
 * https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
 * https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
--- a/actors/FIN12/README.md
+++ b/actors/FIN12/README.md
@ -31,12 +31,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 5 more TTP items available. Please use our online service to access the data.
+There are 17 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -63,7 +64,7 @@ ID | Type | Indicator | Confidence
 17 | File | `AdvancedBluetoothDetailsHeaderController.java` | High
 18 | ... | ... | ...

-There are 143 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 145 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/GALLIUM/README.md
+++ b/actors/GALLIUM/README.md
@ -63,12 +63,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1211 | CWE-254 | 7PK Security Features | High
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 2 more TTP items available. Please use our online service to access the data.
+There are 12 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/GMERA/README.md
+++ b/actors/GMERA/README.md
@ -35,7 +35,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
-2 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+2 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
+3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+4 | ... | ... | ... | ...
+
+There are 3 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Gafgyt/README.md
+++ b/actors/Gafgyt/README.md
@ -42,12 +42,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1222 | CWE-275 | Permission Issues | High
+1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 4 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -62,12 +62,12 @@ ID | Type | Indicator | Confidence
 5 | File | `/LogoStore/search.php` | High
 6 | File | `/modules/projects/vw_files.php` | High
 7 | File | `/sm/api/v1/firewall/zone/services` | High
-8 | File | `admin/limits.php` | High
-9 | File | `AjaxFileUploadHandler.axd` | High
-10 | File | `auth-gss2.c` | Medium
+8 | File | `/usr/bin/pkexec` | High
+9 | File | `admin/limits.php` | High
+10 | File | `AjaxFileUploadHandler.axd` | High
 11 | ... | ... | ...

-There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Gamarue/README.md
+++ b/actors/Gamarue/README.md
@ -42,7 +42,7 @@ ID | IP address | Hostname | Campaign | Confidence
 19 | [52.230.217.195](https://vuldb.com/?ip.52.230.217.195) | - | - | High
 20 | ... | ... | ... | ...

-There are 75 more IOC items available. Please use our online service to access the data.
+There are 77 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -50,12 +50,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -73,28 +75,28 @@ ID | Type | Indicator | Confidence
 8 | File | `/cgi-bin/wapopen` | High
 9 | File | `/config/netconf.cmd` | High
 10 | File | `/etc/config/image_sign` | High
-11 | File | `/etc/sudoers` | Medium
-12 | File | `/folder/list` | Medium
-13 | File | `/forms/nslookupHandler` | High
-14 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
-15 | File | `/group/comment` | High
-16 | File | `/icingaweb2/navigation/add` | High
-17 | File | `/lookin/info` | Medium
-18 | File | `/plugins/servlet/jira-blockers/` | High
-19 | File | `/register.do` | Medium
-20 | File | `/sessions/sess_<sessionid>` | High
-21 | File | `/themes/<php_file_name>` | High
-22 | File | `/tmp/speedtest_urls.xml` | High
-23 | File | `/uncpath/` | Medium
-24 | File | `/upload` | Low
-25 | File | `/var/log/nginx` | High
-26 | File | `/wbg/core/_includes/authorization.inc.php` | High
-27 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
-28 | File | `/wp-admin/admin.php` | High
-29 | File | `/wp-content/plugins/updraftplus/admin.php` | High
+11 | File | `/folder/list` | Medium
+12 | File | `/forms/nslookupHandler` | High
+13 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
+14 | File | `/group/comment` | High
+15 | File | `/icingaweb2/navigation/add` | High
+16 | File | `/lookin/info` | Medium
+17 | File | `/plugins/servlet/jira-blockers/` | High
+18 | File | `/register.do` | Medium
+19 | File | `/sessions/sess_<sessionid>` | High
+20 | File | `/themes/<php_file_name>` | High
+21 | File | `/tmp/speedtest_urls.xml` | High
+22 | File | `/uncpath/` | Medium
+23 | File | `/upload` | Low
+24 | File | `/var/log/nginx` | High
+25 | File | `/wbg/core/_includes/authorization.inc.php` | High
+26 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
+27 | File | `/wp-admin/admin.php` | High
+28 | File | `/wp-content/plugins/updraftplus/admin.php` | High
+29 | File | `account.asp` | Medium
 30 | ... | ... | ...

-There are 256 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -111,6 +113,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html
 * https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
 * https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
+* https://blog.talosintelligence.com/2022/06/threat-roundup-0617-0624.html

 ## Literature

--- a/actors/Gelsemium/README.md
+++ b/actors/Gelsemium/README.md
@ -28,6 +28,10 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1202 | CWE-77 | Command Injection | High
+4 | ... | ... | ... | ...
+
+There are 1 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Gh0stRAT/README.md
+++ b/actors/Gh0stRAT/README.md
@ -97,12 +97,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
+6 | ... | ... | ... | ...

-There are 9 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -116,48 +118,48 @@ ID | Type | Indicator | Confidence
 4 | File | `/admin/login.php` | High
 5 | File | `/cgi-bin/luci/api/auth` | High
 6 | File | `/cgi-bin/luci/api/diagnose` | High
-7 | File | `/Content/Template/root/reverse-shell.aspx` | High
-8 | File | `/debug/pprof` | Medium
-9 | File | `/dev/tty` | Medium
-10 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
+7 | File | `/classes/Master.php?f=delete_train` | High
+8 | File | `/Content/Template/root/reverse-shell.aspx` | High
+9 | File | `/debug/pprof` | Medium
+10 | File | `/dev/tty` | Medium
 11 | File | `/etc/config/image_sign` | High
-12 | File | `/etc/groups` | Medium
-13 | File | `/forum/away.php` | High
-14 | File | `/gaia-job-admin/user/add` | High
-15 | File | `/goforms/rlminfo` | High
-16 | File | `/HNAP1` | Low
-17 | File | `/login` | Low
-18 | File | `/login.html` | Medium
-19 | File | `/magnoliaPublic/travel/members/login.html` | High
-20 | File | `/member/index/login.html` | High
-21 | File | `/mgmt/tm/util/bash` | High
-22 | File | `/ocwbs/admin/?page=user/manage_user` | High
-23 | File | `/ofrs/admin/?page=user/manage_user` | High
-24 | File | `/p1/p2/:name` | Medium
-25 | File | `/php/passport/index.php` | High
-26 | File | `/rdms/admin/?page=user/manage_user` | High
-27 | File | `/requests.php` | High
-28 | File | `/saml/login` | Medium
-29 | File | `/ScadaBR/login.htm` | High
-30 | File | `/setting/setDeviceName` | High
-31 | File | `/setting/setLanguageCfg` | High
-32 | File | `/setting/setUploadSetting` | High
-33 | File | `/upload` | Low
-34 | File | `/user-utils/users/md5.json` | High
-35 | File | `/userRpm/popupSiteSurveyRpm.html` | High
-36 | File | `/var/adm/btmp` | High
-37 | File | `/vloggers_merch/?p=view_product` | High
-38 | File | `/wp-admin/admin-ajax.php` | High
-39 | File | `account/login.php` | High
-40 | File | `ad/login.asp` | Medium
-41 | File | `admin.inc.php` | High
-42 | File | `admin/?page=students` | High
-43 | File | `admin/admin_ping.php` | High
-44 | File | `admin/conf_users_edit.php` | High
-45 | File | `admin/index.php` | High
+12 | File | `/forum/away.php` | High
+13 | File | `/gaia-job-admin/user/add` | High
+14 | File | `/goforms/rlminfo` | High
+15 | File | `/HNAP1` | Low
+16 | File | `/login` | Low
+17 | File | `/member/index/login.html` | High
+18 | File | `/mgmt/tm/util/bash` | High
+19 | File | `/ocwbs/admin/?page=user/manage_user` | High
+20 | File | `/ofrs/admin/?page=user/manage_user` | High
+21 | File | `/p1/p2/:name` | Medium
+22 | File | `/php/passport/index.php` | High
+23 | File | `/rdms/admin/?page=user/manage_user` | High
+24 | File | `/requests.php` | High
+25 | File | `/saml/login` | Medium
+26 | File | `/ScadaBR/login.htm` | High
+27 | File | `/setting/setDeviceName` | High
+28 | File | `/setting/setLanguageCfg` | High
+29 | File | `/setting/setUploadSetting` | High
+30 | File | `/spip.php` | Medium
+31 | File | `/upload` | Low
+32 | File | `/user-utils/users/md5.json` | High
+33 | File | `/userRpm/popupSiteSurveyRpm.html` | High
+34 | File | `/var/adm/btmp` | High
+35 | File | `/vloggers_merch/?p=view_product` | High
+36 | File | `/wp-admin/admin-ajax.php` | High
+37 | File | `account/login.php` | High
+38 | File | `ad/login.asp` | Medium
+39 | File | `admin.inc.php` | High
+40 | File | `admin/?page=students` | High
+41 | File | `admin/admin_ping.php` | High
+42 | File | `admin/conf_users_edit.php` | High
+43 | File | `admin/index.php` | High
+44 | File | `admin/login.php` | High
+45 | File | `admin/navbar.php?action=add_page` | High
 46 | ... | ... | ...

-There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 397 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Steppe/README.md
+++ b/Steppe/README.md
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grizzly Steppe:

-* [RU](https://vuldb.com/?country.ru)
 * [US](https://vuldb.com/?country.us)
+* [RU](https://vuldb.com/?country.ru)
 * [NL](https://vuldb.com/?country.nl)
 * ...

-There are 9 more country items available. Please use our online service to access the data.
+There are 7 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -155,12 +155,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 9 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -172,40 +174,38 @@ ID | Type | Indicator | Confidence
 2 | File | `/about.php` | Medium
 3 | File | `/acms/admin/?page=transactions/manage_transaction` | High
 4 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
-5 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-6 | File | `/anony/mjpg.cgi` | High
+5 | File | `/admin/` | Low
+6 | File | `/admin/photo.php` | High
 7 | File | `/Ap4RtpAtom.cpp` | High
-8 | File | `/api/students/me/messages/` | High
-9 | File | `/bcms/admin/?page=user/list` | High
+8 | File | `/bcms/admin/?page=user/list` | High
+9 | File | `/bsms/?page=manage_account` | High
 10 | File | `/car-rental-management-system/admin/manage_user.php` | High
-11 | File | `/category.php` | High
-12 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
-13 | File | `/cdsms/classes/Master.php?f=delete_package` | High
-14 | File | `/cgi-bin/kerbynet` | High
-15 | File | `/cgi-bin/login.cgi` | High
-16 | File | `/cgi-bin/luci/api/switch` | High
-17 | File | `/cgi-bin/luci/api/wireless` | High
-18 | File | `/cms/admin/?page=invoice/manage_invoice` | High
-19 | File | `/cms/classes/Master.php?f=delete_invoice` | High
-20 | File | `/cms/classes/Users.php?f=delete` | High
-21 | File | `/common/info.cgi` | High
-22 | File | `/course/api/upload/pic` | High
-23 | File | `/ctpms/admin/individuals/update_status.php` | High
-24 | File | `/dashboard/snapshot/*?orgId=0` | High
-25 | File | `/debug/pprof` | Medium
+11 | File | `/cgi-bin/kerbynet` | High
+12 | File | `/cgi-bin/login.cgi` | High
+13 | File | `/ci_hms/massage_room/edit/1` | High
+14 | File | `/classes/Master.php?f=delete_schedule` | High
+15 | File | `/cms/admin/?page=invoice/manage_invoice` | High
+16 | File | `/cms/classes/Master.php?f=delete_invoice` | High
+17 | File | `/cms/classes/Users.php?f=delete` | High
+18 | File | `/company/down_resume/total/nature` | High
+19 | File | `/core/conditions/AbstractWrapper.java` | High
+20 | File | `/course/api/upload/pic` | High
+21 | File | `/ctpms/admin/individuals/update_status.php` | High
+22 | File | `/dashboard/reports/logs/view` | High
+23 | File | `/dashboard/snapshot/*?orgId=0` | High
+24 | File | `/debug/pprof` | Medium
+25 | File | `/forum/away.php` | High
 26 | File | `/fuel/index.php/fuel/logs/items` | High
 27 | File | `/fuel/sitevariables/delete/4` | High
 28 | File | `/getcfg.php` | Medium
 29 | File | `/goform/SetFirewallCfg` | High
-30 | File | `/goform/WifiExtraSet` | High
-31 | File | `/guest/s/default/` | High
+30 | File | `/guest/s/default/` | High
+31 | File | `/hprms/admin/doctors/manage_doctor.php` | High
 32 | File | `/hub/api/user` | High
-33 | File | `/include/chart_generator.php` | High
-34 | File | `/Items/*/RemoteImages/Download` | High
-35 | File | `/itop/webservices/export-v2.php` | High
-36 | ... | ... | ...
+33 | File | `/index/jobfairol/show/` | High
+34 | ... | ... | ...

-There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 288 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Hancitor/README.md
+++ b/actors/Hancitor/README.md
@ -57,12 +57,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -87,27 +89,27 @@ ID | Type | Indicator | Confidence
 15 | File | `/objects/getImageMP4.php` | High
 16 | File | `/one_church/userregister.php` | High
 17 | File | `/out.php` | Medium
-18 | File | `/public/plugins/` | High
-19 | File | `/replication` | Medium
-20 | File | `/req_password_user.php` | High
-21 | File | `/SAP_Information_System/controllers/add_admin.php` | High
-22 | File | `/SASWebReportStudio/logonAndRender.do` | High
-23 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-24 | File | `/secure/admin/ViewInstrumentation.jspa` | High
-25 | File | `/secure/QueryComponent!Default.jspa` | High
-26 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
-27 | File | `/tmp` | Low
-28 | File | `/uncpath/` | Medium
-29 | File | `/usr/syno/etc/mount.conf` | High
-30 | File | `/v2/quantum/save-data-upload-big-file` | High
-31 | File | `/WEB-INF/web.xml` | High
-32 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
-33 | File | `/wp-json/oembed/1.0/embed?url` | High
-34 | File | `4.edu.php` | Medium
-35 | File | `adclick.php` | Medium
+18 | File | `/owa/auth/logon.aspx` | High
+19 | File | `/public/plugins/` | High
+20 | File | `/replication` | Medium
+21 | File | `/req_password_user.php` | High
+22 | File | `/SAP_Information_System/controllers/add_admin.php` | High
+23 | File | `/SASWebReportStudio/logonAndRender.do` | High
+24 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+25 | File | `/secure/admin/ViewInstrumentation.jspa` | High
+26 | File | `/secure/QueryComponent!Default.jspa` | High
+27 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
+28 | File | `/tmp` | Low
+29 | File | `/uncpath/` | Medium
+30 | File | `/usr/syno/etc/mount.conf` | High
+31 | File | `/v2/quantum/save-data-upload-big-file` | High
+32 | File | `/WEB-INF/web.xml` | High
+33 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
+34 | File | `/wp-json/oembed/1.0/embed?url` | High
+35 | File | `4.edu.php` | Medium
 36 | ... | ... | ...

-There are 307 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 305 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Inception/README.md
+++ b/actors/Inception/README.md
@ -15,7 +15,7 @@ The following _campaigns_ are known and can be associated with Inception:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Inception:

 * [AR](https://vuldb.com/?country.ar)
-* [SV](https://vuldb.com/?country.sv)
+* [ES](https://vuldb.com/?country.es)
 * [PL](https://vuldb.com/?country.pl)
 * ...

@ -40,12 +40,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1008 | CWE-757 | Algorithm Downgrade | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -64,31 +66,29 @@ ID | Type | Indicator | Confidence
 9 | File | `/admin/inbox.php&action=read` | High
 10 | File | `/admin/usermanagement.php` | High
 11 | File | `/administrator/alerts/alertLightbox.php` | High
-12 | File | `/api/part_categories` | High
-13 | File | `/api/programs/orgUnits?programs` | High
-14 | File | `/api/students/me/courses/` | High
-15 | File | `/apps/acs-commons/content/page-compare.html` | High
-16 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
-17 | File | `/bcms/admin/?page=service_transactions/view_details` | High
-18 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
-19 | File | `/blog/blog.php` | High
-20 | File | `/cgi-bin/luci/api/diagnose` | High
-21 | File | `/cgi-bin/main.cgi` | High
-22 | File | `/cgi-mod/lookup.cgi` | High
-23 | File | `/cgi/ansi` | Medium
-24 | File | `/cms/classes/Master.php?f=delete_designation` | High
-25 | File | `/controller/Adv.php` | High
-26 | File | `/createnewaccount` | High
-27 | File | `/dashboard/blocks/stacks/view_details/` | High
-28 | File | `/dev/urandom` | Medium
-29 | File | `/dl/dl_sendmail.php` | High
-30 | File | `/dvcset/sysset/set.cgi` | High
-31 | File | `/ecrire` | Low
-32 | File | `/etc/sudoers` | Medium
-33 | File | `/example/editor` | High
-34 | ... | ... | ...
+12 | File | `/ajax/clear_tools_log/` | High
+13 | File | `/api/part_categories` | High
+14 | File | `/api/programs/orgUnits?programs` | High
+15 | File | `/api/students/me/courses/` | High
+16 | File | `/apps/acs-commons/content/page-compare.html` | High
+17 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
+18 | File | `/bcms/admin/?page=service_transactions/view_details` | High
+19 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
+20 | File | `/blog/blog.php` | High
+21 | File | `/cgi-bin/luci/api/diagnose` | High
+22 | File | `/cgi-bin/main.cgi` | High
+23 | File | `/cgi-mod/lookup.cgi` | High
+24 | File | `/cgi/ansi` | Medium
+25 | File | `/classes/Master.php?f=delete_train` | High
+26 | File | `/cms/classes/Master.php?f=delete_designation` | High
+27 | File | `/controller/Adv.php` | High
+28 | File | `/createnewaccount` | High
+29 | File | `/dashboard/blocks/stacks/view_details/` | High
+30 | File | `/dev/urandom` | Medium
+31 | File | `/dl/dl_sendmail.php` | High
+32 | ... | ... | ...

-There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Police/README.md
+++ b/Police/README.md
@ -0,0 +1,91 @@
+# India Police - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [India Police](https://vuldb.com/?actor.india_police). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.india_police](https://vuldb.com/?actor.india_police)
+
+## Campaigns
+
+The following _campaigns_ are known and can be associated with India Police:
+
+* Spyware
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with India Police:
+
+* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)
+* [AU](https://vuldb.com/?country.au)
+* ...
+
+There are 11 more country items available. Please use our online service to access the data.
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of India Police.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [5.1.82.106](https://vuldb.com/?ip.5.1.82.106) | 5-1-82-106.static.creoline.net | Spyware | High
+2 | [8.5.1.33](https://vuldb.com/?ip.8.5.1.33) | - | Spyware | High
+3 | [8.5.1.49](https://vuldb.com/?ip.8.5.1.49) | - | Spyware | High
+4 | [34.246.254.156](https://vuldb.com/?ip.34.246.254.156) | ec2-34-246-254-156.eu-west-1.compute.amazonaws.com | Spyware | Medium
+5 | [36.86.63.182](https://vuldb.com/?ip.36.86.63.182) | - | Spyware | High
+6 | [52.4.209.250](https://vuldb.com/?ip.52.4.209.250) | ec2-52-4-209-250.compute-1.amazonaws.com | Spyware | Medium
+7 | [54.210.47.225](https://vuldb.com/?ip.54.210.47.225) | ec2-54-210-47-225.compute-1.amazonaws.com | Spyware | Medium
+8 | [64.15.205.100](https://vuldb.com/?ip.64.15.205.100) | - | Spyware | High
+9 | [64.15.205.101](https://vuldb.com/?ip.64.15.205.101) | - | Spyware | High
+10 | ... | ... | ... | ...
+
+There are 35 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _India Police_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+4 | ... | ... | ... | ...
+
+There are 1 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by India Police. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `%PROGRAMDATA%\Razer Chroma\SDK\Apps` | High
+2 | File | `.htaccess` | Medium
+3 | File | `/cgi-bin/webviewer_login_page` | High
+4 | File | `/mgmt/tm/util/bash` | High
+5 | File | `/recordings/index.php` | High
+6 | File | `/uncpath/` | Medium
+7 | File | `add_vhost.php` | High
+8 | File | `admin-ajax.php` | High
+9 | File | `and/or` | Low
+10 | File | `arsys/servlet/AttachServlet` | High
+11 | ... | ... | ...
+
+There are 87 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://ddanchev.blogspot.com/2022/06/exposing-indian-police-spyware-cyber.html
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Indra/README.md
+++ b/actors/Indra/README.md
@ -0,0 +1,70 @@
+# Indra - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Indra](https://vuldb.com/?actor.indra). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.indra](https://vuldb.com/?actor.indra)
+
+## Campaigns
+
+The following _campaigns_ are known and can be associated with Indra:
+
+* Iran
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Indra:
+
+* [NL](https://vuldb.com/?country.nl)
+* [US](https://vuldb.com/?country.us)
+* [TH](https://vuldb.com/?country.th)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Indra.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [68.183.79.77](https://vuldb.com/?ip.68.183.79.77) | - | Iran | High
+2 | [139.59.89.238](https://vuldb.com/?ip.139.59.89.238) | 481010.cloudwaysapps.com | Iran | High
+3 | [167.172.177.158](https://vuldb.com/?ip.167.172.177.158) | - | Iran | High
+4 | ... | ... | ... | ...
+
+There are 1 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Indra_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1505 | CWE-89 | SQL Injection | High
+4 | ... | ... | ... | ...
+
+There are 1 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Indra. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | Argument | `PAGE_SIZE` | Medium
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://research.checkpoint.com/2021/indra-hackers-behind-recent-attacks-on-iran/
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Iron/README.md
+++ b/actors/Iron/README.md
@ -31,12 +31,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
+7 | ... | ... | ... | ...

-There are 9 more TTP items available. Please use our online service to access the data.
+There are 24 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -45,17 +48,17 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `%PROGRAMDATA%\ASUS\GamingCenterLib` | High
-2 | File | `/account/login` | High
-3 | File | `/adherents/note.php?id=1` | High
-4 | File | `/admin/ajax.php` | High
-5 | File | `/Api/ASF` | Medium
-6 | File | `/bin/sh` | Low
+2 | File | `../FILEDIR` | Medium
+3 | File | `/account/login` | High
+4 | File | `/adherents/note.php?id=1` | High
+5 | File | `/admin/ajax.php` | High
+6 | File | `/Api/ASF` | Medium
 7 | File | `/cgi-bin/cgiServer.exx` | High
 8 | File | `/cgi?1&5` | Medium
 9 | File | `/clients/editclient.php` | High
 10 | File | `/CommunitySSORedirect.jsp` | High
-11 | File | `/dl/dl_sendmail.php` | High
-12 | File | `/downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language` | High
+11 | File | `/ctpms/admin/?page=applications/view_application` | High
+12 | File | `/dl/dl_sendmail.php` | High
 13 | File | `/formStaticDHCP` | High
 14 | File | `/formVirtualApp` | High
 15 | File | `/formVirtualServ` | High
@ -67,18 +70,18 @@ ID | Type | Indicator | Confidence
 21 | File | `/master/core/PostHandler.php` | High
 22 | File | `/medianet/sgcontentset.aspx` | High
 23 | File | `/Nodes-Traffic.php` | High
-24 | File | `/proc` | Low
-25 | File | `/proc/pid/syscall` | High
-26 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
-27 | File | `/rss.xml` | Medium
-28 | File | `/send_join` | Medium
-29 | File | `/settings/profile` | High
-30 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c` | High
-31 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
-32 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c` | High
+24 | File | `/proc/pid/syscall` | High
+25 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
+26 | File | `/rss.xml` | Medium
+27 | File | `/settings/profile` | High
+28 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c` | High
+29 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
+30 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c` | High
+31 | File | `/sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c` | High
+32 | File | `/tmp/swhks.pid` | High
 33 | ... | ... | ...

-There are 284 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 281 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Janeleiro/README.md
+++ b/actors/Janeleiro/README.md
@ -23,6 +23,14 @@ ID | IP address | Hostname | Campaign | Confidence

 There are 1 more IOC items available. Please use our online service to access the data.

+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Janeleiro_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1592 | CWE-200 | Configuration | High
+
 ## IOA - Indicator of Attack

 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Janeleiro. This data is unique as it uses our predictive model for actor profiling.
--- a/actors/Kimsuky/README.md
+++ b/actors/Kimsuky/README.md
@ -62,29 +62,29 @@ ID | Type | Indicator | Confidence
 2 | File | `/?/admin/snippet/add` | High
 3 | File | `/assets/something/services/AppModule.class` | High
 4 | File | `/bin/false` | Medium
-5 | File | `/cgi-bin/webproc` | High
-6 | File | `/editsettings` | High
-7 | File | `/expert_wizard.php` | High
-8 | File | `/forum/away.php` | High
-9 | File | `/images/browserslide.jpg` | High
-10 | File | `/includes/lib/get.php` | High
-11 | File | `/login` | Low
-12 | File | `/main?cmd=invalid_browser` | High
-13 | File | `/manager?action=getlogcat` | High
-14 | File | `/mc` | Low
-15 | File | `/plugins/Dashboard/Controller.php` | High
-16 | File | `/public/plugins/` | High
-17 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
-18 | File | `/SASWebReportStudio/logonAndRender.do` | High
-19 | File | `/scas/admin/` | Medium
-20 | File | `/tlogin.cgi` | Medium
-21 | File | `/tmp/scfgdndf` | High
-22 | File | `/uncpath/` | Medium
-23 | File | `/upload` | Low
-24 | File | `/usr/ucb/mail` | High
+5 | File | `/cgi-bin/luci/api/wireless` | High
+6 | File | `/cgi-bin/webproc` | High
+7 | File | `/editsettings` | High
+8 | File | `/expert_wizard.php` | High
+9 | File | `/forum/away.php` | High
+10 | File | `/images/browserslide.jpg` | High
+11 | File | `/includes/lib/get.php` | High
+12 | File | `/login` | Low
+13 | File | `/main?cmd=invalid_browser` | High
+14 | File | `/manager?action=getlogcat` | High
+15 | File | `/mc` | Low
+16 | File | `/plugins/Dashboard/Controller.php` | High
+17 | File | `/public/plugins/` | High
+18 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
+19 | File | `/SASWebReportStudio/logonAndRender.do` | High
+20 | File | `/scas/admin/` | Medium
+21 | File | `/tlogin.cgi` | Medium
+22 | File | `/tmp/scfgdndf` | High
+23 | File | `/uncpath/` | Medium
+24 | File | `/upload` | Low
 25 | ... | ... | ...

-There are 210 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 212 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Lazarus/README.md
+++ b/actors/Lazarus/README.md
@ -21,8 +21,11 @@ There are 8 more campaign items available. Please use our online service to acce
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lazarus:

 * [VN](https://vuldb.com/?country.vn)
-* [US](https://vuldb.com/?country.us)
 * [IN](https://vuldb.com/?country.in)
+* [US](https://vuldb.com/?country.us)
+* ...
+
+There are 2 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -225,12 +228,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79 | Cross Site Scripting | High
-2 | T1068 | CWE-250, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 4 more TTP items available. Please use our online service to access the data.
+There are 16 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -238,22 +242,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/alarm_pi/alarmService.php` | High
-2 | File | `/bsms/?page=manage_account` | High
-3 | File | `/company` | Medium
-4 | File | `/company/account/safety/trade` | High
-5 | File | `/company/down_resume/total/nature` | High
-6 | File | `/company/service/increment/add/im` | High
-7 | File | `/company/view_be_browsed/total` | High
-8 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
-9 | File | `/fm-data.lua` | Medium
-10 | File | `/freelance/resume_list` | High
-11 | File | `/home/campus/campus_job` | High
-12 | File | `/home/job/index` | High
-13 | File | `/home/job/map` | High
-14 | ... | ... | ...
+1 | File | `/action/import_cert_file/` | High
+2 | File | `/action/import_https_cert_file/` | High
+3 | File | `/action/remove/` | High
+4 | File | `/admin/inquiries/view_details.php` | High
+5 | File | `/api/user/userData?userCode=admin` | High
+6 | File | `/ci_hms/massage_room/edit/1` | High
+7 | File | `/ci_hms/search` | High
+8 | File | `/ci_ssms/index.php/orders/create` | High
+9 | File | `/classes/Master.php?f=delete_message` | High
+10 | File | `/classes/Master.php?f=delete_reservation` | High
+11 | File | `/classes/Master.php?f=delete_schedule` | High
+12 | ... | ... | ...

-There are 108 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Press/README.md
+++ b/Press/README.md
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Liberty Front Press:

 * [US](https://vuldb.com/?country.us)
-* [VN](https://vuldb.com/?country.vn)
 * [CN](https://vuldb.com/?country.cn)
+* [VN](https://vuldb.com/?country.vn)
 * ...

-There are 22 more country items available. Please use our online service to access the data.
+There are 20 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -103,38 +103,39 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/.ssh/authorized_keys` | High
-2 | File | `/admin.php` | Medium
-3 | File | `/bcms/admin/?page=user/list` | High
-4 | File | `/cgi-bin/luci/api/auth` | High
-5 | File | `/cgi-bin/luci/api/diagnose` | High
-6 | File | `/CMD_ACCOUNT_ADMIN` | High
-7 | File | `/context/%2e/WEB-INF/web.xml` | High
-8 | File | `/core/admin/categories.php` | High
-9 | File | `/debug/pprof` | Medium
-10 | File | `/etc/config/image_sign` | High
-11 | File | `/etc/groups` | Medium
-12 | File | `/filemanager/php/connector.php` | High
-13 | File | `/forum/away.php` | High
-14 | File | `/fuel/index.php/fuel/logs/items` | High
-15 | File | `/mgmt/tm/util/bash` | High
-16 | File | `/MTFWU` | Low
-17 | File | `/php/passport/index.php` | High
-18 | File | `/proc/<pid>/status` | High
-19 | File | `/public/plugins/` | High
-20 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-21 | File | `/secure/QueryComponent!Default.jspa` | High
-22 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
-23 | File | `/tmp` | Low
-24 | File | `/uncpath/` | Medium
-25 | File | `/updown/upload.cgi` | High
-26 | File | `/user-utils/users/md5.json` | High
-27 | File | `/userRpm/popupSiteSurveyRpm.html` | High
-28 | File | `/usr/bin/pkexec` | High
-29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
-30 | ... | ... | ...
+1 | File | `//proc/kcore` | Medium
+2 | File | `/about.php` | Medium
+3 | File | `/admin.php` | Medium
+4 | File | `/admin/` | Low
+5 | File | `/admin/photo.php` | High
+6 | File | `/Ap4RtpAtom.cpp` | High
+7 | File | `/bcms/admin/?page=user/list` | High
+8 | File | `/bsms/?page=manage_account` | High
+9 | File | `/cgi-bin/login.cgi` | High
+10 | File | `/cgi-bin/luci/api/auth` | High
+11 | File | `/cgi-bin/luci/api/diagnose` | High
+12 | File | `/CMD_ACCOUNT_ADMIN` | High
+13 | File | `/context/%2e/WEB-INF/web.xml` | High
+14 | File | `/core/admin/categories.php` | High
+15 | File | `/dashboard/reports/logs/view` | High
+16 | File | `/debug/pprof` | Medium
+17 | File | `/etc/config/image_sign` | High
+18 | File | `/etc/groups` | Medium
+19 | File | `/forum/away.php` | High
+20 | File | `/fuel/index.php/fuel/logs/items` | High
+21 | File | `/fuel/sitevariables/delete/4` | High
+22 | File | `/hprms/admin/doctors/manage_doctor.php` | High
+23 | File | `/index/jobfairol/show/` | High
+24 | File | `/librarian/bookdetails.php` | High
+25 | File | `/mgmt/tm/util/bash` | High
+26 | File | `/MTFWU` | Low
+27 | File | `/owa/auth/logon.aspx` | High
+28 | File | `/php/passport/index.php` | High
+29 | File | `/public/plugins/` | High
+30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+31 | ... | ... | ...

-There are 255 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/LockBit/README.md
+++ b/actors/LockBit/README.md
@ -34,9 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1557 | CWE-300 | Channel Accessible by Non-Endpoint | High
+1 | T1055 | CWE-74 | Injection | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
+
+There are 8 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Lodeinfo/README.md
+++ b/actors/Lodeinfo/README.md
@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1211 | CWE-254 | 7PK Security Features | High
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 1 more TTP items available. Please use our online service to access the data.
+There are 13 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/LokiBot/README.md
+++ b/actors/LokiBot/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [VN](https://vuldb.com/?country.vn)
 * ...

-There are 20 more country items available. Please use our online service to access the data.
+There are 18 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -114,37 +114,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/.ssh/authorized_keys` | High
-2 | File | `/Ap4RtpAtom.cpp` | High
-3 | File | `/bcms/admin/?page=user/list` | High
-4 | File | `/cgi-bin/luci/api/auth` | High
-5 | File | `/cgi-bin/luci/api/diagnose` | High
-6 | File | `/CMD_ACCOUNT_ADMIN` | High
-7 | File | `/context/%2e/WEB-INF/web.xml` | High
-8 | File | `/core/admin/categories.php` | High
-9 | File | `/debug/pprof` | Medium
-10 | File | `/etc/config/image_sign` | High
-11 | File | `/etc/groups` | Medium
-12 | File | `/filemanager/php/connector.php` | High
-13 | File | `/forum/away.php` | High
-14 | File | `/fuel/index.php/fuel/logs/items` | High
-15 | File | `/mgmt/tm/util/bash` | High
-16 | File | `/MTFWU` | Low
-17 | File | `/php/passport/index.php` | High
-18 | File | `/proc/<pid>/status` | High
-19 | File | `/public/login.htm` | High
-20 | File | `/public/plugins/` | High
-21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-22 | File | `/secure/QueryComponent!Default.jspa` | High
-23 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
-24 | File | `/tmp` | Low
-25 | File | `/uncpath/` | Medium
-26 | File | `/updown/upload.cgi` | High
-27 | File | `/user-utils/users/md5.json` | High
-28 | File | `/userRpm/popupSiteSurveyRpm.html` | High
-29 | File | `/usr/bin/pkexec` | High
+2 | File | `//proc/kcore` | Medium
+3 | File | `/Ap4RtpAtom.cpp` | High
+4 | File | `/bcms/admin/?page=user/list` | High
+5 | File | `/bsms/?page=manage_account` | High
+6 | File | `/cgi-bin/login.cgi` | High
+7 | File | `/cgi-bin/luci/api/auth` | High
+8 | File | `/cgi-bin/luci/api/diagnose` | High
+9 | File | `/CMD_ACCOUNT_ADMIN` | High
+10 | File | `/context/%2e/WEB-INF/web.xml` | High
+11 | File | `/core/admin/categories.php` | High
+12 | File | `/dashboard/reports/logs/view` | High
+13 | File | `/debug/pprof` | Medium
+14 | File | `/etc/config/image_sign` | High
+15 | File | `/etc/groups` | Medium
+16 | File | `/forum/away.php` | High
+17 | File | `/fuel/index.php/fuel/logs/items` | High
+18 | File | `/fuel/sitevariables/delete/4` | High
+19 | File | `/hprms/admin/doctors/manage_doctor.php` | High
+20 | File | `/index/jobfairol/show/` | High
+21 | File | `/librarian/bookdetails.php` | High
+22 | File | `/mgmt/tm/util/bash` | High
+23 | File | `/MTFWU` | Low
+24 | File | `/php/passport/index.php` | High
+25 | File | `/public/login.htm` | High
+26 | File | `/public/plugins/` | High
+27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+28 | File | `/secure/QueryComponent!Default.jspa` | High
+29 | File | `/setting/setDeviceName` | High
 30 | ... | ... | ...

-There are 252 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Lorec53/README.md
+++ b/actors/Lorec53/README.md
@ -38,7 +38,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1202 | CWE-77, CWE-78 | Command Injection | High
+4 | ... | ... | ... | ...
+
+There are 3 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Magecart/README.md
+++ b/actors/Magecart/README.md
@ -49,12 +49,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 17 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -63,22 +64,22 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `../FILEDIR` | Medium
-2 | File | `//proc/kcore` | Medium
-3 | File | `/acms/admin/?page=transactions/manage_transaction` | High
+2 | File | `/(((a\2)|(a*)\g&lt/-1&gt/))*/` | High
+3 | File | `//proc/kcore` | Medium
 4 | File | `/admin.php/pic/admin/type/del` | High
 5 | File | `/admin.php/vod/admin/topic/del` | High
 6 | File | `/admin.php?p=/User/index` | High
 7 | File | `/admin/communitymanagement.php` | High
 8 | File | `/admin/conferences/get-all-status/` | High
 9 | File | `/Ap4RtpAtom.cpp` | High
-10 | File | `/assets/partials/_handleLogin.php` | High
-11 | File | `/bcms/admin/?page=user/list` | High
-12 | File | `/bcms/admin/?page=user/manage_user` | High
-13 | File | `/bcms/admin/services/view_service.php` | High
-14 | File | `/bsms/?page=manage_account` | High
-15 | File | `/cardo/api` | Medium
-16 | File | `/cgi-bin/editBookmark` | High
-17 | File | `/cms/classes/Master.php?f=delete_designation` | High
+10 | File | `/bcms/admin/?page=user/list` | High
+11 | File | `/bcms/admin/?page=user/manage_user` | High
+12 | File | `/bcms/admin/services/view_service.php` | High
+13 | File | `/bsms/?page=manage_account` | High
+14 | File | `/cardo/api` | Medium
+15 | File | `/cgi-bin/login.cgi` | High
+16 | File | `/ci_hms/massage_room/edit/1` | High
+17 | File | `/classes/Master.php?f=delete_train` | High
 18 | File | `/company` | Medium
 19 | File | `/dashboard/reports/logs/view` | High
 20 | File | `/debug/pprof` | Medium
@ -88,16 +89,16 @@ ID | Type | Indicator | Confidence
 24 | File | `/fuel/sitevariables/delete/4` | High
 25 | File | `/getImage` | Medium
 26 | File | `/goform/aspForm` | High
-27 | File | `/goform/setpptpservercfg` | High
-28 | File | `/help/treecontent.jsp` | High
-29 | File | `/hprms/admin/?page=patients/view_patient` | High
-30 | File | `/hprms/admin/patients/manage_patient.php` | High
-31 | File | `/insurance/editNominee.php` | High
-32 | File | `/librarian/bookdetails.php` | High
-33 | File | `/lists/admin/` | High
+27 | File | `/hprms/admin/?page=patients/view_patient` | High
+28 | File | `/hprms/admin/doctors/manage_doctor.php` | High
+29 | File | `/hprms/admin/patients/manage_patient.php` | High
+30 | File | `/index/jobfairol/show/` | High
+31 | File | `/librarian/bookdetails.php` | High
+32 | File | `/lists/admin/` | High
+33 | File | `/mgmt/tm/util/bash` | High
 34 | ... | ... | ...

-There are 292 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Hound/README.md
+++ b/Hound/README.md
@ -59,12 +59,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -86,18 +87,18 @@ ID | Type | Indicator | Confidence
 12 | File | `/goform/login_process` | High
 13 | File | `/goform/rlmswitchr_process` | High
 14 | File | `/goforms/rlminfo` | High
-15 | File | `/plugin` | Low
-16 | File | `/rating.php` | Medium
-17 | File | `/scas/admin/` | Medium
-18 | File | `/scas/classes/Users.php?f=save_user` | High
-19 | File | `/services/prefs.php` | High
-20 | File | `/src/njs_object.c` | High
-21 | File | `/uncpath/` | Medium
-22 | File | `/wordpress-gallery-transformation/gallery.php` | High
-23 | File | `adclick.php` | Medium
+15 | File | `/newsDia.php` | Medium
+16 | File | `/plugin` | Low
+17 | File | `/rating.php` | Medium
+18 | File | `/scas/admin/` | Medium
+19 | File | `/scas/classes/Users.php?f=save_user` | High
+20 | File | `/services/prefs.php` | High
+21 | File | `/src/njs_object.c` | High
+22 | File | `/uncpath/` | Medium
+23 | File | `/wordpress-gallery-transformation/gallery.php` | High
 24 | ... | ... | ...

-There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 201 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/MargulasRAT/README.md
+++ b/actors/MargulasRAT/README.md
@ -24,7 +24,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-80 | Cross Site Scripting | High
+1 | T1059 | CWE-94 | Cross Site Scripting | High
+2 | T1059.007 | CWE-80 | Cross Site Scripting | High
+3 | T1505 | CWE-89 | SQL Injection | High

 ## IOA - Indicator of Attack

--- a/Stealer/README.md
+++ b/Stealer/README.md
@ -36,6 +36,10 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
+3 | T1202 | CWE-77 | Command Injection | High
+4 | ... | ... | ... | ...
+
+There are 3 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Matiex/README.md
+++ b/actors/Matiex/README.md
@ -24,7 +24,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+1 | T1059 | CWE-94 | Cross Site Scripting | High
+2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+3 | T1204.001 | CWE-601 | Open Redirect | High
+4 | ... | ... | ... | ...
+
+There are 2 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/MedusaLocker/README.md
+++ b/actors/MedusaLocker/README.md
@ -0,0 +1,99 @@
+# MedusaLocker - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MedusaLocker](https://vuldb.com/?actor.medusalocker). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.medusalocker](https://vuldb.com/?actor.medusalocker)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MedusaLocker:
+
+* [US](https://vuldb.com/?country.us)
+* [DE](https://vuldb.com/?country.de)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of MedusaLocker.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [40.92.90.105](https://vuldb.com/?ip.40.92.90.105) | mail-vi1eur05olkn2105.outbound.protection.outlook.com | - | High
+2 | [45.146.164.141](https://vuldb.com/?ip.45.146.164.141) | - | - | High
+3 | [50.80.219.149](https://vuldb.com/?ip.50.80.219.149) | 50-80-219-149.client.mchsi.com | - | High
+4 | [84.38.189.52](https://vuldb.com/?ip.84.38.189.52) | wmw10.empresagozalez.miami | - | High
+5 | [87.251.75.71](https://vuldb.com/?ip.87.251.75.71) | - | - | High
+6 | ... | ... | ... | ...
+
+There are 19 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _MedusaLocker_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
+
+There are 22 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by MedusaLocker. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `/action/import_https_cert_file/` | High
+2 | File | `/action/remove/` | High
+3 | File | `/admin/featured.php` | High
+4 | File | `/admin/scheprofile.cgi` | High
+5 | File | `/admin/showbad.php` | High
+6 | File | `/admin/ztliuyan_sendmail.php` | High
+7 | File | `/ajax/config_rollback/` | High
+8 | File | `/alarm_pi/alarmService.php` | High
+9 | File | `/cgi-bin/webproc` | High
+10 | File | `/ci_hms/massage_room/edit/1` | High
+11 | File | `/ci_hms/search` | High
+12 | File | `/company` | Medium
+13 | File | `/company/service/increment/add/im` | High
+14 | File | `/dashboard/blocks/stacks/view_details/` | High
+15 | File | `/dashboard/reports/logs/view` | High
+16 | File | `/dashboard/snapshot/*?orgId=0` | High
+17 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
+18 | File | `/dl/dl_sendmail.php` | High
+19 | File | `/dl/dl_sendsms.php` | High
+20 | File | `/home/campus/campus_job` | High
+21 | File | `/home/job/index` | High
+22 | File | `/IISADMPWD` | Medium
+23 | File | `/images/background/1.php` | High
+24 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
+25 | File | `/job` | Low
+26 | File | `/linkedcontent/editfolder.php` | High
+27 | File | `/loginsave.php` | High
+28 | File | `/mobilebroker/ServiceToBroker.svc/Json/Connect` | High
+29 | File | `/modules/mindmap/index.php` | High
+30 | File | `/odfs/posts/view_post.php` | High
+31 | ... | ... | ...
+
+There are 259 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://www.cisa.gov/uscert/ncas/alerts/aa22-181a
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [ES](https://vuldb.com/?country.es)
 * [PT](https://vuldb.com/?country.pt)
-* [SV](https://vuldb.com/?country.sv)
+* [AR](https://vuldb.com/?country.ar)
 * ...

 There are 8 more country items available. Please use our online service to access the data.
@ -47,12 +47,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -61,42 +63,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/?module=fileman&section=get&page=grid` | High
-2 | File | `/admin.php/singer/admin/singer/hy` | High
-3 | File | `/admin.php/vod/admin/topic/del` | High
-4 | File | `/admin/deluser.php` | High
-5 | File | `/admin/edit.php` | High
-6 | File | `/admin/googleads.php` | High
-7 | File | `/admin/new-content` | High
-8 | File | `/admin/operations/tax.php` | High
-9 | File | `/admin/payment.php` | High
-10 | File | `/admin/scheprofile.cgi` | High
-11 | File | `/admin/weixin.php` | High
-12 | File | `/apps/acs-commons/content/page-compare.html` | High
-13 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
-14 | File | `/bcms/admin/courts/manage_court.php` | High
-15 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
-16 | File | `/car-rental-management-system/admin/manage_booking.php` | High
-17 | File | `/cgi-bin/kerbynet` | High
-18 | File | `/classes/Users.php?f=save` | High
-19 | File | `/cms/classes/Master.php?f=delete_client` | High
-20 | File | `/config` | Low
-21 | File | `/defaultui/player/modern.html` | High
-22 | File | `/ffos/admin/categories/manage_category.php` | High
-23 | File | `/ffos/admin/menus/view_menu.php` | High
-24 | File | `/gaia-job-admin/user/add` | High
-25 | File | `/goform/aspForm` | High
-26 | File | `/goform/login_process` | High
-27 | File | `/goform/setNetworkLan` | High
-28 | File | `/goform/SetSysTimeCfg` | High
-29 | File | `/html/Solar_Ftp.php` | High
-30 | File | `/lists/admin/` | High
-31 | File | `/mngset/authset` | High
-32 | File | `/mtms/admin/?page=transaction/send` | High
-33 | File | `/orrs/admin/trains/manage_train.php` | High
-34 | File | `/otps/classes/Master.php?f=delete_team` | High
-35 | ... | ... | ...
+2 | File | `/action/import_sdk_file/` | High
+3 | File | `/admin.php/singer/admin/singer/hy` | High
+4 | File | `/admin.php/vod/admin/topic/del` | High
+5 | File | `/admin/conferences/list/` | High
+6 | File | `/admin/deluser.php` | High
+7 | File | `/admin/edit.php` | High
+8 | File | `/admin/edit_admin_details.php?id=admin` | High
+9 | File | `/admin/googleads.php` | High
+10 | File | `/admin/new-content` | High
+11 | File | `/admin/operations/tax.php` | High
+12 | File | `/admin/payment.php` | High
+13 | File | `/admin/scheprofile.cgi` | High
+14 | File | `/admin/weixin.php` | High
+15 | File | `/apps/acs-commons/content/page-compare.html` | High
+16 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
+17 | File | `/bcms/admin/courts/manage_court.php` | High
+18 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
+19 | File | `/car-rental-management-system/admin/manage_booking.php` | High
+20 | File | `/catcompany.php` | High
+21 | File | `/cgi-bin/kerbynet` | High
+22 | File | `/classes/Users.php?f=save` | High
+23 | File | `/cms/classes/Master.php?f=delete_client` | High
+24 | File | `/config` | Low
+25 | File | `/defaultui/player/modern.html` | High
+26 | File | `/ffos/admin/categories/manage_category.php` | High
+27 | File | `/ffos/admin/menus/view_menu.php` | High
+28 | File | `/gaia-job-admin/user/add` | High
+29 | File | `/goform/aspForm` | High
+30 | File | `/goform/setNetworkLan` | High
+31 | File | `/goform/SetSysTimeCfg` | High
+32 | File | `/html/Solar_Ftp.php` | High
+33 | File | `/lists/admin/` | High
+34 | ... | ... | ...

-There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Mirai/README.md
+++ b/actors/Mirai/README.md
@ -17,8 +17,8 @@ The following _campaigns_ are known and can be associated with Mirai:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mirai:

 * [US](https://vuldb.com/?country.us)
-* [CN](https://vuldb.com/?country.cn)
 * [ES](https://vuldb.com/?country.es)
+* [CN](https://vuldb.com/?country.cn)
 * ...

 There are 5 more country items available. Please use our online service to access the data.
@ -48,12 +48,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -61,42 +62,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/.env` | Low
-2 | File | `/.ssh/authorized_keys` | High
+1 | File | `/.dbus-keyrings` | High
+2 | File | `/.env` | Low
 3 | File | `//proc/kcore` | Medium
-4 | File | `/adm/setmain.php` | High
-5 | File | `/admin.php/Label/page_del` | High
-6 | File | `/admin.php/vod/admin/topic/del` | High
-7 | File | `/admin/?page=system_info/contact_info` | High
-8 | File | `/admin/comn/service/update.json` | High
-9 | File | `/admin/dl_sendmail.php` | High
-10 | File | `/admin/dl_sendsms.php` | High
-11 | File | `/Ap4RtpAtom.cpp` | High
-12 | File | `/api/part_categories` | High
-13 | File | `/api/programs/orgUnits?programs` | High
-14 | File | `/api/students/me/courses/` | High
-15 | File | `/asms/classes/Master.php?f=delete_product` | High
-16 | File | `/asms/classes/Master.php?f=save_product` | High
-17 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
-18 | File | `/bcms/admin/?page=user/list` | High
-19 | File | `/checklogin.jsp` | High
-20 | File | `/classes/master.php?f=delete_facility` | High
-21 | File | `/ctpms/admin/?page=applications/view_application` | High
-22 | File | `/ctpms/admin/applications/update_status.php` | High
-23 | File | `/debug/pprof` | Medium
-24 | File | `/dl/dl_sendmail.php` | High
-25 | File | `/ecrire` | Low
-26 | File | `/fuel/index.php/fuel/logs/items` | High
-27 | File | `/fuel/sitevariables/delete/4` | High
-28 | File | `/goform/aspForm` | High
-29 | File | `/goform/saveParentControlInfo` | High
-30 | File | `/goform/SetClientState` | High
-31 | File | `/htdocs/cgibin` | High
-32 | File | `/hub/api/user` | High
-33 | File | `/includes/init.php` | High
-34 | ... | ... | ...
+4 | File | `/admin.php/Label/page_del` | High
+5 | File | `/admin.php/vod/admin/topic/del` | High
+6 | File | `/admin/?page=system_info/contact_info` | High
+7 | File | `/admin/comn/service/update.json` | High
+8 | File | `/admin/dl_sendmail.php` | High
+9 | File | `/admin/dl_sendsms.php` | High
+10 | File | `/Ap4RtpAtom.cpp` | High
+11 | File | `/api/part_categories` | High
+12 | File | `/api/programs/orgUnits?programs` | High
+13 | File | `/api/user/userData?userCode=admin` | High
+14 | File | `/asms/classes/Master.php?f=save_product` | High
+15 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
+16 | File | `/bsms/?page=manage_account` | High
+17 | File | `/cgi-bin/login.cgi` | High
+18 | File | `/checklogin.jsp` | High
+19 | File | `/ci_hms/massage_room/edit/1` | High
+20 | File | `/classes/Master.php?f=delete_reservation` | High
+21 | File | `/classes/Master.php?f=delete_schedule` | High
+22 | File | `/company` | Medium
+23 | File | `/company/service/increment/add/im` | High
+24 | File | `/dashboard/reports/logs/view` | High
+25 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
+26 | File | `/debug/pprof` | Medium
+27 | File | `/dl/dl_sendmail.php` | High
+28 | File | `/fuel/sitevariables/delete/4` | High
+29 | File | `/goform/aspForm` | High
+30 | File | `/goform/saveParentControlInfo` | High
+31 | File | `/goform/SetClientState` | High
+32 | File | `/hprms/admin/doctors/manage_doctor.php` | High
+33 | ... | ... | ...

-There are 293 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Molerats/README.md
+++ b/actors/Molerats/README.md
@ -46,12 +46,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/MsAttacker/README.md
+++ b/actors/MsAttacker/README.md
@ -30,8 +30,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79 | Cross Site Scripting | High
-2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
+1 | T1055 | CWE-74 | Injection | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
+
+There are 4 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/Panda/README.md
+++ b/Panda/README.md
@ -56,12 +56,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/MyKings/README.md
+++ b/actors/MyKings/README.md
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
-* [RU](https://vuldb.com/?country.ru)
+* [HU](https://vuldb.com/?country.hu)
 * ...

 There are 20 more country items available. Please use our online service to access the data.
@ -86,19 +86,20 @@ ID | Type | Indicator | Confidence
 18 | File | `/rating.php` | Medium
 19 | File | `/rom-0` | Low
 20 | File | `/secure/admin/ConfigureBatching!default.jspa` | High
-21 | File | `/uncpath/` | Medium
-22 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
-23 | File | `/var/log/nginx` | High
-24 | File | `/wordpress/wp-admin/admin.php` | High
-25 | File | `/xyhai.php?s=/Auth/editUser` | High
-26 | File | `/_next` | Low
-27 | File | `actionHandler/ajax_managed_services.php` | High
-28 | File | `actions.hsp` | Medium
-29 | File | `addtocart.asp` | High
-30 | File | `admin/admin.shtml` | High
-31 | ... | ... | ...
+21 | File | `/staff/tools/custom-fields` | High
+22 | File | `/uncpath/` | Medium
+23 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
+24 | File | `/var/log/nginx` | High
+25 | File | `/wordpress/wp-admin/admin.php` | High
+26 | File | `/xyhai.php?s=/Auth/editUser` | High
+27 | File | `/_next` | Low
+28 | File | `actionHandler/ajax_managed_services.php` | High
+29 | File | `actions.hsp` | Medium
+30 | File | `addtocart.asp` | High
+31 | File | `admin/admin.shtml` | High
+32 | ... | ... | ...

-There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 271 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Novter/README.md
+++ b/actors/Novter/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * ...

-There are 5 more country items available. Please use our online service to access the data.
+There are 6 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -45,12 +45,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 4 more TTP items available. Please use our online service to access the data.
+There are 12 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -63,23 +63,24 @@ ID | Type | Indicator | Confidence
 3 | File | `/getcfg.php` | Medium
 4 | File | `/index.php/weblinks-categories` | High
 5 | File | `/iwguestbook/admin/messages_edit.asp` | High
-6 | File | `/public/plugins/` | High
-7 | File | `/scripts/iisadmin/bdir.htr` | High
-8 | File | `/wp-content/plugins/updraftplus/admin.php` | High
-9 | File | `add.php` | Low
-10 | File | `admin.cgi/config.cgi` | High
-11 | File | `admin/admin.guestbook.php` | High
-12 | File | `admin/auth.php` | High
-13 | File | `admin/backupdb.php` | High
-14 | File | `admin/login.asp` | High
-15 | File | `admin/preview.php` | High
-16 | File | `administrator/components/com_media/helpers/media.php` | High
-17 | File | `archive_read_support_format_rar.c` | High
-18 | File | `auth.py` | Low
-19 | File | `authenticate.php` | High
-20 | ... | ... | ...
+6 | File | `/odfs/classes/Master.php?f=delete_team` | High
+7 | File | `/public/plugins/` | High
+8 | File | `/scripts/iisadmin/bdir.htr` | High
+9 | File | `/wp-content/plugins/updraftplus/admin.php` | High
+10 | File | `add.php` | Low
+11 | File | `admin.cgi/config.cgi` | High
+12 | File | `admin/admin.guestbook.php` | High
+13 | File | `admin/auth.php` | High
+14 | File | `admin/backupdb.php` | High
+15 | File | `admin/login.asp` | High
+16 | File | `admin/preview.php` | High
+17 | File | `administrator/components/com_media/helpers/media.php` | High
+18 | File | `archive_read_support_format_rar.c` | High
+19 | File | `auth.py` | Low
+20 | File | `authenticate.php` | High
+21 | ... | ... | ...

-There are 169 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 171 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/OceanLotus/README.md
+++ b/actors/OceanLotus/README.md
@ -59,8 +59,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+1 | T1059 | CWE-94 | Cross Site Scripting | High
+2 | T1059.007 | CWE-79 | Cross Site Scripting | High
+3 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
+4 | ... | ... | ... | ...
+
+There are 3 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/OnionDog/README.md
+++ b/actors/OnionDog/README.md
@ -30,12 +30,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+1 | T1059 | CWE-94 | Cross Site Scripting | High
+2 | T1059.007 | CWE-79 | Cross Site Scripting | High
+3 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...

-There are 2 more TTP items available. Please use our online service to access the data.
+There are 5 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/PYSA/README.md
+++ b/actors/PYSA/README.md
@ -9,6 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PYSA:

 * [US](https://vuldb.com/?country.us)
+* [DE](https://vuldb.com/?country.de)
 * [JP](https://vuldb.com/?country.jp)

 ## IOC - Indicator of Compromise
@ -30,12 +31,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 9 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -47,41 +50,40 @@ ID | Type | Indicator | Confidence
 2 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
 3 | File | `/acms/classes/Master.php?f=delete_img` | High
 4 | File | `/admin/?page=system_info/contact_info` | High
-5 | File | `/Ap4RtpAtom.cpp` | High
-6 | File | `/api/part_categories` | High
-7 | File | `/auditLogAction.do` | High
-8 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
-9 | File | `/cgi-bin` | Medium
-10 | File | `/cgi-bin/webproc` | High
-11 | File | `/churchcrm/WhyCameEditor.php` | High
-12 | File | `/cms/admin/?page=client/view_client` | High
-13 | File | `/cms/admin/?page=invoice/view_invoice` | High
-14 | File | `/College_Management_System/admin/display-teacher.php` | High
-15 | File | `/ctpms/admin/?page=individuals/view_individual` | High
-16 | File | `/ctpms/admin/applications/update_status.php` | High
-17 | File | `/ctpms/admin/individuals/update_status.php` | High
-18 | File | `/ctpms/classes/Master.php?f=delete_img` | High
-19 | File | `/dms/admin/reports/daily_collection_report.php` | High
-20 | File | `/etc/cron.daily/upstart` | High
-21 | File | `/fuel/sitevariables/delete/4` | High
-22 | File | `/goform/aspForm` | High
-23 | File | `/IISADMPWD` | Medium
-24 | File | `/index.php?page=reserve` | High
-25 | File | `/Items/*/RemoteImages/Download` | High
-26 | File | `/job` | Low
-27 | File | `/linkedcontent/editfolder.php` | High
-28 | File | `/mdiy/dict/listExcludeApp` | High
-29 | File | `/mgmt/tm/util/bash` | High
-30 | File | `/ofrs/admin/?page=reports` | High
-31 | File | `/PC/WebService.asmx` | High
-32 | File | `/pms/admin/inmates/manage_inmate.php` | High
-33 | File | `/scas/classes/Users.php?f=save_user` | High
-34 | File | `/scbs/classes/Users.php?f=delete_client` | High
-35 | File | `/school/model/get_events.php` | High
-36 | File | `/scms/student.php` | High
-37 | ... | ... | ...
+5 | File | `/admin/featured.php` | High
+6 | File | `/ajax/config_rollback/` | High
+7 | File | `/Ap4RtpAtom.cpp` | High
+8 | File | `/api/part_categories` | High
+9 | File | `/auditLogAction.do` | High
+10 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
+11 | File | `/cgi-bin` | Medium
+12 | File | `/cgi-bin/webproc` | High
+13 | File | `/churchcrm/WhyCameEditor.php` | High
+14 | File | `/cms/admin/?page=client/view_client` | High
+15 | File | `/cms/admin/?page=invoice/view_invoice` | High
+16 | File | `/College_Management_System/admin/display-teacher.php` | High
+17 | File | `/ctpms/admin/?page=individuals/view_individual` | High
+18 | File | `/ctpms/admin/applications/update_status.php` | High
+19 | File | `/ctpms/admin/individuals/update_status.php` | High
+20 | File | `/ctpms/classes/Master.php?f=delete_img` | High
+21 | File | `/dms/admin/reports/daily_collection_report.php` | High
+22 | File | `/etc/cron.daily/upstart` | High
+23 | File | `/fuel/sitevariables/delete/4` | High
+24 | File | `/goform/aspForm` | High
+25 | File | `/IISADMPWD` | Medium
+26 | File | `/index.php?page=reserve` | High
+27 | File | `/Items/*/RemoteImages/Download` | High
+28 | File | `/job` | Low
+29 | File | `/linkedcontent/editfolder.php` | High
+30 | File | `/mdiy/dict/listExcludeApp` | High
+31 | File | `/mgmt/tm/util/bash` | High
+32 | File | `/ofrs/admin/?page=reports` | High
+33 | File | `/PC/WebService.asmx` | High
+34 | File | `/pms/admin/actions/view_action.php` | High
+35 | File | `/pms/admin/cells/manage_cell.php` | High
+36 | ... | ... | ...

-There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/PlugX/README.md
+++ b/actors/PlugX/README.md
@ -101,7 +101,7 @@ ID | Type | Indicator | Confidence
 44 | File | `admin/admin/fileUploadAction_fileUpload.action` | High
 45 | ... | ... | ...

-There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Polonium/README.md
+++ b/actors/Polonium/README.md
@ -37,8 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79 | Cross Site Scripting | High
-2 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+1 | T1059 | CWE-94 | Cross Site Scripting | High
+2 | T1059.007 | CWE-79 | Cross Site Scripting | High
+3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+4 | ... | ... | ... | ...
+
+There are 2 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/PortDoor/README.md
+++ b/actors/PortDoor/README.md
@ -26,7 +26,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1600 | CWE-310 | Cryptographic Issues | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1204.001 | CWE-601 | Open Redirect | High
+4 | ... | ... | ... | ...
+
+There are 4 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/PowerDuke/README.md
+++ b/actors/PowerDuke/README.md
@ -34,8 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79 | Cross Site Scripting | High
-2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
+1 | T1055 | CWE-74 | Injection | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
+
+There are 4 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/PowerTrick/README.md
+++ b/actors/PowerTrick/README.md
@ -44,28 +44,28 @@ ID | Type | Indicator | Confidence
 2 | File | `/apps/acs-commons/content/page-compare.html` | High
 3 | File | `/cgi/get_param.cgi` | High
 4 | File | `/edit-db.php` | Medium
-5 | File | `/ext/phar/phar_object.c` | High
-6 | File | `/files/password` | High
-7 | File | `/guest_auth/cfg/upLoadCfg.php` | High
-8 | File | `/hocms/classes/Master.php?f=delete_member` | High
-9 | File | `/lists/admin/` | High
-10 | File | `/phppath/php` | Medium
-11 | File | `/services/getFile.cmd` | High
-12 | File | `/sns/classes/Master.php?f=delete_img` | High
-13 | File | `/usr/bin/pkexec` | High
-14 | File | `/v2/quantum/save-data-upload-big-file` | High
-15 | File | `/var/log/messages` | High
-16 | File | `/web/jquery/uploader/multi_uploadify.php` | High
-17 | File | `/webconsole/Controller` | High
-18 | File | `/wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC` | High
-19 | File | `abook_database.php` | High
-20 | File | `acl/save_user.cgi` | High
-21 | File | `adaptive-images-script.php` | High
-22 | File | `admin/auth.php` | High
-23 | File | `admin/cgi-bin/listdir.pl` | High
-24 | File | `adminuseredit.php?usertoedit=XSS` | High
-25 | File | `AvastSvc.exe` | Medium
-26 | File | `backupsettings.conf` | High
+5 | File | `/files/password` | High
+6 | File | `/guest_auth/cfg/upLoadCfg.php` | High
+7 | File | `/hocms/classes/Master.php?f=delete_member` | High
+8 | File | `/lists/admin/` | High
+9 | File | `/phppath/php` | Medium
+10 | File | `/services/getFile.cmd` | High
+11 | File | `/sns/classes/Master.php?f=delete_img` | High
+12 | File | `/usr/bin/pkexec` | High
+13 | File | `/v2/quantum/save-data-upload-big-file` | High
+14 | File | `/var/log/messages` | High
+15 | File | `/web/jquery/uploader/multi_uploadify.php` | High
+16 | File | `/webconsole/Controller` | High
+17 | File | `/wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC` | High
+18 | File | `abook_database.php` | High
+19 | File | `acl/save_user.cgi` | High
+20 | File | `adaptive-images-script.php` | High
+21 | File | `admin/auth.php` | High
+22 | File | `admin/cgi-bin/listdir.pl` | High
+23 | File | `adminuseredit.php?usertoedit=XSS` | High
+24 | File | `AvastSvc.exe` | Medium
+25 | File | `backupsettings.conf` | High
+26 | File | `base/ErrorHandler.php` | High
 27 | ... | ... | ...

 There are 225 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
--- a/Spider/README.md
+++ b/Spider/README.md
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [US](https://vuldb.com/?country.us)
 * [SC](https://vuldb.com/?country.sc)
-* [ES](https://vuldb.com/?country.es)
+* [DE](https://vuldb.com/?country.de)
 * ...

 There are 1 more country items available. Please use our online service to access the data.
@ -46,12 +46,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1008 | CWE-757 | Algorithm Downgrade | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -59,39 +61,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `//proc/kcore` | Medium
-2 | File | `/admin/scheprofile.cgi` | High
-3 | File | `/admin/showbad.php` | High
-4 | File | `/admin/ztliuyan_sendmail.php` | High
-5 | File | `/alarm_pi/alarmService.php` | High
-6 | File | `/Ap4RtpAtom.cpp` | High
-7 | File | `/api/part_categories` | High
-8 | File | `/cgi-bin/kerbynet` | High
-9 | File | `/cgi-bin/webproc` | High
-10 | File | `/cgi/get_param.cgi` | High
-11 | File | `/churchcrm/WhyCameEditor.php` | High
-12 | File | `/company` | Medium
-13 | File | `/company/account/safety/trade` | High
-14 | File | `/company/service/increment/add/im` | High
-15 | File | `/dashboard/blocks/stacks/view_details/` | High
-16 | File | `/dashboard/reports/logs/view` | High
-17 | File | `/dashboard/snapshot/*?orgId=0` | High
-18 | File | `/defaultui/player/modern.html` | High
-19 | File | `/dl/dl_sendmail.php` | High
-20 | File | `/dl/dl_sendsms.php` | High
-21 | File | `/fuel/sitevariables/delete/4` | High
-22 | File | `/goform/aspForm` | High
-23 | File | `/home/campus/campus_job` | High
-24 | File | `/home/job/index` | High
-25 | File | `/IISADMPWD` | Medium
-26 | File | `/images/background/1.php` | High
-27 | File | `/index.php?action=seomatic/file/seo-file-link` | High
+1 | File | `/action/import_https_cert_file/` | High
+2 | File | `/action/remove/` | High
+3 | File | `/admin/edit_admin_details.php?id=admin` | High
+4 | File | `/admin/featured.php` | High
+5 | File | `/admin/scheprofile.cgi` | High
+6 | File | `/admin/showbad.php` | High
+7 | File | `/admin/ztliuyan_sendmail.php` | High
+8 | File | `/ajax/config_rollback/` | High
+9 | File | `/ajax/set_sys_time/` | High
+10 | File | `/alarm_pi/alarmService.php` | High
+11 | File | `/application/controllers/Users.php` | High
+12 | File | `/cgi-bin/webproc` | High
+13 | File | `/ci_hms/massage_room/edit/1` | High
+14 | File | `/ci_hms/search` | High
+15 | File | `/classes/Master.php?f=delete_schedule` | High
+16 | File | `/company` | Medium
+17 | File | `/company/account/safety/trade` | High
+18 | File | `/company/service/increment/add/im` | High
+19 | File | `/dashboard/blocks/stacks/view_details/` | High
+20 | File | `/dashboard/reports/logs/view` | High
+21 | File | `/dashboard/snapshot/*?orgId=0` | High
+22 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
+23 | File | `/dl/dl_sendmail.php` | High
+24 | File | `/dl/dl_sendsms.php` | High
+25 | File | `/home/campus/campus_job` | High
+26 | File | `/home/job/index` | High
+27 | File | `/images/background/1.php` | High
 28 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
-29 | File | `/itop/webservices/export-v2.php` | High
-30 | File | `/job` | Low
-31 | ... | ... | ...
+29 | ... | ... | ...

-There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 241 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/REvil/README.md
+++ b/actors/REvil/README.md
@ -47,12 +47,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+5 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 17 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -81,7 +82,7 @@ ID | Type | Indicator | Confidence
 19 | File | `admin.asp` | Medium
 20 | ... | ... | ...

-There are 160 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 161 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Stealer/README.md
+++ b/Stealer/README.md
@ -0,0 +1,93 @@
+# Raccoon Stealer - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Raccoon Stealer](https://vuldb.com/?actor.raccoon_stealer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.raccoon_stealer](https://vuldb.com/?actor.raccoon_stealer)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Raccoon Stealer:
+
+* [US](https://vuldb.com/?country.us)
+* [ES](https://vuldb.com/?country.es)
+* [CN](https://vuldb.com/?country.cn)
+* ...
+
+There are 1 more country items available. Please use our online service to access the data.
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Raccoon Stealer.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [5.252.22.62](https://vuldb.com/?ip.5.252.22.62) | vm523526.stark-industries.solutions | - | High
+2 | [45.142.212.100](https://vuldb.com/?ip.45.142.212.100) | pikpik.top | - | High
+3 | [51.81.143.169](https://vuldb.com/?ip.51.81.143.169) | ip169.ip-51-81-143.us | - | High
+4 | ... | ... | ... | ...
+
+There are 12 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Raccoon Stealer_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
+
+There are 18 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Raccoon Stealer. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `/account/register` | High
+2 | File | `/admin.php/pic/admin/pic/del` | High
+3 | File | `/admin/deluser.php` | High
+4 | File | `/admin/sign/out` | High
+5 | File | `/admin/web_config.php&amp` | High
+6 | File | `/apps/` | Low
+7 | File | `/bsms/?page=manage_account` | High
+8 | File | `/cmscp/ext/collect/fetch_url.do` | High
+9 | File | `/controllers/MgrDiagnosticTools.php` | High
+10 | File | `/convert/html` | High
+11 | File | `/course/api/upload/pic` | High
+12 | File | `/etc/init.d/S50dropbear.sh` | High
+13 | File | `/goform/rlmswitchr_process` | High
+14 | File | `/hocms/classes/Master.php?f=delete_phase` | High
+15 | File | `/hub/api/user` | High
+16 | File | `/modules/mindmap/index.php` | High
+17 | File | `/modules/tasks/summary.inc.php` | High
+18 | File | `/password.html` | High
+19 | File | `/pms/admin/inmates/manage_record.php` | High
+20 | File | `/pms/admin/prisons/manage_prison.php` | High
+21 | File | `/root/.keeper/` | High
+22 | File | `/rss.xml` | Medium
+23 | ... | ... | ...
+
+There are 194 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://www.zerofox.com/blog/brief-raccoon-stealer-version-2-0/
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Raccoon/README.md
+++ b/actors/Raccoon/README.md
@ -81,7 +81,7 @@ ID | Type | Indicator | Confidence
 27 | File | `bits.c` | Low
 28 | ... | ... | ...

-There are 237 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 240 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/RagnarLocker/README.md
+++ b/actors/RagnarLocker/README.md
@ -37,12 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1211 | CWE-254 | 7PK Security Features | High
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 4 more TTP items available. Please use our online service to access the data.
+There are 13 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Ramnit/README.md
+++ b/actors/Ramnit/README.md
@ -112,29 +112,29 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/admin/admin.php` | High
 2 | File | `/admin/imageslider/file.php` | High
-3 | File | `/cgi-bin/luci` | High
-4 | File | `/cgi-bin/viewcert` | High
-5 | File | `/config/getuser` | High
-6 | File | `/core/vb/vurl.php` | High
-7 | File | `/etc/gsissh/sshd_config` | High
-8 | File | `/etc/ldap.conf` | High
-9 | File | `/getcfg.php` | Medium
-10 | File | `/goform/telnet` | High
-11 | File | `/goform/WanParameterSetting` | High
-12 | File | `/importTool/preview` | High
-13 | File | `/include/makecvs.php` | High
-14 | File | `/mgmt/tm/util/bash` | High
-15 | File | `/mods/_core/courses/users/create_course.php` | High
-16 | File | `/monitoring` | Medium
-17 | File | `/phppath/php` | Medium
-18 | File | `/plugins/Dashboard/Controller.php` | High
-19 | File | `/server-status` | High
-20 | File | `/uncpath/` | Medium
-21 | File | `adclick.php` | Medium
-22 | File | `addentry.php` | Medium
+3 | File | `/admin/sign/out` | High
+4 | File | `/cgi-bin/luci` | High
+5 | File | `/cgi-bin/viewcert` | High
+6 | File | `/config/getuser` | High
+7 | File | `/core/vb/vurl.php` | High
+8 | File | `/etc/gsissh/sshd_config` | High
+9 | File | `/etc/ldap.conf` | High
+10 | File | `/getcfg.php` | Medium
+11 | File | `/goform/telnet` | High
+12 | File | `/goform/WanParameterSetting` | High
+13 | File | `/importTool/preview` | High
+14 | File | `/include/makecvs.php` | High
+15 | File | `/mgmt/tm/util/bash` | High
+16 | File | `/mods/_core/courses/users/create_course.php` | High
+17 | File | `/monitoring` | Medium
+18 | File | `/phppath/php` | Medium
+19 | File | `/plugins/Dashboard/Controller.php` | High
+20 | File | `/server-status` | High
+21 | File | `/uncpath/` | Medium
+22 | File | `adclick.php` | Medium
 23 | ... | ... | ...

-There are 189 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 190 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Remcos/README.md
+++ b/actors/Remcos/README.md
@ -116,12 +116,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -132,29 +134,28 @@ ID | Type | Indicator | Confidence
 1 | File | `.procmailrc` | Medium
 2 | File | `/anony/mjpg.cgi` | High
 3 | File | `/bin/mail` | Medium
-4 | File | `/common/info.cgi` | High
-5 | File | `/data/vendor/tcl` | High
-6 | File | `/dev/random` | Medium
+4 | File | `/blog/blog.php` | High
+5 | File | `/common/info.cgi` | High
+6 | File | `/data/vendor/tcl` | High
 7 | File | `/etc/hosts` | Medium
 8 | File | `/etc/passwd` | Medium
 9 | File | `/etc/password` | High
 10 | File | `/files.md5` | Medium
 11 | File | `/forum/away.php` | High
-12 | File | `/include/chart_generator.php` | High
-13 | File | `/mgmt/tm/util/bash` | High
-14 | File | `/op/op.LockDocument.php` | High
-15 | File | `/plesk-site-preview/` | High
-16 | File | `/proc/self/setgroups` | High
-17 | File | `/proc/stat` | Medium
-18 | File | `/ram/pckg/security/nova/bin/ipsec` | High
-19 | File | `/rest/api/2/search` | High
-20 | File | `/rest/api/latest/projectvalidate/key` | High
-21 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
-22 | File | `/SAP_Information_System/controllers/add_admin.php` | High
-23 | File | `/tmp` | Low
-24 | ... | ... | ...
+12 | File | `/hy-cgi/devices.cgi` | High
+13 | File | `/include/chart_generator.php` | High
+14 | File | `/mgmt/tm/util/bash` | High
+15 | File | `/op/op.LockDocument.php` | High
+16 | File | `/plesk-site-preview/` | High
+17 | File | `/proc/self/setgroups` | High
+18 | File | `/proc/stat` | Medium
+19 | File | `/ram/pckg/security/nova/bin/ipsec` | High
+20 | File | `/rest/api/2/search` | High
+21 | File | `/rest/api/latest/projectvalidate/key` | High
+22 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
+23 | ... | ... | ...

-There are 199 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 191 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Ripprbot/README.md
+++ b/actors/Ripprbot/README.md
@ -32,12 +32,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1211 | CWE-254 | 7PK Security Features | High
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 2 more TTP items available. Please use our online service to access the data.
+There are 11 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Sage/README.md
+++ b/actors/Sage/README.md
@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.sage](https://vuldb.com/?actor.sage)

+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Sage:
+
+* [US](https://vuldb.com/?country.us)
+
 ## IOC - Indicator of Compromise

 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Sage.
@ -11,13 +17,18 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [5.45.6.138](https://vuldb.com/?ip.5.45.6.138) | 138-006-045-005.ip-addr.inexio.net | - | High
-2 | [5.45.24.236](https://vuldb.com/?ip.5.45.24.236) | - | - | High
-3 | [5.45.129.52](https://vuldb.com/?ip.5.45.129.52) | - | - | High
-4 | [5.45.140.6](https://vuldb.com/?ip.5.45.140.6) | - | - | High
-5 | [5.45.159.19](https://vuldb.com/?ip.5.45.159.19) | - | - | High
-6 | ... | ... | ... | ...
+2 | [5.45.17.36](https://vuldb.com/?ip.5.45.17.36) | - | - | High
+3 | [5.45.24.236](https://vuldb.com/?ip.5.45.24.236) | - | - | High
+4 | [5.45.100.133](https://vuldb.com/?ip.5.45.100.133) | domain-butler.com | - | High
+5 | [5.45.107.161](https://vuldb.com/?ip.5.45.107.161) | nobody.yourvserver.net | - | High
+6 | [5.45.107.167](https://vuldb.com/?ip.5.45.107.167) | v22014011960816232.yourvserver.net | - | High
+7 | [5.45.129.52](https://vuldb.com/?ip.5.45.129.52) | - | - | High
+8 | [5.45.140.6](https://vuldb.com/?ip.5.45.140.6) | - | - | High
+9 | [5.45.159.19](https://vuldb.com/?ip.5.45.159.19) | - | - | High
+10 | [5.45.208.36](https://vuldb.com/?ip.5.45.208.36) | proxy-minsk03.cdn.yandex.net | - | High
+11 | ... | ... | ... | ...

-There are 20 more IOC items available. Please use our online service to access the data.
+There are 40 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -25,12 +36,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1211 | CWE-254 | 7PK Security Features | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 9 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -38,43 +49,28 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin.php/admin/art/data.html` | High
-2 | File | `/admin/login.php` | High
-3 | File | `/admin/maintenance_actions.php` | High
-4 | File | `/debug` | Low
-5 | File | `/home.asp` | Medium
-6 | File | `/include/up.php` | High
-7 | File | `/install/index.php` | High
-8 | File | `/SAP_Information_System/controllers/add_admin.php` | High
-9 | File | `/TMS/admin/user/Update2` | High
-10 | File | `/u8sl/WebHelp` | High
-11 | File | `/wp-content/uploads/jobmonster/` | High
-12 | File | `admin/config` | Medium
-13 | File | `admin/htaccess/bpsunlock.php` | High
-14 | File | `admin/maintenance/manage_branch.php` | High
-15 | File | `adminpasswd.cgi` | High
-16 | File | `adm_config_report.php` | High
-17 | File | `ad_manage.php` | High
-18 | File | `application/config/config.php` | High
-19 | File | `attendancy.php` | High
-20 | File | `basicDDNS.html` | High
-21 | File | `bitfield.c` | Medium
-22 | File | `BKFSim_vhfd.exe` | High
-23 | File | `blocklayered-ajax.php` | High
-24 | File | `bug_report.php` | High
-25 | File | `categories-x.php` | High
-26 | File | `categorymenu.php` | High
-27 | File | `client.inc.php` | High
-28 | File | `common.c` | Medium
-29 | ... | ... | ...
+1 | File | `/admin/inquiries/view_details.php` | High
+2 | File | `/tmp/zarafa-vacation-*` | High
+3 | File | `apl_42.c` | Medium
+4 | File | `arch/arm/p2m.c` | High
+5 | File | `arch/powerpc/kernel/process.c` | High
+6 | File | `arch/x86/mm/guest_walk.c` | High
+7 | File | `auth.c` | Low
+8 | File | `block/qcow.c` | Medium
+9 | File | `cgi-bin/webproc` | High
+10 | File | `cgi_main.c` | Medium
+11 | File | `class.phpmailer.php` | High
+12 | File | `content/content.systempreferences.php` | High
+13 | ... | ... | ...

-There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 100 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

 * https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
+* https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html

 ## Literature

--- a/actors/Sality/README.md
+++ b/actors/Sality/README.md
@ -35,12 +35,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
-3 | T1211 | CWE-254 | 7PK Security Features | High
+1 | T1059 | CWE-94 | Cross Site Scripting | High
+2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+3 | T1068 | CWE-264, CWE-269 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...

-There are 1 more TTP items available. Please use our online service to access the data.
+There are 5 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/Sandworm
+++ b/actors/Sandworm
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...

-There are 21 more country items available. Please use our online service to access the data.
+There are 22 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -35,7 +35,8 @@ ID | IP address | Hostname | Campaign | Confidence
 5 | [5.149.254.114](https://vuldb.com/?ip.5.149.254.114) | mail1.auditoriavanzada.info | BlackEnergy | High
 6 | [5.255.87.39](https://vuldb.com/?ip.5.255.87.39) | - | BlackEnergy | High
 7 | [31.210.111.154](https://vuldb.com/?ip.31.210.111.154) | . | BlackEnergy | High
-8 | ... | ... | ... | ...
+8 | [37.220.34.56](https://vuldb.com/?ip.37.220.34.56) | - | BlackEnergy | High
+9 | ... | ... | ... | ...

 There are 30 more IOC items available. Please use our online service to access the data.

@ -59,47 +60,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `//proc/kcore` | Medium
-2 | File | `/?module=users&section=cpanel&page=list` | High
-3 | File | `/admin.php?mod=user&amp` | High
-4 | File | `/admin/dl_sendmail.php` | High
-5 | File | `/Ap4RtpAtom.cpp` | High
-6 | File | `/bcms/admin/?page=user/list` | High
-7 | File | `/bsms/?page=manage_account` | High
+2 | File | `/admin.php?mod=user&amp` | High
+3 | File | `/admin/dl_sendmail.php` | High
+4 | File | `/Ap4RtpAtom.cpp` | High
+5 | File | `/bcms/admin/?page=user/list` | High
+6 | File | `/bsms/?page=manage_account` | High
+7 | File | `/cgi-bin/login.cgi` | High
 8 | File | `/context/%2e/WEB-INF/web.xml` | High
 9 | File | `/dashboard/reports/logs/view` | High
 10 | File | `/debug/pprof` | Medium
 11 | File | `/dl/dl_print.php` | High
 12 | File | `/fuel/index.php/fuel/logs/items` | High
 13 | File | `/fuel/sitevariables/delete/4` | High
-14 | File | `/mgmt/tm/util/bash` | High
-15 | File | `/moddable/xs/sources/xsDebug.c` | High
-16 | File | `/monitoring` | Medium
-17 | File | `/new` | Low
-18 | File | `/odfs/classes/Master.php?f=save_category` | High
-19 | File | `/proc/<pid>/status` | High
-20 | File | `/public/plugins/` | High
-21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-22 | File | `/secure/QueryComponent!Default.jspa` | High
-23 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
-24 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-25 | File | `/StdC/Ap4StdCFileByteStream.cpp` | High
-26 | File | `/tmp` | Low
-27 | File | `/uncpath/` | Medium
-28 | File | `/usr/bin/pkexec` | High
-29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
-30 | File | `/wp-json/wc/v3/webhooks` | High
-31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-32 | File | `AccountManagerService.java` | High
-33 | File | `actions/CompanyDetailsSave.php` | High
-34 | File | `ActiveServices.java` | High
+14 | File | `/hprms/admin/doctors/manage_doctor.php` | High
+15 | File | `/index/jobfairol/show/` | High
+16 | File | `/librarian/bookdetails.php` | High
+17 | File | `/mgmt/tm/util/bash` | High
+18 | File | `/moddable/xs/sources/xsDebug.c` | High
+19 | File | `/monitoring` | Medium
+20 | File | `/new` | Low
+21 | File | `/odfs/classes/Master.php?f=save_category` | High
+22 | File | `/proc/<pid>/status` | High
+23 | File | `/public/plugins/` | High
+24 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+25 | File | `/secure/QueryComponent!Default.jspa` | High
+26 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
+27 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+28 | File | `/StdC/Ap4StdCFileByteStream.cpp` | High
+29 | File | `/tmp` | Low
+30 | File | `/uncpath/` | Medium
+31 | File | `/usr/bin/pkexec` | High
+32 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
+33 | File | `/wp-json/wc/v3/webhooks` | High
+34 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
 35 | ... | ... | ...

-There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 299 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

+* https://ddanchev.blogspot.com/2022/06/exclusive-exposing-grus-unit-74455.html
 * https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf
 * https://otx.alienvault.com/pulse/62552abdd7e44d9aba08636d
 * https://www.threatminer.org/report.php?q=BlackEnergy2_Plugins_Router.pdf&y=2014
--- a/actors/SessionManager/README.md
+++ b/actors/SessionManager/README.md
@ -0,0 +1,64 @@
+# SessionManager - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [SessionManager](https://vuldb.com/?actor.sessionmanager). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.sessionmanager](https://vuldb.com/?actor.sessionmanager)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with SessionManager:
+
+* [CN](https://vuldb.com/?country.cn)
+* [US](https://vuldb.com/?country.us)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of SessionManager.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [202.182.123.185](https://vuldb.com/?ip.202.182.123.185) | 202.182.123.185.vultrusercontent.com | - | High
+2 | [207.148.109.111](https://vuldb.com/?ip.207.148.109.111) | 207.148.109.111.vultrusercontent.com | - | High
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _SessionManager_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1505 | CWE-89 | SQL Injection | High
+4 | ... | ... | ... | ...
+
+There are 1 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by SessionManager. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `admin.php` | Medium
+2 | File | `index.php` | Medium
+3 | File | `index.php?m=home&c=message&a=add` | High
+4 | ... | ... | ...
+
+There are 7 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://securelist.com/the-sessionmanager-iis-backdoor/106868/
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/ShadowPad/README.md
+++ b/actors/ShadowPad/README.md
@ -31,7 +31,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
+1 | T1059 | CWE-94 | Cross Site Scripting | High
+2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High

 ## IOA - Indicator of Attack

--- a/actors/Shuckworm/README.md
+++ b/actors/Shuckworm/README.md
@ -43,12 +43,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1495 | CWE-494 | Download of Code Without Integrity Check | High
+1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 1 more TTP items available. Please use our online service to access the data.
+There are 10 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

--- a/actors/SilverFish/README.md
+++ b/actors/SilverFish/README.md
@ -65,13 +65,13 @@ ID | Type | Indicator | Confidence
 4 | File | `/admin/admin_login.php` | High
 5 | File | `/advanced/adv_dns.xgi` | High
 6 | File | `/CFIDE/probe.cfm` | High
-7 | File | `/computer/(agent-name)/api` | High
+7 | File | `/cgi-bin/kerbynet` | High
 8 | File | `/dev/snd/seq` | Medium
 9 | File | `/error` | Low
 10 | File | `/etc/config/rpcd` | High
 11 | File | `/goform/saveParentControlInfo` | High
-12 | File | `/htdocs/admin/dict.php?id=3` | High
-13 | File | `/includes/rrdtool.inc.php` | High
+12 | File | `/goform/SetFirewallCfg` | High
+13 | File | `/htdocs/admin/dict.php?id=3` | High
 14 | File | `/module/module_frame/index.php` | High
 15 | File | `/nidp/app/login` | High
 16 | File | `/proc` | Low
@ -95,13 +95,13 @@ ID | Type | Indicator | Confidence
 34 | File | `administrative` | High
 35 | File | `Alias.asmx` | Medium
 36 | File | `aolfix.exe` | Medium
-37 | File | `Array.prototype.concat` | High
-38 | File | `AudioService.java` | High
-39 | File | `awhost32.exe` | Medium
-40 | File | `bidhistory.php` | High
+37 | File | `app/models/user.rb` | High
+38 | File | `apply.cgi` | Medium
+39 | File | `Array.prototype.concat` | High
+40 | File | `AudioService.java` | High
 41 | ... | ... | ...

-There are 350 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 351 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Show More
+++ b/Show More