Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update

This commit is contained in:
Marc Ruef 2022-12-07 08:51:31 +01:00
parent b5309983a6
commit 7c2038ac00
221 changed files with 22823 additions and 19281 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
actors/0ktapus/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [TK](https://vuldb.com/?country.tk)
* ...
There are 11 more country items available. Please use our online service to access the data.
There are 12 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -73,19 +73,20 @@ ID | Type | Indicator | Confidence
16 | File | `/out.php` | Medium
17 | File | `/p` | Low
18 | File | `/pages/processlogin.php` | High
19 | File | `/uncpath/` | Medium
20 | File | `/usr/bin/uucp` | High
21 | File | `/usr/local/contego/scripts/mgrconfig.pl` | High
22 | File | `/web/google_analytics.php` | High
23 | File | `/webadmin.nsf/dlgFilesFolderNew` | High
24 | File | `/whbs/admin/?page=user` | High
25 | File | `/_readmail` | Medium
26 | File | `admin.php` | Medium
27 | File | `admin.php3` | Medium
28 | File | `admin/index.php?c=database` | High
29 | ... | ... | ...
19 | File | `/product/savenewproduct.php?flag=1` | High
20 | File | `/uncpath/` | Medium
21 | File | `/usr/bin/uucp` | High
22 | File | `/usr/local/contego/scripts/mgrconfig.pl` | High
23 | File | `/web/google_analytics.php` | High
24 | File | `/webadmin.nsf/dlgFilesFolderNew` | High
25 | File | `/whbs/admin/?page=user` | High
26 | File | `/_readmail` | Medium
27 | File | `admin.php` | Medium
28 | File | `admin.php3` | Medium
29 | File | `admin/index.php?c=database` | High
30 | ... | ... | ...
There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 256 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

53
actors/APT10/README.md
View File

@ -90,34 +90,33 @@ ID | Type | Indicator | Confidence
5 | File | `/files.md5` | Medium
6 | File | `/forum/away.php` | High
7 | File | `/horde/util/go.php` | High
8 | File | `/images/` | Medium
9 | File | `/inc/parser/xhtml.php` | High
10 | File | `/index.php` | Medium
11 | File | `/login` | Low
12 | File | `/members/view_member.php` | High
13 | File | `/mkshop/Men/profile.php` | High
14 | File | `/modules/profile/index.php` | High
15 | File | `/Noxen-master/users.php` | High
16 | File | `/one_church/userregister.php` | High
17 | File | `/out.php` | Medium
18 | File | `/owa/auth/logon.aspx` | High
19 | File | `/public/plugins/` | High
20 | File | `/SAP_Information_System/controllers/add_admin.php` | High
21 | File | `/SASWebReportStudio/logonAndRender.do` | High
22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
23 | File | `/secure/admin/ViewInstrumentation.jspa` | High
24 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
25 | File | `/tmp/phpglibccheck` | High
26 | File | `/uncpath/` | Medium
27 | File | `/v2/quantum/save-data-upload-big-file` | High
28 | File | `4.edu.php` | Medium
29 | File | `adclick.php` | Medium
30 | File | `addentry.php` | Medium
31 | File | `addressbookprovider.php` | High
32 | File | `admin.jcomments.php` | High
33 | ... | ... | ...
8 | File | `/hrm/employeeview.php` | High
9 | File | `/images/` | Medium
10 | File | `/inc/parser/xhtml.php` | High
11 | File | `/index.php` | Medium
12 | File | `/login` | Low
13 | File | `/members/view_member.php` | High
14 | File | `/mkshop/Men/profile.php` | High
15 | File | `/modules/profile/index.php` | High
16 | File | `/Noxen-master/users.php` | High
17 | File | `/one_church/userregister.php` | High
18 | File | `/out.php` | Medium
19 | File | `/owa/auth/logon.aspx` | High
20 | File | `/public/plugins/` | High
21 | File | `/SAP_Information_System/controllers/add_admin.php` | High
22 | File | `/SASWebReportStudio/logonAndRender.do` | High
23 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
24 | File | `/secure/admin/ViewInstrumentation.jspa` | High
25 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
26 | File | `/tmp/phpglibccheck` | High
27 | File | `/uncpath/` | Medium
28 | File | `/v2/quantum/save-data-upload-big-file` | High
29 | File | `4.edu.php` | Medium
30 | File | `adclick.php` | Medium
31 | File | `addentry.php` | Medium
32 | ... | ... | ...
There are 280 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

38
actors/APT27/README.md
View File

@ -78,30 +78,30 @@ ID | Type | Indicator | Confidence
15 | File | `/rom-0` | Low
16 | File | `/session/list/allActiveSession` | High
17 | File | `/syslog_rules` | High
18 | File | `/tmp/phpglibccheck` | High
19 | File | `/uncpath/` | Medium
20 | File | `/upload` | Low
21 | File | `/users/{id}` | Medium
22 | File | `/var/tmp/sess_*` | High
23 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
24 | File | `/video` | Low
25 | File | `actionphp/download.File.php` | High
26 | File | `ActivityManagerService.java` | High
27 | File | `adaptmap_reg.c` | High
28 | File | `add_comment.php` | High
29 | File | `admin.cgi` | Medium
30 | File | `admin.php` | Medium
31 | File | `admin.php?action=files` | High
32 | File | `admin/admin.php` | High
33 | File | `admin/content.php` | High
34 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
35 | File | `admin/modules/master_file/rda_cmc.php?keywords` | High
18 | File | `/uncpath/` | Medium
19 | File | `/upload` | Low
20 | File | `/users/{id}` | Medium
21 | File | `/var/tmp/sess_*` | High
22 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
23 | File | `/video` | Low
24 | File | `actionphp/download.File.php` | High
25 | File | `ActivityManagerService.java` | High
26 | File | `adaptmap_reg.c` | High
27 | File | `add_comment.php` | High
28 | File | `admin.cgi` | Medium
29 | File | `admin.php` | Medium
30 | File | `admin.php?action=files` | High
31 | File | `admin/admin.php` | High
32 | File | `admin/content.php` | High
33 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
34 | File | `admin/modules/master_file/rda_cmc.php?keywords` | High
35 | File | `admin_gallery.php3` | High
36 | File | `affich.php` | Medium
37 | File | `agent/Core/Controller/SendRequest.cpp` | High
38 | File | `album_portal.php` | High
39 | ... | ... | ...
There are 333 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 336 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/APT28/README.md
View File

@ -134,7 +134,7 @@ ID | Type | Indicator | Confidence
27 | File | `/uncpath/` | Medium
28 | ... | ... | ...
There are 236 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 233 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

61
actors/APT29/README.md
View File

@ -67,7 +67,8 @@ ID | Technique | Weakness | Description | Confidence
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | ... | ... | ... | ...
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
@ -82,37 +83,37 @@ ID | Type | Indicator | Confidence
3 | File | `/admin/?page=system_info/contact_info` | High
4 | File | `/admin/dl_sendmail.php` | High
5 | File | `/admin/login.php` | High
6 | File | `/ad_js.php` | Medium
7 | File | `/Ap4RtpAtom.cpp` | High
8 | File | `/api/v2/cli/commands` | High
9 | File | `/app/options.py` | High
10 | File | `/bcms/admin/?page=user/list` | High
11 | File | `/bsms/?page=manage_account` | High
12 | File | `/cgi-bin/login.cgi` | High
13 | File | `/cgi-bin/luci/api/wireless` | High
14 | File | `/ci_hms/massage_room/edit/1` | High
15 | File | `/context/%2e/WEB-INF/web.xml` | High
16 | File | `/dashboard/reports/logs/view` | High
17 | File | `/debian/patches/load_ppp_generic_if_needed` | High
18 | File | `/debug/pprof` | Medium
19 | File | `/etc/hosts` | Medium
20 | File | `/fuel/index.php/fuel/logs/items` | High
21 | File | `/fuel/sitevariables/delete/4` | High
22 | File | `/goform/aspForm` | High
23 | File | `/goform/setmac` | High
24 | File | `/goform/wizard_end` | High
25 | File | `/hocms/classes/Master.php?f=delete_collection` | High
26 | File | `/hprms/admin/doctors/manage_doctor.php` | High
27 | File | `/index/jobfairol/show/` | High
28 | File | `/librarian/bookdetails.php` | High
29 | File | `/manage-apartment.php` | High
30 | File | `/mgmt/tm/util/bash` | High
31 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
32 | File | `/pages/apply_vacancy.php` | High
33 | File | `/plesk-site-preview/` | High
6 | File | `/admin/submit-articles` | High
7 | File | `/ad_js.php` | Medium
8 | File | `/Ap4RtpAtom.cpp` | High
9 | File | `/api/v2/cli/commands` | High
10 | File | `/app/options.py` | High
11 | File | `/bcms/admin/?page=user/list` | High
12 | File | `/bsms/?page=manage_account` | High
13 | File | `/cgi-bin/login.cgi` | High
14 | File | `/cgi-bin/luci/api/wireless` | High
15 | File | `/ci_hms/massage_room/edit/1` | High
16 | File | `/context/%2e/WEB-INF/web.xml` | High
17 | File | `/dashboard/reports/logs/view` | High
18 | File | `/debian/patches/load_ppp_generic_if_needed` | High
19 | File | `/debug/pprof` | Medium
20 | File | `/etc/hosts` | Medium
21 | File | `/fuel/index.php/fuel/logs/items` | High
22 | File | `/fuel/sitevariables/delete/4` | High
23 | File | `/goform/aspForm` | High
24 | File | `/goform/setmac` | High
25 | File | `/goform/wizard_end` | High
26 | File | `/hocms/classes/Master.php?f=delete_collection` | High
27 | File | `/hprms/admin/doctors/manage_doctor.php` | High
28 | File | `/index/jobfairol/show/` | High
29 | File | `/librarian/bookdetails.php` | High
30 | File | `/manage-apartment.php` | High
31 | File | `/mgmt/tm/util/bash` | High
32 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
33 | File | `/pages/apply_vacancy.php` | High
34 | ... | ... | ...
There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

58
actors/APT31/README.md
View File

@ -9,7 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT31:
* [US](https://vuldb.com/?country.us)
* [FR](https://vuldb.com/?country.fr)
* [CN](https://vuldb.com/?country.cn)
* [NO](https://vuldb.com/?country.no)
* ...
There are 13 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -17,12 +21,23 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [105.154.12.165](https://vuldb.com/?ip.105.154.12.165) | - | - | High
2 | [105.157.234.0](https://vuldb.com/?ip.105.157.234.0) | - | - | High
3 | [105.159.122.85](https://vuldb.com/?ip.105.159.122.85) | - | - | High
4 | ... | ... | ... | ...
1 | [5.252.176.102](https://vuldb.com/?ip.5.252.176.102) | no-rdns.mivocloud.com | - | High
2 | [45.147.229.194](https://vuldb.com/?ip.45.147.229.194) | - | - | High
3 | [50.71.100.164](https://vuldb.com/?ip.50.71.100.164) | S010690a7c1a10cf2.wp.shawcable.net | - | High
4 | [58.96.237.98](https://vuldb.com/?ip.58.96.237.98) | - | - | High
5 | [58.182.61.137](https://vuldb.com/?ip.58.182.61.137) | 137.61.182.58.starhub.net.sg | - | High
6 | [68.146.18.127](https://vuldb.com/?ip.68.146.18.127) | S010690a7c1b6e041.cg.shawcable.net | - | High
7 | [71.64.151.132](https://vuldb.com/?ip.71.64.151.132) | cpe-71-64-151-132.cinci.res.rr.com | - | High
8 | [73.229.137.54](https://vuldb.com/?ip.73.229.137.54) | c-73-229-137-54.hsd1.co.comcast.net | - | High
9 | [78.82.247.37](https://vuldb.com/?ip.78.82.247.37) | 78-82-247-37.customers.ownit.se | - | High
10 | [81.83.4.48](https://vuldb.com/?ip.81.83.4.48) | d51530430.static.telenet.be | - | High
11 | [81.227.88.108](https://vuldb.com/?ip.81.227.88.108) | 81-227-88-108-no2661.tbcn.telia.com | - | High
12 | [81.232.51.161](https://vuldb.com/?ip.81.232.51.161) | 81-232-51-161-no600.tbcn.telia.com | - | High
13 | [81.234.227.62](https://vuldb.com/?ip.81.234.227.62) | 81-234-227-62-no551.tbcn.telia.com | - | High
14 | [81.236.182.199](https://vuldb.com/?ip.81.236.182.199) | 81-236-182-199-no272.tbcn.telia.com | - | High
15 | ... | ... | ... | ...
There are 13 more IOC items available. Please use our online service to access the data.
There are 55 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -30,12 +45,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1059 | CWE-94 | Cross Site Scripting | High
3 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
4 | ... | ... | ... | ...
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 5 more TTP items available. Please use our online service to access the data.
There are 15 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -43,18 +59,28 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/get_getnetworkconf.cgi` | High
2 | File | `/horde/util/go.php` | High
3 | File | `administrator/components/com_media/helpers/media.php` | High
4 | ... | ... | ...
1 | File | `/api/RecordingList/DownloadRecord?file=` | High
2 | File | `/etc/openstack-dashboard/local_settings` | High
3 | File | `/get_getnetworkconf.cgi` | High
4 | File | `/goform/RgDhcp` | High
5 | File | `/goform/RGFirewallEL` | High
6 | File | `/horde/util/go.php` | High
7 | File | `/rapi/read_url` | High
8 | File | `/uncpath/` | Medium
9 | File | `/usr/bin/pkexec` | High
10 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
11 | File | `/wp-content/uploads/photo-gallery/` | High
12 | File | `administrator/components/com_media/helpers/media.php` | High
13 | ... | ... | ...
There are 19 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 104 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory-apt31-targeting-france/
* https://github.com/SEKOIA-IO/Community/blob/main/IOCs/2021-11-10%20APT31%20IOCs.csv
## Literature

2
actors/APT32/README.md
View File

@ -90,7 +90,7 @@ ID | Type | Indicator | Confidence
24 | File | `arch/x86/include/asm/fpu/internal.h` | High
25 | ... | ... | ...
There are 206 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 207 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

36
actors/APT33/README.md
View File

@ -18,7 +18,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [ES](https://vuldb.com/?country.es)
* [FR](https://vuldb.com/?country.fr)
* [IT](https://vuldb.com/?country.it)
* [AR](https://vuldb.com/?country.ar)
* ...
There are 8 more country items available. Please use our online service to access the data.
@ -54,11 +54,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-37, CWE-40 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37, CWE-40 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | ... | ... | ... | ...
5 | T1059.007 | CWE-79, CWE-80, CWE-85 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
@ -86,20 +87,21 @@ ID | Type | Indicator | Confidence
16 | File | `/api/geojson` | Medium
17 | File | `/api/v1/attack/token` | High
18 | File | `/api/v2/open/rowsInfo` | High
19 | File | `/application/documents/display.aspx` | High
20 | File | `/asms/classes/Master.php?f=delete_img` | High
21 | File | `/bin/httpd` | Medium
22 | File | `/bin/proc.cgi` | High
23 | File | `/classes/Master.php?f=delete_img` | High
24 | File | `/csms/?page=contact_us` | High
25 | File | `/diag_ping_admin.asp` | High
26 | File | `/fastfood/purchase.php` | High
27 | File | `/FormLogin` | Medium
28 | File | `/garage/editorder.php` | High
29 | File | `/goform/form2WizardStep54` | High
30 | ... | ... | ...
19 | File | `/asms/classes/Master.php?f=delete_img` | High
20 | File | `/bsms_ci/index.php/user/edit_user/` | High
21 | File | `/classes/Master.php?f=delete_img` | High
22 | File | `/device/signin` | High
23 | File | `/diag_ping_admin.asp` | High
24 | File | `/fastfood/purchase.php` | High
25 | File | `/FormLogin` | Medium
26 | File | `/garage/editorder.php` | High
27 | File | `/goform/form2WizardStep54` | High
28 | File | `/goform/NatStaticSetting` | High
29 | File | `/goform/SetNetControlList` | High
30 | File | `/gpac/src/bifs/unquantize.c` | High
31 | ... | ... | ...
There are 253 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 261 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/APT34/README.md
View File

@ -90,7 +90,7 @@ ID | Type | Indicator | Confidence
28 | File | `/replication` | Medium
29 | ... | ... | ...
There are 249 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 245 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

5
actors/APT36/README.md
View File

@ -108,9 +108,10 @@ ID | Type | Indicator | Confidence
42 | File | `/goform/RGFirewallEL` | High
43 | File | `/goform/RgTime` | High
44 | File | `/goform/RgUrlBlock.asp` | High
45 | ... | ... | ...
45 | File | `/goform/wlanPrimaryNetwork` | High
46 | ... | ... | ...
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 397 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

5
actors/APT41/README.md
View File

@ -118,10 +118,9 @@ ID | Type | Indicator | Confidence
40 | File | `/wp-admin/admin-ajax.php` | High
41 | File | `/wp-admin/options.php` | High
42 | File | `/_next` | Low
43 | File | `AdClass.php` | Medium
44 | ... | ... | ...
43 | ... | ... | ...
There are 377 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 370 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

4
actors/Agent/README.md
View File

@ -99,10 +99,10 @@ ID | Type | Indicator | Confidence
46 | File | `/self.key` | Medium
47 | File | `/services/system/setup.json` | High
48 | File | `/spip.php` | Medium
49 | File | `/uncpath/` | Medium
49 | File | `/tmp` | Low
50 | ... | ... | ...
There are 431 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

4
actors/Agrius/README.md
View File

@ -40,7 +40,7 @@ ID | Technique | Weakness | Description | Confidence
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 14 more TTP items available. Please use our online service to access the data.
There are 15 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -61,7 +61,7 @@ ID | Type | Indicator | Confidence
11 | File | `admin.asp` | Medium
12 | ... | ... | ...
There are 92 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 93 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

91
actors/Aurora/README.md Normal file
View File

@ -0,0 +1,91 @@
# Aurora - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Aurora](https://vuldb.com/?actor.aurora). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.aurora](https://vuldb.com/?actor.aurora)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Aurora:
* [DE](https://vuldb.com/?country.de)
* [US](https://vuldb.com/?country.us)
* [WF](https://vuldb.com/?country.wf)
* ...
There are 7 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Aurora.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.9.85.111](https://vuldb.com/?ip.5.9.85.111) | static.111.85.9.5.clients.your-server.de | - | High
2 | [37.220.87.2](https://vuldb.com/?ip.37.220.87.2) | ipn-37-220-87-2.artem-catv.ru | - | High
3 | [45.15.156.22](https://vuldb.com/?ip.45.15.156.22) | - | - | High
4 | [45.15.156.33](https://vuldb.com/?ip.45.15.156.33) | - | - | High
5 | [45.15.156.80](https://vuldb.com/?ip.45.15.156.80) | - | - | High
6 | ... | ... | ... | ...
There are 22 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Aurora_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 15 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Aurora. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/subnets/ripe-query.php` | High
2 | File | `/fw.login.php` | High
3 | File | `/gfxpoly/convert.c` | High
4 | File | `/GponForm/device_Form?script/` | High
5 | File | `/index.php?/manage/channel/addchannel` | High
6 | File | `/opac/Actions.php?a=login` | High
7 | File | `/spip.php` | Medium
8 | File | `/var/log/nginx` | High
9 | File | `/wp-admin/admin-ajax.php` | High
10 | File | `actions/beats_uploader.php` | High
11 | File | `actions/vote_channel.php` | High
12 | File | `Admin/ADM_Pagina.php` | High
13 | File | `admin/article.php` | High
14 | File | `admin/dashboard.php` | High
15 | File | `Admin/edit-admin.php` | High
16 | File | `admin/show.php?rec=update` | High
17 | File | `allow/block` | Medium
18 | File | `AlUpdate.exe` | Medium
19 | File | `app/admin/controller/api/Update.php` | High
20 | ... | ... | ...
There are 165 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
actors/AveMaria/README.md
View File

@ -97,7 +97,7 @@ ID | Type | Indicator | Confidence
45 | File | `admin/pageEditGroup.php` | High
46 | ... | ... | ...
There are 400 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

37
actors/Azorult/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [RU](https://vuldb.com/?country.ru)
* ...
There are 8 more country items available. Please use our online service to access the data.
There are 9 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -38,13 +38,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 17 more TTP items available. Please use our online service to access the data.
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -55,22 +55,23 @@ ID | Type | Indicator | Confidence
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/admin/deluser.php` | High
3 | File | `/administration/theme.php` | High
4 | File | `/BindAccount/SuccessTips.js` | High
5 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
6 | File | `/login.html` | Medium
7 | File | `/medical/inventories.php` | High
8 | File | `/pages.php` | Medium
9 | File | `/patient/doctors.php` | High
10 | File | `/rom-0` | Low
11 | File | `/uncpath/` | Medium
12 | File | `/usr/local/psa/admin/sbin/wrapper` | High
13 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
14 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
15 | File | `abm.aspx` | Medium
16 | File | `actions/ChangeConfiguration.html` | High
17 | ... | ... | ...
4 | File | `/auparse/auparse.c` | High
5 | File | `/aux` | Low
6 | File | `/BindAccount/SuccessTips.js` | High
7 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
8 | File | `/login.html` | Medium
9 | File | `/medical/inventories.php` | High
10 | File | `/pages.php` | Medium
11 | File | `/pages/save_user.php` | High
12 | File | `/patient/doctors.php` | High
13 | File | `/rom-0` | Low
14 | File | `/uncpath/` | Medium
15 | File | `/usr/local/psa/admin/sbin/wrapper` | High
16 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
17 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
18 | ... | ... | ...
There are 139 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 150 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

78
actors/B1txor20/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [SC](https://vuldb.com/?country.sc)
* ...
There are 3 more country items available. Please use our online service to access the data.
There are 4 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -45,11 +45,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-40 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
1 | T1006 | CWE-21, CWE-22, CWE-40 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80, CWE-85 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 21 more TTP items available. Please use our online service to access the data.
@ -61,38 +61,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin.php/Admin/adminadd.html` | High
2 | File | `/admin/admin.php` | High
3 | File | `/admin/controller/JobLogController.java` | High
4 | File | `/Admin/createClass.php` | High
5 | File | `/Admin/dashboard.php` | High
6 | File | `/admin/fst_upload.inc.php` | High
2 | File | `/Admin/add-student.php` | High
3 | File | `/Admin/createClass.php` | High
4 | File | `/Admin/dashboard.php` | High
5 | File | `/admin/edit_members.php` | High
6 | File | `/admin/pages/sections_save.php` | High
7 | File | `/admin/problem_judge.php` | High
8 | File | `/api/v1/nics/wifi/wlan0/ping` | High
9 | File | `/api/v2/cli/commands` | High
10 | File | `/asms/admin/?page=transactions/manage_transaction` | High
11 | File | `/asms/admin/?page=user/manage_user` | High
12 | File | `/asms/admin/mechanics/manage_mechanic.php` | High
13 | File | `/asms/classes/Master.php?f=delete_transaction` | High
14 | File | `/attachments` | Medium
8 | File | `/admin/settings/save.php` | High
9 | File | `/admin/submit-articles` | High
10 | File | `/admin/transactions/update_status.php` | High
11 | File | `/admin/users/index.php` | High
12 | File | `/apiv1/` | Low
13 | File | `/asms/admin/products/manage_product.php` | High
14 | File | `/asms/products/view_product.php` | High
15 | File | `/avms/index.php` | High
16 | File | `/College/admin/teacher.php` | High
17 | File | `/common/info.cgi` | High
18 | File | `/dashboard/add-service.php` | High
19 | File | `/debug/pprof` | Medium
20 | File | `/dede/file_manage_control.php` | High
21 | File | `/diagnostic/login.php` | High
22 | File | `/diag_tracert_admin.asp` | High
23 | File | `/etc/tomcat8/Catalina/attack` | High
24 | File | `/filemanager/php/connector.php` | High
25 | File | `/index.php/admins/Fields/get_fields.html` | High
26 | File | `/js/player/dmplayer/dmku/index.php` | High
27 | File | `/login` | Low
28 | File | `/login.php` | Medium
29 | File | `/mgm_dev_upgrade.asp` | High
30 | File | `/modules/projects/vw_files.php` | High
31 | ... | ... | ...
16 | File | `/bsms_ci/index.php` | High
17 | File | `/bsms_ci/index.php/user/edit_user/` | High
18 | File | `/calendar/viewcalendar.php` | High
19 | File | `/clients/listclients.php` | High
20 | File | `/College/admin/teacher.php` | High
21 | File | `/contacts/listcontacts.php` | High
22 | File | `/dashboard/add-service.php` | High
23 | File | `/Default/Bd` | Medium
24 | File | `/device/` | Medium
25 | File | `/device/signin` | High
26 | File | `/event/admin/?page=user/list` | High
27 | File | `/face-recognition-php/facepay-master/camera.php` | High
28 | File | `/forums/editforum.php` | High
29 | File | `/garage/php_action/createBrand.php` | High
30 | File | `/general/search.php?searchtype=simple` | High
31 | File | `/goform/AddSysLogRule` | High
32 | File | `/goform/setDiagnoseInfo` | High
33 | File | `/goform/SetIpMacBind` | High
34 | File | `/goform/setSysPwd` | High
35 | File | `/goform/setUplinkInfo` | High
36 | File | `/hrm/controller/employee.php` | High
37 | File | `/hrm/employeeadd.php` | High
38 | File | `/hrm/employeeview.php` | High
39 | File | `/ims/login.php` | High
40 | File | `/index.php/admins/Fields/get_fields.html` | High
41 | ... | ... | ...
There are 267 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 356 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

6
actors/Bandook/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [RU](https://vuldb.com/?country.ru)
* [MX](https://vuldb.com/?country.mx)
* [ME](https://vuldb.com/?country.me)
* ...
There are 2 more country items available. Please use our online service to access the data.
There are 3 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -67,7 +67,7 @@ ID | Type | Indicator | Confidence
15 | File | `cmd.exe` | Low
16 | ... | ... | ...
There are 127 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 129 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

20
actors/BazarLoader/README.md
View File

@ -82,18 +82,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/api` | Low
2 | File | `/include/makecvs.php` | High
3 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
4 | File | `/requests.php` | High
5 | File | `/usr/local/psa/admin/sbin/wrapper` | High
6 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
7 | File | `add.php` | Low
8 | File | `admin/admin.shtml` | High
9 | File | `bpf-object-fuzzer.c` | High
10 | File | `cal.php` | Low
2 | File | `/api/sys_username_passwd.cmd` | High
3 | File | `/include/makecvs.php` | High
4 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
5 | File | `/requests.php` | High
6 | File | `/usr/local/psa/admin/sbin/wrapper` | High
7 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
8 | File | `add.php` | Low
9 | File | `admin/admin.shtml` | High
10 | File | `bpf-object-fuzzer.c` | High
11 | ... | ... | ...
There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Bhutan Unknown/README.md
View File

@ -95,7 +95,7 @@ ID | Type | Indicator | Confidence
40 | File | `Advanced_ASUSDDNS_Content.asp` | High
41 | ... | ... | ...
There are 356 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 357 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

16
actors/BianLian/README.md
View File

@ -46,11 +46,11 @@ ID | Technique | Weakness | Description | Confidence
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
4 | T1059 | CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 21 more TTP items available. Please use our online service to access the data.
There are 22 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -96,14 +96,14 @@ ID | Type | Indicator | Confidence
36 | File | `/librarian/bookdetails.php` | High
37 | File | `/lists/admin/` | High
38 | File | `/mail/index.html` | High
39 | File | `/medicines` | Medium
40 | File | `/navigate/navigate_download.php` | High
41 | File | `/public/plugins/` | High
42 | File | `/rapi/read_url` | High
43 | File | `/reps/admin/?page=agents/manage_agent` | High
39 | File | `/navigate/navigate_download.php` | High
40 | File | `/public/plugins/` | High
41 | File | `/rapi/read_url` | High
42 | File | `/reps/admin/?page=agents/manage_agent` | High
43 | File | `/rest/api/1.0/render` | High
44 | ... | ... | ...
There are 379 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

56
actors/BitRAT/README.md
View File

@ -55,36 +55,36 @@ ID | Type | Indicator | Confidence
6 | File | `/modules/projects/vw_files.php` | High
7 | File | `/modules/public/date_format.php` | High
8 | File | `/modules/tasks/gantt.php` | High
9 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
10 | File | `actions/del.php` | High
11 | File | `addsite.php` | Medium
12 | File | `Admin.PHP` | Medium
13 | File | `admin.php` | Medium
14 | File | `admin/define.inc.php` | High
15 | File | `admin/general.php` | High
16 | File | `admin/review.php` | High
17 | File | `admincp/auth/secure.php` | High
18 | File | `affich.php` | Medium
19 | File | `agenda.php3` | Medium
20 | File | `agenda2.php3` | Medium
21 | File | `akocomments.php` | High
22 | File | `album_portal.php` | High
23 | File | `al_initialize.php` | High
24 | File | `announcements.php` | High
25 | File | `apa_phpinclude.inc.php` | High
26 | File | `application.php` | High
27 | File | `ashnews.php/ashheadlines.php` | High
28 | File | `auction\auction_common.php` | High
29 | File | `auktion.cgi` | Medium
30 | File | `auth.inc.php` | Medium
31 | File | `auth.php` | Medium
32 | File | `authform.inc.php` | High
33 | File | `bad_link.php` | Medium
34 | File | `bb_usage_stats.php` | High
35 | File | `big.php` | Low
9 | File | `/out.php` | Medium
10 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
11 | File | `actions/del.php` | High
12 | File | `addsite.php` | Medium
13 | File | `Admin.PHP` | Medium
14 | File | `admin.php` | Medium
15 | File | `admin/define.inc.php` | High
16 | File | `admin/general.php` | High
17 | File | `admin/review.php` | High
18 | File | `admincp/auth/secure.php` | High
19 | File | `affich.php` | Medium
20 | File | `agenda.php3` | Medium
21 | File | `agenda2.php3` | Medium
22 | File | `akocomments.php` | High
23 | File | `album_portal.php` | High
24 | File | `al_initialize.php` | High
25 | File | `announcements.php` | High
26 | File | `apa_phpinclude.inc.php` | High
27 | File | `application.php` | High
28 | File | `ashnews.php/ashheadlines.php` | High
29 | File | `auction\auction_common.php` | High
30 | File | `auktion.cgi` | Medium
31 | File | `auth.inc.php` | Medium
32 | File | `auth.php` | Medium
33 | File | `authform.inc.php` | High
34 | File | `bad_link.php` | Medium
35 | File | `bb_usage_stats.php` | High
36 | ... | ... | ...
There are 306 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

67
actors/Bitter/README.md
View File

@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bitter:
* [US](https://vuldb.com/?country.us)
* [CO](https://vuldb.com/?country.co)
* [TR](https://vuldb.com/?country.tr)
* [GB](https://vuldb.com/?country.gb)
* ...
There are 17 more country items available. Please use our online service to access the data.
There are 19 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -26,7 +26,7 @@ ID | IP address | Hostname | Campaign | Confidence
3 | [82.221.129.17](https://vuldb.com/?ip.82.221.129.17) | hengill.orangewebsite.com | - | High
4 | ... | ... | ... | ...
There are 13 more IOC items available. Please use our online service to access the data.
There are 14 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -34,13 +34,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 14 more TTP items available. Please use our online service to access the data.
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -49,26 +50,35 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.htaccess` | Medium
2 | File | `/admin/moduleinterface.php` | High
3 | File | `/etc/gsissh/sshd_config` | High
4 | File | `/forms/nslookupHandler` | High
5 | File | `/forum/away.php` | High
6 | File | `/index.php` | Medium
7 | File | `/modules/profile/index.php` | High
8 | File | `/news.dtl.php` | High
9 | File | `/out.php` | Medium
10 | File | `/ptms/?page=user` | High
11 | File | `/systemrw/` | Medium
12 | File | `/uncpath/` | Medium
13 | File | `/upload/file.php` | High
14 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
15 | File | `5.2.9\syscrb.exe` | High
16 | File | `adclick.php` | Medium
17 | File | `admin.cgi` | Medium
18 | File | `admin/category.inc.php` | High
19 | ... | ... | ...
2 | File | `/acms/classes/Master.php?f=delete_cargo` | High
3 | File | `/admin.php/news/admin/topic/save` | High
4 | File | `/admin/comn/service/update.json` | High
5 | File | `/admin/moduleinterface.php` | High
6 | File | `/dev/shm` | Medium
7 | File | `/dl/dl_print.php` | High
8 | File | `/etc/gsissh/sshd_config` | High
9 | File | `/forms/nslookupHandler` | High
10 | File | `/forum/away.php` | High
11 | File | `/getcfg.php` | Medium
12 | File | `/index.php` | Medium
13 | File | `/modules/profile/index.php` | High
14 | File | `/news.dtl.php` | High
15 | File | `/ofcms/company-c-47` | High
16 | File | `/out.php` | Medium
17 | File | `/ptms/?page=user` | High
18 | File | `/systemrw/` | Medium
19 | File | `/uncpath/` | Medium
20 | File | `/upload/file.php` | High
21 | File | `/usr/sbin/httpd` | High
22 | File | `/util/print.c` | High
23 | File | `/web/MCmsAction.java` | High
24 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
25 | File | `5.2.9\syscrb.exe` | High
26 | File | `abc-pcie.c` | Medium
27 | File | `accounts/payment_history.php` | High
28 | ... | ... | ...
There are 157 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 237 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -76,6 +86,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://1275.ru/ioc/414/bitter-apt-iocs/
* https://blogs.blackberry.com/en/2019/10/mobile-malware-and-apt-espionage-prolific-pervasive-and-cross-platform
* https://community.blueliv.com/#!/s/62f5f3fe82df41552632fc11
* https://twitter.com/ShadowChasing1/status/1504833720489951234
* https://www.threatminer.org/report.php?q=SuspectedBITTERAPTContinuesTargetingGovernmentofChinaandChineseOrganizations.pdf&y=2019

75
actors/Black KingDom/README.md
View File

@ -9,8 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Black KingDom:
* [US](https://vuldb.com/?country.us)
* [GB](https://vuldb.com/?country.gb)
* [NO](https://vuldb.com/?country.no)
* [RU](https://vuldb.com/?country.ru)
## IOC - Indicator of Compromise
@ -31,14 +30,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37, CWE-40 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80, CWE-85 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 21 more TTP items available. Please use our online service to access the data.
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -46,39 +45,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/action/import_cert_file/` | High
2 | File | `/action/import_e2c_json_file/` | High
3 | File | `/action/import_file/` | High
4 | File | `/action/import_wireguard_cert_file/` | High
5 | File | `/action/import_xml_file/` | High
6 | File | `/action/ipcamRecordPost` | High
7 | File | `/action/ipcamSetParamPost` | High
8 | File | `/action/wirelessConnect` | High
9 | File | `/admin/?page=bookings/view_details` | High
10 | File | `/admin/?page=orders/manage_request` | High
11 | File | `/admin/?page=user/manage_user` | High
12 | File | `/admin/controller/JobLogController.java` | High
13 | File | `/Admin/createClass.php` | High
14 | File | `/admin/fst_upload.inc.php` | High
15 | File | `/admin/sign/out` | High
16 | File | `/admin/students/manage.php` | High
17 | File | `/api/common/ping` | High
18 | File | `/api/public/signup` | High
19 | File | `/api/v1/attack/falco` | High
20 | File | `/api/v1/bait/set` | High
21 | File | `/api/v1/nics/wifi/wlan0/ping` | High
22 | File | `/api/v2/cli/commands` | High
23 | File | `/asms/admin/?page=user/manage_user` | High
24 | File | `/attachments` | Medium
25 | File | `/bookings/update_status.php` | High
26 | File | `/cgi-bin/wlogin.cgi` | High
27 | File | `/classes/Master.php?f=delete_appointment` | High
28 | File | `/classes/Users.php?f=delete_client` | High
29 | File | `/clearance/clearance.php` | High
30 | File | `/depotHead/list` | High
31 | ... | ... | ...
1 | File | `/admin.php/Admin/adminadd.html` | High
2 | File | `/admin/?page=orders/manage_request` | High
3 | File | `/admin/?page=user/manage_user` | High
4 | File | `/Admin/add-student.php` | High
5 | File | `/admin/controller/JobLogController.java` | High
6 | File | `/Admin/createClass.php` | High
7 | File | `/admin/fst_upload.inc.php` | High
8 | File | `/admin/problem_judge.php` | High
9 | File | `/admin/transactions/update_status.php` | High
10 | File | `/admin/users/index.php` | High
11 | File | `/api/common/ping` | High
12 | File | `/api/v1/nics/wifi/wlan0/ping` | High
13 | File | `/api/v2/cli/commands` | High
14 | File | `/apiv1/` | Low
15 | File | `/asms/admin/?page=user/manage_user` | High
16 | File | `/asms/admin/mechanics/manage_mechanic.php` | High
17 | File | `/asms/admin/products/manage_product.php` | High
18 | File | `/asms/products/view_product.php` | High
19 | File | `/attachments` | Medium
20 | File | `/avms/index.php` | High
21 | File | `/bsms_ci/index.php` | High
22 | File | `/bsms_ci/index.php/user/edit_user/` | High
23 | File | `/classes/Master.php?f=delete_appointment` | High
24 | File | `/classes/Users.php?f=delete_client` | High
25 | File | `/depotHead/list` | High
26 | File | `/device/` | Medium
27 | File | `/editorder.php` | High
28 | File | `/event/admin/?page=user/list` | High
29 | File | `/foms/all-orders.php?status=Cancelled%20by%20Customer` | High
30 | File | `/garage/editorder.php` | High
31 | File | `/garage/php_action/createBrand.php` | High
32 | File | `/ims/login.php` | High
33 | ... | ... | ...
There are 266 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 278 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

60
actors/BlackCat/README.md
View File

@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BlackCat:
* [US](https://vuldb.com/?country.us)
* [RU](https://vuldb.com/?country.ru)
* [GB](https://vuldb.com/?country.gb)
* [RU](https://vuldb.com/?country.ru)
* ...
There are 7 more country items available. Please use our online service to access the data.
There are 4 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -38,7 +38,7 @@ ID | Technique | Weakness | Description | Confidence
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80, CWE-85 | Cross Site Scripting | High
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
7 | ... | ... | ... | ...
@ -56,33 +56,35 @@ ID | Type | Indicator | Confidence
4 | File | `/admin/add-fee.php` | High
5 | File | `/Admin/add-student.php` | High
6 | File | `/admin/delstu.php` | High
7 | File | `/admin/foldernotice/list` | High
8 | File | `/admin/fst_upload.inc.php` | High
9 | File | `/admin/image/list` | High
10 | File | `/api/v1/user` | Medium
11 | File | `/asms/classes/Master.php?f=delete_service` | High
12 | File | `/buspassms/download-pass.php` | High
13 | File | `/cgi-bin/cstecgi.cgi` | High
14 | File | `/classes/Master.php?f=delete_category` | High
15 | File | `/classes/Master.php?f=delete_payment` | High
16 | File | `/classes/Users.php?f=delete_client` | High
17 | File | `/clients/profile` | High
18 | File | `/csms/admin/?page=user/manage_user` | High
19 | File | `/csms/admin/storages/view_storage.php` | High
20 | File | `/diagnostic/editclient.php` | High
21 | File | `/dotrace.asp` | Medium
22 | File | `/etc/init0.d/S80telnetd.sh` | High
23 | File | `/goform/wizard_end` | High
24 | File | `/home/hjsz/jsonlint/src/lexer` | High
25 | File | `/index.php?module=entities/entities` | High
26 | File | `/index.php?module=global_lists/lists` | High
27 | File | `/index.php?module=users_alerts/users_alerts` | High
28 | File | `/index1.html` | Medium
29 | File | `/jfinal_cms/system/user/list` | High
30 | File | `/jsoa/hntdCustomDesktopActionContent` | High
31 | ... | ... | ...
7 | File | `/admin/edit_members.php` | High
8 | File | `/admin/foldernotice/list` | High
9 | File | `/admin/fst_upload.inc.php` | High
10 | File | `/admin/image/list` | High
11 | File | `/admin/users/index.php` | High
12 | File | `/api/v1/user` | Medium
13 | File | `/asms/classes/Master.php?f=delete_service` | High
14 | File | `/bsms_ci/index.php/user/edit_user/` | High
15 | File | `/buspassms/download-pass.php` | High
16 | File | `/cgi-bin/cstecgi.cgi` | High
17 | File | `/classes/Master.php?f=delete_category` | High
18 | File | `/classes/Master.php?f=delete_payment` | High
19 | File | `/classes/Users.php?f=delete_client` | High
20 | File | `/clients/profile` | High
21 | File | `/csms/admin/?page=user/manage_user` | High
22 | File | `/csms/admin/storages/view_storage.php` | High
23 | File | `/diagnostic/editclient.php` | High
24 | File | `/dotrace.asp` | Medium
25 | File | `/etc/init0.d/S80telnetd.sh` | High
26 | File | `/goform/SetIpMacBind` | High
27 | File | `/goform/wizard_end` | High
28 | File | `/home/hjsz/jsonlint/src/lexer` | High
29 | File | `/index.php?module=entities/entities` | High
30 | File | `/index.php?module=global_lists/lists` | High
31 | File | `/index.php?module=users_alerts/users_alerts` | High
32 | File | `/index1.html` | Medium
33 | ... | ... | ...
There are 264 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

79
actors/BlueFox/README.md Normal file
View File

@ -0,0 +1,79 @@
# BlueFox - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BlueFox](https://vuldb.com/?actor.bluefox). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bluefox](https://vuldb.com/?actor.bluefox)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BlueFox:
* [US](https://vuldb.com/?country.us)
* [RU](https://vuldb.com/?country.ru)
* [ES](https://vuldb.com/?country.es)
* ...
There are 3 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BlueFox.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [31.41.244.152](https://vuldb.com/?ip.31.41.244.152) | - | - | High
2 | [45.8.147.31](https://vuldb.com/?ip.45.8.147.31) | vm792438.stark-industries.solutions | - | High
3 | [45.8.147.200](https://vuldb.com/?ip.45.8.147.200) | vm787285.stark-industries.solutions | - | High
4 | ... | ... | ... | ...
There are 5 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _BlueFox_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1059 | CWE-94 | Cross Site Scripting | High
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 5 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BlueFox. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/index.php` | Medium
2 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
3 | File | `addtocart.asp` | High
4 | File | `admin/adm/test.php` | High
5 | File | `agora.cgi` | Medium
6 | File | `books.php` | Medium
7 | File | `cat.asp` | Low
8 | File | `catalog.php` | Medium
9 | File | `categories.php` | High
10 | File | `default.php` | Medium
11 | ... | ... | ...
There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://github.com/SEKOIA-IO/Community/blob/main/IOCs/bluefox/bluefox_iocs_20221102.csv
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

166
actors/Bosnia and Herzegovina Unknown/README.md Normal file
View File

@ -0,0 +1,166 @@
# Bosnia and Herzegovina Unknown - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bosnia and Herzegovina Unknown](https://vuldb.com/?actor.bosnia_and_herzegovina_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bosnia_and_herzegovina_unknown](https://vuldb.com/?actor.bosnia_and_herzegovina_unknown)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bosnia and Herzegovina Unknown:
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [DE](https://vuldb.com/?country.de)
* ...
There are 20 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bosnia and Herzegovina Unknown.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.43.64.0](https://vuldb.com/?ip.5.43.64.0) | cable-5-43-64-0.dynamic.telemach.ba | - | High
2 | [5.59.160.0](https://vuldb.com/?ip.5.59.160.0) | - | - | High
3 | [5.62.60.40](https://vuldb.com/?ip.5.62.60.40) | r-40-60-62-5.consumer-pool.prcdn.net | - | High
4 | [5.62.62.40](https://vuldb.com/?ip.5.62.62.40) | r-40-62-62-5.consumer-pool.prcdn.net | - | High
5 | [5.133.0.0](https://vuldb.com/?ip.5.133.0.0) | - | - | High
6 | [5.133.128.0](https://vuldb.com/?ip.5.133.128.0) | adsl64po0.tel.net.ba | - | High
7 | [5.149.64.0](https://vuldb.com/?ip.5.149.64.0) | - | - | High
8 | [5.152.232.0](https://vuldb.com/?ip.5.152.232.0) | - | - | High
9 | [5.154.168.0](https://vuldb.com/?ip.5.154.168.0) | - | - | High
10 | [5.154.228.0](https://vuldb.com/?ip.5.154.228.0) | - | - | High
11 | [5.154.248.0](https://vuldb.com/?ip.5.154.248.0) | - | - | High
12 | [31.47.0.0](https://vuldb.com/?ip.31.47.0.0) | - | - | High
13 | [31.176.128.0](https://vuldb.com/?ip.31.176.128.0) | - | - | High
14 | [31.185.112.0](https://vuldb.com/?ip.31.185.112.0) | cable-31-185-112-0.dynamic.telemach.ba | - | High
15 | [31.216.128.0](https://vuldb.com/?ip.31.216.128.0) | - | - | High
16 | [31.216.184.0](https://vuldb.com/?ip.31.216.184.0) | - | - | High
17 | [31.223.128.0](https://vuldb.com/?ip.31.223.128.0) | - | - | High
18 | [31.223.208.0](https://vuldb.com/?ip.31.223.208.0) | 0-208-223-31-stat.customer.blic.net | - | High
19 | [37.8.128.0](https://vuldb.com/?ip.37.8.128.0) | adsl1or0.tel.net.ba | - | High
20 | [37.203.64.0](https://vuldb.com/?ip.37.203.64.0) | - | - | High
21 | [37.205.24.0](https://vuldb.com/?ip.37.205.24.0) | - | - | High
22 | [37.208.32.0](https://vuldb.com/?ip.37.208.32.0) | - | - | High
23 | [43.113.226.128](https://vuldb.com/?ip.43.113.226.128) | - | - | High
24 | [45.8.0.0](https://vuldb.com/?ip.45.8.0.0) | start.softnet.si | - | High
25 | [45.12.70.17](https://vuldb.com/?ip.45.12.70.17) | breadline.get-eye.com | - | High
26 | [45.12.71.17](https://vuldb.com/?ip.45.12.71.17) | - | - | High
27 | [45.14.36.0](https://vuldb.com/?ip.45.14.36.0) | - | - | High
28 | [45.82.88.0](https://vuldb.com/?ip.45.82.88.0) | - | - | High
29 | [45.93.92.0](https://vuldb.com/?ip.45.93.92.0) | - | - | High
30 | [45.131.116.0](https://vuldb.com/?ip.45.131.116.0) | - | - | High
31 | [45.156.248.0](https://vuldb.com/?ip.45.156.248.0) | subnet.reserved.ispsystem.net | - | High
32 | [46.35.128.0](https://vuldb.com/?ip.46.35.128.0) | adsl22po0.tel.net.ba | - | High
33 | [46.36.160.0](https://vuldb.com/?ip.46.36.160.0) | - | - | High
34 | [46.36.200.11](https://vuldb.com/?ip.46.36.200.11) | - | - | High
35 | [46.36.200.12](https://vuldb.com/?ip.46.36.200.12) | - | - | High
36 | [46.36.200.16](https://vuldb.com/?ip.46.36.200.16) | - | - | High
37 | [46.36.200.20](https://vuldb.com/?ip.46.36.200.20) | - | - | High
38 | [46.163.48.0](https://vuldb.com/?ip.46.163.48.0) | - | - | High
39 | [46.163.50.0](https://vuldb.com/?ip.46.163.50.0) | - | - | High
40 | [46.163.60.0](https://vuldb.com/?ip.46.163.60.0) | - | - | High
41 | [46.239.0.0](https://vuldb.com/?ip.46.239.0.0) | - | - | High
42 | [57.90.72.0](https://vuldb.com/?ip.57.90.72.0) | - | - | High
43 | ... | ... | ... | ...
There are 168 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Bosnia and Herzegovina Unknown_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bosnia and Herzegovina Unknown. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.htaccess` | Medium
2 | File | `/Admin/add-student.php` | High
3 | File | `/admin/conferences/list/` | High
4 | File | `/admin/edit_admin_details.php?id=admin` | High
5 | File | `/admin/generalsettings.php` | High
6 | File | `/Admin/login.php` | High
7 | File | `/admin/payment.php` | High
8 | File | `/admin/reports.php` | High
9 | File | `/admin/showbad.php` | High
10 | File | `/admin_page/all-files-update-ajax.php` | High
11 | File | `/apilog.php` | Medium
12 | File | `/bsms/?page=products` | High
13 | File | `/cgi-bin/kerbynet` | High
14 | File | `/cgi-bin/system_mgr.cgi` | High
15 | File | `/cgi-bin/wlogin.cgi` | High
16 | File | `/cloud_config/router_post/check_reg_verify_code` | High
17 | File | `/connectors/index.php` | High
18 | File | `/debug/pprof` | Medium
19 | File | `/dms/admin/reports/daily_collection_report.php` | High
20 | File | `/forum/away.php` | High
21 | File | `/include/chart_generator.php` | High
22 | File | `/index.php` | Medium
23 | File | `/info.cgi` | Medium
24 | File | `/Items/*/RemoteImages/Download` | High
25 | File | `/items/view_item.php` | High
26 | File | `/lists/admin/` | High
27 | File | `/MagickCore/image.c` | High
28 | File | `/manager/index.php` | High
29 | File | `/medical/inventories.php` | High
30 | File | `/mgmt/tm/util/bash` | High
31 | File | `/modules/profile/index.php` | High
32 | File | `/modules/projects/vw_files.php` | High
33 | File | `/modules/public/calendar.php` | High
34 | File | `/newsDia.php` | Medium
35 | File | `/out.php` | Medium
36 | File | `/public/launchNewWindow.jsp` | High
37 | File | `/sacco_shield/manage_user.php` | High
38 | File | `/spip.php` | Medium
39 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
40 | File | `/staff/bookdetails.php` | High
41 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
42 | File | `/user/update_booking.php` | High
43 | File | `/usr/bin/pkexec` | High
44 | File | `/WEB-INF/web.xml` | High
45 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
46 | File | `/Wedding-Management/package_detail.php` | High
47 | File | `/wordpress/wp-admin/options-general.php` | High
48 | File | `/wp-admin/admin-ajax.php` | High
49 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
50 | File | `a2billing/customer/iridium_threed.php` | High
51 | File | `AdClass.php` | Medium
52 | File | `adclick.php` | Medium
53 | File | `add.exe` | Low
54 | File | `addtocart.asp` | High
55 | File | `admin.php` | Medium
56 | File | `admin.php?m=Food&a=addsave` | High
57 | File | `admin/conf_users_edit.php` | High
58 | ... | ... | ...
There are 505 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_ba.netset
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
actors/Brute Ratel C4/README.md
View File

@ -71,7 +71,7 @@ ID | Type | Indicator | Confidence
15 | File | `/login.php` | Medium
16 | ... | ... | ...
There are 129 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 133 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

58
actors/Bumblebee/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [VN](https://vuldb.com/?country.vn)
* [US](https://vuldb.com/?country.us)
* [NL](https://vuldb.com/?country.nl)
* [CN](https://vuldb.com/?country.cn)
* ...
There are 4 more country items available. Please use our online service to access the data.
There are 6 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -148,14 +148,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 20 more TTP items available. Please use our online service to access the data.
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -163,34 +163,32 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/adfs/ls` | Medium
2 | File | `/admin/?page=orders/manage_request` | High
3 | File | `/admin/?page=orders/view_order` | High
4 | File | `/admin/admin.php` | High
5 | File | `/admin/sign/out` | High
6 | File | `/admin/store.php` | High
7 | File | `/api/geojson` | Medium
8 | File | `/api/user/password/sent-reset-email` | High
9 | File | `/balance/service/list` | High
10 | File | `/cgi-bin/qcmap_auth` | High
11 | File | `/cgi-bin/wlogin.cgi` | High
12 | File | `/classes/Master.php?f=delete_reservation` | High
1 | File | `/admin.php/Admin/adminadd.html` | High
2 | File | `/admin/admin.php` | High
3 | File | `/admin/controller/JobLogController.java` | High
4 | File | `/Admin/dashboard.php` | High
5 | File | `/admin/problem_judge.php` | High
6 | File | `/api/user/password/sent-reset-email` | High
7 | File | `/asms/admin/mechanics/manage_mechanic.php` | High
8 | File | `/asms/classes/Master.php?f=delete_mechanic` | High
9 | File | `/asms/classes/Master.php?f=delete_service` | High
10 | File | `/balance/service/list` | High
11 | File | `/bsms_ci/index.php/book` | High
12 | File | `/cgi-bin/wlogin.cgi` | High
13 | File | `/CommunitySSORedirect.jsp` | High
14 | File | `/diagnostic/editclient.php` | High
15 | File | `/etc/passwd` | Medium
16 | File | `/etc/sudoers` | Medium
17 | File | `/filemanager/php/connector.php` | High
18 | File | `/foms/place-order.php` | High
19 | File | `/FormLogin` | Medium
20 | File | `/forum/away.php` | High
21 | File | `/goform/form2IPQoSTcAdd` | High
22 | File | `/goform/form2WizardStep54` | High
23 | File | `/goform/setSysAdm` | High
24 | File | `/index.php?module=global_lists/lists` | High
25 | File | `/lilac/main.php` | High
26 | ... | ... | ...
14 | File | `/Content/Template/root/reverse-shell.aspx` | High
15 | File | `/diag_ping_admin.asp` | High
16 | File | `/diag_tracert_admin.asp` | High
17 | File | `/etc/passwd` | Medium
18 | File | `/index.php` | Medium
19 | File | `/index/user/user_edit.html` | High
20 | File | `/login.php` | Medium
21 | File | `/Member/memberedit.html` | High
22 | File | `/okm:root` | Medium
23 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
24 | ... | ... | ...
There are 215 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 201 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

109
actors/Burkina Faso Unknown/README.md Normal file
View File

@ -0,0 +1,109 @@
# Burkina Faso Unknown - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Burkina Faso Unknown](https://vuldb.com/?actor.burkina_faso_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.burkina_faso_unknown](https://vuldb.com/?actor.burkina_faso_unknown)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Burkina Faso Unknown:
* [US](https://vuldb.com/?country.us)
* [FR](https://vuldb.com/?country.fr)
* [ES](https://vuldb.com/?country.es)
* ...
There are 12 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Burkina Faso Unknown.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.62.60.56](https://vuldb.com/?ip.5.62.60.56) | r-56-60-62-5.consumer-pool.prcdn.net | - | High
2 | [5.62.62.56](https://vuldb.com/?ip.5.62.62.56) | r-56-62-62-5.consumer-pool.prcdn.net | - | High
3 | [41.78.48.0](https://vuldb.com/?ip.41.78.48.0) | - | - | High
4 | [41.138.96.0](https://vuldb.com/?ip.41.138.96.0) | - | - | High
5 | [41.203.224.0](https://vuldb.com/?ip.41.203.224.0) | - | - | High
6 | [41.216.144.0](https://vuldb.com/?ip.41.216.144.0) | - | - | High
7 | [41.223.232.0](https://vuldb.com/?ip.41.223.232.0) | - | - | High
8 | [45.12.70.21](https://vuldb.com/?ip.45.12.70.21) | entail-face.get-eye.com | - | High
9 | [45.12.71.21](https://vuldb.com/?ip.45.12.71.21) | - | - | High
10 | ... | ... | ... | ...
There are 37 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Burkina Faso Unknown_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 14 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Burkina Faso Unknown. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/?Page=Node/OBJ=/System/DeviceFolder/DeviceFolder/DateTime/Action=Submit` | High
2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
3 | File | `/admin/ajax/avatar.php` | High
4 | File | `/admin/index.php` | High
5 | File | `/admin/payment.php` | High
6 | File | `/admin/show.php` | High
7 | File | `/default.php?idx=17` | High
8 | File | `/download` | Medium
9 | File | `/forum/away.php` | High
10 | File | `/index.php` | Medium
11 | File | `/nova/bin/traceroute` | High
12 | File | `/opt/bin/cli` | Medium
13 | File | `/p` | Low
14 | File | `/patient/doctors.php` | High
15 | File | `/phpinventory/editcategory.php` | High
16 | File | `/product-list.php` | High
17 | File | `/spip.php` | Medium
18 | File | `/uncpath/` | Medium
19 | File | `/updown/upload.cgi` | High
20 | File | `/user/del.php` | High
21 | File | `/_next` | Low
22 | File | `123flashchat.php` | High
23 | File | `act.php` | Low
24 | File | `admin/bad.php` | High
25 | File | `admin/index.php` | High
26 | File | `admin/index.php/user/del/1` | High
27 | File | `admin/index.php?id=themes&action=edit_chunk` | High
28 | File | `administrator/index.php` | High
29 | File | `ajax/render/widget_php` | High
30 | File | `album_portal.php` | High
31 | File | `api.php` | Low
32 | File | `application/home/controller/debug.php` | High
33 | File | `articulo.php` | Medium
34 | ... | ... | ...
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bf.netset
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
actors/Butter/README.md
View File

@ -48,7 +48,7 @@ ID | Type | Indicator | Confidence
3 | File | `cjson.c` | Low
4 | ... | ... | ...
There are 9 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

5
actors/Calypso/README.md
View File

@ -63,9 +63,10 @@ ID | Type | Indicator | Confidence
7 | File | `/MIME/INBOX-MM-1/` | High
8 | File | `/ptms/classes/Users.php` | High
9 | File | `/public/plugins/` | High
10 | ... | ... | ...
10 | File | `/scripts/iisadmin/bdir.htr` | High
11 | ... | ... | ...
There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 82 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

32
actors/Candiru/README.md
View File

@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [ES](https://vuldb.com/?country.es)
* ...
There are 11 more country items available. Please use our online service to access the data.
There are 9 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -48,7 +48,7 @@ ID | Technique | Weakness | Description | Confidence
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | T1068 | CWE-264, CWE-266, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
7 | ... | ... | ... | ...
There are 25 more TTP items available. Please use our online service to access the data.
@ -79,22 +79,22 @@ ID | Type | Indicator | Confidence
18 | File | `/dev/snd/seq` | Medium
19 | File | `/device/device=140/tab=wifi/view` | High
20 | File | `/dl/dl_print.php` | High
21 | File | `/getcfg.php` | Medium
22 | File | `/goform/addressNat` | High
23 | File | `/goform/SetClientState` | High
24 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
25 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
26 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
27 | File | `/librarian/bookdetails.php` | High
28 | File | `/librarian/lab.php` | High
29 | File | `/login` | Low
30 | File | `/mngset/authset` | High
31 | File | `/nova/bin/sniffer` | High
32 | File | `/ofcms/company-c-47` | High
33 | File | `/omos/admin/?page=user/list` | High
21 | File | `/etc/passwd` | Medium
22 | File | `/getcfg.php` | Medium
23 | File | `/goform/addressNat` | High
24 | File | `/goform/SetClientState` | High
25 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
26 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
27 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
28 | File | `/librarian/bookdetails.php` | High
29 | File | `/librarian/lab.php` | High
30 | File | `/login` | Low
31 | File | `/mngset/authset` | High
32 | File | `/nova/bin/sniffer` | High
33 | File | `/ofcms/company-c-47` | High
34 | ... | ... | ...
There are 295 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 293 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Carbanak/README.md
View File

@ -127,7 +127,7 @@ ID | Type | Indicator | Confidence
37 | File | `admin/conf_users_edit.php` | High
38 | ... | ... | ...
There are 330 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

10
actors/Cardinal RAT/README.md
View File

@ -40,12 +40,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1059 | CWE-94 | Cross Site Scripting | High
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
There are 10 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -65,7 +65,7 @@ ID | Type | Indicator | Confidence
10 | File | `admin/web_config.php` | High
11 | ... | ... | ...
There are 85 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

47
actors/ChaChi/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [FR](https://vuldb.com/?country.fr)
* ...
There are 18 more country items available. Please use our online service to access the data.
There are 17 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -62,30 +62,29 @@ ID | Type | Indicator | Confidence
8 | File | `/export` | Low
9 | File | `/forum/away.php` | High
10 | File | `/get_getnetworkconf.cgi` | High
11 | File | `/horde/util/go.php` | High
12 | File | `/index.php` | Medium
13 | File | `/nova/bin/detnet` | High
14 | File | `/opensis/modules/users/Staff.php` | High
15 | File | `/php_action/createUser.php` | High
16 | File | `/plugins/servlet/gadgets/makeRequest` | High
17 | File | `/REBOOTSYSTEM` | High
18 | File | `/req_password_user.php` | High
19 | File | `/services` | Medium
20 | File | `/show_news.php` | High
21 | File | `/tmp` | Low
22 | File | `/uncpath/` | Medium
23 | File | `/Uploads` | Medium
24 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
25 | File | `/WEB-INF/web.xml` | High
26 | File | `/webconsole/APIController` | High
27 | File | `/wp-admin/admin-ajax.php` | High
28 | File | `AccountStatus.jsp` | High
29 | File | `add.php` | Low
30 | File | `addentry.php` | Medium
31 | File | `admin.htm` | Medium
32 | ... | ... | ...
11 | File | `/index.php` | Medium
12 | File | `/nova/bin/detnet` | High
13 | File | `/opensis/modules/users/Staff.php` | High
14 | File | `/php_action/createUser.php` | High
15 | File | `/plugins/servlet/gadgets/makeRequest` | High
16 | File | `/REBOOTSYSTEM` | High
17 | File | `/req_password_user.php` | High
18 | File | `/services` | Medium
19 | File | `/show_news.php` | High
20 | File | `/tmp` | Low
21 | File | `/uncpath/` | Medium
22 | File | `/Uploads` | Medium
23 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
24 | File | `/WEB-INF/web.xml` | High
25 | File | `/webconsole/APIController` | High
26 | File | `/wp-admin/admin-ajax.php` | High
27 | File | `AccountStatus.jsp` | High
28 | File | `add.php` | Low
29 | File | `addentry.php` | Medium
30 | File | `admin.htm` | Medium
31 | ... | ... | ...
There are 271 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 266 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

61
actors/Charming Kitten/README.md
View File

@ -21,7 +21,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [NL](https://vuldb.com/?country.nl)
* ...
There are 11 more country items available. Please use our online service to access the data.
There are 12 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -68,7 +68,7 @@ ID | Technique | Weakness | Description | Confidence
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 16 more TTP items available. Please use our online service to access the data.
There are 17 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -78,36 +78,35 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `//proc/kcore` | Medium
2 | File | `/about.php` | Medium
3 | File | `/ad_js.php` | Medium
4 | File | `/Ap4RtpAtom.cpp` | High
5 | File | `/app/options.py` | High
6 | File | `/bcms/admin/?page=user/list` | High
7 | File | `/bsms/?page=manage_account` | High
8 | File | `/cgi-bin/login.cgi` | High
9 | File | `/cgi-bin/luci/api/wireless` | High
10 | File | `/ci_hms/massage_room/edit/1` | High
11 | File | `/core/conditions/AbstractWrapper.java` | High
12 | File | `/dashboard/reports/logs/view` | High
13 | File | `/debian/patches/load_ppp_generic_if_needed` | High
14 | File | `/debug/pprof` | Medium
15 | File | `/etc/hosts` | Medium
16 | File | `/export` | Low
17 | File | `/fuel/index.php/fuel/logs/items` | High
18 | File | `/fuel/sitevariables/delete/4` | High
19 | File | `/goform/setmac` | High
20 | File | `/hprms/admin/doctors/manage_doctor.php` | High
21 | File | `/index/jobfairol/show/` | High
22 | File | `/librarian/bookdetails.php` | High
23 | File | `/manage-apartment.php` | High
24 | File | `/mgmt/tm/util/bash` | High
25 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
26 | File | `/pages/apply_vacancy.php` | High
27 | File | `/plugin/LiveChat/getChat.json.php` | High
28 | File | `/proc/<PID>/mem` | High
29 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
30 | ... | ... | ...
3 | File | `/admin/submit-articles` | High
4 | File | `/admin/subnets/ripe-query.php` | High
5 | File | `/ad_js.php` | Medium
6 | File | `/Ap4RtpAtom.cpp` | High
7 | File | `/app/options.py` | High
8 | File | `/bsms/?page=manage_account` | High
9 | File | `/cgi-bin/login.cgi` | High
10 | File | `/cgi-bin/luci/api/wireless` | High
11 | File | `/ci_hms/massage_room/edit/1` | High
12 | File | `/context/%2e/WEB-INF/web.xml` | High
13 | File | `/core/conditions/AbstractWrapper.java` | High
14 | File | `/dashboard/reports/logs/view` | High
15 | File | `/debian/patches/load_ppp_generic_if_needed` | High
16 | File | `/debug/pprof` | Medium
17 | File | `/etc/hosts` | Medium
18 | File | `/export` | Low
19 | File | `/fuel/sitevariables/delete/4` | High
20 | File | `/goform/setmac` | High
21 | File | `/goform/wizard_end` | High
22 | File | `/hprms/admin/doctors/manage_doctor.php` | High
23 | File | `/index/jobfairol/show/` | High
24 | File | `/librarian/bookdetails.php` | High
25 | File | `/manage-apartment.php` | High
26 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
27 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
28 | File | `/pages/apply_vacancy.php` | High
29 | ... | ... | ...
There are 251 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 247 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

66
actors/Chimera/README.md
View File

@ -32,13 +32,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 21 more TTP items available. Please use our online service to access the data.
There are 22 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -47,40 +47,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.FBCIndex` | Medium
2 | File | `/Admin/add-student.php` | High
3 | File | `/admin/admin.php` | High
4 | File | `/admin/conferences/list/` | High
5 | File | `/admin/index.PHP` | High
6 | File | `/admin/sendmailto.php?tomail=&groupid=` | High
7 | File | `/admin/update_traveller.php` | High
8 | File | `/advanced-tools/nova/bin/netwatch` | High
9 | File | `/cameras/XXXX/clips` | High
10 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
11 | File | `/cgi-bin/kerbynet` | High
12 | File | `/cgi-bin/qcmap_auth` | High
13 | File | `/cgi-bin/wlogin.cgi` | High
14 | File | `/CommunitySSORedirect.jsp` | High
15 | File | `/debug/pprof` | Medium
16 | File | `/diagnostic/editclient.php` | High
17 | File | `/editbrand.php` | High
18 | File | `/etc/shadow` | Medium
19 | File | `/etc/sudoers` | Medium
20 | File | `/EXCU_SHELL` | Medium
21 | File | `/filemanager/php/connector.php` | High
22 | File | `/forum/away.php` | High
23 | File | `/home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf` | High
24 | File | `/index.php?module=global_lists/lists` | High
25 | File | `/leave_system/classes/Master.php?f=delete_application` | High
26 | File | `/loginVaLidation.php` | High
2 | File | `/.ssh/authorized_keys` | High
3 | File | `/Admin/add-student.php` | High
4 | File | `/admin/admin.php` | High
5 | File | `/admin/conferences/list/` | High
6 | File | `/admin/index.PHP` | High
7 | File | `/admin/sendmailto.php?tomail=&groupid=` | High
8 | File | `/admin/update_traveller.php` | High
9 | File | `/advanced-tools/nova/bin/netwatch` | High
10 | File | `/bsms_ci/index.php` | High
11 | File | `/bsms_ci/index.php/user/edit_user/` | High
12 | File | `/cameras/XXXX/clips` | High
13 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
14 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
15 | File | `/cgi-bin/qcmap_auth` | High
16 | File | `/cgi-bin/wlogin.cgi` | High
17 | File | `/CommunitySSORedirect.jsp` | High
18 | File | `/Content/Template/root/reverse-shell.aspx` | High
19 | File | `/debug/pprof` | Medium
20 | File | `/diagnostic/editclient.php` | High
21 | File | `/editbrand.php` | High
22 | File | `/etc/sudoers` | Medium
23 | File | `/filemanager/php/connector.php` | High
24 | File | `/forum/away.php` | High
25 | File | `/index.php?module=global_lists/lists` | High
26 | File | `/leave_system/classes/Master.php?f=delete_application` | High
27 | File | `/okm:root` | Medium
28 | File | `/opt/onedev/sites/` | High
29 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
30 | File | `/phpinventory/editcategory.php` | High
31 | File | `/public_html/animals` | High
32 | File | `/rest/collectors/1.0/template/custom` | High
33 | ... | ... | ...
30 | File | `/out.php` | Medium
31 | File | `/phpinventory/editcategory.php` | High
32 | File | `/public_html/animals` | High
33 | File | `/secure/QueryComponent!Default.jspa` | High
34 | File | `/sqfs/bin/sccd` | High
35 | ... | ... | ...
There are 280 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 299 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

51
actors/Chthonic/README.md
View File

@ -77,34 +77,33 @@ ID | Type | Indicator | Confidence
1 | File | `.travis.yml` | Medium
2 | File | `/.env` | Low
3 | File | `/admin.php` | Medium
4 | File | `/core/conditions/AbstractWrapper.java` | High
5 | File | `/export` | Low
6 | File | `/file?action=download&file` | High
7 | File | `/medical/inventories.php` | High
8 | File | `/monitoring` | Medium
9 | File | `/NAGErrors` | Medium
10 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
11 | File | `/plugin/LiveChat/getChat.json.php` | High
12 | File | `/plugins/servlet/audit/resource` | High
13 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
14 | File | `/replication` | Medium
15 | File | `/RestAPI` | Medium
16 | File | `/tmp` | Low
17 | File | `/tmp/speedtest_urls.xml` | High
18 | File | `/tmp/zarafa-vacation-*` | High
19 | File | `/uncpath/` | Medium
20 | File | `/upload` | Low
21 | File | `/var/log/nginx` | High
22 | File | `/var/run/watchman.pid` | High
23 | File | `/viewer/krpano.html` | High
24 | File | `/wp-json/oembed/1.0/embed?url` | High
25 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
26 | File | `admin\model\catalog\download.php` | High
4 | File | `/admin/subnets/ripe-query.php` | High
5 | File | `/core/conditions/AbstractWrapper.java` | High
6 | File | `/debug/pprof` | Medium
7 | File | `/export` | Low
8 | File | `/file?action=download&file` | High
9 | File | `/medical/inventories.php` | High
10 | File | `/monitoring` | Medium
11 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
12 | File | `/plugin/LiveChat/getChat.json.php` | High
13 | File | `/plugins/servlet/audit/resource` | High
14 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
15 | File | `/replication` | Medium
16 | File | `/RestAPI` | Medium
17 | File | `/tmp` | Low
18 | File | `/tmp/speedtest_urls.xml` | High
19 | File | `/tmp/zarafa-vacation-*` | High
20 | File | `/uncpath/` | Medium
21 | File | `/upload` | Low
22 | File | `/var/log/nginx` | High
23 | File | `/var/run/watchman.pid` | High
24 | File | `/viewer/krpano.html` | High
25 | File | `/wp-json/oembed/1.0/embed?url` | High
26 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
27 | File | `AdxDSrv.exe` | Medium
28 | File | `apcupsd.pid` | Medium
29 | ... | ... | ...
28 | ... | ... | ...
There are 247 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

93
actors/Cobalt Strike/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [CN](https://vuldb.com/?country.cn)
* ...
There are 11 more country items available. Please use our online service to access the data.
There are 10 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -73,7 +73,7 @@ ID | IP address | Hostname | Campaign | Confidence
50 | [45.134.26.174](https://vuldb.com/?ip.45.134.26.174) | - | - | High
51 | ... | ... | ... | ...
There are 199 more IOC items available. Please use our online service to access the data.
There are 201 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -81,13 +81,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
1 | T1006 | CWE-21, CWE-22, CWE-40 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
7 | ... | ... | ... | ...
6 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
@ -97,47 +96,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/action/wirelessConnect` | High
1 | File | `/.ssh/authorized_keys` | High
2 | File | `/admin/admin.php` | High
3 | File | `/admin/store.php` | High
4 | File | `/admin/submit-articles` | High
5 | File | `/api/v1/attack/falco` | High
6 | File | `/asms/admin/?page=transactions/manage_transaction` | High
7 | File | `/asms/admin/mechanics/view_mechanic.php` | High
8 | File | `/balance/service/list` | High
9 | File | `/cgi-bin/qcmap_auth` | High
10 | File | `/cgi-bin/wlogin.cgi` | High
11 | File | `/classes/Master.php?f=delete_appointment` | High
12 | File | `/classes/Master.php?f=delete_reservation` | High
13 | File | `/classes/Users.php?f=delete_client` | High
14 | File | `/CommunitySSORedirect.jsp` | High
15 | File | `/Content/Template/root/reverse-shell.aspx` | High
16 | File | `/diagnostic/editclient.php` | High
17 | File | `/etc/sudoers` | Medium
18 | File | `/filemanager/php/connector.php` | High
19 | File | `/forum/away.php` | High
20 | File | `/HNAP1` | Low
21 | File | `/index.php/purchase_order/browse_data` | High
22 | File | `/index.php?module=global_lists/lists` | High
23 | File | `/index/user/user_edit.html` | High
24 | File | `/modules/announcement/index.php?view=edit` | High
25 | File | `/okm:root` | Medium
26 | File | `/omos/admin/?page=user/list` | High
27 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
28 | File | `/out.php` | Medium
29 | File | `/pages/processlogin.php` | High
30 | File | `/pages/save_user.php` | High
31 | File | `/php-sms/classes/Master.php` | High
32 | File | `/php-sms/classes/Master.php?f=delete_inquiry` | High
33 | File | `/php_action/editProductImage.php` | High
34 | File | `/php_action/fetchSelectedfood.php` | High
35 | File | `/php_action/fetchSelectedUser.php` | High
36 | File | `/plugin/getList` | High
37 | File | `/public_html/animals` | High
38 | File | `/register/abort` | High
39 | ... | ... | ...
3 | File | `/admin/edit_members.php` | High
4 | File | `/admin/store.php` | High
5 | File | `/admin/submit-articles` | High
6 | File | `/admin/users/index.php` | High
7 | File | `/api/sys_username_passwd.cmd` | High
8 | File | `/asms/admin/?page=transactions/manage_transaction` | High
9 | File | `/asms/admin/mechanics/view_mechanic.php` | High
10 | File | `/asms/admin/products/manage_product.php` | High
11 | File | `/asms/products/view_product.php` | High
12 | File | `/balance/service/list` | High
13 | File | `/bsms_ci/index.php` | High
14 | File | `/bsms_ci/index.php/user/edit_user/` | High
15 | File | `/calendar/viewcalendar.php` | High
16 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
17 | File | `/cgi-bin/qcmap_auth` | High
18 | File | `/cgi-bin/wlogin.cgi` | High
19 | File | `/classes/Master.php?f=delete_appointment` | High
20 | File | `/classes/Master.php?f=delete_reservation` | High
21 | File | `/classes/Users.php?f=delete_client` | High
22 | File | `/clients/listclients.php` | High
23 | File | `/CommunitySSORedirect.jsp` | High
24 | File | `/Content/Template/root/reverse-shell.aspx` | High
25 | File | `/Default/Bd` | Medium
26 | File | `/device/acceptBind` | High
27 | File | `/diagnostic/editclient.php` | High
28 | File | `/event/admin/?page=user/list` | High
29 | File | `/face-recognition-php/facepay-master/camera.php` | High
30 | File | `/filemanager/php/connector.php` | High
31 | File | `/forum/away.php` | High
32 | File | `/general/search.php?searchtype=simple` | High
33 | File | `/HNAP1` | Low
34 | File | `/hrm/controller/employee.php` | High
35 | File | `/hrm/employeeadd.php` | High
36 | File | `/ims/login.php` | High
37 | File | `/index.php/purchase_order/browse_data` | High
38 | File | `/index.php?module=configuration/application` | High
39 | File | `/index.php?module=entities/fields&entities_id=24` | High
40 | File | `/index.php?module=entities/forms&entities_id=24` | High
41 | File | `/index/user/user_edit.html` | High
42 | ... | ... | ...
There are 334 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 364 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -209,6 +211,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/
* https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/
* https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/
* https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/
* https://twitter.com/malware_traffic/status/1400876426497253379
* https://twitter.com/malware_traffic/status/1415740795622248452
* https://twitter.com/malware_traffic/status/1592262598195646464

38
actors/CoinMiner/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [LU](https://vuldb.com/?country.lu)
* ...
There are 9 more country items available. Please use our online service to access the data.
There are 10 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -69,18 +69,18 @@ ID | Type | Indicator | Confidence
8 | File | `/root/.keeper/` | High
9 | File | `/sbin/conf.d/SuSEconfig.javarunt` | High
10 | File | `/spacecom/login.php` | High
11 | File | `/uncpath/` | Medium
12 | File | `/usr/bin/sonia` | High
11 | File | `/ucenter/active.php` | High
12 | File | `/uncpath/` | Medium
13 | File | `/xampp/guestbook-en.pl` | High
14 | File | `/zm/index.php` | High
15 | File | `95.php` | Low
16 | File | `123flashchat.php` | High
17 | File | `abook_database.php` | High
18 | File | `action.php` | Medium
19 | File | `admin.php` | Medium
20 | File | `admin/profile_settings_net.html` | High
21 | File | `admin/vqmods.app/vqmods.inc.php` | High
22 | File | `af.cgi/alienform.cgi` | High
15 | File | `123flashchat.php` | High
16 | File | `abook_database.php` | High
17 | File | `action.php` | Medium
18 | File | `admin.php` | Medium
19 | File | `admin/profile_settings_net.html` | High
20 | File | `admin/vqmods.app/vqmods.inc.php` | High
21 | File | `af.cgi/alienform.cgi` | High
22 | File | `afd.sys` | Low
23 | File | `aim/icq` | Low
24 | File | `ajax.php` | Medium
25 | File | `akocomment.php` | High
@ -93,16 +93,16 @@ ID | Type | Indicator | Confidence
32 | File | `blog.cgi` | Medium
33 | File | `bluewrench-video-widget.php` | High
34 | File | `browse.php` | Medium
35 | File | `cartman.php` | Medium
36 | File | `cdf.c` | Low
37 | File | `cgi-bin/module/sysmanager/admin/SYSAdminUserDialog` | High
38 | File | `chetcpasswd.cgi` | High
39 | File | `classifieds.cgi` | High
40 | File | `cmd.php` | Low
41 | File | `collectivite.class.php` | High
35 | File | `carsdetail.asp` | High
36 | File | `cartman.php` | Medium
37 | File | `cdf.c` | Low
38 | File | `cgi-bin/module/sysmanager/admin/SYSAdminUserDialog` | High
39 | File | `chetcpasswd.cgi` | High
40 | File | `classifieds.cgi` | High
41 | File | `cmd.php` | Low
42 | ... | ... | ...
There are 359 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 363 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

80
actors/Conti/README.md
View File

@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [NL](https://vuldb.com/?country.nl)
* ...
There are 26 more country items available. Please use our online service to access the data.
There are 27 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -539,48 +539,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/about.php` | Medium
2 | File | `/admin/login.php` | High
3 | File | `/Admin/login.php` | High
4 | File | `/admin/students/manage.php` | High
5 | File | `/admin/students/view_student.php` | High
6 | File | `/admin/subnets/ripe-query.php` | High
7 | File | `/api/RecordingList/DownloadRecord?file=` | High
8 | File | `/api/user/upsert/<uuid>` | High
9 | File | `/card_scan.php` | High
10 | File | `/cgi-bin/luci/api/wireless` | High
11 | File | `/cgi-bin/wlogin.cgi` | High
12 | File | `/context/%2e/WEB-INF/web.xml` | High
13 | File | `/cwc/login` | Medium
14 | File | `/dashboard/updatelogo.php` | High
15 | File | `/debug/pprof` | Medium
16 | File | `/export` | Low
17 | File | `/foms/place-order.php` | High
18 | File | `/gasmark/assets/myimages/oneWord.php` | High
19 | File | `/goform/setmac` | High
20 | File | `/goform/wizard_end` | High
21 | File | `/h/calendar` | Medium
22 | File | `/h/compose` | Medium
23 | File | `/h/search?action=voicemail&action=listen` | High
24 | File | `/index.php` | Medium
25 | File | `/loginVaLidation.php` | High
26 | File | `/manage-apartment.php` | High
27 | File | `/manager/index.php` | High
28 | File | `/members/view_member.php` | High
29 | File | `/mkshop/Men/profile.php` | High
30 | File | `/mygym/admin/index.php` | High
31 | File | `/nova/bin/detnet` | High
32 | File | `/Noxen-master/users.php` | High
33 | File | `/opac/Actions.php?a=login` | High
34 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
35 | File | `/owa/auth/logon.aspx` | High
36 | File | `/pages/animals.php` | High
1 | File | `.../gogo/` | Medium
2 | File | `/about.php` | Medium
3 | File | `/admin/login.php` | High
4 | File | `/Admin/login.php` | High
5 | File | `/admin/students/manage.php` | High
6 | File | `/admin/students/view_student.php` | High
7 | File | `/admin/submit-articles` | High
8 | File | `/admin/subnets/ripe-query.php` | High
9 | File | `/api/RecordingList/DownloadRecord?file=` | High
10 | File | `/api/user/upsert/<uuid>` | High
11 | File | `/card_scan.php` | High
12 | File | `/cgi-bin/luci/api/wireless` | High
13 | File | `/cgi-bin/wlogin.cgi` | High
14 | File | `/context/%2e/WEB-INF/web.xml` | High
15 | File | `/cwc/login` | Medium
16 | File | `/dashboard/updatelogo.php` | High
17 | File | `/debug/pprof` | Medium
18 | File | `/export` | Low
19 | File | `/foms/place-order.php` | High
20 | File | `/goform/setmac` | High
21 | File | `/goform/wizard_end` | High
22 | File | `/h/calendar` | Medium
23 | File | `/h/compose` | Medium
24 | File | `/h/search?action=voicemail&action=listen` | High
25 | File | `/index.php` | Medium
26 | File | `/loginVaLidation.php` | High
27 | File | `/manage-apartment.php` | High
28 | File | `/manager/index.php` | High
29 | File | `/members/view_member.php` | High
30 | File | `/mkshop/Men/profile.php` | High
31 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
32 | File | `/nova/bin/detnet` | High
33 | File | `/Noxen-master/users.php` | High
34 | File | `/opac/Actions.php?a=login` | High
35 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
36 | File | `/owa/auth/logon.aspx` | High
37 | File | `/pages/apply_vacancy.php` | High
38 | File | `/php-sms/classes/Master.php` | High
39 | File | `/php-sms/classes/SystemSettings.php` | High
40 | ... | ... | ...
38 | ... | ... | ...
There are 345 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 327 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

57
actors/CopyKittens/README.md
View File

@ -15,8 +15,8 @@ The following _campaigns_ are known and can be associated with CopyKittens:
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CopyKittens:
* [PT](https://vuldb.com/?country.pt)
* [SV](https://vuldb.com/?country.sv)
* [AR](https://vuldb.com/?country.ar)
* [IT](https://vuldb.com/?country.it)
* ...
There are 9 more country items available. Please use our online service to access the data.
@ -54,14 +54,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
7 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
There are 23 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -76,29 +77,33 @@ ID | Type | Indicator | Confidence
5 | File | `/admin/add-fee.php` | High
6 | File | `/admin/baojia_list.php` | High
7 | File | `/admin/folderrollpicture/list` | High
8 | File | `/admin/index.PHP` | High
9 | File | `/anony/mjpg.cgi` | High
10 | File | `/api/common/ping` | High
11 | File | `/api/v2/open/rowsInfo` | High
12 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
13 | File | `/appointments/update_status.php` | High
14 | File | `/authUserAction!edit.action` | High
15 | File | `/bin/boa` | Medium
16 | File | `/bin/httpd` | Medium
17 | File | `/bits/stl_vector.h` | High
18 | File | `/bookings/update_status.php` | High
19 | File | `/cgi-bin/DownloadFlash` | High
20 | File | `/classes/Master.php?f=delete_category` | High
21 | File | `/classes/Users.php?f=delete_client` | High
22 | File | `/Core/Ap4File.cpp` | High
23 | File | `/csms/admin/storages/view_storage.php` | High
24 | File | `/dede/file_manage_control.php` | High
25 | File | `/etc/ciel.cfg` | High
26 | File | `/etc/openshift/server_priv.pem` | High
27 | File | `/etc/shadow.sample` | High
28 | ... | ... | ...
8 | File | `/anony/mjpg.cgi` | High
9 | File | `/api/common/ping` | High
10 | File | `/api/v2/open/rowsInfo` | High
11 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
12 | File | `/appointments/update_status.php` | High
13 | File | `/authUserAction!edit.action` | High
14 | File | `/bin/boa` | Medium
15 | File | `/bookings/update_status.php` | High
16 | File | `/cgi-bin/DownloadFlash` | High
17 | File | `/classes/Master.php?f=delete_category` | High
18 | File | `/classes/Users.php?f=delete_client` | High
19 | File | `/contacts/listcontacts.php` | High
20 | File | `/Core/Ap4File.cpp` | High
21 | File | `/csms/admin/storages/view_storage.php` | High
22 | File | `/dede/file_manage_control.php` | High
23 | File | `/depotHead/list` | High
24 | File | `/etc/ciel.cfg` | High
25 | File | `/etc/openshift/server_priv.pem` | High
26 | File | `/etc/shadow.sample` | High
27 | File | `/forms/web_runScript` | High
28 | File | `/garage/php_action/createBrand.php` | High
29 | File | `/general/search.php?searchtype=simple` | High
30 | File | `/goform/AddSysLogRule` | High
31 | File | `/goform/formSetFirewallCfg` | High
32 | ... | ... | ...
There are 240 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 276 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

30
actors/CryWiper/README.md Normal file
View File

@ -0,0 +1,30 @@
# CryWiper - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CryWiper](https://vuldb.com/?actor.crywiper). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.crywiper](https://vuldb.com/?actor.crywiper)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CryWiper.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [82.221.141.8](https://vuldb.com/?ip.82.221.141.8) | - | - | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://securelist.ru/novyj-troyanec-crywiper/106114/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

9
actors/Cryptbot/README.md
View File

@ -9,6 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cryptbot:
* [DE](https://vuldb.com/?country.de)
* [JP](https://vuldb.com/?country.jp)
## IOC - Indicator of Compromise
@ -42,12 +43,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/ci_spms/admin/search/searching/` | High
2 | Argument | `langType` | Medium
3 | Argument | `search` | Low
1 | File | `/aux` | Low
2 | File | `/ci_spms/admin/search/searching/` | High
3 | Argument | `langType` | Medium
4 | ... | ... | ...
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

118
actors/Cuba Ransomware/README.md Normal file
View File

@ -0,0 +1,118 @@
# Cuba Ransomware - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cuba Ransomware](https://vuldb.com/?actor.cuba_ransomware). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cuba_ransomware](https://vuldb.com/?actor.cuba_ransomware)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cuba Ransomware:
* [VN](https://vuldb.com/?country.vn)
* [US](https://vuldb.com/?country.us)
* [CH](https://vuldb.com/?country.ch)
* ...
There are 2 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Cuba Ransomware.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [10.13.102.1](https://vuldb.com/?ip.10.13.102.1) | - | - | High
2 | [10.13.102.58](https://vuldb.com/?ip.10.13.102.58) | - | - | High
3 | [10.14.100.20](https://vuldb.com/?ip.10.14.100.20) | - | - | High
4 | [10.133.78.41](https://vuldb.com/?ip.10.133.78.41) | - | - | High
5 | [23.227.198.246](https://vuldb.com/?ip.23.227.198.246) | 23-227-198-246.static.hvvc.us | - | High
6 | [31.184.192.44](https://vuldb.com/?ip.31.184.192.44) | - | - | High
7 | [37.44.253.21](https://vuldb.com/?ip.37.44.253.21) | - | - | High
8 | [37.120.247.39](https://vuldb.com/?ip.37.120.247.39) | - | - | High
9 | [38.108.119.121](https://vuldb.com/?ip.38.108.119.121) | - | - | High
10 | [45.32.229.66](https://vuldb.com/?ip.45.32.229.66) | - | - | High
11 | [45.86.162.34](https://vuldb.com/?ip.45.86.162.34) | - | - | High
12 | ... | ... | ... | ...
There are 42 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Cuba Ransomware_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Cuba Ransomware. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/.ssh/authorized_keys` | High
2 | File | `/action/ipcamRecordPost` | High
3 | File | `/admin/` | Low
4 | File | `/admin/admin.php` | High
5 | File | `/admin/settings/save.php` | High
6 | File | `/auparse/auparse.c` | High
7 | File | `/bsms_ci/index.php` | High
8 | File | `/bsms_ci/index.php/user/edit_user/` | High
9 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
10 | File | `/cgi-bin/qcmap_auth` | High
11 | File | `/cgi-bin/wlogin.cgi` | High
12 | File | `/common/info.cgi` | High
13 | File | `/CommunitySSORedirect.jsp` | High
14 | File | `/Content/Template/root/reverse-shell.aspx` | High
15 | File | `/device/signin` | High
16 | File | `/diagnostic/editclient.php` | High
17 | File | `/diag_tracert_admin.asp` | High
18 | File | `/edit-db.php` | Medium
19 | File | `/event/admin/?page=user/list` | High
20 | File | `/exec/` | Low
21 | File | `/filemanager/php/connector.php` | High
22 | File | `/forum/away.php` | High
23 | File | `/hospital/hms/admin/patient-search.php` | High
24 | File | `/hrm/controller/employee.php` | High
25 | File | `/hrm/index.php?msg` | High
26 | File | `/hrm/state.php` | High
27 | File | `/index.php?module=entities/fields&entities_id=24` | High
28 | File | `/index.php?module=global_lists/lists` | High
29 | File | `/irj/portal/` | Medium
30 | File | `/modules/projects/vw_files.php` | High
31 | File | `/odlms/?page=appointments/view_appointment` | High
32 | File | `/okm:root` | Medium
33 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
34 | File | `/out.php` | Medium
35 | File | `/pages/save_user.php` | High
36 | File | `/public_html/animals` | High
37 | File | `/purchase_order/admin/?page=system_info` | High
38 | File | `/query` | Low
39 | File | `/Redcock-Farm/farm/category.php` | High
40 | ... | ... | ...
There are 348 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cisa.gov/uscert/ncas/alerts/aa22-335a
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

59
actors/DPRK/README.md
View File

@ -71,7 +71,7 @@ ID | Technique | Weakness | Description | Confidence
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
There are 19 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -81,35 +81,36 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin-panel1.php` | High
2 | File | `/admin/academic/studenview_left.php` | High
3 | File | `/admin/login.php` | High
4 | File | `/ad_js.php` | Medium
5 | File | `/alerts/alertConfigField.php` | High
6 | File | `/API/system/admins/session` | High
7 | File | `/cgi-bin/ExportALLSettings.sh` | High
8 | File | `/config/config.php` | High
9 | File | `/context/%2e/WEB-INF/web.xml` | High
10 | File | `/core/conditions/AbstractWrapper.java` | High
11 | File | `/DataHandler/AM/AM_Handler.ashx` | High
12 | File | `/DataHandler/HandlerAlarmGroup.ashx` | High
13 | File | `/DataHandler/HandlerEnergyType.ashx` | High
14 | File | `/DataHandler/Handler_CFG.ashx` | High
15 | File | `/ECT_Provider/` | High
16 | File | `/etc/passwd` | Medium
17 | File | `/fuel/index.php/fuel/logs/items` | High
18 | File | `/fuel/index.php/fuel/pages/items` | High
19 | File | `/image_zoom.php` | High
20 | File | `/include/config.cache.php` | High
21 | File | `/index.php` | Medium
22 | File | `/mkshop/Men/profile.php` | High
23 | File | `/plugin/ajax.php` | High
24 | File | `/proxy/` | Low
25 | File | `/public/plugins/` | High
26 | File | `/rest/api/2/search` | High
27 | File | `/rest/api/latest/projectvalidate/key` | High
28 | File | `/rom-0` | Low
29 | ... | ... | ...
3 | File | `/admin/controller/JobLogController.java` | High
4 | File | `/admin/login.php` | High
5 | File | `/ad_js.php` | Medium
6 | File | `/alerts/alertConfigField.php` | High
7 | File | `/API/system/admins/session` | High
8 | File | `/cgi-bin/ExportALLSettings.sh` | High
9 | File | `/config/config.php` | High
10 | File | `/context/%2e/WEB-INF/web.xml` | High
11 | File | `/core/conditions/AbstractWrapper.java` | High
12 | File | `/DataHandler/AM/AM_Handler.ashx` | High
13 | File | `/DataHandler/HandlerAlarmGroup.ashx` | High
14 | File | `/DataHandler/HandlerEnergyType.ashx` | High
15 | File | `/DataHandler/Handler_CFG.ashx` | High
16 | File | `/ECT_Provider/` | High
17 | File | `/etc/passwd` | Medium
18 | File | `/fuel/index.php/fuel/logs/items` | High
19 | File | `/fuel/index.php/fuel/pages/items` | High
20 | File | `/image_zoom.php` | High
21 | File | `/include/config.cache.php` | High
22 | File | `/index.php` | Medium
23 | File | `/mkshop/Men/profile.php` | High
24 | File | `/plugin/ajax.php` | High
25 | File | `/proxy/` | Low
26 | File | `/public/plugins/` | High
27 | File | `/rest/api/2/search` | High
28 | File | `/rest/api/latest/projectvalidate/key` | High
29 | File | `/rom-0` | Low
30 | ... | ... | ...
There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 251 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

108
actors/Denmark Unknown/README.md
View File

@ -396,14 +396,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-37 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80, CWE-87 | Cross Site Scripting | High
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -411,63 +411,57 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/action/iperf` | High
2 | File | `/action/wirelessConnect` | High
3 | File | `/Admin/add-student.php` | High
4 | File | `/Admin/login.php` | High
1 | File | `.../gogo/` | Medium
2 | File | `/action/iperf` | High
3 | File | `/action/wirelessConnect` | High
4 | File | `/Admin/dashboard.php` | High
5 | File | `/admin/sign/out` | High
6 | File | `/admin/students/manage.php` | High
7 | File | `/api/discoveries/` | High
8 | File | `/api/user/upsert/<uuid>` | High
9 | File | `/api/v1/attack` | High
10 | File | `/api/v1/attack/falco` | High
11 | File | `/api/v1/attack/token` | High
12 | File | `/api/v1/bait/set` | High
13 | File | `/api/v2/open/rowsInfo` | High
14 | File | `/api/v2/open/tablesInfo` | High
15 | File | `/apilog.php` | Medium
16 | File | `/balance/service/list` | High
17 | File | `/bin/proc.cgi` | High
18 | File | `/buspassms/download-pass.php` | High
19 | File | `/category.php` | High
20 | File | `/changePassword` | High
21 | File | `/connectors/index.php` | High
22 | File | `/Core/Ap4File.cpp` | High
23 | File | `/csms/admin/?page=user/manage_user` | High
24 | File | `/depotHead/list` | High
25 | File | `/ebics-server/ebics.aspx` | High
26 | File | `/forum/away.php` | High
27 | File | `/goform/form2WizardStep4` | High
28 | File | `/goform/formSetClientState` | High
29 | File | `/goform/fromSetIpMacBind` | High
30 | File | `/h/calendar` | Medium
31 | File | `/h/compose` | Medium
32 | File | `/h/search?action=voicemail&action=listen` | High
33 | File | `/index.asp` | Medium
34 | File | `/index.php` | Medium
35 | File | `/index.php/purchase_order/browse_data` | High
36 | File | `/items/view_item.php` | High
37 | File | `/jsoa/hntdCustomDesktopActionContent` | High
38 | File | `/lilac/main.php` | High
39 | File | `/login` | Low
40 | File | `/manager/index.php` | High
41 | File | `/medical/inventories.php` | High
42 | File | `/module/admin_bp/add_application.php` | High
43 | File | `/modules/profile/index.php` | High
44 | File | `/modules/projects/vw_files.php` | High
45 | File | `/modules/public/calendar.php` | High
46 | File | `/newsDia.php` | Medium
47 | File | `/omos/admin/?page=user/list` | High
48 | File | `/opac/Actions.php?a=login` | High
49 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
50 | File | `/out.php` | Medium
51 | File | `/php-sms/admin/` | High
52 | File | `/php-sms/classes/Master.php` | High
53 | File | `/php-sms/classes/SystemSettings.php` | High
54 | File | `/php_action/createOrder.php` | High
55 | ... | ... | ...
8 | File | `/api/v1/attack` | High
9 | File | `/api/v1/attack/falco` | High
10 | File | `/api/v1/attack/token` | High
11 | File | `/api/v1/bait/set` | High
12 | File | `/api/v2/open/rowsInfo` | High
13 | File | `/api/v2/open/tablesInfo` | High
14 | File | `/balance/service/list` | High
15 | File | `/bin/proc.cgi` | High
16 | File | `/category.php` | High
17 | File | `/Core/Ap4File.cpp` | High
18 | File | `/csms/admin/?page=user/manage_user` | High
19 | File | `/depotHead/list` | High
20 | File | `/forum/away.php` | High
21 | File | `/goform/form2WizardStep4` | High
22 | File | `/goform/formSetClientState` | High
23 | File | `/goform/fromSetIpMacBind` | High
24 | File | `/goform/setSysAdm` | High
25 | File | `/h/compose` | Medium
26 | File | `/index.asp` | Medium
27 | File | `/index.php` | Medium
28 | File | `/index.php/purchase_order/browse_data` | High
29 | File | `/jsoa/hntdCustomDesktopActionContent` | High
30 | File | `/lilac/main.php` | High
31 | File | `/login` | Low
32 | File | `/module/admin_bp/add_application.php` | High
33 | File | `/newsDia.php` | Medium
34 | File | `/omos/admin/?page=user/list` | High
35 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
36 | File | `/out.php` | Medium
37 | File | `/pages/processlogin.php` | High
38 | File | `/php-sms/admin/` | High
39 | File | `/php-sms/classes/Master.php` | High
40 | File | `/php-sms/classes/SystemSettings.php` | High
41 | File | `/plugin/getList` | High
42 | File | `/Redcock-Farm/farm/category.php` | High
43 | File | `/spip.php` | Medium
44 | File | `/tmp` | Low
45 | File | `/transcation.php` | High
46 | File | `/user/update_booking.php` | High
47 | File | `/usr/bin/pkexec` | High
48 | File | `/usr/sbin/httpd` | High
49 | ... | ... | ...
There are 478 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 426 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

8
actors/Dgbv/README.md
View File

@ -25,8 +25,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
2 | T1211 | CWE-254 | 7PK Security Features | High
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1068 | CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
3 | T1211 | CWE-254 | 7PK Security Features | High
4 | ... | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
## References

22
actors/Dharma/README.md
View File

@ -37,7 +37,7 @@ ID | Technique | Weakness | Description | Confidence
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 17 more TTP items available. Please use our online service to access the data.
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -45,18 +45,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/edit_admin_details.php?id=admin` | High
2 | File | `/admin/inquiries/view_details.php` | High
3 | File | `/alarm_pi/alarmService.php` | High
4 | File | `/api/admin/attachments/upload` | High
5 | File | `/application/controllers/Users.php` | High
6 | File | `/classes/Master.php?f=delete_message` | High
7 | File | `/classes/Master.php?f=delete_reservation` | High
8 | File | `/classes/Master.php?f=delete_schedule` | High
9 | File | `/classes/Master.php?f=delete_service` | High
1 | File | `/admin/inquiries/view_details.php` | High
2 | File | `/api/admin/attachments/upload` | High
3 | File | `/api/audits` | Medium
4 | File | `/application/controllers/Users.php` | High
5 | File | `/classes/Master.php?f=delete_message` | High
6 | File | `/classes/Master.php?f=delete_reservation` | High
7 | File | `/classes/Master.php?f=delete_schedule` | High
8 | File | `/classes/Master.php?f=delete_service` | High
9 | File | `/classes/Master.php?f=delete_train` | High
10 | ... | ... | ...
There are 73 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 72 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

7
actors/Donot/README.md
View File

@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [ES](https://vuldb.com/?country.es)
* ...
There are 3 more country items available. Please use our online service to access the data.
There are 4 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -92,9 +92,10 @@ ID | Type | Indicator | Confidence
28 | File | `/classes/Users.php?f=save` | High
29 | File | `/cwms/admin/?page=articles/view_article/` | High
30 | File | `/cwms/classes/Master.php?f=save_contact` | High
31 | ... | ... | ...
31 | File | `/dashboard/add-blog.php` | High
32 | ... | ... | ...
There are 267 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

36
actors/Dorkbot/README.md
View File

@ -60,26 +60,26 @@ ID | Type | Indicator | Confidence
7 | File | `/debug/pprof` | Medium
8 | File | `/export` | Low
9 | File | `/file?action=download&file` | High
10 | File | `/medical/inventories.php` | High
11 | File | `/monitoring` | Medium
12 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
13 | File | `/out.php` | Medium
14 | File | `/plugin/LiveChat/getChat.json.php` | High
15 | File | `/plugins/servlet/audit/resource` | High
16 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
17 | File | `/product_list.php` | High
18 | File | `/recordings/index.php` | High
19 | File | `/replication` | Medium
20 | File | `/rest/api/1.0/render` | High
21 | File | `/RestAPI` | Medium
22 | File | `/tmp/speedtest_urls.xml` | High
23 | File | `/tmp/zarafa-vacation-*` | High
24 | File | `/uncpath/` | Medium
25 | File | `/upload` | Low
26 | File | `/var/log/nginx` | High
10 | File | `/forum/away.php` | High
11 | File | `/medical/inventories.php` | High
12 | File | `/monitoring` | Medium
13 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
14 | File | `/out.php` | Medium
15 | File | `/plugin/LiveChat/getChat.json.php` | High
16 | File | `/plugins/servlet/audit/resource` | High
17 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
18 | File | `/product_list.php` | High
19 | File | `/recordings/index.php` | High
20 | File | `/replication` | Medium
21 | File | `/rest/api/1.0/render` | High
22 | File | `/RestAPI` | Medium
23 | File | `/tmp/speedtest_urls.xml` | High
24 | File | `/tmp/zarafa-vacation-*` | High
25 | File | `/uncpath/` | Medium
26 | File | `/upload` | Low
27 | ... | ... | ...
There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 225 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

68
actors/Dridex/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* ...
There are 15 more country items available. Please use our online service to access the data.
There are 14 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -142,7 +142,7 @@ ID | Technique | Weakness | Description | Confidence
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 17 more TTP items available. Please use our online service to access the data.
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -152,40 +152,40 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `//proc/kcore` | Medium
2 | File | `/about.php` | Medium
3 | File | `/ad_js.php` | Medium
4 | File | `/Ap4RtpAtom.cpp` | High
5 | File | `/api/RecordingList/DownloadRecord?file=` | High
6 | File | `/app/options.py` | High
7 | File | `/bcms/admin/?page=user/list` | High
8 | File | `/bsms/?page=manage_account` | High
9 | File | `/cgi-bin/login.cgi` | High
10 | File | `/cgi-bin/luci/api/wireless` | High
11 | File | `/ci_hms/massage_room/edit/1` | High
12 | File | `/context/%2e/WEB-INF/web.xml` | High
13 | File | `/dashboard/reports/logs/view` | High
14 | File | `/debian/patches/load_ppp_generic_if_needed` | High
15 | File | `/debug/pprof` | Medium
16 | File | `/etc/hosts` | Medium
17 | File | `/fuel/index.php/fuel/logs/items` | High
18 | File | `/fuel/sitevariables/delete/4` | High
19 | File | `/goform/setmac` | High
20 | File | `/goform/wizard_end` | High
21 | File | `/hprms/admin/doctors/manage_doctor.php` | High
22 | File | `/index.php` | Medium
23 | File | `/index/jobfairol/show/` | High
24 | File | `/librarian/bookdetails.php` | High
25 | File | `/manage-apartment.php` | High
26 | File | `/members/view_member.php` | High
27 | File | `/mgmt/tm/util/bash` | High
28 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
29 | File | `/owa/auth/logon.aspx` | High
30 | File | `/pages/apply_vacancy.php` | High
31 | File | `/proc/<PID>/mem` | High
32 | File | `/proxy` | Low
33 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
3 | File | `/admin/submit-articles` | High
4 | File | `/ad_js.php` | Medium
5 | File | `/Ap4RtpAtom.cpp` | High
6 | File | `/api/RecordingList/DownloadRecord?file=` | High
7 | File | `/api/sys_username_passwd.cmd` | High
8 | File | `/app/options.py` | High
9 | File | `/bcms/admin/?page=user/list` | High
10 | File | `/bsms/?page=manage_account` | High
11 | File | `/cgi-bin/login.cgi` | High
12 | File | `/cgi-bin/luci/api/wireless` | High
13 | File | `/ci_hms/massage_room/edit/1` | High
14 | File | `/context/%2e/WEB-INF/web.xml` | High
15 | File | `/dashboard/reports/logs/view` | High
16 | File | `/debian/patches/load_ppp_generic_if_needed` | High
17 | File | `/debug/pprof` | Medium
18 | File | `/etc/hosts` | Medium
19 | File | `/fuel/index.php/fuel/logs/items` | High
20 | File | `/fuel/sitevariables/delete/4` | High
21 | File | `/goform/setmac` | High
22 | File | `/goform/wizard_end` | High
23 | File | `/hprms/admin/doctors/manage_doctor.php` | High
24 | File | `/index.php` | Medium
25 | File | `/index/jobfairol/show/` | High
26 | File | `/librarian/bookdetails.php` | High
27 | File | `/manage-apartment.php` | High
28 | File | `/members/view_member.php` | High
29 | File | `/mgmt/tm/util/bash` | High
30 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
31 | File | `/owa/auth/logon.aspx` | High
32 | File | `/pages/apply_vacancy.php` | High
33 | File | `/proc/<PID>/mem` | High
34 | ... | ... | ...
There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 293 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

24
actors/Dukes/README.md
View File

@ -36,12 +36,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 11 more TTP items available. Please use our online service to access the data.
There are 13 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -49,18 +49,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/forum/away.php` | High
2 | File | `/modules/profile/index.php` | High
3 | File | `/proc/self/environ` | High
4 | File | `/rest/project-templates/1.0/createshared` | High
5 | File | `/server-status` | High
6 | File | `act.php` | Low
7 | File | `adclick.php` | Medium
8 | File | `admin.php` | Medium
9 | File | `administrator/mail/download.cfm` | High
1 | File | `/admin/users.php?source=edit_user&id=1` | High
2 | File | `/forum/away.php` | High
3 | File | `/modules/profile/index.php` | High
4 | File | `/proc/self/environ` | High
5 | File | `/rest/project-templates/1.0/createshared` | High
6 | File | `/server-status` | High
7 | File | `act.php` | Low
8 | File | `adclick.php` | Medium
9 | File | `admin.php` | Medium
10 | ... | ... | ...
There are 75 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 76 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

1289
actors/Emotet/README.md
View File

File diff suppressed because it is too large Load Diff

107
actors/Europe Unknown/README.md
View File

@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Europe Unknown:
* [US](https://vuldb.com/?country.us)
* [JP](https://vuldb.com/?country.jp)
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* ...
There are 23 more country items available. Please use our online service to access the data.
There are 24 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -7957,14 +7957,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-24 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80, CWE-87 | Cross Site Scripting | High
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
1 | T1006 | CWE-21, CWE-22, CWE-36 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 20 more TTP items available. Please use our online service to access the data.
There are 22 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -7972,63 +7972,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%PROGRAMFILES(X86)%\Steam` | High
2 | File | `.php.gif` | Medium
3 | File | `//proc/kcore` | Medium
4 | File | `/action/iperf` | High
5 | File | `/action/wirelessConnect` | High
6 | File | `/admin/options` | High
7 | File | `/admin/students/manage.php` | High
8 | File | `/admin/users.php?source=edit_user&id=1` | High
9 | File | `/api/user/upsert/<uuid>` | High
10 | File | `/api/v1/attack` | High
11 | File | `/api/v1/attack/token` | High
12 | File | `/api/v1/bait/set` | High
13 | File | `/apilog.php` | Medium
14 | File | `/bin/proc.cgi` | High
15 | File | `/category.php` | High
16 | File | `/changePassword` | High
17 | File | `/cmscp/ext/collect/fetch_url.do` | High
18 | File | `/connectors/index.php` | High
19 | File | `/Core/Ap4File.cpp` | High
20 | File | `/core/conditions/AbstractWrapper.java` | High
21 | File | `/csms/admin/?page=user/manage_user` | High
22 | File | `/dev/mmz_userdev` | High
23 | File | `/egroupware/index.php` | High
24 | File | `/etc/grafana/grafana.ini` | High
25 | File | `/fantasticblog/single.php` | High
26 | File | `/forum/away.php` | High
27 | File | `/goform/doReboot` | High
28 | File | `/goform/formSetClientState` | High
29 | File | `/goform/fromSetIpMacBind` | High
30 | File | `/goform/wizard_end` | High
31 | File | `/h/compose` | Medium
32 | File | `/index.asp` | Medium
33 | File | `/index.php` | Medium
34 | File | `/items/view_item.php` | High
35 | File | `/jsoa/hntdCustomDesktopActionContent` | High
36 | File | `/manager/index.php` | High
37 | File | `/medical/inventories.php` | High
38 | File | `/modules/profile/index.php` | High
39 | File | `/modules/projects/vw_files.php` | High
40 | File | `/modules/public/calendar.php` | High
41 | File | `/MTFWU` | Low
42 | File | `/newsDia.php` | Medium
43 | File | `/omos/admin/?page=user/list` | High
44 | File | `/out.php` | Medium
45 | File | `/php-sms/admin/` | High
46 | File | `/php-sms/classes/Master.php` | High
47 | File | `/php-sms/classes/SystemSettings.php` | High
48 | File | `/recreate.php` | High
49 | File | `/ResiotQueryDBActive` | High
50 | File | `/resources//../` | High
51 | File | `/sacco_shield/manage_user.php` | High
52 | File | `/sessions/sess_<sessionid>` | High
53 | File | `/spip.php` | Medium
54 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
55 | ... | ... | ...
1 | File | `/admin.php/Admin/adminadd.html` | High
2 | File | `/admin/edit.php` | High
3 | File | `/admin/settings/save.php` | High
4 | File | `/balance/service/list` | High
5 | File | `/debug/pprof` | Medium
6 | File | `/forum/away.php` | High
7 | File | `/goform/setSysAdm` | High
8 | File | `/HNAP1` | Low
9 | File | `/index.php` | Medium
10 | File | `/index.php/purchase_order/browse_data` | High
11 | File | `/lilac/main.php` | High
12 | File | `/module/admin_bp/add_application.php` | High
13 | File | `/modx/manager/` | High
14 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
15 | File | `/out.php` | Medium
16 | File | `/plugin/getList` | High
17 | File | `/project/PROJECTNAME/reports/` | High
18 | File | `/proxy` | Low
19 | File | `/spip.php` | Medium
20 | File | `/sys/duplicate/check` | High
21 | File | `/upload/catalog/controller/account/password.php` | High
22 | File | `/usr/bin/pkexec` | High
23 | File | `/usr/sbin/httpd` | High
24 | File | `/var/log/nginx` | High
25 | File | `/wp-content/plugins/updraftplus/admin.php` | High
26 | File | `2020\Messages\SDNotify.exe` | High
27 | File | `aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java` | High
28 | File | `ActivityRecord.java` | High
29 | File | `adclick.php` | Medium
30 | File | `admin.php?m=backup&c=backup&a=doback` | High
31 | File | `admin/?page=system_info` | High
32 | File | `admin/app/mediamanager` | High
33 | File | `admin/article_save.php` | High
34 | ... | ... | ...
There are 483 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

6
actors/Exchange Marauder/README.md
View File

@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [KR](https://vuldb.com/?country.kr)
* [RU](https://vuldb.com/?country.ru)
* ...
There are 4 more country items available. Please use our online service to access the data.
@ -45,7 +45,7 @@ ID | Technique | Weakness | Description | Confidence
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 13 more TTP items available. Please use our online service to access the data.
There are 14 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -62,7 +62,7 @@ ID | Type | Indicator | Confidence
7 | File | `admin/modules/tools/ip_history_logs.php` | High
8 | ... | ... | ...
There are 58 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 61 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

101
actors/FIN7/README.md
View File

@ -86,7 +86,8 @@ ID | Technique | Weakness | Description | Confidence
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | ... | ... | ... | ...
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
@ -100,55 +101,57 @@ ID | Type | Indicator | Confidence
2 | File | `/Admin/add-student.php` | High
3 | File | `/Admin/login.php` | High
4 | File | `/admin/showbad.php` | High
5 | File | `/ad_js.php` | Medium
6 | File | `/api/RecordingList/DownloadRecord?file=` | High
7 | File | `/apilog.php` | Medium
8 | File | `/app/options.py` | High
9 | File | `/cgi-bin/luci/api/wireless` | High
10 | File | `/cgi-bin/wlogin.cgi` | High
11 | File | `/connectors/index.php` | High
12 | File | `/context/%2e/WEB-INF/web.xml` | High
13 | File | `/dashboard/reports/logs/view` | High
14 | File | `/debian/patches/load_ppp_generic_if_needed` | High
15 | File | `/debug/pprof` | Medium
16 | File | `/etc/hosts` | Medium
17 | File | `/forum/away.php` | High
18 | File | `/goform/setmac` | High
19 | File | `/goform/wizard_end` | High
20 | File | `/index.php` | Medium
21 | File | `/items/view_item.php` | High
22 | File | `/manage-apartment.php` | High
23 | File | `/manager/index.php` | High
24 | File | `/medical/inventories.php` | High
25 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
26 | File | `/modules/profile/index.php` | High
27 | File | `/modules/projects/vw_files.php` | High
28 | File | `/modules/public/calendar.php` | High
29 | File | `/newsDia.php` | Medium
30 | File | `/out.php` | Medium
31 | File | `/pages/apply_vacancy.php` | High
32 | File | `/proc/<PID>/mem` | High
33 | File | `/proxy` | Low
34 | File | `/public/launchNewWindow.jsp` | High
35 | File | `/sacco_shield/manage_user.php` | High
36 | File | `/secure/ViewCollectors` | High
37 | File | `/spip.php` | Medium
38 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
39 | File | `/staff/bookdetails.php` | High
40 | File | `/uncpath/` | Medium
41 | File | `/upload` | Low
42 | File | `/user/update_booking.php` | High
43 | File | `/vendor/views/add_product.php` | High
44 | File | `/wabt/bin/poc.wasm` | High
45 | File | `/WEB-INF/web.xml` | High
46 | File | `/WebInterface/UserManager/` | High
47 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
48 | File | `/wordpress/wp-admin/options-general.php` | High
49 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
50 | File | `ActivityRecord.java` | High
51 | ... | ... | ...
5 | File | `/admin/submit-articles` | High
6 | File | `/ad_js.php` | Medium
7 | File | `/api/RecordingList/DownloadRecord?file=` | High
8 | File | `/apilog.php` | Medium
9 | File | `/app/options.py` | High
10 | File | `/cgi-bin/luci/api/wireless` | High
11 | File | `/cgi-bin/wlogin.cgi` | High
12 | File | `/connectors/index.php` | High
13 | File | `/context/%2e/WEB-INF/web.xml` | High
14 | File | `/dashboard/reports/logs/view` | High
15 | File | `/debian/patches/load_ppp_generic_if_needed` | High
16 | File | `/debug/pprof` | Medium
17 | File | `/etc/hosts` | Medium
18 | File | `/forum/away.php` | High
19 | File | `/goform/setmac` | High
20 | File | `/goform/wizard_end` | High
21 | File | `/index.php` | Medium
22 | File | `/items/view_item.php` | High
23 | File | `/manage-apartment.php` | High
24 | File | `/manager/index.php` | High
25 | File | `/medical/inventories.php` | High
26 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
27 | File | `/modules/profile/index.php` | High
28 | File | `/modules/projects/vw_files.php` | High
29 | File | `/modules/public/calendar.php` | High
30 | File | `/newsDia.php` | Medium
31 | File | `/out.php` | Medium
32 | File | `/pages/apply_vacancy.php` | High
33 | File | `/proc/<PID>/mem` | High
34 | File | `/proxy` | Low
35 | File | `/public/launchNewWindow.jsp` | High
36 | File | `/Redcock-Farm/farm/category.php` | High
37 | File | `/sacco_shield/manage_user.php` | High
38 | File | `/secure/ViewCollectors` | High
39 | File | `/spip.php` | Medium
40 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
41 | File | `/staff/bookdetails.php` | High
42 | File | `/uncpath/` | Medium
43 | File | `/upload` | Low
44 | File | `/user/update_booking.php` | High
45 | File | `/vendor/views/add_product.php` | High
46 | File | `/wabt/bin/poc.wasm` | High
47 | File | `/WEB-INF/web.xml` | High
48 | File | `/WebInterface/UserManager/` | High
49 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
50 | File | `/wordpress/wp-admin/options-general.php` | High
51 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
52 | File | `ActivityRecord.java` | High
53 | ... | ... | ...
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 460 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

30
actors/FIN8/README.md
View File

@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* ...
There are 17 more country items available. Please use our online service to access the data.
There are 16 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -72,22 +72,22 @@ ID | Type | Indicator | Confidence
16 | File | `/fuel/index.php/fuel/logs/items` | High
17 | File | `/fuel/sitevariables/delete/4` | High
18 | File | `/goform/setmac` | High
19 | File | `/hprms/admin/doctors/manage_doctor.php` | High
20 | File | `/index/jobfairol/show/` | High
21 | File | `/librarian/bookdetails.php` | High
22 | File | `/manage-apartment.php` | High
23 | File | `/mgmt/tm/util/bash` | High
24 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
25 | File | `/pages/apply_vacancy.php` | High
26 | File | `/proc/<PID>/mem` | High
27 | File | `/proc/<pid>/status` | High
28 | File | `/public/plugins/` | High
29 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
30 | File | `/secure/QueryComponent!Default.jspa` | High
31 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
19 | File | `/goform/wizard_end` | High
20 | File | `/hprms/admin/doctors/manage_doctor.php` | High
21 | File | `/index/jobfairol/show/` | High
22 | File | `/librarian/bookdetails.php` | High
23 | File | `/manage-apartment.php` | High
24 | File | `/mgmt/tm/util/bash` | High
25 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
26 | File | `/pages/apply_vacancy.php` | High
27 | File | `/proc/<PID>/mem` | High
28 | File | `/proxy` | Low
29 | File | `/public/plugins/` | High
30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
31 | File | `/secure/QueryComponent!Default.jspa` | High
32 | ... | ... | ...
There are 271 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 275 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

36
actors/Fodcha/README.md
View File

@ -57,7 +57,7 @@ ID | Technique | Weakness | Description | Confidence
4 | T1059 | CWE-94 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 16 more TTP items available. Please use our online service to access the data.
There are 17 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -73,25 +73,25 @@ ID | Type | Indicator | Confidence
6 | File | `/debug/pprof` | Medium
7 | File | `/downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language` | High
8 | File | `/etc/ajenti/config.yml` | High
9 | File | `/horde/util/go.php` | High
10 | File | `/Items/*/RemoteImages/Download` | High
11 | File | `/main.php` | Medium
12 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
13 | File | `/new` | Low
14 | File | `/nova/bin/traceroute` | High
15 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
16 | File | `/phpcollab/users/emailusers.php` | High
17 | File | `/proc/sys/kernel/rh_features` | High
18 | File | `/product.php` | Medium
19 | File | `/public/common/umeditor/php/getcontent.php` | High
20 | File | `/service/upload` | High
21 | File | `/services/prefs.php` | High
22 | File | `/Site/Troubleshooting/DiagnosticReport.asp` | High
23 | File | `/sitemagic/index.php` | High
24 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
9 | File | `/Items/*/RemoteImages/Download` | High
10 | File | `/main.php` | Medium
11 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
12 | File | `/new` | Low
13 | File | `/nova/bin/traceroute` | High
14 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
15 | File | `/phpcollab/users/emailusers.php` | High
16 | File | `/proc/sys/kernel/rh_features` | High
17 | File | `/product.php` | Medium
18 | File | `/public/common/umeditor/php/getcontent.php` | High
19 | File | `/service/upload` | High
20 | File | `/services/prefs.php` | High
21 | File | `/Site/Troubleshooting/DiagnosticReport.asp` | High
22 | File | `/sitemagic/index.php` | High
23 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
24 | File | `/sub?target=%TARGET%&url=%URL%&config=%CONFIG%` | High
25 | ... | ... | ...
There are 214 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 212 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

35
actors/FritzFrog/README.md
View File

@ -346,21 +346,21 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/adfs/ls` | Medium
2 | File | `/admin/admin.php` | High
3 | File | `/api/v1/attack/token` | High
4 | File | `/api/v2/cli/commands` | High
5 | File | `/cgi-bin/kerbynet` | High
6 | File | `/cgi-bin/qcmap_auth` | High
7 | File | `/cgi-bin/wlogin.cgi` | High
8 | File | `/cmscp/ext/collect/fetch_url.do` | High
9 | File | `/CommunitySSORedirect.jsp` | High
10 | File | `/config/getuser` | High
11 | File | `/Content/Template/root/reverse-shell.aspx` | High
12 | File | `/crmeb/crmeb/services/UploadService.php` | High
13 | File | `/debug/pprof` | Medium
14 | File | `/diagnostic/editclient.php` | High
15 | File | `/etc/grafana/grafana.ini` | High
1 | File | `%ProgramData%\GOG.com` | High
2 | File | `/adfs/ls` | Medium
3 | File | `/admin/admin.php` | High
4 | File | `/api/v1/attack/token` | High
5 | File | `/api/v2/cli/commands` | High
6 | File | `/cgi-bin/kerbynet` | High
7 | File | `/cgi-bin/qcmap_auth` | High
8 | File | `/cgi-bin/wlogin.cgi` | High
9 | File | `/cmscp/ext/collect/fetch_url.do` | High
10 | File | `/CommunitySSORedirect.jsp` | High
11 | File | `/config/getuser` | High
12 | File | `/Content/Template/root/reverse-shell.aspx` | High
13 | File | `/crmeb/crmeb/services/UploadService.php` | High
14 | File | `/debug/pprof` | Medium
15 | File | `/diagnostic/editclient.php` | High
16 | File | `/filemanager/php/connector.php` | High
17 | File | `/foms/place-order.php` | High
18 | File | `/forum/away.php` | High
@ -381,10 +381,9 @@ ID | Type | Indicator | Confidence
33 | File | `/text/pdf/PdfReader.java` | High
34 | File | `/uncpath/` | Medium
35 | File | `/wp-admin/admin-ajax.php` | High
36 | File | `ActivityRecord.java` | High
37 | ... | ... | ...
36 | ... | ... | ...
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

29
actors/GRU/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [RU](https://vuldb.com/?country.ru)
* ...
There are 12 more country items available. Please use our online service to access the data.
There are 14 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 10 more TTP items available. Please use our online service to access the data.
There are 12 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -48,19 +48,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.htaccess` | Medium
2 | File | `/loginLess/../../etc/passwd` | High
3 | File | `/see_more_details.php` | High
4 | File | `/system/proxy` | High
5 | File | `/uncpath/` | Medium
6 | File | `accountancy/customer/card.php` | High
7 | File | `addentry.php` | Medium
8 | File | `add_comment.php` | High
9 | File | `admin.php` | Medium
10 | File | `admin/create-package.php` | High
11 | File | `content.php` | Medium
12 | ... | ... | ...
2 | File | `/admin/students/view_student.php` | High
3 | File | `/CommunitySSORedirect.jsp` | High
4 | File | `/loginLess/../../etc/passwd` | High
5 | File | `/see_more_details.php` | High
6 | File | `/system/proxy` | High
7 | File | `/uncpath/` | Medium
8 | File | `accountancy/customer/card.php` | High
9 | File | `addentry.php` | Medium
10 | File | `add_comment.php` | High
11 | File | `admin.php` | Medium
12 | File | `admin/create-package.php` | High
13 | ... | ... | ...
There are 92 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 100 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

7
actors/Gafgyt/README.md
View File

@ -21,7 +21,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [LI](https://vuldb.com/?country.li)
* ...
There are 3 more country items available. Please use our online service to access the data.
There are 4 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -66,9 +66,10 @@ ID | Type | Indicator | Confidence
8 | File | `/sm/api/v1/firewall/zone/services` | High
9 | File | `/usr/bin/pkexec` | High
10 | File | `admin/limits.php` | High
11 | ... | ... | ...
11 | File | `AjaxFileUploadHandler.axd` | High
12 | ... | ... | ...
There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 93 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

5
actors/Gamarue/README.md
View File

@ -96,9 +96,10 @@ ID | Type | Indicator | Confidence
29 | File | `admin.php` | Medium
30 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
31 | File | `admin/controller/pages/localisation/language.php` | High
32 | ... | ... | ...
32 | File | `admin/fm/` | Medium
33 | ... | ... | ...
There are 276 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 278 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

14
actors/Gelsemium/README.md
View File

@ -10,6 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [JP](https://vuldb.com/?country.jp)
## IOC - Indicator of Compromise
@ -18,7 +19,11 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [149.248.14.53](https://vuldb.com/?ip.149.248.14.53) | 149.248.14.53.vultr.com | - | Medium
2 | [210.209.72.180](https://vuldb.com/?ip.210.209.72.180) | - | - | High
2 | [202.182.123.185](https://vuldb.com/?ip.202.182.123.185) | 202.182.123.185.vultrusercontent.com | - | High
3 | [207.148.109.111](https://vuldb.com/?ip.207.148.109.111) | 207.148.109.111.vultrusercontent.com | - | High
4 | ... | ... | ... | ...
There are 1 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -31,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
3 | T1202 | CWE-77 | Command Injection | High
4 | ... | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
There are 2 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -41,15 +46,16 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/public/login.htm` | High
3 | File | `iesfootprint.jsp` | High
3 | File | `admin.php` | Medium
4 | ... | ... | ...
There are 3 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 14 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://community.blueliv.com/#!/s/62c2879682df417ed033135b
* https://github.com/eset/malware-ioc/tree/master/gelsemium
## Literature

48
actors/Germany Unknown/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [RU](https://vuldb.com/?country.ru)
* [SV](https://vuldb.com/?country.sv)
* ...
There are 19 more country items available. Please use our online service to access the data.
There are 20 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -3460,7 +3460,7 @@ ID | Technique | Weakness | Description | Confidence
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
6 | ... | ... | ... | ...
There are 19 more TTP items available. Please use our online service to access the data.
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -3475,30 +3475,30 @@ ID | Type | Indicator | Confidence
5 | File | `/admin/conferences/get-all-status/` | High
6 | File | `/admin/conferences/list/` | High
7 | File | `/admin/submit-articles` | High
8 | File | `/api/v1/attack/token` | High
9 | File | `/asms/admin/?page=user/manage_user` | High
8 | File | `/asms/admin/?page=user/manage_user` | High
9 | File | `/bsms_ci/index.php/book` | High
10 | File | `/category.php` | High
11 | File | `/classes/Master.php?f=delete_reservation` | High
12 | File | `/clients/profile` | High
13 | File | `/context/%2e/WEB-INF/web.xml` | High
14 | File | `/Core/Ap4File.cpp` | High
15 | File | `/crmeb/crmeb/services/UploadService.php` | High
16 | File | `/debug/pprof` | Medium
17 | File | `/dede/file_manage_control.php` | High
18 | File | `/FormLogin` | Medium
19 | File | `/forum/away.php` | High
20 | File | `/index.php` | Medium
21 | File | `/index/user/user_edit.html` | High
22 | File | `/lists/index.php` | High
23 | File | `/LogoStore/search.php` | High
24 | File | `/module/admin_bp/add_application.php` | High
25 | File | `/odlms/classes/Master.php?f=delete_message` | High
26 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
27 | File | `/php_action/editProductImage.php` | High
28 | File | `/proxy` | Low
11 | File | `/clients/profile` | High
12 | File | `/Core/Ap4File.cpp` | High
13 | File | `/crmeb/crmeb/services/UploadService.php` | High
14 | File | `/debug/pprof` | Medium
15 | File | `/dede/file_manage_control.php` | High
16 | File | `/FormLogin` | Medium
17 | File | `/forum/away.php` | High
18 | File | `/index.php` | Medium
19 | File | `/index/user/user_edit.html` | High
20 | File | `/lists/index.php` | High
21 | File | `/LogoStore/search.php` | High
22 | File | `/module/admin_bp/add_application.php` | High
23 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
24 | File | `/php_action/editProductImage.php` | High
25 | File | `/proc/<pid>/status` | High
26 | File | `/proxy` | Low
27 | File | `/register/abort` | High
28 | File | `/roomtype-details.php` | High
29 | ... | ... | ...
There are 248 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 242 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

81
actors/Gh0stRAT/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [VN](https://vuldb.com/?country.vn)
* ...
There are 12 more country items available. Please use our online service to access the data.
There are 10 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -100,7 +100,7 @@ ID | Technique | Weakness | Description | Confidence
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
@ -115,46 +115,45 @@ ID | Type | Indicator | Confidence
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/about.php` | Medium
3 | File | `/adfs/ls` | Medium
4 | File | `/admin/lab.php` | High
5 | File | `/admin/login.php` | High
6 | File | `/admin/students/view_student.php` | High
7 | File | `/admin/users_add.php` | High
8 | File | `/administration/settings_registration.php` | High
9 | File | `/api/` | Low
10 | File | `/appConfig/userDB.json` | High
11 | File | `/bd_genie_create_account.cgi` | High
12 | File | `/bin/httpd` | Medium
13 | File | `/c/macho_reader.c` | High
14 | File | `/cgi-bin/kerbynet` | High
15 | File | `/cgi-bin/wapopen` | High
16 | File | `/claire_blake` | High
17 | File | `/classes/Master.php?f=delete_appointment` | High
18 | File | `/cmscp/ext/collect/fetch_url.do` | High
19 | File | `/coreframe/app/attachment/admin/index.php` | High
20 | File | `/debug` | Low
21 | File | `/debug/pprof` | Medium
22 | File | `/defaultui/player/modern.html` | High
23 | File | `/etc/init0.d/S80telnetd.sh` | High
24 | File | `/etc/shadow.sample` | High
25 | File | `/foms/place-order.php` | High
26 | File | `/forum/away.php` | High
27 | File | `/goform/SetIpMacBind` | High
28 | File | `/goform/setmac` | High
29 | File | `/htdocs/utils/Files.php` | High
30 | File | `/jfinal_cms/system/role/list` | High
31 | File | `/librarian/edit_book_details.php` | High
32 | File | `/management/api/rcx_management/global_config_query` | High
33 | File | `/master/index.php` | High
34 | File | `/mkshop/Men/profile.php` | High
35 | File | `/modx/manager/` | High
36 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
37 | File | `/out.php` | Medium
38 | File | `/pages/faculty_sched.php` | High
39 | File | `/pages/processlogin.php` | High
40 | File | `/php_action/createUser.php` | High
41 | ... | ... | ...
4 | File | `/admin/fst_upload.inc.php` | High
5 | File | `/admin/lab.php` | High
6 | File | `/admin/login.php` | High
7 | File | `/admin/students/view_student.php` | High
8 | File | `/admin/users_add.php` | High
9 | File | `/administration/settings_registration.php` | High
10 | File | `/api/` | Low
11 | File | `/appConfig/userDB.json` | High
12 | File | `/authUserAction!edit.action` | High
13 | File | `/bd_genie_create_account.cgi` | High
14 | File | `/bin/httpd` | Medium
15 | File | `/c/macho_reader.c` | High
16 | File | `/cgi-bin/kerbynet` | High
17 | File | `/cgi-bin/wapopen` | High
18 | File | `/cgi-bin/webproc` | High
19 | File | `/claire_blake` | High
20 | File | `/classes/Master.php?f=delete_appointment` | High
21 | File | `/cmscp/ext/collect/fetch_url.do` | High
22 | File | `/coreframe/app/attachment/admin/index.php` | High
23 | File | `/debug` | Low
24 | File | `/debug/pprof` | Medium
25 | File | `/defaultui/player/modern.html` | High
26 | File | `/etc/init0.d/S80telnetd.sh` | High
27 | File | `/etc/shadow.sample` | High
28 | File | `/foms/place-order.php` | High
29 | File | `/forum/away.php` | High
30 | File | `/goform/SetIpMacBind` | High
31 | File | `/goform/setmac` | High
32 | File | `/htdocs/utils/Files.php` | High
33 | File | `/index.php?route=extension/module/so_filter_shop_by/filter_data` | High
34 | File | `/jfinal_cms/system/role/list` | High
35 | File | `/librarian/edit_book_details.php` | High
36 | File | `/management/api/rcx_management/global_config_query` | High
37 | File | `/master/index.php` | High
38 | File | `/mkshop/Men/profile.php` | High
39 | File | `/modx/manager/` | High
40 | ... | ... | ...
There are 354 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 342 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

59
actors/GreyEnergy/README.md
View File

@ -40,7 +40,8 @@ ID | Technique | Weakness | Description | Confidence
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | ... | ... | ... | ...
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
@ -56,36 +57,36 @@ ID | Type | Indicator | Confidence
4 | File | `/admin/dl_sendmail.php` | High
5 | File | `/ad_js.php` | Medium
6 | File | `/Ap4RtpAtom.cpp` | High
7 | File | `/app/options.py` | High
8 | File | `/bcms/admin/?page=user/list` | High
9 | File | `/bsms/?page=manage_account` | High
10 | File | `/cgi-bin/login.cgi` | High
11 | File | `/cgi-bin/luci/api/wireless` | High
12 | File | `/ci_hms/massage_room/edit/1` | High
13 | File | `/context/%2e/WEB-INF/web.xml` | High
14 | File | `/dashboard/reports/logs/view` | High
15 | File | `/debian/patches/load_ppp_generic_if_needed` | High
16 | File | `/debug/pprof` | Medium
17 | File | `/DXR.axd` | Medium
18 | File | `/etc/hosts` | Medium
19 | File | `/fuel/index.php/fuel/logs/items` | High
20 | File | `/fuel/sitevariables/delete/4` | High
21 | File | `/goform/setmac` | High
22 | File | `/goform/wizard_end` | High
23 | File | `/hprms/admin/doctors/manage_doctor.php` | High
24 | File | `/index/jobfairol/show/` | High
25 | File | `/InternalPages/ExecuteTask.aspx` | High
26 | File | `/librarian/bookdetails.php` | High
27 | File | `/manage-apartment.php` | High
28 | File | `/mgmt/tm/util/bash` | High
29 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
30 | File | `/opac/Actions.php?a=login` | High
31 | File | `/pages/apply_vacancy.php` | High
32 | File | `/php_action/editProductImage.php` | High
33 | File | `/proc/<PID>/mem` | High
7 | File | `/api/v2/cli/commands` | High
8 | File | `/app/options.py` | High
9 | File | `/bcms/admin/?page=user/list` | High
10 | File | `/bsms/?page=manage_account` | High
11 | File | `/cgi-bin/login.cgi` | High
12 | File | `/cgi-bin/luci/api/wireless` | High
13 | File | `/ci_hms/massage_room/edit/1` | High
14 | File | `/context/%2e/WEB-INF/web.xml` | High
15 | File | `/dashboard/reports/logs/view` | High
16 | File | `/debian/patches/load_ppp_generic_if_needed` | High
17 | File | `/debug/pprof` | Medium
18 | File | `/DXR.axd` | Medium
19 | File | `/etc/hosts` | Medium
20 | File | `/fuel/index.php/fuel/logs/items` | High
21 | File | `/fuel/sitevariables/delete/4` | High
22 | File | `/goform/setmac` | High
23 | File | `/goform/wizard_end` | High
24 | File | `/hprms/admin/doctors/manage_doctor.php` | High
25 | File | `/index/jobfairol/show/` | High
26 | File | `/InternalPages/ExecuteTask.aspx` | High
27 | File | `/librarian/bookdetails.php` | High
28 | File | `/manage-apartment.php` | High
29 | File | `/mgmt/tm/util/bash` | High
30 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
31 | File | `/opac/Actions.php?a=login` | High
32 | File | `/pages/apply_vacancy.php` | High
33 | File | `/php_action/editProductImage.php` | High
34 | ... | ... | ...
There are 292 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

73
actors/Grizzly Steppe/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [CN](https://vuldb.com/?country.cn)
* ...
There are 15 more country items available. Please use our online service to access the data.
There are 14 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -159,10 +159,10 @@ ID | Technique | Weakness | Description | Confidence
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80, CWE-84 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80, CWE-84, CWE-85 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 21 more TTP items available. Please use our online service to access the data.
There are 19 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -170,41 +170,40 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/about.php` | Medium
2 | File | `/action/import_https_cert_file/` | High
3 | File | `/Admin/add-student.php` | High
4 | File | `/admin/addemployee.php` | High
5 | File | `/admin/contact/list` | High
6 | File | `/admin/folderrollpicture/list` | High
7 | File | `/admin/imagealbum/list` | High
8 | File | `/admin/login.php` | High
9 | File | `/Admin/login.php` | High
10 | File | `/admin/subnets/ripe-query.php` | High
11 | File | `/advanced-tools/nova/bin/netwatch` | High
12 | File | `/api/v1/attack/token` | High
13 | File | `/bin/httpd` | Medium
14 | File | `/blog/edit` | Medium
15 | File | `/cgi-bin/cstecgi.cgi` | High
16 | File | `/cgi-bin/luci` | High
17 | File | `/cgi-bin/luci/api/wireless` | High
18 | File | `/cgi/get_param.cgi` | High
19 | File | `/college_website/index.php?` | High
20 | File | `/common/info.cgi` | High
21 | File | `/context/%2e/WEB-INF/web.xml` | High
22 | File | `/debug/pprof` | Medium
23 | File | `/dede/co_do.php` | High
24 | File | `/DesignTools/CssEditor.aspx` | High
25 | File | `/dev/mmz_userdev` | High
26 | File | `/dev/shm` | Medium
27 | File | `/ebics-server/ebics.aspx` | High
28 | File | `/egroupware/index.php` | High
29 | File | `/etc/openshift/server_priv.pem` | High
30 | File | `/etc/tomcat8/Catalina/attack` | High
31 | File | `/export` | Low
32 | File | `/filemanager/php/connector.php` | High
33 | ... | ... | ...
1 | File | `/action/import_https_cert_file/` | High
2 | File | `/Admin/add-student.php` | High
3 | File | `/Admin/login.php` | High
4 | File | `/admin/settings/save.php` | High
5 | File | `/admin/submit-articles` | High
6 | File | `/admin/subnets/ripe-query.php` | High
7 | File | `/admin/transactions/update_status.php` | High
8 | File | `/api/v1/attack/token` | High
9 | File | `/bin/httpd` | Medium
10 | File | `/cgi-bin/cstecgi.cgi` | High
11 | File | `/cgi-bin/luci` | High
12 | File | `/college_website/index.php?` | High
13 | File | `/common/info.cgi` | High
14 | File | `/context/%2e/WEB-INF/web.xml` | High
15 | File | `/debug/pprof` | Medium
16 | File | `/DesignTools/CssEditor.aspx` | High
17 | File | `/dev/mmz_userdev` | High
18 | File | `/dev/shm` | Medium
19 | File | `/ebics-server/ebics.aspx` | High
20 | File | `/egroupware/index.php` | High
21 | File | `/etc/openshift/server_priv.pem` | High
22 | File | `/etc/tomcat8/Catalina/attack` | High
23 | File | `/export` | Low
24 | File | `/filemanager/php/connector.php` | High
25 | File | `/garage/php_action/createBrand.php` | High
26 | File | `/goform/setmac` | High
27 | File | `/goform/wizard_end` | High
28 | File | `/hospital/hms/admin/patient-search.php` | High
29 | File | `/hrm/index.php?msg` | High
30 | File | `/hrm/state.php` | High
31 | File | `/images/background/1.php` | High
32 | ... | ... | ...
There are 281 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 272 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

108
actors/Groundhog/README.md
View File

@ -59,12 +59,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ... | ...
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 9 more TTP items available. Please use our online service to access the data.
There are 19 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -73,56 +75,54 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/.env` | Low
3 | File | `/.ssh/authorized_keys` | High
4 | File | `/admin.php?&m=Public&a=login` | High
5 | File | `/admin/default.asp` | High
6 | File | `/ajax/networking/get_netcfg.php` | High
7 | File | `/assets/ctx` | Medium
8 | File | `/checkLogin.cgi` | High
9 | File | `/cms/print.php` | High
10 | File | `/concat?/%2557EB-INF/web.xml` | High
11 | File | `/config/getuser` | High
12 | File | `/Content/Template/root/reverse-shell.aspx` | High
13 | File | `/data/remove` | Medium
14 | File | `/etc/ajenti/config.yml` | High
15 | File | `/etc/passwd` | Medium
16 | File | `/goform/telnet` | High
17 | File | `/goforms/rlminfo` | High
18 | File | `/login` | Low
19 | File | `/modules/profile/index.php` | High
20 | File | `/navigate/navigate_download.php` | High
21 | File | `/owa/auth/logon.aspx` | High
22 | File | `/p` | Low
23 | File | `/password.html` | High
24 | File | `/proc/ioports` | High
25 | File | `/property-list/property_view.php` | High
26 | File | `/ptms/classes/Users.php` | High
27 | File | `/rest` | Low
28 | File | `/rest/api/2/search` | High
29 | File | `/s/` | Low
30 | File | `/scripts/cpan_config` | High
31 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
32 | File | `/services/system/setup.json` | High
33 | File | `/ucms/index.php?do=list_edit` | High
34 | File | `/uncpath/` | Medium
35 | File | `/vloggers_merch/?p=view_product` | High
36 | File | `/webconsole/APIController` | High
37 | File | `/websocket/exec` | High
38 | File | `/wp-admin/admin-ajax.php` | High
39 | File | `/wp-json` | Medium
40 | File | `/wp-json/oembed/1.0/embed?url` | High
41 | File | `/_next` | Low
42 | File | `4.edu.php\conn\function.php` | High
43 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
44 | File | `actions/beats_uploader.php` | High
45 | File | `adclick.php` | Medium
46 | File | `addentry.php` | Medium
47 | File | `admin/admin.php` | High
48 | File | `admin/category.inc.php` | High
49 | ... | ... | ...
2 | File | `/.ssh/authorized_keys` | High
3 | File | `/admin.php?&m=Public&a=login` | High
4 | File | `/admin/default.asp` | High
5 | File | `/ajax/networking/get_netcfg.php` | High
6 | File | `/api/` | Low
7 | File | `/app/options.py` | High
8 | File | `/bin/httpd` | Medium
9 | File | `/cgi-bin/wapopen` | High
10 | File | `/ci_spms/admin/category` | High
11 | File | `/ci_spms/admin/search/searching/` | High
12 | File | `/classes/Master.php?f=delete_appointment` | High
13 | File | `/classes/Master.php?f=delete_train` | High
14 | File | `/cms/print.php` | High
15 | File | `/concat?/%2557EB-INF/web.xml` | High
16 | File | `/config/getuser` | High
17 | File | `/Content/Template/root/reverse-shell.aspx` | High
18 | File | `/dashboard/menu-list.php` | High
19 | File | `/data/remove` | Medium
20 | File | `/ffos/classes/Master.php?f=save_category` | High
21 | File | `/goforms/rlminfo` | High
22 | File | `/Items/*/RemoteImages/Download` | High
23 | File | `/management/api/rcx_management/global_config_query` | High
24 | File | `/modules/profile/index.php` | High
25 | File | `/navigate/navigate_download.php` | High
26 | File | `/ocwbs/admin/?page=user/manage_user` | High
27 | File | `/ofrs/admin/?page=user/manage_user` | High
28 | File | `/out.php` | Medium
29 | File | `/owa/auth/logon.aspx` | High
30 | File | `/password.html` | High
31 | File | `/php_action/fetchSelectedUser.php` | High
32 | File | `/proc/ioports` | High
33 | File | `/property-list/property_view.php` | High
34 | File | `/ptms/classes/Users.php` | High
35 | File | `/rest/api/2/search` | High
36 | File | `/s/` | Low
37 | File | `/scripts/cpan_config` | High
38 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
39 | File | `/services/system/setup.json` | High
40 | File | `/spip.php` | Medium
41 | File | `/tmp` | Low
42 | File | `/ucms/index.php?do=list_edit` | High
43 | File | `/uncpath/` | Medium
44 | File | `/vloggers_merch/?p=view_product` | High
45 | File | `/webconsole/APIController` | High
46 | File | `/websocket/exec` | High
47 | ... | ... | ...
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 404 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

61
actors/Hancitor/README.md
View File

@ -75,38 +75,37 @@ ID | Type | Indicator | Confidence
1 | File | `/../conf/config.properties` | High
2 | File | `/auth/session` | High
3 | File | `/card_scan.php` | High
4 | File | `/concat?/%2557EB-INF/web.xml` | High
5 | File | `/cwc/login` | Medium
6 | File | `/download` | Medium
7 | File | `/files.md5` | Medium
8 | File | `/forum/away.php` | High
9 | File | `/images/` | Medium
10 | File | `/inc/extensions.php` | High
11 | File | `/index.php` | Medium
12 | File | `/lists/index.php` | High
13 | File | `/login` | Low
14 | File | `/members/view_member.php` | High
15 | File | `/modules/profile/index.php` | High
16 | File | `/nova/bin/console` | High
17 | File | `/objects/getImageMP4.php` | High
18 | File | `/one_church/userregister.php` | High
19 | File | `/out.php` | Medium
20 | File | `/owa/auth/logon.aspx` | High
21 | File | `/public/plugins/` | High
22 | File | `/replication` | Medium
23 | File | `/req_password_user.php` | High
24 | File | `/SAP_Information_System/controllers/add_admin.php` | High
25 | File | `/SASWebReportStudio/logonAndRender.do` | High
26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
27 | File | `/secure/admin/ViewInstrumentation.jspa` | High
28 | File | `/secure/QueryComponent!Default.jspa` | High
29 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
30 | File | `/trx_addons/v2/get/sc_layout` | High
31 | File | `/uncpath/` | Medium
32 | File | `/usr/syno/etc/mount.conf` | High
33 | ... | ... | ...
4 | File | `/cgi-bin/wlogin.cgi` | High
5 | File | `/concat?/%2557EB-INF/web.xml` | High
6 | File | `/cwc/login` | Medium
7 | File | `/download` | Medium
8 | File | `/files.md5` | Medium
9 | File | `/forum/away.php` | High
10 | File | `/h/calendar` | Medium
11 | File | `/images/` | Medium
12 | File | `/inc/extensions.php` | High
13 | File | `/index.php` | Medium
14 | File | `/lists/index.php` | High
15 | File | `/login` | Low
16 | File | `/members/view_member.php` | High
17 | File | `/modules/profile/index.php` | High
18 | File | `/nova/bin/console` | High
19 | File | `/nova/bin/detnet` | High
20 | File | `/objects/getImageMP4.php` | High
21 | File | `/one_church/userregister.php` | High
22 | File | `/out.php` | Medium
23 | File | `/owa/auth/logon.aspx` | High
24 | File | `/public/plugins/` | High
25 | File | `/replication` | Medium
26 | File | `/req_password_user.php` | High
27 | File | `/SAP_Information_System/controllers/add_admin.php` | High
28 | File | `/SASWebReportStudio/logonAndRender.do` | High
29 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
30 | File | `/secure/admin/ViewInstrumentation.jspa` | High
31 | File | `/secure/QueryComponent!Default.jspa` | High
32 | ... | ... | ...
There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 273 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Hive/README.md
View File

@ -68,7 +68,7 @@ ID | Type | Indicator | Confidence
15 | File | `/sbin/acos_service` | High
16 | ... | ... | ...
There are 129 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 130 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

46
actors/Inception/README.md
View File

@ -61,29 +61,31 @@ ID | Type | Indicator | Confidence
4 | File | `/admin/?page=user/manage_user` | High
5 | File | `/admin/changestock.php` | High
6 | File | `/admin/client_edit.php` | High
7 | File | `/admin/index.PHP` | High
8 | File | `/Admin/login.php` | High
9 | File | `/admin/modify.php` | High
10 | File | `/admin/myaccount` | High
11 | File | `/admin/pages/sections_save.php` | High
12 | File | `/admin/search.php` | High
13 | File | `/admin/select.php` | High
14 | File | `/admin/sendmailto.php?tomail=&groupid=` | High
15 | File | `/admin/settings/fields` | High
16 | File | `/api/v1/chat.getThreadsList` | High
17 | File | `/api/v2/cli/commands` | High
18 | File | `/api/v2/open/rowsInfo` | High
19 | File | `/asan/asan_interceptors_memintrinsics.cpp` | High
20 | File | `/asms/admin/?page=user/manage_user` | High
21 | File | `/card/in-card.php` | High
22 | File | `/classes/Master.php?f=delete_student` | High
23 | File | `/connectors/index.php` | High
24 | File | `/csms/admin/?page=system_info` | High
25 | File | `/etc/init0.d/S80telnetd.sh` | High
26 | File | `/etc/srapi/config/system.conf` | High
27 | ... | ... | ...
7 | File | `/Admin/login.php` | High
8 | File | `/admin/modify.php` | High
9 | File | `/admin/myaccount` | High
10 | File | `/admin/pages/sections_save.php` | High
11 | File | `/admin/search.php` | High
12 | File | `/admin/select.php` | High
13 | File | `/admin/settings/fields` | High
14 | File | `/api/v1/chat.getThreadsList` | High
15 | File | `/api/v2/cli/commands` | High
16 | File | `/api/v2/open/rowsInfo` | High
17 | File | `/asms/admin/?page=user/manage_user` | High
18 | File | `/card/in-card.php` | High
19 | File | `/classes/Master.php?f=delete_student` | High
20 | File | `/connectors/index.php` | High
21 | File | `/csms/admin/?page=system_info` | High
22 | File | `/etc/init0.d/S80telnetd.sh` | High
23 | File | `/etc/srapi/config/system.conf` | High
24 | File | `/framework/core/models/expConfig.php` | High
25 | File | `/framework/modules/core/controllers/expHTMLEditorController.php` | High
26 | File | `/fw.login.php` | High
27 | File | `/garage/php_action/createBrand.php` | High
28 | File | `/goform/form2WizardStep54` | High
29 | ... | ... | ...
There are 229 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 246 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

54
actors/Iron/README.md
View File

@ -15,8 +15,8 @@ The following _campaigns_ are known and can be associated with Iron:
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Iron:
* [ES](https://vuldb.com/?country.es)
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* ...
There are 2 more country items available. Please use our online service to access the data.
@ -61,36 +61,36 @@ ID | Type | Indicator | Confidence
3 | File | `/account/login` | High
4 | File | `/adherents/note.php?id=1` | High
5 | File | `/admin/ajax.php` | High
6 | File | `/Api/ASF` | Medium
7 | File | `/cgi-bin/cgiServer.exx` | High
8 | File | `/cgi?1&5` | Medium
9 | File | `/clients/editclient.php` | High
10 | File | `/CommunitySSORedirect.jsp` | High
11 | File | `/ctpms/admin/?page=applications/view_application` | High
12 | File | `/dl/dl_sendmail.php` | High
13 | File | `/formStaticDHCP` | High
14 | File | `/formVirtualApp` | High
15 | File | `/formVirtualServ` | High
16 | File | `/goform/rlmswitchr_process` | High
17 | File | `/goforms/rlminfo` | High
18 | File | `/include/make.php` | High
19 | File | `/jsonrpc` | Medium
20 | File | `/magnoliaAuthor/.magnolia/` | High
21 | File | `/master/core/PostHandler.php` | High
22 | File | `/medianet/sgcontentset.aspx` | High
23 | File | `/Nodes-Traffic.php` | High
24 | File | `/proc/pid/syscall` | High
25 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
26 | File | `/rss.xml` | Medium
27 | File | `/settings/profile` | High
28 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c` | High
29 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
6 | File | `/Admin/dashboard.php` | High
7 | File | `/Api/ASF` | Medium
8 | File | `/cgi-bin/cgiServer.exx` | High
9 | File | `/cgi?1&5` | Medium
10 | File | `/clients/editclient.php` | High
11 | File | `/CommunitySSORedirect.jsp` | High
12 | File | `/ctpms/admin/?page=applications/view_application` | High
13 | File | `/dl/dl_sendmail.php` | High
14 | File | `/formStaticDHCP` | High
15 | File | `/formVirtualApp` | High
16 | File | `/formVirtualServ` | High
17 | File | `/goform/form2WizardStep4` | High
18 | File | `/goform/rlmswitchr_process` | High
19 | File | `/goforms/rlminfo` | High
20 | File | `/include/make.php` | High
21 | File | `/jsonrpc` | Medium
22 | File | `/magnoliaAuthor/.magnolia/` | High
23 | File | `/master/core/PostHandler.php` | High
24 | File | `/medianet/sgcontentset.aspx` | High
25 | File | `/Nodes-Traffic.php` | High
26 | File | `/php-sms/classes/Master.php?f=save_quote` | High
27 | File | `/proc/pid/syscall` | High
28 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
29 | File | `/settings/profile` | High
30 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c` | High
31 | File | `/sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c` | High
32 | File | `/tmp/swhks.pid` | High
32 | File | `/system/sshkeys.js` | High
33 | ... | ... | ...
There are 279 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/KillSomeOne/README.md
View File

@ -44,7 +44,7 @@ ID | Type | Indicator | Confidence
3 | File | `assets/add/registrar-accounts.php` | High
4 | ... | ... | ...
There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 25 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

7
actors/Konni/README.md
View File

@ -30,7 +30,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1600 | CWE-311 | Cryptographic Issues | High
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
3 | T1592 | CWE-200 | Configuration | High
4 | ... | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack

2
actors/Koobface/README.md
View File

@ -69,7 +69,7 @@ ID | Type | Indicator | Confidence
6 | File | `class.cs_phpmailer.php` | High
7 | ... | ... | ...
There are 45 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 47 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

97
actors/Kuluoz/README.md
View File

@ -4,56 +4,48 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.kuluoz](https://vuldb.com/?actor.kuluoz)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kuluoz:
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [CA](https://vuldb.com/?country.ca)
* ...
There are 4 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Kuluoz.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [13.32.208.34](https://vuldb.com/?ip.13.32.208.34) | server-13-32-208-34.iad66.r.cloudfront.net | - | High
2 | [37.26.108.41](https://vuldb.com/?ip.37.26.108.41) | - | - | High
3 | [37.59.24.98](https://vuldb.com/?ip.37.59.24.98) | ns3043472.ip-37-59-24.eu | - | High
4 | [62.75.143.211](https://vuldb.com/?ip.62.75.143.211) | static-ip-62-75-143-211.inaddr.ip-pool.com | - | High
5 | [64.76.19.249](https://vuldb.com/?ip.64.76.19.249) | boromir.mauriciofrappa.com.ar | - | High
6 | [64.91.226.48](https://vuldb.com/?ip.64.91.226.48) | - | - | High
7 | [65.181.127.125](https://vuldb.com/?ip.65.181.127.125) | pentos.yahomail.today | - | High
8 | [69.64.32.247](https://vuldb.com/?ip.69.64.32.247) | dragon324.dedicatedpanel.com | - | High
9 | ... | ... | ... | ...
1 | [5.79.6.80](https://vuldb.com/?ip.5.79.6.80) | - | - | High
2 | [5.175.166.35](https://vuldb.com/?ip.5.175.166.35) | - | - | High
3 | [5.231.54.233](https://vuldb.com/?ip.5.231.54.233) | skyfte.christmasnovember.com | - | High
4 | [5.249.139.132](https://vuldb.com/?ip.5.249.139.132) | estro-studio.com | - | High
5 | [13.32.208.34](https://vuldb.com/?ip.13.32.208.34) | server-13-32-208-34.iad66.r.cloudfront.net | - | High
6 | [16.156.201.237](https://vuldb.com/?ip.16.156.201.237) | - | - | High
7 | [31.47.250.41](https://vuldb.com/?ip.31.47.250.41) | vadmin180.configcenter.info | - | High
8 | [31.186.5.20](https://vuldb.com/?ip.31.186.5.20) | - | - | High
9 | [37.26.108.41](https://vuldb.com/?ip.37.26.108.41) | - | - | High
10 | [37.35.107.208](https://vuldb.com/?ip.37.35.107.208) | incmalta.com | - | High
11 | [37.59.24.98](https://vuldb.com/?ip.37.59.24.98) | ns3043472.ip-37-59-24.eu | - | High
12 | [37.59.82.218](https://vuldb.com/?ip.37.59.82.218) | - | - | High
13 | [37.59.212.214](https://vuldb.com/?ip.37.59.212.214) | - | - | High
14 | [46.4.105.170](https://vuldb.com/?ip.46.4.105.170) | static.170.105.4.46.clients.your-server.de | - | High
15 | [46.55.222.24](https://vuldb.com/?ip.46.55.222.24) | - | - | High
16 | [46.105.117.13](https://vuldb.com/?ip.46.105.117.13) | ns349046.ip-46-105-117.eu | - | High
17 | [50.56.124.35](https://vuldb.com/?ip.50.56.124.35) | 50-56-124-35.static.cloud-ips.com | - | High
18 | [50.57.99.160](https://vuldb.com/?ip.50.57.99.160) | 50-57-99-160.static.cloud-ips.com | - | High
19 | [50.57.139.41](https://vuldb.com/?ip.50.57.139.41) | 50-57-139-41.static.cloud-ips.com | - | High
20 | [58.83.159.94](https://vuldb.com/?ip.58.83.159.94) | - | - | High
21 | [62.75.143.211](https://vuldb.com/?ip.62.75.143.211) | static-ip-62-75-143-211.inaddr.ip-pool.com | - | High
22 | [62.75.188.224](https://vuldb.com/?ip.62.75.188.224) | static-ip-62-75-188-224.inaddr.ip-pool.com | - | High
23 | [62.112.157.126](https://vuldb.com/?ip.62.112.157.126) | - | - | High
24 | [64.76.19.249](https://vuldb.com/?ip.64.76.19.249) | boromir.mauriciofrappa.com.ar | - | High
25 | [64.91.226.48](https://vuldb.com/?ip.64.91.226.48) | - | - | High
26 | [64.128.16.144](https://vuldb.com/?ip.64.128.16.144) | sahajmarg.info | - | High
27 | [65.181.127.125](https://vuldb.com/?ip.65.181.127.125) | pentos.yahomail.today | - | High
28 | [66.45.253.250](https://vuldb.com/?ip.66.45.253.250) | lyndsey.interserver.net | - | High
29 | [67.18.12.2](https://vuldb.com/?ip.67.18.12.2) | go.phpwebhosting.com | - | High
30 | [67.231.22.199](https://vuldb.com/?ip.67.231.22.199) | server5.acuitytec.com | - | High
31 | [69.64.32.247](https://vuldb.com/?ip.69.64.32.247) | dragon324.dedicatedpanel.com | - | High
32 | [69.64.36.244](https://vuldb.com/?ip.69.64.36.244) | colossus820.dedicatedpanel.com | - | High
33 | [69.93.231.252](https://vuldb.com/?ip.69.93.231.252) | fc.e7.5d45.static.theplanet.com | - | High
34 | ... | ... | ... | ...
There are 32 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Kuluoz_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Kuluoz. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `bacdcode.c` | Medium
2 | File | `cgi-bin/webfile_mgr.cgi` | High
3 | File | `data/gbconfiguration.dat` | High
4 | ... | ... | ...
There are 14 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 134 more IOC items available. Please use our online service to access the data.
## References
@ -61,9 +53,28 @@ The following list contains _external sources_ which discuss the actor and the a
* https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html
* https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
* https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
* https://blog.talosintelligence.com/2020/01/threat-roundup-0124-0131.html
* https://blog.talosintelligence.com/2020/04/threat-roundup-0326-0403.html
* https://blog.talosintelligence.com/2020/04/threat-roundup-0417-0424.html
* https://blog.talosintelligence.com/2020/05/threat-roundup-0424-0501.html
* https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html
* https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html
* https://blog.talosintelligence.com/2020/06/threat-roundup-0605-0612.html
* https://blog.talosintelligence.com/2020/07/threat-roundup-0724-0731.html
* https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
* https://blog.talosintelligence.com/2020/09/threat-roundup-0828-0904.html
* https://blog.talosintelligence.com/2020/11/threat-roundup-1106-1113.html
* https://blog.talosintelligence.com/2021/08/threat-roundup-0806-0813.html
* https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
* https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
* https://blog.talosintelligence.com/2022/04/threat-roundup-0422-0429.html
* https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
* https://blog.talosintelligence.com/2022/06/threat-roundup-0617-0624.html
* https://blog.talosintelligence.com/2022/08/threat-roundup-0812-0819.html
* https://blog.talosintelligence.com/2022/09/threat-roundup-0909-0916.html
* https://blog.talosintelligence.com/2022/10/threat-roundup-0930-1007.html
* https://blog.talosintelligence.com/2022/10/threat-roundup-1007-1014.html
## Literature

2
actors/Lapsus/README.md
View File

@ -60,7 +60,7 @@ ID | Type | Indicator | Confidence
14 | File | `admin/import/class-import-settings.php` | High
15 | ... | ... | ...
There are 116 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 118 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

48
actors/Lazarus/README.md
View File

@ -26,7 +26,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* ...
There are 7 more country items available. Please use our online service to access the data.
There are 8 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -270,13 +270,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
5 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
There are 17 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -284,30 +283,33 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/adfs/ls` | Medium
1 | File | `/admin.php/Admin/adminadd.html` | High
2 | File | `/admin/controller/JobLogController.java` | High
3 | File | `/Admin/dashboard.php` | High
4 | File | `/admin/problem_judge.php` | High
5 | File | `/admin/store.php` | High
6 | File | `/api/user/password/sent-reset-email` | High
7 | File | `/api/v2/cli/commands` | High
8 | File | `/asms/admin/mechanics/manage_mechanic.php` | High
9 | File | `/asms/classes/Master.php?f=delete_mechanic` | High
10 | File | `/asms/classes/Master.php?f=delete_service` | High
11 | File | `/balance/service/list` | High
12 | File | `/classes/Master.php?f=delete_appointment` | High
5 | File | `/api/user/password/sent-reset-email` | High
6 | File | `/api/v2/cli/commands` | High
7 | File | `/asms/admin/mechanics/manage_mechanic.php` | High
8 | File | `/asms/classes/Master.php?f=delete_mechanic` | High
9 | File | `/asms/classes/Master.php?f=delete_service` | High
10 | File | `/bsms_ci/index.php` | High
11 | File | `/bsms_ci/index.php/book` | High
12 | File | `/bsms_ci/index.php/user/edit_user/` | High
13 | File | `/diag_ping_admin.asp` | High
14 | File | `/diag_tracert_admin.asp` | High
15 | File | `/FormLogin` | Medium
16 | File | `/goform/wizard_end` | High
17 | File | `/lilac/main.php` | High
18 | File | `/module/report_event/index.php` | High
19 | File | `/out.php` | Medium
20 | File | `/php-sms/classes/Master.php?f=save_quote` | High
21 | File | `/plugin/getList` | High
22 | ... | ... | ...
15 | File | `/face-recognition-php/facepay-master/camera.php` | High
16 | File | `/FormLogin` | Medium
17 | File | `/goform/wizard_end` | High
18 | File | `/gpac/src/bifs/unquantize.c` | High
19 | File | `/hrm/controller/employee.php` | High
20 | File | `/index/user/user_edit.html` | High
21 | File | `/login.php` | Medium
22 | File | `/Member/memberedit.html` | High
23 | File | `/pages/processlogin.php` | High
24 | File | `/product/savenewproduct.php?flag=1` | High
25 | ... | ... | ...
There are 179 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 214 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

72
actors/Lemon Duck/README.md
View File

@ -58,7 +58,7 @@ ID | Technique | Weakness | Description | Confidence
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 20 more TTP items available. Please use our online service to access the data.
There are 21 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -66,46 +66,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.python-version` | High
2 | File | `/admin/conferences/list/` | High
3 | File | `/admin/inc/include.php` | High
4 | File | `/admin/index.php` | High
1 | File | `.FBCIndex` | Medium
2 | File | `/Admin/add-student.php` | High
3 | File | `/admin/admin.php` | High
4 | File | `/admin/conferences/list/` | High
5 | File | `/admin/index.PHP` | High
6 | File | `/admin/sendmailto.php?tomail=&groupid=` | High
7 | File | `/advanced-tools/nova/bin/netwatch` | High
8 | File | `/alarm_pi/alarmService.php` | High
9 | File | `/app/controller/Books.php` | High
10 | File | `/appliance/users?action=edit` | High
11 | File | `/bin/login` | Medium
12 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
13 | File | `/catcompany.php` | High
14 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
15 | File | `/cgi-bin/kerbynet` | High
16 | File | `/cgi-bin/luci/api/wireless` | High
17 | File | `/cgi-bin/qcmap_auth` | High
18 | File | `/cgi-bin/wlogin.cgi` | High
19 | File | `/coreframe/app/pay/admin/index.php` | High
20 | File | `/debug/pprof` | Medium
21 | File | `/editbrand.php` | High
22 | File | `/etc/shadow` | Medium
23 | File | `/EXCU_SHELL` | Medium
24 | File | `/forum/away.php` | High
25 | File | `/h/search?action` | High
26 | File | `/home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf` | High
27 | File | `/index.php?action=seomatic/file/seo-file-link` | High
28 | File | `/language/lang` | High
29 | File | `/leave_system/classes/Master.php?f=delete_application` | High
30 | File | `/loginsave.php` | High
31 | File | `/loginVaLidation.php` | High
32 | File | `/MicroStrategyWS/happyaxis.jsp` | High
33 | File | `/modules/projects/vw_files.php` | High
34 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
35 | File | `/ows-bin` | Medium
36 | File | `/phpinventory/editcategory.php` | High
37 | File | `/rest/collectors/1.0/template/custom` | High
38 | ... | ... | ...
7 | File | `/admin/update_traveller.php` | High
8 | File | `/advanced-tools/nova/bin/netwatch` | High
9 | File | `/cameras/XXXX/clips` | High
10 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
11 | File | `/cgi-bin/kerbynet` | High
12 | File | `/cgi-bin/qcmap_auth` | High
13 | File | `/cgi-bin/wlogin.cgi` | High
14 | File | `/CommunitySSORedirect.jsp` | High
15 | File | `/Content/Template/root/reverse-shell.aspx` | High
16 | File | `/debug/pprof` | Medium
17 | File | `/diagnostic/editclient.php` | High
18 | File | `/editbrand.php` | High
19 | File | `/etc/sudoers` | Medium
20 | File | `/EXCU_SHELL` | Medium
21 | File | `/filemanager/php/connector.php` | High
22 | File | `/forum/away.php` | High
23 | File | `/index.php?module=global_lists/lists` | High
24 | File | `/leave_system/classes/Master.php?f=delete_application` | High
25 | File | `/okm:root` | Medium
26 | File | `/opt/onedev/sites/` | High
27 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
28 | File | `/out.php` | Medium
29 | File | `/phpinventory/editcategory.php` | High
30 | File | `/public_html/animals` | High
31 | File | `/secure/QueryComponent!Default.jspa` | High
32 | File | `/sqfs/bin/sccd` | High
33 | File | `/text/pdf/PdfReader.java` | High
34 | ... | ... | ...
There are 328 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

13
actors/LockBit/README.md
View File

@ -58,13 +58,14 @@ ID | Type | Indicator | Confidence
8 | File | `/spip.php` | Medium
9 | File | `/student/bookdetails.php` | High
10 | File | `/uncpath/` | Medium
11 | File | `adclick.php` | Medium
12 | File | `agent/Core/Controller/SendRequest.cpp` | High
13 | File | `api_poller.php` | High
14 | File | `arformcontroller.php` | High
15 | ... | ... | ...
11 | File | `/wp-admin/admin-ajax.php` | High
12 | File | `adclick.php` | Medium
13 | File | `agent/Core/Controller/SendRequest.cpp` | High
14 | File | `api_poller.php` | High
15 | File | `arformcontroller.php` | High
16 | ... | ... | ...
There are 122 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 127 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

7
actors/Locky/README.md
View File

@ -10,7 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [RU](https://vuldb.com/?country.ru)
* [UA](https://vuldb.com/?country.ua)
* [PL](https://vuldb.com/?country.pl)
* ...
There are 1 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -53,7 +56,7 @@ ID | Type | Indicator | Confidence
6 | File | `data/gbconfiguration.dat` | High
7 | ... | ... | ...
There are 48 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 49 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

68
actors/LokiBot/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [VN](https://vuldb.com/?country.vn)
* ...
There are 18 more country items available. Please use our online service to access the data.
There are 17 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -127,43 +127,43 @@ ID | Type | Indicator | Confidence
1 | File | `//proc/kcore` | Medium
2 | File | `/about.php` | Medium
3 | File | `/adfs/ls` | Medium
4 | File | `/Admin/add-student.php` | High
5 | File | `/admin/users_add.php` | High
6 | File | `/administration/settings_registration.php` | High
7 | File | `/ad_js.php` | Medium
8 | File | `/appConfig/userDB.json` | High
9 | File | `/bd_genie_create_account.cgi` | High
10 | File | `/c/macho_reader.c` | High
11 | File | `/cgi-bin/luci/api/wireless` | High
12 | File | `/claire_blake` | High
13 | File | `/context/%2e/WEB-INF/web.xml` | High
14 | File | `/dashboard/reports/logs/view` | High
15 | File | `/debian/patches/load_ppp_generic_if_needed` | High
16 | File | `/debug/pprof` | Medium
17 | File | `/defaultui/player/modern.html` | High
18 | File | `/etc/hosts` | Medium
4 | File | `/admin.php/Admin/adminadd.html` | High
5 | File | `/Admin/add-student.php` | High
6 | File | `/admin/settings/save.php` | High
7 | File | `/admin/users_add.php` | High
8 | File | `/administration/settings_registration.php` | High
9 | File | `/ad_js.php` | Medium
10 | File | `/appConfig/userDB.json` | High
11 | File | `/bd_genie_create_account.cgi` | High
12 | File | `/c/macho_reader.c` | High
13 | File | `/cgi-bin/luci/api/wireless` | High
14 | File | `/claire_blake` | High
15 | File | `/context/%2e/WEB-INF/web.xml` | High
16 | File | `/debian/patches/load_ppp_generic_if_needed` | High
17 | File | `/debug/pprof` | Medium
18 | File | `/defaultui/player/modern.html` | High
19 | File | `/etc/init0.d/S80telnetd.sh` | High
20 | File | `/etc/shadow.sample` | High
21 | File | `/foms/place-order.php` | High
22 | File | `/forum/away.php` | High
23 | File | `/ghost/preview` | High
24 | File | `/goform/SetIpMacBind` | High
25 | File | `/goform/setmac` | High
26 | File | `/goform/wizard_end` | High
27 | File | `/htdocs/utils/Files.php` | High
28 | File | `/index.asp` | Medium
29 | File | `/jfinal_cms/system/role/list` | High
30 | File | `/librarian/edit_book_details.php` | High
31 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
32 | File | `/manage-apartment.php` | High
33 | File | `/master/index.php` | High
34 | File | `/mkshop/Men/profile.php` | High
35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
36 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
37 | File | `/pages/apply_vacancy.php` | High
38 | File | `/pages/faculty_sched.php` | High
39 | File | `/pages/processlogin.php` | High
40 | File | `/php_action/createUser.php` | High
23 | File | `/goform/SetIpMacBind` | High
24 | File | `/goform/setmac` | High
25 | File | `/goform/wizard_end` | High
26 | File | `/htdocs/utils/Files.php` | High
27 | File | `/index.asp` | Medium
28 | File | `/jfinal_cms/system/role/list` | High
29 | File | `/librarian/edit_book_details.php` | High
30 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
31 | File | `/manage-apartment.php` | High
32 | File | `/master/index.php` | High
33 | File | `/mkshop/Men/profile.php` | High
34 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
35 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
36 | File | `/pages/apply_vacancy.php` | High
37 | File | `/pages/faculty_sched.php` | High
38 | File | `/pages/processlogin.php` | High
39 | File | `/php_action/createUser.php` | High
40 | File | `/proxy` | Low
41 | ... | ... | ...
There are 351 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

30
actors/Lotus Blossom/README.md
View File

@ -66,20 +66,20 @@ ID | Type | Indicator | Confidence
3 | File | `/etc/ajenti/config.yml` | High
4 | File | `/goform/telnet` | High
5 | File | `/modules/profile/index.php` | High
6 | File | `/php/init.poll.php` | High
7 | File | `/rom-0` | Low
8 | File | `/tmp/phpglibccheck` | High
9 | File | `/uncpath/` | Medium
10 | File | `/var/tmp/sess_*` | High
11 | File | `/vmi/manager/engine/management/commands/apns_worker.py` | High
12 | File | `action.php` | Medium
13 | File | `actionphp/download.File.php` | High
14 | File | `add_comment.php` | High
15 | File | `admin/admin.php` | High
16 | File | `admin/content.php` | High
17 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
18 | File | `admin/memberviewdetails.php` | High
19 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
6 | File | `/rom-0` | Low
7 | File | `/tmp/phpglibccheck` | High
8 | File | `/uncpath/` | Medium
9 | File | `/var/tmp/sess_*` | High
10 | File | `/vmi/manager/engine/management/commands/apns_worker.py` | High
11 | File | `action.php` | Medium
12 | File | `actionphp/download.File.php` | High
13 | File | `add_comment.php` | High
14 | File | `admin/admin.php` | High
15 | File | `admin/content.php` | High
16 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
17 | File | `admin/memberviewdetails.php` | High
18 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
19 | File | `admin_gallery.php3` | High
20 | File | `affich.php` | Medium
21 | File | `agent/Core/Controller/SendRequest.cpp` | High
22 | File | `akeyActivationLogin.do` | High
@ -111,7 +111,7 @@ ID | Type | Indicator | Confidence
48 | File | `details_view.php` | High
49 | ... | ... | ...
There are 428 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 424 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

12
actors/Lyceum/README.md
View File

@ -93,12 +93,12 @@ ID | Type | Indicator | Confidence
36 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
37 | File | `/services/system/setup.json` | High
38 | File | `/spip.php` | Medium
39 | File | `/uncpath/` | Medium
40 | File | `/vloggers_merch/?p=view_product` | High
41 | File | `/webconsole/APIController` | High
42 | File | `/websocket/exec` | High
43 | File | `/whbs/?page=my_bookings` | High
44 | File | `/wp-content/plugins/updraftplus/admin.php` | High
39 | File | `/tmp` | Low
40 | File | `/uncpath/` | Medium
41 | File | `/vloggers_merch/?p=view_product` | High
42 | File | `/webconsole/APIController` | High
43 | File | `/websocket/exec` | High
44 | File | `/whbs/?page=my_bookings` | High
45 | ... | ... | ...
There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

51
actors/Magecart/README.md
View File

@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [RU](https://vuldb.com/?country.ru)
* [CN](https://vuldb.com/?country.cn)
* [SV](https://vuldb.com/?country.sv)
* [PT](https://vuldb.com/?country.pt)
* ...
There are 13 more country items available. Please use our online service to access the data.
@ -50,7 +50,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
@ -69,33 +69,38 @@ ID | Type | Indicator | Confidence
2 | File | `/action/import_cert_file/` | High
3 | File | `/action/import_wireguard_cert_file/` | High
4 | File | `/admin/?page=user/manage_user` | High
5 | File | `/admin/group` | Medium
6 | File | `/admin/profile.php` | High
7 | File | `/admin/question/edit` | High
8 | File | `/api/crontab` | Medium
9 | File | `/api/programs/orgUnits?programs` | High
10 | File | `/api/trackedEntityInstances` | High
11 | File | `/appointments/manage_appointment.php` | High
12 | File | `/asms/admin/services/manage_service.php` | High
13 | File | `/balance/service/list` | High
14 | File | `/context/%2e/WEB-INF/web.xml` | High
15 | File | `/csms/?page=contact_us` | High
16 | File | `/debug/pprof` | Medium
17 | File | `/editorder.php` | High
18 | File | `/etc/gsissh/sshd_config` | High
19 | File | `/garage/editorder.php` | High
20 | File | `/git-prereceive-callback` | High
21 | File | `/goform/addWifiMacFilter` | High
22 | File | `/goform/formSetDeviceName` | High
23 | File | `/goform/SetFirewallCfg` | High
5 | File | `/admin/edit_members.php` | High
6 | File | `/admin/group` | Medium
7 | File | `/admin/submit-articles` | High
8 | File | `/admin/users/index.php` | High
9 | File | `/api/crontab` | Medium
10 | File | `/api/programs/orgUnits?programs` | High
11 | File | `/api/trackedEntityInstances` | High
12 | File | `/appointments/manage_appointment.php` | High
13 | File | `/asms/admin/services/manage_service.php` | High
14 | File | `/aux` | Low
15 | File | `/balance/service/list` | High
16 | File | `/context/%2e/WEB-INF/web.xml` | High
17 | File | `/debug/pprof` | Medium
18 | File | `/dev/zero` | Medium
19 | File | `/editorder.php` | High
20 | File | `/etc/gsissh/sshd_config` | High
21 | File | `/event/admin/?page=user/list` | High
22 | File | `/garage/editorder.php` | High
23 | File | `/goform/SetIpMacBind` | High
24 | File | `/goform/WanParameterSetting` | High
25 | File | `/goform/wizard_end` | High
26 | File | `/Hospital-Management-System-master/func.php` | High
27 | File | `/hrm/index.php?msg` | High
28 | File | `/index.php?module=global_lists/lists` | High
29 | ... | ... | ...
29 | File | `/languages/index.php` | High
30 | File | `/linkedcontent/listfiles.php` | High
31 | File | `/mgm_dev_upgrade.asp` | High
32 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
33 | File | `/myAccount` | Medium
34 | ... | ... | ...
There are 247 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 290 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

61
actors/Mars Stealer/README.md
View File

@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mars Stealer:
* [US](https://vuldb.com/?country.us)
* [IT](https://vuldb.com/?country.it)
* [JP](https://vuldb.com/?country.jp)
* [DE](https://vuldb.com/?country.de)
* [RU](https://vuldb.com/?country.ru)
* ...
There are 5 more country items available. Please use our online service to access the data.
There are 14 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -23,10 +23,19 @@ ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.45.84.214](https://vuldb.com/?ip.5.45.84.214) | - | - | High
2 | [5.63.155.126](https://vuldb.com/?ip.5.63.155.126) | 5-63-155-126.cloudvps.regruhosting.ru | - | High
3 | [66.29.142.232](https://vuldb.com/?ip.66.29.142.232) | - | - | High
4 | ... | ... | ... | ...
3 | [5.181.80.130](https://vuldb.com/?ip.5.181.80.130) | ip-80-130-bullethost.net | - | High
4 | [13.58.70.215](https://vuldb.com/?ip.13.58.70.215) | ec2-13-58-70-215.us-east-2.compute.amazonaws.com | - | Medium
5 | [20.185.186.224](https://vuldb.com/?ip.20.185.186.224) | - | - | High
6 | [23.239.9.184](https://vuldb.com/?ip.23.239.9.184) | 23-239-9-184.ip.linodeusercontent.com | - | High
7 | [45.9.20.31](https://vuldb.com/?ip.45.9.20.31) | - | - | High
8 | [45.67.230.47](https://vuldb.com/?ip.45.67.230.47) | vm718000.stark-industries.solutions | - | High
9 | [45.77.112.250](https://vuldb.com/?ip.45.77.112.250) | 45.77.112.250.vultrusercontent.com | - | High
10 | [45.140.147.99](https://vuldb.com/?ip.45.140.147.99) | vm716958.stark-industries.solutions | - | High
11 | [62.3.12.9](https://vuldb.com/?ip.62.3.12.9) | zserg.ch | - | High
12 | [62.113.99.76](https://vuldb.com/?ip.62.113.99.76) | - | - | High
13 | ... | ... | ... | ...
There are 7 more IOC items available. Please use our online service to access the data.
There are 47 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -34,12 +43,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059 | CWE-94 | Cross Site Scripting | High
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
3 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 5 more TTP items available. Please use our online service to access the data.
There are 14 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -47,13 +56,32 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/lists/index.php` | High
2 | File | `add_comment.php` | High
3 | File | `add_quiz.php` | Medium
4 | File | `admin.jcomments.php` | High
5 | ... | ... | ...
1 | File | `/Admin/add-student.php` | High
2 | File | `/admin/communitymanagement.php` | High
3 | File | `/admin/generalsettings.php` | High
4 | File | `/admin/payment.php` | High
5 | File | `/admin/transactions/update_status.php` | High
6 | File | `/api/user/password/sent-reset-email` | High
7 | File | `/aqpg/users/login.php` | High
8 | File | `/bsms_ci/index.php/user/edit_user/` | High
9 | File | `/dashboard/add-service.php` | High
10 | File | `/dashboard/updatelogo.php` | High
11 | File | `/Default/Bd` | Medium
12 | File | `/event/admin/?page=user/list` | High
13 | File | `/filemanager/upload/drop` | High
14 | File | `/forum/away.php` | High
15 | File | `/getcfg.php` | Medium
16 | File | `/hrm/employeeadd.php` | High
17 | File | `/hrm/employeeview.php` | High
18 | File | `/htdocs/cgibin` | High
19 | File | `/lists/index.php` | High
20 | File | `/login.php` | Medium
21 | File | `/netflow/jspui/editProfile.jsp` | High
22 | File | `/uncpath/` | Medium
23 | File | `/usr/www/ja/mnt_cmd.cgi` | High
24 | ... | ... | ...
There are 30 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 197 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -63,6 +91,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://cert.gov.ua/article/38606
* https://community.blueliv.com/#!/s/628bf72a82df417b9232fc80
* https://gist.github.com/viriback/362a91ed9601ba906d8a17c8102a68bb
* https://github.com/SEKOIA-IO/Community/blob/main/IOCs/marsstealer/mars_stealer_iocs_20220407.csv
* https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/
## Literature

80
actors/MedusaLocker/README.md
View File

@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MedusaLocker:
* [US](https://vuldb.com/?country.us)
* [GB](https://vuldb.com/?country.gb)
* [RU](https://vuldb.com/?country.ru)
* [DE](https://vuldb.com/?country.de)
* ...
There are 3 more country items available. Please use our online service to access the data.
There are 1 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -36,14 +36,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-40 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80, CWE-85 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 21 more TTP items available. Please use our online service to access the data.
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -51,38 +51,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/action/import_cert_file/` | High
2 | File | `/action/import_e2c_json_file/` | High
3 | File | `/action/import_file/` | High
4 | File | `/action/import_wireguard_cert_file/` | High
5 | File | `/action/import_xml_file/` | High
6 | File | `/action/ipcamRecordPost` | High
7 | File | `/action/ipcamSetParamPost` | High
8 | File | `/action/wirelessConnect` | High
9 | File | `/admin/?page=bookings/view_details` | High
10 | File | `/admin/?page=orders/manage_request` | High
11 | File | `/admin/?page=user/manage_user` | High
12 | File | `/admin/sign/out` | High
13 | File | `/admin/students/manage.php` | High
14 | File | `/api/common/ping` | High
15 | File | `/api/geojson` | Medium
16 | File | `/api/public/signup` | High
17 | File | `/api/v1/attack` | High
18 | File | `/api/v1/attack/falco` | High
19 | File | `/api/v1/attack/token` | High
20 | File | `/api/v1/bait/set` | High
21 | File | `/bookings/update_status.php` | High
22 | File | `/cgi-bin/wlogin.cgi` | High
23 | File | `/classes/Master.php?f=delete_appointment` | High
24 | File | `/classes/Users.php?f=delete_client` | High
25 | File | `/clearance/clearance.php` | High
26 | File | `/depotHead/list` | High
27 | File | `/dev/shm` | Medium
28 | File | `/edit/server` | Medium
29 | File | `/editorder.php` | High
30 | ... | ... | ...
1 | File | `/admin.php/Admin/adminadd.html` | High
2 | File | `/Admin/add-student.php` | High
3 | File | `/admin/controller/JobLogController.java` | High
4 | File | `/Admin/createClass.php` | High
5 | File | `/admin/fst_upload.inc.php` | High
6 | File | `/admin/pages/sections_save.php` | High
7 | File | `/admin/problem_judge.php` | High
8 | File | `/admin/transactions/update_status.php` | High
9 | File | `/admin/users/index.php` | High
10 | File | `/api/v1/nics/wifi/wlan0/ping` | High
11 | File | `/api/v2/cli/commands` | High
12 | File | `/apiv1/` | Low
13 | File | `/asms/admin/?page=transactions/manage_transaction` | High
14 | File | `/asms/admin/?page=user/manage_user` | High
15 | File | `/asms/admin/mechanics/manage_mechanic.php` | High
16 | File | `/asms/admin/products/manage_product.php` | High
17 | File | `/asms/products/view_product.php` | High
18 | File | `/attachments` | Medium
19 | File | `/avms/index.php` | High
20 | File | `/bsms_ci/index.php` | High
21 | File | `/bsms_ci/index.php/user/edit_user/` | High
22 | File | `/calendar/viewcalendar.php` | High
23 | File | `/dede/file_manage_control.php` | High
24 | File | `/device/` | Medium
25 | File | `/event/admin/?page=user/list` | High
26 | File | `/forums/editforum.php` | High
27 | File | `/garage/php_action/createBrand.php` | High
28 | File | `/goform/AddSysLogRule` | High
29 | File | `/goform/setDiagnoseInfo` | High
30 | File | `/goform/SetIpMacBind` | High
31 | File | `/goform/setUplinkInfo` | High
32 | File | `/hrm/controller/employee.php` | High
33 | File | `/hrm/employeeadd.php` | High
34 | File | `/ims/login.php` | High
35 | File | `/index.php/admins/Fields/get_fields.html` | High
36 | ... | ... | ...
There are 259 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

66
actors/Middle East Unknown/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [PT](https://vuldb.com/?country.pt)
* ...
There are 11 more country items available. Please use our online service to access the data.
There are 12 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -52,11 +52,12 @@ ID | Technique | Weakness | Description | Confidence
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
7 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
There are 23 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -64,39 +65,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/action/wirelessConnect` | High
2 | File | `/adfs/ls` | Medium
3 | File | `/admin/?page=reports/waste` | High
4 | File | `/admin/?page=user/manage_user` | High
5 | File | `/admin/add-fee.php` | High
6 | File | `/admin/baojia_list.php` | High
7 | File | `/admin/folderrollpicture/list` | High
8 | File | `/admin/index.PHP` | High
1 | File | `/action/factory` | High
2 | File | `/action/wirelessConnect` | High
3 | File | `/adfs/ls` | Medium
4 | File | `/admin/?page=reports/waste` | High
5 | File | `/admin/?page=user/manage_user` | High
6 | File | `/admin/add-fee.php` | High
7 | File | `/admin/baojia_list.php` | High
8 | File | `/admin/folderrollpicture/list` | High
9 | File | `/admin/users_add.php` | High
10 | File | `/administration/settings_registration.php` | High
11 | File | `/anony/mjpg.cgi` | High
12 | File | `/api/common/ping` | High
13 | File | `/api/v2/open/rowsInfo` | High
14 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
15 | File | `/appointments/update_status.php` | High
16 | File | `/authUserAction!edit.action` | High
17 | File | `/bin/boa` | Medium
18 | File | `/bookings/update_status.php` | High
19 | File | `/cgi-bin/DownloadFlash` | High
20 | File | `/classes/Master.php?f=delete_category` | High
21 | File | `/classes/Users.php?f=delete_client` | High
22 | File | `/csms/admin/storages/view_storage.php` | High
23 | File | `/dede/file_manage_control.php` | High
10 | File | `/anony/mjpg.cgi` | High
11 | File | `/api/common/ping` | High
12 | File | `/api/v2/open/rowsInfo` | High
13 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
14 | File | `/appointments/update_status.php` | High
15 | File | `/authUserAction!edit.action` | High
16 | File | `/bin/boa` | Medium
17 | File | `/bookings/update_status.php` | High
18 | File | `/cgi-bin/DownloadFlash` | High
19 | File | `/classes/Users.php?f=delete_client` | High
20 | File | `/contacts/listcontacts.php` | High
21 | File | `/Core/Ap4File.cpp` | High
22 | File | `/dede/file_manage_control.php` | High
23 | File | `/depotHead/list` | High
24 | File | `/etc/ciel.cfg` | High
25 | File | `/etc/openshift/server_priv.pem` | High
26 | File | `/etc/shadow.sample` | High
27 | File | `/foms/place-order.php` | High
28 | File | `/forum/away.php` | High
29 | File | `/goform/formSetFirewallCfg` | High
30 | File | `/goform/NTPSyncWithHost` | High
31 | ... | ... | ...
28 | File | `/forms/web_runScript` | High
29 | File | `/forum/away.php` | High
30 | File | `/garage/php_action/createBrand.php` | High
31 | File | `/general/search.php?searchtype=simple` | High
32 | File | `/goform/AddSysLogRule` | High
33 | File | `/goform/formSetFirewallCfg` | High
34 | ... | ... | ...
There are 260 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

70
actors/Mirai/README.md
View File

@ -21,7 +21,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* ...
There are 5 more country items available. Please use our online service to access the data.
There are 2 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -213,14 +213,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-40 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80, CWE-85 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 20 more TTP items available. Please use our online service to access the data.
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -228,34 +228,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin.php/Admin/adminadd.html` | High
2 | File | `/admin/admin.php` | High
3 | File | `/admin/controller/JobLogController.java` | High
4 | File | `/Admin/dashboard.php` | High
5 | File | `/admin/problem_judge.php` | High
6 | File | `/api/user/password/sent-reset-email` | High
7 | File | `/asms/admin/?page=transactions/manage_transaction` | High
8 | File | `/asms/admin/mechanics/manage_mechanic.php` | High
9 | File | `/asms/admin/mechanics/view_mechanic.php` | High
10 | File | `/asms/classes/Master.php?f=delete_mechanic` | High
11 | File | `/asms/classes/Master.php?f=delete_service` | High
12 | File | `/cgi-bin/wlogin.cgi` | High
13 | File | `/CommunitySSORedirect.jsp` | High
14 | File | `/Content/Template/root/reverse-shell.aspx` | High
15 | File | `/debug/pprof` | Medium
16 | File | `/diag_ping_admin.asp` | High
17 | File | `/diag_tracert_admin.asp` | High
18 | File | `/HNAP1` | Low
19 | File | `/index/user/user_edit.html` | High
20 | File | `/login.php` | Medium
21 | File | `/Member/memberedit.html` | High
22 | File | `/modx/manager/` | High
23 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
24 | File | `/out.php` | Medium
25 | File | `/pages/processlogin.php` | High
26 | ... | ... | ...
1 | File | `.python-version` | High
2 | File | `/.ssh/authorized_keys` | High
3 | File | `/admin.php/Admin/adminadd.html` | High
4 | File | `/admin/edit_members.php` | High
5 | File | `/admin/fst_upload.inc.php` | High
6 | File | `/admin/settings/save.php` | High
7 | File | `/admin/submit-articles` | High
8 | File | `/admin/users/index.php` | High
9 | File | `/api/audits` | Medium
10 | File | `/api/sys_username_passwd.cmd` | High
11 | File | `/asms/admin/products/manage_product.php` | High
12 | File | `/asms/products/view_product.php` | High
13 | File | `/bsms_ci/index.php` | High
14 | File | `/bsms_ci/index.php/book` | High
15 | File | `/bsms_ci/index.php/user/edit_user/` | High
16 | File | `/calendar/viewcalendar.php` | High
17 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
18 | File | `/cgi-bin/webproc` | High
19 | File | `/cgi-bin/wlogin.cgi` | High
20 | File | `/clients/listclients.php` | High
21 | File | `/Content/Template/root/reverse-shell.aspx` | High
22 | File | `/Default/Bd` | Medium
23 | File | `/device/acceptBind` | High
24 | File | `/event/admin/?page=user/list` | High
25 | File | `/face-recognition-php/facepay-master/camera.php` | High
26 | File | `/forum/away.php` | High
27 | File | `/general/search.php?searchtype=simple` | High
28 | File | `/goform/setSysPwd` | High
29 | File | `/gpac/src/bifs/unquantize.c` | High
30 | File | `/hrm/controller/employee.php` | High
31 | File | `/hrm/employeeadd.php` | High
32 | File | `/hrm/employeeview.php` | High
33 | File | `/ims/login.php` | High
34 | ... | ... | ...
There are 220 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 294 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

48
actors/Molerats/README.md
View File

@ -21,7 +21,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [ES](https://vuldb.com/?country.es)
* [HU](https://vuldb.com/?country.hu)
* ...
There are 11 more country items available. Please use our online service to access the data.
@ -69,31 +69,31 @@ ID | Type | Indicator | Confidence
6 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
7 | File | `/dl/dl_sendmail.php` | High
8 | File | `/drivers/net/ethernet/broadcom/tg3.c` | High
9 | File | `/etc/qci/answers` | High
10 | File | `/forms/nslookupHandler` | High
11 | File | `/forum/away.php` | High
12 | File | `/function/booksave.php` | High
13 | File | `/goform/form2userconfig.cgi` | High
14 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
15 | File | `/inc/campaign/campaign-delete.php` | High
16 | File | `/sgmi/` | Low
17 | File | `/tmp` | Low
18 | File | `/uncpath/` | Medium
19 | File | `/usr/lib/print/conv_fix` | High
20 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
21 | File | `adclick.php` | Medium
22 | File | `add_comment.php` | High
23 | File | `admin.php` | Medium
24 | File | `admin.php?page=languages` | High
25 | File | `admin/controllers/Albumsgalleries.php` | High
26 | File | `admin/plugin.php` | High
27 | File | `admin\addgroup.php` | High
28 | File | `agents.php` | Medium
29 | File | `api_poller.php` | High
30 | File | `app/View/Helper/CommandHelper.php` | High
9 | File | `/etc/passwd` | Medium
10 | File | `/etc/qci/answers` | High
11 | File | `/forms/nslookupHandler` | High
12 | File | `/forum/away.php` | High
13 | File | `/function/booksave.php` | High
14 | File | `/goform/form2userconfig.cgi` | High
15 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
16 | File | `/inc/campaign/campaign-delete.php` | High
17 | File | `/sgmi/` | Low
18 | File | `/tmp` | Low
19 | File | `/uncpath/` | Medium
20 | File | `/usr/lib/print/conv_fix` | High
21 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
22 | File | `adclick.php` | Medium
23 | File | `add_comment.php` | High
24 | File | `admin.php` | Medium
25 | File | `admin.php?page=languages` | High
26 | File | `admin/controllers/Albumsgalleries.php` | High
27 | File | `admin/plugin.php` | High
28 | File | `admin\addgroup.php` | High
29 | File | `agents.php` | Medium
30 | File | `api_poller.php` | High
31 | ... | ... | ...
There are 260 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 262 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

56
actors/Moobot/README.md
View File

@ -51,7 +51,7 @@ ID | Technique | Weakness | Description | Confidence
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
6 | ... | ... | ... | ...
There are 21 more TTP items available. Please use our online service to access the data.
There are 22 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -69,33 +69,35 @@ ID | Type | Indicator | Confidence
8 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
9 | File | `/aqpg/users/login.php` | High
10 | File | `/blog/edit` | Medium
11 | File | `/cgi-bin/uploadWeiXinPic` | High
12 | File | `/classes/Master.php?f=delete_category` | High
13 | File | `/core/admin/categories.php` | High
14 | File | `/dms/admin/reports/daily_collection_report.php` | High
15 | File | `/DsaDataTest` | Medium
16 | File | `/etc/networkd-dispatcher` | High
17 | File | `/filemanager/upload/drop` | High
18 | File | `/food/admin/all_users.php` | High
19 | File | `/forum/away.php` | High
20 | File | `/getcfg.php` | Medium
21 | File | `/goform/PowerSaveSet` | High
22 | File | `/goform/SetClientState` | High
23 | File | `/goform/SetFirewallCfg` | High
24 | File | `/goform/setWorkmode` | High
25 | File | `/goform/wizard_end` | High
26 | File | `/index.php` | Medium
27 | File | `/isms/classes/Users.php` | High
28 | File | `/lists/index.php` | High
29 | File | `/members/view_member.php` | High
30 | File | `/mgmt/tm/util/bash` | High
31 | File | `/ofrs/admin/?page=teams/view_team` | High
32 | File | `/ordering/index.php?q=category` | High
33 | File | `/owa/auth/logon.aspx` | High
34 | File | `/public_html/animals` | High
35 | ... | ... | ...
11 | File | `/bsms_ci/index.php/user/edit_user/` | High
12 | File | `/cgi-bin/uploadWeiXinPic` | High
13 | File | `/classes/Master.php?f=delete_category` | High
14 | File | `/core/admin/categories.php` | High
15 | File | `/Default/Bd` | Medium
16 | File | `/dms/admin/reports/daily_collection_report.php` | High
17 | File | `/DsaDataTest` | Medium
18 | File | `/etc/networkd-dispatcher` | High
19 | File | `/event/admin/?page=user/list` | High
20 | File | `/filemanager/upload/drop` | High
21 | File | `/food/admin/all_users.php` | High
22 | File | `/forum/away.php` | High
23 | File | `/getcfg.php` | Medium
24 | File | `/goform/PowerSaveSet` | High
25 | File | `/goform/SetClientState` | High
26 | File | `/goform/SetFirewallCfg` | High
27 | File | `/goform/setWorkmode` | High
28 | File | `/goform/wizard_end` | High
29 | File | `/hrm/employeeview.php` | High
30 | File | `/index.php` | Medium
31 | File | `/isms/classes/Users.php` | High
32 | File | `/lists/index.php` | High
33 | File | `/members/view_member.php` | High
34 | File | `/mgmt/tm/util/bash` | High
35 | File | `/ofrs/admin/?page=teams/view_team` | High
36 | File | `/ordering/index.php?q=category` | High
37 | ... | ... | ...
There are 297 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 320 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

90
actors/MuddyWater/README.md
View File

@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [ES](https://vuldb.com/?country.es)
* ...
There are 19 more country items available. Please use our online service to access the data.
There are 20 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -59,11 +59,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-37 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
1 | T1006 | CWE-21, CWE-22, CWE-37 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
6 | ... | ... | ... | ...
There are 20 more TTP items available. Please use our online service to access the data.
@ -74,47 +74,49 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates` | High
2 | File | `/action/iperf` | High
3 | File | `/action/wirelessConnect` | High
4 | File | `/Admin/add-student.php` | High
5 | File | `/admin/admin.php` | High
1 | File | `/action/iperf` | High
2 | File | `/action/wirelessConnect` | High
3 | File | `/Admin/add-student.php` | High
4 | File | `/admin/admin.php` | High
5 | File | `/Admin/dashboard.php` | High
6 | File | `/Admin/login.php` | High
7 | File | `/admin/settings/fields` | High
8 | File | `/admin/sign/out` | High
9 | File | `/api/discoveries/` | High
10 | File | `/api/v1/attack` | High
11 | File | `/api/v1/attack/falco` | High
12 | File | `/api/v1/attack/token` | High
13 | File | `/api/v1/bait/set` | High
14 | File | `/api/v1/chat.getThreadsList` | High
15 | File | `/api/v2/open/rowsInfo` | High
16 | File | `/api/v2/open/tablesInfo` | High
17 | File | `/balance/service/list` | High
18 | File | `/bin/proc.cgi` | High
7 | File | `/admin/sign/out` | High
8 | File | `/api/discoveries/` | High
9 | File | `/api/v1/attack` | High
10 | File | `/api/v1/attack/falco` | High
11 | File | `/api/v1/attack/token` | High
12 | File | `/api/v1/bait/set` | High
13 | File | `/api/v2/open/rowsInfo` | High
14 | File | `/api/v2/open/tablesInfo` | High
15 | File | `/balance/service/list` | High
16 | File | `/bin/proc.cgi` | High
17 | File | `/bsms_ci/index.php` | High
18 | File | `/bsms_ci/index.php/user/edit_user/` | High
19 | File | `/buspassms/download-pass.php` | High
20 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
21 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
22 | File | `/category.php` | High
23 | File | `/changePassword` | High
24 | File | `/cnr` | Low
25 | File | `/Core/Ap4File.cpp` | High
26 | File | `/csms/admin/?page=user/manage_user` | High
27 | File | `/depotHead/list` | High
28 | File | `/DesignTools/CssEditor.aspx` | High
29 | File | `/ebics-server/ebics.aspx` | High
30 | File | `/etc/shadow.sample` | High
31 | File | `/etc/version` | Medium
32 | File | `/git-prereceive-callback` | High
33 | File | `/goform/expandDlnaFile` | High
34 | File | `/goform/fast_setting_wifi_set` | High
35 | File | `/goform/form2WizardStep4` | High
36 | File | `/goform/formSetClientState` | High
37 | File | `/goform/fromSetIpMacBind` | High
38 | File | `/goform/NatStaticSetting` | High
39 | ... | ... | ...
20 | File | `/category.php` | High
21 | File | `/changePassword` | High
22 | File | `/confirm` | Medium
23 | File | `/Core/Ap4File.cpp` | High
24 | File | `/csms/admin/?page=user/manage_user` | High
25 | File | `/Default/Bd` | Medium
26 | File | `/depotHead/list` | High
27 | File | `/ebics-server/ebics.aspx` | High
28 | File | `/event/admin/?page=user/list` | High
29 | File | `/face-recognition-php/facepay-master/camera.php` | High
30 | File | `/goform/form2WizardStep4` | High
31 | File | `/goform/formSetClientState` | High
32 | File | `/goform/fromSetIpMacBind` | High
33 | File | `/goform/setSysAdm` | High
34 | File | `/gpac/src/bifs/unquantize.c` | High
35 | File | `/h/compose` | Medium
36 | File | `/hrm/controller/employee.php` | High
37 | File | `/hrm/employeeadd.php` | High
38 | File | `/hrm/employeeview.php` | High
39 | File | `/index.asp` | Medium
40 | File | `/index.php/purchase_order/browse_data` | High
41 | ... | ... | ...
There are 332 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 351 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Mustang Panda/README.md
View File

@ -95,7 +95,7 @@ ID | Type | Indicator | Confidence
22 | File | `/rest/api/2/user/picker` | High
23 | ... | ... | ...
There are 188 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 189 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

8
actors/MyKings/README.md
View File

@ -60,7 +60,7 @@ ID | Technique | Weakness | Description | Confidence
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 19 more TTP items available. Please use our online service to access the data.
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -100,9 +100,11 @@ ID | Type | Indicator | Confidence
30 | File | `addtocart.asp` | High
31 | File | `admin/admin.shtml` | High
32 | File | `admin/shophelp.php` | High
33 | ... | ... | ...
33 | File | `ajax-actions.php` | High
34 | File | `ajax/api/hook/decodeArguments` | High
35 | ... | ... | ...
There are 278 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 295 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

64
actors/NetWire/README.md
View File

@ -83,37 +83,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
2 | File | `.procmailrc` | Medium
3 | File | `/../../conf/template/uhttpd.json` | High
4 | File | `/admin/` | Low
5 | File | `/admin/communitymanagement.php` | High
6 | File | `/admin/contenttemp` | High
7 | File | `/admin/extended` | High
8 | File | `/admin/featured.php` | High
9 | File | `/admin/generalsettings.php` | High
10 | File | `/admin/login.php` | High
11 | File | `/admin/modules/system/custom_field.php` | High
12 | File | `/admin/newsletter1.php` | High
13 | File | `/admin/payment.php` | High
14 | File | `/admin/students/manage.php` | High
15 | File | `/admin/students/view_student.php` | High
16 | File | `/admin/usermanagement.php` | High
17 | File | `/api/addusers` | High
18 | File | `/api/crontab` | Medium
19 | File | `/api/RecordingList/DownloadRecord?file=` | High
20 | File | `/api/user/upsert/<uuid>` | High
21 | File | `/bin/boa` | Medium
22 | File | `/cgi-bin/wapopen` | High
23 | File | `/cgi-bin/webviewer_login_page` | High
24 | File | `/cgi-bin/wlogin.cgi` | High
25 | File | `/cgi-mod/lookup.cgi` | High
26 | File | `/dashboard/updatelogo.php` | High
27 | File | `/designer/add/layout` | High
28 | File | `/dev/dri/card1` | High
29 | File | `/etc/sudoers` | Medium
30 | File | `/export` | Low
31 | File | `/filemanager/upload/drop` | High
32 | File | `/forum/away.php` | High
2 | File | `.../gogo/` | Medium
3 | File | `.procmailrc` | Medium
4 | File | `/../../conf/template/uhttpd.json` | High
5 | File | `/admin/` | Low
6 | File | `/admin/communitymanagement.php` | High
7 | File | `/admin/contenttemp` | High
8 | File | `/admin/extended` | High
9 | File | `/admin/featured.php` | High
10 | File | `/admin/generalsettings.php` | High
11 | File | `/admin/login.php` | High
12 | File | `/admin/modules/system/custom_field.php` | High
13 | File | `/admin/newsletter1.php` | High
14 | File | `/admin/payment.php` | High
15 | File | `/admin/students/manage.php` | High
16 | File | `/admin/students/view_student.php` | High
17 | File | `/admin/usermanagement.php` | High
18 | File | `/api/addusers` | High
19 | File | `/api/crontab` | Medium
20 | File | `/api/RecordingList/DownloadRecord?file=` | High
21 | File | `/api/user/upsert/<uuid>` | High
22 | File | `/bin/boa` | Medium
23 | File | `/cgi-bin/wapopen` | High
24 | File | `/cgi-bin/webviewer_login_page` | High
25 | File | `/cgi-bin/wlogin.cgi` | High
26 | File | `/cgi-mod/lookup.cgi` | High
27 | File | `/dashboard/updatelogo.php` | High
28 | File | `/designer/add/layout` | High
29 | File | `/dev/dri/card1` | High
30 | File | `/etc/sudoers` | Medium
31 | File | `/export` | Low
32 | File | `/filemanager/upload/drop` | High
33 | File | `/h/calendar` | Medium
34 | File | `/h/compose` | Medium
35 | File | `/h/search?action=voicemail&action=listen` | High
@ -133,7 +133,7 @@ ID | Type | Indicator | Confidence
49 | File | `/php-sms/classes/Master.php` | High
50 | ... | ... | ...
There are 435 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 437 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

610
actors/North America Unknown/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [JP](https://vuldb.com/?country.jp)
* [IO](https://vuldb.com/?country.io)
* [SH](https://vuldb.com/?country.sh)
* ...
There are 23 more country items available. Please use our online service to access the data.
There are 22 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -6012,9 +6012,509 @@ ID | IP address | Hostname | Campaign | Confidence
5989 | [75.0.0.0](https://vuldb.com/?ip.75.0.0.0) | adsl-75-0-0-0.dsl.renocs.sbcglobal.net | - | High
5990 | [76.0.0.0](https://vuldb.com/?ip.76.0.0.0) | 76-0-0-0.wrbg.centurylink.net | - | High
5991 | [76.8.0.0](https://vuldb.com/?ip.76.8.0.0) | 76-8-0-0.cpe.safelink.net | - | High
5992 | ... | ... | ... | ...
5992 | [76.9.0.0](https://vuldb.com/?ip.76.9.0.0) | - | - | High
5993 | [76.9.2.0](https://vuldb.com/?ip.76.9.2.0) | - | - | High
5994 | [76.9.4.0](https://vuldb.com/?ip.76.9.4.0) | - | - | High
5995 | [76.9.8.0](https://vuldb.com/?ip.76.9.8.0) | - | - | High
5996 | [76.9.16.0](https://vuldb.com/?ip.76.9.16.0) | - | - | High
5997 | [76.9.32.0](https://vuldb.com/?ip.76.9.32.0) | - | - | High
5998 | [76.9.64.0](https://vuldb.com/?ip.76.9.64.0) | 76-9-64-0-rt-broadband-00.broadband.oakhurst.sti.net | - | High
5999 | [76.9.128.0](https://vuldb.com/?ip.76.9.128.0) | - | - | High
6000 | [76.10.0.0](https://vuldb.com/?ip.76.10.0.0) | host-0-0.ilur711elm.urbana.il.us.clients.pavlovmedia.net | - | High
6001 | [76.12.0.0](https://vuldb.com/?ip.76.12.0.0) | - | - | High
6002 | [76.16.0.0](https://vuldb.com/?ip.76.16.0.0) | - | - | High
6003 | [76.32.0.0](https://vuldb.com/?ip.76.32.0.0) | 076-032-000-000.inf.spectrum.com | - | High
6004 | [76.64.0.0](https://vuldb.com/?ip.76.64.0.0) | - | - | High
6005 | [76.72.0.0](https://vuldb.com/?ip.76.72.0.0) | - | - | High
6006 | [76.76.0.0](https://vuldb.com/?ip.76.76.0.0) | - | - | High
6007 | [76.76.3.0](https://vuldb.com/?ip.76.76.3.0) | 0.3.76.76.static.CharlotteColo.com | - | High
6008 | [76.76.4.0](https://vuldb.com/?ip.76.76.4.0) | 0.4.76.76.static.CharlotteColo.com | - | High
6009 | [76.76.8.0](https://vuldb.com/?ip.76.76.8.0) | - | - | High
6010 | [76.76.11.0](https://vuldb.com/?ip.76.76.11.0) | - | - | High
6011 | [76.76.12.0](https://vuldb.com/?ip.76.76.12.0) | - | - | High
6012 | [76.76.16.0](https://vuldb.com/?ip.76.76.16.0) | - | - | High
6013 | [76.76.32.0](https://vuldb.com/?ip.76.76.32.0) | - | - | High
6014 | [76.76.64.0](https://vuldb.com/?ip.76.76.64.0) | - | - | High
6015 | [76.76.128.0](https://vuldb.com/?ip.76.76.128.0) | - | - | High
6016 | [76.77.0.0](https://vuldb.com/?ip.76.77.0.0) | - | - | High
6017 | [76.77.32.0](https://vuldb.com/?ip.76.77.32.0) | - | - | High
6018 | [76.77.64.0](https://vuldb.com/?ip.76.77.64.0) | - | - | High
6019 | [76.77.128.0](https://vuldb.com/?ip.76.77.128.0) | - | - | High
6020 | [76.78.0.0](https://vuldb.com/?ip.76.78.0.0) | - | - | High
6021 | [76.80.0.0](https://vuldb.com/?ip.76.80.0.0) | rrcs-76-80-0-0.west.biz.rr.com | - | High
6022 | [76.96.0.0](https://vuldb.com/?ip.76.96.0.0) | - | - | High
6023 | [76.128.0.0](https://vuldb.com/?ip.76.128.0.0) | - | - | High
6024 | [77.67.29.128](https://vuldb.com/?ip.77.67.29.128) | - | - | High
6025 | [77.67.69.0](https://vuldb.com/?ip.77.67.69.0) | - | - | High
6026 | [77.67.79.72](https://vuldb.com/?ip.77.67.79.72) | - | - | High
6027 | [77.67.85.116](https://vuldb.com/?ip.77.67.85.116) | - | - | High
6028 | [77.67.85.120](https://vuldb.com/?ip.77.67.85.120) | - | - | High
6029 | [77.67.85.128](https://vuldb.com/?ip.77.67.85.128) | - | - | High
6030 | [77.67.85.144](https://vuldb.com/?ip.77.67.85.144) | - | - | High
6031 | [77.67.85.152](https://vuldb.com/?ip.77.67.85.152) | - | - | High
6032 | [77.67.101.0](https://vuldb.com/?ip.77.67.101.0) | - | - | High
6033 | [77.67.106.0](https://vuldb.com/?ip.77.67.106.0) | - | - | High
6034 | [77.67.108.96](https://vuldb.com/?ip.77.67.108.96) | - | - | High
6035 | [77.70.176.0](https://vuldb.com/?ip.77.70.176.0) | - | - | High
6036 | [77.74.152.0](https://vuldb.com/?ip.77.74.152.0) | - | - | High
6037 | [77.75.52.0](https://vuldb.com/?ip.77.75.52.0) | visit.keznews.com | - | High
6038 | [77.75.226.0](https://vuldb.com/?ip.77.75.226.0) | - | - | High
6039 | [77.81.1.0](https://vuldb.com/?ip.77.81.1.0) | - | - | High
6040 | [77.81.120.0](https://vuldb.com/?ip.77.81.120.0) | - | - | High
6041 | [77.83.44.0](https://vuldb.com/?ip.77.83.44.0) | - | - | High
6042 | [77.83.70.0](https://vuldb.com/?ip.77.83.70.0) | - | - | High
6043 | [77.83.85.0](https://vuldb.com/?ip.77.83.85.0) | - | - | High
6044 | [77.83.86.0](https://vuldb.com/?ip.77.83.86.0) | - | - | High
6045 | [77.83.156.0](https://vuldb.com/?ip.77.83.156.0) | - | - | High
6046 | [77.83.164.0](https://vuldb.com/?ip.77.83.164.0) | - | - | High
6047 | [77.83.168.0](https://vuldb.com/?ip.77.83.168.0) | - | - | High
6048 | [77.83.223.0](https://vuldb.com/?ip.77.83.223.0) | - | - | High
6049 | [77.88.47.0](https://vuldb.com/?ip.77.88.47.0) | - | - | High
6050 | [77.90.152.0](https://vuldb.com/?ip.77.90.152.0) | - | - | High
6051 | [77.90.156.0](https://vuldb.com/?ip.77.90.156.0) | centbox.afx6.net | - | High
6052 | [77.90.166.0](https://vuldb.com/?ip.77.90.166.0) | - | - | High
6053 | [77.90.173.0](https://vuldb.com/?ip.77.90.173.0) | - | - | High
6054 | [77.90.176.0](https://vuldb.com/?ip.77.90.176.0) | - | - | High
6055 | [77.90.178.0](https://vuldb.com/?ip.77.90.178.0) | centbox.afx6.net | - | High
6056 | [77.90.180.0](https://vuldb.com/?ip.77.90.180.0) | - | - | High
6057 | [77.90.188.0](https://vuldb.com/?ip.77.90.188.0) | - | - | High
6058 | [77.104.136.0](https://vuldb.com/?ip.77.104.136.0) | ip-77-104-136-0.siteground.com | - | High
6059 | [77.104.138.0](https://vuldb.com/?ip.77.104.138.0) | ip-77-104-138-0.siteground.com | - | High
6060 | [77.104.144.0](https://vuldb.com/?ip.77.104.144.0) | ip-77-104-144-0.siteground.com | - | High
6061 | [77.104.146.0](https://vuldb.com/?ip.77.104.146.0) | ip-77-104-146-0.siteground.com | - | High
6062 | [77.104.151.0](https://vuldb.com/?ip.77.104.151.0) | ip-77-104-151-0.siteground.com | - | High
6063 | [77.104.152.0](https://vuldb.com/?ip.77.104.152.0) | ip-77-104-152-0.siteground.com | - | High
6064 | [77.104.154.0](https://vuldb.com/?ip.77.104.154.0) | ip-77-104-154-0.siteground.com | - | High
6065 | [77.104.156.0](https://vuldb.com/?ip.77.104.156.0) | ip-77-104-156-0.siteground.com | - | High
6066 | [77.104.161.0](https://vuldb.com/?ip.77.104.161.0) | ip-77-104-161-0.siteground.com | - | High
6067 | [77.104.162.0](https://vuldb.com/?ip.77.104.162.0) | ip-77-104-162-0.siteground.com | - | High
6068 | [77.104.164.0](https://vuldb.com/?ip.77.104.164.0) | ip-77-104-164-0.siteground.com | - | High
6069 | [77.104.176.0](https://vuldb.com/?ip.77.104.176.0) | ip-77-104-176-0.siteground.com | - | High
6070 | [77.104.178.0](https://vuldb.com/?ip.77.104.178.0) | ip-77-104-178-0.siteground.com | - | High
6071 | [77.111.198.0](https://vuldb.com/?ip.77.111.198.0) | - | - | High
6072 | [77.111.200.0](https://vuldb.com/?ip.77.111.200.0) | - | - | High
6073 | [77.111.246.0](https://vuldb.com/?ip.77.111.246.0) | - | - | High
6074 | [77.232.192.0](https://vuldb.com/?ip.77.232.192.0) | - | - | High
6075 | [77.234.41.0](https://vuldb.com/?ip.77.234.41.0) | - | - | High
6076 | [77.234.42.0](https://vuldb.com/?ip.77.234.42.0) | - | - | High
6077 | [77.234.44.0](https://vuldb.com/?ip.77.234.44.0) | - | - | High
6078 | [77.234.46.0](https://vuldb.com/?ip.77.234.46.0) | - | - | High
6079 | [77.239.106.0](https://vuldb.com/?ip.77.239.106.0) | - | - | High
6080 | [77.241.229.224](https://vuldb.com/?ip.77.241.229.224) | - | - | High
6081 | [77.243.84.0](https://vuldb.com/?ip.77.243.84.0) | - | - | High
6082 | [77.243.92.0](https://vuldb.com/?ip.77.243.92.0) | - | - | High
6083 | [77.247.112.0](https://vuldb.com/?ip.77.247.112.0) | - | - | High
6084 | [78.26.125.0](https://vuldb.com/?ip.78.26.125.0) | - | - | High
6085 | [78.31.205.0](https://vuldb.com/?ip.78.31.205.0) | - | - | High
6086 | [78.31.248.0](https://vuldb.com/?ip.78.31.248.0) | - | - | High
6087 | [78.45.83.216](https://vuldb.com/?ip.78.45.83.216) | ip-78-45-83-216.bb.vodafone.cz | - | High
6088 | [78.89.133.0](https://vuldb.com/?ip.78.89.133.0) | - | - | High
6089 | [78.128.127.0](https://vuldb.com/?ip.78.128.127.0) | - | - | High
6090 | [78.142.0.0](https://vuldb.com/?ip.78.142.0.0) | - | - | High
6091 | [78.142.8.0](https://vuldb.com/?ip.78.142.8.0) | - | - | High
6092 | [78.152.39.32](https://vuldb.com/?ip.78.152.39.32) | - | - | High
6093 | [78.152.50.224](https://vuldb.com/?ip.78.152.50.224) | - | - | High
6094 | [78.159.151.0](https://vuldb.com/?ip.78.159.151.0) | - | - | High
6095 | [79.98.180.0](https://vuldb.com/?ip.79.98.180.0) | - | - | High
6096 | [79.110.28.128](https://vuldb.com/?ip.79.110.28.128) | - | - | High
6097 | [79.110.31.128](https://vuldb.com/?ip.79.110.31.128) | - | - | High
6098 | [79.110.170.0](https://vuldb.com/?ip.79.110.170.0) | - | - | High
6099 | [79.110.176.0](https://vuldb.com/?ip.79.110.176.0) | - | - | High
6100 | [79.110.184.0](https://vuldb.com/?ip.79.110.184.0) | - | - | High
6101 | [79.141.160.0](https://vuldb.com/?ip.79.141.160.0) | - | - | High
6102 | [79.141.166.0](https://vuldb.com/?ip.79.141.166.0) | - | - | High
6103 | [79.142.72.0](https://vuldb.com/?ip.79.142.72.0) | nl.altushost.com | - | High
6104 | [79.143.54.0](https://vuldb.com/?ip.79.143.54.0) | - | - | High
6105 | [79.143.59.0](https://vuldb.com/?ip.79.143.59.0) | - | - | High
6106 | [79.143.61.0](https://vuldb.com/?ip.79.143.61.0) | - | - | High
6107 | [79.143.128.0](https://vuldb.com/?ip.79.143.128.0) | - | - | High
6108 | [79.143.136.0](https://vuldb.com/?ip.79.143.136.0) | - | - | High
6109 | [79.148.242.0](https://vuldb.com/?ip.79.148.242.0) | 0.red-79-148-242.staticip.rima-tde.net | - | High
6110 | [79.174.8.0](https://vuldb.com/?ip.79.174.8.0) | visit.keznews.com | - | High
6111 | [79.174.20.0](https://vuldb.com/?ip.79.174.20.0) | - | - | High
6112 | [80.11.35.247](https://vuldb.com/?ip.80.11.35.247) | laubervilliers-657-1-5-247.w80-11.abo.wanadoo.fr | - | High
6113 | [80.12.96.0](https://vuldb.com/?ip.80.12.96.0) | - | - | High
6114 | [80.12.98.0](https://vuldb.com/?ip.80.12.98.0) | - | - | High
6115 | [80.66.82.0](https://vuldb.com/?ip.80.66.82.0) | - | - | High
6116 | [80.67.64.0](https://vuldb.com/?ip.80.67.64.0) | a80-67-64-0.deploy.static.akamaitechnologies.com | - | High
6117 | [80.67.72.0](https://vuldb.com/?ip.80.67.72.0) | a80-67-72-0.deploy.static.akamaitechnologies.com | - | High
6118 | [80.67.74.0](https://vuldb.com/?ip.80.67.74.0) | a80-67-74-0.deploy.static.akamaitechnologies.com | - | High
6119 | [80.67.81.0](https://vuldb.com/?ip.80.67.81.0) | a80-67-81-0.deploy.static.akamaitechnologies.com | - | High
6120 | [80.67.82.0](https://vuldb.com/?ip.80.67.82.0) | a80-67-82-0.deploy.static.akamaitechnologies.com | - | High
6121 | [80.71.32.0](https://vuldb.com/?ip.80.71.32.0) | - | - | High
6122 | [80.76.166.53](https://vuldb.com/?ip.80.76.166.53) | - | - | High
6123 | [80.77.93.202](https://vuldb.com/?ip.80.77.93.202) | - | - | High
6124 | [80.78.16.216](https://vuldb.com/?ip.80.78.16.216) | - | - | High
6125 | [80.78.17.0](https://vuldb.com/?ip.80.78.17.0) | - | - | High
6126 | [80.78.17.152](https://vuldb.com/?ip.80.78.17.152) | - | - | High
6127 | [80.78.17.176](https://vuldb.com/?ip.80.78.17.176) | - | - | High
6128 | [80.78.17.240](https://vuldb.com/?ip.80.78.17.240) | - | - | High
6129 | [80.78.18.28](https://vuldb.com/?ip.80.78.18.28) | - | - | High
6130 | [80.78.18.104](https://vuldb.com/?ip.80.78.18.104) | - | - | High
6131 | [80.78.18.216](https://vuldb.com/?ip.80.78.18.216) | - | - | High
6132 | [80.78.18.248](https://vuldb.com/?ip.80.78.18.248) | - | - | High
6133 | [80.78.19.32](https://vuldb.com/?ip.80.78.19.32) | - | - | High
6134 | [80.78.19.64](https://vuldb.com/?ip.80.78.19.64) | - | - | High
6135 | [80.78.19.104](https://vuldb.com/?ip.80.78.19.104) | - | - | High
6136 | [80.78.19.112](https://vuldb.com/?ip.80.78.19.112) | - | - | High
6137 | [80.78.19.136](https://vuldb.com/?ip.80.78.19.136) | - | - | High
6138 | [80.78.19.224](https://vuldb.com/?ip.80.78.19.224) | - | - | High
6139 | [80.78.20.24](https://vuldb.com/?ip.80.78.20.24) | 504e1418.vpn.njalla.net | - | High
6140 | [80.78.20.144](https://vuldb.com/?ip.80.78.20.144) | 504e1490.vpn.njalla.net | - | High
6141 | [80.78.20.216](https://vuldb.com/?ip.80.78.20.216) | 504e14d8.vpn.njalla.net | - | High
6142 | [80.78.20.240](https://vuldb.com/?ip.80.78.20.240) | 504e14f0.vpn.njalla.net | - | High
6143 | [80.78.21.0](https://vuldb.com/?ip.80.78.21.0) | - | - | High
6144 | [80.78.23.16](https://vuldb.com/?ip.80.78.23.16) | 504e1710.host.njalla.net | - | High
6145 | [80.78.23.240](https://vuldb.com/?ip.80.78.23.240) | 504e17f0.host.njalla.net | - | High
6146 | [80.78.26.1](https://vuldb.com/?ip.80.78.26.1) | r.njalla.net | - | High
6147 | [80.78.26.4](https://vuldb.com/?ip.80.78.26.4) | 504e1a04.host.njalla.net | - | High
6148 | [80.78.26.192](https://vuldb.com/?ip.80.78.26.192) | 504e1ac0.host.njalla.net | - | High
6149 | [80.78.26.224](https://vuldb.com/?ip.80.78.26.224) | 504e1ae0.host.njalla.net | - | High
6150 | [80.78.26.240](https://vuldb.com/?ip.80.78.26.240) | 504e1af0.host.njalla.net | - | High
6151 | [80.78.27.0](https://vuldb.com/?ip.80.78.27.0) | - | - | High
6152 | [80.78.27.40](https://vuldb.com/?ip.80.78.27.40) | 504e1b28.host.njalla.net | - | High
6153 | [80.78.27.56](https://vuldb.com/?ip.80.78.27.56) | 504e1b38.host.njalla.net | - | High
6154 | [80.78.27.64](https://vuldb.com/?ip.80.78.27.64) | 504e1b40.host.njalla.net | - | High
6155 | [80.78.27.104](https://vuldb.com/?ip.80.78.27.104) | 504e1b68.host.njalla.net | - | High
6156 | [80.78.27.136](https://vuldb.com/?ip.80.78.27.136) | 504e1b88.host.njalla.net | - | High
6157 | [80.78.27.160](https://vuldb.com/?ip.80.78.27.160) | 504e1ba0.host.njalla.net | - | High
6158 | [80.78.27.176](https://vuldb.com/?ip.80.78.27.176) | 504e1bb0.host.njalla.net | - | High
6159 | [80.78.27.192](https://vuldb.com/?ip.80.78.27.192) | 504e1bc0.host.njalla.net | - | High
6160 | [80.78.27.224](https://vuldb.com/?ip.80.78.27.224) | - | - | High
6161 | [80.78.28.8](https://vuldb.com/?ip.80.78.28.8) | - | - | High
6162 | [80.78.129.0](https://vuldb.com/?ip.80.78.129.0) | - | - | High
6163 | [80.78.133.236](https://vuldb.com/?ip.80.78.133.236) | us1.ip4.it-df.net | - | High
6164 | [80.78.140.0](https://vuldb.com/?ip.80.78.140.0) | - | - | High
6165 | [80.84.54.248](https://vuldb.com/?ip.80.84.54.248) | 248-54-84-80.rackcentre.redstation.net.uk | - | High
6166 | [80.84.140.0](https://vuldb.com/?ip.80.84.140.0) | - | - | High
6167 | [80.86.16.0](https://vuldb.com/?ip.80.86.16.0) | d80-86-16-0.static.comm.cgocable.net | - | High
6168 | [80.87.204.0](https://vuldb.com/?ip.80.87.204.0) | bill.artplanet.ru | - | High
6169 | [80.87.207.0](https://vuldb.com/?ip.80.87.207.0) | subnet.artplanet.su | - | High
6170 | [80.154.117.0](https://vuldb.com/?ip.80.154.117.0) | - | - | High
6171 | [80.169.36.216](https://vuldb.com/?ip.80.169.36.216) | - | - | High
6172 | [80.196.239.36](https://vuldb.com/?ip.80.196.239.36) | - | - | High
6173 | [80.209.240.0](https://vuldb.com/?ip.80.209.240.0) | - | - | High
6174 | [80.243.228.0](https://vuldb.com/?ip.80.243.228.0) | - | - | High
6175 | [80.243.230.0](https://vuldb.com/?ip.80.243.230.0) | undefined.hostname.localhost | - | High
6176 | [80.243.240.0](https://vuldb.com/?ip.80.243.240.0) | - | - | High
6177 | [80.248.224.160](https://vuldb.com/?ip.80.248.224.160) | - | - | High
6178 | [80.248.226.160](https://vuldb.com/?ip.80.248.226.160) | thatmakesmeh1aappy.involvenavigateroute.co.uk | - | High
6179 | [80.248.227.160](https://vuldb.com/?ip.80.248.227.160) | - | - | High
6180 | [80.251.208.0](https://vuldb.com/?ip.80.251.208.0) | 80.251.208.0.16clouds.com | - | High
6181 | [80.254.152.0](https://vuldb.com/?ip.80.254.152.0) | - | - | High
6182 | [80.254.156.0](https://vuldb.com/?ip.80.254.156.0) | - | - | High
6183 | [80.255.5.240](https://vuldb.com/?ip.80.255.5.240) | - | - | High
6184 | [80.255.42.0](https://vuldb.com/?ip.80.255.42.0) | - | - | High
6185 | [81.16.128.0](https://vuldb.com/?ip.81.16.128.0) | - | - | High
6186 | [81.22.36.0](https://vuldb.com/?ip.81.22.36.0) | - | - | High
6187 | [81.31.0.158](https://vuldb.com/?ip.81.31.0.158) | - | - | High
6188 | [81.31.0.176](https://vuldb.com/?ip.81.31.0.176) | - | - | High
6189 | [81.31.0.188](https://vuldb.com/?ip.81.31.0.188) | - | - | High
6190 | [81.31.0.245](https://vuldb.com/?ip.81.31.0.245) | - | - | High
6191 | [81.31.0.246](https://vuldb.com/?ip.81.31.0.246) | - | - | High
6192 | [81.31.0.252](https://vuldb.com/?ip.81.31.0.252) | - | - | High
6193 | [81.31.1.64](https://vuldb.com/?ip.81.31.1.64) | - | - | High
6194 | [81.31.2.8](https://vuldb.com/?ip.81.31.2.8) | - | - | High
6195 | [81.31.2.132](https://vuldb.com/?ip.81.31.2.132) | - | - | High
6196 | [81.31.2.136](https://vuldb.com/?ip.81.31.2.136) | - | - | High
6197 | [81.31.22.0](https://vuldb.com/?ip.81.31.22.0) | - | - | High
6198 | [81.52.131.0](https://vuldb.com/?ip.81.52.131.0) | - | - | High
6199 | [81.52.133.0](https://vuldb.com/?ip.81.52.133.0) | - | - | High
6200 | [81.52.134.0](https://vuldb.com/?ip.81.52.134.0) | - | - | High
6201 | [81.52.177.0](https://vuldb.com/?ip.81.52.177.0) | - | - | High
6202 | [81.52.177.160](https://vuldb.com/?ip.81.52.177.160) | - | - | High
6203 | [81.52.177.208](https://vuldb.com/?ip.81.52.177.208) | - | - | High
6204 | [81.52.177.240](https://vuldb.com/?ip.81.52.177.240) | - | - | High
6205 | [81.52.192.0](https://vuldb.com/?ip.81.52.192.0) | - | - | High
6206 | [81.52.196.0](https://vuldb.com/?ip.81.52.196.0) | - | - | High
6207 | [81.52.198.0](https://vuldb.com/?ip.81.52.198.0) | - | - | High
6208 | [81.52.198.128](https://vuldb.com/?ip.81.52.198.128) | - | - | High
6209 | [81.52.198.192](https://vuldb.com/?ip.81.52.198.192) | - | - | High
6210 | [81.52.198.208](https://vuldb.com/?ip.81.52.198.208) | - | - | High
6211 | [81.52.198.216](https://vuldb.com/?ip.81.52.198.216) | - | - | High
6212 | [81.52.208.0](https://vuldb.com/?ip.81.52.208.0) | - | - | High
6213 | [81.52.252.0](https://vuldb.com/?ip.81.52.252.0) | - | - | High
6214 | [81.52.254.0](https://vuldb.com/?ip.81.52.254.0) | - | - | High
6215 | [81.52.255.0](https://vuldb.com/?ip.81.52.255.0) | - | - | High
6216 | [81.52.255.128](https://vuldb.com/?ip.81.52.255.128) | - | - | High
6217 | [81.52.255.160](https://vuldb.com/?ip.81.52.255.160) | - | - | High
6218 | [81.85.237.0](https://vuldb.com/?ip.81.85.237.0) | - | - | High
6219 | [81.92.26.0](https://vuldb.com/?ip.81.92.26.0) | - | - | High
6220 | [81.92.26.128](https://vuldb.com/?ip.81.92.26.128) | - | - | High
6221 | [81.92.26.192](https://vuldb.com/?ip.81.92.26.192) | - | - | High
6222 | [81.92.26.232](https://vuldb.com/?ip.81.92.26.232) | - | - | High
6223 | [81.92.112.0](https://vuldb.com/?ip.81.92.112.0) | - | - | High
6224 | [81.92.217.0](https://vuldb.com/?ip.81.92.217.0) | no.rdns.ukservers.com | - | High
6225 | [81.92.218.0](https://vuldb.com/?ip.81.92.218.0) | no.rdns.ukservers.com | - | High
6226 | [81.95.145.224](https://vuldb.com/?ip.81.95.145.224) | e0.91.5f51.ip4.static.sl-reverse.com | - | High
6227 | [81.95.146.128](https://vuldb.com/?ip.81.95.146.128) | 80.92.5f51.ip4.static.sl-reverse.com | - | High
6228 | [81.95.147.148](https://vuldb.com/?ip.81.95.147.148) | 94.93.5f51.ip4.static.sl-reverse.com | - | High
6229 | [81.95.151.192](https://vuldb.com/?ip.81.95.151.192) | c0.97.5f51.ip4.static.sl-reverse.com | - | High
6230 | [81.95.152.96](https://vuldb.com/?ip.81.95.152.96) | 60.98.5f51.ip4.static.sl-reverse.com | - | High
6231 | [81.95.154.152](https://vuldb.com/?ip.81.95.154.152) | - | - | High
6232 | [81.95.157.200](https://vuldb.com/?ip.81.95.157.200) | c8.9d.5f51.ip4.static.sl-reverse.com | - | High
6233 | [81.95.158.104](https://vuldb.com/?ip.81.95.158.104) | 68.9e.5f51.ip4.static.sl-reverse.com | - | High
6234 | [81.161.228.0](https://vuldb.com/?ip.81.161.228.0) | - | - | High
6235 | [81.171.110.0](https://vuldb.com/?ip.81.171.110.0) | unknown.puregig.net | - | High
6236 | [81.201.84.0](https://vuldb.com/?ip.81.201.84.0) | - | - | High
6237 | [81.215.4.0](https://vuldb.com/?ip.81.215.4.0) | 81.215.4.0.dynamic.ttnet.com.tr | - | High
6238 | [81.248.0.0](https://vuldb.com/?ip.81.248.0.0) | llamentin-656-1-41-net.w81-248.abo.wanadoo.fr | - | High
6239 | [81.248.16.0](https://vuldb.com/?ip.81.248.16.0) | lpointe-a-pitre-656-1-6-net.w81-248.abo.wanadoo.fr | - | High
6240 | [81.248.24.0](https://vuldb.com/?ip.81.248.24.0) | lpointe-a-pitre-656-1-33-net.w81-248.abo.wanadoo.fr | - | High
6241 | [81.248.28.0](https://vuldb.com/?ip.81.248.28.0) | lpointe-a-pitre-656-1-14-net.w81-248.abo.wanadoo.fr | - | High
6242 | [81.248.30.0](https://vuldb.com/?ip.81.248.30.0) | lpointe-a-pitre-656-1-36-net.w81-248.abo.wanadoo.fr | - | High
6243 | [81.248.64.0](https://vuldb.com/?ip.81.248.64.0) | llamentin-656-1-1-net.w81-248.abo.wanadoo.fr | - | High
6244 | [81.248.128.0](https://vuldb.com/?ip.81.248.128.0) | lpointe-a-pitre-656-1-47-net.w81-248.abo.wanadoo.fr | - | High
6245 | [81.252.248.0](https://vuldb.com/?ip.81.252.248.0) | 0-248.252-81.static-ip.oleane.fr | - | High
6246 | [82.102.29.0](https://vuldb.com/?ip.82.102.29.0) | te-1-1-1-0.bb1.man1.uk.m247.com | - | High
6247 | [82.102.30.0](https://vuldb.com/?ip.82.102.30.0) | daumier.goforthmusic.com | - | High
6248 | [82.115.0.0](https://vuldb.com/?ip.82.115.0.0) | - | - | High
6249 | [82.115.8.0](https://vuldb.com/?ip.82.115.8.0) | - | - | High
6250 | [82.115.12.0](https://vuldb.com/?ip.82.115.12.0) | - | - | High
6251 | [82.115.14.0](https://vuldb.com/?ip.82.115.14.0) | - | - | High
6252 | [82.115.16.0](https://vuldb.com/?ip.82.115.16.0) | - | - | High
6253 | [82.115.19.0](https://vuldb.com/?ip.82.115.19.0) | - | - | High
6254 | [82.115.30.0](https://vuldb.com/?ip.82.115.30.0) | - | - | High
6255 | [82.116.159.0](https://vuldb.com/?ip.82.116.159.0) | - | - | High
6256 | [82.118.234.0](https://vuldb.com/?ip.82.118.234.0) | - | - | High
6257 | [82.138.132.0](https://vuldb.com/?ip.82.138.132.0) | - | - | High
6258 | [82.138.135.0](https://vuldb.com/?ip.82.138.135.0) | - | - | High
6259 | [82.138.136.0](https://vuldb.com/?ip.82.138.136.0) | - | - | High
6260 | [82.138.142.0](https://vuldb.com/?ip.82.138.142.0) | - | - | High
6261 | [82.150.100.0](https://vuldb.com/?ip.82.150.100.0) | - | - | High
6262 | [82.150.112.0](https://vuldb.com/?ip.82.150.112.0) | - | - | High
6263 | [82.163.48.0](https://vuldb.com/?ip.82.163.48.0) | - | - | High
6264 | [82.163.141.0](https://vuldb.com/?ip.82.163.141.0) | payoneer.com | - | High
6265 | [82.163.141.128](https://vuldb.com/?ip.82.163.141.128) | payoneer.com | - | High
6266 | [82.163.141.192](https://vuldb.com/?ip.82.163.141.192) | payoneer.com | - | High
6267 | [82.163.141.224](https://vuldb.com/?ip.82.163.141.224) | payoneer.com | - | High
6268 | [82.163.141.240](https://vuldb.com/?ip.82.163.141.240) | - | - | High
6269 | [82.163.141.248](https://vuldb.com/?ip.82.163.141.248) | payoneer.com | - | High
6270 | [82.163.141.252](https://vuldb.com/?ip.82.163.141.252) | payoneer.com | - | High
6271 | [82.163.141.254](https://vuldb.com/?ip.82.163.141.254) | payoneer.com | - | High
6272 | [82.163.248.0](https://vuldb.com/?ip.82.163.248.0) | - | - | High
6273 | [82.163.250.0](https://vuldb.com/?ip.82.163.250.0) | - | - | High
6274 | [82.195.165.194](https://vuldb.com/?ip.82.195.165.194) | - | - | High
6275 | [82.195.173.246](https://vuldb.com/?ip.82.195.173.246) | - | - | High
6276 | [82.195.180.240](https://vuldb.com/?ip.82.195.180.240) | - | - | High
6277 | [82.195.180.243](https://vuldb.com/?ip.82.195.180.243) | - | - | High
6278 | [82.196.58.0](https://vuldb.com/?ip.82.196.58.0) | - | - | High
6279 | [82.196.58.32](https://vuldb.com/?ip.82.196.58.32) | - | - | High
6280 | [82.198.3.120](https://vuldb.com/?ip.82.198.3.120) | 82.198.3.120.satgate.net | - | High
6281 | [82.198.3.128](https://vuldb.com/?ip.82.198.3.128) | 82.198.3.128.satgate.net | - | High
6282 | [82.198.3.252](https://vuldb.com/?ip.82.198.3.252) | 82.198.3.252.satgate.net | - | High
6283 | [82.199.136.96](https://vuldb.com/?ip.82.199.136.96) | - | - | High
6284 | [82.199.141.0](https://vuldb.com/?ip.82.199.141.0) | trendhosting.cloud | - | High
6285 | [82.205.130.0](https://vuldb.com/?ip.82.205.130.0) | - | - | High
6286 | [82.205.131.0](https://vuldb.com/?ip.82.205.131.0) | - | - | High
6287 | [82.205.224.0](https://vuldb.com/?ip.82.205.224.0) | - | - | High
6288 | [82.214.192.0](https://vuldb.com/?ip.82.214.192.0) | - | - | High
6289 | [83.136.180.0](https://vuldb.com/?ip.83.136.180.0) | - | - | High
6290 | [83.136.218.0](https://vuldb.com/?ip.83.136.218.0) | - | - | High
6291 | [83.143.112.0](https://vuldb.com/?ip.83.143.112.0) | - | - | High
6292 | [83.143.118.0](https://vuldb.com/?ip.83.143.118.0) | - | - | High
6293 | [83.143.119.0](https://vuldb.com/?ip.83.143.119.0) | - | - | High
6294 | [83.143.119.32](https://vuldb.com/?ip.83.143.119.32) | 32-119-143-83.azzatine.org.uk | - | High
6295 | [83.143.119.80](https://vuldb.com/?ip.83.143.119.80) | 80-119-143-83.bluratch.site | - | High
6296 | [83.143.119.96](https://vuldb.com/?ip.83.143.119.96) | 96-119-143-83.bluratch.site | - | High
6297 | [83.143.119.128](https://vuldb.com/?ip.83.143.119.128) | 128-119-143-83.backbanks.org.uk | - | High
6298 | [83.143.246.0](https://vuldb.com/?ip.83.143.246.0) | - | - | High
6299 | [83.150.238.0](https://vuldb.com/?ip.83.150.238.0) | - | - | High
6300 | [83.151.96.0](https://vuldb.com/?ip.83.151.96.0) | - | - | High
6301 | [83.151.116.0](https://vuldb.com/?ip.83.151.116.0) | - | - | High
6302 | [83.151.198.0](https://vuldb.com/?ip.83.151.198.0) | - | - | High
6303 | [83.167.33.0](https://vuldb.com/?ip.83.167.33.0) | - | - | High
6304 | [83.168.246.0](https://vuldb.com/?ip.83.168.246.0) | - | - | High
6305 | [83.171.200.0](https://vuldb.com/?ip.83.171.200.0) | - | - | High
6306 | [83.171.254.0](https://vuldb.com/?ip.83.171.254.0) | - | - | High
6307 | [83.203.0.0](https://vuldb.com/?ip.83.203.0.0) | alamentin-651-1-87-net.w83-203.abo.wanadoo.fr | - | High
6308 | [83.203.64.0](https://vuldb.com/?ip.83.203.64.0) | alamentin-652-1-30-net.w83-203.abo.wanadoo.fr | - | High
6309 | [83.203.104.0](https://vuldb.com/?ip.83.203.104.0) | alamentin-552-1-68-net.w83-203.abo.wanadoo.fr | - | High
6310 | [83.203.112.0](https://vuldb.com/?ip.83.203.112.0) | alamentin-651-1-136-net.w83-203.abo.wanadoo.fr | - | High
6311 | [83.203.128.0](https://vuldb.com/?ip.83.203.128.0) | alamentin-651-1-51-net.w83-203.abo.wanadoo.fr | - | High
6312 | [83.203.192.0](https://vuldb.com/?ip.83.203.192.0) | alamentin-652-1-16-net.w83-203.abo.wanadoo.fr | - | High
6313 | [83.203.200.0](https://vuldb.com/?ip.83.203.200.0) | alamentin-652-1-41-net.w83-203.abo.wanadoo.fr | - | High
6314 | [83.203.204.0](https://vuldb.com/?ip.83.203.204.0) | alamentin-105-1-102-net.w83-203.abo.wanadoo.fr | - | High
6315 | [83.203.206.0](https://vuldb.com/?ip.83.203.206.0) | alamentin-652-1-44-net.w83-203.abo.wanadoo.fr | - | High
6316 | [83.203.208.0](https://vuldb.com/?ip.83.203.208.0) | alamentin-652-1-70-net.w83-203.abo.wanadoo.fr | - | High
6317 | [83.203.216.0](https://vuldb.com/?ip.83.203.216.0) | alamentin-106-1-168-net.w83-203.abo.wanadoo.fr | - | High
6318 | [83.203.220.0](https://vuldb.com/?ip.83.203.220.0) | alamentin-107-1-67-net.w83-203.abo.wanadoo.fr | - | High
6319 | [83.203.222.0](https://vuldb.com/?ip.83.203.222.0) | alamentin-107-1-69-net.w83-203.abo.wanadoo.fr | - | High
6320 | [83.203.232.0](https://vuldb.com/?ip.83.203.232.0) | alamentin-552-1-81-net.w83-203.abo.wanadoo.fr | - | High
6321 | [83.203.240.0](https://vuldb.com/?ip.83.203.240.0) | alamentin-651-1-144-net.w83-203.abo.wanadoo.fr | - | High
6322 | [83.219.96.0](https://vuldb.com/?ip.83.219.96.0) | - | - | High
6323 | [84.17.44.0](https://vuldb.com/?ip.84.17.44.0) | - | - | High
6324 | [84.17.183.11](https://vuldb.com/?ip.84.17.183.11) | - | - | High
6325 | [84.19.36.176](https://vuldb.com/?ip.84.19.36.176) | u84-19-36-176.user.bwd.cust.vaioni.com | - | High
6326 | [84.21.40.0](https://vuldb.com/?ip.84.21.40.0) | - | - | High
6327 | [84.21.53.0](https://vuldb.com/?ip.84.21.53.0) | - | - | High
6328 | [84.21.189.0](https://vuldb.com/?ip.84.21.189.0) | - | - | High
6329 | [84.21.190.0](https://vuldb.com/?ip.84.21.190.0) | - | - | High
6330 | [84.38.200.0](https://vuldb.com/?ip.84.38.200.0) | - | - | High
6331 | [84.39.136.0](https://vuldb.com/?ip.84.39.136.0) | - | - | High
6332 | [84.40.16.0](https://vuldb.com/?ip.84.40.16.0) | - | - | High
6333 | [84.53.140.0](https://vuldb.com/?ip.84.53.140.0) | a84-53-140-0.deploy.static.akamaitechnologies.com | - | High
6334 | [84.53.146.0](https://vuldb.com/?ip.84.53.146.0) | a84-53-146-0.deploy.static.akamaitechnologies.com | - | High
6335 | [84.53.156.0](https://vuldb.com/?ip.84.53.156.0) | a84-53-156-0.deploy.static.akamaitechnologies.com | - | High
6336 | [84.53.172.0](https://vuldb.com/?ip.84.53.172.0) | a84-53-172-0.deploy.static.akamaitechnologies.com | - | High
6337 | [84.54.20.0](https://vuldb.com/?ip.84.54.20.0) | - | - | High
6338 | [84.54.49.0](https://vuldb.com/?ip.84.54.49.0) | hosted-by.technox.com.tr | - | High
6339 | [84.54.50.0](https://vuldb.com/?ip.84.54.50.0) | - | - | High
6340 | [84.63.160.69](https://vuldb.com/?ip.84.63.160.69) | dslb-084-063-160-069.084.063.pools.vodafone-ip.de | - | High
6341 | [84.233.183.144](https://vuldb.com/?ip.84.233.183.144) | - | - | High
6342 | [84.245.16.0](https://vuldb.com/?ip.84.245.16.0) | - | - | High
6343 | [84.245.32.0](https://vuldb.com/?ip.84.245.32.0) | - | - | High
6344 | [84.247.2.0](https://vuldb.com/?ip.84.247.2.0) | - | - | High
6345 | [84.247.59.0](https://vuldb.com/?ip.84.247.59.0) | - | - | High
6346 | [85.8.148.0](https://vuldb.com/?ip.85.8.148.0) | - | - | High
6347 | [85.9.29.50](https://vuldb.com/?ip.85.9.29.50) | - | - | High
6348 | [85.31.93.0](https://vuldb.com/?ip.85.31.93.0) | - | - | High
6349 | [85.92.152.0](https://vuldb.com/?ip.85.92.152.0) | - | - | High
6350 | [85.112.31.48](https://vuldb.com/?ip.85.112.31.48) | - | - | High
6351 | [85.112.31.64](https://vuldb.com/?ip.85.112.31.64) | - | - | High
6352 | [85.115.40.0](https://vuldb.com/?ip.85.115.40.0) | - | - | High
6353 | [85.117.240.0](https://vuldb.com/?ip.85.117.240.0) | - | - | High
6354 | [85.117.242.0](https://vuldb.com/?ip.85.117.242.0) | - | - | High
6355 | [85.187.128.0](https://vuldb.com/?ip.85.187.128.0) | - | - | High
6356 | [85.190.152.0](https://vuldb.com/?ip.85.190.152.0) | - | - | High
6357 | [85.190.156.0](https://vuldb.com/?ip.85.190.156.0) | - | - | High
6358 | [85.190.227.0](https://vuldb.com/?ip.85.190.227.0) | - | - | High
6359 | [85.190.228.0](https://vuldb.com/?ip.85.190.228.0) | - | - | High
6360 | [85.190.254.0](https://vuldb.com/?ip.85.190.254.0) | ip-85-190-254-0.static.contabo.net | - | High
6361 | [85.202.81.0](https://vuldb.com/?ip.85.202.81.0) | - | - | High
6362 | [85.202.82.0](https://vuldb.com/?ip.85.202.82.0) | - | - | High
6363 | [85.202.172.0](https://vuldb.com/?ip.85.202.172.0) | - | - | High
6364 | [85.203.7.0](https://vuldb.com/?ip.85.203.7.0) | - | - | High
6365 | [85.203.23.0](https://vuldb.com/?ip.85.203.23.0) | - | - | High
6366 | [85.203.27.0](https://vuldb.com/?ip.85.203.27.0) | - | - | High
6367 | [85.203.32.0](https://vuldb.com/?ip.85.203.32.0) | - | - | High
6368 | [85.203.35.0](https://vuldb.com/?ip.85.203.35.0) | - | - | High
6369 | [85.203.36.0](https://vuldb.com/?ip.85.203.36.0) | - | - | High
6370 | [85.203.38.0](https://vuldb.com/?ip.85.203.38.0) | - | - | High
6371 | [85.203.48.0](https://vuldb.com/?ip.85.203.48.0) | visit.keznews.com | - | High
6372 | [85.203.54.0](https://vuldb.com/?ip.85.203.54.0) | - | - | High
6373 | [85.203.56.0](https://vuldb.com/?ip.85.203.56.0) | visit.keznews.com | - | High
6374 | [85.204.28.0](https://vuldb.com/?ip.85.204.28.0) | - | - | High
6375 | [85.208.34.0](https://vuldb.com/?ip.85.208.34.0) | - | - | High
6376 | [85.208.73.0](https://vuldb.com/?ip.85.208.73.0) | - | - | High
6377 | [85.208.74.0](https://vuldb.com/?ip.85.208.74.0) | - | - | High
6378 | [85.208.85.0](https://vuldb.com/?ip.85.208.85.0) | - | - | High
6379 | [85.208.86.0](https://vuldb.com/?ip.85.208.86.0) | - | - | High
6380 | [85.208.108.0](https://vuldb.com/?ip.85.208.108.0) | 0.108-208-85.rdns.scalabledns.com | - | High
6381 | [85.208.116.0](https://vuldb.com/?ip.85.208.116.0) | 0.116-208-85.rdns.scalabledns.com | - | High
6382 | [85.208.120.0](https://vuldb.com/?ip.85.208.120.0) | - | - | High
6383 | [85.208.136.0](https://vuldb.com/?ip.85.208.136.0) | - | - | High
6384 | [85.208.154.3](https://vuldb.com/?ip.85.208.154.3) | - | - | High
6385 | [85.208.209.0](https://vuldb.com/?ip.85.208.209.0) | - | - | High
6386 | [85.208.210.0](https://vuldb.com/?ip.85.208.210.0) | - | - | High
6387 | [85.209.40.0](https://vuldb.com/?ip.85.209.40.0) | - | - | High
6388 | [85.209.76.0](https://vuldb.com/?ip.85.209.76.0) | - | - | High
6389 | [85.209.84.0](https://vuldb.com/?ip.85.209.84.0) | - | - | High
6390 | [85.209.131.0](https://vuldb.com/?ip.85.209.131.0) | - | - | High
6391 | [85.209.132.0](https://vuldb.com/?ip.85.209.132.0) | - | - | High
6392 | [85.209.136.0](https://vuldb.com/?ip.85.209.136.0) | - | - | High
6393 | [85.209.149.0](https://vuldb.com/?ip.85.209.149.0) | - | - | High
6394 | [85.209.150.0](https://vuldb.com/?ip.85.209.150.0) | - | - | High
6395 | [85.209.152.0](https://vuldb.com/?ip.85.209.152.0) | 0.152-209-85.rdns.scalabledns.com | - | High
6396 | [85.209.164.0](https://vuldb.com/?ip.85.209.164.0) | - | - | High
6397 | [85.209.192.0](https://vuldb.com/?ip.85.209.192.0) | 0.192-209-85.rdns.scalabledns.com | - | High
6398 | [85.209.204.0](https://vuldb.com/?ip.85.209.204.0) | - | - | High
6399 | [85.209.228.0](https://vuldb.com/?ip.85.209.228.0) | - | - | High
6400 | [85.209.252.0](https://vuldb.com/?ip.85.209.252.0) | - | - | High
6401 | [85.234.20.0](https://vuldb.com/?ip.85.234.20.0) | 000.20.234.85.chtts.ru | - | High
6402 | [85.234.20.8](https://vuldb.com/?ip.85.234.20.8) | 008.20.234.85.chtts.ru | - | High
6403 | [85.234.20.10](https://vuldb.com/?ip.85.234.20.10) | 010.20.234.85.chtts.ru | - | High
6404 | [85.234.20.12](https://vuldb.com/?ip.85.234.20.12) | 012.20.234.85.chtts.ru | - | High
6405 | [85.234.20.16](https://vuldb.com/?ip.85.234.20.16) | 016.20.234.85.chtts.ru | - | High
6406 | [85.234.20.32](https://vuldb.com/?ip.85.234.20.32) | 032.20.234.85.chtts.ru | - | High
6407 | [85.234.20.64](https://vuldb.com/?ip.85.234.20.64) | 064.20.234.85.chtts.ru | - | High
6408 | [85.234.20.128](https://vuldb.com/?ip.85.234.20.128) | 128.20.234.85.chtts.ru | - | High
6409 | [85.237.219.0](https://vuldb.com/?ip.85.237.219.0) | - | - | High
6410 | [85.255.80.0](https://vuldb.com/?ip.85.255.80.0) | - | - | High
6411 | [86.62.56.0](https://vuldb.com/?ip.86.62.56.0) | - | - | High
6412 | [86.104.209.0](https://vuldb.com/?ip.86.104.209.0) | - | - | High
6413 | [86.104.222.0](https://vuldb.com/?ip.86.104.222.0) | - | - | High
6414 | [86.104.224.0](https://vuldb.com/?ip.86.104.224.0) | - | - | High
6415 | [86.105.96.0](https://vuldb.com/?ip.86.105.96.0) | - | - | High
6416 | [86.106.28.0](https://vuldb.com/?ip.86.106.28.0) | - | - | High
6417 | [86.106.138.0](https://vuldb.com/?ip.86.106.138.0) | - | - | High
6418 | [86.106.140.0](https://vuldb.com/?ip.86.106.140.0) | - | - | High
6419 | [86.106.152.0](https://vuldb.com/?ip.86.106.152.0) | - | - | High
6420 | [86.107.48.0](https://vuldb.com/?ip.86.107.48.0) | - | - | High
6421 | [86.107.62.0](https://vuldb.com/?ip.86.107.62.0) | - | - | High
6422 | [86.107.108.0](https://vuldb.com/?ip.86.107.108.0) | - | - | High
6423 | [86.111.180.60](https://vuldb.com/?ip.86.111.180.60) | . | - | High
6424 | [86.111.191.232](https://vuldb.com/?ip.86.111.191.232) | - | - | High
6425 | [86.111.191.254](https://vuldb.com/?ip.86.111.191.254) | - | - | High
6426 | [86.130.214.127](https://vuldb.com/?ip.86.130.214.127) | host86-130-214-127.range86-130.btcentralplus.com | - | High
6427 | [87.101.48.0](https://vuldb.com/?ip.87.101.48.0) | - | - | High
6428 | [87.101.92.0](https://vuldb.com/?ip.87.101.92.0) | - | - | High
6429 | [87.101.95.0](https://vuldb.com/?ip.87.101.95.0) | - | - | High
6430 | [87.121.136.0](https://vuldb.com/?ip.87.121.136.0) | - | - | High
6431 | [87.121.216.0](https://vuldb.com/?ip.87.121.216.0) | - | - | High
6432 | [87.236.208.64](https://vuldb.com/?ip.87.236.208.64) | onworkshop.help | - | High
6433 | [87.236.208.128](https://vuldb.com/?ip.87.236.208.128) | - | - | High
6434 | [87.237.98.136](https://vuldb.com/?ip.87.237.98.136) | - | - | High
6435 | [87.239.136.0](https://vuldb.com/?ip.87.239.136.0) | - | - | High
6436 | [87.250.160.0](https://vuldb.com/?ip.87.250.160.0) | - | - | High
6437 | [87.252.101.0](https://vuldb.com/?ip.87.252.101.0) | - | - | High
6438 | [87.254.200.0](https://vuldb.com/?ip.87.254.200.0) | - | - | High
6439 | [88.83.0.0](https://vuldb.com/?ip.88.83.0.0) | host-88-83-0-0.adsl.gl | - | High
6440 | [88.98.19.0](https://vuldb.com/?ip.88.98.19.0) | 88-98-19-0.g3ns.net | - | High
6441 | [88.119.174.0](https://vuldb.com/?ip.88.119.174.0) | - | - | High
6442 | [88.135.96.0](https://vuldb.com/?ip.88.135.96.0) | - | - | High
6443 | [88.151.228.0](https://vuldb.com/?ip.88.151.228.0) | 88.151.228.0.itcglobal.net | - | High
6444 | [88.202.178.96](https://vuldb.com/?ip.88.202.178.96) | 88.202.178.96.static.midphase.com | - | High
6445 | [88.202.184.222](https://vuldb.com/?ip.88.202.184.222) | ctdr9.todayclaim.net | - | High
6446 | [88.202.184.248](https://vuldb.com/?ip.88.202.184.248) | rvsm.ch | - | High
6447 | [88.205.100.68](https://vuldb.com/?ip.88.205.100.68) | - | - | High
6448 | [88.205.101.64](https://vuldb.com/?ip.88.205.101.64) | - | - | High
6449 | [88.205.103.160](https://vuldb.com/?ip.88.205.103.160) | 160.103.205.88.in-addr.arpa | - | High
6450 | [88.205.104.16](https://vuldb.com/?ip.88.205.104.16) | - | - | High
6451 | [88.208.9.0](https://vuldb.com/?ip.88.208.9.0) | - | - | High
6452 | [88.214.52.0](https://vuldb.com/?ip.88.214.52.0) | - | - | High
6453 | [88.214.212.0](https://vuldb.com/?ip.88.214.212.0) | - | - | High
6454 | [88.218.65.0](https://vuldb.com/?ip.88.218.65.0) | - | - | High
6455 | [88.218.66.0](https://vuldb.com/?ip.88.218.66.0) | - | - | High
6456 | [88.218.76.0](https://vuldb.com/?ip.88.218.76.0) | - | - | High
6457 | [88.218.104.0](https://vuldb.com/?ip.88.218.104.0) | - | - | High
6458 | [88.218.200.0](https://vuldb.com/?ip.88.218.200.0) | - | - | High
6459 | [88.218.207.0](https://vuldb.com/?ip.88.218.207.0) | - | - | High
6460 | [89.3.240.0](https://vuldb.com/?ip.89.3.240.0) | ip-0.net-89-3-240.rev.numericable.fr | - | High
6461 | [89.16.0.0](https://vuldb.com/?ip.89.16.0.0) | - | - | High
6462 | [89.20.50.0](https://vuldb.com/?ip.89.20.50.0) | - | - | High
6463 | [89.21.64.0](https://vuldb.com/?ip.89.21.64.0) | - | - | High
6464 | [89.28.210.0](https://vuldb.com/?ip.89.28.210.0) | - | - | High
6465 | [89.30.33.0](https://vuldb.com/?ip.89.30.33.0) | - | - | High
6466 | [89.31.240.0](https://vuldb.com/?ip.89.31.240.0) | - | - | High
6467 | [89.32.64.0](https://vuldb.com/?ip.89.32.64.0) | red-89-32-64.telecablesantapola.es | - | High
6468 | [89.33.192.0](https://vuldb.com/?ip.89.33.192.0) | - | - | High
6469 | [89.34.103.0](https://vuldb.com/?ip.89.34.103.0) | - | - | High
6470 | [89.35.78.0](https://vuldb.com/?ip.89.35.78.0) | - | - | High
6471 | [89.35.90.0](https://vuldb.com/?ip.89.35.90.0) | - | - | High
6472 | [89.35.104.32](https://vuldb.com/?ip.89.35.104.32) | - | - | High
6473 | [89.35.106.0](https://vuldb.com/?ip.89.35.106.0) | - | - | High
6474 | [89.35.164.0](https://vuldb.com/?ip.89.35.164.0) | - | - | High
6475 | [89.36.32.0](https://vuldb.com/?ip.89.36.32.0) | - | - | High
6476 | [89.36.90.0](https://vuldb.com/?ip.89.36.90.0) | - | - | High
6477 | [89.36.231.0](https://vuldb.com/?ip.89.36.231.0) | - | - | High
6478 | [89.36.236.0](https://vuldb.com/?ip.89.36.236.0) | - | - | High
6479 | [89.37.60.0](https://vuldb.com/?ip.89.37.60.0) | - | - | High
6480 | [89.37.106.0](https://vuldb.com/?ip.89.37.106.0) | - | - | High
6481 | [89.37.216.0](https://vuldb.com/?ip.89.37.216.0) | - | - | High
6482 | [89.37.228.0](https://vuldb.com/?ip.89.37.228.0) | - | - | High
6483 | [89.37.236.0](https://vuldb.com/?ip.89.37.236.0) | - | - | High
6484 | [89.38.60.0](https://vuldb.com/?ip.89.38.60.0) | - | - | High
6485 | [89.39.69.0](https://vuldb.com/?ip.89.39.69.0) | - | - | High
6486 | [89.39.172.0](https://vuldb.com/?ip.89.39.172.0) | - | - | High
6487 | [89.39.184.0](https://vuldb.com/?ip.89.39.184.0) | - | - | High
6488 | [89.39.202.0](https://vuldb.com/?ip.89.39.202.0) | - | - | High
6489 | [89.39.255.0](https://vuldb.com/?ip.89.39.255.0) | - | - | High
6490 | [89.40.207.0](https://vuldb.com/?ip.89.40.207.0) | - | - | High
6491 | [89.40.216.0](https://vuldb.com/?ip.89.40.216.0) | - | - | High
6492 | ... | ... | ... | ...
There are 23963 more IOC items available. Please use our online service to access the data.
There are 25963 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -6022,14 +6522,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80, CWE-87 | Cross Site Scripting | High
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
1 | T1006 | CWE-21, CWE-22, CWE-36 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
There are 21 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -6037,63 +6537,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.php.gif` | Medium
2 | File | `//proc/kcore` | Medium
3 | File | `/?admin/user.html` | High
4 | File | `/admin.php?action=themeinstall` | High
5 | File | `/Admin/add-student.php` | High
6 | File | `/admin/ajax/avatar.php` | High
7 | File | `/Admin/login.php` | High
8 | File | `/admin/sql` | Medium
9 | File | `/admin/students/manage.php` | High
10 | File | `/admin/users.php?source=edit_user&id=1` | High
11 | File | `/api/RecordingList/DownloadRecord?file=` | High
12 | File | `/api/user/upsert/<uuid>` | High
13 | File | `/apilog.php` | Medium
14 | File | `/buspassms/download-pass.php` | High
15 | File | `/category.php` | High
16 | File | `/changePassword` | High
17 | File | `/connectors/index.php` | High
18 | File | `/core/conditions/AbstractWrapper.java` | High
19 | File | `/csms/admin/?page=system_info` | High
20 | File | `/csms/admin/?page=user/manage_user` | High
21 | File | `/dev/mmz_userdev` | High
22 | File | `/diagnostic/editcategory.php` | High
23 | File | `/ebics-server/ebics.aspx` | High
24 | File | `/employeeview.php` | High
25 | File | `/etc/grafana/grafana.ini` | High
26 | File | `/fantasticblog/single.php` | High
27 | File | `/forum/away.php` | High
28 | File | `/goform/doReboot` | High
29 | File | `/goform/wizard_end` | High
30 | File | `/h/calendar` | Medium
31 | File | `/h/compose` | Medium
32 | File | `/h/search?action=voicemail&action=listen` | High
33 | File | `/index.asp` | Medium
34 | File | `/index.php` | Medium
35 | File | `/items/view_item.php` | High
36 | File | `/jsoa/hntdCustomDesktopActionContent` | High
37 | File | `/manager/index.php` | High
38 | File | `/medical/inventories.php` | High
39 | File | `/modules/profile/index.php` | High
40 | File | `/modules/projects/vw_files.php` | High
41 | File | `/modules/public/calendar.php` | High
42 | File | `/net/nfc/netlink.c` | High
43 | File | `/newsDia.php` | Medium
44 | File | `/opac/Actions.php?a=login` | High
45 | File | `/out.php` | Medium
46 | File | `/php-sms/admin/` | High
47 | File | `/php-sms/classes/Master.php` | High
48 | File | `/php-sms/classes/SystemSettings.php` | High
49 | File | `/php_action/createOrder.php` | High
50 | File | `/php_action/editProductImage.php` | High
51 | File | `/requests.php` | High
52 | File | `/ResiotQueryDBActive` | High
53 | File | `/sacco_shield/manage_user.php` | High
54 | File | `/secure/QueryComponent!Default.jspa` | High
55 | ... | ... | ...
1 | File | `/admin.php/Admin/adminadd.html` | High
2 | File | `/admin/edit.php` | High
3 | File | `/admin/settings/save.php` | High
4 | File | `/admin/sign/out` | High
5 | File | `/admin/subnets/ripe-query.php` | High
6 | File | `/api/v1/attack/falco` | High
7 | File | `/api/v1/attack/token` | High
8 | File | `/api/v2/open/tablesInfo` | High
9 | File | `/balance/service/list` | High
10 | File | `/debug/pprof` | Medium
11 | File | `/depotHead/list` | High
12 | File | `/forum/away.php` | High
13 | File | `/goform/setSysAdm` | High
14 | File | `/HNAP1` | Low
15 | File | `/index.php` | Medium
16 | File | `/index.php/purchase_order/browse_data` | High
17 | File | `/lilac/main.php` | High
18 | File | `/module/admin_bp/add_application.php` | High
19 | File | `/module/report_event/index.php` | High
20 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
21 | File | `/out.php` | Medium
22 | File | `/php-sms/classes/Master.php?f=save_quote` | High
23 | File | `/plugin/getList` | High
24 | File | `/project/PROJECTNAME/reports/` | High
25 | File | `/proxy` | Low
26 | File | `/spip.php` | Medium
27 | File | `/sys/duplicate/check` | High
28 | File | `/tmp` | Low
29 | File | `/usr/bin/pkexec` | High
30 | File | `/usr/sbin/httpd` | High
31 | File | `/var/log/nginx` | High
32 | File | `/wp-content/plugins/updraftplus/admin.php` | High
33 | ... | ... | ...
There are 479 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 282 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Nymaim/README.md
View File

@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Nymaim:
* [US](https://vuldb.com/?country.us)
* [BG](https://vuldb.com/?country.bg)
* [RU](https://vuldb.com/?country.ru)
* [DE](https://vuldb.com/?country.de)
* ...
There are 5 more country items available. Please use our online service to access the data.

46
actors/OceanLotus/README.md
View File

@ -29,29 +29,30 @@ ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [37.59.198.130](https://vuldb.com/?ip.37.59.198.130) | - | - | High
2 | [37.59.198.131](https://vuldb.com/?ip.37.59.198.131) | - | - | High
3 | [45.9.239.34](https://vuldb.com/?ip.45.9.239.34) | 45.9.239.34.deltahost-ptr | - | High
4 | [45.9.239.45](https://vuldb.com/?ip.45.9.239.45) | 45.9.239.45.deltahost-ptr | - | High
5 | [45.9.239.77](https://vuldb.com/?ip.45.9.239.77) | 45.9.239.77.deltahost-ptr | - | High
6 | [45.9.239.110](https://vuldb.com/?ip.45.9.239.110) | 45.9.239.110.deltahost-ptr | - | High
7 | [45.9.239.139](https://vuldb.com/?ip.45.9.239.139) | 45.9.239.139.deltahost-ptr | - | High
8 | [45.32.100.179](https://vuldb.com/?ip.45.32.100.179) | 45.32.100.179.vultr.com | - | Medium
9 | [45.32.114.49](https://vuldb.com/?ip.45.32.114.49) | 45.32.114.49.vultr.com | - | Medium
10 | [45.76.179.28](https://vuldb.com/?ip.45.76.179.28) | 45.76.179.28.vultr.com | - | Medium
11 | [45.76.179.151](https://vuldb.com/?ip.45.76.179.151) | 45.76.179.151.vultr.com | - | Medium
12 | [45.114.117.164](https://vuldb.com/?ip.45.114.117.164) | folien.reisnart.com | - | High
13 | [46.183.220.81](https://vuldb.com/?ip.46.183.220.81) | ip-220-81.dataclub.info | - | High
14 | [46.183.220.82](https://vuldb.com/?ip.46.183.220.82) | ip-220-82.dataclub.info | - | High
15 | [46.183.221.188](https://vuldb.com/?ip.46.183.221.188) | ip-221-188.dataclub.info | - | High
16 | [46.183.221.189](https://vuldb.com/?ip.46.183.221.189) | ip-221-189.dataclub.info | - | High
17 | [46.183.221.190](https://vuldb.com/?ip.46.183.221.190) | ip-221-190.dataclub.info | - | High
18 | [46.183.222.82](https://vuldb.com/?ip.46.183.222.82) | ip-222-82.dataclub.info | - | High
19 | [46.183.222.83](https://vuldb.com/?ip.46.183.222.83) | ip-222-83.dataclub.info | - | High
20 | [46.183.222.84](https://vuldb.com/?ip.46.183.222.84) | ip-222-84.dataclub.info | - | High
21 | [46.183.223.106](https://vuldb.com/?ip.46.183.223.106) | ip-223-106.dataclub.info | - | High
22 | [46.183.223.107](https://vuldb.com/?ip.46.183.223.107) | ip-223-107.dataclub.info | - | High
23 | ... | ... | ... | ...
3 | [43.251.100.20](https://vuldb.com/?ip.43.251.100.20) | - | - | High
4 | [43.254.217.67](https://vuldb.com/?ip.43.254.217.67) | - | - | High
5 | [45.9.239.34](https://vuldb.com/?ip.45.9.239.34) | 45.9.239.34.deltahost-ptr | - | High
6 | [45.9.239.45](https://vuldb.com/?ip.45.9.239.45) | 45.9.239.45.deltahost-ptr | - | High
7 | [45.9.239.77](https://vuldb.com/?ip.45.9.239.77) | 45.9.239.77.deltahost-ptr | - | High
8 | [45.9.239.110](https://vuldb.com/?ip.45.9.239.110) | 45.9.239.110.deltahost-ptr | - | High
9 | [45.9.239.139](https://vuldb.com/?ip.45.9.239.139) | 45.9.239.139.deltahost-ptr | - | High
10 | [45.32.100.179](https://vuldb.com/?ip.45.32.100.179) | 45.32.100.179.vultr.com | - | Medium
11 | [45.32.114.49](https://vuldb.com/?ip.45.32.114.49) | 45.32.114.49.vultr.com | - | Medium
12 | [45.76.179.28](https://vuldb.com/?ip.45.76.179.28) | 45.76.179.28.vultr.com | - | Medium
13 | [45.76.179.151](https://vuldb.com/?ip.45.76.179.151) | 45.76.179.151.vultr.com | - | Medium
14 | [45.114.117.164](https://vuldb.com/?ip.45.114.117.164) | folien.reisnart.com | - | High
15 | [46.183.220.81](https://vuldb.com/?ip.46.183.220.81) | ip-220-81.dataclub.info | - | High
16 | [46.183.220.82](https://vuldb.com/?ip.46.183.220.82) | ip-220-82.dataclub.info | - | High
17 | [46.183.221.188](https://vuldb.com/?ip.46.183.221.188) | ip-221-188.dataclub.info | - | High
18 | [46.183.221.189](https://vuldb.com/?ip.46.183.221.189) | ip-221-189.dataclub.info | - | High
19 | [46.183.221.190](https://vuldb.com/?ip.46.183.221.190) | ip-221-190.dataclub.info | - | High
20 | [46.183.222.82](https://vuldb.com/?ip.46.183.222.82) | ip-222-82.dataclub.info | - | High
21 | [46.183.222.83](https://vuldb.com/?ip.46.183.222.83) | ip-222-83.dataclub.info | - | High
22 | [46.183.222.84](https://vuldb.com/?ip.46.183.222.84) | ip-222-84.dataclub.info | - | High
23 | [46.183.223.106](https://vuldb.com/?ip.46.183.223.106) | ip-223-106.dataclub.info | - | High
24 | ... | ... | ... | ...
There are 90 more IOC items available. Please use our online service to access the data.
There are 92 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -84,6 +85,7 @@ There are 10 more IOA items available (file, library, argument, input value, pat
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://blogs.blackberry.com/en/2019/10/mobile-malware-and-apt-espionage-prolific-pervasive-and-cross-platform
* https://github.com/blackorbird/APT_REPORT/blob/master/Oceanlotus/apt32_report_2019.pdf
* https://github.com/eset/malware-ioc/tree/master/oceanlotus
* https://www.threatminer.org/report.php?q=ESET_OceanLotus.pdf&y=2018
* https://www.threatminer.org/report.php?q=OceanLotusBlossoms_MassDigitalSurveillanceandAttacksTargetingASEAN,AsianNations,theMedia,HumanRightsGroups,andCivilSociety_Volexity.pdf&y=2017

Some files were not shown because too many files have changed in this diff Show More