Update September 2023
This commit is contained in:
bovenliggende
a4924b8159
commit
8159b0c7b0
|
@ -96,7 +96,7 @@ ID | Type | Indicator | Confidence
|
|||
38 | File | `/services/Card/findUser` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 334 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,62 @@
|
|||
# AMOS - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AMOS](https://vuldb.com/?actor.amos). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.amos](https://vuldb.com/?actor.amos)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AMOS:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AMOS.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [37.220.87.16](https://vuldb.com/?ip.37.220.87.16) | ipn-37-220-87-16.artem-catv.ru | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AMOS_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1552 | CWE-522 | ASP.NET Misconfiguration: Password in Configuration File | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AMOS. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `ClipboardListener.java` | High
|
||||
2 | File | `index.html` | Medium
|
||||
3 | Argument | `Name/Referrer/Location/Comments` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://twitter.com/phd_phuc/status/1651002681798926337
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -21,10 +21,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CH](https://vuldb.com/?country.ch)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -86,41 +86,46 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/../conf/config.properties` | High
|
||||
2 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
3 | File | `/csms/admin/inquiries/view_details.php` | High
|
||||
4 | File | `/dashboard/updatelogo.php` | High
|
||||
5 | File | `/etc/openshift/server_priv.pem` | High
|
||||
6 | File | `/files.md5` | Medium
|
||||
7 | File | `/forum/away.php` | High
|
||||
8 | File | `/hrm/employeeview.php` | High
|
||||
9 | File | `/images/` | Medium
|
||||
10 | File | `/include/chart_generator.php` | High
|
||||
11 | File | `/index.php` | Medium
|
||||
12 | File | `/librarian/bookdetails.php` | High
|
||||
13 | File | `/login` | Low
|
||||
14 | File | `/members/view_member.php` | High
|
||||
15 | File | `/messageboard/view.php` | High
|
||||
16 | File | `/mkshop/Men/profile.php` | High
|
||||
17 | File | `/modules/profile/index.php` | High
|
||||
18 | File | `/Noxen-master/users.php` | High
|
||||
19 | File | `/one_church/userregister.php` | High
|
||||
20 | File | `/out.php` | Medium
|
||||
21 | File | `/owa/auth/logon.aspx` | High
|
||||
22 | File | `/public/plugins/` | High
|
||||
23 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
24 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
25 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
26 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
27 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
28 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
|
||||
29 | File | `/textpattern/index.php` | High
|
||||
30 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
31 | File | `4.edu.php` | Medium
|
||||
32 | File | `adclick.php` | Medium
|
||||
33 | File | `addentry.php` | Medium
|
||||
34 | File | `admin.cropcanvas.php` | High
|
||||
35 | ... | ... | ...
|
||||
3 | File | `/CCMAdmin/serverlist.asp` | High
|
||||
4 | File | `/cgi/get_param.cgi` | High
|
||||
5 | File | `/csms/admin/inquiries/view_details.php` | High
|
||||
6 | File | `/cstecgi.cgi` | Medium
|
||||
7 | File | `/dashboard/updatelogo.php` | High
|
||||
8 | File | `/etc/openshift/server_priv.pem` | High
|
||||
9 | File | `/files.md5` | Medium
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/hrm/employeeview.php` | High
|
||||
12 | File | `/images/` | Medium
|
||||
13 | File | `/include/chart_generator.php` | High
|
||||
14 | File | `/index.php` | Medium
|
||||
15 | File | `/librarian/bookdetails.php` | High
|
||||
16 | File | `/login` | Low
|
||||
17 | File | `/members/view_member.php` | High
|
||||
18 | File | `/messageboard/view.php` | High
|
||||
19 | File | `/mkshop/Men/profile.php` | High
|
||||
20 | File | `/modules/profile/index.php` | High
|
||||
21 | File | `/Noxen-master/users.php` | High
|
||||
22 | File | `/one_church/userregister.php` | High
|
||||
23 | File | `/out.php` | Medium
|
||||
24 | File | `/owa/auth/logon.aspx` | High
|
||||
25 | File | `/public/plugins/` | High
|
||||
26 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
27 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
29 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
30 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
31 | File | `/SVFE2/pages/feegroups/country_group.jsf` | High
|
||||
32 | File | `/textpattern/index.php` | High
|
||||
33 | File | `/upfile.cgi` | Medium
|
||||
34 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
35 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
36 | File | `4.edu.php` | Medium
|
||||
37 | File | `account_footer.php` | High
|
||||
38 | File | `adclick.php` | Medium
|
||||
39 | File | `add_edit_cat.asp` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 300 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 344 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -42,11 +42,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -62,7 +62,7 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `detail.php` | Medium
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 49 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 50 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -37,8 +37,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1222 | CWE-276 | Permission Issues | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1222 | CWE-276 | Permission Issues | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -46,8 +47,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `read.php` | Medium
|
||||
2 | Argument | `TID` | Low
|
||||
1 | File | `/admin/admin-profile.php` | High
|
||||
2 | File | `/search.php` | Medium
|
||||
3 | File | `read.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 3 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -15,8 +15,8 @@ The following _campaigns_ are known and can be associated with APT2:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT2:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FJ](https://vuldb.com/?country.fj)
|
||||
* [KR](https://vuldb.com/?country.kr)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
@ -64,7 +64,7 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `admin/admin/adminsave.html` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 27 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 28 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -109,56 +109,56 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/admin/subnets/ripe-query.php` | High
|
||||
3 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
4 | File | `/dashboard/updatelogo.php` | High
|
||||
5 | File | `/debug/pprof` | Medium
|
||||
6 | File | `/etc/openshift/server_priv.pem` | High
|
||||
7 | File | `/export` | Low
|
||||
8 | File | `/file?action=download&file` | High
|
||||
9 | File | `/hardware` | Medium
|
||||
10 | File | `/index.php` | Medium
|
||||
11 | File | `/librarian/bookdetails.php` | High
|
||||
12 | File | `/messageboard/view.php` | High
|
||||
13 | File | `/mgmt/tm/util/bash` | High
|
||||
14 | File | `/mkshop/Men/profile.php` | High
|
||||
15 | File | `/modules/projects/vw_files.php` | High
|
||||
16 | File | `/monitoring` | Medium
|
||||
17 | File | `/MTFWU` | Low
|
||||
18 | File | `/Noxen-master/users.php` | High
|
||||
19 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
20 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
21 | File | `/plugins/servlet/audit/resource` | High
|
||||
22 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
23 | File | `/REBOOTSYSTEM` | High
|
||||
24 | File | `/replication` | Medium
|
||||
25 | File | `/RestAPI` | Medium
|
||||
26 | File | `/servlet/webacc` | High
|
||||
27 | File | `/textpattern/index.php` | High
|
||||
28 | File | `/tmp/zarafa-vacation-*` | High
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/upload` | Low
|
||||
31 | File | `/user/loader.php?api=1` | High
|
||||
32 | File | `/usr/bin/at` | Medium
|
||||
33 | File | `/var/log/nginx` | High
|
||||
34 | File | `/var/run/watchman.pid` | High
|
||||
35 | File | `/viewer/krpano.html` | High
|
||||
36 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
37 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
38 | File | `20review.asp` | Medium
|
||||
39 | File | `account.asp` | Medium
|
||||
40 | File | `ActivityManagerService.java` | High
|
||||
41 | File | `additem.asp` | Medium
|
||||
42 | File | `admin.a6mambocredits.php` | High
|
||||
43 | File | `admin.cropcanvas.php` | High
|
||||
44 | File | `admin.joomlaradiov5.php` | High
|
||||
45 | File | `admin.php` | Medium
|
||||
46 | File | `admin.remository.php` | High
|
||||
47 | File | `admin/addons/archive/archive.php` | High
|
||||
48 | File | `adminAvatars.php` | High
|
||||
49 | File | `AdxDSrv.exe` | Medium
|
||||
3 | File | `/apply.cgi` | Medium
|
||||
4 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
5 | File | `/dashboard/updatelogo.php` | High
|
||||
6 | File | `/debug/pprof` | Medium
|
||||
7 | File | `/etc/openshift/server_priv.pem` | High
|
||||
8 | File | `/export` | Low
|
||||
9 | File | `/file?action=download&file` | High
|
||||
10 | File | `/hardware` | Medium
|
||||
11 | File | `/index.php` | Medium
|
||||
12 | File | `/librarian/bookdetails.php` | High
|
||||
13 | File | `/messageboard/view.php` | High
|
||||
14 | File | `/mgmt/tm/util/bash` | High
|
||||
15 | File | `/mkshop/Men/profile.php` | High
|
||||
16 | File | `/modules/projects/vw_files.php` | High
|
||||
17 | File | `/monitoring` | Medium
|
||||
18 | File | `/MTFWU` | Low
|
||||
19 | File | `/Noxen-master/users.php` | High
|
||||
20 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
21 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
22 | File | `/plugins/servlet/audit/resource` | High
|
||||
23 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
24 | File | `/REBOOTSYSTEM` | High
|
||||
25 | File | `/replication` | Medium
|
||||
26 | File | `/RestAPI` | Medium
|
||||
27 | File | `/servlet/webacc` | High
|
||||
28 | File | `/textpattern/index.php` | High
|
||||
29 | File | `/tmp/zarafa-vacation-*` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/upload` | Low
|
||||
32 | File | `/user/loader.php?api=1` | High
|
||||
33 | File | `/usr/bin/at` | Medium
|
||||
34 | File | `/var/log/nginx` | High
|
||||
35 | File | `/var/run/watchman.pid` | High
|
||||
36 | File | `/viewer/krpano.html` | High
|
||||
37 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
38 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
39 | File | `20review.asp` | Medium
|
||||
40 | File | `account.asp` | Medium
|
||||
41 | File | `ActivityManagerService.java` | High
|
||||
42 | File | `additem.asp` | Medium
|
||||
43 | File | `admin.a6mambocredits.php` | High
|
||||
44 | File | `admin.cropcanvas.php` | High
|
||||
45 | File | `admin.joomlaradiov5.php` | High
|
||||
46 | File | `admin.php` | Medium
|
||||
47 | File | `admin.remository.php` | High
|
||||
48 | File | `admin/addons/archive/archive.php` | High
|
||||
49 | File | `adminAvatars.php` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 434 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 438 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -63,7 +63,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
@ -89,27 +89,27 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/attachments` | Medium
|
||||
15 | File | `/bin/ate` | Medium
|
||||
16 | File | `/boat/login.php` | High
|
||||
17 | File | `/booking/show_bookings/` | High
|
||||
18 | File | `/bsms_ci/index.php/book` | High
|
||||
19 | File | `/cgi-bin` | Medium
|
||||
20 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
23 | File | `/dashboard/reports/logs/view` | High
|
||||
24 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/DXR.axd` | Medium
|
||||
27 | File | `/en/blog-comment-4` | High
|
||||
28 | File | `/env` | Low
|
||||
29 | File | `/etc/hosts` | Medium
|
||||
30 | File | `/forum/away.php` | High
|
||||
31 | File | `/goform/setmac` | High
|
||||
32 | File | `/goform/wizard_end` | High
|
||||
12 | File | `/api/baskets/{name}` | High
|
||||
13 | File | `/api/stl/actions/search` | High
|
||||
14 | File | `/api/v2/cli/commands` | High
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/booking/show_bookings/` | High
|
||||
19 | File | `/bsms_ci/index.php/book` | High
|
||||
20 | File | `/cgi-bin` | Medium
|
||||
21 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/DXR.axd` | Medium
|
||||
26 | File | `/en/blog-comment-4` | High
|
||||
27 | File | `/env` | Low
|
||||
28 | File | `/etc/hosts` | Medium
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/goform/setmac` | High
|
||||
31 | File | `/goform/wizard_end` | High
|
||||
32 | File | `/group1/uploa` | High
|
||||
33 | File | `/h/` | Low
|
||||
34 | File | `/manage-apartment.php` | High
|
||||
35 | File | `/medicines/profile.php` | High
|
||||
|
@ -122,10 +122,9 @@ ID | Type | Indicator | Confidence
|
|||
42 | File | `/proxy` | Low
|
||||
43 | File | `/reservation/add_message.php` | High
|
||||
44 | File | `/resources//../` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | ... | ... | ...
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 403 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -99,7 +99,7 @@ ID | Type | Indicator | Confidence
|
|||
41 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
|
||||
44 | File | `/sys/dict/queryTableData` | High
|
||||
44 | File | `/src/helper.c` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -67,15 +67,15 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/goform/RGFirewallEL` | High
|
||||
7 | File | `/horde/util/go.php` | High
|
||||
8 | File | `/rapi/read_url` | High
|
||||
9 | File | `/uncpath/` | Medium
|
||||
10 | File | `/usr/bin/pkexec` | High
|
||||
11 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
12 | File | `/wp-content/uploads/photo-gallery/` | High
|
||||
13 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
14 | File | `appserv/main.php` | High
|
||||
9 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
10 | File | `/uncpath/` | Medium
|
||||
11 | File | `/usr/bin/pkexec` | High
|
||||
12 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
13 | File | `/wp-content/uploads/photo-gallery/` | High
|
||||
14 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 119 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 121 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,8 +17,8 @@ The following _campaigns_ are known and can be associated with APT33:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
|
||||
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
@ -57,9 +57,9 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -70,62 +70,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
2 | File | `/admin/?page=reminders/view_reminder` | High
|
||||
3 | File | `/admin/api/theme-edit/` | High
|
||||
4 | File | `/admin/maintenance/view_designation.php` | High
|
||||
5 | File | `/admin/orders/update_status.php` | High
|
||||
6 | File | `/admin/userprofile.php` | High
|
||||
7 | File | `/api/audits` | Medium
|
||||
8 | File | `/bin/sh` | Low
|
||||
9 | File | `/booking/show_bookings/` | High
|
||||
10 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
11 | File | `/calendar/viewcalendar.php` | High
|
||||
12 | File | `/cas/logout` | Medium
|
||||
13 | File | `/classes/Login.php` | High
|
||||
14 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
15 | File | `/classes/Master.php?f=delete_service` | High
|
||||
16 | File | `/classes/Users.php?f=delete_client` | High
|
||||
17 | File | `/clients/profile` | High
|
||||
18 | File | `/cms/notify` | Medium
|
||||
19 | File | `/contact/store` | High
|
||||
20 | File | `/depotHead/list` | High
|
||||
21 | File | `/env` | Low
|
||||
22 | File | `/ext/phar/phar_object.c` | High
|
||||
23 | File | `/file_manager/admin/save_user.php` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/goform/RgUrlBlock.asp` | High
|
||||
26 | File | `/goform/setSysPwd` | High
|
||||
27 | File | `/goform/SysToolReboot` | High
|
||||
28 | File | `/goform/SysToolRestoreSet` | High
|
||||
29 | File | `/goform/WifiBasicSet` | High
|
||||
30 | File | `/goform/wifiSSIDset` | High
|
||||
31 | File | `/h/` | Low
|
||||
32 | File | `/hrm/employeeadd.php` | High
|
||||
33 | File | `/hss/?page=product_per_brand` | High
|
||||
34 | File | `/hss/admin/?page=client/manage_client` | High
|
||||
35 | File | `/hss/admin/?page=user/manage_user` | High
|
||||
36 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
37 | File | `/index.php?module=configuration/application` | High
|
||||
38 | File | `/index.php?module=entities/forms&entities_id=24` | High
|
||||
39 | File | `/index.php?module=help_pages/pages&entities_id=24` | High
|
||||
40 | File | `/jurusan/data` | High
|
||||
41 | File | `/kelasdosen/data` | High
|
||||
42 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
43 | File | `/login` | Low
|
||||
44 | File | `/odlms//classes/Master.php?f=delete_activity` | High
|
||||
45 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
46 | File | `/paysystem/datatable.php` | High
|
||||
47 | File | `/plugin/getList` | High
|
||||
48 | File | `/projects/listprojects.php` | High
|
||||
49 | File | `/queuing/admin/ajax.php?action=save_settings` | High
|
||||
50 | File | `/rukovoditel/index.php?module=users/login` | High
|
||||
51 | File | `/tmp` | Low
|
||||
52 | File | `/v1/sql-runner` | High
|
||||
53 | File | `/var/polycom/cma/upgrade/scripts` | High
|
||||
54 | ... | ... | ...
|
||||
1 | File | `/account/delivery` | High
|
||||
2 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
3 | File | `/admin/?page=reminders/view_reminder` | High
|
||||
4 | File | `/admin/?page=user/list` | High
|
||||
5 | File | `/admin/add_user_modal.php` | High
|
||||
6 | File | `/admin/api/theme-edit/` | High
|
||||
7 | File | `/admin/del_category.php` | High
|
||||
8 | File | `/admin/edit_product.php` | High
|
||||
9 | File | `/admin/forgot-password.php` | High
|
||||
10 | File | `/admin/invoice.php` | High
|
||||
11 | File | `/admin/maintenance/view_designation.php` | High
|
||||
12 | File | `/admin/modal_add_product.php` | High
|
||||
13 | File | `/admin/orders/update_status.php` | High
|
||||
14 | File | `/admin/sys_sql_query.php` | High
|
||||
15 | File | `/admin/userprofile.php` | High
|
||||
16 | File | `/api/audits` | Medium
|
||||
17 | File | `/author_posts.php` | High
|
||||
18 | File | `/bin/sh` | Low
|
||||
19 | File | `/blog` | Low
|
||||
20 | File | `/booking/show_bookings/` | High
|
||||
21 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
22 | File | `/cas/logout` | Medium
|
||||
23 | File | `/category.php` | High
|
||||
24 | File | `/change-language/de_DE` | High
|
||||
25 | File | `/classes/Login.php` | High
|
||||
26 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
27 | File | `/classes/Master.php?f=delete_service` | High
|
||||
28 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
29 | File | `/classes/Master.php?f=save_item` | High
|
||||
30 | File | `/classes/Users.php?f=delete_client` | High
|
||||
31 | File | `/clients/profile` | High
|
||||
32 | File | `/cms/notify` | Medium
|
||||
33 | File | `/contact/store` | High
|
||||
34 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
|
||||
35 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
36 | File | `/Duty/AjaxHandle/Write/UploadFile.ashx` | High
|
||||
37 | File | `/ecommerce/support_ticket` | High
|
||||
38 | File | `/en/blog-comment-4` | High
|
||||
39 | File | `/env` | Low
|
||||
40 | File | `/ext/phar/phar_object.c` | High
|
||||
41 | File | `/file_manager/admin/save_user.php` | High
|
||||
42 | File | `/forum/away.php` | High
|
||||
43 | File | `/goform/RgUrlBlock.asp` | High
|
||||
44 | File | `/goform/SysToolReboot` | High
|
||||
45 | File | `/goform/SysToolRestoreSet` | High
|
||||
46 | File | `/goform/WifiBasicSet` | High
|
||||
47 | File | `/goform/wifiSSIDset` | High
|
||||
48 | File | `/h/` | Low
|
||||
49 | File | `/home/courses` | High
|
||||
50 | File | `/home/filter_listings` | High
|
||||
51 | File | `/hss/?page=product_per_brand` | High
|
||||
52 | File | `/hss/admin/?page=client/manage_client` | High
|
||||
53 | File | `/hss/admin/?page=user/manage_user` | High
|
||||
54 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
55 | File | `/index.php` | Medium
|
||||
56 | File | `/index.php?controller=GzUser&action=edit&id=1` | High
|
||||
57 | File | `/jurusan/data` | High
|
||||
58 | File | `/kelasdosen/data` | High
|
||||
59 | File | `/LandingPages/api/otp/send?id=[ID][ampersand]method=sms` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 470 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 524 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -47,11 +47,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -61,43 +62,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/admin/addemployee.php` | High
|
||||
3 | File | `/admin/add_trainers.php` | High
|
||||
4 | File | `/admin/api/theme-edit/` | High
|
||||
5 | File | `/admin/countrymanagement.php` | High
|
||||
6 | File | `/admin/generalsettings.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/newsletter1.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/subnets/ripe-query.php` | High
|
||||
11 | File | `/common/info.cgi` | High
|
||||
12 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/export` | Low
|
||||
15 | File | `/file?action=download&file` | High
|
||||
16 | File | `/filemanager/upload/drop` | High
|
||||
17 | File | `/function/login.php` | High
|
||||
18 | File | `/hardware` | Medium
|
||||
19 | File | `/hrm/employeeview.php` | High
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
22 | File | `/librarian/bookdetails.php` | High
|
||||
23 | File | `/login.php` | Medium
|
||||
24 | File | `/mgmt/tm/util/bash` | High
|
||||
25 | File | `/mkshop/Men/profile.php` | High
|
||||
26 | File | `/monitoring` | Medium
|
||||
27 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
28 | File | `/pages/apply_vacancy.php` | High
|
||||
29 | File | `/php_action/createUser.php` | High
|
||||
30 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
31 | File | `/plugins/servlet/audit/resource` | High
|
||||
32 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
33 | File | `/PROD_ar/twbkwbis.P_FirstMenu` | High
|
||||
34 | File | `/replication` | Medium
|
||||
35 | ... | ... | ...
|
||||
1 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
2 | File | `/admin/about-us.php` | High
|
||||
3 | File | `/admin/addemployee.php` | High
|
||||
4 | File | `/admin/add_trainers.php` | High
|
||||
5 | File | `/admin/api/theme-edit/` | High
|
||||
6 | File | `/admin/countrymanagement.php` | High
|
||||
7 | File | `/admin/del_category.php` | High
|
||||
8 | File | `/admin/del_service.php` | High
|
||||
9 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
10 | File | `/admin/edit-services.php` | High
|
||||
11 | File | `/admin/edit_category.php` | High
|
||||
12 | File | `/admin/forgot-password.php` | High
|
||||
13 | File | `/admin/generalsettings.php` | High
|
||||
14 | File | `/admin/index.php` | High
|
||||
15 | File | `/admin/maintenance/view_designation.php` | High
|
||||
16 | File | `/admin/newsletter1.php` | High
|
||||
17 | File | `/admin/payment.php` | High
|
||||
18 | File | `/admin/reg.php` | High
|
||||
19 | File | `/admin/search-appointment.php` | High
|
||||
20 | File | `/admin/subnets/ripe-query.php` | High
|
||||
21 | File | `/api/sys/set_passwd` | High
|
||||
22 | File | `/apply.cgi` | Medium
|
||||
23 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
24 | File | `/booking/show_bookings/` | High
|
||||
25 | File | `/cgi-bin/adm.cgi` | High
|
||||
26 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
27 | File | `/chaincity/user/ticket/create` | High
|
||||
28 | File | `/common/info.cgi` | High
|
||||
29 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
30 | File | `/debug/pprof` | Medium
|
||||
31 | File | `/dipam/athlete-profile.php` | High
|
||||
32 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
33 | File | `/export` | Low
|
||||
34 | File | `/file?action=download&file` | High
|
||||
35 | File | `/filemanager/upload/drop` | High
|
||||
36 | File | `/function/login.php` | High
|
||||
37 | File | `/hardware` | Medium
|
||||
38 | File | `/hrm/employeeview.php` | High
|
||||
39 | File | `/index.php` | Medium
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 346 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -113,7 +113,7 @@ ID | Type | Indicator | Confidence
|
|||
47 | File | `/index.php` | Medium
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 412 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 414 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -71,7 +71,7 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/uncpath/` | Medium
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 127 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 128 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,12 +19,12 @@ There are 2 more campaign items available. Please use our online service to acce
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT41:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -51,9 +51,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
17 | [45.128.132.6](https://vuldb.com/?ip.45.128.132.6) | - | MoonBounce | High
|
||||
18 | [45.128.135.15](https://vuldb.com/?ip.45.128.135.15) | - | MoonBounce | High
|
||||
19 | [45.138.157.78](https://vuldb.com/?ip.45.138.157.78) | srv1.fincantleri.co | - | High
|
||||
20 | ... | ... | ... | ...
|
||||
20 | [45.153.231.31](https://vuldb.com/?ip.45.153.231.31) | cheater.rehab | CVE-2021-44207 | High
|
||||
21 | ... | ... | ... | ...
|
||||
|
||||
There are 78 more IOC items available. Please use our online service to access the data.
|
||||
There are 82 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -61,14 +62,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-267, CWE-269, CWE-270, CWE-271, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -76,52 +75,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/user/manage_user.php` | High
|
||||
2 | File | `/api/` | Low
|
||||
3 | File | `/api/blade-log/api/list` | High
|
||||
4 | File | `/api/trackedEntityInstances` | High
|
||||
5 | File | `/application/common.php#action_log` | High
|
||||
6 | File | `/authUserAction!edit.action` | High
|
||||
7 | File | `/baseOpLog.do` | High
|
||||
8 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
9 | File | `/category_view.php` | High
|
||||
10 | File | `/cgi-bin/portal` | High
|
||||
11 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
12 | File | `/classes/Users.php` | High
|
||||
13 | File | `/cms/category/list` | High
|
||||
14 | File | `/common/download?filename=1.jsp&delete=false` | High
|
||||
15 | File | `/csms/?page=contact_us` | High
|
||||
16 | File | `/data/remove` | Medium
|
||||
17 | File | `/debug` | Low
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/dede/group_store.php` | High
|
||||
20 | File | `/dialog/select_media.php` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goform/PowerSaveSet` | High
|
||||
23 | File | `/include/make.php` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
26 | File | `/login.cgi?logout=1` | High
|
||||
27 | File | `/medical/inventories.php` | High
|
||||
28 | File | `/members/view_member.php` | High
|
||||
29 | File | `/mgmt/tm/util/bash` | High
|
||||
30 | File | `/module/admin_logs` | High
|
||||
31 | File | `/nova/bin/console` | High
|
||||
32 | File | `/owa/auth/logon.aspx` | High
|
||||
33 | File | `/plesk-site-preview/` | High
|
||||
34 | File | `/public/login.htm` | High
|
||||
35 | File | `/public/plugins/` | High
|
||||
36 | File | `/replication` | Medium
|
||||
37 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
38 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
39 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
40 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
41 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
42 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
43 | File | `/start-stop` | Medium
|
||||
44 | ... | ... | ...
|
||||
1 | File | `/csms/?page=contact_us` | High
|
||||
2 | File | `/goform/PowerSaveSet` | High
|
||||
3 | File | `/index.php` | Medium
|
||||
4 | File | `/members/view_member.php` | High
|
||||
5 | File | `/owa/auth/logon.aspx` | High
|
||||
6 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | File | `adclick.php` | Medium
|
||||
9 | File | `addrating.php` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 76 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -135,6 +100,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
|
||||
* https://vxug.fakedoma.in/archive/APTs/2021/2021.01.14/APT%2041.pdf
|
||||
* https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
|
||||
* https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41
|
||||
* https://www.mandiant.com/resources/apt41-us-state-governments
|
||||
* https://www.threatminer.org/report.php?q=OfPigsandMalwareExaminingaPossibleMemberoftheWinntiGroup-TrendMicro.pdf&y=2017
|
||||
* https://www.threatminer.org/report.php?q=WinntiAbusesGitHubforC&CCommunications-TrendMicro.pdf&y=2017
|
||||
|
|
|
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Africa Unknown:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
|
@ -3967,14 +3967,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-29, CWE-36, CWE-50 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-36, CWE-50, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -3982,60 +3983,74 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
3 | File | `/act/ActDao.xml` | High
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/bookings/manage_booking.php` | High
|
||||
6 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
7 | File | `/admin/index.php` | High
|
||||
8 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
9 | File | `/admin/sys_sql_query.php` | High
|
||||
10 | File | `/api/baskets/{name}` | High
|
||||
11 | File | `/api/upload.php` | High
|
||||
12 | File | `/application/common.php#action_log` | High
|
||||
13 | File | `/bin/ate` | Medium
|
||||
14 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
15 | File | `/cgi-bin/kerbynet` | High
|
||||
16 | File | `/cgi-bin/luci;stok=/locale` | High
|
||||
17 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
18 | File | `/classes/Master.php?f=delete_category` | High
|
||||
19 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
20 | File | `/classes/Master.php?f=delete_item` | High
|
||||
21 | File | `/classes/Master.php?f=delete_service` | High
|
||||
22 | File | `/classes/Master.php?f=save_service` | High
|
||||
23 | File | `/classes/Users.php` | High
|
||||
24 | File | `/classes/Users.php?f=save` | High
|
||||
25 | File | `/company/store` | High
|
||||
26 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
27 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
28 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
29 | File | `/ecommerce/support_ticket` | High
|
||||
30 | File | `/Electron/download` | High
|
||||
31 | File | `/export` | Low
|
||||
32 | File | `/feeds/post/publish` | High
|
||||
33 | File | `/forum/away.php` | High
|
||||
34 | File | `/goForm/aspForm` | High
|
||||
35 | File | `/h/` | Low
|
||||
36 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
37 | File | `/index.php/archives/1/comment` | High
|
||||
38 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
39 | File | `/index.php?page=category_list` | High
|
||||
40 | File | `/install/index.php` | High
|
||||
41 | File | `/ipms/imageConvert/image` | High
|
||||
42 | File | `/jobinfo/` | Medium
|
||||
43 | File | `/librarian/bookdetails.php` | High
|
||||
44 | File | `/login.php` | Medium
|
||||
45 | File | `/Moosikay/order.php` | High
|
||||
46 | File | `/opac/Actions.php?a=login` | High
|
||||
47 | File | `/patient/doctors.php` | High
|
||||
48 | File | `/php-lfis/admin/?page=system_info/contact_information` | High
|
||||
49 | File | `/preview.php` | Medium
|
||||
50 | File | `/PreviewHandler.ashx` | High
|
||||
51 | File | `/reservation/add_message.php` | High
|
||||
52 | ... | ... | ...
|
||||
4 | File | `/admin/?page=user/list` | High
|
||||
5 | File | `/admin/addproduct.php` | High
|
||||
6 | File | `/admin/bookings/manage_booking.php` | High
|
||||
7 | File | `/admin/budget/manage_budget.php` | High
|
||||
8 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
9 | File | `/admin/del_service.php` | High
|
||||
10 | File | `/admin/edit_product.php` | High
|
||||
11 | File | `/admin/edit_subject.php` | High
|
||||
12 | File | `/admin/index.php` | High
|
||||
13 | File | `/admin/modal_add_product.php` | High
|
||||
14 | File | `/admin/project/update/2` | High
|
||||
15 | File | `/admin/read.php?mudi=announContent` | High
|
||||
16 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
17 | File | `/admin/reg.php` | High
|
||||
18 | File | `/admin/reportupload.aspx` | High
|
||||
19 | File | `/admin/save_teacher.php` | High
|
||||
20 | File | `/admin/service.php` | High
|
||||
21 | File | `/admin/sys_sql_query.php` | High
|
||||
22 | File | `/admin/test_status.php` | High
|
||||
23 | File | `/admin/update_s6.php` | High
|
||||
24 | File | `/api/baskets/{name}` | High
|
||||
25 | File | `/api/ping` | Medium
|
||||
26 | File | `/api/stl/actions/search` | High
|
||||
27 | File | `/api/upload.php` | High
|
||||
28 | File | `/api/wechat/app_auth` | High
|
||||
29 | File | `/application/common.php#action_log` | High
|
||||
30 | File | `/apply.cgi` | Medium
|
||||
31 | File | `/author_posts.php` | High
|
||||
32 | File | `/bin/ate` | Medium
|
||||
33 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
34 | File | `/blog` | Low
|
||||
35 | File | `/booking/show_bookings/` | High
|
||||
36 | File | `/browse` | Low
|
||||
37 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
38 | File | `/cas/logout` | Medium
|
||||
39 | File | `/category.php` | High
|
||||
40 | File | `/cgi-bin/adm.cgi` | High
|
||||
41 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
42 | File | `/cgi-bin/luci;stok=/locale` | High
|
||||
43 | File | `/chaincity/user/ticket/create` | High
|
||||
44 | File | `/change-language/de_DE` | High
|
||||
45 | File | `/changeimage.php` | High
|
||||
46 | File | `/classes/Master.php?f=delete_category` | High
|
||||
47 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
48 | File | `/classes/Master.php?f=delete_item` | High
|
||||
49 | File | `/classes/Master.php?f=delete_service` | High
|
||||
50 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
51 | File | `/classes/Master.php?f=save_item` | High
|
||||
52 | File | `/classes/Master.php?f=save_service` | High
|
||||
53 | File | `/classes/Users.php` | High
|
||||
54 | File | `/classes/Users.php?f=save` | High
|
||||
55 | File | `/company/store` | High
|
||||
56 | File | `/config` | Low
|
||||
57 | File | `/contact.php` | Medium
|
||||
58 | File | `/contact/store` | High
|
||||
59 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
60 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
61 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
62 | File | `/dipam/athlete-profile.php` | High
|
||||
63 | File | `/dipam/save-delegates.php` | High
|
||||
64 | File | `/dosen/data` | Medium
|
||||
65 | File | `/Duty/AjaxHandle/UpLoadFloodPlanFile.ashx` | High
|
||||
66 | ... | ... | ...
|
||||
|
||||
There are 457 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 583 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -75,52 +75,53 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/controller/Index.php` | High
|
||||
8 | File | `/csms/?page=contact_us` | High
|
||||
9 | File | `/dashboard/add-portfolio.php` | High
|
||||
10 | File | `/etc/ajenti/config.yml` | High
|
||||
11 | File | `/etc/gsissh/sshd_config` | High
|
||||
12 | File | `/etc/sudoers` | Medium
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/goform/telnet` | High
|
||||
15 | File | `/include/chart_generator.php` | High
|
||||
16 | File | `/lilac/main.php` | High
|
||||
17 | File | `/manager?action=getlogcat` | High
|
||||
18 | File | `/mc` | Low
|
||||
19 | File | `/mims/login.php` | High
|
||||
20 | File | `/module/admin_bp/add_application.php` | High
|
||||
21 | File | `/module/report_event/index.php` | High
|
||||
22 | File | `/modules/profile/index.php` | High
|
||||
23 | File | `/out.php` | Medium
|
||||
24 | File | `/proc/sys/vm/cmm_timeout` | High
|
||||
25 | File | `/public/launchNewWindow.jsp` | High
|
||||
26 | File | `/public/login.htm` | High
|
||||
27 | File | `/RestAPI` | Medium
|
||||
28 | File | `/rom-0` | Low
|
||||
29 | File | `/server-status` | High
|
||||
30 | File | `/spip.php` | Medium
|
||||
31 | File | `/staff/bookdetails.php` | High
|
||||
32 | File | `/Status/wan_button_action.asp` | High
|
||||
33 | File | `/student/bookdetails.php` | High
|
||||
34 | File | `/tmp/connlicj.bin` | High
|
||||
35 | File | `/uncpath/` | Medium
|
||||
36 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
|
||||
37 | File | `/var/log/nginx` | High
|
||||
38 | File | `/var/tmp/sess_*` | High
|
||||
39 | File | `/wp-admin/options.php` | High
|
||||
40 | File | `/youthappam/add-food.php` | High
|
||||
41 | File | `/youthappam/editclient.php` | High
|
||||
42 | File | `4.2.0.CP09` | Medium
|
||||
43 | File | `?page=rooms` | Medium
|
||||
44 | File | `actionphp/download.File.php` | High
|
||||
45 | File | `addsuppliers.php` | High
|
||||
46 | File | `add_comment.php` | High
|
||||
47 | File | `admin.a6mambocredits.php` | High
|
||||
48 | File | `admin.php` | Medium
|
||||
49 | File | `admin.php3` | Medium
|
||||
50 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
||||
51 | File | `admin/admin.php` | High
|
||||
52 | File | `admin/content.php` | High
|
||||
53 | ... | ... | ...
|
||||
10 | File | `/data/app` | Medium
|
||||
11 | File | `/etc/ajenti/config.yml` | High
|
||||
12 | File | `/etc/gsissh/sshd_config` | High
|
||||
13 | File | `/etc/sudoers` | Medium
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/goform/telnet` | High
|
||||
16 | File | `/include/chart_generator.php` | High
|
||||
17 | File | `/lilac/main.php` | High
|
||||
18 | File | `/manager?action=getlogcat` | High
|
||||
19 | File | `/mc` | Low
|
||||
20 | File | `/mims/login.php` | High
|
||||
21 | File | `/module/admin_bp/add_application.php` | High
|
||||
22 | File | `/module/report_event/index.php` | High
|
||||
23 | File | `/modules/profile/index.php` | High
|
||||
24 | File | `/out.php` | Medium
|
||||
25 | File | `/proc/sys/vm/cmm_timeout` | High
|
||||
26 | File | `/public/launchNewWindow.jsp` | High
|
||||
27 | File | `/public/login.htm` | High
|
||||
28 | File | `/RestAPI` | Medium
|
||||
29 | File | `/rom-0` | Low
|
||||
30 | File | `/server-status` | High
|
||||
31 | File | `/spip.php` | Medium
|
||||
32 | File | `/src/helper.c` | High
|
||||
33 | File | `/staff/bookdetails.php` | High
|
||||
34 | File | `/Status/wan_button_action.asp` | High
|
||||
35 | File | `/student/bookdetails.php` | High
|
||||
36 | File | `/tmp/connlicj.bin` | High
|
||||
37 | File | `/uncpath/` | Medium
|
||||
38 | File | `/upload` | Low
|
||||
39 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
|
||||
40 | File | `/var/log/nginx` | High
|
||||
41 | File | `/var/tmp/sess_*` | High
|
||||
42 | File | `/wp-admin/options.php` | High
|
||||
43 | File | `/youthappam/add-food.php` | High
|
||||
44 | File | `/youthappam/editclient.php` | High
|
||||
45 | File | `4.2.0.CP09` | Medium
|
||||
46 | File | `?page=rooms` | Medium
|
||||
47 | File | `actionphp/download.File.php` | High
|
||||
48 | File | `addsuppliers.php` | High
|
||||
49 | File | `add_comment.php` | High
|
||||
50 | File | `admin.a6mambocredits.php` | High
|
||||
51 | File | `admin.php` | Medium
|
||||
52 | File | `admin.php3` | Medium
|
||||
53 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 464 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 475 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -96,7 +96,7 @@ ID | Type | Indicator | Confidence
|
|||
43 | File | `/port_3480/data_request` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 379 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 378 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -62,7 +62,7 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `adclick.php` | Medium
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 100 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 105 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -44,12 +44,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/news-portal-script/information.php` | High
|
||||
2 | File | `/uncpath/` | Medium
|
||||
3 | File | `Colors.js` | Medium
|
||||
1 | File | `/dipam/athlete-profile.php` | High
|
||||
2 | File | `/news-portal-script/information.php` | High
|
||||
3 | File | `/uncpath/` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 14 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 16 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -40,27 +40,29 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
17 | [31.41.244.200](https://vuldb.com/?ip.31.41.244.200) | - | - | High
|
||||
18 | [31.41.244.237](https://vuldb.com/?ip.31.41.244.237) | - | - | High
|
||||
19 | [37.220.87.85](https://vuldb.com/?ip.37.220.87.85) | ipn-37-220-87-85.artem-catv.ru | - | High
|
||||
20 | [45.9.74.80](https://vuldb.com/?ip.45.9.74.80) | - | - | High
|
||||
21 | [45.9.74.141](https://vuldb.com/?ip.45.9.74.141) | - | - | High
|
||||
22 | [45.9.74.164](https://vuldb.com/?ip.45.9.74.164) | - | - | High
|
||||
23 | [45.9.74.166](https://vuldb.com/?ip.45.9.74.166) | - | - | High
|
||||
24 | [45.15.156.216](https://vuldb.com/?ip.45.15.156.216) | - | - | High
|
||||
25 | [45.32.200.113](https://vuldb.com/?ip.45.32.200.113) | 45.32.200.113.vultrusercontent.com | - | High
|
||||
26 | [45.66.230.123](https://vuldb.com/?ip.45.66.230.123) | - | - | High
|
||||
27 | [45.155.7.60](https://vuldb.com/?ip.45.155.7.60) | 7-60.static.ipcserver.net | - | High
|
||||
28 | [45.155.205.172](https://vuldb.com/?ip.45.155.205.172) | - | - | High
|
||||
29 | [45.227.255.49](https://vuldb.com/?ip.45.227.255.49) | - | - | High
|
||||
30 | [46.17.96.36](https://vuldb.com/?ip.46.17.96.36) | - | - | High
|
||||
31 | [49.12.117.51](https://vuldb.com/?ip.49.12.117.51) | static.51.117.12.49.clients.your-server.de | - | High
|
||||
32 | [62.182.156.152](https://vuldb.com/?ip.62.182.156.152) | - | - | High
|
||||
33 | [62.204.41.4](https://vuldb.com/?ip.62.204.41.4) | - | - | High
|
||||
34 | [62.204.41.5](https://vuldb.com/?ip.62.204.41.5) | - | - | High
|
||||
35 | [62.204.41.6](https://vuldb.com/?ip.62.204.41.6) | - | - | High
|
||||
36 | [62.204.41.13](https://vuldb.com/?ip.62.204.41.13) | - | - | High
|
||||
37 | [62.204.41.17](https://vuldb.com/?ip.62.204.41.17) | - | - | High
|
||||
38 | ... | ... | ... | ...
|
||||
20 | [45.9.74.70](https://vuldb.com/?ip.45.9.74.70) | - | - | High
|
||||
21 | [45.9.74.80](https://vuldb.com/?ip.45.9.74.80) | - | - | High
|
||||
22 | [45.9.74.141](https://vuldb.com/?ip.45.9.74.141) | - | - | High
|
||||
23 | [45.9.74.164](https://vuldb.com/?ip.45.9.74.164) | - | - | High
|
||||
24 | [45.9.74.166](https://vuldb.com/?ip.45.9.74.166) | - | - | High
|
||||
25 | [45.9.74.182](https://vuldb.com/?ip.45.9.74.182) | - | - | High
|
||||
26 | [45.15.156.216](https://vuldb.com/?ip.45.15.156.216) | - | - | High
|
||||
27 | [45.32.200.113](https://vuldb.com/?ip.45.32.200.113) | 45.32.200.113.vultrusercontent.com | - | High
|
||||
28 | [45.66.230.123](https://vuldb.com/?ip.45.66.230.123) | - | - | High
|
||||
29 | [45.155.7.60](https://vuldb.com/?ip.45.155.7.60) | 7-60.static.ipcserver.net | - | High
|
||||
30 | [45.155.205.172](https://vuldb.com/?ip.45.155.205.172) | - | - | High
|
||||
31 | [45.227.255.49](https://vuldb.com/?ip.45.227.255.49) | - | - | High
|
||||
32 | [46.17.96.36](https://vuldb.com/?ip.46.17.96.36) | - | - | High
|
||||
33 | [49.12.117.51](https://vuldb.com/?ip.49.12.117.51) | static.51.117.12.49.clients.your-server.de | - | High
|
||||
34 | [49.13.60.242](https://vuldb.com/?ip.49.13.60.242) | static.242.60.13.49.clients.your-server.de | - | High
|
||||
35 | [62.182.156.152](https://vuldb.com/?ip.62.182.156.152) | - | - | High
|
||||
36 | [62.204.41.4](https://vuldb.com/?ip.62.204.41.4) | - | - | High
|
||||
37 | [62.204.41.5](https://vuldb.com/?ip.62.204.41.5) | - | - | High
|
||||
38 | [62.204.41.6](https://vuldb.com/?ip.62.204.41.6) | - | - | High
|
||||
39 | [62.204.41.13](https://vuldb.com/?ip.62.204.41.13) | - | - | High
|
||||
40 | ... | ... | ... | ...
|
||||
|
||||
There are 150 more IOC items available. Please use our online service to access the data.
|
||||
There are 156 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -68,14 +70,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -87,73 +89,74 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/cashadvance_row.php` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/admin/sys_sql_query.php` | High
|
||||
8 | File | `/admin/userprofile.php` | High
|
||||
9 | File | `/api/admin/store/product/list` | High
|
||||
10 | File | `/api/baskets/{name}` | High
|
||||
11 | File | `/api/stl/actions/search` | High
|
||||
12 | File | `/api/v2/cli/commands` | High
|
||||
13 | File | `/bin/ate` | Medium
|
||||
14 | File | `/booking/show_bookings/` | High
|
||||
15 | File | `/cgi-bin` | Medium
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/College/admin/teacher.php` | High
|
||||
18 | File | `/company/store` | High
|
||||
19 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
20 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
21 | File | `/csms/?page=contact_us` | High
|
||||
22 | File | `/dcim/rack-roles/` | High
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/env` | Low
|
||||
25 | File | `/feeds/post/publish` | High
|
||||
26 | File | `/film-rating.php` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/goform/aspForm` | High
|
||||
29 | File | `/h/` | Low
|
||||
30 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
31 | File | `/inc/topBarNav.php` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
33 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
34 | File | `/index.php?page=category_list` | High
|
||||
35 | File | `/jobinfo/` | Medium
|
||||
36 | File | `/kelas/data` | Medium
|
||||
37 | File | `/librarian/bookdetails.php` | High
|
||||
38 | File | `/Moosikay/order.php` | High
|
||||
39 | File | `/opac/Actions.php?a=login` | High
|
||||
40 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
41 | File | `/PreviewHandler.ashx` | High
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
5 | File | `/admin/about-us.php` | High
|
||||
6 | File | `/admin/sys_sql_query.php` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
8 | File | `/api/stl/actions/search` | High
|
||||
9 | File | `/bin/ate` | Medium
|
||||
10 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
11 | File | `/booking/show_bookings/` | High
|
||||
12 | File | `/cgi-bin` | Medium
|
||||
13 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
14 | File | `/company/store` | High
|
||||
15 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
16 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
17 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
18 | File | `/csms/?page=contact_us` | High
|
||||
19 | File | `/dcim/rack-roles/` | High
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/env` | Low
|
||||
22 | File | `/etc/passwd` | Medium
|
||||
23 | File | `/feeds/post/publish` | High
|
||||
24 | File | `/film-rating.php` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/group1/uploa` | High
|
||||
27 | File | `/h/` | Low
|
||||
28 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
29 | File | `/index.php` | Medium
|
||||
30 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
31 | File | `/index.php?page=category_list` | High
|
||||
32 | File | `/jobinfo/` | Medium
|
||||
33 | File | `/kelas/data` | Medium
|
||||
34 | File | `/librarian/bookdetails.php` | High
|
||||
35 | File | `/Moosikay/order.php` | High
|
||||
36 | File | `/opac/Actions.php?a=login` | High
|
||||
37 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
38 | File | `/PreviewHandler.ashx` | High
|
||||
39 | File | `/recipe-result` | High
|
||||
40 | File | `/register.do` | Medium
|
||||
41 | File | `/reservation/add_message.php` | High
|
||||
42 | File | `/resources//../` | High
|
||||
43 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
44 | File | `/student/bookdetails.php` | High
|
||||
45 | File | `/uploads/exam_question/` | High
|
||||
46 | File | `/user/profile` | High
|
||||
47 | File | `/user/ticket/create` | High
|
||||
48 | File | `/user/updatePwd` | High
|
||||
49 | File | `/var/lib/docker/<remapping>` | High
|
||||
50 | File | `/wp-admin/admin-ajax.php` | High
|
||||
51 | File | `a-forms.php` | Medium
|
||||
52 | File | `account.asp` | Medium
|
||||
53 | File | `ActiveServices.java` | High
|
||||
54 | File | `adclick.php` | Medium
|
||||
55 | File | `admin.a6mambocredits.php` | High
|
||||
56 | File | `admin.cropcanvas.php` | High
|
||||
57 | File | `admin.php` | Medium
|
||||
58 | File | `admin/ajax/op_kandidat.php` | High
|
||||
59 | ... | ... | ...
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
46 | File | `/staff/edit_book_details.php` | High
|
||||
47 | File | `/student/bookdetails.php` | High
|
||||
48 | File | `/upload` | Low
|
||||
49 | File | `/uploads/exam_question/` | High
|
||||
50 | File | `/user/profile` | High
|
||||
51 | File | `/user/ticket/create` | High
|
||||
52 | File | `/user/updatePwd` | High
|
||||
53 | File | `/var/lib/docker/<remapping>` | High
|
||||
54 | File | `/wp-admin/admin-ajax.php` | High
|
||||
55 | File | `a-forms.php` | Medium
|
||||
56 | File | `account.asp` | Medium
|
||||
57 | ... | ... | ...
|
||||
|
||||
There are 516 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 495 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://app.any.run/tasks/02899dcc-a26c-407a-b60c-3944a135f441
|
||||
* https://app.any.run/tasks/057f15c5-864c-4535-b8af-70405ead5fcd
|
||||
* https://app.any.run/tasks/6b4a52a0-4bbe-4c57-a196-a7c0e3425220
|
||||
* https://app.any.run/tasks/25aa27e9-a9e9-40cc-9152-d0373b9c7ebb
|
||||
* https://app.any.run/tasks/db77c945-c2ff-4e5f-9d37-b105606ed03b
|
||||
* https://app.any.run/tasks/dd17daee-32a4-494b-b8d9-c5e6d5b03cae
|
||||
* https://cofense.com/new-phishing-campaign-targets-u-s-taxpayers-dropping-amadey-botnet/
|
||||
* https://exchange.xforce.ibmcloud.com/report/details/guid:ee0b820692aebf95a376e6deb70d0fa9
|
||||
* https://threatfox.abuse.ch
|
||||
* https://threatvector.cylance.com/en_us/home/threat-spotlight-amadey-bot.html
|
||||
* https://tracker.viriback.com/index.php?q=5.42.65.1
|
||||
|
@ -203,6 +206,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://tracker.viriback.com/index.php?q=77.73.134.45
|
||||
* https://tracker.viriback.com/index.php?q=77.73.134.52
|
||||
* https://tracker.viriback.com/index.php?q=77.73.134.66
|
||||
* https://tracker.viriback.com/index.php?q=77.91.68.18
|
||||
* https://tracker.viriback.com/index.php?q=77.91.68.62
|
||||
* https://tracker.viriback.com/index.php?q=77.91.78.118
|
||||
* https://tracker.viriback.com/index.php?q=77.91.78.242
|
||||
|
@ -245,6 +249,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://tracker.viriback.com/index.php?q=212.118.43.106
|
||||
* https://tracker.viriback.com/index.php?q=213.226.123.14
|
||||
* https://tracker.viriback.com/index.php?q=213.226.123.16
|
||||
* https://tria.ge/230730-23lybsbf53/behavioral2
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -38,9 +38,11 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
15 | [43.241.164.0](https://vuldb.com/?ip.43.241.164.0) | - | - | High
|
||||
16 | [45.12.70.11](https://vuldb.com/?ip.45.12.70.11) | amethyst.get-eye.com | - | High
|
||||
17 | [45.12.70.245](https://vuldb.com/?ip.45.12.70.245) | chafes.globalhilive.com | - | High
|
||||
18 | ... | ... | ... | ...
|
||||
18 | [45.12.71.11](https://vuldb.com/?ip.45.12.71.11) | - | - | High
|
||||
19 | [45.12.71.245](https://vuldb.com/?ip.45.12.71.245) | - | - | High
|
||||
20 | ... | ... | ... | ...
|
||||
|
||||
There are 68 more IOC items available. Please use our online service to access the data.
|
||||
There are 77 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -63,69 +65,71 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/photo.php` | High
|
||||
2 | File | `/admin/user/add` | High
|
||||
3 | File | `/alumni/admin/ajax.php?action=save_settings` | High
|
||||
4 | File | `/api/common/ping` | High
|
||||
5 | File | `/apply_noauth.cgi` | High
|
||||
6 | File | `/APP_Installation.asp` | High
|
||||
7 | File | `/categorypage.php` | High
|
||||
8 | File | `/cm/delete` | Medium
|
||||
9 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
10 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
11 | File | `/download` | Medium
|
||||
12 | File | `/drivers/media/media-device.c` | High
|
||||
13 | File | `/etc/master.passwd` | High
|
||||
14 | File | `/filemanager/upload.php` | High
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/getcfg.php` | Medium
|
||||
17 | File | `/home.php` | Medium
|
||||
18 | File | `/homeaction.php` | High
|
||||
19 | File | `/modules/profile/index.php` | High
|
||||
20 | File | `/modules/tasks/summary.inc.php` | High
|
||||
21 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
22 | File | `/out.php` | Medium
|
||||
23 | File | `/p` | Low
|
||||
24 | File | `/preauth` | Medium
|
||||
25 | File | `/products/details.asp` | High
|
||||
26 | File | `/recordings/index.php` | High
|
||||
27 | File | `/see_more_details.php` | High
|
||||
28 | File | `/show_news.php` | High
|
||||
29 | File | `/tmp/before` | Medium
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/updownload/t.report` | High
|
||||
32 | File | `/user.profile.php` | High
|
||||
33 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
34 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
35 | File | `/wp-admin` | Medium
|
||||
36 | File | `/wp-admin/admin-ajax.php` | High
|
||||
37 | File | `account.asp` | Medium
|
||||
38 | File | `adclick.php` | Medium
|
||||
39 | File | `adm/systools.asp` | High
|
||||
40 | File | `admin.php` | Medium
|
||||
41 | File | `admin/admin.shtml` | High
|
||||
42 | File | `Admin/ADM_Pagina.php` | High
|
||||
43 | File | `admin/category.inc.php` | High
|
||||
44 | File | `admin/main.asp` | High
|
||||
45 | File | `admin/param/param_func.inc.php` | High
|
||||
46 | File | `admin/y_admin.asp` | High
|
||||
47 | File | `adminer.php` | Medium
|
||||
48 | File | `administration/admins.php` | High
|
||||
49 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
50 | File | `admin_ok.asp` | Medium
|
||||
51 | File | `album_portal.php` | High
|
||||
52 | File | `app/Core/Paginator.php` | High
|
||||
53 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
54 | File | `apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java` | High
|
||||
55 | File | `artlinks.dispnew.php` | High
|
||||
56 | File | `auth.php` | Medium
|
||||
57 | File | `bin/named/query.c` | High
|
||||
58 | File | `blank.php` | Medium
|
||||
59 | File | `blocklayered-ajax.php` | High
|
||||
60 | File | `blogger-importer.php` | High
|
||||
61 | File | `bluegate_seo.inc.php` | High
|
||||
62 | ... | ... | ...
|
||||
2 | File | `/admin/upload.php` | High
|
||||
3 | File | `/admin/user/add` | High
|
||||
4 | File | `/alumni/admin/ajax.php?action=save_settings` | High
|
||||
5 | File | `/api/baskets/{name}` | High
|
||||
6 | File | `/api/common/ping` | High
|
||||
7 | File | `/apply_noauth.cgi` | High
|
||||
8 | File | `/APP_Installation.asp` | High
|
||||
9 | File | `/blog` | Low
|
||||
10 | File | `/categorypage.php` | High
|
||||
11 | File | `/cm/delete` | Medium
|
||||
12 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
13 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
14 | File | `/download` | Medium
|
||||
15 | File | `/drivers/media/media-device.c` | High
|
||||
16 | File | `/etc/master.passwd` | High
|
||||
17 | File | `/filemanager/upload.php` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/getcfg.php` | Medium
|
||||
20 | File | `/home.php` | Medium
|
||||
21 | File | `/homeaction.php` | High
|
||||
22 | File | `/modules/profile/index.php` | High
|
||||
23 | File | `/modules/tasks/summary.inc.php` | High
|
||||
24 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
25 | File | `/out.php` | Medium
|
||||
26 | File | `/p` | Low
|
||||
27 | File | `/preauth` | Medium
|
||||
28 | File | `/products/details.asp` | High
|
||||
29 | File | `/recordings/index.php` | High
|
||||
30 | File | `/see_more_details.php` | High
|
||||
31 | File | `/show_news.php` | High
|
||||
32 | File | `/tmp/before` | Medium
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/updownload/t.report` | High
|
||||
35 | File | `/user.profile.php` | High
|
||||
36 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
37 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
38 | File | `/wp-admin` | Medium
|
||||
39 | File | `/wp-admin/admin-ajax.php` | High
|
||||
40 | File | `account.asp` | Medium
|
||||
41 | File | `adclick.php` | Medium
|
||||
42 | File | `adm/systools.asp` | High
|
||||
43 | File | `admin.php` | Medium
|
||||
44 | File | `admin/admin.shtml` | High
|
||||
45 | File | `Admin/ADM_Pagina.php` | High
|
||||
46 | File | `admin/category.inc.php` | High
|
||||
47 | File | `admin/main.asp` | High
|
||||
48 | File | `admin/param/param_func.inc.php` | High
|
||||
49 | File | `admin/y_admin.asp` | High
|
||||
50 | File | `adminer.php` | Medium
|
||||
51 | File | `administration/admins.php` | High
|
||||
52 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
53 | File | `admin_ok.asp` | Medium
|
||||
54 | File | `album_portal.php` | High
|
||||
55 | File | `app/Core/Paginator.php` | High
|
||||
56 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
57 | File | `apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java` | High
|
||||
58 | File | `artlinks.dispnew.php` | High
|
||||
59 | File | `auth.php` | Medium
|
||||
60 | File | `bin/named/query.c` | High
|
||||
61 | File | `blank.php` | Medium
|
||||
62 | File | `blocklayered-ajax.php` | High
|
||||
63 | File | `blogger-importer.php` | High
|
||||
64 | ... | ... | ...
|
||||
|
||||
There are 538 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 559 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -136,6 +140,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_as.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_ws.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ipip_country/ipip_country_as.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ipip_country/ipip_country_ws.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AmmyyRAT:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -25,7 +26,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1574 | CWE-426 | Untrusted Search Path | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1574 | CWE-426 | Untrusted Search Path | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -54,65 +54,68 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/editer.php` | High
|
||||
2 | File | `/admin/photo.php` | High
|
||||
3 | File | `/admin/user/add` | High
|
||||
4 | File | `/APP_Installation.asp` | High
|
||||
5 | File | `/categorypage.php` | High
|
||||
6 | File | `/cm/delete` | Medium
|
||||
7 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
8 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
9 | File | `/download` | Medium
|
||||
10 | File | `/drivers/media/media-device.c` | High
|
||||
11 | File | `/etc/master.passwd` | High
|
||||
12 | File | `/filemanager/upload.php` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/getcfg.php` | Medium
|
||||
15 | File | `/home.php` | Medium
|
||||
16 | File | `/homeaction.php` | High
|
||||
17 | File | `/index.php` | Medium
|
||||
18 | File | `/modules/profile/index.php` | High
|
||||
19 | File | `/modules/tasks/summary.inc.php` | High
|
||||
20 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/p` | Low
|
||||
23 | File | `/preauth` | Medium
|
||||
24 | File | `/products/details.asp` | High
|
||||
25 | File | `/recordings/index.php` | High
|
||||
26 | File | `/see_more_details.php` | High
|
||||
27 | File | `/show_news.php` | High
|
||||
28 | File | `/tmp/before` | Medium
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/updownload/t.report` | High
|
||||
31 | File | `/user.profile.php` | High
|
||||
32 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
33 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
34 | File | `/wp-admin` | Medium
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `account.asp` | Medium
|
||||
37 | File | `adclick.php` | Medium
|
||||
38 | File | `adm/systools.asp` | High
|
||||
39 | File | `admin.php` | Medium
|
||||
40 | File | `admin/admin.shtml` | High
|
||||
41 | File | `Admin/ADM_Pagina.php` | High
|
||||
42 | File | `admin/category.inc.php` | High
|
||||
43 | File | `admin/main.asp` | High
|
||||
44 | File | `admin/param/param_func.inc.php` | High
|
||||
45 | File | `admin/y_admin.asp` | High
|
||||
46 | File | `adminer.php` | Medium
|
||||
47 | File | `administration/admins.php` | High
|
||||
48 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
49 | File | `admin_ok.asp` | Medium
|
||||
50 | File | `album_portal.php` | High
|
||||
51 | File | `app/Core/Paginator.php` | High
|
||||
52 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
53 | File | `artlinks.dispnew.php` | High
|
||||
54 | File | `auth.php` | Medium
|
||||
55 | File | `bin/named/query.c` | High
|
||||
56 | File | `blank.php` | Medium
|
||||
57 | File | `blocklayered-ajax.php` | High
|
||||
58 | File | `blogger-importer.php` | High
|
||||
59 | ... | ... | ...
|
||||
3 | File | `/admin/upload.php` | High
|
||||
4 | File | `/admin/user/add` | High
|
||||
5 | File | `/api/baskets/{name}` | High
|
||||
6 | File | `/APP_Installation.asp` | High
|
||||
7 | File | `/blog` | Low
|
||||
8 | File | `/categorypage.php` | High
|
||||
9 | File | `/cm/delete` | Medium
|
||||
10 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
11 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
12 | File | `/download` | Medium
|
||||
13 | File | `/drivers/media/media-device.c` | High
|
||||
14 | File | `/etc/master.passwd` | High
|
||||
15 | File | `/filemanager/upload.php` | High
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/getcfg.php` | Medium
|
||||
18 | File | `/home.php` | Medium
|
||||
19 | File | `/homeaction.php` | High
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/modules/profile/index.php` | High
|
||||
22 | File | `/modules/tasks/summary.inc.php` | High
|
||||
23 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
24 | File | `/out.php` | Medium
|
||||
25 | File | `/p` | Low
|
||||
26 | File | `/preauth` | Medium
|
||||
27 | File | `/products/details.asp` | High
|
||||
28 | File | `/recordings/index.php` | High
|
||||
29 | File | `/see_more_details.php` | High
|
||||
30 | File | `/show_news.php` | High
|
||||
31 | File | `/tmp/before` | Medium
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/updownload/t.report` | High
|
||||
34 | File | `/user.profile.php` | High
|
||||
35 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
36 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
37 | File | `/wp-admin` | Medium
|
||||
38 | File | `/wp-admin/admin-ajax.php` | High
|
||||
39 | File | `account.asp` | Medium
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `adm/systools.asp` | High
|
||||
42 | File | `admin.php` | Medium
|
||||
43 | File | `admin/admin.shtml` | High
|
||||
44 | File | `Admin/ADM_Pagina.php` | High
|
||||
45 | File | `admin/category.inc.php` | High
|
||||
46 | File | `admin/main.asp` | High
|
||||
47 | File | `admin/param/param_func.inc.php` | High
|
||||
48 | File | `admin/y_admin.asp` | High
|
||||
49 | File | `adminer.php` | Medium
|
||||
50 | File | `administration/admins.php` | High
|
||||
51 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
52 | File | `admin_ok.asp` | Medium
|
||||
53 | File | `album_portal.php` | High
|
||||
54 | File | `app/Core/Paginator.php` | High
|
||||
55 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
56 | File | `artlinks.dispnew.php` | High
|
||||
57 | File | `auth.php` | Medium
|
||||
58 | File | `bin/named/query.c` | High
|
||||
59 | File | `blank.php` | Medium
|
||||
60 | File | `blocklayered-ajax.php` | High
|
||||
61 | File | `blogger-importer.php` | High
|
||||
62 | ... | ... | ...
|
||||
|
||||
There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 540 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -66,73 +66,61 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/admin/cashadvance_row.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/userprofile.php` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
11 | File | `/apilog.php` | Medium
|
||||
8 | File | `/admin/sys_sql_query.php` | High
|
||||
9 | File | `/admin/userprofile.php` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
12 | File | `/APR/login.php` | High
|
||||
13 | File | `/bin/httpd` | Medium
|
||||
14 | File | `/cgi-bin/wapopen` | High
|
||||
15 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
17 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
18 | File | `/feeds/post/publish` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/home/masterConsole` | High
|
||||
23 | File | `/home/sendBroadcast` | High
|
||||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
29 | File | `/index.php?page=category_list` | High
|
||||
30 | File | `/items/view_item.php` | High
|
||||
31 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
32 | File | `/lookin/info` | Medium
|
||||
33 | File | `/manager/index.php` | High
|
||||
34 | File | `/medical/inventories.php` | High
|
||||
35 | File | `/modules/profile/index.php` | High
|
||||
36 | File | `/modules/projects/vw_files.php` | High
|
||||
37 | File | `/modules/public/calendar.php` | High
|
||||
38 | File | `/Moosikay/order.php` | High
|
||||
39 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
40 | File | `/newsDia.php` | Medium
|
||||
41 | File | `/opac/Actions.php?a=login` | High
|
||||
42 | File | `/out.php` | Medium
|
||||
43 | File | `/php-opos/index.php` | High
|
||||
44 | File | `/PreviewHandler.ashx` | High
|
||||
45 | File | `/proxy` | Low
|
||||
46 | File | `/public/launchNewWindow.jsp` | High
|
||||
47 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
48 | File | `/reports/rwservlet` | High
|
||||
49 | File | `/reservation/add_message.php` | High
|
||||
50 | File | `/spip.php` | Medium
|
||||
51 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
52 | File | `/staff/bookdetails.php` | High
|
||||
53 | File | `/uncpath/` | Medium
|
||||
54 | File | `/user/updatePwd` | High
|
||||
55 | File | `/user/update_booking.php` | High
|
||||
56 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
57 | File | `/wireless/security.asp` | High
|
||||
58 | File | `/wp-admin/admin-ajax.php` | High
|
||||
59 | File | `01article.php` | High
|
||||
60 | File | `a-forms.php` | Medium
|
||||
61 | File | `AbstractScheduleJob.java` | High
|
||||
62 | File | `actionphp/download.File.php` | High
|
||||
63 | File | `activenews_view.asp` | High
|
||||
64 | File | `adclick.php` | Medium
|
||||
65 | File | `addtocart.asp` | High
|
||||
66 | File | `admin.a6mambocredits.php` | High
|
||||
67 | File | `admin.cropcanvas.php` | High
|
||||
68 | File | `admin.php` | Medium
|
||||
69 | File | `admin/abc.php` | High
|
||||
70 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
71 | File | `admin/admin/adminsave.html` | High
|
||||
72 | ... | ... | ...
|
||||
15 | File | `/company/store` | High
|
||||
16 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
17 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
19 | File | `/etc/passwd` | Medium
|
||||
20 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
21 | File | `/feeds/post/publish` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
24 | File | `/fos/admin/index.php?page=menu` | High
|
||||
25 | File | `/h/` | Low
|
||||
26 | File | `/home/masterConsole` | High
|
||||
27 | File | `/home/sendBroadcast` | High
|
||||
28 | File | `/hrm/employeeadd.php` | High
|
||||
29 | File | `/hrm/employeeview.php` | High
|
||||
30 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
31 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
32 | File | `/index.php?page=category_list` | High
|
||||
33 | File | `/jobinfo/` | Medium
|
||||
34 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
35 | File | `/lookin/info` | Medium
|
||||
36 | File | `/Moosikay/order.php` | High
|
||||
37 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
38 | File | `/opac/Actions.php?a=login` | High
|
||||
39 | File | `/php-opos/index.php` | High
|
||||
40 | File | `/PreviewHandler.ashx` | High
|
||||
41 | File | `/proxy` | Low
|
||||
42 | File | `/public/launchNewWindow.jsp` | High
|
||||
43 | File | `/recipe-result` | High
|
||||
44 | File | `/reports/rwservlet` | High
|
||||
45 | File | `/reservation/add_message.php` | High
|
||||
46 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
47 | File | `/student/bookdetails.php` | High
|
||||
48 | File | `/uncpath/` | Medium
|
||||
49 | File | `/uploads/exam_question/` | High
|
||||
50 | File | `/user/ticket/create` | High
|
||||
51 | File | `/user/updatePwd` | High
|
||||
52 | File | `/var/lib/docker/<remapping>` | High
|
||||
53 | File | `/wireless/security.asp` | High
|
||||
54 | File | `/wp-admin/admin-ajax.php` | High
|
||||
55 | File | `01article.php` | High
|
||||
56 | File | `a-forms.php` | Medium
|
||||
57 | File | `AbstractScheduleJob.java` | High
|
||||
58 | File | `actionphp/download.File.php` | High
|
||||
59 | File | `activenews_view.asp` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 631 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 529 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,6 +17,7 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [47.89.185.156](https://vuldb.com/?ip.47.89.185.156) | - | - | High
|
||||
2 | [47.254.26.2](https://vuldb.com/?ip.47.254.26.2) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -45,6 +46,7 @@ There are 14 more IOA items available (file, library, argument, input value, pat
|
|||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/
|
||||
* https://twitter.com/0x6rsk/status/1640632227863179269
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -34,14 +34,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -65,34 +65,34 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/forum/PostPrivateMessage` | High
|
||||
15 | File | `/goform/set_LimitClient_cfg` | High
|
||||
16 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
17 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
18 | File | `/net-banking/customer_transactions.php` | High
|
||||
19 | File | `/obs/book.php` | High
|
||||
20 | File | `/ossn/administrator/com_installer` | High
|
||||
21 | File | `/owa/auth/logon.aspx` | High
|
||||
22 | File | `/pms/update_user.php?user_id=1` | High
|
||||
23 | File | `/preview.php` | Medium
|
||||
24 | File | `/requests.php` | High
|
||||
25 | File | `/spip.php` | Medium
|
||||
26 | File | `/sqlite3_aflpp/shell.c` | High
|
||||
27 | File | `/sre/params.php` | High
|
||||
28 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/user/upload/upload` | High
|
||||
31 | File | `/Users` | Low
|
||||
32 | File | `/var/spool/hylafax` | High
|
||||
33 | File | `/vendor` | Low
|
||||
34 | File | `AccessibilityManagerService.java` | High
|
||||
35 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
36 | File | `adclick.php` | Medium
|
||||
37 | File | `add_contestant.php` | High
|
||||
38 | File | `admin.php` | Medium
|
||||
39 | File | `admin/edit_category.php` | High
|
||||
40 | File | `admin/index.php` | High
|
||||
41 | File | `admin/make_payments.php` | High
|
||||
42 | File | `af_netlink.c` | Medium
|
||||
43 | File | `album_portal.php` | High
|
||||
44 | File | `api/auth.go` | Medium
|
||||
17 | File | `/hss/admin/?page=products/view_product` | High
|
||||
18 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
19 | File | `/net-banking/customer_transactions.php` | High
|
||||
20 | File | `/obs/book.php` | High
|
||||
21 | File | `/ossn/administrator/com_installer` | High
|
||||
22 | File | `/owa/auth/logon.aspx` | High
|
||||
23 | File | `/pms/update_user.php?user_id=1` | High
|
||||
24 | File | `/preview.php` | Medium
|
||||
25 | File | `/requests.php` | High
|
||||
26 | File | `/spip.php` | Medium
|
||||
27 | File | `/sqlite3_aflpp/shell.c` | High
|
||||
28 | File | `/sre/params.php` | High
|
||||
29 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/user/upload/upload` | High
|
||||
32 | File | `/Users` | Low
|
||||
33 | File | `/var/spool/hylafax` | High
|
||||
34 | File | `/vendor` | Low
|
||||
35 | File | `AccessibilityManagerService.java` | High
|
||||
36 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
37 | File | `adclick.php` | Medium
|
||||
38 | File | `add_contestant.php` | High
|
||||
39 | File | `admin.php` | Medium
|
||||
40 | File | `admin/edit_category.php` | High
|
||||
41 | File | `admin/index.php` | High
|
||||
42 | File | `admin/make_payments.php` | High
|
||||
43 | File | `admin/_cmdstat.jsp` | High
|
||||
44 | File | `af_netlink.c` | Medium
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 392 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Arkei Stealer:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [LU](https://vuldb.com/?country.lu)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,8 +21,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [93.174.93.178](https://vuldb.com/?ip.93.174.93.178) | - | - | High
|
||||
2 | [213.226.114.217](https://vuldb.com/?ip.213.226.114.217) | - | - | High
|
||||
1 | [45.11.229.188](https://vuldb.com/?ip.45.11.229.188) | 188.229.11.45.in-addr.arpa | - | High
|
||||
2 | [93.174.93.178](https://vuldb.com/?ip.93.174.93.178) | - | - | High
|
||||
3 | [104.244.76.207](https://vuldb.com/?ip.104.244.76.207) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -30,12 +34,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-1321 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -43,24 +50,57 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/communitymanagement.php` | High
|
||||
2 | File | `/admin/generalsettings.php` | High
|
||||
3 | File | `/admin/payment.php` | High
|
||||
4 | File | `/aqpg/users/login.php` | High
|
||||
5 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
6 | File | `/Default/Bd` | Medium
|
||||
7 | File | `/event/admin/?page=user/list` | High
|
||||
8 | File | `/filemanager/upload/drop` | High
|
||||
9 | File | `/getcfg.php` | Medium
|
||||
10 | ... | ... | ...
|
||||
1 | File | `/$({curl` | Medium
|
||||
2 | File | `/action/ipcamRecordPost` | High
|
||||
3 | File | `/admin/ajax.php` | High
|
||||
4 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
5 | File | `/admin/communitymanagement.php` | High
|
||||
6 | File | `/admin/generalsettings.php` | High
|
||||
7 | File | `/admin/inquiries/view_details.php` | High
|
||||
8 | File | `/admin/maintenance/manage_category.php` | High
|
||||
9 | File | `/admin/maintenance/view_designation.php` | High
|
||||
10 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
11 | File | `/admin/payment.php` | High
|
||||
12 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
13 | File | `/admin/syslog` | High
|
||||
14 | File | `/administrator/components/table_manager/` | High
|
||||
15 | File | `/Api/ASF` | Medium
|
||||
16 | File | `/api/public/signup` | High
|
||||
17 | File | `/appConfig/userDB.json` | High
|
||||
18 | File | `/aqpg/users/login.php` | High
|
||||
19 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
20 | File | `/catcompany.php` | High
|
||||
21 | File | `/cgi-bin/` | Medium
|
||||
22 | File | `/cgi-bin/activate.cgi` | High
|
||||
23 | File | `/classes/Login.php` | High
|
||||
24 | File | `/classes/Master.php` | High
|
||||
25 | File | `/classes/Users.php` | High
|
||||
26 | File | `/common/run_cross_report.php` | High
|
||||
27 | File | `/dashboard/contact` | High
|
||||
28 | File | `/dbhcms/ext/news/ext.news.be.php` | High
|
||||
29 | File | `/dcim/sites/add/` | High
|
||||
30 | File | `/Default/Bd` | Medium
|
||||
31 | File | `/dev/ptpX` | Medium
|
||||
32 | File | `/etc/passwd` | Medium
|
||||
33 | File | `/event/admin/?page=user/list` | High
|
||||
34 | File | `/filemanager/upload/drop` | High
|
||||
35 | File | `/getcfg.php` | Medium
|
||||
36 | File | `/goform/WifiBasicSet` | High
|
||||
37 | File | `/hrm/employeeview.php` | High
|
||||
38 | File | `/htdocs/cgibin` | High
|
||||
39 | File | `/inc/topBarNav.php` | High
|
||||
40 | File | `/index.php?case=table&act=add&table=archive&admin_dir=admin` | High
|
||||
41 | File | `/members/view_member.php` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 365 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://app.any.run/tasks/a536276d-8b87-4b02-bed5-ca8135a0dbce/
|
||||
* https://threatfox.abuse.ch
|
||||
* https://tria.ge/220316-w6lh3sffe3
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -51,15 +51,15 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/orders/update_status.php` | High
|
||||
2 | File | `/getcfg.php` | Medium
|
||||
3 | File | `/paysystem/datatable.php` | High
|
||||
4 | File | `/settings/account` | High
|
||||
5 | File | `act.php` | Low
|
||||
6 | File | `admin.php` | Medium
|
||||
7 | File | `admin\posts\manage_post.php` | High
|
||||
2 | File | `/admin/sys_sql_query.php` | High
|
||||
3 | File | `/getcfg.php` | Medium
|
||||
4 | File | `/paysystem/datatable.php` | High
|
||||
5 | File | `/settings/account` | High
|
||||
6 | File | `act.php` | Low
|
||||
7 | File | `admin.php` | Medium
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 53 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 56 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `app\admin\controller\sys\Uploads.php` | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 58 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 59 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
@ -54,12 +54,13 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/etc/luminex/pkgmgr` | High
|
||||
6 | File | `/goform/langSwitch` | High
|
||||
7 | File | `/rom-0` | Low
|
||||
8 | File | `add.php` | Low
|
||||
9 | File | `add_comment.php` | High
|
||||
10 | File | `add_quiz.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
8 | File | `/settings/account` | High
|
||||
9 | File | `/tmp/tardiff-$` | High
|
||||
10 | File | `add.php` | Low
|
||||
11 | File | `add_comment.php` | High
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 93 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Asia Unknown:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
@ -24959,14 +24959,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-29, CWE-50 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -24974,48 +24974,62 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/addproduct.php` | High
|
||||
2 | File | `/admin/positions_add.php` | High
|
||||
3 | File | `/admin/read.php?mudi=announContent` | High
|
||||
4 | File | `/api/` | Low
|
||||
5 | File | `/api/upload.php` | High
|
||||
6 | File | `/api/v1/snapshots` | High
|
||||
7 | File | `/api/v2/cli/commands` | High
|
||||
8 | File | `/application/common.php#action_log` | High
|
||||
9 | File | `/authenticationendpoint/login.do` | High
|
||||
10 | File | `/bin/ate` | Medium
|
||||
11 | File | `/bin/boa` | Medium
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/bsms_ci/index.php` | High
|
||||
14 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
15 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
16 | File | `/cgi-bin/luci` | High
|
||||
17 | File | `/changeimage.php` | High
|
||||
18 | File | `/classes/Users.php?f=save` | High
|
||||
19 | File | `/dottie.js` | Medium
|
||||
20 | File | `/download` | Medium
|
||||
21 | File | `/DXR.axd` | Medium
|
||||
22 | File | `/env` | Low
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/ghost/preview` | High
|
||||
25 | File | `/goForm/aspForm` | High
|
||||
26 | File | `/goform/setmac` | High
|
||||
27 | File | `/goform/setMacFilterCfg` | High
|
||||
28 | File | `/hrm/employeeadd.php` | High
|
||||
29 | File | `/jobinfo/` | Medium
|
||||
30 | File | `/kelasdosen/data` | High
|
||||
31 | File | `/link/` | Low
|
||||
32 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
33 | File | `/mc` | Low
|
||||
34 | File | `/Objects/unicodeobject.c` | High
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/owa/auth/logon.aspx` | High
|
||||
37 | File | `/paysystem/branch.php` | High
|
||||
38 | File | `/php-inventory-management-system/product.php` | High
|
||||
39 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
40 | ... | ... | ...
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
4 | File | `/academy/home/courses` | High
|
||||
5 | File | `/account/delivery` | High
|
||||
6 | File | `/admin/?page=user/list` | High
|
||||
7 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
8 | File | `/admin/about-us.php` | High
|
||||
9 | File | `/admin/add-category.php` | High
|
||||
10 | File | `/admin/add-services.php` | High
|
||||
11 | File | `/admin/admin-profile.php` | High
|
||||
12 | File | `/admin/del_category.php` | High
|
||||
13 | File | `/admin/del_feedback.php` | High
|
||||
14 | File | `/admin/del_service.php` | High
|
||||
15 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
16 | File | `/admin/edit-services.php` | High
|
||||
17 | File | `/admin/edit_category.php` | High
|
||||
18 | File | `/admin/edit_product.php` | High
|
||||
19 | File | `/admin/forgot-password.php` | High
|
||||
20 | File | `/admin/index.php` | High
|
||||
21 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
22 | File | `/admin/invoice.php` | High
|
||||
23 | File | `/admin/search-appointment.php` | High
|
||||
24 | File | `/admin/sys_sql_query.php` | High
|
||||
25 | File | `/admin/test_status.php` | High
|
||||
26 | File | `/api/baskets/{name}` | High
|
||||
27 | File | `/api/database` | High
|
||||
28 | File | `/api/sys/set_passwd` | High
|
||||
29 | File | `/api/upload.php` | High
|
||||
30 | File | `/api/user/{ID}` | High
|
||||
31 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
32 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
33 | File | `/blog` | Low
|
||||
34 | File | `/blog-single.php` | High
|
||||
35 | File | `/booking/show_bookings/` | High
|
||||
36 | File | `/browse` | Low
|
||||
37 | File | `/bsms_ci/index.php` | High
|
||||
38 | File | `/c/PluginsController.php` | High
|
||||
39 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
40 | File | `/chaincity/user/ticket/create` | High
|
||||
41 | File | `/classes/Master.php?f=delete_category` | High
|
||||
42 | File | `/classes/Master.php?f=save_brand` | High
|
||||
43 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
44 | File | `/config/getuser` | High
|
||||
45 | File | `/cstecgi.cgi` | Medium
|
||||
46 | File | `/data/remove` | Medium
|
||||
47 | File | `/download` | Medium
|
||||
48 | File | `/DXR.axd` | Medium
|
||||
49 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
50 | File | `/etc/passwd` | Medium
|
||||
51 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
|
||||
52 | File | `/find-a-match` | High
|
||||
53 | File | `/forum/away.php` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 475 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -57,7 +57,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
There are 25 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -65,13 +65,13 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
3 | File | `/admin.add` | Medium
|
||||
4 | File | `/admin.php/news/admin/topic/save` | High
|
||||
5 | File | `/admin/api/theme-edit/` | High
|
||||
6 | File | `/admin/comn/service/update.json` | High
|
||||
7 | File | `/admin/fst_upload.inc.php` | High
|
||||
1 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
2 | File | `/admin.add` | Medium
|
||||
3 | File | `/admin.php/news/admin/topic/save` | High
|
||||
4 | File | `/admin/api/theme-edit/` | High
|
||||
5 | File | `/admin/comn/service/update.json` | High
|
||||
6 | File | `/admin/fst_upload.inc.php` | High
|
||||
7 | File | `/admin/index2.html` | High
|
||||
8 | File | `/admin/login.php` | High
|
||||
9 | File | `/admin/maintenance/view_designation.php` | High
|
||||
10 | File | `/admin/robot/approval/list` | High
|
||||
|
@ -79,39 +79,39 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/api/v2/labels/` | High
|
||||
13 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
|
||||
14 | File | `/apply.cgi` | Medium
|
||||
15 | File | `/cgi-bin/go` | Medium
|
||||
16 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
17 | File | `/cgi-bin/wapopen` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/dl/dl_print.php` | High
|
||||
20 | File | `/etc/gsissh/sshd_config` | High
|
||||
21 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/forum/PostPrivateMessage` | High
|
||||
24 | File | `/getcfg.php` | Medium
|
||||
25 | File | `/home/masterConsole` | High
|
||||
26 | File | `/hrm/employeeadd.php` | High
|
||||
27 | File | `/hrm/employeeview.php` | High
|
||||
28 | File | `/info.xml` | Medium
|
||||
29 | File | `/librarian/bookdetails.php` | High
|
||||
30 | File | `/mgmt/tm/util/bash` | High
|
||||
31 | File | `/nova/bin/sniffer` | High
|
||||
32 | File | `/ofcms/company-c-47` | High
|
||||
33 | File | `/opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def` | High
|
||||
34 | File | `/pms/update_user.php?user_id=1` | High
|
||||
35 | File | `/public/login.htm` | High
|
||||
36 | File | `/rom-0` | Low
|
||||
37 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
38 | File | `/secure/ViewCollectors` | High
|
||||
39 | File | `/Session` | Medium
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | File | `/usr/local/nagiosxi/html/admin/sshterm.php` | High
|
||||
43 | File | `/usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php` | High
|
||||
44 | File | `/usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php` | High
|
||||
15 | File | `/cgi-bin/adm.cgi` | High
|
||||
16 | File | `/cgi-bin/go` | Medium
|
||||
17 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
18 | File | `/cgi-bin/wapopen` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/dl/dl_print.php` | High
|
||||
21 | File | `/etc/gsissh/sshd_config` | High
|
||||
22 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/forum/PostPrivateMessage` | High
|
||||
25 | File | `/getcfg.php` | Medium
|
||||
26 | File | `/home/masterConsole` | High
|
||||
27 | File | `/hrm/employeeadd.php` | High
|
||||
28 | File | `/hrm/employeeview.php` | High
|
||||
29 | File | `/info.xml` | Medium
|
||||
30 | File | `/librarian/bookdetails.php` | High
|
||||
31 | File | `/mgmt/tm/util/bash` | High
|
||||
32 | File | `/mics/j_spring_security_check` | High
|
||||
33 | File | `/nova/bin/sniffer` | High
|
||||
34 | File | `/ofcms/company-c-47` | High
|
||||
35 | File | `/opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def` | High
|
||||
36 | File | `/pms/update_user.php?user_id=1` | High
|
||||
37 | File | `/public/login.htm` | High
|
||||
38 | File | `/rom-0` | Low
|
||||
39 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
40 | File | `/secure/ViewCollectors` | High
|
||||
41 | File | `/Session` | Medium
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/staff_login.php` | High
|
||||
44 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 389 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [SH](https://vuldb.com/?country.sh)
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -280,50 +280,53 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
257 | [45.32.211.35](https://vuldb.com/?ip.45.32.211.35) | 45.32.211.35.vultrusercontent.com | - | High
|
||||
258 | [45.58.190.125](https://vuldb.com/?ip.45.58.190.125) | - | - | High
|
||||
259 | [45.66.248.114](https://vuldb.com/?ip.45.66.248.114) | - | - | High
|
||||
260 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
261 | [45.74.38.17](https://vuldb.com/?ip.45.74.38.17) | - | - | High
|
||||
262 | [45.76.56.26](https://vuldb.com/?ip.45.76.56.26) | 45.76.56.26.vultrusercontent.com | - | High
|
||||
263 | [45.77.142.82](https://vuldb.com/?ip.45.77.142.82) | 45.77.142.82.vultrusercontent.com | - | High
|
||||
264 | [45.80.29.139](https://vuldb.com/?ip.45.80.29.139) | hostifox.com.tr | - | High
|
||||
265 | [45.80.158.57](https://vuldb.com/?ip.45.80.158.57) | - | - | High
|
||||
266 | [45.80.158.65](https://vuldb.com/?ip.45.80.158.65) | - | - | High
|
||||
267 | [45.80.158.108](https://vuldb.com/?ip.45.80.158.108) | - | - | High
|
||||
268 | [45.80.158.114](https://vuldb.com/?ip.45.80.158.114) | - | - | High
|
||||
269 | [45.80.158.116](https://vuldb.com/?ip.45.80.158.116) | - | - | High
|
||||
270 | [45.80.158.127](https://vuldb.com/?ip.45.80.158.127) | - | - | High
|
||||
271 | [45.80.158.160](https://vuldb.com/?ip.45.80.158.160) | - | - | High
|
||||
272 | [45.80.158.237](https://vuldb.com/?ip.45.80.158.237) | - | - | High
|
||||
273 | [45.81.243.217](https://vuldb.com/?ip.45.81.243.217) | - | - | High
|
||||
274 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
275 | [45.88.67.12](https://vuldb.com/?ip.45.88.67.12) | - | - | High
|
||||
276 | [45.88.79.224](https://vuldb.com/?ip.45.88.79.224) | free.example.com | - | High
|
||||
277 | [45.92.1.24](https://vuldb.com/?ip.45.92.1.24) | - | - | High
|
||||
278 | [45.92.1.59](https://vuldb.com/?ip.45.92.1.59) | - | - | High
|
||||
279 | [45.92.1.71](https://vuldb.com/?ip.45.92.1.71) | - | - | High
|
||||
280 | [45.95.168.110](https://vuldb.com/?ip.45.95.168.110) | news.maxko.hr | - | High
|
||||
281 | [45.95.168.116](https://vuldb.com/?ip.45.95.168.116) | maxko-hosting.com | - | High
|
||||
282 | [45.95.169.112](https://vuldb.com/?ip.45.95.169.112) | xdhmhs.com | - | High
|
||||
283 | [45.119.84.166](https://vuldb.com/?ip.45.119.84.166) | - | - | High
|
||||
284 | [45.125.48.112](https://vuldb.com/?ip.45.125.48.112) | - | - | High
|
||||
285 | [45.131.1.70](https://vuldb.com/?ip.45.131.1.70) | ip.serverscity.net | - | High
|
||||
286 | [45.133.1.47](https://vuldb.com/?ip.45.133.1.47) | - | - | High
|
||||
287 | [45.133.1.152](https://vuldb.com/?ip.45.133.1.152) | - | - | High
|
||||
288 | [45.133.174.122](https://vuldb.com/?ip.45.133.174.122) | - | - | High
|
||||
289 | [45.134.140.152](https://vuldb.com/?ip.45.134.140.152) | unn-45-134-140-152.datapacket.com | - | High
|
||||
290 | [45.134.142.193](https://vuldb.com/?ip.45.134.142.193) | unn-45-134-142-193.datapacket.com | - | High
|
||||
291 | [45.134.142.211](https://vuldb.com/?ip.45.134.142.211) | unn-45-134-142-211.datapacket.com | - | High
|
||||
292 | [45.136.4.99](https://vuldb.com/?ip.45.136.4.99) | host-45.136.4.99.saga.net.tr | - | High
|
||||
293 | [45.136.4.101](https://vuldb.com/?ip.45.136.4.101) | host-45.136.4.101.saga.net.tr | - | High
|
||||
294 | [45.136.6.79](https://vuldb.com/?ip.45.136.6.79) | - | - | High
|
||||
295 | [45.137.22.41](https://vuldb.com/?ip.45.137.22.41) | hosted-by.rootlayer.net | - | High
|
||||
296 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
297 | [45.137.22.111](https://vuldb.com/?ip.45.137.22.111) | hosted-by.rootlayer.net | - | High
|
||||
298 | [45.137.22.115](https://vuldb.com/?ip.45.137.22.115) | hosted-by.rootlayer.net | - | High
|
||||
299 | [45.137.22.182](https://vuldb.com/?ip.45.137.22.182) | hosted-by.rootlayer.net | - | High
|
||||
300 | [45.138.16.39](https://vuldb.com/?ip.45.138.16.39) | - | - | High
|
||||
301 | ... | ... | ... | ...
|
||||
260 | [45.74.0.212](https://vuldb.com/?ip.45.74.0.212) | - | - | High
|
||||
261 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
262 | [45.74.38.17](https://vuldb.com/?ip.45.74.38.17) | - | - | High
|
||||
263 | [45.76.56.26](https://vuldb.com/?ip.45.76.56.26) | 45.76.56.26.vultrusercontent.com | - | High
|
||||
264 | [45.77.142.82](https://vuldb.com/?ip.45.77.142.82) | 45.77.142.82.vultrusercontent.com | - | High
|
||||
265 | [45.80.29.139](https://vuldb.com/?ip.45.80.29.139) | hostifox.com.tr | - | High
|
||||
266 | [45.80.158.57](https://vuldb.com/?ip.45.80.158.57) | - | - | High
|
||||
267 | [45.80.158.65](https://vuldb.com/?ip.45.80.158.65) | - | - | High
|
||||
268 | [45.80.158.108](https://vuldb.com/?ip.45.80.158.108) | - | - | High
|
||||
269 | [45.80.158.114](https://vuldb.com/?ip.45.80.158.114) | - | - | High
|
||||
270 | [45.80.158.116](https://vuldb.com/?ip.45.80.158.116) | - | - | High
|
||||
271 | [45.80.158.127](https://vuldb.com/?ip.45.80.158.127) | - | - | High
|
||||
272 | [45.80.158.160](https://vuldb.com/?ip.45.80.158.160) | - | - | High
|
||||
273 | [45.80.158.237](https://vuldb.com/?ip.45.80.158.237) | - | - | High
|
||||
274 | [45.81.243.217](https://vuldb.com/?ip.45.81.243.217) | - | - | High
|
||||
275 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
276 | [45.88.67.12](https://vuldb.com/?ip.45.88.67.12) | - | - | High
|
||||
277 | [45.88.79.224](https://vuldb.com/?ip.45.88.79.224) | free.example.com | - | High
|
||||
278 | [45.92.1.24](https://vuldb.com/?ip.45.92.1.24) | - | - | High
|
||||
279 | [45.92.1.59](https://vuldb.com/?ip.45.92.1.59) | - | - | High
|
||||
280 | [45.92.1.71](https://vuldb.com/?ip.45.92.1.71) | - | - | High
|
||||
281 | [45.95.168.110](https://vuldb.com/?ip.45.95.168.110) | news.maxko.hr | - | High
|
||||
282 | [45.95.168.116](https://vuldb.com/?ip.45.95.168.116) | maxko-hosting.com | - | High
|
||||
283 | [45.95.169.112](https://vuldb.com/?ip.45.95.169.112) | xdhmhs.com | - | High
|
||||
284 | [45.119.84.166](https://vuldb.com/?ip.45.119.84.166) | - | - | High
|
||||
285 | [45.125.48.112](https://vuldb.com/?ip.45.125.48.112) | - | - | High
|
||||
286 | [45.131.1.70](https://vuldb.com/?ip.45.131.1.70) | ip.serverscity.net | - | High
|
||||
287 | [45.133.1.47](https://vuldb.com/?ip.45.133.1.47) | - | - | High
|
||||
288 | [45.133.1.152](https://vuldb.com/?ip.45.133.1.152) | - | - | High
|
||||
289 | [45.133.174.122](https://vuldb.com/?ip.45.133.174.122) | - | - | High
|
||||
290 | [45.134.140.152](https://vuldb.com/?ip.45.134.140.152) | unn-45-134-140-152.datapacket.com | - | High
|
||||
291 | [45.134.142.193](https://vuldb.com/?ip.45.134.142.193) | unn-45-134-142-193.datapacket.com | - | High
|
||||
292 | [45.134.142.211](https://vuldb.com/?ip.45.134.142.211) | unn-45-134-142-211.datapacket.com | - | High
|
||||
293 | [45.136.4.99](https://vuldb.com/?ip.45.136.4.99) | host-45.136.4.99.saga.net.tr | - | High
|
||||
294 | [45.136.4.101](https://vuldb.com/?ip.45.136.4.101) | host-45.136.4.101.saga.net.tr | - | High
|
||||
295 | [45.136.6.79](https://vuldb.com/?ip.45.136.6.79) | - | - | High
|
||||
296 | [45.137.22.41](https://vuldb.com/?ip.45.137.22.41) | hosted-by.rootlayer.net | - | High
|
||||
297 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
298 | [45.137.22.111](https://vuldb.com/?ip.45.137.22.111) | hosted-by.rootlayer.net | - | High
|
||||
299 | [45.137.22.115](https://vuldb.com/?ip.45.137.22.115) | hosted-by.rootlayer.net | - | High
|
||||
300 | [45.137.22.182](https://vuldb.com/?ip.45.137.22.182) | hosted-by.rootlayer.net | - | High
|
||||
301 | [45.138.16.39](https://vuldb.com/?ip.45.138.16.39) | - | - | High
|
||||
302 | [45.138.16.48](https://vuldb.com/?ip.45.138.16.48) | - | - | High
|
||||
303 | [45.138.16.71](https://vuldb.com/?ip.45.138.16.71) | - | - | High
|
||||
304 | ... | ... | ... | ...
|
||||
|
||||
There are 1202 more IOC items available. Please use our online service to access the data.
|
||||
There are 1211 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -331,14 +334,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -347,46 +350,57 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/academy/home/courses` | High
|
||||
3 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
4 | File | `/admin/del_feedback.php` | High
|
||||
5 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
6 | File | `/admin/modal_add_product.php` | High
|
||||
7 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
4 | File | `/admin/about-us.php` | High
|
||||
5 | File | `/admin/del_feedback.php` | High
|
||||
6 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
7 | File | `/admin/modal_add_product.php` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/common/ping` | High
|
||||
10 | File | `/api/upload.php` | High
|
||||
11 | File | `/api?path=profile` | High
|
||||
12 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
13 | File | `/authenticationendpoint/login.do` | High
|
||||
14 | File | `/booking/show_bookings/` | High
|
||||
15 | File | `/category.php` | High
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/chaincity/user/ticket/create` | High
|
||||
18 | File | `/classes/Users.php?f=save` | High
|
||||
19 | File | `/contact/store` | High
|
||||
9 | File | `/api/database` | High
|
||||
10 | File | `/api/sys/set_passwd` | High
|
||||
11 | File | `/api/upload.php` | High
|
||||
12 | File | `/api?path=profile` | High
|
||||
13 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
14 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
15 | File | `/c/PluginsController.php` | High
|
||||
16 | File | `/chaincity/user/ticket/create` | High
|
||||
17 | File | `/ci_spms/admin/search/searching/` | High
|
||||
18 | File | `/classes/Master.php?f=save_brand` | High
|
||||
19 | File | `/classes/Users.php?f=save` | High
|
||||
20 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
21 | File | `/csms/admin/inquiries/view_details.php` | High
|
||||
22 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
23 | File | `/ecommerce/support_ticket` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/friends/ajax_invite` | High
|
||||
26 | File | `/FuguHub/cmsdocs/` | High
|
||||
27 | File | `/graphql` | Medium
|
||||
28 | File | `/h/autoSaveDraft` | High
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/home/filter_listings` | High
|
||||
31 | File | `/include/chart_generator.php` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
33 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
34 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
35 | File | `/librarian/bookdetails.php` | High
|
||||
36 | File | `/matchmakings/question` | High
|
||||
37 | File | `/osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php` | High
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | ... | ... | ...
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/etc/pki/pesign` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/friends/ajax_invite` | High
|
||||
25 | File | `/goform/set_LimitClient_cfg` | High
|
||||
26 | File | `/graphql` | Medium
|
||||
27 | File | `/group1/uploa` | High
|
||||
28 | File | `/home/filter_listings` | High
|
||||
29 | File | `/includes/db_connect.php` | High
|
||||
30 | File | `/includes/session.php` | High
|
||||
31 | File | `/index.php` | Medium
|
||||
32 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
33 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
34 | File | `/instance/detail` | High
|
||||
35 | File | `/items/search` | High
|
||||
36 | File | `/knowage/restful-services/dossier/importTemplateFile` | High
|
||||
37 | File | `/languages/install.php` | High
|
||||
38 | File | `/matchmakings/question` | High
|
||||
39 | File | `/modules/projects/vw_files.php` | High
|
||||
40 | File | `/modules/public/calendar.php` | High
|
||||
41 | File | `/modules/public/date_format.php` | High
|
||||
42 | File | `/modules/tasks/gantt.php` | High
|
||||
43 | File | `/osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php` | High
|
||||
44 | File | `/out.php` | Medium
|
||||
45 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
46 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
47 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
48 | File | `/resources//../` | High
|
||||
49 | File | `/search.php` | Medium
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 332 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 435 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -409,6 +423,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/0f4b41ef5ed2e5a0545375864b935c37dbda616cb5d3c79a7a4f5b0fce5752ec/
|
||||
* https://bazaar.abuse.ch/sample/0fcf209d927d0adc592a1855f27251eed98dcc13687e0eb6e7c0987061f97ba0/
|
||||
* https://bazaar.abuse.ch/sample/00cdee79a9afc1bf239675ba0dc1850da9e4bf9a994bb61d0ec22c9fdd3aa36f/
|
||||
* https://bazaar.abuse.ch/sample/002502891e9e63904545fafdac5256575df15d3c9a556e9eb27a7b0c88c4569f/
|
||||
* https://bazaar.abuse.ch/sample/01b3510e1a1370b349d5a70dc5be190622d5c19b697f966c9c3e5611dd1fcab5/
|
||||
* https://bazaar.abuse.ch/sample/04f5fbfe8dee8d02c12f92e02c9dc24368298daadb76068ee911f00b06d9e36c/
|
||||
* https://bazaar.abuse.ch/sample/045a5dd1bdc6545c40d8d437b088d6358d13fa5bdebac6b0dd0ae25a4f3276d9/
|
||||
|
@ -511,6 +526,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/8f7649bc068b21404fe08229026859aaa468634963eca11cc64b661fa64a6880/
|
||||
* https://bazaar.abuse.ch/sample/9a8fd2998869405d6dd8a1e48d75c5bd072ab2768f80717b205115ec5303eb71/
|
||||
* https://bazaar.abuse.ch/sample/9a22c8cc9928574868022d5b47738b8fc85027d0cec46dd2f91f885d19ad2f18/
|
||||
* https://bazaar.abuse.ch/sample/9a26938a0e77297b36fdb44bf1b5a7fb9d7a745ac67681c6ae7db9d721ad4c9e/
|
||||
* https://bazaar.abuse.ch/sample/9ab1e506b754fb9eb0c7050108c9510aa6eae10a88b10043d6f85368cf4228ce/
|
||||
* https://bazaar.abuse.ch/sample/9b7cd17432d810b59426747d9f1402df08dd8d80cfab512751c81200425f3735/
|
||||
* https://bazaar.abuse.ch/sample/9b29b12058434556ae532941544a2e2ab58bfbb4e7fcbc809d31313294ca9f78/
|
||||
|
@ -680,6 +696,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/1299373ec40fc1f3f16957338574a9ad51a94e62220cc8c08f1ad81dee443544/
|
||||
* https://bazaar.abuse.ch/sample/1383896f2ff5aeb8b5441ca84559cff12f36180140effe2c793c6cbc17cd7c11/
|
||||
* https://bazaar.abuse.ch/sample/3033956fcd540bc6d9f64fe4bce35b626deb627f7cc8394c19d1e3c07485ef61/
|
||||
* https://bazaar.abuse.ch/sample/4187623c2862328da86414eefedf4ffc231a3f39011d6791d23e94a8eb6e84a9/
|
||||
* https://bazaar.abuse.ch/sample/8894823b84c7cde71ed40ade5752da9d7e24ef4cfc2079667a6db6343ce28ac0/
|
||||
* https://bazaar.abuse.ch/sample/9371353add3a0bdf8718f3857b94b2e2933b4ae7fe1e8b1056271c252d894666/
|
||||
* https://bazaar.abuse.ch/sample/9699022b7bd45a72cf29614bdd131400dbee0ab5d6a5c2e03ed1c13e7cf0eca0/
|
||||
|
@ -752,6 +769,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/b80bf99f9519393987d431958487bc507e6f8b475e032aa950880f89ddfa11a1/
|
||||
* https://bazaar.abuse.ch/sample/b924f8f3b8ec730ab652403248f07d163b4218260e8896afdb6cb7b002205a3a/
|
||||
* https://bazaar.abuse.ch/sample/b24993e503f1ba6774ff88faebc3487bfece018b3baac4b0ada076d7f86ef26d/
|
||||
* https://bazaar.abuse.ch/sample/b79718f59f3d7d72a416fe00c3ab3477b43282981e69f9cf5426b2c8012423c1/
|
||||
* https://bazaar.abuse.ch/sample/b633829ec12cb30879e514affc54a512165078d659bded04214cb543aff1bc34/
|
||||
* https://bazaar.abuse.ch/sample/b483938661c2095fa0e85c704031b81525cad046633095a2adc1f5992db43b0f/
|
||||
* https://bazaar.abuse.ch/sample/b493208184fa838892417ca6066061856a0aa98c798573bc7a8dcc61327d81a9/
|
||||
|
@ -892,6 +910,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/fc1fb33aa35668af6193a2d521edc97e10b3f64cbd3640de7da1dd3e8a158b68/
|
||||
* https://bazaar.abuse.ch/sample/fc15f958384227e0df809fe1f0e043c2c596d88d0de5b6c799799529626a414c/
|
||||
* https://bazaar.abuse.ch/sample/fcfda22e8938ce7846eb3494af9778f601b676df3446a0b5b1a710c08d632010/
|
||||
* https://bazaar.abuse.ch/sample/fd87155ae16286e44eb0068f8ea18a735bc8b8a1fbefc60f70b7a5a14538677b/
|
||||
* https://bazaar.abuse.ch/sample/ff3df6e74b6eb27f5dbe734d78ca97937d121df09149bba70d2bd1fb151bb56b/
|
||||
* https://bazaar.abuse.ch/sample/ffb0cc5b049fb6579cdd30203ad594c72f1f985b067b7139e7fc770b8f900648/
|
||||
* https://bazaar.abuse.ch/sample/ffdbbc04470d0abb40347fa73fbe6c0e16cb21689f8ff11c0947fde79baad402/
|
||||
|
|
|
@ -110,49 +110,49 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin/login.php` | High
|
||||
4 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
|
||||
5 | File | `/cas/logout` | Medium
|
||||
6 | File | `/coreframe/app/member/admin/group.php` | High
|
||||
7 | File | `/film-rating.php` | High
|
||||
8 | File | `/index.php` | Medium
|
||||
9 | File | `/librarian/bookdetails.php` | High
|
||||
10 | File | `/mgmt/tm/util/bash` | High
|
||||
11 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
12 | File | `/modules/projects/vw_files.php` | High
|
||||
13 | File | `/school/model/get_events.php` | High
|
||||
14 | File | `/secure/ViewCollectors` | High
|
||||
15 | File | `/Session` | Medium
|
||||
16 | File | `/spacecom/login.php` | High
|
||||
17 | File | `/student/bookdetails.php` | High
|
||||
18 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
|
||||
19 | File | `AbstractController.php` | High
|
||||
20 | File | `account.asp` | Medium
|
||||
21 | File | `adclick.php` | Medium
|
||||
22 | File | `addpost_newpoll.php` | High
|
||||
23 | File | `add_comment.php` | High
|
||||
24 | File | `admin.php` | Medium
|
||||
25 | File | `admin.remository.php` | High
|
||||
26 | File | `admin/establishment/manage.php` | High
|
||||
27 | File | `admin/inquiries/view_details.php` | High
|
||||
28 | File | `admin/news.php` | High
|
||||
29 | File | `admin/page.php` | High
|
||||
30 | File | `administrator/upload.php` | High
|
||||
31 | File | `Administrator/users.php` | High
|
||||
32 | File | `affich.php` | Medium
|
||||
33 | File | `album_portal.php` | High
|
||||
34 | File | `announce.php` | Medium
|
||||
35 | File | `archive.php` | Medium
|
||||
36 | File | `auth.inc.php` | Medium
|
||||
37 | File | `autor.php` | Medium
|
||||
38 | File | `b2archives.php` | High
|
||||
39 | File | `bbs/faq.php` | Medium
|
||||
40 | File | `bb_usage_stats.php` | High
|
||||
41 | File | `bl-kernel/ajax/upload-images.php` | High
|
||||
42 | File | `board.php` | Medium
|
||||
43 | File | `book.cfm` | Medium
|
||||
44 | File | `book.php` | Medium
|
||||
45 | File | `BookAction.class.php` | High
|
||||
6 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
7 | File | `/coreframe/app/member/admin/group.php` | High
|
||||
8 | File | `/film-rating.php` | High
|
||||
9 | File | `/index.php` | Medium
|
||||
10 | File | `/index.php?page=member` | High
|
||||
11 | File | `/librarian/bookdetails.php` | High
|
||||
12 | File | `/mgmt/tm/util/bash` | High
|
||||
13 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
14 | File | `/modules/projects/vw_files.php` | High
|
||||
15 | File | `/school/model/get_events.php` | High
|
||||
16 | File | `/secure/ViewCollectors` | High
|
||||
17 | File | `/Session` | Medium
|
||||
18 | File | `/spacecom/login.php` | High
|
||||
19 | File | `/student/bookdetails.php` | High
|
||||
20 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
|
||||
21 | File | `AbstractController.php` | High
|
||||
22 | File | `account.asp` | Medium
|
||||
23 | File | `adclick.php` | Medium
|
||||
24 | File | `addpost_newpoll.php` | High
|
||||
25 | File | `add_comment.php` | High
|
||||
26 | File | `admin.php` | Medium
|
||||
27 | File | `admin.remository.php` | High
|
||||
28 | File | `admin/establishment/manage.php` | High
|
||||
29 | File | `admin/inquiries/view_details.php` | High
|
||||
30 | File | `admin/news.php` | High
|
||||
31 | File | `admin/page.php` | High
|
||||
32 | File | `administrator/upload.php` | High
|
||||
33 | File | `Administrator/users.php` | High
|
||||
34 | File | `affich.php` | Medium
|
||||
35 | File | `album_portal.php` | High
|
||||
36 | File | `announce.php` | Medium
|
||||
37 | File | `archive.php` | Medium
|
||||
38 | File | `auth.inc.php` | Medium
|
||||
39 | File | `autor.php` | Medium
|
||||
40 | File | `b2archives.php` | High
|
||||
41 | File | `bbs/faq.php` | Medium
|
||||
42 | File | `bb_usage_stats.php` | High
|
||||
43 | File | `bl-kernel/ajax/upload-images.php` | High
|
||||
44 | File | `board.php` | Medium
|
||||
45 | File | `book.cfm` | Medium
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 397 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 402 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Australia Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IO](https://vuldb.com/?country.io)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -2974,28 +2974,9 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
2951 | [69.166.198.0](https://vuldb.com/?ip.69.166.198.0) | 69-166-198-0.fwd.dsl-sub.ticolo.net | - | High
|
||||
2952 | [69.169.232.0](https://vuldb.com/?ip.69.169.232.0) | - | - | High
|
||||
2953 | [69.169.236.0](https://vuldb.com/?ip.69.169.236.0) | - | - | High
|
||||
2954 | [69.174.220.0](https://vuldb.com/?ip.69.174.220.0) | - | - | High
|
||||
2955 | [69.191.176.0](https://vuldb.com/?ip.69.191.176.0) | - | - | High
|
||||
2956 | [69.191.179.0](https://vuldb.com/?ip.69.191.179.0) | - | - | High
|
||||
2957 | [69.192.6.0](https://vuldb.com/?ip.69.192.6.0) | a69-192-6-0.deploy.static.akamaitechnologies.com | - | High
|
||||
2958 | [69.192.168.0](https://vuldb.com/?ip.69.192.168.0) | a69-192-168-0.deploy.static.akamaitechnologies.com | - | High
|
||||
2959 | [69.194.169.0](https://vuldb.com/?ip.69.194.169.0) | - | - | High
|
||||
2960 | [69.195.165.0](https://vuldb.com/?ip.69.195.165.0) | - | - | High
|
||||
2961 | [69.197.17.0](https://vuldb.com/?ip.69.197.17.0) | 69-197-17-0.stackpathedge.net | - | High
|
||||
2962 | [69.197.18.0](https://vuldb.com/?ip.69.197.18.0) | 69-197-18-0.stackpathedge.net | - | High
|
||||
2963 | [70.34.61.0](https://vuldb.com/?ip.70.34.61.0) | - | - | High
|
||||
2964 | [70.34.62.0](https://vuldb.com/?ip.70.34.62.0) | - | - | High
|
||||
2965 | [70.37.147.0](https://vuldb.com/?ip.70.37.147.0) | - | - | High
|
||||
2966 | [70.37.148.0](https://vuldb.com/?ip.70.37.148.0) | - | - | High
|
||||
2967 | [70.37.149.0](https://vuldb.com/?ip.70.37.149.0) | - | - | High
|
||||
2968 | [70.37.159.0](https://vuldb.com/?ip.70.37.159.0) | - | - | High
|
||||
2969 | [70.132.29.0](https://vuldb.com/?ip.70.132.29.0) | server-70-132-29-0.syd1.r.cloudfront.net | - | High
|
||||
2970 | [70.232.64.0](https://vuldb.com/?ip.70.232.64.0) | - | - | High
|
||||
2971 | [70.232.80.0](https://vuldb.com/?ip.70.232.80.0) | - | - | High
|
||||
2972 | [70.232.88.0](https://vuldb.com/?ip.70.232.88.0) | - | - | High
|
||||
2973 | ... | ... | ... | ...
|
||||
2954 | ... | ... | ... | ...
|
||||
|
||||
There are 11890 more IOC items available. Please use our online service to access the data.
|
||||
There are 11810 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -3003,14 +2984,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-36, CWE-50 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | T1078.001 | CWE-259 | Use of Hard-coded Password | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -3018,61 +3000,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/about/../` | Medium
|
||||
5 | File | `/admin.php/update/getFile.html` | High
|
||||
6 | File | `/admin/cashadvance_row.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/scheprofile.cgi` | High
|
||||
9 | File | `/admin/userprofile.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/blade-log/api/list` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/application/views/themeOptions/update.php` | High
|
||||
15 | File | `/authUserAction!edit.action` | High
|
||||
16 | File | `/cgi-bin` | Medium
|
||||
17 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
18 | File | `/cgi-bin/wapopen` | High
|
||||
19 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
20 | File | `/cmsms-2.1.6-install.php/index.php` | High
|
||||
21 | File | `/config/myfield/test.php` | High
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
3 | File | `/admin/edit.php` | High
|
||||
4 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
5 | File | `/admin/sys_sql_query.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/v1/snapshots` | High
|
||||
8 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
|
||||
9 | File | `/bin/ate` | Medium
|
||||
10 | File | `/bin/boa` | Medium
|
||||
11 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
12 | File | `/blog` | Low
|
||||
13 | File | `/booking/show_bookings/` | High
|
||||
14 | File | `/category.php` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/cimom` | Low
|
||||
17 | File | `/classes/master.php?f=delete_order` | High
|
||||
18 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
19 | File | `/classes/Master.php?f=save_service` | High
|
||||
20 | File | `/company/store` | High
|
||||
21 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/dev/shm` | Medium
|
||||
23 | File | `/download` | Medium
|
||||
24 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
25 | File | `/Electron/download` | High
|
||||
26 | File | `/feeds/post/publish` | High
|
||||
27 | File | `/forms/doLogin` | High
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
30 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
31 | File | `/index/user/user_edit.html` | High
|
||||
32 | File | `/Items/*/RemoteImages/Download` | High
|
||||
33 | File | `/loginsave.php` | High
|
||||
34 | File | `/Moosikay/order.php` | High
|
||||
35 | File | `/opac/Actions.php?a=login` | High
|
||||
36 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/reservation/add_message.php` | High
|
||||
40 | File | `/rest/project-templates/1.0/createshared` | High
|
||||
41 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
42 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
43 | File | `/tool/gen/createTable` | High
|
||||
44 | File | `/ueditor/net/controller.ashx?action=catchimage` | High
|
||||
45 | File | `/user/updatePwd` | High
|
||||
46 | File | `/v2/customerdb/operator.svc/a` | High
|
||||
47 | File | `/v2/_catalog` | Medium
|
||||
48 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
49 | File | `/vendor/views/add_product.php` | High
|
||||
50 | File | `/webroot/inc/utility_all.php` | High
|
||||
51 | File | `/wireless/security.asp` | High
|
||||
52 | File | `/wp-admin/admin-ajax.php` | High
|
||||
53 | ... | ... | ...
|
||||
25 | File | `/env` | Low
|
||||
26 | File | `/etc/passwd` | Medium
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/goform/aspForm` | High
|
||||
29 | File | `/group1/uploa` | High
|
||||
30 | File | `/h/` | Low
|
||||
31 | File | `/home/kickPlayer` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
33 | File | `/index.php/coins/update_marketboxslider` | High
|
||||
34 | File | `/index.php/payment/getcoinaddress` | High
|
||||
35 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
36 | File | `/jobinfo/` | Medium
|
||||
37 | File | `/librarian/bookdetails.php` | High
|
||||
38 | File | `/owa/auth/logon.aspx` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 462 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1157,7 +1157,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -1167,68 +1167,67 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/cashadvance_row.php` | High
|
||||
6 | File | `/admin/edit_subject.php` | High
|
||||
7 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
8 | File | `/admin/maintenance/view_designation.php` | High
|
||||
9 | File | `/admin/products/manage_product.php` | High
|
||||
10 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
11 | File | `/admin/reg.php` | High
|
||||
12 | File | `/admin/report/index.php` | High
|
||||
13 | File | `/admin/userprofile.php` | High
|
||||
14 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
15 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
16 | File | `/appliance/users?action=edit` | High
|
||||
17 | File | `/APR/login.php` | High
|
||||
18 | File | `/backup.pl` | Medium
|
||||
19 | File | `/bin/httpd` | Medium
|
||||
20 | File | `/booking/show_bookings/` | High
|
||||
21 | File | `/cgi-bin/wapopen` | High
|
||||
22 | File | `/classes/Master.php?f=delete_service` | High
|
||||
23 | File | `/classes/Master.php?f=save_course` | High
|
||||
24 | File | `/dipam/athlete-profile.php` | High
|
||||
25 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
26 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
27 | File | `/edoc/doctor/patient.php` | High
|
||||
28 | File | `/feeds/post/publish` | High
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/h/` | Low
|
||||
31 | File | `/home/masterConsole` | High
|
||||
32 | File | `/home/sendBroadcast` | High
|
||||
33 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
34 | File | `/inc/topBarNav.php` | High
|
||||
35 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
36 | File | `/index.php?page=category_list` | High
|
||||
37 | File | `/jobinfo/` | Medium
|
||||
38 | File | `/kelasdosen/data` | High
|
||||
39 | File | `/Moosikay/order.php` | High
|
||||
40 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
41 | File | `/opac/Actions.php?a=login` | High
|
||||
42 | File | `/osm/REGISTER.cmd` | High
|
||||
43 | File | `/out.php` | Medium
|
||||
44 | File | `/paysystem/datatable.php` | High
|
||||
45 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
46 | File | `/php-opos/index.php` | High
|
||||
47 | File | `/php-scrm/login.php` | High
|
||||
48 | File | `/PreviewHandler.ashx` | High
|
||||
49 | File | `/public/launchNewWindow.jsp` | High
|
||||
50 | File | `/reservation/add_message.php` | High
|
||||
51 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
52 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
53 | File | `/send_order.cgi?parameter=restart` | High
|
||||
54 | File | `/spip.php` | Medium
|
||||
55 | File | `/student/bookdetails.php` | High
|
||||
56 | File | `/uncpath/` | Medium
|
||||
57 | File | `/uploads/exam_question/` | High
|
||||
58 | File | `/user/updatePwd` | High
|
||||
59 | File | `/var/lib/docker/<remapping>` | High
|
||||
60 | File | `/view-pass-detail.php` | High
|
||||
61 | File | `/wireless/security.asp` | High
|
||||
62 | ... | ... | ...
|
||||
3 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
4 | File | `/about.php` | Medium
|
||||
5 | File | `/admin.php/update/getFile.html` | High
|
||||
6 | File | `/admin/?page=user/list` | High
|
||||
7 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
8 | File | `/admin/about-us.php` | High
|
||||
9 | File | `/admin/cashadvance_row.php` | High
|
||||
10 | File | `/admin/del_category.php` | High
|
||||
11 | File | `/admin/del_service.php` | High
|
||||
12 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
13 | File | `/admin/edit-services.php` | High
|
||||
14 | File | `/admin/edit_category.php` | High
|
||||
15 | File | `/admin/edit_subject.php` | High
|
||||
16 | File | `/admin/forgot-password.php` | High
|
||||
17 | File | `/admin/index.php` | High
|
||||
18 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
19 | File | `/admin/maintenance/view_designation.php` | High
|
||||
20 | File | `/admin/products/manage_product.php` | High
|
||||
21 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
22 | File | `/admin/reg.php` | High
|
||||
23 | File | `/admin/report/index.php` | High
|
||||
24 | File | `/admin/search-appointment.php` | High
|
||||
25 | File | `/admin/sys_sql_query.php` | High
|
||||
26 | File | `/admin/userprofile.php` | High
|
||||
27 | File | `/APR/login.php` | High
|
||||
28 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
29 | File | `/blog` | Low
|
||||
30 | File | `/booking/show_bookings/` | High
|
||||
31 | File | `/cgi-bin/wapopen` | High
|
||||
32 | File | `/classes/Master.php?f=delete_service` | High
|
||||
33 | File | `/classes/Master.php?f=save_course` | High
|
||||
34 | File | `/company/store` | High
|
||||
35 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
36 | File | `/dipam/athlete-profile.php` | High
|
||||
37 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
38 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
39 | File | `/edoc/doctor/patient.php` | High
|
||||
40 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
41 | File | `/etc/passwd` | Medium
|
||||
42 | File | `/feeds/post/publish` | High
|
||||
43 | File | `/forum/away.php` | High
|
||||
44 | File | `/h/` | Low
|
||||
45 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
46 | File | `/inc/topBarNav.php` | High
|
||||
47 | File | `/index.php` | Medium
|
||||
48 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
49 | File | `/index.php?page=category_list` | High
|
||||
50 | File | `/jobinfo/` | Medium
|
||||
51 | File | `/kelasdosen/data` | High
|
||||
52 | File | `/listplace/user/coverPhotoUpdate` | High
|
||||
53 | File | `/Moosikay/order.php` | High
|
||||
54 | File | `/opac/Actions.php?a=login` | High
|
||||
55 | File | `/osm/REGISTER.cmd` | High
|
||||
56 | File | `/out.php` | Medium
|
||||
57 | File | `/paysystem/datatable.php` | High
|
||||
58 | File | `/PreviewHandler.ashx` | High
|
||||
59 | File | `/public/launchNewWindow.jsp` | High
|
||||
60 | File | `/recipe-result` | High
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 543 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 535 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [SH](https://vuldb.com/?country.sh)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [LA](https://vuldb.com/?country.la)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -111,9 +111,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
88 | [45.137.22.143](https://vuldb.com/?ip.45.137.22.143) | hosted-by.rootlayer.net | - | High
|
||||
89 | [45.137.65.132](https://vuldb.com/?ip.45.137.65.132) | vm4266462.34ssd.had.wf | - | High
|
||||
90 | [45.137.65.229](https://vuldb.com/?ip.45.137.65.229) | vm4437484.25ssd.had.wf | - | High
|
||||
91 | ... | ... | ... | ...
|
||||
91 | [45.137.116.170](https://vuldb.com/?ip.45.137.116.170) | vps-zap970417-5.zap-srv.com | - | High
|
||||
92 | ... | ... | ... | ...
|
||||
|
||||
There are 359 more IOC items available. Please use our online service to access the data.
|
||||
There are 364 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -121,14 +122,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -136,62 +138,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
3 | File | `/admin/casedetails.php` | High
|
||||
4 | File | `/admin/del_feedback.php` | High
|
||||
5 | File | `/admin/maintenance/brand.php` | High
|
||||
6 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
7 | File | `/admin/modal_add_product.php` | High
|
||||
8 | File | `/admin/positions_add.php` | High
|
||||
9 | File | `/admin/user/manage_user.php` | High
|
||||
10 | File | `/admin/userprofile.php` | High
|
||||
11 | File | `/admin/voters_row.php` | High
|
||||
12 | File | `/ad_js.php` | Medium
|
||||
13 | File | `/ajax.php?action=save_company` | High
|
||||
14 | File | `/ajax.php?action=save_user` | High
|
||||
15 | File | `/ajax/myshop` | Medium
|
||||
16 | File | `/alumni/admin/ajax.php?action=save_settings` | High
|
||||
17 | File | `/api/baskets/{name}` | High
|
||||
18 | File | `/api/gen/clients/{language}` | High
|
||||
19 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
20 | File | `/APR/signup.php` | High
|
||||
21 | File | `/authenticationendpoint/login.do` | High
|
||||
22 | File | `/aux` | Low
|
||||
23 | File | `/backup.pl` | Medium
|
||||
24 | File | `/cas/logout` | Medium
|
||||
25 | File | `/category.php` | High
|
||||
26 | File | `/categorypage.php` | High
|
||||
27 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
28 | File | `/cha.php` | Medium
|
||||
29 | File | `/chaincity/user/ticket/create` | High
|
||||
30 | File | `/College/admin/teacher.php` | High
|
||||
31 | File | `/contactform/contactform.php` | High
|
||||
32 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
33 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
34 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
35 | File | `/dcim/rack-roles/` | High
|
||||
36 | File | `/drivers/block/floppy.c` | High
|
||||
37 | File | `/DXR.axd` | Medium
|
||||
38 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
39 | File | `/ecommerce/support_ticket` | High
|
||||
40 | File | `/etc/shadow` | Medium
|
||||
41 | File | `/forum/away.php` | High
|
||||
42 | File | `/fos/admin/ajax.php` | High
|
||||
43 | File | `/friends/ajax_invite` | High
|
||||
44 | File | `/goform/aspForm` | High
|
||||
45 | File | `/goform/WifiGuestSet` | High
|
||||
46 | File | `/home/filter_listings` | High
|
||||
47 | File | `/inc/topBarNav.php` | High
|
||||
48 | File | `/index.php` | Medium
|
||||
49 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
50 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
51 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
52 | File | `/items/search` | High
|
||||
53 | File | `/kelas/data` | Medium
|
||||
54 | ... | ... | ...
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/academy/home/courses` | High
|
||||
4 | File | `/admin/about-us.php` | High
|
||||
5 | File | `/admin/del_feedback.php` | High
|
||||
6 | File | `/admin/modal_add_product.php` | High
|
||||
7 | File | `/admin/positions_add.php` | High
|
||||
8 | File | `/admin/sys_sql_query.php` | High
|
||||
9 | File | `/ajax.php?action=save_company` | High
|
||||
10 | File | `/ajax.php?action=save_user` | High
|
||||
11 | File | `/api/baskets/{name}` | High
|
||||
12 | File | `/api/database` | High
|
||||
13 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
14 | File | `/authenticationendpoint/login.do` | High
|
||||
15 | File | `/backup.pl` | Medium
|
||||
16 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
17 | File | `/c/PluginsController.php` | High
|
||||
18 | File | `/cas/logout` | Medium
|
||||
19 | File | `/category.php` | High
|
||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
21 | File | `/chaincity/user/ticket/create` | High
|
||||
22 | File | `/company/store` | High
|
||||
23 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
24 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
25 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
26 | File | `/dcim/rack-roles/` | High
|
||||
27 | File | `/DXR.axd` | Medium
|
||||
28 | File | `/ecommerce/support_ticket` | High
|
||||
29 | File | `/ecrire/exec/puce_statut.php` | High
|
||||
30 | File | `/etc/passwd` | Medium
|
||||
31 | File | `/forum/away.php` | High
|
||||
32 | File | `/friends/ajax_invite` | High
|
||||
33 | File | `/goform/WifiGuestSet` | High
|
||||
34 | File | `/h/` | Low
|
||||
35 | File | `/home/filter_listings` | High
|
||||
36 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
37 | File | `/index.php` | Medium
|
||||
38 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
39 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
40 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
41 | File | `/index.php?page=category_list` | High
|
||||
42 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
43 | File | `/instance/detail` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 473 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -100,7 +100,7 @@ ID | Type | Indicator | Confidence
|
|||
47 | File | `add_ons.php` | Medium
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 416 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 421 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -30,9 +30,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
7 | [45.76.18.39](https://vuldb.com/?ip.45.76.18.39) | 45.76.18.39.vultrusercontent.com | - | High
|
||||
8 | [45.139.236.14](https://vuldb.com/?ip.45.139.236.14) | - | - | High
|
||||
9 | [45.140.147.214](https://vuldb.com/?ip.45.140.147.214) | vm1329418.stark-industries.solutions | - | High
|
||||
10 | ... | ... | ... | ...
|
||||
10 | [46.183.221.76](https://vuldb.com/?ip.46.183.221.76) | ip-221-76.dataclub.info | - | High
|
||||
11 | ... | ... | ... | ...
|
||||
|
||||
There are 38 more IOC items available. Please use our online service to access the data.
|
||||
There are 39 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -45,7 +46,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -62,47 +64,60 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/admin/countrymanagement.php` | High
|
||||
6 | File | `/admin/deluser.php` | High
|
||||
7 | File | `/admin/transactions/track_shipment.php` | High
|
||||
8 | File | `/admin/user/manage_user.php` | High
|
||||
9 | File | `/administration/theme.php` | High
|
||||
10 | File | `/ajax-files/postComment.php` | High
|
||||
11 | File | `/auparse/auparse.c` | High
|
||||
12 | File | `/aux` | Low
|
||||
13 | File | `/BindAccount/SuccessTips.js` | High
|
||||
14 | File | `/categorypage.php` | High
|
||||
15 | File | `/classes/Master.php` | High
|
||||
16 | File | `/config/list` | Medium
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/goform/QuickIndex` | High
|
||||
19 | File | `/goform/setMacFilterCfg` | High
|
||||
20 | File | `/goform/WifiBasicSet` | High
|
||||
21 | File | `/home.php` | Medium
|
||||
22 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
23 | File | `/list_temp_photo_pin_upload.php` | High
|
||||
24 | File | `/login.html` | Medium
|
||||
25 | File | `/login.php` | Medium
|
||||
26 | File | `/medical/inventories.php` | High
|
||||
27 | File | `/news-portal-script/information.php` | High
|
||||
28 | File | `/pages.php` | Medium
|
||||
29 | File | `/pages/save_user.php` | High
|
||||
30 | File | `/patient/doctors.php` | High
|
||||
31 | File | `/print.php` | Medium
|
||||
32 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
33 | File | `/rom-0` | Low
|
||||
34 | File | `/searchpin.php` | High
|
||||
35 | File | `/services/Card/findUser` | High
|
||||
36 | File | `/showfile.php` | High
|
||||
37 | File | `/show_group_members.php` | High
|
||||
38 | File | `/timeline2.php` | High
|
||||
39 | File | `/uncpath/` | Medium
|
||||
40 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
41 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
42 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
|
||||
43 | File | `/whbs/?page=manage_account` | High
|
||||
44 | File | `abm.aspx` | Medium
|
||||
45 | File | `actions/ChangeConfiguration.html` | High
|
||||
46 | ... | ... | ...
|
||||
8 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
|
||||
9 | File | `/admin/user/manage_user.php` | High
|
||||
10 | File | `/administration/settings_registration.php` | High
|
||||
11 | File | `/administration/theme.php` | High
|
||||
12 | File | `/ajax-files/postComment.php` | High
|
||||
13 | File | `/alert_check/action=delete_alert_checker/alert_test_id` | High
|
||||
14 | File | `/auparse/auparse.c` | High
|
||||
15 | File | `/aux` | Low
|
||||
16 | File | `/BindAccount/SuccessTips.js` | High
|
||||
17 | File | `/categorypage.php` | High
|
||||
18 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
19 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
20 | File | `/classes/Master.php` | High
|
||||
21 | File | `/config/list` | Medium
|
||||
22 | File | `/data/syslog.filter.json` | High
|
||||
23 | File | `/data/wps.setup.json` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/goform/QuickIndex` | High
|
||||
26 | File | `/goform/SetInternetLanInfo` | High
|
||||
27 | File | `/goform/setMacFilterCfg` | High
|
||||
28 | File | `/goform/SetNetControlList` | High
|
||||
29 | File | `/goform/WifiBasicSet` | High
|
||||
30 | File | `/home.php` | Medium
|
||||
31 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
32 | File | `/iwgallery/pictures/details.asp` | High
|
||||
33 | File | `/list_temp_photo_pin_upload.php` | High
|
||||
34 | File | `/login.php` | Medium
|
||||
35 | File | `/manage/network-basic.php` | High
|
||||
36 | File | `/medical/inventories.php` | High
|
||||
37 | File | `/news-portal-script/information.php` | High
|
||||
38 | File | `/nova/bin/console` | High
|
||||
39 | File | `/pages.php` | Medium
|
||||
40 | File | `/pages/save_user.php` | High
|
||||
41 | File | `/patient/doctors.php` | High
|
||||
42 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||
43 | File | `/print.php` | Medium
|
||||
44 | File | `/public/login.htm` | High
|
||||
45 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
46 | File | `/rom-0` | Low
|
||||
47 | File | `/searchpin.php` | High
|
||||
48 | File | `/services/Card/findUser` | High
|
||||
49 | File | `/showfile.php` | High
|
||||
50 | File | `/show_group_members.php` | High
|
||||
51 | File | `/timeline2.php` | High
|
||||
52 | File | `/uncpath/` | Medium
|
||||
53 | File | `/uno/central.php` | High
|
||||
54 | File | `/user/profile` | High
|
||||
55 | File | `/user/ticket/create` | High
|
||||
56 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
57 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
58 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
|
||||
59 | ... | ... | ...
|
||||
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 513 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -117,6 +132,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://cert.gov.ua/article/2806
|
||||
* https://isc.sans.edu/forums/diary/More+malspam+pushing+passwordprotected+Word+docs+for+AZORult+and+Hermes+Ransomware/23992/
|
||||
* https://threatfox.abuse.ch
|
||||
* https://tracker.viriback.com/index.php?q=198.98.54.161
|
||||
* https://tria.ge/220314-ymactadghk
|
||||
* https://tria.ge/220602-c7n6tagcgn
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LU](https://vuldb.com/?country.lu)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -45,7 +45,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -56,71 +56,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/act/ActDao.xml` | High
|
||||
3 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
4 | File | `/admin/addproduct.php` | High
|
||||
5 | File | `/admin/bookings/manage_booking.php` | High
|
||||
6 | File | `/admin/bookings/view_booking.php` | High
|
||||
7 | File | `/admin/bookings/view_details.php` | High
|
||||
8 | File | `/admin/budget/manage_budget.php` | High
|
||||
9 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
10 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
11 | File | `/admin/departments/view_department.php` | High
|
||||
12 | File | `/admin/edit_subject.php` | High
|
||||
13 | File | `/admin/index.php` | High
|
||||
14 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
15 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
16 | File | `/admin/modal_add_product.php` | High
|
||||
17 | File | `/admin/project/update/2` | High
|
||||
18 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
19 | File | `/admin/reg.php` | High
|
||||
20 | File | `/admin/reportupload.aspx` | High
|
||||
21 | File | `/admin/service.php` | High
|
||||
22 | File | `/admin/services/view_service.php` | High
|
||||
23 | File | `/admin/sys_sql_query.php` | High
|
||||
24 | File | `/admin/test_status.php` | High
|
||||
25 | File | `/admin/update_s6.php` | High
|
||||
26 | File | `/admin/user/manage_user.php` | High
|
||||
27 | File | `/admin/vote_edit.php` | High
|
||||
28 | File | `/ajax.php?action=read_msg` | High
|
||||
29 | File | `/ajax.php?action=save_company` | High
|
||||
30 | File | `/api/stl/actions/search` | High
|
||||
31 | File | `/api/v2/cli/commands` | High
|
||||
32 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
33 | File | `/author_posts.php` | High
|
||||
34 | File | `/bin/ate` | Medium
|
||||
35 | File | `/bin/sh` | Low
|
||||
36 | File | `/blog` | Low
|
||||
37 | File | `/blog-single.php` | High
|
||||
38 | File | `/boafrm/formFilter` | High
|
||||
39 | File | `/boafrm/formHomeWlanSetup` | High
|
||||
40 | File | `/booking/show_bookings/` | High
|
||||
41 | File | `/cgi-bin` | Medium
|
||||
42 | File | `/cgi-bin/ping.cgi` | High
|
||||
43 | File | `/change-language/de_DE` | High
|
||||
44 | File | `/changeimage.php` | High
|
||||
45 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
46 | File | `/classes/Master.php?f=delete_item` | High
|
||||
47 | File | `/classes/Master.php?f=delete_service` | High
|
||||
48 | File | `/classes/Master.php?f=save_course` | High
|
||||
49 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
50 | File | `/classes/Master.php?f=save_item` | High
|
||||
51 | File | `/classes/Users.php?f=save` | High
|
||||
52 | File | `/company/store` | High
|
||||
53 | File | `/config` | Low
|
||||
54 | File | `/contact.php` | Medium
|
||||
55 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
56 | File | `/dcim/rack/` | Medium
|
||||
57 | File | `/dipam/save-delegates.php` | High
|
||||
58 | File | `/dosen/data` | Medium
|
||||
59 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
|
||||
60 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
61 | File | `/ecommerce/support_ticket` | High
|
||||
62 | File | `/EditEventTypes.php` | High
|
||||
63 | ... | ... | ...
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
3 | File | `/academy/home/courses` | High
|
||||
4 | File | `/act/ActDao.xml` | High
|
||||
5 | File | `/ad-list` | Medium
|
||||
6 | File | `/admin/?page=user/list` | High
|
||||
7 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
8 | File | `/admin/addproduct.php` | High
|
||||
9 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
10 | File | `/admin/edit-services.php` | High
|
||||
11 | File | `/admin/edit_product.php` | High
|
||||
12 | File | `/admin/index.php` | High
|
||||
13 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
14 | File | `/admin/modal_add_product.php` | High
|
||||
15 | File | `/admin/project/update/2` | High
|
||||
16 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
17 | File | `/admin/reg.php` | High
|
||||
18 | File | `/admin/sys_sql_query.php` | High
|
||||
19 | File | `/admin/test_status.php` | High
|
||||
20 | File | `/admin/update_s6.php` | High
|
||||
21 | File | `/admin/upload.php` | High
|
||||
22 | File | `/admin/userprofile.php` | High
|
||||
23 | File | `/admin/vote_edit.php` | High
|
||||
24 | File | `/ajax.php?action=read_msg` | High
|
||||
25 | File | `/api/baskets/{name}` | High
|
||||
26 | File | `/api/sys/login` | High
|
||||
27 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
28 | File | `/author_posts.php` | High
|
||||
29 | File | `/bin/ate` | Medium
|
||||
30 | File | `/bin/sh` | Low
|
||||
31 | File | `/blog` | Low
|
||||
32 | File | `/blog-single.php` | High
|
||||
33 | File | `/booking/show_bookings/` | High
|
||||
34 | File | `/browse` | Low
|
||||
35 | File | `/chaincity/user/ticket/create` | High
|
||||
36 | File | `/change-language/de_DE` | High
|
||||
37 | File | `/changeimage.php` | High
|
||||
38 | File | `/classes/Master.php?f=delete_category` | High
|
||||
39 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
40 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
41 | File | `/classes/Master.php?f=save_item` | High
|
||||
42 | File | `/classes/Users.php?f=save` | High
|
||||
43 | File | `/company/store` | High
|
||||
44 | File | `/config` | Low
|
||||
45 | File | `/contact.php` | Medium
|
||||
46 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
47 | File | `/debug/pprof` | Medium
|
||||
48 | File | `/dipam/save-delegates.php` | High
|
||||
49 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
|
||||
50 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
51 | File | `/ecommerce/support_ticket` | High
|
||||
52 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
53 | File | `/env` | Low
|
||||
54 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
|
||||
55 | File | `/file` | Low
|
||||
56 | File | `/find-a-match` | High
|
||||
57 | File | `/forum/away.php` | High
|
||||
58 | File | `/friends` | Medium
|
||||
59 | File | `/friends/ajax_invite` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 556 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -47,7 +47,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `dc_categorieslist.asp` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 14 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Backbone:
|
||||
|
||||
* [IO](https://vuldb.com/?country.io)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -3527,9 +3527,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-270, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -3537,59 +3538,58 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$GIT_DIR/objects` | High
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/?p=products` | Medium
|
||||
4 | File | `/about/../` | Medium
|
||||
5 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
5 | File | `/about/../` | Medium
|
||||
6 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
7 | File | `/admin/?page=user/manage` | High
|
||||
8 | File | `/admin/add-new.php` | High
|
||||
9 | File | `/admin/admin_manage/delete` | High
|
||||
10 | File | `/admin/doctors.php` | High
|
||||
11 | File | `/admin/edit_subject.php` | High
|
||||
12 | File | `/admin/main/mod-blog` | High
|
||||
13 | File | `/admin/products/manage_product.php` | High
|
||||
14 | File | `/admin/scheprofile.cgi` | High
|
||||
15 | File | `/advanced/adv_dns.xgi` | High
|
||||
16 | File | `/alphaware/summary.php` | High
|
||||
17 | File | `/api/` | Low
|
||||
18 | File | `/api/admin/store/product/list` | High
|
||||
19 | File | `/api/blade-log/api/list` | High
|
||||
20 | File | `/api/stl/actions/search` | High
|
||||
21 | File | `/api/v1/snapshots` | High
|
||||
22 | File | `/api/v2/cli/commands` | High
|
||||
23 | File | `/appliance/users?action=edit` | High
|
||||
24 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
|
||||
25 | File | `/authUserAction!edit.action` | High
|
||||
26 | File | `/backup.pl` | Medium
|
||||
27 | File | `/bin/ate` | Medium
|
||||
28 | File | `/bin/boa` | Medium
|
||||
29 | File | `/boat/login.php` | High
|
||||
30 | File | `/browse.PROJECTKEY` | High
|
||||
31 | File | `/bsms_ci/index.php/book` | High
|
||||
32 | File | `/cgi-bin` | Medium
|
||||
33 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
34 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
35 | File | `/cgi-bin/supervisor/adcommand.cgi` | High
|
||||
36 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
37 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
38 | File | `/cmscp/ext/collect/fetch_url.do` | High
|
||||
39 | File | `/debug/pprof` | Medium
|
||||
40 | File | `/dev/shm` | Medium
|
||||
41 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
42 | File | `/edoc/doctor/patient.php` | High
|
||||
43 | File | `/env` | Low
|
||||
44 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
45 | File | `/forms/doLogin` | High
|
||||
46 | File | `/forum/away.php` | High
|
||||
47 | File | `/home/masterConsole` | High
|
||||
48 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
49 | File | `/index/user/user_edit.html` | High
|
||||
50 | File | `/Items/*/RemoteImages/Download` | High
|
||||
51 | ... | ... | ...
|
||||
7 | File | `/admin/?page=user/list` | High
|
||||
8 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
9 | File | `/admin/about-us.php` | High
|
||||
10 | File | `/admin/del_category.php` | High
|
||||
11 | File | `/admin/del_service.php` | High
|
||||
12 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
13 | File | `/admin/edit-services.php` | High
|
||||
14 | File | `/admin/edit_category.php` | High
|
||||
15 | File | `/admin/edit_subject.php` | High
|
||||
16 | File | `/admin/forgot-password.php` | High
|
||||
17 | File | `/admin/index.php` | High
|
||||
18 | File | `/admin/products/manage_product.php` | High
|
||||
19 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
20 | File | `/admin/reg.php` | High
|
||||
21 | File | `/admin/scheprofile.cgi` | High
|
||||
22 | File | `/admin/search-appointment.php` | High
|
||||
23 | File | `/admin/sys_sql_query.php` | High
|
||||
24 | File | `/api/` | Low
|
||||
25 | File | `/api/admin/store/product/list` | High
|
||||
26 | File | `/api/baskets/{name}` | High
|
||||
27 | File | `/api/blade-log/api/list` | High
|
||||
28 | File | `/api/stl/actions/search` | High
|
||||
29 | File | `/api/v1/snapshots` | High
|
||||
30 | File | `/api/v2/cli/commands` | High
|
||||
31 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
|
||||
32 | File | `/authUserAction!edit.action` | High
|
||||
33 | File | `/bin/ate` | Medium
|
||||
34 | File | `/bin/boa` | Medium
|
||||
35 | File | `/blog` | Low
|
||||
36 | File | `/booking/show_bookings/` | High
|
||||
37 | File | `/category.php` | High
|
||||
38 | File | `/cgi-bin` | Medium
|
||||
39 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
40 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
41 | File | `/cimom` | Low
|
||||
42 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
43 | File | `/classes/Master.php?f=save_service` | High
|
||||
44 | File | `/debug/pprof` | Medium
|
||||
45 | File | `/dev/shm` | Medium
|
||||
46 | File | `/dipam/athlete-profile.php` | High
|
||||
47 | File | `/download` | Medium
|
||||
48 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
49 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 441 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 436 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -103,7 +103,7 @@ ID | Type | Indicator | Confidence
|
|||
44 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 389 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -28,9 +28,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
2 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -40,10 +43,10 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/usr/local/sbin/webproject/set_param.cgi` | High
|
||||
2 | File | `category.cfm` | Medium
|
||||
3 | File | `includes/pages.inc.php` | High
|
||||
3 | File | `content.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 5 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -70,14 +70,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-24, CWE-28, CWE-36, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-22, CWE-24, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -85,74 +85,58 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
5 | File | `/admin/?page=reminders/view_reminder` | High
|
||||
6 | File | `/admin/?page=user` | High
|
||||
7 | File | `/admin/ballot_down.php` | High
|
||||
8 | File | `/admin/ballot_up.php` | High
|
||||
9 | File | `/admin/bookings/view_booking.php` | High
|
||||
10 | File | `/admin/bookings/view_details.php` | High
|
||||
11 | File | `/admin/budget/manage_budget.php` | High
|
||||
12 | File | `/admin/candidates_row.php` | High
|
||||
13 | File | `/admin/categories/view_category.php` | High
|
||||
14 | File | `/admin/configurations/userInfo` | High
|
||||
15 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
16 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
17 | File | `/admin/departments/view_department.php` | High
|
||||
18 | File | `/admin/edit_subject.php` | High
|
||||
19 | File | `/admin/forgot-password.php` | High
|
||||
20 | File | `/admin/index.php` | High
|
||||
21 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
22 | File | `/admin/maintenance/manage_category.php` | High
|
||||
23 | File | `/admin/maintenance/view_designation.php` | High
|
||||
24 | File | `/admin/misc/script-proxy` | High
|
||||
25 | File | `/admin/offenses/view_details.php` | High
|
||||
26 | File | `/admin/orders/update_status.php` | High
|
||||
27 | File | `/admin/positions_add.php` | High
|
||||
28 | File | `/admin/positions_delete.php` | High
|
||||
29 | File | `/admin/positions_row.php` | High
|
||||
30 | File | `/admin/products/manage_product.php` | High
|
||||
31 | File | `/admin/reportupload.aspx` | High
|
||||
32 | File | `/admin/sales/view_details.php` | High
|
||||
33 | File | `/admin/save_teacher.php` | High
|
||||
34 | File | `/admin/service.php` | High
|
||||
35 | File | `/admin/services/manage_service.php` | High
|
||||
36 | File | `/admin/user/manage_user.php` | High
|
||||
37 | File | `/admin/userprofile.php` | High
|
||||
38 | File | `/admin/voters_row.php` | High
|
||||
39 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
40 | File | `/api/stl/actions/search` | High
|
||||
41 | File | `/bin/ate` | Medium
|
||||
42 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
43 | File | `/cas/logout` | Medium
|
||||
44 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
45 | File | `/cgi-bin/ping.cgi` | High
|
||||
46 | File | `/circuits/circuit-types/` | High
|
||||
47 | File | `/circuits/provider-accounts/` | High
|
||||
48 | File | `/classes/Login.php` | High
|
||||
49 | File | `/classes/Master.php` | High
|
||||
50 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
51 | File | `/classes/Master.php?f=delete_item` | High
|
||||
52 | File | `/classes/Master.php?f=delete_service` | High
|
||||
53 | File | `/classes/Master.php?f=save_service` | High
|
||||
54 | File | `/classes/Users.php` | High
|
||||
55 | File | `/classes/Users.phpp` | High
|
||||
56 | File | `/dcim/power-panels/` | High
|
||||
57 | File | `/dcim/rack-roles/` | High
|
||||
58 | File | `/dcim/rack/` | Medium
|
||||
59 | File | `/dialog/select_media.php` | High
|
||||
60 | File | `/dosen/data` | Medium
|
||||
61 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
62 | File | `/Electron/download` | High
|
||||
63 | File | `/feeds/post/publish` | High
|
||||
64 | File | `/forms/doLogin` | High
|
||||
65 | File | `/goForm/aspForm` | High
|
||||
66 | ... | ... | ...
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
3 | File | `/account/delivery` | High
|
||||
4 | File | `/admin/?page=user/list` | High
|
||||
5 | File | `/admin/addproduct.php` | High
|
||||
6 | File | `/admin/add_user_modal.php` | High
|
||||
7 | File | `/admin/del_category.php` | High
|
||||
8 | File | `/admin/del_service.php` | High
|
||||
9 | File | `/admin/edit_product.php` | High
|
||||
10 | File | `/admin/forgot-password.php` | High
|
||||
11 | File | `/admin/index.php` | High
|
||||
12 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
13 | File | `/admin/modal_add_product.php` | High
|
||||
14 | File | `/admin/read.php?mudi=announContent` | High
|
||||
15 | File | `/admin/reg.php` | High
|
||||
16 | File | `/admin/reportupload.aspx` | High
|
||||
17 | File | `/admin/search-appointment.php` | High
|
||||
18 | File | `/admin/sys_sql_query.php` | High
|
||||
19 | File | `/admin/test_status.php` | High
|
||||
20 | File | `/admin/update_s6.php` | High
|
||||
21 | File | `/ajax.php?action=read_msg` | High
|
||||
22 | File | `/ajax.php?action=save_company` | High
|
||||
23 | File | `/api/baskets/{name}` | High
|
||||
24 | File | `/api/ping` | Medium
|
||||
25 | File | `/api/set-password` | High
|
||||
26 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
27 | File | `/author_posts.php` | High
|
||||
28 | File | `/blog` | Low
|
||||
29 | File | `/booking/show_bookings/` | High
|
||||
30 | File | `/browse` | Low
|
||||
31 | File | `/cgi-bin/adm.cgi` | High
|
||||
32 | File | `/chaincity/user/ticket/create` | High
|
||||
33 | File | `/circuits/circuit-types/` | High
|
||||
34 | File | `/circuits/provider-accounts/` | High
|
||||
35 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
36 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
37 | File | `/classes/Master.php?f=save_item` | High
|
||||
38 | File | `/classes/Users.php?f=save` | High
|
||||
39 | File | `/company/store` | High
|
||||
40 | File | `/config` | Low
|
||||
41 | File | `/contact.php` | Medium
|
||||
42 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
43 | File | `/dcim/locations/` | High
|
||||
44 | File | `/dcim/power-panels/` | High
|
||||
45 | File | `/dcim/rack-roles/` | High
|
||||
46 | File | `/dcim/rack/` | Medium
|
||||
47 | File | `/dcim/regions/` | High
|
||||
48 | File | `/dcim/site-groups/` | High
|
||||
49 | File | `/dcim/sites/` | Medium
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 583 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 436 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -607,14 +607,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-35, CWE-36, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-24, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -622,71 +622,58 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
5 | File | `/admin/bookings/view_booking.php` | High
|
||||
6 | File | `/admin/bookings/view_details.php` | High
|
||||
7 | File | `/admin/budget/manage_budget.php` | High
|
||||
8 | File | `/admin/configurations/userInfo` | High
|
||||
9 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
10 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
11 | File | `/admin/departments/view_department.php` | High
|
||||
12 | File | `/admin/edit_subject.php` | High
|
||||
13 | File | `/admin/index.php` | High
|
||||
14 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
15 | File | `/admin/maintenance/manage_category.php` | High
|
||||
16 | File | `/admin/maintenance/view_designation.php` | High
|
||||
17 | File | `/admin/misc/script-proxy` | High
|
||||
18 | File | `/admin/orders/update_status.php` | High
|
||||
19 | File | `/admin/reportupload.aspx` | High
|
||||
20 | File | `/admin/save_teacher.php` | High
|
||||
21 | File | `/admin/service.php` | High
|
||||
22 | File | `/admin/services/manage_service.php` | High
|
||||
23 | File | `/admin/user/manage_user.php` | High
|
||||
24 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
25 | File | `/api/stl/actions/search` | High
|
||||
26 | File | `/bin/ate` | Medium
|
||||
27 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
28 | File | `/cas/logout` | Medium
|
||||
29 | File | `/cgi-bin/ping.cgi` | High
|
||||
30 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
31 | File | `/classes/Master.php` | High
|
||||
32 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
33 | File | `/classes/Master.php?f=delete_item` | High
|
||||
34 | File | `/classes/Master.php?f=delete_service` | High
|
||||
35 | File | `/classes/Master.php?f=save_course` | High
|
||||
36 | File | `/classes/Master.php?f=save_service` | High
|
||||
37 | File | `/dcim/rack-roles/` | High
|
||||
38 | File | `/dialog/select_media.php` | High
|
||||
39 | File | `/dosen/data` | Medium
|
||||
40 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
41 | File | `/Electron/download` | High
|
||||
42 | File | `/feeds/post/publish` | High
|
||||
43 | File | `/forms/doLogin` | High
|
||||
44 | File | `/forum/away.php` | High
|
||||
45 | File | `/goForm/aspForm` | High
|
||||
46 | File | `/goform/sysTools` | High
|
||||
47 | File | `/hslist` | Low
|
||||
48 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
49 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
50 | File | `/index.php?page=category_list` | High
|
||||
51 | File | `/jurusan/data` | High
|
||||
52 | File | `/jurusanmatkul/data` | High
|
||||
53 | File | `/kelas/data` | Medium
|
||||
54 | File | `/kelasdosen/data` | High
|
||||
55 | File | `/knowagecockpitengine/api/1.0/pages/execute` | High
|
||||
56 | File | `/Login/CheckLogin` | High
|
||||
57 | File | `/mahasiswa/data` | High
|
||||
58 | File | `/matkul/data` | Medium
|
||||
59 | File | `/Moosikay/order.php` | High
|
||||
60 | File | `/opac/Actions.php?a=login` | High
|
||||
61 | File | `/PreviewHandler.ashx` | High
|
||||
62 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
63 | ... | ... | ...
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
3 | File | `/account/delivery` | High
|
||||
4 | File | `/admin/?page=user/list` | High
|
||||
5 | File | `/admin/addproduct.php` | High
|
||||
6 | File | `/admin/add_user_modal.php` | High
|
||||
7 | File | `/admin/del_category.php` | High
|
||||
8 | File | `/admin/del_service.php` | High
|
||||
9 | File | `/admin/edit_product.php` | High
|
||||
10 | File | `/admin/forgot-password.php` | High
|
||||
11 | File | `/admin/index.php` | High
|
||||
12 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
13 | File | `/admin/modal_add_product.php` | High
|
||||
14 | File | `/admin/read.php?mudi=announContent` | High
|
||||
15 | File | `/admin/reg.php` | High
|
||||
16 | File | `/admin/reportupload.aspx` | High
|
||||
17 | File | `/admin/search-appointment.php` | High
|
||||
18 | File | `/admin/sys_sql_query.php` | High
|
||||
19 | File | `/admin/test_status.php` | High
|
||||
20 | File | `/admin/update_s6.php` | High
|
||||
21 | File | `/ajax.php?action=read_msg` | High
|
||||
22 | File | `/ajax.php?action=save_company` | High
|
||||
23 | File | `/api/baskets/{name}` | High
|
||||
24 | File | `/api/ping` | Medium
|
||||
25 | File | `/api/set-password` | High
|
||||
26 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
27 | File | `/author_posts.php` | High
|
||||
28 | File | `/blog` | Low
|
||||
29 | File | `/booking/show_bookings/` | High
|
||||
30 | File | `/browse` | Low
|
||||
31 | File | `/cgi-bin/adm.cgi` | High
|
||||
32 | File | `/chaincity/user/ticket/create` | High
|
||||
33 | File | `/circuits/circuit-types/` | High
|
||||
34 | File | `/circuits/provider-accounts/` | High
|
||||
35 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
36 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
37 | File | `/classes/Master.php?f=save_item` | High
|
||||
38 | File | `/classes/Users.php?f=save` | High
|
||||
39 | File | `/company/store` | High
|
||||
40 | File | `/config` | Low
|
||||
41 | File | `/contact.php` | Medium
|
||||
42 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
43 | File | `/dcim/locations/` | High
|
||||
44 | File | `/dcim/power-panels/` | High
|
||||
45 | File | `/dcim/rack-roles/` | High
|
||||
46 | File | `/dcim/rack/` | Medium
|
||||
47 | File | `/dcim/regions/` | High
|
||||
48 | File | `/dcim/site-groups/` | High
|
||||
49 | File | `/dcim/sites/` | Medium
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 553 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -95,70 +95,61 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/admin/cashadvance_row.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/userprofile.php` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
11 | File | `/apilog.php` | Medium
|
||||
8 | File | `/admin/sys_sql_query.php` | High
|
||||
9 | File | `/admin/userprofile.php` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
12 | File | `/APR/login.php` | High
|
||||
13 | File | `/bin/httpd` | Medium
|
||||
14 | File | `/cgi-bin/wapopen` | High
|
||||
15 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
17 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
18 | File | `/feeds/post/publish` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/home/masterConsole` | High
|
||||
23 | File | `/home/sendBroadcast` | High
|
||||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
15 | File | `/company/store` | High
|
||||
16 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
17 | File | `/csms/?page=contact_us` | High
|
||||
18 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
19 | File | `/etc/passwd` | Medium
|
||||
20 | File | `/feeds/post/publish` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
23 | File | `/fos/admin/index.php?page=menu` | High
|
||||
24 | File | `/h/` | Low
|
||||
25 | File | `/home/masterConsole` | High
|
||||
26 | File | `/home/sendBroadcast` | High
|
||||
27 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
28 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
29 | File | `/index.php?page=category_list` | High
|
||||
30 | File | `/items/view_item.php` | High
|
||||
30 | File | `/jobinfo/` | Medium
|
||||
31 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
32 | File | `/lookin/info` | Medium
|
||||
33 | File | `/medical/inventories.php` | High
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
35 | File | `/modules/public/calendar.php` | High
|
||||
36 | File | `/Moosikay/order.php` | High
|
||||
37 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
38 | File | `/newsDia.php` | Medium
|
||||
39 | File | `/opac/Actions.php?a=login` | High
|
||||
40 | File | `/out.php` | Medium
|
||||
41 | File | `/php-opos/index.php` | High
|
||||
42 | File | `/PreviewHandler.ashx` | High
|
||||
43 | File | `/proxy` | Low
|
||||
44 | File | `/public/launchNewWindow.jsp` | High
|
||||
45 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
46 | File | `/reports/rwservlet` | High
|
||||
47 | File | `/reservation/add_message.php` | High
|
||||
48 | File | `/spip.php` | Medium
|
||||
49 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
50 | File | `/staff/bookdetails.php` | High
|
||||
51 | File | `/uncpath/` | Medium
|
||||
52 | File | `/user/updatePwd` | High
|
||||
53 | File | `/user/update_booking.php` | High
|
||||
54 | File | `/var/log/nginx` | High
|
||||
55 | File | `/wireless/security.asp` | High
|
||||
56 | File | `/wp-admin/admin-ajax.php` | High
|
||||
57 | File | `01article.php` | High
|
||||
58 | File | `a-forms.php` | Medium
|
||||
59 | File | `AbstractScheduleJob.java` | High
|
||||
60 | File | `actionphp/download.File.php` | High
|
||||
61 | File | `activenews_view.asp` | High
|
||||
62 | File | `adclick.php` | Medium
|
||||
63 | File | `admin.a6mambocredits.php` | High
|
||||
64 | File | `admin.cropcanvas.php` | High
|
||||
65 | File | `admin.php` | Medium
|
||||
66 | File | `admin/abc.php` | High
|
||||
67 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
68 | File | `admin/admin/adminsave.html` | High
|
||||
69 | ... | ... | ...
|
||||
32 | File | `/Moosikay/order.php` | High
|
||||
33 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
34 | File | `/opac/Actions.php?a=login` | High
|
||||
35 | File | `/php-opos/index.php` | High
|
||||
36 | File | `/PreviewHandler.ashx` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/recipe-result` | High
|
||||
40 | File | `/reports/rwservlet` | High
|
||||
41 | File | `/reservation/add_message.php` | High
|
||||
42 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
43 | File | `/student/bookdetails.php` | High
|
||||
44 | File | `/uncpath/` | Medium
|
||||
45 | File | `/uploads/exam_question/` | High
|
||||
46 | File | `/user/ticket/create` | High
|
||||
47 | File | `/user/updatePwd` | High
|
||||
48 | File | `/var/lib/docker/<remapping>` | High
|
||||
49 | File | `/var/log/nginx` | High
|
||||
50 | File | `/wireless/security.asp` | High
|
||||
51 | File | `/wp-admin/admin-ajax.php` | High
|
||||
52 | File | `01article.php` | High
|
||||
53 | File | `a-forms.php` | Medium
|
||||
54 | File | `actionphp/download.File.php` | High
|
||||
55 | File | `activenews_view.asp` | High
|
||||
56 | File | `adclick.php` | Medium
|
||||
57 | File | `admin.a6mambocredits.php` | High
|
||||
58 | File | `admin.cropcanvas.php` | High
|
||||
59 | File | `admin/abc.php` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 610 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 523 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -72,36 +72,36 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/admin/payment.php` | High
|
||||
9 | File | `/admin/show.php` | High
|
||||
10 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
11 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
12 | File | `/default.php?idx=17` | High
|
||||
13 | File | `/download` | Medium
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/index.php` | Medium
|
||||
16 | File | `/opt/bin/cli` | Medium
|
||||
17 | File | `/p` | Low
|
||||
18 | File | `/patient/doctors.php` | High
|
||||
19 | File | `/phpinventory/editcategory.php` | High
|
||||
20 | File | `/product-list.php` | High
|
||||
21 | File | `/proxy/` | Low
|
||||
22 | File | `/spip.php` | Medium
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/updown/upload.cgi` | High
|
||||
25 | File | `/user/del.php` | High
|
||||
26 | File | `/_next` | Low
|
||||
27 | File | `123flashchat.php` | High
|
||||
28 | File | `act.php` | Low
|
||||
29 | File | `admin/admin_menu.php` | High
|
||||
30 | File | `admin/bad.php` | High
|
||||
31 | File | `admin/index.php` | High
|
||||
32 | File | `admin/index.php/user/del/1` | High
|
||||
33 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
34 | File | `administrator/index.php` | High
|
||||
35 | File | `agenda.php` | Medium
|
||||
36 | File | `ajax/render/widget_php` | High
|
||||
37 | File | `album_portal.php` | High
|
||||
11 | File | `/api/baskets/{name}` | High
|
||||
12 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
13 | File | `/default.php?idx=17` | High
|
||||
14 | File | `/device/device=345/?tab=ports` | High
|
||||
15 | File | `/download` | Medium
|
||||
16 | File | `/env` | Low
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/index.php` | Medium
|
||||
19 | File | `/opt/bin/cli` | Medium
|
||||
20 | File | `/p` | Low
|
||||
21 | File | `/patient/doctors.php` | High
|
||||
22 | File | `/phpinventory/editcategory.php` | High
|
||||
23 | File | `/preview.php` | Medium
|
||||
24 | File | `/product-list.php` | High
|
||||
25 | File | `/proxy/` | Low
|
||||
26 | File | `/spip.php` | Medium
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/updown/upload.cgi` | High
|
||||
29 | File | `/user/del.php` | High
|
||||
30 | File | `/_next` | Low
|
||||
31 | File | `123flashchat.php` | High
|
||||
32 | File | `act.php` | Low
|
||||
33 | File | `admin/admin_menu.php` | High
|
||||
34 | File | `admin/bad.php` | High
|
||||
35 | File | `admin/index.php` | High
|
||||
36 | File | `admin/index.php/user/del/1` | High
|
||||
37 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 325 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -44,75 +44,82 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
21 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
|
||||
22 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
|
||||
23 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
|
||||
24 | [13.38.36.123](https://vuldb.com/?ip.13.38.36.123) | ec2-13-38-36-123.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
25 | [13.38.37.128](https://vuldb.com/?ip.13.38.37.128) | ec2-13-38-37-128.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
26 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
27 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
28 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
29 | [13.215.227.78](https://vuldb.com/?ip.13.215.227.78) | ec2-13-215-227-78.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
30 | [13.215.228.73](https://vuldb.com/?ip.13.215.228.73) | ec2-13-215-228-73.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
31 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
32 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
33 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
34 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
|
||||
35 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
36 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
37 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
|
||||
38 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
|
||||
39 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
|
||||
40 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
|
||||
41 | [23.106.215.47](https://vuldb.com/?ip.23.106.215.47) | - | - | High
|
||||
42 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
|
||||
43 | [23.163.0.32](https://vuldb.com/?ip.23.163.0.32) | gods-cible.hotelalder.com | - | High
|
||||
44 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
|
||||
45 | [23.163.0.50](https://vuldb.com/?ip.23.163.0.50) | nordns.crowncloud.net | - | High
|
||||
46 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
|
||||
47 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
|
||||
48 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
|
||||
49 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
|
||||
50 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
|
||||
51 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
|
||||
52 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
|
||||
53 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
|
||||
54 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
|
||||
55 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
56 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
57 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
58 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
59 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
60 | [37.1.220.35](https://vuldb.com/?ip.37.1.220.35) | - | - | High
|
||||
61 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
|
||||
62 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
|
||||
63 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
|
||||
64 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
|
||||
65 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
|
||||
66 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
|
||||
67 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
|
||||
68 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
|
||||
69 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
|
||||
70 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
|
||||
71 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
|
||||
72 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
|
||||
73 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
|
||||
74 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
|
||||
75 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
76 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
|
||||
77 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
|
||||
78 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
|
||||
79 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
|
||||
80 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
|
||||
81 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
|
||||
82 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
|
||||
83 | [45.80.151.49](https://vuldb.com/?ip.45.80.151.49) | - | - | High
|
||||
84 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
|
||||
85 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
|
||||
86 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
|
||||
87 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
|
||||
88 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
|
||||
89 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
|
||||
90 | ... | ... | ... | ...
|
||||
24 | [5.255.123.19](https://vuldb.com/?ip.5.255.123.19) | - | - | High
|
||||
25 | [13.38.36.123](https://vuldb.com/?ip.13.38.36.123) | ec2-13-38-36-123.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
26 | [13.38.37.128](https://vuldb.com/?ip.13.38.37.128) | ec2-13-38-37-128.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
27 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
28 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
29 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
30 | [13.215.227.78](https://vuldb.com/?ip.13.215.227.78) | ec2-13-215-227-78.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
31 | [13.215.228.73](https://vuldb.com/?ip.13.215.228.73) | ec2-13-215-228-73.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
32 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
33 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
34 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
35 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
|
||||
36 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
37 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
38 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
|
||||
39 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
|
||||
40 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
|
||||
41 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
|
||||
42 | [23.106.215.47](https://vuldb.com/?ip.23.106.215.47) | - | - | High
|
||||
43 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
|
||||
44 | [23.163.0.32](https://vuldb.com/?ip.23.163.0.32) | gods-cible.hotelalder.com | - | High
|
||||
45 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
|
||||
46 | [23.163.0.50](https://vuldb.com/?ip.23.163.0.50) | nordns.crowncloud.net | - | High
|
||||
47 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
|
||||
48 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
|
||||
49 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
|
||||
50 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
|
||||
51 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
|
||||
52 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
|
||||
53 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
|
||||
54 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
|
||||
55 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
|
||||
56 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
57 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
58 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
59 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
60 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
61 | [37.1.220.35](https://vuldb.com/?ip.37.1.220.35) | - | - | High
|
||||
62 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
|
||||
63 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
|
||||
64 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
|
||||
65 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
|
||||
66 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
|
||||
67 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
|
||||
68 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
|
||||
69 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
|
||||
70 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
|
||||
71 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
|
||||
72 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
|
||||
73 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
|
||||
74 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
|
||||
75 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
|
||||
76 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
77 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
|
||||
78 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
|
||||
79 | [45.45.219.118](https://vuldb.com/?ip.45.45.219.118) | - | - | High
|
||||
80 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
|
||||
81 | [45.58.52.123](https://vuldb.com/?ip.45.58.52.123) | - | - | High
|
||||
82 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
|
||||
83 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
|
||||
84 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
|
||||
85 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
|
||||
86 | [45.80.151.49](https://vuldb.com/?ip.45.80.151.49) | - | - | High
|
||||
87 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
|
||||
88 | [45.82.153.168](https://vuldb.com/?ip.45.82.153.168) | - | - | High
|
||||
89 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
|
||||
90 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
|
||||
91 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
|
||||
92 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
|
||||
93 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
|
||||
94 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
|
||||
95 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
|
||||
96 | [45.128.156.43](https://vuldb.com/?ip.45.128.156.43) | buyetcapp.store | - | High
|
||||
97 | ... | ... | ... | ...
|
||||
|
||||
There are 355 more IOC items available. Please use our online service to access the data.
|
||||
There are 385 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -171,9 +178,11 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `/videotalk` | Medium
|
||||
34 | File | `/WEB-INF/web.xml` | High
|
||||
35 | File | `/web/MCmsAction.java` | High
|
||||
36 | ... | ... | ...
|
||||
36 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
37 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 330 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -185,6 +194,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a08312fb4d7c732f34cbfe5d7a9f84b6638cf53c4b7a994a39d77de2aeb40e4b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a4b8d09a8591152f354bf5916dd9a7f54cb3bb1c61252398ccdeaf612a37f2d0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a8a6dd7f1e20f24c866586b93479cec20c62a92821298973ceeb249e5789a844%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a8acf8933f1108fbf55a9c84b7fecaaa6fead1760af8d1b9da6fae6331bb3541%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a9f0dba902298a463c27d83b8c539ba267995f5e7ee65e6ac24b0fad9d4b83c4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a6150f19c37c92bfbc6d92db21a83fea6d08116bfeec2e88443603fc9b65aef0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a6554a45d0225a144e52fd54c91fc3063bf524660eeb028541bf41af1beba1ac%22
|
||||
|
@ -207,6 +217,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22b69fe3fbfcc457757958858ba0e0a6b57bad342ba6457860bd3bea89f2301328%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22b79d78b5f597cc5cfcab400f6b1abcf095fc275b8dc9640ea193f2138f53c9d5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bb05049bfe26b30bcb6c0842a1dc6d8c3b71f0b41dd778ac6c76eaf74a620483%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bb921bead10997e8c682a7acacb062d5107159c9378c81a4615372de5d8ece0f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bba2e2f6a311fe3c985a856a2097eb0195059fba544e7acd172a38369e1d4cbe%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bbf66c82e1241be64fa8dc5412836020a4caa42dd9623b2a2dd04ddee84a8a8b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bd45f98bb186047667196c558d28d54eab8e6980011311c2dcb9c9031eb9c2a1%22
|
||||
|
@ -214,8 +225,10 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bedcfe4814f058c7a61c1bf6d8e44465c624114cb8260e0d8e55282dea5de0c6%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c0be0b8925a769e0d6d7d541a26d380d3e462752c3a4b0a90a230020a2283bcc%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c0ce6a1b2387e7593f84ea25fda98899c79d00e481fb2f3809cbebac820b2999%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c065cdbe05d569cdf0305b7cf54d7c087571bfd3e0baaca4fa5c2424eb494339%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c082b56316daa4f945464a5341edbfc777afa094303211e15999083829b6ac28%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c7b44aeaaa1c88d4579d37705661b9c2821a6c65a586205e1eef92b0dca7bf92%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c9c617394a1c0af7dec708d6644863d98f43427e5f9f8d5a9d586b04538219d9%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c9cb3353676114a2dd6f4336677a34d369604ac9be7038ce76e0a189e1f4983e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c22d0427dbb178fc6cfcb87cecdc5bc7641f26fa13fdb08e84364397489cdb9b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c37cae2ad2e1f96cc5f86bfe8369418d4b7551818f755057996c8e8e8c57e1ed%22
|
||||
|
@ -224,17 +237,20 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c95ac37769cf63560afea658b9d5305ab163ef194900b21995ca850a0653cb49%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c96f0c88470ff8bd664d8cd4fa2c8c74b34411aa263277a0b1f3405a29dfde82%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c563ae23a9e57be4e145860c65b25a46ad9c086f15cf6439c9b7b2e832d718b4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c567fd0e0cd79de685900690e94d475873d914bbf6db5e92c24223496b91368c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c11732fa46d16c18109ca82145eab78512c6a848d4f2cae6dee41ba6770dbbca%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c78931c928b4a1a92f3b7b324ad629e6f214f0c754744370b4429290a3ea1778%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c6828131b54d1763f71902802c6b5f3db60b6b3bccef346c78d246cb0735e743%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c19111023ded35b0a5b80720a662b351b7f57c18131899891c2686c8c761869f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ca3e227a3912971b1514834aaf900f74c2f048ae148ad1dd6e07196fdbd95d1e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22cbff4c94db0234aa6cb0516600eceb6d5b22e764a333dbbb3e7a8816239e0f2d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22cc10c0e94f526de99f4cef244723cec6128c05fe7da7f913c32de8e1b2182f99%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22cce80bdb9741cc1b5b2f7a0ef7734007e09662cbac94a32487d8c2745ba00d03%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22cd155b015ea2e8d4b4ad255bde80522605cce7dd45e63a553da19eb40f4ba164%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22cd274fe56f25f49fa8b2108e8692611aed1eff06908b1929b13701a7b8121757%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ce97cd23fb93eb9f406f25fe588758adcc842f7d299ccd14dec1dfa4634aa0c5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d0a1ce295d8cb17121c2d53fc57720071168552b851cb8dcb48d0d8291d19495%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d2bf58a36b12080403b522f39062c2a675656ee13190bdb48829077ed1ee1dd8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d2e05d4f95be739ccf38400ec3bff07850d45694b409919f7ffeeb2e045ad739%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d12ba4226456edac1c9b5937fb0ea3bdc508d1120e5912d7c9d0eb8ee9cc2d32%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d62e30b1ad3e4a5e6af1f3e0451ee6432c7949b73751d3a456be5b40c13a447e%22
|
||||
|
@ -242,6 +258,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dbddfe3e7c9f992b12a776387ec36baef4689c90e76e70c32f5742fca707cf07%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dc8dec49562c502d5929f89a163adc46ad398ce6767271fbc9cc8ef40561d094%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dd4cc003b956b0a908bea3043b14477517ffe658967581ffce3e31abdf7d2021%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dd8c978e3efc11293c4dde7798249a1e0cba013e96d20e2a29adf4faa1b3c18c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e02965151a24e098e731890d714cf7512a4d8bd3f61f2edb24e2d2a388784a6e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e079e26331ab421908da3c609f1aa97d58b6c030150498c74aace849c9d7aa12%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e1caf0308e9eb8602a988b80c1cc99b11123733769ffe2f970d969a5421e4c31%22
|
||||
|
@ -251,6 +268,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e9fe9545a439564a7c1052eb0e572b8b41609b0f0d96238cff2b8ff567612836%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e51ba208f09bc6e4626291120c559fd76abf1acca7be95a3b9317585f46b1176%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e68b22310a3b37aa797514afcc489366347af5666d9afe3d83b770693173fc2f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e333aec0db01cb90f86f3999a744b3463d5a8bc86a582e6b3a6c7cc04b53ba5c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e3298af9fe892648035a035d22de962ffaa2abe523cf3c0b0318a4317752c857%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e4357b9507e9ddd2dd566551d30a8d495fea13c42a8df96ce2584eb5cde36dbb%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e8171da4f1059e0b1e48d8ec788a975159f28a0bdc27b4cdba014fb55aa6f236%22
|
||||
|
@ -262,9 +280,11 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ef39fdbc59a559df2462ce0956458a80e6338d58d04f366d90cdb7965f5edcb2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f02f1bfc14e0a9b0cfb4946154468df5d7fa6b1c57d1649a98754652883cb020%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f1fe83d3c751f9ad0b98802145162ff06dfde54f4bcf66184a1da9bb4b3fcac4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f7b856abd20c6fc8faed69dcf12b353ef77c7bb1720e7e8901ef2e356c34df63%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f9f04d3e49e14c95272fe577a704a5475fda0157e0bddf0ee53bfc94689e3f2a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f23ed6427518eefd9997a0b609323388fba9333491c39e1d43f8d3229545dcf7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f57b2b95a950bd6302f60f750df5f7d90b7f8183db725a4889d510e20bf1fbac%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f73b5cd2e38c6dd81baf287222c19a13f5224ad157e07435c2d23ccddb64b34e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f88fcd9cdebfb4c3ba3d8e3f2bab9fdc9fff545a2cb508808c6cc1c4de8c9c60%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f712b515820652c318efaf8c5fa3e0e2af9b38068fee609ac51677ac82d824e4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f782f3796a8573c91e048ea6ab8ee035f8dace14d0c304b7595ef86258df3fd2%22
|
||||
|
@ -272,6 +292,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fa1c8a1f4b99f38d747883b80c46b8e523f55e11e1020e481d5007b8e22c16d9%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb3e3847d4f2a20cd56b2e3ac03d24aa126e05115822d15bd7e72fb9a564be6d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb6815abaf3d9260cd76d0b9119c88e69ae4b66804c8d357c1662b4b6f11f439%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fcdd83167b92e1c7bdec56fc9d7f46ab044bca777ef3901d84debb12b60c8d43%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fdbfb2e037b1276e0a70cae3fb21ff4f8052df57117967e0af038d5999f8ae9a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fdffacdd96db3eb4c84ea257e4ecdfd2c18ccf184804e78315545be0026314b7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220b5b4b77e76fc323debdd6b60e05ce3c80d6d305512fd066259e25e7b91bb3b2%22
|
||||
|
@ -287,8 +308,10 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221efe88adbb16d17952851e961e3a1937735bd63faf208fe7fa1efcfaa0180222%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221f45a7a12cc9bdd9712584e317a3d1f765f87af196682600728350bf86898f8e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221f168a4d8532e3222ce7b947eb6acb66f1ca41917e95bf19a1e6086896c43c46%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222c4e0c64e1c5539d936bdeb6cb5917eb74b976572ff7c84e484caa0d86ed1b43%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d02e5aa8065bca63541458fc190780583486548b3f1beae1c623ac915efc5a0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d2f08e2a84aa19e48a6ae61e0b8dad491e5d0ec5a86c27c582927026061178a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d8ee9ae4a111e33063aee6eeab4aeb2a277c7b98c836c5edce93fa4158a1517%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223b41807b1368cefedf5c70842a73166497bc95121dad4b3ff2a93555420cc656%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223caffa7444082a5a57c5be7072fe249cc6d3ff54d3ed97921dcda91e9fd9d7e3%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224a943035ece09785d49f4ed52e49faf12c3559fec100e3937f009d7f585854df%22
|
||||
|
@ -297,16 +320,20 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224cf314b141acb1f2cf2a4a88d39e1d6aa7c8bda40fb44edf5c33850416bea988%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224da0d71509226e8aed9a04e389b2a78fedd527469c1c429c634ab821d9b8ec65%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225b36c58791e18728d53b05f27abc88b93724c4ce08c3f62c749c5e563da82a14%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225bd3dde5e2ad26fbf78d1136c8e337c07b5fc55d1b4ac461a08c3f749003d794%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c4b8f572f297bb98b1d2e47075aec68b3b9da1fb76606e07d8176edbe1338c8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c538f273807d92a8626eacacce355c414210f29293c2ba2b8a7ec16bf31303f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d5ff125ad48581ab86d75669d2ca79c1e02de1be746508c5cdcf767fd6b1eb0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225ea2161f353b71cc360d245cfdeaafa1cac41d672d0035780aa42cac6da6c5dd%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225eb8ad1c658feb35f33ca16ec02391f23dc44c0f7be5fcd424b1f8eeef424b5a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a80cb5adacc61a445d3b1962a79ed40adb62e4eaddebea7131ddbc2bfebf108%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a93688d69aeab73fb28239f0b7ccb8b15ef876d6b134c379ae36a2526d29d83%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a165551d34f38fd44b9fb1949685d14cc36220c99e0e6b05db8907229f7182d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226ad1b662e7636cd63d8ae71f3617dc58b334951b031a6ce22e898bcd35313de2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226af642c2cf73c24aded656e3945810dca3c5d51c28b3c7d28852463c98e76e4c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226b401e864cf63c438779b4935499f28f2f26dd685af330f311c9a80d55f6d7b5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226b5706c23d2c44d23360638793012e5df95c88f8408ad93c71113719f9ef02a2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226bf2c0222a11b931ebd7439cae3df34d91625fdcd19b7879611a0523b036ae9a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226c6d464110a46f813722131e8cce268bdccfdfeb705ce25fcc51cabe0b88c8e4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226cbb0cef1838f2b253613796470b7fcc3cd4453d3f5be8220aeda52f383fb781%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226d64edc2a8867b924b85d762657e103ad3338e1bd40b3ffca92633df41e9003e%22
|
||||
|
@ -320,6 +347,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227d187d521097b1c7fa30d78d0691f33e845069d0b4c6522f81b1ff96e93e920a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227dc2846444a74b2a4090fea4c48a5e5e8d04ae81be94fac62ce50af24701b83b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227de4a51d9fd29fe60f6e79a8dd16ca21fd1250a3f76015fca9f1ced7e407ffd3%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228b161e041cd5e59e23673c7f94430700fd03e2fb75f399449dc98b3f512c5fa2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228d0a7fb11481882ec86b2711cbf989ed7df024485bb4ad230222ff4ebde80e77%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228d99137fde73683c67b4701cfb75b61cc42a23858d065a47a8e7ae01e6070140%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228f532fe8babcbda860f2916592d90b128b327990fd75e34dff68204efc1c6a47%22
|
||||
|
@ -345,15 +373,19 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2227b04ac57339ca7542a1c1a9ebd0cc84a4cb13f5add52da4a563e7a12d23b105%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2227b262ee97133072dff8ecef3062eeb69d658f0f240d618b6a7f0d5d7cbed34f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2228f6d72bb14e1db565dd560d261adac5f4e82559d7a0f6103f27be82e36a219c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2231f34798ffa8b495e1893400a8e88ea13fe5b063d83dbfcc86182d9fc07571b5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2233b6af004f0cd8ab4a9976dba81ca09d682d3531eda5b889a4c6f5debaeaf8f8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2235cde68303f6694d9b3947bd945ee98dd088c98199381fd5b52778513dd283b8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2250c04f351427fa98e7e798473358918229e8cbdca9d273a8ded4de2dc1d34f2d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2253cf2866db1951850ca80b982e179991835366e9fdcdf390cb5c62accfec3850%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2256a81b6bd6f430fe13065283fc4d0024ccb6ca71253692dd00c04b803d49665a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2257e048e6ef05549d71e3bdcb969d80a9167e7631438e3bf4d259395f286f887f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2260bc503bf60ca0fb911488c1a3b2b551aa53d0990dacd679a3c03bd137908932%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2262df3eb31b15ce349607fac96133903f7d79217711b41765930bcfbc35e2e254%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2264f10645543b381433274644c230d8628a7b116cc6761223b56414a954f42061%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2266bebf88087c5a9d8dfe0eec8a7afac26ea0d295fb23d67dc89a648bd493a42b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2267c2e50cfff1f930d5b72a183fc51a6d19456bcdc557ebbbebc9158ac126e4ea%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2267eaba5e933148fa326e6b4053eecce284b08065f38150dfffdfb87d7bc604bf%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2268f411f453d0f7b4595ea53fd239846565cb3e26eed99a5dcf2173256669bfb6%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2271ca588dc1a7dfbc4cf99efa295310fcb598c20bd5213a8a1af6f7f41d3fb944%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2277f6340d0bf20df9da3554448d58f092560efd91b2d9665fffe294cabbdf40fd%22
|
||||
|
@ -361,28 +393,38 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2279ad05f691ad8394b1b2a9bfd89f5d90bb61d54d67d07ae3d3a1decc41bf9432%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2280b4844cfce9fcfaaa849478a079e757eff4c268a26c6895c2a1dd4099fcd5d4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2284dd10727e6b29b3278e3f64dbbab293711957835f23cc755b3226b58ec5ef51%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2289f93e716d00ae70260a12db179e56169f551be3d16e405ae654e2f9745dc4d6%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2291e2fbc55cde47e1fdb40035c2f17068b03b92307e639862cbf22686bbe597d5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2295c5b6651cb9190a61b5a8bbda94815572ec7559150d3df8d56bd2c486ebda3d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296af81d660c79e3f90f94b28c419a86b89071aa6c17648e95bcb961460d24152%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296b9e7d6181d332d6cbf5dc573a2883328ff9b092faadc94be0dd753c2b0e337%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296cce5f34ad1dac4100822fa1f8e4ed96d06a9aa08f98ded27891eeec656d4f7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296ef27ed06cda5e4679625ec4224f32a76c309436f97e15aff6c4b8a39778356%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2298af871908ffc7c141802d96f585def4a160491c875118ef88c545ce04194cd8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2299b3f3b85d0fc68918abbde16579009b2ebae3300d633fd0ed81d96ba98a38d8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22090d7e7b16af3600510b612486eaeafe80b0106788d634aa3fade4a54a1d263c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22097cd9f2c1af35f7dd632fe16f83b9b3aef51e78f1b4393047c499ebb2be2fda%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22108f811bc2de45a7dab2156c4617ce3fa42cf3eb5abb72759839a63cefec4cad%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22208d6c5db554be6f3d835a70ab323799dff697b00e23cfaac014c7d970506e19%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22225ec72ef1adf4ab077107adb2784c35ff1c0db1c0a8efcba78c3cadac4a47a8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22354c6d8d9033668867406be1bb6238647e207cb5f2de6a776ae3d461637efa8e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22409e50ae1c3f70cf81350be6f3cd218b0c9ef15eb03439c15d53a6012bddae2f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22432ed1ee42746631cefc6d8a69c3ff06ce34c5540437c228a49a4c1c0eb3928a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22451acafcf7fbfdfa0c79d0fba2e749a795e2fb0dff66e2a70ace01cd242ff4d4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22461bd92732e4fcd9a11594a550ff844af1dc8686cf5e69520f058c3c7d217bd5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22465b0d83b7e5e1426d3adf546c9496d63c1a6116364af2be294da83699033b4f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22467e9ded44012e1bec85365276e90fdde7a7cd5fc459f180e2a89355a3a989bb%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22479e1f86c7200a3dc99742937c7db6f9fb75f4ee3a8bd42ad17e8132091982f3%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22520a6d8fe1e6a0b2ff9755e5058d981c7b6f80e5f3faafbd7e636e263eb748f4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22520e684445f6257e1aeb5f74ceee23789d75517270876b92dd2860705aec037c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22532a3c38c20c60a3c64f548ad9bd3807e0585f70c78db495c0983fae44da056e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22674a2fef172685c51fda91aba205c20fb95e0c63fa4f0ecb598fb6213775ede5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22723c18cc60cbfd6430123a2c5326ac021826f9b750f43159628fe4a0df882537%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22727f93738823de234b1ade5e45d5e5de82c86ce5baa7e52bbb4f9ef7a5e352d0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22785ffc1cc3857a81cb96b04ec4126a56b6744ef1d83077799f0c731ca18f8b92%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22795d565f61de6456820bf2df946764ceb251073b7f46113275a0fe2d0030f3d4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22800f5e4b53f4eb3cec54b39687bdb55f56f39c636c1ee51547dea1122e6aee1d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22864a561ad370105ea07a7ed6dc230cb75b27f115e6c7f46720af0524385dfd77%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22875e3cfb1f6b9757aada57db20493a60717a4114b69931f8a7aabc56404ef42b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22890b0d66b3437ab8477a04d338024b8729d2732030abbfd134052e50e7bad0ab%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22951e8ff2808a5bd4f4e5b181be38cb429383d10b782708b484c16bc11bd6b77d%22
|
||||
|
@ -428,10 +470,13 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22775632c25ea7b8f539d03be15fc817583ce646d2699826335c3d0fb52f436d93%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220049443cf44deab0ff3d83e548d4164c8a37f5b1024b6ed2c9a46f64592a9159%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224053867fcc6f7a00de2fc98aa984fb81d2ec2e1017be5f225727e24c87dd62b8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224263547c11f8ac52f2bab40ecd263decc2271e1f6b4d624ff4a91cbd9836d8f4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226271256f5ca11039296e33c3a114a174f6b11c692bdd1f2f1901f650070944da%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229595314db92bc0575aa07715462bdb5a5f4456becc3a8315e34da61616bd6291%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229938964cf749a2955b2dd351b2ecade122ff5891fca3d9dfaa02ebfef7857d8e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2235882624f349cd67b31d2d54dfbe3d16a783eaa89088470e5c3ac7de74192feb%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22096958952a4fe814286e4bbe6b60b0f396c7cc04da4d115597c6a21acc037133%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22269208974fe96bdf3b58a83ca13a951270c23ff1edd4f17a513df17566f1e7a8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226459653303b86856a4a9e2a671d9719ae07cc6a124d663e257dbd1eb54c5260f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227905731606e1bf1979fd3512fc9df1d8f60d692814da4037c241ec8c00b01d5a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2274700456869fd9bafc50aefc0fd10f061be643101c9b9822a5db68735741e88b%22
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
# Big Head - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Big Head](https://vuldb.com/?actor.big_head). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.big_head](https://vuldb.com/?actor.big_head)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Big Head:
|
||||
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Big Head.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
2 | [20.99.133.109](https://vuldb.com/?ip.20.99.133.109) | - | - | High
|
||||
3 | [20.99.184.37](https://vuldb.com/?ip.20.99.184.37) | - | - | High
|
||||
4 | [23.41.86.106](https://vuldb.com/?ip.23.41.86.106) | a23-41-86-106.deploy.static.akamaitechnologies.com | - | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Big Head_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Big Head. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/alumni/admin/ajax.php?action=save_settings` | High
|
||||
2 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
|
||||
3 | File | `actions/authenticate.php` | High
|
||||
4 | File | `admin/dashboard.php` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 31 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://socradar.io/dark-web-profile-big-head-ransomware/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -50,53 +50,52 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/cgi-bin/wapopen` | High
|
||||
3 | File | `/etc/ajenti/config.yml` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/goform/telnet` | High
|
||||
6 | File | `/modules/profile/index.php` | High
|
||||
7 | File | `/rom-0` | Low
|
||||
8 | File | `/tmp/phpglibccheck` | High
|
||||
9 | File | `/uncpath/` | Medium
|
||||
10 | File | `/var/tmp/sess_*` | High
|
||||
11 | File | `action.php` | Medium
|
||||
12 | File | `actionphp/download.File.php` | High
|
||||
13 | File | `add_comment.php` | High
|
||||
14 | File | `admin/admin.php` | High
|
||||
15 | File | `admin/content.php` | High
|
||||
16 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
17 | File | `admin/memberviewdetails.php` | High
|
||||
18 | File | `admin_gallery.php3` | High
|
||||
19 | File | `affich.php` | Medium
|
||||
20 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
21 | File | `akeyActivationLogin.do` | High
|
||||
22 | File | `album_portal.php` | High
|
||||
23 | File | `apache-auth.conf` | High
|
||||
24 | File | `askapache-firefox-adsense.php` | High
|
||||
25 | File | `attachment.cgi` | High
|
||||
26 | File | `basic_search_result.php` | High
|
||||
27 | File | `blueprints/sections/edit/1` | High
|
||||
28 | File | `books.php` | Medium
|
||||
29 | File | `cart_add.php` | Medium
|
||||
30 | File | `CFS.c` | Low
|
||||
31 | File | `cgi-bin/gnudip.cgi` | High
|
||||
32 | File | `checktransferstatus.php` | High
|
||||
33 | File | `checkuser.php` | High
|
||||
34 | File | `class.SystemAction.php` | High
|
||||
35 | File | `clientarea.php` | High
|
||||
36 | File | `cmdmon.c` | Medium
|
||||
37 | File | `collectivite.class.php` | High
|
||||
38 | File | `confirm.php` | Medium
|
||||
39 | File | `contact` | Low
|
||||
40 | File | `control.c` | Medium
|
||||
41 | File | `core-util.c` | Medium
|
||||
42 | File | `core/coreuserinputhandler.cpp` | High
|
||||
43 | File | `cve-bin/moreBlockInfo.cgi` | High
|
||||
44 | File | `d1_both.c` | Medium
|
||||
45 | File | `data/gbconfiguration.dat` | High
|
||||
46 | File | `Debug_command_page.asp` | High
|
||||
47 | ... | ... | ...
|
||||
3 | File | `/csms/?page=contact_us` | High
|
||||
4 | File | `/etc/ajenti/config.yml` | High
|
||||
5 | File | `/forum/away.php` | High
|
||||
6 | File | `/goform/telnet` | High
|
||||
7 | File | `/modules/profile/index.php` | High
|
||||
8 | File | `/rom-0` | Low
|
||||
9 | File | `/tmp/phpglibccheck` | High
|
||||
10 | File | `/uncpath/` | Medium
|
||||
11 | File | `/var/tmp/sess_*` | High
|
||||
12 | File | `action.php` | Medium
|
||||
13 | File | `actionphp/download.File.php` | High
|
||||
14 | File | `add_comment.php` | High
|
||||
15 | File | `admin/admin.php` | High
|
||||
16 | File | `admin/content.php` | High
|
||||
17 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
18 | File | `admin/memberviewdetails.php` | High
|
||||
19 | File | `admin_gallery.php3` | High
|
||||
20 | File | `affich.php` | Medium
|
||||
21 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
22 | File | `ajax/telemetry.php` | High
|
||||
23 | File | `akeyActivationLogin.do` | High
|
||||
24 | File | `album_portal.php` | High
|
||||
25 | File | `apache-auth.conf` | High
|
||||
26 | File | `askapache-firefox-adsense.php` | High
|
||||
27 | File | `attachment.cgi` | High
|
||||
28 | File | `basic_search_result.php` | High
|
||||
29 | File | `blueprints/sections/edit/1` | High
|
||||
30 | File | `books.php` | Medium
|
||||
31 | File | `cart_add.php` | Medium
|
||||
32 | File | `CFS.c` | Low
|
||||
33 | File | `cgi-bin/gnudip.cgi` | High
|
||||
34 | File | `checktransferstatus.php` | High
|
||||
35 | File | `checkuser.php` | High
|
||||
36 | File | `class.SystemAction.php` | High
|
||||
37 | File | `clientarea.php` | High
|
||||
38 | File | `cmdmon.c` | Medium
|
||||
39 | File | `collectivite.class.php` | High
|
||||
40 | File | `confirm.php` | Medium
|
||||
41 | File | `contact` | Low
|
||||
42 | File | `control.c` | Medium
|
||||
43 | File | `core-util.c` | Medium
|
||||
44 | File | `core/coreuserinputhandler.cpp` | High
|
||||
45 | File | `cve-bin/moreBlockInfo.cgi` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 412 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -47,7 +47,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -53,7 +53,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
|
@ -72,66 +72,65 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin/admin.php` | High
|
||||
3 | File | `/admin/attendance_row.php` | High
|
||||
4 | File | `/admin/maintenance/view_designation.php` | High
|
||||
5 | File | `/admin/user/manage_user.php` | High
|
||||
6 | File | `/api/trackedEntityInstances` | High
|
||||
7 | File | `/bin/login.php` | High
|
||||
8 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
9 | File | `/cgi/sshcheck.cgi` | High
|
||||
10 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
11 | File | `/ConsoleHelp/` | High
|
||||
12 | File | `/etc/sudoers` | Medium
|
||||
13 | File | `/export` | Low
|
||||
14 | File | `/home/filter_listings` | High
|
||||
15 | File | `/horde/imp/search.php` | High
|
||||
16 | File | `/index.php` | Medium
|
||||
17 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
18 | File | `/LEPTON_stable_2.2.2/upload/admins/media/index.php` | High
|
||||
19 | File | `/login` | Low
|
||||
20 | File | `/messageboard/view.php` | High
|
||||
21 | File | `/modules/projects/vw_files.php` | High
|
||||
22 | File | `/opensis/modules/grades/InputFinalGrades.php` | High
|
||||
23 | File | `/opensis/modules/users/Staff.php` | High
|
||||
24 | File | `/plesk-site-preview/` | High
|
||||
25 | File | `/proc/self/environ` | High
|
||||
26 | File | `/rest/api/2/user/picker` | High
|
||||
27 | File | `/s/` | Low
|
||||
28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
29 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
30 | File | `/sendrcpackage?keyid=-2544&keysymbol=-4081` | High
|
||||
31 | File | `/system?action=ServiceAdmin` | High
|
||||
32 | File | `/var/WEB-GUI/cgi-bin/downloadfile.cgi` | High
|
||||
33 | File | `/vicidial/user_stats.php` | High
|
||||
34 | File | `/websocket/exec` | High
|
||||
35 | File | `access.conf` | Medium
|
||||
36 | File | `adclick.php` | Medium
|
||||
37 | File | `addsuppliers.php` | High
|
||||
38 | File | `admin.php` | Medium
|
||||
39 | File | `admin.remository.php` | High
|
||||
40 | File | `admin/admin_users.php` | High
|
||||
41 | File | `admin/login.php` | High
|
||||
42 | File | `admin/upload.php` | High
|
||||
43 | File | `administers` | Medium
|
||||
44 | File | `Administrator_list.php` | High
|
||||
45 | File | `advancedsetup_websiteblocking.html` | High
|
||||
46 | File | `affich.php` | Medium
|
||||
47 | File | `ajax_mail_autoreply.php` | High
|
||||
48 | File | `ajax_save_name.php` | High
|
||||
49 | File | `album_portal.php` | High
|
||||
50 | File | `allocator.cc` | Medium
|
||||
51 | File | `announcements.php` | High
|
||||
52 | File | `ap1.com` | Low
|
||||
53 | File | `apache2/modsecurity.c` | High
|
||||
54 | File | `api_jsonrpc.php` | High
|
||||
55 | File | `app/admin/controller/Ajax.php` | High
|
||||
56 | File | `App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf` | High
|
||||
57 | File | `application.php` | High
|
||||
58 | File | `apply.cgi` | Medium
|
||||
59 | File | `asp:.jpg` | Medium
|
||||
60 | File | `authfiles/login.asp` | High
|
||||
61 | File | `bb_usage_stats.php` | High
|
||||
62 | ... | ... | ...
|
||||
5 | File | `/admin/test_status.php` | High
|
||||
6 | File | `/admin/user/manage_user.php` | High
|
||||
7 | File | `/api/trackedEntityInstances` | High
|
||||
8 | File | `/bin/login.php` | High
|
||||
9 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
10 | File | `/cgi/sshcheck.cgi` | High
|
||||
11 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
12 | File | `/ConsoleHelp/` | High
|
||||
13 | File | `/etc/sudoers` | Medium
|
||||
14 | File | `/export` | Low
|
||||
15 | File | `/home/filter_listings` | High
|
||||
16 | File | `/horde/imp/search.php` | High
|
||||
17 | File | `/index.php` | Medium
|
||||
18 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
19 | File | `/LEPTON_stable_2.2.2/upload/admins/media/index.php` | High
|
||||
20 | File | `/login` | Low
|
||||
21 | File | `/messageboard/view.php` | High
|
||||
22 | File | `/modules/projects/vw_files.php` | High
|
||||
23 | File | `/opensis/modules/grades/InputFinalGrades.php` | High
|
||||
24 | File | `/opensis/modules/users/Staff.php` | High
|
||||
25 | File | `/plesk-site-preview/` | High
|
||||
26 | File | `/proc/self/environ` | High
|
||||
27 | File | `/rest/api/2/user/picker` | High
|
||||
28 | File | `/s/` | Low
|
||||
29 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
30 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
31 | File | `/sendrcpackage?keyid=-2544&keysymbol=-4081` | High
|
||||
32 | File | `/system?action=ServiceAdmin` | High
|
||||
33 | File | `/var/WEB-GUI/cgi-bin/downloadfile.cgi` | High
|
||||
34 | File | `/vicidial/user_stats.php` | High
|
||||
35 | File | `/websocket/exec` | High
|
||||
36 | File | `access.conf` | Medium
|
||||
37 | File | `adclick.php` | Medium
|
||||
38 | File | `addsuppliers.php` | High
|
||||
39 | File | `admin.php` | Medium
|
||||
40 | File | `admin.remository.php` | High
|
||||
41 | File | `admin/admin_users.php` | High
|
||||
42 | File | `admin/login.php` | High
|
||||
43 | File | `admin/upload.php` | High
|
||||
44 | File | `administers` | Medium
|
||||
45 | File | `Administrator_list.php` | High
|
||||
46 | File | `advancedsetup_websiteblocking.html` | High
|
||||
47 | File | `affich.php` | Medium
|
||||
48 | File | `ajax_mail_autoreply.php` | High
|
||||
49 | File | `ajax_save_name.php` | High
|
||||
50 | File | `album_portal.php` | High
|
||||
51 | File | `allocator.cc` | Medium
|
||||
52 | File | `announcements.php` | High
|
||||
53 | File | `ap1.com` | Low
|
||||
54 | File | `apache2/modsecurity.c` | High
|
||||
55 | File | `api_jsonrpc.php` | High
|
||||
56 | File | `app/admin/controller/Ajax.php` | High
|
||||
57 | File | `App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf` | High
|
||||
58 | File | `application.php` | High
|
||||
59 | File | `apply.cgi` | Medium
|
||||
60 | File | `asp:.jpg` | Medium
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 538 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 536 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -11,6 +11,9 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -38,7 +41,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -49,70 +52,75 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.authlie` | Medium
|
||||
2 | File | `.github/workflows/comment.yml` | High
|
||||
3 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
4 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
5 | File | `/admin/addproduct.php` | High
|
||||
6 | File | `/admin/ajax.php?action=save_queue` | High
|
||||
7 | File | `/admin/bookings/manage_booking.php` | High
|
||||
8 | File | `/admin/bookings/view_booking.php` | High
|
||||
9 | File | `/admin/budget/manage_budget.php` | High
|
||||
10 | File | `/admin/cashadvance_row.php` | High
|
||||
11 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
12 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
13 | File | `/admin/deduction_row.php` | High
|
||||
14 | File | `/admin/departments/view_department.php` | High
|
||||
15 | File | `/admin/edit_product.php` | High
|
||||
16 | File | `/admin/edit_subject.php` | High
|
||||
17 | File | `/admin/employee_row.php` | High
|
||||
18 | File | `/admin/index.php` | High
|
||||
19 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
20 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
21 | File | `/admin/login.php` | High
|
||||
22 | File | `/admin/maintenance/manage_category.php` | High
|
||||
23 | File | `/admin/maintenance/view_designation.php` | High
|
||||
24 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
25 | File | `/admin/modal_add_product.php` | High
|
||||
26 | File | `/admin/offenses/view_details.php` | High
|
||||
27 | File | `/admin/orders/update_status.php` | High
|
||||
28 | File | `/admin/products/manage_product.php` | High
|
||||
29 | File | `/admin/products/view_product.php` | High
|
||||
30 | File | `/admin/project/update/2` | High
|
||||
31 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
32 | File | `/admin/reg.php` | High
|
||||
33 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
34 | File | `/admin/report/index.php` | High
|
||||
35 | File | `/admin/service.php` | High
|
||||
36 | File | `/admin/services/manage_service.php` | High
|
||||
37 | File | `/admin/services/view_service.php` | High
|
||||
38 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
39 | File | `/admin/sys_sql_query.php` | High
|
||||
40 | File | `/admin/test_status.php` | High
|
||||
41 | File | `/admin/upload.php` | High
|
||||
42 | File | `/admin/user/manage_user.php` | High
|
||||
43 | File | `/admin/userprofile.php` | High
|
||||
44 | File | `/admin/vote_edit.php` | High
|
||||
45 | File | `/api/stl/actions/search` | High
|
||||
46 | File | `/apply.cgi` | Medium
|
||||
47 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
48 | File | `/author_posts.php` | High
|
||||
49 | File | `/blog` | Low
|
||||
50 | File | `/blog-single.php` | High
|
||||
51 | File | `/booking/show_bookings/` | High
|
||||
52 | File | `/browse` | Low
|
||||
53 | File | `/bsms_ci/index.php/book` | High
|
||||
54 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
55 | File | `/cgi-bin/ping.cgi` | High
|
||||
56 | File | `/chaincity/user/ticket/create` | High
|
||||
57 | File | `/changeimage.php` | High
|
||||
58 | File | `/classes/Login.php` | High
|
||||
59 | File | `/classes/Master.php` | High
|
||||
60 | File | `/classes/Master.php?f=delete_category` | High
|
||||
61 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
62 | File | `/classes/Master.php?f=delete_item` | High
|
||||
63 | File | `/classes/Master.php?f=delete_service` | High
|
||||
64 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
65 | ... | ... | ...
|
||||
4 | File | `/academy/home/courses` | High
|
||||
5 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
6 | File | `/admin/?page=user/list` | High
|
||||
7 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
8 | File | `/admin/addproduct.php` | High
|
||||
9 | File | `/admin/bookings/manage_booking.php` | High
|
||||
10 | File | `/admin/bookings/view_booking.php` | High
|
||||
11 | File | `/admin/budget/manage_budget.php` | High
|
||||
12 | File | `/admin/cashadvance_row.php` | High
|
||||
13 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
14 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
15 | File | `/admin/deduction_row.php` | High
|
||||
16 | File | `/admin/departments/view_department.php` | High
|
||||
17 | File | `/admin/edit_product.php` | High
|
||||
18 | File | `/admin/edit_subject.php` | High
|
||||
19 | File | `/admin/employee_row.php` | High
|
||||
20 | File | `/admin/index.php` | High
|
||||
21 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
22 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
23 | File | `/admin/login.php` | High
|
||||
24 | File | `/admin/maintenance/manage_category.php` | High
|
||||
25 | File | `/admin/maintenance/view_designation.php` | High
|
||||
26 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
27 | File | `/admin/modal_add_product.php` | High
|
||||
28 | File | `/admin/offenses/view_details.php` | High
|
||||
29 | File | `/admin/orders/update_status.php` | High
|
||||
30 | File | `/admin/products/manage_product.php` | High
|
||||
31 | File | `/admin/products/view_product.php` | High
|
||||
32 | File | `/admin/project/update/2` | High
|
||||
33 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
34 | File | `/admin/reg.php` | High
|
||||
35 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
36 | File | `/admin/report/index.php` | High
|
||||
37 | File | `/admin/service.php` | High
|
||||
38 | File | `/admin/services/manage_service.php` | High
|
||||
39 | File | `/admin/services/view_service.php` | High
|
||||
40 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
41 | File | `/admin/sys_sql_query.php` | High
|
||||
42 | File | `/admin/test_status.php` | High
|
||||
43 | File | `/admin/upload.php` | High
|
||||
44 | File | `/admin/user/manage_user.php` | High
|
||||
45 | File | `/admin/userprofile.php` | High
|
||||
46 | File | `/admin/vote_edit.php` | High
|
||||
47 | File | `/api/stl/actions/search` | High
|
||||
48 | File | `/apply.cgi` | Medium
|
||||
49 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
50 | File | `/author_posts.php` | High
|
||||
51 | File | `/blog` | Low
|
||||
52 | File | `/blog-single.php` | High
|
||||
53 | File | `/booking/show_bookings/` | High
|
||||
54 | File | `/browse` | Low
|
||||
55 | File | `/bsms_ci/index.php/book` | High
|
||||
56 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
57 | File | `/cgi-bin/ping.cgi` | High
|
||||
58 | File | `/chaincity/user/ticket/create` | High
|
||||
59 | File | `/changeimage.php` | High
|
||||
60 | File | `/classes/Login.php` | High
|
||||
61 | File | `/classes/Master.php` | High
|
||||
62 | File | `/classes/Master.php?f=delete_category` | High
|
||||
63 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
64 | File | `/classes/Master.php?f=delete_item` | High
|
||||
65 | File | `/classes/Master.php?f=delete_service` | High
|
||||
66 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
67 | File | `/classes/Master.php?f=save_course` | High
|
||||
68 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
69 | File | `/classes/Master.php?f=save_item` | High
|
||||
70 | ... | ... | ...
|
||||
|
||||
There are 573 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 614 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,8 +21,9 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [80.85.157.98](https://vuldb.com/?ip.80.85.157.98) | 06.use | - | High
|
||||
2 | [146.19.191.190](https://vuldb.com/?ip.146.19.191.190) | tube-hosting.com | - | High
|
||||
1 | [45.133.1.98](https://vuldb.com/?ip.45.133.1.98) | - | - | High
|
||||
2 | [80.85.157.98](https://vuldb.com/?ip.80.85.157.98) | 06.use | - | High
|
||||
3 | [146.19.191.190](https://vuldb.com/?ip.146.19.191.190) | tube-hosting.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -43,12 +44,13 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/usr/bin/at` | Medium
|
||||
2 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
3 | File | `/whbs/?page=manage_account` | High
|
||||
4 | ... | ... | ...
|
||||
1 | File | `/it-IT/splunkd/__raw/services/get_snapshot` | High
|
||||
2 | File | `/phpwcms/setup/setup.php` | High
|
||||
3 | File | `/usr/bin/at` | Medium
|
||||
4 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 31 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -56,6 +58,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://tracker.viriback.com/index.php?q=80.85.157.98
|
||||
* https://tracker.viriback.com/index.php?q=146.19.191.190
|
||||
* https://twitter.com/wwp96/status/1375103958872694788
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/phpwcms/setup/setup.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 19 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -98,67 +98,60 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `//WEB-INF` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/admin/cashadvance_row.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
5 | File | `/admin/cashadvance_row.php` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/admin/sys_sql_query.php` | High
|
||||
8 | File | `/admin/userprofile.php` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
11 | File | `/APR/login.php` | High
|
||||
12 | File | `/bin/httpd` | Medium
|
||||
13 | File | `/cgi-bin/wapopen` | High
|
||||
14 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
16 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
17 | File | `/feeds/post/publish` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
20 | File | `/fos/admin/index.php?page=menu` | High
|
||||
21 | File | `/home/masterConsole` | High
|
||||
22 | File | `/home/sendBroadcast` | High
|
||||
23 | File | `/hrm/employeeadd.php` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
14 | File | `/company/store` | High
|
||||
15 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/etc/passwd` | Medium
|
||||
18 | File | `/feeds/post/publish` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/h/` | Low
|
||||
23 | File | `/home/masterConsole` | High
|
||||
24 | File | `/home/sendBroadcast` | High
|
||||
25 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
26 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
27 | File | `/index.php?page=category_list` | High
|
||||
28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
29 | File | `/lookin/info` | Medium
|
||||
30 | File | `/Moosikay/order.php` | High
|
||||
31 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
32 | File | `/opac/Actions.php?a=login` | High
|
||||
33 | File | `/out.php` | Medium
|
||||
34 | File | `/php-opos/index.php` | High
|
||||
35 | File | `/PreviewHandler.ashx` | High
|
||||
36 | File | `/proxy` | Low
|
||||
37 | File | `/public/launchNewWindow.jsp` | High
|
||||
38 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
39 | File | `/reports/rwservlet` | High
|
||||
40 | File | `/reservation/add_message.php` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/uncpath/` | Medium
|
||||
43 | File | `/user/updatePwd` | High
|
||||
44 | File | `/wireless/security.asp` | High
|
||||
45 | File | `/wp-admin/admin-ajax.php` | High
|
||||
46 | File | `01article.php` | High
|
||||
47 | File | `a-forms.php` | Medium
|
||||
48 | File | `AbstractScheduleJob.java` | High
|
||||
49 | File | `actionphp/download.File.php` | High
|
||||
28 | File | `/jobinfo/` | Medium
|
||||
29 | File | `/Moosikay/order.php` | High
|
||||
30 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
31 | File | `/opac/Actions.php?a=login` | High
|
||||
32 | File | `/php-opos/index.php` | High
|
||||
33 | File | `/PreviewHandler.ashx` | High
|
||||
34 | File | `/proxy` | Low
|
||||
35 | File | `/public/launchNewWindow.jsp` | High
|
||||
36 | File | `/recipe-result` | High
|
||||
37 | File | `/reports/rwservlet` | High
|
||||
38 | File | `/reservation/add_message.php` | High
|
||||
39 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
40 | File | `/student/bookdetails.php` | High
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | File | `/uploads/exam_question/` | High
|
||||
43 | File | `/user/ticket/create` | High
|
||||
44 | File | `/user/updatePwd` | High
|
||||
45 | File | `/var/lib/docker/<remapping>` | High
|
||||
46 | File | `/wireless/security.asp` | High
|
||||
47 | File | `/wp-admin/admin-ajax.php` | High
|
||||
48 | File | `01article.php` | High
|
||||
49 | File | `a-forms.php` | Medium
|
||||
50 | File | `activenews_view.asp` | High
|
||||
51 | File | `adclick.php` | Medium
|
||||
52 | File | `admin.a6mambocredits.php` | High
|
||||
53 | File | `admin.cropcanvas.php` | High
|
||||
54 | File | `admin.php` | Medium
|
||||
55 | File | `admin/abc.php` | High
|
||||
56 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
57 | File | `admin/admin/adminsave.html` | High
|
||||
58 | File | `admin/asset/grid-proxy` | High
|
||||
59 | File | `admin/auditTrail.jsf` | High
|
||||
60 | File | `admin/conf_users_edit.php` | High
|
||||
61 | File | `admin/disapprove_user.php` | High
|
||||
62 | File | `admin/edit_category.php` | High
|
||||
63 | ... | ... | ...
|
||||
54 | File | `admin/abc.php` | High
|
||||
55 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 547 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 492 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -31,11 +31,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,7 +48,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `cloud.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 16 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 17 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -4,6 +4,17 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.british_virgin_islands_unknown](https://vuldb.com/?actor.british_virgin_islands_unknown)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with British Virgin Islands Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of British Virgin Islands Unknown.
|
||||
|
@ -22,26 +33,89 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
10 | [45.12.70.240](https://vuldb.com/?ip.45.12.70.240) | slackness.globalhilive.com | - | High
|
||||
11 | [45.12.71.240](https://vuldb.com/?ip.45.12.71.240) | - | - | High
|
||||
12 | [45.62.191.32](https://vuldb.com/?ip.45.62.191.32) | - | - | High
|
||||
13 | [45.253.248.0](https://vuldb.com/?ip.45.253.248.0) | - | - | High
|
||||
14 | [63.143.79.0](https://vuldb.com/?ip.63.143.79.0) | - | - | High
|
||||
15 | [63.143.103.0](https://vuldb.com/?ip.63.143.103.0) | digijmres-0-103-143-63.digicelbroadband.com | - | High
|
||||
16 | [63.143.106.0](https://vuldb.com/?ip.63.143.106.0) | - | - | High
|
||||
17 | [63.243.189.0](https://vuldb.com/?ip.63.243.189.0) | - | - | High
|
||||
18 | [64.86.20.0](https://vuldb.com/?ip.64.86.20.0) | - | - | High
|
||||
19 | [65.48.153.0](https://vuldb.com/?ip.65.48.153.0) | - | - | High
|
||||
20 | [65.48.154.0](https://vuldb.com/?ip.65.48.154.0) | - | - | High
|
||||
21 | [65.48.217.0](https://vuldb.com/?ip.65.48.217.0) | - | - | High
|
||||
22 | [65.48.218.0](https://vuldb.com/?ip.65.48.218.0) | - | - | High
|
||||
23 | [65.48.220.0](https://vuldb.com/?ip.65.48.220.0) | - | - | High
|
||||
24 | [66.81.192.0](https://vuldb.com/?ip.66.81.192.0) | - | - | High
|
||||
25 | [66.180.216.0](https://vuldb.com/?ip.66.180.216.0) | - | - | High
|
||||
26 | [66.180.220.0](https://vuldb.com/?ip.66.180.220.0) | - | - | High
|
||||
27 | [66.212.229.0](https://vuldb.com/?ip.66.212.229.0) | - | - | High
|
||||
28 | [67.211.103.0](https://vuldb.com/?ip.67.211.103.0) | - | - | High
|
||||
29 | [68.65.216.0](https://vuldb.com/?ip.68.65.216.0) | - | - | High
|
||||
30 | ... | ... | ... | ...
|
||||
13 | [45.142.0.0](https://vuldb.com/?ip.45.142.0.0) | ns1648.ztomy.com | - | High
|
||||
14 | [45.142.3.0](https://vuldb.com/?ip.45.142.3.0) | ns1648.ztomy.com | - | High
|
||||
15 | [45.253.248.0](https://vuldb.com/?ip.45.253.248.0) | - | - | High
|
||||
16 | [63.143.79.0](https://vuldb.com/?ip.63.143.79.0) | - | - | High
|
||||
17 | [63.143.103.0](https://vuldb.com/?ip.63.143.103.0) | digijmres-0-103-143-63.digicelbroadband.com | - | High
|
||||
18 | [63.143.106.0](https://vuldb.com/?ip.63.143.106.0) | - | - | High
|
||||
19 | [63.243.189.0](https://vuldb.com/?ip.63.243.189.0) | - | - | High
|
||||
20 | [64.86.20.0](https://vuldb.com/?ip.64.86.20.0) | - | - | High
|
||||
21 | [65.48.153.0](https://vuldb.com/?ip.65.48.153.0) | - | - | High
|
||||
22 | [65.48.154.0](https://vuldb.com/?ip.65.48.154.0) | - | - | High
|
||||
23 | [65.48.213.7](https://vuldb.com/?ip.65.48.213.7) | bvi-vpls1.caribsurf.com | - | High
|
||||
24 | [65.48.213.8](https://vuldb.com/?ip.65.48.213.8) | bvi-vpls2.caribsurf.com | - | High
|
||||
25 | [65.48.213.23](https://vuldb.com/?ip.65.48.213.23) | - | - | High
|
||||
26 | [65.48.213.24](https://vuldb.com/?ip.65.48.213.24) | - | - | High
|
||||
27 | [65.48.217.0](https://vuldb.com/?ip.65.48.217.0) | - | - | High
|
||||
28 | [65.48.218.0](https://vuldb.com/?ip.65.48.218.0) | - | - | High
|
||||
29 | [65.48.220.0](https://vuldb.com/?ip.65.48.220.0) | - | - | High
|
||||
30 | [66.81.192.0](https://vuldb.com/?ip.66.81.192.0) | - | - | High
|
||||
31 | [66.180.216.0](https://vuldb.com/?ip.66.180.216.0) | - | - | High
|
||||
32 | [66.180.220.0](https://vuldb.com/?ip.66.180.220.0) | - | - | High
|
||||
33 | [66.212.55.0](https://vuldb.com/?ip.66.212.55.0) | - | - | High
|
||||
34 | [66.212.229.0](https://vuldb.com/?ip.66.212.229.0) | - | - | High
|
||||
35 | [67.211.103.0](https://vuldb.com/?ip.67.211.103.0) | - | - | High
|
||||
36 | ... | ... | ... | ...
|
||||
|
||||
There are 114 more IOC items available. Please use our online service to access the data.
|
||||
There are 138 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _British Virgin Islands Unknown_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by British Virgin Islands Unknown. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?admin/user.html` | High
|
||||
2 | File | `/admin.php?r=admin/AdminBackup/del` | High
|
||||
3 | File | `/admin/addemployee.php` | High
|
||||
4 | File | `/admin/edit.php` | High
|
||||
5 | File | `/admin/index.php/template/ajax?action=delete` | High
|
||||
6 | File | `/admin/index.php?mode=content&page=media&action=edit` | High
|
||||
7 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
8 | File | `/admin/maintenance/view_designation.php` | High
|
||||
9 | File | `/admin/report/index.php` | High
|
||||
10 | File | `/admin/users.php?source=edit_user&id=1` | High
|
||||
11 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
12 | File | `/administrator/templates/default/html/windows/right.php` | High
|
||||
13 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
14 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
15 | File | `/classes/Master.php?f=delete_service` | High
|
||||
16 | File | `/classes/Master.php?f=save_course` | High
|
||||
17 | File | `/demo/module/?module=HERE` | High
|
||||
18 | File | `/download/set.cgi` | High
|
||||
19 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
20 | File | `/dvcset/sysset/set.cgi` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goform/SysToolReboot` | High
|
||||
23 | File | `/goform/WifiExtraSet` | High
|
||||
24 | File | `/inc/topBarNav.php` | High
|
||||
25 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
|
||||
26 | File | `/mkshop/Men/profile.php` | High
|
||||
27 | File | `/mngset/authset` | High
|
||||
28 | File | `/mobile/downloadfile.aspx` | High
|
||||
29 | File | `/net/nfc/netlink.c` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/outgoing.php` | High
|
||||
32 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
33 | File | `/presale/join` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -49,6 +123,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_vg.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_vg.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ipip_country/ipip_country_vg.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -10,7 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -28,41 +28,45 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
5 | [3.115.144.47](https://vuldb.com/?ip.3.115.144.47) | ec2-3-115-144-47.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
6 | [3.133.7.69](https://vuldb.com/?ip.3.133.7.69) | ec2-3-133-7-69.us-east-2.compute.amazonaws.com | - | Medium
|
||||
7 | [3.221.126.84](https://vuldb.com/?ip.3.221.126.84) | ec2-3-221-126-84.compute-1.amazonaws.com | - | Medium
|
||||
8 | [8.222.133.105](https://vuldb.com/?ip.8.222.133.105) | - | - | High
|
||||
9 | [13.82.141.216](https://vuldb.com/?ip.13.82.141.216) | - | - | High
|
||||
10 | [13.112.226.27](https://vuldb.com/?ip.13.112.226.27) | ec2-13-112-226-27.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
11 | [13.114.48.174](https://vuldb.com/?ip.13.114.48.174) | ec2-13-114-48-174.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
12 | [13.114.78.162](https://vuldb.com/?ip.13.114.78.162) | ec2-13-114-78-162.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
13 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
14 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
15 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
16 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
17 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
18 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
19 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
20 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
21 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
22 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
23 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
24 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
25 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
26 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
27 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
28 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
29 | [18.193.106.166](https://vuldb.com/?ip.18.193.106.166) | ec2-18-193-106-166.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
30 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
31 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
32 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
33 | [23.92.22.235](https://vuldb.com/?ip.23.92.22.235) | 23-92-22-235.ip.linodeusercontent.com | - | High
|
||||
34 | [23.254.167.32](https://vuldb.com/?ip.23.254.167.32) | hwsrv-1075866.hostwindsdns.com | - | High
|
||||
35 | [24.199.89.40](https://vuldb.com/?ip.24.199.89.40) | - | - | High
|
||||
36 | [24.199.114.243](https://vuldb.com/?ip.24.199.114.243) | - | - | High
|
||||
37 | [24.199.118.20](https://vuldb.com/?ip.24.199.118.20) | airy-fuse.autonode.net | - | High
|
||||
38 | [31.42.189.61](https://vuldb.com/?ip.31.42.189.61) | caponystmodo.live | - | High
|
||||
39 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
|
||||
40 | ... | ... | ... | ...
|
||||
8 | [5.188.87.50](https://vuldb.com/?ip.5.188.87.50) | - | - | High
|
||||
9 | [8.222.133.105](https://vuldb.com/?ip.8.222.133.105) | - | - | High
|
||||
10 | [13.82.141.216](https://vuldb.com/?ip.13.82.141.216) | - | - | High
|
||||
11 | [13.112.226.27](https://vuldb.com/?ip.13.112.226.27) | ec2-13-112-226-27.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
12 | [13.114.48.174](https://vuldb.com/?ip.13.114.48.174) | ec2-13-114-48-174.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
13 | [13.114.78.162](https://vuldb.com/?ip.13.114.78.162) | ec2-13-114-78-162.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
14 | [13.114.110.144](https://vuldb.com/?ip.13.114.110.144) | ec2-13-114-110-144.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
15 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
16 | [13.231.24.246](https://vuldb.com/?ip.13.231.24.246) | ec2-13-231-24-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
17 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
18 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
19 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
20 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
21 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
22 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
23 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
24 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
25 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
26 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
27 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
28 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
29 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
30 | [18.181.114.13](https://vuldb.com/?ip.18.181.114.13) | ec2-18-181-114-13.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
31 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
32 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
33 | [18.193.106.166](https://vuldb.com/?ip.18.193.106.166) | ec2-18-193-106-166.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
34 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
35 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
36 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
37 | [20.212.219.56](https://vuldb.com/?ip.20.212.219.56) | - | - | High
|
||||
38 | [23.92.22.235](https://vuldb.com/?ip.23.92.22.235) | 23-92-22-235.ip.linodeusercontent.com | - | High
|
||||
39 | [23.254.167.32](https://vuldb.com/?ip.23.254.167.32) | hwsrv-1075866.hostwindsdns.com | - | High
|
||||
40 | [24.199.89.40](https://vuldb.com/?ip.24.199.89.40) | - | - | High
|
||||
41 | [24.199.114.243](https://vuldb.com/?ip.24.199.114.243) | - | - | High
|
||||
42 | [24.199.118.20](https://vuldb.com/?ip.24.199.118.20) | airy-fuse.autonode.net | - | High
|
||||
43 | [31.42.189.61](https://vuldb.com/?ip.31.42.189.61) | caponystmodo.live | - | High
|
||||
44 | ... | ... | ... | ...
|
||||
|
||||
There are 154 more IOC items available. Please use our online service to access the data.
|
||||
There are 174 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -73,11 +77,11 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -85,50 +89,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `//WEB-INF` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/admin/cashadvance_row.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/sys_sql_query.php` | High
|
||||
9 | File | `/admin/userprofile.php` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
12 | File | `/APR/login.php` | High
|
||||
13 | File | `/bin/httpd` | Medium
|
||||
14 | File | `/cgi-bin/wapopen` | High
|
||||
15 | File | `/company/store` | High
|
||||
16 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
17 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
19 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
20 | File | `/feeds/post/publish` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
23 | File | `/fos/admin/index.php?page=menu` | High
|
||||
24 | File | `/h/` | Low
|
||||
25 | File | `/home/masterConsole` | High
|
||||
26 | File | `/home/sendBroadcast` | High
|
||||
27 | File | `/hrm/employeeadd.php` | High
|
||||
28 | File | `/hrm/employeeview.php` | High
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/cashadvance_row.php` | High
|
||||
5 | File | `/admin/maintenance/view_designation.php` | High
|
||||
6 | File | `/admin/sys_sql_query.php` | High
|
||||
7 | File | `/admin/userprofile.php` | High
|
||||
8 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
10 | File | `/api/baskets/{name}` | High
|
||||
11 | File | `/APR/login.php` | High
|
||||
12 | File | `/bin/httpd` | Medium
|
||||
13 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
14 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
15 | File | `/cgi-bin/wapopen` | High
|
||||
16 | File | `/company/store` | High
|
||||
17 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
18 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
19 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
20 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
21 | File | `/etc/passwd` | Medium
|
||||
22 | File | `/feeds/post/publish` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
25 | File | `/fos/admin/index.php?page=menu` | High
|
||||
26 | File | `/h/` | Low
|
||||
27 | File | `/home/masterConsole` | High
|
||||
28 | File | `/home/sendBroadcast` | High
|
||||
29 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
30 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
31 | File | `/index.php?page=category_list` | High
|
||||
32 | File | `/jobinfo/` | Medium
|
||||
33 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
34 | File | `/Moosikay/order.php` | High
|
||||
35 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
36 | File | `/opac/Actions.php?a=login` | High
|
||||
37 | File | `/php-opos/index.php` | High
|
||||
38 | File | `/PreviewHandler.ashx` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/public/launchNewWindow.jsp` | High
|
||||
41 | File | `/recipe-result` | High
|
||||
42 | File | `/reports/rwservlet` | High
|
||||
43 | File | `/reservation/add_message.php` | High
|
||||
44 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
33 | File | `/Moosikay/order.php` | High
|
||||
34 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
35 | File | `/opac/Actions.php?a=login` | High
|
||||
36 | File | `/php-opos/index.php` | High
|
||||
37 | File | `/PreviewHandler.ashx` | High
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/recipe-result` | High
|
||||
40 | File | `/register.do` | Medium
|
||||
41 | File | `/reports/rwservlet` | High
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/student/bookdetails.php` | High
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/uploads/exam_question/` | High
|
||||
|
@ -139,14 +143,10 @@ ID | Type | Indicator | Confidence
|
|||
52 | File | `/wp-admin/admin-ajax.php` | High
|
||||
53 | File | `01article.php` | High
|
||||
54 | File | `a-forms.php` | Medium
|
||||
55 | File | `AbstractScheduleJob.java` | High
|
||||
56 | File | `actionphp/download.File.php` | High
|
||||
57 | File | `activenews_view.asp` | High
|
||||
58 | File | `adclick.php` | Medium
|
||||
59 | File | `admin.a6mambocredits.php` | High
|
||||
60 | ... | ... | ...
|
||||
55 | File | `activenews_view.asp` | High
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 528 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 485 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -156,12 +156,15 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/3.28.39.6
|
||||
* https://search.censys.io/hosts/3.115.144.47
|
||||
* https://search.censys.io/hosts/3.221.126.84
|
||||
* https://search.censys.io/hosts/5.188.87.50
|
||||
* https://search.censys.io/hosts/8.222.133.105
|
||||
* https://search.censys.io/hosts/13.82.141.216
|
||||
* https://search.censys.io/hosts/13.112.226.27
|
||||
* https://search.censys.io/hosts/13.114.48.174
|
||||
* https://search.censys.io/hosts/13.114.78.162
|
||||
* https://search.censys.io/hosts/13.114.110.144
|
||||
* https://search.censys.io/hosts/13.230.243.50
|
||||
* https://search.censys.io/hosts/13.231.24.246
|
||||
* https://search.censys.io/hosts/15.164.245.79
|
||||
* https://search.censys.io/hosts/15.206.79.179
|
||||
* https://search.censys.io/hosts/16.16.162.142
|
||||
|
@ -172,10 +175,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/18.177.226.88
|
||||
* https://search.censys.io/hosts/18.178.161.19
|
||||
* https://search.censys.io/hosts/18.178.244.246
|
||||
* https://search.censys.io/hosts/18.181.114.13
|
||||
* https://search.censys.io/hosts/18.182.126.252
|
||||
* https://search.censys.io/hosts/18.188.54.77
|
||||
* https://search.censys.io/hosts/18.193.106.166
|
||||
* https://search.censys.io/hosts/18.208.87.99
|
||||
* https://search.censys.io/hosts/20.212.219.56
|
||||
* https://search.censys.io/hosts/23.92.22.235
|
||||
* https://search.censys.io/hosts/24.199.89.40
|
||||
* https://search.censys.io/hosts/24.199.114.243
|
||||
|
@ -186,6 +191,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/35.72.94.12
|
||||
* https://search.censys.io/hosts/35.72.100.201
|
||||
* https://search.censys.io/hosts/35.73.220.65
|
||||
* https://search.censys.io/hosts/35.74.154.31
|
||||
* https://search.censys.io/hosts/35.75.27.89
|
||||
* https://search.censys.io/hosts/35.75.94.192
|
||||
* https://search.censys.io/hosts/35.76.16.247
|
||||
|
@ -206,6 +212,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/52.193.2.2
|
||||
* https://search.censys.io/hosts/52.193.175.78
|
||||
* https://search.censys.io/hosts/52.193.185.144
|
||||
* https://search.censys.io/hosts/52.193.188.236
|
||||
* https://search.censys.io/hosts/52.193.203.8
|
||||
* https://search.censys.io/hosts/52.194.85.123
|
||||
* https://search.censys.io/hosts/52.194.178.19
|
||||
|
@ -216,17 +223,20 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/52.197.222.201
|
||||
* https://search.censys.io/hosts/52.198.154.115
|
||||
* https://search.censys.io/hosts/52.198.193.213
|
||||
* https://search.censys.io/hosts/54.65.8.67
|
||||
* https://search.censys.io/hosts/54.65.93.113
|
||||
* https://search.censys.io/hosts/54.92.24.114
|
||||
* https://search.censys.io/hosts/54.95.222.110
|
||||
* https://search.censys.io/hosts/54.150.80.3
|
||||
* https://search.censys.io/hosts/54.168.95.3
|
||||
* https://search.censys.io/hosts/54.168.127.93
|
||||
* https://search.censys.io/hosts/54.171.30.223
|
||||
* https://search.censys.io/hosts/54.178.188.94
|
||||
* https://search.censys.io/hosts/54.199.58.143
|
||||
* https://search.censys.io/hosts/54.211.243.10
|
||||
* https://search.censys.io/hosts/54.238.205.126
|
||||
* https://search.censys.io/hosts/54.238.220.105
|
||||
* https://search.censys.io/hosts/54.248.102.18
|
||||
* https://search.censys.io/hosts/54.248.200.60
|
||||
* https://search.censys.io/hosts/54.249.26.2
|
||||
* https://search.censys.io/hosts/54.249.130.36
|
||||
|
@ -236,11 +246,16 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/64.226.109.199
|
||||
* https://search.censys.io/hosts/74.234.98.215
|
||||
* https://search.censys.io/hosts/74.235.81.74
|
||||
* https://search.censys.io/hosts/77.246.103.180
|
||||
* https://search.censys.io/hosts/82.84.39.65
|
||||
* https://search.censys.io/hosts/83.97.73.90
|
||||
* https://search.censys.io/hosts/87.121.221.22
|
||||
* https://search.censys.io/hosts/88.218.61.244
|
||||
* https://search.censys.io/hosts/91.103.253.43
|
||||
* https://search.censys.io/hosts/94.102.49.64
|
||||
* https://search.censys.io/hosts/94.198.97.58
|
||||
* https://search.censys.io/hosts/103.25.188.178
|
||||
* https://search.censys.io/hosts/104.168.59.22
|
||||
* https://search.censys.io/hosts/104.168.117.105
|
||||
* https://search.censys.io/hosts/104.207.132.71
|
||||
* https://search.censys.io/hosts/104.234.118.123
|
||||
|
@ -257,8 +272,10 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/118.107.43.100
|
||||
* https://search.censys.io/hosts/138.68.135.52
|
||||
* https://search.censys.io/hosts/139.59.169.19
|
||||
* https://search.censys.io/hosts/139.59.211.172
|
||||
* https://search.censys.io/hosts/139.162.242.79
|
||||
* https://search.censys.io/hosts/139.224.234.194
|
||||
* https://search.censys.io/hosts/140.82.46.164
|
||||
* https://search.censys.io/hosts/142.93.7.24
|
||||
* https://search.censys.io/hosts/142.93.31.106
|
||||
* https://search.censys.io/hosts/143.92.58.179
|
||||
|
@ -267,22 +284,29 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/143.198.176.115
|
||||
* https://search.censys.io/hosts/144.91.97.213
|
||||
* https://search.censys.io/hosts/146.190.65.47
|
||||
* https://search.censys.io/hosts/146.190.219.130
|
||||
* https://search.censys.io/hosts/149.28.251.203
|
||||
* https://search.censys.io/hosts/154.26.154.154
|
||||
* https://search.censys.io/hosts/154.202.59.96
|
||||
* https://search.censys.io/hosts/157.254.195.201
|
||||
* https://search.censys.io/hosts/164.92.145.128
|
||||
* https://search.censys.io/hosts/165.227.224.30
|
||||
* https://search.censys.io/hosts/167.71.60.103
|
||||
* https://search.censys.io/hosts/167.71.62.156
|
||||
* https://search.censys.io/hosts/167.99.137.218
|
||||
* https://search.censys.io/hosts/170.64.169.229
|
||||
* https://search.censys.io/hosts/172.86.123.8
|
||||
* https://search.censys.io/hosts/172.105.71.205
|
||||
* https://search.censys.io/hosts/175.41.221.5
|
||||
* https://search.censys.io/hosts/179.43.144.250
|
||||
* https://search.censys.io/hosts/185.239.173.42
|
||||
* https://search.censys.io/hosts/185.239.173.43
|
||||
* https://search.censys.io/hosts/185.239.173.44
|
||||
* https://search.censys.io/hosts/188.166.72.93
|
||||
* https://search.censys.io/hosts/193.149.180.84
|
||||
* https://search.censys.io/hosts/193.149.190.194
|
||||
* https://search.censys.io/hosts/206.81.1.31
|
||||
* https://search.censys.io/hosts/212.71.235.150
|
||||
* https://search.censys.io/hosts/213.219.214.113
|
||||
* https://search.censys.io/hosts/213.227.155.115
|
||||
* https://search.censys.io/hosts/217.25.91.146
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
There are 30 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -591,14 +591,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -608,56 +608,61 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
3 | File | `/account/delivery` | High
|
||||
4 | File | `/admin/?page=user/list` | High
|
||||
5 | File | `/admin/addproduct.php` | High
|
||||
6 | File | `/admin/add_user_modal.php` | High
|
||||
7 | File | `/admin/del_category.php` | High
|
||||
8 | File | `/admin/del_service.php` | High
|
||||
9 | File | `/admin/edit_product.php` | High
|
||||
10 | File | `/admin/forgot-password.php` | High
|
||||
11 | File | `/admin/index.php` | High
|
||||
12 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
13 | File | `/admin/modal_add_product.php` | High
|
||||
14 | File | `/admin/read.php?mudi=announContent` | High
|
||||
15 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
16 | File | `/admin/reg.php` | High
|
||||
17 | File | `/admin/reportupload.aspx` | High
|
||||
18 | File | `/admin/search-appointment.php` | High
|
||||
19 | File | `/admin/sys_sql_query.php` | High
|
||||
20 | File | `/admin/test_status.php` | High
|
||||
21 | File | `/admin/update_s6.php` | High
|
||||
22 | File | `/ajax.php?action=read_msg` | High
|
||||
23 | File | `/ajax.php?action=save_company` | High
|
||||
24 | File | `/api/baskets/{name}` | High
|
||||
25 | File | `/api/ping` | Medium
|
||||
26 | File | `/api/set-password` | High
|
||||
27 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
28 | File | `/author_posts.php` | High
|
||||
29 | File | `/bin/ate` | Medium
|
||||
30 | File | `/blog` | Low
|
||||
31 | File | `/booking/show_bookings/` | High
|
||||
32 | File | `/browse` | Low
|
||||
33 | File | `/cgi-bin/adm.cgi` | High
|
||||
34 | File | `/chaincity/user/ticket/create` | High
|
||||
35 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
36 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
37 | File | `/classes/Master.php?f=save_item` | High
|
||||
38 | File | `/classes/Users.php?f=save` | High
|
||||
39 | File | `/company/store` | High
|
||||
40 | File | `/config` | Low
|
||||
41 | File | `/contact.php` | Medium
|
||||
42 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
43 | File | `/dipam/athlete-profile.php` | High
|
||||
44 | File | `/dipam/save-delegates.php` | High
|
||||
45 | File | `/Duty/AjaxHandle/UpLoadFloodPlanFile.ashx` | High
|
||||
46 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
47 | File | `/en/blog-comment-4` | High
|
||||
48 | File | `/env` | Low
|
||||
49 | File | `/etc/passwd` | Medium
|
||||
50 | ... | ... | ...
|
||||
3 | File | `/academy/home/courses` | High
|
||||
4 | File | `/account/delivery` | High
|
||||
5 | File | `/ad-list` | Medium
|
||||
6 | File | `/admin/?page=user/list` | High
|
||||
7 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
8 | File | `/admin/about-us.php` | High
|
||||
9 | File | `/admin/add-category.php` | High
|
||||
10 | File | `/admin/add-services.php` | High
|
||||
11 | File | `/admin/add_user_modal.php` | High
|
||||
12 | File | `/admin/admin-profile.php` | High
|
||||
13 | File | `/admin/del_category.php` | High
|
||||
14 | File | `/admin/del_feedback.php` | High
|
||||
15 | File | `/admin/del_service.php` | High
|
||||
16 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
17 | File | `/admin/edit_category.php` | High
|
||||
18 | File | `/admin/edit_product.php` | High
|
||||
19 | File | `/admin/files` | Medium
|
||||
20 | File | `/admin/forgot-password.php` | High
|
||||
21 | File | `/admin/index.php` | High
|
||||
22 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
23 | File | `/admin/invoice.php` | High
|
||||
24 | File | `/admin/search-appointment.php` | High
|
||||
25 | File | `/admin/sys_sql_query.php` | High
|
||||
26 | File | `/admin/test_status.php` | High
|
||||
27 | File | `/api/baskets/{name}` | High
|
||||
28 | File | `/api/ping` | Medium
|
||||
29 | File | `/api/set-password` | High
|
||||
30 | File | `/api/sys/login` | High
|
||||
31 | File | `/api/sys/set_passwd` | High
|
||||
32 | File | `/app/sys1.php` | High
|
||||
33 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
34 | File | `/author_posts.php` | High
|
||||
35 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
36 | File | `/blog` | Low
|
||||
37 | File | `/blog-single.php` | High
|
||||
38 | File | `/booking/show_bookings/` | High
|
||||
39 | File | `/browse` | Low
|
||||
40 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
41 | File | `/chaincity/user/ticket/create` | High
|
||||
42 | File | `/classes/Master.php?f=delete_category` | High
|
||||
43 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
44 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
45 | File | `/classes/Master.php?f=save_item` | High
|
||||
46 | File | `/company/store` | High
|
||||
47 | File | `/conf/` | Low
|
||||
48 | File | `/config` | Low
|
||||
49 | File | `/config/php.ini` | High
|
||||
50 | File | `/contact.php` | Medium
|
||||
51 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
52 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
53 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
54 | File | `/debug/pprof` | Medium
|
||||
55 | ... | ... | ...
|
||||
|
||||
There are 431 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 478 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -244,136 +244,138 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
221 | [34.1.180.202](https://vuldb.com/?ip.34.1.180.202) | - | - | High
|
||||
222 | [34.2.221.48](https://vuldb.com/?ip.34.2.221.48) | - | - | High
|
||||
223 | [34.34.152.166](https://vuldb.com/?ip.34.34.152.166) | 166.152.34.34.bc.googleusercontent.com | - | Medium
|
||||
224 | [34.119.95.6](https://vuldb.com/?ip.34.119.95.6) | 6.95.119.34.bc.googleusercontent.com | - | Medium
|
||||
225 | [34.229.154.31](https://vuldb.com/?ip.34.229.154.31) | ec2-34-229-154-31.compute-1.amazonaws.com | - | Medium
|
||||
226 | [35.120.155.220](https://vuldb.com/?ip.35.120.155.220) | - | - | High
|
||||
227 | [36.110.58.103](https://vuldb.com/?ip.36.110.58.103) | 103.58.110.36.static.bjtelecom.net | - | High
|
||||
228 | [36.150.76.13](https://vuldb.com/?ip.36.150.76.13) | - | - | High
|
||||
229 | [36.201.196.202](https://vuldb.com/?ip.36.201.196.202) | - | - | High
|
||||
230 | [37.1.214.72](https://vuldb.com/?ip.37.1.214.72) | - | - | High
|
||||
231 | [37.1.214.229](https://vuldb.com/?ip.37.1.214.229) | - | - | High
|
||||
232 | [37.28.155.36](https://vuldb.com/?ip.37.28.155.36) | d155036.artnet.gda.pl | - | High
|
||||
233 | [37.28.156.24](https://vuldb.com/?ip.37.28.156.24) | d156024.artnet.gda.pl | - | High
|
||||
234 | [37.28.157.29](https://vuldb.com/?ip.37.28.157.29) | d157029.artnet.gda.pl | - | High
|
||||
235 | [37.42.62.77](https://vuldb.com/?ip.37.42.62.77) | - | - | High
|
||||
236 | [37.64.220.2](https://vuldb.com/?ip.37.64.220.2) | 2.220.64.37.rev.sfr.net | - | High
|
||||
237 | [37.72.174.9](https://vuldb.com/?ip.37.72.174.9) | emailmail.org.uk | - | High
|
||||
238 | [37.72.174.23](https://vuldb.com/?ip.37.72.174.23) | 37-72-174-23.static.hvvc.us | - | High
|
||||
239 | [37.120.198.248](https://vuldb.com/?ip.37.120.198.248) | - | - | High
|
||||
240 | [37.189.74.5](https://vuldb.com/?ip.37.189.74.5) | bl28-74-5.dsl.telepac.pt | - | High
|
||||
241 | [37.221.67.104](https://vuldb.com/?ip.37.221.67.104) | host001 | - | High
|
||||
242 | [37.221.67.122](https://vuldb.com/?ip.37.221.67.122) | finese | - | High
|
||||
243 | [38.12.57.131](https://vuldb.com/?ip.38.12.57.131) | - | - | High
|
||||
244 | [38.48.147.152](https://vuldb.com/?ip.38.48.147.152) | - | - | High
|
||||
245 | [38.180.4.165](https://vuldb.com/?ip.38.180.4.165) | - | - | High
|
||||
246 | [38.180.25.71](https://vuldb.com/?ip.38.180.25.71) | - | - | High
|
||||
247 | [38.180.25.111](https://vuldb.com/?ip.38.180.25.111) | - | - | High
|
||||
248 | [39.57.152.217](https://vuldb.com/?ip.39.57.152.217) | - | - | High
|
||||
249 | [40.47.149.113](https://vuldb.com/?ip.40.47.149.113) | - | - | High
|
||||
250 | [40.72.17.141](https://vuldb.com/?ip.40.72.17.141) | - | - | High
|
||||
251 | [41.7.15.180](https://vuldb.com/?ip.41.7.15.180) | vc-cpt-41-7-15-180.umts.vodacom.co.za | - | High
|
||||
252 | [41.15.71.157](https://vuldb.com/?ip.41.15.71.157) | vc-gp-n-41-15-71-157.umts.vodacom.co.za | - | High
|
||||
253 | [41.28.188.77](https://vuldb.com/?ip.41.28.188.77) | vc-gp-s-41-28-188-77.umts.vodacom.co.za | - | High
|
||||
254 | [41.56.181.200](https://vuldb.com/?ip.41.56.181.200) | - | - | High
|
||||
255 | [41.70.42.112](https://vuldb.com/?ip.41.70.42.112) | - | - | High
|
||||
256 | [42.63.100.82](https://vuldb.com/?ip.42.63.100.82) | - | - | High
|
||||
257 | [42.104.196.184](https://vuldb.com/?ip.42.104.196.184) | - | - | High
|
||||
258 | [42.179.23.39](https://vuldb.com/?ip.42.179.23.39) | - | - | High
|
||||
259 | [43.184.255.110](https://vuldb.com/?ip.43.184.255.110) | - | - | High
|
||||
260 | [44.94.75.93](https://vuldb.com/?ip.44.94.75.93) | - | - | High
|
||||
261 | [44.224.48.159](https://vuldb.com/?ip.44.224.48.159) | ec2-44-224-48-159.us-west-2.compute.amazonaws.com | - | Medium
|
||||
262 | [45.3.236.177](https://vuldb.com/?ip.45.3.236.177) | 045-003-236-177.biz.spectrum.com | - | High
|
||||
263 | [45.11.19.70](https://vuldb.com/?ip.45.11.19.70) | - | - | High
|
||||
264 | [45.11.19.86](https://vuldb.com/?ip.45.11.19.86) | - | - | High
|
||||
265 | [45.11.19.208](https://vuldb.com/?ip.45.11.19.208) | - | - | High
|
||||
266 | [45.11.19.224](https://vuldb.com/?ip.45.11.19.224) | - | - | High
|
||||
267 | [45.11.19.252](https://vuldb.com/?ip.45.11.19.252) | - | - | High
|
||||
268 | [45.32.37.109](https://vuldb.com/?ip.45.32.37.109) | 45.32.37.109.vultrusercontent.com | - | High
|
||||
269 | [45.61.184.8](https://vuldb.com/?ip.45.61.184.8) | mail.oelke.tec.br | - | High
|
||||
270 | [45.61.184.24](https://vuldb.com/?ip.45.61.184.24) | - | - | High
|
||||
271 | [45.61.184.227](https://vuldb.com/?ip.45.61.184.227) | MiamiTorNew1.Quetzalcoatl-relays.org | - | High
|
||||
272 | [45.61.185.65](https://vuldb.com/?ip.45.61.185.65) | exitrelay40.medvideos-tor.org | - | High
|
||||
273 | [45.61.185.227](https://vuldb.com/?ip.45.61.185.227) | - | - | High
|
||||
274 | [45.61.186.18](https://vuldb.com/?ip.45.61.186.18) | - | - | High
|
||||
275 | [45.61.186.51](https://vuldb.com/?ip.45.61.186.51) | - | - | High
|
||||
276 | [45.61.187.10](https://vuldb.com/?ip.45.61.187.10) | 45-61-187-10.ger.priv.allsafevpn.com | - | High
|
||||
277 | [45.61.187.40](https://vuldb.com/?ip.45.61.187.40) | - | - | High
|
||||
278 | [45.61.187.123](https://vuldb.com/?ip.45.61.187.123) | smtp20.shbgura.xyz | - | High
|
||||
279 | [45.61.187.160](https://vuldb.com/?ip.45.61.187.160) | - | - | High
|
||||
280 | [45.61.187.170](https://vuldb.com/?ip.45.61.187.170) | - | - | High
|
||||
281 | [45.61.187.204](https://vuldb.com/?ip.45.61.187.204) | - | - | High
|
||||
282 | [45.61.187.225](https://vuldb.com/?ip.45.61.187.225) | - | - | High
|
||||
283 | [45.66.151.59](https://vuldb.com/?ip.45.66.151.59) | - | - | High
|
||||
284 | [45.66.151.142](https://vuldb.com/?ip.45.66.151.142) | - | - | High
|
||||
285 | [45.66.151.150](https://vuldb.com/?ip.45.66.151.150) | - | - | High
|
||||
286 | [45.66.151.151](https://vuldb.com/?ip.45.66.151.151) | - | - | High
|
||||
287 | [45.66.151.155](https://vuldb.com/?ip.45.66.151.155) | - | - | High
|
||||
288 | [45.66.151.193](https://vuldb.com/?ip.45.66.151.193) | - | - | High
|
||||
289 | [45.66.248.61](https://vuldb.com/?ip.45.66.248.61) | parts861.simplestartvideos.com | - | High
|
||||
290 | [45.66.248.64](https://vuldb.com/?ip.45.66.248.64) | 0n3reye0i0.alyanova.com | - | High
|
||||
291 | [45.66.248.156](https://vuldb.com/?ip.45.66.248.156) | - | - | High
|
||||
292 | [45.66.248.216](https://vuldb.com/?ip.45.66.248.216) | spam.lastmer.xyz | - | High
|
||||
293 | [45.67.231.123](https://vuldb.com/?ip.45.67.231.123) | mihome.ru | - | High
|
||||
294 | [45.67.231.151](https://vuldb.com/?ip.45.67.231.151) | vm1197030.stark-industries.solutions | - | High
|
||||
295 | [45.84.0.13](https://vuldb.com/?ip.45.84.0.13) | vm523902.stark-industries.solutions | - | High
|
||||
296 | [45.84.240.87](https://vuldb.com/?ip.45.84.240.87) | - | - | High
|
||||
297 | [45.132.180.49](https://vuldb.com/?ip.45.132.180.49) | - | - | High
|
||||
298 | [45.138.172.22](https://vuldb.com/?ip.45.138.172.22) | - | - | High
|
||||
299 | [45.138.172.246](https://vuldb.com/?ip.45.138.172.246) | - | - | High
|
||||
300 | [45.140.146.30](https://vuldb.com/?ip.45.140.146.30) | vm542320.stark-industries.solutions | - | High
|
||||
301 | [45.140.146.244](https://vuldb.com/?ip.45.140.146.244) | - | - | High
|
||||
302 | [45.141.58.37](https://vuldb.com/?ip.45.141.58.37) | - | - | High
|
||||
303 | [45.141.58.139](https://vuldb.com/?ip.45.141.58.139) | galorebase.com | - | High
|
||||
304 | [45.142.214.120](https://vuldb.com/?ip.45.142.214.120) | vm516885.stark-industries.solutions | - | High
|
||||
305 | [45.142.214.167](https://vuldb.com/?ip.45.142.214.167) | - | - | High
|
||||
306 | [45.147.229.23](https://vuldb.com/?ip.45.147.229.23) | - | - | High
|
||||
307 | [45.147.229.47](https://vuldb.com/?ip.45.147.229.47) | - | - | High
|
||||
308 | [45.147.229.50](https://vuldb.com/?ip.45.147.229.50) | - | - | High
|
||||
309 | [45.147.229.101](https://vuldb.com/?ip.45.147.229.101) | - | - | High
|
||||
310 | [45.147.229.177](https://vuldb.com/?ip.45.147.229.177) | - | - | High
|
||||
311 | [45.147.229.199](https://vuldb.com/?ip.45.147.229.199) | - | - | High
|
||||
312 | [45.147.229.223](https://vuldb.com/?ip.45.147.229.223) | - | - | High
|
||||
313 | [45.147.230.179](https://vuldb.com/?ip.45.147.230.179) | - | - | High
|
||||
314 | [45.147.230.233](https://vuldb.com/?ip.45.147.230.233) | - | - | High
|
||||
315 | [45.147.230.245](https://vuldb.com/?ip.45.147.230.245) | poppuworls.club | - | High
|
||||
316 | [45.147.231.107](https://vuldb.com/?ip.45.147.231.107) | - | - | High
|
||||
317 | [45.147.231.156](https://vuldb.com/?ip.45.147.231.156) | - | - | High
|
||||
318 | [45.147.231.202](https://vuldb.com/?ip.45.147.231.202) | - | - | High
|
||||
319 | [45.147.231.232](https://vuldb.com/?ip.45.147.231.232) | - | - | High
|
||||
320 | [45.150.67.154](https://vuldb.com/?ip.45.150.67.154) | vm1326648.stark-industries.solutions | - | High
|
||||
321 | [45.153.240.56](https://vuldb.com/?ip.45.153.240.56) | - | - | High
|
||||
322 | [45.153.240.94](https://vuldb.com/?ip.45.153.240.94) | - | - | High
|
||||
323 | [45.153.240.139](https://vuldb.com/?ip.45.153.240.139) | - | - | High
|
||||
324 | [45.153.240.155](https://vuldb.com/?ip.45.153.240.155) | - | - | High
|
||||
325 | [45.153.241.19](https://vuldb.com/?ip.45.153.241.19) | - | - | High
|
||||
326 | [45.153.241.64](https://vuldb.com/?ip.45.153.241.64) | - | - | High
|
||||
327 | [45.153.241.120](https://vuldb.com/?ip.45.153.241.120) | - | - | High
|
||||
328 | [45.153.241.187](https://vuldb.com/?ip.45.153.241.187) | - | - | High
|
||||
329 | [45.153.241.209](https://vuldb.com/?ip.45.153.241.209) | - | - | High
|
||||
330 | [45.153.241.234](https://vuldb.com/?ip.45.153.241.234) | - | - | High
|
||||
331 | [45.153.241.245](https://vuldb.com/?ip.45.153.241.245) | - | - | High
|
||||
332 | [45.153.242.61](https://vuldb.com/?ip.45.153.242.61) | - | - | High
|
||||
333 | [45.153.242.100](https://vuldb.com/?ip.45.153.242.100) | - | - | High
|
||||
334 | [45.153.242.105](https://vuldb.com/?ip.45.153.242.105) | - | - | High
|
||||
335 | [45.153.242.183](https://vuldb.com/?ip.45.153.242.183) | - | - | High
|
||||
336 | [45.153.242.184](https://vuldb.com/?ip.45.153.242.184) | - | - | High
|
||||
337 | [45.153.242.242](https://vuldb.com/?ip.45.153.242.242) | - | - | High
|
||||
338 | [45.153.243.82](https://vuldb.com/?ip.45.153.243.82) | - | - | High
|
||||
339 | [45.153.243.93](https://vuldb.com/?ip.45.153.243.93) | - | - | High
|
||||
340 | [45.153.243.111](https://vuldb.com/?ip.45.153.243.111) | - | - | High
|
||||
341 | [45.153.243.126](https://vuldb.com/?ip.45.153.243.126) | - | - | High
|
||||
342 | [45.153.243.130](https://vuldb.com/?ip.45.153.243.130) | - | - | High
|
||||
343 | [45.153.243.222](https://vuldb.com/?ip.45.153.243.222) | - | - | High
|
||||
344 | [46.21.153.145](https://vuldb.com/?ip.46.21.153.145) | 145.153.21.46.static.swiftway.net | - | High
|
||||
345 | [46.21.153.157](https://vuldb.com/?ip.46.21.153.157) | 157.153.21.46.static.swiftway.net | - | High
|
||||
346 | [46.21.153.246](https://vuldb.com/?ip.46.21.153.246) | 246.153.21.46.static.swiftway.net | - | High
|
||||
347 | [46.44.240.53](https://vuldb.com/?ip.46.44.240.53) | 46-44-240-53.ip.welcomeitalia.it | - | High
|
||||
348 | [46.142.186.28](https://vuldb.com/?ip.46.142.186.28) | 28-186-142-46.pool.kielnet.net | - | High
|
||||
349 | [46.142.187.27](https://vuldb.com/?ip.46.142.187.27) | 27-187-142-46.pool.kielnet.net | - | High
|
||||
350 | [46.142.187.96](https://vuldb.com/?ip.46.142.187.96) | 96-187-142-46.pool.kielnet.net | - | High
|
||||
351 | ... | ... | ... | ...
|
||||
224 | [34.77.116.45](https://vuldb.com/?ip.34.77.116.45) | 45.116.77.34.bc.googleusercontent.com | - | Medium
|
||||
225 | [34.119.95.6](https://vuldb.com/?ip.34.119.95.6) | 6.95.119.34.bc.googleusercontent.com | - | Medium
|
||||
226 | [34.229.154.31](https://vuldb.com/?ip.34.229.154.31) | ec2-34-229-154-31.compute-1.amazonaws.com | - | Medium
|
||||
227 | [35.120.155.220](https://vuldb.com/?ip.35.120.155.220) | - | - | High
|
||||
228 | [35.239.11.197](https://vuldb.com/?ip.35.239.11.197) | 197.11.239.35.bc.googleusercontent.com | - | Medium
|
||||
229 | [36.110.58.103](https://vuldb.com/?ip.36.110.58.103) | 103.58.110.36.static.bjtelecom.net | - | High
|
||||
230 | [36.150.76.13](https://vuldb.com/?ip.36.150.76.13) | - | - | High
|
||||
231 | [36.201.196.202](https://vuldb.com/?ip.36.201.196.202) | - | - | High
|
||||
232 | [37.1.214.72](https://vuldb.com/?ip.37.1.214.72) | - | - | High
|
||||
233 | [37.1.214.229](https://vuldb.com/?ip.37.1.214.229) | - | - | High
|
||||
234 | [37.28.155.36](https://vuldb.com/?ip.37.28.155.36) | d155036.artnet.gda.pl | - | High
|
||||
235 | [37.28.156.24](https://vuldb.com/?ip.37.28.156.24) | d156024.artnet.gda.pl | - | High
|
||||
236 | [37.28.157.29](https://vuldb.com/?ip.37.28.157.29) | d157029.artnet.gda.pl | - | High
|
||||
237 | [37.42.62.77](https://vuldb.com/?ip.37.42.62.77) | - | - | High
|
||||
238 | [37.64.220.2](https://vuldb.com/?ip.37.64.220.2) | 2.220.64.37.rev.sfr.net | - | High
|
||||
239 | [37.72.174.9](https://vuldb.com/?ip.37.72.174.9) | emailmail.org.uk | - | High
|
||||
240 | [37.72.174.23](https://vuldb.com/?ip.37.72.174.23) | 37-72-174-23.static.hvvc.us | - | High
|
||||
241 | [37.120.198.248](https://vuldb.com/?ip.37.120.198.248) | - | - | High
|
||||
242 | [37.189.74.5](https://vuldb.com/?ip.37.189.74.5) | bl28-74-5.dsl.telepac.pt | - | High
|
||||
243 | [37.221.67.104](https://vuldb.com/?ip.37.221.67.104) | host001 | - | High
|
||||
244 | [37.221.67.122](https://vuldb.com/?ip.37.221.67.122) | finese | - | High
|
||||
245 | [38.12.57.131](https://vuldb.com/?ip.38.12.57.131) | - | - | High
|
||||
246 | [38.48.147.152](https://vuldb.com/?ip.38.48.147.152) | - | - | High
|
||||
247 | [38.180.4.165](https://vuldb.com/?ip.38.180.4.165) | - | - | High
|
||||
248 | [38.180.25.71](https://vuldb.com/?ip.38.180.25.71) | - | - | High
|
||||
249 | [38.180.25.111](https://vuldb.com/?ip.38.180.25.111) | - | - | High
|
||||
250 | [39.57.152.217](https://vuldb.com/?ip.39.57.152.217) | - | - | High
|
||||
251 | [40.47.149.113](https://vuldb.com/?ip.40.47.149.113) | - | - | High
|
||||
252 | [40.72.17.141](https://vuldb.com/?ip.40.72.17.141) | - | - | High
|
||||
253 | [41.7.15.180](https://vuldb.com/?ip.41.7.15.180) | vc-cpt-41-7-15-180.umts.vodacom.co.za | - | High
|
||||
254 | [41.15.71.157](https://vuldb.com/?ip.41.15.71.157) | vc-gp-n-41-15-71-157.umts.vodacom.co.za | - | High
|
||||
255 | [41.28.188.77](https://vuldb.com/?ip.41.28.188.77) | vc-gp-s-41-28-188-77.umts.vodacom.co.za | - | High
|
||||
256 | [41.56.181.200](https://vuldb.com/?ip.41.56.181.200) | - | - | High
|
||||
257 | [41.70.42.112](https://vuldb.com/?ip.41.70.42.112) | - | - | High
|
||||
258 | [42.63.100.82](https://vuldb.com/?ip.42.63.100.82) | - | - | High
|
||||
259 | [42.104.196.184](https://vuldb.com/?ip.42.104.196.184) | - | - | High
|
||||
260 | [42.179.23.39](https://vuldb.com/?ip.42.179.23.39) | - | - | High
|
||||
261 | [43.184.255.110](https://vuldb.com/?ip.43.184.255.110) | - | - | High
|
||||
262 | [44.94.75.93](https://vuldb.com/?ip.44.94.75.93) | - | - | High
|
||||
263 | [44.224.48.159](https://vuldb.com/?ip.44.224.48.159) | ec2-44-224-48-159.us-west-2.compute.amazonaws.com | - | Medium
|
||||
264 | [45.3.236.177](https://vuldb.com/?ip.45.3.236.177) | 045-003-236-177.biz.spectrum.com | - | High
|
||||
265 | [45.11.19.70](https://vuldb.com/?ip.45.11.19.70) | - | - | High
|
||||
266 | [45.11.19.86](https://vuldb.com/?ip.45.11.19.86) | - | - | High
|
||||
267 | [45.11.19.208](https://vuldb.com/?ip.45.11.19.208) | - | - | High
|
||||
268 | [45.11.19.224](https://vuldb.com/?ip.45.11.19.224) | - | - | High
|
||||
269 | [45.11.19.252](https://vuldb.com/?ip.45.11.19.252) | - | - | High
|
||||
270 | [45.32.37.109](https://vuldb.com/?ip.45.32.37.109) | 45.32.37.109.vultrusercontent.com | - | High
|
||||
271 | [45.61.184.8](https://vuldb.com/?ip.45.61.184.8) | mail.oelke.tec.br | - | High
|
||||
272 | [45.61.184.24](https://vuldb.com/?ip.45.61.184.24) | - | - | High
|
||||
273 | [45.61.184.227](https://vuldb.com/?ip.45.61.184.227) | MiamiTorNew1.Quetzalcoatl-relays.org | - | High
|
||||
274 | [45.61.185.65](https://vuldb.com/?ip.45.61.185.65) | exitrelay40.medvideos-tor.org | - | High
|
||||
275 | [45.61.185.227](https://vuldb.com/?ip.45.61.185.227) | - | - | High
|
||||
276 | [45.61.186.18](https://vuldb.com/?ip.45.61.186.18) | - | - | High
|
||||
277 | [45.61.186.51](https://vuldb.com/?ip.45.61.186.51) | - | - | High
|
||||
278 | [45.61.187.10](https://vuldb.com/?ip.45.61.187.10) | 45-61-187-10.ger.priv.allsafevpn.com | - | High
|
||||
279 | [45.61.187.40](https://vuldb.com/?ip.45.61.187.40) | - | - | High
|
||||
280 | [45.61.187.123](https://vuldb.com/?ip.45.61.187.123) | smtp20.shbgura.xyz | - | High
|
||||
281 | [45.61.187.160](https://vuldb.com/?ip.45.61.187.160) | - | - | High
|
||||
282 | [45.61.187.170](https://vuldb.com/?ip.45.61.187.170) | - | - | High
|
||||
283 | [45.61.187.204](https://vuldb.com/?ip.45.61.187.204) | - | - | High
|
||||
284 | [45.61.187.225](https://vuldb.com/?ip.45.61.187.225) | - | - | High
|
||||
285 | [45.66.151.59](https://vuldb.com/?ip.45.66.151.59) | - | - | High
|
||||
286 | [45.66.151.142](https://vuldb.com/?ip.45.66.151.142) | - | - | High
|
||||
287 | [45.66.151.150](https://vuldb.com/?ip.45.66.151.150) | - | - | High
|
||||
288 | [45.66.151.151](https://vuldb.com/?ip.45.66.151.151) | - | - | High
|
||||
289 | [45.66.151.155](https://vuldb.com/?ip.45.66.151.155) | - | - | High
|
||||
290 | [45.66.151.193](https://vuldb.com/?ip.45.66.151.193) | - | - | High
|
||||
291 | [45.66.248.61](https://vuldb.com/?ip.45.66.248.61) | parts861.simplestartvideos.com | - | High
|
||||
292 | [45.66.248.64](https://vuldb.com/?ip.45.66.248.64) | 0n3reye0i0.alyanova.com | - | High
|
||||
293 | [45.66.248.156](https://vuldb.com/?ip.45.66.248.156) | - | - | High
|
||||
294 | [45.66.248.216](https://vuldb.com/?ip.45.66.248.216) | spam.lastmer.xyz | - | High
|
||||
295 | [45.67.231.123](https://vuldb.com/?ip.45.67.231.123) | mihome.ru | - | High
|
||||
296 | [45.67.231.151](https://vuldb.com/?ip.45.67.231.151) | vm1197030.stark-industries.solutions | - | High
|
||||
297 | [45.84.0.13](https://vuldb.com/?ip.45.84.0.13) | vm523902.stark-industries.solutions | - | High
|
||||
298 | [45.84.240.87](https://vuldb.com/?ip.45.84.240.87) | - | - | High
|
||||
299 | [45.132.180.49](https://vuldb.com/?ip.45.132.180.49) | - | - | High
|
||||
300 | [45.138.172.22](https://vuldb.com/?ip.45.138.172.22) | - | - | High
|
||||
301 | [45.138.172.246](https://vuldb.com/?ip.45.138.172.246) | - | - | High
|
||||
302 | [45.140.146.30](https://vuldb.com/?ip.45.140.146.30) | vm542320.stark-industries.solutions | - | High
|
||||
303 | [45.140.146.244](https://vuldb.com/?ip.45.140.146.244) | - | - | High
|
||||
304 | [45.141.58.37](https://vuldb.com/?ip.45.141.58.37) | - | - | High
|
||||
305 | [45.141.58.139](https://vuldb.com/?ip.45.141.58.139) | galorebase.com | - | High
|
||||
306 | [45.142.214.120](https://vuldb.com/?ip.45.142.214.120) | vm516885.stark-industries.solutions | - | High
|
||||
307 | [45.142.214.167](https://vuldb.com/?ip.45.142.214.167) | - | - | High
|
||||
308 | [45.147.229.23](https://vuldb.com/?ip.45.147.229.23) | - | - | High
|
||||
309 | [45.147.229.47](https://vuldb.com/?ip.45.147.229.47) | - | - | High
|
||||
310 | [45.147.229.50](https://vuldb.com/?ip.45.147.229.50) | - | - | High
|
||||
311 | [45.147.229.101](https://vuldb.com/?ip.45.147.229.101) | - | - | High
|
||||
312 | [45.147.229.177](https://vuldb.com/?ip.45.147.229.177) | - | - | High
|
||||
313 | [45.147.229.199](https://vuldb.com/?ip.45.147.229.199) | - | - | High
|
||||
314 | [45.147.229.223](https://vuldb.com/?ip.45.147.229.223) | - | - | High
|
||||
315 | [45.147.230.179](https://vuldb.com/?ip.45.147.230.179) | - | - | High
|
||||
316 | [45.147.230.233](https://vuldb.com/?ip.45.147.230.233) | - | - | High
|
||||
317 | [45.147.230.245](https://vuldb.com/?ip.45.147.230.245) | poppuworls.club | - | High
|
||||
318 | [45.147.231.107](https://vuldb.com/?ip.45.147.231.107) | - | - | High
|
||||
319 | [45.147.231.156](https://vuldb.com/?ip.45.147.231.156) | - | - | High
|
||||
320 | [45.147.231.202](https://vuldb.com/?ip.45.147.231.202) | - | - | High
|
||||
321 | [45.147.231.232](https://vuldb.com/?ip.45.147.231.232) | - | - | High
|
||||
322 | [45.150.67.154](https://vuldb.com/?ip.45.150.67.154) | vm1326648.stark-industries.solutions | - | High
|
||||
323 | [45.153.240.56](https://vuldb.com/?ip.45.153.240.56) | - | - | High
|
||||
324 | [45.153.240.94](https://vuldb.com/?ip.45.153.240.94) | - | - | High
|
||||
325 | [45.153.240.139](https://vuldb.com/?ip.45.153.240.139) | - | - | High
|
||||
326 | [45.153.240.155](https://vuldb.com/?ip.45.153.240.155) | - | - | High
|
||||
327 | [45.153.241.19](https://vuldb.com/?ip.45.153.241.19) | - | - | High
|
||||
328 | [45.153.241.64](https://vuldb.com/?ip.45.153.241.64) | - | - | High
|
||||
329 | [45.153.241.120](https://vuldb.com/?ip.45.153.241.120) | - | - | High
|
||||
330 | [45.153.241.187](https://vuldb.com/?ip.45.153.241.187) | - | - | High
|
||||
331 | [45.153.241.209](https://vuldb.com/?ip.45.153.241.209) | - | - | High
|
||||
332 | [45.153.241.234](https://vuldb.com/?ip.45.153.241.234) | - | - | High
|
||||
333 | [45.153.241.245](https://vuldb.com/?ip.45.153.241.245) | - | - | High
|
||||
334 | [45.153.242.61](https://vuldb.com/?ip.45.153.242.61) | - | - | High
|
||||
335 | [45.153.242.100](https://vuldb.com/?ip.45.153.242.100) | - | - | High
|
||||
336 | [45.153.242.105](https://vuldb.com/?ip.45.153.242.105) | - | - | High
|
||||
337 | [45.153.242.183](https://vuldb.com/?ip.45.153.242.183) | - | - | High
|
||||
338 | [45.153.242.184](https://vuldb.com/?ip.45.153.242.184) | - | - | High
|
||||
339 | [45.153.242.242](https://vuldb.com/?ip.45.153.242.242) | - | - | High
|
||||
340 | [45.153.243.82](https://vuldb.com/?ip.45.153.243.82) | - | - | High
|
||||
341 | [45.153.243.93](https://vuldb.com/?ip.45.153.243.93) | - | - | High
|
||||
342 | [45.153.243.111](https://vuldb.com/?ip.45.153.243.111) | - | - | High
|
||||
343 | [45.153.243.126](https://vuldb.com/?ip.45.153.243.126) | - | - | High
|
||||
344 | [45.153.243.130](https://vuldb.com/?ip.45.153.243.130) | - | - | High
|
||||
345 | [45.153.243.222](https://vuldb.com/?ip.45.153.243.222) | - | - | High
|
||||
346 | [46.21.153.145](https://vuldb.com/?ip.46.21.153.145) | 145.153.21.46.static.swiftway.net | - | High
|
||||
347 | [46.21.153.157](https://vuldb.com/?ip.46.21.153.157) | 157.153.21.46.static.swiftway.net | - | High
|
||||
348 | [46.21.153.246](https://vuldb.com/?ip.46.21.153.246) | 246.153.21.46.static.swiftway.net | - | High
|
||||
349 | [46.44.240.53](https://vuldb.com/?ip.46.44.240.53) | 46-44-240-53.ip.welcomeitalia.it | - | High
|
||||
350 | [46.142.186.28](https://vuldb.com/?ip.46.142.186.28) | 28-186-142-46.pool.kielnet.net | - | High
|
||||
351 | [46.142.187.27](https://vuldb.com/?ip.46.142.187.27) | 27-187-142-46.pool.kielnet.net | - | High
|
||||
352 | [46.142.187.96](https://vuldb.com/?ip.46.142.187.96) | 96-187-142-46.pool.kielnet.net | - | High
|
||||
353 | ... | ... | ... | ...
|
||||
|
||||
There are 1399 more IOC items available. Please use our online service to access the data.
|
||||
There are 1406 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -381,8 +383,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
|
@ -396,49 +398,65 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/addproduct.php` | High
|
||||
2 | File | `/admin/modal_add_product.php` | High
|
||||
3 | File | `/admin/reg.php` | High
|
||||
4 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
5 | File | `/authenticationendpoint/login.do` | High
|
||||
6 | File | `/bin/ate` | Medium
|
||||
7 | File | `/bin/login` | Medium
|
||||
8 | File | `/booking/show_bookings/` | High
|
||||
9 | File | `/cgi-bin/luci` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/changeimage.php` | High
|
||||
12 | File | `/classes/Users.php?f=save` | High
|
||||
13 | File | `/contact/store` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/dipam/athlete-profile.php` | High
|
||||
16 | File | `/DXR.axd` | Medium
|
||||
17 | File | `/ecommerce/support_ticket` | High
|
||||
18 | File | `/env` | Low
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/goform/AdvSetLanip` | High
|
||||
21 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
22 | File | `/goform/setmac` | High
|
||||
23 | File | `/goform/setMacFilterCfg` | High
|
||||
24 | File | `/goform/SetSysTimeCfg` | High
|
||||
25 | File | `/goform/WifiGuestSet` | High
|
||||
26 | File | `/HNAP1` | Low
|
||||
27 | File | `/kelasdosen/data` | High
|
||||
28 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
29 | File | `/mc` | Low
|
||||
30 | File | `/news/*.html` | Medium
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/owa/auth/logon.aspx` | High
|
||||
33 | File | `/paysystem/datatable.php` | High
|
||||
34 | File | `/php-inventory-management-system/product.php` | High
|
||||
35 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
36 | File | `/plain` | Low
|
||||
37 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
38 | File | `/send_order.cgi?parameter=restart` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | File | `/src/chatbotapp/chatWindow.java` | High
|
||||
41 | ... | ... | ...
|
||||
1 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
2 | File | `/admin/?page=user/list` | High
|
||||
3 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
4 | File | `/admin/about-us.php` | High
|
||||
5 | File | `/admin/del_category.php` | High
|
||||
6 | File | `/admin/del_service.php` | High
|
||||
7 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
8 | File | `/admin/edit-services.php` | High
|
||||
9 | File | `/admin/edit_category.php` | High
|
||||
10 | File | `/admin/forgot-password.php` | High
|
||||
11 | File | `/admin/index.php` | High
|
||||
12 | File | `/admin/search-appointment.php` | High
|
||||
13 | File | `/admin/sys_sql_query.php` | High
|
||||
14 | File | `/ajax.php?action=read_msg` | High
|
||||
15 | File | `/api/baskets/{name}` | High
|
||||
16 | File | `/api/sys/set_passwd` | High
|
||||
17 | File | `/api/upload.php` | High
|
||||
18 | File | `/api?path=profile` | High
|
||||
19 | File | `/blog` | Low
|
||||
20 | File | `/booking/show_bookings/` | High
|
||||
21 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
22 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
23 | File | `/ci_spms/admin/search/searching/` | High
|
||||
24 | File | `/classes/Master.php?f=save_brand` | High
|
||||
25 | File | `/common/info.cgi` | High
|
||||
26 | File | `/company/store` | High
|
||||
27 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
28 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
29 | File | `/debug/pprof` | Medium
|
||||
30 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
31 | File | `/env` | Low
|
||||
32 | File | `/etc/passwd` | Medium
|
||||
33 | File | `/etc/pki/pesign` | High
|
||||
34 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
|
||||
35 | File | `/forum/away.php` | High
|
||||
36 | File | `/goform/set_LimitClient_cfg` | High
|
||||
37 | File | `/graphql` | Medium
|
||||
38 | File | `/group1/uploa` | High
|
||||
39 | File | `/includes/db_connect.php` | High
|
||||
40 | File | `/includes/session.php` | High
|
||||
41 | File | `/index.php` | Medium
|
||||
42 | File | `/listplace/user/coverPhotoUpdate` | High
|
||||
43 | File | `/modules/projects/vw_files.php` | High
|
||||
44 | File | `/modules/public/calendar.php` | High
|
||||
45 | File | `/modules/public/date_format.php` | High
|
||||
46 | File | `/modules/tasks/gantt.php` | High
|
||||
47 | File | `/net/sched/cls_fw.c` | High
|
||||
48 | File | `/osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php` | High
|
||||
49 | File | `/out.php` | Medium
|
||||
50 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
51 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
52 | File | `/preview.php` | Medium
|
||||
53 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
54 | File | `/resources//../` | High
|
||||
55 | File | `/search.php` | Medium
|
||||
56 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
57 | ... | ... | ...
|
||||
|
||||
There are 352 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 496 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -56,43 +56,44 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `..\WWWRoot\CustomPages\aspshell.asp` | High
|
||||
2 | File | `/09/business/upgrade/upcfgAction.php?download=true` | High
|
||||
3 | File | `/32` | Low
|
||||
4 | File | `/admin/maintenance/view_designation.php` | High
|
||||
5 | File | `/admin/usermanagement.php` | High
|
||||
6 | File | `/assets/something/services/AppModule.class` | High
|
||||
7 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
8 | File | `/cgi-bin/kerbynet` | High
|
||||
9 | File | `/cgi-bin/luci;stok=/locale` | High
|
||||
10 | File | `/cgi-bin/pass` | High
|
||||
11 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
12 | File | `/dev/tcx0` | Medium
|
||||
13 | File | `/dev/urandom` | Medium
|
||||
14 | File | `/etc/environment` | High
|
||||
15 | File | `/etc/keystone/user-project-map.json` | High
|
||||
16 | File | `/etc/passwd` | Medium
|
||||
17 | File | `/home.jsp` | Medium
|
||||
18 | File | `/inc/campaign/view-campaign-list.php` | High
|
||||
19 | File | `/include/menu_v.inc.php` | High
|
||||
20 | File | `/index.php/weblinks-categories` | High
|
||||
21 | File | `/servlet/webacc` | High
|
||||
22 | File | `/student-grading-system/rms.php?page=school_year` | High
|
||||
23 | File | `/system?action=ServiceAdmin` | High
|
||||
24 | File | `/usr/` | Low
|
||||
25 | File | `/usr/bin/pkexec` | High
|
||||
26 | File | `/wp-admin/admin.php?page=cpabc_appointments.php` | High
|
||||
27 | File | `ActiveMQConnection.java` | High
|
||||
28 | File | `admin-ajax.php` | High
|
||||
29 | File | `admin.php` | Medium
|
||||
30 | File | `admin/ad_list.php` | High
|
||||
31 | File | `admin/panels/uploader/admin.uploader.php` | High
|
||||
32 | File | `admin/status/realtime/bandwidth_status` | High
|
||||
33 | File | `agent.c` | Low
|
||||
34 | File | `ajax_crons.php` | High
|
||||
35 | File | `ansi.c` | Low
|
||||
36 | File | `api.php/List/index` | High
|
||||
37 | File | `API/api/Version` | High
|
||||
38 | ... | ... | ...
|
||||
4 | File | `/admin/categories/manage_category.php` | High
|
||||
5 | File | `/admin/categories/view_category.php` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/admin/usermanagement.php` | High
|
||||
8 | File | `/assets/something/services/AppModule.class` | High
|
||||
9 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
10 | File | `/cgi-bin/kerbynet` | High
|
||||
11 | File | `/cgi-bin/luci;stok=/locale` | High
|
||||
12 | File | `/cgi-bin/pass` | High
|
||||
13 | File | `/classes/Master.php?f=save_item` | High
|
||||
14 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
15 | File | `/dev/tcx0` | Medium
|
||||
16 | File | `/dev/urandom` | Medium
|
||||
17 | File | `/etc/environment` | High
|
||||
18 | File | `/etc/keystone/user-project-map.json` | High
|
||||
19 | File | `/etc/passwd` | Medium
|
||||
20 | File | `/home.jsp` | Medium
|
||||
21 | File | `/inc/campaign/view-campaign-list.php` | High
|
||||
22 | File | `/include/menu_v.inc.php` | High
|
||||
23 | File | `/index.php/weblinks-categories` | High
|
||||
24 | File | `/servlet/webacc` | High
|
||||
25 | File | `/student-grading-system/rms.php?page=school_year` | High
|
||||
26 | File | `/system?action=ServiceAdmin` | High
|
||||
27 | File | `/usr/` | Low
|
||||
28 | File | `/usr/bin/pkexec` | High
|
||||
29 | File | `/wp-admin/admin.php?page=cpabc_appointments.php` | High
|
||||
30 | File | `ActiveMQConnection.java` | High
|
||||
31 | File | `admin-ajax.php` | High
|
||||
32 | File | `admin.php` | Medium
|
||||
33 | File | `admin/ad_list.php` | High
|
||||
34 | File | `admin/panels/uploader/admin.uploader.php` | High
|
||||
35 | File | `admin/status/realtime/bandwidth_status` | High
|
||||
36 | File | `agent.c` | Low
|
||||
37 | File | `ajax_crons.php` | High
|
||||
38 | File | `ansi.c` | Low
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 324 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 333 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -63,34 +63,34 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/admin/show.php` | High
|
||||
9 | File | `/default.php?idx=17` | High
|
||||
10 | File | `/download` | Medium
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/index.php` | Medium
|
||||
13 | File | `/opt/bin/cli` | Medium
|
||||
14 | File | `/p` | Low
|
||||
15 | File | `/patient/doctors.php` | High
|
||||
16 | File | `/phpinventory/editcategory.php` | High
|
||||
17 | File | `/product-list.php` | High
|
||||
18 | File | `/spip.php` | Medium
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/updown/upload.cgi` | High
|
||||
21 | File | `/user/del.php` | High
|
||||
22 | File | `/_next` | Low
|
||||
23 | File | `123flashchat.php` | High
|
||||
24 | File | `act.php` | Low
|
||||
25 | File | `admin/bad.php` | High
|
||||
26 | File | `admin/conf_users_edit.php` | High
|
||||
27 | File | `admin/dashboard.php` | High
|
||||
28 | File | `admin/index.php` | High
|
||||
29 | File | `admin/index.php/user/del/1` | High
|
||||
30 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
31 | File | `administrator/index.php` | High
|
||||
32 | File | `agenda.php` | Medium
|
||||
33 | File | `ajax/render/widget_php` | High
|
||||
34 | File | `album_portal.php` | High
|
||||
35 | File | `api.php` | Low
|
||||
11 | File | `/env` | Low
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/index.php` | Medium
|
||||
14 | File | `/opt/bin/cli` | Medium
|
||||
15 | File | `/p` | Low
|
||||
16 | File | `/patient/doctors.php` | High
|
||||
17 | File | `/phpinventory/editcategory.php` | High
|
||||
18 | File | `/product-list.php` | High
|
||||
19 | File | `/spip.php` | Medium
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/updown/upload.cgi` | High
|
||||
22 | File | `/user/del.php` | High
|
||||
23 | File | `/_next` | Low
|
||||
24 | File | `123flashchat.php` | High
|
||||
25 | File | `act.php` | Low
|
||||
26 | File | `admin/bad.php` | High
|
||||
27 | File | `admin/conf_users_edit.php` | High
|
||||
28 | File | `admin/dashboard.php` | High
|
||||
29 | File | `admin/index.php` | High
|
||||
30 | File | `admin/index.php/user/del/1` | High
|
||||
31 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
32 | File | `administrator/index.php` | High
|
||||
33 | File | `agenda.php` | Medium
|
||||
34 | File | `ajax/render/widget_php` | High
|
||||
35 | File | `album_portal.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -35,12 +35,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,15 +61,15 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `/tmp` | Low
|
||||
12 | File | `/uncpath/` | Medium
|
||||
13 | File | `/Upload.ashx` | Medium
|
||||
14 | File | `/var/tmp/sess_*` | High
|
||||
15 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
16 | File | `activateuser.aspx` | High
|
||||
17 | File | `adclick.php` | Medium
|
||||
18 | File | `admin/killsource` | High
|
||||
19 | File | `admin/orion.extfeedbackform_efbf_forms.php` | High
|
||||
14 | File | `/usr/sbin/suexec` | High
|
||||
15 | File | `/var/tmp/sess_*` | High
|
||||
16 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
17 | File | `activateuser.aspx` | High
|
||||
18 | File | `adclick.php` | Medium
|
||||
19 | File | `admin/killsource` | High
|
||||
20 | ... | ... | ...
|
||||
|
||||
There are 166 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 169 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [PT](https://vuldb.com/?country.pt)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -62,36 +62,36 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/api/json/admin/getmailserversettings` | High
|
||||
11 | File | `/default.php?idx=17` | High
|
||||
12 | File | `/download` | Medium
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/home.php` | Medium
|
||||
15 | File | `/index.php` | Medium
|
||||
16 | File | `/opt/bin/cli` | Medium
|
||||
17 | File | `/p` | Low
|
||||
18 | File | `/patient/doctors.php` | High
|
||||
19 | File | `/phpinventory/editcategory.php` | High
|
||||
20 | File | `/product-list.php` | High
|
||||
21 | File | `/rest/api/2/user/picker` | High
|
||||
22 | File | `/RestAPI` | Medium
|
||||
23 | File | `/spip.php` | Medium
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/updown/upload.cgi` | High
|
||||
26 | File | `/user/del.php` | High
|
||||
27 | File | `/_next` | Low
|
||||
28 | File | `123flashchat.php` | High
|
||||
29 | File | `act.php` | Low
|
||||
30 | File | `admin.php` | Medium
|
||||
31 | File | `admin/bad.php` | High
|
||||
32 | File | `admin/index.php` | High
|
||||
33 | File | `admin/index.php/user/del/1` | High
|
||||
34 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
35 | File | `administrator/index.php` | High
|
||||
36 | File | `affich.php` | Medium
|
||||
37 | File | `agenda.php` | Medium
|
||||
38 | File | `ajax/render/widget_php` | High
|
||||
39 | File | `album_portal.php` | High
|
||||
13 | File | `/env` | Low
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/home.php` | Medium
|
||||
16 | File | `/index.php` | Medium
|
||||
17 | File | `/opt/bin/cli` | Medium
|
||||
18 | File | `/p` | Low
|
||||
19 | File | `/patient/doctors.php` | High
|
||||
20 | File | `/phpinventory/editcategory.php` | High
|
||||
21 | File | `/product-list.php` | High
|
||||
22 | File | `/rest/api/2/user/picker` | High
|
||||
23 | File | `/RestAPI` | Medium
|
||||
24 | File | `/spip.php` | Medium
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/updown/upload.cgi` | High
|
||||
27 | File | `/user/del.php` | High
|
||||
28 | File | `/_next` | Low
|
||||
29 | File | `123flashchat.php` | High
|
||||
30 | File | `act.php` | Low
|
||||
31 | File | `admin.php` | Medium
|
||||
32 | File | `admin/bad.php` | High
|
||||
33 | File | `admin/index.php` | High
|
||||
34 | File | `admin/index.php/user/del/1` | High
|
||||
35 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
36 | File | `administrator/index.php` | High
|
||||
37 | File | `affich.php` | Medium
|
||||
38 | File | `agenda.php` | Medium
|
||||
39 | File | `ajax/render/widget_php` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 347 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 348 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -202,9 +202,10 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `adclick.php` | Medium
|
||||
13 | File | `addentry.php` | Medium
|
||||
14 | File | `add_edit_user.asp` | High
|
||||
15 | ... | ... | ...
|
||||
15 | File | `admin.php` | Medium
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 123 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 124 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -4927,9 +4927,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-270, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -4937,119 +4938,106 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/?r=email/api/mark&op=delFromSend` | High
|
||||
4 | File | `/?r=report/api/getlist` | High
|
||||
5 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
6 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
7 | File | `/admin/?page=reminders/view_reminder` | High
|
||||
8 | File | `/admin/?page=system_info` | High
|
||||
9 | File | `/admin/?page=user` | High
|
||||
10 | File | `/admin/?page=user/list` | High
|
||||
11 | File | `/admin/?page=user/manage` | High
|
||||
12 | File | `/admin/add-new.php` | High
|
||||
13 | File | `/admin/admin.php` | High
|
||||
14 | File | `/admin/ajax.php?action=save_area` | High
|
||||
15 | File | `/admin/assign/assign.php` | High
|
||||
16 | File | `/admin/attendance_row.php` | High
|
||||
17 | File | `/admin/ballot_down.php` | High
|
||||
18 | File | `/admin/ballot_up.php` | High
|
||||
19 | File | `/admin/bookings/manage_booking.php` | High
|
||||
20 | File | `/admin/bookings/view_booking.php` | High
|
||||
21 | File | `/admin/bookings/view_details.php` | High
|
||||
22 | File | `/admin/budget/manage_budget.php` | High
|
||||
23 | File | `/admin/candidates_row.php` | High
|
||||
24 | File | `/admin/cashadvance_row.php` | High
|
||||
25 | File | `/admin/categories/manage_category.php` | High
|
||||
26 | File | `/admin/categories/view_category.php` | High
|
||||
27 | File | `/admin/config_save.php` | High
|
||||
28 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
29 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
30 | File | `/admin/deduction_row.php` | High
|
||||
31 | File | `/admin/departments/view_department.php` | High
|
||||
32 | File | `/admin/doctors.php` | High
|
||||
33 | File | `/admin/edit-doc.php` | High
|
||||
34 | File | `/admin/edit_subject.php` | High
|
||||
35 | File | `/admin/employee_add.php` | High
|
||||
36 | File | `/admin/employee_edit.php` | High
|
||||
37 | File | `/admin/employee_row.php` | High
|
||||
38 | File | `/admin/forgot-password.php` | High
|
||||
39 | File | `/admin/getallarticleinfo` | High
|
||||
40 | File | `/admin/index.php` | High
|
||||
41 | File | `/admin/index3.php` | High
|
||||
42 | File | `/admin/info_deal.php` | High
|
||||
43 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
44 | File | `/admin/inventory/manage_stock.php` | High
|
||||
45 | File | `/admin/login.php` | High
|
||||
46 | File | `/admin/maintenance/view_designation.php` | High
|
||||
47 | File | `/admin/manage_academic.php` | High
|
||||
48 | File | `/admin/offenses/view_details.php` | High
|
||||
49 | File | `/admin/orders/update_status.php` | High
|
||||
50 | File | `/admin/patient.php` | High
|
||||
51 | File | `/admin/positions_add.php` | High
|
||||
52 | File | `/admin/positions_delete.php` | High
|
||||
53 | File | `/admin/positions_row.php` | High
|
||||
54 | File | `/admin/products/index.php` | High
|
||||
55 | File | `/admin/products/manage_product.php` | High
|
||||
56 | File | `/admin/products/view_product.php` | High
|
||||
57 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
58 | File | `/admin/robot/approval/list` | High
|
||||
59 | File | `/admin/sales/manage_sale.php` | High
|
||||
60 | File | `/admin/sales/view_details.php` | High
|
||||
61 | File | `/admin/save_teacher.php` | High
|
||||
62 | File | `/admin/service.php` | High
|
||||
63 | File | `/admin/services/manage_service.php` | High
|
||||
64 | File | `/admin/services/view_service.php` | High
|
||||
65 | File | `/admin/students/view_details.php` | High
|
||||
66 | File | `/admin/suppliers/view_details.php` | High
|
||||
67 | File | `/admin/upload` | High
|
||||
68 | File | `/admin/user/manage_user.php` | High
|
||||
69 | File | `/admin/userprofile.php` | High
|
||||
70 | File | `/admin/voters_row.php` | High
|
||||
71 | File | `/admin_system/api.php` | High
|
||||
72 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
73 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
74 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
75 | File | `/adms/classes/Users.php` | High
|
||||
76 | File | `/ajax.php?action=read_msg` | High
|
||||
77 | File | `/ajax.php?action=save_company` | High
|
||||
78 | File | `/alphaware/summary.php` | High
|
||||
79 | File | `/analysisProject/pagingQueryData` | High
|
||||
80 | File | `/api/admin/store/product/list` | High
|
||||
81 | File | `/api/admin/system/store/order/list` | High
|
||||
82 | File | `/api/stl/actions/search` | High
|
||||
83 | File | `/APR/signup.php` | High
|
||||
84 | File | `/author/list?limit=10&offset=0&order=desc` | High
|
||||
85 | File | `/bin/ate` | Medium
|
||||
86 | File | `/boafrm/formFilter` | High
|
||||
87 | File | `/boat/login.php` | High
|
||||
88 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
89 | File | `/cas/logout` | Medium
|
||||
90 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
91 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
92 | File | `/cgi-bin/ping.cgi` | High
|
||||
93 | File | `/classes/Master.php` | High
|
||||
94 | File | `/classes/Master.php?f=delete_category` | High
|
||||
95 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
96 | File | `/classes/master.php?f=delete_order` | High
|
||||
97 | File | `/classes/Master.php?f=save_brand` | High
|
||||
98 | File | `/classes/Master.php?f=save_service` | High
|
||||
99 | File | `/classes/Master.php?f=save_sub_category` | High
|
||||
100 | File | `/classes/Users.php` | High
|
||||
101 | File | `/classes/Users.phpp` | High
|
||||
102 | File | `/common/sysFile/list` | High
|
||||
103 | File | `/config/myfield/test.php` | High
|
||||
104 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
105 | File | `/dayrui/My/Config/Install.txt` | High
|
||||
106 | File | `/dayrui/My/View/main.html` | High
|
||||
107 | File | `/dosen/data` | Medium
|
||||
108 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
109 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
110 | File | `/ecommerce/admin/settings/setDiscount.php` | High
|
||||
111 | ... | ... | ...
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/?r=email/api/mark&op=delFromSend` | High
|
||||
3 | File | `/?r=report/api/getlist` | High
|
||||
4 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
5 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
6 | File | `/admin/?page=reminders/view_reminder` | High
|
||||
7 | File | `/admin/?page=system_info` | High
|
||||
8 | File | `/admin/?page=user` | High
|
||||
9 | File | `/admin/?page=user/list` | High
|
||||
10 | File | `/admin/?page=user/manage` | High
|
||||
11 | File | `/admin/add-new.php` | High
|
||||
12 | File | `/admin/admin.php` | High
|
||||
13 | File | `/admin/ajax.php?action=save_area` | High
|
||||
14 | File | `/admin/assign/assign.php` | High
|
||||
15 | File | `/admin/attendance_row.php` | High
|
||||
16 | File | `/admin/ballot_down.php` | High
|
||||
17 | File | `/admin/ballot_up.php` | High
|
||||
18 | File | `/admin/bookings/manage_booking.php` | High
|
||||
19 | File | `/admin/bookings/view_booking.php` | High
|
||||
20 | File | `/admin/bookings/view_details.php` | High
|
||||
21 | File | `/admin/budget/manage_budget.php` | High
|
||||
22 | File | `/admin/candidates_row.php` | High
|
||||
23 | File | `/admin/cashadvance_row.php` | High
|
||||
24 | File | `/admin/config_save.php` | High
|
||||
25 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
26 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
27 | File | `/admin/deduction_row.php` | High
|
||||
28 | File | `/admin/departments/view_department.php` | High
|
||||
29 | File | `/admin/doctors.php` | High
|
||||
30 | File | `/admin/edit-doc.php` | High
|
||||
31 | File | `/admin/employee_add.php` | High
|
||||
32 | File | `/admin/employee_edit.php` | High
|
||||
33 | File | `/admin/employee_row.php` | High
|
||||
34 | File | `/admin/forgot-password.php` | High
|
||||
35 | File | `/admin/index.php` | High
|
||||
36 | File | `/admin/index3.php` | High
|
||||
37 | File | `/admin/info_deal.php` | High
|
||||
38 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
39 | File | `/admin/inventory/manage_stock.php` | High
|
||||
40 | File | `/admin/login.php` | High
|
||||
41 | File | `/admin/manage_academic.php` | High
|
||||
42 | File | `/admin/orders/update_status.php` | High
|
||||
43 | File | `/admin/patient.php` | High
|
||||
44 | File | `/admin/positions_add.php` | High
|
||||
45 | File | `/admin/positions_delete.php` | High
|
||||
46 | File | `/admin/positions_row.php` | High
|
||||
47 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
48 | File | `/admin/robot/approval/list` | High
|
||||
49 | File | `/admin/save_teacher.php` | High
|
||||
50 | File | `/admin/services/manage_service.php` | High
|
||||
51 | File | `/admin/services/view_service.php` | High
|
||||
52 | File | `/admin/students/view_details.php` | High
|
||||
53 | File | `/admin/suppliers/view_details.php` | High
|
||||
54 | File | `/admin/sys_sql_query.php` | High
|
||||
55 | File | `/admin/user/manage_user.php` | High
|
||||
56 | File | `/admin/voters_row.php` | High
|
||||
57 | File | `/admin_system/api.php` | High
|
||||
58 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
59 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
60 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
61 | File | `/adms/classes/Users.php` | High
|
||||
62 | File | `/ajax.php?action=read_msg` | High
|
||||
63 | File | `/ajax.php?action=save_company` | High
|
||||
64 | File | `/alphaware/summary.php` | High
|
||||
65 | File | `/analysisProject/pagingQueryData` | High
|
||||
66 | File | `/api/admin/store/product/list` | High
|
||||
67 | File | `/api/admin/system/store/order/list` | High
|
||||
68 | File | `/api/baskets/{name}` | High
|
||||
69 | File | `/APR/signup.php` | High
|
||||
70 | File | `/author/list?limit=10&offset=0&order=desc` | High
|
||||
71 | File | `/bin/ate` | Medium
|
||||
72 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
73 | File | `/boafrm/formFilter` | High
|
||||
74 | File | `/boat/login.php` | High
|
||||
75 | File | `/booking/show_bookings/` | High
|
||||
76 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
77 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
78 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
79 | File | `/cgi-bin/ping.cgi` | High
|
||||
80 | File | `/classes/Master.php` | High
|
||||
81 | File | `/classes/Master.php?f=delete_category` | High
|
||||
82 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
83 | File | `/classes/Master.php?f=save_service` | High
|
||||
84 | File | `/classes/Master.php?f=save_sub_category` | High
|
||||
85 | File | `/classes/Users.php` | High
|
||||
86 | File | `/common/sysFile/list` | High
|
||||
87 | File | `/company/store` | High
|
||||
88 | File | `/config/myfield/test.php` | High
|
||||
89 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
90 | File | `/csms/?page=contact_us` | High
|
||||
91 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
92 | File | `/dayrui/My/Config/Install.txt` | High
|
||||
93 | File | `/dayrui/My/View/main.html` | High
|
||||
94 | File | `/dosen/data` | Medium
|
||||
95 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
96 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
97 | File | `/ecommerce/admin/user/controller.php?action=edit` | High
|
||||
98 | ... | ... | ...
|
||||
|
||||
There are 982 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 862 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
|
@ -94,7 +94,7 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `/mngset/authset` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 293 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -105,33 +105,35 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/login/index.php` | High
|
||||
16 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
17 | File | `/owa/auth/logon.aspx` | High
|
||||
18 | File | `/php-sms/classes/SystemSettings.php` | High
|
||||
19 | File | `/phppath/php` | Medium
|
||||
20 | File | `/preview.php` | Medium
|
||||
21 | File | `/proc/self/exe` | High
|
||||
22 | File | `/public/login.htm` | High
|
||||
23 | File | `/server-info` | Medium
|
||||
24 | File | `/server-status` | High
|
||||
25 | File | `/shell` | Low
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/user/jobmanage.php` | High
|
||||
28 | File | `/user/zs_elite.php` | High
|
||||
29 | File | `/usr/bin/enq` | Medium
|
||||
30 | File | `/web/jquery/uploader/multi_uploadify.php` | High
|
||||
31 | File | `/wp-admin/admin-ajax.php` | High
|
||||
32 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
33 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
34 | File | `/zhndnsdisplay.cmd` | High
|
||||
35 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
36 | File | `about.php` | Medium
|
||||
37 | File | `acl.c` | Low
|
||||
38 | File | `adclick.php` | Medium
|
||||
39 | File | `add_comment.php` | High
|
||||
40 | File | `add_vhost.php` | High
|
||||
41 | File | `admin.php` | Medium
|
||||
42 | ... | ... | ...
|
||||
18 | File | `/pharmacy-sales-and-inventory-system/manage_user.php` | High
|
||||
19 | File | `/php-sms/classes/SystemSettings.php` | High
|
||||
20 | File | `/phppath/php` | Medium
|
||||
21 | File | `/preview.php` | Medium
|
||||
22 | File | `/proc/self/exe` | High
|
||||
23 | File | `/public/login.htm` | High
|
||||
24 | File | `/server-info` | Medium
|
||||
25 | File | `/server-status` | High
|
||||
26 | File | `/shell` | Low
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/user/jobmanage.php` | High
|
||||
29 | File | `/user/zs_elite.php` | High
|
||||
30 | File | `/usr/bin/enq` | Medium
|
||||
31 | File | `/web/jquery/uploader/multi_uploadify.php` | High
|
||||
32 | File | `/wp-admin/admin-ajax.php` | High
|
||||
33 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
34 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
35 | File | `/zhndnsdisplay.cmd` | High
|
||||
36 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
37 | File | `about.php` | Medium
|
||||
38 | File | `acl.c` | Low
|
||||
39 | File | `active.log` | Medium
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `add_comment.php` | High
|
||||
42 | File | `add_vhost.php` | High
|
||||
43 | File | `admin.php` | Medium
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
# Carderbee - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Carderbee](https://vuldb.com/?actor.carderbee). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.carderbee](https://vuldb.com/?actor.carderbee)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Carderbee:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Carderbee.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.76.179.209](https://vuldb.com/?ip.45.76.179.209) | 45.76.179.209.vultrusercontent.com | - | High
|
||||
2 | [103.151.28.11](https://vuldb.com/?ip.103.151.28.11) | - | - | High
|
||||
3 | [104.238.151.104](https://vuldb.com/?ip.104.238.151.104) | 104.238.151.104.vultrusercontent.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Carderbee_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Carderbee. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/user/Config.cgi` | High
|
||||
2 | File | `/checkLogin.cgi` | High
|
||||
3 | File | `/forum/away.php` | High
|
||||
4 | File | `/Items/*/RemoteImages/Download` | High
|
||||
5 | File | `/upload` | Low
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 34 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/carderbee-software-supply-chain-certificate-abuse
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -66,69 +66,71 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/photo.php` | High
|
||||
2 | File | `/admin/user/add` | High
|
||||
3 | File | `/APP_Installation.asp` | High
|
||||
4 | File | `/categorypage.php` | High
|
||||
5 | File | `/cm/delete` | Medium
|
||||
6 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
7 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
8 | File | `/download` | Medium
|
||||
9 | File | `/drivers/media/media-device.c` | High
|
||||
10 | File | `/etc/master.passwd` | High
|
||||
11 | File | `/filemanager/upload.php` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/getcfg.php` | Medium
|
||||
14 | File | `/home.php` | Medium
|
||||
15 | File | `/homeaction.php` | High
|
||||
16 | File | `/index.php` | Medium
|
||||
17 | File | `/modules/profile/index.php` | High
|
||||
18 | File | `/modules/tasks/summary.inc.php` | High
|
||||
19 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
20 | File | `/out.php` | Medium
|
||||
21 | File | `/p` | Low
|
||||
22 | File | `/plain` | Low
|
||||
23 | File | `/preauth` | Medium
|
||||
24 | File | `/products/details.asp` | High
|
||||
25 | File | `/recordings/index.php` | High
|
||||
26 | File | `/see_more_details.php` | High
|
||||
27 | File | `/show_news.php` | High
|
||||
28 | File | `/tmp/before` | Medium
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/updownload/t.report` | High
|
||||
31 | File | `/user.profile.php` | High
|
||||
32 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
33 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
34 | File | `/wp-admin` | Medium
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `account.asp` | Medium
|
||||
37 | File | `adclick.php` | Medium
|
||||
38 | File | `adm/systools.asp` | High
|
||||
39 | File | `admin.php` | Medium
|
||||
40 | File | `admin/admin.shtml` | High
|
||||
41 | File | `Admin/ADM_Pagina.php` | High
|
||||
42 | File | `admin/category.inc.php` | High
|
||||
43 | File | `admin/executar_login.php` | High
|
||||
44 | File | `admin/main.asp` | High
|
||||
45 | File | `admin/param/param_func.inc.php` | High
|
||||
46 | File | `admin/y_admin.asp` | High
|
||||
47 | File | `adminer.php` | Medium
|
||||
48 | File | `administration/admins.php` | High
|
||||
49 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
50 | File | `admin_ok.asp` | Medium
|
||||
51 | File | `affich.php` | Medium
|
||||
52 | File | `album_portal.php` | High
|
||||
53 | File | `al_initialize.php` | High
|
||||
54 | File | `app/Core/Paginator.php` | High
|
||||
55 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
56 | File | `artlinks.dispnew.php` | High
|
||||
57 | File | `auth.php` | Medium
|
||||
58 | File | `bin/named/query.c` | High
|
||||
59 | File | `blank.php` | Medium
|
||||
60 | File | `blocklayered-ajax.php` | High
|
||||
61 | File | `blogger-importer.php` | High
|
||||
62 | ... | ... | ...
|
||||
2 | File | `/admin/upload.php` | High
|
||||
3 | File | `/admin/user/add` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/APP_Installation.asp` | High
|
||||
6 | File | `/blog` | Low
|
||||
7 | File | `/categorypage.php` | High
|
||||
8 | File | `/cm/delete` | Medium
|
||||
9 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
10 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
11 | File | `/download` | Medium
|
||||
12 | File | `/drivers/media/media-device.c` | High
|
||||
13 | File | `/etc/master.passwd` | High
|
||||
14 | File | `/filemanager/upload.php` | High
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/getcfg.php` | Medium
|
||||
17 | File | `/home.php` | Medium
|
||||
18 | File | `/homeaction.php` | High
|
||||
19 | File | `/index.php` | Medium
|
||||
20 | File | `/modules/profile/index.php` | High
|
||||
21 | File | `/modules/tasks/summary.inc.php` | High
|
||||
22 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
23 | File | `/out.php` | Medium
|
||||
24 | File | `/p` | Low
|
||||
25 | File | `/plain` | Low
|
||||
26 | File | `/preauth` | Medium
|
||||
27 | File | `/products/details.asp` | High
|
||||
28 | File | `/recordings/index.php` | High
|
||||
29 | File | `/see_more_details.php` | High
|
||||
30 | File | `/show_news.php` | High
|
||||
31 | File | `/tmp/before` | Medium
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/updownload/t.report` | High
|
||||
34 | File | `/user.profile.php` | High
|
||||
35 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
36 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
37 | File | `/wp-admin` | Medium
|
||||
38 | File | `/wp-admin/admin-ajax.php` | High
|
||||
39 | File | `account.asp` | Medium
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `adm/systools.asp` | High
|
||||
42 | File | `admin.php` | Medium
|
||||
43 | File | `admin/admin.shtml` | High
|
||||
44 | File | `Admin/ADM_Pagina.php` | High
|
||||
45 | File | `admin/category.inc.php` | High
|
||||
46 | File | `admin/executar_login.php` | High
|
||||
47 | File | `admin/main.asp` | High
|
||||
48 | File | `admin/param/param_func.inc.php` | High
|
||||
49 | File | `admin/y_admin.asp` | High
|
||||
50 | File | `adminer.php` | Medium
|
||||
51 | File | `administration/admins.php` | High
|
||||
52 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
53 | File | `admin_ok.asp` | Medium
|
||||
54 | File | `affich.php` | Medium
|
||||
55 | File | `album_portal.php` | High
|
||||
56 | File | `al_initialize.php` | High
|
||||
57 | File | `app/Core/Paginator.php` | High
|
||||
58 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
59 | File | `artlinks.dispnew.php` | High
|
||||
60 | File | `auth.php` | Medium
|
||||
61 | File | `bin/named/query.c` | High
|
||||
62 | File | `blank.php` | Medium
|
||||
63 | File | `blocklayered-ajax.php` | High
|
||||
64 | ... | ... | ...
|
||||
|
||||
There are 544 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 565 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -61,34 +61,34 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/admin/show.php` | High
|
||||
9 | File | `/default.php?idx=17` | High
|
||||
10 | File | `/download` | Medium
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/index.php` | Medium
|
||||
13 | File | `/opt/bin/cli` | Medium
|
||||
14 | File | `/outgoing.php` | High
|
||||
15 | File | `/p` | Low
|
||||
16 | File | `/patient/doctors.php` | High
|
||||
17 | File | `/phpinventory/editcategory.php` | High
|
||||
18 | File | `/product-list.php` | High
|
||||
19 | File | `/spip.php` | Medium
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/updown/upload.cgi` | High
|
||||
22 | File | `/user/del.php` | High
|
||||
23 | File | `/_next` | Low
|
||||
24 | File | `123flashchat.php` | High
|
||||
25 | File | `act.php` | Low
|
||||
26 | File | `admin/bad.php` | High
|
||||
27 | File | `admin/index.php` | High
|
||||
28 | File | `admin/index.php/user/del/1` | High
|
||||
29 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
30 | File | `administrator/index.php` | High
|
||||
31 | File | `agenda.php` | Medium
|
||||
32 | File | `ajax/render/widget_php` | High
|
||||
33 | File | `album_portal.php` | High
|
||||
34 | File | `api.php` | Low
|
||||
35 | File | `application/home/controller/debug.php` | High
|
||||
11 | File | `/env` | Low
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/index.php` | Medium
|
||||
14 | File | `/opt/bin/cli` | Medium
|
||||
15 | File | `/outgoing.php` | High
|
||||
16 | File | `/p` | Low
|
||||
17 | File | `/patient/doctors.php` | High
|
||||
18 | File | `/phpinventory/editcategory.php` | High
|
||||
19 | File | `/product-list.php` | High
|
||||
20 | File | `/spip.php` | Medium
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/updown/upload.cgi` | High
|
||||
23 | File | `/user/del.php` | High
|
||||
24 | File | `/_next` | Low
|
||||
25 | File | `123flashchat.php` | High
|
||||
26 | File | `act.php` | Low
|
||||
27 | File | `admin/bad.php` | High
|
||||
28 | File | `admin/index.php` | High
|
||||
29 | File | `admin/index.php/user/del/1` | High
|
||||
30 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
31 | File | `administrator/index.php` | High
|
||||
32 | File | `agenda.php` | Medium
|
||||
33 | File | `ajax/render/widget_php` | High
|
||||
34 | File | `album_portal.php` | High
|
||||
35 | File | `api.php` | Low
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 306 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 307 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cerber:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -221,14 +221,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -245,52 +245,48 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/admin/userprofile.php` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/gen/clients/{language}` | High
|
||||
10 | File | `/APR/login.php` | High
|
||||
11 | File | `/cgi-bin/wapopen` | High
|
||||
10 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
11 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/company/store` | High
|
||||
14 | File | `/config/myfield/test.php` | High
|
||||
14 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
15 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
16 | File | `/ecshop/admin/template.php` | High
|
||||
17 | File | `/feeds/post/publish` | High
|
||||
18 | File | `/file/upload/1` | High
|
||||
16 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
17 | File | `/etc/passwd` | Medium
|
||||
18 | File | `/feeds/post/publish` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/forum/PostPrivateMessage` | High
|
||||
21 | File | `/goform/set_LimitClient_cfg` | High
|
||||
22 | File | `/h/` | Low
|
||||
23 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
24 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
25 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
26 | File | `/index.php?page=category_list` | High
|
||||
27 | File | `/jobinfo/` | Medium
|
||||
28 | File | `/Moosikay/order.php` | High
|
||||
29 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
30 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
31 | File | `/net-banking/customer_transactions.php` | High
|
||||
32 | File | `/opac/Actions.php?a=login` | High
|
||||
33 | File | `/owa/auth/logon.aspx` | High
|
||||
34 | File | `/php-opos/index.php` | High
|
||||
35 | File | `/preview.php` | Medium
|
||||
36 | File | `/PreviewHandler.ashx` | High
|
||||
37 | File | `/public/launchNewWindow.jsp` | High
|
||||
38 | File | `/requests.php` | High
|
||||
39 | File | `/reservation/add_message.php` | High
|
||||
40 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/sqlite3_aflpp/shell.c` | High
|
||||
43 | File | `/student/bookdetails.php` | High
|
||||
44 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
|
||||
45 | File | `/uncpath/` | Medium
|
||||
46 | File | `/uploads/exam_question/` | High
|
||||
47 | File | `/user/ticket/create` | High
|
||||
48 | File | `/user/updatePwd` | High
|
||||
49 | File | `/var/lib/docker/<remapping>` | High
|
||||
50 | File | `/vendor` | Low
|
||||
51 | File | `/wp-admin/admin-ajax.php` | High
|
||||
52 | File | `a-forms.php` | Medium
|
||||
53 | ... | ... | ...
|
||||
20 | File | `/goform/set_LimitClient_cfg` | High
|
||||
21 | File | `/h/` | Low
|
||||
22 | File | `/hss/admin/?page=products/view_product` | High
|
||||
23 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
24 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
25 | File | `/index.php?page=category_list` | High
|
||||
26 | File | `/jobinfo/` | Medium
|
||||
27 | File | `/Moosikay/order.php` | High
|
||||
28 | File | `/opac/Actions.php?a=login` | High
|
||||
29 | File | `/owa/auth/logon.aspx` | High
|
||||
30 | File | `/preview.php` | Medium
|
||||
31 | File | `/PreviewHandler.ashx` | High
|
||||
32 | File | `/recipe-result` | High
|
||||
33 | File | `/register.do` | Medium
|
||||
34 | File | `/reservation/add_message.php` | High
|
||||
35 | File | `/secure/ViewCollectors` | High
|
||||
36 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
37 | File | `/spip.php` | Medium
|
||||
38 | File | `/sqlite3_aflpp/shell.c` | High
|
||||
39 | File | `/student/bookdetails.php` | High
|
||||
40 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | File | `/uploads/exam_question/` | High
|
||||
43 | File | `/user/ticket/create` | High
|
||||
44 | File | `/var/lib/docker/<remapping>` | High
|
||||
45 | File | `/vendor` | Low
|
||||
46 | File | `/wp-admin/admin-ajax.php` | High
|
||||
47 | File | `a-forms.php` | Medium
|
||||
48 | File | `AccessibilityManagerService.java` | High
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 461 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 425 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -4,19 +4,52 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cerberus](https://vuldb.com/?actor.cerberus)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cerberus:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Cerberus.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [91.210.169.114](https://vuldb.com/?ip.91.210.169.114) | 490023-cc75354.tmweb.ru | - | High
|
||||
1 | [1.5.0.9](https://vuldb.com/?ip.1.5.0.9) | - | - | High
|
||||
2 | [91.210.169.114](https://vuldb.com/?ip.91.210.169.114) | 490023-cc75354.tmweb.ru | - | High
|
||||
3 | [161.117.85.153](https://vuldb.com/?ip.161.117.85.153) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Cerberus_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Cerberus. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `category.cfm` | Medium
|
||||
2 | File | `checkout.cfm` | Medium
|
||||
3 | File | `sendcard.cfm` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/
|
||||
* https://www.anomali.com/blog/leashing-cerberus#When:15:16:00Z
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -32,12 +32,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -71,7 +71,7 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `/var/log/nginx` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 210 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 212 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -54,38 +54,38 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `//etc/RT2870STA.dat` | High
|
||||
3 | File | `/cgi-bin/activate.cgi` | High
|
||||
4 | File | `/cgi-bin/koha/acqui/supplier.pl?op=enter` | High
|
||||
5 | File | `/etc/quagga` | Medium
|
||||
6 | File | `/export` | Low
|
||||
7 | File | `/forms/doLogin` | High
|
||||
8 | File | `/get_getnetworkconf.cgi` | High
|
||||
9 | File | `/index.php` | Medium
|
||||
10 | File | `/messageboard/view.php` | High
|
||||
11 | File | `/nova/bin/detnet` | High
|
||||
12 | File | `/opensis/modules/users/Staff.php` | High
|
||||
13 | File | `/php_action/createUser.php` | High
|
||||
14 | File | `/plugins/servlet/gadgets/makeRequest` | High
|
||||
15 | File | `/REBOOTSYSTEM` | High
|
||||
16 | File | `/req_password_user.php` | High
|
||||
17 | File | `/services` | Medium
|
||||
18 | File | `/tmp` | Low
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/Uploads` | Medium
|
||||
21 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
|
||||
22 | File | `/WEB-INF/web.xml` | High
|
||||
23 | File | `/webconsole/APIController` | High
|
||||
24 | File | `/wp-admin/admin-ajax.php` | High
|
||||
25 | File | `account.asp` | Medium
|
||||
26 | File | `AccountStatus.jsp` | High
|
||||
27 | File | `addentry.php` | Medium
|
||||
28 | File | `admin.a6mambocredits.php` | High
|
||||
29 | File | `admin.cropcanvas.php` | High
|
||||
30 | File | `Admin.PHP` | Medium
|
||||
31 | File | `admin.php` | Medium
|
||||
3 | File | `/admin/students/view_details.php` | High
|
||||
4 | File | `/cgi-bin/activate.cgi` | High
|
||||
5 | File | `/cgi-bin/koha/acqui/supplier.pl?op=enter` | High
|
||||
6 | File | `/etc/quagga` | Medium
|
||||
7 | File | `/export` | Low
|
||||
8 | File | `/forms/doLogin` | High
|
||||
9 | File | `/get_getnetworkconf.cgi` | High
|
||||
10 | File | `/index.php` | Medium
|
||||
11 | File | `/librarian/bookdetails.php` | High
|
||||
12 | File | `/messageboard/view.php` | High
|
||||
13 | File | `/nova/bin/detnet` | High
|
||||
14 | File | `/opensis/modules/users/Staff.php` | High
|
||||
15 | File | `/orrs/admin/reservations/view_details.php` | High
|
||||
16 | File | `/php_action/createUser.php` | High
|
||||
17 | File | `/plugins/servlet/gadgets/makeRequest` | High
|
||||
18 | File | `/REBOOTSYSTEM` | High
|
||||
19 | File | `/req_password_user.php` | High
|
||||
20 | File | `/services` | Medium
|
||||
21 | File | `/tmp` | Low
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/Uploads` | Medium
|
||||
24 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
|
||||
25 | File | `/WEB-INF/web.xml` | High
|
||||
26 | File | `/webconsole/APIController` | High
|
||||
27 | File | `/wp-admin/admin-ajax.php` | High
|
||||
28 | File | `account.asp` | Medium
|
||||
29 | File | `AccountStatus.jsp` | High
|
||||
30 | File | `addentry.php` | Medium
|
||||
31 | File | `admin.a6mambocredits.php` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 271 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -61,38 +61,42 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin/forgot-password.php` | High
|
||||
5 | File | `/admin/index.php` | High
|
||||
6 | File | `/admin/lab.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/show.php` | High
|
||||
9 | File | `/default.php?idx=17` | High
|
||||
10 | File | `/download` | Medium
|
||||
11 | File | `/env` | Low
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/index.php` | Medium
|
||||
14 | File | `/nova/bin/graphing` | High
|
||||
15 | File | `/opt/bin/cli` | Medium
|
||||
16 | File | `/p` | Low
|
||||
17 | File | `/patient/doctors.php` | High
|
||||
18 | File | `/phpinventory/editcategory.php` | High
|
||||
19 | File | `/product-list.php` | High
|
||||
20 | File | `/spip.php` | Medium
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/updown/upload.cgi` | High
|
||||
23 | File | `/user/del.php` | High
|
||||
24 | File | `/_next` | Low
|
||||
25 | File | `123flashchat.php` | High
|
||||
26 | File | `act.php` | Low
|
||||
27 | File | `admin.php` | Medium
|
||||
28 | File | `admin/bad.php` | High
|
||||
29 | File | `admin/index.php` | High
|
||||
30 | File | `admin/index.php/user/del/1` | High
|
||||
31 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
32 | File | `administrator/index.php` | High
|
||||
33 | File | `agenda.php` | Medium
|
||||
34 | File | `ajax/render/widget_php` | High
|
||||
35 | File | `album_portal.php` | High
|
||||
36 | ... | ... | ...
|
||||
7 | File | `/admin/login.php` | High
|
||||
8 | File | `/admin/payment.php` | High
|
||||
9 | File | `/admin/show.php` | High
|
||||
10 | File | `/default.php?idx=17` | High
|
||||
11 | File | `/download` | Medium
|
||||
12 | File | `/env` | Low
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/index.php` | Medium
|
||||
15 | File | `/nova/bin/graphing` | High
|
||||
16 | File | `/opt/bin/cli` | Medium
|
||||
17 | File | `/p` | Low
|
||||
18 | File | `/patient/doctors.php` | High
|
||||
19 | File | `/phpinventory/editcategory.php` | High
|
||||
20 | File | `/product-list.php` | High
|
||||
21 | File | `/spip.php` | Medium
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/updown/upload.cgi` | High
|
||||
24 | File | `/user/del.php` | High
|
||||
25 | File | `/wp-admin/admin-ajax.php` | High
|
||||
26 | File | `/_next` | Low
|
||||
27 | File | `123flashchat.php` | High
|
||||
28 | File | `act.php` | Low
|
||||
29 | File | `admin.php` | Medium
|
||||
30 | File | `admin.php/pay` | High
|
||||
31 | File | `admin/bad.php` | High
|
||||
32 | File | `admin/index.php` | High
|
||||
33 | File | `admin/index.php/user/del/1` | High
|
||||
34 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
35 | File | `administrator/index.php` | High
|
||||
36 | File | `agenda.php` | Medium
|
||||
37 | File | `ajax/render/widget_php` | High
|
||||
38 | File | `album_portal.php` | High
|
||||
39 | File | `api.php` | Low
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 312 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 343 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,10 +21,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -1921,14 +1921,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -1936,59 +1936,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/?r=email/api/mark&op=delFromSend` | High
|
||||
4 | File | `/about.php` | Medium
|
||||
5 | File | `/act/ActDao.xml` | High
|
||||
6 | File | `/admin.php/update/getFile.html` | High
|
||||
7 | File | `/admin/config_save.php` | High
|
||||
8 | File | `/admin/maintenance/view_designation.php` | High
|
||||
9 | File | `/ajax.php?action=read_msg` | High
|
||||
10 | File | `/analysisProject/pagingQueryData` | High
|
||||
11 | File | `/api/baskets/{name}` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/bin/ate` | Medium
|
||||
15 | File | `/booking/show_bookings/` | High
|
||||
16 | File | `/cgi-bin` | Medium
|
||||
17 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
18 | File | `/classes/Master.php?f=delete_category` | High
|
||||
19 | File | `/classes/Master.php?f=save_service` | High
|
||||
20 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
21 | File | `/data/remove` | Medium
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/Default/Bd` | Medium
|
||||
24 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
25 | File | `/Electron/download` | High
|
||||
26 | File | `/env` | Low
|
||||
27 | File | `/feeds/post/publish` | High
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/goform/AdvSetLanip` | High
|
||||
30 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
31 | File | `/goform/setmac` | High
|
||||
32 | File | `/goform/setMacFilterCfg` | High
|
||||
33 | File | `/goform/SetSysTimeCfg` | High
|
||||
34 | File | `/goform/WifiGuestSet` | High
|
||||
35 | File | `/h/` | Low
|
||||
36 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
37 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
38 | File | `/index.php?page=category_list` | High
|
||||
39 | File | `/ipms/imageConvert/image` | High
|
||||
40 | File | `/jobinfo/` | Medium
|
||||
41 | File | `/kelasdosen/data` | High
|
||||
42 | File | `/modules/profile/index.php` | High
|
||||
43 | File | `/Moosikay/order.php` | High
|
||||
44 | File | `/news/*.html` | Medium
|
||||
45 | File | `/note/index/delete` | High
|
||||
46 | File | `/opac/Actions.php?a=login` | High
|
||||
47 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
48 | File | `/PreviewHandler.ashx` | High
|
||||
49 | File | `/proxy` | Low
|
||||
50 | File | `/reservation/add_message.php` | High
|
||||
51 | ... | ... | ...
|
||||
1 | File | `/act/ActDao.xml` | High
|
||||
2 | File | `/admin/sys_sql_query.php` | High
|
||||
3 | File | `/ajax.php?action=read_msg` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/bin/ate` | Medium
|
||||
6 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
7 | File | `/booking/show_bookings/` | High
|
||||
8 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
9 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
10 | File | `/classes/Master.php?f=delete_category` | High
|
||||
11 | File | `/company/store` | High
|
||||
12 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
13 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
14 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
15 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
16 | File | `/debug/pprof` | Medium
|
||||
17 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
18 | File | `/env` | Low
|
||||
19 | File | `/etc/passwd` | Medium
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/getcfg.php` | Medium
|
||||
22 | File | `/goform/AdvSetLanip` | High
|
||||
23 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
24 | File | `/goform/setmac` | High
|
||||
25 | File | `/goform/setMacFilterCfg` | High
|
||||
26 | File | `/goform/SetSysTimeCfg` | High
|
||||
27 | File | `/goform/WifiGuestSet` | High
|
||||
28 | File | `/group1/uploa` | High
|
||||
29 | File | `/h/` | Low
|
||||
30 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
31 | File | `/ipms/imageConvert/image` | High
|
||||
32 | File | `/jobinfo/` | Medium
|
||||
33 | File | `/kelasdosen/data` | High
|
||||
34 | File | `/net/sched/cls_fw.c` | High
|
||||
35 | File | `/news/*.html` | Medium
|
||||
36 | File | `/note/index/delete` | High
|
||||
37 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
38 | File | `/preview.php` | Medium
|
||||
39 | File | `/PreviewHandler.ashx` | High
|
||||
40 | File | `/recipe-result` | High
|
||||
41 | File | `/register.do` | Medium
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 367 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -58,33 +58,33 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/admin/show.php` | High
|
||||
9 | File | `/default.php?idx=17` | High
|
||||
10 | File | `/download` | Medium
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/index.php` | Medium
|
||||
13 | File | `/opt/bin/cli` | Medium
|
||||
14 | File | `/p` | Low
|
||||
15 | File | `/patient/doctors.php` | High
|
||||
16 | File | `/phpinventory/editcategory.php` | High
|
||||
17 | File | `/product-list.php` | High
|
||||
18 | File | `/spip.php` | Medium
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/updown/upload.cgi` | High
|
||||
21 | File | `/user/del.php` | High
|
||||
22 | File | `/_next` | Low
|
||||
23 | File | `123flashchat.php` | High
|
||||
24 | File | `act.php` | Low
|
||||
25 | File | `admin/bad.php` | High
|
||||
26 | File | `admin/index.php` | High
|
||||
27 | File | `admin/index.php/user/del/1` | High
|
||||
28 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
29 | File | `administrator/index.php` | High
|
||||
30 | File | `agenda.php` | Medium
|
||||
31 | File | `ajax/render/widget_php` | High
|
||||
32 | File | `album_portal.php` | High
|
||||
33 | File | `api.php` | Low
|
||||
34 | File | `application/home/controller/debug.php` | High
|
||||
11 | File | `/env` | Low
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/index.php` | Medium
|
||||
14 | File | `/opt/bin/cli` | Medium
|
||||
15 | File | `/p` | Low
|
||||
16 | File | `/patient/doctors.php` | High
|
||||
17 | File | `/phpinventory/editcategory.php` | High
|
||||
18 | File | `/product-list.php` | High
|
||||
19 | File | `/spip.php` | Medium
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/updown/upload.cgi` | High
|
||||
22 | File | `/user/del.php` | High
|
||||
23 | File | `/_next` | Low
|
||||
24 | File | `123flashchat.php` | High
|
||||
25 | File | `act.php` | Low
|
||||
26 | File | `admin/bad.php` | High
|
||||
27 | File | `admin/index.php` | High
|
||||
28 | File | `admin/index.php/user/del/1` | High
|
||||
29 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
30 | File | `administrator/index.php` | High
|
||||
31 | File | `agenda.php` | Medium
|
||||
32 | File | `ajax/render/widget_php` | High
|
||||
33 | File | `album_portal.php` | High
|
||||
34 | File | `api.php` | Low
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 303 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -50,55 +50,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/action/import_https_cert_file/` | High
|
||||
2 | File | `/action/wirelessConnect` | High
|
||||
3 | File | `/admin` | Low
|
||||
4 | File | `/admin/?page=user/manage_user` | High
|
||||
5 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
6 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
7 | File | `/Admin/dashboard.php` | High
|
||||
8 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
9 | File | `/admin/edit_category.php` | High
|
||||
10 | File | `/admin/edit_subject.php` | High
|
||||
11 | File | `/admin/modal_add_product.php` | High
|
||||
12 | File | `/admin/sales/view_details.php` | High
|
||||
13 | File | `/admin/service.php` | High
|
||||
14 | File | `/admin/sign/out` | High
|
||||
15 | File | `/admin/test_status.php` | High
|
||||
16 | File | `/api/common/ping` | High
|
||||
17 | File | `/api/v2/open/tablesInfo` | High
|
||||
18 | File | `/api/wechat/app_auth` | High
|
||||
19 | File | `/asms/classes/Master.php?f=delete_img` | High
|
||||
20 | File | `/catcompany.php` | High
|
||||
21 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
22 | File | `/classes/Master.php?f=save_item` | High
|
||||
23 | File | `/classes/Users.php` | High
|
||||
24 | File | `/cms/notify` | Medium
|
||||
25 | File | `/depotHead/list` | High
|
||||
26 | File | `/device/signin` | High
|
||||
27 | File | `/fusiondirectory/index.php` | High
|
||||
28 | File | `/goform/addressNat` | High
|
||||
29 | File | `/goform/RGFirewallEL` | High
|
||||
30 | File | `/goform/WifiBasicSet` | High
|
||||
31 | File | `/h/` | Low
|
||||
32 | File | `/HNAP1` | Low
|
||||
33 | File | `/hslist` | Low
|
||||
34 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
35 | File | `/lists/admin/` | High
|
||||
36 | File | `/login/index.php` | High
|
||||
37 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
38 | File | `/myAccount` | Medium
|
||||
39 | File | `/note/index/delete` | High
|
||||
40 | File | `/operations/travellers.php` | High
|
||||
41 | File | `/paysystem/datatable.php` | High
|
||||
42 | File | `/php-sms/admin/orders/update_status.php` | High
|
||||
43 | File | `/php-sms/classes/Master.php?f=delete_service` | High
|
||||
44 | File | `/preview.php` | Medium
|
||||
45 | File | `/public/launchNewWindow.jsp` | High
|
||||
46 | File | `/rukovoditel/index.php?module=users/login` | High
|
||||
47 | ... | ... | ...
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/action/import_https_cert_file/` | High
|
||||
3 | File | `/action/wirelessConnect` | High
|
||||
4 | File | `/admin` | Low
|
||||
5 | File | `/admin/?page=user/manage_user` | High
|
||||
6 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
7 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
8 | File | `/Admin/dashboard.php` | High
|
||||
9 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
10 | File | `/admin/edit_category.php` | High
|
||||
11 | File | `/admin/edit_subject.php` | High
|
||||
12 | File | `/admin/modal_add_product.php` | High
|
||||
13 | File | `/admin/sales/view_details.php` | High
|
||||
14 | File | `/admin/service.php` | High
|
||||
15 | File | `/admin/sign/out` | High
|
||||
16 | File | `/admin/test_status.php` | High
|
||||
17 | File | `/api/common/ping` | High
|
||||
18 | File | `/api/v2/open/tablesInfo` | High
|
||||
19 | File | `/api/wechat/app_auth` | High
|
||||
20 | File | `/asms/classes/Master.php?f=delete_img` | High
|
||||
21 | File | `/catcompany.php` | High
|
||||
22 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
23 | File | `/classes/Master.php?f=save_item` | High
|
||||
24 | File | `/classes/Users.php` | High
|
||||
25 | File | `/cms/notify` | Medium
|
||||
26 | File | `/depotHead/list` | High
|
||||
27 | File | `/device/signin` | High
|
||||
28 | File | `/fusiondirectory/index.php` | High
|
||||
29 | File | `/goform/addressNat` | High
|
||||
30 | File | `/goform/RGFirewallEL` | High
|
||||
31 | File | `/goform/WifiBasicSet` | High
|
||||
32 | File | `/h/` | Low
|
||||
33 | File | `/HNAP1` | Low
|
||||
34 | File | `/hslist` | Low
|
||||
35 | File | `/index.php?page=member` | High
|
||||
36 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
37 | File | `/lists/admin/` | High
|
||||
38 | File | `/login/index.php` | High
|
||||
39 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
40 | File | `/myAccount` | Medium
|
||||
41 | File | `/note/index/delete` | High
|
||||
42 | File | `/operations/travellers.php` | High
|
||||
43 | File | `/patient/appointment.php` | High
|
||||
44 | File | `/paysystem/datatable.php` | High
|
||||
45 | File | `/php-sms/admin/orders/update_status.php` | High
|
||||
46 | File | `/php-sms/classes/Master.php?f=delete_service` | High
|
||||
47 | File | `/preview.php` | Medium
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 408 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 421 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
Diff onderdrukt omdat het te groot bestand
Laad Diff
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -58,35 +58,35 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/admin/show.php` | High
|
||||
9 | File | `/default.php?idx=17` | High
|
||||
10 | File | `/download` | Medium
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/index.php` | Medium
|
||||
13 | File | `/opt/bin/cli` | Medium
|
||||
14 | File | `/p` | Low
|
||||
15 | File | `/patient/doctors.php` | High
|
||||
16 | File | `/phpinventory/editcategory.php` | High
|
||||
17 | File | `/product-list.php` | High
|
||||
18 | File | `/public/login.htm` | High
|
||||
19 | File | `/server-info` | Medium
|
||||
20 | File | `/spip.php` | Medium
|
||||
21 | File | `/tmp` | Low
|
||||
22 | File | `/tmp/sysstat.run` | High
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/updown/upload.cgi` | High
|
||||
25 | File | `/user/del.php` | High
|
||||
26 | File | `/websocket/exec` | High
|
||||
27 | File | `/_next` | Low
|
||||
28 | File | `123flashchat.php` | High
|
||||
29 | File | `act.php` | Low
|
||||
30 | File | `add_vhost.php` | High
|
||||
31 | File | `admin/bad.php` | High
|
||||
32 | File | `admin/index.php` | High
|
||||
33 | File | `admin/index.php/user/del/1` | High
|
||||
34 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
35 | File | `administrator/index.php` | High
|
||||
36 | File | `agenda.php` | Medium
|
||||
11 | File | `/env` | Low
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/index.php` | Medium
|
||||
14 | File | `/opt/bin/cli` | Medium
|
||||
15 | File | `/p` | Low
|
||||
16 | File | `/patient/doctors.php` | High
|
||||
17 | File | `/phpinventory/editcategory.php` | High
|
||||
18 | File | `/product-list.php` | High
|
||||
19 | File | `/public/login.htm` | High
|
||||
20 | File | `/server-info` | Medium
|
||||
21 | File | `/spip.php` | Medium
|
||||
22 | File | `/tmp` | Low
|
||||
23 | File | `/tmp/sysstat.run` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/updown/upload.cgi` | High
|
||||
26 | File | `/user/del.php` | High
|
||||
27 | File | `/websocket/exec` | High
|
||||
28 | File | `/_next` | Low
|
||||
29 | File | `123flashchat.php` | High
|
||||
30 | File | `act.php` | Low
|
||||
31 | File | `add_vhost.php` | High
|
||||
32 | File | `admin/bad.php` | High
|
||||
33 | File | `admin/index.php` | High
|
||||
34 | File | `admin/index.php/user/del/1` | High
|
||||
35 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
36 | File | `administrator/index.php` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [IM](https://vuldb.com/?country.im)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -528,7 +528,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -540,40 +540,40 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
4 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
5 | File | `/admin/?page=user/manage` | High
|
||||
6 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
7 | File | `/admin/about-us.php` | High
|
||||
8 | File | `/admin/add-new.php` | High
|
||||
9 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
10 | File | `/admin/del_category.php` | High
|
||||
11 | File | `/admin/del_service.php` | High
|
||||
12 | File | `/admin/departments/view_department.php` | High
|
||||
13 | File | `/admin/doctors.php` | High
|
||||
14 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
15 | File | `/admin/edit-services.php` | High
|
||||
16 | File | `/admin/edit_category.php` | High
|
||||
17 | File | `/admin/edit_subject.php` | High
|
||||
18 | File | `/admin/forgot-password.php` | High
|
||||
19 | File | `/admin/index.php` | High
|
||||
20 | File | `/admin/login.php` | High
|
||||
21 | File | `/admin/products/manage_product.php` | High
|
||||
22 | File | `/admin/reg.php` | High
|
||||
23 | File | `/admin/search-appointment.php` | High
|
||||
24 | File | `/admin/sys_sql_query.php` | High
|
||||
25 | File | `/admin/user/manage_user.php` | High
|
||||
26 | File | `/alphaware/summary.php` | High
|
||||
27 | File | `/api/` | Low
|
||||
28 | File | `/api/admin/store/product/list` | High
|
||||
29 | File | `/api/stl/actions/search` | High
|
||||
30 | File | `/api/v2/cli/commands` | High
|
||||
31 | File | `/appliance/users?action=edit` | High
|
||||
32 | File | `/apply.cgi` | Medium
|
||||
33 | File | `/backup.pl` | Medium
|
||||
34 | File | `/bin/ate` | Medium
|
||||
35 | File | `/blog` | Low
|
||||
36 | File | `/boat/login.php` | High
|
||||
37 | File | `/booking/show_bookings/` | High
|
||||
38 | File | `/bsms_ci/index.php/book` | High
|
||||
5 | File | `/admin/?page=user/list` | High
|
||||
6 | File | `/admin/?page=user/manage` | High
|
||||
7 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
8 | File | `/admin/about-us.php` | High
|
||||
9 | File | `/admin/add-new.php` | High
|
||||
10 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
11 | File | `/admin/del_category.php` | High
|
||||
12 | File | `/admin/del_service.php` | High
|
||||
13 | File | `/admin/departments/view_department.php` | High
|
||||
14 | File | `/admin/doctors.php` | High
|
||||
15 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
16 | File | `/admin/edit-services.php` | High
|
||||
17 | File | `/admin/edit_category.php` | High
|
||||
18 | File | `/admin/edit_subject.php` | High
|
||||
19 | File | `/admin/forgot-password.php` | High
|
||||
20 | File | `/admin/index.php` | High
|
||||
21 | File | `/admin/login.php` | High
|
||||
22 | File | `/admin/products/manage_product.php` | High
|
||||
23 | File | `/admin/reg.php` | High
|
||||
24 | File | `/admin/search-appointment.php` | High
|
||||
25 | File | `/admin/sys_sql_query.php` | High
|
||||
26 | File | `/admin/user/manage_user.php` | High
|
||||
27 | File | `/alphaware/summary.php` | High
|
||||
28 | File | `/api/` | Low
|
||||
29 | File | `/api/admin/store/product/list` | High
|
||||
30 | File | `/api/baskets/{name}` | High
|
||||
31 | File | `/api/stl/actions/search` | High
|
||||
32 | File | `/api/v2/cli/commands` | High
|
||||
33 | File | `/apply.cgi` | Medium
|
||||
34 | File | `/backup.pl` | Medium
|
||||
35 | File | `/bin/ate` | Medium
|
||||
36 | File | `/blog` | Low
|
||||
37 | File | `/boat/login.php` | High
|
||||
38 | File | `/booking/show_bookings/` | High
|
||||
39 | File | `/cgi-bin` | Medium
|
||||
40 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
41 | File | `/classes/master.php?f=delete_order` | High
|
||||
|
@ -586,10 +586,10 @@ ID | Type | Indicator | Confidence
|
|||
48 | File | `/env` | Low
|
||||
49 | File | `/forms/doLogin` | High
|
||||
50 | File | `/forum/away.php` | High
|
||||
51 | File | `/index.php` | Medium
|
||||
51 | File | `/group1/uploa` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 455 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -49,65 +49,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/photo.php` | High
|
||||
2 | File | `/admin/user/add` | High
|
||||
3 | File | `/APP_Installation.asp` | High
|
||||
4 | File | `/categorypage.php` | High
|
||||
5 | File | `/cm/delete` | Medium
|
||||
6 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
7 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
8 | File | `/download` | Medium
|
||||
9 | File | `/drivers/media/media-device.c` | High
|
||||
10 | File | `/etc/master.passwd` | High
|
||||
11 | File | `/filemanager/upload.php` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/getcfg.php` | Medium
|
||||
14 | File | `/home.php` | Medium
|
||||
15 | File | `/homeaction.php` | High
|
||||
16 | File | `/modules/profile/index.php` | High
|
||||
17 | File | `/modules/tasks/summary.inc.php` | High
|
||||
18 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
19 | File | `/out.php` | Medium
|
||||
20 | File | `/p` | Low
|
||||
21 | File | `/preauth` | Medium
|
||||
22 | File | `/products/details.asp` | High
|
||||
23 | File | `/recordings/index.php` | High
|
||||
24 | File | `/see_more_details.php` | High
|
||||
25 | File | `/show_news.php` | High
|
||||
26 | File | `/tmp/before` | Medium
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/updownload/t.report` | High
|
||||
29 | File | `/user.profile.php` | High
|
||||
30 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
31 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
32 | File | `/wp-admin` | Medium
|
||||
33 | File | `/wp-admin/admin-ajax.php` | High
|
||||
34 | File | `account.asp` | Medium
|
||||
35 | File | `adclick.php` | Medium
|
||||
36 | File | `adm/systools.asp` | High
|
||||
37 | File | `admin.php` | Medium
|
||||
38 | File | `admin/admin.shtml` | High
|
||||
39 | File | `Admin/ADM_Pagina.php` | High
|
||||
40 | File | `admin/category.inc.php` | High
|
||||
41 | File | `admin/main.asp` | High
|
||||
42 | File | `admin/param/param_func.inc.php` | High
|
||||
43 | File | `admin/y_admin.asp` | High
|
||||
44 | File | `adminer.php` | Medium
|
||||
45 | File | `administration/admins.php` | High
|
||||
46 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
47 | File | `admin_ok.asp` | Medium
|
||||
48 | File | `album_portal.php` | High
|
||||
49 | File | `app/Core/Paginator.php` | High
|
||||
50 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
51 | File | `artlinks.dispnew.php` | High
|
||||
52 | File | `auth.php` | Medium
|
||||
53 | File | `bin/named/query.c` | High
|
||||
54 | File | `blank.php` | Medium
|
||||
55 | File | `blocklayered-ajax.php` | High
|
||||
56 | File | `blogger-importer.php` | High
|
||||
57 | File | `bluegate_seo.inc.php` | High
|
||||
58 | ... | ... | ...
|
||||
2 | File | `/admin/upload.php` | High
|
||||
3 | File | `/admin/user/add` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/APP_Installation.asp` | High
|
||||
6 | File | `/blog` | Low
|
||||
7 | File | `/categorypage.php` | High
|
||||
8 | File | `/cm/delete` | Medium
|
||||
9 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
10 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
11 | File | `/download` | Medium
|
||||
12 | File | `/drivers/media/media-device.c` | High
|
||||
13 | File | `/etc/master.passwd` | High
|
||||
14 | File | `/filemanager/upload.php` | High
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/getcfg.php` | Medium
|
||||
17 | File | `/home.php` | Medium
|
||||
18 | File | `/homeaction.php` | High
|
||||
19 | File | `/modules/profile/index.php` | High
|
||||
20 | File | `/modules/tasks/summary.inc.php` | High
|
||||
21 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
22 | File | `/out.php` | Medium
|
||||
23 | File | `/p` | Low
|
||||
24 | File | `/preauth` | Medium
|
||||
25 | File | `/products/details.asp` | High
|
||||
26 | File | `/recordings/index.php` | High
|
||||
27 | File | `/see_more_details.php` | High
|
||||
28 | File | `/show_news.php` | High
|
||||
29 | File | `/tmp/before` | Medium
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/updownload/t.report` | High
|
||||
32 | File | `/user.profile.php` | High
|
||||
33 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
34 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
35 | File | `/wp-admin` | Medium
|
||||
36 | File | `/wp-admin/admin-ajax.php` | High
|
||||
37 | File | `account.asp` | Medium
|
||||
38 | File | `adclick.php` | Medium
|
||||
39 | File | `adm/systools.asp` | High
|
||||
40 | File | `admin.php` | Medium
|
||||
41 | File | `admin/admin.shtml` | High
|
||||
42 | File | `Admin/ADM_Pagina.php` | High
|
||||
43 | File | `admin/category.inc.php` | High
|
||||
44 | File | `admin/main.asp` | High
|
||||
45 | File | `admin/param/param_func.inc.php` | High
|
||||
46 | File | `admin/y_admin.asp` | High
|
||||
47 | File | `adminer.php` | Medium
|
||||
48 | File | `administration/admins.php` | High
|
||||
49 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
50 | File | `admin_ok.asp` | Medium
|
||||
51 | File | `album_portal.php` | High
|
||||
52 | File | `app/Core/Paginator.php` | High
|
||||
53 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
54 | File | `artlinks.dispnew.php` | High
|
||||
55 | File | `auth.php` | Medium
|
||||
56 | File | `bin/named/query.c` | High
|
||||
57 | File | `blank.php` | Medium
|
||||
58 | File | `blocklayered-ajax.php` | High
|
||||
59 | File | `blogger-importer.php` | High
|
||||
60 | File | `bluegate_seo.inc.php` | High
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 509 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 529 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,78 @@
|
|||
# CosmicBeetle - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CosmicBeetle](https://vuldb.com/?actor.cosmicbeetle). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cosmicbeetle](https://vuldb.com/?actor.cosmicbeetle)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with CosmicBeetle:
|
||||
|
||||
* Spacecolon
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CosmicBeetle:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CosmicBeetle.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.76.107.228](https://vuldb.com/?ip.3.76.107.228) | ec2-3-76-107-228.eu-central-1.compute.amazonaws.com | Spacecolon | Medium
|
||||
2 | [87.251.64.19](https://vuldb.com/?ip.87.251.64.19) | - | Spacecolon | High
|
||||
3 | [87.251.64.57](https://vuldb.com/?ip.87.251.64.57) | - | Spacecolon | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _CosmicBeetle_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by CosmicBeetle. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
2 | File | `add-category.php` | High
|
||||
3 | File | `admin/dashboard.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 25 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.welivesecurity.com/en/eset-research/scarabs-colon-izing-vulnerable-servers/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LU](https://vuldb.com/?country.lu)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -47,12 +47,12 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-274, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,49 +61,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
3 | File | `/admin/categories/manage_category.php` | High
|
||||
4 | File | `/admin/categories/view_category.php` | High
|
||||
5 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
6 | File | `/admin/reportupload.aspx` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api?path=profile` | High
|
||||
10 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
11 | File | `/authenticationendpoint/login.do` | High
|
||||
12 | File | `/bin/login` | Medium
|
||||
13 | File | `/cgi-bin/luci` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/change-language/de_DE` | High
|
||||
16 | File | `/classes/Master.php?f=save_item` | High
|
||||
17 | File | `/contact/store` | High
|
||||
18 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
19 | File | `/ecommerce/support_ticket` | High
|
||||
20 | File | `/editprofile.php` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/FuguHub/cmsdocs/` | High
|
||||
23 | File | `/h/autoSaveDraft` | High
|
||||
24 | File | `/HNAP1` | Low
|
||||
25 | File | `/index.php` | Medium
|
||||
26 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
27 | File | `/mc` | Low
|
||||
28 | File | `/menu.html` | Medium
|
||||
29 | File | `/php-inventory-management-system/product.php` | High
|
||||
30 | File | `/plain` | Low
|
||||
31 | File | `/preview.php` | Medium
|
||||
32 | File | `/registration.php` | High
|
||||
33 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
34 | File | `/settings/account` | High
|
||||
35 | File | `/student/bookdetails.php` | High
|
||||
36 | File | `/tmp/boa-temp` | High
|
||||
37 | File | `/uncpath/` | Medium
|
||||
38 | File | `/userfs/bin/tcapi` | High
|
||||
39 | File | `/var/log/nginx` | High
|
||||
40 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
41 | File | `/wireless/basic.asp` | High
|
||||
42 | ... | ... | ...
|
||||
2 | File | `/ad-list` | Medium
|
||||
3 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
4 | File | `/admin/categories/manage_category.php` | High
|
||||
5 | File | `/admin/categories/view_category.php` | High
|
||||
6 | File | `/admin/del_service.php` | High
|
||||
7 | File | `/admin/edit-services.php` | High
|
||||
8 | File | `/admin/students/view_details.php` | High
|
||||
9 | File | `/ajax.php?action=read_msg` | High
|
||||
10 | File | `/api/baskets/{name}` | High
|
||||
11 | File | `/api/upload.php` | High
|
||||
12 | File | `/api?path=profile` | High
|
||||
13 | File | `/auth/callback` | High
|
||||
14 | File | `/authenticationendpoint/login.do` | High
|
||||
15 | File | `/blog` | Low
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/change-language/de_DE` | High
|
||||
18 | File | `/ci_spms/admin/search/searching/` | High
|
||||
19 | File | `/classes/Master.php?f=save_brand` | High
|
||||
20 | File | `/classes/Master.php?f=save_item` | High
|
||||
21 | File | `/contact/store` | High
|
||||
22 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
23 | File | `/ecommerce/support_ticket` | High
|
||||
24 | File | `/editprofile.php` | High
|
||||
25 | File | `/etc/pki/pesign` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/friends` | Medium
|
||||
28 | File | `/FuguHub/cmsdocs/` | High
|
||||
29 | File | `/goform/setportList` | High
|
||||
30 | File | `/goform/set_LimitClient_cfg` | High
|
||||
31 | File | `/graphql` | Medium
|
||||
32 | File | `/h/autoSaveDraft` | High
|
||||
33 | File | `/HNAP1` | Low
|
||||
34 | File | `/index.php` | Medium
|
||||
35 | File | `/index.php?controller=GzUser&action=edit&id=1` | High
|
||||
36 | File | `/modules/projects/vw_files.php` | High
|
||||
37 | File | `/plain` | Low
|
||||
38 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
39 | File | `/preview.php` | Medium
|
||||
40 | File | `/registration.php` | High
|
||||
41 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
42 | File | `/romfile.cfg` | Medium
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 359 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 367 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# CustomerLoader - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CustomerLoader](https://vuldb.com/?actor.customerloader). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.customerloader](https://vuldb.com/?actor.customerloader)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CustomerLoader.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.42.94.169](https://vuldb.com/?ip.5.42.94.169) | labored-beef.aeza.network | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://threatfox.abuse.ch
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cybergate:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -27,17 +27,18 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
4 | [23.105.131.235](https://vuldb.com/?ip.23.105.131.235) | mail235.nessfist.com | - | High
|
||||
5 | [23.203.29.190](https://vuldb.com/?ip.23.203.29.190) | a23-203-29-190.deploy.static.akamaitechnologies.com | - | High
|
||||
6 | [37.35.233.20](https://vuldb.com/?ip.37.35.233.20) | 20.233.35.37.dynamic.jazztel.es | - | High
|
||||
7 | [41.217.176.33](https://vuldb.com/?ip.41.217.176.33) | - | - | High
|
||||
8 | [52.8.126.80](https://vuldb.com/?ip.52.8.126.80) | ec2-52-8-126-80.us-west-1.compute.amazonaws.com | - | Medium
|
||||
9 | [52.201.110.209](https://vuldb.com/?ip.52.201.110.209) | ec2-52-201-110-209.compute-1.amazonaws.com | - | Medium
|
||||
10 | [65.55.44.109](https://vuldb.com/?ip.65.55.44.109) | - | - | High
|
||||
11 | [69.65.19.115](https://vuldb.com/?ip.69.65.19.115) | ns3.no-ip.com | - | High
|
||||
12 | [78.159.135.230](https://vuldb.com/?ip.78.159.135.230) | - | - | High
|
||||
13 | [78.171.201.199](https://vuldb.com/?ip.78.171.201.199) | 78.171.201.199.dynamic.ttnet.com.tr | - | High
|
||||
14 | [86.18.99.199](https://vuldb.com/?ip.86.18.99.199) | cpc86441-seve24-2-0-cust198.13-3.cable.virginm.net | - | High
|
||||
15 | ... | ... | ... | ...
|
||||
7 | [37.252.5.213](https://vuldb.com/?ip.37.252.5.213) | - | - | High
|
||||
8 | [41.217.176.33](https://vuldb.com/?ip.41.217.176.33) | - | - | High
|
||||
9 | [52.8.126.80](https://vuldb.com/?ip.52.8.126.80) | ec2-52-8-126-80.us-west-1.compute.amazonaws.com | - | Medium
|
||||
10 | [52.201.110.209](https://vuldb.com/?ip.52.201.110.209) | ec2-52-201-110-209.compute-1.amazonaws.com | - | Medium
|
||||
11 | [65.55.44.109](https://vuldb.com/?ip.65.55.44.109) | - | - | High
|
||||
12 | [69.65.19.115](https://vuldb.com/?ip.69.65.19.115) | ns3.no-ip.com | - | High
|
||||
13 | [78.159.135.230](https://vuldb.com/?ip.78.159.135.230) | - | - | High
|
||||
14 | [78.171.201.199](https://vuldb.com/?ip.78.171.201.199) | 78.171.201.199.dynamic.ttnet.com.tr | - | High
|
||||
15 | [86.18.99.199](https://vuldb.com/?ip.86.18.99.199) | cpc86441-seve24-2-0-cust198.13-3.cable.virginm.net | - | High
|
||||
16 | ... | ... | ... | ...
|
||||
|
||||
There are 56 more IOC items available. Please use our online service to access the data.
|
||||
There are 58 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -45,12 +46,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -58,23 +61,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/../conf/config.properties` | High
|
||||
2 | File | `/catcompany.php` | High
|
||||
3 | File | `/cgi-bin/kerbynet` | High
|
||||
4 | File | `/configs/application.ini` | High
|
||||
5 | File | `/file` | Low
|
||||
6 | File | `/php_action/createUser.php` | High
|
||||
7 | File | `/proc/self/cwd` | High
|
||||
8 | File | `/system?action=ServiceAdmin` | High
|
||||
9 | File | `/uncpath/` | Medium
|
||||
10 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
11 | File | `adclick.php` | Medium
|
||||
12 | File | `admin/login.php` | High
|
||||
13 | File | `admin/movieview.php` | High
|
||||
14 | File | `admincp/attachment.php` | High
|
||||
15 | ... | ... | ...
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin/upload/upload` | High
|
||||
3 | File | `/api/baskets/{name}` | High
|
||||
4 | File | `/api/gen/clients/{language}` | High
|
||||
5 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
6 | File | `/config/getuser` | High
|
||||
7 | File | `/config/myfield/test.php` | High
|
||||
8 | File | `/debug/pprof` | Medium
|
||||
9 | File | `/ecshop/admin/template.php` | High
|
||||
10 | File | `/file/upload/1` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/forum/PostPrivateMessage` | High
|
||||
13 | File | `/goform/set_LimitClient_cfg` | High
|
||||
14 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
15 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
16 | File | `/net-banking/customer_transactions.php` | High
|
||||
17 | File | `/obs/book.php` | High
|
||||
18 | File | `/ossn/administrator/com_installer` | High
|
||||
19 | File | `/owa/auth/logon.aspx` | High
|
||||
20 | File | `/pms/update_user.php?user_id=1` | High
|
||||
21 | File | `/preview.php` | Medium
|
||||
22 | File | `/requests.php` | High
|
||||
23 | File | `/spip.php` | Medium
|
||||
24 | File | `/sqlite3_aflpp/shell.c` | High
|
||||
25 | File | `/sre/params.php` | High
|
||||
26 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/user/upload/upload` | High
|
||||
29 | File | `/Users` | Low
|
||||
30 | File | `/var/spool/hylafax` | High
|
||||
31 | File | `/vendor` | Low
|
||||
32 | File | `AccessibilityManagerService.java` | High
|
||||
33 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
34 | File | `adclick.php` | Medium
|
||||
35 | File | `add_contestant.php` | High
|
||||
36 | File | `admin.php` | Medium
|
||||
37 | File | `admin/edit_category.php` | High
|
||||
38 | File | `admin/index.php` | High
|
||||
39 | File | `admin/login.php` | High
|
||||
40 | File | `admin/make_payments.php` | High
|
||||
41 | File | `admin/_cmdstat.jsp` | High
|
||||
42 | File | `af_netlink.c` | Medium
|
||||
43 | File | `album_portal.php` | High
|
||||
44 | File | `api/auth.go` | Medium
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 122 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -84,6 +117,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
|
||||
* https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html
|
||||
* https://threatfox.abuse.ch
|
||||
* https://www.zscaler.com/blogs/research/cybergate-rat-and-redline-stealer-delivered-ongoing-autoit-malware-campaigns
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -590,7 +590,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -601,64 +601,72 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/` | Low
|
||||
5 | File | `/admin/bookings/view_details.php` | High
|
||||
6 | File | `/admin/cashadvance_row.php` | High
|
||||
7 | File | `/admin/edit_subject.php` | High
|
||||
8 | File | `/admin/maintenance/view_designation.php` | High
|
||||
9 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
10 | File | `/admin/offenses/view_details.php` | High
|
||||
11 | File | `/admin/suppliers/view_details.php` | High
|
||||
12 | File | `/admin/userprofile.php` | High
|
||||
13 | File | `/APR/login.php` | High
|
||||
14 | File | `/APR/signup.php` | High
|
||||
15 | File | `/bin/ate` | Medium
|
||||
16 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
17 | File | `/cgi-bin/kerbynet` | High
|
||||
18 | File | `/cgi-bin/wapopen` | High
|
||||
19 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
20 | File | `/cgi/get_param.cgi` | High
|
||||
21 | File | `/classes/Users.php` | High
|
||||
22 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
23 | File | `/Electron/download` | High
|
||||
24 | File | `/feeds/post/publish` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/goForm/aspForm` | High
|
||||
27 | File | `/goform/RgTime` | High
|
||||
28 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
29 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
30 | File | `/index.php?page=category_list` | High
|
||||
31 | File | `/install/index.php` | High
|
||||
32 | File | `/kelas/data` | Medium
|
||||
33 | File | `/kelasdosen/data` | High
|
||||
34 | File | `/Login/CheckLogin` | High
|
||||
35 | File | `/mims/login.php` | High
|
||||
36 | File | `/Moosikay/order.php` | High
|
||||
37 | File | `/note/index/delete` | High
|
||||
38 | File | `/opac/Actions.php?a=login` | High
|
||||
39 | File | `/PreviewHandler.ashx` | High
|
||||
40 | File | `/proxy` | Low
|
||||
41 | File | `/public/launchNewWindow.jsp` | High
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
44 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
45 | File | `/server/api/v1/login` | High
|
||||
46 | File | `/shell` | Low
|
||||
47 | File | `/text/pdf/PdfReader.java` | High
|
||||
48 | File | `/textpattern/index.php` | High
|
||||
49 | File | `/tmp` | Low
|
||||
50 | File | `/uncpath/` | Medium
|
||||
51 | File | `/user/updatePwd` | High
|
||||
52 | File | `/v2/#/` | Low
|
||||
53 | File | `/webroot/inc/utility_all.php` | High
|
||||
54 | File | `/wp-admin/admin-ajax.php` | High
|
||||
55 | File | `a-forms.php` | Medium
|
||||
56 | File | `account/signup.php` | High
|
||||
57 | File | `activenews_view.asp` | High
|
||||
58 | File | `adclick.php` | Medium
|
||||
59 | ... | ... | ...
|
||||
4 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
5 | File | `/admin/addproduct.php` | High
|
||||
6 | File | `/admin/bookings/view_details.php` | High
|
||||
7 | File | `/admin/cashadvance_row.php` | High
|
||||
8 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
9 | File | `/admin/edit_subject.php` | High
|
||||
10 | File | `/admin/forgot-password.php` | High
|
||||
11 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
12 | File | `/admin/maintenance/view_designation.php` | High
|
||||
13 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
14 | File | `/admin/modal_add_product.php` | High
|
||||
15 | File | `/admin/offenses/view_details.php` | High
|
||||
16 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
17 | File | `/admin/suppliers/view_details.php` | High
|
||||
18 | File | `/admin/sys_sql_query.php` | High
|
||||
19 | File | `/admin/userprofile.php` | High
|
||||
20 | File | `/api/baskets/{name}` | High
|
||||
21 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
22 | File | `/bin/ate` | Medium
|
||||
23 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
24 | File | `/blog` | Low
|
||||
25 | File | `/cgi-bin/kerbynet` | High
|
||||
26 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
27 | File | `/cgi/get_param.cgi` | High
|
||||
28 | File | `/chaincity/user/ticket/create` | High
|
||||
29 | File | `/classes/Users.php` | High
|
||||
30 | File | `/classes/Users.php?f=save` | High
|
||||
31 | File | `/company/store` | High
|
||||
32 | File | `/config` | Low
|
||||
33 | File | `/contact.php` | Medium
|
||||
34 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
35 | File | `/dipam/athlete-profile.php` | High
|
||||
36 | File | `/dishes.php` | Medium
|
||||
37 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
38 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
39 | File | `/Electron/download` | High
|
||||
40 | File | `/etc/passwd` | Medium
|
||||
41 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
|
||||
42 | File | `/feeds/post/publish` | High
|
||||
43 | File | `/forum/away.php` | High
|
||||
44 | File | `/goForm/aspForm` | High
|
||||
45 | File | `/goform/RgTime` | High
|
||||
46 | File | `/h/` | Low
|
||||
47 | File | `/home/courses` | High
|
||||
48 | File | `/home/filter_listings` | High
|
||||
49 | File | `/home/search` | Medium
|
||||
50 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
51 | File | `/index.php/payment/getcoinaddress` | High
|
||||
52 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
53 | File | `/index.php?controller=GzUser&action=edit&id=1` | High
|
||||
54 | File | `/index.php?page=category_list` | High
|
||||
55 | File | `/install/index.php` | High
|
||||
56 | File | `/ipms/imageConvert/image` | High
|
||||
57 | File | `/jobinfo/` | Medium
|
||||
58 | File | `/kelas/data` | Medium
|
||||
59 | File | `/kelasdosen/data` | High
|
||||
60 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
61 | File | `/Login/CheckLogin` | High
|
||||
62 | File | `/matchmakings/question` | High
|
||||
63 | File | `/modules/projects/vw_files.php` | High
|
||||
64 | File | `/Moosikay/order.php` | High
|
||||
65 | File | `/note/index/delete` | High
|
||||
66 | File | `/opac/Actions.php?a=login` | High
|
||||
67 | ... | ... | ...
|
||||
|
||||
There are 516 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 584 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -25,36 +25,50 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
2 | [1.242.139.44](https://vuldb.com/?ip.1.242.139.44) | - | - | High
|
||||
3 | [3.6.30.85](https://vuldb.com/?ip.3.6.30.85) | ec2-3-6-30-85.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
4 | [5.42.65.49](https://vuldb.com/?ip.5.42.65.49) | - | - | High
|
||||
5 | [5.135.83.205](https://vuldb.com/?ip.5.135.83.205) | 5-135-83-205.asyx.ru | - | High
|
||||
6 | [5.161.143.111](https://vuldb.com/?ip.5.161.143.111) | static.111.143.161.5.clients.your-server.de | - | High
|
||||
7 | [5.178.3.191](https://vuldb.com/?ip.5.178.3.191) | - | - | High
|
||||
8 | [5.252.118.26](https://vuldb.com/?ip.5.252.118.26) | needed-belief.aeza.network | - | High
|
||||
9 | [20.199.73.159](https://vuldb.com/?ip.20.199.73.159) | - | - | High
|
||||
10 | [20.216.162.185](https://vuldb.com/?ip.20.216.162.185) | - | - | High
|
||||
11 | [20.216.165.135](https://vuldb.com/?ip.20.216.165.135) | - | - | High
|
||||
12 | [20.216.178.113](https://vuldb.com/?ip.20.216.178.113) | - | - | High
|
||||
13 | [20.223.128.97](https://vuldb.com/?ip.20.223.128.97) | - | - | High
|
||||
14 | [31.41.221.82](https://vuldb.com/?ip.31.41.221.82) | dedic.dc.besthosting.ua | - | High
|
||||
15 | [34.92.66.146](https://vuldb.com/?ip.34.92.66.146) | 146.66.92.34.bc.googleusercontent.com | - | Medium
|
||||
16 | [37.18.62.18](https://vuldb.com/?ip.37.18.62.18) | 37.18.62.18.ip.goknet.com.tr | - | High
|
||||
17 | [37.46.129.39](https://vuldb.com/?ip.37.46.129.39) | cloud.legit | - | High
|
||||
18 | [37.46.134.225](https://vuldb.com/?ip.37.46.134.225) | ssnezkovv.fvds.ru | - | High
|
||||
19 | [37.187.222.230](https://vuldb.com/?ip.37.187.222.230) | ip230.ip-37-187-222.eu | - | High
|
||||
20 | [38.242.139.217](https://vuldb.com/?ip.38.242.139.217) | vmi927610.contaboserver.net | - | High
|
||||
21 | [40.87.50.159](https://vuldb.com/?ip.40.87.50.159) | - | - | High
|
||||
22 | [40.114.223.144](https://vuldb.com/?ip.40.114.223.144) | - | - | High
|
||||
23 | [41.62.221.74](https://vuldb.com/?ip.41.62.221.74) | - | - | High
|
||||
24 | [43.243.111.229](https://vuldb.com/?ip.43.243.111.229) | - | - | High
|
||||
25 | [45.8.230.157](https://vuldb.com/?ip.45.8.230.157) | ptr.ruvds.com | - | High
|
||||
26 | [45.12.238.157](https://vuldb.com/?ip.45.12.238.157) | - | - | High
|
||||
27 | [45.74.7.10](https://vuldb.com/?ip.45.74.7.10) | - | - | High
|
||||
28 | [45.77.34.211](https://vuldb.com/?ip.45.77.34.211) | 45.77.34.211.vultrusercontent.com | - | High
|
||||
29 | [45.77.175.130](https://vuldb.com/?ip.45.77.175.130) | 45.77.175.130.vultrusercontent.com | - | High
|
||||
30 | [45.91.8.171](https://vuldb.com/?ip.45.91.8.171) | - | - | High
|
||||
31 | [45.92.1.155](https://vuldb.com/?ip.45.92.1.155) | - | - | High
|
||||
32 | ... | ... | ... | ...
|
||||
5 | [5.42.77.211](https://vuldb.com/?ip.5.42.77.211) | - | - | High
|
||||
6 | [5.42.92.132](https://vuldb.com/?ip.5.42.92.132) | hosted-by.yeezyhost.net | - | High
|
||||
7 | [5.63.159.156](https://vuldb.com/?ip.5.63.159.156) | 5-63-159-156.cloudvps.regruhosting.ru | - | High
|
||||
8 | [5.135.83.205](https://vuldb.com/?ip.5.135.83.205) | 5-135-83-205.asyx.ru | - | High
|
||||
9 | [5.161.143.111](https://vuldb.com/?ip.5.161.143.111) | static.111.143.161.5.clients.your-server.de | - | High
|
||||
10 | [5.178.3.191](https://vuldb.com/?ip.5.178.3.191) | - | - | High
|
||||
11 | [5.252.118.26](https://vuldb.com/?ip.5.252.118.26) | needed-belief.aeza.network | - | High
|
||||
12 | [15.188.64.143](https://vuldb.com/?ip.15.188.64.143) | ec2-15-188-64-143.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
13 | [20.199.73.159](https://vuldb.com/?ip.20.199.73.159) | - | - | High
|
||||
14 | [20.216.162.185](https://vuldb.com/?ip.20.216.162.185) | - | - | High
|
||||
15 | [20.216.165.135](https://vuldb.com/?ip.20.216.165.135) | - | - | High
|
||||
16 | [20.216.178.113](https://vuldb.com/?ip.20.216.178.113) | - | - | High
|
||||
17 | [20.223.128.97](https://vuldb.com/?ip.20.223.128.97) | - | - | High
|
||||
18 | [31.41.221.82](https://vuldb.com/?ip.31.41.221.82) | dedic.dc.besthosting.ua | - | High
|
||||
19 | [31.210.55.202](https://vuldb.com/?ip.31.210.55.202) | 31-210-55-202.hostlab.net.tr | - | High
|
||||
20 | [34.92.66.146](https://vuldb.com/?ip.34.92.66.146) | 146.66.92.34.bc.googleusercontent.com | - | Medium
|
||||
21 | [37.18.62.18](https://vuldb.com/?ip.37.18.62.18) | 37.18.62.18.ip.goknet.com.tr | - | High
|
||||
22 | [37.46.128.31](https://vuldb.com/?ip.37.46.128.31) | www.atradepoint.com | - | High
|
||||
23 | [37.46.129.39](https://vuldb.com/?ip.37.46.129.39) | cloud.legit | - | High
|
||||
24 | [37.46.134.225](https://vuldb.com/?ip.37.46.134.225) | ssnezkovv.fvds.ru | - | High
|
||||
25 | [37.187.222.230](https://vuldb.com/?ip.37.187.222.230) | ip230.ip-37-187-222.eu | - | High
|
||||
26 | [38.242.139.217](https://vuldb.com/?ip.38.242.139.217) | vmi927610.contaboserver.net | - | High
|
||||
27 | [40.87.50.159](https://vuldb.com/?ip.40.87.50.159) | - | - | High
|
||||
28 | [40.114.223.144](https://vuldb.com/?ip.40.114.223.144) | - | - | High
|
||||
29 | [41.62.221.74](https://vuldb.com/?ip.41.62.221.74) | - | - | High
|
||||
30 | [43.243.111.229](https://vuldb.com/?ip.43.243.111.229) | - | - | High
|
||||
31 | [45.8.230.157](https://vuldb.com/?ip.45.8.230.157) | ptr.ruvds.com | - | High
|
||||
32 | [45.12.221.10](https://vuldb.com/?ip.45.12.221.10) | - | - | High
|
||||
33 | [45.12.238.157](https://vuldb.com/?ip.45.12.238.157) | - | - | High
|
||||
34 | [45.32.74.105](https://vuldb.com/?ip.45.32.74.105) | 45.32.74.105.vultrusercontent.com | - | High
|
||||
35 | [45.61.188.238](https://vuldb.com/?ip.45.61.188.238) | mail4.amazomapofficialmail.shop | - | High
|
||||
36 | [45.67.231.91](https://vuldb.com/?ip.45.67.231.91) | vm1532516.stark-industries.solutions | - | High
|
||||
37 | [45.74.7.10](https://vuldb.com/?ip.45.74.7.10) | - | - | High
|
||||
38 | [45.77.34.211](https://vuldb.com/?ip.45.77.34.211) | 45.77.34.211.vultrusercontent.com | - | High
|
||||
39 | [45.77.175.130](https://vuldb.com/?ip.45.77.175.130) | 45.77.175.130.vultrusercontent.com | - | High
|
||||
40 | [45.91.8.171](https://vuldb.com/?ip.45.91.8.171) | - | - | High
|
||||
41 | [45.92.1.155](https://vuldb.com/?ip.45.92.1.155) | - | - | High
|
||||
42 | [45.95.19.170](https://vuldb.com/?ip.45.95.19.170) | - | - | High
|
||||
43 | [45.95.19.172](https://vuldb.com/?ip.45.95.19.172) | - | - | High
|
||||
44 | [45.95.19.173](https://vuldb.com/?ip.45.95.19.173) | - | - | High
|
||||
45 | [45.95.19.174](https://vuldb.com/?ip.45.95.19.174) | - | - | High
|
||||
46 | ... | ... | ... | ...
|
||||
|
||||
There are 124 more IOC items available. Please use our online service to access the data.
|
||||
There are 179 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -65,9 +79,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -78,61 +93,59 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
3 | File | `/admin/casedetails.php` | High
|
||||
4 | File | `/admin/del_feedback.php` | High
|
||||
5 | File | `/admin/login.php` | High
|
||||
6 | File | `/admin/maintenance/brand.php` | High
|
||||
7 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
8 | File | `/admin/modal_add_product.php` | High
|
||||
9 | File | `/admin/positions_add.php` | High
|
||||
10 | File | `/admin/user/manage_user.php` | High
|
||||
11 | File | `/admin/userprofile.php` | High
|
||||
12 | File | `/admin/voters_row.php` | High
|
||||
13 | File | `/ad_js.php` | Medium
|
||||
14 | File | `/ajax.php?action=save_company` | High
|
||||
15 | File | `/ajax.php?action=save_user` | High
|
||||
16 | File | `/ajax/myshop` | Medium
|
||||
17 | File | `/alumni/admin/ajax.php?action=save_settings` | High
|
||||
2 | File | `/academy/home/courses` | High
|
||||
3 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
4 | File | `/admin/about-us.php` | High
|
||||
5 | File | `/admin/casedetails.php` | High
|
||||
6 | File | `/admin/del_feedback.php` | High
|
||||
7 | File | `/admin/login.php` | High
|
||||
8 | File | `/admin/maintenance/brand.php` | High
|
||||
9 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
10 | File | `/admin/modal_add_product.php` | High
|
||||
11 | File | `/admin/positions_add.php` | High
|
||||
12 | File | `/admin/user/manage_user.php` | High
|
||||
13 | File | `/admin/userprofile.php` | High
|
||||
14 | File | `/admin/voters_row.php` | High
|
||||
15 | File | `/ajax.php?action=save_company` | High
|
||||
16 | File | `/ajax.php?action=save_user` | High
|
||||
17 | File | `/ajax/myshop` | Medium
|
||||
18 | File | `/api/baskets/{name}` | High
|
||||
19 | File | `/api/gen/clients/{language}` | High
|
||||
20 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
21 | File | `/APR/signup.php` | High
|
||||
19 | File | `/api/database` | High
|
||||
20 | File | `/api/gen/clients/{language}` | High
|
||||
21 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
22 | File | `/authenticationendpoint/login.do` | High
|
||||
23 | File | `/aux` | Low
|
||||
24 | File | `/backup.pl` | Medium
|
||||
23 | File | `/backup.pl` | Medium
|
||||
24 | File | `/c/PluginsController.php` | High
|
||||
25 | File | `/cas/logout` | Medium
|
||||
26 | File | `/category.php` | High
|
||||
27 | File | `/categorypage.php` | High
|
||||
28 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
29 | File | `/cha.php` | Medium
|
||||
30 | File | `/chaincity/user/ticket/create` | High
|
||||
31 | File | `/College/admin/teacher.php` | High
|
||||
32 | File | `/contactform/contactform.php` | High
|
||||
33 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
34 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
35 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
36 | File | `/dcim/rack-roles/` | High
|
||||
37 | File | `/drivers/block/floppy.c` | High
|
||||
38 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
39 | File | `/ecommerce/support_ticket` | High
|
||||
40 | File | `/etc/shadow` | Medium
|
||||
41 | File | `/forum/away.php` | High
|
||||
42 | File | `/fos/admin/ajax.php` | High
|
||||
43 | File | `/friends/ajax_invite` | High
|
||||
44 | File | `/goform/aspForm` | High
|
||||
45 | File | `/goform/WifiGuestSet` | High
|
||||
46 | File | `/home/filter_listings` | High
|
||||
47 | File | `/inc/topBarNav.php` | High
|
||||
48 | File | `/index.php` | Medium
|
||||
49 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
50 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
51 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
52 | File | `/kelas/data` | Medium
|
||||
53 | File | `/kelasdosen/data` | High
|
||||
54 | ... | ... | ...
|
||||
27 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
28 | File | `/chaincity/user/ticket/create` | High
|
||||
29 | File | `/College/admin/teacher.php` | High
|
||||
30 | File | `/contactform/contactform.php` | High
|
||||
31 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
32 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
33 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
34 | File | `/dcim/rack-roles/` | High
|
||||
35 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
36 | File | `/ecommerce/support_ticket` | High
|
||||
37 | File | `/ecrire/exec/puce_statut.php` | High
|
||||
38 | File | `/files/` | Low
|
||||
39 | File | `/film-rating.php` | High
|
||||
40 | File | `/forum/away.php` | High
|
||||
41 | File | `/friends/ajax_invite` | High
|
||||
42 | File | `/goform/aspForm` | High
|
||||
43 | File | `/goform/WifiGuestSet` | High
|
||||
44 | File | `/home/filter_listings` | High
|
||||
45 | File | `/inc/topBarNav.php` | High
|
||||
46 | File | `/index.php` | Medium
|
||||
47 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
48 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
49 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
50 | File | `/instance/detail` | High
|
||||
51 | File | `/items/search` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 469 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 453 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -140,6 +153,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://app.any.run/tasks/0c6eba9e-a4ca-4c40-beb1-a03bc903d904
|
||||
* https://app.any.run/tasks/1a6872e0-d42c-4949-82ae-e8f8f96d47a7
|
||||
* https://app.any.run/tasks/2c9c8dae-6637-49ba-b286-c690117dda39
|
||||
* https://app.any.run/tasks/5f4f4268-36ec-4a62-8602-532292ddb0e0
|
||||
* https://app.any.run/tasks/8cb5c115-dd4a-4569-8b83-04aed74d9983
|
||||
* https://app.any.run/tasks/25cd593b-83ba-4940-b968-cbd2e8e7f7a2
|
||||
|
@ -150,6 +164,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://app.any.run/tasks/cbaabb75-75e6-4441-a38f-f78948e1d925
|
||||
* https://app.any.run/tasks/d3c9fcf8-ff6d-438e-a114-6339b05f317b
|
||||
* https://app.any.run/tasks/eb70c7f9-f74b-4142-b0d5-5d8edfa50496
|
||||
* https://app.any.run/tasks/f4d9ccf1-1d04-4396-bccd-5ce9e5a8086c
|
||||
* https://search.censys.io/hosts/1.165.96.128
|
||||
* https://search.censys.io/hosts/1.242.139.44
|
||||
* https://search.censys.io/hosts/3.6.30.85
|
||||
|
@ -159,6 +174,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/20.216.165.135
|
||||
* https://search.censys.io/hosts/20.216.178.113
|
||||
* https://search.censys.io/hosts/20.223.128.97
|
||||
* https://search.censys.io/hosts/31.210.55.202
|
||||
* https://search.censys.io/hosts/34.92.66.146
|
||||
* https://search.censys.io/hosts/37.18.62.18
|
||||
* https://search.censys.io/hosts/37.187.222.230
|
||||
|
@ -167,6 +183,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/40.114.223.144
|
||||
* https://search.censys.io/hosts/41.62.221.74
|
||||
* https://search.censys.io/hosts/43.243.111.229
|
||||
* https://search.censys.io/hosts/45.12.221.10
|
||||
* https://search.censys.io/hosts/45.32.74.105
|
||||
* https://search.censys.io/hosts/45.74.7.10
|
||||
* https://search.censys.io/hosts/45.77.34.211
|
||||
* https://search.censys.io/hosts/45.77.175.130
|
||||
|
@ -177,12 +195,16 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/45.95.19.174
|
||||
* https://search.censys.io/hosts/45.144.154.62
|
||||
* https://search.censys.io/hosts/46.23.96.131
|
||||
* https://search.censys.io/hosts/46.246.14.20
|
||||
* https://search.censys.io/hosts/47.106.131.255
|
||||
* https://search.censys.io/hosts/47.254.75.102
|
||||
* https://search.censys.io/hosts/52.152.223.228
|
||||
* https://search.censys.io/hosts/52.186.31.169
|
||||
* https://search.censys.io/hosts/63.143.47.135
|
||||
* https://search.censys.io/hosts/64.44.166.203
|
||||
* https://search.censys.io/hosts/64.176.43.239
|
||||
* https://search.censys.io/hosts/77.92.154.211
|
||||
* https://search.censys.io/hosts/82.156.141.121
|
||||
* https://search.censys.io/hosts/82.165.114.107
|
||||
* https://search.censys.io/hosts/83.229.83.102
|
||||
* https://search.censys.io/hosts/87.121.221.220
|
||||
|
@ -191,8 +213,14 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/89.211.209.74
|
||||
* https://search.censys.io/hosts/91.227.113.154
|
||||
* https://search.censys.io/hosts/94.124.192.220
|
||||
* https://search.censys.io/hosts/94.156.253.218
|
||||
* https://search.censys.io/hosts/95.179.128.208
|
||||
* https://search.censys.io/hosts/95.214.26.63
|
||||
* https://search.censys.io/hosts/95.214.26.66
|
||||
* https://search.censys.io/hosts/95.214.26.67
|
||||
* https://search.censys.io/hosts/95.214.26.88
|
||||
* https://search.censys.io/hosts/95.214.26.89
|
||||
* https://search.censys.io/hosts/103.38.83.176
|
||||
* https://search.censys.io/hosts/103.144.148.219
|
||||
* https://search.censys.io/hosts/103.146.78.130
|
||||
* https://search.censys.io/hosts/103.170.118.35
|
||||
|
@ -201,30 +229,44 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/109.195.94.247
|
||||
* https://search.censys.io/hosts/111.229.139.47
|
||||
* https://search.censys.io/hosts/112.213.98.87
|
||||
* https://search.censys.io/hosts/114.96.73.0
|
||||
* https://search.censys.io/hosts/120.78.151.171
|
||||
* https://search.censys.io/hosts/124.72.246.78
|
||||
* https://search.censys.io/hosts/139.180.143.50
|
||||
* https://search.censys.io/hosts/141.95.11.145
|
||||
* https://search.censys.io/hosts/142.202.242.168
|
||||
* https://search.censys.io/hosts/144.126.230.14
|
||||
* https://search.censys.io/hosts/147.185.221.181
|
||||
* https://search.censys.io/hosts/154.12.254.215
|
||||
* https://search.censys.io/hosts/154.53.42.53
|
||||
* https://search.censys.io/hosts/159.65.235.56
|
||||
* https://search.censys.io/hosts/159.69.64.122
|
||||
* https://search.censys.io/hosts/172.94.103.16
|
||||
* https://search.censys.io/hosts/172.94.103.112
|
||||
* https://search.censys.io/hosts/172.94.103.171
|
||||
* https://search.censys.io/hosts/172.111.236.107
|
||||
* https://search.censys.io/hosts/176.96.137.221
|
||||
* https://search.censys.io/hosts/177.255.88.252
|
||||
* https://search.censys.io/hosts/179.43.154.184
|
||||
* https://search.censys.io/hosts/179.61.251.188
|
||||
* https://search.censys.io/hosts/185.139.230.98
|
||||
* https://search.censys.io/hosts/185.225.18.110
|
||||
* https://search.censys.io/hosts/185.241.208.121
|
||||
* https://search.censys.io/hosts/185.246.222.117
|
||||
* https://search.censys.io/hosts/188.132.197.93
|
||||
* https://search.censys.io/hosts/188.132.197.104
|
||||
* https://search.censys.io/hosts/191.101.3.50
|
||||
* https://search.censys.io/hosts/192.99.10.207
|
||||
* https://search.censys.io/hosts/193.42.32.159
|
||||
* https://search.censys.io/hosts/194.26.192.203
|
||||
* https://search.censys.io/hosts/194.59.31.109
|
||||
* https://search.censys.io/hosts/194.87.218.64
|
||||
* https://search.censys.io/hosts/194.156.88.152
|
||||
* https://search.censys.io/hosts/198.23.212.148
|
||||
* https://search.censys.io/hosts/206.238.221.30
|
||||
* https://search.censys.io/hosts/209.25.142.180
|
||||
* https://search.censys.io/hosts/213.238.182.19
|
||||
* https://search.censys.io/hosts/216.83.38.252
|
||||
* https://threatfox.abuse.ch
|
||||
* https://tria.ge/220411-rpjwpsagg7
|
||||
* https://tria.ge/220421-rkv36sbagj
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -47,16 +47,16 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/rukovoditel/index.php?module=dashboard/ajax_request` | High
|
||||
2 | File | `arch/powerpc/kernel/entry_64.S` | High
|
||||
3 | File | `auth2-gss.c` | Medium
|
||||
4 | File | `avahi-core/socket.c` | High
|
||||
5 | File | `block/bfq-iosched.c` | High
|
||||
6 | File | `chat.php` | Medium
|
||||
7 | File | `Crypt32.dll` | Medium
|
||||
1 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
2 | File | `/rukovoditel/index.php?module=dashboard/ajax_request` | High
|
||||
3 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
4 | File | `arch/powerpc/kernel/entry_64.S` | High
|
||||
5 | File | `auth2-gss.c` | Medium
|
||||
6 | File | `avahi-core/socket.c` | High
|
||||
7 | File | `block/bfq-iosched.c` | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 52 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 59 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ The following _campaigns_ are known and can be associated with DPRK:
|
|||
* DrillMalware
|
||||
* ...
|
||||
|
||||
There are 4 more campaign items available. Please use our online service to access the data.
|
||||
There are 5 more campaign items available. Please use our online service to access the data.
|
||||
|
||||
## Countries
|
||||
|
||||
|
@ -21,10 +21,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [HK](https://vuldb.com/?country.hk)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -40,29 +40,30 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
6 | [5.62.61.65](https://vuldb.com/?ip.5.62.61.65) | r-65.61.62.5.ptr.avast.com | - | High
|
||||
7 | [5.62.61.66](https://vuldb.com/?ip.5.62.61.66) | r-66.61.62.5.ptr.avast.com | - | High
|
||||
8 | [5.62.61.67](https://vuldb.com/?ip.5.62.61.67) | r-67.61.62.5.ptr.avast.com | - | High
|
||||
9 | [14.140.116.172](https://vuldb.com/?ip.14.140.116.172) | 14-140-116-172-sapient.com | Hoplight | High
|
||||
10 | [21.252.107.198](https://vuldb.com/?ip.21.252.107.198) | - | HOPLIGHT | High
|
||||
11 | [23.29.115.171](https://vuldb.com/?ip.23.29.115.171) | 23-29-115-171.static.hvvc.us | JumpCloud | High
|
||||
12 | [23.95.182.5](https://vuldb.com/?ip.23.95.182.5) | 23-95-182-5-host.colocrossing.com | JumpCloud | High
|
||||
13 | [26.165.218.44](https://vuldb.com/?ip.26.165.218.44) | - | HOPLIGHT | High
|
||||
14 | [45.33.2.79](https://vuldb.com/?ip.45.33.2.79) | li956-79.members.linode.com | AppleJeus | High
|
||||
15 | [45.33.23.183](https://vuldb.com/?ip.45.33.23.183) | li977-183.members.linode.com | AppleJeus | High
|
||||
16 | [45.42.151.0](https://vuldb.com/?ip.45.42.151.0) | - | - | High
|
||||
17 | [45.42.151.11](https://vuldb.com/?ip.45.42.151.11) | - | - | High
|
||||
18 | [45.42.151.12](https://vuldb.com/?ip.45.42.151.12) | - | - | High
|
||||
19 | [45.42.151.13](https://vuldb.com/?ip.45.42.151.13) | - | - | High
|
||||
20 | [45.42.151.14](https://vuldb.com/?ip.45.42.151.14) | - | - | High
|
||||
21 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | AppleJeus | High
|
||||
22 | [45.79.19.196](https://vuldb.com/?ip.45.79.19.196) | li1118-196.members.linode.com | AppleJeus | High
|
||||
23 | [45.82.250.186](https://vuldb.com/?ip.45.82.250.186) | - | JumpCloud | High
|
||||
24 | [45.199.63.220](https://vuldb.com/?ip.45.199.63.220) | - | AppleJeus | High
|
||||
25 | [46.36.203.81](https://vuldb.com/?ip.46.36.203.81) | - | - | High
|
||||
26 | [46.36.203.82](https://vuldb.com/?ip.46.36.203.82) | - | - | High
|
||||
27 | [47.206.4.145](https://vuldb.com/?ip.47.206.4.145) | static-47-206-4-145.srst.fl.frontiernet.net | HOPLIGHT | High
|
||||
28 | [51.68.152.96](https://vuldb.com/?ip.51.68.152.96) | ns3122934.ip-51-68-152.eu | BLINDINGCAN | High
|
||||
29 | ... | ... | ... | ...
|
||||
9 | [5.134.119.142](https://vuldb.com/?ip.5.134.119.142) | - | NPO Mashinostroyeniya | High
|
||||
10 | [14.140.116.172](https://vuldb.com/?ip.14.140.116.172) | 14-140-116-172-sapient.com | Hoplight | High
|
||||
11 | [21.252.107.198](https://vuldb.com/?ip.21.252.107.198) | - | HOPLIGHT | High
|
||||
12 | [23.29.115.171](https://vuldb.com/?ip.23.29.115.171) | 23-29-115-171.static.hvvc.us | JumpCloud | High
|
||||
13 | [23.95.182.5](https://vuldb.com/?ip.23.95.182.5) | 23-95-182-5-host.colocrossing.com | JumpCloud | High
|
||||
14 | [26.165.218.44](https://vuldb.com/?ip.26.165.218.44) | - | HOPLIGHT | High
|
||||
15 | [45.33.2.79](https://vuldb.com/?ip.45.33.2.79) | li956-79.members.linode.com | AppleJeus | High
|
||||
16 | [45.33.23.183](https://vuldb.com/?ip.45.33.23.183) | li977-183.members.linode.com | AppleJeus | High
|
||||
17 | [45.42.151.0](https://vuldb.com/?ip.45.42.151.0) | - | - | High
|
||||
18 | [45.42.151.11](https://vuldb.com/?ip.45.42.151.11) | - | - | High
|
||||
19 | [45.42.151.12](https://vuldb.com/?ip.45.42.151.12) | - | - | High
|
||||
20 | [45.42.151.13](https://vuldb.com/?ip.45.42.151.13) | - | - | High
|
||||
21 | [45.42.151.14](https://vuldb.com/?ip.45.42.151.14) | - | - | High
|
||||
22 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | AppleJeus | High
|
||||
23 | [45.79.19.196](https://vuldb.com/?ip.45.79.19.196) | li1118-196.members.linode.com | AppleJeus | High
|
||||
24 | [45.82.250.186](https://vuldb.com/?ip.45.82.250.186) | - | JumpCloud | High
|
||||
25 | [45.199.63.220](https://vuldb.com/?ip.45.199.63.220) | - | AppleJeus | High
|
||||
26 | [46.36.203.81](https://vuldb.com/?ip.46.36.203.81) | - | - | High
|
||||
27 | [46.36.203.82](https://vuldb.com/?ip.46.36.203.82) | - | - | High
|
||||
28 | [47.206.4.145](https://vuldb.com/?ip.47.206.4.145) | static-47-206-4-145.srst.fl.frontiernet.net | HOPLIGHT | High
|
||||
29 | [51.68.152.96](https://vuldb.com/?ip.51.68.152.96) | ns3122934.ip-51-68-152.eu | BLINDINGCAN | High
|
||||
30 | ... | ... | ... | ...
|
||||
|
||||
There are 113 more IOC items available. Please use our online service to access the data.
|
||||
There are 116 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -77,7 +78,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -88,72 +89,74 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/?r=email/api/mark&op=delFromSend` | High
|
||||
4 | File | `/admin/?page=user` | High
|
||||
5 | File | `/admin/addproduct.php` | High
|
||||
6 | File | `/admin/ballot_down.php` | High
|
||||
7 | File | `/admin/ballot_up.php` | High
|
||||
8 | File | `/admin/bookings/manage_booking.php` | High
|
||||
9 | File | `/admin/bookings/view_booking.php` | High
|
||||
10 | File | `/admin/candidates_row.php` | High
|
||||
11 | File | `/admin/casedetails.php` | High
|
||||
12 | File | `/admin/config_save.php` | High
|
||||
13 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
14 | File | `/admin/edit_product.php` | High
|
||||
15 | File | `/admin/edit_subject.php` | High
|
||||
16 | File | `/admin/fields/manage_field.php` | High
|
||||
17 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
18 | File | `/admin/inventory/manage_stock.php` | High
|
||||
19 | File | `/admin/maintenance/brand.php` | High
|
||||
20 | File | `/admin/manage_academic.php` | High
|
||||
21 | File | `/admin/modal_add_product.php` | High
|
||||
22 | File | `/admin/offenses/view_details.php` | High
|
||||
23 | File | `/admin/orders/update_status.php` | High
|
||||
24 | File | `/admin/positions_add.php` | High
|
||||
25 | File | `/admin/positions_delete.php` | High
|
||||
26 | File | `/admin/positions_row.php` | High
|
||||
27 | File | `/admin/product/manage.php` | High
|
||||
28 | File | `/admin/products/index.php` | High
|
||||
29 | File | `/admin/reportupload.aspx` | High
|
||||
30 | File | `/admin/sales/index.php` | High
|
||||
31 | File | `/admin/save_teacher.php` | High
|
||||
32 | File | `/admin/service.php` | High
|
||||
33 | File | `/admin/services/view_service.php` | High
|
||||
34 | File | `/admin/update_s6.php` | High
|
||||
35 | File | `/admin/user/manage_user.php` | High
|
||||
36 | File | `/admin/userprofile.php` | High
|
||||
37 | File | `/admin/voters_row.php` | High
|
||||
38 | File | `/api/baskets/{name}` | High
|
||||
39 | File | `/apply.cgi` | Medium
|
||||
40 | File | `/author/list?limit=10&offset=0&order=desc` | High
|
||||
41 | File | `/booking/show_bookings/` | High
|
||||
42 | File | `/cas/logout` | Medium
|
||||
43 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
44 | File | `/cgi-bin/adm.cgi` | High
|
||||
45 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
46 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
47 | File | `/changeimage.php` | High
|
||||
48 | File | `/classes/Master.php` | High
|
||||
49 | File | `/classes/Master.php?f=delete_category` | High
|
||||
50 | File | `/classes/Master.php?f=delete_img` | High
|
||||
51 | File | `/classes/master.php?f=delete_order` | High
|
||||
52 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
53 | File | `/classes/Master.php?f=save_brand` | High
|
||||
54 | File | `/classes/Master.php?f=save_category` | High
|
||||
55 | File | `/classes/Master.php?f=save_course` | High
|
||||
56 | File | `/classes/Master.php?f=save_position` | High
|
||||
57 | File | `/classes/Master.php?f=save_sub_category` | High
|
||||
58 | File | `/classes/Master.php?f=update_order_status` | High
|
||||
59 | File | `/classes/Users.phpp` | High
|
||||
60 | File | `/cms/category/list` | High
|
||||
61 | File | `/College/admin/teacher.php` | High
|
||||
62 | File | `/config/myfield/test.php` | High
|
||||
63 | File | `/contact/store` | High
|
||||
64 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
65 | File | `/data/remove` | Medium
|
||||
66 | File | `/dcim/rack-roles/` | High
|
||||
67 | ... | ... | ...
|
||||
4 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
5 | File | `/admin/?page=user` | High
|
||||
6 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
7 | File | `/admin/about-us.php` | High
|
||||
8 | File | `/admin/add-category.php` | High
|
||||
9 | File | `/admin/add-services.php` | High
|
||||
10 | File | `/admin/addproduct.php` | High
|
||||
11 | File | `/admin/admin-profile.php` | High
|
||||
12 | File | `/admin/ballot_down.php` | High
|
||||
13 | File | `/admin/ballot_up.php` | High
|
||||
14 | File | `/admin/bookings/manage_booking.php` | High
|
||||
15 | File | `/admin/bookings/view_booking.php` | High
|
||||
16 | File | `/admin/candidates_row.php` | High
|
||||
17 | File | `/admin/casedetails.php` | High
|
||||
18 | File | `/admin/config_save.php` | High
|
||||
19 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
20 | File | `/admin/del_category.php` | High
|
||||
21 | File | `/admin/del_feedback.php` | High
|
||||
22 | File | `/admin/del_service.php` | High
|
||||
23 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
24 | File | `/admin/edit-services.php` | High
|
||||
25 | File | `/admin/edit_category.php` | High
|
||||
26 | File | `/admin/edit_product.php` | High
|
||||
27 | File | `/admin/edit_subject.php` | High
|
||||
28 | File | `/admin/fields/manage_field.php` | High
|
||||
29 | File | `/admin/forgot-password.php` | High
|
||||
30 | File | `/admin/index.php` | High
|
||||
31 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
32 | File | `/admin/inventory/manage_stock.php` | High
|
||||
33 | File | `/admin/invoice.php` | High
|
||||
34 | File | `/admin/maintenance/brand.php` | High
|
||||
35 | File | `/admin/manage_academic.php` | High
|
||||
36 | File | `/admin/modal_add_product.php` | High
|
||||
37 | File | `/admin/offenses/view_details.php` | High
|
||||
38 | File | `/admin/orders/update_status.php` | High
|
||||
39 | File | `/admin/positions_add.php` | High
|
||||
40 | File | `/admin/positions_delete.php` | High
|
||||
41 | File | `/admin/positions_row.php` | High
|
||||
42 | File | `/admin/product/manage.php` | High
|
||||
43 | File | `/admin/products/index.php` | High
|
||||
44 | File | `/admin/reportupload.aspx` | High
|
||||
45 | File | `/admin/sales/index.php` | High
|
||||
46 | File | `/admin/save_teacher.php` | High
|
||||
47 | File | `/admin/search-appointment.php` | High
|
||||
48 | File | `/admin/service.php` | High
|
||||
49 | File | `/admin/services/view_service.php` | High
|
||||
50 | File | `/admin/sys_sql_query.php` | High
|
||||
51 | File | `/admin/update_s6.php` | High
|
||||
52 | File | `/admin/user/manage_user.php` | High
|
||||
53 | File | `/admin/userprofile.php` | High
|
||||
54 | File | `/admin/voters_row.php` | High
|
||||
55 | File | `/admin/vote_edit.php` | High
|
||||
56 | File | `/api/baskets/{name}` | High
|
||||
57 | File | `/api/sys/set_passwd` | High
|
||||
58 | File | `/author/list?limit=10&offset=0&order=desc` | High
|
||||
59 | File | `/booking/show_bookings/` | High
|
||||
60 | File | `/cas/logout` | Medium
|
||||
61 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
62 | File | `/cgi-bin/adm.cgi` | High
|
||||
63 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
64 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
65 | File | `/changeimage.php` | High
|
||||
66 | File | `/classes/Master.php` | High
|
||||
67 | File | `/classes/Master.php?f=delete_category` | High
|
||||
68 | File | `/classes/Master.php?f=delete_img` | High
|
||||
69 | ... | ... | ...
|
||||
|
||||
There are 587 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 608 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -171,6 +174,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a
|
||||
* https://www.cisa.gov/uscert/ncas/analysis-reports/ar20-045g
|
||||
* https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket
|
||||
* https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/
|
||||
* https://www.threatminer.org/report.php?q=HPSRSecurityBriefing_Episode16_NorthKorea.pdf&y=2014
|
||||
* https://www.threatminer.org/report.php?q=SuspectedNorthKoreanCyberEspionageCampaignTargetsMultipleForeignMinistriesandThinkTanks.pdf&y=2019
|
||||
|
||||
|
|
|
@ -55,7 +55,7 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/uncpath/` | Medium
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 26 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 30 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,98 @@
|
|||
# DarkGate - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DarkGate](https://vuldb.com/?actor.darkgate). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.darkgate](https://vuldb.com/?actor.darkgate)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DarkGate:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of DarkGate.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [80.66.88.145](https://vuldb.com/?ip.80.66.88.145) | - | - | High
|
||||
2 | [107.181.161.200](https://vuldb.com/?ip.107.181.161.200) | dedic-louspaydete1988-1176239.hosted-by-itldc.com | - | High
|
||||
3 | [149.248.0.82](https://vuldb.com/?ip.149.248.0.82) | 149.248.0.82.vultrusercontent.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _DarkGate_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by DarkGate. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/maintenance/view_designation.php` | High
|
||||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `/opac/Actions.php?a=login` | High
|
||||
4 | File | `/resourceNode/jdbcResourceEdit.jsf` | High
|
||||
5 | File | `/resourceNode/resources.jsf` | High
|
||||
6 | File | `/spip.php` | Medium
|
||||
7 | File | `3.6.cpj` | Low
|
||||
8 | File | `404.php` | Low
|
||||
9 | File | `adclick.php` | Medium
|
||||
10 | File | `admin.asp` | Medium
|
||||
11 | File | `admin.aspx` | Medium
|
||||
12 | File | `admin.php` | Medium
|
||||
13 | File | `admin/member_details.php` | High
|
||||
14 | File | `admin_chatconfig.php` | High
|
||||
15 | File | `admin_iplog.php` | High
|
||||
16 | File | `ajaxp.php` | Medium
|
||||
17 | File | `alphabet.php` | Medium
|
||||
18 | File | `app/controllers/oauth.js` | High
|
||||
19 | File | `article2/comments.inc.php` | High
|
||||
20 | File | `articles/edit.php` | High
|
||||
21 | File | `assp.pl` | Low
|
||||
22 | File | `attachment.cgi` | High
|
||||
23 | File | `be_config.php` | High
|
||||
24 | File | `bridge/yabbse.inc.php` | High
|
||||
25 | File | `calendar_Eventupdate.asp` | High
|
||||
26 | File | `cal_week.php` | Medium
|
||||
27 | File | `classified_right.php` | High
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 233 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://tria.ge/230811-bmv8ysbf8s/behavioral2
|
||||
* https://tria.ge/230822-xp3lpsgc6v/behavioral2
|
||||
* https://tria.ge/230828-zp22aaah9s/behavioral1
|
||||
* https://www.virustotal.com/gui/file/8ba5c6c94e016941464bc65bd697749e7a2c88fb3a5b420f23cd1aa1ab022eef
|
||||
* https://www.virustotal.com/gui/file/c2e90c45911b7b6e9d46f4dae5bfefa47e50abddd75cc6d5297cddeee23dd002
|
||||
* https://www.virustotal.com/gui/file/f0f22f8f3b308b0d8fae34c9eb65ab1e8fde41f9933ef07d1e819163234adbee
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -58,7 +58,7 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `add_comment.php` | High
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 66 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 67 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
Sommige bestanden werden niet getoond omdat er teveel bestanden zijn veranderd in deze diff Meer weergeven
Laden…
Verwijs in nieuw issue