Update January 2024
This commit is contained in:
parent
1d5ef30cb7
commit
819a7a8241
|
@ -0,0 +1,44 @@
|
|||
# X-Files Stealer - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ X-Files Stealer](https://vuldb.com/?actor._x-files_stealer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor._x-files_stealer](https://vuldb.com/?actor._x-files_stealer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with X-Files Stealer:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of X-Files Stealer.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [91.92.240.39](https://vuldb.com/?ip.91.92.240.39) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _ X-Files Stealer_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://tria.ge/240119-wprzjabfb4
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -67,4 +67,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -34,4 +34,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -50,4 +50,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -29,4 +29,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -37,9 +37,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-22, CWE-24 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -51,35 +52,79 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/addbill.php` | Medium
|
||||
3 | File | `/admin` | Low
|
||||
4 | File | `/admin/` | Low
|
||||
5 | File | `/admin/bwdates-report-details.php` | High
|
||||
6 | File | `/admin/clientview.php` | High
|
||||
7 | File | `/admin/course.php` | High
|
||||
8 | File | `/admin/ind_backstage.php` | High
|
||||
9 | File | `/admin/manage-pages.php` | High
|
||||
10 | File | `/admin/manage-users.php` | High
|
||||
11 | File | `/admin/options-theme.php` | High
|
||||
12 | File | `/admin/pages/subjects.php` | High
|
||||
13 | File | `/admin/pages/yearlevel.php` | High
|
||||
14 | File | `/admin/php/crud.php` | High
|
||||
15 | File | `/admin/regester.php` | High
|
||||
16 | File | `/admin/singlelogin.php?submit=1` | High
|
||||
17 | File | `/admin/subject.php` | High
|
||||
18 | File | `/admin/update-clients.php` | High
|
||||
19 | File | `/admin/upload/img` | High
|
||||
20 | File | `/adplanet/PlanetCommentList` | High
|
||||
21 | File | `/adplanet/PlanetUser` | High
|
||||
22 | File | `/ample/app/action/edit_product.php` | High
|
||||
23 | File | `/api/log/killJob` | High
|
||||
24 | File | `/app/ajax/sell_return_data.php` | High
|
||||
25 | File | `/article/DelectArticleById/` | High
|
||||
26 | File | `/auth/auth.php?user=1` | High
|
||||
27 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
28 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
29 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
30 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
31 | ... | ... | ...
|
||||
5 | File | `/admin/action/add_con.php` | High
|
||||
6 | File | `/admin/action/delete-vaccine.php` | High
|
||||
7 | File | `/admin/action/edit_chicken.php` | High
|
||||
8 | File | `/admin/action/new-father.php` | High
|
||||
9 | File | `/admin/action/new-feed.php` | High
|
||||
10 | File | `/admin/action/update-deworm.php` | High
|
||||
11 | File | `/admin/admin_login_process.php` | High
|
||||
12 | File | `/admin/admin_user.php` | High
|
||||
13 | File | `/admin/book_add.php` | High
|
||||
14 | File | `/admin/book_row.php` | High
|
||||
15 | File | `/admin/borrow_add.php` | High
|
||||
16 | File | `/admin/bwdates-report-details.php` | High
|
||||
17 | File | `/admin/category_row.php` | High
|
||||
18 | File | `/admin/clientview.php` | High
|
||||
19 | File | `/admin/course.php` | High
|
||||
20 | File | `/admin/edit_teacher.php` | High
|
||||
21 | File | `/admin/index.php?act=reset_admin_psw` | High
|
||||
22 | File | `/admin/ind_backstage.php` | High
|
||||
23 | File | `/admin/makehtml_freelist_action.php` | High
|
||||
24 | File | `/admin/manage-pages.php` | High
|
||||
25 | File | `/admin/manage-users.php` | High
|
||||
26 | File | `/Admin/News.php` | High
|
||||
27 | File | `/admin/options-theme.php` | High
|
||||
28 | File | `/admin/pages/edit_chicken.php` | High
|
||||
29 | File | `/admin/pages/student-print.php` | High
|
||||
30 | File | `/admin/pages/subjects.php` | High
|
||||
31 | File | `/admin/pages/update_go.php` | High
|
||||
32 | File | `/admin/pages/yearlevel.php` | High
|
||||
33 | File | `/admin/php/crud.php` | High
|
||||
34 | File | `/admin/regester.php` | High
|
||||
35 | File | `/admin/request-received-bydonar.php` | High
|
||||
36 | File | `/admin/return_add.php` | High
|
||||
37 | File | `/admin/singlelogin.php?submit=1` | High
|
||||
38 | File | `/admin/subject.php` | High
|
||||
39 | File | `/admin/update-clients.php` | High
|
||||
40 | File | `/admin/upload/img` | High
|
||||
41 | File | `/admin/uploads/` | High
|
||||
42 | File | `/admin_route/dec_service_credits.php` | High
|
||||
43 | File | `/admin_route/inc_service_credits.php` | High
|
||||
44 | File | `/adplanet/PlanetCommentList` | High
|
||||
45 | File | `/adplanet/PlanetUser` | High
|
||||
46 | File | `/ample/app/action/edit_product.php` | High
|
||||
47 | File | `/api.php` | Medium
|
||||
48 | File | `/api/log/killJob` | High
|
||||
49 | File | `/app/ajax/sell_return_data.php` | High
|
||||
50 | File | `/app/api/controller/caiji.php` | High
|
||||
51 | File | `/app/api/controller/collect.php` | High
|
||||
52 | File | `/app/api/controller/default/File.php` | High
|
||||
53 | File | `/app/api/controller/default/Sqlite.php` | High
|
||||
54 | File | `/application/pay/controller/Api.php` | High
|
||||
55 | File | `/apps/login_auth.php` | High
|
||||
56 | File | `/apps/reg_go.php` | High
|
||||
57 | File | `/article/DelectArticleById/` | High
|
||||
58 | File | `/assets/php/upload.php` | High
|
||||
59 | File | `/auth/auth.php?user=1` | High
|
||||
60 | File | `/auth/user/all.api` | High
|
||||
61 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
62 | File | `/bin/boa` | Medium
|
||||
63 | File | `/boaform/device_reset.cgi` | High
|
||||
64 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
65 | File | `/boafrm/formMapDelDevice` | High
|
||||
66 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
67 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
68 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
69 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
70 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
71 | File | `/classes/Users.php?f=save` | High
|
||||
72 | File | `/config,admin.jsp` | High
|
||||
73 | File | `/dashboard?controller=UserCollection::createUser` | High
|
||||
74 | File | `/devinfo` | Medium
|
||||
75 | ... | ... | ...
|
||||
|
||||
There are 265 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 655 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -96,4 +141,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -123,7 +123,7 @@ ID | Type | Indicator | Confidence
|
|||
37 | File | `add_edit_cat.asp` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 328 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 330 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -151,4 +151,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -73,4 +73,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -34,4 +34,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -60,4 +60,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -56,14 +56,14 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/api/DownloadUrlResponse.ashx` | High
|
||||
3 | File | `/wbg/core/_includes/authorization.inc.php` | High
|
||||
4 | File | `addentry.php` | Medium
|
||||
5 | File | `data/gbconfiguration.dat` | High
|
||||
6 | File | `detail.php` | Medium
|
||||
2 | File | `/api/cron/settings/setJob/` | High
|
||||
3 | File | `/api/DownloadUrlResponse.ashx` | High
|
||||
4 | File | `/wbg/core/_includes/authorization.inc.php` | High
|
||||
5 | File | `addentry.php` | Medium
|
||||
6 | File | `data/gbconfiguration.dat` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 51 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 52 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -82,4 +82,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -39,4 +39,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -76,7 +76,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -101,33 +101,34 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/api/trackedEntityInstances` | High
|
||||
16 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
17 | File | `/api/v2/cli/commands` | High
|
||||
18 | File | `/bin/ate` | Medium
|
||||
19 | File | `/boat/login.php` | High
|
||||
20 | File | `/book-services.php` | High
|
||||
21 | File | `/booking/show_bookings/` | High
|
||||
22 | File | `/bsms_ci/index.php/book` | High
|
||||
18 | File | `/aux` | Low
|
||||
19 | File | `/bin/ate` | Medium
|
||||
20 | File | `/boat/login.php` | High
|
||||
21 | File | `/book-services.php` | High
|
||||
22 | File | `/booking/show_bookings/` | High
|
||||
23 | File | `/cgi-bin` | Medium
|
||||
24 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
25 | File | `/changePassword` | High
|
||||
26 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
27 | File | `/dashboard/add-blog.php` | High
|
||||
28 | File | `/debug/pprof` | Medium
|
||||
29 | File | `/DXR.axd` | Medium
|
||||
30 | File | `/ecshop/admin/template.php` | High
|
||||
31 | File | `/en/blog-comment-4` | High
|
||||
32 | File | `/env` | Low
|
||||
33 | File | `/forum/away.php` | High
|
||||
34 | File | `/group1/uploa` | High
|
||||
35 | File | `/h/` | Low
|
||||
36 | File | `/medicines/profile.php` | High
|
||||
37 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
38 | File | `/owa/auth/logon.aspx` | High
|
||||
39 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
40 | File | `/reservation/add_message.php` | High
|
||||
41 | File | `/resources//../` | High
|
||||
42 | ... | ... | ...
|
||||
28 | File | `/data/remove` | Medium
|
||||
29 | File | `/debug/pprof` | Medium
|
||||
30 | File | `/DXR.axd` | Medium
|
||||
31 | File | `/ecshop/admin/template.php` | High
|
||||
32 | File | `/en/blog-comment-4` | High
|
||||
33 | File | `/env` | Low
|
||||
34 | File | `/forum/away.php` | High
|
||||
35 | File | `/group1/uploa` | High
|
||||
36 | File | `/h/` | Low
|
||||
37 | File | `/index.php` | Medium
|
||||
38 | File | `/medicines/profile.php` | High
|
||||
39 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
40 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
41 | File | `/owa/auth/logon.aspx` | High
|
||||
42 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 361 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 373 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -155,4 +156,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -86,21 +86,21 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `/Items/*/RemoteImages/Download` | High
|
||||
29 | File | `/menu.html` | Medium
|
||||
30 | File | `/modules/profile/index.php` | High
|
||||
31 | File | `/navigate/navigate_download.php` | High
|
||||
32 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
33 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
34 | File | `/out.php` | Medium
|
||||
35 | File | `/password.html` | High
|
||||
36 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
37 | File | `/plugin` | Low
|
||||
38 | File | `/proc/ioports` | High
|
||||
39 | File | `/property-list/property_view.php` | High
|
||||
40 | File | `/ptms/classes/Users.php` | High
|
||||
41 | File | `/resources//../` | High
|
||||
42 | File | `/rest/api/2/search` | High
|
||||
43 | File | `/s/` | Low
|
||||
44 | File | `/scripts/cpan_config` | High
|
||||
45 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
31 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
32 | File | `/navigate/navigate_download.php` | High
|
||||
33 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
34 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/password.html` | High
|
||||
37 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
38 | File | `/plugin` | Low
|
||||
39 | File | `/proc/ioports` | High
|
||||
40 | File | `/property-list/property_view.php` | High
|
||||
41 | File | `/ptms/classes/Users.php` | High
|
||||
42 | File | `/resources//../` | High
|
||||
43 | File | `/rest/api/2/search` | High
|
||||
44 | File | `/s/` | Low
|
||||
45 | File | `/scripts/cpan_config` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 402 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
@ -127,4 +127,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -94,4 +94,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -17,8 +17,8 @@ The following _campaigns_ are known and can be associated with APT33:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
@ -55,13 +55,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -76,69 +76,74 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/admin/` | Low
|
||||
6 | File | `/admin/?page=reminders/view_reminder` | High
|
||||
7 | File | `/admin/?page=user/list` | High
|
||||
8 | File | `/admin/add_user_modal.php` | High
|
||||
9 | File | `/admin/api/theme-edit/` | High
|
||||
10 | File | `/admin/article/article-edit-run.php` | High
|
||||
11 | File | `/admin/courses/view_course.php` | High
|
||||
12 | File | `/admin/del_category.php` | High
|
||||
13 | File | `/admin/edit_product.php` | High
|
||||
14 | File | `/admin/forgot-password.php` | High
|
||||
15 | File | `/admin/invoice.php` | High
|
||||
16 | File | `/admin/leancloud.php` | High
|
||||
17 | File | `/admin/maintenance/view_designation.php` | High
|
||||
18 | File | `/admin/modal_add_product.php` | High
|
||||
19 | File | `/admin/orders/update_status.php` | High
|
||||
20 | File | `/admin/settings/` | High
|
||||
21 | File | `/admin/students/manage_academic.php` | High
|
||||
22 | File | `/admin/sys_sql_query.php` | High
|
||||
23 | File | `/admin/theme-edit.php` | High
|
||||
24 | File | `/admin/userprofile.php` | High
|
||||
25 | File | `/api/log/killJob` | High
|
||||
26 | File | `/author_posts.php` | High
|
||||
27 | File | `/blog` | Low
|
||||
28 | File | `/book-services.php` | High
|
||||
29 | File | `/booking/show_bookings/` | High
|
||||
30 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
31 | File | `/cas/logout` | Medium
|
||||
32 | File | `/category.php` | High
|
||||
33 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
34 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
35 | File | `/change-language/de_DE` | High
|
||||
36 | File | `/classes/Login.php` | High
|
||||
37 | File | `/classes/Master.php?f=delete_service` | High
|
||||
38 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
39 | File | `/classes/Master.php?f=save_item` | High
|
||||
40 | File | `/cms/notify` | Medium
|
||||
41 | File | `/contact/store` | High
|
||||
42 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
|
||||
43 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
44 | File | `/Duty/AjaxHandle/Write/UploadFile.ashx` | High
|
||||
45 | File | `/ecommerce/support_ticket` | High
|
||||
46 | File | `/en/blog-comment-4` | High
|
||||
47 | File | `/endpoint/add-guest.php` | High
|
||||
48 | File | `/endpoint/add-user.php` | High
|
||||
49 | File | `/file_manager/admin/save_user.php` | High
|
||||
50 | File | `/forum/away.php` | High
|
||||
51 | File | `/general/ipanel/menu_code.php?MENU_TYPE=FAV` | High
|
||||
52 | File | `/goform/RgUrlBlock.asp` | High
|
||||
53 | File | `/goform/WifiBasicSet` | High
|
||||
54 | File | `/h/` | Low
|
||||
55 | File | `/HNAP1/` | Low
|
||||
56 | File | `/home/courses` | High
|
||||
57 | File | `/home/filter_listings` | High
|
||||
58 | File | `/hss/?page=product_per_brand` | High
|
||||
59 | File | `/hss/admin/?page=client/manage_client` | High
|
||||
60 | File | `/hss/admin/?page=user/manage_user` | High
|
||||
61 | File | `/importexport.php` | High
|
||||
62 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
63 | File | `/index.php` | Medium
|
||||
64 | File | `/index.php?controller=GzUser&action=edit&id=1` | High
|
||||
65 | File | `/index.php?pluginApp/to/yzOffice/getFile` | High
|
||||
66 | File | `/jurusan/data` | High
|
||||
67 | File | `/kelasdosen/data` | High
|
||||
68 | ... | ... | ...
|
||||
8 | File | `/admin/action/update-deworm.php` | High
|
||||
9 | File | `/admin/add_user_modal.php` | High
|
||||
10 | File | `/admin/api/theme-edit/` | High
|
||||
11 | File | `/admin/article/article-edit-run.php` | High
|
||||
12 | File | `/admin/courses/view_course.php` | High
|
||||
13 | File | `/admin/del_category.php` | High
|
||||
14 | File | `/admin/edit_product.php` | High
|
||||
15 | File | `/admin/forgot-password.php` | High
|
||||
16 | File | `/admin/invoice.php` | High
|
||||
17 | File | `/admin/leancloud.php` | High
|
||||
18 | File | `/admin/maintenance/view_designation.php` | High
|
||||
19 | File | `/admin/modal_add_product.php` | High
|
||||
20 | File | `/admin/orders/update_status.php` | High
|
||||
21 | File | `/admin/settings/` | High
|
||||
22 | File | `/admin/students/manage_academic.php` | High
|
||||
23 | File | `/admin/sys_sql_query.php` | High
|
||||
24 | File | `/admin/theme-edit.php` | High
|
||||
25 | File | `/admin/update-clients.php` | High
|
||||
26 | File | `/admin/userprofile.php` | High
|
||||
27 | File | `/api/log/killJob` | High
|
||||
28 | File | `/author_posts.php` | High
|
||||
29 | File | `/blog` | Low
|
||||
30 | File | `/book-services.php` | High
|
||||
31 | File | `/booking/show_bookings/` | High
|
||||
32 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
33 | File | `/cas/logout` | Medium
|
||||
34 | File | `/category.php` | High
|
||||
35 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
36 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
37 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
38 | File | `/change-language/de_DE` | High
|
||||
39 | File | `/classes/Login.php` | High
|
||||
40 | File | `/classes/Master.php?f=delete_service` | High
|
||||
41 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
42 | File | `/classes/Master.php?f=save_item` | High
|
||||
43 | File | `/classes/Users.php?f=save` | High
|
||||
44 | File | `/cms/notify` | Medium
|
||||
45 | File | `/contact/store` | High
|
||||
46 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
|
||||
47 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
48 | File | `/Duty/AjaxHandle/Write/UploadFile.ashx` | High
|
||||
49 | File | `/ecommerce/support_ticket` | High
|
||||
50 | File | `/en/blog-comment-4` | High
|
||||
51 | File | `/endpoint/add-guest.php` | High
|
||||
52 | File | `/endpoint/add-user.php` | High
|
||||
53 | File | `/file_manager/admin/save_user.php` | High
|
||||
54 | File | `/forum/away.php` | High
|
||||
55 | File | `/general/ipanel/menu_code.php?MENU_TYPE=FAV` | High
|
||||
56 | File | `/get.php` | Medium
|
||||
57 | File | `/goform/RgUrlBlock.asp` | High
|
||||
58 | File | `/goform/SetOnlineDevName` | High
|
||||
59 | File | `/goform/WifiBasicSet` | High
|
||||
60 | File | `/h/` | Low
|
||||
61 | File | `/hedwig.cgi` | Medium
|
||||
62 | File | `/HNAP1/` | Low
|
||||
63 | File | `/home/courses` | High
|
||||
64 | File | `/home/filter_listings` | High
|
||||
65 | File | `/hss/?page=product_per_brand` | High
|
||||
66 | File | `/hss/admin/?page=client/manage_client` | High
|
||||
67 | File | `/hss/admin/?page=user/manage_user` | High
|
||||
68 | File | `/importexport.php` | High
|
||||
69 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
70 | File | `/index.php` | Medium
|
||||
71 | File | `/index.php?c=api` | High
|
||||
72 | File | `/index.php?controller=GzUser&action=edit&id=1` | High
|
||||
73 | ... | ... | ...
|
||||
|
||||
There are 601 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 643 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -160,4 +165,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -61,4 +61,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -79,4 +79,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -69,4 +69,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -66,12 +66,12 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/librarian/bookdetails.php` | High
|
||||
11 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
12 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
13 | File | `/requests.php` | High
|
||||
14 | File | `/self.key` | Medium
|
||||
15 | File | `/server-status` | High
|
||||
13 | File | `/public/login.htm` | High
|
||||
14 | File | `/requests.php` | High
|
||||
15 | File | `/self.key` | Medium
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 131 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 132 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -120,4 +120,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -63,4 +63,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -56,4 +56,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -27,4 +27,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -61,4 +61,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -68,4 +68,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -27,4 +27,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -32,4 +32,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -58,44 +58,44 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/admin/controller/JobLogController.java` | High
|
||||
8 | File | `/admin/doctors.php` | High
|
||||
9 | File | `/admin/submit-articles` | High
|
||||
10 | File | `/ad_js.php` | Medium
|
||||
11 | File | `/alphaware/summary.php` | High
|
||||
12 | File | `/api/` | Low
|
||||
13 | File | `/api/admin/store/product/list` | High
|
||||
14 | File | `/api/baskets/{name}` | High
|
||||
15 | File | `/api/stl/actions/search` | High
|
||||
16 | File | `/api/sys/login` | High
|
||||
17 | File | `/api/sys/set_passwd` | High
|
||||
18 | File | `/api/trackedEntityInstances` | High
|
||||
19 | File | `/api/v2/cli/commands` | High
|
||||
20 | File | `/attachments` | Medium
|
||||
21 | File | `/bin/ate` | Medium
|
||||
22 | File | `/boat/login.php` | High
|
||||
23 | File | `/booking/show_bookings/` | High
|
||||
24 | File | `/bsms_ci/index.php/book` | High
|
||||
25 | File | `/cgi-bin` | Medium
|
||||
26 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
27 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
28 | File | `/changePassword` | High
|
||||
29 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
30 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
31 | File | `/dashboard/add-blog.php` | High
|
||||
32 | File | `/debug/pprof` | Medium
|
||||
33 | File | `/ecshop/admin/template.php` | High
|
||||
34 | File | `/env` | Low
|
||||
35 | File | `/etc/hosts` | Medium
|
||||
36 | File | `/forum/away.php` | High
|
||||
37 | File | `/goform/setmac` | High
|
||||
38 | File | `/goform/wizard_end` | High
|
||||
39 | File | `/group1/uploa` | High
|
||||
40 | File | `/manage-apartment.php` | High
|
||||
41 | File | `/medicines/profile.php` | High
|
||||
42 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
43 | File | `/pages/apply_vacancy.php` | High
|
||||
44 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
10 | File | `/alphaware/summary.php` | High
|
||||
11 | File | `/api/` | Low
|
||||
12 | File | `/api/admin/store/product/list` | High
|
||||
13 | File | `/api/baskets/{name}` | High
|
||||
14 | File | `/api/stl/actions/search` | High
|
||||
15 | File | `/api/sys/login` | High
|
||||
16 | File | `/api/sys/set_passwd` | High
|
||||
17 | File | `/api/trackedEntityInstances` | High
|
||||
18 | File | `/api/v2/cli/commands` | High
|
||||
19 | File | `/attachments` | Medium
|
||||
20 | File | `/bin/ate` | Medium
|
||||
21 | File | `/boat/login.php` | High
|
||||
22 | File | `/booking/show_bookings/` | High
|
||||
23 | File | `/bsms_ci/index.php/book` | High
|
||||
24 | File | `/cgi-bin` | Medium
|
||||
25 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
26 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
27 | File | `/changePassword` | High
|
||||
28 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
29 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
30 | File | `/dashboard/add-blog.php` | High
|
||||
31 | File | `/debug/pprof` | Medium
|
||||
32 | File | `/ecshop/admin/template.php` | High
|
||||
33 | File | `/env` | Low
|
||||
34 | File | `/etc/hosts` | Medium
|
||||
35 | File | `/forum/away.php` | High
|
||||
36 | File | `/goform/setmac` | High
|
||||
37 | File | `/goform/wizard_end` | High
|
||||
38 | File | `/group1/uploa` | High
|
||||
39 | File | `/manage-apartment.php` | High
|
||||
40 | File | `/medicines/profile.php` | High
|
||||
41 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
42 | File | `/pages/apply_vacancy.php` | High
|
||||
43 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
44 | File | `/proxy` | Low
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -120,4 +120,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -80,4 +80,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -3976,7 +3976,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
@ -3984,7 +3984,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 25 more TTP items available. Please use our online service to access the data.
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -3992,50 +3992,55 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.` | High
|
||||
2 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/admin/action/delete-vaccine.php` | High
|
||||
3 | File | `/admin/add-category.php` | High
|
||||
4 | File | `/admin/add-services.php` | High
|
||||
4 | File | `/admin/borrow_add.php` | High
|
||||
5 | File | `/admin/controller/JobLogController.java` | High
|
||||
6 | File | `/admin/index2.html` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/search-appointment.php` | High
|
||||
9 | File | `/api/authentication/login` | High
|
||||
10 | File | `/api/sys/login` | High
|
||||
11 | File | `/api/sys/set_passwd` | High
|
||||
12 | File | `/api/trackedEntityInstances` | High
|
||||
13 | File | `/api/v1/alerts` | High
|
||||
14 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
15 | File | `/bin/rc4_crypt` | High
|
||||
16 | File | `/cgi-bin/luci/api/switch` | High
|
||||
17 | File | `/cgi-bin/qcmap_auth` | High
|
||||
18 | File | `/changePassword` | High
|
||||
19 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
20 | File | `/conf/` | Low
|
||||
21 | File | `/config/getuser` | High
|
||||
22 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
23 | File | `/dayrui/My/View/main.html` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/ecshop/admin/template.php` | High
|
||||
26 | File | `/etc/init.d/openfire` | High
|
||||
27 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/geoserver/gwc/rest.html` | High
|
||||
30 | File | `/goform/formSysCmd` | High
|
||||
31 | File | `/goform/goform_get_cmd_process` | High
|
||||
32 | File | `/HNAP1` | Low
|
||||
33 | File | `/hosts/firewall/ip` | High
|
||||
34 | File | `/link/` | Low
|
||||
35 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
36 | File | `/login` | Low
|
||||
37 | File | `/metrics` | Medium
|
||||
38 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
39 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
40 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
||||
41 | File | `/out.php` | Medium
|
||||
42 | ... | ... | ...
|
||||
6 | File | `/admin/edit_teacher.php` | High
|
||||
7 | File | `/admin/index2.html` | High
|
||||
8 | File | `/admin/pages/edit_chicken.php` | High
|
||||
9 | File | `/admin/pages/student-print.php` | High
|
||||
10 | File | `/admin/search-appointment.php` | High
|
||||
11 | File | `/admin_route/inc_service_credits.php` | High
|
||||
12 | File | `/api/authentication/login` | High
|
||||
13 | File | `/api/trackedEntityInstances` | High
|
||||
14 | File | `/api /v3/auth` | High
|
||||
15 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
16 | File | `/aux` | Low
|
||||
17 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
18 | File | `/bin/rc4_crypt` | High
|
||||
19 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
20 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
21 | File | `/cgi-bin/luci/api/switch` | High
|
||||
22 | File | `/cgi-bin/qcmap_auth` | High
|
||||
23 | File | `/change-language/de_DE` | High
|
||||
24 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
25 | File | `/config/getuser` | High
|
||||
26 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
27 | File | `/core/admin/categories.php` | High
|
||||
28 | File | `/data/remove` | Medium
|
||||
29 | File | `/dayrui/My/View/main.html` | High
|
||||
30 | File | `/debug/pprof` | Medium
|
||||
31 | File | `/dist/index.js` | High
|
||||
32 | File | `/forum/away.php` | High
|
||||
33 | File | `/goform/formSysCmd` | High
|
||||
34 | File | `/goform/goform_get_cmd_process` | High
|
||||
35 | File | `/hosts/firewall/ip` | High
|
||||
36 | File | `/index.php` | Medium
|
||||
37 | File | `/index.php/ccm/system/file/upload` | High
|
||||
38 | File | `/link/` | Low
|
||||
39 | File | `/log/decodmail.php` | High
|
||||
40 | File | `/login` | Low
|
||||
41 | File | `/metrics` | Medium
|
||||
42 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
43 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
44 | File | `/php/ping.php` | High
|
||||
45 | File | `/register.do` | Medium
|
||||
46 | File | `/register.php` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 365 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 410 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -4059,4 +4064,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -28,4 +28,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -201,4 +201,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -79,26 +79,27 @@ ID | Type | Indicator | Confidence
|
|||
26 | File | `/goforms/rlminfo` | High
|
||||
27 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
28 | File | `/group1/uploa` | High
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/HNAP1/SetClientInfo` | High
|
||||
31 | File | `/hospital/hms/admin/patient-search.php` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
33 | File | `/Items/*/RemoteImages/Download` | High
|
||||
34 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
35 | File | `/menu.html` | Medium
|
||||
36 | File | `/mkshop/Men/profile.php` | High
|
||||
37 | File | `/modules/announcement/index.php?view=edit` | High
|
||||
38 | File | `/modules/profile/index.php` | High
|
||||
39 | File | `/navigate/navigate_download.php` | High
|
||||
40 | File | `/Noxen-master/users.php` | High
|
||||
41 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
42 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
43 | File | `/out.php` | Medium
|
||||
44 | File | `/password.html` | High
|
||||
45 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
46 | ... | ... | ...
|
||||
29 | File | `/hedwig.cgi` | Medium
|
||||
30 | File | `/HNAP1` | Low
|
||||
31 | File | `/HNAP1/SetClientInfo` | High
|
||||
32 | File | `/hospital/hms/admin/patient-search.php` | High
|
||||
33 | File | `/index.php` | Medium
|
||||
34 | File | `/Items/*/RemoteImages/Download` | High
|
||||
35 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
36 | File | `/menu.html` | Medium
|
||||
37 | File | `/mkshop/Men/profile.php` | High
|
||||
38 | File | `/modules/announcement/index.php?view=edit` | High
|
||||
39 | File | `/modules/profile/index.php` | High
|
||||
40 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
41 | File | `/navigate/navigate_download.php` | High
|
||||
42 | File | `/Noxen-master/users.php` | High
|
||||
43 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
44 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
45 | File | `/out.php` | Medium
|
||||
46 | File | `/password.html` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 399 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 404 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -115,4 +116,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -54,4 +54,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -88,4 +88,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -73,4 +73,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -99,4 +99,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -83,4 +83,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
@ -80,40 +80,44 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/categorypage.php` | High
|
||||
13 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
14 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
15 | File | `/company/store` | High
|
||||
16 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
17 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
18 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/DXR.axd` | Medium
|
||||
21 | File | `/etc/passwd` | Medium
|
||||
22 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/geoserver/gwc/rest.html` | High
|
||||
25 | File | `/goform/formSysCmd` | High
|
||||
26 | File | `/h/` | Low
|
||||
27 | File | `/HNAP1` | Low
|
||||
28 | File | `/hosts/firewall/ip` | High
|
||||
29 | File | `/index.php/ccm/system/file/upload` | High
|
||||
30 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
31 | File | `/modals/class_form.php` | High
|
||||
32 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
33 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
34 | File | `/php/ping.php` | High
|
||||
35 | File | `/proxy` | Low
|
||||
36 | File | `/recipe-result` | High
|
||||
37 | File | `/register.do` | Medium
|
||||
38 | File | `/RPS2019Service/status.html` | High
|
||||
39 | File | `/scripts/unlock_tasks.php` | High
|
||||
40 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
41 | File | `/setting` | Medium
|
||||
42 | File | `/sicweb-ajax/tmproot/` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/student/bookdetails.php` | High
|
||||
45 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
|
||||
46 | ... | ... | ...
|
||||
15 | File | `/change-language/de_DE` | High
|
||||
16 | File | `/company/store` | High
|
||||
17 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
18 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
19 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/dist/index.js` | High
|
||||
22 | File | `/DXR.axd` | Medium
|
||||
23 | File | `/etc/passwd` | Medium
|
||||
24 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/geoserver/gwc/rest.html` | High
|
||||
27 | File | `/goform/formSysCmd` | High
|
||||
28 | File | `/healthcare/Admin/consulting_detail.php` | High
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/hosts/firewall/ip` | High
|
||||
31 | File | `/index.php/ccm/system/file/upload` | High
|
||||
32 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
33 | File | `/log/decodmail.php` | High
|
||||
34 | File | `/modals/class_form.php` | High
|
||||
35 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
36 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
37 | File | `/php/ping.php` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/recipe-result` | High
|
||||
40 | File | `/register.do` | Medium
|
||||
41 | File | `/RPS2019Service/status.html` | High
|
||||
42 | File | `/s/index.php?action=statistics` | High
|
||||
43 | File | `/scripts/unlock_tasks.php` | High
|
||||
44 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
45 | File | `/setting` | Medium
|
||||
46 | File | `/sicweb-ajax/tmproot/` | High
|
||||
47 | File | `/spip.php` | Medium
|
||||
48 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
|
||||
49 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 433 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -132,4 +136,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Alien:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -161,14 +161,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-29 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -176,42 +174,55 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/accounts/password_change/` | High
|
||||
2 | File | `/act/ActDao.xml` | High
|
||||
3 | File | `/api/addusers` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/api/upload.php` | High
|
||||
6 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
7 | File | `/api /v3/auth` | High
|
||||
8 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
9 | File | `/bsms_ci/index.php` | High
|
||||
10 | File | `/catalog/compare` | High
|
||||
11 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
12 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
13 | File | `/cgi-bin/downloadFile.cgi` | High
|
||||
14 | File | `/cgi-bin/kerbynet` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
17 | File | `/DXR.axd` | Medium
|
||||
18 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/geoserver/gwc/rest.html` | High
|
||||
21 | File | `/importexport.php` | High
|
||||
22 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
23 | File | `/login` | Low
|
||||
24 | File | `/mhds/clinic/view_details.php` | High
|
||||
25 | File | `/modals/class_form.php` | High
|
||||
26 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
27 | File | `/owa/auth/logon.aspx` | High
|
||||
28 | File | `/php/exportrecord.php` | High
|
||||
29 | File | `/php/ping.php` | High
|
||||
30 | File | `/proc/#####/fd/3` | High
|
||||
31 | File | `/shell` | Low
|
||||
32 | File | `/showfile.php` | High
|
||||
33 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
34 | ... | ... | ...
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/action/new-father.php` | High
|
||||
3 | File | `/admin/admin.php` | High
|
||||
4 | File | `/admin/clientview.php` | High
|
||||
5 | File | `/admin/regester.php` | High
|
||||
6 | File | `/admin/update-clients.php` | High
|
||||
7 | File | `/admin_route/dec_service_credits.php` | High
|
||||
8 | File | `/admin_route/inc_service_credits.php` | High
|
||||
9 | File | `/api/cron/settings/setJob/` | High
|
||||
10 | File | `/api/sys/set_passwd` | High
|
||||
11 | File | `/app/api/controller/default/Sqlite.php` | High
|
||||
12 | File | `/apply.cgi` | Medium
|
||||
13 | File | `/authenticationendpoint/login.do` | High
|
||||
14 | File | `/bin/boa` | Medium
|
||||
15 | File | `/boaform/device_reset.cgi` | High
|
||||
16 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
17 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
18 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
19 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
|
||||
20 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
21 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
22 | File | `/data/remove` | Medium
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/dev/cpu/*/msr` | High
|
||||
25 | File | `/filemanager/upload/drop` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/goform/NatStaticSetting` | High
|
||||
28 | File | `/include/lang-en.php` | High
|
||||
29 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
30 | File | `/manager?action=getlogcat` | High
|
||||
31 | File | `/modules/projects/vw_files.php` | High
|
||||
32 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
33 | File | `/navigation/create?ParentID=%23` | High
|
||||
34 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
35 | File | `/preview.php` | Medium
|
||||
36 | File | `/public/login.htm` | High
|
||||
37 | File | `/sbin/conf.d/SuSEconfig.javarunt` | High
|
||||
38 | File | `/src/Illuminate/Laravel.php` | High
|
||||
39 | File | `/status/` | Medium
|
||||
40 | File | `/sysmanage/updateos.php` | High
|
||||
41 | File | `/usr/bin/write` | High
|
||||
42 | File | `/var/spool/fax/outgoing/.last_run` | High
|
||||
43 | File | `3G/UMTS` | Low
|
||||
44 | File | `400.htm/500.htm` | High
|
||||
45 | File | `abitwhizzy.php` | High
|
||||
46 | File | `acc.php` | Low
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 294 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 411 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -229,4 +240,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -76,4 +76,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -98,4 +98,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,14 +34,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-24 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -49,44 +48,70 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$HOME/.terminfo` | High
|
||||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/admin/category/save` | High
|
||||
4 | File | `/admin/subject.php` | High
|
||||
5 | File | `/api/baskets/{name}` | High
|
||||
6 | File | `/api/gen/clients/{language}` | High
|
||||
7 | File | `/api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest` | High
|
||||
8 | File | `/auth/auth.php?user=1` | High
|
||||
9 | File | `/bin/login` | Medium
|
||||
10 | File | `/bin/mini_upnpd` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/classes/Users.php` | High
|
||||
13 | File | `/config/getuser` | High
|
||||
14 | File | `/DXR.axd` | Medium
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/goform/goform_get_cmd_process` | High
|
||||
17 | File | `/goform/set_LimitClient_cfg` | High
|
||||
18 | File | `/h/autoSaveDraft` | High
|
||||
19 | File | `/h/search?action` | High
|
||||
20 | File | `/HNAP1` | Low
|
||||
21 | File | `/HNAP1/` | Low
|
||||
22 | File | `/hss/admin/?page=products/view_product` | High
|
||||
23 | File | `/importexport.php` | High
|
||||
24 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
25 | File | `/main/doctype.php` | High
|
||||
26 | File | `/main/webservices/additional_webservices.php` | High
|
||||
27 | File | `/mc` | Low
|
||||
28 | File | `/mgmt/` | Low
|
||||
29 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
30 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
31 | File | `/owa/auth/logon.aspx` | High
|
||||
32 | File | `/preview.php` | Medium
|
||||
33 | File | `/register.php` | High
|
||||
34 | File | `/secure/ViewCollectors` | High
|
||||
35 | File | `/server-status` | High
|
||||
36 | ... | ... | ...
|
||||
1 | File | `/accounts_con/register_account` | High
|
||||
2 | File | `/admin` | Low
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/admin_login_process.php` | High
|
||||
5 | File | `/admin/admin_user.php` | High
|
||||
6 | File | `/admin/book_add.php` | High
|
||||
7 | File | `/admin/book_row.php` | High
|
||||
8 | File | `/admin/borrow_add.php` | High
|
||||
9 | File | `/admin/category/save` | High
|
||||
10 | File | `/admin/category_row.php` | High
|
||||
11 | File | `/admin/clientview.php` | High
|
||||
12 | File | `/admin/course.php` | High
|
||||
13 | File | `/admin/courses/manage_course.php` | High
|
||||
14 | File | `/admin/courses/view_course.php` | High
|
||||
15 | File | `/admin/departments/manage_department.php` | High
|
||||
16 | File | `/admin/index.php` | High
|
||||
17 | File | `/admin/ind_backstage.php` | High
|
||||
18 | File | `/admin/makehtml_freelist_action.php` | High
|
||||
19 | File | `/admin/manage-users.php` | High
|
||||
20 | File | `/admin/options-theme.php` | High
|
||||
21 | File | `/admin/pages/subjects.php` | High
|
||||
22 | File | `/admin/pages/yearlevel.php` | High
|
||||
23 | File | `/admin/regester.php` | High
|
||||
24 | File | `/admin/return_add.php` | High
|
||||
25 | File | `/admin/students/manage_academic.php` | High
|
||||
26 | File | `/admin/students/update_status.php` | High
|
||||
27 | File | `/admin/subject.php` | High
|
||||
28 | File | `/admin/update-clients.php` | High
|
||||
29 | File | `/adplanet/PlanetCommentList` | High
|
||||
30 | File | `/adplanet/PlanetUser` | High
|
||||
31 | File | `/ample/app/action/edit_product.php` | High
|
||||
32 | File | `/api.php` | Medium
|
||||
33 | File | `/api/baskets/{name}` | High
|
||||
34 | File | `/api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest` | High
|
||||
35 | File | `/api/log/killJob` | High
|
||||
36 | File | `/app/ajax/sell_return_data.php` | High
|
||||
37 | File | `/app/api/controller/caiji.php` | High
|
||||
38 | File | `/app/api/controller/collect.php` | High
|
||||
39 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
40 | File | `/application/pay/controller/Api.php` | High
|
||||
41 | File | `/article/DelectArticleById/` | High
|
||||
42 | File | `/assets/php/upload.php` | High
|
||||
43 | File | `/auth/auth.php?user=1` | High
|
||||
44 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
45 | File | `/bin/boa` | Medium
|
||||
46 | File | `/boaform/device_reset.cgi` | High
|
||||
47 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
48 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
49 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
50 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
51 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
52 | File | `/cgi/cpaddons_report.pl` | High
|
||||
53 | File | `/classes/Master.php` | High
|
||||
54 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
55 | File | `/config-manager/save` | High
|
||||
56 | File | `/dashboard/createblog` | High
|
||||
57 | File | `/dashboard?controller=UserCollection::createUser` | High
|
||||
58 | File | `/debug/pprof` | Medium
|
||||
59 | File | `/devinfo` | Medium
|
||||
60 | File | `/DXR.axd` | Medium
|
||||
61 | File | `/endpoint/add-guest.php` | High
|
||||
62 | ... | ... | ...
|
||||
|
||||
There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 540 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -104,4 +129,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -80,4 +80,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -78,4 +78,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -123,7 +123,7 @@ ID | Type | Indicator | Confidence
|
|||
63 | File | `bluegate_seo.inc.php` | High
|
||||
64 | ... | ... | ...
|
||||
|
||||
There are 557 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 559 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -142,4 +142,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -24961,14 +24961,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-37 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -24976,78 +24975,51 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/accounts_con/register_account` | High
|
||||
2 | File | `/admin/` | Low
|
||||
3 | File | `/admin/?page=user/list` | High
|
||||
4 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
5 | File | `/admin/controller/JobLogController.java` | High
|
||||
6 | File | `/admin/course.php` | High
|
||||
7 | File | `/admin/courses/manage_course.php` | High
|
||||
8 | File | `/admin/courses/view_course.php` | High
|
||||
9 | File | `/admin/departments/manage_department.php` | High
|
||||
10 | File | `/admin/index.php` | High
|
||||
11 | File | `/admin/ind_backstage.php` | High
|
||||
12 | File | `/admin/list_onlineuser.php` | High
|
||||
13 | File | `/admin/manage-pages.php` | High
|
||||
14 | File | `/admin/manage-users.php` | High
|
||||
15 | File | `/admin/options-theme.php` | High
|
||||
16 | File | `/admin/pages/subjects.php` | High
|
||||
17 | File | `/admin/pages/yearlevel.php` | High
|
||||
18 | File | `/admin/services/view_service.php` | High
|
||||
19 | File | `/admin/settings/` | High
|
||||
20 | File | `/admin/singlelogin.php?submit=1` | High
|
||||
21 | File | `/admin/students/view_student.php` | High
|
||||
22 | File | `/admin/subject.php` | High
|
||||
23 | File | `/admin/theme-edit.php` | High
|
||||
24 | File | `/admin/upload/img` | High
|
||||
25 | File | `/admin/user/manage_user.php` | High
|
||||
26 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
27 | File | `/adplanet/PlanetCommentList` | High
|
||||
28 | File | `/adplanet/PlanetUser` | High
|
||||
29 | File | `/ample/app/ajax/member_data.php` | High
|
||||
30 | File | `/api/log/killJob` | High
|
||||
31 | File | `/api/trackedEntityInstances` | High
|
||||
32 | File | `/api /v3/auth` | High
|
||||
33 | File | `/article/DelectArticleById/` | High
|
||||
34 | File | `/auth/auth.php?user=1` | High
|
||||
35 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
36 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
37 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
38 | File | `/catalog/compare` | High
|
||||
39 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
40 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
41 | File | `/cgi-bin/qcmap_auth` | High
|
||||
42 | File | `/classes/Master.php?f=delete_category` | High
|
||||
43 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
44 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
45 | File | `/classes/Master.php?f=save_item` | High
|
||||
46 | File | `/classes/Users.php?f=save` | High
|
||||
47 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
48 | File | `/config,admin.jsp` | High
|
||||
49 | File | `/download/image` | High
|
||||
50 | File | `/DXR.axd` | Medium
|
||||
51 | File | `/ecommerce/admin/settings/setDiscount.php` | High
|
||||
52 | File | `/endpoint/add-guest.php` | High
|
||||
53 | File | `/endpoint/add-user.php` | High
|
||||
54 | File | `/endpoint/delete-user.php` | High
|
||||
55 | File | `/fax/fax_send.php` | High
|
||||
56 | File | `/file-manager/delete.php` | High
|
||||
57 | File | `/file-manager/upload.php` | High
|
||||
58 | File | `/forum/away.php` | High
|
||||
59 | File | `/FuguHub/cmsdocs/` | High
|
||||
60 | File | `/general/ipanel/menu_code.php?MENU_TYPE=FAV` | High
|
||||
61 | File | `/get_getnetworkconf.cgi` | High
|
||||
62 | File | `/goform/goform_get_cmd_process` | High
|
||||
63 | File | `/HNAP1/` | Low
|
||||
64 | File | `/home/courses` | High
|
||||
65 | File | `/hosts/firewall/ip` | High
|
||||
66 | File | `/importexport.php` | High
|
||||
67 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
68 | File | `/index.php` | Medium
|
||||
69 | File | `/index.php/ccm/system/file/upload` | High
|
||||
70 | ... | ... | ...
|
||||
1 | File | `%PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/admin_user.php` | High
|
||||
5 | File | `/admin/book_add.php` | High
|
||||
6 | File | `/admin/book_row.php` | High
|
||||
7 | File | `/admin/borrow_add.php` | High
|
||||
8 | File | `/admin/clientview.php` | High
|
||||
9 | File | `/admin/edit_teacher.php` | High
|
||||
10 | File | `/admin/index.php?act=reset_admin_psw` | High
|
||||
11 | File | `/admin/manage-users.php` | High
|
||||
12 | File | `/admin/regester.php` | High
|
||||
13 | File | `/admin/return_add.php` | High
|
||||
14 | File | `/admin/students.php` | High
|
||||
15 | File | `/admin/update-clients.php` | High
|
||||
16 | File | `/admin/uploads/` | High
|
||||
17 | File | `/admin/users` | Medium
|
||||
18 | File | `/api/cron/settings/setJob/` | High
|
||||
19 | File | `/api/v4/teams//channels/deleted` | High
|
||||
20 | File | `/api2/html/` | Medium
|
||||
21 | File | `/app/api/controller/caiji.php` | High
|
||||
22 | File | `/app/api/controller/default/Sqlite.php` | High
|
||||
23 | File | `/application/pay/controller/Api.php` | High
|
||||
24 | File | `/apply.cgi` | Medium
|
||||
25 | File | `/auth/user/all.api` | High
|
||||
26 | File | `/authenticationendpoint/login.do` | High
|
||||
27 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
28 | File | `/bin/boa` | Medium
|
||||
29 | File | `/bin/sh` | Low
|
||||
30 | File | `/boaform/device_reset.cgi` | High
|
||||
31 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
32 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
33 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||
34 | File | `/ccm/system/dialogs/file/delete/1/submit` | High
|
||||
35 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
36 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
37 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
38 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
39 | File | `/cgi-bin/login.cgi` | High
|
||||
40 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
|
||||
41 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
42 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 611 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 367 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -25070,4 +25042,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -60,4 +60,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,68 @@
|
|||
# Atomic Stealer - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Atomic Stealer](https://vuldb.com/?actor.atomic_stealer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.atomic_stealer](https://vuldb.com/?actor.atomic_stealer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Atomic Stealer:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Atomic Stealer.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.42.65.108](https://vuldb.com/?ip.5.42.65.108) | - | - | High
|
||||
2 | [185.106.93.154](https://vuldb.com/?ip.185.106.93.154) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Atomic Stealer_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Atomic Stealer. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/display/map` | Medium
|
||||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://russianpanda.com/2024/01/15/Atomic-Stealer-AMOS/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -361,4 +361,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -55,40 +55,40 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin/maintenance/view_designation.php` | High
|
||||
3 | File | `/admin/manage_academic.php` | High
|
||||
4 | File | `/admin/subnets/ripe-query.php` | High
|
||||
5 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
6 | File | `/fw.login.php` | High
|
||||
7 | File | `/gfxpoly/convert.c` | High
|
||||
8 | File | `/GponForm/device_Form?script/` | High
|
||||
9 | File | `/index.php?/manage/channel/addchannel` | High
|
||||
10 | File | `/opac/Actions.php?a=login` | High
|
||||
11 | File | `/opt/tms/bin/cli` | High
|
||||
12 | File | `/out.php` | Medium
|
||||
13 | File | `/settings/account` | High
|
||||
14 | File | `/spip.php` | Medium
|
||||
15 | File | `/var/log/nginx` | High
|
||||
16 | File | `/wp-admin/admin-ajax.php` | High
|
||||
17 | File | `action.php` | Medium
|
||||
18 | File | `actions/beats_uploader.php` | High
|
||||
19 | File | `actions/vote_channel.php` | High
|
||||
20 | File | `ad.cgi` | Low
|
||||
21 | File | `adclick.php` | Medium
|
||||
22 | File | `admin/admin.php` | High
|
||||
23 | File | `Admin/ADM_Pagina.php` | High
|
||||
24 | File | `admin/article.php` | High
|
||||
25 | File | `admin/dashboard.php` | High
|
||||
26 | File | `Admin/edit-admin.php` | High
|
||||
27 | File | `admin/partials/ajax/add_field_to_form.php` | High
|
||||
28 | File | `admin/show.php?rec=update` | High
|
||||
29 | File | `album.asp` | Medium
|
||||
30 | File | `allmanageup.pl` | High
|
||||
31 | File | `allow/block` | Medium
|
||||
32 | File | `AlUpdate.exe` | Medium
|
||||
33 | File | `amadmin.pl` | Medium
|
||||
34 | File | `app/admin/controller/api/Update.php` | High
|
||||
35 | File | `ashmem.c` | Medium
|
||||
5 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
6 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
7 | File | `/fw.login.php` | High
|
||||
8 | File | `/gfxpoly/convert.c` | High
|
||||
9 | File | `/GponForm/device_Form?script/` | High
|
||||
10 | File | `/index.php?/manage/channel/addchannel` | High
|
||||
11 | File | `/opac/Actions.php?a=login` | High
|
||||
12 | File | `/opt/tms/bin/cli` | High
|
||||
13 | File | `/out.php` | Medium
|
||||
14 | File | `/settings/account` | High
|
||||
15 | File | `/spip.php` | Medium
|
||||
16 | File | `/var/log/nginx` | High
|
||||
17 | File | `/way4acs/enroll` | High
|
||||
18 | File | `/wp-admin/admin-ajax.php` | High
|
||||
19 | File | `action.php` | Medium
|
||||
20 | File | `actions/beats_uploader.php` | High
|
||||
21 | File | `actions/vote_channel.php` | High
|
||||
22 | File | `ad.cgi` | Low
|
||||
23 | File | `adclick.php` | Medium
|
||||
24 | File | `admin/admin.php` | High
|
||||
25 | File | `Admin/ADM_Pagina.php` | High
|
||||
26 | File | `admin/article.php` | High
|
||||
27 | File | `admin/dashboard.php` | High
|
||||
28 | File | `Admin/edit-admin.php` | High
|
||||
29 | File | `admin/partials/ajax/add_field_to_form.php` | High
|
||||
30 | File | `admin/show.php?rec=update` | High
|
||||
31 | File | `album.asp` | Medium
|
||||
32 | File | `allmanageup.pl` | High
|
||||
33 | File | `allow/block` | Medium
|
||||
34 | File | `AlUpdate.exe` | Medium
|
||||
35 | File | `amadmin.pl` | Medium
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -105,4 +105,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -2984,15 +2984,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -3001,45 +3001,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/activate_hook.php` | High
|
||||
2 | File | `/admin/` | Low
|
||||
3 | File | `/admin/?page=system_info` | High
|
||||
4 | File | `/admin/add-category.php` | High
|
||||
5 | File | `/admin/add-services.php` | High
|
||||
6 | File | `/admin/ajax.php` | High
|
||||
7 | File | `/admin/ajax.php?action=confirm_order` | High
|
||||
8 | File | `/admin/controller/JobLogController.java` | High
|
||||
9 | File | `/admin/singlelogin.php?submit=1` | High
|
||||
10 | File | `/admin/theme-edit.php` | High
|
||||
11 | File | `/api/snapshot and /api/get_log_file` | High
|
||||
12 | File | `/api/sys/login` | High
|
||||
13 | File | `/api/sys/set_passwd` | High
|
||||
14 | File | `/api/upload.php` | High
|
||||
15 | File | `/api/v1/alerts` | High
|
||||
16 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
17 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
18 | File | `/changePassword` | High
|
||||
19 | File | `/classes/Master.php?f=delete_category` | High
|
||||
20 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
21 | File | `/dashboard/add-blog.php` | High
|
||||
22 | File | `/data/remove` | Medium
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/ecshop/admin/template.php` | High
|
||||
25 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/geoserver/gwc/rest.html` | High
|
||||
28 | File | `/goform/formSysCmd` | High
|
||||
29 | File | `/h/autoSaveDraft` | High
|
||||
30 | File | `/HNAP1/` | Low
|
||||
31 | File | `/home/masterConsole` | High
|
||||
32 | File | `/home/playerOperate` | High
|
||||
33 | File | `/importexport.php` | High
|
||||
34 | File | `/issue` | Low
|
||||
35 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
36 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
37 | File | `/owa/auth/logon.aspx` | High
|
||||
38 | ... | ... | ...
|
||||
8 | File | `/admin/borrow_add.php` | High
|
||||
9 | File | `/admin/clientview.php` | High
|
||||
10 | File | `/admin/controller/JobLogController.java` | High
|
||||
11 | File | `/admin/edit_teacher.php` | High
|
||||
12 | File | `/admin/singlelogin.php?submit=1` | High
|
||||
13 | File | `/admin/theme-edit.php` | High
|
||||
14 | File | `/api/log/killJob` | High
|
||||
15 | File | `/api/snapshot and /api/get_log_file` | High
|
||||
16 | File | `/api/trackedEntityInstances` | High
|
||||
17 | File | `/api/upload.php` | High
|
||||
18 | File | `/app/api/controller/caiji.php` | High
|
||||
19 | File | `/application/pay/controller/Api.php` | High
|
||||
20 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
21 | File | `/boaform/device_reset.cgi` | High
|
||||
22 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
23 | File | `/change-language/de_DE` | High
|
||||
24 | File | `/classes/Master.php?f=delete_category` | High
|
||||
25 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
26 | File | `/dashboard/add-blog.php` | High
|
||||
27 | File | `/data/remove` | Medium
|
||||
28 | File | `/debug/pprof` | Medium
|
||||
29 | File | `/dist/index.js` | High
|
||||
30 | File | `/forum/away.php` | High
|
||||
31 | File | `/geoserver/gwc/rest.html` | High
|
||||
32 | File | `/goform/formSysCmd` | High
|
||||
33 | File | `/HNAP1/` | Low
|
||||
34 | File | `/hosts/firewall/ip` | High
|
||||
35 | File | `/index.php` | Medium
|
||||
36 | File | `/index.php/ccm/system/file/upload` | High
|
||||
37 | File | `/index.php?c=api` | High
|
||||
38 | File | `/issue` | Low
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 324 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 334 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -3060,4 +3061,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -1150,13 +1150,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -1170,51 +1169,50 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin/add-category.php` | High
|
||||
4 | File | `/admin/add-services.php` | High
|
||||
5 | File | `/admin/save.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/download` | High
|
||||
8 | File | `/api/runscript` | High
|
||||
9 | File | `/api/v1/alerts` | High
|
||||
10 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
11 | File | `/appliance/users?action=edit` | High
|
||||
12 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
13 | File | `/category.php` | High
|
||||
14 | File | `/categorypage.php` | High
|
||||
15 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
16 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
17 | File | `/collection/all` | High
|
||||
18 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/fusion/portal/action/Link` | High
|
||||
23 | File | `/geoserver/gwc/rest.html` | High
|
||||
24 | File | `/goform/formSysCmd` | High
|
||||
25 | File | `/HNAP1` | Low
|
||||
26 | File | `/HNAP1/` | Low
|
||||
27 | File | `/importexport.php` | High
|
||||
28 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
29 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
30 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/preview.php` | Medium
|
||||
33 | File | `/proxy` | Low
|
||||
34 | File | `/RPS2019Service/status.html` | High
|
||||
35 | File | `/setting` | Medium
|
||||
36 | File | `/sicweb-ajax/tmproot/` | High
|
||||
37 | File | `/spip.php` | Medium
|
||||
38 | File | `/subsys/net/l2/wifi/wifi_shell.c` | High
|
||||
39 | File | `/SysManage/AddUpdateRole.aspx` | High
|
||||
40 | File | `/sysmanage/updateos.php` | High
|
||||
41 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
|
||||
42 | File | `/TMS/admin/setting/mail/createorupdate` | High
|
||||
43 | File | `/upload/ueditorConfig?action=config` | High
|
||||
44 | File | `/uploads/tags.php` | High
|
||||
45 | File | `/user/inc/workidajax.php` | High
|
||||
46 | File | `/user/ticket/create` | High
|
||||
47 | ... | ... | ...
|
||||
5 | File | `/admin/borrow_add.php` | High
|
||||
6 | File | `/admin/edit_teacher.php` | High
|
||||
7 | File | `/admin/save.php` | High
|
||||
8 | File | `/api/download` | High
|
||||
9 | File | `/api/runscript` | High
|
||||
10 | File | `/api/v1/alerts` | High
|
||||
11 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
12 | File | `/api/v4/teams//channels/deleted` | High
|
||||
13 | File | `/appliance/users?action=edit` | High
|
||||
14 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
15 | File | `/category.php` | High
|
||||
16 | File | `/categorypage.php` | High
|
||||
17 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
18 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
19 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
20 | File | `/change-language/de_DE` | High
|
||||
21 | File | `/collection/all` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/dist/index.js` | High
|
||||
24 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/geoserver/gwc/rest.html` | High
|
||||
27 | File | `/goform/formSysCmd` | High
|
||||
28 | File | `/HNAP1` | Low
|
||||
29 | File | `/HNAP1/` | Low
|
||||
30 | File | `/hosts/firewall/ip` | High
|
||||
31 | File | `/index.php/ccm/system/file/upload` | High
|
||||
32 | File | `/log/decodmail.php` | High
|
||||
33 | File | `/login` | Low
|
||||
34 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
35 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
36 | File | `/out.php` | Medium
|
||||
37 | File | `/php/ping.php` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/register.do` | Medium
|
||||
40 | File | `/register.php` | High
|
||||
41 | File | `/RPS2019Service/status.html` | High
|
||||
42 | File | `/s/index.php?action=statistics` | High
|
||||
43 | File | `/setting` | Medium
|
||||
44 | File | `/sicweb-ajax/tmproot/` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 405 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -1234,4 +1232,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -43,4 +43,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -101,4 +101,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -32,4 +32,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [SH](https://vuldb.com/?country.sh)
|
||||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -247,7 +247,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
224 | [46.183.220.113](https://vuldb.com/?ip.46.183.220.113) | ip-220-113.dataclub.info | - | High
|
||||
225 | ... | ... | ... | ...
|
||||
|
||||
There are 897 more IOC items available. Please use our online service to access the data.
|
||||
There are 898 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -258,7 +258,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -273,43 +273,44 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `%PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.` | High
|
||||
2 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
3 | File | `//proc/kcore` | Medium
|
||||
4 | File | `/admin/general.cgi` | High
|
||||
5 | File | `/admin/index2.html` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/admin/save.php` | High
|
||||
8 | File | `/admin/search-appointment.php` | High
|
||||
9 | File | `/api/admin/system/store/order/list` | High
|
||||
10 | File | `/api/baskets/{name}` | High
|
||||
11 | File | `/api/download` | High
|
||||
12 | File | `/api/v1/alerts` | High
|
||||
13 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
14 | File | `/api/v4/users/ids` | High
|
||||
15 | File | `/apply.cgi` | Medium
|
||||
16 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
17 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
18 | File | `/category.php` | High
|
||||
19 | File | `/categorypage.php` | High
|
||||
20 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
21 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
22 | File | `/config/php.ini` | High
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/etc/shadow` | Medium
|
||||
25 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/geoserver/gwc/rest.html` | High
|
||||
28 | File | `/goform/formSysCmd` | High
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/listplace/user/ticket/create` | High
|
||||
31 | File | `/mhds/clinic/view_details.php` | High
|
||||
32 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
33 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
34 | File | `/proxy` | Low
|
||||
35 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
36 | File | `/RPS2019Service/status.html` | High
|
||||
37 | File | `/setting` | Medium
|
||||
38 | ... | ... | ...
|
||||
4 | File | `/admin/action/delete-vaccine.php` | High
|
||||
5 | File | `/admin/general.cgi` | High
|
||||
6 | File | `/admin/index2.html` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/save.php` | High
|
||||
9 | File | `/admin/search-appointment.php` | High
|
||||
10 | File | `/api/admin/system/store/order/list` | High
|
||||
11 | File | `/api/v1/alerts` | High
|
||||
12 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
13 | File | `/api/v4/users/ids` | High
|
||||
14 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
15 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
16 | File | `/categorypage.php` | High
|
||||
17 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
18 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
19 | File | `/change-language/de_DE` | High
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/dist/index.js` | High
|
||||
22 | File | `/etc/shadow` | Medium
|
||||
23 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
24 | File | `/forms/doLogin` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/geoserver/gwc/rest.html` | High
|
||||
27 | File | `/goform/formSysCmd` | High
|
||||
28 | File | `/HNAP1` | Low
|
||||
29 | File | `/hosts/firewall/ip` | High
|
||||
30 | File | `/index.php/ccm/system/file/upload` | High
|
||||
31 | File | `/listplace/user/ticket/create` | High
|
||||
32 | File | `/log/decodmail.php` | High
|
||||
33 | File | `/mhds/clinic/view_details.php` | High
|
||||
34 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
35 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
36 | File | `/php/ping.php` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 337 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -383,4 +384,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -103,7 +103,7 @@ ID | Type | Indicator | Confidence
|
|||
50 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
51 | ... | ... | ...
|
||||
|
||||
There are 440 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 439 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -130,4 +130,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -55,4 +55,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -66,4 +66,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -66,4 +66,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -94,7 +94,7 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/user/ticket/create` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 41 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 42 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -114,4 +114,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Azorult:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -106,7 +106,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
83 | [46.249.38.134](https://vuldb.com/?ip.46.249.38.134) | - | - | High
|
||||
84 | ... | ... | ... | ...
|
||||
|
||||
There are 331 more IOC items available. Please use our online service to access the data.
|
||||
There are 332 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -115,14 +115,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -156,44 +156,42 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `/admin/reg.php` | High
|
||||
25 | File | `/admin/search-appointment.php` | High
|
||||
26 | File | `/admin/sys_sql_query.php` | High
|
||||
27 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
28 | File | `/alphaware/summary.php` | High
|
||||
29 | File | `/api/` | Low
|
||||
30 | File | `/api/admin/store/product/list` | High
|
||||
31 | File | `/api/baskets/{name}` | High
|
||||
32 | File | `/api/stl/actions/search` | High
|
||||
33 | File | `/api/sys/login` | High
|
||||
34 | File | `/api/sys/set_passwd` | High
|
||||
27 | File | `/alphaware/summary.php` | High
|
||||
28 | File | `/api/` | Low
|
||||
29 | File | `/api/admin/store/product/list` | High
|
||||
30 | File | `/api/baskets/{name}` | High
|
||||
31 | File | `/api/stl/actions/search` | High
|
||||
32 | File | `/api/sys/login` | High
|
||||
33 | File | `/api/sys/set_passwd` | High
|
||||
34 | File | `/api/trackedEntityInstances` | High
|
||||
35 | File | `/api/v2/cli/commands` | High
|
||||
36 | File | `/appliance/users?action=edit` | High
|
||||
37 | File | `/backup.pl` | Medium
|
||||
36 | File | `/api/v4/teams//channels/deleted` | High
|
||||
37 | File | `/appliance/users?action=edit` | High
|
||||
38 | File | `/bin/ate` | Medium
|
||||
39 | File | `/blog` | Low
|
||||
40 | File | `/boat/login.php` | High
|
||||
41 | File | `/booking/show_bookings/` | High
|
||||
42 | File | `/cgi-bin` | Medium
|
||||
43 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
44 | File | `/changePassword` | High
|
||||
45 | File | `/collection/all` | High
|
||||
46 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
47 | File | `/dashboard/add-blog.php` | High
|
||||
48 | File | `/debug/pprof` | Medium
|
||||
49 | File | `/dipam/athlete-profile.php` | High
|
||||
50 | File | `/DXR.axd` | Medium
|
||||
51 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
52 | File | `/ecshop/admin/template.php` | High
|
||||
53 | File | `/edoc/doctor/patient.php` | High
|
||||
54 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
55 | File | `/env` | Low
|
||||
56 | File | `/forum/away.php` | High
|
||||
57 | File | `/fusion/portal/action/Link` | High
|
||||
58 | File | `/group1/uploa` | High
|
||||
59 | File | `/h/autoSaveDraft` | High
|
||||
60 | File | `/HNAP1/` | Low
|
||||
61 | File | `/importexport.php` | High
|
||||
62 | ... | ... | ...
|
||||
43 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
44 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
45 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
46 | File | `/changePassword` | High
|
||||
47 | File | `/collection/all` | High
|
||||
48 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
49 | File | `/dashboard/add-blog.php` | High
|
||||
50 | File | `/data/remove` | Medium
|
||||
51 | File | `/debug/pprof` | Medium
|
||||
52 | File | `/dipam/athlete-profile.php` | High
|
||||
53 | File | `/DXR.axd` | Medium
|
||||
54 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
55 | File | `/ecshop/admin/template.php` | High
|
||||
56 | File | `/edoc/doctor/patient.php` | High
|
||||
57 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
58 | File | `/env` | Low
|
||||
59 | File | `/forum/away.php` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 546 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 528 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -222,4 +220,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [UA](https://vuldb.com/?country.ua)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -41,15 +41,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-25, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -57,72 +56,82 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/?page=bike` | High
|
||||
1 | File | `/admin/` | Low
|
||||
2 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
3 | File | `/admin/ajax.php?action=confirm_order` | High
|
||||
4 | File | `/admin/article/article-edit-run.php` | High
|
||||
5 | File | `/admin/cms_admin.php` | High
|
||||
6 | File | `/admin/controller/JobLogController.java` | High
|
||||
7 | File | `/admin/course.php` | High
|
||||
8 | File | `/admin/courses/manage_course.php` | High
|
||||
9 | File | `/admin/departments/manage_department.php` | High
|
||||
10 | File | `/admin/index.php` | High
|
||||
11 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
12 | File | `/admin/leancloud.php` | High
|
||||
13 | File | `/admin/manage-pages.php` | High
|
||||
14 | File | `/admin/settings/` | High
|
||||
15 | File | `/admin/students/manage_academic.php` | High
|
||||
16 | File | `/admin/students/update_status.php` | High
|
||||
17 | File | `/admin/subject.php` | High
|
||||
18 | File | `/admin/TemplateController.java` | High
|
||||
19 | File | `/admin/theme-edit.php` | High
|
||||
20 | File | `/admin/user/manage_user.php` | High
|
||||
21 | File | `/adplanet/PlanetUser` | High
|
||||
22 | File | `/ample/app/ajax/member_data.php` | High
|
||||
23 | File | `/api/authentication/login` | High
|
||||
24 | File | `/api/DataDictionary/GetItemList` | High
|
||||
25 | File | `/api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest` | High
|
||||
26 | File | `/api/sys/login` | High
|
||||
27 | File | `/api/sys/set_passwd` | High
|
||||
28 | File | `/autheditpwd.php` | High
|
||||
29 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
30 | File | `/category.php` | High
|
||||
31 | File | `/cgi-bin/` | Medium
|
||||
32 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
33 | File | `/changePassword` | High
|
||||
34 | File | `/claire_blake` | High
|
||||
35 | File | `/classes/Master.php` | High
|
||||
36 | File | `/classes/Master.php?f=save_reminder` | High
|
||||
37 | File | `/collection/all` | High
|
||||
38 | File | `/config,admin.jsp` | High
|
||||
39 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
40 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
41 | File | `/core/tools/customblock.php` | High
|
||||
42 | File | `/course/filterRecords/` | High
|
||||
43 | File | `/dashboard/add-blog.php` | High
|
||||
44 | File | `/dashboard/createblog` | High
|
||||
45 | File | `/debug/pprof` | Medium
|
||||
46 | File | `/download/image` | High
|
||||
47 | File | `/ecshop/admin/template.php` | High
|
||||
48 | File | `/edit_user.php` | High
|
||||
49 | File | `/endpoint/add-guest.php` | High
|
||||
50 | File | `/endpoint/add-user.php` | High
|
||||
51 | File | `/endpoint/delete-user.php` | High
|
||||
52 | File | `/etc/hosts.deny` | High
|
||||
53 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
|
||||
54 | File | `/file-manager/delete.php` | High
|
||||
55 | File | `/file-manager/upload.php` | High
|
||||
56 | File | `/find-a-match` | High
|
||||
57 | File | `/forum/away.php` | High
|
||||
58 | File | `/goform/goform_get_cmd_process` | High
|
||||
59 | File | `/home/courses` | High
|
||||
60 | File | `/im/user/` | Medium
|
||||
61 | File | `/importexport.php` | High
|
||||
62 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
63 | File | `/index.php` | Medium
|
||||
64 | ... | ... | ...
|
||||
3 | File | `/admin/action/add_con.php` | High
|
||||
4 | File | `/admin/action/new-father.php` | High
|
||||
5 | File | `/admin/action/new-feed.php` | High
|
||||
6 | File | `/admin/book_add.php` | High
|
||||
7 | File | `/admin/book_row.php` | High
|
||||
8 | File | `/admin/borrow_add.php` | High
|
||||
9 | File | `/admin/bwdates-report-details.php` | High
|
||||
10 | File | `/admin/category_row.php` | High
|
||||
11 | File | `/admin/controller/JobLogController.java` | High
|
||||
12 | File | `/admin/course.php` | High
|
||||
13 | File | `/admin/courses/manage_course.php` | High
|
||||
14 | File | `/admin/departments/manage_department.php` | High
|
||||
15 | File | `/admin/edit_teacher.php` | High
|
||||
16 | File | `/admin/index.php` | High
|
||||
17 | File | `/admin/makehtml_freelist_action.php` | High
|
||||
18 | File | `/admin/manage-pages.php` | High
|
||||
19 | File | `/Admin/News.php` | High
|
||||
20 | File | `/admin/pages/edit_chicken.php` | High
|
||||
21 | File | `/admin/pages/update_go.php` | High
|
||||
22 | File | `/admin/pages/yearlevel.php` | High
|
||||
23 | File | `/admin/php/crud.php` | High
|
||||
24 | File | `/admin/regester.php` | High
|
||||
25 | File | `/admin/return_add.php` | High
|
||||
26 | File | `/admin/settings/` | High
|
||||
27 | File | `/admin/students.php` | High
|
||||
28 | File | `/admin/students/manage_academic.php` | High
|
||||
29 | File | `/admin/students/update_status.php` | High
|
||||
30 | File | `/admin/subject.php` | High
|
||||
31 | File | `/admin/theme-edit.php` | High
|
||||
32 | File | `/admin/user/manage_user.php` | High
|
||||
33 | File | `/admin/users` | Medium
|
||||
34 | File | `/admin_route/dec_service_credits.php` | High
|
||||
35 | File | `/adplanet/PlanetUser` | High
|
||||
36 | File | `/ample/app/action/edit_product.php` | High
|
||||
37 | File | `/ample/app/ajax/member_data.php` | High
|
||||
38 | File | `/api/authentication/login` | High
|
||||
39 | File | `/api/DataDictionary/GetItemList` | High
|
||||
40 | File | `/api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest` | High
|
||||
41 | File | `/api/log/killJob` | High
|
||||
42 | File | `/api/sys/login` | High
|
||||
43 | File | `/api/sys/set_passwd` | High
|
||||
44 | File | `/api/trackedEntityInstances` | High
|
||||
45 | File | `/app/api/controller/default/File.php` | High
|
||||
46 | File | `/application/pay/controller/Api.php` | High
|
||||
47 | File | `/apps/login_auth.php` | High
|
||||
48 | File | `/apps/reg_go.php` | High
|
||||
49 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
50 | File | `/bin/boa` | Medium
|
||||
51 | File | `/boaform/device_reset.cgi` | High
|
||||
52 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
53 | File | `/category.php` | High
|
||||
54 | File | `/ccm/system/dialogs/file/delete/1/submit` | High
|
||||
55 | File | `/cgi-bin/` | Medium
|
||||
56 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
57 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
58 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
59 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
60 | File | `/cgi-bin/R19.9/easy1350.pl` | High
|
||||
61 | File | `/changePassword` | High
|
||||
62 | File | `/claire_blake` | High
|
||||
63 | File | `/classes/Master.php` | High
|
||||
64 | File | `/classes/Master.php?f=save_reminder` | High
|
||||
65 | File | `/classes/Users.php?f=save` | High
|
||||
66 | File | `/clientLogin` | Medium
|
||||
67 | File | `/config,admin.jsp` | High
|
||||
68 | File | `/core/tools/customblock.php` | High
|
||||
69 | File | `/dashboard/createblog` | High
|
||||
70 | File | `/data/remove` | Medium
|
||||
71 | File | `/debug/pprof` | Medium
|
||||
72 | File | `/download.php?file=author.png` | High
|
||||
73 | File | `/download/image` | High
|
||||
74 | ... | ... | ...
|
||||
|
||||
There are 562 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 651 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -139,4 +148,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -71,4 +71,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -66,4 +66,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -122,4 +122,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,7 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -49,7 +52,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `dc_categorieslist.asp` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 14 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -66,4 +69,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -27,4 +27,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -33,4 +33,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -58,4 +58,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -3525,7 +3525,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-274, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
@ -3538,56 +3538,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
4 | File | `/admin/?page=user/list` | High
|
||||
5 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
6 | File | `/admin/about-us.php` | High
|
||||
7 | File | `/admin/add-category.php` | High
|
||||
8 | File | `/admin/add-services.php` | High
|
||||
9 | File | `/admin/controller/JobLogController.java` | High
|
||||
10 | File | `/admin/del_category.php` | High
|
||||
11 | File | `/admin/del_service.php` | High
|
||||
12 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
13 | File | `/admin/edit-services.php` | High
|
||||
14 | File | `/admin/edit_category.php` | High
|
||||
15 | File | `/admin/forgot-password.php` | High
|
||||
16 | File | `/admin/index.php` | High
|
||||
17 | File | `/admin/search-appointment.php` | High
|
||||
18 | File | `/admin/sys_sql_query.php` | High
|
||||
19 | File | `/admin/theme-edit.php` | High
|
||||
20 | File | `/api/baskets/{name}` | High
|
||||
21 | File | `/api/runscript` | High
|
||||
22 | File | `/api/snapshot and /api/get_log_file` | High
|
||||
23 | File | `/api/sys/login` | High
|
||||
24 | File | `/api/sys/set_passwd` | High
|
||||
25 | File | `/api/upload.php` | High
|
||||
26 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
27 | File | `/appliance/users?action=edit` | High
|
||||
28 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
29 | File | `/blog` | Low
|
||||
30 | File | `/booking/show_bookings/` | High
|
||||
31 | File | `/category.php` | High
|
||||
32 | File | `/changePassword` | High
|
||||
33 | File | `/classes/Master.php?f=delete_category` | High
|
||||
34 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
35 | File | `/classes/Master.php?f=save_service` | High
|
||||
36 | File | `/collection/all` | High
|
||||
37 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
38 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
39 | File | `/dashboard/add-blog.php` | High
|
||||
40 | File | `/data/remove` | Medium
|
||||
41 | File | `/debug/pprof` | Medium
|
||||
42 | File | `/download` | Medium
|
||||
43 | File | `/ecshop/admin/template.php` | High
|
||||
44 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
45 | File | `/forum/away.php` | High
|
||||
46 | File | `/fusion/portal/action/Link` | High
|
||||
47 | File | `/group1/uploa` | High
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
3 | File | `/admin/?page=user/list` | High
|
||||
4 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
5 | File | `/admin/about-us.php` | High
|
||||
6 | File | `/admin/add-category.php` | High
|
||||
7 | File | `/admin/add-services.php` | High
|
||||
8 | File | `/admin/borrow_add.php` | High
|
||||
9 | File | `/admin/clientview.php` | High
|
||||
10 | File | `/admin/controller/JobLogController.java` | High
|
||||
11 | File | `/admin/del_category.php` | High
|
||||
12 | File | `/admin/del_service.php` | High
|
||||
13 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
14 | File | `/admin/edit-services.php` | High
|
||||
15 | File | `/admin/edit_category.php` | High
|
||||
16 | File | `/admin/edit_teacher.php` | High
|
||||
17 | File | `/admin/forgot-password.php` | High
|
||||
18 | File | `/admin/index.php` | High
|
||||
19 | File | `/admin/search-appointment.php` | High
|
||||
20 | File | `/admin/sys_sql_query.php` | High
|
||||
21 | File | `/admin/theme-edit.php` | High
|
||||
22 | File | `/api/baskets/{name}` | High
|
||||
23 | File | `/api/log/killJob` | High
|
||||
24 | File | `/api/runscript` | High
|
||||
25 | File | `/api/snapshot and /api/get_log_file` | High
|
||||
26 | File | `/api/sys/login` | High
|
||||
27 | File | `/api/sys/set_passwd` | High
|
||||
28 | File | `/api/trackedEntityInstances` | High
|
||||
29 | File | `/api/upload.php` | High
|
||||
30 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
31 | File | `/api/v4/teams//channels/deleted` | High
|
||||
32 | File | `/app/api/controller/caiji.php` | High
|
||||
33 | File | `/appliance/users?action=edit` | High
|
||||
34 | File | `/application/pay/controller/Api.php` | High
|
||||
35 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
36 | File | `/blog` | Low
|
||||
37 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
38 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
39 | File | `/changePassword` | High
|
||||
40 | File | `/classes/Master.php?f=delete_category` | High
|
||||
41 | File | `/collection/all` | High
|
||||
42 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
43 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
44 | File | `/dashboard/add-blog.php` | High
|
||||
45 | File | `/data/remove` | Medium
|
||||
46 | File | `/debug/pprof` | Medium
|
||||
47 | File | `/download` | Medium
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 415 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 419 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -3605,4 +3605,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -90,20 +90,20 @@ ID | Type | Indicator | Confidence
|
|||
31 | File | `/menu.html` | Medium
|
||||
32 | File | `/mkshop/Men/profile.php` | High
|
||||
33 | File | `/modules/profile/index.php` | High
|
||||
34 | File | `/navigate/navigate_download.php` | High
|
||||
35 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
36 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/password.html` | High
|
||||
39 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
40 | File | `/plugin` | Low
|
||||
41 | File | `/property-list/property_view.php` | High
|
||||
42 | File | `/ptms/classes/Users.php` | High
|
||||
43 | File | `/resources//../` | High
|
||||
44 | File | `/rest/api/2/search` | High
|
||||
34 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
35 | File | `/navigate/navigate_download.php` | High
|
||||
36 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
37 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/password.html` | High
|
||||
40 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
41 | File | `/plugin` | Low
|
||||
42 | File | `/property-list/property_view.php` | High
|
||||
43 | File | `/ptms/classes/Users.php` | High
|
||||
44 | File | `/resources//../` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 391 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 393 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -121,4 +121,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -31,7 +31,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,4 +61,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -75,4 +75,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -67,4 +67,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -60,7 +60,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -98,14 +98,13 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `/mngset/authset` | High
|
||||
29 | File | `/mobile/downloadfile.aspx` | High
|
||||
30 | File | `/net/nfc/netlink.c` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/outgoing.php` | High
|
||||
33 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
34 | File | `/presale/join` | High
|
||||
35 | File | `/public/launchNewWindow.jsp` | High
|
||||
36 | ... | ... | ...
|
||||
31 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
32 | File | `/out.php` | Medium
|
||||
33 | File | `/outgoing.php` | High
|
||||
34 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 307 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -124,4 +123,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bahamut](https://vuldb.com/?actor.bahamut)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bahamut:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bahamut.
|
||||
|
@ -12,6 +18,14 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [134.255.231.233](https://vuldb.com/?ip.134.255.231.233) | vps-zap930219-3.zap-srv.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Bahamut_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1202 | CWE-77 | Command Injection | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
@ -27,4 +41,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bahrain Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
There are 29 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -70,7 +70,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
@ -87,60 +87,65 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/accounts_con/register_account` | High
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/?page=bike` | High
|
||||
5 | File | `/admin/book_add.php` | High
|
||||
6 | File | `/admin/book_row.php` | High
|
||||
7 | File | `/admin/bwdates-report-details.php` | High
|
||||
8 | File | `/admin/course.php` | High
|
||||
9 | File | `/admin/courses/manage_course.php` | High
|
||||
10 | File | `/admin/courses/view_course.php` | High
|
||||
11 | File | `/admin/departments/manage_department.php` | High
|
||||
12 | File | `/admin/index.php` | High
|
||||
13 | File | `/admin/ind_backstage.php` | High
|
||||
14 | File | `/admin/list_addr_fwresource_ip.php` | High
|
||||
15 | File | `/admin/list_onlineuser.php` | High
|
||||
16 | File | `/admin/login.php` | High
|
||||
17 | File | `/admin/manage-pages.php` | High
|
||||
18 | File | `/admin/manage-users.php` | High
|
||||
19 | File | `/admin/options-theme.php` | High
|
||||
20 | File | `/admin/pages/subjects.php` | High
|
||||
21 | File | `/admin/pages/yearlevel.php` | High
|
||||
22 | File | `/admin/students/manage_academic.php` | High
|
||||
23 | File | `/admin/subject.php` | High
|
||||
24 | File | `/admin/theme-edit.php` | High
|
||||
25 | File | `/admin/upload/img` | High
|
||||
26 | File | `/adplanet/PlanetUser` | High
|
||||
27 | File | `/ample/app/ajax/member_data.php` | High
|
||||
28 | File | `/api/authentication/login` | High
|
||||
29 | File | `/api/download` | High
|
||||
30 | File | `/api/v1/alerts` | High
|
||||
31 | File | `/article/DelectArticleById/` | High
|
||||
32 | File | `/auth/auth.php?user=1` | High
|
||||
33 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
34 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
35 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
36 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
37 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
38 | File | `/config,admin.jsp` | High
|
||||
39 | File | `/config-manager/save` | High
|
||||
40 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
41 | File | `/dashboard/createblog` | High
|
||||
42 | File | `/debug/pprof` | Medium
|
||||
43 | File | `/ecommerce/admin/settings/setDiscount.php` | High
|
||||
44 | File | `/endpoint/add-guest.php` | High
|
||||
45 | File | `/endpoint/add-user.php` | High
|
||||
46 | File | `/etc/hosts.deny` | High
|
||||
47 | File | `/file-manager/delete.php` | High
|
||||
48 | File | `/file-manager/upload.php` | High
|
||||
49 | File | `/forum/away.php` | High
|
||||
50 | File | `/geoserver/gwc/rest.html` | High
|
||||
51 | File | `/goform/formSysCmd` | High
|
||||
52 | File | `/h/autoSaveDraft` | High
|
||||
53 | File | `/HNAP1/` | Low
|
||||
54 | ... | ... | ...
|
||||
3 | File | `/addbill.php` | Medium
|
||||
4 | File | `/admin` | Low
|
||||
5 | File | `/admin/` | Low
|
||||
6 | File | `/admin/admin_user.php` | High
|
||||
7 | File | `/admin/book_add.php` | High
|
||||
8 | File | `/admin/book_row.php` | High
|
||||
9 | File | `/admin/borrow_add.php` | High
|
||||
10 | File | `/admin/bwdates-report-details.php` | High
|
||||
11 | File | `/admin/course.php` | High
|
||||
12 | File | `/admin/edit_teacher.php` | High
|
||||
13 | File | `/admin/index.php?act=reset_admin_psw` | High
|
||||
14 | File | `/admin/ind_backstage.php` | High
|
||||
15 | File | `/admin/manage-pages.php` | High
|
||||
16 | File | `/admin/manage-users.php` | High
|
||||
17 | File | `/admin/options-theme.php` | High
|
||||
18 | File | `/admin/pages/subjects.php` | High
|
||||
19 | File | `/admin/pages/yearlevel.php` | High
|
||||
20 | File | `/admin/php/crud.php` | High
|
||||
21 | File | `/admin/regester.php` | High
|
||||
22 | File | `/admin/return_add.php` | High
|
||||
23 | File | `/admin/students.php` | High
|
||||
24 | File | `/admin/subject.php` | High
|
||||
25 | File | `/admin/theme-edit.php` | High
|
||||
26 | File | `/admin/update-clients.php` | High
|
||||
27 | File | `/admin/upload/img` | High
|
||||
28 | File | `/admin/uploads/` | High
|
||||
29 | File | `/admin/users` | Medium
|
||||
30 | File | `/adplanet/PlanetUser` | High
|
||||
31 | File | `/ample/app/action/edit_product.php` | High
|
||||
32 | File | `/ample/app/ajax/member_data.php` | High
|
||||
33 | File | `/api/log/killJob` | High
|
||||
34 | File | `/article/DelectArticleById/` | High
|
||||
35 | File | `/auth/auth.php?user=1` | High
|
||||
36 | File | `/auth/user/all.api` | High
|
||||
37 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
38 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
39 | File | `/bin/boa` | Medium
|
||||
40 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
41 | File | `/ccm/system/dialogs/file/delete/1/submit` | High
|
||||
42 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
43 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
44 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
45 | File | `/change-language/de_DE` | High
|
||||
46 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
47 | File | `/config,admin.jsp` | High
|
||||
48 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
49 | File | `/debug/pprof` | Medium
|
||||
50 | File | `/dist/index.js` | High
|
||||
51 | File | `/endpoint/add-guest.php` | High
|
||||
52 | File | `/endpoint/add-user.php` | High
|
||||
53 | File | `/etc/hosts.deny` | High
|
||||
54 | File | `/file-manager/delete.php` | High
|
||||
55 | File | `/file-manager/upload.php` | High
|
||||
56 | File | `/forum/away.php` | High
|
||||
57 | File | `/goform/formSysCmd` | High
|
||||
58 | File | `/h/autoSaveDraft` | High
|
||||
59 | ... | ... | ...
|
||||
|
||||
There are 468 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 512 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -112,4 +112,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [SH](https://vuldb.com/?country.sh)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -25,12 +25,12 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
2 | [20.102.80.176](https://vuldb.com/?ip.20.102.80.176) | - | - | High
|
||||
3 | [20.150.218.195](https://vuldb.com/?ip.20.150.218.195) | - | - | High
|
||||
4 | [24.199.107.85](https://vuldb.com/?ip.24.199.107.85) | - | - | High
|
||||
5 | [45.42.45.104](https://vuldb.com/?ip.45.42.45.104) | - | - | High
|
||||
6 | [45.79.9.191](https://vuldb.com/?ip.45.79.9.191) | 45-79-9-191.ip.linodeusercontent.com | - | High
|
||||
7 | [45.131.64.31](https://vuldb.com/?ip.45.131.64.31) | 31.64.131.45.in-addr.arpa | - | High
|
||||
5 | [41.216.183.23](https://vuldb.com/?ip.41.216.183.23) | - | - | High
|
||||
6 | [41.216.183.94](https://vuldb.com/?ip.41.216.183.94) | - | - | High
|
||||
7 | [45.42.45.10](https://vuldb.com/?ip.45.42.45.10) | web9-redirect.me | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
|
||||
There are 27 more IOC items available. Please use our online service to access the data.
|
||||
There are 30 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -45,7 +45,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -55,61 +55,65 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `.vscode/cody.json` | High
|
||||
2 | File | `/?r=email/api/mark&op=delFromSend` | High
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin` | Low
|
||||
5 | File | `/admin/courses/view_course.php` | High
|
||||
6 | File | `/Admin/createClass.php` | High
|
||||
7 | File | `/admin/edit_product.php` | High
|
||||
8 | File | `/admin/products/manage_product.php` | High
|
||||
9 | File | `/admin/products/view_product.php` | High
|
||||
10 | File | `/admin/sales/view_details.php` | High
|
||||
11 | File | `/admin/students/view_details.php` | High
|
||||
12 | File | `/admin/sys_sql_query.php` | High
|
||||
13 | File | `/ajax/ajax_login.ashx` | High
|
||||
14 | File | `/api/download/updateFile` | High
|
||||
15 | File | `/api/v1/alerts` | High
|
||||
16 | File | `/blog` | Low
|
||||
17 | File | `/catalog/compare` | High
|
||||
18 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
19 | File | `/collection/all` | High
|
||||
20 | File | `/common/log/list` | High
|
||||
21 | File | `/config/myfield/test.php` | High
|
||||
22 | File | `/dede/freelist_add.php` | High
|
||||
23 | File | `/dede/vote_add.php` | High
|
||||
24 | File | `/ecrire/exec/puce_statut.php` | High
|
||||
25 | File | `/edit_branch.php` | High
|
||||
26 | File | `/endpoint/add-user.php` | High
|
||||
27 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
28 | File | `/files/` | Low
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/goform/SetOnlineDevName` | High
|
||||
31 | File | `/goform/SetPptpServerCfg` | High
|
||||
32 | File | `/goform/SetSysTimeCfg` | High
|
||||
33 | File | `/index.php` | Medium
|
||||
34 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
35 | File | `/log/decodmail.php` | High
|
||||
36 | File | `/login.php?do=login` | High
|
||||
37 | File | `/log_proxy` | Medium
|
||||
38 | File | `/MailAdmin_dll.htm` | High
|
||||
39 | File | `/main/inc/ajax/work.ajax.php` | High
|
||||
40 | File | `/manage-apartment.php` | High
|
||||
41 | File | `/mhds/clinic/view_details.php` | High
|
||||
42 | File | `/mobileredir/openApp.jsp` | High
|
||||
43 | File | `/modules/projects/summary.inc.php` | High
|
||||
44 | File | `/modules/projects/vw_files.php` | High
|
||||
45 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
46 | File | `/northstar/Portal/processlogin.jsp` | High
|
||||
47 | File | `/Noxen-master/users.php` | High
|
||||
48 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
49 | File | `/owa/auth/logon.aspx` | High
|
||||
50 | ... | ... | ...
|
||||
3 | File | `/accounts/login` | High
|
||||
4 | File | `/accounts_con/register_account` | High
|
||||
5 | File | `/admin.php` | Medium
|
||||
6 | File | `/admin/` | Low
|
||||
7 | File | `/admin/action/new-feed.php` | High
|
||||
8 | File | `/admin/book_add.php` | High
|
||||
9 | File | `/admin/courses/view_course.php` | High
|
||||
10 | File | `/admin/database/backup` | High
|
||||
11 | File | `/admin/index.php?act=reset_admin_psw` | High
|
||||
12 | File | `/admin/list_onlineuser.php` | High
|
||||
13 | File | `/admin/sales/view_details.php` | High
|
||||
14 | File | `/admin/students/view_details.php` | High
|
||||
15 | File | `/admin/sys_sql_query.php` | High
|
||||
16 | File | `/ajax/ajax_login.ashx` | High
|
||||
17 | File | `/api/download/updateFile` | High
|
||||
18 | File | `/api/email/update` | High
|
||||
19 | File | `/Attachment/fromImageUrl` | High
|
||||
20 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
21 | File | `/bin/boa` | Medium
|
||||
22 | File | `/blog` | Low
|
||||
23 | File | `/catalog/compare` | High
|
||||
24 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
25 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
26 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
27 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
28 | File | `/classes/Users.php?f=save` | High
|
||||
29 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
30 | File | `/collection/all` | High
|
||||
31 | File | `/common/log/list` | High
|
||||
32 | File | `/content/list.do` | High
|
||||
33 | File | `/dataset/new` | Medium
|
||||
34 | File | `/edit_branch.php` | High
|
||||
35 | File | `/endpoint/add-user.php` | High
|
||||
36 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
37 | File | `/file` | Low
|
||||
38 | File | `/forum/away.php` | High
|
||||
39 | File | `/goform/SetNetControlList` | High
|
||||
40 | File | `/goform/SetOnlineDevName` | High
|
||||
41 | File | `/login` | Low
|
||||
42 | File | `/login.php?do=login` | High
|
||||
43 | File | `/log_proxy` | Medium
|
||||
44 | File | `/MailAdmin_dll.htm` | High
|
||||
45 | File | `/main/inc/ajax/work.ajax.php` | High
|
||||
46 | File | `/me` | Low
|
||||
47 | File | `/mhds/clinic/view_details.php` | High
|
||||
48 | File | `/mobileredir/openApp.jsp` | High
|
||||
49 | File | `/modals/class_form.php` | High
|
||||
50 | File | `/modules/projects/summary.inc.php` | High
|
||||
51 | ... | ... | ...
|
||||
|
||||
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 439 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://search.censys.io/hosts/41.216.183.23
|
||||
* https://search.censys.io/hosts/41.216.183.94
|
||||
* https://search.censys.io/hosts/45.42.45.10
|
||||
* https://threatfox.abuse.ch
|
||||
|
||||
## Literature
|
||||
|
@ -121,4 +125,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -60,39 +60,39 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/api/content/posts/comments` | High
|
||||
5 | File | `/asms/classes/Master.php?f=delete_transaction` | High
|
||||
6 | File | `/bin/posix/src/ports/POSIX/OpENer` | High
|
||||
7 | File | `/cgi-bin/editBookmark` | High
|
||||
8 | File | `/cgi-bin/kerbynet` | High
|
||||
9 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/cimom` | Low
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/domain/add` | Medium
|
||||
14 | File | `/etc/pki/pesign` | High
|
||||
15 | File | `/etc/sudoers` | Medium
|
||||
16 | File | `/goform/addressNat` | High
|
||||
17 | File | `/goform/aspForm` | High
|
||||
18 | File | `/group1/uploa` | High
|
||||
19 | File | `/Home/GetAttachment` | High
|
||||
20 | File | `/include/menu_v.inc.php` | High
|
||||
21 | File | `/index.php/weblinks-categories` | High
|
||||
22 | File | `/librarian/lab.php` | High
|
||||
23 | File | `/main?cmd=invalid_browser` | High
|
||||
24 | File | `/modules/projects/vw_files.php` | High
|
||||
25 | File | `/omos/admin/?page=user/list` | High
|
||||
26 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
27 | File | `/out.php` | Medium
|
||||
28 | File | `/panel/fields/add` | High
|
||||
29 | File | `/patient/settings.php` | High
|
||||
30 | File | `/plain` | Low
|
||||
31 | File | `/proc/*/cmdline"` | High
|
||||
32 | File | `/proc/pid/syscall` | High
|
||||
33 | File | `/sbin/acos_service` | High
|
||||
34 | File | `/search` | Low
|
||||
35 | File | `/show_group_members.php` | High
|
||||
36 | File | `/SysInfo.htm` | Medium
|
||||
7 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
8 | File | `/cgi-bin/editBookmark` | High
|
||||
9 | File | `/cgi-bin/kerbynet` | High
|
||||
10 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/cimom` | Low
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/domain/add` | Medium
|
||||
15 | File | `/etc/pki/pesign` | High
|
||||
16 | File | `/etc/sudoers` | Medium
|
||||
17 | File | `/goform/addressNat` | High
|
||||
18 | File | `/goform/aspForm` | High
|
||||
19 | File | `/group1/uploa` | High
|
||||
20 | File | `/Home/GetAttachment` | High
|
||||
21 | File | `/include/menu_v.inc.php` | High
|
||||
22 | File | `/index.php/weblinks-categories` | High
|
||||
23 | File | `/librarian/lab.php` | High
|
||||
24 | File | `/main?cmd=invalid_browser` | High
|
||||
25 | File | `/me` | Low
|
||||
26 | File | `/modules/projects/vw_files.php` | High
|
||||
27 | File | `/omos/admin/?page=user/list` | High
|
||||
28 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
29 | File | `/out.php` | Medium
|
||||
30 | File | `/panel/fields/add` | High
|
||||
31 | File | `/patient/settings.php` | High
|
||||
32 | File | `/plain` | Low
|
||||
33 | File | `/proc/*/cmdline"` | High
|
||||
34 | File | `/proc/pid/syscall` | High
|
||||
35 | File | `/sbin/acos_service` | High
|
||||
36 | File | `/search` | Low
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 314 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -112,4 +112,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bangladesh Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -607,10 +607,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -624,57 +624,61 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/accounts_con/register_account` | High
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/?page=bike` | High
|
||||
5 | File | `/admin/bwdates-report-details.php` | High
|
||||
6 | File | `/admin/course.php` | High
|
||||
7 | File | `/admin/courses/manage_course.php` | High
|
||||
8 | File | `/admin/courses/view_course.php` | High
|
||||
9 | File | `/admin/departments/manage_department.php` | High
|
||||
10 | File | `/admin/index.php` | High
|
||||
11 | File | `/admin/ind_backstage.php` | High
|
||||
12 | File | `/admin/list_addr_fwresource_ip.php` | High
|
||||
13 | File | `/admin/list_onlineuser.php` | High
|
||||
14 | File | `/admin/manage-pages.php` | High
|
||||
15 | File | `/admin/manage-users.php` | High
|
||||
16 | File | `/admin/options-theme.php` | High
|
||||
17 | File | `/admin/pages/subjects.php` | High
|
||||
18 | File | `/admin/pages/yearlevel.php` | High
|
||||
19 | File | `/admin/students/manage_academic.php` | High
|
||||
20 | File | `/admin/subject.php` | High
|
||||
21 | File | `/admin/theme-edit.php` | High
|
||||
22 | File | `/admin/upload/img` | High
|
||||
23 | File | `/adplanet/PlanetUser` | High
|
||||
24 | File | `/ample/app/ajax/member_data.php` | High
|
||||
25 | File | `/api/authentication/login` | High
|
||||
26 | File | `/article/DelectArticleById/` | High
|
||||
27 | File | `/auth/auth.php?user=1` | High
|
||||
28 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
29 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
30 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
31 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
32 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
33 | File | `/cgi-bin/ping.cgi` | High
|
||||
34 | File | `/config,admin.jsp` | High
|
||||
35 | File | `/config-manager/save` | High
|
||||
36 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
37 | File | `/dashboard/createblog` | High
|
||||
38 | File | `/debug/pprof` | Medium
|
||||
39 | File | `/endpoint/add-guest.php` | High
|
||||
40 | File | `/endpoint/add-user.php` | High
|
||||
41 | File | `/etc/hosts.deny` | High
|
||||
42 | File | `/file-manager/delete.php` | High
|
||||
43 | File | `/file-manager/upload.php` | High
|
||||
44 | File | `/forum/away.php` | High
|
||||
45 | File | `/geoserver/gwc/rest.html` | High
|
||||
46 | File | `/goform/formSysCmd` | High
|
||||
47 | File | `/h/autoSaveDraft` | High
|
||||
48 | File | `/HNAP1/` | Low
|
||||
49 | File | `/hosts/firewall/ip` | High
|
||||
50 | File | `/importexport.php` | High
|
||||
51 | ... | ... | ...
|
||||
3 | File | `/addbill.php` | Medium
|
||||
4 | File | `/admin` | Low
|
||||
5 | File | `/admin/` | Low
|
||||
6 | File | `/admin/admin_user.php` | High
|
||||
7 | File | `/admin/book_add.php` | High
|
||||
8 | File | `/admin/book_row.php` | High
|
||||
9 | File | `/admin/borrow_add.php` | High
|
||||
10 | File | `/admin/bwdates-report-details.php` | High
|
||||
11 | File | `/admin/course.php` | High
|
||||
12 | File | `/admin/edit_teacher.php` | High
|
||||
13 | File | `/admin/index.php?act=reset_admin_psw` | High
|
||||
14 | File | `/admin/ind_backstage.php` | High
|
||||
15 | File | `/admin/manage-pages.php` | High
|
||||
16 | File | `/admin/manage-users.php` | High
|
||||
17 | File | `/admin/options-theme.php` | High
|
||||
18 | File | `/admin/pages/subjects.php` | High
|
||||
19 | File | `/admin/pages/yearlevel.php` | High
|
||||
20 | File | `/admin/php/crud.php` | High
|
||||
21 | File | `/admin/regester.php` | High
|
||||
22 | File | `/admin/return_add.php` | High
|
||||
23 | File | `/admin/students.php` | High
|
||||
24 | File | `/admin/subject.php` | High
|
||||
25 | File | `/admin/update-clients.php` | High
|
||||
26 | File | `/admin/upload/img` | High
|
||||
27 | File | `/admin/uploads/` | High
|
||||
28 | File | `/admin/users` | Medium
|
||||
29 | File | `/adplanet/PlanetUser` | High
|
||||
30 | File | `/ample/app/action/edit_product.php` | High
|
||||
31 | File | `/ample/app/ajax/member_data.php` | High
|
||||
32 | File | `/api/log/killJob` | High
|
||||
33 | File | `/article/DelectArticleById/` | High
|
||||
34 | File | `/auth/auth.php?user=1` | High
|
||||
35 | File | `/auth/user/all.api` | High
|
||||
36 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
37 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
38 | File | `/bin/boa` | Medium
|
||||
39 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
40 | File | `/ccm/system/dialogs/file/delete/1/submit` | High
|
||||
41 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
42 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
43 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
44 | File | `/cgi-bin/ping.cgi` | High
|
||||
45 | File | `/change-language/de_DE` | High
|
||||
46 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
47 | File | `/config,admin.jsp` | High
|
||||
48 | File | `/debug/pprof` | Medium
|
||||
49 | File | `/dist/index.js` | High
|
||||
50 | File | `/endpoint/add-guest.php` | High
|
||||
51 | File | `/endpoint/add-user.php` | High
|
||||
52 | File | `/etc/hosts.deny` | High
|
||||
53 | File | `/file-manager/delete.php` | High
|
||||
54 | File | `/file-manager/upload.php` | High
|
||||
55 | ... | ... | ...
|
||||
|
||||
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 475 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -693,4 +697,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -63,4 +63,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -41,4 +41,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -93,4 +93,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -88,4 +88,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -114,7 +114,7 @@ ID | Type | Indicator | Confidence
|
|||
51 | File | `cat.asp` | Low
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 455 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 453 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -141,4 +141,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -27,4 +27,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -147,38 +147,43 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
124 | [45.81.234.229](https://vuldb.com/?ip.45.81.234.229) | 45.81.234.229.mc-host24.de | - | High
|
||||
125 | [45.85.90.172](https://vuldb.com/?ip.45.85.90.172) | lanenap.sa.com | - | High
|
||||
126 | [45.88.66.177](https://vuldb.com/?ip.45.88.66.177) | - | - | High
|
||||
127 | [45.90.14.172](https://vuldb.com/?ip.45.90.14.172) | chivalrous.acquiretm.com | - | High
|
||||
128 | [45.90.160.173](https://vuldb.com/?ip.45.90.160.173) | - | - | High
|
||||
129 | [45.90.161.73](https://vuldb.com/?ip.45.90.161.73) | - | - | High
|
||||
130 | [45.90.161.92](https://vuldb.com/?ip.45.90.161.92) | - | - | High
|
||||
131 | [45.90.162.184](https://vuldb.com/?ip.45.90.162.184) | - | - | High
|
||||
132 | [45.95.55.54](https://vuldb.com/?ip.45.95.55.54) | flyhosting.de | - | High
|
||||
133 | [45.95.55.232](https://vuldb.com/?ip.45.95.55.232) | flyhosting.de | - | High
|
||||
134 | [45.95.169.115](https://vuldb.com/?ip.45.95.169.115) | - | - | High
|
||||
135 | [45.95.169.119](https://vuldb.com/?ip.45.95.169.119) | 0mrn.hitoritabifans.com | - | High
|
||||
136 | [45.95.169.133](https://vuldb.com/?ip.45.95.169.133) | - | - | High
|
||||
137 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
|
||||
138 | [45.128.153.154](https://vuldb.com/?ip.45.128.153.154) | - | - | High
|
||||
139 | [45.128.232.144](https://vuldb.com/?ip.45.128.232.144) | 144.232.128.45.pfcloud.io | - | High
|
||||
140 | [45.128.232.180](https://vuldb.com/?ip.45.128.232.180) | - | - | High
|
||||
141 | [45.128.234.72](https://vuldb.com/?ip.45.128.234.72) | - | - | High
|
||||
142 | [45.132.88.184](https://vuldb.com/?ip.45.132.88.184) | 45.132.88.184.mc-host24.de | - | High
|
||||
143 | [45.134.10.88](https://vuldb.com/?ip.45.134.10.88) | hosted-by.infraly.co | - | High
|
||||
144 | [45.134.11.110](https://vuldb.com/?ip.45.134.11.110) | mail.knowallthings.com | - | High
|
||||
145 | [45.137.206.188](https://vuldb.com/?ip.45.137.206.188) | hosted-by.varixx.org | - | High
|
||||
146 | [45.140.188.33](https://vuldb.com/?ip.45.140.188.33) | hosted-by.royalehosting.net | - | High
|
||||
147 | [45.140.188.40](https://vuldb.com/?ip.45.140.188.40) | minrow.populatively.com | - | High
|
||||
148 | [45.140.188.109](https://vuldb.com/?ip.45.140.188.109) | hosted-by.royalehosting.net | - | High
|
||||
149 | [45.141.239.114](https://vuldb.com/?ip.45.141.239.114) | - | - | High
|
||||
150 | [45.142.107.167](https://vuldb.com/?ip.45.142.107.167) | tube-hosting.com | - | High
|
||||
151 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
|
||||
152 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
|
||||
153 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
|
||||
154 | [45.148.10.76](https://vuldb.com/?ip.45.148.10.76) | - | - | High
|
||||
155 | [45.148.10.243](https://vuldb.com/?ip.45.148.10.243) | - | - | High
|
||||
156 | ... | ... | ... | ...
|
||||
127 | [45.90.12.75](https://vuldb.com/?ip.45.90.12.75) | hosted-by.royalehosting.net | - | High
|
||||
128 | [45.90.14.172](https://vuldb.com/?ip.45.90.14.172) | chivalrous.acquiretm.com | - | High
|
||||
129 | [45.90.160.173](https://vuldb.com/?ip.45.90.160.173) | - | - | High
|
||||
130 | [45.90.161.73](https://vuldb.com/?ip.45.90.161.73) | - | - | High
|
||||
131 | [45.90.161.92](https://vuldb.com/?ip.45.90.161.92) | - | - | High
|
||||
132 | [45.90.162.184](https://vuldb.com/?ip.45.90.162.184) | - | - | High
|
||||
133 | [45.90.217.165](https://vuldb.com/?ip.45.90.217.165) | vm2572743.firstbyte.club | - | High
|
||||
134 | [45.95.55.54](https://vuldb.com/?ip.45.95.55.54) | flyhosting.de | - | High
|
||||
135 | [45.95.55.232](https://vuldb.com/?ip.45.95.55.232) | flyhosting.de | - | High
|
||||
136 | [45.95.146.38](https://vuldb.com/?ip.45.95.146.38) | host0.aceblackjack.site | - | High
|
||||
137 | [45.95.147.204](https://vuldb.com/?ip.45.95.147.204) | twne.wesubmityours.com | - | High
|
||||
138 | [45.95.169.115](https://vuldb.com/?ip.45.95.169.115) | - | - | High
|
||||
139 | [45.95.169.119](https://vuldb.com/?ip.45.95.169.119) | 0mrn.hitoritabifans.com | - | High
|
||||
140 | [45.95.169.133](https://vuldb.com/?ip.45.95.169.133) | - | - | High
|
||||
141 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
|
||||
142 | [45.128.153.154](https://vuldb.com/?ip.45.128.153.154) | - | - | High
|
||||
143 | [45.128.232.144](https://vuldb.com/?ip.45.128.232.144) | 144.232.128.45.pfcloud.io | - | High
|
||||
144 | [45.128.232.180](https://vuldb.com/?ip.45.128.232.180) | - | - | High
|
||||
145 | [45.128.234.72](https://vuldb.com/?ip.45.128.234.72) | - | - | High
|
||||
146 | [45.132.88.184](https://vuldb.com/?ip.45.132.88.184) | 45.132.88.184.mc-host24.de | - | High
|
||||
147 | [45.134.10.88](https://vuldb.com/?ip.45.134.10.88) | hosted-by.infraly.co | - | High
|
||||
148 | [45.134.11.110](https://vuldb.com/?ip.45.134.11.110) | mail.knowallthings.com | - | High
|
||||
149 | [45.137.206.188](https://vuldb.com/?ip.45.137.206.188) | hosted-by.varixx.org | - | High
|
||||
150 | [45.140.188.33](https://vuldb.com/?ip.45.140.188.33) | hosted-by.royalehosting.net | - | High
|
||||
151 | [45.140.188.40](https://vuldb.com/?ip.45.140.188.40) | minrow.populatively.com | - | High
|
||||
152 | [45.140.188.109](https://vuldb.com/?ip.45.140.188.109) | hosted-by.royalehosting.net | - | High
|
||||
153 | [45.141.239.114](https://vuldb.com/?ip.45.141.239.114) | - | - | High
|
||||
154 | [45.142.107.167](https://vuldb.com/?ip.45.142.107.167) | tube-hosting.com | - | High
|
||||
155 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
|
||||
156 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
|
||||
157 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
|
||||
158 | [45.148.10.76](https://vuldb.com/?ip.45.148.10.76) | - | - | High
|
||||
159 | [45.148.10.243](https://vuldb.com/?ip.45.148.10.243) | - | - | High
|
||||
160 | [45.148.120.80](https://vuldb.com/?ip.45.148.120.80) | - | - | High
|
||||
161 | ... | ... | ... | ...
|
||||
|
||||
There are 619 more IOC items available. Please use our online service to access the data.
|
||||
There are 639 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -194,7 +199,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -202,53 +207,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/act/ActDao.xml` | High
|
||||
3 | File | `/admin/about-us.php` | High
|
||||
4 | File | `/admin/controller/JobLogController.java` | High
|
||||
5 | File | `/admin/user/manage_user.php` | High
|
||||
6 | File | `/admin/userprofile.php` | High
|
||||
4 | File | `/admin/action/delete-vaccine.php` | High
|
||||
5 | File | `/admin/controller/JobLogController.java` | High
|
||||
6 | File | `/admin/index2.html` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/gen/clients/{language}` | High
|
||||
10 | File | `/api/stl/actions/search` | High
|
||||
11 | File | `/api/sys/login` | High
|
||||
12 | File | `/api/sys/set_passwd` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/bin/ate` | Medium
|
||||
15 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
16 | File | `/booking/show_bookings/` | High
|
||||
17 | File | `/cgi-bin` | Medium
|
||||
18 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
19 | File | `/changePassword` | High
|
||||
20 | File | `/College/admin/teacher.php` | High
|
||||
21 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
22 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
23 | File | `/dashboard/add-blog.php` | High
|
||||
24 | File | `/dcim/rack-roles/` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/ecshop/admin/template.php` | High
|
||||
27 | File | `/env` | Low
|
||||
9 | File | `/api/stl/actions/search` | High
|
||||
10 | File | `/api/sys/login` | High
|
||||
11 | File | `/api/sys/set_passwd` | High
|
||||
12 | File | `/api/trackedEntityInstances` | High
|
||||
13 | File | `/bin/ate` | Medium
|
||||
14 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
15 | File | `/booking/show_bookings/` | High
|
||||
16 | File | `/cgi-bin` | Medium
|
||||
17 | File | `/changePassword` | High
|
||||
18 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
19 | File | `/dashboard/add-blog.php` | High
|
||||
20 | File | `/dashboard?controller=UserCollection::createUser` | High
|
||||
21 | File | `/data/remove` | Medium
|
||||
22 | File | `/dcim/rack-roles/` | High
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/ecshop/admin/template.php` | High
|
||||
25 | File | `/env` | Low
|
||||
26 | File | `/film-rating.php` | High
|
||||
27 | File | `/forms/doLogin` | High
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/goform/aspForm` | High
|
||||
30 | File | `/goform/net\_Web\_get_value` | High
|
||||
31 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
32 | File | `/group1/uploa` | High
|
||||
33 | File | `/HNAP1` | Low
|
||||
34 | File | `/home/cavesConsole` | High
|
||||
35 | File | `/inc/parser/xhtml.php` | High
|
||||
36 | File | `/inc/topBarNav.php` | High
|
||||
37 | File | `/index.php` | Medium
|
||||
38 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
39 | File | `/kelas/data` | Medium
|
||||
40 | File | `/listplace/user/ticket/create` | High
|
||||
41 | File | `/mhds/clinic/view_details.php` | High
|
||||
42 | File | `/modules/profile/index.php` | High
|
||||
43 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
44 | File | `/plugin` | Low
|
||||
45 | ... | ... | ...
|
||||
29 | File | `/goform/net\_Web\_get_value` | High
|
||||
30 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
31 | File | `/group1/uploa` | High
|
||||
32 | File | `/home/cavesConsole` | High
|
||||
33 | File | `/inc/parser/xhtml.php` | High
|
||||
34 | File | `/index.php` | Medium
|
||||
35 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
36 | File | `/kelas/data` | Medium
|
||||
37 | File | `/listplace/user/ticket/create` | High
|
||||
38 | File | `/mhds/clinic/view_details.php` | High
|
||||
39 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
40 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
41 | File | `/plugin` | Low
|
||||
42 | File | `/resources//../` | High
|
||||
43 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 389 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 380 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -779,14 +783,22 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/ffbc7447fb975661d129177a04842828bc5928e2f3b6d19c623f41dc324ad4e5/
|
||||
* https://blog.trendmicro.co.jp/archives/20879
|
||||
* https://blog.trendmicro.co.jp/archives/22211
|
||||
* https://search.censys.io/hosts/45.90.12.75
|
||||
* https://search.censys.io/hosts/47.7.145.133
|
||||
* https://search.censys.io/hosts/66.175.213.12
|
||||
* https://search.censys.io/hosts/67.131.57.133
|
||||
* https://search.censys.io/hosts/69.197.142.158
|
||||
* https://search.censys.io/hosts/73.170.133.26
|
||||
* https://search.censys.io/hosts/91.92.240.152
|
||||
* https://search.censys.io/hosts/140.82.33.83
|
||||
* https://search.censys.io/hosts/152.104.161.36
|
||||
* https://search.censys.io/hosts/159.203.71.125
|
||||
* https://search.censys.io/hosts/172.233.214.141
|
||||
* https://search.censys.io/hosts/185.196.9.51
|
||||
* https://search.censys.io/hosts/185.196.9.57
|
||||
* https://search.censys.io/hosts/203.148.17.67
|
||||
* https://search.censys.io/hosts/209.222.18.222
|
||||
* https://search.censys.io/hosts/213.232.235.84
|
||||
* https://threatfox.abuse.ch
|
||||
* https://twitter.com/r3dbU7z/status/1704222237572649048
|
||||
* https://twitter.com/SecureSh3ll/status/1691530482993815552
|
||||
|
@ -801,4 +813,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BazarBackdoor:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -171,15 +171,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -187,44 +186,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?ajax-request=jnews` | High
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/accounts/password_change/` | High
|
||||
3 | File | `/act/ActDao.xml` | High
|
||||
4 | File | `/admin/ajax.php?action=confirm_order` | High
|
||||
5 | File | `/api/addusers` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
8 | File | `/assets/something/services/AppModule.class` | High
|
||||
9 | File | `/authenticationendpoint/login.do` | High
|
||||
10 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
11 | File | `/blog/comment` | High
|
||||
12 | File | `/bsms_ci/index.php` | High
|
||||
13 | File | `/catalog/compare` | High
|
||||
14 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
15 | File | `/cgi-bin/downloadFile.cgi` | High
|
||||
16 | File | `/cgi-bin/kerbynet` | High
|
||||
17 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
18 | File | `/classes/Users.php` | High
|
||||
19 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/DXR.axd` | Medium
|
||||
22 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
23 | File | `/forms/doLogin` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/geoserver/gwc/rest.html` | High
|
||||
26 | File | `/importexport.php` | High
|
||||
27 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
28 | File | `/librarian/bookdetails.php` | High
|
||||
29 | File | `/login` | Low
|
||||
30 | File | `/mhds/clinic/view_details.php` | High
|
||||
31 | File | `/modals/class_form.php` | High
|
||||
32 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
33 | File | `/php-opos/index.php` | High
|
||||
34 | File | `/php/ping.php` | High
|
||||
35 | File | `/plain` | Low
|
||||
36 | ... | ... | ...
|
||||
4 | File | `/admin/clientview.php` | High
|
||||
5 | File | `/admin/regester.php` | High
|
||||
6 | File | `/admin/update-clients.php` | High
|
||||
7 | File | `/api/addusers` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/cron/settings/setJob/` | High
|
||||
10 | File | `/api/sys/set_passwd` | High
|
||||
11 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
12 | File | `/apply.cgi` | Medium
|
||||
13 | File | `/authenticationendpoint/login.do` | High
|
||||
14 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
15 | File | `/blog/comment` | High
|
||||
16 | File | `/boaform/device_reset.cgi` | High
|
||||
17 | File | `/bsms_ci/index.php` | High
|
||||
18 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
19 | File | `/catalog/compare` | High
|
||||
20 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
21 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
22 | File | `/cgi-bin/downloadFile.cgi` | High
|
||||
23 | File | `/cgi-bin/kerbynet` | High
|
||||
24 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
|
||||
25 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
26 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
27 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
28 | File | `/config/getuser` | High
|
||||
29 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
30 | File | `/debug/pprof` | Medium
|
||||
31 | File | `/DXR.axd` | Medium
|
||||
32 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
33 | File | `/forum/away.php` | High
|
||||
34 | File | `/geoserver/gwc/rest.html` | High
|
||||
35 | File | `/importexport.php` | High
|
||||
36 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
37 | File | `/login` | Low
|
||||
38 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
39 | File | `/manager?action=getlogcat` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 312 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 347 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -246,4 +249,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -96,9 +96,10 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
11 | File | `add.php` | Low
|
||||
12 | File | `admin/admin.shtml` | High
|
||||
13 | ... | ... | ...
|
||||
13 | File | `album_add.php` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 106 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 107 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -157,4 +157,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -48,14 +48,14 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/cgi-bin/webproc` | High
|
||||
3 | File | `/crmeb/crmeb/services/UploadService.php` | High
|
||||
4 | File | `/env` | Low
|
||||
5 | File | `/expert_wizard.php` | High
|
||||
6 | File | `/s/` | Low
|
||||
2 | File | `/admin/index2.html` | High
|
||||
3 | File | `/cgi-bin/webproc` | High
|
||||
4 | File | `/crmeb/crmeb/services/UploadService.php` | High
|
||||
5 | File | `/env` | Low
|
||||
6 | File | `/expert_wizard.php` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 46 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 47 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -72,4 +72,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -50,4 +50,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -127,4 +127,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 35 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -2074,14 +2074,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-274, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -2089,57 +2089,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/academy/tutor/filter` | High
|
||||
2 | File | `/admin/?page=bike` | High
|
||||
3 | File | `/admin/?page=user` | High
|
||||
4 | File | `/admin/article/article-edit-run.php` | High
|
||||
5 | File | `/admin/cms_admin.php` | High
|
||||
6 | File | `/admin/cms_content.php` | High
|
||||
7 | File | `/admin/config/uploadicon.php` | High
|
||||
8 | File | `/admin/del_service.php` | High
|
||||
9 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
10 | File | `/admin/leancloud.php` | High
|
||||
11 | File | `/admin/list_addr_fwresource_ip.php` | High
|
||||
12 | File | `/admin/login.php` | High
|
||||
13 | File | `/admin/order.php` | High
|
||||
14 | File | `/admin/plugin.php` | High
|
||||
15 | File | `/admin/save.php` | High
|
||||
16 | File | `/admin/services/manage_service.php` | High
|
||||
17 | File | `/ajax/networking/get_wgkey.php` | High
|
||||
18 | File | `/api/` | Low
|
||||
19 | File | `/api/download` | High
|
||||
20 | File | `/api/es/admin/v3/security/user/1` | High
|
||||
21 | File | `/api/v1/alerts` | High
|
||||
22 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
23 | File | `/api2/html/` | Medium
|
||||
24 | File | `/appliance/users?action=edit` | High
|
||||
25 | File | `/book-services.php` | High
|
||||
26 | File | `/category.php` | High
|
||||
27 | File | `/categorypage.php` | High
|
||||
28 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
29 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
30 | File | `/classes/master.php?f=delete_order` | High
|
||||
31 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
32 | File | `/classes/Master.php?f=save_brand` | High
|
||||
33 | File | `/classes/Master.php?f=save_category` | High
|
||||
34 | File | `/classes/Master.php?f=save_service` | High
|
||||
35 | File | `/classes/Master.php?f=update_order_status` | High
|
||||
36 | File | `/collection/all` | High
|
||||
37 | File | `/config-manager/save` | High
|
||||
38 | File | `/content/templates/` | High
|
||||
39 | File | `/course/filterRecords/` | High
|
||||
40 | File | `/dev/kmem` | Medium
|
||||
41 | File | `/ecommerce/admin/settings/setDiscount.php` | High
|
||||
42 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
43 | File | `/forum/away.php` | High
|
||||
44 | File | `/goform/Diagnosis` | High
|
||||
45 | File | `/HNAP1` | Low
|
||||
46 | File | `/im/user/` | Medium
|
||||
47 | File | `/importexport.php` | High
|
||||
48 | File | `/librarian/bookdetails.php` | High
|
||||
49 | ... | ... | ...
|
||||
1 | File | `/accounts_con/register_account` | High
|
||||
2 | File | `/addbill.php` | Medium
|
||||
3 | File | `/admin` | Low
|
||||
4 | File | `/admin/` | Low
|
||||
5 | File | `/admin/admin_user.php` | High
|
||||
6 | File | `/admin/book_add.php` | High
|
||||
7 | File | `/admin/book_row.php` | High
|
||||
8 | File | `/admin/borrow_add.php` | High
|
||||
9 | File | `/admin/bwdates-report-details.php` | High
|
||||
10 | File | `/admin/course.php` | High
|
||||
11 | File | `/admin/edit_teacher.php` | High
|
||||
12 | File | `/admin/general.cgi` | High
|
||||
13 | File | `/admin/index.php?act=reset_admin_psw` | High
|
||||
14 | File | `/admin/ind_backstage.php` | High
|
||||
15 | File | `/admin/manage-pages.php` | High
|
||||
16 | File | `/admin/manage-users.php` | High
|
||||
17 | File | `/admin/options-theme.php` | High
|
||||
18 | File | `/admin/pages/subjects.php` | High
|
||||
19 | File | `/admin/pages/yearlevel.php` | High
|
||||
20 | File | `/admin/php/crud.php` | High
|
||||
21 | File | `/admin/regester.php` | High
|
||||
22 | File | `/admin/return_add.php` | High
|
||||
23 | File | `/admin/students.php` | High
|
||||
24 | File | `/admin/subject.php` | High
|
||||
25 | File | `/admin/update-clients.php` | High
|
||||
26 | File | `/admin/upload/img` | High
|
||||
27 | File | `/admin/uploads/` | High
|
||||
28 | File | `/admin/users` | Medium
|
||||
29 | File | `/adplanet/PlanetUser` | High
|
||||
30 | File | `/ample/app/action/edit_product.php` | High
|
||||
31 | File | `/ample/app/ajax/member_data.php` | High
|
||||
32 | File | `/api/log/killJob` | High
|
||||
33 | File | `/api/v4/teams//channels/deleted` | High
|
||||
34 | File | `/article/DelectArticleById/` | High
|
||||
35 | File | `/auth/auth.php?user=1` | High
|
||||
36 | File | `/auth/user/all.api` | High
|
||||
37 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
38 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
39 | File | `/bin/boa` | Medium
|
||||
40 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
41 | File | `/bypass/config` | High
|
||||
42 | File | `/ccm/system/dialogs/file/delete/1/submit` | High
|
||||
43 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
44 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
45 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
46 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
47 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
48 | File | `/change-language/de_DE` | High
|
||||
49 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
50 | File | `/config,admin.jsp` | High
|
||||
51 | File | `/debug/pprof` | Medium
|
||||
52 | File | `/dist/index.js` | High
|
||||
53 | File | `/endpoint/add-guest.php` | High
|
||||
54 | File | `/endpoint/add-user.php` | High
|
||||
55 | File | `/etc/hosts.deny` | High
|
||||
56 | File | `/file-manager/delete.php` | High
|
||||
57 | File | `/file-manager/upload.php` | High
|
||||
58 | File | `/forum/away.php` | High
|
||||
59 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 425 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -2158,4 +2169,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue