Update

2022-06-28 10:28:01 +02:00 · 2022-06-28 10:28:01 +02:00 · a5a5219532
--- a/Gang/README.md
+++ b/Gang/README.md
@ -0,0 +1,60 @@
+# 8220 Gang - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [8220 Gang](https://vuldb.com/?actor.8220_gang). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.8220_gang](https://vuldb.com/?actor.8220_gang)
+
+## Campaigns
+
+The following _campaigns_ are known and can be associated with 8220 Gang:
+
+* CVE-2022-26134
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with 8220 Gang:
+
+* [US](https://vuldb.com/?country.us)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of 8220 Gang.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [51.79.175.139](https://vuldb.com/?ip.51.79.175.139) | vps-dc8b0481.vps.ovh.ca | CVE-2022-26134 | High
+2 | [51.255.171.23](https://vuldb.com/?ip.51.255.171.23) | vps-fc1a1567.vps.ovh.net | CVE-2022-26134 | High
+3 | [146.59.198.38](https://vuldb.com/?ip.146.59.198.38) | vps-19ede15a.vps.ovh.net | CVE-2022-26134 | High
+4 | ... | ... | ... | ...
+
+There are 2 more IOC items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by 8220 Gang. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `data/gbconfiguration.dat` | High
+2 | File | `inc/config.php` | High
+3 | Argument | `basePath` | Medium
+4 | ... | ... | ...
+
+There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://blog.checkpoint.com/2022/06/09/crypto-miners-leveraging-atlassian-zero-day-vulnerability/
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/APT1/README.md
+++ b/actors/APT1/README.md
@ -68,7 +68,7 @@ ID | Type | Indicator | Confidence
 3 | File | `adm/boardgroup_form_update.php` | High
 4 | ... | ... | ...

-There are 18 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 19 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT10/README.md
+++ b/actors/APT10/README.md
@ -87,29 +87,30 @@ ID | Type | Indicator | Confidence
 9 | File | `/modules/profile/index.php` | High
 10 | File | `/one_church/userregister.php` | High
 11 | File | `/out.php` | Medium
-12 | File | `/public/plugins/` | High
-13 | File | `/SAP_Information_System/controllers/add_admin.php` | High
-14 | File | `/SASWebReportStudio/logonAndRender.do` | High
-15 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-16 | File | `/secure/admin/ViewInstrumentation.jspa` | High
-17 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
-18 | File | `/system/proxy` | High
-19 | File | `/tmp/phpglibccheck` | High
-20 | File | `/uncpath/` | Medium
-21 | File | `/v2/quantum/save-data-upload-big-file` | High
-22 | File | `4.edu.php` | Medium
-23 | File | `adclick.php` | Medium
-24 | File | `add.php` | Low
-25 | File | `addentry.php` | Medium
-26 | File | `addressbookprovider.php` | High
-27 | File | `admin.jcomments.php` | High
-28 | File | `admin/pageUploadCSV.php` | High
-29 | File | `ajax_udf.php` | Medium
-30 | File | `AppCompatCache.exe` | High
-31 | File | `application.js.php` | High
-32 | ... | ... | ...
+12 | File | `/owa/auth/logon.aspx` | High
+13 | File | `/public/plugins/` | High
+14 | File | `/SAP_Information_System/controllers/add_admin.php` | High
+15 | File | `/SASWebReportStudio/logonAndRender.do` | High
+16 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+17 | File | `/secure/admin/ViewInstrumentation.jspa` | High
+18 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
+19 | File | `/system/proxy` | High
+20 | File | `/tmp/phpglibccheck` | High
+21 | File | `/uncpath/` | Medium
+22 | File | `/v2/quantum/save-data-upload-big-file` | High
+23 | File | `4.edu.php` | Medium
+24 | File | `adclick.php` | Medium
+25 | File | `add.php` | Low
+26 | File | `addentry.php` | Medium
+27 | File | `addressbookprovider.php` | High
+28 | File | `admin.jcomments.php` | High
+29 | File | `admin/pageUploadCSV.php` | High
+30 | File | `ajax_udf.php` | Medium
+31 | File | `AppCompatCache.exe` | High
+32 | File | `application.js.php` | High
+33 | ... | ... | ...

-There are 276 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT17/README.md
+++ b/actors/APT17/README.md
@ -61,7 +61,7 @@ ID | Type | Indicator | Confidence
 5 | File | `data/gbconfiguration.dat` | High
 6 | ... | ... | ...

-There are 38 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 40 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT19/README.md
+++ b/actors/APT19/README.md
@ -14,6 +14,7 @@ The following _campaigns_ are known and can be associated with APT19:

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT19:

+* [GB](https://vuldb.com/?country.gb)
 * [CN](https://vuldb.com/?country.cn)

 ## IOC - Indicator of Compromise
--- a/actors/APT27/README.md
+++ b/actors/APT27/README.md
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...

-There are 11 more country items available. Please use our online service to access the data.
+There are 12 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -67,37 +67,38 @@ ID | Type | Indicator | Confidence
 6 | File | `/etc/shadow` | Medium
 7 | File | `/goform/telnet` | High
 8 | File | `/infusions/shoutbox_panel/shoutbox_admin.php` | High
-9 | File | `/modules/profile/index.php` | High
-10 | File | `/oscommerce/admin/currencies.php` | High
-11 | File | `/proc/pid/syscall` | High
-12 | File | `/rapi/read_url` | High
-13 | File | `/rom-0` | Low
-14 | File | `/session/list/allActiveSession` | High
-15 | File | `/syslog_rules` | High
-16 | File | `/tmp/phpglibccheck` | High
-17 | File | `/uncpath/` | Medium
-18 | File | `/upload` | Low
-19 | File | `/users/{id}` | Medium
-20 | File | `/var/tmp/sess_*` | High
-21 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
-22 | File | `/video` | Low
-23 | File | `actionphp/download.File.php` | High
-24 | File | `ActivityManagerService.java` | High
-25 | File | `adaptmap_reg.c` | High
-26 | File | `add_comment.php` | High
-27 | File | `admin.cgi` | Medium
-28 | File | `admin.php` | Medium
-29 | File | `admin.php?action=files` | High
-30 | File | `admin/admin.php` | High
-31 | File | `admin/content.php` | High
-32 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
-33 | File | `admin/modules/master_file/rda_cmc.php?keywords` | High
-34 | File | `affich.php` | Medium
-35 | File | `agent/Core/Controller/SendRequest.cpp` | High
-36 | File | `album_portal.php` | High
-37 | ... | ... | ...
+9 | File | `/lan.asp` | Medium
+10 | File | `/modules/profile/index.php` | High
+11 | File | `/oscommerce/admin/currencies.php` | High
+12 | File | `/proc/pid/syscall` | High
+13 | File | `/rapi/read_url` | High
+14 | File | `/rom-0` | Low
+15 | File | `/session/list/allActiveSession` | High
+16 | File | `/syslog_rules` | High
+17 | File | `/tmp/phpglibccheck` | High
+18 | File | `/uncpath/` | Medium
+19 | File | `/upload` | Low
+20 | File | `/users/{id}` | Medium
+21 | File | `/var/tmp/sess_*` | High
+22 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
+23 | File | `/video` | Low
+24 | File | `actionphp/download.File.php` | High
+25 | File | `ActivityManagerService.java` | High
+26 | File | `adaptmap_reg.c` | High
+27 | File | `add_comment.php` | High
+28 | File | `admin.cgi` | Medium
+29 | File | `admin.php` | Medium
+30 | File | `admin.php?action=files` | High
+31 | File | `admin/admin.php` | High
+32 | File | `admin/content.php` | High
+33 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
+34 | File | `admin/modules/master_file/rda_cmc.php?keywords` | High
+35 | File | `affich.php` | Medium
+36 | File | `agent/Core/Controller/SendRequest.cpp` | High
+37 | File | `album_portal.php` | High
+38 | ... | ... | ...

-There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 326 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT28/README.md
+++ b/actors/APT28/README.md
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 The following _campaigns_ are known and can be associated with APT28:

 * Carberp
+* CVE-2022-30190
 * Fysbis
-* Global Brute Force
 * ...

-There are 3 more campaign items available. Please use our online service to access the data.
+There are 4 more campaign items available. Please use our online service to access the data.

 ## Countries

@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * ...

-There are 3 more country items available. Please use our online service to access the data.
+There are 4 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -37,50 +37,51 @@ ID | IP address | Hostname | Campaign | Confidence
 3 | [5.100.155.91](https://vuldb.com/?ip.5.100.155.91) | 5.100.155-91.publicdomainregistry.com | - | High
 4 | [5.135.183.154](https://vuldb.com/?ip.5.135.183.154) | ns3290077.ip-5-135-183.eu | Sednit | High
 5 | [5.199.171.58](https://vuldb.com/?ip.5.199.171.58) | - | - | High
-6 | [23.163.0.59](https://vuldb.com/?ip.23.163.0.59) | naomi.rem2d.com | - | High
-7 | [23.227.196.21](https://vuldb.com/?ip.23.227.196.21) | 23-227-196-21.static.hvvc.us | - | High
-8 | [23.227.196.215](https://vuldb.com/?ip.23.227.196.215) | 23-227-196-215.static.hvvc.us | - | High
-9 | [23.227.196.217](https://vuldb.com/?ip.23.227.196.217) | 23-227-196-217.static.hvvc.us | - | High
-10 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | - | High
-11 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | - | High
-12 | [31.220.43.99](https://vuldb.com/?ip.31.220.43.99) | - | Sednit | High
-13 | [31.220.61.251](https://vuldb.com/?ip.31.220.61.251) | - | - | High
-14 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | - | High
-15 | [45.32.129.185](https://vuldb.com/?ip.45.32.129.185) | 45.32.129.185.vultr.com | - | Medium
-16 | [45.32.227.21](https://vuldb.com/?ip.45.32.227.21) | 45.32.227.21.mobiltel.mx | - | High
-17 | [45.64.105.23](https://vuldb.com/?ip.45.64.105.23) | - | - | High
-18 | [45.124.132.127](https://vuldb.com/?ip.45.124.132.127) | - | - | High
-19 | [46.19.138.66](https://vuldb.com/?ip.46.19.138.66) | ab2.alchibasystems.in.net | - | High
-20 | [46.21.147.55](https://vuldb.com/?ip.46.21.147.55) | 46-21-147-55.static.hvvc.us | - | High
-21 | [46.21.147.71](https://vuldb.com/?ip.46.21.147.71) | 46-21-147-71.static.hvvc.us | - | High
-22 | [46.21.147.76](https://vuldb.com/?ip.46.21.147.76) | 46-21-147-76.static.hvvc.us | - | High
-23 | [46.148.17.227](https://vuldb.com/?ip.46.148.17.227) | - | - | High
-24 | [46.166.162.90](https://vuldb.com/?ip.46.166.162.90) | - | Pawn Storm | High
-25 | [46.183.217.74](https://vuldb.com/?ip.46.183.217.74) | ip-217-74.dataclub.info | Pawn Storm | High
-26 | [51.38.128.110](https://vuldb.com/?ip.51.38.128.110) | vps-0a3489af.vps.ovh.net | - | High
-27 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
-28 | [51.254.158.57](https://vuldb.com/?ip.51.254.158.57) | - | - | High
-29 | [54.37.104.106](https://vuldb.com/?ip.54.37.104.106) | piber.connectedlists.com | - | High
-30 | [58.49.58.58](https://vuldb.com/?ip.58.49.58.58) | - | - | High
-31 | [62.113.232.197](https://vuldb.com/?ip.62.113.232.197) | - | - | High
-32 | [66.172.11.207](https://vuldb.com/?ip.66.172.11.207) | ip-66-172-11-207.chunkhost.com | Carberp | High
-33 | [66.172.12.133](https://vuldb.com/?ip.66.172.12.133) | - | - | High
-34 | [69.12.73.174](https://vuldb.com/?ip.69.12.73.174) | 69.12.73.174.static.quadranet.com | Sednit | High
-35 | [70.85.221.10](https://vuldb.com/?ip.70.85.221.10) | server002.nilsson-it.dk | - | High
-36 | [70.85.221.20](https://vuldb.com/?ip.70.85.221.20) | 14.dd.5546.static.theplanet.com | Pawn Storm | High
-37 | [76.74.177.251](https://vuldb.com/?ip.76.74.177.251) | ip-76-74-177-251.chunkhost.com | - | High
-38 | [77.81.98.122](https://vuldb.com/?ip.77.81.98.122) | no-rdns.clues.ro | - | High
-39 | [77.83.247.81](https://vuldb.com/?ip.77.83.247.81) | - | Global Brute Force | High
-40 | [78.153.151.222](https://vuldb.com/?ip.78.153.151.222) | smtp33.pristavka-fr.ru | - | High
-41 | [80.83.115.187](https://vuldb.com/?ip.80.83.115.187) | host3.smtpnoida.biz | - | High
-42 | [80.255.3.93](https://vuldb.com/?ip.80.255.3.93) | - | - | High
-43 | [80.255.3.94](https://vuldb.com/?ip.80.255.3.94) | set121.com | - | High
-44 | [80.255.6.15](https://vuldb.com/?ip.80.255.6.15) | - | - | High
-45 | [80.255.10.236](https://vuldb.com/?ip.80.255.10.236) | - | - | High
-46 | [81.17.30.29](https://vuldb.com/?ip.81.17.30.29) | - | - | High
-47 | ... | ... | ... | ...
+6 | [18.130.154.13](https://vuldb.com/?ip.18.130.154.13) | ec2-18-130-154-13.eu-west-2.compute.amazonaws.com | - | Medium
+7 | [18.133.205.135](https://vuldb.com/?ip.18.133.205.135) | ec2-18-133-205-135.eu-west-2.compute.amazonaws.com | - | Medium
+8 | [18.133.249.238](https://vuldb.com/?ip.18.133.249.238) | ec2-18-133-249-238.eu-west-2.compute.amazonaws.com | - | Medium
+9 | [23.163.0.59](https://vuldb.com/?ip.23.163.0.59) | naomi.rem2d.com | - | High
+10 | [23.227.196.21](https://vuldb.com/?ip.23.227.196.21) | 23-227-196-21.static.hvvc.us | - | High
+11 | [23.227.196.215](https://vuldb.com/?ip.23.227.196.215) | 23-227-196-215.static.hvvc.us | - | High
+12 | [23.227.196.217](https://vuldb.com/?ip.23.227.196.217) | 23-227-196-217.static.hvvc.us | - | High
+13 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | - | High
+14 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | - | High
+15 | [31.220.43.99](https://vuldb.com/?ip.31.220.43.99) | - | Sednit | High
+16 | [31.220.61.251](https://vuldb.com/?ip.31.220.61.251) | - | - | High
+17 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | - | High
+18 | [45.32.129.185](https://vuldb.com/?ip.45.32.129.185) | 45.32.129.185.vultr.com | - | Medium
+19 | [45.32.227.21](https://vuldb.com/?ip.45.32.227.21) | 45.32.227.21.mobiltel.mx | - | High
+20 | [45.64.105.23](https://vuldb.com/?ip.45.64.105.23) | - | - | High
+21 | [45.124.132.127](https://vuldb.com/?ip.45.124.132.127) | - | - | High
+22 | [46.19.138.66](https://vuldb.com/?ip.46.19.138.66) | ab2.alchibasystems.in.net | - | High
+23 | [46.21.147.55](https://vuldb.com/?ip.46.21.147.55) | 46-21-147-55.static.hvvc.us | - | High
+24 | [46.21.147.71](https://vuldb.com/?ip.46.21.147.71) | 46-21-147-71.static.hvvc.us | - | High
+25 | [46.21.147.76](https://vuldb.com/?ip.46.21.147.76) | 46-21-147-76.static.hvvc.us | - | High
+26 | [46.148.17.227](https://vuldb.com/?ip.46.148.17.227) | - | - | High
+27 | [46.166.162.90](https://vuldb.com/?ip.46.166.162.90) | - | Pawn Storm | High
+28 | [46.183.217.74](https://vuldb.com/?ip.46.183.217.74) | ip-217-74.dataclub.info | Pawn Storm | High
+29 | [51.38.128.110](https://vuldb.com/?ip.51.38.128.110) | vps-0a3489af.vps.ovh.net | - | High
+30 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
+31 | [51.254.158.57](https://vuldb.com/?ip.51.254.158.57) | - | - | High
+32 | [54.37.104.106](https://vuldb.com/?ip.54.37.104.106) | piber.connectedlists.com | - | High
+33 | [58.49.58.58](https://vuldb.com/?ip.58.49.58.58) | - | - | High
+34 | [62.113.232.197](https://vuldb.com/?ip.62.113.232.197) | - | - | High
+35 | [66.172.11.207](https://vuldb.com/?ip.66.172.11.207) | ip-66-172-11-207.chunkhost.com | Carberp | High
+36 | [66.172.12.133](https://vuldb.com/?ip.66.172.12.133) | - | - | High
+37 | [69.12.73.174](https://vuldb.com/?ip.69.12.73.174) | 69.12.73.174.static.quadranet.com | Sednit | High
+38 | [70.85.221.10](https://vuldb.com/?ip.70.85.221.10) | server002.nilsson-it.dk | - | High
+39 | [70.85.221.20](https://vuldb.com/?ip.70.85.221.20) | 14.dd.5546.static.theplanet.com | Pawn Storm | High
+40 | [76.74.177.251](https://vuldb.com/?ip.76.74.177.251) | ip-76-74-177-251.chunkhost.com | - | High
+41 | [77.81.98.122](https://vuldb.com/?ip.77.81.98.122) | no-rdns.clues.ro | - | High
+42 | [77.83.247.81](https://vuldb.com/?ip.77.83.247.81) | - | Global Brute Force | High
+43 | [78.153.151.222](https://vuldb.com/?ip.78.153.151.222) | smtp33.pristavka-fr.ru | - | High
+44 | [80.83.115.187](https://vuldb.com/?ip.80.83.115.187) | host3.smtpnoida.biz | - | High
+45 | [80.255.3.93](https://vuldb.com/?ip.80.255.3.93) | - | - | High
+46 | [80.255.3.94](https://vuldb.com/?ip.80.255.3.94) | set121.com | - | High
+47 | [80.255.6.15](https://vuldb.com/?ip.80.255.6.15) | - | - | High
+48 | ... | ... | ... | ...

-There are 184 more IOC items available. Please use our online service to access the data.
+There are 188 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -131,15 +132,15 @@ ID | Type | Indicator | Confidence
 28 | File | `apcupsd.pid` | Medium
 29 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
 30 | File | `api/sms/send-sms` | High
-31 | File | `api/v1/alarms` | High
-32 | ... | ... | ...
+31 | ... | ... | ...

-There are 275 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

+* https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/
 * https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf
 * https://github.com/blackorbird/APT_REPORT/blob/master/APT28/IOC/2019-04-05-ioc-mark.txt
 * https://github.com/blackorbird/APT_REPORT/blob/master/APT28/IOC/2019-04-09-ioc-mark.txt
@ -149,6 +150,9 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/
 * https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/
 * https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/2015.11.04_Evolving_Threats/cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf
+* https://twitter.com/teamcymru_S2/status/1540390942510927873
+* https://twitter.com/teamcymru_S2/status/1540390947665616897
+* https://twitter.com/teamcymru_S2/status/1540390955882319876
 * https://unit42.paloaltonetworks.com/a-look-into-fysbis-sofacys-linux-backdoor/
 * https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign/
 * https://unit42.paloaltonetworks.com/unit42-new-sofacy-attacks-against-us-government-agency/
--- a/actors/APT29/README.md
+++ b/actors/APT29/README.md
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...

-There are 23 more country items available. Please use our online service to access the data.
+There are 22 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -76,23 +76,23 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/?module=users&section=cpanel&page=list` | High
+1 | File | `//proc/kcore` | Medium
 2 | File | `/admin/?page=system_info/contact_info` | High
-3 | File | `/admin/login.php` | High
-4 | File | `/admin/powerline` | High
+3 | File | `/admin/dl_sendmail.php` | High
+4 | File | `/admin/login.php` | High
 5 | File | `/admin/produts/controller.php` | High
-6 | File | `/admin/syslog` | High
-7 | File | `/admin/user/team` | High
-8 | File | `/api/upload` | Medium
-9 | File | `/bcms/admin/?page=user/list` | High
-10 | File | `/cgi-bin/system_mgr.cgi` | High
-11 | File | `/common/logViewer/logViewer.jsf` | High
-12 | File | `/context/%2e/WEB-INF/web.xml` | High
-13 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
-14 | File | `/debug/pprof` | Medium
-15 | File | `/fuel/index.php/fuel/logs/items` | High
-16 | File | `/goform/aspForm` | High
-17 | File | `/hocms/classes/Master.php?f=delete_collection` | High
+6 | File | `/admin/user/team` | High
+7 | File | `/Ap4RtpAtom.cpp` | High
+8 | File | `/bcms/admin/?page=user/list` | High
+9 | File | `/bsms/?page=manage_account` | High
+10 | File | `/context/%2e/WEB-INF/web.xml` | High
+11 | File | `/dashboard/reports/logs/view` | High
+12 | File | `/debug/pprof` | Medium
+13 | File | `/fuel/index.php/fuel/logs/items` | High
+14 | File | `/fuel/sitevariables/delete/4` | High
+15 | File | `/goform/aspForm` | High
+16 | File | `/hocms/classes/Master.php?f=delete_collection` | High
+17 | File | `/librarian/bookdetails.php` | High
 18 | File | `/mgmt/tm/util/bash` | High
 19 | File | `/monitoring` | Medium
 20 | File | `/ms/cms/content/list.do` | High
@ -101,21 +101,20 @@ ID | Type | Indicator | Confidence
 23 | File | `/plesk-site-preview/` | High
 24 | File | `/proc/<pid>/status` | High
 25 | File | `/public/plugins/` | High
-26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-27 | File | `/secure/QueryComponent!Default.jspa` | High
-28 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
-29 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-30 | File | `/student-grading-system/rms.php?page=grade` | High
-31 | File | `/tmp` | Low
-32 | File | `/uncpath/` | Medium
-33 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
-34 | File | `/wp-json/wc/v3/webhooks` | High
-35 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-36 | File | `ABuffer.cpp` | Medium
-37 | File | `AccountManagerService.java` | High
-38 | ... | ... | ...
+26 | File | `/school/model/get_admin_profile.php` | High
+27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+28 | File | `/secure/QueryComponent!Default.jspa` | High
+29 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
+30 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+31 | File | `/student-grading-system/rms.php?page=grade` | High
+32 | File | `/timeline2.php` | High
+33 | File | `/tmp` | Low
+34 | File | `/uncpath/` | Medium
+35 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
+36 | File | `/wp-json/wc/v3/webhooks` | High
+37 | ... | ... | ...

-There are 330 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT3/README.md
+++ b/actors/APT3/README.md
@ -72,36 +72,37 @@ ID | Type | Indicator | Confidence
 16 | File | `/goforms/rlminfo` | High
 17 | File | `/login` | Low
 18 | File | `/navigate/navigate_download.php` | High
-19 | File | `/out.php` | Medium
-20 | File | `/owa/auth/logon.aspx` | High
-21 | File | `/p` | Low
-22 | File | `/password.html` | High
-23 | File | `/proc/ioports` | High
-24 | File | `/property-list/property_view.php` | High
-25 | File | `/ptms/classes/Users.php` | High
-26 | File | `/rest` | Low
-27 | File | `/rest/api/2/search` | High
-28 | File | `/s/` | Low
-29 | File | `/scripts/cpan_config` | High
-30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-31 | File | `/services/system/setup.json` | High
-32 | File | `/uncpath/` | Medium
-33 | File | `/vloggers_merch/?p=view_product` | High
-34 | File | `/webconsole/APIController` | High
-35 | File | `/websocket/exec` | High
-36 | File | `/wp-admin/admin-ajax.php` | High
-37 | File | `/wp-json` | Medium
-38 | File | `/wp-json/oembed/1.0/embed?url` | High
-39 | File | `/_next` | Low
-40 | File | `4.edu.php\conn\function.php` | High
-41 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-42 | File | `adclick.php` | Medium
-43 | File | `addentry.php` | Medium
-44 | File | `add_comment.php` | High
-45 | File | `admin/category.inc.php` | High
-46 | ... | ... | ...
+19 | File | `/ocwbs/admin/?page=user/manage_user` | High
+20 | File | `/ofrs/admin/?page=user/manage_user` | High
+21 | File | `/out.php` | Medium
+22 | File | `/owa/auth/logon.aspx` | High
+23 | File | `/p` | Low
+24 | File | `/password.html` | High
+25 | File | `/proc/ioports` | High
+26 | File | `/property-list/property_view.php` | High
+27 | File | `/ptms/classes/Users.php` | High
+28 | File | `/rest` | Low
+29 | File | `/rest/api/2/search` | High
+30 | File | `/s/` | Low
+31 | File | `/scripts/cpan_config` | High
+32 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+33 | File | `/services/system/setup.json` | High
+34 | File | `/uncpath/` | Medium
+35 | File | `/vloggers_merch/?p=view_product` | High
+36 | File | `/webconsole/APIController` | High
+37 | File | `/websocket/exec` | High
+38 | File | `/wp-admin/admin-ajax.php` | High
+39 | File | `/wp-json` | Medium
+40 | File | `/wp-json/oembed/1.0/embed?url` | High
+41 | File | `/_next` | Low
+42 | File | `4.edu.php\conn\function.php` | High
+43 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+44 | File | `adclick.php` | Medium
+45 | File | `addentry.php` | Medium
+46 | File | `admin/category.inc.php` | High
+47 | ... | ... | ...

-There are 400 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 404 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT33/README.md
+++ b/actors/APT33/README.md
@ -18,7 +18,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [PT](https://vuldb.com/?country.pt)
 * [SV](https://vuldb.com/?country.sv)
-* [DE](https://vuldb.com/?country.de)
+* [FR](https://vuldb.com/?country.fr)
 * ...

 There are 7 more country items available. Please use our online service to access the data.
@ -56,7 +56,7 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307 | Improper Restriction of Excessive Authentication Attempts | High
+3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

 There are 6 more TTP items available. Please use our online service to access the data.
@ -68,41 +68,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `../FILEDIR` | Medium
-2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
-3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
-4 | File | `/admin.php/pic/admin/lists/zhuan` | High
-5 | File | `/admin.php/pic/admin/type/save` | High
-6 | File | `/admin.php/singer/admin/lists/zhuan` | High
-7 | File | `/admin.php/singer/admin/singer/del` | High
-8 | File | `/admin/?page=system_info/contact_info` | High
-9 | File | `/admin/add_post.php` | High
+2 | File | `/admin.php/pic/admin/lists/zhuan` | High
+3 | File | `/admin.php/pic/admin/type/save` | High
+4 | File | `/admin.php/singer/admin/lists/zhuan` | High
+5 | File | `/admin.php/singer/admin/singer/del` | High
+6 | File | `/admin/?page=system_info/contact_info` | High
+7 | File | `/admin/add_post.php` | High
+8 | File | `/admin/conferences/list/` | High
+9 | File | `/admin/dl_sendmail.php` | High
 10 | File | `/admin/dl_sendsms.php` | High
-11 | File | `/Ap4RtpAtom.cpp` | High
-12 | File | `/api/programs/orgUnits?programs` | High
-13 | File | `/asms/classes/Master.php?f=save_product` | High
-14 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
-15 | File | `/car-rental-management-system/admin/manage_booking.php` | High
-16 | File | `/car-rental-management-system/admin/manage_user.php` | High
-17 | File | `/cardo/api` | Medium
-18 | File | `/cgi-bin` | Medium
-19 | File | `/cgi-bin/login.cgi` | High
-20 | File | `/checklogin.jsp` | High
-21 | File | `/cms/admin/?page=invoice/view_invoice` | High
-22 | File | `/cms/classes/Master.php?f=delete_invoice` | High
-23 | File | `/ctpms/admin/?page=individuals/view_individual` | High
-24 | File | `/ctpms/admin/applications/update_status.php` | High
-25 | File | `/ctpms/classes/Users.php?f=save` | High
-26 | File | `/dms/admin/reports/daily_collection_report.php` | High
-27 | File | `/expense_action.php` | High
-28 | File | `/food/admin/all_users.php` | High
-29 | File | `/goform/aspForm` | High
-30 | File | `/goform/form2Dhcpip` | High
-31 | File | `/goform/RgDhcp` | High
-32 | File | `/goform/RgUrlBlock.asp` | High
-33 | File | `/goform/saveParentControlInfo` | High
-34 | ... | ... | ...
+11 | File | `/admin/featured.php` | High
+12 | File | `/admin/general.cgi` | High
+13 | File | `/admin/general/change-lang` | High
+14 | File | `/admin/renewaldue.php` | High
+15 | File | `/admin/showbad.php` | High
+16 | File | `/admin/ztliuyan_sendmail.php` | High
+17 | File | `/Ap4RtpAtom.cpp` | High
+18 | File | `/api/programs/orgUnits?programs` | High
+19 | File | `/asms/classes/Master.php?f=save_product` | High
+20 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
+21 | File | `/bsms/?page=manage_account` | High
+22 | File | `/car-rental-management-system/admin/manage_booking.php` | High
+23 | File | `/car-rental-management-system/admin/manage_user.php` | High
+24 | File | `/cardo/api` | Medium
+25 | File | `/cgi-bin` | Medium
+26 | File | `/checklogin.jsp` | High
+27 | File | `/ctpms/classes/Users.php?f=save` | High
+28 | File | `/dashboard/blocks/stacks/view_details/` | High
+29 | File | `/expense_action.php` | High
+30 | File | `/ffos/admin/sales/receipt.php` | High
+31 | File | `/food/admin/all_users.php` | High
+32 | File | `/goform/aspForm` | High
+33 | File | `/goform/RgDhcp` | High
+34 | File | `/goform/RgUrlBlock.asp` | High
+35 | ... | ... | ...

-There are 294 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 299 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT34/README.md
+++ b/actors/APT34/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [IR](https://vuldb.com/?country.ir)
 * ...

-There are 9 more country items available. Please use our online service to access the data.
+There are 10 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -81,13 +81,12 @@ ID | Type | Indicator | Confidence
 21 | File | `/var/log/nginx` | High
 22 | File | `/wp-content/plugins/updraftplus/admin.php` | High
 23 | File | `actions.hsp` | Medium
-24 | File | `addentry.php` | Medium
-25 | File | `add_to_cart.php` | High
-26 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
-27 | File | `admin/config/confmgr.php` | High
-28 | ... | ... | ...
+24 | File | `add_to_cart.php` | High
+25 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
+26 | File | `ajax.php` | Medium
+27 | ... | ... | ...

-There are 236 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 230 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT36/README.md
+++ b/actors/APT36/README.md
@ -92,7 +92,7 @@ ID | Type | Indicator | Confidence
 27 | File | `content.php` | Medium
 28 | ... | ... | ...

-There are 234 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 236 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/APT41/README.md
+++ b/actors/APT41/README.md
@ -91,34 +91,35 @@ ID | Type | Indicator | Confidence
 15 | File | `/mgmt/tm/util/bash` | High
 16 | File | `/module/admin_logs` | High
 17 | File | `/nova/bin/console` | High
-18 | File | `/public/login.htm` | High
-19 | File | `/public/plugins/` | High
-20 | File | `/replication` | Medium
-21 | File | `/SASWebReportStudio/logonAndRender.do` | High
-22 | File | `/scas/classes/Users.php?f=save_user` | High
-23 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-24 | File | `/secure/admin/ViewInstrumentation.jspa` | High
-25 | File | `/secure/QueryComponent!Default.jspa` | High
-26 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
-27 | File | `/start-stop` | Medium
-28 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
-29 | File | `/tmp/app/.env` | High
-30 | File | `/uncpath/` | Medium
-31 | File | `/upload` | Low
-32 | File | `/usr/bin/pkexec` | High
-33 | File | `/v2/quantum/save-data-upload-big-file` | High
-34 | File | `/WEB-INF/web.xml` | High
-35 | File | `/wp-admin/admin-ajax.php` | High
-36 | File | `/wp-admin/options.php` | High
-37 | File | `/_next` | Low
-38 | File | `adclick.php` | Medium
-39 | File | `addentry.php` | Medium
-40 | File | `addrating.php` | High
-41 | File | `admin.php` | Medium
-42 | File | `admin.php/comments/batchdel/` | High
-43 | ... | ... | ...
+18 | File | `/owa/auth/logon.aspx` | High
+19 | File | `/public/login.htm` | High
+20 | File | `/public/plugins/` | High
+21 | File | `/replication` | Medium
+22 | File | `/SASWebReportStudio/logonAndRender.do` | High
+23 | File | `/scas/classes/Users.php?f=save_user` | High
+24 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+25 | File | `/secure/admin/ViewInstrumentation.jspa` | High
+26 | File | `/secure/QueryComponent!Default.jspa` | High
+27 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
+28 | File | `/start-stop` | Medium
+29 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
+30 | File | `/tmp/app/.env` | High
+31 | File | `/uncpath/` | Medium
+32 | File | `/upload` | Low
+33 | File | `/usr/bin/pkexec` | High
+34 | File | `/v2/quantum/save-data-upload-big-file` | High
+35 | File | `/WEB-INF/web.xml` | High
+36 | File | `/wp-admin/admin-ajax.php` | High
+37 | File | `/wp-admin/options.php` | High
+38 | File | `/_next` | Low
+39 | File | `adclick.php` | Medium
+40 | File | `addentry.php` | Medium
+41 | File | `addrating.php` | High
+42 | File | `admin.php` | Medium
+43 | File | `admin.php/comments/batchdel/` | High
+44 | ... | ... | ...

-There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/ActionRAT/README.md
+++ b/actors/ActionRAT/README.md
@ -50,7 +50,7 @@ ID | Type | Indicator | Confidence
 4 | File | `data/gbconfiguration.dat` | High
 5 | ... | ... | ...

-There are 29 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 31 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Tesla/README.md
+++ b/Tesla/README.md
@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with Agent Tesla:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Agent Tesla:

 * [US](https://vuldb.com/?country.us)
+* [CA](https://vuldb.com/?country.ca)
 * [GB](https://vuldb.com/?country.gb)
-* [CN](https://vuldb.com/?country.cn)
 * ...

-There are 13 more country items available. Please use our online service to access the data.
+There are 17 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -27,15 +27,17 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [31.3.251.197](https://vuldb.com/?ip.31.3.251.197) | h31-3-251-197.host.redstation.co.uk | - | High
-2 | [45.142.215.180](https://vuldb.com/?ip.45.142.215.180) | connectoms.host | - | High
-3 | [45.156.25.78](https://vuldb.com/?ip.45.156.25.78) | - | - | High
-4 | [51.68.128.171](https://vuldb.com/?ip.51.68.128.171) | ip171.ip-51-68-128.eu | - | High
-5 | [51.89.183.99](https://vuldb.com/?ip.51.89.183.99) | 90.eri1.ovh.abcd.network | - | High
-6 | [62.182.156.179](https://vuldb.com/?ip.62.182.156.179) | - | - | High
-7 | ... | ... | ... | ...
+1 | [23.95.85.181](https://vuldb.com/?ip.23.95.85.181) | 23-95-85-181-host.colocrossing.com | - | High
+2 | [31.3.251.197](https://vuldb.com/?ip.31.3.251.197) | h31-3-251-197.host.redstation.co.uk | - | High
+3 | [31.209.137.12](https://vuldb.com/?ip.31.209.137.12) | smtp.vivaldi.net | - | High
+4 | [37.19.196.108](https://vuldb.com/?ip.37.19.196.108) | unn-37-19-196-108.datapacket.com | - | High
+5 | [45.142.215.180](https://vuldb.com/?ip.45.142.215.180) | connectoms.host | - | High
+6 | [45.156.25.78](https://vuldb.com/?ip.45.156.25.78) | - | - | High
+7 | [50.17.5.224](https://vuldb.com/?ip.50.17.5.224) | ec2-50-17-5-224.compute-1.amazonaws.com | - | Medium
+8 | [51.68.128.171](https://vuldb.com/?ip.51.68.128.171) | ip171.ip-51-68-128.eu | - | High
+9 | ... | ... | ... | ...

-There are 25 more IOC items available. Please use our online service to access the data.
+There are 30 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -48,7 +50,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 3 more TTP items available. Please use our online service to access the data.
+There are 4 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -59,53 +61,49 @@ ID | Type | Indicator | Confidence
 1 | File | `/+CSCOE+/logon.html` | High
 2 | File | `/api/addusers` | High
 3 | File | `/cgi-bin/wapopen` | High
-4 | File | `/etc/ajenti/config.yml` | High
-5 | File | `/etc/sudoers` | Medium
-6 | File | `/goform/telnet` | High
-7 | File | `/include/chart_generator.php` | High
-8 | File | `/modules/profile/index.php` | High
-9 | File | `/public/launchNewWindow.jsp` | High
-10 | File | `/public/login.htm` | High
-11 | File | `/rom-0` | Low
-12 | File | `/tmp/phpglibccheck` | High
-13 | File | `/uncpath/` | Medium
-14 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
-15 | File | `/var/log/nginx` | High
-16 | File | `/var/tmp/sess_*` | High
-17 | File | `action.php` | Medium
-18 | File | `actionphp/download.File.php` | High
-19 | File | `add_comment.php` | High
-20 | File | `admin.a6mambocredits.php` | High
-21 | File | `admin.php` | Medium
-22 | File | `admin/admin.php` | High
-23 | File | `admin/content.php` | High
-24 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
-25 | File | `admin/memberviewdetails.php` | High
-26 | File | `admin/sitesettings.php` | High
-27 | File | `affich.php` | Medium
-28 | File | `agent/Core/Controller/SendRequest.cpp` | High
-29 | File | `akeyActivationLogin.do` | High
-30 | File | `album_portal.php` | High
-31 | File | `apache-auth.conf` | High
-32 | File | `askapache-firefox-adsense.php` | High
-33 | File | `assets/add/category.php` | High
-34 | File | `attachment.cgi` | High
-35 | File | `blueprints/sections/edit/1` | High
-36 | File | `books.php` | Medium
-37 | File | `btif_hd.cc` | Medium
-38 | File | `cart_add.php` | Medium
-39 | File | `cat.php` | Low
-40 | File | `category.cfm` | Medium
-41 | File | `CFS.c` | Low
-42 | File | `checktransferstatus.php` | High
-43 | File | `class.SystemAction.php` | High
-44 | File | `clientarea.php` | High
-45 | File | `collectivite.class.php` | High
-46 | File | `contact` | Low
-47 | File | `control.c` | Medium
-48 | ... | ... | ...
+4 | File | `/controller/Index.php` | High
+5 | File | `/etc/ajenti/config.yml` | High
+6 | File | `/etc/sudoers` | Medium
+7 | File | `/forum/away.php` | High
+8 | File | `/goform/telnet` | High
+9 | File | `/include/chart_generator.php` | High
+10 | File | `/modules/profile/index.php` | High
+11 | File | `/public/launchNewWindow.jsp` | High
+12 | File | `/public/login.htm` | High
+13 | File | `/rom-0` | Low
+14 | File | `/tmp/connlicj.bin` | High
+15 | File | `/tmp/phpglibccheck` | High
+16 | File | `/uncpath/` | Medium
+17 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
+18 | File | `/var/log/nginx` | High
+19 | File | `/var/tmp/sess_*` | High
+20 | File | `action.php` | Medium
+21 | File | `actionphp/download.File.php` | High
+22 | File | `add_comment.php` | High
+23 | File | `admin.a6mambocredits.php` | High
+24 | File | `admin.php` | Medium
+25 | File | `admin/admin.php` | High
+26 | File | `admin/content.php` | High
+27 | File | `admin/import/class-import-settings.php` | High
+28 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
+29 | File | `admin/sitesettings.php` | High
+30 | File | `affich.php` | Medium
+31 | File | `agent/Core/Controller/SendRequest.cpp` | High
+32 | File | `akeyActivationLogin.do` | High
+33 | File | `album_portal.php` | High
+34 | File | `apache-auth.conf` | High
+35 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
+36 | File | `askapache-firefox-adsense.php` | High
+37 | File | `assets/add/category.php` | High
+38 | File | `attachment.cgi` | High
+39 | File | `blueprints/sections/edit/1` | High
+40 | File | `books.php` | Medium
+41 | File | `btif_hd.cc` | Medium
+42 | File | `cart.php` | Medium
+43 | File | `cart_add.php` | Medium
+44 | ... | ... | ...

-There are 414 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -114,6 +112,12 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://asec.ahnlab.com/en/31083/
 * https://blog.talosintelligence.com/2020/07/threat-roundup-0724-0731.html
 * https://blogs.blackberry.com/en/2020/04/threat-spotlight-secret-agent-tesla
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-20%20Agent%20Tesla%20IOCs
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-24%20Agent%20Tesla%20IOCs
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-27%20Agent%20Tesla%20IOCs
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-07%20Agent%20Tesla%20IOCs
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-17%20Agent%20Tesla%20IOCs
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-20%20Agent%20Tesla%20IOCs
 * https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/AgentTesla/IOCs
 * https://services.global.ntt/en-us/insights/blog/discovering-a-new-agent-tesla-malware-sample
 * https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant
--- a/Kit/README.md
+++ b/Kit/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [AR](https://vuldb.com/?country.ar)
 * ...

-There are 8 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -73,7 +73,7 @@ ID | Type | Indicator | Confidence
 17 | File | `admin/conf_users_edit.php` | High
 18 | ... | ... | ...

-There are 143 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 145 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Dragon/README.md
+++ b/Dragon/README.md
@ -0,0 +1,121 @@
+# Aoqin Dragon - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Aoqin Dragon](https://vuldb.com/?actor.aoqin_dragon). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.aoqin_dragon](https://vuldb.com/?actor.aoqin_dragon)
+
+## Campaigns
+
+The following _campaigns_ are known and can be associated with Aoqin Dragon:
+
+* Mongall
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Aoqin Dragon:
+
+* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Aoqin Dragon.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [59.188.234.233](https://vuldb.com/?ip.59.188.234.233) | - | Mongall | High
+2 | [64.27.4.19](https://vuldb.com/?ip.64.27.4.19) | secure.link192.com | Mongall | High
+3 | [64.27.4.157](https://vuldb.com/?ip.64.27.4.157) | unassigned.calpop.com | Mongall | High
+4 | ... | ... | ... | ...
+
+There are 2 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Aoqin Dragon_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+4 | ... | ... | ... | ...
+
+There are 6 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Aoqin Dragon. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `#!/system` | Medium
+2 | File | `%PROGRAMFILES%\Cylance\Desktop\log` | High
+3 | File | `/admin/` | Low
+4 | File | `/admin/AddNewState/Add_State` | High
+5 | File | `/category.php` | High
+6 | File | `/data/syslog.filter.json` | High
+7 | File | `/details.php` | Medium
+8 | File | `/etc/stunnel.key` | High
+9 | File | `/FlexiCapture12/Login/Server/SevaUserProfile` | High
+10 | File | `/help/lccon.nsf/` | High
+11 | File | `/jsp/xmlhttp/AjaxResponse.jsp` | High
+12 | File | `/login.html` | Medium
+13 | File | `/member/settings_account.php` | High
+14 | File | `/net/mac80211/mac80211/sta_info.c` | High
+15 | File | `/otweb/OTPClientLogin` | High
+16 | File | `/product.php` | Medium
+17 | File | `/tests/add_duration_test.php` | High
+18 | File | `/tests/all_tests.php` | High
+19 | File | `/var/run/storage_account_root` | High
+20 | File | `AccessPoint.aspx` | High
+21 | File | `account.asp` | Medium
+22 | File | `activate.php` | Medium
+23 | File | `addevent.php` | Medium
+24 | File | `adherents/cartes/carte.php` | High
+25 | File | `admin.php` | Medium
+26 | File | `admin/` | Low
+27 | File | `admin/?/plugin/file_manager/upload` | High
+28 | File | `admin/app/physical/physical.php` | High
+29 | File | `admin/edit.php` | High
+30 | File | `admin/eventlist.php` | High
+31 | File | `admin/index.php` | High
+32 | File | `admin/languages.php` | High
+33 | File | `admin/manufacturers.php` | High
+34 | File | `admin/newsletters.php` | High
+35 | File | `admin/products_attributes.php` | High
+36 | File | `admin/products_expected.php` | High
+37 | File | `admin/reviews.php` | High
+38 | File | `admin/worklist/worklist_edit.asp` | High
+39 | File | `administrator/index.php` | High
+40 | File | `ad_popup.php` | Medium
+41 | File | `afd.sys` | Low
+42 | File | `agent.exe` | Medium
+43 | File | `apps/calendar/export.php` | High
+44 | File | `archive.php` | Medium
+45 | File | `ask_chat.php` | Medium
+46 | File | `attachment.cgi` | High
+47 | File | `basic.html#ipsettings` | High
+48 | File | `block-forums.php` | High
+49 | File | `bouncedcc.cpp` | High
+50 | File | `BS.Player` | Medium
+51 | ... | ... | ...
+
+There are 446 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Autoit/README.md
+++ b/actors/Autoit/README.md
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Autoit:

-* [DE](https://vuldb.com/?country.de)
 * [US](https://vuldb.com/?country.us)
-* [ES](https://vuldb.com/?country.es)
+* [DE](https://vuldb.com/?country.de)
+* [IO](https://vuldb.com/?country.io)
 * ...

-There are 2 more country items available. Please use our online service to access the data.
+There are 6 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -21,16 +21,17 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [8.248.165.254](https://vuldb.com/?ip.8.248.165.254) | - | - | High
-2 | [8.249.217.254](https://vuldb.com/?ip.8.249.217.254) | - | - | High
-3 | [8.253.131.121](https://vuldb.com/?ip.8.253.131.121) | - | - | High
-4 | [13.56.128.67](https://vuldb.com/?ip.13.56.128.67) | screenconnect.medsphere.com | - | High
-5 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
-6 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
-7 | [23.63.245.19](https://vuldb.com/?ip.23.63.245.19) | a23-63-245-19.deploy.static.akamaitechnologies.com | - | High
-8 | ... | ... | ... | ...
+1 | [5.206.225.104](https://vuldb.com/?ip.5.206.225.104) | hosted-by.blazingfast.io | - | High
+2 | [8.248.165.254](https://vuldb.com/?ip.8.248.165.254) | - | - | High
+3 | [8.249.217.254](https://vuldb.com/?ip.8.249.217.254) | - | - | High
+4 | [8.253.131.121](https://vuldb.com/?ip.8.253.131.121) | - | - | High
+5 | [13.56.128.67](https://vuldb.com/?ip.13.56.128.67) | screenconnect.medsphere.com | - | High
+6 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
+7 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
+8 | [23.63.245.19](https://vuldb.com/?ip.23.63.245.19) | a23-63-245-19.deploy.static.akamaitechnologies.com | - | High
+9 | ... | ... | ... | ...

-There are 28 more IOC items available. Please use our online service to access the data.
+There are 34 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -53,23 +54,36 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/appLms/ajax.server.php` | High
 2 | File | `/apps/` | Low
-3 | File | `/onlineordering/GPST/store/initiateorder.php` | High
-4 | File | `/rup` | Low
-5 | File | `/var/hnap/timestamp` | High
-6 | File | `admin.php` | Medium
-7 | File | `admin/admin_login.php` | High
-8 | File | `api/external.php?object=centreon_metric&action=listByService` | High
-9 | File | `app\contacts\contact_edit.php` | High
-10 | File | `audio_acdb.c` | Medium
-11 | File | `auth.php` | Medium
-12 | ... | ... | ...
+3 | File | `/etc/shadow` | Medium
+4 | File | `/mgmt/tm/util/bash` | High
+5 | File | `/ofrs/admin/?page=reports` | High
+6 | File | `/onlineordering/GPST/store/initiateorder.php` | High
+7 | File | `/products/details.asp` | High
+8 | File | `/public/login.htm` | High
+9 | File | `/RPC2` | Low
+10 | File | `/rup` | Low
+11 | File | `/var/hnap/timestamp` | High
+12 | File | `admin.color.php` | High
+13 | File | `admin.php` | Medium
+14 | File | `admin/admin_login.php` | High
+15 | File | `admin/index.php?page=manage_car` | High
+16 | File | `admin/media.php` | High
+17 | File | `admin_events.php` | High
+18 | File | `affich.php` | Medium
+19 | File | `Ap4StscAtom.cpp` | High
+20 | File | `Ap4StssAtom.cpp` | High
+21 | File | `Ap4StszAtom.cpp` | High
+22 | ... | ... | ...

-There are 91 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 180 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

+* https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html
+* https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html
+* https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
 * https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html
 * https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
 * https://blog.talosintelligence.com/2021/09/threat-roundup-0910-0917.html
--- a/actors/Azorult/README.md
+++ b/actors/Azorult/README.md
@ -51,22 +51,22 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `/administration/theme.php` | High
-3 | File | `/BindAccount/SuccessTips.js` | High
-4 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
-5 | File | `/login.html` | Medium
-6 | File | `/medical/inventories.php` | High
-7 | File | `/pages.php` | Medium
-8 | File | `/uncpath/` | Medium
-9 | File | `/usr/local/psa/admin/sbin/wrapper` | High
-10 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
-11 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
-12 | File | `abm.aspx` | Medium
-13 | File | `actions/ChangeConfiguration.html` | High
-14 | File | `adclick.php` | Medium
+2 | File | `/admin/deluser.php` | High
+3 | File | `/administration/theme.php` | High
+4 | File | `/BindAccount/SuccessTips.js` | High
+5 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
+6 | File | `/login.html` | Medium
+7 | File | `/medical/inventories.php` | High
+8 | File | `/pages.php` | Medium
+9 | File | `/uncpath/` | Medium
+10 | File | `/usr/local/psa/admin/sbin/wrapper` | High
+11 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
+12 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
+13 | File | `abm.aspx` | Medium
+14 | File | `actions/ChangeConfiguration.html` | High
 15 | ... | ... | ...

-There are 116 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 118 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/B1txor20/README.md
+++ b/actors/B1txor20/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...

-There are 9 more country items available. Please use our online service to access the data.
+There are 5 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -45,12 +45,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+1 | T1008 | CWE-757 | Algorithm Downgrade | High
+2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+3 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 8 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -58,39 +58,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `../FILEDIR` | Medium
-2 | File | `//proc/kcore` | Medium
-3 | File | `/?module=fileman&section=get&page=grid` | High
-4 | File | `/admin/?page=system_info/contact_info` | High
-5 | File | `/admin/comn/service/update.json` | High
-6 | File | `/Ap4RtpAtom.cpp` | High
-7 | File | `/api/part_categories` | High
-8 | File | `/auditLogAction.do` | High
-9 | File | `/bcms/admin/?page=court_rentals/view_court_rental` | High
-10 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
-11 | File | `/bcms/admin/?page=sales/view_details` | High
-12 | File | `/bcms/admin/?page=service_transactions/manage_service_transaction` | High
-13 | File | `/bcms/admin/?page=service_transactions/view_details` | High
-14 | File | `/bcms/admin/?page=user/manage_user` | High
-15 | File | `/car-rental-management-system/admin/manage_user.php` | High
-16 | File | `/cgi-bin` | Medium
-17 | File | `/cgi-bin/kerbynet` | High
-18 | File | `/checklogin.jsp` | High
-19 | File | `/churchcrm/WhyCameEditor.php` | High
-20 | File | `/course/api/upload/pic` | High
-21 | File | `/debug/pprof` | Medium
-22 | File | `/etc/cron.daily/upstart` | High
-23 | File | `/fuel/sitevariables/delete/4` | High
-24 | File | `/goform/aspForm` | High
-25 | File | `/itop/webservices/export-v2.php` | High
-26 | File | `/login.html` | Medium
-27 | File | `/nova/bin/sniffer` | High
-28 | File | `/ocwbs/admin/?page=user/manage_user` | High
-29 | File | `/ofrs/admin/?page=reports` | High
-30 | File | `/ofrs/admin/?page=requests/manage_request` | High
-31 | ... | ... | ...
+1 | File | `//proc/kcore` | Medium
+2 | File | `/admin/scheprofile.cgi` | High
+3 | File | `/admin/showbad.php` | High
+4 | File | `/admin/ztliuyan_sendmail.php` | High
+5 | File | `/alarm_pi/alarmService.php` | High
+6 | File | `/bsms/?page=manage_account` | High
+7 | File | `/cgi-bin/webproc` | High
+8 | File | `/cgi/get_param.cgi` | High
+9 | File | `/company` | Medium
+10 | File | `/company/down_resume/total/nature` | High
+11 | File | `/company/service/increment/add/im` | High
+12 | File | `/dashboard/blocks/stacks/view_details/` | High
+13 | File | `/dashboard/reports/logs/view` | High
+14 | File | `/dashboard/snapshot/*?orgId=0` | High
+15 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
+16 | File | `/defaultui/player/modern.html` | High
+17 | File | `/dl/dl_sendmail.php` | High
+18 | File | `/dl/dl_sendsms.php` | High
+19 | File | `/forum/away.php` | High
+20 | File | `/fuel/sitevariables/delete/4` | High
+21 | File | `/goform/aspForm` | High
+22 | File | `/goform/SetFirewallCfg` | High
+23 | File | `/goform/wlanPrimaryNetwork` | High
+24 | File | `/home/campus/campus_job` | High
+25 | File | `/home/job/index` | High
+26 | File | `/home/job/map` | High
+27 | File | `/IISADMPWD` | Medium
+28 | File | `/images/background/1.php` | High
+29 | File | `/index.php/weblinks-categories` | High
+30 | File | `/index.php?action=seomatic/file/seo-file-link` | High
+31 | File | `/index/notice/show` | High
+32 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
+33 | File | `/job` | Low
+34 | File | `/linkedcontent/editfolder.php` | High
+35 | ... | ... | ...

-There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/BackdoorDiplomacy/README.md
+++ b/actors/BackdoorDiplomacy/README.md
@ -56,43 +56,43 @@ ID | Type | Indicator | Confidence
 7 | File | `/cgi-bin/login_action.cgi` | High
 8 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
 9 | File | `/checkLogin.cgi` | High
-10 | File | `/clientes/visualizar` | High
-11 | File | `/cms/print.php` | High
-12 | File | `/concat?/%2557EB-INF/web.xml` | High
-13 | File | `/Content/Template/root/reverse-shell.aspx` | High
-14 | File | `/data/remove` | Medium
-15 | File | `/etc/passwd` | Medium
-16 | File | `/goforms/rlminfo` | High
-17 | File | `/login` | Low
-18 | File | `/navigate/navigate_download.php` | High
-19 | File | `/ocwbs/admin/?page=user/manage_user` | High
-20 | File | `/ofrs/admin/?page=user/manage_user` | High
-21 | File | `/oputilsServlet` | High
-22 | File | `/out.php` | Medium
-23 | File | `/owa/auth/logon.aspx` | High
-24 | File | `/p` | Low
-25 | File | `/password.html` | High
-26 | File | `/proc/ioports` | High
-27 | File | `/property-list/property_view.php` | High
-28 | File | `/ptms/classes/Users.php` | High
-29 | File | `/rest` | Low
-30 | File | `/rest/api/2/search` | High
-31 | File | `/s/` | Low
-32 | File | `/scripts/cpan_config` | High
-33 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-34 | File | `/services/system/setup.json` | High
-35 | File | `/uncpath/` | Medium
-36 | File | `/vloggers_merch/?p=view_product` | High
-37 | File | `/webconsole/APIController` | High
-38 | File | `/websocket/exec` | High
-39 | File | `/wp-admin/admin-ajax.php` | High
-40 | File | `/wp-json` | Medium
-41 | File | `/wp-json/oembed/1.0/embed?url` | High
-42 | File | `/_next` | Low
-43 | File | `4.edu.php\conn\function.php` | High
-44 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-45 | File | `adclick.php` | Medium
-46 | File | `addentry.php` | Medium
+10 | File | `/cms/print.php` | High
+11 | File | `/concat?/%2557EB-INF/web.xml` | High
+12 | File | `/Content/Template/root/reverse-shell.aspx` | High
+13 | File | `/data/remove` | Medium
+14 | File | `/etc/passwd` | Medium
+15 | File | `/goforms/rlminfo` | High
+16 | File | `/login` | Low
+17 | File | `/navigate/navigate_download.php` | High
+18 | File | `/ocwbs/admin/?page=user/manage_user` | High
+19 | File | `/ofrs/admin/?page=user/manage_user` | High
+20 | File | `/oputilsServlet` | High
+21 | File | `/out.php` | Medium
+22 | File | `/owa/auth/logon.aspx` | High
+23 | File | `/p` | Low
+24 | File | `/password.html` | High
+25 | File | `/proc/ioports` | High
+26 | File | `/property-list/property_view.php` | High
+27 | File | `/ptms/classes/Users.php` | High
+28 | File | `/rest` | Low
+29 | File | `/rest/api/2/search` | High
+30 | File | `/s/` | Low
+31 | File | `/scripts/cpan_config` | High
+32 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+33 | File | `/services/system/setup.json` | High
+34 | File | `/uncpath/` | Medium
+35 | File | `/vloggers_merch/?p=view_product` | High
+36 | File | `/webconsole/APIController` | High
+37 | File | `/websocket/exec` | High
+38 | File | `/wp-admin/admin-ajax.php` | High
+39 | File | `/wp-json` | Medium
+40 | File | `/wp-json/oembed/1.0/embed?url` | High
+41 | File | `/_next` | Low
+42 | File | `4.edu.php\conn\function.php` | High
+43 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+44 | File | `adclick.php` | Medium
+45 | File | `addentry.php` | Medium
+46 | File | `admin/category.inc.php` | High
 47 | ... | ... | ...

 There are 407 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
--- a/actors/BazarLoader/README.md
+++ b/actors/BazarLoader/README.md
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...

-There are 1 more country items available. Please use our online service to access the data.
+There are 3 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -54,9 +54,11 @@ ID | IP address | Hostname | Campaign | Confidence
 24 | [35.165.197.209](https://vuldb.com/?ip.35.165.197.209) | ec2-35-165-197-209.us-west-2.compute.amazonaws.com | - | Medium
 25 | [40.76.4.15](https://vuldb.com/?ip.40.76.4.15) | - | - | High
 26 | [40.112.72.205](https://vuldb.com/?ip.40.112.72.205) | - | - | High
-27 | ... | ... | ... | ...
+27 | [40.113.200.201](https://vuldb.com/?ip.40.113.200.201) | - | - | High
+28 | [45.14.226.23](https://vuldb.com/?ip.45.14.226.23) | - | - | High
+29 | ... | ... | ... | ...

-There are 104 more IOC items available. Please use our online service to access the data.
+There are 112 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -81,13 +83,14 @@ ID | Type | Indicator | Confidence
 2 | File | `/include/makecvs.php` | High
 3 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
 4 | File | `/usr/local/psa/admin/sbin/wrapper` | High
-5 | File | `add.php` | Low
-6 | File | `admin/admin.shtml` | High
-7 | File | `cat.asp` | Low
-8 | File | `class.phpmailer.php` | High
-9 | ... | ... | ...
+5 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
+6 | File | `add.php` | Low
+7 | File | `admin/admin.shtml` | High
+8 | File | `bpf-object-fuzzer.c` | High
+9 | File | `cal.php` | Low
+10 | ... | ... | ...

-There are 66 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 74 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -97,6 +100,10 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2021/05/threat-roundup-0514-0521.html
 * https://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html
 * https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.html
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-16%20BazarLoader%20IOCs
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-17%20BazarLoader%20IOCs
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-03%20BazarLoader%20IOCs
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-08%20BazarCall%20IOCs
 * https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
 * https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/
 * https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/
--- a/actors/Bitter/README.md
+++ b/actors/Bitter/README.md
@ -60,9 +60,10 @@ ID | Type | Indicator | Confidence
 11 | File | `admin.cgi` | Medium
 12 | File | `admin/category.inc.php` | High
 13 | File | `admin/vqmods.app/vqmods.inc.php` | High
-14 | ... | ... | ...
+14 | File | `auth2-gss.c` | Medium
+15 | ... | ... | ...

-There are 111 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 116 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/KingDom/README.md
+++ b/KingDom/README.md
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Black KingDom:

 * [US](https://vuldb.com/?country.us)
-* [RU](https://vuldb.com/?country.ru)
-* [AR](https://vuldb.com/?country.ar)
+* [PT](https://vuldb.com/?country.pt)
+* [DE](https://vuldb.com/?country.de)
 * ...

-There are 5 more country items available. Please use our online service to access the data.
+There are 1 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 8 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -47,46 +47,40 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
-2 | File | `/admin.php?r=admin/AdminBackup/del` | High
-3 | File | `/admin/edit.php` | High
-4 | File | `/admin/goods/update` | High
-5 | File | `/admin/inbox.php&action=delete` | High
-6 | File | `/admin/inbox.php&action=read` | High
-7 | File | `/admin/pagerole.php&action=edit` | High
-8 | File | `/admin/posts.php` | High
-9 | File | `/admin/posts.php&action=delete` | High
-10 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-11 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
-12 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
-13 | File | `/admin/uesrs.php&action=display&value=Hide` | High
-14 | File | `/admin/uesrs.php&action=display&value=Show` | High
-15 | File | `/admin/uesrs.php&action=type&userrole=User` | High
-16 | File | `/administrator/alerts/alertLightbox.php` | High
-17 | File | `/api/eventinstance` | High
-18 | File | `/appliance/users?action=edit` | High
-19 | File | `/apps/acs-commons/content/page-compare.html` | High
-20 | File | `/blog/blog.php` | High
-21 | File | `/cdsms/classes/Master.php?f=delete_package` | High
-22 | File | `/cmd?cmd=connect` | High
-23 | File | `/coreframe/app/member/admin/group.php` | High
-24 | File | `/cwms/admin/?page=articles/view_article/` | High
-25 | File | `/cwms/classes/Master.php?f=save_contact` | High
-26 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
-27 | File | `/etc/zarafa/license` | High
-28 | File | `/goform/login_process` | High
-29 | File | `/goform/setpptpservercfg` | High
-30 | File | `/hocms/classes/Master.php?f=delete_member` | High
-31 | File | `/hocms/classes/Master.php?f=delete_phase` | High
-32 | File | `/include/make.php` | High
-33 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
-34 | File | `/jpg/image.jpg` | High
-35 | File | `/login` | Low
-36 | File | `/manager/files` | High
-37 | File | `/module/api.php?mobile/wapNasIPS` | High
-38 | ... | ... | ...
+1 | File | `../FILEDIR` | Medium
+2 | File | `//proc/kcore` | Medium
+3 | File | `/admin.php/Label/js_del` | High
+4 | File | `/admin.php/Label/page_del` | High
+5 | File | `/admin.php/Links/del` | High
+6 | File | `/admin.php/news/admin/news/save` | High
+7 | File | `/admin.php/pic/admin/lists/zhuan` | High
+8 | File | `/admin.php/pic/admin/type/del` | High
+9 | File | `/admin.php/pic/admin/type/hy` | High
+10 | File | `/admin.php/singer/admin/singer/hy` | High
+11 | File | `/admin.php/User/level_sort` | High
+12 | File | `/admin.php/user/zu_del` | High
+13 | File | `/bcms/admin/?page=court_rentals/view_court_rental` | High
+14 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
+15 | File | `/bcms/admin/?page=sales/view_details` | High
+16 | File | `/bcms/admin/?page=service_transactions/view_details` | High
+17 | File | `/bcms/admin/?page=user/manage_user` | High
+18 | File | `/cgi-bin` | Medium
+19 | File | `/cgi-bin/kerbynet` | High
+20 | File | `/checklogin.jsp` | High
+21 | File | `/churchcrm/WhyCameEditor.php` | High
+22 | File | `/classes/master.php?f=delete_facility` | High
+23 | File | `/controller/OnlinePreviewController.java` | High
+24 | File | `/course/api/upload/pic` | High
+25 | File | `/ctpms/classes/Users.php?f=save` | High
+26 | File | `/defaultui/player/modern.html` | High
+27 | File | `/dms/admin/reports/daily_collection_report.php` | High
+28 | File | `/ecrire` | Low
+29 | File | `/goform/aspForm` | High
+30 | File | `/hocms/classes/Master.php?f=delete_phase` | High
+31 | File | `/home/jobfairol/resumelist` | High
+32 | ... | ... | ...

-There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/BlackCat/README.md
+++ b/actors/BlackCat/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...

-There are 4 more country items available. Please use our online service to access the data.
+There are 5 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -47,45 +47,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin.php/admin/art/data.html` | High
-2 | File | `/admin.php/admin/plog/index.html` | High
-3 | File | `/admin.php/admin/ulog/index.html` | High
-4 | File | `/admin.php/admin/website/data.html` | High
-5 | File | `/admin.php/Label/js_del` | High
-6 | File | `/admin.php/Label/page_del` | High
-7 | File | `/admin.php/user/zu_del` | High
-8 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
-9 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
-10 | File | `/admin/edit.php` | High
-11 | File | `/admin/inbox.php&action=read` | High
-12 | File | `/admin/new-content` | High
-13 | File | `/admin/posts.php` | High
-14 | File | `/admin/posts.php&action=delete` | High
-15 | File | `/admin/run_ajax.php` | High
-16 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-17 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
-18 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
-19 | File | `/api/programs/orgUnits?programs` | High
-20 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
-21 | File | `/bcms/admin/?page=service_transactions/manage_service_transaction` | High
-22 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
-23 | File | `/blog/blog.php` | High
-24 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
-25 | File | `/cgi-bin/kerbynet` | High
-26 | File | `/checklogin.jsp` | High
-27 | File | `/cms/classes/Master.php?f=delete_service` | High
-28 | File | `/config/list` | Medium
-29 | File | `/ctpms/admin/?page=individuals/view_individual` | High
-30 | File | `/ctpms/classes/Master.php?f=delete_img` | High
-31 | File | `/etc/ajenti/config.yml` | High
+1 | File | `/admin.php/admin/plog/index.html` | High
+2 | File | `/admin.php/admin/ulog/index.html` | High
+3 | File | `/admin.php/Label/js_del` | High
+4 | File | `/admin.php/Label/page_del` | High
+5 | File | `/admin.php/user/zu_del` | High
+6 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
+7 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
+8 | File | `/admin/edit.php` | High
+9 | File | `/admin/inbox.php&action=read` | High
+10 | File | `/admin/new-content` | High
+11 | File | `/admin/posts.php` | High
+12 | File | `/admin/posts.php&action=delete` | High
+13 | File | `/admin/run_ajax.php` | High
+14 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
+15 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
+16 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
+17 | File | `/api/programs/orgUnits?programs` | High
+18 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
+19 | File | `/bcms/admin/?page=service_transactions/manage_service_transaction` | High
+20 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
+21 | File | `/blog/blog.php` | High
+22 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
+23 | File | `/cgi-bin/kerbynet` | High
+24 | File | `/cgi/get_param.cgi` | High
+25 | File | `/checklogin.jsp` | High
+26 | File | `/cms/classes/Master.php?f=delete_service` | High
+27 | File | `/ctpms/admin/?page=individuals/view_individual` | High
+28 | File | `/ctpms/classes/Master.php?f=delete_img` | High
+29 | File | `/dashboard/snapshot/*?orgId=0` | High
+30 | File | `/etc/ajenti/config.yml` | High
+31 | File | `/fuel/sitevariables/delete/4` | High
 32 | File | `/goform/AdvSetLanIp` | High
 33 | File | `/goform/aspForm` | High
-34 | File | `/goform/delAd` | High
-35 | File | `/goform/form2Reboot.cgi` | High
-36 | File | `/goform/SetNetControlList` | High
+34 | File | `/goform/SetNetControlList` | High
+35 | File | `/goform/setNetworkLan` | High
+36 | File | `/goform/websURLFilterAddDel` | High
 37 | ... | ... | ...

-There are 319 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/BlackEnergy/README.md
+++ b/actors/BlackEnergy/README.md
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BlackEnergy:

+* [CN](https://vuldb.com/?country.cn)
 * [US](https://vuldb.com/?country.us)
-* [RU](https://vuldb.com/?country.ru)
-* [UA](https://vuldb.com/?country.ua)
+* [ES](https://vuldb.com/?country.es)
 * ...

-There are 14 more country items available. Please use our online service to access the data.
+There are 24 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -38,11 +38,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 3 more TTP items available. Please use our online service to access the data.
+There are 4 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -50,21 +50,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/BRS_netgear_success.html` | High
-2 | File | `/uncpath/` | Medium
-3 | File | `/usr/bin/pkexec` | High
-4 | File | `/var/log/nginx` | High
-5 | File | `/webapps/blogs-journals/execute/editBlogEntry` | High
-6 | File | `/wordpress/wp-admin/admin.php` | High
-7 | File | `/wp-json` | Medium
-8 | File | `adclick.php` | Medium
-9 | File | `add.php` | Low
-10 | File | `add.php/del.php` | High
-11 | File | `add_comment.php` | High
-12 | File | `admin/adminsignin.html` | High
-13 | ... | ... | ...
+1 | File | `//proc/kcore` | Medium
+2 | File | `/?module=users&section=cpanel&page=list` | High
+3 | File | `/admin/dl_sendmail.php` | High
+4 | File | `/admin/powerline` | High
+5 | File | `/admin/syslog` | High
+6 | File | `/Ap4RtpAtom.cpp` | High
+7 | File | `/api/upload` | Medium
+8 | File | `/bcms/admin/?page=user/list` | High
+9 | File | `/bsms/?page=manage_account` | High
+10 | File | `/cgi-bin` | Medium
+11 | File | `/context/%2e/WEB-INF/web.xml` | High
+12 | File | `/dashboard/reports/logs/view` | High
+13 | File | `/debug/pprof` | Medium
+14 | File | `/fuel/index.php/fuel/logs/items` | High
+15 | File | `/fuel/sitevariables/delete/4` | High
+16 | File | `/librarian/bookdetails.php` | High
+17 | File | `/mgmt/tm/util/bash` | High
+18 | File | `/monitoring` | Medium
+19 | File | `/new` | Low
+20 | File | `/proc/<pid>/status` | High
+21 | File | `/public/plugins/` | High
+22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+23 | File | `/secure/QueryComponent!Default.jspa` | High
+24 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
+25 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+26 | File | `/tmp` | Low
+27 | File | `/uncpath/` | Medium
+28 | File | `/usr/bin/pkexec` | High
+29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
+30 | File | `/wp-json/wc/v3/webhooks` | High
+31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+32 | File | `AccountManagerService.java` | High
+33 | File | `actions/CompanyDetailsSave.php` | High
+34 | File | `ActiveServices.java` | High
+35 | File | `ActivityManagerService.java` | High
+36 | ... | ... | ...

-There are 105 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Bouncing
+++ b/actors/Bouncing
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [US](https://vuldb.com/?country.us)
 * [FR](https://vuldb.com/?country.fr)
-* [RU](https://vuldb.com/?country.ru)
+* [ES](https://vuldb.com/?country.es)
 * ...

-There are 22 more country items available. Please use our online service to access the data.
+There are 24 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -35,11 +35,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 4 more TTP items available. Please use our online service to access the data.
+There are 5 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -51,28 +51,29 @@ ID | Type | Indicator | Confidence
 2 | File | `/.env` | Low
 3 | File | `/cgi-bin/nobody` | High
 4 | File | `/cgi-bin/nobody/Search.cgi` | High
-5 | File | `/etc/passwd` | Medium
-6 | File | `/forum/away.php` | High
-7 | File | `/get_getnetworkconf.cgi` | High
-8 | File | `/horde/util/go.php` | High
-9 | File | `/mobile_seal/get_seal.php` | High
-10 | File | `/new` | Low
-11 | File | `/nova/bin/detnet` | High
-12 | File | `/show_news.php` | High
-13 | File | `/tmp` | Low
-14 | File | `/uncpath/` | Medium
-15 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
-16 | File | `/ViewUserHover.jspa` | High
-17 | File | `AccountStatus.jsp` | High
-18 | File | `adclick.php` | Medium
-19 | File | `add.php` | Low
-20 | File | `admin/systemOutOfBand.do` | High
-21 | File | `app/application.cpp` | High
-22 | File | `auth-gss2.c` | Medium
-23 | File | `authent.php4` | Medium
-24 | ... | ... | ...
+5 | File | `/edit-db.php` | Medium
+6 | File | `/etc/passwd` | Medium
+7 | File | `/forum/away.php` | High
+8 | File | `/get_getnetworkconf.cgi` | High
+9 | File | `/horde/util/go.php` | High
+10 | File | `/mobile_seal/get_seal.php` | High
+11 | File | `/new` | Low
+12 | File | `/nova/bin/detnet` | High
+13 | File | `/show_news.php` | High
+14 | File | `/tmp` | Low
+15 | File | `/uncpath/` | Medium
+16 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
+17 | File | `/ViewUserHover.jspa` | High
+18 | File | `AccountStatus.jsp` | High
+19 | File | `adclick.php` | Medium
+20 | File | `add.php` | Low
+21 | File | `admin/systemOutOfBand.do` | High
+22 | File | `app/application.cpp` | High
+23 | File | `auth-gss2.c` | Medium
+24 | File | `authent.php4` | Medium
+25 | ... | ... | ...

-There are 202 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 211 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Bumblebee/README.md
+++ b/actors/Bumblebee/README.md
@ -54,41 +54,40 @@ ID | Type | Indicator | Confidence
 10 | File | `/category_view.php` | High
 11 | File | `/cgi-bin/wapopen` | High
 12 | File | `/cgi-mod/lookup.cgi` | High
-13 | File | `/cgi?1&5` | Medium
-14 | File | `/config/getuser` | High
-15 | File | `/debug/pprof` | Medium
-16 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
-17 | File | `/iissamples` | Medium
-18 | File | `/interface/main/backup.php` | High
-19 | File | `/new` | Low
-20 | File | `/public/plugins/` | High
-21 | File | `/requests.php` | High
-22 | File | `/sbin/gs_config` | High
-23 | File | `/scripts/cpan_config` | High
-24 | File | `/secure/QueryComponent!Default.jspa` | High
-25 | File | `/spip.php` | Medium
-26 | File | `/uncpath/` | Medium
-27 | File | `/usr/bin/pkexec` | High
-28 | File | `/usr/sbin/nagios` | High
-29 | File | `/usr/sbin/suexec` | High
-30 | File | `/WEB-INF/web.xml` | High
-31 | File | `/webman/info.cgi` | High
-32 | File | `/wp-admin/admin-ajax.php` | High
-33 | File | `/wp-json/oembed/1.0/embed?url` | High
-34 | File | `/wp-json/wc/v3/webhooks` | High
-35 | File | `/_internal` | Medium
-36 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-37 | File | `adclick.php` | Medium
-38 | File | `admin.php?m=admin&c=site&a=save` | High
-39 | File | `admin.php?page=languages` | High
-40 | File | `admin/admin_users.php` | High
-41 | File | `admin/conf_users_edit.php` | High
-42 | File | `admin/index.php` | High
-43 | File | `admin/ops/reports/ops/news.php` | High
-44 | File | `adminer.php` | Medium
-45 | ... | ... | ...
+13 | File | `/common/info.cgi` | High
+14 | File | `/common/ticket_associated_tickets.php` | High
+15 | File | `/config/getuser` | High
+16 | File | `/debug/pprof` | Medium
+17 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
+18 | File | `/iissamples` | Medium
+19 | File | `/interface/main/backup.php` | High
+20 | File | `/new` | Low
+21 | File | `/platform.cgi` | High
+22 | File | `/public/plugins/` | High
+23 | File | `/requests.php` | High
+24 | File | `/sbin/gs_config` | High
+25 | File | `/scripts/cpan_config` | High
+26 | File | `/secure/QueryComponent!Default.jspa` | High
+27 | File | `/spip.php` | Medium
+28 | File | `/uncpath/` | Medium
+29 | File | `/usr/bin/pkexec` | High
+30 | File | `/usr/sbin/nagios` | High
+31 | File | `/usr/sbin/suexec` | High
+32 | File | `/WEB-INF/web.xml` | High
+33 | File | `/webman/info.cgi` | High
+34 | File | `/wp-admin/admin-ajax.php` | High
+35 | File | `/wp-json/oembed/1.0/embed?url` | High
+36 | File | `/wp-json/wc/v3/webhooks` | High
+37 | File | `/_internal` | Medium
+38 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+39 | File | `adclick.php` | Medium
+40 | File | `admin.php?page=languages` | High
+41 | File | `admin/admin_users.php` | High
+42 | File | `admin/conf_users_edit.php` | High
+43 | File | `admin/index.php` | High
+44 | ... | ... | ...

-There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Candiru/README.md
+++ b/actors/Candiru/README.md
@ -92,10 +92,9 @@ ID | Type | Indicator | Confidence
 34 | File | `/ofcms/company-c-47` | High
 35 | File | `/proc/*/cmdline"` | High
 36 | File | `/proc/pid/syscall` | High
-37 | File | `/product_list.php` | High
-38 | ... | ... | ...
+37 | ... | ... | ...

-There are 324 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Carbanak/README.md
+++ b/actors/Carbanak/README.md
@ -124,7 +124,7 @@ ID | Type | Indicator | Confidence
 36 | File | `admin/conf_users_edit.php` | High
 37 | ... | ... | ...

-There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Cerber/README.md
+++ b/actors/Cerber/README.md
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cerber:

 * [US](https://vuldb.com/?country.us)
+* [VN](https://vuldb.com/?country.vn)
 * [CN](https://vuldb.com/?country.cn)
-* [DE](https://vuldb.com/?country.de)
 * ...

-There are 1 more country items available. Please use our online service to access the data.
+There are 13 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -21,26 +21,77 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [5.9.49.12](https://vuldb.com/?ip.5.9.49.12) | static.12.49.9.5.clients.your-server.de | - | High
-2 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | - | High
-3 | [5.196.159.173](https://vuldb.com/?ip.5.196.159.173) | - | - | High
-4 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
-5 | [23.94.5.133](https://vuldb.com/?ip.23.94.5.133) | 23-94-5-133-host.colocrossing.com | - | High
-6 | [23.152.0.36](https://vuldb.com/?ip.23.152.0.36) | tcts-000036.techtrapes.com | - | High
-7 | [34.199.22.139](https://vuldb.com/?ip.34.199.22.139) | ec2-34-199-22-139.compute-1.amazonaws.com | - | Medium
-8 | [45.32.28.232](https://vuldb.com/?ip.45.32.28.232) | - | - | High
-9 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | - | High
-10 | [45.56.117.118](https://vuldb.com/?ip.45.56.117.118) | li935-118.members.linode.com | - | High
-11 | [45.63.25.55](https://vuldb.com/?ip.45.63.25.55) | 45.63.25.55.vultr.com | - | Medium
-12 | [45.63.99.180](https://vuldb.com/?ip.45.63.99.180) | 45.63.99.180.vultr.com | - | Medium
-13 | [52.2.101.52](https://vuldb.com/?ip.52.2.101.52) | ec2-52-2-101-52.compute-1.amazonaws.com | - | Medium
-14 | [52.21.132.24](https://vuldb.com/?ip.52.21.132.24) | ec2-52-21-132-24.compute-1.amazonaws.com | - | Medium
-15 | [54.84.252.139](https://vuldb.com/?ip.54.84.252.139) | ec2-54-84-252-139.compute-1.amazonaws.com | - | Medium
-16 | [54.87.5.88](https://vuldb.com/?ip.54.87.5.88) | ec2-54-87-5-88.compute-1.amazonaws.com | - | Medium
-17 | [54.88.175.149](https://vuldb.com/?ip.54.88.175.149) | ec2-54-88-175-149.compute-1.amazonaws.com | - | Medium
-18 | ... | ... | ... | ...
+1 | [3.225.205.112](https://vuldb.com/?ip.3.225.205.112) | ec2-3-225-205-112.compute-1.amazonaws.com | - | Medium
+2 | [5.9.49.12](https://vuldb.com/?ip.5.9.49.12) | static.12.49.9.5.clients.your-server.de | - | High
+3 | [5.9.72.48](https://vuldb.com/?ip.5.9.72.48) | cpanelbk.pcready.me | - | High
+4 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | - | High
+5 | [5.196.159.173](https://vuldb.com/?ip.5.196.159.173) | - | - | High
+6 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
+7 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
+8 | [20.189.173.20](https://vuldb.com/?ip.20.189.173.20) | - | - | High
+9 | [20.189.173.21](https://vuldb.com/?ip.20.189.173.21) | - | - | High
+10 | [20.189.173.22](https://vuldb.com/?ip.20.189.173.22) | - | - | High
+11 | [23.94.5.133](https://vuldb.com/?ip.23.94.5.133) | 23-94-5-133-host.colocrossing.com | - | High
+12 | [23.152.0.36](https://vuldb.com/?ip.23.152.0.36) | tcts-000036.techtrapes.com | - | High
+13 | [31.184.234.0](https://vuldb.com/?ip.31.184.234.0) | - | - | High
+14 | [31.184.234.90](https://vuldb.com/?ip.31.184.234.90) | - | - | High
+15 | [31.184.234.91](https://vuldb.com/?ip.31.184.234.91) | - | - | High
+16 | [31.184.234.92](https://vuldb.com/?ip.31.184.234.92) | - | - | High
+17 | [31.184.234.93](https://vuldb.com/?ip.31.184.234.93) | - | - | High
+18 | [31.184.234.94](https://vuldb.com/?ip.31.184.234.94) | - | - | High
+19 | [31.184.234.95](https://vuldb.com/?ip.31.184.234.95) | - | - | High
+20 | [31.184.234.96](https://vuldb.com/?ip.31.184.234.96) | - | - | High
+21 | [31.184.234.97](https://vuldb.com/?ip.31.184.234.97) | - | - | High
+22 | [31.184.234.98](https://vuldb.com/?ip.31.184.234.98) | - | - | High
+23 | [31.184.234.99](https://vuldb.com/?ip.31.184.234.99) | - | - | High
+24 | [31.184.234.128](https://vuldb.com/?ip.31.184.234.128) | - | - | High
+25 | [31.184.234.192](https://vuldb.com/?ip.31.184.234.192) | - | - | High
+26 | [31.184.234.224](https://vuldb.com/?ip.31.184.234.224) | - | - | High
+27 | [31.184.234.240](https://vuldb.com/?ip.31.184.234.240) | - | - | High
+28 | [31.184.234.248](https://vuldb.com/?ip.31.184.234.248) | - | - | High
+29 | [31.184.234.252](https://vuldb.com/?ip.31.184.234.252) | - | - | High
+30 | [31.184.234.254](https://vuldb.com/?ip.31.184.234.254) | - | - | High
+31 | [31.184.235.0](https://vuldb.com/?ip.31.184.235.0) | - | - | High
+32 | [31.184.235.90](https://vuldb.com/?ip.31.184.235.90) | - | - | High
+33 | [31.184.235.91](https://vuldb.com/?ip.31.184.235.91) | - | - | High
+34 | [31.184.235.92](https://vuldb.com/?ip.31.184.235.92) | - | - | High
+35 | [31.184.235.93](https://vuldb.com/?ip.31.184.235.93) | - | - | High
+36 | [31.184.235.94](https://vuldb.com/?ip.31.184.235.94) | - | - | High
+37 | [31.184.235.95](https://vuldb.com/?ip.31.184.235.95) | - | - | High
+38 | [31.184.235.96](https://vuldb.com/?ip.31.184.235.96) | - | - | High
+39 | [31.184.235.97](https://vuldb.com/?ip.31.184.235.97) | - | - | High
+40 | [31.184.235.98](https://vuldb.com/?ip.31.184.235.98) | - | - | High
+41 | [31.184.235.99](https://vuldb.com/?ip.31.184.235.99) | - | - | High
+42 | [31.184.235.128](https://vuldb.com/?ip.31.184.235.128) | - | - | High
+43 | [31.184.235.192](https://vuldb.com/?ip.31.184.235.192) | - | - | High
+44 | [31.184.235.212](https://vuldb.com/?ip.31.184.235.212) | - | - | High
+45 | [31.184.235.213](https://vuldb.com/?ip.31.184.235.213) | - | - | High
+46 | [31.184.235.214](https://vuldb.com/?ip.31.184.235.214) | - | - | High
+47 | [31.184.235.215](https://vuldb.com/?ip.31.184.235.215) | - | - | High
+48 | [31.184.235.218](https://vuldb.com/?ip.31.184.235.218) | - | - | High
+49 | [31.184.235.224](https://vuldb.com/?ip.31.184.235.224) | - | - | High
+50 | [31.184.235.240](https://vuldb.com/?ip.31.184.235.240) | - | - | High
+51 | [31.184.235.248](https://vuldb.com/?ip.31.184.235.248) | - | - | High
+52 | [31.184.235.252](https://vuldb.com/?ip.31.184.235.252) | - | - | High
+53 | [31.184.235.254](https://vuldb.com/?ip.31.184.235.254) | - | - | High
+54 | [34.193.185.171](https://vuldb.com/?ip.34.193.185.171) | ec2-34-193-185-171.compute-1.amazonaws.com | - | Medium
+55 | [34.199.22.139](https://vuldb.com/?ip.34.199.22.139) | ec2-34-199-22-139.compute-1.amazonaws.com | - | Medium
+56 | [34.206.50.228](https://vuldb.com/?ip.34.206.50.228) | ec2-34-206-50-228.compute-1.amazonaws.com | - | Medium
+57 | [45.32.28.232](https://vuldb.com/?ip.45.32.28.232) | - | - | High
+58 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | - | High
+59 | [45.56.117.118](https://vuldb.com/?ip.45.56.117.118) | li935-118.members.linode.com | - | High
+60 | [45.63.25.55](https://vuldb.com/?ip.45.63.25.55) | 45.63.25.55.vultr.com | - | Medium
+61 | [45.63.99.180](https://vuldb.com/?ip.45.63.99.180) | 45.63.99.180.vultr.com | - | Medium
+62 | [45.90.34.87](https://vuldb.com/?ip.45.90.34.87) | - | - | High
+63 | [46.165.221.154](https://vuldb.com/?ip.46.165.221.154) | - | - | High
+64 | [49.128.155.97](https://vuldb.com/?ip.49.128.155.97) | i49-128-155-097.us.mics.ne.jp | - | High
+65 | [50.74.193.180](https://vuldb.com/?ip.50.74.193.180) | rrcs-50-74-193-180.nyc.biz.rr.com | - | High
+66 | [50.80.204.45](https://vuldb.com/?ip.50.80.204.45) | 50-80-204-45.client.mchsi.com | - | High
+67 | [52.2.101.52](https://vuldb.com/?ip.52.2.101.52) | ec2-52-2-101-52.compute-1.amazonaws.com | - | Medium
+68 | [52.21.132.24](https://vuldb.com/?ip.52.21.132.24) | ec2-52-21-132-24.compute-1.amazonaws.com | - | Medium
+69 | ... | ... | ... | ...

-There are 66 more IOC items available. Please use our online service to access the data.
+There are 274 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -50,10 +101,10 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 5 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -61,36 +112,65 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/cgi-bin/login_action.cgi` | High
-2 | File | `/DbXmlInfo.xml` | High
-3 | File | `/forms/web_importTFTP` | High
-4 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
-5 | File | `/plugin/extended-choice-parameter/js/` | High
-6 | File | `/rest/api/1.0/render` | High
-7 | File | `/sap/public/bc/abap` | High
-8 | File | `/search.php` | Medium
-9 | File | `/shell?cmd` | Medium
-10 | File | `activateuser.aspx` | High
-11 | File | `addentry.php` | Medium
-12 | File | `AndroidManifest.xml` | High
-13 | File | `application/admin/controller/Admin.php` | High
-14 | File | `asm/preproc.c` | High
-15 | File | `auth-gss2.c` | Medium
-16 | File | `authent.php4` | Medium
-17 | File | `bgp_packet.c` | Medium
-18 | File | `catalog.asp` | Medium
-19 | File | `Cgi/confirm.py` | High
-20 | File | `cli/caff.c` | Medium
-21 | File | `cli/dsdiff.c` | Medium
-22 | File | `content/unity-api.js` | High
-23 | ... | ... | ...
+1 | File | `/.ssh/authorized_keys` | High
+2 | File | `/car.php` | Medium
+3 | File | `/cgi-bin/luci/api/auth` | High
+4 | File | `/cgi-bin/luci/api/diagnose` | High
+5 | File | `/CMD_ACCOUNT_ADMIN` | High
+6 | File | `/core/admin/categories.php` | High
+7 | File | `/dashboards/#` | High
+8 | File | `/etc/config/image_sign` | High
+9 | File | `/etc/controller-agent/agent.conf` | High
+10 | File | `/etc/groups` | Medium
+11 | File | `/etc/sudoers` | Medium
+12 | File | `/filemanager/php/connector.php` | High
+13 | File | `/forum/away.php` | High
+14 | File | `/fudforum/adm/hlplist.php` | High
+15 | File | `/GponForm/fsetup_Form` | High
+16 | File | `/log_download.cgi` | High
+17 | File | `/mgmt/tm/util/bash` | High
+18 | File | `/modules/profile/index.php` | High
+19 | File | `/MTFWU` | Low
+20 | File | `/out.php` | Medium
+21 | File | `/php/passport/index.php` | High
+22 | File | `/public/plugins/` | High
+23 | File | `/s/` | Low
+24 | File | `/secure/QueryComponent!Default.jspa` | High
+25 | File | `/server-info` | Medium
+26 | File | `/tmp` | Low
+27 | File | `/uncpath/` | Medium
+28 | File | `/updown/upload.cgi` | High
+29 | File | `/user-utils/users/md5.json` | High
+30 | File | `/userRpm/popupSiteSurveyRpm.html` | High
+31 | ... | ... | ...

-There are 191 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 264 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

+* https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
+* https://blog.talosintelligence.com/2019/04/threat-roundup-0405-0412.html
+* https://blog.talosintelligence.com/2019/04/threat-roundup-0412-0419.html
+* https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
+* https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
+* https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html
+* https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
+* https://blog.talosintelligence.com/2019/09/threat-roundup-0913-0920.html
+* https://blog.talosintelligence.com/2019/09/threat-roundup-0920-0927.html
+* https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html
+* https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html
+* https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html
+* https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
+* https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html
+* https://blog.talosintelligence.com/2020/04/threat-roundup-0403-0410.html
+* https://blog.talosintelligence.com/2020/04/threat-roundup-0417-0424.html
+* https://blog.talosintelligence.com/2020/07/threat-roundup-0724-0731.html
+* https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
+* https://blog.talosintelligence.com/2020/10/threat-roundup-1002-1009.html
+* https://blog.talosintelligence.com/2020/10/threat-roundup-1023-1030.html
+* https://blog.talosintelligence.com/2020/11/threat-roundup-1106-1113.html
 * https://blog.talosintelligence.com/2021/01/threat-roundup-0122.html
 * https://blog.talosintelligence.com/2021/02/threat-roundup-0129-0205.html
 * https://blog.talosintelligence.com/2021/02/threat-roundup-0205-0212.html
@ -101,6 +181,9 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
 * https://blog.talosintelligence.com/2021/11/threat-roundup-1029-1105.html
 * https://blog.talosintelligence.com/2022/02/threat-roundup-0128-0204.html
+* https://blog.talosintelligence.com/2022/04/threat-roundup-0415-0422.html
+* https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
+* https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html

 ## Literature

--- a/actors/ChaChi/README.md
+++ b/actors/ChaChi/README.md
@ -81,7 +81,7 @@ ID | Type | Indicator | Confidence
 29 | File | `admin.php` | Medium
 30 | ... | ... | ...

-There are 254 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Chthonic/README.md
+++ b/actors/Chthonic/README.md
@ -24,31 +24,35 @@ ID | IP address | Hostname | Campaign | Confidence
 1 | [5.34.248.225](https://vuldb.com/?ip.5.34.248.225) | ns2.newsnet.li | - | High
 2 | [5.39.81.111](https://vuldb.com/?ip.5.39.81.111) | pm.theglu.org | - | High
 3 | [5.103.128.88](https://vuldb.com/?ip.5.103.128.88) | 5.103.128.88.static.fibianet.dk | - | High
-4 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
-5 | [13.107.246.13](https://vuldb.com/?ip.13.107.246.13) | - | - | High
-6 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
-7 | [20.41.46.145](https://vuldb.com/?ip.20.41.46.145) | - | - | High
-8 | [20.45.1.107](https://vuldb.com/?ip.20.45.1.107) | - | - | High
-9 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
-10 | [31.28.161.68](https://vuldb.com/?ip.31.28.161.68) | ntp.exact-time.org | - | High
-11 | [34.107.221.82](https://vuldb.com/?ip.34.107.221.82) | 82.221.107.34.bc.googleusercontent.com | - | Medium
-12 | [35.229.93.46](https://vuldb.com/?ip.35.229.93.46) | 46.93.229.35.bc.googleusercontent.com | - | Medium
-13 | [35.231.151.7](https://vuldb.com/?ip.35.231.151.7) | 7.151.231.35.bc.googleusercontent.com | - | Medium
-14 | [35.244.181.201](https://vuldb.com/?ip.35.244.181.201) | 201.181.244.35.bc.googleusercontent.com | - | Medium
-15 | [37.187.5.167](https://vuldb.com/?ip.37.187.5.167) | ks3370497.kimsufi.com | - | High
-16 | [37.187.20.28](https://vuldb.com/?ip.37.187.20.28) | ns397460.ip-37-187-20.eu | - | High
-17 | [40.67.189.14](https://vuldb.com/?ip.40.67.189.14) | - | - | High
-18 | [40.70.224.146](https://vuldb.com/?ip.40.70.224.146) | - | - | High
-19 | [40.76.4.15](https://vuldb.com/?ip.40.76.4.15) | - | - | High
-20 | [40.90.247.210](https://vuldb.com/?ip.40.90.247.210) | - | - | High
-21 | [40.91.124.111](https://vuldb.com/?ip.40.91.124.111) | - | - | High
-22 | [40.112.72.205](https://vuldb.com/?ip.40.112.72.205) | - | - | High
-23 | [40.113.200.201](https://vuldb.com/?ip.40.113.200.201) | - | - | High
-24 | [45.87.76.3](https://vuldb.com/?ip.45.87.76.3) | ntp.devrandom.be | - | High
-25 | [46.17.46.226](https://vuldb.com/?ip.46.17.46.226) | brtnjbjgyi.quest | - | High
-26 | ... | ... | ... | ...
+4 | [5.199.135.170](https://vuldb.com/?ip.5.199.135.170) | ve1124.venus.servdiscount-customer.com | - | High
+5 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
+6 | [13.107.246.13](https://vuldb.com/?ip.13.107.246.13) | - | - | High
+7 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
+8 | [20.41.46.145](https://vuldb.com/?ip.20.41.46.145) | - | - | High
+9 | [20.45.1.107](https://vuldb.com/?ip.20.45.1.107) | - | - | High
+10 | [20.72.235.82](https://vuldb.com/?ip.20.72.235.82) | - | - | High
+11 | [20.109.209.108](https://vuldb.com/?ip.20.109.209.108) | - | - | High
+12 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
+13 | [31.28.161.68](https://vuldb.com/?ip.31.28.161.68) | ntp.exact-time.org | - | High
+14 | [34.107.221.82](https://vuldb.com/?ip.34.107.221.82) | 82.221.107.34.bc.googleusercontent.com | - | Medium
+15 | [35.229.93.46](https://vuldb.com/?ip.35.229.93.46) | 46.93.229.35.bc.googleusercontent.com | - | Medium
+16 | [35.231.151.7](https://vuldb.com/?ip.35.231.151.7) | 7.151.231.35.bc.googleusercontent.com | - | Medium
+17 | [35.244.181.201](https://vuldb.com/?ip.35.244.181.201) | 201.181.244.35.bc.googleusercontent.com | - | Medium
+18 | [37.187.5.167](https://vuldb.com/?ip.37.187.5.167) | ks3370497.kimsufi.com | - | High
+19 | [37.187.20.28](https://vuldb.com/?ip.37.187.20.28) | ns397460.ip-37-187-20.eu | - | High
+20 | [40.67.189.14](https://vuldb.com/?ip.40.67.189.14) | - | - | High
+21 | [40.70.224.146](https://vuldb.com/?ip.40.70.224.146) | - | - | High
+22 | [40.76.4.15](https://vuldb.com/?ip.40.76.4.15) | - | - | High
+23 | [40.90.247.210](https://vuldb.com/?ip.40.90.247.210) | - | - | High
+24 | [40.91.124.111](https://vuldb.com/?ip.40.91.124.111) | - | - | High
+25 | [40.112.72.205](https://vuldb.com/?ip.40.112.72.205) | - | - | High
+26 | [40.113.200.201](https://vuldb.com/?ip.40.113.200.201) | - | - | High
+27 | [45.87.76.3](https://vuldb.com/?ip.45.87.76.3) | ntp.devrandom.be | - | High
+28 | [46.17.46.226](https://vuldb.com/?ip.46.17.46.226) | brtnjbjgyi.quest | - | High
+29 | [46.54.224.12](https://vuldb.com/?ip.46.54.224.12) | ntp1.kate-wing.si | - | High
+30 | ... | ... | ... | ...

-There are 100 more IOC items available. Please use our online service to access the data.
+There are 118 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -72,39 +76,35 @@ ID | Type | Indicator | Confidence
 1 | File | `.travis.yml` | Medium
 2 | File | `/.env` | Low
 3 | File | `/admin.php` | Medium
-4 | File | `/admin/config.php?display=disa&view=form` | High
-5 | File | `/category_view.php` | High
-6 | File | `/dev/kmem` | Medium
-7 | File | `/file?action=download&file` | High
-8 | File | `/medical/inventories.php` | High
-9 | File | `/monitoring` | Medium
-10 | File | `/NAGErrors` | Medium
-11 | File | `/plugins/servlet/audit/resource` | High
-12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
-13 | File | `/proc/ioports` | High
-14 | File | `/replication` | Medium
-15 | File | `/RestAPI` | Medium
-16 | File | `/rom-0` | Low
-17 | File | `/tmp` | Low
-18 | File | `/tmp/speedtest_urls.xml` | High
-19 | File | `/tmp/zarafa-vacation-*` | High
-20 | File | `/uncpath/` | Medium
-21 | File | `/upload` | Low
-22 | File | `/var/log/nginx` | High
-23 | File | `/wp-admin/admin.php` | High
-24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-25 | File | `abook_database.php` | High
-26 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
-27 | File | `admin/index.php` | High
-28 | File | `admin/login.php` | High
-29 | File | `admin\model\catalog\download.php` | High
-30 | File | `ajax/render/widget_php` | High
-31 | File | `apcupsd.pid` | Medium
-32 | File | `api/sms/send-sms` | High
-33 | File | `api/v1/alarms` | High
-34 | ... | ... | ...
+4 | File | `/category_view.php` | High
+5 | File | `/dev/kmem` | Medium
+6 | File | `/file?action=download&file` | High
+7 | File | `/medical/inventories.php` | High
+8 | File | `/monitoring` | Medium
+9 | File | `/NAGErrors` | Medium
+10 | File | `/plugins/servlet/audit/resource` | High
+11 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
+12 | File | `/replication` | Medium
+13 | File | `/RestAPI` | Medium
+14 | File | `/tmp` | Low
+15 | File | `/tmp/speedtest_urls.xml` | High
+16 | File | `/tmp/zarafa-vacation-*` | High
+17 | File | `/uncpath/` | Medium
+18 | File | `/upload` | Low
+19 | File | `/var/log/nginx` | High
+20 | File | `/wp-admin/admin.php` | High
+21 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
+22 | File | `admin/index.php` | High
+23 | File | `admin\model\catalog\download.php` | High
+24 | File | `apcupsd.pid` | Medium
+25 | File | `api/sms/send-sms` | High
+26 | File | `api/v1/alarms` | High
+27 | File | `application/controller/InstallerController.php` | High
+28 | File | `apport/hookutils.py` | High
+29 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
+30 | ... | ... | ...

-There are 295 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 258 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -119,6 +119,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2020/12/threat-roundup-1127-1204.html
 * https://blog.talosintelligence.com/2021/01/threat-roundup-0122.html
 * https://blog.talosintelligence.com/2021/09/threat-roundup-0903-0910.html
+* https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html

 ## Literature

--- a/Strike/README.md
+++ b/Strike/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [DE](https://vuldb.com/?country.de)
 * ...

-There are 6 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -54,10 +54,10 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 7 more TTP items available. Please use our online service to access the data.
+There are 6 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -65,44 +65,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `//proc/kcore` | Medium
-2 | File | `/acms/classes/Master.php?f=delete_img` | High
-3 | File | `/admin.php/Label/page_del` | High
-4 | File | `/admin.php/vod/admin/topic/del` | High
-5 | File | `/admin/dl_sendsms.php` | High
-6 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
-7 | File | `/admin/uesrs.php&action=display&value=Hide` | High
-8 | File | `/administrator/templates/default/html/windows/right.php` | High
-9 | File | `/admin_page/all-files-update-ajax.php` | High
-10 | File | `/api/part_categories` | High
-11 | File | `/api/programs/orgUnits?programs` | High
-12 | File | `/api/students/me/courses/` | High
-13 | File | `/api/students/me/messages/` | High
-14 | File | `/Applications/Utilities/Terminal` | High
-15 | File | `/apps/acs-commons/content/page-compare.html` | High
-16 | File | `/asms/classes/Master.php?f=delete_product` | High
-17 | File | `/asms/classes/Master.php?f=save_product` | High
-18 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
-19 | File | `/cdsms/classes/Master.php?f=delete_package` | High
-20 | File | `/checklogin.jsp` | High
-21 | File | `/classes/master.php?f=delete_facility` | High
-22 | File | `/College_Management_System/admin/display-teacher.php` | High
-23 | File | `/coreframe/app/member/admin/group.php` | High
-24 | File | `/ctpms/admin/?page=applications/view_application` | High
-25 | File | `/ctpms/admin/?page=individuals/view_individual` | High
-26 | File | `/ctpms/admin/individuals/update_status.php` | High
-27 | File | `/default.php?idx=17` | High
-28 | File | `/dms/admin/reports/daily_collection_report.php` | High
-29 | File | `/ecrire` | Low
-30 | File | `/eris/index.php?q=result&searchfor=advancesearch` | High
-31 | File | `/goform/aspForm` | High
-32 | File | `/goform/saveParentControlInfo` | High
-33 | File | `/goform/SetClientState` | High
-34 | File | `/goform/SysToolReboot` | High
-35 | File | `/hocms/classes/Master.php?f=delete_member` | High
+1 | File | `.htaccess` | Medium
+2 | File | `//proc/kcore` | Medium
+3 | File | `/acms/classes/Master.php?f=delete_img` | High
+4 | File | `/admin.php/Label/page_del` | High
+5 | File | `/admin.php/vod/admin/topic/del` | High
+6 | File | `/admin/dl_sendmail.php` | High
+7 | File | `/admin/dl_sendsms.php` | High
+8 | File | `/admin_page/all-files-update-ajax.php` | High
+9 | File | `/api/part_categories` | High
+10 | File | `/api/programs/orgUnits?programs` | High
+11 | File | `/api/students/me/courses/` | High
+12 | File | `/Applications/Utilities/Terminal` | High
+13 | File | `/asms/classes/Master.php?f=delete_product` | High
+14 | File | `/asms/classes/Master.php?f=save_product` | High
+15 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
+16 | File | `/bsms/?page=manage_account` | High
+17 | File | `/cgi-bin/kerbynet` | High
+18 | File | `/checklogin.jsp` | High
+19 | File | `/classes/master.php?f=delete_facility` | High
+20 | File | `/College_Management_System/admin/display-teacher.php` | High
+21 | File | `/company` | Medium
+22 | File | `/company/service/increment/add/im` | High
+23 | File | `/ctpms/admin/?page=applications/view_application` | High
+24 | File | `/ctpms/admin/?page=individuals/view_individual` | High
+25 | File | `/ctpms/admin/individuals/update_status.php` | High
+26 | File | `/dms/admin/reports/daily_collection_report.php` | High
+27 | File | `/ecrire` | Low
+28 | File | `/eris/index.php?q=result&searchfor=advancesearch` | High
+29 | File | `/goform/aspForm` | High
+30 | File | `/goform/saveParentControlInfo` | High
+31 | File | `/goform/SetClientState` | High
+32 | File | `/htdocs/cgibin` | High
+33 | File | `/html/Solar_Ftp.php` | High
+34 | File | `/hub/api/user` | High
+35 | File | `/include/chart_generator.php` | High
 36 | ... | ... | ...

-There are 305 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Confucius/README.md
+++ b/actors/Confucius/README.md
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [DE](https://vuldb.com/?country.de)
 * ...

-There are 21 more country items available. Please use our online service to access the data.
+There are 23 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -58,68 +58,66 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `/admin_page/all-files-update-ajax.php` | High
-3 | File | `/assets/ctx` | Medium
-4 | File | `/bsms/?page=products` | High
-5 | File | `/cgi-bin/system_mgr.cgi` | High
-6 | File | `/cloud_config/router_post/check_reg_verify_code` | High
-7 | File | `/concat?/%2557EB-INF/web.xml` | High
-8 | File | `/config/getuser` | High
-9 | File | `/debug/pprof` | Medium
-10 | File | `/dms/admin/reports/daily_collection_report.php` | High
-11 | File | `/ext/phar/phar_object.c` | High
-12 | File | `/filemanager/php/connector.php` | High
-13 | File | `/get_getnetworkconf.cgi` | High
-14 | File | `/HNAP1` | Low
-15 | File | `/include/chart_generator.php` | High
-16 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
-17 | File | `/info.cgi` | Medium
-18 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
-19 | File | `/mgmt/tm/util/bash` | High
-20 | File | `/modx/manager/index.php` | High
-21 | File | `/osm/REGISTER.cmd` | High
-22 | File | `/replication` | Medium
-23 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
-24 | File | `/spip.php` | Medium
-25 | File | `/type.php` | Medium
-26 | File | `/uncpath/` | Medium
-27 | File | `/usr/bin/pkexec` | High
-28 | File | `/Wedding-Management/package_detail.php` | High
-29 | File | `/zm/index.php` | High
-30 | File | `4.2.0.CP09` | Medium
-31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-32 | File | `802dot1xclientcert.cgi` | High
-33 | File | `a2billing/customer/iridium_threed.php` | High
-34 | File | `add.exe` | Low
-35 | File | `admin-ajax.php` | High
-36 | File | `admin.color.php` | High
-37 | File | `admin.cropcanvas.php` | High
-38 | File | `admin.joomlaradiov5.php` | High
-39 | File | `admin.php` | Medium
-40 | File | `admin.php?m=Food&a=addsave` | High
-41 | File | `admin/conf_users_edit.php` | High
-42 | File | `admin/index.php` | High
-43 | File | `admin/limits.php` | High
-44 | File | `admin/user.php` | High
-45 | File | `admin/write-post.php` | High
-46 | File | `administrator/components/com_media/helpers/media.php` | High
-47 | File | `admin_events.php` | High
-48 | File | `akocomments.php` | High
-49 | File | `allopass-error.php` | High
-50 | File | `announcement.php` | High
-51 | File | `app.php` | Low
-52 | File | `apply.cgi` | Medium
-53 | File | `appointment.php` | High
-54 | File | `archiver\index.php` | High
-55 | File | `artlinks.dispnew.php` | High
-56 | File | `auth.inc.php` | Medium
-57 | File | `authorization.do` | High
-58 | File | `bb_usage_stats.php` | High
-59 | File | `binder.c` | Medium
-60 | ... | ... | ...
+1 | File | `.htaccess` | Medium
+2 | File | `/+CSCOE+/logon.html` | High
+3 | File | `/admin_page/all-files-update-ajax.php` | High
+4 | File | `/assets/ctx` | Medium
+5 | File | `/bsms/?page=products` | High
+6 | File | `/cgi-bin/kerbynet` | High
+7 | File | `/cgi-bin/system_mgr.cgi` | High
+8 | File | `/cloud_config/router_post/check_reg_verify_code` | High
+9 | File | `/concat?/%2557EB-INF/web.xml` | High
+10 | File | `/config/getuser` | High
+11 | File | `/debug/pprof` | Medium
+12 | File | `/dms/admin/reports/daily_collection_report.php` | High
+13 | File | `/ext/phar/phar_object.c` | High
+14 | File | `/filemanager/php/connector.php` | High
+15 | File | `/get_getnetworkconf.cgi` | High
+16 | File | `/HNAP1` | Low
+17 | File | `/include/chart_generator.php` | High
+18 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
+19 | File | `/info.cgi` | Medium
+20 | File | `/lists/admin/` | High
+21 | File | `/MagickCore/image.c` | High
+22 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
+23 | File | `/mgmt/tm/util/bash` | High
+24 | File | `/modx/manager/index.php` | High
+25 | File | `/osm/REGISTER.cmd` | High
+26 | File | `/replication` | Medium
+27 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
+28 | File | `/spip.php` | Medium
+29 | File | `/type.php` | Medium
+30 | File | `/uncpath/` | Medium
+31 | File | `/usr/bin/pkexec` | High
+32 | File | `/Wedding-Management/package_detail.php` | High
+33 | File | `/zm/index.php` | High
+34 | File | `4.2.0.CP09` | Medium
+35 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+36 | File | `802dot1xclientcert.cgi` | High
+37 | File | `a2billing/customer/iridium_threed.php` | High
+38 | File | `add.exe` | Low
+39 | File | `admin-ajax.php` | High
+40 | File | `admin.color.php` | High
+41 | File | `admin.cropcanvas.php` | High
+42 | File | `admin.joomlaradiov5.php` | High
+43 | File | `admin.php` | Medium
+44 | File | `admin.php?m=Food&a=addsave` | High
+45 | File | `admin/conf_users_edit.php` | High
+46 | File | `admin/index.php` | High
+47 | File | `admin/limits.php` | High
+48 | File | `admin/user.php` | High
+49 | File | `admin/write-post.php` | High
+50 | File | `administrator/components/com_media/helpers/media.php` | High
+51 | File | `admin_events.php` | High
+52 | File | `akocomments.php` | High
+53 | File | `allopass-error.php` | High
+54 | File | `announcement.php` | High
+55 | File | `app.php` | Low
+56 | File | `apply.cgi` | Medium
+57 | File | `appointment.php` | High
+58 | ... | ... | ...

-There are 521 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 508 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Conti/README.md
+++ b/actors/Conti/README.md
@ -15,12 +15,12 @@ The following _campaigns_ are known and can be associated with Conti:

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Conti:

-* [CN](https://vuldb.com/?country.cn)
 * [US](https://vuldb.com/?country.us)
-* [ES](https://vuldb.com/?country.es)
+* [NL](https://vuldb.com/?country.nl)
+* [CN](https://vuldb.com/?country.cn)
 * ...

-There are 30 more country items available. Please use our online service to access the data.
+There are 21 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -28,62 +28,495 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [3.11.85.34](https://vuldb.com/?ip.3.11.85.34) | ec2-3-11-85-34.eu-west-2.compute.amazonaws.com | - | Medium
-2 | [3.135.216.86](https://vuldb.com/?ip.3.135.216.86) | ec2-3-135-216-86.us-east-2.compute.amazonaws.com | - | Medium
-3 | [5.1.81.68](https://vuldb.com/?ip.5.1.81.68) | mx4.tarifvergleichbhv.net | - | High
-4 | [5.2.78.37](https://vuldb.com/?ip.5.2.78.37) | - | - | High
-5 | [5.2.78.121](https://vuldb.com/?ip.5.2.78.121) | - | - | High
-6 | [5.34.178.185](https://vuldb.com/?ip.5.34.178.185) | hathi1.co.in | - | High
-7 | [5.34.181.18](https://vuldb.com/?ip.5.34.181.18) | storage-669286.hosted-by.itldc.com | - | High
-8 | [5.181.80.113](https://vuldb.com/?ip.5.181.80.113) | ip-80-113-bullethost.net | - | High
-9 | [5.181.80.214](https://vuldb.com/?ip.5.181.80.214) | ip-80-214-bullethost.net | - | High
-10 | [5.181.156.15](https://vuldb.com/?ip.5.181.156.15) | no-rdns.mivocloud.com | - | High
-11 | [5.181.156.166](https://vuldb.com/?ip.5.181.156.166) | 5-181-156-166.mivocloud.com | - | High
-12 | [5.181.156.226](https://vuldb.com/?ip.5.181.156.226) | no-rdns.mivocloud.com | - | High
-13 | [5.183.95.6](https://vuldb.com/?ip.5.183.95.6) | mail.zeakids.de | - | High
-14 | [5.196.197.27](https://vuldb.com/?ip.5.196.197.27) | - | - | High
-15 | [11.22.33.44](https://vuldb.com/?ip.11.22.33.44) | - | - | High
-16 | [13.56.161.214](https://vuldb.com/?ip.13.56.161.214) | ec2-13-56-161-214.us-west-1.compute.amazonaws.com | BazarLoader | Medium
-17 | [23.81.246.30](https://vuldb.com/?ip.23.81.246.30) | - | - | High
-18 | [23.82.140.137](https://vuldb.com/?ip.23.82.140.137) | - | - | High
-19 | [23.95.231.200](https://vuldb.com/?ip.23.95.231.200) | 23-95-231-200-host.colocrossing.com | - | High
-20 | [23.106.160.174](https://vuldb.com/?ip.23.106.160.174) | - | - | High
-21 | [23.146.242.134](https://vuldb.com/?ip.23.146.242.134) | - | - | High
-22 | [23.254.228.234](https://vuldb.com/?ip.23.254.228.234) | hwsrv-935246.hostwindsdns.com | - | High
-23 | [24.185.61.99](https://vuldb.com/?ip.24.185.61.99) | ool-18b93d63.dyn.optonline.net | - | High
-24 | [31.13.195.26](https://vuldb.com/?ip.31.13.195.26) | - | - | High
-25 | [31.13.195.144](https://vuldb.com/?ip.31.13.195.144) | - | - | High
-26 | [31.13.195.184](https://vuldb.com/?ip.31.13.195.184) | - | - | High
-27 | [31.14.40.95](https://vuldb.com/?ip.31.14.40.95) | - | - | High
-28 | [31.14.40.160](https://vuldb.com/?ip.31.14.40.160) | perico.cavepanel.com | BazarLoader | High
-29 | [31.14.40.220](https://vuldb.com/?ip.31.14.40.220) | - | - | High
-30 | [31.214.157.242](https://vuldb.com/?ip.31.214.157.242) | - | - | High
-31 | [34.219.130.241](https://vuldb.com/?ip.34.219.130.241) | ec2-34-219-130-241.us-west-2.compute.amazonaws.com | BazarLoader | Medium
-32 | [37.0.8.166](https://vuldb.com/?ip.37.0.8.166) | - | - | High
-33 | [37.1.209.181](https://vuldb.com/?ip.37.1.209.181) | - | - | High
-34 | [37.187.24.215](https://vuldb.com/?ip.37.187.24.215) | ns3206394.ip-37-187-24.eu | - | High
-35 | [37.220.6.122](https://vuldb.com/?ip.37.220.6.122) | mail.foxlontech.com | - | High
-36 | [37.235.53.46](https://vuldb.com/?ip.37.235.53.46) | gw1.mad1.vitalng.com | - | High
-37 | [38.88.223.172](https://vuldb.com/?ip.38.88.223.172) | - | - | High
-38 | [38.92.176.125](https://vuldb.com/?ip.38.92.176.125) | - | - | High
-39 | [38.92.191.89](https://vuldb.com/?ip.38.92.191.89) | - | - | High
-40 | [38.135.122.194](https://vuldb.com/?ip.38.135.122.194) | h194-us122.fcsrv.net | - | High
-41 | [43.126.75.91](https://vuldb.com/?ip.43.126.75.91) | - | - | High
-42 | [45.11.183.198](https://vuldb.com/?ip.45.11.183.198) | - | - | High
-43 | [45.11.183.211](https://vuldb.com/?ip.45.11.183.211) | - | - | High
-44 | [45.14.226.23](https://vuldb.com/?ip.45.14.226.23) | - | - | High
-45 | [45.14.226.47](https://vuldb.com/?ip.45.14.226.47) | - | - | High
-46 | [45.32.131.223](https://vuldb.com/?ip.45.32.131.223) | - | - | High
-47 | [45.32.132.182](https://vuldb.com/?ip.45.32.132.182) | 45.32.132.182.vultr.com | - | Medium
-48 | [45.61.136.221](https://vuldb.com/?ip.45.61.136.221) | - | - | High
-49 | [45.61.138.153](https://vuldb.com/?ip.45.61.138.153) | - | - | High
-50 | [45.67.228.196](https://vuldb.com/?ip.45.67.228.196) | moe.m | - | High
-51 | [45.126.75.91](https://vuldb.com/?ip.45.126.75.91) | 43.126.75.91.stargatecommunications.com | - | High
-52 | [45.141.101.253](https://vuldb.com/?ip.45.141.101.253) | ongu.golderitu.com | - | High
-53 | [45.141.103.194](https://vuldb.com/?ip.45.141.103.194) | ptr.ruvds.com | - | High
-54 | ... | ... | ... | ...
+1 | [1.1.1.1](https://vuldb.com/?ip.1.1.1.1) | one.one.one.one | - | High
+2 | [1.1.1.2](https://vuldb.com/?ip.1.1.1.2) | - | - | High
+3 | [1.1.1.22](https://vuldb.com/?ip.1.1.1.22) | - | - | High
+4 | [1.1.1.23](https://vuldb.com/?ip.1.1.1.23) | - | - | High
+5 | [1.1.1.31](https://vuldb.com/?ip.1.1.1.31) | - | - | High
+6 | [1.1.1.32](https://vuldb.com/?ip.1.1.1.32) | - | - | High
+7 | [1.1.1.47](https://vuldb.com/?ip.1.1.1.47) | - | - | High
+8 | [1.1.1.56](https://vuldb.com/?ip.1.1.1.56) | - | - | High
+9 | [1.1.1.112](https://vuldb.com/?ip.1.1.1.112) | - | - | High
+10 | [1.1.1.132](https://vuldb.com/?ip.1.1.1.132) | - | - | High
+11 | [1.1.2.1](https://vuldb.com/?ip.1.1.2.1) | - | - | High
+12 | [1.1.2.2](https://vuldb.com/?ip.1.1.2.2) | - | - | High
+13 | [1.1.2.4](https://vuldb.com/?ip.1.1.2.4) | - | - | High
+14 | [1.1.3.6](https://vuldb.com/?ip.1.1.3.6) | - | - | High
+15 | [1.1.3.7](https://vuldb.com/?ip.1.1.3.7) | - | - | High
+16 | [1.1.3.8](https://vuldb.com/?ip.1.1.3.8) | - | - | High
+17 | [1.1.4.1](https://vuldb.com/?ip.1.1.4.1) | - | - | High
+18 | [1.1.4.19](https://vuldb.com/?ip.1.1.4.19) | - | - | High
+19 | [1.1.4.223](https://vuldb.com/?ip.1.1.4.223) | - | - | High
+20 | [1.1.5.1](https://vuldb.com/?ip.1.1.5.1) | - | - | High
+21 | [1.1.6.1](https://vuldb.com/?ip.1.1.6.1) | - | - | High
+22 | [1.1.7.32](https://vuldb.com/?ip.1.1.7.32) | - | - | High
+23 | [1.1.8.1](https://vuldb.com/?ip.1.1.8.1) | - | - | High
+24 | [1.1.8.23](https://vuldb.com/?ip.1.1.8.23) | - | - | High
+25 | [1.1.9.1](https://vuldb.com/?ip.1.1.9.1) | - | - | High
+26 | [1.1.9.6](https://vuldb.com/?ip.1.1.9.6) | - | - | High
+27 | [1.1.9.33](https://vuldb.com/?ip.1.1.9.33) | - | - | High
+28 | [1.1.9.126](https://vuldb.com/?ip.1.1.9.126) | - | - | High
+29 | [1.1.11.1](https://vuldb.com/?ip.1.1.11.1) | - | - | High
+30 | [1.1.12.1](https://vuldb.com/?ip.1.1.12.1) | - | - | High
+31 | [1.1.19.1](https://vuldb.com/?ip.1.1.19.1) | - | - | High
+32 | [1.1.21.1](https://vuldb.com/?ip.1.1.21.1) | - | - | High
+33 | [1.1.25.1](https://vuldb.com/?ip.1.1.25.1) | - | - | High
+34 | [1.1.28.1](https://vuldb.com/?ip.1.1.28.1) | - | - | High
+35 | [1.1.83.99](https://vuldb.com/?ip.1.1.83.99) | - | - | High
+36 | [1.2.1.2](https://vuldb.com/?ip.1.2.1.2) | - | - | High
+37 | [1.2.1.7](https://vuldb.com/?ip.1.2.1.7) | - | - | High
+38 | [1.2.1.24](https://vuldb.com/?ip.1.2.1.24) | - | - | High
+39 | [1.2.1.25](https://vuldb.com/?ip.1.2.1.25) | - | - | High
+40 | [1.2.1.53](https://vuldb.com/?ip.1.2.1.53) | - | - | High
+41 | [1.2.1.85](https://vuldb.com/?ip.1.2.1.85) | - | - | High
+42 | [1.2.2.3](https://vuldb.com/?ip.1.2.2.3) | - | - | High
+43 | [1.2.2.37](https://vuldb.com/?ip.1.2.2.37) | - | - | High
+44 | [1.2.3.4](https://vuldb.com/?ip.1.2.3.4) | - | - | High
+45 | [1.2.3.14](https://vuldb.com/?ip.1.2.3.14) | - | - | High
+46 | [1.2.3.255](https://vuldb.com/?ip.1.2.3.255) | - | - | High
+47 | [1.2.4.28](https://vuldb.com/?ip.1.2.4.28) | - | - | High
+48 | [1.2.6.7](https://vuldb.com/?ip.1.2.6.7) | - | - | High
+49 | [1.2.11.1](https://vuldb.com/?ip.1.2.11.1) | - | - | High
+50 | [1.2.11.2](https://vuldb.com/?ip.1.2.11.2) | - | - | High
+51 | [1.2.14.135](https://vuldb.com/?ip.1.2.14.135) | - | - | High
+52 | [1.2.18.5](https://vuldb.com/?ip.1.2.18.5) | - | - | High
+53 | [1.2.22.1](https://vuldb.com/?ip.1.2.22.1) | - | - | High
+54 | [1.2.23.1](https://vuldb.com/?ip.1.2.23.1) | - | - | High
+55 | [1.2.25.1](https://vuldb.com/?ip.1.2.25.1) | - | - | High
+56 | [1.2.26.1](https://vuldb.com/?ip.1.2.26.1) | - | - | High
+57 | [1.2.31.2](https://vuldb.com/?ip.1.2.31.2) | - | - | High
+58 | [1.2.126.84](https://vuldb.com/?ip.1.2.126.84) | - | - | High
+59 | [1.3.1.1](https://vuldb.com/?ip.1.3.1.1) | - | - | High
+60 | [1.3.1.173](https://vuldb.com/?ip.1.3.1.173) | - | - | High
+61 | [1.3.2.18](https://vuldb.com/?ip.1.3.2.18) | - | - | High
+62 | [1.3.2.74](https://vuldb.com/?ip.1.3.2.74) | - | - | High
+63 | [1.3.3.41](https://vuldb.com/?ip.1.3.3.41) | - | - | High
+64 | [1.3.4.66](https://vuldb.com/?ip.1.3.4.66) | - | - | High
+65 | [1.3.6.9](https://vuldb.com/?ip.1.3.6.9) | - | - | High
+66 | [1.3.21.115](https://vuldb.com/?ip.1.3.21.115) | - | - | High
+67 | [1.3.25.11](https://vuldb.com/?ip.1.3.25.11) | - | - | High
+68 | [1.3.26.4](https://vuldb.com/?ip.1.3.26.4) | - | - | High
+69 | [1.3.28.15](https://vuldb.com/?ip.1.3.28.15) | - | - | High
+70 | [1.3.31.5](https://vuldb.com/?ip.1.3.31.5) | - | - | High
+71 | [1.3.32.136](https://vuldb.com/?ip.1.3.32.136) | - | - | High
+72 | [1.3.33.17](https://vuldb.com/?ip.1.3.33.17) | - | - | High
+73 | [1.3.33.23](https://vuldb.com/?ip.1.3.33.23) | - | - | High
+74 | [1.3.34.7](https://vuldb.com/?ip.1.3.34.7) | - | - | High
+75 | [1.3.34.17](https://vuldb.com/?ip.1.3.34.17) | - | - | High
+76 | [1.3.34.26](https://vuldb.com/?ip.1.3.34.26) | - | - | High
+77 | [1.3.35.1](https://vuldb.com/?ip.1.3.35.1) | - | - | High
+78 | [1.3.35.45](https://vuldb.com/?ip.1.3.35.45) | - | - | High
+79 | [1.3.36.6](https://vuldb.com/?ip.1.3.36.6) | - | - | High
+80 | [1.3.36.51](https://vuldb.com/?ip.1.3.36.51) | - | - | High
+81 | [1.3.38.13](https://vuldb.com/?ip.1.3.38.13) | - | - | High
+82 | [1.3.38.16](https://vuldb.com/?ip.1.3.38.16) | - | - | High
+83 | [1.3.38.34](https://vuldb.com/?ip.1.3.38.34) | - | - | High
+84 | [1.3.38.35](https://vuldb.com/?ip.1.3.38.35) | - | - | High
+85 | [1.3.38.92](https://vuldb.com/?ip.1.3.38.92) | - | - | High
+86 | [1.3.38.94](https://vuldb.com/?ip.1.3.38.94) | - | - | High
+87 | [1.3.85.73](https://vuldb.com/?ip.1.3.85.73) | - | - | High
+88 | [1.3.129.37](https://vuldb.com/?ip.1.3.129.37) | - | - | High
+89 | [1.3.135.29](https://vuldb.com/?ip.1.3.135.29) | - | - | High
+90 | [1.3.151.27](https://vuldb.com/?ip.1.3.151.27) | - | - | High
+91 | [1.3.153.47](https://vuldb.com/?ip.1.3.153.47) | - | - | High
+92 | [1.3.153.53](https://vuldb.com/?ip.1.3.153.53) | - | - | High
+93 | [1.3.153.55](https://vuldb.com/?ip.1.3.153.55) | - | - | High
+94 | [1.3.153.57](https://vuldb.com/?ip.1.3.153.57) | - | - | High
+95 | [1.4.1.255](https://vuldb.com/?ip.1.4.1.255) | - | - | High
+96 | [1.4.2.1](https://vuldb.com/?ip.1.4.2.1) | - | - | High
+97 | [1.4.2.79](https://vuldb.com/?ip.1.4.2.79) | - | - | High
+98 | [1.4.2.82](https://vuldb.com/?ip.1.4.2.82) | - | - | High
+99 | [1.4.3.1](https://vuldb.com/?ip.1.4.3.1) | - | - | High
+100 | [1.4.3.3](https://vuldb.com/?ip.1.4.3.3) | - | - | High
+101 | [1.4.4.1](https://vuldb.com/?ip.1.4.4.1) | - | - | High
+102 | [1.4.5.5](https://vuldb.com/?ip.1.4.5.5) | - | - | High
+103 | [1.4.5.17](https://vuldb.com/?ip.1.4.5.17) | - | - | High
+104 | [1.4.7.1](https://vuldb.com/?ip.1.4.7.1) | - | - | High
+105 | [1.4.8.2](https://vuldb.com/?ip.1.4.8.2) | - | - | High
+106 | [1.4.9.2](https://vuldb.com/?ip.1.4.9.2) | - | - | High
+107 | [1.4.14.1](https://vuldb.com/?ip.1.4.14.1) | - | - | High
+108 | [1.4.14.2](https://vuldb.com/?ip.1.4.14.2) | - | - | High
+109 | [1.4.15.1](https://vuldb.com/?ip.1.4.15.1) | - | - | High
+110 | [1.4.22.1](https://vuldb.com/?ip.1.4.22.1) | - | - | High
+111 | [1.4.32.1](https://vuldb.com/?ip.1.4.32.1) | - | - | High
+112 | [1.5.1.7](https://vuldb.com/?ip.1.5.1.7) | - | - | High
+113 | [1.5.2.1](https://vuldb.com/?ip.1.5.2.1) | - | - | High
+114 | [1.5.6.15](https://vuldb.com/?ip.1.5.6.15) | - | - | High
+115 | [1.5.6.17](https://vuldb.com/?ip.1.5.6.17) | - | - | High
+116 | [1.5.6.19](https://vuldb.com/?ip.1.5.6.19) | - | - | High
+117 | [1.5.7.9](https://vuldb.com/?ip.1.5.7.9) | - | - | High
+118 | [1.6.2.4](https://vuldb.com/?ip.1.6.2.4) | - | - | High
+119 | [1.6.3.1](https://vuldb.com/?ip.1.6.3.1) | - | - | High
+120 | [1.6.3.24](https://vuldb.com/?ip.1.6.3.24) | - | - | High
+121 | [1.7.2.4](https://vuldb.com/?ip.1.7.2.4) | - | - | High
+122 | [1.7.4.3](https://vuldb.com/?ip.1.7.4.3) | - | - | High
+123 | [1.7.5.63](https://vuldb.com/?ip.1.7.5.63) | - | - | High
+124 | [1.7.45.16](https://vuldb.com/?ip.1.7.45.16) | - | - | High
+125 | [1.8.3.212](https://vuldb.com/?ip.1.8.3.212) | - | - | High
+126 | [1.8.4.1](https://vuldb.com/?ip.1.8.4.1) | - | - | High
+127 | [1.9.1.15](https://vuldb.com/?ip.1.9.1.15) | - | - | High
+128 | [1.9.2.8](https://vuldb.com/?ip.1.9.2.8) | - | - | High
+129 | [1.9.5.68](https://vuldb.com/?ip.1.9.5.68) | - | - | High
+130 | [1.9.7.2](https://vuldb.com/?ip.1.9.7.2) | - | - | High
+131 | [1.9.7.27](https://vuldb.com/?ip.1.9.7.27) | - | - | High
+132 | [1.13.2.28](https://vuldb.com/?ip.1.13.2.28) | - | - | High
+133 | [1.16.33.1](https://vuldb.com/?ip.1.16.33.1) | - | - | High
+134 | [1.16.41.3](https://vuldb.com/?ip.1.16.41.3) | - | - | High
+135 | [1.16.43.1](https://vuldb.com/?ip.1.16.43.1) | - | - | High
+136 | [1.16.47.1](https://vuldb.com/?ip.1.16.47.1) | - | - | High
+137 | [1.16.56.1](https://vuldb.com/?ip.1.16.56.1) | - | - | High
+138 | [1.16.61.1](https://vuldb.com/?ip.1.16.61.1) | - | - | High
+139 | [1.18.15.1](https://vuldb.com/?ip.1.18.15.1) | - | - | High
+140 | [1.19.9.1](https://vuldb.com/?ip.1.19.9.1) | - | - | High
+141 | [1.21.1.38](https://vuldb.com/?ip.1.21.1.38) | - | - | High
+142 | [1.21.2.1](https://vuldb.com/?ip.1.21.2.1) | 1-21-2-1.s1st1.gt1.hqmo.net | - | High
+143 | [1.31.1.122](https://vuldb.com/?ip.1.31.1.122) | - | - | High
+144 | [1.31.8.1](https://vuldb.com/?ip.1.31.8.1) | - | - | High
+145 | [1.31.36.19](https://vuldb.com/?ip.1.31.36.19) | - | - | High
+146 | [1.31.36.23](https://vuldb.com/?ip.1.31.36.23) | - | - | High
+147 | [1.31.38.54](https://vuldb.com/?ip.1.31.38.54) | - | - | High
+148 | [1.35.127.1](https://vuldb.com/?ip.1.35.127.1) | 1-35-127-1.dynamic-ip.hinet.net | - | High
+149 | [1.35.133.1](https://vuldb.com/?ip.1.35.133.1) | 1-35-133-1.dynamic-ip.hinet.net | - | High
+150 | [1.43.128.3](https://vuldb.com/?ip.1.43.128.3) | n1-43-128-3.mas2.nsw.optusnet.com.au | - | High
+151 | [1.45.2.52](https://vuldb.com/?ip.1.45.2.52) | - | - | High
+152 | [1.49.213.1](https://vuldb.com/?ip.1.49.213.1) | - | - | High
+153 | [1.67.12.19](https://vuldb.com/?ip.1.67.12.19) | mo1-67-12-19.air.mopera.net | - | High
+154 | [1.67.12.24](https://vuldb.com/?ip.1.67.12.24) | mo1-67-12-24.air.mopera.net | - | High
+155 | [2.1.1.1](https://vuldb.com/?ip.2.1.1.1) | - | - | High
+156 | [2.1.1.3](https://vuldb.com/?ip.2.1.1.3) | - | - | High
+157 | [2.1.1.116](https://vuldb.com/?ip.2.1.1.116) | - | - | High
+158 | [2.1.3.5](https://vuldb.com/?ip.2.1.3.5) | - | - | High
+159 | [2.1.3.127](https://vuldb.com/?ip.2.1.3.127) | - | - | High
+160 | [2.1.6.9](https://vuldb.com/?ip.2.1.6.9) | - | - | High
+161 | [2.1.8.6](https://vuldb.com/?ip.2.1.8.6) | - | - | High
+162 | [2.1.9.5](https://vuldb.com/?ip.2.1.9.5) | - | - | High
+163 | [2.1.28.1](https://vuldb.com/?ip.2.1.28.1) | - | - | High
+164 | [2.1.28.63](https://vuldb.com/?ip.2.1.28.63) | - | - | High
+165 | [2.1.67.1](https://vuldb.com/?ip.2.1.67.1) | - | - | High
+166 | [2.1.71.14](https://vuldb.com/?ip.2.1.71.14) | - | - | High
+167 | [2.2.1.37](https://vuldb.com/?ip.2.2.1.37) | - | - | High
+168 | [2.2.2.2](https://vuldb.com/?ip.2.2.2.2) | - | - | High
+169 | [2.2.3.51](https://vuldb.com/?ip.2.2.3.51) | - | - | High
+170 | [2.2.3.57](https://vuldb.com/?ip.2.2.3.57) | - | - | High
+171 | [2.2.3.148](https://vuldb.com/?ip.2.2.3.148) | - | - | High
+172 | [2.2.4.35](https://vuldb.com/?ip.2.2.4.35) | - | - | High
+173 | [2.2.4.44](https://vuldb.com/?ip.2.2.4.44) | - | - | High
+174 | [2.2.4.85](https://vuldb.com/?ip.2.2.4.85) | - | - | High
+175 | [2.2.5.1](https://vuldb.com/?ip.2.2.5.1) | - | - | High
+176 | [2.2.6.87](https://vuldb.com/?ip.2.2.6.87) | - | - | High
+177 | [2.2.32.1](https://vuldb.com/?ip.2.2.32.1) | - | - | High
+178 | [2.2.51.84](https://vuldb.com/?ip.2.2.51.84) | - | - | High
+179 | [2.3.1.4](https://vuldb.com/?ip.2.3.1.4) | lfbn-cle-1-2-4.w2-3.abo.wanadoo.fr | - | High
+180 | [2.3.2.26](https://vuldb.com/?ip.2.3.2.26) | lfbn-cle-1-113-26.w2-3.abo.wanadoo.fr | - | High
+181 | [2.3.2.48](https://vuldb.com/?ip.2.3.2.48) | lfbn-cle-1-113-48.w2-3.abo.wanadoo.fr | - | High
+182 | [2.3.3.1](https://vuldb.com/?ip.2.3.3.1) | lfbn-cle-1-180-1.w2-3.abo.wanadoo.fr | - | High
+183 | [2.3.3.3](https://vuldb.com/?ip.2.3.3.3) | lfbn-cle-1-180-3.w2-3.abo.wanadoo.fr | - | High
+184 | [2.3.4.5](https://vuldb.com/?ip.2.3.4.5) | lfbn-cle-1-191-5.w2-3.abo.wanadoo.fr | - | High
+185 | [2.3.25.112](https://vuldb.com/?ip.2.3.25.112) | lfbn-cle-1-169-112.w2-3.abo.wanadoo.fr | - | High
+186 | [2.3.69.53](https://vuldb.com/?ip.2.3.69.53) | lfbn-cle-1-223-53.w2-3.abo.wanadoo.fr | - | High
+187 | [2.4.1.2](https://vuldb.com/?ip.2.4.1.2) | lfbn-mon-1-514-2.w2-4.abo.wanadoo.fr | - | High
+188 | [2.4.1.51](https://vuldb.com/?ip.2.4.1.51) | lfbn-mon-1-514-51.w2-4.abo.wanadoo.fr | - | High
+189 | [2.4.2.1](https://vuldb.com/?ip.2.4.2.1) | lfbn-mon-1-625-1.w2-4.abo.wanadoo.fr | - | High
+190 | [2.4.3.35](https://vuldb.com/?ip.2.4.3.35) | lfbn-mon-1-692-35.w2-4.abo.wanadoo.fr | - | High
+191 | [2.4.4.75](https://vuldb.com/?ip.2.4.4.75) | lfbn-mon-1-703-75.w2-4.abo.wanadoo.fr | - | High
+192 | [2.4.4.184](https://vuldb.com/?ip.2.4.4.184) | lfbn-mon-1-703-184.w2-4.abo.wanadoo.fr | - | High
+193 | [2.4.8.1](https://vuldb.com/?ip.2.4.8.1) | lfbn-mon-1-747-1.w2-4.abo.wanadoo.fr | - | High
+194 | [2.5.1.15](https://vuldb.com/?ip.2.5.1.15) | alille-656-1-156-15.w2-5.abo.wanadoo.fr | - | High
+195 | [2.5.1.177](https://vuldb.com/?ip.2.5.1.177) | alille-656-1-156-177.w2-5.abo.wanadoo.fr | - | High
+196 | [2.5.2.26](https://vuldb.com/?ip.2.5.2.26) | alille-656-1-157-26.w2-5.abo.wanadoo.fr | - | High
+197 | [2.5.8.27](https://vuldb.com/?ip.2.5.8.27) | aamiens-157-1-19-27.w2-5.abo.wanadoo.fr | - | High
+198 | [2.5.171.27](https://vuldb.com/?ip.2.5.171.27) | - | - | High
+199 | [2.6.1.5](https://vuldb.com/?ip.2.6.1.5) | - | - | High
+200 | [2.6.3.1](https://vuldb.com/?ip.2.6.3.1) | - | - | High
+201 | [2.6.3.135](https://vuldb.com/?ip.2.6.3.135) | - | - | High
+202 | [2.6.5.1](https://vuldb.com/?ip.2.6.5.1) | atoulouse-652-1-38-1.w2-6.abo.wanadoo.fr | - | High
+203 | [2.7.1.111](https://vuldb.com/?ip.2.7.1.111) | lfbn-lyo-1-258-111.w2-7.abo.wanadoo.fr | - | High
+204 | [2.8.3.3](https://vuldb.com/?ip.2.8.3.3) | anantes-650-1-206-3.w2-8.abo.wanadoo.fr | - | High
+205 | [2.8.3.96](https://vuldb.com/?ip.2.8.3.96) | anantes-650-1-206-96.w2-8.abo.wanadoo.fr | - | High
+206 | [2.8.4.1](https://vuldb.com/?ip.2.8.4.1) | anantes-650-1-207-1.w2-8.abo.wanadoo.fr | - | High
+207 | [2.8.25.18](https://vuldb.com/?ip.2.8.25.18) | anantes-650-1-122-18.w2-8.abo.wanadoo.fr | - | High
+208 | [2.8.31.13](https://vuldb.com/?ip.2.8.31.13) | anantes-159-1-30-13.w2-8.abo.wanadoo.fr | - | High
+209 | [2.8.51.16](https://vuldb.com/?ip.2.8.51.16) | anantes-557-1-196-16.w2-8.abo.wanadoo.fr | - | High
+210 | [2.8.66.18](https://vuldb.com/?ip.2.8.66.18) | anantes-652-1-211-18.w2-8.abo.wanadoo.fr | - | High
+211 | [2.8.71.15](https://vuldb.com/?ip.2.8.71.15) | anantes-652-1-216-15.w2-8.abo.wanadoo.fr | - | High
+212 | [2.8.73.2](https://vuldb.com/?ip.2.8.73.2) | anantes-658-1-126-2.w2-8.abo.wanadoo.fr | - | High
+213 | [2.8.91.15](https://vuldb.com/?ip.2.8.91.15) | anantes-659-1-164-15.w2-8.abo.wanadoo.fr | - | High
+214 | [2.8.111.14](https://vuldb.com/?ip.2.8.111.14) | anantes-652-1-256-14.w2-8.abo.wanadoo.fr | - | High
+215 | [2.8.144.1](https://vuldb.com/?ip.2.8.144.1) | anantes-659-1-137-1.w2-8.abo.wanadoo.fr | - | High
+216 | [2.8.151.12](https://vuldb.com/?ip.2.8.151.12) | anantes-650-1-172-12.w2-8.abo.wanadoo.fr | - | High
+217 | [2.8.161.12](https://vuldb.com/?ip.2.8.161.12) | anantes-658-1-114-12.w2-8.abo.wanadoo.fr | - | High
+218 | [2.8.171.11](https://vuldb.com/?ip.2.8.171.11) | anantes-159-1-24-11.w2-8.abo.wanadoo.fr | - | High
+219 | [2.8.181.13](https://vuldb.com/?ip.2.8.181.13) | anantes-557-1-206-13.w2-8.abo.wanadoo.fr | - | High
+220 | [2.8.191.12](https://vuldb.com/?ip.2.8.191.12) | anantes-652-1-224-12.w2-8.abo.wanadoo.fr | - | High
+221 | [2.8.211.12](https://vuldb.com/?ip.2.8.211.12) | anantes-650-1-120-12.w2-8.abo.wanadoo.fr | - | High
+222 | [2.8.221.11](https://vuldb.com/?ip.2.8.221.11) | anantes-659-1-158-11.w2-8.abo.wanadoo.fr | - | High
+223 | [2.8.231.11](https://vuldb.com/?ip.2.8.231.11) | anantes-659-1-200-11.w2-8.abo.wanadoo.fr | - | High
+224 | [2.8.241.7](https://vuldb.com/?ip.2.8.241.7) | anantes-650-1-90-7.w2-8.abo.wanadoo.fr | - | High
+225 | [2.8.251.8](https://vuldb.com/?ip.2.8.251.8) | anantes-652-1-276-8.w2-8.abo.wanadoo.fr | - | High
+226 | [2.9.1.3](https://vuldb.com/?ip.2.9.1.3) | anantes-156-1-2-3.w2-9.abo.wanadoo.fr | - | High
+227 | [2.9.5.3](https://vuldb.com/?ip.2.9.5.3) | anantes-154-1-70-3.w2-9.abo.wanadoo.fr | - | High
+228 | [2.9.5.41](https://vuldb.com/?ip.2.9.5.41) | anantes-154-1-70-41.w2-9.abo.wanadoo.fr | - | High
+229 | [2.9.8.11](https://vuldb.com/?ip.2.9.8.11) | anantes-154-1-73-11.w2-9.abo.wanadoo.fr | - | High
+230 | [2.11.4.125](https://vuldb.com/?ip.2.11.4.125) | arennes-258-1-165-125.w2-11.abo.wanadoo.fr | - | High
+231 | [2.11.13.53](https://vuldb.com/?ip.2.11.13.53) | arennes-258-1-174-53.w2-11.abo.wanadoo.fr | - | High
+232 | [2.11.52.58](https://vuldb.com/?ip.2.11.52.58) | arennes-652-1-53-58.w2-11.abo.wanadoo.fr | - | High
+233 | [2.12.3.86](https://vuldb.com/?ip.2.12.3.86) | arennes-651-1-300-86.w2-12.abo.wanadoo.fr | - | High
+234 | [2.12.12.4](https://vuldb.com/?ip.2.12.12.4) | arennes-662-1-35-4.w2-12.abo.wanadoo.fr | - | High
+235 | [2.18.1.1](https://vuldb.com/?ip.2.18.1.1) | a2-18-1-1.deploy.static.akamaitechnologies.com | - | High
+236 | [2.19.4.32](https://vuldb.com/?ip.2.19.4.32) | a2-19-4-32.deploy.static.akamaitechnologies.com | - | High
+237 | [2.21.24.34](https://vuldb.com/?ip.2.21.24.34) | a2-21-24-34.deploy.static.akamaitechnologies.com | - | High
+238 | [2.56.115.39](https://vuldb.com/?ip.2.56.115.39) | - | - | High
+239 | [3.1.1.1](https://vuldb.com/?ip.3.1.1.1) | ec2-3-1-1-1.ap-southeast-1.compute.amazonaws.com | - | Medium
+240 | [3.1.1.3](https://vuldb.com/?ip.3.1.1.3) | ec2-3-1-1-3.ap-southeast-1.compute.amazonaws.com | - | Medium
+241 | [3.1.1.35](https://vuldb.com/?ip.3.1.1.35) | ec2-3-1-1-35.ap-southeast-1.compute.amazonaws.com | - | Medium
+242 | [3.1.2.4](https://vuldb.com/?ip.3.1.2.4) | ec2-3-1-2-4.ap-southeast-1.compute.amazonaws.com | - | Medium
+243 | [3.1.2.9](https://vuldb.com/?ip.3.1.2.9) | ec2-3-1-2-9.ap-southeast-1.compute.amazonaws.com | - | Medium
+244 | [3.1.2.36](https://vuldb.com/?ip.3.1.2.36) | ec2-3-1-2-36.ap-southeast-1.compute.amazonaws.com | - | Medium
+245 | [3.1.2.41](https://vuldb.com/?ip.3.1.2.41) | ec2-3-1-2-41.ap-southeast-1.compute.amazonaws.com | - | Medium
+246 | [3.1.3.34](https://vuldb.com/?ip.3.1.3.34) | ec2-3-1-3-34.ap-southeast-1.compute.amazonaws.com | - | Medium
+247 | [3.1.9.5](https://vuldb.com/?ip.3.1.9.5) | ec2-3-1-9-5.ap-southeast-1.compute.amazonaws.com | - | Medium
+248 | [3.1.11.38](https://vuldb.com/?ip.3.1.11.38) | ec2-3-1-11-38.ap-southeast-1.compute.amazonaws.com | - | Medium
+249 | [3.1.13.29](https://vuldb.com/?ip.3.1.13.29) | ec2-3-1-13-29.ap-southeast-1.compute.amazonaws.com | - | Medium
+250 | [3.1.17.213](https://vuldb.com/?ip.3.1.17.213) | ec2-3-1-17-213.ap-southeast-1.compute.amazonaws.com | - | Medium
+251 | [3.1.19.214](https://vuldb.com/?ip.3.1.19.214) | ec2-3-1-19-214.ap-southeast-1.compute.amazonaws.com | - | Medium
+252 | [3.1.21.215](https://vuldb.com/?ip.3.1.21.215) | ec2-3-1-21-215.ap-southeast-1.compute.amazonaws.com | - | Medium
+253 | [3.1.44.5](https://vuldb.com/?ip.3.1.44.5) | ec2-3-1-44-5.ap-southeast-1.compute.amazonaws.com | - | Medium
+254 | [3.1.64.11](https://vuldb.com/?ip.3.1.64.11) | ec2-3-1-64-11.ap-southeast-1.compute.amazonaws.com | - | Medium
+255 | [3.2.1.2](https://vuldb.com/?ip.3.2.1.2) | - | - | High
+256 | [3.2.7.175](https://vuldb.com/?ip.3.2.7.175) | - | - | High
+257 | [3.3.1.3](https://vuldb.com/?ip.3.3.1.3) | - | - | High
+258 | [3.3.2.18](https://vuldb.com/?ip.3.3.2.18) | - | - | High
+259 | [3.3.2.198](https://vuldb.com/?ip.3.3.2.198) | - | - | High
+260 | [3.3.4.29](https://vuldb.com/?ip.3.3.4.29) | - | - | High
+261 | [3.3.13.227](https://vuldb.com/?ip.3.3.13.227) | - | - | High
+262 | [3.3.14.5](https://vuldb.com/?ip.3.3.14.5) | - | - | High
+263 | [3.3.14.231](https://vuldb.com/?ip.3.3.14.231) | - | - | High
+264 | [3.4.1.83](https://vuldb.com/?ip.3.4.1.83) | - | - | High
+265 | [3.4.2.2](https://vuldb.com/?ip.3.4.2.2) | - | - | High
+266 | [3.4.4.132](https://vuldb.com/?ip.3.4.4.132) | - | - | High
+267 | [3.4.8.2](https://vuldb.com/?ip.3.4.8.2) | - | - | High
+268 | [3.4.8.3](https://vuldb.com/?ip.3.4.8.3) | - | - | High
+269 | [3.4.8.4](https://vuldb.com/?ip.3.4.8.4) | - | - | High
+270 | [3.4.8.16](https://vuldb.com/?ip.3.4.8.16) | - | - | High
+271 | [3.4.18.177](https://vuldb.com/?ip.3.4.18.177) | - | - | High
+272 | [3.5.1.119](https://vuldb.com/?ip.3.5.1.119) | - | - | High
+273 | [3.5.1.252](https://vuldb.com/?ip.3.5.1.252) | - | - | High
+274 | [3.5.8.14](https://vuldb.com/?ip.3.5.8.14) | s3.us-east-1.amazonaws.com | - | Medium
+275 | [3.5.9.181](https://vuldb.com/?ip.3.5.9.181) | - | - | High
+276 | [3.5.171.27](https://vuldb.com/?ip.3.5.171.27) | - | - | High
+277 | [3.6.1.27](https://vuldb.com/?ip.3.6.1.27) | ec2-3-6-1-27.ap-south-1.compute.amazonaws.com | - | Medium
+278 | [3.6.1.33](https://vuldb.com/?ip.3.6.1.33) | ec2-3-6-1-33.ap-south-1.compute.amazonaws.com | - | Medium
+279 | [3.6.8.2](https://vuldb.com/?ip.3.6.8.2) | ec2-3-6-8-2.ap-south-1.compute.amazonaws.com | - | Medium
+280 | [3.7.1.13](https://vuldb.com/?ip.3.7.1.13) | ec2-3-7-1-13.ap-south-1.compute.amazonaws.com | - | Medium
+281 | [3.7.1.28](https://vuldb.com/?ip.3.7.1.28) | ec2-3-7-1-28.ap-south-1.compute.amazonaws.com | - | Medium
+282 | [3.7.1.46](https://vuldb.com/?ip.3.7.1.46) | ec2-3-7-1-46.ap-south-1.compute.amazonaws.com | - | Medium
+283 | [3.7.2.3](https://vuldb.com/?ip.3.7.2.3) | ec2-3-7-2-3.ap-south-1.compute.amazonaws.com | - | Medium
+284 | [3.7.3.1](https://vuldb.com/?ip.3.7.3.1) | ec2-3-7-3-1.ap-south-1.compute.amazonaws.com | - | Medium
+285 | [3.7.5.1](https://vuldb.com/?ip.3.7.5.1) | ec2-3-7-5-1.ap-south-1.compute.amazonaws.com | - | Medium
+286 | [3.7.8.2](https://vuldb.com/?ip.3.7.8.2) | ec2-3-7-8-2.ap-south-1.compute.amazonaws.com | - | Medium
+287 | [3.8.1.23](https://vuldb.com/?ip.3.8.1.23) | ec2-3-8-1-23.eu-west-2.compute.amazonaws.com | - | Medium
+288 | [3.8.3.29](https://vuldb.com/?ip.3.8.3.29) | ec2-3-8-3-29.eu-west-2.compute.amazonaws.com | - | Medium
+289 | [3.8.5.29](https://vuldb.com/?ip.3.8.5.29) | ec2-3-8-5-29.eu-west-2.compute.amazonaws.com | - | Medium
+290 | [3.9.1.33](https://vuldb.com/?ip.3.9.1.33) | ec2-3-9-1-33.eu-west-2.compute.amazonaws.com | - | Medium
+291 | [3.9.1.171](https://vuldb.com/?ip.3.9.1.171) | ec2-3-9-1-171.eu-west-2.compute.amazonaws.com | - | Medium
+292 | [3.9.1.245](https://vuldb.com/?ip.3.9.1.245) | ec2-3-9-1-245.eu-west-2.compute.amazonaws.com | - | Medium
+293 | [3.9.2.1](https://vuldb.com/?ip.3.9.2.1) | ec2-3-9-2-1.eu-west-2.compute.amazonaws.com | - | Medium
+294 | [3.9.2.57](https://vuldb.com/?ip.3.9.2.57) | ec2-3-9-2-57.eu-west-2.compute.amazonaws.com | - | Medium
+295 | [3.9.7.11](https://vuldb.com/?ip.3.9.7.11) | ec2-3-9-7-11.eu-west-2.compute.amazonaws.com | - | Medium
+296 | [3.9.9.46](https://vuldb.com/?ip.3.9.9.46) | ec2-3-9-9-46.eu-west-2.compute.amazonaws.com | - | Medium
+297 | [3.9.14.1](https://vuldb.com/?ip.3.9.14.1) | ec2-3-9-14-1.eu-west-2.compute.amazonaws.com | - | Medium
+298 | [3.9.141.25](https://vuldb.com/?ip.3.9.141.25) | ec2-3-9-141-25.eu-west-2.compute.amazonaws.com | - | Medium
+299 | [3.11.2.63](https://vuldb.com/?ip.3.11.2.63) | ec2-3-11-2-63.eu-west-2.compute.amazonaws.com | - | Medium
+300 | [3.11.85.34](https://vuldb.com/?ip.3.11.85.34) | ec2-3-11-85-34.eu-west-2.compute.amazonaws.com | - | Medium
+301 | [3.12.41.3](https://vuldb.com/?ip.3.12.41.3) | ec2-3-12-41-3.us-east-2.compute.amazonaws.com | - | Medium
+302 | [3.12.41.157](https://vuldb.com/?ip.3.12.41.157) | ec2-3-12-41-157.us-east-2.compute.amazonaws.com | - | Medium
+303 | [3.15.36.195](https://vuldb.com/?ip.3.15.36.195) | ec2-3-15-36-195.us-east-2.compute.amazonaws.com | - | Medium
+304 | [3.21.2.2](https://vuldb.com/?ip.3.21.2.2) | ec2-3-21-2-2.us-east-2.compute.amazonaws.com | - | Medium
+305 | [3.81.126.82](https://vuldb.com/?ip.3.81.126.82) | ec2-3-81-126-82.compute-1.amazonaws.com | - | Medium
+306 | [3.82.197.66](https://vuldb.com/?ip.3.82.197.66) | ec2-3-82-197-66.compute-1.amazonaws.com | - | Medium
+307 | [3.84.251.164](https://vuldb.com/?ip.3.84.251.164) | ec2-3-84-251-164.compute-1.amazonaws.com | - | Medium
+308 | [3.86.163.159](https://vuldb.com/?ip.3.86.163.159) | ec2-3-86-163-159.compute-1.amazonaws.com | - | Medium
+309 | [3.88.67.132](https://vuldb.com/?ip.3.88.67.132) | ec2-3-88-67-132.compute-1.amazonaws.com | - | Medium
+310 | [3.91.47.199](https://vuldb.com/?ip.3.91.47.199) | ec2-3-91-47-199.compute-1.amazonaws.com | - | Medium
+311 | [3.94.2.21](https://vuldb.com/?ip.3.94.2.21) | ec2-3-94-2-21.compute-1.amazonaws.com | - | Medium
+312 | [3.95.231.52](https://vuldb.com/?ip.3.95.231.52) | ec2-3-95-231-52.compute-1.amazonaws.com | - | Medium
+313 | [3.97.2.2](https://vuldb.com/?ip.3.97.2.2) | ec2-3-97-2-2.ca-central-1.compute.amazonaws.com | - | Medium
+314 | [3.128.1.1](https://vuldb.com/?ip.3.128.1.1) | ec2-3-128-1-1.us-east-2.compute.amazonaws.com | - | Medium
+315 | [3.128.1.29](https://vuldb.com/?ip.3.128.1.29) | ec2-3-128-1-29.us-east-2.compute.amazonaws.com | - | Medium
+316 | [3.128.197.68](https://vuldb.com/?ip.3.128.197.68) | ec2-3-128-197-68.us-east-2.compute.amazonaws.com | - | Medium
+317 | [3.128.222.222](https://vuldb.com/?ip.3.128.222.222) | ec2-3-128-222-222.us-east-2.compute.amazonaws.com | - | Medium
+318 | [3.135.193.147](https://vuldb.com/?ip.3.135.193.147) | ec2-3-135-193-147.us-east-2.compute.amazonaws.com | - | Medium
+319 | [3.135.216.86](https://vuldb.com/?ip.3.135.216.86) | ec2-3-135-216-86.us-east-2.compute.amazonaws.com | - | Medium
+320 | [3.137.174.178](https://vuldb.com/?ip.3.137.174.178) | ec2-3-137-174-178.us-east-2.compute.amazonaws.com | - | Medium
+321 | [3.138.117.231](https://vuldb.com/?ip.3.138.117.231) | ec2-3-138-117-231.us-east-2.compute.amazonaws.com | - | Medium
+322 | [3.139.97.6](https://vuldb.com/?ip.3.139.97.6) | ec2-3-139-97-6.us-east-2.compute.amazonaws.com | - | Medium
+323 | [3.215.239.59](https://vuldb.com/?ip.3.215.239.59) | ess.com | - | High
+324 | [3.235.164.215](https://vuldb.com/?ip.3.235.164.215) | ec2-3-235-164-215.compute-1.amazonaws.com | - | Medium
+325 | [3.238.75.236](https://vuldb.com/?ip.3.238.75.236) | ec2-3-238-75-236.compute-1.amazonaws.com | - | Medium
+326 | [3.238.77.5](https://vuldb.com/?ip.3.238.77.5) | ec2-3-238-77-5.compute-1.amazonaws.com | - | Medium
+327 | [4.1.1.14](https://vuldb.com/?ip.4.1.1.14) | - | - | High
+328 | [4.1.1.33](https://vuldb.com/?ip.4.1.1.33) | ae31-346.bar2.SaltLakeCity1.Level3.net | - | High
+329 | [4.1.1.64](https://vuldb.com/?ip.4.1.1.64) | - | - | High
+330 | [4.1.1.65](https://vuldb.com/?ip.4.1.1.65) | ae31-1367.bar2.SaltLakeCity1.Level3.net | - | High
+331 | [4.1.2.73](https://vuldb.com/?ip.4.1.2.73) | - | - | High
+332 | [4.1.3.3](https://vuldb.com/?ip.4.1.3.3) | - | - | High
+333 | [4.1.4.3](https://vuldb.com/?ip.4.1.4.3) | - | - | High
+334 | [4.1.4.254](https://vuldb.com/?ip.4.1.4.254) | - | - | High
+335 | [4.1.5.3](https://vuldb.com/?ip.4.1.5.3) | - | - | High
+336 | [4.1.5.97](https://vuldb.com/?ip.4.1.5.97) | ae30-111.bar3.SaltLakeCity1.Level3.net | - | High
+337 | [4.1.6.32](https://vuldb.com/?ip.4.1.6.32) | - | - | High
+338 | [4.1.11.34](https://vuldb.com/?ip.4.1.11.34) | - | - | High
+339 | [4.1.11.36](https://vuldb.com/?ip.4.1.11.36) | - | - | High
+340 | [4.1.41.223](https://vuldb.com/?ip.4.1.41.223) | - | - | High
+341 | [4.2.1.28](https://vuldb.com/?ip.4.2.1.28) | - | - | High
+342 | [4.2.1.89](https://vuldb.com/?ip.4.2.1.89) | - | - | High
+343 | [4.2.3.1](https://vuldb.com/?ip.4.2.3.1) | - | - | High
+344 | [4.2.4.154](https://vuldb.com/?ip.4.2.4.154) | - | - | High
+345 | [4.2.5.168](https://vuldb.com/?ip.4.2.5.168) | - | - | High
+346 | [4.2.6.18](https://vuldb.com/?ip.4.2.6.18) | - | - | High
+347 | [4.2.11.42](https://vuldb.com/?ip.4.2.11.42) | - | - | High
+348 | [4.2.41.27](https://vuldb.com/?ip.4.2.41.27) | e0.nycmny1-ercp1.bbnplanet.net | - | High
+349 | [4.2.235.73](https://vuldb.com/?ip.4.2.235.73) | lag-30-2698-99.bear2.Houston1.Level3.net | - | High
+350 | [4.3.2.1](https://vuldb.com/?ip.4.3.2.1) | - | - | High
+351 | [4.3.2.132](https://vuldb.com/?ip.4.3.2.132) | - | - | High
+352 | [4.3.2.171](https://vuldb.com/?ip.4.3.2.171) | - | - | High
+353 | [4.3.9.62](https://vuldb.com/?ip.4.3.9.62) | - | - | High
+354 | [4.3.9.244](https://vuldb.com/?ip.4.3.9.244) | - | - | High
+355 | [4.4.1.7](https://vuldb.com/?ip.4.4.1.7) | - | - | High
+356 | [4.4.1.122](https://vuldb.com/?ip.4.4.1.122) | - | - | High
+357 | [4.4.3.149](https://vuldb.com/?ip.4.4.3.149) | - | - | High
+358 | [4.4.4.126](https://vuldb.com/?ip.4.4.4.126) | - | - | High
+359 | [4.4.8.56](https://vuldb.com/?ip.4.4.8.56) | - | - | High
+360 | [4.4.8.137](https://vuldb.com/?ip.4.4.8.137) | lag-30-2387-99.bear1.Nashville1.Level3.net | - | High
+361 | [4.4.9.142](https://vuldb.com/?ip.4.4.9.142) | - | - | High
+362 | [4.4.129.1](https://vuldb.com/?ip.4.4.129.1) | 2-1-c26-2.ear1.Spokane3.Level3.net | - | High
+363 | [4.5.2.157](https://vuldb.com/?ip.4.5.2.157) | - | - | High
+364 | [4.5.4.1](https://vuldb.com/?ip.4.5.4.1) | - | - | High
+365 | [4.5.4.2](https://vuldb.com/?ip.4.5.4.2) | - | - | High
+366 | [4.5.41.23](https://vuldb.com/?ip.4.5.41.23) | - | - | High
+367 | [4.5.146.1](https://vuldb.com/?ip.4.5.146.1) | - | - | High
+368 | [4.5.245.1](https://vuldb.com/?ip.4.5.245.1) | - | - | High
+369 | [4.6.1.1](https://vuldb.com/?ip.4.6.1.1) | - | - | High
+370 | [4.6.1.6](https://vuldb.com/?ip.4.6.1.6) | - | - | High
+371 | [4.6.5.184](https://vuldb.com/?ip.4.6.5.184) | - | - | High
+372 | [4.6.6.1](https://vuldb.com/?ip.4.6.6.1) | - | - | High
+373 | [4.6.11.191](https://vuldb.com/?ip.4.6.11.191) | - | - | High
+374 | [4.6.12.241](https://vuldb.com/?ip.4.6.12.241) | - | - | High
+375 | [4.6.13.29](https://vuldb.com/?ip.4.6.13.29) | - | - | High
+376 | [4.6.21.1](https://vuldb.com/?ip.4.6.21.1) | - | - | High
+377 | [4.6.22.1](https://vuldb.com/?ip.4.6.22.1) | - | - | High
+378 | [4.6.23.1](https://vuldb.com/?ip.4.6.23.1) | - | - | High
+379 | [4.6.39.2](https://vuldb.com/?ip.4.6.39.2) | - | - | High
+380 | [4.7.5.249](https://vuldb.com/?ip.4.7.5.249) | - | - | High
+381 | [4.8.1.7](https://vuldb.com/?ip.4.8.1.7) | - | - | High
+382 | [4.8.12.29](https://vuldb.com/?ip.4.8.12.29) | - | - | High
+383 | [4.8.84.163](https://vuldb.com/?ip.4.8.84.163) | - | - | High
+384 | [4.9.1.1](https://vuldb.com/?ip.4.9.1.1) | - | - | High
+385 | [4.9.1.72](https://vuldb.com/?ip.4.9.1.72) | - | - | High
+386 | [4.12.5.8](https://vuldb.com/?ip.4.12.5.8) | - | - | High
+387 | [4.12.5.36](https://vuldb.com/?ip.4.12.5.36) | - | - | High
+388 | [4.13.1.38](https://vuldb.com/?ip.4.13.1.38) | - | - | High
+389 | [4.13.3.38](https://vuldb.com/?ip.4.13.3.38) | - | - | High
+390 | [4.17.1.19](https://vuldb.com/?ip.4.17.1.19) | - | - | High
+391 | [4.22.1.6](https://vuldb.com/?ip.4.22.1.6) | - | - | High
+392 | [4.65.5.65](https://vuldb.com/?ip.4.65.5.65) | - | - | High
+393 | [5.1.1.118](https://vuldb.com/?ip.5.1.1.118) | 5-1-1-118.datagroup.ua | - | High
+394 | [5.1.4.119](https://vuldb.com/?ip.5.1.4.119) | 5-1-4-119.datagroup.ua | - | High
+395 | [5.1.8.12](https://vuldb.com/?ip.5.1.8.12) | 5-1-8-12.datagroup.ua | - | High
+396 | [5.1.14.61](https://vuldb.com/?ip.5.1.14.61) | 5-1-14-61.datagroup.ua | - | High
+397 | [5.1.25.49](https://vuldb.com/?ip.5.1.25.49) | 5-1-25-49.datagroup.ua | - | High
+398 | [5.1.81.68](https://vuldb.com/?ip.5.1.81.68) | mx4.tarifvergleichbhv.net | - | High
+399 | [5.1.219.93](https://vuldb.com/?ip.5.1.219.93) | - | - | High
+400 | [5.2.1.44](https://vuldb.com/?ip.5.2.1.44) | - | - | High
+401 | [5.2.1.129](https://vuldb.com/?ip.5.2.1.129) | - | - | High
+402 | [5.2.5.1](https://vuldb.com/?ip.5.2.5.1) | - | - | High
+403 | [5.2.9.2](https://vuldb.com/?ip.5.2.9.2) | - | - | High
+404 | [5.2.78.37](https://vuldb.com/?ip.5.2.78.37) | - | - | High
+405 | [5.2.78.121](https://vuldb.com/?ip.5.2.78.121) | - | - | High
+406 | [5.3.1.47](https://vuldb.com/?ip.5.3.1.47) | 5x3x1x47.static-business.spb.ertelecom.ru | - | High
+407 | [5.3.1.138](https://vuldb.com/?ip.5.3.1.138) | 5x3x1x138.static-business.spb.ertelecom.ru | - | High
+408 | [5.3.2.138](https://vuldb.com/?ip.5.3.2.138) | 5x3x2x138.static-business.spb.ertelecom.ru | - | High
+409 | [5.3.21.42](https://vuldb.com/?ip.5.3.21.42) | 5x3x21x42.static-business.belgorod.ertelecom.ru | - | High
+410 | [5.3.138.1](https://vuldb.com/?ip.5.3.138.1) | 5x3x138x1.dynamic.oren.ertelecom.ru | - | High
+411 | [5.4.1.149](https://vuldb.com/?ip.5.4.1.149) | dynamic-005-004-001-149.5.4.pool.telefonica.de | - | High
+412 | [5.4.2.41](https://vuldb.com/?ip.5.4.2.41) | dynamic-005-004-002-041.5.4.pool.telefonica.de | - | High
+413 | [5.4.3.39](https://vuldb.com/?ip.5.4.3.39) | dynamic-005-004-003-039.5.4.pool.telefonica.de | - | High
+414 | [5.4.3.151](https://vuldb.com/?ip.5.4.3.151) | dynamic-005-004-003-151.5.4.pool.telefonica.de | - | High
+415 | [5.5.1.34](https://vuldb.com/?ip.5.5.1.34) | dynamic-005-005-001-034.5.5.pool.telefonica.de | - | High
+416 | [5.5.1.38](https://vuldb.com/?ip.5.5.1.38) | dynamic-005-005-001-038.5.5.pool.telefonica.de | - | High
+417 | [5.5.2.52](https://vuldb.com/?ip.5.5.2.52) | dynamic-005-005-002-052.5.5.pool.telefonica.de | - | High
+418 | [5.5.2.197](https://vuldb.com/?ip.5.5.2.197) | dynamic-005-005-002-197.5.5.pool.telefonica.de | - | High
+419 | [5.5.3.61](https://vuldb.com/?ip.5.5.3.61) | dynamic-005-005-003-061.5.5.pool.telefonica.de | - | High
+420 | [5.5.4.26](https://vuldb.com/?ip.5.5.4.26) | dynamic-005-005-004-026.5.5.pool.telefonica.de | - | High
+421 | [5.6.5.236](https://vuldb.com/?ip.5.6.5.236) | dynamic-005-006-005-236.5.6.pool.telefonica.de | - | High
+422 | [5.6.6.232](https://vuldb.com/?ip.5.6.6.232) | dynamic-005-006-006-232.5.6.pool.telefonica.de | - | High
+423 | [5.6.7.8](https://vuldb.com/?ip.5.6.7.8) | dynamic-005-006-007-008.5.6.pool.telefonica.de | - | High
+424 | [5.6.7.43](https://vuldb.com/?ip.5.6.7.43) | dynamic-005-006-007-043.5.6.pool.telefonica.de | - | High
+425 | [5.7.1.116](https://vuldb.com/?ip.5.7.1.116) | dynamic-005-007-001-116.5.7.pool.telefonica.de | - | High
+426 | [5.7.1.179](https://vuldb.com/?ip.5.7.1.179) | dynamic-005-007-001-179.5.7.pool.telefonica.de | - | High
+427 | [5.7.4.39](https://vuldb.com/?ip.5.7.4.39) | dynamic-005-007-004-039.5.7.pool.telefonica.de | - | High
+428 | [5.7.21.28](https://vuldb.com/?ip.5.7.21.28) | dynamic-005-007-021-028.5.7.pool.telefonica.de | - | High
+429 | [5.9.7.72](https://vuldb.com/?ip.5.9.7.72) | static.72.7.9.5.clients.your-server.de | - | High
+430 | [5.9.178.75](https://vuldb.com/?ip.5.9.178.75) | glass-expander.bentneed.org | - | High
+431 | [5.17.161.235](https://vuldb.com/?ip.5.17.161.235) | 5x17x161x235.static-business.spb.ertelecom.ru | - | High
+432 | [5.34.178.59](https://vuldb.com/?ip.5.34.178.59) | yaalex32.isplevel.pro | - | High
+433 | [5.34.178.185](https://vuldb.com/?ip.5.34.178.185) | hathi1.co.in | - | High
+434 | [5.34.178.247](https://vuldb.com/?ip.5.34.178.247) | us.vps.98 | - | High
+435 | [5.34.181.18](https://vuldb.com/?ip.5.34.181.18) | storage-669286.hosted-by.itldc.com | - | High
+436 | [5.34.181.32](https://vuldb.com/?ip.5.34.181.32) | vds15933.example.nl | - | High
+437 | [5.39.1.6](https://vuldb.com/?ip.5.39.1.6) | ip6.ip-5-39-1.eu | - | High
+438 | [5.39.63.98](https://vuldb.com/?ip.5.39.63.98) | - | - | High
+439 | [5.61.32.173](https://vuldb.com/?ip.5.61.32.173) | - | - | High
+440 | [5.61.33.195](https://vuldb.com/?ip.5.61.33.195) | mail.chesm.org | - | High
+441 | [5.61.34.63](https://vuldb.com/?ip.5.61.34.63) | - | - | High
+442 | [5.61.34.245](https://vuldb.com/?ip.5.61.34.245) | prikolisti.net | - | High
+443 | [5.61.36.89](https://vuldb.com/?ip.5.61.36.89) | - | - | High
+444 | [5.61.45.151](https://vuldb.com/?ip.5.61.45.151) | - | - | High
+445 | [5.61.61.169](https://vuldb.com/?ip.5.61.61.169) | - | - | High
+446 | [5.181.80.113](https://vuldb.com/?ip.5.181.80.113) | ip-80-113-bullethost.net | - | High
+447 | [5.181.80.214](https://vuldb.com/?ip.5.181.80.214) | ip-80-214-bullethost.net | - | High
+448 | [5.181.156.15](https://vuldb.com/?ip.5.181.156.15) | no-rdns.mivocloud.com | - | High
+449 | [5.181.156.16](https://vuldb.com/?ip.5.181.156.16) | 5-181-156-16.mivocloud.com | - | High
+450 | [5.181.156.69](https://vuldb.com/?ip.5.181.156.69) | no-rdns.mivocloud.com | - | High
+451 | [5.181.156.166](https://vuldb.com/?ip.5.181.156.166) | 5-181-156-166.mivocloud.com | - | High
+452 | [5.181.156.211](https://vuldb.com/?ip.5.181.156.211) | 5-181-156-211.mivocloud.com | - | High
+453 | [5.181.156.226](https://vuldb.com/?ip.5.181.156.226) | no-rdns.mivocloud.com | - | High
+454 | [5.181.156.238](https://vuldb.com/?ip.5.181.156.238) | no-rdns.mivocloud.com | - | High
+455 | [5.182.211.25](https://vuldb.com/?ip.5.182.211.25) | - | - | High
+456 | [5.182.211.47](https://vuldb.com/?ip.5.182.211.47) | - | - | High
+457 | [5.182.211.124](https://vuldb.com/?ip.5.182.211.124) | mu124.mundial.web.tr | - | High
+458 | [5.182.211.125](https://vuldb.com/?ip.5.182.211.125) | - | - | High
+459 | [5.182.211.138](https://vuldb.com/?ip.5.182.211.138) | - | - | High
+460 | [5.182.211.218](https://vuldb.com/?ip.5.182.211.218) | - | - | High
+461 | [5.182.211.222](https://vuldb.com/?ip.5.182.211.222) | adlt.locrum.icu | - | High
+462 | [5.182.211.223](https://vuldb.com/?ip.5.182.211.223) | ernu.locrum.icu | - | High
+463 | [5.183.95.6](https://vuldb.com/?ip.5.183.95.6) | mail.zeakids.de | - | High
+464 | [5.188.133.193](https://vuldb.com/?ip.5.188.133.193) | stack.example.com | - | High
+465 | [5.196.197.27](https://vuldb.com/?ip.5.196.197.27) | - | - | High
+466 | [5.199.174.223](https://vuldb.com/?ip.5.199.174.223) | - | - | High
+467 | [5.255.96.16](https://vuldb.com/?ip.5.255.96.16) | - | - | High
+468 | [5.255.255.5](https://vuldb.com/?ip.5.255.255.5) | yandex.ru | - | High
+469 | [6.1.1.8](https://vuldb.com/?ip.6.1.1.8) | - | - | High
+470 | [6.1.1.28](https://vuldb.com/?ip.6.1.1.28) | - | - | High
+471 | [6.1.1.35](https://vuldb.com/?ip.6.1.1.35) | - | - | High
+472 | [6.1.4.2](https://vuldb.com/?ip.6.1.4.2) | - | - | High
+473 | [6.1.19.84](https://vuldb.com/?ip.6.1.19.84) | - | - | High
+474 | [6.2.1.19](https://vuldb.com/?ip.6.2.1.19) | - | - | High
+475 | [6.2.2.1](https://vuldb.com/?ip.6.2.2.1) | - | - | High
+476 | [6.2.2.2](https://vuldb.com/?ip.6.2.2.2) | - | - | High
+477 | [6.2.2.3](https://vuldb.com/?ip.6.2.2.3) | - | - | High
+478 | [6.2.2.224](https://vuldb.com/?ip.6.2.2.224) | - | - | High
+479 | [6.2.3.248](https://vuldb.com/?ip.6.2.3.248) | - | - | High
+480 | [6.2.3.251](https://vuldb.com/?ip.6.2.3.251) | - | - | High
+481 | [6.2.4.2](https://vuldb.com/?ip.6.2.4.2) | - | - | High
+482 | [6.2.4.27](https://vuldb.com/?ip.6.2.4.27) | - | - | High
+483 | [6.2.5.2](https://vuldb.com/?ip.6.2.5.2) | - | - | High
+484 | [6.2.16.1](https://vuldb.com/?ip.6.2.16.1) | - | - | High
+485 | [6.2.18.1](https://vuldb.com/?ip.6.2.18.1) | - | - | High
+486 | [6.2.39.1](https://vuldb.com/?ip.6.2.39.1) | - | - | High
+487 | ... | ... | ... | ...

-There are 213 more IOC items available. Please use our online service to access the data.
+There are 1943 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -93,10 +526,10 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 6 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -108,52 +541,46 @@ ID | Type | Indicator | Confidence
 2 | File | `//proc/kcore` | Medium
 3 | File | `/admin/contenttemp` | High
 4 | File | `/admin/modules/system/custom_field.php` | High
-5 | File | `/Ap4RtpAtom.cpp` | High
-6 | File | `/api/crontab` | Medium
-7 | File | `/bcms/admin/?page=user/list` | High
-8 | File | `/bin/boa` | Medium
+5 | File | `/admin/user/UserAdmin.do` | High
+6 | File | `/Ap4RtpAtom.cpp` | High
+7 | File | `/api/crontab` | Medium
+8 | File | `/bcms/admin/?page=user/list` | High
 9 | File | `/cgi-bin/wapopen` | High
 10 | File | `/cgi-mod/lookup.cgi` | High
-11 | File | `/context/%2e/WEB-INF/web.xml` | High
+11 | File | `/controller/Index.php` | High
 12 | File | `/debug/pprof` | Medium
-13 | File | `/fuel/index.php/fuel/logs/items` | High
-14 | File | `/fuel/sitevariables/delete/4` | High
-15 | File | `/iissamples` | Medium
-16 | File | `/mgmt/tm/util/bash` | High
-17 | File | `/modules/profile/index.php` | High
-18 | File | `/new` | Low
-19 | File | `/nova/bin/console` | High
-20 | File | `/proc/<pid>/status` | High
-21 | File | `/public/plugins/` | High
-22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-23 | File | `/secure/QueryComponent!Default.jspa` | High
-24 | File | `/show_news.php` | High
-25 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
-26 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-27 | File | `/tmp` | Low
-28 | File | `/uncpath/` | Medium
-29 | File | `/usr/bin/pkexec` | High
-30 | File | `/usr/sbin/suexec` | High
-31 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
-32 | File | `/WEB-INF/web.xml` | High
-33 | File | `/wp-admin/admin-ajax.php` | High
-34 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-35 | File | `AccountManagerService.java` | High
-36 | File | `actions/CompanyDetailsSave.php` | High
-37 | File | `ActivityManagerService.java` | High
-38 | File | `admin.php` | Medium
-39 | File | `admin.php?page=languages` | High
-40 | File | `admin/add-glossary.php` | High
-41 | File | `admin/admin.php` | High
-42 | ... | ... | ...
+13 | File | `/devices/acurite.c` | High
+14 | File | `/example/editor` | High
+15 | File | `/file?action=download&file` | High
+16 | File | `/fuel/index.php/fuel/logs/items` | High
+17 | File | `/fuel/sitevariables/delete/4` | High
+18 | File | `/goform/login_process` | High
+19 | File | `/goform/rlmswitchr_process` | High
+20 | File | `/goforms/rlminfo` | High
+21 | File | `/include/chart_generator.php` | High
+22 | File | `/mgmt/tm/util/bash` | High
+23 | File | `/mhds/clinic/view_details.php` | High
+24 | File | `/newsDia.php` | Medium
+25 | File | `/nova/bin/console` | High
+26 | File | `/product_list.php` | High
+27 | File | `/ptms/?page=user` | High
+28 | File | `/scas/admin/` | Medium
+29 | File | `/scas/classes/Users.php?f=save_user` | High
+30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+31 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
+32 | File | `/tmp/zarafa-vacation-*` | High
+33 | File | `/uncpath/` | Medium
+34 | File | `/upload` | Low
+35 | ... | ... | ...

-There are 361 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 300 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

 * https://ddanchev.blogspot.com/2022/02/exposing-conti-ransomware-gang-osint_28.html
+* https://ddanchev.blogspot.com/2022/06/how-to-take-down-conti-ransomware-gang.html
 * https://github.com/sophoslabs/IoCs/blob/master/Ransomware-Conti.csv
 * https://thedfirreport.com/2021/05/12/conti-ransomware/
 * https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/
--- a/actors/CopyKittens/README.md
+++ b/actors/CopyKittens/README.md
@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with CopyKittens:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CopyKittens:

 * [ES](https://vuldb.com/?country.es)
+* [PT](https://vuldb.com/?country.pt)
 * [SV](https://vuldb.com/?country.sv)
-* [IT](https://vuldb.com/?country.it)
 * ...

-There are 9 more country items available. Please use our online service to access the data.
+There are 8 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -59,7 +59,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -70,38 +70,40 @@ ID | Type | Indicator | Confidence
 1 | File | `/?module=fileman&section=get&page=grid` | High
 2 | File | `/admin.php/singer/admin/singer/hy` | High
 3 | File | `/admin.php/vod/admin/topic/del` | High
-4 | File | `/admin/edit.php` | High
-5 | File | `/admin/modules/system/custom_field.php` | High
-6 | File | `/admin/new-content` | High
-7 | File | `/admin/weixin.php` | High
-8 | File | `/alerts/alertLightbox.php` | High
-9 | File | `/api /v3/auth` | High
-10 | File | `/apps/acs-commons/content/page-compare.html` | High
-11 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
-12 | File | `/bcms/admin/courts/manage_court.php` | High
-13 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
-14 | File | `/car-rental-management-system/admin/manage_booking.php` | High
-15 | File | `/classes/Users.php?f=save` | High
-16 | File | `/cloud_config/router_post/upgrade_info` | High
-17 | File | `/cms/classes/Master.php?f=delete_client` | High
-18 | File | `/config` | Low
-19 | File | `/defaultui/player/modern.html` | High
-20 | File | `/gaia-job-admin/user/add` | High
-21 | File | `/goform/aspForm` | High
-22 | File | `/goform/login_process` | High
-23 | File | `/goform/SetInternetLanInfo` | High
-24 | File | `/goform/setNetworkLan` | High
-25 | File | `/goform/setPicListItem` | High
-26 | File | `/goform/SetSysTimeCfg` | High
-27 | File | `/html/Solar_Ftp.php` | High
-28 | File | `/lists/admin/` | High
-29 | File | `/mngset/authset` | High
-30 | File | `/mtms/admin/?page=transaction/send` | High
-31 | File | `/ok_png.c` | Medium
-32 | File | `/one_church/userregister.php` | High
-33 | ... | ... | ...
+4 | File | `/admin/deluser.php` | High
+5 | File | `/admin/edit.php` | High
+6 | File | `/admin/googleads.php` | High
+7 | File | `/admin/new-content` | High
+8 | File | `/admin/operations/tax.php` | High
+9 | File | `/admin/payment.php` | High
+10 | File | `/admin/scheprofile.cgi` | High
+11 | File | `/admin/weixin.php` | High
+12 | File | `/apps/acs-commons/content/page-compare.html` | High
+13 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
+14 | File | `/bcms/admin/courts/manage_court.php` | High
+15 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
+16 | File | `/car-rental-management-system/admin/manage_booking.php` | High
+17 | File | `/cgi-bin/kerbynet` | High
+18 | File | `/classes/Users.php?f=save` | High
+19 | File | `/cms/classes/Master.php?f=delete_client` | High
+20 | File | `/config` | Low
+21 | File | `/defaultui/player/modern.html` | High
+22 | File | `/ffos/admin/categories/manage_category.php` | High
+23 | File | `/ffos/admin/menus/view_menu.php` | High
+24 | File | `/gaia-job-admin/user/add` | High
+25 | File | `/goform/aspForm` | High
+26 | File | `/goform/login_process` | High
+27 | File | `/goform/setNetworkLan` | High
+28 | File | `/goform/SetSysTimeCfg` | High
+29 | File | `/html/Solar_Ftp.php` | High
+30 | File | `/lists/admin/` | High
+31 | File | `/mngset/authset` | High
+32 | File | `/mtms/admin/?page=transaction/send` | High
+33 | File | `/orrs/admin/trains/manage_train.php` | High
+34 | File | `/otps/classes/Master.php?f=delete_team` | High
+35 | ... | ... | ...

-There are 284 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Gorge/README.md
+++ b/Gorge/README.md
@ -51,7 +51,7 @@ ID | Type | Indicator | Confidence
 6 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
 7 | ... | ... | ...

-There are 45 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 46 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Blink/README.md
+++ b/Blink/README.md
@ -41,7 +41,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1548.002 | CWE-285 | Improper Authorization | High
 4 | ... | ... | ... | ...

-There are 3 more TTP items available. Please use our online service to access the data.
+There are 4 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -49,17 +49,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/etc/passwd` | Medium
-2 | File | `/tmp` | Low
-3 | File | `AbstractController.php` | High
-4 | File | `ActBar.ocx` | Medium
-5 | File | `add_ons.php` | Medium
-6 | File | `admin.comms.php` | High
-7 | File | `admin.php` | Medium
-8 | File | `admin/bad.php` | High
-9 | ... | ... | ...
+1 | File | `/doorgets/app/views/ajax/commentView.php` | High
+2 | File | `/etc/passwd` | Medium
+3 | File | `/tmp` | Low
+4 | File | `AbstractController.php` | High
+5 | File | `ActBar.ocx` | Medium
+6 | File | `add_ons.php` | Medium
+7 | File | `admin.comms.php` | High
+8 | File | `admin.php` | Medium
+9 | File | `admin/bad.php` | High
+10 | ... | ... | ...

-There are 67 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 71 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Dealply/README.md
+++ b/actors/Dealply/README.md
@ -74,7 +74,7 @@ ID | Type | Indicator | Confidence
 21 | File | `/mtms/admin/?page=user/manage_user` | High
 22 | ... | ... | ...

-There are 180 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 182 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Dharma/README.md
+++ b/actors/Dharma/README.md
@ -20,12 +20,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-2 | T1059.007 | CWE-79 | Cross Site Scripting | High
-3 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
+1 | T1008 | CWE-757 | Algorithm Downgrade | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...

-There are 4 more TTP items available. Please use our online service to access the data.
+There are 8 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -33,13 +33,33 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/adm/setmain.php` | High
-2 | File | `/classes/master.php?f=delete_facility` | High
-3 | File | `/dms/admin/reports/daily_collection_report.php` | High
-4 | File | `/ecrire` | Low
-5 | ... | ... | ...
+1 | File | `/admin/deluser.php` | High
+2 | File | `/admin/dl_sendmail.php` | High
+3 | File | `/admin/operations/tax.php` | High
+4 | File | `/admin/showbad.php` | High
+5 | File | `/admin/ztliuyan_sendmail.php` | High
+6 | File | `/api/v2/config` | High
+7 | File | `/appinfo/save` | High
+8 | File | `/ATL/VQ23` | Medium
+9 | File | `/cgi-bin/ExportAllSettings.sh` | High
+10 | File | `/coreframe/app/pay/admin/index.php` | High
+11 | File | `/dashboard/snapshot/*?orgId=0` | High
+12 | File | `/dl/dl_sendmail.php` | High
+13 | File | `/dl/dl_sendsms.php` | High
+14 | File | `/ffos/admin/categories/manage_category.php` | High
+15 | File | `/ffos/admin/categories/view_category.php` | High
+16 | File | `/ffos/admin/menus/manage_menu.php` | High
+17 | File | `/ffos/admin/sales/receipt.php` | High
+18 | File | `/ffos/classes/Master.php?f=delete_category` | High
+19 | File | `/ffos/classes/Master.php?f=delete_img` | High
+20 | File | `/ffos/classes/Master.php?f=delete_menu` | High
+21 | File | `/hprms/admin/?page=patients/view_patient` | High
+22 | File | `/hprms/admin/?page=user/manage_user` | High
+23 | File | `/hprms/admin/doctors/manage_doctor.php` | High
+24 | File | `/hprms/admin/doctors/view_doctor.php` | High
+25 | ... | ... | ...

-There are 30 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 210 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Kitten/README.md
+++ b/Kitten/README.md
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Domestic Kitten:

 * [NL](https://vuldb.com/?country.nl)
-* [US](https://vuldb.com/?country.us)
 * [IR](https://vuldb.com/?country.ir)
+* [US](https://vuldb.com/?country.us)
 * ...

 There are 5 more country items available. Please use our online service to access the data.
@ -77,9 +77,10 @@ ID | Type | Indicator | Confidence
 28 | File | `admin\model\catalog\download.php` | High
 29 | File | `apcupsd.pid` | Medium
 30 | File | `api/sms/send-sms` | High
-31 | ... | ... | ...
+31 | File | `api/v1/alarms` | High
+32 | ... | ... | ...

-There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 272 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Dridex/README.md
+++ b/actors/Dridex/README.md
@ -146,19 +146,19 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/?module=users&section=cpanel&page=list` | High
-2 | File | `/admin/powerline` | High
-3 | File | `/admin/syslog` | High
-4 | File | `/api` | Low
-5 | File | `/api/upload` | Medium
-6 | File | `/bcms/admin/?page=user/list` | High
-7 | File | `/cgi-bin` | Medium
-8 | File | `/cgi-bin/kerbynet` | High
-9 | File | `/context/%2e/WEB-INF/web.xml` | High
-10 | File | `/debug/pprof` | Medium
-11 | File | `/fudforum/adm/hlplist.php` | High
+1 | File | `//proc/kcore` | Medium
+2 | File | `/?module=users&section=cpanel&page=list` | High
+3 | File | `/admin/powerline` | High
+4 | File | `/admin/syslog` | High
+5 | File | `/Ap4RtpAtom.cpp` | High
+6 | File | `/api` | Low
+7 | File | `/api/upload` | Medium
+8 | File | `/bcms/admin/?page=user/list` | High
+9 | File | `/cgi-bin` | Medium
+10 | File | `/context/%2e/WEB-INF/web.xml` | High
+11 | File | `/debug/pprof` | Medium
 12 | File | `/fuel/index.php/fuel/logs/items` | High
-13 | File | `/login` | Low
+13 | File | `/fuel/sitevariables/delete/4` | High
 14 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
 15 | File | `/mgmt/tm/util/bash` | High
 16 | File | `/monitoring` | Medium
@ -181,10 +181,9 @@ ID | Type | Indicator | Confidence
 33 | File | `AccountManagerService.java` | High
 34 | File | `actions/CompanyDetailsSave.php` | High
 35 | File | `ActiveServices.java` | High
-36 | File | `ActivityManagerService.java` | High
-37 | ... | ... | ...
+36 | ... | ... | ...

-There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Emotet/README.md
+++ b/actors/Emotet/README.md
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [VN](https://vuldb.com/?country.vn)
 * [ES](https://vuldb.com/?country.es)
-* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)
 * ...

-There are 9 more country items available. Please use our online service to access the data.
+There are 5 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -404,12 +404,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
+1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1068 | CWE-250, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1222 | CWE-275 | Permission Issues | High
 4 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 4 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -417,39 +417,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/account/ResetPassword` | High
-2 | File | `/admin.php/news/admin/topic/save` | High
-3 | File | `/anony/mjpg.cgi` | High
-4 | File | `/api/crontab` | Medium
-5 | File | `/api/RecordingList/DownloadRecord?file=` | High
-6 | File | `/bcms/admin/?page=user/list` | High
-7 | File | `/cgi-bin/supervisor/adcommand.cgi` | High
-8 | File | `/current_action.php?action=reboot` | High
-9 | File | `/debug/pprof` | Medium
-10 | File | `/etc/config/image_sign` | High
-11 | File | `/etc/password` | High
-12 | File | `/forum/away.php` | High
-13 | File | `/fuel/index.php/fuel/logs/items` | High
-14 | File | `/IISADMPWD` | Medium
-15 | File | `/mgmt/tm/util/bash` | High
-16 | File | `/proc/stat` | Medium
-17 | File | `/secure/QueryComponent!Default.jspa` | High
-18 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
-19 | File | `/src/njs/src/njs_module.c` | High
-20 | File | `/uncpath/` | Medium
-21 | File | `/user-utils/users/md5.json` | High
-22 | File | `/userRpm/popupSiteSurveyRpm.html` | High
-23 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
-24 | File | `/wp-admin/admin-ajax.php` | High
-25 | File | `/_internal` | Medium
-26 | File | `4.edu.php` | Medium
-27 | File | `aam/v1/authenticate` | High
-28 | File | `acl.c` | Low
-29 | File | `admin.webring.docs.php` | High
-30 | File | `admin/?page=students` | High
-31 | ... | ... | ...
+1 | File | `/admin/edit_admin_details.php?id=admin` | High
+2 | File | `/alarm_pi/alarmService.php` | High
+3 | File | `/blog/blog.php` | High
+4 | File | `/bsms/?page=manage_account` | High
+5 | File | `/company` | Medium
+6 | File | `/company/account/safety/trade` | High
+7 | File | `/company/down_resume/total/nature` | High
+8 | File | `/company/service/increment/add/im` | High
+9 | File | `/company/view_be_browsed/total` | High
+10 | File | `/dashboard/blocks/stacks/view_details/` | High
+11 | File | `/dashboard/reports/logs/view` | High
+12 | ... | ... | ...

-There are 261 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 95 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -486,7 +467,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2019/09/threat-roundup-0906-0913.html
 * https://blog.talosintelligence.com/2019/09/threat-roundup-0913-0920.html
 * https://blog.talosintelligence.com/2019/09/threat-roundup-0920-0927.html
-* https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.htmlhttps://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html
+* https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html
 * https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html
 * https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html
 * https://blog.talosintelligence.com/2019/10/threat-roundup-for-september-27-to.html
--- a/Marauder/README.md
+++ b/Marauder/README.md
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [KR](https://vuldb.com/?country.kr)
 * ...

-There are 3 more country items available. Please use our online service to access the data.
+There are 4 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -41,7 +41,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

@ -53,15 +53,16 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/filemanager/upload.php` | High
-2 | File | `/usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php` | High
-3 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
-4 | File | `admin/modules/tools/ip_history_logs.php` | High
-5 | File | `api_poller.php` | High
-6 | File | `application/controllers/admin/dataentry.php` | High
-7 | ... | ... | ...
+1 | File | `/cgi-bin/luci/api/auth` | High
+2 | File | `/filemanager/upload.php` | High
+3 | File | `/usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php` | High
+4 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
+5 | File | `/wp-json/oembed/1.0/embed?url` | High
+6 | File | `admin/modules/tools/ip_history_logs.php` | High
+7 | File | `api_poller.php` | High
+8 | ... | ... | ...

-There are 48 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 54 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/FIN12/README.md
+++ b/actors/FIN12/README.md
@ -54,15 +54,16 @@ ID | Type | Indicator | Confidence
 8 | File | `/ofrs/admin/?page=requests/view_request` | High
 9 | File | `/services/details.asp` | High
 10 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
-11 | File | `/_core/profile/` | High
-12 | File | `adclick.php` | Medium
-13 | File | `additem.asp` | Medium
-14 | File | `addsite.php` | Medium
-15 | File | `admin/review.php` | High
-16 | File | `AdvancedBluetoothDetailsHeaderController.java` | High
-17 | ... | ... | ...
+11 | File | `/user/dls_download.php` | High
+12 | File | `/_core/profile/` | High
+13 | File | `adclick.php` | Medium
+14 | File | `additem.asp` | Medium
+15 | File | `addsite.php` | Medium
+16 | File | `admin/review.php` | High
+17 | File | `AdvancedBluetoothDetailsHeaderController.java` | High
+18 | ... | ... | ...

-There are 142 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 143 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/FIN7/README.md
+++ b/actors/FIN7/README.md
@ -17,7 +17,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [CN](https://vuldb.com/?country.cn)
 * [US](https://vuldb.com/?country.us)
-* [DE](https://vuldb.com/?country.de)
+* [ES](https://vuldb.com/?country.es)
 * ...

 There are 22 more country items available. Please use our online service to access the data.
@ -94,53 +94,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin_page/all-files-update-ajax.php` | High
-2 | File | `/Ap4RtpAtom.cpp` | High
-3 | File | `/bcms/admin/?page=user/list` | High
-4 | File | `/bsms/?page=products` | High
-5 | File | `/cgi-bin/system_mgr.cgi` | High
-6 | File | `/cloud_config/router_post/check_reg_verify_code` | High
-7 | File | `/context/%2e/WEB-INF/web.xml` | High
-8 | File | `/debug/pprof` | Medium
-9 | File | `/dms/admin/reports/daily_collection_report.php` | High
-10 | File | `/ext/phar/phar_object.c` | High
-11 | File | `/filemanager/php/connector.php` | High
-12 | File | `/fuel/index.php/fuel/logs/items` | High
-13 | File | `/include/chart_generator.php` | High
-14 | File | `/info.cgi` | Medium
-15 | File | `/mgmt/tm/util/bash` | High
-16 | File | `/modx/manager/index.php` | High
-17 | File | `/proc/<pid>/status` | High
-18 | File | `/public/login.htm` | High
-19 | File | `/public/plugins/` | High
-20 | File | `/replication` | Medium
-21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-22 | File | `/secure/QueryComponent!Default.jspa` | High
-23 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
-24 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
-25 | File | `/spip.php` | Medium
-26 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-27 | File | `/tmp` | Low
-28 | File | `/uncpath/` | Medium
-29 | File | `/usr/bin/pkexec` | High
-30 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
-31 | File | `/Wedding-Management/package_detail.php` | High
-32 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-33 | File | `802dot1xclientcert.cgi` | High
-34 | File | `a2billing/customer/iridium_threed.php` | High
-35 | File | `AccountManagerService.java` | High
-36 | File | `actions/CompanyDetailsSave.php` | High
-37 | File | `ActivityManagerService.java` | High
-38 | File | `add.exe` | Low
-39 | File | `admin.php` | Medium
-40 | File | `admin.php?m=Food&a=addsave` | High
-41 | File | `admin/add-glossary.php` | High
-42 | File | `admin/conf_users_edit.php` | High
-43 | File | `admin/edit-comments.php` | High
-44 | File | `admin/index.php` | High
+1 | File | `.htaccess` | Medium
+2 | File | `//proc/kcore` | Medium
+3 | File | `/admin_page/all-files-update-ajax.php` | High
+4 | File | `/Ap4RtpAtom.cpp` | High
+5 | File | `/bcms/admin/?page=user/list` | High
+6 | File | `/bsms/?page=manage_account` | High
+7 | File | `/bsms/?page=products` | High
+8 | File | `/cgi-bin/kerbynet` | High
+9 | File | `/cgi-bin/system_mgr.cgi` | High
+10 | File | `/cloud_config/router_post/check_reg_verify_code` | High
+11 | File | `/context/%2e/WEB-INF/web.xml` | High
+12 | File | `/debug/pprof` | Medium
+13 | File | `/dms/admin/reports/daily_collection_report.php` | High
+14 | File | `/ext/phar/phar_object.c` | High
+15 | File | `/filemanager/php/connector.php` | High
+16 | File | `/fuel/index.php/fuel/logs/items` | High
+17 | File | `/fuel/sitevariables/delete/4` | High
+18 | File | `/include/chart_generator.php` | High
+19 | File | `/info.cgi` | Medium
+20 | File | `/lists/admin/` | High
+21 | File | `/MagickCore/image.c` | High
+22 | File | `/mgmt/tm/util/bash` | High
+23 | File | `/modx/manager/index.php` | High
+24 | File | `/proc/<pid>/status` | High
+25 | File | `/public/login.htm` | High
+26 | File | `/public/plugins/` | High
+27 | File | `/replication` | Medium
+28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+29 | File | `/secure/QueryComponent!Default.jspa` | High
+30 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
+31 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
+32 | File | `/spip.php` | Medium
+33 | File | `/tmp` | Low
+34 | File | `/uncpath/` | Medium
+35 | File | `/usr/bin/pkexec` | High
+36 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
+37 | File | `/Wedding-Management/package_detail.php` | High
+38 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+39 | File | `802dot1xclientcert.cgi` | High
+40 | File | `a2billing/customer/iridium_threed.php` | High
+41 | File | `AccountManagerService.java` | High
+42 | File | `actions/CompanyDetailsSave.php` | High
+43 | File | `ActiveServices.java` | High
+44 | File | `ActivityManagerService.java` | High
 45 | ... | ... | ...

-There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 389 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Formbook/README.md
+++ b/actors/Formbook/README.md
@ -64,7 +64,7 @@ ID | IP address | Hostname | Campaign | Confidence
 35 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
 36 | ... | ... | ... | ...

-There are 141 more IOC items available. Please use our online service to access the data.
+There are 142 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -100,7 +100,7 @@ ID | Type | Indicator | Confidence
 13 | File | `actionHandler/ajax_managed_services.php` | High
 14 | ... | ... | ...

-There are 110 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 111 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -116,6 +116,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
 * https://blog.talosintelligence.com/2021/11/threat-roundup-1029-1105.html
 * https://blog.talosintelligence.com/2022/04/threat-roundup-0415-0422.html
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-07%20Formbook%20IOCs
 * https://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/

 ## Literature
--- a/actors/FritzFrog/README.md
+++ b/actors/FritzFrog/README.md
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FritzFrog:

-* [CN](https://vuldb.com/?country.cn)
 * [VN](https://vuldb.com/?country.vn)
-* [US](https://vuldb.com/?country.us)
+* [ES](https://vuldb.com/?country.es)
+* [CN](https://vuldb.com/?country.cn)
 * ...

-There are 9 more country items available. Please use our online service to access the data.
+There are 17 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -331,12 +331,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 9 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -344,50 +344,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/#/CampaignManager/users` | High
-2 | File | `/admin/admin_login.php` | High
-3 | File | `/anony/mjpg.cgi` | High
-4 | File | `/cgi-bin/luci/api/auth` | High
-5 | File | `/cgi-bin/luci/api/diagnose` | High
-6 | File | `/data/vendor/tcl` | High
-7 | File | `/debug/pprof` | Medium
-8 | File | `/forum/away.php` | High
-9 | File | `/HNAP1` | Low
-10 | File | `/i/:data/ipa.plist` | High
-11 | File | `/login` | Low
-12 | File | `/member/index/login.html` | High
-13 | File | `/mgmt/tm/util/bash` | High
-14 | File | `/php/passport/index.php` | High
-15 | File | `/plesk-site-preview/` | High
-16 | File | `/requests.php` | High
-17 | File | `/saml/login` | Medium
-18 | File | `/ScadaBR/login.htm` | High
-19 | File | `/secure/QueryComponent!Default.jspa` | High
-20 | File | `/ServletAPI/accounts/login` | High
-21 | File | `/ubus/uci.apply` | High
-22 | File | `/uncpath/` | Medium
-23 | File | `/upload` | Low
-24 | File | `/usr/bin/pkexec` | High
-25 | File | `/var/adm/btmp` | High
-26 | File | `/var/log/messages` | High
-27 | File | `/var/run/zabbix` | High
-28 | File | `/wp-admin/admin-ajax.php` | High
-29 | File | `account/login.php` | High
-30 | File | `ad/login.asp` | Medium
-31 | File | `adclick.php` | Medium
-32 | File | `admin.php` | Medium
-33 | File | `admin.webring.docs.php` | High
-34 | File | `admin/admin_ping.php` | High
-35 | File | `admin/login.php` | High
-36 | File | `admin/viewtheatre.php` | High
-37 | File | `adminer.php` | Medium
-38 | File | `agenda.php3` | Medium
-39 | File | `ajaxp.php` | Medium
-40 | File | `anonymous/authenticated` | High
-41 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
-42 | ... | ... | ...
+1 | File | `.htaccess` | Medium
+2 | File | `/admin.php/news/admin/topic/save` | High
+3 | File | `/admin_page/all-files-update-ajax.php` | High
+4 | File | `/api/crontab` | Medium
+5 | File | `/api/RecordingList/DownloadRecord?file=` | High
+6 | File | `/cgi-bin/cgiServer.exx` | High
+7 | File | `/cgi-bin/kerbynet` | High
+8 | File | `/cgi-bin/supervisor/adcommand.cgi` | High
+9 | File | `/cmd?cmd=connect` | High
+10 | File | `/CMD_ACCOUNT_ADMIN` | High
+11 | File | `/componetns/user/class.user.php` | High
+12 | File | `/config/getuser` | High
+13 | File | `/current_action.php?action=reboot` | High
+14 | File | `/dms/admin/reports/daily_collection_report.php` | High
+15 | File | `/etc/config/image_sign` | High
+16 | File | `/etc/hosts` | Medium
+17 | File | `/etc/password` | High
+18 | File | `/etc/quagga` | Medium
+19 | File | `/forum/away.php` | High
+20 | File | `/gaia-job-admin/user/add` | High
+21 | File | `/HNAP1` | Low
+22 | File | `/info.cgi` | Medium
+23 | File | `/lists/admin/` | High
+24 | File | `/proc/stat` | Medium
+25 | File | `/public/plugins/` | High
+26 | File | `/ram/pckg/security/nova/bin/ipsec` | High
+27 | File | `/rest/api/latest/projectvalidate/key` | High
+28 | File | `/secure/QueryComponent!Default.jspa` | High
+29 | File | `/spip.php` | Medium
+30 | File | `/sql/sql_string.h` | High
+31 | File | `/sql/sql_type.cc` | High
+32 | File | `/strings/ctype-latin1.c` | High
+33 | File | `/strings/ctype-simple.c` | High
+34 | File | `/uncpath/` | Medium
+35 | File | `/upload/localhost` | High
+36 | File | `/user-utils/users/md5.json` | High
+37 | ... | ... | ...

-There are 365 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/GALLIUM/README.md
+++ b/actors/GALLIUM/README.md
@ -0,0 +1,107 @@
+# GALLIUM - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GALLIUM](https://vuldb.com/?actor.gallium). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gallium](https://vuldb.com/?actor.gallium)
+
+## Campaigns
+
+The following _campaigns_ are known and can be associated with GALLIUM:
+
+* PingPull
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GALLIUM:
+
+* [CN](https://vuldb.com/?country.cn)
+* [HK](https://vuldb.com/?country.hk)
+* [US](https://vuldb.com/?country.us)
+* ...
+
+There are 7 more country items available. Please use our online service to access the data.
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GALLIUM.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [2.58.242.229](https://vuldb.com/?ip.2.58.242.229) | 242-58-2-229.hostinginside.com | - | High
+2 | [2.58.242.230](https://vuldb.com/?ip.2.58.242.230) | 242-58-2-230.hostinginside.com | - | High
+3 | [2.58.242.231](https://vuldb.com/?ip.2.58.242.231) | 242-58-2-231.hostinginside.com | - | High
+4 | [2.58.242.232](https://vuldb.com/?ip.2.58.242.232) | 242-58-2-232.hostinginside.com | - | High
+5 | [2.58.242.235](https://vuldb.com/?ip.2.58.242.235) | 242-58-2-235.hostinginside.com | - | High
+6 | [2.58.242.236](https://vuldb.com/?ip.2.58.242.236) | 242-58-2-236.hostinginside.com | - | High
+7 | [5.8.71.97](https://vuldb.com/?ip.5.8.71.97) | goodluck23.jp.us | PingPull | High
+8 | [5.181.25.55](https://vuldb.com/?ip.5.181.25.55) | vps76.example.com | PingPull | High
+9 | [5.188.33.237](https://vuldb.com/?ip.5.188.33.237) | firman00467.example.com | - | High
+10 | [37.61.229.104](https://vuldb.com/?ip.37.61.229.104) | theodore974.example.com | - | High
+11 | [37.61.229.106](https://vuldb.com/?ip.37.61.229.106) | oliver7891.example.com | - | High
+12 | [43.254.218.43](https://vuldb.com/?ip.43.254.218.43) | - | - | High
+13 | [43.254.218.57](https://vuldb.com/?ip.43.254.218.57) | - | - | High
+14 | [43.254.218.98](https://vuldb.com/?ip.43.254.218.98) | - | - | High
+15 | [43.254.218.104](https://vuldb.com/?ip.43.254.218.104) | - | - | High
+16 | [43.254.218.114](https://vuldb.com/?ip.43.254.218.114) | - | - | High
+17 | [45.14.66.230](https://vuldb.com/?ip.45.14.66.230) | 45.14.66.230.static.xtom.com | - | High
+18 | [45.76.113.163](https://vuldb.com/?ip.45.76.113.163) | 45.76.113.163.vultrusercontent.com | - | High
+19 | [45.116.13.153](https://vuldb.com/?ip.45.116.13.153) | 45.116.13.153.static.xtom.hk | - | High
+20 | [45.121.50.230](https://vuldb.com/?ip.45.121.50.230) | - | - | High
+21 | [45.128.221.61](https://vuldb.com/?ip.45.128.221.61) | - | - | High
+22 | [45.128.221.66](https://vuldb.com/?ip.45.128.221.66) | - | - | High
+23 | [45.128.221.169](https://vuldb.com/?ip.45.128.221.169) | - | - | High
+24 | [45.128.221.172](https://vuldb.com/?ip.45.128.221.172) | - | - | High
+25 | [45.128.221.182](https://vuldb.com/?ip.45.128.221.182) | - | - | High
+26 | [45.128.221.186](https://vuldb.com/?ip.45.128.221.186) | - | - | High
+27 | ... | ... | ... | ...
+
+There are 103 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _GALLIUM_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1211 | CWE-254 | 7PK Security Features | High
+4 | ... | ... | ... | ...
+
+There are 2 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by GALLIUM. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `/api/trackedEntityInstances` | High
+2 | File | `/cgi-bin/portal` | High
+3 | File | `/cgi-bin/wapopen` | High
+4 | File | `/Items/*/RemoteImages/Download` | High
+5 | File | `/mifs/c/i/reg/reg.html` | High
+6 | File | `/owa/auth/logon.aspx` | High
+7 | File | `/service/upload` | High
+8 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
+9 | File | `/uncpath/` | Medium
+10 | ... | ... | ...
+
+There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://unit42.paloaltonetworks.com/pingpull-gallium/
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Gallmaker/README.md
+++ b/actors/Gallmaker/README.md
@ -40,14 +40,14 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `application/modules/admin/views/ecommerce/products.php` | High
-2 | File | `base/ErrorHandler.php` | High
-3 | File | `blog.php` | Medium
-4 | File | `c4t64fx.c` | Medium
-5 | File | `cgi-bin/webcm` | High
+1 | File | `/admin/dl_sendmail.php` | High
+2 | File | `application/modules/admin/views/ecommerce/products.php` | High
+3 | File | `base/ErrorHandler.php` | High
+4 | File | `blog.php` | Medium
+5 | File | `c4t64fx.c` | Medium
 6 | ... | ... | ...

-There are 38 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 40 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Gamaredon/README.md
+++ b/actors/Gamaredon/README.md
@ -22,59 +22,59 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [2.59.41.5](https://vuldb.com/?ip.2.59.41.5) | vds-sizaus.timeweb.ru | - | High
-2 | [5.63.152.233](https://vuldb.com/?ip.5.63.152.233) | 5-63-152-233.cloudvps.regruhosting.ru | - | High
-3 | [5.63.154.19](https://vuldb.com/?ip.5.63.154.19) | 5-63-154-19.cloudvps.regruhosting.ru | - | High
-4 | [5.63.154.128](https://vuldb.com/?ip.5.63.154.128) | 5-63-154-128.cloudvps.regruhosting.ru | - | High
-5 | [5.63.158.179](https://vuldb.com/?ip.5.63.158.179) | 5-63-158-179.cloudvps.regruhosting.ru | - | High
-6 | [5.63.158.233](https://vuldb.com/?ip.5.63.158.233) | 5-63-158-233.cloudvps.regruhosting.ru | - | High
-7 | [5.63.158.238](https://vuldb.com/?ip.5.63.158.238) | 5-63-158-238.cloudvps.regruhosting.ru | - | High
-8 | [5.252.193.204](https://vuldb.com/?ip.5.252.193.204) | - | - | High
-9 | [31.31.203.17](https://vuldb.com/?ip.31.31.203.17) | 31-31-203-17.cloudvps.regruhosting.ru | - | High
-10 | [31.31.203.71](https://vuldb.com/?ip.31.31.203.71) | 31-31-203-71.cloudvps.regruhosting.ru | - | High
-11 | [31.31.203.219](https://vuldb.com/?ip.31.31.203.219) | 31-31-203-219.cloudvps.regruhosting.ru | - | High
-12 | [31.40.251.145](https://vuldb.com/?ip.31.40.251.145) | - | - | High
-13 | [31.40.251.171](https://vuldb.com/?ip.31.40.251.171) | - | - | High
-14 | [37.77.105.102](https://vuldb.com/?ip.37.77.105.102) | 701115-cm83897.tmweb.ru | Ukraine | High
-15 | [37.140.195.137](https://vuldb.com/?ip.37.140.195.137) | 37-140-195-137.cloudvps.regruhosting.ru | - | High
-16 | [37.140.197.55](https://vuldb.com/?ip.37.140.197.55) | 37-140-197-55.cloudvps.regruhosting.ru | - | High
-17 | [37.140.197.206](https://vuldb.com/?ip.37.140.197.206) | 37-140-197-206.cloudvps.regruhosting.ru | - | High
-18 | [37.140.199.20](https://vuldb.com/?ip.37.140.199.20) | 37-140-199-20.cloudvps.regruhosting.ru | - | High
-19 | [37.140.199.224](https://vuldb.com/?ip.37.140.199.224) | nedvizhimostdoma.ru | - | High
-20 | [45.32.149.8](https://vuldb.com/?ip.45.32.149.8) | 45.32.149.8.vultr.com | - | Medium
-21 | [45.134.255.131](https://vuldb.com/?ip.45.134.255.131) | - | - | High
-22 | [70.34.194.31](https://vuldb.com/?ip.70.34.194.31) | 70.34.194.31.vultr.com | - | Medium
-23 | [70.34.194.123](https://vuldb.com/?ip.70.34.194.123) | 70.34.194.123.vultr.com | - | Medium
-24 | [70.34.195.75](https://vuldb.com/?ip.70.34.195.75) | 70.34.195.75.vultr.com | - | Medium
-25 | [70.34.197.185](https://vuldb.com/?ip.70.34.197.185) | 70.34.197.185.vultr.com | - | Medium
-26 | [70.34.198.226](https://vuldb.com/?ip.70.34.198.226) | 70.34.198.226.vultr.com | - | Medium
-27 | [70.34.199.214](https://vuldb.com/?ip.70.34.199.214) | 70.34.199.214.vultr.com | - | Medium
-28 | [70.34.202.55](https://vuldb.com/?ip.70.34.202.55) | 70.34.202.55.vultr.com | - | Medium
-29 | [70.34.204.74](https://vuldb.com/?ip.70.34.204.74) | 70.34.204.74.vultr.com | - | Medium
-30 | [70.34.204.141](https://vuldb.com/?ip.70.34.204.141) | 70.34.204.141.vultr.com | - | Medium
-31 | [70.34.208.32](https://vuldb.com/?ip.70.34.208.32) | 70.34.208.32.vultr.com | - | Medium
-32 | [78.40.219.12](https://vuldb.com/?ip.78.40.219.12) | 628153-cn06191.tmweb.ru | Ukraine | High
-33 | [80.78.240.210](https://vuldb.com/?ip.80.78.240.210) | 80-78-240-210.cloudvps.regruhosting.ru | - | High
-34 | [80.78.241.88](https://vuldb.com/?ip.80.78.241.88) | 80-78-241-88.cloudvps.regruhosting.ru | - | High
-35 | [80.78.241.253](https://vuldb.com/?ip.80.78.241.253) | 80-78-241-253.cloudvps.regruhosting.ru | - | High
-36 | [80.78.244.124](https://vuldb.com/?ip.80.78.244.124) | 80-78-244-124.cloudvps.regruhosting.ru | - | High
-37 | [80.78.244.199](https://vuldb.com/?ip.80.78.244.199) | 80-78-244-199.cloudvps.regruhosting.ru | - | High
-38 | [80.78.245.89](https://vuldb.com/?ip.80.78.245.89) | mail-open-3.nascom.nasa.gov | - | High
-39 | [80.78.245.223](https://vuldb.com/?ip.80.78.245.223) | 80-78-245-223.cloudvps.regruhosting.ru | - | High
-40 | [80.78.245.254](https://vuldb.com/?ip.80.78.245.254) | scraper.betty.network | - | High
-41 | [80.78.248.22](https://vuldb.com/?ip.80.78.248.22) | - | - | High
-42 | [80.78.248.167](https://vuldb.com/?ip.80.78.248.167) | hadassah.moscow | - | High
-43 | [80.78.248.222](https://vuldb.com/?ip.80.78.248.222) | 80-78-248-222.cloudvps.regruhosting.ru | - | High
-44 | [80.78.251.4](https://vuldb.com/?ip.80.78.251.4) | 80-78-251-4.cloudvps.regruhosting.ru | - | High
-45 | [80.78.251.191](https://vuldb.com/?ip.80.78.251.191) | 80-78-251-191.cloudvps.regruhosting.ru | - | High
-46 | [80.78.251.231](https://vuldb.com/?ip.80.78.251.231) | 80-78-251-231.cloudvps.regruhosting.ru | - | High
-47 | [80.78.253.26](https://vuldb.com/?ip.80.78.253.26) | 80-78-253-26.cloudvps.regruhosting.ru | - | High
-48 | [80.78.253.86](https://vuldb.com/?ip.80.78.253.86) | 80-78-253-86.cloudvps.regruhosting.ru | - | High
-49 | [80.78.253.196](https://vuldb.com/?ip.80.78.253.196) | 80-78-253-196.cloudvps.regruhosting.ru | - | High
-50 | [80.78.254.238](https://vuldb.com/?ip.80.78.254.238) | 80-78-254-238.cloudvps.regruhosting.ru | - | High
+1 | [2.59.36.194](https://vuldb.com/?ip.2.59.36.194) | - | - | High
+2 | [2.59.41.5](https://vuldb.com/?ip.2.59.41.5) | vds-sizaus.timeweb.ru | - | High
+3 | [5.63.152.233](https://vuldb.com/?ip.5.63.152.233) | 5-63-152-233.cloudvps.regruhosting.ru | - | High
+4 | [5.63.154.19](https://vuldb.com/?ip.5.63.154.19) | 5-63-154-19.cloudvps.regruhosting.ru | - | High
+5 | [5.63.154.128](https://vuldb.com/?ip.5.63.154.128) | 5-63-154-128.cloudvps.regruhosting.ru | - | High
+6 | [5.63.158.179](https://vuldb.com/?ip.5.63.158.179) | 5-63-158-179.cloudvps.regruhosting.ru | - | High
+7 | [5.63.158.233](https://vuldb.com/?ip.5.63.158.233) | 5-63-158-233.cloudvps.regruhosting.ru | - | High
+8 | [5.63.158.238](https://vuldb.com/?ip.5.63.158.238) | 5-63-158-238.cloudvps.regruhosting.ru | - | High
+9 | [5.252.193.204](https://vuldb.com/?ip.5.252.193.204) | - | - | High
+10 | [31.31.203.17](https://vuldb.com/?ip.31.31.203.17) | 31-31-203-17.cloudvps.regruhosting.ru | - | High
+11 | [31.31.203.71](https://vuldb.com/?ip.31.31.203.71) | 31-31-203-71.cloudvps.regruhosting.ru | - | High
+12 | [31.31.203.219](https://vuldb.com/?ip.31.31.203.219) | 31-31-203-219.cloudvps.regruhosting.ru | - | High
+13 | [31.40.251.145](https://vuldb.com/?ip.31.40.251.145) | - | - | High
+14 | [31.40.251.171](https://vuldb.com/?ip.31.40.251.171) | - | - | High
+15 | [37.77.105.102](https://vuldb.com/?ip.37.77.105.102) | 701115-cm83897.tmweb.ru | Ukraine | High
+16 | [37.140.195.137](https://vuldb.com/?ip.37.140.195.137) | 37-140-195-137.cloudvps.regruhosting.ru | - | High
+17 | [37.140.197.55](https://vuldb.com/?ip.37.140.197.55) | 37-140-197-55.cloudvps.regruhosting.ru | - | High
+18 | [37.140.197.206](https://vuldb.com/?ip.37.140.197.206) | 37-140-197-206.cloudvps.regruhosting.ru | - | High
+19 | [37.140.199.20](https://vuldb.com/?ip.37.140.199.20) | 37-140-199-20.cloudvps.regruhosting.ru | - | High
+20 | [37.140.199.224](https://vuldb.com/?ip.37.140.199.224) | nedvizhimostdoma.ru | - | High
+21 | [45.32.149.8](https://vuldb.com/?ip.45.32.149.8) | 45.32.149.8.vultr.com | - | Medium
+22 | [45.134.255.131](https://vuldb.com/?ip.45.134.255.131) | - | - | High
+23 | [70.34.194.31](https://vuldb.com/?ip.70.34.194.31) | 70.34.194.31.vultr.com | - | Medium
+24 | [70.34.194.123](https://vuldb.com/?ip.70.34.194.123) | 70.34.194.123.vultr.com | - | Medium
+25 | [70.34.195.75](https://vuldb.com/?ip.70.34.195.75) | 70.34.195.75.vultr.com | - | Medium
+26 | [70.34.197.185](https://vuldb.com/?ip.70.34.197.185) | 70.34.197.185.vultr.com | - | Medium
+27 | [70.34.198.226](https://vuldb.com/?ip.70.34.198.226) | 70.34.198.226.vultr.com | - | Medium
+28 | [70.34.199.214](https://vuldb.com/?ip.70.34.199.214) | 70.34.199.214.vultr.com | - | Medium
+29 | [70.34.202.55](https://vuldb.com/?ip.70.34.202.55) | 70.34.202.55.vultr.com | - | Medium
+30 | [70.34.204.74](https://vuldb.com/?ip.70.34.204.74) | 70.34.204.74.vultr.com | - | Medium
+31 | [70.34.204.141](https://vuldb.com/?ip.70.34.204.141) | 70.34.204.141.vultr.com | - | Medium
+32 | [70.34.208.32](https://vuldb.com/?ip.70.34.208.32) | 70.34.208.32.vultr.com | - | Medium
+33 | [78.40.219.12](https://vuldb.com/?ip.78.40.219.12) | 628153-cn06191.tmweb.ru | Ukraine | High
+34 | [80.78.240.210](https://vuldb.com/?ip.80.78.240.210) | 80-78-240-210.cloudvps.regruhosting.ru | - | High
+35 | [80.78.241.88](https://vuldb.com/?ip.80.78.241.88) | 80-78-241-88.cloudvps.regruhosting.ru | - | High
+36 | [80.78.241.253](https://vuldb.com/?ip.80.78.241.253) | 80-78-241-253.cloudvps.regruhosting.ru | - | High
+37 | [80.78.244.124](https://vuldb.com/?ip.80.78.244.124) | 80-78-244-124.cloudvps.regruhosting.ru | - | High
+38 | [80.78.244.199](https://vuldb.com/?ip.80.78.244.199) | 80-78-244-199.cloudvps.regruhosting.ru | - | High
+39 | [80.78.245.89](https://vuldb.com/?ip.80.78.245.89) | mail-open-3.nascom.nasa.gov | - | High
+40 | [80.78.245.223](https://vuldb.com/?ip.80.78.245.223) | 80-78-245-223.cloudvps.regruhosting.ru | - | High
+41 | [80.78.245.254](https://vuldb.com/?ip.80.78.245.254) | scraper.betty.network | - | High
+42 | [80.78.248.22](https://vuldb.com/?ip.80.78.248.22) | - | - | High
+43 | [80.78.248.167](https://vuldb.com/?ip.80.78.248.167) | hadassah.moscow | - | High
+44 | [80.78.248.222](https://vuldb.com/?ip.80.78.248.222) | 80-78-248-222.cloudvps.regruhosting.ru | - | High
+45 | [80.78.251.4](https://vuldb.com/?ip.80.78.251.4) | 80-78-251-4.cloudvps.regruhosting.ru | - | High
+46 | [80.78.251.191](https://vuldb.com/?ip.80.78.251.191) | 80-78-251-191.cloudvps.regruhosting.ru | - | High
+47 | [80.78.251.231](https://vuldb.com/?ip.80.78.251.231) | 80-78-251-231.cloudvps.regruhosting.ru | - | High
+48 | [80.78.253.26](https://vuldb.com/?ip.80.78.253.26) | 80-78-253-26.cloudvps.regruhosting.ru | - | High
+49 | [80.78.253.86](https://vuldb.com/?ip.80.78.253.86) | 80-78-253-86.cloudvps.regruhosting.ru | - | High
+50 | [80.78.253.196](https://vuldb.com/?ip.80.78.253.196) | 80-78-253-196.cloudvps.regruhosting.ru | - | High
 51 | ... | ... | ... | ...

-There are 198 more IOC items available. Please use our online service to access the data.
+There are 200 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -90,7 +90,9 @@ The following list contains _external sources_ which discuss the actor and the a

 * https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/
 * https://github.com/blackorbird/APT_REPORT/blob/master/Gamaredon/Gamaredon202102_ioc1000%2B.csv
+* https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_JAN2022.txt
 * https://github.com/SentineLabs/Gamaredon-APT/blob/master/2020-02-04-gamaredon-blog-iocs-vk.misp.csv
+* https://github.com/stamparm/maltrail/blob/2d0339af3523b230d8e9a08efd22af032ec7a18e/trails/static/malware/apt_gamaredon.txt
 * https://pastebin.com/Vhb4KF5L
 * https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine
 * https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/
--- a/actors/GandCrab/README.md
+++ b/actors/GandCrab/README.md
@ -22,38 +22,42 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [3.64.163.50](https://vuldb.com/?ip.3.64.163.50) | ec2-3-64-163-50.eu-central-1.compute.amazonaws.com | - | Medium
-2 | [5.39.221.60](https://vuldb.com/?ip.5.39.221.60) | - | - | High
-3 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | - | High
-4 | [5.144.168.210](https://vuldb.com/?ip.5.144.168.210) | mail.xdeers.com | - | High
-5 | [13.76.158.123](https://vuldb.com/?ip.13.76.158.123) | - | - | High
-6 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
-7 | [20.50.64.11](https://vuldb.com/?ip.20.50.64.11) | - | - | High
-8 | [23.100.15.180](https://vuldb.com/?ip.23.100.15.180) | - | - | High
-9 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
-10 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
-11 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
-12 | [39.107.34.197](https://vuldb.com/?ip.39.107.34.197) | - | - | High
-13 | [45.33.91.79](https://vuldb.com/?ip.45.33.91.79) | li1037-79.members.linode.com | - | High
-14 | [45.118.145.96](https://vuldb.com/?ip.45.118.145.96) | - | - | High
-15 | [46.32.228.22](https://vuldb.com/?ip.46.32.228.22) | 720808.vps-10.com | - | High
-16 | [47.75.206.148](https://vuldb.com/?ip.47.75.206.148) | - | - | High
-17 | [50.63.202.89](https://vuldb.com/?ip.50.63.202.89) | ip-50-63-202-89.ip.secureserver.net | - | High
-18 | [50.87.58.165](https://vuldb.com/?ip.50.87.58.165) | 50-87-58-165.unifiedlayer.com | - | High
-19 | [51.68.50.168](https://vuldb.com/?ip.51.68.50.168) | ip168.ip-51-68-50.eu | - | High
-20 | [51.254.25.115](https://vuldb.com/?ip.51.254.25.115) | ip115.ip-51-254-25.eu | - | High
-21 | [51.255.48.78](https://vuldb.com/?ip.51.255.48.78) | vps-ede152ed.vps.ovh.net | - | High
-22 | [52.17.9.185](https://vuldb.com/?ip.52.17.9.185) | ec2-52-17-9-185.eu-west-1.compute.amazonaws.com | - | Medium
-23 | [52.29.192.136](https://vuldb.com/?ip.52.29.192.136) | ec2-52-29-192-136.eu-central-1.compute.amazonaws.com | - | Medium
-24 | [52.116.175.70](https://vuldb.com/?ip.52.116.175.70) | hs20.name.tools | - | High
-25 | [54.36.194.90](https://vuldb.com/?ip.54.36.194.90) | ip90.ip-54-36-194.eu | - | High
-26 | [62.210.24.116](https://vuldb.com/?ip.62.210.24.116) | 62-210-24-116.rev.poneytelecom.eu | - | High
-27 | [66.96.147.67](https://vuldb.com/?ip.66.96.147.67) | 67.147.96.66.static.eigbox.net | - | High
-28 | [66.96.147.103](https://vuldb.com/?ip.66.96.147.103) | 103.147.96.66.static.eigbox.net | - | High
-29 | [66.171.248.178](https://vuldb.com/?ip.66.171.248.178) | api1.whatismyipaddress.com | - | High
-30 | [67.227.236.96](https://vuldb.com/?ip.67.227.236.96) | servidor2247.el.controladordns.com | - | High
-31 | ... | ... | ... | ...
+2 | [3.215.23.197](https://vuldb.com/?ip.3.215.23.197) | ec2-3-215-23-197.compute-1.amazonaws.com | - | Medium
+3 | [5.39.221.60](https://vuldb.com/?ip.5.39.221.60) | - | - | High
+4 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | - | High
+5 | [5.144.168.210](https://vuldb.com/?ip.5.144.168.210) | mail.xdeers.com | - | High
+6 | [13.76.158.123](https://vuldb.com/?ip.13.76.158.123) | - | - | High
+7 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
+8 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
+9 | [20.42.73.29](https://vuldb.com/?ip.20.42.73.29) | - | - | High
+10 | [20.50.64.11](https://vuldb.com/?ip.20.50.64.11) | - | - | High
+11 | [20.189.173.20](https://vuldb.com/?ip.20.189.173.20) | - | - | High
+12 | [23.100.15.180](https://vuldb.com/?ip.23.100.15.180) | - | - | High
+13 | [23.205.105.157](https://vuldb.com/?ip.23.205.105.157) | a23-205-105-157.deploy.static.akamaitechnologies.com | - | High
+14 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
+15 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
+16 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
+17 | [39.107.34.197](https://vuldb.com/?ip.39.107.34.197) | - | - | High
+18 | [45.33.91.79](https://vuldb.com/?ip.45.33.91.79) | li1037-79.members.linode.com | - | High
+19 | [45.118.145.96](https://vuldb.com/?ip.45.118.145.96) | - | - | High
+20 | [46.32.228.22](https://vuldb.com/?ip.46.32.228.22) | 720808.vps-10.com | - | High
+21 | [47.75.206.148](https://vuldb.com/?ip.47.75.206.148) | - | - | High
+22 | [50.63.202.89](https://vuldb.com/?ip.50.63.202.89) | ip-50-63-202-89.ip.secureserver.net | - | High
+23 | [50.87.58.165](https://vuldb.com/?ip.50.87.58.165) | 50-87-58-165.unifiedlayer.com | - | High
+24 | [51.68.50.168](https://vuldb.com/?ip.51.68.50.168) | ip168.ip-51-68-50.eu | - | High
+25 | [51.254.25.115](https://vuldb.com/?ip.51.254.25.115) | ip115.ip-51-254-25.eu | - | High
+26 | [51.255.48.78](https://vuldb.com/?ip.51.255.48.78) | vps-ede152ed.vps.ovh.net | - | High
+27 | [52.17.9.185](https://vuldb.com/?ip.52.17.9.185) | ec2-52-17-9-185.eu-west-1.compute.amazonaws.com | - | Medium
+28 | [52.29.192.136](https://vuldb.com/?ip.52.29.192.136) | ec2-52-29-192-136.eu-central-1.compute.amazonaws.com | - | Medium
+29 | [52.58.78.16](https://vuldb.com/?ip.52.58.78.16) | ec2-52-58-78-16.eu-central-1.compute.amazonaws.com | - | Medium
+30 | [52.116.175.70](https://vuldb.com/?ip.52.116.175.70) | hs20.name.tools | - | High
+31 | [52.168.117.173](https://vuldb.com/?ip.52.168.117.173) | - | - | High
+32 | [52.182.143.212](https://vuldb.com/?ip.52.182.143.212) | - | - | High
+33 | [54.36.194.90](https://vuldb.com/?ip.54.36.194.90) | ip90.ip-54-36-194.eu | - | High
+34 | [62.210.24.116](https://vuldb.com/?ip.62.210.24.116) | 62-210-24-116.rev.poneytelecom.eu | - | High
+35 | ... | ... | ... | ...

-There are 122 more IOC items available. Please use our online service to access the data.
+There are 134 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -66,7 +70,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 4 more TTP items available. Please use our online service to access the data.
+There are 3 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -77,12 +81,12 @@ ID | Type | Indicator | Confidence
 1 | File | `.htpasswd` | Medium
 2 | File | `/../conf/config.properties` | High
 3 | File | `/drivers/infiniband/core/cm.c` | High
-4 | File | `/forum/away.php` | High
-5 | File | `/horde/util/go.php` | High
-6 | File | `/images/` | Medium
-7 | File | `/inc/parser/xhtml.php` | High
-8 | File | `/login` | Low
-9 | File | `/mgmt/shared/authz/users/` | High
+4 | File | `/files.md5` | Medium
+5 | File | `/forum/away.php` | High
+6 | File | `/horde/util/go.php` | High
+7 | File | `/images/` | Medium
+8 | File | `/inc/parser/xhtml.php` | High
+9 | File | `/login` | Low
 10 | File | `/modules/profile/index.php` | High
 11 | File | `/one_church/userregister.php` | High
 12 | File | `/out.php` | Medium
@ -93,20 +97,20 @@ ID | Type | Indicator | Confidence
 17 | File | `/secure/admin/ViewInstrumentation.jspa` | High
 18 | File | `/system/proxy` | High
 19 | File | `/tmp/phpglibccheck` | High
-20 | File | `adclick.php` | Medium
-21 | File | `add.php` | Low
-22 | File | `addentry.php` | Medium
-23 | File | `addressbookprovider.php` | High
-24 | File | `admin.jcomments.php` | High
-25 | File | `admin/pageUploadCSV.php` | High
-26 | File | `ajax_udf.php` | Medium
-27 | File | `AppCompatCache.exe` | High
-28 | File | `application.js.php` | High
-29 | File | `arm/lithium-codegen-arm.cc` | High
-30 | File | `authenticate.c` | High
+20 | File | `/v2/quantum/save-data-upload-big-file` | High
+21 | File | `4.edu.php` | Medium
+22 | File | `adclick.php` | Medium
+23 | File | `add.php` | Low
+24 | File | `addentry.php` | Medium
+25 | File | `addressbookprovider.php` | High
+26 | File | `admin.jcomments.php` | High
+27 | File | `admin/pageUploadCSV.php` | High
+28 | File | `ajax_udf.php` | Medium
+29 | File | `AppCompatCache.exe` | High
+30 | File | `application.js.php` | High
 31 | ... | ... | ...

-There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 260 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -118,9 +122,13 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html
 * https://blog.talosintelligence.com/2019/05/threat-roundup-0524-0531.html
 * https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
+* https://blog.talosintelligence.com/2019/12/threat-roundup-1213-1220.html
+* https://blog.talosintelligence.com/2020/05/threat-roundup-0522-0529.html
 * https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
+* https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html
 * https://blog.talosintelligence.com/2021/10/threat-roundup-1001-1008.html
 * https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
+* https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
 * https://community.blueliv.com/#!/s/5afd59bd82df413e376682f2
 * https://isc.sans.edu/forums/diary/GandCrab+Ransomware+Now+Coming+From+Malspam/23321/
 * https://precisionsec.com/threat-intelligence-feeds/gandcrab/
--- a/actors/Gh0stRAT/README.md
+++ b/actors/Gh0stRAT/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [VN](https://vuldb.com/?country.vn)
 * ...

-There are 9 more country items available. Please use our online service to access the data.
+There are 10 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -114,49 +114,50 @@ ID | Type | Indicator | Confidence
 2 | File | `/#/CampaignManager/users` | High
 3 | File | `/admin/admin_login.php` | High
 4 | File | `/admin/login.php` | High
-5 | File | `/bin/sh` | Low
-6 | File | `/cgi-bin/luci/api/auth` | High
-7 | File | `/cgi-bin/luci/api/diagnose` | High
-8 | File | `/Content/Template/root/reverse-shell.aspx` | High
-9 | File | `/debug/pprof` | Medium
-10 | File | `/dev/tty` | Medium
-11 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
-12 | File | `/etc/config/image_sign` | High
-13 | File | `/etc/groups` | Medium
-14 | File | `/forum/away.php` | High
-15 | File | `/gaia-job-admin/user/add` | High
-16 | File | `/goforms/rlminfo` | High
-17 | File | `/HNAP1` | Low
-18 | File | `/login` | Low
-19 | File | `/login.html` | Medium
-20 | File | `/magnoliaPublic/travel/members/login.html` | High
-21 | File | `/member/index/login.html` | High
-22 | File | `/mgmt/tm/util/bash` | High
-23 | File | `/ocwbs/admin/?page=user/manage_user` | High
-24 | File | `/ofrs/admin/?page=user/manage_user` | High
+5 | File | `/cgi-bin/luci/api/auth` | High
+6 | File | `/cgi-bin/luci/api/diagnose` | High
+7 | File | `/Content/Template/root/reverse-shell.aspx` | High
+8 | File | `/debug/pprof` | Medium
+9 | File | `/dev/tty` | Medium
+10 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
+11 | File | `/etc/config/image_sign` | High
+12 | File | `/etc/groups` | Medium
+13 | File | `/forum/away.php` | High
+14 | File | `/gaia-job-admin/user/add` | High
+15 | File | `/goforms/rlminfo` | High
+16 | File | `/HNAP1` | Low
+17 | File | `/login` | Low
+18 | File | `/login.html` | Medium
+19 | File | `/magnoliaPublic/travel/members/login.html` | High
+20 | File | `/member/index/login.html` | High
+21 | File | `/mgmt/tm/util/bash` | High
+22 | File | `/ocwbs/admin/?page=user/manage_user` | High
+23 | File | `/ofrs/admin/?page=user/manage_user` | High
+24 | File | `/p1/p2/:name` | Medium
 25 | File | `/php/passport/index.php` | High
-26 | File | `/requests.php` | High
-27 | File | `/saml/login` | Medium
-28 | File | `/ScadaBR/login.htm` | High
-29 | File | `/uncpath/` | Medium
-30 | File | `/upload` | Low
-31 | File | `/user-utils/users/md5.json` | High
-32 | File | `/userRpm/popupSiteSurveyRpm.html` | High
-33 | File | `/var/adm/btmp` | High
-34 | File | `/vloggers_merch/?p=view_product` | High
-35 | File | `/wp-admin/admin-ajax.php` | High
-36 | File | `/wp-json` | Medium
-37 | File | `account/login.php` | High
-38 | File | `ad/login.asp` | Medium
-39 | File | `admin.inc.php` | High
-40 | File | `admin/?page=students` | High
-41 | File | `admin/admin_ping.php` | High
-42 | File | `admin/index.php` | High
-43 | File | `admin/login.asp` | High
-44 | File | `admin/login.php` | High
-45 | ... | ... | ...
+26 | File | `/rdms/admin/?page=user/manage_user` | High
+27 | File | `/requests.php` | High
+28 | File | `/saml/login` | Medium
+29 | File | `/ScadaBR/login.htm` | High
+30 | File | `/setting/setDeviceName` | High
+31 | File | `/setting/setLanguageCfg` | High
+32 | File | `/setting/setUploadSetting` | High
+33 | File | `/upload` | Low
+34 | File | `/user-utils/users/md5.json` | High
+35 | File | `/userRpm/popupSiteSurveyRpm.html` | High
+36 | File | `/var/adm/btmp` | High
+37 | File | `/vloggers_merch/?p=view_product` | High
+38 | File | `/wp-admin/admin-ajax.php` | High
+39 | File | `account/login.php` | High
+40 | File | `ad/login.asp` | Medium
+41 | File | `admin.inc.php` | High
+42 | File | `admin/?page=students` | High
+43 | File | `admin/admin_ping.php` | High
+44 | File | `admin/conf_users_edit.php` | High
+45 | File | `admin/index.php` | High
+46 | ... | ... | ...

-There are 391 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/GhostEmperor/README.md
+++ b/actors/GhostEmperor/README.md
@ -47,16 +47,16 @@ ID | Type | Indicator | Confidence
 1 | File | `/.env` | Low
 2 | File | `/admin/comment.php` | High
 3 | File | `/admin/index.php` | High
-4 | File | `/login.html` | Medium
-5 | File | `/new` | Low
-6 | File | `/system?action=ServiceAdmin` | High
-7 | File | `/tlogin.cgi` | Medium
-8 | File | `/userRpm/popupSiteSurveyRpm.html` | High
-9 | File | `/var/log/nginx` | High
-10 | File | `add_vhost.php` | High
+4 | File | `/etc/postfix/sender_login` | High
+5 | File | `/login.html` | Medium
+6 | File | `/new` | Low
+7 | File | `/system?action=ServiceAdmin` | High
+8 | File | `/tlogin.cgi` | Medium
+9 | File | `/userRpm/popupSiteSurveyRpm.html` | High
+10 | File | `/var/log/nginx` | High
 11 | ... | ... | ...

-There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 83 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Steppe/README.md
+++ b/Steppe/README.md
@ -172,39 +172,40 @@ ID | Type | Indicator | Confidence
 2 | File | `/about.php` | Medium
 3 | File | `/acms/admin/?page=transactions/manage_transaction` | High
 4 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
-5 | File | `/admin.php` | Medium
-6 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-7 | File | `/anony/mjpg.cgi` | High
-8 | File | `/Ap4RtpAtom.cpp` | High
-9 | File | `/api/students/me/messages/` | High
-10 | File | `/api/trackedEntityInstances` | High
-11 | File | `/AvalancheWeb/image` | High
-12 | File | `/bcms/admin/?page=user/list` | High
-13 | File | `/car-rental-management-system/admin/manage_user.php` | High
-14 | File | `/category.php` | High
-15 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
-16 | File | `/cdsms/classes/Master.php?f=delete_package` | High
-17 | File | `/cgi-bin/kerbynet` | High
-18 | File | `/cgi-bin/login.cgi` | High
-19 | File | `/cgi-bin/luci/api/switch` | High
-20 | File | `/cgi-bin/luci/api/wireless` | High
-21 | File | `/cms/admin/?page=invoice/manage_invoice` | High
-22 | File | `/cms/classes/Master.php?f=delete_invoice` | High
-23 | File | `/cms/classes/Users.php?f=delete` | High
-24 | File | `/common/info.cgi` | High
-25 | File | `/course/api/upload/pic` | High
-26 | File | `/ctpms/admin/individuals/update_status.php` | High
-27 | File | `/debug/pprof` | Medium
-28 | File | `/fuel/index.php/fuel/logs/items` | High
-29 | File | `/fuel/sitevariables/delete/4` | High
-30 | File | `/getcfg.php` | Medium
-31 | File | `/goform/WifiExtraSet` | High
-32 | File | `/guest/s/default/` | High
-33 | File | `/hub/api/user` | High
-34 | File | `/include/chart_generator.php` | High
-35 | ... | ... | ...
+5 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
+6 | File | `/anony/mjpg.cgi` | High
+7 | File | `/Ap4RtpAtom.cpp` | High
+8 | File | `/api/students/me/messages/` | High
+9 | File | `/bcms/admin/?page=user/list` | High
+10 | File | `/car-rental-management-system/admin/manage_user.php` | High
+11 | File | `/category.php` | High
+12 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
+13 | File | `/cdsms/classes/Master.php?f=delete_package` | High
+14 | File | `/cgi-bin/kerbynet` | High
+15 | File | `/cgi-bin/login.cgi` | High
+16 | File | `/cgi-bin/luci/api/switch` | High
+17 | File | `/cgi-bin/luci/api/wireless` | High
+18 | File | `/cms/admin/?page=invoice/manage_invoice` | High
+19 | File | `/cms/classes/Master.php?f=delete_invoice` | High
+20 | File | `/cms/classes/Users.php?f=delete` | High
+21 | File | `/common/info.cgi` | High
+22 | File | `/course/api/upload/pic` | High
+23 | File | `/ctpms/admin/individuals/update_status.php` | High
+24 | File | `/dashboard/snapshot/*?orgId=0` | High
+25 | File | `/debug/pprof` | Medium
+26 | File | `/fuel/index.php/fuel/logs/items` | High
+27 | File | `/fuel/sitevariables/delete/4` | High
+28 | File | `/getcfg.php` | Medium
+29 | File | `/goform/SetFirewallCfg` | High
+30 | File | `/goform/WifiExtraSet` | High
+31 | File | `/guest/s/default/` | High
+32 | File | `/hub/api/user` | High
+33 | File | `/include/chart_generator.php` | High
+34 | File | `/Items/*/RemoteImages/Download` | High
+35 | File | `/itop/webservices/export-v2.php` | High
+36 | ... | ... | ...

-There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Hancitor/README.md
+++ b/actors/Hancitor/README.md
@ -74,13 +74,13 @@ ID | Type | Indicator | Confidence
 2 | File | `/auth/session` | High
 3 | File | `/concat?/%2557EB-INF/web.xml` | High
 4 | File | `/download` | Medium
-5 | File | `/drivers/infiniband/core/cm.c` | High
-6 | File | `/files.md5` | Medium
-7 | File | `/forum/away.php` | High
-8 | File | `/horde/util/go.php` | High
-9 | File | `/images/` | Medium
-10 | File | `/inc/extensions.php` | High
-11 | File | `/inc/parser/xhtml.php` | High
+5 | File | `/files.md5` | Medium
+6 | File | `/forum/away.php` | High
+7 | File | `/horde/util/go.php` | High
+8 | File | `/images/` | Medium
+9 | File | `/inc/extensions.php` | High
+10 | File | `/inc/parser/xhtml.php` | High
+11 | File | `/lists/index.php` | High
 12 | File | `/login` | Low
 13 | File | `/modules/profile/index.php` | High
 14 | File | `/nova/bin/console` | High
@ -107,7 +107,7 @@ ID | Type | Indicator | Confidence
 35 | File | `adclick.php` | Medium
 36 | ... | ... | ...

-There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 307 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/HermeticWiper/README.md
+++ b/actors/HermeticWiper/README.md
@ -0,0 +1,51 @@
+# HermeticWiper - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [HermeticWiper](https://vuldb.com/?actor.hermeticwiper). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hermeticwiper](https://vuldb.com/?actor.hermeticwiper)
+
+## Campaigns
+
+The following _campaigns_ are known and can be associated with HermeticWiper:
+
+* Ukraine
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with HermeticWiper:
+
+* [ES](https://vuldb.com/?country.es)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of HermeticWiper.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [94.158.244.27](https://vuldb.com/?ip.94.158.244.27) | 94-158-244-27.mivocloud.com | Ukraine | High
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by HermeticWiper. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `printf.c` | Medium
+2 | File | `wp-includes/class-wp-query.php` | High
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://www.zscaler.com/blogs/security-research/hermeticwiper-resurgence-targeted-attacks-ukraine
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Houdini/README.md
+++ b/actors/Houdini/README.md
@ -0,0 +1,30 @@
+# Houdini - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Houdini](https://vuldb.com/?actor.houdini). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.houdini](https://vuldb.com/?actor.houdini)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Houdini.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [194.5.97.17](https://vuldb.com/?ip.194.5.97.17) | - | - | High
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/IcedID/README.md
+++ b/actors/IcedID/README.md
@ -118,7 +118,7 @@ ID | Type | Indicator | Confidence
 47 | File | `api.cc` | Low
 48 | ... | ... | ...

-There are 414 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 413 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Inception/README.md
+++ b/actors/Inception/README.md
@ -14,8 +14,8 @@ The following _campaigns_ are known and can be associated with Inception:

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Inception:

+* [AR](https://vuldb.com/?country.ar)
 * [SV](https://vuldb.com/?country.sv)
-* [ES](https://vuldb.com/?country.es)
 * [PL](https://vuldb.com/?country.pl)
 * ...

@ -40,12 +40,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+1 | T1008 | CWE-757 | Algorithm Downgrade | High
 2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...

-There are 9 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -59,34 +59,36 @@ ID | Type | Indicator | Confidence
 4 | File | `/admin.php/singer/admin/lists/zhuan` | High
 5 | File | `/admin.php/singer/admin/singer/hy` | High
 6 | File | `/admin.php?id=posts&action=display&value=1&postid=` | High
-7 | File | `/admin/inbox.php&action=read` | High
-8 | File | `/admin/news/news_mod.php` | High
-9 | File | `/admin/page_edit/3` | High
-10 | File | `/administrator/alerts/alertLightbox.php` | High
-11 | File | `/api/part_categories` | High
-12 | File | `/api/programs/orgUnits?programs` | High
-13 | File | `/api/students/me/courses/` | High
-14 | File | `/apps/acs-commons/content/page-compare.html` | High
-15 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
-16 | File | `/bcms/admin/?page=service_transactions/view_details` | High
-17 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
-18 | File | `/blog/blog.php` | High
-19 | File | `/cgi-bin/luci/api/diagnose` | High
-20 | File | `/cgi-bin/main.cgi` | High
-21 | File | `/cgi-bin/uploadWeiXinPic` | High
+7 | File | `/admin/featured.php` | High
+8 | File | `/admin/general.cgi` | High
+9 | File | `/admin/inbox.php&action=read` | High
+10 | File | `/admin/usermanagement.php` | High
+11 | File | `/administrator/alerts/alertLightbox.php` | High
+12 | File | `/api/part_categories` | High
+13 | File | `/api/programs/orgUnits?programs` | High
+14 | File | `/api/students/me/courses/` | High
+15 | File | `/apps/acs-commons/content/page-compare.html` | High
+16 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
+17 | File | `/bcms/admin/?page=service_transactions/view_details` | High
+18 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
+19 | File | `/blog/blog.php` | High
+20 | File | `/cgi-bin/luci/api/diagnose` | High
+21 | File | `/cgi-bin/main.cgi` | High
 22 | File | `/cgi-mod/lookup.cgi` | High
-23 | File | `/cms/classes/Master.php?f=delete_designation` | High
-24 | File | `/controller/Adv.php` | High
-25 | File | `/createnewaccount` | High
-26 | File | `/dev/urandom` | Medium
-27 | File | `/dvcset/sysset/set.cgi` | High
-28 | File | `/ecrire` | Low
-29 | File | `/etc/sudoers` | Medium
-30 | File | `/example/editor` | High
-31 | File | `/food/admin/all_users.php` | High
-32 | ... | ... | ...
+23 | File | `/cgi/ansi` | Medium
+24 | File | `/cms/classes/Master.php?f=delete_designation` | High
+25 | File | `/controller/Adv.php` | High
+26 | File | `/createnewaccount` | High
+27 | File | `/dashboard/blocks/stacks/view_details/` | High
+28 | File | `/dev/urandom` | Medium
+29 | File | `/dl/dl_sendmail.php` | High
+30 | File | `/dvcset/sysset/set.cgi` | High
+31 | File | `/ecrire` | Low
+32 | File | `/etc/sudoers` | Medium
+33 | File | `/example/editor` | High
+34 | ... | ... | ...

-There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Indexsinas/README.md
+++ b/actors/Indexsinas/README.md
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Indexsinas:

 * [VN](https://vuldb.com/?country.vn)
-* [US](https://vuldb.com/?country.us)
 * [HK](https://vuldb.com/?country.hk)
+* [NZ](https://vuldb.com/?country.nz)
 * ...

-There are 8 more country items available. Please use our online service to access the data.
+There are 2 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -287,12 +287,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1110.001 | CWE-307 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 3 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -300,37 +300,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/acms/admin/?page=transactions/manage_transaction` | High
-2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
-3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
-4 | File | `/acms/classes/Master.php?f=delete_cargo` | High
-5 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
-6 | File | `/acms/classes/Master.php?f=delete_img` | High
-7 | File | `/admin.php/news/admin/topic/save` | High
-8 | File | `/api/crontab` | Medium
-9 | File | `/api/RecordingList/DownloadRecord?file=` | High
-10 | File | `/cgi-bin/login.cgi` | High
-11 | File | `/cgi-bin/supervisor/adcommand.cgi` | High
-12 | File | `/cms/admin/?page=invoice/manage_invoice` | High
-13 | File | `/cms/admin/?page=invoice/view_invoice` | High
-14 | File | `/cms/admin/?page=user/manage_user` | High
-15 | File | `/College_Management_System/admin/display-teacher.php` | High
-16 | File | `/ctpms/admin/?page=applications/view_application` | High
-17 | File | `/ctpms/admin/?page=individuals/view_individual` | High
-18 | File | `/ctpms/admin/applications/update_status.php` | High
-19 | File | `/ctpms/admin/individuals/update_status.php` | High
-20 | File | `/ctpms/classes/Master.php?f=delete_application` | High
-21 | File | `/ctpms/classes/Master.php?f=delete_img` | High
-22 | File | `/current_action.php?action=reboot` | High
-23 | File | `/etc/config/image_sign` | High
-24 | File | `/forum/away.php` | High
-25 | File | `/help/treecontent.jsp` | High
-26 | File | `/IISADMPWD` | Medium
-27 | File | `/mgmt/tm/util/bash` | High
-28 | File | `/mtms/admin/?page=transaction/send` | High
-29 | ... | ... | ...
+1 | File | `/admin/deluser.php` | High
+2 | File | `/admin/dl_sendmail.php` | High
+3 | File | `/admin/general.cgi` | High
+4 | File | `/admin/scheprofile.cgi` | High
+5 | File | `/admin/showbad.php` | High
+6 | File | `/admin/usermanagement.php` | High
+7 | File | `/admin/ztliuyan_sendmail.php` | High
+8 | File | `/churchcrm/WhyCameEditor.php` | High
+9 | File | `/dashboard/snapshot/*?orgId=0` | High
+10 | File | `/data/vendor/tcl` | High
+11 | File | `/dl/dl_sendmail.php` | High
+12 | ... | ... | ...

-There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Kwampirs/README.md
+++ b/actors/Kwampirs/README.md
@ -20,11 +20,11 @@ There are 5 more campaign items available. Please use our online service to acce
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kwampirs:

 * [CN](https://vuldb.com/?country.cn)
-* [NZ](https://vuldb.com/?country.nz)
 * [US](https://vuldb.com/?country.us)
+* [NZ](https://vuldb.com/?country.nz)
 * ...

-There are 11 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -138,11 +138,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 8 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -150,48 +150,54 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `%PROGRAMDATA%\checkmk\agent\local` | High
-2 | File | `.htaccess` | Medium
-3 | File | `/#/CampaignManager/users` | High
-4 | File | `//` | Low
-5 | File | `/admin.php?action=themeinstall` | High
-6 | File | `/admin/?setting-base.htm` | High
-7 | File | `/admin/admin_login.php` | High
-8 | File | `/admin/login.php` | High
-9 | File | `/adminzone/index.php?page=admin-commandr` | High
-10 | File | `/ajax/networking/get_netcfg.php` | High
-11 | File | `/apply_noauth.cgi` | High
-12 | File | `/audit/log/log_management.php` | High
-13 | File | `/bin/login` | Medium
-14 | File | `/bin/sh` | Low
-15 | File | `/cgi-bin/login` | High
-16 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
-17 | File | `/classes/profile.class.php` | High
-18 | File | `/cloud_config/router_post/reset_cloud_pwd` | High
-19 | File | `/dev/tty` | Medium
-20 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
-21 | File | `/downloads/` | Medium
-22 | File | `/index.php` | Medium
-23 | File | `/magnoliaPublic/travel/members/login.html` | High
-24 | File | `/member/index/login.html` | High
-25 | File | `/modules/certinfo/index.php` | High
-26 | File | `/ptms/classes/Users.php` | High
-27 | File | `/ScadaBR/login.htm` | High
-28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-29 | File | `/system/tool/ping.php` | High
-30 | File | `/uncpath/` | Medium
-31 | File | `/uploads/exam_question/` | High
-32 | File | `/usr/bin/pkexec` | High
-33 | File | `/usr/local/www/pkg.php` | High
-34 | File | `/var/WEB-GUI/cgi-bin/downloadfile.cgi` | High
-35 | File | `/wp-json` | Medium
-36 | File | `5.2.9\syscrb.exe` | High
-37 | File | `?location=search` | High
-38 | File | `account/login.php` | High
-39 | File | `add.php` | Low
-40 | ... | ... | ...
+1 | File | `.htaccess` | Medium
+2 | File | `/#/CampaignManager/users` | High
+3 | File | `/admin/admin_login.php` | High
+4 | File | `/admin/login.php` | High
+5 | File | `/bin/sh` | Low
+6 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
+7 | File | `/Content/Template/root/reverse-shell.aspx` | High
+8 | File | `/data/vendor/tcl` | High
+9 | File | `/debug/pprof` | Medium
+10 | File | `/dev/tty` | Medium
+11 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
+12 | File | `/gaia-job-admin/user/add` | High
+13 | File | `/goforms/rlminfo` | High
+14 | File | `/HNAP1` | Low
+15 | File | `/login` | Low
+16 | File | `/login.html` | Medium
+17 | File | `/magnoliaPublic/travel/members/login.html` | High
+18 | File | `/member/index/login.html` | High
+19 | File | `/mgmt/tm/util/bash` | High
+20 | File | `/ocwbs/admin/?page=user/manage_user` | High
+21 | File | `/ofrs/admin/?page=user/manage_user` | High
+22 | File | `/product.php` | Medium
+23 | File | `/rdms/admin/?page=user/manage_user` | High
+24 | File | `/requests.php` | High
+25 | File | `/saml/login` | Medium
+26 | File | `/ScadaBR/login.htm` | High
+27 | File | `/uncpath/` | Medium
+28 | File | `/upload` | Low
+29 | File | `/var/adm/btmp` | High
+30 | File | `/vloggers_merch/?p=view_product` | High
+31 | File | `/wp-admin/admin-ajax.php` | High
+32 | File | `/wp-json` | Medium
+33 | File | `5.2.9\syscrb.exe` | High
+34 | File | `account/login.php` | High
+35 | File | `ad/login.asp` | Medium
+36 | File | `admin.inc.php` | High
+37 | File | `admin/admin_ping.php` | High
+38 | File | `admin/conf_users_edit.php` | High
+39 | File | `admin/index.php` | High
+40 | File | `admin/login.asp` | High
+41 | File | `admin/login.php` | High
+42 | File | `admin/nos/login` | High
+43 | File | `admin/viewtheatre.php` | High
+44 | File | `agenda.php3` | Medium
+45 | File | `ajaxp.php` | Medium
+46 | ... | ... | ...

-There are 341 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 399 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Lazarus/README.md
+++ b/actors/Lazarus/README.md
@ -21,11 +21,8 @@ There are 8 more campaign items available. Please use our online service to acce
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lazarus:

 * [VN](https://vuldb.com/?country.vn)
+* [US](https://vuldb.com/?country.us)
 * [IN](https://vuldb.com/?country.in)
-* [FR](https://vuldb.com/?country.fr)
-* ...
-
-There are 5 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -228,12 +225,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+2 | T1068 | CWE-250, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 4 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -241,32 +238,22 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/account/ResetPassword` | High
-2 | File | `/acms/admin/?page=transactions/manage_transaction` | High
-3 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
-4 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
-5 | File | `/acms/classes/Master.php?f=delete_cargo` | High
-6 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
-7 | File | `/acms/classes/Master.php?f=delete_img` | High
-8 | File | `/assets/partials/_handleLogin.php` | High
-9 | File | `/cgi-bin/login.cgi` | High
-10 | File | `/cms/admin/?page=client/view_client` | High
-11 | File | `/cms/admin/?page=invoice/manage_invoice` | High
-12 | File | `/cms/admin/?page=invoice/view_invoice` | High
-13 | File | `/cms/admin/?page=user/manage_user` | High
-14 | File | `/cms/admin/maintenance/manage_service.php` | High
-15 | File | `/cms/classes/Users.php?f=delete` | High
-16 | File | `/College_Management_System/admin/display-teacher.php` | High
-17 | File | `/componetns/user/class.user.php` | High
-18 | File | `/ctpms/admin/?page=applications/view_application` | High
-19 | File | `/ctpms/admin/?page=individuals/view_individual` | High
-20 | File | `/ctpms/admin/applications/update_status.php` | High
-21 | File | `/ctpms/admin/individuals/update_status.php` | High
-22 | File | `/ctpms/classes/Master.php?f=delete_application` | High
-23 | File | `/ctpms/classes/Master.php?f=delete_img` | High
-24 | ... | ... | ...
+1 | File | `/alarm_pi/alarmService.php` | High
+2 | File | `/bsms/?page=manage_account` | High
+3 | File | `/company` | Medium
+4 | File | `/company/account/safety/trade` | High
+5 | File | `/company/down_resume/total/nature` | High
+6 | File | `/company/service/increment/add/im` | High
+7 | File | `/company/view_be_browsed/total` | High
+8 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
+9 | File | `/fm-data.lua` | Medium
+10 | File | `/freelance/resume_list` | High
+11 | File | `/home/campus/campus_job` | High
+12 | File | `/home/job/index` | High
+13 | File | `/home/job/map` | High
+14 | ... | ... | ...

-There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 108 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Lyceum/README.md
+++ b/actors/Lyceum/README.md
@ -69,37 +69,38 @@ ID | Type | Indicator | Confidence
 14 | File | `/goforms/rlminfo` | High
 15 | File | `/login` | Low
 16 | File | `/navigate/navigate_download.php` | High
-17 | File | `/owa/auth/logon.aspx` | High
-18 | File | `/p` | Low
-19 | File | `/password.html` | High
-20 | File | `/proc/ioports` | High
-21 | File | `/property-list/property_view.php` | High
-22 | File | `/ptms/classes/Users.php` | High
-23 | File | `/rest` | Low
-24 | File | `/rest/api/2/search` | High
-25 | File | `/s/` | Low
-26 | File | `/scripts/cpan_config` | High
-27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-28 | File | `/services/system/setup.json` | High
-29 | File | `/uncpath/` | Medium
-30 | File | `/vloggers_merch/?p=view_product` | High
-31 | File | `/webconsole/APIController` | High
-32 | File | `/websocket/exec` | High
-33 | File | `/wp-admin/admin-ajax.php` | High
-34 | File | `/wp-content/plugins/updraftplus/admin.php` | High
-35 | File | `/wp-json` | Medium
-36 | File | `/wp-json/oembed/1.0/embed?url` | High
-37 | File | `/_next` | Low
-38 | File | `4.edu.php\conn\function.php` | High
-39 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-40 | File | `adclick.php` | Medium
-41 | File | `addentry.php` | Medium
-42 | File | `admin/category.inc.php` | High
-43 | File | `admin/conf_users_edit.php` | High
-44 | File | `admin/dl_sendmail.php` | High
-45 | ... | ... | ...
+17 | File | `/ocwbs/admin/?page=user/manage_user` | High
+18 | File | `/ofrs/admin/?page=user/manage_user` | High
+19 | File | `/owa/auth/logon.aspx` | High
+20 | File | `/p` | Low
+21 | File | `/password.html` | High
+22 | File | `/proc/ioports` | High
+23 | File | `/property-list/property_view.php` | High
+24 | File | `/ptms/classes/Users.php` | High
+25 | File | `/rest` | Low
+26 | File | `/rest/api/2/search` | High
+27 | File | `/s/` | Low
+28 | File | `/scripts/cpan_config` | High
+29 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+30 | File | `/services/system/setup.json` | High
+31 | File | `/uncpath/` | Medium
+32 | File | `/vloggers_merch/?p=view_product` | High
+33 | File | `/webconsole/APIController` | High
+34 | File | `/websocket/exec` | High
+35 | File | `/wp-admin/admin-ajax.php` | High
+36 | File | `/wp-content/plugins/updraftplus/admin.php` | High
+37 | File | `/wp-json` | Medium
+38 | File | `/wp-json/oembed/1.0/embed?url` | High
+39 | File | `/_next` | Low
+40 | File | `4.edu.php\conn\function.php` | High
+41 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+42 | File | `adclick.php` | Medium
+43 | File | `addentry.php` | Medium
+44 | File | `admin/category.inc.php` | High
+45 | File | `admin/conf_users_edit.php` | High
+46 | ... | ... | ...

-There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Magecart/README.md
+++ b/actors/Magecart/README.md
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Magecart:

 * [ES](https://vuldb.com/?country.es)
-* [PL](https://vuldb.com/?country.pl)
+* [CN](https://vuldb.com/?country.cn)
 * [IT](https://vuldb.com/?country.it)
 * ...

-There are 9 more country items available. Please use our online service to access the data.
+There are 10 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -29,9 +29,19 @@ ID | IP address | Hostname | Campaign | Confidence
 6 | [8.211.5.139](https://vuldb.com/?ip.8.211.5.139) | - | - | High
 7 | [35.246.189.253](https://vuldb.com/?ip.35.246.189.253) | 253.189.246.35.bc.googleusercontent.com | - | Medium
 8 | [37.59.47.208](https://vuldb.com/?ip.37.59.47.208) | ns3000975.ip-37-59-47.eu | - | High
-9 | ... | ... | ... | ...
+9 | [47.254.169.212](https://vuldb.com/?ip.47.254.169.212) | - | - | High
+10 | [47.254.170.245](https://vuldb.com/?ip.47.254.170.245) | - | - | High
+11 | [47.254.175.211](https://vuldb.com/?ip.47.254.175.211) | - | - | High
+12 | [51.83.209.11](https://vuldb.com/?ip.51.83.209.11) | ip11.ip-51-83-209.eu | - | High
+13 | [54.38.49.244](https://vuldb.com/?ip.54.38.49.244) | ip244.ip-54-38-49.eu | - | High
+14 | [62.133.58.60](https://vuldb.com/?ip.62.133.58.60) | - | - | High
+15 | [74.119.239.234](https://vuldb.com/?ip.74.119.239.234) | - | - | High
+16 | [76.119.1.112](https://vuldb.com/?ip.76.119.1.112) | c-76-119-1-112.hsd1.ct.comcast.net | - | High
+17 | [77.246.157.133](https://vuldb.com/?ip.77.246.157.133) | test.com | - | High
+18 | [80.78.249.78](https://vuldb.com/?ip.80.78.249.78) | - | - | High
+19 | ... | ... | ... | ...

-There are 33 more IOC items available. Please use our online service to access the data.
+There are 72 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -40,7 +50,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

@ -58,37 +68,36 @@ ID | Type | Indicator | Confidence
 4 | File | `/admin.php/pic/admin/type/del` | High
 5 | File | `/admin.php/vod/admin/topic/del` | High
 6 | File | `/admin.php?p=/User/index` | High
-7 | File | `/admin/users.php?source=edit_user&id=1` | High
-8 | File | `/admin/weixin.php` | High
+7 | File | `/admin/communitymanagement.php` | High
+8 | File | `/admin/conferences/get-all-status/` | High
 9 | File | `/Ap4RtpAtom.cpp` | High
-10 | File | `/apps/acs-commons/content/page-compare.html` | High
-11 | File | `/assets/partials/_handleLogin.php` | High
-12 | File | `/bcms/admin/?page=user/list` | High
-13 | File | `/bcms/admin/?page=user/manage_user` | High
-14 | File | `/bcms/admin/services/view_service.php` | High
+10 | File | `/assets/partials/_handleLogin.php` | High
+11 | File | `/bcms/admin/?page=user/list` | High
+12 | File | `/bcms/admin/?page=user/manage_user` | High
+13 | File | `/bcms/admin/services/view_service.php` | High
+14 | File | `/bsms/?page=manage_account` | High
 15 | File | `/cardo/api` | Medium
 16 | File | `/cgi-bin/editBookmark` | High
 17 | File | `/cms/classes/Master.php?f=delete_designation` | High
-18 | File | `/debug/pprof` | Medium
-19 | File | `/ecrire` | Low
-20 | File | `/eris/admin/applicants/index.php?view=view` | High
-21 | File | `/etc/cron.daily/upstart` | High
-22 | File | `/fuel/index.php/fuel/logs/items` | High
-23 | File | `/fuel/sitevariables/delete/4` | High
-24 | File | `/goform/aspForm` | High
-25 | File | `/goform/setpptpservercfg` | High
-26 | File | `/help/treecontent.jsp` | High
-27 | File | `/insurance/editNominee.php` | High
-28 | File | `/lists/admin/` | High
-29 | File | `/mgmt/tm/util/bash` | High
-30 | File | `/my/unicorn/uc.c` | High
-31 | File | `/ordering/admin/category/index.php?view=edit` | High
-32 | File | `/ordering/admin/stockin/index.php?view=edit` | High
-33 | File | `/p1/p2/:name` | Medium
-34 | File | `/php/ajax.php` | High
-35 | ... | ... | ...
+18 | File | `/company` | Medium
+19 | File | `/dashboard/reports/logs/view` | High
+20 | File | `/debug/pprof` | Medium
+21 | File | `/ecrire` | Low
+22 | File | `/eris/admin/applicants/index.php?view=view` | High
+23 | File | `/fuel/index.php/fuel/logs/items` | High
+24 | File | `/fuel/sitevariables/delete/4` | High
+25 | File | `/getImage` | Medium
+26 | File | `/goform/aspForm` | High
+27 | File | `/goform/setpptpservercfg` | High
+28 | File | `/help/treecontent.jsp` | High
+29 | File | `/hprms/admin/?page=patients/view_patient` | High
+30 | File | `/hprms/admin/patients/manage_patient.php` | High
+31 | File | `/insurance/editNominee.php` | High
+32 | File | `/librarian/bookdetails.php` | High
+33 | File | `/lists/admin/` | High
+34 | ... | ... | ...

-There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 292 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -98,6 +107,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.bushidotoken.net/2020/12/analysis-of-meyhod-javascript-web.html
 * https://blog.bushidotoken.net/2021/04/mo-money-mo-magecart.html
 * https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/
+* https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/
 * https://github.com/blackorbird/APT_REPORT/tree/master/Magecart

 ## Literature
--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Middle East Unknown:

 * [ES](https://vuldb.com/?country.es)
-* [PL](https://vuldb.com/?country.pl)
-* [FR](https://vuldb.com/?country.fr)
+* [PT](https://vuldb.com/?country.pt)
+* [SV](https://vuldb.com/?country.sv)
 * ...

 There are 8 more country items available. Please use our online service to access the data.
@ -47,12 +47,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1008 | CWE-757 | Algorithm Downgrade | High
+1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...

-There are 8 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -60,36 +60,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin/admin.php?module=admin_group_edit&agID` | High
-2 | File | `/admin/configure.php` | High
-3 | File | `/admin/edit.php` | High
-4 | File | `/admin/login.php` | High
-5 | File | `/admin/modules/system/custom_field.php` | High
-6 | File | `/admin/new-content` | High
-7 | File | `/admin/weixin.php` | High
-8 | File | `/alerts/alertLightbox.php` | High
-9 | File | `/api /v3/auth` | High
-10 | File | `/apilog.php` | Medium
-11 | File | `/apps/acs-commons/content/page-compare.html` | High
-12 | File | `/box_code_base.c` | High
-13 | File | `/cloud_config/router_post/upgrade_info` | High
-14 | File | `/goform/login_process` | High
-15 | File | `/goform/SetInternetLanInfo` | High
-16 | File | `/goform/setPicListItem` | High
-17 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
-18 | File | `/mngset/authset` | High
-19 | File | `/ok_png.c` | Medium
-20 | File | `/one_church/userregister.php` | High
-21 | File | `/php/ajax.php` | High
-22 | File | `/reps/classes/Master.php?f=delete_estate` | High
-23 | File | `/sql/sql_string.h` | High
-24 | File | `/tmp/swhkd.sock` | High
-25 | File | `/tos/index.php?app/hand_app` | High
-26 | File | `AdbService.java` | High
-27 | File | `admin.php` | Medium
-28 | ... | ... | ...
+1 | File | `/?module=fileman&section=get&page=grid` | High
+2 | File | `/admin.php/singer/admin/singer/hy` | High
+3 | File | `/admin.php/vod/admin/topic/del` | High
+4 | File | `/admin/deluser.php` | High
+5 | File | `/admin/edit.php` | High
+6 | File | `/admin/googleads.php` | High
+7 | File | `/admin/new-content` | High
+8 | File | `/admin/operations/tax.php` | High
+9 | File | `/admin/payment.php` | High
+10 | File | `/admin/scheprofile.cgi` | High
+11 | File | `/admin/weixin.php` | High
+12 | File | `/apps/acs-commons/content/page-compare.html` | High
+13 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
+14 | File | `/bcms/admin/courts/manage_court.php` | High
+15 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
+16 | File | `/car-rental-management-system/admin/manage_booking.php` | High
+17 | File | `/cgi-bin/kerbynet` | High
+18 | File | `/classes/Users.php?f=save` | High
+19 | File | `/cms/classes/Master.php?f=delete_client` | High
+20 | File | `/config` | Low
+21 | File | `/defaultui/player/modern.html` | High
+22 | File | `/ffos/admin/categories/manage_category.php` | High
+23 | File | `/ffos/admin/menus/view_menu.php` | High
+24 | File | `/gaia-job-admin/user/add` | High
+25 | File | `/goform/aspForm` | High
+26 | File | `/goform/login_process` | High
+27 | File | `/goform/setNetworkLan` | High
+28 | File | `/goform/SetSysTimeCfg` | High
+29 | File | `/html/Solar_Ftp.php` | High
+30 | File | `/lists/admin/` | High
+31 | File | `/mngset/authset` | High
+32 | File | `/mtms/admin/?page=transaction/send` | High
+33 | File | `/orrs/admin/trains/manage_train.php` | High
+34 | File | `/otps/classes/Master.php?f=delete_team` | High
+35 | ... | ... | ...

-There are 233 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Mirai/README.md
+++ b/actors/Mirai/README.md
@ -21,7 +21,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...

-There are 3 more country items available. Please use our online service to access the data.
+There are 5 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -49,7 +49,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

@ -69,31 +69,31 @@ ID | Type | Indicator | Confidence
 6 | File | `/admin.php/vod/admin/topic/del` | High
 7 | File | `/admin/?page=system_info/contact_info` | High
 8 | File | `/admin/comn/service/update.json` | High
-9 | File | `/admin/dl_sendsms.php` | High
-10 | File | `/Ap4RtpAtom.cpp` | High
-11 | File | `/api/part_categories` | High
-12 | File | `/api/programs/orgUnits?programs` | High
-13 | File | `/api/students/me/courses/` | High
-14 | File | `/Applications/Utilities/Terminal` | High
+9 | File | `/admin/dl_sendmail.php` | High
+10 | File | `/admin/dl_sendsms.php` | High
+11 | File | `/Ap4RtpAtom.cpp` | High
+12 | File | `/api/part_categories` | High
+13 | File | `/api/programs/orgUnits?programs` | High
+14 | File | `/api/students/me/courses/` | High
 15 | File | `/asms/classes/Master.php?f=delete_product` | High
 16 | File | `/asms/classes/Master.php?f=save_product` | High
 17 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
 18 | File | `/bcms/admin/?page=user/list` | High
 19 | File | `/checklogin.jsp` | High
 20 | File | `/classes/master.php?f=delete_facility` | High
-21 | File | `/College_Management_System/admin/display-teacher.php` | High
-22 | File | `/ctpms/admin/?page=applications/view_application` | High
-23 | File | `/ctpms/admin/?page=individuals/view_individual` | High
-24 | File | `/ctpms/admin/applications/update_status.php` | High
-25 | File | `/ctpms/admin/individuals/update_status.php` | High
-26 | File | `/ctpms/classes/Master.php?f=delete_application` | High
-27 | File | `/debug/pprof` | Medium
-28 | File | `/ecrire` | Low
-29 | File | `/fuel/index.php/fuel/logs/items` | High
-30 | File | `/fuel/sitevariables/delete/4` | High
-31 | File | `/goform/aspForm` | High
-32 | File | `/goform/saveParentControlInfo` | High
-33 | File | `/goform/SetClientState` | High
+21 | File | `/ctpms/admin/?page=applications/view_application` | High
+22 | File | `/ctpms/admin/applications/update_status.php` | High
+23 | File | `/debug/pprof` | Medium
+24 | File | `/dl/dl_sendmail.php` | High
+25 | File | `/ecrire` | Low
+26 | File | `/fuel/index.php/fuel/logs/items` | High
+27 | File | `/fuel/sitevariables/delete/4` | High
+28 | File | `/goform/aspForm` | High
+29 | File | `/goform/saveParentControlInfo` | High
+30 | File | `/goform/SetClientState` | High
+31 | File | `/htdocs/cgibin` | High
+32 | File | `/hub/api/user` | High
+33 | File | `/includes/init.php` | High
 34 | ... | ... | ...

 There are 293 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
--- a/actors/MirrorBlast/README.md
+++ b/actors/MirrorBlast/README.md
@ -56,15 +56,16 @@ ID | Type | Indicator | Confidence
 7 | File | `/html/repository` | High
 8 | File | `/modules/projects/vw_files.php` | High
 9 | File | `/nova/bin/console` | High
-10 | File | `/rapi/read_url` | High
-11 | File | `/services/config/config.xml` | High
-12 | File | `/services/system/setup.json` | High
-13 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
-14 | File | `/uncpath/` | Medium
-15 | File | `/WEB-INF/web.xml` | High
-16 | ... | ... | ...
+10 | File | `/owa/auth/logon.aspx` | High
+11 | File | `/rapi/read_url` | High
+12 | File | `/services/config/config.xml` | High
+13 | File | `/services/system/setup.json` | High
+14 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
+15 | File | `/uncpath/` | Medium
+16 | File | `/WEB-INF/web.xml` | High
+17 | ... | ... | ...

-There are 129 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 133 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Group/README.md
+++ b/Group/README.md
@ -76,13 +76,13 @@ ID | Type | Indicator | Confidence
 14 | File | `/v2/devices/add` | High
 15 | File | `/var/ipfire/backup/bin/backup.pl` | High
 16 | File | `/wp-json/wc/v3/webhooks` | High
-17 | File | `adclick.php` | Medium
-18 | File | `AddEvent.php` | Medium
-19 | File | `admin.php` | Medium
-20 | File | `admin/scripts/FileUploader/php.php` | High
+17 | File | `accounts/view_details.php` | High
+18 | File | `adclick.php` | Medium
+19 | File | `AddEvent.php` | Medium
+20 | File | `admin.php` | Medium
 21 | ... | ... | ...

-There are 170 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 176 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Necro/README.md
+++ b/actors/Necro/README.md
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [US](https://vuldb.com/?country.us)
 * [RU](https://vuldb.com/?country.ru)
-* [SI](https://vuldb.com/?country.si)
+* [PL](https://vuldb.com/?country.pl)
 * ...

-There are 7 more country items available. Please use our online service to access the data.
+There are 8 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

--- a/actors/Needles/README.md
+++ b/actors/Needles/README.md
@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.needles](https://vuldb.com/?actor.needles)

+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Needles:
+
+* [NL](https://vuldb.com/?country.nl)
+
 ## IOC - Indicator of Compromise

 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Needles.
--- a/actors/Nemucod/README.md
+++ b/actors/Nemucod/README.md
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Nemucod:

-* [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
-* [GB](https://vuldb.com/?country.gb)
+* [US](https://vuldb.com/?country.us)
+* [ES](https://vuldb.com/?country.es)
 * ...

-There are 25 more country items available. Please use our online service to access the data.
+There are 20 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -23,10 +23,14 @@ ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [24.96.108.157](https://vuldb.com/?ip.24.96.108.157) | static-24-96-108-157.knology.net | - | High
 2 | [61.134.39.188](https://vuldb.com/?ip.61.134.39.188) | - | - | High
-3 | [133.30.115.97](https://vuldb.com/?ip.133.30.115.97) | - | - | High
-4 | ... | ... | ... | ...
+3 | [62.173.145.104](https://vuldb.com/?ip.62.173.145.104) | sadovaya-mebel.com | - | High
+4 | [76.73.17.194](https://vuldb.com/?ip.76.73.17.194) | - | - | High
+5 | [78.129.150.54](https://vuldb.com/?ip.78.129.150.54) | - | - | High
+6 | [82.192.94.125](https://vuldb.com/?ip.82.192.94.125) | - | - | High
+7 | [85.93.145.251](https://vuldb.com/?ip.85.93.145.251) | mail.boanywhere.com | - | High
+8 | ... | ... | ... | ...

-There are 9 more IOC items available. Please use our online service to access the data.
+There are 30 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -34,12 +38,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+1 | T1008 | CWE-757 | Algorithm Downgrade | High
+2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+3 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...

-There are 5 more TTP items available. Please use our online service to access the data.
+There are 9 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -47,50 +51,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/?module=users&section=cpanel&page=list` | High
-2 | File | `/admin/powerline` | High
-3 | File | `/admin/syslog` | High
-4 | File | `/api/upload` | Medium
-5 | File | `/cgi-bin` | Medium
-6 | File | `/cgi-bin/kerbynet` | High
-7 | File | `/context/%2e/WEB-INF/web.xml` | High
-8 | File | `/dcim/sites/add/` | High
-9 | File | `/EXCU_SHELL` | Medium
-10 | File | `/forum/away.php` | High
-11 | File | `/fudforum/adm/hlplist.php` | High
-12 | File | `/login` | Low
-13 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
-14 | File | `/monitoring` | Medium
-15 | File | `/new` | Low
-16 | File | `/proc/<pid>/status` | High
-17 | File | `/public/login.htm` | High
-18 | File | `/public/plugins/` | High
-19 | File | `/rom` | Low
-20 | File | `/scripts/killpvhost` | High
-21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-22 | File | `/secure/QueryComponent!Default.jspa` | High
-23 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-24 | File | `/tmp` | Low
-25 | File | `/tmp/redis.ds` | High
-26 | File | `/uncpath/` | Medium
-27 | File | `/ViewUserHover.jspa` | High
-28 | File | `/wp-admin` | Medium
-29 | File | `/wp-json/wc/v3/webhooks` | High
-30 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-31 | File | `AccountManagerService.java` | High
-32 | File | `actions/CompanyDetailsSave.php` | High
-33 | File | `ActiveServices.java` | High
-34 | File | `ActivityManagerService.java` | High
-35 | File | `addlink.php` | Medium
-36 | ... | ... | ...
+1 | File | `//proc/kcore` | Medium
+2 | File | `/acms/admin/?page=transactions/manage_transaction` | High
+3 | File | `/admin-panel1.php` | High
+4 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
+5 | File | `/Ap4RtpAtom.cpp` | High
+6 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
+7 | File | `/bcms/admin/?page=user/list` | High
+8 | File | `/car-rental-management-system/admin/manage_user.php` | High
+9 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
+10 | File | `/cgi-bin/login.cgi` | High
+11 | File | `/context/%2e/WEB-INF/web.xml` | High
+12 | File | `/ctpms/admin/?page=applications/view_application` | High
+13 | File | `/debug/pprof` | Medium
+14 | File | `/extensionsinstruction` | High
+15 | File | `/fuel/index.php/fuel/logs/items` | High
+16 | File | `/fuel/sitevariables/delete/4` | High
+17 | File | `/ifs` | Low
+18 | File | `/include/chart_generator.php` | High
+19 | File | `/mgmt/tm/util/bash` | High
+20 | File | `/monitoring` | Medium
+21 | File | `/mtms/admin/?page=transaction/send` | High
+22 | File | `/new` | Low
+23 | File | `/proc/<pid>/status` | High
+24 | File | `/public/login.htm` | High
+25 | File | `/public/plugins/` | High
+26 | File | `/question/ask` | High
+27 | File | `/reps/admin/?page=agents/manage_agent` | High
+28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+29 | File | `/secure/QueryComponent!Default.jspa` | High
+30 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
+31 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+32 | File | `/student-grading-system/rms.php?page=school_year` | High
+33 | File | `/tmp` | Low
+34 | File | `/tos/index.php?app/del` | High
+35 | File | `/uncpath/` | Medium
+36 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
+37 | File | `/wordpress-gallery-transformation/gallery.php` | High
+38 | ... | ... | ...

-There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 323 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

 * https://blog.talosintelligence.com/2018/12/threat-roundup-1207-1214.html
+* https://blog.talosintelligence.com/2019/05/threat-roundup-0524-0531.html
 * https://isc.sans.edu/forums/diary/NemucodAES+and+the+malspam+that+distributes+it/22614/
 * https://unit42.paloaltonetworks.com/unit42-practice-makes-perfect-nemucod-evolves-delivery-obfuscation-techniques-harvest-credentials/

--- a/actors/Nymaim/README.md
+++ b/actors/Nymaim/README.md
@ -74,10 +74,9 @@ ID | Type | Indicator | Confidence
 20 | File | `/uncpath/` | Medium
 21 | File | `/usr/bin/at` | Medium
 22 | File | `/usr/bin/pkexec` | High
-23 | File | `/WEB-INF/web.xml` | High
-24 | ... | ... | ...
+23 | ... | ... | ...

-There are 199 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 194 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/PKPLUG/README.md
+++ b/actors/PKPLUG/README.md
@ -50,15 +50,15 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/cgi-bin/portal` | High
-2 | File | `/etc/passwd` | Medium
-3 | File | `/etc/shadow` | Medium
-4 | File | `/htmlcode/html/indexdefault.asp` | High
-5 | File | `/include/config.cache.php` | High
-6 | File | `/include/helpers/upload.helper.php` | High
+1 | File | `/admin/uploads.php` | High
+2 | File | `/cgi-bin/portal` | High
+3 | File | `/etc/passwd` | Medium
+4 | File | `/etc/shadow` | Medium
+5 | File | `/htmlcode/html/indexdefault.asp` | High
+6 | File | `/include/config.cache.php` | High
 7 | ... | ... | ...

-There are 49 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 52 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/PYSA/README.md
+++ b/actors/PYSA/README.md
@ -47,41 +47,41 @@ ID | Type | Indicator | Confidence
 2 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
 3 | File | `/acms/classes/Master.php?f=delete_img` | High
 4 | File | `/admin/?page=system_info/contact_info` | High
-5 | File | `/administrator/alerts/alertLightbox.php` | High
+5 | File | `/Ap4RtpAtom.cpp` | High
 6 | File | `/api/part_categories` | High
-7 | File | `/api/students/me/messages/` | High
-8 | File | `/auditLogAction.do` | High
-9 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
-10 | File | `/cgi-bin` | Medium
-11 | File | `/cgi-bin/luci/api/switch` | High
-12 | File | `/churchcrm/WhyCameEditor.php` | High
-13 | File | `/cms/admin/?page=client/view_client` | High
-14 | File | `/cms/admin/?page=invoice/view_invoice` | High
-15 | File | `/College_Management_System/admin/display-teacher.php` | High
-16 | File | `/ctpms/admin/?page=individuals/view_individual` | High
-17 | File | `/ctpms/admin/applications/update_status.php` | High
-18 | File | `/ctpms/admin/individuals/update_status.php` | High
-19 | File | `/ctpms/classes/Master.php?f=delete_img` | High
-20 | File | `/dict/list.do` | High
-21 | File | `/dms/admin/reports/daily_collection_report.php` | High
-22 | File | `/etc/cron.daily/upstart` | High
-23 | File | `/farm/store.php` | High
-24 | File | `/fuel/sitevariables/delete/4` | High
-25 | File | `/goform/aspForm` | High
-26 | File | `/goform/setsambacfg` | High
-27 | File | `/index.php?page=reserve` | High
-28 | File | `/Items/*/RemoteImages/Download` | High
-29 | File | `/mdiy/dict/listExcludeApp` | High
-30 | File | `/mgmt/tm/util/bash` | High
-31 | File | `/ofrs/admin/?page=reports` | High
-32 | File | `/PC/WebService.asmx` | High
-33 | File | `/RestAPI` | Medium
-34 | File | `/scas/classes/Users.php?f=save_user` | High
-35 | File | `/scbs/classes/Users.php?f=delete_client` | High
-36 | File | `/scripts/unlock_tasks.php` | High
+7 | File | `/auditLogAction.do` | High
+8 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
+9 | File | `/cgi-bin` | Medium
+10 | File | `/cgi-bin/webproc` | High
+11 | File | `/churchcrm/WhyCameEditor.php` | High
+12 | File | `/cms/admin/?page=client/view_client` | High
+13 | File | `/cms/admin/?page=invoice/view_invoice` | High
+14 | File | `/College_Management_System/admin/display-teacher.php` | High
+15 | File | `/ctpms/admin/?page=individuals/view_individual` | High
+16 | File | `/ctpms/admin/applications/update_status.php` | High
+17 | File | `/ctpms/admin/individuals/update_status.php` | High
+18 | File | `/ctpms/classes/Master.php?f=delete_img` | High
+19 | File | `/dms/admin/reports/daily_collection_report.php` | High
+20 | File | `/etc/cron.daily/upstart` | High
+21 | File | `/fuel/sitevariables/delete/4` | High
+22 | File | `/goform/aspForm` | High
+23 | File | `/IISADMPWD` | Medium
+24 | File | `/index.php?page=reserve` | High
+25 | File | `/Items/*/RemoteImages/Download` | High
+26 | File | `/job` | Low
+27 | File | `/linkedcontent/editfolder.php` | High
+28 | File | `/mdiy/dict/listExcludeApp` | High
+29 | File | `/mgmt/tm/util/bash` | High
+30 | File | `/ofrs/admin/?page=reports` | High
+31 | File | `/PC/WebService.asmx` | High
+32 | File | `/pms/admin/inmates/manage_inmate.php` | High
+33 | File | `/scas/classes/Users.php?f=save_user` | High
+34 | File | `/scbs/classes/Users.php?f=delete_client` | High
+35 | File | `/school/model/get_events.php` | High
+36 | File | `/scms/student.php` | High
 37 | ... | ... | ...

-There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Patchwork/README.md
+++ b/actors/Patchwork/README.md
@ -121,56 +121,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `/.env` | Low
-3 | File | `/.ssh/authorized_keys` | High
-4 | File | `/admin/default.asp` | High
-5 | File | `/admin/index.php` | High
-6 | File | `/ajax/networking/get_netcfg.php` | High
-7 | File | `/apply_noauth.cgi` | High
-8 | File | `/assets/ctx` | Medium
-9 | File | `/cgi-bin/wapopen` | High
-10 | File | `/cms/print.php` | High
-11 | File | `/concat?/%2557EB-INF/web.xml` | High
-12 | File | `/Content/Template/root/reverse-shell.aspx` | High
-13 | File | `/data/remove` | Medium
-14 | File | `/goforms/rlminfo` | High
-15 | File | `/htdocs/cgibin` | High
-16 | File | `/login` | Low
-17 | File | `/navigate/navigate_download.php` | High
-18 | File | `/ocwbs/admin/?page=user/manage_user` | High
-19 | File | `/ofrs/admin/?page=user/manage_user` | High
-20 | File | `/owa/auth/logon.aspx` | High
-21 | File | `/password.html` | High
-22 | File | `/proc/ioports` | High
-23 | File | `/property-list/property_view.php` | High
-24 | File | `/ptms/classes/Users.php` | High
-25 | File | `/rest/api/2/search` | High
-26 | File | `/s/` | Low
-27 | File | `/scripts/cpan_config` | High
-28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-29 | File | `/services/system/setup.json` | High
-30 | File | `/uncpath/` | Medium
-31 | File | `/videotalk` | Medium
-32 | File | `/vloggers_merch/?p=view_product` | High
-33 | File | `/web/MCmsAction.java` | High
-34 | File | `/webconsole/APIController` | High
-35 | File | `/websocket/exec` | High
-36 | File | `/wp-admin/admin-ajax.php` | High
-37 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-38 | File | `/wp-json` | Medium
-39 | File | `/wp-json/oembed/1.0/embed?url` | High
-40 | File | `/_next` | Low
-41 | File | `4.edu.php\conn\function.php` | High
-42 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-43 | File | `about.php` | Medium
-44 | File | `acl.c` | Low
-45 | File | `activity_log.php` | High
-46 | File | `addentry.php` | Medium
-47 | File | `add_vhost.php` | High
-48 | File | `admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user` | High
+2 | File | `/.ssh/authorized_keys` | High
+3 | File | `/admin/default.asp` | High
+4 | File | `/admin/index.php` | High
+5 | File | `/ajax/networking/get_netcfg.php` | High
+6 | File | `/apply_noauth.cgi` | High
+7 | File | `/cgi-bin/wapopen` | High
+8 | File | `/cms/print.php` | High
+9 | File | `/concat?/%2557EB-INF/web.xml` | High
+10 | File | `/Content/Template/root/reverse-shell.aspx` | High
+11 | File | `/data/remove` | Medium
+12 | File | `/goforms/rlminfo` | High
+13 | File | `/htdocs/cgibin` | High
+14 | File | `/login` | Low
+15 | File | `/navigate/navigate_download.php` | High
+16 | File | `/ocwbs/admin/?page=user/manage_user` | High
+17 | File | `/ofrs/admin/?page=user/manage_user` | High
+18 | File | `/owa/auth/logon.aspx` | High
+19 | File | `/password.html` | High
+20 | File | `/proc/ioports` | High
+21 | File | `/property-list/property_view.php` | High
+22 | File | `/ptms/classes/Users.php` | High
+23 | File | `/rest/api/2/search` | High
+24 | File | `/s/` | Low
+25 | File | `/scripts/cpan_config` | High
+26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+27 | File | `/services/system/setup.json` | High
+28 | File | `/uncpath/` | Medium
+29 | File | `/videotalk` | Medium
+30 | File | `/vloggers_merch/?p=view_product` | High
+31 | File | `/web/MCmsAction.java` | High
+32 | File | `/webconsole/APIController` | High
+33 | File | `/websocket/exec` | High
+34 | File | `/wp-admin/admin-ajax.php` | High
+35 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+36 | File | `/wp-json` | Medium
+37 | File | `/wp-json/oembed/1.0/embed?url` | High
+38 | File | `/_next` | Low
+39 | File | `4.edu.php\conn\function.php` | High
+40 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+41 | File | `about.php` | Medium
+42 | File | `acl.c` | Low
+43 | File | `activity_log.php` | High
+44 | File | `addentry.php` | Medium
+45 | File | `add_vhost.php` | High
+46 | File | `admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user` | High
+47 | File | `admin/category.inc.php` | High
+48 | File | `admin/conf_users_edit.php` | High
 49 | ... | ... | ...

-There are 427 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 422 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/PlugX/README.md
+++ b/actors/PlugX/README.md
@ -67,41 +67,41 @@ ID | Type | Indicator | Confidence
 10 | File | `/context/%2e/WEB-INF/web.xml` | High
 11 | File | `/domains/index.fts` | High
 12 | File | `/download` | Medium
-13 | File | `/DroboAccess/delete_user` | High
-14 | File | `/forum/away.php` | High
-15 | File | `/foundry/modules/news/newscolumns.php` | High
-16 | File | `/ghost/preview` | High
-17 | File | `/GponForm/device_Form?script/` | High
-18 | File | `/LDMS/frm_splitfrm.aspx` | High
-19 | File | `/media/api` | Medium
-20 | File | `/modules/profile/index.php` | High
-21 | File | `/Mum.Geo.Services/DataAccessService.svc` | High
-22 | File | `/NAGErrors` | Medium
-23 | File | `/q` | Low
-24 | File | `/RestAPI` | Medium
-25 | File | `/secure/QueryComponent!Default.jspa` | High
-26 | File | `/service-list` | High
-27 | File | `/smstest.html` | High
-28 | File | `/start-stop` | Medium
-29 | File | `/subscribe/subscribe` | High
-30 | File | `/tmp` | Low
-31 | File | `/tmp/kamailio_fifo` | High
-32 | File | `/uncpath/` | Medium
-33 | File | `/view/friend_profile.php` | High
-34 | File | `/WEB-INF/web.xml` | High
-35 | File | `/wp-json/oembed/1.0/embed?url` | High
-36 | File | `actions/authenticate.php` | High
-37 | File | `actions/doreport.php` | High
-38 | File | `addlyricsform.php` | High
-39 | File | `addmerchpicform.php` | High
-40 | File | `addresses_export.php` | High
-41 | File | `adherents/cartes/carte.php` | High
-42 | File | `admin.php` | Medium
-43 | File | `admin.php?m=backup&c=backup&a=doback` | High
-44 | File | `admin/admin.php` | High
+13 | File | `/forum/away.php` | High
+14 | File | `/foundry/modules/news/newscolumns.php` | High
+15 | File | `/ghost/preview` | High
+16 | File | `/GponForm/device_Form?script/` | High
+17 | File | `/LDMS/frm_splitfrm.aspx` | High
+18 | File | `/media/api` | Medium
+19 | File | `/modules/profile/index.php` | High
+20 | File | `/Mum.Geo.Services/DataAccessService.svc` | High
+21 | File | `/NAGErrors` | Medium
+22 | File | `/q` | Low
+23 | File | `/RestAPI` | Medium
+24 | File | `/secure/QueryComponent!Default.jspa` | High
+25 | File | `/service-list` | High
+26 | File | `/smstest.html` | High
+27 | File | `/start-stop` | Medium
+28 | File | `/subscribe/subscribe` | High
+29 | File | `/tmp` | Low
+30 | File | `/tmp/kamailio_fifo` | High
+31 | File | `/uncpath/` | Medium
+32 | File | `/view/friend_profile.php` | High
+33 | File | `/WEB-INF/web.xml` | High
+34 | File | `/wp-json/oembed/1.0/embed?url` | High
+35 | File | `actions/authenticate.php` | High
+36 | File | `actions/doreport.php` | High
+37 | File | `addlyricsform.php` | High
+38 | File | `addmerchpicform.php` | High
+39 | File | `addresses_export.php` | High
+40 | File | `adherents/cartes/carte.php` | High
+41 | File | `admin.php` | Medium
+42 | File | `admin.php?m=backup&c=backup&a=doback` | High
+43 | File | `admin/admin.php` | High
+44 | File | `admin/admin/fileUploadAction_fileUpload.action` | High
 45 | ... | ... | ...

-There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/PowerTrick/README.md
+++ b/actors/PowerTrick/README.md
@ -42,33 +42,33 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/admin/config.php?display=disa&view=form` | High
 2 | File | `/apps/acs-commons/content/page-compare.html` | High
-3 | File | `/edit-db.php` | Medium
-4 | File | `/etc/waipass` | Medium
+3 | File | `/cgi/get_param.cgi` | High
+4 | File | `/edit-db.php` | Medium
 5 | File | `/ext/phar/phar_object.c` | High
 6 | File | `/files/password` | High
 7 | File | `/guest_auth/cfg/upLoadCfg.php` | High
 8 | File | `/hocms/classes/Master.php?f=delete_member` | High
-9 | File | `/phppath/php` | Medium
-10 | File | `/services/getFile.cmd` | High
-11 | File | `/sns/classes/Master.php?f=delete_img` | High
-12 | File | `/usr/bin/pkexec` | High
-13 | File | `/v2/quantum/save-data-upload-big-file` | High
-14 | File | `/var/log/messages` | High
-15 | File | `/web/jquery/uploader/multi_uploadify.php` | High
-16 | File | `/webconsole/Controller` | High
-17 | File | `/wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC` | High
-18 | File | `abook_database.php` | High
-19 | File | `acl/save_user.cgi` | High
-20 | File | `adaptive-images-script.php` | High
-21 | File | `admin/auth.php` | High
-22 | File | `admin/cgi-bin/listdir.pl` | High
-23 | File | `adminuseredit.php?usertoedit=XSS` | High
-24 | File | `AvastSvc.exe` | Medium
-25 | File | `backupsettings.conf` | High
-26 | File | `base/ErrorHandler.php` | High
+9 | File | `/lists/admin/` | High
+10 | File | `/phppath/php` | Medium
+11 | File | `/services/getFile.cmd` | High
+12 | File | `/sns/classes/Master.php?f=delete_img` | High
+13 | File | `/usr/bin/pkexec` | High
+14 | File | `/v2/quantum/save-data-upload-big-file` | High
+15 | File | `/var/log/messages` | High
+16 | File | `/web/jquery/uploader/multi_uploadify.php` | High
+17 | File | `/webconsole/Controller` | High
+18 | File | `/wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC` | High
+19 | File | `abook_database.php` | High
+20 | File | `acl/save_user.cgi` | High
+21 | File | `adaptive-images-script.php` | High
+22 | File | `admin/auth.php` | High
+23 | File | `admin/cgi-bin/listdir.pl` | High
+24 | File | `adminuseredit.php?usertoedit=XSS` | High
+25 | File | `AvastSvc.exe` | Medium
+26 | File | `backupsettings.conf` | High
 27 | ... | ... | ...

-There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 225 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Spider/README.md
+++ b/Spider/README.md
@ -16,10 +16,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [US](https://vuldb.com/?country.us)
 * [SC](https://vuldb.com/?country.sc)
-* [DE](https://vuldb.com/?country.de)
+* [ES](https://vuldb.com/?country.es)
 * ...

-There are 3 more country items available. Please use our online service to access the data.
+There are 1 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK

 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+1 | T1008 | CWE-757 | Algorithm Downgrade | High
 2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 3 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...
@ -59,39 +59,39 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `../FILEDIR` | Medium
-2 | File | `//proc/kcore` | Medium
-3 | File | `/admin/?page=system_info/contact_info` | High
-4 | File | `/Ap4RtpAtom.cpp` | High
-5 | File | `/api/part_categories` | High
-6 | File | `/api/programs/orgUnits?programs` | High
-7 | File | `/auditLogAction.do` | High
-8 | File | `/bcms/admin/?page=court_rentals/view_court_rental` | High
-9 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
-10 | File | `/bcms/admin/?page=sales/view_details` | High
-11 | File | `/bcms/admin/?page=service_transactions/manage_service_transaction` | High
-12 | File | `/bcms/admin/?page=service_transactions/view_details` | High
-13 | File | `/bcms/admin/?page=user/manage_user` | High
-14 | File | `/cgi-bin` | Medium
-15 | File | `/cgi-bin/kerbynet` | High
-16 | File | `/checklogin.jsp` | High
-17 | File | `/churchcrm/WhyCameEditor.php` | High
-18 | File | `/course/api/upload/pic` | High
-19 | File | `/etc/cron.daily/upstart` | High
-20 | File | `/fuel/sitevariables/delete/4` | High
-21 | File | `/goform/aspForm` | High
-22 | File | `/itop/webservices/export-v2.php` | High
-23 | File | `/modules/profile/index.php` | High
-24 | File | `/nova/bin/sniffer` | High
-25 | File | `/ocwbs/admin/?page=bookings/view_details` | High
-26 | File | `/ocwbs/admin/?page=user/manage_user` | High
-27 | File | `/ofrs/admin/?page=reports` | High
-28 | File | `/ofrs/admin/?page=requests/manage_request` | High
-29 | File | `/ofrs/admin/?page=teams/manage_team` | High
-30 | File | `/ofrs/admin/?page=teams/view_team` | High
+1 | File | `//proc/kcore` | Medium
+2 | File | `/admin/scheprofile.cgi` | High
+3 | File | `/admin/showbad.php` | High
+4 | File | `/admin/ztliuyan_sendmail.php` | High
+5 | File | `/alarm_pi/alarmService.php` | High
+6 | File | `/Ap4RtpAtom.cpp` | High
+7 | File | `/api/part_categories` | High
+8 | File | `/cgi-bin/kerbynet` | High
+9 | File | `/cgi-bin/webproc` | High
+10 | File | `/cgi/get_param.cgi` | High
+11 | File | `/churchcrm/WhyCameEditor.php` | High
+12 | File | `/company` | Medium
+13 | File | `/company/account/safety/trade` | High
+14 | File | `/company/service/increment/add/im` | High
+15 | File | `/dashboard/blocks/stacks/view_details/` | High
+16 | File | `/dashboard/reports/logs/view` | High
+17 | File | `/dashboard/snapshot/*?orgId=0` | High
+18 | File | `/defaultui/player/modern.html` | High
+19 | File | `/dl/dl_sendmail.php` | High
+20 | File | `/dl/dl_sendsms.php` | High
+21 | File | `/fuel/sitevariables/delete/4` | High
+22 | File | `/goform/aspForm` | High
+23 | File | `/home/campus/campus_job` | High
+24 | File | `/home/job/index` | High
+25 | File | `/IISADMPWD` | Medium
+26 | File | `/images/background/1.php` | High
+27 | File | `/index.php?action=seomatic/file/seo-file-link` | High
+28 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
+29 | File | `/itop/webservices/export-v2.php` | High
+30 | File | `/job` | Low
 31 | ... | ... | ...

-There are 265 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Pykspa/README.md
+++ b/actors/Pykspa/README.md
@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 4 more TTP items available. Please use our online service to access the data.
+There are 5 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -47,13 +47,14 @@ ID | Type | Indicator | Confidence
 1 | File | `//etc/RT2870STA.dat` | High
 2 | File | `/cgi-bin/wapopen` | High
 3 | File | `/HNAP1` | Low
-4 | File | `/setSystemAdmin` | High
-5 | File | `/updown/upload.cgi` | High
-6 | File | `/usr/bin/pkexec` | High
-7 | File | `acl.c` | Low
-8 | ... | ... | ...
+4 | File | `/mgmt/tm/util/bash` | High
+5 | File | `/setSystemAdmin` | High
+6 | File | `/updown/upload.cgi` | High
+7 | File | `/usr/bin/pkexec` | High
+8 | File | `acl.c` | Low
+9 | ... | ... | ...

-There are 58 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 62 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Qakbot/README.md
+++ b/actors/Qakbot/README.md
@ -171,48 +171,48 @@ ID | Type | Indicator | Confidence
 3 | File | `/admin/?setting-base.htm` | High
 4 | File | `/admin/admin_login.php` | High
 5 | File | `/admin/login.php` | High
-6 | File | `/apply_noauth.cgi` | High
-7 | File | `/bin/sh` | Low
-8 | File | `/componetns/user/class.user.php` | High
-9 | File | `/debug/pprof` | Medium
-10 | File | `/dev/tty` | Medium
-11 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
-12 | File | `/gaia-job-admin/user/add` | High
-13 | File | `/HNAP1` | Low
-14 | File | `/include/chart_generator.php` | High
-15 | File | `/login` | Low
-16 | File | `/login.html` | Medium
-17 | File | `/magnoliaPublic/travel/members/login.html` | High
-18 | File | `/member/index/login.html` | High
-19 | File | `/requests.php` | High
-20 | File | `/rest/api/latest/projectvalidate/key` | High
-21 | File | `/saml/login` | Medium
-22 | File | `/ScadaBR/login.htm` | High
-23 | File | `/ServletAPI/accounts/login` | High
-24 | File | `/uncpath/` | Medium
-25 | File | `/upload` | Low
-26 | File | `/var/adm/btmp` | High
-27 | File | `/var/log/messages` | High
-28 | File | `/websocket/exec` | High
-29 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-30 | File | `account/login.php` | High
-31 | File | `ad/login.asp` | Medium
-32 | File | `add.php` | Low
-33 | File | `admin.inc.php` | High
-34 | File | `admin.php` | Medium
-35 | File | `admin/admin_ping.php` | High
-36 | File | `admin/index.php` | High
-37 | File | `admin/login.asp` | High
-38 | File | `admin/login.php` | High
-39 | File | `admin/nos/login` | High
-40 | File | `admin/viewtheatre.php` | High
-41 | File | `adminer.php` | Medium
-42 | File | `admin_ajax.php?action=checkrepeat` | High
-43 | File | `admin_delete.php` | High
-44 | File | `agenda.php3` | Medium
+6 | File | `/bin/sh` | Low
+7 | File | `/componetns/user/class.user.php` | High
+8 | File | `/debug/pprof` | Medium
+9 | File | `/dev/tty` | Medium
+10 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
+11 | File | `/gaia-job-admin/user/add` | High
+12 | File | `/HNAP1` | Low
+13 | File | `/include/chart_generator.php` | High
+14 | File | `/login` | Low
+15 | File | `/login.html` | Medium
+16 | File | `/magnoliaPublic/travel/members/login.html` | High
+17 | File | `/member/index/login.html` | High
+18 | File | `/requests.php` | High
+19 | File | `/rest/api/latest/projectvalidate/key` | High
+20 | File | `/saml/login` | Medium
+21 | File | `/ScadaBR/login.htm` | High
+22 | File | `/ServletAPI/accounts/login` | High
+23 | File | `/uncpath/` | Medium
+24 | File | `/upload` | Low
+25 | File | `/var/adm/btmp` | High
+26 | File | `/var/log/messages` | High
+27 | File | `/websocket/exec` | High
+28 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+29 | File | `account/login.php` | High
+30 | File | `ad/login.asp` | Medium
+31 | File | `add.php` | Low
+32 | File | `admin.inc.php` | High
+33 | File | `admin.php` | Medium
+34 | File | `admin/admin_ping.php` | High
+35 | File | `admin/index.php` | High
+36 | File | `admin/login.asp` | High
+37 | File | `admin/login.php` | High
+38 | File | `admin/nos/login` | High
+39 | File | `admin/viewtheatre.php` | High
+40 | File | `adminer.php` | Medium
+41 | File | `admin_ajax.php?action=checkrepeat` | High
+42 | File | `admin_delete.php` | High
+43 | File | `agenda.php3` | Medium
+44 | File | `ajaxp.php` | Medium
 45 | ... | ... | ...

-There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Redaman/README.md
+++ b/actors/Redaman/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...

-There are 7 more country items available. Please use our online service to access the data.
+There are 8 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -65,9 +65,10 @@ ID | Type | Indicator | Confidence
 7 | File | `akocomments.php` | High
 8 | File | `auth.inc.php` | Medium
 9 | File | `bgpd/bgp_aspath.c` | High
-10 | ... | ... | ...
+10 | File | `cgi-bin/luci` | Medium
+11 | ... | ... | ...

-There are 77 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Remcos/README.md
+++ b/actors/Remcos/README.md
@ -35,79 +35,80 @@ ID | IP address | Hostname | Campaign | Confidence
 6 | [8.253.139.120](https://vuldb.com/?ip.8.253.139.120) | - | - | High
 7 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
 8 | [13.107.42.12](https://vuldb.com/?ip.13.107.42.12) | 1drv.ms | - | High
-9 | [13.107.43.12](https://vuldb.com/?ip.13.107.43.12) | - | - | High
-10 | [13.107.43.13](https://vuldb.com/?ip.13.107.43.13) | - | - | High
-11 | [13.225.230.20](https://vuldb.com/?ip.13.225.230.20) | server-13-225-230-20.jfk51.r.cloudfront.net | - | High
-12 | [13.250.255.10](https://vuldb.com/?ip.13.250.255.10) | ec2-13-250-255-10.ap-southeast-1.compute.amazonaws.com | - | Medium
-13 | [15.197.142.173](https://vuldb.com/?ip.15.197.142.173) | a4ec4c6ea1c92e2e6.awsglobalaccelerator.com | - | High
-14 | [18.214.132.216](https://vuldb.com/?ip.18.214.132.216) | ec2-18-214-132-216.compute-1.amazonaws.com | - | Medium
-15 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
-16 | [20.42.73.27](https://vuldb.com/?ip.20.42.73.27) | - | - | High
-17 | [20.190.151.7](https://vuldb.com/?ip.20.190.151.7) | - | - | High
-18 | [20.190.151.8](https://vuldb.com/?ip.20.190.151.8) | - | - | High
-19 | [20.190.151.68](https://vuldb.com/?ip.20.190.151.68) | - | - | High
-20 | [20.190.151.70](https://vuldb.com/?ip.20.190.151.70) | - | - | High
-21 | [20.190.151.131](https://vuldb.com/?ip.20.190.151.131) | - | - | High
-22 | [20.190.151.132](https://vuldb.com/?ip.20.190.151.132) | - | - | High
-23 | [20.190.151.133](https://vuldb.com/?ip.20.190.151.133) | - | - | High
-24 | [20.190.152.21](https://vuldb.com/?ip.20.190.152.21) | - | - | High
-25 | [20.190.154.139](https://vuldb.com/?ip.20.190.154.139) | - | - | High
-26 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
-27 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
-28 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
-29 | [23.21.205.229](https://vuldb.com/?ip.23.21.205.229) | ec2-23-21-205-229.compute-1.amazonaws.com | - | Medium
-30 | [23.21.213.140](https://vuldb.com/?ip.23.21.213.140) | ec2-23-21-213-140.compute-1.amazonaws.com | - | Medium
-31 | [23.38.131.139](https://vuldb.com/?ip.23.38.131.139) | a23-38-131-139.deploy.static.akamaitechnologies.com | - | High
-32 | [23.46.239.18](https://vuldb.com/?ip.23.46.239.18) | a23-46-239-18.deploy.static.akamaitechnologies.com | - | High
-33 | [23.56.9.181](https://vuldb.com/?ip.23.56.9.181) | a23-56-9-181.deploy.static.akamaitechnologies.com | - | High
-34 | [23.78.173.83](https://vuldb.com/?ip.23.78.173.83) | a23-78-173-83.deploy.static.akamaitechnologies.com | - | High
-35 | [23.82.12.29](https://vuldb.com/?ip.23.82.12.29) | - | - | High
-36 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | - | - | High
-37 | [23.196.74.222](https://vuldb.com/?ip.23.196.74.222) | a23-196-74-222.deploy.static.akamaitechnologies.com | - | High
-38 | [23.199.63.11](https://vuldb.com/?ip.23.199.63.11) | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High
-39 | [23.199.63.83](https://vuldb.com/?ip.23.199.63.83) | a23-199-63-83.deploy.static.akamaitechnologies.com | - | High
-40 | [23.223.37.181](https://vuldb.com/?ip.23.223.37.181) | a23-223-37-181.deploy.static.akamaitechnologies.com | - | High
-41 | [23.227.38.74](https://vuldb.com/?ip.23.227.38.74) | - | - | High
-42 | [34.96.116.138](https://vuldb.com/?ip.34.96.116.138) | 138.116.96.34.bc.googleusercontent.com | - | Medium
-43 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
-44 | [34.117.168.233](https://vuldb.com/?ip.34.117.168.233) | 233.168.117.34.bc.googleusercontent.com | - | Medium
-45 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
-46 | [34.197.12.81](https://vuldb.com/?ip.34.197.12.81) | ec2-34-197-12-81.compute-1.amazonaws.com | - | Medium
-47 | [34.202.33.33](https://vuldb.com/?ip.34.202.33.33) | ec2-34-202-33-33.compute-1.amazonaws.com | - | Medium
-48 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
-49 | [35.214.144.124](https://vuldb.com/?ip.35.214.144.124) | 124.144.214.35.bc.googleusercontent.com | - | Medium
-50 | [37.1.206.16](https://vuldb.com/?ip.37.1.206.16) | free.ispiria.net | - | High
-51 | [37.19.193.217](https://vuldb.com/?ip.37.19.193.217) | unn-37-19-193-217.cdn77.com | - | High
-52 | [37.120.138.222](https://vuldb.com/?ip.37.120.138.222) | - | - | High
-53 | [37.123.118.150](https://vuldb.com/?ip.37.123.118.150) | - | - | High
-54 | [37.139.64.106](https://vuldb.com/?ip.37.139.64.106) | - | - | High
-55 | [37.230.130.153](https://vuldb.com/?ip.37.230.130.153) | - | - | High
-56 | [37.235.1.174](https://vuldb.com/?ip.37.235.1.174) | resolver1.freedns.zone.powered.by.virtexxa.com | - | High
-57 | [40.126.26.134](https://vuldb.com/?ip.40.126.26.134) | - | - | High
-58 | [40.126.28.12](https://vuldb.com/?ip.40.126.28.12) | - | - | High
-59 | [40.126.28.22](https://vuldb.com/?ip.40.126.28.22) | - | - | High
-60 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
-61 | [44.238.161.76](https://vuldb.com/?ip.44.238.161.76) | ec2-44-238-161-76.us-west-2.compute.amazonaws.com | - | Medium
-62 | [45.15.143.148](https://vuldb.com/?ip.45.15.143.148) | - | - | High
-63 | [45.74.32.12](https://vuldb.com/?ip.45.74.32.12) | - | - | High
-64 | [45.95.168.62](https://vuldb.com/?ip.45.95.168.62) | maxko-hosting.com | - | High
-65 | [45.148.17.62](https://vuldb.com/?ip.45.148.17.62) | mail.spokel.se | - | High
-66 | [46.2.255.122](https://vuldb.com/?ip.46.2.255.122) | - | - | High
-67 | [46.105.127.143](https://vuldb.com/?ip.46.105.127.143) | ns385442.ip-46-105-127.eu | - | High
-68 | [46.243.147.194](https://vuldb.com/?ip.46.243.147.194) | - | - | High
-69 | [46.243.239.153](https://vuldb.com/?ip.46.243.239.153) | - | - | High
-70 | [46.243.249.150](https://vuldb.com/?ip.46.243.249.150) | - | - | High
-71 | [46.246.80.68](https://vuldb.com/?ip.46.246.80.68) | c-46-246-80-68.ip4.frootvpn.com | - | High
-72 | [47.254.172.117](https://vuldb.com/?ip.47.254.172.117) | - | - | High
-73 | [50.16.234.229](https://vuldb.com/?ip.50.16.234.229) | ec2-50-16-234-229.compute-1.amazonaws.com | - | Medium
-74 | [50.63.202.36](https://vuldb.com/?ip.50.63.202.36) | ip-50-63-202-36.ip.secureserver.net | - | High
-75 | [51.15.229.127](https://vuldb.com/?ip.51.15.229.127) | 127-229-15-51.instances.scw.cloud | - | High
-76 | [51.75.209.242](https://vuldb.com/?ip.51.75.209.242) | ip242.ip-51-75-209.eu | - | High
-77 | [51.91.236.193](https://vuldb.com/?ip.51.91.236.193) | cluster028.hosting.ovh.net | - | High
-78 | [51.103.16.165](https://vuldb.com/?ip.51.103.16.165) | - | - | High
-79 | ... | ... | ... | ...
+9 | [13.107.42.13](https://vuldb.com/?ip.13.107.42.13) | - | - | High
+10 | [13.107.43.12](https://vuldb.com/?ip.13.107.43.12) | - | - | High
+11 | [13.107.43.13](https://vuldb.com/?ip.13.107.43.13) | - | - | High
+12 | [13.225.230.20](https://vuldb.com/?ip.13.225.230.20) | server-13-225-230-20.jfk51.r.cloudfront.net | - | High
+13 | [13.250.255.10](https://vuldb.com/?ip.13.250.255.10) | ec2-13-250-255-10.ap-southeast-1.compute.amazonaws.com | - | Medium
+14 | [15.197.142.173](https://vuldb.com/?ip.15.197.142.173) | a4ec4c6ea1c92e2e6.awsglobalaccelerator.com | - | High
+15 | [18.214.132.216](https://vuldb.com/?ip.18.214.132.216) | ec2-18-214-132-216.compute-1.amazonaws.com | - | Medium
+16 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
+17 | [20.42.73.27](https://vuldb.com/?ip.20.42.73.27) | - | - | High
+18 | [20.190.151.7](https://vuldb.com/?ip.20.190.151.7) | - | - | High
+19 | [20.190.151.8](https://vuldb.com/?ip.20.190.151.8) | - | - | High
+20 | [20.190.151.68](https://vuldb.com/?ip.20.190.151.68) | - | - | High
+21 | [20.190.151.70](https://vuldb.com/?ip.20.190.151.70) | - | - | High
+22 | [20.190.151.131](https://vuldb.com/?ip.20.190.151.131) | - | - | High
+23 | [20.190.151.132](https://vuldb.com/?ip.20.190.151.132) | - | - | High
+24 | [20.190.151.133](https://vuldb.com/?ip.20.190.151.133) | - | - | High
+25 | [20.190.152.21](https://vuldb.com/?ip.20.190.152.21) | - | - | High
+26 | [20.190.154.139](https://vuldb.com/?ip.20.190.154.139) | - | - | High
+27 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
+28 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
+29 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
+30 | [23.21.205.229](https://vuldb.com/?ip.23.21.205.229) | ec2-23-21-205-229.compute-1.amazonaws.com | - | Medium
+31 | [23.21.213.140](https://vuldb.com/?ip.23.21.213.140) | ec2-23-21-213-140.compute-1.amazonaws.com | - | Medium
+32 | [23.38.131.139](https://vuldb.com/?ip.23.38.131.139) | a23-38-131-139.deploy.static.akamaitechnologies.com | - | High
+33 | [23.46.239.18](https://vuldb.com/?ip.23.46.239.18) | a23-46-239-18.deploy.static.akamaitechnologies.com | - | High
+34 | [23.56.9.181](https://vuldb.com/?ip.23.56.9.181) | a23-56-9-181.deploy.static.akamaitechnologies.com | - | High
+35 | [23.78.173.83](https://vuldb.com/?ip.23.78.173.83) | a23-78-173-83.deploy.static.akamaitechnologies.com | - | High
+36 | [23.82.12.29](https://vuldb.com/?ip.23.82.12.29) | - | - | High
+37 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | - | - | High
+38 | [23.196.74.222](https://vuldb.com/?ip.23.196.74.222) | a23-196-74-222.deploy.static.akamaitechnologies.com | - | High
+39 | [23.199.63.11](https://vuldb.com/?ip.23.199.63.11) | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High
+40 | [23.199.63.83](https://vuldb.com/?ip.23.199.63.83) | a23-199-63-83.deploy.static.akamaitechnologies.com | - | High
+41 | [23.223.37.181](https://vuldb.com/?ip.23.223.37.181) | a23-223-37-181.deploy.static.akamaitechnologies.com | - | High
+42 | [23.227.38.74](https://vuldb.com/?ip.23.227.38.74) | - | - | High
+43 | [34.96.116.138](https://vuldb.com/?ip.34.96.116.138) | 138.116.96.34.bc.googleusercontent.com | - | Medium
+44 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
+45 | [34.117.168.233](https://vuldb.com/?ip.34.117.168.233) | 233.168.117.34.bc.googleusercontent.com | - | Medium
+46 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
+47 | [34.197.12.81](https://vuldb.com/?ip.34.197.12.81) | ec2-34-197-12-81.compute-1.amazonaws.com | - | Medium
+48 | [34.202.33.33](https://vuldb.com/?ip.34.202.33.33) | ec2-34-202-33-33.compute-1.amazonaws.com | - | Medium
+49 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
+50 | [35.214.144.124](https://vuldb.com/?ip.35.214.144.124) | 124.144.214.35.bc.googleusercontent.com | - | Medium
+51 | [37.1.206.16](https://vuldb.com/?ip.37.1.206.16) | free.ispiria.net | - | High
+52 | [37.19.193.217](https://vuldb.com/?ip.37.19.193.217) | unn-37-19-193-217.cdn77.com | - | High
+53 | [37.120.138.222](https://vuldb.com/?ip.37.120.138.222) | - | - | High
+54 | [37.123.118.150](https://vuldb.com/?ip.37.123.118.150) | - | - | High
+55 | [37.139.64.106](https://vuldb.com/?ip.37.139.64.106) | - | - | High
+56 | [37.230.130.153](https://vuldb.com/?ip.37.230.130.153) | - | - | High
+57 | [37.235.1.174](https://vuldb.com/?ip.37.235.1.174) | resolver1.freedns.zone.powered.by.virtexxa.com | - | High
+58 | [40.126.26.134](https://vuldb.com/?ip.40.126.26.134) | - | - | High
+59 | [40.126.28.12](https://vuldb.com/?ip.40.126.28.12) | - | - | High
+60 | [40.126.28.22](https://vuldb.com/?ip.40.126.28.22) | - | - | High
+61 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
+62 | [44.238.161.76](https://vuldb.com/?ip.44.238.161.76) | ec2-44-238-161-76.us-west-2.compute.amazonaws.com | - | Medium
+63 | [45.15.143.148](https://vuldb.com/?ip.45.15.143.148) | - | - | High
+64 | [45.74.32.12](https://vuldb.com/?ip.45.74.32.12) | - | - | High
+65 | [45.95.168.62](https://vuldb.com/?ip.45.95.168.62) | maxko-hosting.com | - | High
+66 | [45.148.17.62](https://vuldb.com/?ip.45.148.17.62) | mail.spokel.se | - | High
+67 | [46.2.255.122](https://vuldb.com/?ip.46.2.255.122) | - | - | High
+68 | [46.105.127.143](https://vuldb.com/?ip.46.105.127.143) | ns385442.ip-46-105-127.eu | - | High
+69 | [46.243.147.194](https://vuldb.com/?ip.46.243.147.194) | - | - | High
+70 | [46.243.239.153](https://vuldb.com/?ip.46.243.239.153) | - | - | High
+71 | [46.243.249.150](https://vuldb.com/?ip.46.243.249.150) | - | - | High
+72 | [46.246.80.68](https://vuldb.com/?ip.46.246.80.68) | c-46-246-80-68.ip4.frootvpn.com | - | High
+73 | [47.254.172.117](https://vuldb.com/?ip.47.254.172.117) | - | - | High
+74 | [50.16.234.229](https://vuldb.com/?ip.50.16.234.229) | ec2-50-16-234-229.compute-1.amazonaws.com | - | Medium
+75 | [50.63.202.36](https://vuldb.com/?ip.50.63.202.36) | ip-50-63-202-36.ip.secureserver.net | - | High
+76 | [51.15.229.127](https://vuldb.com/?ip.51.15.229.127) | 127-229-15-51.instances.scw.cloud | - | High
+77 | [51.75.209.242](https://vuldb.com/?ip.51.75.209.242) | ip242.ip-51-75-209.eu | - | High
+78 | [51.91.236.193](https://vuldb.com/?ip.51.91.236.193) | cluster028.hosting.ovh.net | - | High
+79 | [51.103.16.165](https://vuldb.com/?ip.51.103.16.165) | - | - | High
+80 | ... | ... | ... | ...

-There are 313 more IOC items available. Please use our online service to access the data.
+There are 318 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -130,29 +131,30 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.procmailrc` | Medium
 2 | File | `/anony/mjpg.cgi` | High
-3 | File | `/api/crontab` | Medium
-4 | File | `/as/authorization.oauth2` | High
-5 | File | `/bin/mail` | Medium
-6 | File | `/cgi-bin/delete_CA` | High
-7 | File | `/common/info.cgi` | High
-8 | File | `/data/vendor/tcl` | High
-9 | File | `/dev/random` | Medium
-10 | File | `/etc/passwd` | Medium
-11 | File | `/etc/password` | High
-12 | File | `/files.md5` | Medium
-13 | File | `/forum/away.php` | High
-14 | File | `/include/chart_generator.php` | High
-15 | File | `/mgmt/tm/util/bash` | High
-16 | File | `/one_church/userregister.php` | High
-17 | File | `/op/op.LockDocument.php` | High
-18 | File | `/plesk-site-preview/` | High
-19 | File | `/proc/self/setgroups` | High
-20 | File | `/proc/stat` | Medium
-21 | File | `/rest/api/2/search` | High
-22 | File | `/rest/api/latest/projectvalidate/key` | High
-23 | ... | ... | ...
+3 | File | `/bin/mail` | Medium
+4 | File | `/common/info.cgi` | High
+5 | File | `/data/vendor/tcl` | High
+6 | File | `/dev/random` | Medium
+7 | File | `/etc/hosts` | Medium
+8 | File | `/etc/passwd` | Medium
+9 | File | `/etc/password` | High
+10 | File | `/files.md5` | Medium
+11 | File | `/forum/away.php` | High
+12 | File | `/include/chart_generator.php` | High
+13 | File | `/mgmt/tm/util/bash` | High
+14 | File | `/op/op.LockDocument.php` | High
+15 | File | `/plesk-site-preview/` | High
+16 | File | `/proc/self/setgroups` | High
+17 | File | `/proc/stat` | Medium
+18 | File | `/ram/pckg/security/nova/bin/ipsec` | High
+19 | File | `/rest/api/2/search` | High
+20 | File | `/rest/api/latest/projectvalidate/key` | High
+21 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
+22 | File | `/SAP_Information_System/controllers/add_admin.php` | High
+23 | File | `/tmp` | Low
+24 | ... | ... | ...

-There are 189 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 199 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -202,6 +204,10 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.html
 * https://blog.talosintelligence.com/2022/03/ukraine-invasion-scams-malware.html
 * https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-17%20Remcos%20IOCs
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Remcos%20RAT%20IOCs
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Remcos%20RAT%20IOCs%202
+* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-15%20Remcos%20IOCs
 * https://isc.sans.edu/forums/diary/Malspam+using+passwordprotected+Word+docs+to+push+Remcos+RAT/25292/
 * https://twitter.com/Paladin3161/status/1197842954037018625

--- a/Kit/README.md
+++ b/Kit/README.md
@ -57,7 +57,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 4 more TTP items available. Please use our online service to access the data.
+There are 5 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -69,26 +69,27 @@ ID | Type | Indicator | Confidence
 2 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
 3 | File | `/apply.cgi` | Medium
 4 | File | `/forum/away.php` | High
-5 | File | `/mifs/c/i/reg/reg.html` | High
-6 | File | `/objects/getImageMP4.php` | High
-7 | File | `/payu/icpcheckout/` | High
-8 | File | `/proc/kcore/` | Medium
-9 | File | `/uncpath/` | Medium
-10 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
-11 | File | `adclick.php` | Medium
-12 | File | `add_comment.php` | High
-13 | File | `admin.jcomments.php` | High
-14 | File | `admin.php` | Medium
-15 | File | `admin/index.php` | High
-16 | File | `AppCompatCache.exe` | High
-17 | File | `asn1fix_retrieve.c` | High
-18 | File | `bigsam_guestbook.php` | High
-19 | File | `books.php` | Medium
-20 | File | `card/pay/.../amount` | High
-21 | File | `category.cfm` | Medium
-22 | ... | ... | ...
+5 | File | `/mgmt/tm/util/bash` | High
+6 | File | `/mifs/c/i/reg/reg.html` | High
+7 | File | `/objects/getImageMP4.php` | High
+8 | File | `/payu/icpcheckout/` | High
+9 | File | `/proc/kcore/` | Medium
+10 | File | `/uncpath/` | Medium
+11 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
+12 | File | `adclick.php` | Medium
+13 | File | `add_comment.php` | High
+14 | File | `admin.jcomments.php` | High
+15 | File | `admin.php` | Medium
+16 | File | `admin/index.php` | High
+17 | File | `AppCompatCache.exe` | High
+18 | File | `asn1fix_retrieve.c` | High
+19 | File | `bigsam_guestbook.php` | High
+20 | File | `books.php` | Medium
+21 | File | `card/pay/.../amount` | High
+22 | File | `category.cfm` | Medium
+23 | ... | ... | ...

-There are 187 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 191 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Phish/README.md
+++ b/Phish/README.md
@ -0,0 +1,59 @@
+# Rock Phish - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Rock Phish](https://vuldb.com/?actor.rock_phish). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.rock_phish](https://vuldb.com/?actor.rock_phish)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Rock Phish:
+
+* [US](https://vuldb.com/?country.us)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Rock Phish.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [81.16.131.40](https://vuldb.com/?ip.81.16.131.40) | - | - | High
+2 | [200.72.139.67](https://vuldb.com/?ip.200.72.139.67) | - | - | High
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Rock Phish_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1600 | CWE-310 | Cryptographic Issues | High
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Rock Phish. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `cloud.php` | Medium
+2 | File | `inc/config.php` | High
+3 | File | `register.php` | Medium
+4 | ... | ... | ...
+
+There are 10 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://ddanchev.blogspot.com/2007/12/2091-host-locked.html
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Sandworm
+++ b/actors/Sandworm
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...

-There are 24 more country items available. Please use our online service to access the data.
+There are 21 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -58,45 +58,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/?module=users&section=cpanel&page=list` | High
-2 | File | `/admin.php?action=page` | High
+1 | File | `//proc/kcore` | Medium
+2 | File | `/?module=users&section=cpanel&page=list` | High
 3 | File | `/admin.php?mod=user&amp` | High
-4 | File | `/admin/powerline` | High
-5 | File | `/admin/syslog` | High
-6 | File | `/api/upload` | Medium
-7 | File | `/bcms/admin/?page=user/list` | High
-8 | File | `/cgi-bin` | Medium
-9 | File | `/context/%2e/WEB-INF/web.xml` | High
+4 | File | `/admin/dl_sendmail.php` | High
+5 | File | `/Ap4RtpAtom.cpp` | High
+6 | File | `/bcms/admin/?page=user/list` | High
+7 | File | `/bsms/?page=manage_account` | High
+8 | File | `/context/%2e/WEB-INF/web.xml` | High
+9 | File | `/dashboard/reports/logs/view` | High
 10 | File | `/debug/pprof` | Medium
 11 | File | `/dl/dl_print.php` | High
 12 | File | `/fuel/index.php/fuel/logs/items` | High
-13 | File | `/mgmt/tm/util/bash` | High
-14 | File | `/moddable/xs/sources/xsDebug.c` | High
-15 | File | `/monitoring` | Medium
-16 | File | `/new` | Low
-17 | File | `/nova/bin/diskd` | High
-18 | File | `/proc/<pid>/status` | High
-19 | File | `/public/plugins/` | High
-20 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-21 | File | `/secure/QueryComponent!Default.jspa` | High
-22 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
-23 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-24 | File | `/StdC/Ap4StdCFileByteStream.cpp` | High
-25 | File | `/tmp` | Low
-26 | File | `/uncpath/` | Medium
-27 | File | `/usr/bin/pkexec` | High
-28 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
-29 | File | `/wp-admin` | Medium
+13 | File | `/fuel/sitevariables/delete/4` | High
+14 | File | `/mgmt/tm/util/bash` | High
+15 | File | `/moddable/xs/sources/xsDebug.c` | High
+16 | File | `/monitoring` | Medium
+17 | File | `/new` | Low
+18 | File | `/odfs/classes/Master.php?f=save_category` | High
+19 | File | `/proc/<pid>/status` | High
+20 | File | `/public/plugins/` | High
+21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+22 | File | `/secure/QueryComponent!Default.jspa` | High
+23 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
+24 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+25 | File | `/StdC/Ap4StdCFileByteStream.cpp` | High
+26 | File | `/tmp` | Low
+27 | File | `/uncpath/` | Medium
+28 | File | `/usr/bin/pkexec` | High
+29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
 30 | File | `/wp-json/wc/v3/webhooks` | High
 31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
 32 | File | `AccountManagerService.java` | High
 33 | File | `actions/CompanyDetailsSave.php` | High
 34 | File | `ActiveServices.java` | High
-35 | File | `ActivityManagerService.java` | High
-36 | File | `admin.php` | Medium
-37 | ... | ... | ...
+35 | ... | ... | ...

-There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Shadowcrew/README.md
+++ b/actors/Shadowcrew/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [NL](https://vuldb.com/?country.nl)
 * ...

-There are 24 more country items available. Please use our online service to access the data.
+There are 21 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -763,37 +763,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/advance_push/public/login` | High
-2 | File | `/bcms/admin/?page=user/list` | High
-3 | File | `/context/%2e/WEB-INF/web.xml` | High
-4 | File | `/fuel/index.php/fuel/logs/items` | High
-5 | File | `/mgmt/tm/util/bash` | High
-6 | File | `/monitoring` | Medium
-7 | File | `/new` | Low
-8 | File | `/proc/<pid>/status` | High
-9 | File | `/public/plugins/` | High
-10 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-11 | File | `/secure/QueryComponent!Default.jspa` | High
-12 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-13 | File | `/tmp` | Low
-14 | File | `/uncpath/` | Medium
-15 | File | `/usr/bin/pkexec` | High
-16 | File | `/WEB-INF/web.xml` | High
-17 | File | `/wp-admin/admin-ajax.php` | High
-18 | File | `/wp-json/wc/v3/webhooks` | High
-19 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-20 | File | `AccountManagerService.java` | High
-21 | File | `actions/CompanyDetailsSave.php` | High
-22 | File | `ActivityManagerService.java` | High
-23 | File | `admin.php` | Medium
-24 | File | `admin/add-glossary.php` | High
-25 | File | `admin/conf_users_edit.php` | High
-26 | File | `admin/controllers/Albumsgalleries.php` | High
-27 | File | `admin/edit-comments.php` | High
-28 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
-29 | ... | ... | ...
+1 | File | `//proc/kcore` | Medium
+2 | File | `/advance_push/public/login` | High
+3 | File | `/Ap4RtpAtom.cpp` | High
+4 | File | `/bcms/admin/?page=user/list` | High
+5 | File | `/context/%2e/WEB-INF/web.xml` | High
+6 | File | `/debug/pprof` | Medium
+7 | File | `/fuel/index.php/fuel/logs/items` | High
+8 | File | `/fuel/sitevariables/delete/4` | High
+9 | File | `/mgmt/tm/util/bash` | High
+10 | File | `/monitoring` | Medium
+11 | File | `/new` | Low
+12 | File | `/proc/<pid>/status` | High
+13 | File | `/public/plugins/` | High
+14 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+15 | File | `/secure/QueryComponent!Default.jspa` | High
+16 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
+17 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+18 | File | `/tmp` | Low
+19 | File | `/uncpath/` | Medium
+20 | File | `/usr/bin/pkexec` | High
+21 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
+22 | File | `/wp-admin/admin-ajax.php` | High
+23 | File | `/wp-json/wc/v3/webhooks` | High
+24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+25 | File | `AccountManagerService.java` | High
+26 | File | `actions/CompanyDetailsSave.php` | High
+27 | File | `ActiveServices.java` | High
+28 | File | `ActivityManagerService.java` | High
+29 | File | `admin.php` | Medium
+30 | ... | ... | ...

-There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 255 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Shuckworm/README.md
+++ b/actors/Shuckworm/README.md
@ -56,18 +56,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/error` | Low
-2 | File | `/forum/away.php` | High
-3 | File | `/gena.cgi` | Medium
-4 | File | `/login` | Low
-5 | File | `/php/ajax.php` | High
-6 | File | `/rapi/read_url` | High
-7 | File | `/sec/content/sec_asa_users_local_db_add.html` | High
-8 | File | `/see_more_details.php` | High
-9 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
+1 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
+2 | File | `/error` | Low
+3 | File | `/forum/away.php` | High
+4 | File | `/gena.cgi` | Medium
+5 | File | `/login` | Low
+6 | File | `/php/ajax.php` | High
+7 | File | `/rapi/read_url` | High
+8 | File | `/sec/content/sec_asa_users_local_db_add.html` | High
+9 | File | `/see_more_details.php` | High
 10 | ... | ... | ...

-There are 77 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 78 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/SmokeLoader/README.md
+++ b/actors/SmokeLoader/README.md
@ -16,10 +16,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [ES](https://vuldb.com/?country.es)
 * [CN](https://vuldb.com/?country.cn)
-* [PL](https://vuldb.com/?country.pl)
+* [US](https://vuldb.com/?country.us)
 * ...

-There are 9 more country items available. Please use our online service to access the data.
+There are 11 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -30,14 +30,19 @@ ID | IP address | Hostname | Campaign | Confidence
 1 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | Tsunami | High
 2 | [5.196.8.173](https://vuldb.com/?ip.5.196.8.173) | vps-b5645e9a.vps.ovh.net | - | High
 3 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
-4 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
-5 | [31.13.65.36](https://vuldb.com/?ip.31.13.65.36) | edge-star-mini-shv-01-atl3.facebook.com | - | High
-6 | [31.210.170.195](https://vuldb.com/?ip.31.210.170.195) | vps16632.hosted-by.eurohoster.online | - | High
-7 | [51.254.25.115](https://vuldb.com/?ip.51.254.25.115) | ip115.ip-51-254-25.eu | Tsunami | High
-8 | [51.255.48.78](https://vuldb.com/?ip.51.255.48.78) | vps-ede152ed.vps.ovh.net | Tsunami | High
-9 | ... | ... | ... | ...
+4 | [20.45.1.107](https://vuldb.com/?ip.20.45.1.107) | - | - | High
+5 | [23.0.48.75](https://vuldb.com/?ip.23.0.48.75) | a23-0-48-75.deploy.static.akamaitechnologies.com | - | High
+6 | [23.0.209.167](https://vuldb.com/?ip.23.0.209.167) | a23-0-209-167.deploy.static.akamaitechnologies.com | - | High
+7 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
+8 | [23.6.69.99](https://vuldb.com/?ip.23.6.69.99) | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High
+9 | [23.13.211.142](https://vuldb.com/?ip.23.13.211.142) | a23-13-211-142.deploy.static.akamaitechnologies.com | - | High
+10 | [23.20.239.12](https://vuldb.com/?ip.23.20.239.12) | ec2-23-20-239-12.compute-1.amazonaws.com | - | Medium
+11 | [23.66.61.153](https://vuldb.com/?ip.23.66.61.153) | a23-66-61-153.deploy.static.akamaitechnologies.com | - | High
+12 | [23.193.177.127](https://vuldb.com/?ip.23.193.177.127) | a23-193-177-127.deploy.static.akamaitechnologies.com | - | High
+13 | [23.218.40.161](https://vuldb.com/?ip.23.218.40.161) | a23-218-40-161.deploy.static.akamaitechnologies.com | - | High
+14 | ... | ... | ... | ...

-There are 30 more IOC items available. Please use our online service to access the data.
+There are 52 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -50,7 +55,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 5 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -67,49 +72,56 @@ ID | Type | Indicator | Confidence
 7 | File | `/cgi-bin/pass` | High
 8 | File | `/cgi/ansi` | Medium
 9 | File | `/ClickAndBanexDemo/admin/admin.asp` | High
-10 | File | `/config/getuser` | High
-11 | File | `/etc/gsissh/sshd_config` | High
-12 | File | `/etc/passwd` | Medium
-13 | File | `/etc/sudoers` | Medium
-14 | File | `/getcfg.php` | Medium
-15 | File | `/goform/GetNewDir` | High
-16 | File | `/goform/telnet` | High
-17 | File | `/goform/WanParameterSetting` | High
-18 | File | `/hnap.cgi` | Medium
-19 | File | `/HNAP1` | Low
-20 | File | `/include/makecvs.php` | High
-21 | File | `/includes/common.inc.php` | High
-22 | File | `/knomi/analyze` | High
-23 | File | `/opt/pia/ruby/64/ruby` | High
-24 | File | `/out.php` | Medium
-25 | File | `/outgoing.php` | High
-26 | File | `/scripts/iisadmin/bdir.htr` | High
-27 | File | `/tmp` | Low
-28 | File | `/tmp/csman/0` | Medium
-29 | File | `/ui/cbpc/login` | High
-30 | File | `/uncpath/` | Medium
-31 | File | `/var/avamar/f_cache.dat` | High
-32 | File | `/var/hnap/timestamp` | High
-33 | File | `/var/run/storage_account_root` | High
-34 | File | `/webmail/` | Medium
-35 | File | `/wp-content/plugins/forum-server/feed.php` | High
-36 | File | `/{ADMIN-FILE}/` | High
-37 | File | `a2billing/customer/iridium_threed.php` | High
-38 | File | `address.html` | Medium
-39 | File | `adm/systools.asp` | High
-40 | File | `admin.php` | Medium
-41 | File | `admin/index.php` | High
-42 | File | `administrador.asp` | High
-43 | File | `AdminQuickAccessesController.php` | High
-44 | ... | ... | ...
+10 | File | `/config.cgi?webmin` | High
+11 | File | `/config/getuser` | High
+12 | File | `/etc/gsissh/sshd_config` | High
+13 | File | `/etc/passwd` | Medium
+14 | File | `/etc/sudoers` | Medium
+15 | File | `/gateway/services/EdgeServiceImpl` | High
+16 | File | `/getcfg.php` | Medium
+17 | File | `/goform/dir_setWanWifi` | High
+18 | File | `/goform/GetNewDir` | High
+19 | File | `/goform/telnet` | High
+20 | File | `/goform/WanParameterSetting` | High
+21 | File | `/hnap.cgi` | Medium
+22 | File | `/HNAP1` | Low
+23 | File | `/include/makecvs.php` | High
+24 | File | `/includes/common.inc.php` | High
+25 | File | `/knomi/analyze` | High
+26 | File | `/mgmt/tm/util/bash` | High
+27 | File | `/monitoring` | Medium
+28 | File | `/opt/pia/ruby/64/ruby` | High
+29 | File | `/opt/tms/bin/cli` | High
+30 | File | `/out.php` | Medium
+31 | File | `/outgoing.php` | High
+32 | File | `/Pwrchute` | Medium
+33 | File | `/reports/rwservlet` | High
+34 | File | `/scripts/iisadmin/bdir.htr` | High
+35 | File | `/skyboxview-softwareupdate/services/CollectorSoftwareUpdate` | High
+36 | File | `/tmp` | Low
+37 | File | `/tmp/csman/0` | Medium
+38 | File | `/ui/cbpc/login` | High
+39 | File | `/uncpath/` | Medium
+40 | File | `/usr/local/psa/admin/sbin/wrapper` | High
+41 | File | `/var/avamar/f_cache.dat` | High
+42 | File | `/var/hnap/timestamp` | High
+43 | File | `/var/run/storage_account_root` | High
+44 | File | `/webmail/` | Medium
+45 | File | `/wordpress/wp-admin/admin.php` | High
+46 | File | `/wp-content/plugins/forum-server/feed.php` | High
+47 | File | `/{ADMIN-FILE}/` | High
+48 | File | `a2billing/customer/iridium_threed.php` | High
+49 | ... | ... | ...

-There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

 The following list contains _external sources_ which discuss the actor and the associated activities:

+* https://blog.talosintelligence.com/2020/01/threat-roundup-0124-0131.html
 * https://blog.talosintelligence.com/2021/07/threat-roundup-0716-0723.html
+* https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/
 * https://research.checkpoint.com/2019/2019-resurgence-of-smokeloader/
 * https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/

--- a/actors/Spalax/README.md
+++ b/actors/Spalax/README.md
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [DE](https://vuldb.com/?country.de)
 * ...

-There are 21 more country items available. Please use our online service to access the data.
+There are 23 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -51,7 +51,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

@ -63,67 +63,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
-2 | File | `/+CSCOE+/logon.html` | High
-3 | File | `/.ssh/authorized_keys` | High
-4 | File | `/assets/ctx` | Medium
-5 | File | `/bsms/?page=products` | High
-6 | File | `/cloud_config/router_post/check_reg_verify_code` | High
-7 | File | `/concat?/%2557EB-INF/web.xml` | High
-8 | File | `/config/getuser` | High
-9 | File | `/debug/pprof` | Medium
-10 | File | `/ext/phar/phar_object.c` | High
-11 | File | `/filemanager/php/connector.php` | High
-12 | File | `/get_getnetworkconf.cgi` | High
-13 | File | `/HNAP1` | Low
-14 | File | `/include/chart_generator.php` | High
-15 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
-16 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
-17 | File | `/modx/manager/index.php` | High
-18 | File | `/osm/REGISTER.cmd` | High
-19 | File | `/product_list.php` | High
-20 | File | `/replication` | Medium
-21 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
-22 | File | `/supervisor/procesa_carga.php` | High
-23 | File | `/type.php` | Medium
-24 | File | `/uncpath/` | Medium
-25 | File | `/usr/bin/pkexec` | High
-26 | File | `/zm/index.php` | High
-27 | File | `4.2.0.CP09` | Medium
-28 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-29 | File | `802dot1xclientcert.cgi` | High
-30 | File | `add.exe` | Low
-31 | File | `addentry.php` | Medium
-32 | File | `admin-ajax.php` | High
-33 | File | `admin.color.php` | High
-34 | File | `admin.cropcanvas.php` | High
-35 | File | `admin.joomlaradiov5.php` | High
-36 | File | `admin.php` | Medium
-37 | File | `admin.php?m=Food&a=addsave` | High
-38 | File | `admin/conf_users_edit.php` | High
-39 | File | `admin/index.php` | High
-40 | File | `admin/user.php` | High
-41 | File | `admin/write-post.php` | High
-42 | File | `administrator/components/com_media/helpers/media.php` | High
-43 | File | `admin_events.php` | High
-44 | File | `ajax_new_account.php` | High
-45 | File | `akocomments.php` | High
-46 | File | `allopass-error.php` | High
-47 | File | `announcement.php` | High
-48 | File | `apply.cgi` | Medium
-49 | File | `archiver\index.php` | High
-50 | File | `artlinks.dispnew.php` | High
-51 | File | `auth.inc.php` | Medium
-52 | File | `authorization.do` | High
-53 | File | `awstats.pl` | Medium
-54 | File | `backoffice/login.asp` | High
-55 | File | `bb_usage_stats.php` | High
-56 | File | `binder.c` | Medium
-57 | File | `books.php` | Medium
-58 | File | `C:\Python27` | Medium
-59 | ... | ... | ...
+1 | File | `/+CSCOE+/logon.html` | High
+2 | File | `/admin_page/all-files-update-ajax.php` | High
+3 | File | `/assets/ctx` | Medium
+4 | File | `/bsms/?page=products` | High
+5 | File | `/cgi-bin/kerbynet` | High
+6 | File | `/cgi-bin/system_mgr.cgi` | High
+7 | File | `/cloud_config/router_post/check_reg_verify_code` | High
+8 | File | `/concat?/%2557EB-INF/web.xml` | High
+9 | File | `/config/getuser` | High
+10 | File | `/debug/pprof` | Medium
+11 | File | `/dms/admin/reports/daily_collection_report.php` | High
+12 | File | `/ext/phar/phar_object.c` | High
+13 | File | `/filemanager/php/connector.php` | High
+14 | File | `/get_getnetworkconf.cgi` | High
+15 | File | `/HNAP1` | Low
+16 | File | `/include/chart_generator.php` | High
+17 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
+18 | File | `/info.cgi` | Medium
+19 | File | `/lists/admin/` | High
+20 | File | `/MagickCore/image.c` | High
+21 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
+22 | File | `/mgmt/tm/util/bash` | High
+23 | File | `/modx/manager/index.php` | High
+24 | File | `/osm/REGISTER.cmd` | High
+25 | File | `/replication` | Medium
+26 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
+27 | File | `/spip.php` | Medium
+28 | File | `/type.php` | Medium
+29 | File | `/uncpath/` | Medium
+30 | File | `/usr/bin/pkexec` | High
+31 | File | `/Wedding-Management/package_detail.php` | High
+32 | File | `/zm/index.php` | High
+33 | File | `4.2.0.CP09` | Medium
+34 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+35 | File | `802dot1xclientcert.cgi` | High
+36 | File | `a2billing/customer/iridium_threed.php` | High
+37 | File | `add.exe` | Low
+38 | File | `admin-ajax.php` | High
+39 | File | `admin.color.php` | High
+40 | File | `admin.cropcanvas.php` | High
+41 | File | `admin.joomlaradiov5.php` | High
+42 | File | `admin.php` | Medium
+43 | File | `admin.php?m=Food&a=addsave` | High
+44 | File | `admin/conf_users_edit.php` | High
+45 | File | `admin/index.php` | High
+46 | File | `admin/limits.php` | High
+47 | File | `admin/user.php` | High
+48 | File | `admin/write-post.php` | High
+49 | File | `administrator/components/com_media/helpers/media.php` | High
+50 | File | `admin_events.php` | High
+51 | File | `akocomments.php` | High
+52 | File | `allopass-error.php` | High
+53 | File | `announcement.php` | High
+54 | File | `apply.cgi` | Medium
+55 | File | `appointment.php` | High
+56 | File | `archiver\index.php` | High
+57 | File | `artlinks.dispnew.php` | High
+58 | File | `auth.inc.php` | Medium
+59 | File | `authorization.do` | High
+60 | ... | ... | ...

-There are 513 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/SquirtDanger/README.md
+++ b/actors/SquirtDanger/README.md
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [CN](https://vuldb.com/?country.cn)
 * [US](https://vuldb.com/?country.us)
-* [RU](https://vuldb.com/?country.ru)
+* [ES](https://vuldb.com/?country.es)
 * ...

-There are 24 more country items available. Please use our online service to access the data.
+There are 23 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -68,44 +68,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/?module=users&section=cpanel&page=list` | High
-2 | File | `/admin/powerline` | High
-3 | File | `/admin/syslog` | High
-4 | File | `/api/upload` | Medium
-5 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
-6 | File | `/bcms/admin/?page=user/list` | High
-7 | File | `/cgi-bin` | Medium
-8 | File | `/cgi-bin/kerbynet` | High
-9 | File | `/context/%2e/WEB-INF/web.xml` | High
-10 | File | `/fudforum/adm/hlplist.php` | High
-11 | File | `/fuel/index.php/fuel/logs/items` | High
-12 | File | `/login` | Low
-13 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
-14 | File | `/mgmt/tm/util/bash` | High
-15 | File | `/monitoring` | Medium
-16 | File | `/new` | Low
-17 | File | `/proc/<pid>/status` | High
-18 | File | `/public/plugins/` | High
-19 | File | `/rom` | Low
-20 | File | `/scripts/killpvhost` | High
-21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-22 | File | `/secure/QueryComponent!Default.jspa` | High
-23 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-24 | File | `/tmp` | Low
-25 | File | `/tmp/redis.ds` | High
-26 | File | `/uncpath/` | Medium
-27 | File | `/wp-admin` | Medium
-28 | File | `/wp-json/wc/v3/webhooks` | High
-29 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-30 | File | `AccountManagerService.java` | High
-31 | File | `actions/CompanyDetailsSave.php` | High
-32 | File | `ActiveServices.java` | High
-33 | File | `ActivityManagerService.java` | High
-34 | File | `adclick.php` | Medium
-35 | File | `admin.php` | Medium
-36 | ... | ... | ...
+1 | File | `//proc/kcore` | Medium
+2 | File | `/?module=users&section=cpanel&page=list` | High
+3 | File | `/admin/powerline` | High
+4 | File | `/admin/syslog` | High
+5 | File | `/Ap4RtpAtom.cpp` | High
+6 | File | `/api/upload` | Medium
+7 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
+8 | File | `/bcms/admin/?page=user/list` | High
+9 | File | `/cgi-bin` | Medium
+10 | File | `/context/%2e/WEB-INF/web.xml` | High
+11 | File | `/debug/pprof` | Medium
+12 | File | `/fuel/index.php/fuel/logs/items` | High
+13 | File | `/fuel/sitevariables/delete/4` | High
+14 | File | `/login` | Low
+15 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
+16 | File | `/mgmt/tm/util/bash` | High
+17 | File | `/monitoring` | Medium
+18 | File | `/new` | Low
+19 | File | `/proc/<pid>/status` | High
+20 | File | `/public/plugins/` | High
+21 | File | `/scripts/killpvhost` | High
+22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+23 | File | `/secure/QueryComponent!Default.jspa` | High
+24 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
+25 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+26 | File | `/tmp` | Low
+27 | File | `/tmp/redis.ds` | High
+28 | File | `/uncpath/` | Medium
+29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
+30 | File | `/wp-admin` | Medium
+31 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
+32 | File | `/wp-json/wc/v3/webhooks` | High
+33 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+34 | File | `AccountManagerService.java` | High
+35 | File | `actions/CompanyDetailsSave.php` | High
+36 | File | `ActiveServices.java` | High
+37 | ... | ... | ...

-There are 312 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/TA505/README.md
+++ b/actors/TA505/README.md
@ -77,28 +77,28 @@ ID | Type | Indicator | Confidence
 9 | File | `/mgmt/tm/util/bash` | High
 10 | File | `/modules/tasks/summary.inc.php` | High
 11 | File | `/nagiosql/admin/checkcommands.php` | High
-12 | File | `/rest/api/2/user/picker` | High
-13 | File | `/secure/QueryComponent!Default.jspa` | High
-14 | File | `/tmp` | Low
-15 | File | `/ui/artifactimport/upload` | High
-16 | File | `/uncpath/` | Medium
-17 | File | `/usr/5bin/su` | Medium
-18 | File | `/usr/bin/mail` | High
-19 | File | `/usr/bin/pkexec` | High
-20 | File | `/var/dt/` | Medium
-21 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
+12 | File | `/secure/QueryComponent!Default.jspa` | High
+13 | File | `/tmp` | Low
+14 | File | `/ui/artifactimport/upload` | High
+15 | File | `/uncpath/` | Medium
+16 | File | `/usr/5bin/su` | Medium
+17 | File | `/usr/bin/mail` | High
+18 | File | `/usr/bin/pkexec` | High
+19 | File | `/var/dt/` | Medium
+20 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
+21 | File | `/wp-content/plugins/updraftplus/admin.php` | High
 22 | File | `00.jsp` | Low
 23 | File | `account_activations/edit` | High
 24 | File | `adclick.php` | Medium
-25 | File | `AddResolution.jspa` | High
-26 | File | `admin.asp` | Medium
-27 | File | `admin.jcomments.php` | High
-28 | File | `admin.php` | Medium
-29 | File | `admin/` | Low
-30 | File | `admin/manage-comments.php` | High
-31 | File | `administration/comments.php` | High
-32 | File | `administrator/mail/download.cfm` | High
-33 | File | `AdminViewError/AdminAddadmin` | High
+25 | File | `admin.asp` | Medium
+26 | File | `admin.jcomments.php` | High
+27 | File | `admin.php` | Medium
+28 | File | `admin/` | Low
+29 | File | `admin/manage-comments.php` | High
+30 | File | `administration/comments.php` | High
+31 | File | `administrator/mail/download.cfm` | High
+32 | File | `AdminViewError/AdminAddadmin` | High
+33 | File | `admin_edit_comment.php` | High
 34 | File | `agentdisplay.php` | High
 35 | File | `ajaxhelper.php` | High
 36 | File | `album_portal.php` | High
@ -106,9 +106,10 @@ ID | Type | Indicator | Confidence
 38 | File | `app/call_centers/cmd.php` | High
 39 | File | `arch/x86/kvm/hyperv.c` | High
 40 | File | `auction.cgi` | Medium
-41 | ... | ... | ...
+41 | File | `autologin.jsp` | High
+42 | ... | ... | ...

-There are 351 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/TA551/README.md
+++ b/actors/TA551/README.md
@ -74,7 +74,8 @@ ID | Type | Indicator | Confidence
 11 | File | `adclick.php` | Medium
 12 | File | `admin.php` | Medium
 13 | File | `admin/conf_users_edit.php` | High
-14 | ... | ... | ...
+14 | File | `admin/getparam.cgi` | High
+15 | ... | ... | ...

 There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

--- a/actors/TA578/README.md
+++ b/actors/TA578/README.md
@ -0,0 +1,65 @@
+# TA578 - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [TA578](https://vuldb.com/?actor.ta578). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ta578](https://vuldb.com/?actor.ta578)
+
+## Campaigns
+
+The following _campaigns_ are known and can be associated with TA578:
+
+* BumbleBee
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TA578:
+
+* [US](https://vuldb.com/?country.us)
+* [RU](https://vuldb.com/?country.ru)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of TA578.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [194.165.16.60](https://vuldb.com/?ip.194.165.16.60) | - | BumbleBee | High
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _TA578_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by TA578. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `/common/ticket_associated_tickets.php` | High
+2 | File | `msg.c` | Low
+3 | Argument | `title` | Low
+4 | ... | ... | ...
+
+There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://twitter.com/malware_traffic/status/1537168576162979843
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/TeamTNT/README.md
+++ b/actors/TeamTNT/README.md
@ -62,9 +62,10 @@ ID | Type | Indicator | Confidence
 3 | File | `/usr/bin/pkexec` | High
 4 | File | `admin/categories_industry.php` | High
 5 | File | `admin/content/postcategory` | High
-6 | ... | ... | ...
+6 | File | `Adminstrator/Users/Edit/` | High
+7 | ... | ... | ...

-There are 43 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 45 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/Tofsee/README.md
+++ b/actors/Tofsee/README.md
@ -154,19 +154,19 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/.env` | Low
-2 | File | `/?module=users&section=cpanel&page=list` | High
-3 | File | `/admin/powerline` | High
-4 | File | `/admin/syslog` | High
-5 | File | `/Ap4RtpAtom.cpp` | High
-6 | File | `/api/upload` | Medium
-7 | File | `/bcms/admin/?page=user/list` | High
-8 | File | `/cgi-bin` | Medium
-9 | File | `/cgi-bin/kerbynet` | High
+2 | File | `//proc/kcore` | Medium
+3 | File | `/?module=users&section=cpanel&page=list` | High
+4 | File | `/admin/powerline` | High
+5 | File | `/admin/syslog` | High
+6 | File | `/Ap4RtpAtom.cpp` | High
+7 | File | `/api/upload` | Medium
+8 | File | `/bcms/admin/?page=user/list` | High
+9 | File | `/cgi-bin` | Medium
 10 | File | `/Config/SaveUploadedHotspotLogoFile` | High
 11 | File | `/context/%2e/WEB-INF/web.xml` | High
 12 | File | `/debug/pprof` | Medium
-13 | File | `/fudforum/adm/hlplist.php` | High
-14 | File | `/fuel/index.php/fuel/logs/items` | High
+13 | File | `/fuel/index.php/fuel/logs/items` | High
+14 | File | `/fuel/sitevariables/delete/4` | High
 15 | File | `/login` | Low
 16 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
 17 | File | `/mgmt/tm/util/bash` | High
@ -191,7 +191,7 @@ ID | Type | Indicator | Confidence
 36 | File | `AccountManagerService.java` | High
 37 | ... | ... | ...

-There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 314 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/actors/TrickBot/README.md
+++ b/actors/TrickBot/README.md
@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with TrickBot:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TrickBot:

 * [VN](https://vuldb.com/?country.vn)
-* [CN](https://vuldb.com/?country.cn)
 * [ES](https://vuldb.com/?country.es)
+* [US](https://vuldb.com/?country.us)
 * ...

-There are 5 more country items available. Please use our online service to access the data.
+There are 1 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -27,176 +27,180 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [3.224.145.145](https://vuldb.com/?ip.3.224.145.145) | ec2-3-224-145-145.compute-1.amazonaws.com | - | Medium
-2 | [5.1.81.68](https://vuldb.com/?ip.5.1.81.68) | mx4.tarifvergleichbhv.net | - | High
-3 | [5.2.70.145](https://vuldb.com/?ip.5.2.70.145) | merlinsbeard.co.uk | - | High
-4 | [5.2.72.84](https://vuldb.com/?ip.5.2.72.84) | cipixia.com | - | High
-5 | [5.2.75.93](https://vuldb.com/?ip.5.2.75.93) | - | - | High
-6 | [5.2.75.167](https://vuldb.com/?ip.5.2.75.167) | coms.a9v34.com.cn | - | High
-7 | [5.2.76.122](https://vuldb.com/?ip.5.2.76.122) | mx3.ximple.eu | - | High
-8 | [5.34.177.50](https://vuldb.com/?ip.5.34.177.50) | unallocated.layer6.net | - | High
-9 | [5.34.178.126](https://vuldb.com/?ip.5.34.178.126) | yhlas111410.pserver.ru | - | High
-10 | [5.39.47.22](https://vuldb.com/?ip.5.39.47.22) | mail.dmgs.site | - | High
-11 | [5.53.124.49](https://vuldb.com/?ip.5.53.124.49) | dgbtechnologies.com | - | High
-12 | [5.59.205.32](https://vuldb.com/?ip.5.59.205.32) | dhcp-32-205-59-5.metro86.ru | - | High
-13 | [5.133.179.108](https://vuldb.com/?ip.5.133.179.108) | 5-133-179-108.freeucouponsnow.ru | - | High
-14 | [5.149.253.99](https://vuldb.com/?ip.5.149.253.99) | - | - | High
-15 | [5.182.210.30](https://vuldb.com/?ip.5.182.210.30) | realestatepromotion.ru | - | High
-16 | [5.182.210.109](https://vuldb.com/?ip.5.182.210.109) | - | - | High
-17 | [5.182.210.132](https://vuldb.com/?ip.5.182.210.132) | - | - | High
-18 | [5.182.210.178](https://vuldb.com/?ip.5.182.210.178) | mail.rainingdreams.to | - | High
-19 | [5.182.210.226](https://vuldb.com/?ip.5.182.210.226) | - | - | High
-20 | [5.182.210.230](https://vuldb.com/?ip.5.182.210.230) | - | - | High
-21 | [5.182.210.246](https://vuldb.com/?ip.5.182.210.246) | - | - | High
-22 | [5.182.210.254](https://vuldb.com/?ip.5.182.210.254) | n01-nlam.kdktech.com | - | High
-23 | [5.182.211.44](https://vuldb.com/?ip.5.182.211.44) | - | - | High
-24 | [5.196.247.14](https://vuldb.com/?ip.5.196.247.14) | ip14.ip-5-196-247.eu | - | High
-25 | [5.230.22.40](https://vuldb.com/?ip.5.230.22.40) | - | - | High
-26 | [5.255.96.217](https://vuldb.com/?ip.5.255.96.217) | vps11.host1.be | - | High
-27 | [5.255.96.218](https://vuldb.com/?ip.5.255.96.218) | - | - | High
-28 | [14.241.244.60](https://vuldb.com/?ip.14.241.244.60) | - | - | High
-29 | [18.213.79.189](https://vuldb.com/?ip.18.213.79.189) | ec2-18-213-79-189.compute-1.amazonaws.com | - | Medium
-30 | [18.233.90.151](https://vuldb.com/?ip.18.233.90.151) | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
-31 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
-32 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
-33 | [23.3.125.111](https://vuldb.com/?ip.23.3.125.111) | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
-34 | [23.20.220.174](https://vuldb.com/?ip.23.20.220.174) | ec2-23-20-220-174.compute-1.amazonaws.com | - | Medium
-35 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
-36 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
-37 | [23.21.121.219](https://vuldb.com/?ip.23.21.121.219) | ec2-23-21-121-219.compute-1.amazonaws.com | - | Medium
-38 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
-39 | [23.23.83.153](https://vuldb.com/?ip.23.23.83.153) | ec2-23-23-83-153.compute-1.amazonaws.com | - | Medium
-40 | [23.23.243.154](https://vuldb.com/?ip.23.23.243.154) | ec2-23-23-243-154.compute-1.amazonaws.com | - | Medium
-41 | [23.62.6.161](https://vuldb.com/?ip.23.62.6.161) | a23-62-6-161.deploy.static.akamaitechnologies.com | - | High
-42 | [23.62.6.170](https://vuldb.com/?ip.23.62.6.170) | a23-62-6-170.deploy.static.akamaitechnologies.com | - | High
-43 | [23.94.233.210](https://vuldb.com/?ip.23.94.233.210) | 23-94-233-210-host.colocrossing.com | - | High
-44 | [23.95.231.187](https://vuldb.com/?ip.23.95.231.187) | 23-95-231-187-host.colocrossing.com | - | High
-45 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
-46 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
-47 | [23.160.193.106](https://vuldb.com/?ip.23.160.193.106) | unknown.ip-xfer.net | - | High
-48 | [23.202.231.166](https://vuldb.com/?ip.23.202.231.166) | a23-202-231-166.deploy.static.akamaitechnologies.com | - | High
-49 | [23.217.138.107](https://vuldb.com/?ip.23.217.138.107) | a23-217-138-107.deploy.static.akamaitechnologies.com | - | High
-50 | [24.162.214.166](https://vuldb.com/?ip.24.162.214.166) | cpe-24-162-214-166.elp.res.rr.com | - | High
-51 | [27.72.107.215](https://vuldb.com/?ip.27.72.107.215) | dynamic-adsl.viettel.vn | - | High
-52 | [27.147.173.227](https://vuldb.com/?ip.27.147.173.227) | 173.227.cetus.link3.net | - | High
-53 | [31.131.26.122](https://vuldb.com/?ip.31.131.26.122) | - | - | High
-54 | [31.134.60.181](https://vuldb.com/?ip.31.134.60.181) | 31-134-60-181.telico.pl | - | High
-55 | [31.134.124.90](https://vuldb.com/?ip.31.134.124.90) | - | - | High
-56 | [31.172.177.90](https://vuldb.com/?ip.31.172.177.90) | poczta.mp-lift.pl | - | High
-57 | [31.184.253.6](https://vuldb.com/?ip.31.184.253.6) | - | - | High
-58 | [31.184.253.37](https://vuldb.com/?ip.31.184.253.37) | models9.vixgrafica.de | - | High
-59 | [31.202.132.22](https://vuldb.com/?ip.31.202.132.22) | - | - | High
-60 | [31.211.85.110](https://vuldb.com/?ip.31.211.85.110) | - | - | High
-61 | [31.214.138.207](https://vuldb.com/?ip.31.214.138.207) | f0a4213918138.rev.snt.net.pl | - | High
-62 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
-63 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
-64 | [34.196.181.158](https://vuldb.com/?ip.34.196.181.158) | ec2-34-196-181-158.compute-1.amazonaws.com | - | Medium
-65 | [34.198.132.204](https://vuldb.com/?ip.34.198.132.204) | ec2-34-198-132-204.compute-1.amazonaws.com | - | Medium
-66 | [34.233.102.38](https://vuldb.com/?ip.34.233.102.38) | ec2-34-233-102-38.compute-1.amazonaws.com | - | Medium
-67 | [36.37.176.6](https://vuldb.com/?ip.36.37.176.6) | - | - | High
-68 | [36.66.115.180](https://vuldb.com/?ip.36.66.115.180) | - | - | High
-69 | [36.89.85.103](https://vuldb.com/?ip.36.89.85.103) | - | - | High
-70 | [36.89.191.119](https://vuldb.com/?ip.36.89.191.119) | - | - | High
-71 | [36.89.193.181](https://vuldb.com/?ip.36.89.193.181) | - | - | High
-72 | [36.89.193.235](https://vuldb.com/?ip.36.89.193.235) | - | - | High
-73 | [36.89.228.201](https://vuldb.com/?ip.36.89.228.201) | - | - | High
-74 | [36.89.243.241](https://vuldb.com/?ip.36.89.243.241) | - | - | High
-75 | [36.91.45.10](https://vuldb.com/?ip.36.91.45.10) | - | - | High
-76 | [36.91.88.164](https://vuldb.com/?ip.36.91.88.164) | - | - | High
-77 | [36.91.117.231](https://vuldb.com/?ip.36.91.117.231) | - | - | High
-78 | [36.91.186.235](https://vuldb.com/?ip.36.91.186.235) | - | - | High
-79 | [36.94.27.124](https://vuldb.com/?ip.36.94.27.124) | - | - | High
-80 | [36.94.33.102](https://vuldb.com/?ip.36.94.33.102) | - | - | High
-81 | [36.94.100.202](https://vuldb.com/?ip.36.94.100.202) | - | - | High
-82 | [36.95.23.89](https://vuldb.com/?ip.36.95.23.89) | - | - | High
-83 | [36.95.27.243](https://vuldb.com/?ip.36.95.27.243) | - | - | High
-84 | [37.44.212.179](https://vuldb.com/?ip.37.44.212.179) | - | - | High
-85 | [37.44.212.216](https://vuldb.com/?ip.37.44.212.216) | - | - | High
-86 | [37.59.183.142](https://vuldb.com/?ip.37.59.183.142) | - | - | High
-87 | [37.228.70.134](https://vuldb.com/?ip.37.228.70.134) | - | - | High
-88 | [37.228.117.146](https://vuldb.com/?ip.37.228.117.146) | metobor.ru | - | High
-89 | [37.228.117.250](https://vuldb.com/?ip.37.228.117.250) | janome.ru | - | High
-90 | [37.230.112.146](https://vuldb.com/?ip.37.230.112.146) | audiotop.ru | - | High
-91 | [37.230.114.93](https://vuldb.com/?ip.37.230.114.93) | admin1.fvds.ru | - | High
-92 | [37.230.114.248](https://vuldb.com/?ip.37.230.114.248) | kosmolot.com | - | High
-93 | [37.230.115.129](https://vuldb.com/?ip.37.230.115.129) | dvcarry.fvds.ru | - | High
-94 | [37.230.115.133](https://vuldb.com/?ip.37.230.115.133) | wdai.io | - | High
-95 | [37.230.115.138](https://vuldb.com/?ip.37.230.115.138) | i2.com | - | High
-96 | [37.230.115.171](https://vuldb.com/?ip.37.230.115.171) | geobrox.com | - | High
-97 | [37.230.115.184](https://vuldb.com/?ip.37.230.115.184) | 21922vdscom.com | - | High
-98 | [38.132.99.174](https://vuldb.com/?ip.38.132.99.174) | - | - | High
-99 | [41.77.134.250](https://vuldb.com/?ip.41.77.134.250) | cliente6386477933.clubnet.mz | - | High
-100 | [41.243.29.182](https://vuldb.com/?ip.41.243.29.182) | 182-29-243-41.r.airtel.cd | - | High
-101 | [43.245.216.116](https://vuldb.com/?ip.43.245.216.116) | - | - | High
-102 | [45.5.152.39](https://vuldb.com/?ip.45.5.152.39) | - | - | High
-103 | [45.6.16.68](https://vuldb.com/?ip.45.6.16.68) | - | - | High
-104 | [45.14.226.115](https://vuldb.com/?ip.45.14.226.115) | - | - | High
-105 | [45.36.99.184](https://vuldb.com/?ip.45.36.99.184) | cpe-45-36-99-184.triad.res.rr.com | - | High
-106 | [45.66.11.116](https://vuldb.com/?ip.45.66.11.116) | vm1488716.2ssd.had.wf | - | High
-107 | [45.80.148.30](https://vuldb.com/?ip.45.80.148.30) | - | - | High
-108 | [45.115.172.105](https://vuldb.com/?ip.45.115.172.105) | - | - | High
-109 | [45.125.1.34](https://vuldb.com/?ip.45.125.1.34) | 45.125.1.34.static.xtom.hk | - | High
-110 | [45.127.222.8](https://vuldb.com/?ip.45.127.222.8) | - | - | High
-111 | [45.137.151.198](https://vuldb.com/?ip.45.137.151.198) | ourdiaspora.net | - | High
-112 | [45.138.158.32](https://vuldb.com/?ip.45.138.158.32) | - | - | High
-113 | [45.142.213.58](https://vuldb.com/?ip.45.142.213.58) | vm372119.pq.hosting | - | High
-114 | [45.148.120.153](https://vuldb.com/?ip.45.148.120.153) | - | - | High
-115 | [45.148.120.195](https://vuldb.com/?ip.45.148.120.195) | pe195.peryon.web.tr | - | High
-116 | [45.155.173.242](https://vuldb.com/?ip.45.155.173.242) | - | - | High
-117 | [45.160.145.11](https://vuldb.com/?ip.45.160.145.11) | - | - | High
-118 | [45.160.145.179](https://vuldb.com/?ip.45.160.145.179) | - | - | High
-119 | [45.160.145.216](https://vuldb.com/?ip.45.160.145.216) | - | - | High
-120 | [45.167.249.126](https://vuldb.com/?ip.45.167.249.126) | - | - | High
-121 | [45.178.142.14](https://vuldb.com/?ip.45.178.142.14) | - | - | High
-122 | [45.201.134.202](https://vuldb.com/?ip.45.201.134.202) | - | - | High
-123 | [45.224.214.34](https://vuldb.com/?ip.45.224.214.34) | clientes-214-34.intercommtech.com.br | - | High
-124 | [45.229.71.211](https://vuldb.com/?ip.45.229.71.211) | static-45-229-71-211.extrememt.com.br | - | High
-125 | [45.234.248.154](https://vuldb.com/?ip.45.234.248.154) | 45.-234.248-154.rev.voanet.br | - | High
-126 | [46.4.167.250](https://vuldb.com/?ip.46.4.167.250) | ip-subnet46-4-167.unassigned.theideahosting.net | - | High
-127 | [46.8.21.10](https://vuldb.com/?ip.46.8.21.10) | 53980.web.hosting-russia.ru | - | High
-128 | [46.8.21.113](https://vuldb.com/?ip.46.8.21.113) | 64403.web.hosting-russia.ru | - | High
-129 | [46.30.41.229](https://vuldb.com/?ip.46.30.41.229) | vm494526.eurodir.ru | - | High
-130 | [46.30.45.208](https://vuldb.com/?ip.46.30.45.208) | vm418209.eurodir.ru | - | High
-131 | [46.99.175.217](https://vuldb.com/?ip.46.99.175.217) | - | - | High
-132 | [46.209.140.220](https://vuldb.com/?ip.46.209.140.220) | - | - | High
-133 | [46.254.128.174](https://vuldb.com/?ip.46.254.128.174) | 46.254.128.174.lanultra.net | - | High
-134 | [49.156.34.134](https://vuldb.com/?ip.49.156.34.134) | - | - | High
-135 | [50.16.229.140](https://vuldb.com/?ip.50.16.229.140) | ec2-50-16-229-140.compute-1.amazonaws.com | - | Medium
-136 | [50.19.247.198](https://vuldb.com/?ip.50.19.247.198) | ec2-50-19-247-198.compute-1.amazonaws.com | - | Medium
-137 | [51.38.101.194](https://vuldb.com/?ip.51.38.101.194) | - | - | High
-138 | [51.68.247.62](https://vuldb.com/?ip.51.68.247.62) | ip62.ip-51-68-247.eu | - | High
-139 | [51.77.92.215](https://vuldb.com/?ip.51.77.92.215) | - | - | High
-140 | [51.81.112.144](https://vuldb.com/?ip.51.81.112.144) | - | - | High
-141 | [51.89.73.159](https://vuldb.com/?ip.51.89.73.159) | theladbible.site | - | High
-142 | [51.89.115.101](https://vuldb.com/?ip.51.89.115.101) | secure-3111.buzztary.com | - | High
-143 | [51.89.115.108](https://vuldb.com/?ip.51.89.115.108) | coms.jt120.com.cn | - | High
-144 | [51.89.115.110](https://vuldb.com/?ip.51.89.115.110) | pocket-usage.nationfox.net | - | High
-145 | [51.89.115.112](https://vuldb.com/?ip.51.89.115.112) | brides-crude.nationfox.net | - | High
-146 | [51.89.115.116](https://vuldb.com/?ip.51.89.115.116) | tombe.nationfox.net | - | High
-147 | [51.89.115.121](https://vuldb.com/?ip.51.89.115.121) | mail1.cmailer.online | - | High
-148 | [51.89.115.124](https://vuldb.com/?ip.51.89.115.124) | mta.ga-emailcamel.com | - | High
-149 | [51.89.177.20](https://vuldb.com/?ip.51.89.177.20) | ip20.ip-51-89-177.eu | - | High
-150 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
-151 | [51.254.69.244](https://vuldb.com/?ip.51.254.69.244) | - | - | High
-152 | [51.254.83.17](https://vuldb.com/?ip.51.254.83.17) | ip17.ip-51-254-83.eu | - | High
-153 | [51.254.164.243](https://vuldb.com/?ip.51.254.164.243) | amortizserv.info | - | High
-154 | [51.254.164.244](https://vuldb.com/?ip.51.254.164.244) | y9gs.gaurented.com | - | High
-155 | [51.254.164.245](https://vuldb.com/?ip.51.254.164.245) | ip245.ip-51-254-164.eu | - | High
-156 | [51.254.164.249](https://vuldb.com/?ip.51.254.164.249) | ip249.ip-51-254-164.eu | - | High
-157 | [52.0.197.231](https://vuldb.com/?ip.52.0.197.231) | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
-158 | [52.20.197.7](https://vuldb.com/?ip.52.20.197.7) | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
-159 | [52.44.169.135](https://vuldb.com/?ip.52.44.169.135) | ec2-52-44-169-135.compute-1.amazonaws.com | - | Medium
-160 | [52.55.255.113](https://vuldb.com/?ip.52.55.255.113) | ec2-52-55-255-113.compute-1.amazonaws.com | - | Medium
-161 | [52.202.139.131](https://vuldb.com/?ip.52.202.139.131) | ec2-52-202-139-131.compute-1.amazonaws.com | - | Medium
-162 | [52.204.109.97](https://vuldb.com/?ip.52.204.109.97) | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium
-163 | [52.206.161.133](https://vuldb.com/?ip.52.206.161.133) | ec2-52-206-161-133.compute-1.amazonaws.com | - | Medium
-164 | [52.206.178.1](https://vuldb.com/?ip.52.206.178.1) | ec2-52-206-178-1.compute-1.amazonaws.com | - | Medium
-165 | [54.39.106.25](https://vuldb.com/?ip.54.39.106.25) | ns560342.ip-54-39-106.net | - | High
-166 | [54.204.36.156](https://vuldb.com/?ip.54.204.36.156) | ec2-54-204-36-156.compute-1.amazonaws.com | - | Medium
-167 | [54.221.253.252](https://vuldb.com/?ip.54.221.253.252) | ec2-54-221-253-252.compute-1.amazonaws.com | - | Medium
-168 | ... | ... | ... | ...
+1 | [3.209.171.143](https://vuldb.com/?ip.3.209.171.143) | ec2-3-209-171-143.compute-1.amazonaws.com | - | Medium
+2 | [3.217.175.153](https://vuldb.com/?ip.3.217.175.153) | ec2-3-217-175-153.compute-1.amazonaws.com | - | Medium
+3 | [3.224.145.145](https://vuldb.com/?ip.3.224.145.145) | ec2-3-224-145-145.compute-1.amazonaws.com | - | Medium
+4 | [3.231.23.10](https://vuldb.com/?ip.3.231.23.10) | ec2-3-231-23-10.compute-1.amazonaws.com | - | Medium
+5 | [5.1.81.68](https://vuldb.com/?ip.5.1.81.68) | mx4.tarifvergleichbhv.net | - | High
+6 | [5.2.70.145](https://vuldb.com/?ip.5.2.70.145) | merlinsbeard.co.uk | - | High
+7 | [5.2.72.84](https://vuldb.com/?ip.5.2.72.84) | cipixia.com | - | High
+8 | [5.2.75.93](https://vuldb.com/?ip.5.2.75.93) | - | - | High
+9 | [5.2.75.167](https://vuldb.com/?ip.5.2.75.167) | coms.a9v34.com.cn | - | High
+10 | [5.2.76.122](https://vuldb.com/?ip.5.2.76.122) | mx3.ximple.eu | - | High
+11 | [5.34.177.50](https://vuldb.com/?ip.5.34.177.50) | unallocated.layer6.net | - | High
+12 | [5.34.178.126](https://vuldb.com/?ip.5.34.178.126) | yhlas111410.pserver.ru | - | High
+13 | [5.39.47.22](https://vuldb.com/?ip.5.39.47.22) | mail.dmgs.site | - | High
+14 | [5.53.124.49](https://vuldb.com/?ip.5.53.124.49) | dgbtechnologies.com | - | High
+15 | [5.59.205.32](https://vuldb.com/?ip.5.59.205.32) | dhcp-32-205-59-5.metro86.ru | - | High
+16 | [5.133.179.108](https://vuldb.com/?ip.5.133.179.108) | 5-133-179-108.freeucouponsnow.ru | - | High
+17 | [5.149.253.99](https://vuldb.com/?ip.5.149.253.99) | - | - | High
+18 | [5.182.210.30](https://vuldb.com/?ip.5.182.210.30) | realestatepromotion.ru | - | High
+19 | [5.182.210.109](https://vuldb.com/?ip.5.182.210.109) | - | - | High
+20 | [5.182.210.132](https://vuldb.com/?ip.5.182.210.132) | - | - | High
+21 | [5.182.210.178](https://vuldb.com/?ip.5.182.210.178) | mail.rainingdreams.to | - | High
+22 | [5.182.210.226](https://vuldb.com/?ip.5.182.210.226) | - | - | High
+23 | [5.182.210.230](https://vuldb.com/?ip.5.182.210.230) | - | - | High
+24 | [5.182.210.246](https://vuldb.com/?ip.5.182.210.246) | - | - | High
+25 | [5.182.210.254](https://vuldb.com/?ip.5.182.210.254) | n01-nlam.kdktech.com | - | High
+26 | [5.182.211.44](https://vuldb.com/?ip.5.182.211.44) | - | - | High
+27 | [5.196.247.14](https://vuldb.com/?ip.5.196.247.14) | ip14.ip-5-196-247.eu | - | High
+28 | [5.230.22.40](https://vuldb.com/?ip.5.230.22.40) | - | - | High
+29 | [5.255.96.217](https://vuldb.com/?ip.5.255.96.217) | vps11.host1.be | - | High
+30 | [5.255.96.218](https://vuldb.com/?ip.5.255.96.218) | - | - | High
+31 | [14.241.244.60](https://vuldb.com/?ip.14.241.244.60) | - | - | High
+32 | [18.213.79.189](https://vuldb.com/?ip.18.213.79.189) | ec2-18-213-79-189.compute-1.amazonaws.com | - | Medium
+33 | [18.233.90.151](https://vuldb.com/?ip.18.233.90.151) | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
+34 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
+35 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
+36 | [23.3.125.111](https://vuldb.com/?ip.23.3.125.111) | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
+37 | [23.19.31.135](https://vuldb.com/?ip.23.19.31.135) | - | - | High
+38 | [23.20.220.174](https://vuldb.com/?ip.23.20.220.174) | ec2-23-20-220-174.compute-1.amazonaws.com | - | Medium
+39 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
+40 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
+41 | [23.21.121.219](https://vuldb.com/?ip.23.21.121.219) | ec2-23-21-121-219.compute-1.amazonaws.com | - | Medium
+42 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
+43 | [23.23.83.153](https://vuldb.com/?ip.23.23.83.153) | ec2-23-23-83-153.compute-1.amazonaws.com | - | Medium
+44 | [23.23.243.154](https://vuldb.com/?ip.23.23.243.154) | ec2-23-23-243-154.compute-1.amazonaws.com | - | Medium
+45 | [23.62.6.161](https://vuldb.com/?ip.23.62.6.161) | a23-62-6-161.deploy.static.akamaitechnologies.com | - | High
+46 | [23.62.6.170](https://vuldb.com/?ip.23.62.6.170) | a23-62-6-170.deploy.static.akamaitechnologies.com | - | High
+47 | [23.94.233.210](https://vuldb.com/?ip.23.94.233.210) | 23-94-233-210-host.colocrossing.com | - | High
+48 | [23.95.231.187](https://vuldb.com/?ip.23.95.231.187) | 23-95-231-187-host.colocrossing.com | - | High
+49 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
+50 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
+51 | [23.160.193.106](https://vuldb.com/?ip.23.160.193.106) | unknown.ip-xfer.net | - | High
+52 | [23.202.231.166](https://vuldb.com/?ip.23.202.231.166) | a23-202-231-166.deploy.static.akamaitechnologies.com | - | High
+53 | [23.217.138.107](https://vuldb.com/?ip.23.217.138.107) | a23-217-138-107.deploy.static.akamaitechnologies.com | - | High
+54 | [24.162.214.166](https://vuldb.com/?ip.24.162.214.166) | cpe-24-162-214-166.elp.res.rr.com | - | High
+55 | [27.72.107.215](https://vuldb.com/?ip.27.72.107.215) | dynamic-adsl.viettel.vn | - | High
+56 | [27.147.173.227](https://vuldb.com/?ip.27.147.173.227) | 173.227.cetus.link3.net | - | High
+57 | [31.131.26.122](https://vuldb.com/?ip.31.131.26.122) | - | - | High
+58 | [31.134.60.181](https://vuldb.com/?ip.31.134.60.181) | 31-134-60-181.telico.pl | - | High
+59 | [31.134.124.90](https://vuldb.com/?ip.31.134.124.90) | - | - | High
+60 | [31.172.177.90](https://vuldb.com/?ip.31.172.177.90) | poczta.mp-lift.pl | - | High
+61 | [31.184.253.6](https://vuldb.com/?ip.31.184.253.6) | - | - | High
+62 | [31.184.253.37](https://vuldb.com/?ip.31.184.253.37) | models9.vixgrafica.de | - | High
+63 | [31.202.132.22](https://vuldb.com/?ip.31.202.132.22) | - | - | High
+64 | [31.211.85.110](https://vuldb.com/?ip.31.211.85.110) | - | - | High
+65 | [31.214.138.207](https://vuldb.com/?ip.31.214.138.207) | f0a4213918138.rev.snt.net.pl | - | High
+66 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
+67 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
+68 | [34.196.181.158](https://vuldb.com/?ip.34.196.181.158) | ec2-34-196-181-158.compute-1.amazonaws.com | - | Medium
+69 | [34.198.132.204](https://vuldb.com/?ip.34.198.132.204) | ec2-34-198-132-204.compute-1.amazonaws.com | - | Medium
+70 | [34.233.102.38](https://vuldb.com/?ip.34.233.102.38) | ec2-34-233-102-38.compute-1.amazonaws.com | - | Medium
+71 | [36.37.176.6](https://vuldb.com/?ip.36.37.176.6) | - | - | High
+72 | [36.66.115.180](https://vuldb.com/?ip.36.66.115.180) | - | - | High
+73 | [36.89.85.103](https://vuldb.com/?ip.36.89.85.103) | - | - | High
+74 | [36.89.191.119](https://vuldb.com/?ip.36.89.191.119) | - | - | High
+75 | [36.89.193.181](https://vuldb.com/?ip.36.89.193.181) | - | - | High
+76 | [36.89.193.235](https://vuldb.com/?ip.36.89.193.235) | - | - | High
+77 | [36.89.228.201](https://vuldb.com/?ip.36.89.228.201) | - | - | High
+78 | [36.89.243.241](https://vuldb.com/?ip.36.89.243.241) | - | - | High
+79 | [36.91.45.10](https://vuldb.com/?ip.36.91.45.10) | - | - | High
+80 | [36.91.88.164](https://vuldb.com/?ip.36.91.88.164) | - | - | High
+81 | [36.91.117.231](https://vuldb.com/?ip.36.91.117.231) | - | - | High
+82 | [36.91.186.235](https://vuldb.com/?ip.36.91.186.235) | - | - | High
+83 | [36.94.27.124](https://vuldb.com/?ip.36.94.27.124) | - | - | High
+84 | [36.94.33.102](https://vuldb.com/?ip.36.94.33.102) | - | - | High
+85 | [36.94.100.202](https://vuldb.com/?ip.36.94.100.202) | - | - | High
+86 | [36.95.23.89](https://vuldb.com/?ip.36.95.23.89) | - | - | High
+87 | [36.95.27.243](https://vuldb.com/?ip.36.95.27.243) | - | - | High
+88 | [37.44.212.179](https://vuldb.com/?ip.37.44.212.179) | - | - | High
+89 | [37.44.212.216](https://vuldb.com/?ip.37.44.212.216) | - | - | High
+90 | [37.59.183.142](https://vuldb.com/?ip.37.59.183.142) | - | - | High
+91 | [37.228.70.134](https://vuldb.com/?ip.37.228.70.134) | - | - | High
+92 | [37.228.117.146](https://vuldb.com/?ip.37.228.117.146) | metobor.ru | - | High
+93 | [37.228.117.250](https://vuldb.com/?ip.37.228.117.250) | janome.ru | - | High
+94 | [37.230.112.146](https://vuldb.com/?ip.37.230.112.146) | audiotop.ru | - | High
+95 | [37.230.114.93](https://vuldb.com/?ip.37.230.114.93) | admin1.fvds.ru | - | High
+96 | [37.230.114.248](https://vuldb.com/?ip.37.230.114.248) | kosmolot.com | - | High
+97 | [37.230.115.129](https://vuldb.com/?ip.37.230.115.129) | dvcarry.fvds.ru | - | High
+98 | [37.230.115.133](https://vuldb.com/?ip.37.230.115.133) | wdai.io | - | High
+99 | [37.230.115.138](https://vuldb.com/?ip.37.230.115.138) | i2.com | - | High
+100 | [37.230.115.171](https://vuldb.com/?ip.37.230.115.171) | geobrox.com | - | High
+101 | [37.230.115.184](https://vuldb.com/?ip.37.230.115.184) | 21922vdscom.com | - | High
+102 | [38.132.99.174](https://vuldb.com/?ip.38.132.99.174) | - | - | High
+103 | [41.77.134.250](https://vuldb.com/?ip.41.77.134.250) | cliente6386477933.clubnet.mz | - | High
+104 | [41.243.29.182](https://vuldb.com/?ip.41.243.29.182) | 182-29-243-41.r.airtel.cd | - | High
+105 | [43.245.216.116](https://vuldb.com/?ip.43.245.216.116) | - | - | High
+106 | [45.5.152.39](https://vuldb.com/?ip.45.5.152.39) | - | - | High
+107 | [45.6.16.68](https://vuldb.com/?ip.45.6.16.68) | - | - | High
+108 | [45.14.226.115](https://vuldb.com/?ip.45.14.226.115) | - | - | High
+109 | [45.36.99.184](https://vuldb.com/?ip.45.36.99.184) | cpe-45-36-99-184.triad.res.rr.com | - | High
+110 | [45.66.11.116](https://vuldb.com/?ip.45.66.11.116) | vm1488716.2ssd.had.wf | - | High
+111 | [45.80.148.30](https://vuldb.com/?ip.45.80.148.30) | - | - | High
+112 | [45.115.172.105](https://vuldb.com/?ip.45.115.172.105) | - | - | High
+113 | [45.125.1.34](https://vuldb.com/?ip.45.125.1.34) | 45.125.1.34.static.xtom.hk | - | High
+114 | [45.127.222.8](https://vuldb.com/?ip.45.127.222.8) | - | - | High
+115 | [45.137.151.198](https://vuldb.com/?ip.45.137.151.198) | ourdiaspora.net | - | High
+116 | [45.138.158.32](https://vuldb.com/?ip.45.138.158.32) | - | - | High
+117 | [45.142.213.58](https://vuldb.com/?ip.45.142.213.58) | vm372119.pq.hosting | - | High
+118 | [45.148.120.153](https://vuldb.com/?ip.45.148.120.153) | - | - | High
+119 | [45.148.120.195](https://vuldb.com/?ip.45.148.120.195) | pe195.peryon.web.tr | - | High
+120 | [45.155.173.242](https://vuldb.com/?ip.45.155.173.242) | - | - | High
+121 | [45.160.145.11](https://vuldb.com/?ip.45.160.145.11) | - | - | High
+122 | [45.160.145.179](https://vuldb.com/?ip.45.160.145.179) | - | - | High
+123 | [45.160.145.216](https://vuldb.com/?ip.45.160.145.216) | - | - | High
+124 | [45.167.249.126](https://vuldb.com/?ip.45.167.249.126) | - | - | High
+125 | [45.178.142.14](https://vuldb.com/?ip.45.178.142.14) | - | - | High
+126 | [45.201.134.202](https://vuldb.com/?ip.45.201.134.202) | - | - | High
+127 | [45.224.214.34](https://vuldb.com/?ip.45.224.214.34) | clientes-214-34.intercommtech.com.br | - | High
+128 | [45.229.71.211](https://vuldb.com/?ip.45.229.71.211) | static-45-229-71-211.extrememt.com.br | - | High
+129 | [45.234.248.154](https://vuldb.com/?ip.45.234.248.154) | 45.-234.248-154.rev.voanet.br | - | High
+130 | [46.4.167.250](https://vuldb.com/?ip.46.4.167.250) | ip-subnet46-4-167.unassigned.theideahosting.net | - | High
+131 | [46.8.21.10](https://vuldb.com/?ip.46.8.21.10) | 53980.web.hosting-russia.ru | - | High
+132 | [46.8.21.113](https://vuldb.com/?ip.46.8.21.113) | 64403.web.hosting-russia.ru | - | High
+133 | [46.30.41.229](https://vuldb.com/?ip.46.30.41.229) | vm494526.eurodir.ru | - | High
+134 | [46.30.45.208](https://vuldb.com/?ip.46.30.45.208) | vm418209.eurodir.ru | - | High
+135 | [46.99.175.217](https://vuldb.com/?ip.46.99.175.217) | - | - | High
+136 | [46.209.140.220](https://vuldb.com/?ip.46.209.140.220) | - | - | High
+137 | [46.237.117.193](https://vuldb.com/?ip.46.237.117.193) | - | - | High
+138 | [46.254.128.174](https://vuldb.com/?ip.46.254.128.174) | 46.254.128.174.lanultra.net | - | High
+139 | [49.156.34.134](https://vuldb.com/?ip.49.156.34.134) | - | - | High
+140 | [50.16.229.140](https://vuldb.com/?ip.50.16.229.140) | ec2-50-16-229-140.compute-1.amazonaws.com | - | Medium
+141 | [50.19.247.198](https://vuldb.com/?ip.50.19.247.198) | ec2-50-19-247-198.compute-1.amazonaws.com | - | Medium
+142 | [51.38.101.194](https://vuldb.com/?ip.51.38.101.194) | - | - | High
+143 | [51.68.247.62](https://vuldb.com/?ip.51.68.247.62) | ip62.ip-51-68-247.eu | - | High
+144 | [51.77.92.215](https://vuldb.com/?ip.51.77.92.215) | - | - | High
+145 | [51.81.112.144](https://vuldb.com/?ip.51.81.112.144) | - | - | High
+146 | [51.89.73.159](https://vuldb.com/?ip.51.89.73.159) | theladbible.site | - | High
+147 | [51.89.115.101](https://vuldb.com/?ip.51.89.115.101) | secure-3111.buzztary.com | - | High
+148 | [51.89.115.108](https://vuldb.com/?ip.51.89.115.108) | coms.jt120.com.cn | - | High
+149 | [51.89.115.110](https://vuldb.com/?ip.51.89.115.110) | pocket-usage.nationfox.net | - | High
+150 | [51.89.115.112](https://vuldb.com/?ip.51.89.115.112) | brides-crude.nationfox.net | - | High
+151 | [51.89.115.116](https://vuldb.com/?ip.51.89.115.116) | tombe.nationfox.net | - | High
+152 | [51.89.115.121](https://vuldb.com/?ip.51.89.115.121) | mail1.cmailer.online | - | High
+153 | [51.89.115.124](https://vuldb.com/?ip.51.89.115.124) | mta.ga-emailcamel.com | - | High
+154 | [51.89.177.20](https://vuldb.com/?ip.51.89.177.20) | ip20.ip-51-89-177.eu | - | High
+155 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
+156 | [51.254.69.244](https://vuldb.com/?ip.51.254.69.244) | - | - | High
+157 | [51.254.83.17](https://vuldb.com/?ip.51.254.83.17) | ip17.ip-51-254-83.eu | - | High
+158 | [51.254.164.243](https://vuldb.com/?ip.51.254.164.243) | amortizserv.info | - | High
+159 | [51.254.164.244](https://vuldb.com/?ip.51.254.164.244) | y9gs.gaurented.com | - | High
+160 | [51.254.164.245](https://vuldb.com/?ip.51.254.164.245) | ip245.ip-51-254-164.eu | - | High
+161 | [51.254.164.249](https://vuldb.com/?ip.51.254.164.249) | ip249.ip-51-254-164.eu | - | High
+162 | [52.0.197.231](https://vuldb.com/?ip.52.0.197.231) | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
+163 | [52.20.78.240](https://vuldb.com/?ip.52.20.78.240) | ec2-52-20-78-240.compute-1.amazonaws.com | - | Medium
+164 | [52.20.197.7](https://vuldb.com/?ip.52.20.197.7) | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
+165 | [52.44.169.135](https://vuldb.com/?ip.52.44.169.135) | ec2-52-44-169-135.compute-1.amazonaws.com | - | Medium
+166 | [52.55.255.113](https://vuldb.com/?ip.52.55.255.113) | ec2-52-55-255-113.compute-1.amazonaws.com | - | Medium
+167 | [52.202.139.131](https://vuldb.com/?ip.52.202.139.131) | ec2-52-202-139-131.compute-1.amazonaws.com | - | Medium
+168 | [52.204.109.97](https://vuldb.com/?ip.52.204.109.97) | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium
+169 | [52.206.161.133](https://vuldb.com/?ip.52.206.161.133) | ec2-52-206-161-133.compute-1.amazonaws.com | - | Medium
+170 | [52.206.178.1](https://vuldb.com/?ip.52.206.178.1) | ec2-52-206-178-1.compute-1.amazonaws.com | - | Medium
+171 | [54.39.106.25](https://vuldb.com/?ip.54.39.106.25) | ns560342.ip-54-39-106.net | - | High
+172 | ... | ... | ... | ...

-There are 667 more IOC items available. Please use our online service to access the data.
+There are 685 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -205,11 +209,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1110.001 | CWE-307 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 5 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -217,35 +221,22 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/acms/admin/?page=transactions/manage_transaction` | High
-2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
-3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
-4 | File | `/acms/classes/Master.php?f=delete_cargo` | High
-5 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
-6 | File | `/acms/classes/Master.php?f=delete_img` | High
-7 | File | `/admin/new-content` | High
-8 | File | `/Ap4RtpAtom.cpp` | High
-9 | File | `/bcms/admin/?page=user/list` | High
-10 | File | `/cgi-bin/login.cgi` | High
-11 | File | `/cgi-bin/luci/api/auth` | High
-12 | File | `/cgi-bin/luci/api/diagnose` | High
-13 | File | `/cgi-bin/luci/api/switch` | High
-14 | File | `/cgi-bin/luci/api/wireless` | High
-15 | File | `/coreframe/app/member/admin/group.php` | High
-16 | File | `/ctpms/admin/?page=applications/view_application` | High
-17 | File | `/ctpms/admin/?page=individuals/view_individual` | High
-18 | File | `/ctpms/admin/applications/update_status.php` | High
-19 | File | `/ctpms/admin/individuals/update_status.php` | High
-20 | File | `/ctpms/classes/Master.php?f=delete_application` | High
-21 | File | `/ctpms/classes/Master.php?f=delete_img` | High
-22 | File | `/debug/pprof` | Medium
-23 | File | `/dict/list.do` | High
-24 | File | `/fantasticblog/single.php` | High
-25 | File | `/farm/store.php` | High
-26 | File | `/fuel/index.php/fuel/logs/items` | High
-27 | ... | ... | ...
+1 | File | `/admin/edit_admin_details.php?id=admin` | High
+2 | File | `/alarm_pi/alarmService.php` | High
+3 | File | `/bsms/?page=manage_account` | High
+4 | File | `/company` | Medium
+5 | File | `/company/account/safety/trade` | High
+6 | File | `/company/down_resume/total/nature` | High
+7 | File | `/company/service/increment/add/im` | High
+8 | File | `/company/view_be_browsed/total` | High
+9 | File | `/dashboard/blocks/stacks/view_details/` | High
+10 | File | `/dashboard/reports/logs/view` | High
+11 | File | `/dashboard/snapshot/*?orgId=0` | High
+12 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
+13 | File | `/freelance/resume_list` | High
+14 | ... | ... | ...

-There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 109 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -285,6 +276,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2021/11/threat-roundup-1105-1112.html
 * https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
 * https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html
+* https://blog.talosintelligence.com/2022/06/threat-roundup-0617-0624.html
 * https://blogs.blackberry.com/en/2019/09/blackberry-cylance-vs-trickbot-infostealer-malware
 * https://feodotracker.abuse.ch/downloads/ipblocklist.csv
 * https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Trickbot%20IOCs
--- a/Trooper/README.md
+++ b/Trooper/README.md
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * ...

-There are 9 more country items available. Please use our online service to access the data.
+There are 10 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

--- a/actors/UNC2452/README.md
+++ b/actors/UNC2452/README.md
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce

 * [JP](https://vuldb.com/?country.jp)
 * [US](https://vuldb.com/?country.us)
-* [FR](https://vuldb.com/?country.fr)
+* [CN](https://vuldb.com/?country.cn)
 * ...

 There are 9 more country items available. Please use our online service to access the data.
@ -330,7 +330,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 6 more TTP items available. Please use our online service to access the data.
+There are 8 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -338,34 +338,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin/edit.php` | High
-2 | File | `/admin/new-content` | High
-3 | File | `/ad_js.php` | Medium
-4 | File | `/apps/acs-commons/content/page-compare.html` | High
-5 | File | `/backups/` | Medium
-6 | File | `/bcms/admin/?page=user/list` | High
-7 | File | `/blog/blog.php` | High
-8 | File | `/cardo/api` | Medium
-9 | File | `/cgi-bin/login.cgi` | High
-10 | File | `/cgi-bin/luci/api/auth` | High
-11 | File | `/cgi-bin/luci/api/diagnose` | High
-12 | File | `/cgi-bin/luci/api/switch` | High
-13 | File | `/cgi-bin/luci/api/wireless` | High
-14 | File | `/cgi-mod/lookup.cgi` | High
-15 | File | `/edit-db.php` | Medium
-16 | File | `/etc/networkd-dispatcher` | High
-17 | File | `/fantasticblog/single.php` | High
-18 | File | `/goform/AdvSetLanIp` | High
-19 | File | `/goform/editassignment` | High
-20 | File | `/goform/form2IPQoSTcAdd` | High
-21 | File | `/goform/setDeviceSettings` | High
-22 | File | `/goform/setMacFilterCfg` | High
-23 | File | `/goform/SetNetControlList` | High
-24 | File | `/goform/setNetworkLan` | High
-25 | File | `/goform/setpptpservercfg` | High
-26 | ... | ... | ...
+1 | File | `/about.php` | Medium
+2 | File | `/admin.php/pic/admin/lists/zhuan` | High
+3 | File | `/admin/?page=inmates/view_inmate` | High
+4 | File | `/admin/?page=system_info/contact_info` | High
+5 | File | `/admin/new-content` | High
+6 | File | `/admin/sign/out` | High
+7 | File | `/ad_js.php` | Medium
+8 | File | `/backups/` | Medium
+9 | File | `/bcms/admin/?page=user/list` | High
+10 | File | `/cardo/api` | Medium
+11 | File | `/cgi-bin/login.cgi` | High
+12 | File | `/cgi-bin/luci/api/auth` | High
+13 | File | `/cgi-bin/luci/api/diagnose` | High
+14 | File | `/cgi-bin/luci/api/switch` | High
+15 | File | `/cgi-bin/luci/api/wireless` | High
+16 | File | `/cgi-mod/lookup.cgi` | High
+17 | File | `/classes/Users.php?f=save` | High
+18 | File | `/edit-db.php` | Medium
+19 | File | `/etc/networkd-dispatcher` | High
+20 | File | `/etc/shadow.sample` | High
+21 | File | `/fantasticblog/single.php` | High
+22 | File | `/goform/AdvSetLanIp` | High
+23 | File | `/goform/editassignment` | High
+24 | File | `/goform/form2IPQoSTcAdd` | High
+25 | File | `/goform/saveParentControlInfo` | High
+26 | File | `/goform/setDeviceSettings` | High
+27 | File | `/goform/SetFirewallCfg` | High
+28 | File | `/goform/setMacFilterCfg` | High
+29 | ... | ... | ...

-There are 222 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 249 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/顯示更多
+++ b/顯示更多