Update
This commit is contained in:
父節點
18eedeacb1
當前提交
a5a5219532
|
@ -0,0 +1,60 @@
|
|||
# 8220 Gang - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [8220 Gang](https://vuldb.com/?actor.8220_gang). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.8220_gang](https://vuldb.com/?actor.8220_gang)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with 8220 Gang:
|
||||
|
||||
* CVE-2022-26134
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with 8220 Gang:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of 8220 Gang.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [51.79.175.139](https://vuldb.com/?ip.51.79.175.139) | vps-dc8b0481.vps.ovh.ca | CVE-2022-26134 | High
|
||||
2 | [51.255.171.23](https://vuldb.com/?ip.51.255.171.23) | vps-fc1a1567.vps.ovh.net | CVE-2022-26134 | High
|
||||
3 | [146.59.198.38](https://vuldb.com/?ip.146.59.198.38) | vps-19ede15a.vps.ovh.net | CVE-2022-26134 | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by 8220 Gang. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `data/gbconfiguration.dat` | High
|
||||
2 | File | `inc/config.php` | High
|
||||
3 | Argument | `basePath` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.checkpoint.com/2022/06/09/crypto-miners-leveraging-atlassian-zero-day-vulnerability/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -68,7 +68,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `adm/boardgroup_form_update.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 18 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 19 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -87,29 +87,30 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/modules/profile/index.php` | High
|
||||
10 | File | `/one_church/userregister.php` | High
|
||||
11 | File | `/out.php` | Medium
|
||||
12 | File | `/public/plugins/` | High
|
||||
13 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
14 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
15 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
16 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
17 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
18 | File | `/system/proxy` | High
|
||||
19 | File | `/tmp/phpglibccheck` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
22 | File | `4.edu.php` | Medium
|
||||
23 | File | `adclick.php` | Medium
|
||||
24 | File | `add.php` | Low
|
||||
25 | File | `addentry.php` | Medium
|
||||
26 | File | `addressbookprovider.php` | High
|
||||
27 | File | `admin.jcomments.php` | High
|
||||
28 | File | `admin/pageUploadCSV.php` | High
|
||||
29 | File | `ajax_udf.php` | Medium
|
||||
30 | File | `AppCompatCache.exe` | High
|
||||
31 | File | `application.js.php` | High
|
||||
32 | ... | ... | ...
|
||||
12 | File | `/owa/auth/logon.aspx` | High
|
||||
13 | File | `/public/plugins/` | High
|
||||
14 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
15 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
16 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
17 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
18 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
19 | File | `/system/proxy` | High
|
||||
20 | File | `/tmp/phpglibccheck` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
23 | File | `4.edu.php` | Medium
|
||||
24 | File | `adclick.php` | Medium
|
||||
25 | File | `add.php` | Low
|
||||
26 | File | `addentry.php` | Medium
|
||||
27 | File | `addressbookprovider.php` | High
|
||||
28 | File | `admin.jcomments.php` | High
|
||||
29 | File | `admin/pageUploadCSV.php` | High
|
||||
30 | File | `ajax_udf.php` | Medium
|
||||
31 | File | `AppCompatCache.exe` | High
|
||||
32 | File | `application.js.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 276 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -61,7 +61,7 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `data/gbconfiguration.dat` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 38 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 40 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -14,6 +14,7 @@ The following _campaigns_ are known and can be associated with APT19:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT19:
|
||||
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -67,37 +67,38 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/etc/shadow` | Medium
|
||||
7 | File | `/goform/telnet` | High
|
||||
8 | File | `/infusions/shoutbox_panel/shoutbox_admin.php` | High
|
||||
9 | File | `/modules/profile/index.php` | High
|
||||
10 | File | `/oscommerce/admin/currencies.php` | High
|
||||
11 | File | `/proc/pid/syscall` | High
|
||||
12 | File | `/rapi/read_url` | High
|
||||
13 | File | `/rom-0` | Low
|
||||
14 | File | `/session/list/allActiveSession` | High
|
||||
15 | File | `/syslog_rules` | High
|
||||
16 | File | `/tmp/phpglibccheck` | High
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `/upload` | Low
|
||||
19 | File | `/users/{id}` | Medium
|
||||
20 | File | `/var/tmp/sess_*` | High
|
||||
21 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
22 | File | `/video` | Low
|
||||
23 | File | `actionphp/download.File.php` | High
|
||||
24 | File | `ActivityManagerService.java` | High
|
||||
25 | File | `adaptmap_reg.c` | High
|
||||
26 | File | `add_comment.php` | High
|
||||
27 | File | `admin.cgi` | Medium
|
||||
28 | File | `admin.php` | Medium
|
||||
29 | File | `admin.php?action=files` | High
|
||||
30 | File | `admin/admin.php` | High
|
||||
31 | File | `admin/content.php` | High
|
||||
32 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
33 | File | `admin/modules/master_file/rda_cmc.php?keywords` | High
|
||||
34 | File | `affich.php` | Medium
|
||||
35 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
36 | File | `album_portal.php` | High
|
||||
37 | ... | ... | ...
|
||||
9 | File | `/lan.asp` | Medium
|
||||
10 | File | `/modules/profile/index.php` | High
|
||||
11 | File | `/oscommerce/admin/currencies.php` | High
|
||||
12 | File | `/proc/pid/syscall` | High
|
||||
13 | File | `/rapi/read_url` | High
|
||||
14 | File | `/rom-0` | Low
|
||||
15 | File | `/session/list/allActiveSession` | High
|
||||
16 | File | `/syslog_rules` | High
|
||||
17 | File | `/tmp/phpglibccheck` | High
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/upload` | Low
|
||||
20 | File | `/users/{id}` | Medium
|
||||
21 | File | `/var/tmp/sess_*` | High
|
||||
22 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
23 | File | `/video` | Low
|
||||
24 | File | `actionphp/download.File.php` | High
|
||||
25 | File | `ActivityManagerService.java` | High
|
||||
26 | File | `adaptmap_reg.c` | High
|
||||
27 | File | `add_comment.php` | High
|
||||
28 | File | `admin.cgi` | Medium
|
||||
29 | File | `admin.php` | Medium
|
||||
30 | File | `admin.php?action=files` | High
|
||||
31 | File | `admin/admin.php` | High
|
||||
32 | File | `admin/content.php` | High
|
||||
33 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
34 | File | `admin/modules/master_file/rda_cmc.php?keywords` | High
|
||||
35 | File | `affich.php` | Medium
|
||||
36 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
37 | File | `album_portal.php` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 326 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
The following _campaigns_ are known and can be associated with APT28:
|
||||
|
||||
* Carberp
|
||||
* CVE-2022-30190
|
||||
* Fysbis
|
||||
* Global Brute Force
|
||||
* ...
|
||||
|
||||
There are 3 more campaign items available. Please use our online service to access the data.
|
||||
There are 4 more campaign items available. Please use our online service to access the data.
|
||||
|
||||
## Countries
|
||||
|
||||
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -37,50 +37,51 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
3 | [5.100.155.91](https://vuldb.com/?ip.5.100.155.91) | 5.100.155-91.publicdomainregistry.com | - | High
|
||||
4 | [5.135.183.154](https://vuldb.com/?ip.5.135.183.154) | ns3290077.ip-5-135-183.eu | Sednit | High
|
||||
5 | [5.199.171.58](https://vuldb.com/?ip.5.199.171.58) | - | - | High
|
||||
6 | [23.163.0.59](https://vuldb.com/?ip.23.163.0.59) | naomi.rem2d.com | - | High
|
||||
7 | [23.227.196.21](https://vuldb.com/?ip.23.227.196.21) | 23-227-196-21.static.hvvc.us | - | High
|
||||
8 | [23.227.196.215](https://vuldb.com/?ip.23.227.196.215) | 23-227-196-215.static.hvvc.us | - | High
|
||||
9 | [23.227.196.217](https://vuldb.com/?ip.23.227.196.217) | 23-227-196-217.static.hvvc.us | - | High
|
||||
10 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | - | High
|
||||
11 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | - | High
|
||||
12 | [31.220.43.99](https://vuldb.com/?ip.31.220.43.99) | - | Sednit | High
|
||||
13 | [31.220.61.251](https://vuldb.com/?ip.31.220.61.251) | - | - | High
|
||||
14 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | - | High
|
||||
15 | [45.32.129.185](https://vuldb.com/?ip.45.32.129.185) | 45.32.129.185.vultr.com | - | Medium
|
||||
16 | [45.32.227.21](https://vuldb.com/?ip.45.32.227.21) | 45.32.227.21.mobiltel.mx | - | High
|
||||
17 | [45.64.105.23](https://vuldb.com/?ip.45.64.105.23) | - | - | High
|
||||
18 | [45.124.132.127](https://vuldb.com/?ip.45.124.132.127) | - | - | High
|
||||
19 | [46.19.138.66](https://vuldb.com/?ip.46.19.138.66) | ab2.alchibasystems.in.net | - | High
|
||||
20 | [46.21.147.55](https://vuldb.com/?ip.46.21.147.55) | 46-21-147-55.static.hvvc.us | - | High
|
||||
21 | [46.21.147.71](https://vuldb.com/?ip.46.21.147.71) | 46-21-147-71.static.hvvc.us | - | High
|
||||
22 | [46.21.147.76](https://vuldb.com/?ip.46.21.147.76) | 46-21-147-76.static.hvvc.us | - | High
|
||||
23 | [46.148.17.227](https://vuldb.com/?ip.46.148.17.227) | - | - | High
|
||||
24 | [46.166.162.90](https://vuldb.com/?ip.46.166.162.90) | - | Pawn Storm | High
|
||||
25 | [46.183.217.74](https://vuldb.com/?ip.46.183.217.74) | ip-217-74.dataclub.info | Pawn Storm | High
|
||||
26 | [51.38.128.110](https://vuldb.com/?ip.51.38.128.110) | vps-0a3489af.vps.ovh.net | - | High
|
||||
27 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
|
||||
28 | [51.254.158.57](https://vuldb.com/?ip.51.254.158.57) | - | - | High
|
||||
29 | [54.37.104.106](https://vuldb.com/?ip.54.37.104.106) | piber.connectedlists.com | - | High
|
||||
30 | [58.49.58.58](https://vuldb.com/?ip.58.49.58.58) | - | - | High
|
||||
31 | [62.113.232.197](https://vuldb.com/?ip.62.113.232.197) | - | - | High
|
||||
32 | [66.172.11.207](https://vuldb.com/?ip.66.172.11.207) | ip-66-172-11-207.chunkhost.com | Carberp | High
|
||||
33 | [66.172.12.133](https://vuldb.com/?ip.66.172.12.133) | - | - | High
|
||||
34 | [69.12.73.174](https://vuldb.com/?ip.69.12.73.174) | 69.12.73.174.static.quadranet.com | Sednit | High
|
||||
35 | [70.85.221.10](https://vuldb.com/?ip.70.85.221.10) | server002.nilsson-it.dk | - | High
|
||||
36 | [70.85.221.20](https://vuldb.com/?ip.70.85.221.20) | 14.dd.5546.static.theplanet.com | Pawn Storm | High
|
||||
37 | [76.74.177.251](https://vuldb.com/?ip.76.74.177.251) | ip-76-74-177-251.chunkhost.com | - | High
|
||||
38 | [77.81.98.122](https://vuldb.com/?ip.77.81.98.122) | no-rdns.clues.ro | - | High
|
||||
39 | [77.83.247.81](https://vuldb.com/?ip.77.83.247.81) | - | Global Brute Force | High
|
||||
40 | [78.153.151.222](https://vuldb.com/?ip.78.153.151.222) | smtp33.pristavka-fr.ru | - | High
|
||||
41 | [80.83.115.187](https://vuldb.com/?ip.80.83.115.187) | host3.smtpnoida.biz | - | High
|
||||
42 | [80.255.3.93](https://vuldb.com/?ip.80.255.3.93) | - | - | High
|
||||
43 | [80.255.3.94](https://vuldb.com/?ip.80.255.3.94) | set121.com | - | High
|
||||
44 | [80.255.6.15](https://vuldb.com/?ip.80.255.6.15) | - | - | High
|
||||
45 | [80.255.10.236](https://vuldb.com/?ip.80.255.10.236) | - | - | High
|
||||
46 | [81.17.30.29](https://vuldb.com/?ip.81.17.30.29) | - | - | High
|
||||
47 | ... | ... | ... | ...
|
||||
6 | [18.130.154.13](https://vuldb.com/?ip.18.130.154.13) | ec2-18-130-154-13.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
7 | [18.133.205.135](https://vuldb.com/?ip.18.133.205.135) | ec2-18-133-205-135.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
8 | [18.133.249.238](https://vuldb.com/?ip.18.133.249.238) | ec2-18-133-249-238.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
9 | [23.163.0.59](https://vuldb.com/?ip.23.163.0.59) | naomi.rem2d.com | - | High
|
||||
10 | [23.227.196.21](https://vuldb.com/?ip.23.227.196.21) | 23-227-196-21.static.hvvc.us | - | High
|
||||
11 | [23.227.196.215](https://vuldb.com/?ip.23.227.196.215) | 23-227-196-215.static.hvvc.us | - | High
|
||||
12 | [23.227.196.217](https://vuldb.com/?ip.23.227.196.217) | 23-227-196-217.static.hvvc.us | - | High
|
||||
13 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | - | High
|
||||
14 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | - | High
|
||||
15 | [31.220.43.99](https://vuldb.com/?ip.31.220.43.99) | - | Sednit | High
|
||||
16 | [31.220.61.251](https://vuldb.com/?ip.31.220.61.251) | - | - | High
|
||||
17 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | - | High
|
||||
18 | [45.32.129.185](https://vuldb.com/?ip.45.32.129.185) | 45.32.129.185.vultr.com | - | Medium
|
||||
19 | [45.32.227.21](https://vuldb.com/?ip.45.32.227.21) | 45.32.227.21.mobiltel.mx | - | High
|
||||
20 | [45.64.105.23](https://vuldb.com/?ip.45.64.105.23) | - | - | High
|
||||
21 | [45.124.132.127](https://vuldb.com/?ip.45.124.132.127) | - | - | High
|
||||
22 | [46.19.138.66](https://vuldb.com/?ip.46.19.138.66) | ab2.alchibasystems.in.net | - | High
|
||||
23 | [46.21.147.55](https://vuldb.com/?ip.46.21.147.55) | 46-21-147-55.static.hvvc.us | - | High
|
||||
24 | [46.21.147.71](https://vuldb.com/?ip.46.21.147.71) | 46-21-147-71.static.hvvc.us | - | High
|
||||
25 | [46.21.147.76](https://vuldb.com/?ip.46.21.147.76) | 46-21-147-76.static.hvvc.us | - | High
|
||||
26 | [46.148.17.227](https://vuldb.com/?ip.46.148.17.227) | - | - | High
|
||||
27 | [46.166.162.90](https://vuldb.com/?ip.46.166.162.90) | - | Pawn Storm | High
|
||||
28 | [46.183.217.74](https://vuldb.com/?ip.46.183.217.74) | ip-217-74.dataclub.info | Pawn Storm | High
|
||||
29 | [51.38.128.110](https://vuldb.com/?ip.51.38.128.110) | vps-0a3489af.vps.ovh.net | - | High
|
||||
30 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
|
||||
31 | [51.254.158.57](https://vuldb.com/?ip.51.254.158.57) | - | - | High
|
||||
32 | [54.37.104.106](https://vuldb.com/?ip.54.37.104.106) | piber.connectedlists.com | - | High
|
||||
33 | [58.49.58.58](https://vuldb.com/?ip.58.49.58.58) | - | - | High
|
||||
34 | [62.113.232.197](https://vuldb.com/?ip.62.113.232.197) | - | - | High
|
||||
35 | [66.172.11.207](https://vuldb.com/?ip.66.172.11.207) | ip-66-172-11-207.chunkhost.com | Carberp | High
|
||||
36 | [66.172.12.133](https://vuldb.com/?ip.66.172.12.133) | - | - | High
|
||||
37 | [69.12.73.174](https://vuldb.com/?ip.69.12.73.174) | 69.12.73.174.static.quadranet.com | Sednit | High
|
||||
38 | [70.85.221.10](https://vuldb.com/?ip.70.85.221.10) | server002.nilsson-it.dk | - | High
|
||||
39 | [70.85.221.20](https://vuldb.com/?ip.70.85.221.20) | 14.dd.5546.static.theplanet.com | Pawn Storm | High
|
||||
40 | [76.74.177.251](https://vuldb.com/?ip.76.74.177.251) | ip-76-74-177-251.chunkhost.com | - | High
|
||||
41 | [77.81.98.122](https://vuldb.com/?ip.77.81.98.122) | no-rdns.clues.ro | - | High
|
||||
42 | [77.83.247.81](https://vuldb.com/?ip.77.83.247.81) | - | Global Brute Force | High
|
||||
43 | [78.153.151.222](https://vuldb.com/?ip.78.153.151.222) | smtp33.pristavka-fr.ru | - | High
|
||||
44 | [80.83.115.187](https://vuldb.com/?ip.80.83.115.187) | host3.smtpnoida.biz | - | High
|
||||
45 | [80.255.3.93](https://vuldb.com/?ip.80.255.3.93) | - | - | High
|
||||
46 | [80.255.3.94](https://vuldb.com/?ip.80.255.3.94) | set121.com | - | High
|
||||
47 | [80.255.6.15](https://vuldb.com/?ip.80.255.6.15) | - | - | High
|
||||
48 | ... | ... | ... | ...
|
||||
|
||||
There are 184 more IOC items available. Please use our online service to access the data.
|
||||
There are 188 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -131,15 +132,15 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `apcupsd.pid` | Medium
|
||||
29 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
|
||||
30 | File | `api/sms/send-sms` | High
|
||||
31 | File | `api/v1/alarms` | High
|
||||
32 | ... | ... | ...
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 275 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/
|
||||
* https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf
|
||||
* https://github.com/blackorbird/APT_REPORT/blob/master/APT28/IOC/2019-04-05-ioc-mark.txt
|
||||
* https://github.com/blackorbird/APT_REPORT/blob/master/APT28/IOC/2019-04-09-ioc-mark.txt
|
||||
|
@ -149,6 +150,9 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/
|
||||
* https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/
|
||||
* https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/2015.11.04_Evolving_Threats/cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf
|
||||
* https://twitter.com/teamcymru_S2/status/1540390942510927873
|
||||
* https://twitter.com/teamcymru_S2/status/1540390947665616897
|
||||
* https://twitter.com/teamcymru_S2/status/1540390955882319876
|
||||
* https://unit42.paloaltonetworks.com/a-look-into-fysbis-sofacys-linux-backdoor/
|
||||
* https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign/
|
||||
* https://unit42.paloaltonetworks.com/unit42-new-sofacy-attacks-against-us-government-agency/
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -76,23 +76,23 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin/?page=system_info/contact_info` | High
|
||||
3 | File | `/admin/login.php` | High
|
||||
4 | File | `/admin/powerline` | High
|
||||
3 | File | `/admin/dl_sendmail.php` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/admin/produts/controller.php` | High
|
||||
6 | File | `/admin/syslog` | High
|
||||
7 | File | `/admin/user/team` | High
|
||||
8 | File | `/api/upload` | Medium
|
||||
9 | File | `/bcms/admin/?page=user/list` | High
|
||||
10 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
11 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
12 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
13 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
16 | File | `/goform/aspForm` | High
|
||||
17 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
6 | File | `/admin/user/team` | High
|
||||
7 | File | `/Ap4RtpAtom.cpp` | High
|
||||
8 | File | `/bcms/admin/?page=user/list` | High
|
||||
9 | File | `/bsms/?page=manage_account` | High
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/dashboard/reports/logs/view` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
14 | File | `/fuel/sitevariables/delete/4` | High
|
||||
15 | File | `/goform/aspForm` | High
|
||||
16 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
17 | File | `/librarian/bookdetails.php` | High
|
||||
18 | File | `/mgmt/tm/util/bash` | High
|
||||
19 | File | `/monitoring` | Medium
|
||||
20 | File | `/ms/cms/content/list.do` | High
|
||||
|
@ -101,21 +101,20 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `/plesk-site-preview/` | High
|
||||
24 | File | `/proc/<pid>/status` | High
|
||||
25 | File | `/public/plugins/` | High
|
||||
26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
27 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
28 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
29 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
30 | File | `/student-grading-system/rms.php?page=grade` | High
|
||||
31 | File | `/tmp` | Low
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
34 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
35 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
36 | File | `ABuffer.cpp` | Medium
|
||||
37 | File | `AccountManagerService.java` | High
|
||||
38 | ... | ... | ...
|
||||
26 | File | `/school/model/get_admin_profile.php` | High
|
||||
27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
28 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
29 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
30 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
31 | File | `/student-grading-system/rms.php?page=grade` | High
|
||||
32 | File | `/timeline2.php` | High
|
||||
33 | File | `/tmp` | Low
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
36 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 330 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -72,36 +72,37 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `/goforms/rlminfo` | High
|
||||
17 | File | `/login` | Low
|
||||
18 | File | `/navigate/navigate_download.php` | High
|
||||
19 | File | `/out.php` | Medium
|
||||
20 | File | `/owa/auth/logon.aspx` | High
|
||||
21 | File | `/p` | Low
|
||||
22 | File | `/password.html` | High
|
||||
23 | File | `/proc/ioports` | High
|
||||
24 | File | `/property-list/property_view.php` | High
|
||||
25 | File | `/ptms/classes/Users.php` | High
|
||||
26 | File | `/rest` | Low
|
||||
27 | File | `/rest/api/2/search` | High
|
||||
28 | File | `/s/` | Low
|
||||
29 | File | `/scripts/cpan_config` | High
|
||||
30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
31 | File | `/services/system/setup.json` | High
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/vloggers_merch/?p=view_product` | High
|
||||
34 | File | `/webconsole/APIController` | High
|
||||
35 | File | `/websocket/exec` | High
|
||||
36 | File | `/wp-admin/admin-ajax.php` | High
|
||||
37 | File | `/wp-json` | Medium
|
||||
38 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
39 | File | `/_next` | Low
|
||||
40 | File | `4.edu.php\conn\function.php` | High
|
||||
41 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
42 | File | `adclick.php` | Medium
|
||||
43 | File | `addentry.php` | Medium
|
||||
44 | File | `add_comment.php` | High
|
||||
45 | File | `admin/category.inc.php` | High
|
||||
46 | ... | ... | ...
|
||||
19 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
20 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/owa/auth/logon.aspx` | High
|
||||
23 | File | `/p` | Low
|
||||
24 | File | `/password.html` | High
|
||||
25 | File | `/proc/ioports` | High
|
||||
26 | File | `/property-list/property_view.php` | High
|
||||
27 | File | `/ptms/classes/Users.php` | High
|
||||
28 | File | `/rest` | Low
|
||||
29 | File | `/rest/api/2/search` | High
|
||||
30 | File | `/s/` | Low
|
||||
31 | File | `/scripts/cpan_config` | High
|
||||
32 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
33 | File | `/services/system/setup.json` | High
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/vloggers_merch/?p=view_product` | High
|
||||
36 | File | `/webconsole/APIController` | High
|
||||
37 | File | `/websocket/exec` | High
|
||||
38 | File | `/wp-admin/admin-ajax.php` | High
|
||||
39 | File | `/wp-json` | Medium
|
||||
40 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
41 | File | `/_next` | Low
|
||||
42 | File | `4.edu.php\conn\function.php` | High
|
||||
43 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
44 | File | `adclick.php` | Medium
|
||||
45 | File | `addentry.php` | Medium
|
||||
46 | File | `admin/category.inc.php` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 400 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 404 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
@ -56,7 +56,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -68,41 +68,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `../FILEDIR` | Medium
|
||||
2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
||||
4 | File | `/admin.php/pic/admin/lists/zhuan` | High
|
||||
5 | File | `/admin.php/pic/admin/type/save` | High
|
||||
6 | File | `/admin.php/singer/admin/lists/zhuan` | High
|
||||
7 | File | `/admin.php/singer/admin/singer/del` | High
|
||||
8 | File | `/admin/?page=system_info/contact_info` | High
|
||||
9 | File | `/admin/add_post.php` | High
|
||||
2 | File | `/admin.php/pic/admin/lists/zhuan` | High
|
||||
3 | File | `/admin.php/pic/admin/type/save` | High
|
||||
4 | File | `/admin.php/singer/admin/lists/zhuan` | High
|
||||
5 | File | `/admin.php/singer/admin/singer/del` | High
|
||||
6 | File | `/admin/?page=system_info/contact_info` | High
|
||||
7 | File | `/admin/add_post.php` | High
|
||||
8 | File | `/admin/conferences/list/` | High
|
||||
9 | File | `/admin/dl_sendmail.php` | High
|
||||
10 | File | `/admin/dl_sendsms.php` | High
|
||||
11 | File | `/Ap4RtpAtom.cpp` | High
|
||||
12 | File | `/api/programs/orgUnits?programs` | High
|
||||
13 | File | `/asms/classes/Master.php?f=save_product` | High
|
||||
14 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
|
||||
15 | File | `/car-rental-management-system/admin/manage_booking.php` | High
|
||||
16 | File | `/car-rental-management-system/admin/manage_user.php` | High
|
||||
17 | File | `/cardo/api` | Medium
|
||||
18 | File | `/cgi-bin` | Medium
|
||||
19 | File | `/cgi-bin/login.cgi` | High
|
||||
20 | File | `/checklogin.jsp` | High
|
||||
21 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
22 | File | `/cms/classes/Master.php?f=delete_invoice` | High
|
||||
23 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
24 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
25 | File | `/ctpms/classes/Users.php?f=save` | High
|
||||
26 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
27 | File | `/expense_action.php` | High
|
||||
28 | File | `/food/admin/all_users.php` | High
|
||||
29 | File | `/goform/aspForm` | High
|
||||
30 | File | `/goform/form2Dhcpip` | High
|
||||
31 | File | `/goform/RgDhcp` | High
|
||||
32 | File | `/goform/RgUrlBlock.asp` | High
|
||||
33 | File | `/goform/saveParentControlInfo` | High
|
||||
34 | ... | ... | ...
|
||||
11 | File | `/admin/featured.php` | High
|
||||
12 | File | `/admin/general.cgi` | High
|
||||
13 | File | `/admin/general/change-lang` | High
|
||||
14 | File | `/admin/renewaldue.php` | High
|
||||
15 | File | `/admin/showbad.php` | High
|
||||
16 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
17 | File | `/Ap4RtpAtom.cpp` | High
|
||||
18 | File | `/api/programs/orgUnits?programs` | High
|
||||
19 | File | `/asms/classes/Master.php?f=save_product` | High
|
||||
20 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
|
||||
21 | File | `/bsms/?page=manage_account` | High
|
||||
22 | File | `/car-rental-management-system/admin/manage_booking.php` | High
|
||||
23 | File | `/car-rental-management-system/admin/manage_user.php` | High
|
||||
24 | File | `/cardo/api` | Medium
|
||||
25 | File | `/cgi-bin` | Medium
|
||||
26 | File | `/checklogin.jsp` | High
|
||||
27 | File | `/ctpms/classes/Users.php?f=save` | High
|
||||
28 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
29 | File | `/expense_action.php` | High
|
||||
30 | File | `/ffos/admin/sales/receipt.php` | High
|
||||
31 | File | `/food/admin/all_users.php` | High
|
||||
32 | File | `/goform/aspForm` | High
|
||||
33 | File | `/goform/RgDhcp` | High
|
||||
34 | File | `/goform/RgUrlBlock.asp` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 294 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 299 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [IR](https://vuldb.com/?country.ir)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -81,13 +81,12 @@ ID | Type | Indicator | Confidence
|
|||
21 | File | `/var/log/nginx` | High
|
||||
22 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
23 | File | `actions.hsp` | Medium
|
||||
24 | File | `addentry.php` | Medium
|
||||
25 | File | `add_to_cart.php` | High
|
||||
26 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
27 | File | `admin/config/confmgr.php` | High
|
||||
28 | ... | ... | ...
|
||||
24 | File | `add_to_cart.php` | High
|
||||
25 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
26 | File | `ajax.php` | Medium
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 236 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 230 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -92,7 +92,7 @@ ID | Type | Indicator | Confidence
|
|||
27 | File | `content.php` | Medium
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 234 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 236 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -91,34 +91,35 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/mgmt/tm/util/bash` | High
|
||||
16 | File | `/module/admin_logs` | High
|
||||
17 | File | `/nova/bin/console` | High
|
||||
18 | File | `/public/login.htm` | High
|
||||
19 | File | `/public/plugins/` | High
|
||||
20 | File | `/replication` | Medium
|
||||
21 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
22 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
23 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
24 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
25 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
26 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
27 | File | `/start-stop` | Medium
|
||||
28 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
29 | File | `/tmp/app/.env` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/upload` | Low
|
||||
32 | File | `/usr/bin/pkexec` | High
|
||||
33 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
34 | File | `/WEB-INF/web.xml` | High
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `/wp-admin/options.php` | High
|
||||
37 | File | `/_next` | Low
|
||||
38 | File | `adclick.php` | Medium
|
||||
39 | File | `addentry.php` | Medium
|
||||
40 | File | `addrating.php` | High
|
||||
41 | File | `admin.php` | Medium
|
||||
42 | File | `admin.php/comments/batchdel/` | High
|
||||
43 | ... | ... | ...
|
||||
18 | File | `/owa/auth/logon.aspx` | High
|
||||
19 | File | `/public/login.htm` | High
|
||||
20 | File | `/public/plugins/` | High
|
||||
21 | File | `/replication` | Medium
|
||||
22 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
23 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
24 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
25 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
26 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
27 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
28 | File | `/start-stop` | Medium
|
||||
29 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
30 | File | `/tmp/app/.env` | High
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/upload` | Low
|
||||
33 | File | `/usr/bin/pkexec` | High
|
||||
34 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
35 | File | `/WEB-INF/web.xml` | High
|
||||
36 | File | `/wp-admin/admin-ajax.php` | High
|
||||
37 | File | `/wp-admin/options.php` | High
|
||||
38 | File | `/_next` | Low
|
||||
39 | File | `adclick.php` | Medium
|
||||
40 | File | `addentry.php` | Medium
|
||||
41 | File | `addrating.php` | High
|
||||
42 | File | `admin.php` | Medium
|
||||
43 | File | `admin.php/comments/batchdel/` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -50,7 +50,7 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `data/gbconfiguration.dat` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 29 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 31 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with Agent Tesla:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Agent Tesla:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -27,15 +27,17 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [31.3.251.197](https://vuldb.com/?ip.31.3.251.197) | h31-3-251-197.host.redstation.co.uk | - | High
|
||||
2 | [45.142.215.180](https://vuldb.com/?ip.45.142.215.180) | connectoms.host | - | High
|
||||
3 | [45.156.25.78](https://vuldb.com/?ip.45.156.25.78) | - | - | High
|
||||
4 | [51.68.128.171](https://vuldb.com/?ip.51.68.128.171) | ip171.ip-51-68-128.eu | - | High
|
||||
5 | [51.89.183.99](https://vuldb.com/?ip.51.89.183.99) | 90.eri1.ovh.abcd.network | - | High
|
||||
6 | [62.182.156.179](https://vuldb.com/?ip.62.182.156.179) | - | - | High
|
||||
7 | ... | ... | ... | ...
|
||||
1 | [23.95.85.181](https://vuldb.com/?ip.23.95.85.181) | 23-95-85-181-host.colocrossing.com | - | High
|
||||
2 | [31.3.251.197](https://vuldb.com/?ip.31.3.251.197) | h31-3-251-197.host.redstation.co.uk | - | High
|
||||
3 | [31.209.137.12](https://vuldb.com/?ip.31.209.137.12) | smtp.vivaldi.net | - | High
|
||||
4 | [37.19.196.108](https://vuldb.com/?ip.37.19.196.108) | unn-37-19-196-108.datapacket.com | - | High
|
||||
5 | [45.142.215.180](https://vuldb.com/?ip.45.142.215.180) | connectoms.host | - | High
|
||||
6 | [45.156.25.78](https://vuldb.com/?ip.45.156.25.78) | - | - | High
|
||||
7 | [50.17.5.224](https://vuldb.com/?ip.50.17.5.224) | ec2-50-17-5-224.compute-1.amazonaws.com | - | Medium
|
||||
8 | [51.68.128.171](https://vuldb.com/?ip.51.68.128.171) | ip171.ip-51-68-128.eu | - | High
|
||||
9 | ... | ... | ... | ...
|
||||
|
||||
There are 25 more IOC items available. Please use our online service to access the data.
|
||||
There are 30 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -48,7 +50,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -59,53 +61,49 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/api/addusers` | High
|
||||
3 | File | `/cgi-bin/wapopen` | High
|
||||
4 | File | `/etc/ajenti/config.yml` | High
|
||||
5 | File | `/etc/sudoers` | Medium
|
||||
6 | File | `/goform/telnet` | High
|
||||
7 | File | `/include/chart_generator.php` | High
|
||||
8 | File | `/modules/profile/index.php` | High
|
||||
9 | File | `/public/launchNewWindow.jsp` | High
|
||||
10 | File | `/public/login.htm` | High
|
||||
11 | File | `/rom-0` | Low
|
||||
12 | File | `/tmp/phpglibccheck` | High
|
||||
13 | File | `/uncpath/` | Medium
|
||||
14 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
|
||||
15 | File | `/var/log/nginx` | High
|
||||
16 | File | `/var/tmp/sess_*` | High
|
||||
17 | File | `action.php` | Medium
|
||||
18 | File | `actionphp/download.File.php` | High
|
||||
19 | File | `add_comment.php` | High
|
||||
20 | File | `admin.a6mambocredits.php` | High
|
||||
21 | File | `admin.php` | Medium
|
||||
22 | File | `admin/admin.php` | High
|
||||
23 | File | `admin/content.php` | High
|
||||
24 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
25 | File | `admin/memberviewdetails.php` | High
|
||||
26 | File | `admin/sitesettings.php` | High
|
||||
27 | File | `affich.php` | Medium
|
||||
28 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
29 | File | `akeyActivationLogin.do` | High
|
||||
30 | File | `album_portal.php` | High
|
||||
31 | File | `apache-auth.conf` | High
|
||||
32 | File | `askapache-firefox-adsense.php` | High
|
||||
33 | File | `assets/add/category.php` | High
|
||||
34 | File | `attachment.cgi` | High
|
||||
35 | File | `blueprints/sections/edit/1` | High
|
||||
36 | File | `books.php` | Medium
|
||||
37 | File | `btif_hd.cc` | Medium
|
||||
38 | File | `cart_add.php` | Medium
|
||||
39 | File | `cat.php` | Low
|
||||
40 | File | `category.cfm` | Medium
|
||||
41 | File | `CFS.c` | Low
|
||||
42 | File | `checktransferstatus.php` | High
|
||||
43 | File | `class.SystemAction.php` | High
|
||||
44 | File | `clientarea.php` | High
|
||||
45 | File | `collectivite.class.php` | High
|
||||
46 | File | `contact` | Low
|
||||
47 | File | `control.c` | Medium
|
||||
48 | ... | ... | ...
|
||||
4 | File | `/controller/Index.php` | High
|
||||
5 | File | `/etc/ajenti/config.yml` | High
|
||||
6 | File | `/etc/sudoers` | Medium
|
||||
7 | File | `/forum/away.php` | High
|
||||
8 | File | `/goform/telnet` | High
|
||||
9 | File | `/include/chart_generator.php` | High
|
||||
10 | File | `/modules/profile/index.php` | High
|
||||
11 | File | `/public/launchNewWindow.jsp` | High
|
||||
12 | File | `/public/login.htm` | High
|
||||
13 | File | `/rom-0` | Low
|
||||
14 | File | `/tmp/connlicj.bin` | High
|
||||
15 | File | `/tmp/phpglibccheck` | High
|
||||
16 | File | `/uncpath/` | Medium
|
||||
17 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
|
||||
18 | File | `/var/log/nginx` | High
|
||||
19 | File | `/var/tmp/sess_*` | High
|
||||
20 | File | `action.php` | Medium
|
||||
21 | File | `actionphp/download.File.php` | High
|
||||
22 | File | `add_comment.php` | High
|
||||
23 | File | `admin.a6mambocredits.php` | High
|
||||
24 | File | `admin.php` | Medium
|
||||
25 | File | `admin/admin.php` | High
|
||||
26 | File | `admin/content.php` | High
|
||||
27 | File | `admin/import/class-import-settings.php` | High
|
||||
28 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
29 | File | `admin/sitesettings.php` | High
|
||||
30 | File | `affich.php` | Medium
|
||||
31 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
32 | File | `akeyActivationLogin.do` | High
|
||||
33 | File | `album_portal.php` | High
|
||||
34 | File | `apache-auth.conf` | High
|
||||
35 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
|
||||
36 | File | `askapache-firefox-adsense.php` | High
|
||||
37 | File | `assets/add/category.php` | High
|
||||
38 | File | `attachment.cgi` | High
|
||||
39 | File | `blueprints/sections/edit/1` | High
|
||||
40 | File | `books.php` | Medium
|
||||
41 | File | `btif_hd.cc` | Medium
|
||||
42 | File | `cart.php` | Medium
|
||||
43 | File | `cart_add.php` | Medium
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 414 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -114,6 +112,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://asec.ahnlab.com/en/31083/
|
||||
* https://blog.talosintelligence.com/2020/07/threat-roundup-0724-0731.html
|
||||
* https://blogs.blackberry.com/en/2020/04/threat-spotlight-secret-agent-tesla
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-20%20Agent%20Tesla%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-24%20Agent%20Tesla%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-27%20Agent%20Tesla%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-07%20Agent%20Tesla%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-17%20Agent%20Tesla%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-20%20Agent%20Tesla%20IOCs
|
||||
* https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/AgentTesla/IOCs
|
||||
* https://services.global.ntt/en-us/insights/blog/discovering-a-new-agent-tesla-malware-sample
|
||||
* https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [AR](https://vuldb.com/?country.ar)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -73,7 +73,7 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `admin/conf_users_edit.php` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 143 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 145 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,121 @@
|
|||
# Aoqin Dragon - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Aoqin Dragon](https://vuldb.com/?actor.aoqin_dragon). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.aoqin_dragon](https://vuldb.com/?actor.aoqin_dragon)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with Aoqin Dragon:
|
||||
|
||||
* Mongall
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Aoqin Dragon:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Aoqin Dragon.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [59.188.234.233](https://vuldb.com/?ip.59.188.234.233) | - | Mongall | High
|
||||
2 | [64.27.4.19](https://vuldb.com/?ip.64.27.4.19) | secure.link192.com | Mongall | High
|
||||
3 | [64.27.4.157](https://vuldb.com/?ip.64.27.4.157) | unassigned.calpop.com | Mongall | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Aoqin Dragon_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Aoqin Dragon. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `#!/system` | Medium
|
||||
2 | File | `%PROGRAMFILES%\Cylance\Desktop\log` | High
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/AddNewState/Add_State` | High
|
||||
5 | File | `/category.php` | High
|
||||
6 | File | `/data/syslog.filter.json` | High
|
||||
7 | File | `/details.php` | Medium
|
||||
8 | File | `/etc/stunnel.key` | High
|
||||
9 | File | `/FlexiCapture12/Login/Server/SevaUserProfile` | High
|
||||
10 | File | `/help/lccon.nsf/` | High
|
||||
11 | File | `/jsp/xmlhttp/AjaxResponse.jsp` | High
|
||||
12 | File | `/login.html` | Medium
|
||||
13 | File | `/member/settings_account.php` | High
|
||||
14 | File | `/net/mac80211/mac80211/sta_info.c` | High
|
||||
15 | File | `/otweb/OTPClientLogin` | High
|
||||
16 | File | `/product.php` | Medium
|
||||
17 | File | `/tests/add_duration_test.php` | High
|
||||
18 | File | `/tests/all_tests.php` | High
|
||||
19 | File | `/var/run/storage_account_root` | High
|
||||
20 | File | `AccessPoint.aspx` | High
|
||||
21 | File | `account.asp` | Medium
|
||||
22 | File | `activate.php` | Medium
|
||||
23 | File | `addevent.php` | Medium
|
||||
24 | File | `adherents/cartes/carte.php` | High
|
||||
25 | File | `admin.php` | Medium
|
||||
26 | File | `admin/` | Low
|
||||
27 | File | `admin/?/plugin/file_manager/upload` | High
|
||||
28 | File | `admin/app/physical/physical.php` | High
|
||||
29 | File | `admin/edit.php` | High
|
||||
30 | File | `admin/eventlist.php` | High
|
||||
31 | File | `admin/index.php` | High
|
||||
32 | File | `admin/languages.php` | High
|
||||
33 | File | `admin/manufacturers.php` | High
|
||||
34 | File | `admin/newsletters.php` | High
|
||||
35 | File | `admin/products_attributes.php` | High
|
||||
36 | File | `admin/products_expected.php` | High
|
||||
37 | File | `admin/reviews.php` | High
|
||||
38 | File | `admin/worklist/worklist_edit.asp` | High
|
||||
39 | File | `administrator/index.php` | High
|
||||
40 | File | `ad_popup.php` | Medium
|
||||
41 | File | `afd.sys` | Low
|
||||
42 | File | `agent.exe` | Medium
|
||||
43 | File | `apps/calendar/export.php` | High
|
||||
44 | File | `archive.php` | Medium
|
||||
45 | File | `ask_chat.php` | Medium
|
||||
46 | File | `attachment.cgi` | High
|
||||
47 | File | `basic.html#ipsettings` | High
|
||||
48 | File | `block-forums.php` | High
|
||||
49 | File | `bouncedcc.cpp` | High
|
||||
50 | File | `BS.Player` | Medium
|
||||
51 | ... | ... | ...
|
||||
|
||||
There are 446 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Autoit:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [IO](https://vuldb.com/?country.io)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,16 +21,17 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [8.248.165.254](https://vuldb.com/?ip.8.248.165.254) | - | - | High
|
||||
2 | [8.249.217.254](https://vuldb.com/?ip.8.249.217.254) | - | - | High
|
||||
3 | [8.253.131.121](https://vuldb.com/?ip.8.253.131.121) | - | - | High
|
||||
4 | [13.56.128.67](https://vuldb.com/?ip.13.56.128.67) | screenconnect.medsphere.com | - | High
|
||||
5 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
6 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
7 | [23.63.245.19](https://vuldb.com/?ip.23.63.245.19) | a23-63-245-19.deploy.static.akamaitechnologies.com | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
1 | [5.206.225.104](https://vuldb.com/?ip.5.206.225.104) | hosted-by.blazingfast.io | - | High
|
||||
2 | [8.248.165.254](https://vuldb.com/?ip.8.248.165.254) | - | - | High
|
||||
3 | [8.249.217.254](https://vuldb.com/?ip.8.249.217.254) | - | - | High
|
||||
4 | [8.253.131.121](https://vuldb.com/?ip.8.253.131.121) | - | - | High
|
||||
5 | [13.56.128.67](https://vuldb.com/?ip.13.56.128.67) | screenconnect.medsphere.com | - | High
|
||||
6 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
7 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
8 | [23.63.245.19](https://vuldb.com/?ip.23.63.245.19) | a23-63-245-19.deploy.static.akamaitechnologies.com | - | High
|
||||
9 | ... | ... | ... | ...
|
||||
|
||||
There are 28 more IOC items available. Please use our online service to access the data.
|
||||
There are 34 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -53,23 +54,36 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/appLms/ajax.server.php` | High
|
||||
2 | File | `/apps/` | Low
|
||||
3 | File | `/onlineordering/GPST/store/initiateorder.php` | High
|
||||
4 | File | `/rup` | Low
|
||||
5 | File | `/var/hnap/timestamp` | High
|
||||
6 | File | `admin.php` | Medium
|
||||
7 | File | `admin/admin_login.php` | High
|
||||
8 | File | `api/external.php?object=centreon_metric&action=listByService` | High
|
||||
9 | File | `app\contacts\contact_edit.php` | High
|
||||
10 | File | `audio_acdb.c` | Medium
|
||||
11 | File | `auth.php` | Medium
|
||||
12 | ... | ... | ...
|
||||
3 | File | `/etc/shadow` | Medium
|
||||
4 | File | `/mgmt/tm/util/bash` | High
|
||||
5 | File | `/ofrs/admin/?page=reports` | High
|
||||
6 | File | `/onlineordering/GPST/store/initiateorder.php` | High
|
||||
7 | File | `/products/details.asp` | High
|
||||
8 | File | `/public/login.htm` | High
|
||||
9 | File | `/RPC2` | Low
|
||||
10 | File | `/rup` | Low
|
||||
11 | File | `/var/hnap/timestamp` | High
|
||||
12 | File | `admin.color.php` | High
|
||||
13 | File | `admin.php` | Medium
|
||||
14 | File | `admin/admin_login.php` | High
|
||||
15 | File | `admin/index.php?page=manage_car` | High
|
||||
16 | File | `admin/media.php` | High
|
||||
17 | File | `admin_events.php` | High
|
||||
18 | File | `affich.php` | Medium
|
||||
19 | File | `Ap4StscAtom.cpp` | High
|
||||
20 | File | `Ap4StssAtom.cpp` | High
|
||||
21 | File | `Ap4StszAtom.cpp` | High
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 91 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 180 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html
|
||||
* https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html
|
||||
* https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
|
||||
* https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html
|
||||
* https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
|
||||
* https://blog.talosintelligence.com/2021/09/threat-roundup-0910-0917.html
|
||||
|
|
|
@ -51,22 +51,22 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/administration/theme.php` | High
|
||||
3 | File | `/BindAccount/SuccessTips.js` | High
|
||||
4 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
5 | File | `/login.html` | Medium
|
||||
6 | File | `/medical/inventories.php` | High
|
||||
7 | File | `/pages.php` | Medium
|
||||
8 | File | `/uncpath/` | Medium
|
||||
9 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
10 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
11 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
|
||||
12 | File | `abm.aspx` | Medium
|
||||
13 | File | `actions/ChangeConfiguration.html` | High
|
||||
14 | File | `adclick.php` | Medium
|
||||
2 | File | `/admin/deluser.php` | High
|
||||
3 | File | `/administration/theme.php` | High
|
||||
4 | File | `/BindAccount/SuccessTips.js` | High
|
||||
5 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
6 | File | `/login.html` | Medium
|
||||
7 | File | `/medical/inventories.php` | High
|
||||
8 | File | `/pages.php` | Medium
|
||||
9 | File | `/uncpath/` | Medium
|
||||
10 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
11 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
12 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
|
||||
13 | File | `abm.aspx` | Medium
|
||||
14 | File | `actions/ChangeConfiguration.html` | High
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 116 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 118 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -45,12 +45,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -58,39 +58,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `../FILEDIR` | Medium
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/?module=fileman§ion=get&page=grid` | High
|
||||
4 | File | `/admin/?page=system_info/contact_info` | High
|
||||
5 | File | `/admin/comn/service/update.json` | High
|
||||
6 | File | `/Ap4RtpAtom.cpp` | High
|
||||
7 | File | `/api/part_categories` | High
|
||||
8 | File | `/auditLogAction.do` | High
|
||||
9 | File | `/bcms/admin/?page=court_rentals/view_court_rental` | High
|
||||
10 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
|
||||
11 | File | `/bcms/admin/?page=sales/view_details` | High
|
||||
12 | File | `/bcms/admin/?page=service_transactions/manage_service_transaction` | High
|
||||
13 | File | `/bcms/admin/?page=service_transactions/view_details` | High
|
||||
14 | File | `/bcms/admin/?page=user/manage_user` | High
|
||||
15 | File | `/car-rental-management-system/admin/manage_user.php` | High
|
||||
16 | File | `/cgi-bin` | Medium
|
||||
17 | File | `/cgi-bin/kerbynet` | High
|
||||
18 | File | `/checklogin.jsp` | High
|
||||
19 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
20 | File | `/course/api/upload/pic` | High
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/etc/cron.daily/upstart` | High
|
||||
23 | File | `/fuel/sitevariables/delete/4` | High
|
||||
24 | File | `/goform/aspForm` | High
|
||||
25 | File | `/itop/webservices/export-v2.php` | High
|
||||
26 | File | `/login.html` | Medium
|
||||
27 | File | `/nova/bin/sniffer` | High
|
||||
28 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
29 | File | `/ofrs/admin/?page=reports` | High
|
||||
30 | File | `/ofrs/admin/?page=requests/manage_request` | High
|
||||
31 | ... | ... | ...
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin/scheprofile.cgi` | High
|
||||
3 | File | `/admin/showbad.php` | High
|
||||
4 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
5 | File | `/alarm_pi/alarmService.php` | High
|
||||
6 | File | `/bsms/?page=manage_account` | High
|
||||
7 | File | `/cgi-bin/webproc` | High
|
||||
8 | File | `/cgi/get_param.cgi` | High
|
||||
9 | File | `/company` | Medium
|
||||
10 | File | `/company/down_resume/total/nature` | High
|
||||
11 | File | `/company/service/increment/add/im` | High
|
||||
12 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
13 | File | `/dashboard/reports/logs/view` | High
|
||||
14 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
15 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
|
||||
16 | File | `/defaultui/player/modern.html` | High
|
||||
17 | File | `/dl/dl_sendmail.php` | High
|
||||
18 | File | `/dl/dl_sendsms.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fuel/sitevariables/delete/4` | High
|
||||
21 | File | `/goform/aspForm` | High
|
||||
22 | File | `/goform/SetFirewallCfg` | High
|
||||
23 | File | `/goform/wlanPrimaryNetwork` | High
|
||||
24 | File | `/home/campus/campus_job` | High
|
||||
25 | File | `/home/job/index` | High
|
||||
26 | File | `/home/job/map` | High
|
||||
27 | File | `/IISADMPWD` | Medium
|
||||
28 | File | `/images/background/1.php` | High
|
||||
29 | File | `/index.php/weblinks-categories` | High
|
||||
30 | File | `/index.php?action=seomatic/file/seo-file-link` | High
|
||||
31 | File | `/index/notice/show` | High
|
||||
32 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
33 | File | `/job` | Low
|
||||
34 | File | `/linkedcontent/editfolder.php` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -56,43 +56,43 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/cgi-bin/login_action.cgi` | High
|
||||
8 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
9 | File | `/checkLogin.cgi` | High
|
||||
10 | File | `/clientes/visualizar` | High
|
||||
11 | File | `/cms/print.php` | High
|
||||
12 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
13 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
14 | File | `/data/remove` | Medium
|
||||
15 | File | `/etc/passwd` | Medium
|
||||
16 | File | `/goforms/rlminfo` | High
|
||||
17 | File | `/login` | Low
|
||||
18 | File | `/navigate/navigate_download.php` | High
|
||||
19 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
20 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
21 | File | `/oputilsServlet` | High
|
||||
22 | File | `/out.php` | Medium
|
||||
23 | File | `/owa/auth/logon.aspx` | High
|
||||
24 | File | `/p` | Low
|
||||
25 | File | `/password.html` | High
|
||||
26 | File | `/proc/ioports` | High
|
||||
27 | File | `/property-list/property_view.php` | High
|
||||
28 | File | `/ptms/classes/Users.php` | High
|
||||
29 | File | `/rest` | Low
|
||||
30 | File | `/rest/api/2/search` | High
|
||||
31 | File | `/s/` | Low
|
||||
32 | File | `/scripts/cpan_config` | High
|
||||
33 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
34 | File | `/services/system/setup.json` | High
|
||||
35 | File | `/uncpath/` | Medium
|
||||
36 | File | `/vloggers_merch/?p=view_product` | High
|
||||
37 | File | `/webconsole/APIController` | High
|
||||
38 | File | `/websocket/exec` | High
|
||||
39 | File | `/wp-admin/admin-ajax.php` | High
|
||||
40 | File | `/wp-json` | Medium
|
||||
41 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
42 | File | `/_next` | Low
|
||||
43 | File | `4.edu.php\conn\function.php` | High
|
||||
44 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
45 | File | `adclick.php` | Medium
|
||||
46 | File | `addentry.php` | Medium
|
||||
10 | File | `/cms/print.php` | High
|
||||
11 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
12 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
13 | File | `/data/remove` | Medium
|
||||
14 | File | `/etc/passwd` | Medium
|
||||
15 | File | `/goforms/rlminfo` | High
|
||||
16 | File | `/login` | Low
|
||||
17 | File | `/navigate/navigate_download.php` | High
|
||||
18 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
19 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
20 | File | `/oputilsServlet` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/owa/auth/logon.aspx` | High
|
||||
23 | File | `/p` | Low
|
||||
24 | File | `/password.html` | High
|
||||
25 | File | `/proc/ioports` | High
|
||||
26 | File | `/property-list/property_view.php` | High
|
||||
27 | File | `/ptms/classes/Users.php` | High
|
||||
28 | File | `/rest` | Low
|
||||
29 | File | `/rest/api/2/search` | High
|
||||
30 | File | `/s/` | Low
|
||||
31 | File | `/scripts/cpan_config` | High
|
||||
32 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
33 | File | `/services/system/setup.json` | High
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/vloggers_merch/?p=view_product` | High
|
||||
36 | File | `/webconsole/APIController` | High
|
||||
37 | File | `/websocket/exec` | High
|
||||
38 | File | `/wp-admin/admin-ajax.php` | High
|
||||
39 | File | `/wp-json` | Medium
|
||||
40 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
41 | File | `/_next` | Low
|
||||
42 | File | `4.edu.php\conn\function.php` | High
|
||||
43 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
44 | File | `adclick.php` | Medium
|
||||
45 | File | `addentry.php` | Medium
|
||||
46 | File | `admin/category.inc.php` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 407 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -54,9 +54,11 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
24 | [35.165.197.209](https://vuldb.com/?ip.35.165.197.209) | ec2-35-165-197-209.us-west-2.compute.amazonaws.com | - | Medium
|
||||
25 | [40.76.4.15](https://vuldb.com/?ip.40.76.4.15) | - | - | High
|
||||
26 | [40.112.72.205](https://vuldb.com/?ip.40.112.72.205) | - | - | High
|
||||
27 | ... | ... | ... | ...
|
||||
27 | [40.113.200.201](https://vuldb.com/?ip.40.113.200.201) | - | - | High
|
||||
28 | [45.14.226.23](https://vuldb.com/?ip.45.14.226.23) | - | - | High
|
||||
29 | ... | ... | ... | ...
|
||||
|
||||
There are 104 more IOC items available. Please use our online service to access the data.
|
||||
There are 112 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -81,13 +83,14 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/include/makecvs.php` | High
|
||||
3 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||
4 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
5 | File | `add.php` | Low
|
||||
6 | File | `admin/admin.shtml` | High
|
||||
7 | File | `cat.asp` | Low
|
||||
8 | File | `class.phpmailer.php` | High
|
||||
9 | ... | ... | ...
|
||||
5 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
6 | File | `add.php` | Low
|
||||
7 | File | `admin/admin.shtml` | High
|
||||
8 | File | `bpf-object-fuzzer.c` | High
|
||||
9 | File | `cal.php` | Low
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 66 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 74 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -97,6 +100,10 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/05/threat-roundup-0514-0521.html
|
||||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html
|
||||
* https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.html
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-16%20BazarLoader%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-17%20BazarLoader%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-03%20BazarLoader%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-08%20BazarCall%20IOCs
|
||||
* https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
|
||||
* https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/
|
||||
* https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/
|
||||
|
|
|
@ -60,9 +60,10 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `admin.cgi` | Medium
|
||||
12 | File | `admin/category.inc.php` | High
|
||||
13 | File | `admin/vqmods.app/vqmods.inc.php` | High
|
||||
14 | ... | ... | ...
|
||||
14 | File | `auth2-gss.c` | Medium
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 111 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 116 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Black KingDom:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -47,46 +47,40 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
|
||||
2 | File | `/admin.php?r=admin/AdminBackup/del` | High
|
||||
3 | File | `/admin/edit.php` | High
|
||||
4 | File | `/admin/goods/update` | High
|
||||
5 | File | `/admin/inbox.php&action=delete` | High
|
||||
6 | File | `/admin/inbox.php&action=read` | High
|
||||
7 | File | `/admin/pagerole.php&action=edit` | High
|
||||
8 | File | `/admin/posts.php` | High
|
||||
9 | File | `/admin/posts.php&action=delete` | High
|
||||
10 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
11 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
|
||||
12 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
||||
13 | File | `/admin/uesrs.php&action=display&value=Hide` | High
|
||||
14 | File | `/admin/uesrs.php&action=display&value=Show` | High
|
||||
15 | File | `/admin/uesrs.php&action=type&userrole=User` | High
|
||||
16 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
17 | File | `/api/eventinstance` | High
|
||||
18 | File | `/appliance/users?action=edit` | High
|
||||
19 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
20 | File | `/blog/blog.php` | High
|
||||
21 | File | `/cdsms/classes/Master.php?f=delete_package` | High
|
||||
22 | File | `/cmd?cmd=connect` | High
|
||||
23 | File | `/coreframe/app/member/admin/group.php` | High
|
||||
24 | File | `/cwms/admin/?page=articles/view_article/` | High
|
||||
25 | File | `/cwms/classes/Master.php?f=save_contact` | High
|
||||
26 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
|
||||
27 | File | `/etc/zarafa/license` | High
|
||||
28 | File | `/goform/login_process` | High
|
||||
29 | File | `/goform/setpptpservercfg` | High
|
||||
30 | File | `/hocms/classes/Master.php?f=delete_member` | High
|
||||
31 | File | `/hocms/classes/Master.php?f=delete_phase` | High
|
||||
32 | File | `/include/make.php` | High
|
||||
33 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
|
||||
34 | File | `/jpg/image.jpg` | High
|
||||
35 | File | `/login` | Low
|
||||
36 | File | `/manager/files` | High
|
||||
37 | File | `/module/api.php?mobile/wapNasIPS` | High
|
||||
38 | ... | ... | ...
|
||||
1 | File | `../FILEDIR` | Medium
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/admin.php/Label/js_del` | High
|
||||
4 | File | `/admin.php/Label/page_del` | High
|
||||
5 | File | `/admin.php/Links/del` | High
|
||||
6 | File | `/admin.php/news/admin/news/save` | High
|
||||
7 | File | `/admin.php/pic/admin/lists/zhuan` | High
|
||||
8 | File | `/admin.php/pic/admin/type/del` | High
|
||||
9 | File | `/admin.php/pic/admin/type/hy` | High
|
||||
10 | File | `/admin.php/singer/admin/singer/hy` | High
|
||||
11 | File | `/admin.php/User/level_sort` | High
|
||||
12 | File | `/admin.php/user/zu_del` | High
|
||||
13 | File | `/bcms/admin/?page=court_rentals/view_court_rental` | High
|
||||
14 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
|
||||
15 | File | `/bcms/admin/?page=sales/view_details` | High
|
||||
16 | File | `/bcms/admin/?page=service_transactions/view_details` | High
|
||||
17 | File | `/bcms/admin/?page=user/manage_user` | High
|
||||
18 | File | `/cgi-bin` | Medium
|
||||
19 | File | `/cgi-bin/kerbynet` | High
|
||||
20 | File | `/checklogin.jsp` | High
|
||||
21 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
22 | File | `/classes/master.php?f=delete_facility` | High
|
||||
23 | File | `/controller/OnlinePreviewController.java` | High
|
||||
24 | File | `/course/api/upload/pic` | High
|
||||
25 | File | `/ctpms/classes/Users.php?f=save` | High
|
||||
26 | File | `/defaultui/player/modern.html` | High
|
||||
27 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
28 | File | `/ecrire` | Low
|
||||
29 | File | `/goform/aspForm` | High
|
||||
30 | File | `/hocms/classes/Master.php?f=delete_phase` | High
|
||||
31 | File | `/home/jobfairol/resumelist` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -47,45 +47,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php/admin/art/data.html` | High
|
||||
2 | File | `/admin.php/admin/plog/index.html` | High
|
||||
3 | File | `/admin.php/admin/ulog/index.html` | High
|
||||
4 | File | `/admin.php/admin/website/data.html` | High
|
||||
5 | File | `/admin.php/Label/js_del` | High
|
||||
6 | File | `/admin.php/Label/page_del` | High
|
||||
7 | File | `/admin.php/user/zu_del` | High
|
||||
8 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
|
||||
9 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
|
||||
10 | File | `/admin/edit.php` | High
|
||||
11 | File | `/admin/inbox.php&action=read` | High
|
||||
12 | File | `/admin/new-content` | High
|
||||
13 | File | `/admin/posts.php` | High
|
||||
14 | File | `/admin/posts.php&action=delete` | High
|
||||
15 | File | `/admin/run_ajax.php` | High
|
||||
16 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
17 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
||||
18 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
|
||||
19 | File | `/api/programs/orgUnits?programs` | High
|
||||
20 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
21 | File | `/bcms/admin/?page=service_transactions/manage_service_transaction` | High
|
||||
22 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
|
||||
23 | File | `/blog/blog.php` | High
|
||||
24 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
25 | File | `/cgi-bin/kerbynet` | High
|
||||
26 | File | `/checklogin.jsp` | High
|
||||
27 | File | `/cms/classes/Master.php?f=delete_service` | High
|
||||
28 | File | `/config/list` | Medium
|
||||
29 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
30 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
31 | File | `/etc/ajenti/config.yml` | High
|
||||
1 | File | `/admin.php/admin/plog/index.html` | High
|
||||
2 | File | `/admin.php/admin/ulog/index.html` | High
|
||||
3 | File | `/admin.php/Label/js_del` | High
|
||||
4 | File | `/admin.php/Label/page_del` | High
|
||||
5 | File | `/admin.php/user/zu_del` | High
|
||||
6 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
|
||||
7 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
|
||||
8 | File | `/admin/edit.php` | High
|
||||
9 | File | `/admin/inbox.php&action=read` | High
|
||||
10 | File | `/admin/new-content` | High
|
||||
11 | File | `/admin/posts.php` | High
|
||||
12 | File | `/admin/posts.php&action=delete` | High
|
||||
13 | File | `/admin/run_ajax.php` | High
|
||||
14 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
15 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
||||
16 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
|
||||
17 | File | `/api/programs/orgUnits?programs` | High
|
||||
18 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
19 | File | `/bcms/admin/?page=service_transactions/manage_service_transaction` | High
|
||||
20 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
|
||||
21 | File | `/blog/blog.php` | High
|
||||
22 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
23 | File | `/cgi-bin/kerbynet` | High
|
||||
24 | File | `/cgi/get_param.cgi` | High
|
||||
25 | File | `/checklogin.jsp` | High
|
||||
26 | File | `/cms/classes/Master.php?f=delete_service` | High
|
||||
27 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
28 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
29 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
30 | File | `/etc/ajenti/config.yml` | High
|
||||
31 | File | `/fuel/sitevariables/delete/4` | High
|
||||
32 | File | `/goform/AdvSetLanIp` | High
|
||||
33 | File | `/goform/aspForm` | High
|
||||
34 | File | `/goform/delAd` | High
|
||||
35 | File | `/goform/form2Reboot.cgi` | High
|
||||
36 | File | `/goform/SetNetControlList` | High
|
||||
34 | File | `/goform/SetNetControlList` | High
|
||||
35 | File | `/goform/setNetworkLan` | High
|
||||
36 | File | `/goform/websURLFilterAddDel` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 319 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BlackEnergy:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [UA](https://vuldb.com/?country.ua)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -38,11 +38,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -50,21 +50,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/BRS_netgear_success.html` | High
|
||||
2 | File | `/uncpath/` | Medium
|
||||
3 | File | `/usr/bin/pkexec` | High
|
||||
4 | File | `/var/log/nginx` | High
|
||||
5 | File | `/webapps/blogs-journals/execute/editBlogEntry` | High
|
||||
6 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
7 | File | `/wp-json` | Medium
|
||||
8 | File | `adclick.php` | Medium
|
||||
9 | File | `add.php` | Low
|
||||
10 | File | `add.php/del.php` | High
|
||||
11 | File | `add_comment.php` | High
|
||||
12 | File | `admin/adminsignin.html` | High
|
||||
13 | ... | ... | ...
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
3 | File | `/admin/dl_sendmail.php` | High
|
||||
4 | File | `/admin/powerline` | High
|
||||
5 | File | `/admin/syslog` | High
|
||||
6 | File | `/Ap4RtpAtom.cpp` | High
|
||||
7 | File | `/api/upload` | Medium
|
||||
8 | File | `/bcms/admin/?page=user/list` | High
|
||||
9 | File | `/bsms/?page=manage_account` | High
|
||||
10 | File | `/cgi-bin` | Medium
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/dashboard/reports/logs/view` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
15 | File | `/fuel/sitevariables/delete/4` | High
|
||||
16 | File | `/librarian/bookdetails.php` | High
|
||||
17 | File | `/mgmt/tm/util/bash` | High
|
||||
18 | File | `/monitoring` | Medium
|
||||
19 | File | `/new` | Low
|
||||
20 | File | `/proc/<pid>/status` | High
|
||||
21 | File | `/public/plugins/` | High
|
||||
22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
23 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
24 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
25 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
26 | File | `/tmp` | Low
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/usr/bin/pkexec` | High
|
||||
29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
30 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `AccountManagerService.java` | High
|
||||
33 | File | `actions/CompanyDetailsSave.php` | High
|
||||
34 | File | `ActiveServices.java` | High
|
||||
35 | File | `ActivityManagerService.java` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 105 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -35,11 +35,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -51,28 +51,29 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/.env` | Low
|
||||
3 | File | `/cgi-bin/nobody` | High
|
||||
4 | File | `/cgi-bin/nobody/Search.cgi` | High
|
||||
5 | File | `/etc/passwd` | Medium
|
||||
6 | File | `/forum/away.php` | High
|
||||
7 | File | `/get_getnetworkconf.cgi` | High
|
||||
8 | File | `/horde/util/go.php` | High
|
||||
9 | File | `/mobile_seal/get_seal.php` | High
|
||||
10 | File | `/new` | Low
|
||||
11 | File | `/nova/bin/detnet` | High
|
||||
12 | File | `/show_news.php` | High
|
||||
13 | File | `/tmp` | Low
|
||||
14 | File | `/uncpath/` | Medium
|
||||
15 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
|
||||
16 | File | `/ViewUserHover.jspa` | High
|
||||
17 | File | `AccountStatus.jsp` | High
|
||||
18 | File | `adclick.php` | Medium
|
||||
19 | File | `add.php` | Low
|
||||
20 | File | `admin/systemOutOfBand.do` | High
|
||||
21 | File | `app/application.cpp` | High
|
||||
22 | File | `auth-gss2.c` | Medium
|
||||
23 | File | `authent.php4` | Medium
|
||||
24 | ... | ... | ...
|
||||
5 | File | `/edit-db.php` | Medium
|
||||
6 | File | `/etc/passwd` | Medium
|
||||
7 | File | `/forum/away.php` | High
|
||||
8 | File | `/get_getnetworkconf.cgi` | High
|
||||
9 | File | `/horde/util/go.php` | High
|
||||
10 | File | `/mobile_seal/get_seal.php` | High
|
||||
11 | File | `/new` | Low
|
||||
12 | File | `/nova/bin/detnet` | High
|
||||
13 | File | `/show_news.php` | High
|
||||
14 | File | `/tmp` | Low
|
||||
15 | File | `/uncpath/` | Medium
|
||||
16 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
|
||||
17 | File | `/ViewUserHover.jspa` | High
|
||||
18 | File | `AccountStatus.jsp` | High
|
||||
19 | File | `adclick.php` | Medium
|
||||
20 | File | `add.php` | Low
|
||||
21 | File | `admin/systemOutOfBand.do` | High
|
||||
22 | File | `app/application.cpp` | High
|
||||
23 | File | `auth-gss2.c` | Medium
|
||||
24 | File | `authent.php4` | Medium
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 202 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 211 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -54,41 +54,40 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/category_view.php` | High
|
||||
11 | File | `/cgi-bin/wapopen` | High
|
||||
12 | File | `/cgi-mod/lookup.cgi` | High
|
||||
13 | File | `/cgi?1&5` | Medium
|
||||
14 | File | `/config/getuser` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
17 | File | `/iissamples` | Medium
|
||||
18 | File | `/interface/main/backup.php` | High
|
||||
19 | File | `/new` | Low
|
||||
20 | File | `/public/plugins/` | High
|
||||
21 | File | `/requests.php` | High
|
||||
22 | File | `/sbin/gs_config` | High
|
||||
23 | File | `/scripts/cpan_config` | High
|
||||
24 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
25 | File | `/spip.php` | Medium
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/usr/bin/pkexec` | High
|
||||
28 | File | `/usr/sbin/nagios` | High
|
||||
29 | File | `/usr/sbin/suexec` | High
|
||||
30 | File | `/WEB-INF/web.xml` | High
|
||||
31 | File | `/webman/info.cgi` | High
|
||||
32 | File | `/wp-admin/admin-ajax.php` | High
|
||||
33 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
34 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
35 | File | `/_internal` | Medium
|
||||
36 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
37 | File | `adclick.php` | Medium
|
||||
38 | File | `admin.php?m=admin&c=site&a=save` | High
|
||||
39 | File | `admin.php?page=languages` | High
|
||||
40 | File | `admin/admin_users.php` | High
|
||||
41 | File | `admin/conf_users_edit.php` | High
|
||||
42 | File | `admin/index.php` | High
|
||||
43 | File | `admin/ops/reports/ops/news.php` | High
|
||||
44 | File | `adminer.php` | Medium
|
||||
45 | ... | ... | ...
|
||||
13 | File | `/common/info.cgi` | High
|
||||
14 | File | `/common/ticket_associated_tickets.php` | High
|
||||
15 | File | `/config/getuser` | High
|
||||
16 | File | `/debug/pprof` | Medium
|
||||
17 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
18 | File | `/iissamples` | Medium
|
||||
19 | File | `/interface/main/backup.php` | High
|
||||
20 | File | `/new` | Low
|
||||
21 | File | `/platform.cgi` | High
|
||||
22 | File | `/public/plugins/` | High
|
||||
23 | File | `/requests.php` | High
|
||||
24 | File | `/sbin/gs_config` | High
|
||||
25 | File | `/scripts/cpan_config` | High
|
||||
26 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
27 | File | `/spip.php` | Medium
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/usr/bin/pkexec` | High
|
||||
30 | File | `/usr/sbin/nagios` | High
|
||||
31 | File | `/usr/sbin/suexec` | High
|
||||
32 | File | `/WEB-INF/web.xml` | High
|
||||
33 | File | `/webman/info.cgi` | High
|
||||
34 | File | `/wp-admin/admin-ajax.php` | High
|
||||
35 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
36 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
37 | File | `/_internal` | Medium
|
||||
38 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
39 | File | `adclick.php` | Medium
|
||||
40 | File | `admin.php?page=languages` | High
|
||||
41 | File | `admin/admin_users.php` | High
|
||||
42 | File | `admin/conf_users_edit.php` | High
|
||||
43 | File | `admin/index.php` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -92,10 +92,9 @@ ID | Type | Indicator | Confidence
|
|||
34 | File | `/ofcms/company-c-47` | High
|
||||
35 | File | `/proc/*/cmdline"` | High
|
||||
36 | File | `/proc/pid/syscall` | High
|
||||
37 | File | `/product_list.php` | High
|
||||
38 | ... | ... | ...
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 324 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -124,7 +124,7 @@ ID | Type | Indicator | Confidence
|
|||
36 | File | `admin/conf_users_edit.php` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cerber:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,26 +21,77 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.9.49.12](https://vuldb.com/?ip.5.9.49.12) | static.12.49.9.5.clients.your-server.de | - | High
|
||||
2 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | - | High
|
||||
3 | [5.196.159.173](https://vuldb.com/?ip.5.196.159.173) | - | - | High
|
||||
4 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
5 | [23.94.5.133](https://vuldb.com/?ip.23.94.5.133) | 23-94-5-133-host.colocrossing.com | - | High
|
||||
6 | [23.152.0.36](https://vuldb.com/?ip.23.152.0.36) | tcts-000036.techtrapes.com | - | High
|
||||
7 | [34.199.22.139](https://vuldb.com/?ip.34.199.22.139) | ec2-34-199-22-139.compute-1.amazonaws.com | - | Medium
|
||||
8 | [45.32.28.232](https://vuldb.com/?ip.45.32.28.232) | - | - | High
|
||||
9 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | - | High
|
||||
10 | [45.56.117.118](https://vuldb.com/?ip.45.56.117.118) | li935-118.members.linode.com | - | High
|
||||
11 | [45.63.25.55](https://vuldb.com/?ip.45.63.25.55) | 45.63.25.55.vultr.com | - | Medium
|
||||
12 | [45.63.99.180](https://vuldb.com/?ip.45.63.99.180) | 45.63.99.180.vultr.com | - | Medium
|
||||
13 | [52.2.101.52](https://vuldb.com/?ip.52.2.101.52) | ec2-52-2-101-52.compute-1.amazonaws.com | - | Medium
|
||||
14 | [52.21.132.24](https://vuldb.com/?ip.52.21.132.24) | ec2-52-21-132-24.compute-1.amazonaws.com | - | Medium
|
||||
15 | [54.84.252.139](https://vuldb.com/?ip.54.84.252.139) | ec2-54-84-252-139.compute-1.amazonaws.com | - | Medium
|
||||
16 | [54.87.5.88](https://vuldb.com/?ip.54.87.5.88) | ec2-54-87-5-88.compute-1.amazonaws.com | - | Medium
|
||||
17 | [54.88.175.149](https://vuldb.com/?ip.54.88.175.149) | ec2-54-88-175-149.compute-1.amazonaws.com | - | Medium
|
||||
18 | ... | ... | ... | ...
|
||||
1 | [3.225.205.112](https://vuldb.com/?ip.3.225.205.112) | ec2-3-225-205-112.compute-1.amazonaws.com | - | Medium
|
||||
2 | [5.9.49.12](https://vuldb.com/?ip.5.9.49.12) | static.12.49.9.5.clients.your-server.de | - | High
|
||||
3 | [5.9.72.48](https://vuldb.com/?ip.5.9.72.48) | cpanelbk.pcready.me | - | High
|
||||
4 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | - | High
|
||||
5 | [5.196.159.173](https://vuldb.com/?ip.5.196.159.173) | - | - | High
|
||||
6 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
7 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
|
||||
8 | [20.189.173.20](https://vuldb.com/?ip.20.189.173.20) | - | - | High
|
||||
9 | [20.189.173.21](https://vuldb.com/?ip.20.189.173.21) | - | - | High
|
||||
10 | [20.189.173.22](https://vuldb.com/?ip.20.189.173.22) | - | - | High
|
||||
11 | [23.94.5.133](https://vuldb.com/?ip.23.94.5.133) | 23-94-5-133-host.colocrossing.com | - | High
|
||||
12 | [23.152.0.36](https://vuldb.com/?ip.23.152.0.36) | tcts-000036.techtrapes.com | - | High
|
||||
13 | [31.184.234.0](https://vuldb.com/?ip.31.184.234.0) | - | - | High
|
||||
14 | [31.184.234.90](https://vuldb.com/?ip.31.184.234.90) | - | - | High
|
||||
15 | [31.184.234.91](https://vuldb.com/?ip.31.184.234.91) | - | - | High
|
||||
16 | [31.184.234.92](https://vuldb.com/?ip.31.184.234.92) | - | - | High
|
||||
17 | [31.184.234.93](https://vuldb.com/?ip.31.184.234.93) | - | - | High
|
||||
18 | [31.184.234.94](https://vuldb.com/?ip.31.184.234.94) | - | - | High
|
||||
19 | [31.184.234.95](https://vuldb.com/?ip.31.184.234.95) | - | - | High
|
||||
20 | [31.184.234.96](https://vuldb.com/?ip.31.184.234.96) | - | - | High
|
||||
21 | [31.184.234.97](https://vuldb.com/?ip.31.184.234.97) | - | - | High
|
||||
22 | [31.184.234.98](https://vuldb.com/?ip.31.184.234.98) | - | - | High
|
||||
23 | [31.184.234.99](https://vuldb.com/?ip.31.184.234.99) | - | - | High
|
||||
24 | [31.184.234.128](https://vuldb.com/?ip.31.184.234.128) | - | - | High
|
||||
25 | [31.184.234.192](https://vuldb.com/?ip.31.184.234.192) | - | - | High
|
||||
26 | [31.184.234.224](https://vuldb.com/?ip.31.184.234.224) | - | - | High
|
||||
27 | [31.184.234.240](https://vuldb.com/?ip.31.184.234.240) | - | - | High
|
||||
28 | [31.184.234.248](https://vuldb.com/?ip.31.184.234.248) | - | - | High
|
||||
29 | [31.184.234.252](https://vuldb.com/?ip.31.184.234.252) | - | - | High
|
||||
30 | [31.184.234.254](https://vuldb.com/?ip.31.184.234.254) | - | - | High
|
||||
31 | [31.184.235.0](https://vuldb.com/?ip.31.184.235.0) | - | - | High
|
||||
32 | [31.184.235.90](https://vuldb.com/?ip.31.184.235.90) | - | - | High
|
||||
33 | [31.184.235.91](https://vuldb.com/?ip.31.184.235.91) | - | - | High
|
||||
34 | [31.184.235.92](https://vuldb.com/?ip.31.184.235.92) | - | - | High
|
||||
35 | [31.184.235.93](https://vuldb.com/?ip.31.184.235.93) | - | - | High
|
||||
36 | [31.184.235.94](https://vuldb.com/?ip.31.184.235.94) | - | - | High
|
||||
37 | [31.184.235.95](https://vuldb.com/?ip.31.184.235.95) | - | - | High
|
||||
38 | [31.184.235.96](https://vuldb.com/?ip.31.184.235.96) | - | - | High
|
||||
39 | [31.184.235.97](https://vuldb.com/?ip.31.184.235.97) | - | - | High
|
||||
40 | [31.184.235.98](https://vuldb.com/?ip.31.184.235.98) | - | - | High
|
||||
41 | [31.184.235.99](https://vuldb.com/?ip.31.184.235.99) | - | - | High
|
||||
42 | [31.184.235.128](https://vuldb.com/?ip.31.184.235.128) | - | - | High
|
||||
43 | [31.184.235.192](https://vuldb.com/?ip.31.184.235.192) | - | - | High
|
||||
44 | [31.184.235.212](https://vuldb.com/?ip.31.184.235.212) | - | - | High
|
||||
45 | [31.184.235.213](https://vuldb.com/?ip.31.184.235.213) | - | - | High
|
||||
46 | [31.184.235.214](https://vuldb.com/?ip.31.184.235.214) | - | - | High
|
||||
47 | [31.184.235.215](https://vuldb.com/?ip.31.184.235.215) | - | - | High
|
||||
48 | [31.184.235.218](https://vuldb.com/?ip.31.184.235.218) | - | - | High
|
||||
49 | [31.184.235.224](https://vuldb.com/?ip.31.184.235.224) | - | - | High
|
||||
50 | [31.184.235.240](https://vuldb.com/?ip.31.184.235.240) | - | - | High
|
||||
51 | [31.184.235.248](https://vuldb.com/?ip.31.184.235.248) | - | - | High
|
||||
52 | [31.184.235.252](https://vuldb.com/?ip.31.184.235.252) | - | - | High
|
||||
53 | [31.184.235.254](https://vuldb.com/?ip.31.184.235.254) | - | - | High
|
||||
54 | [34.193.185.171](https://vuldb.com/?ip.34.193.185.171) | ec2-34-193-185-171.compute-1.amazonaws.com | - | Medium
|
||||
55 | [34.199.22.139](https://vuldb.com/?ip.34.199.22.139) | ec2-34-199-22-139.compute-1.amazonaws.com | - | Medium
|
||||
56 | [34.206.50.228](https://vuldb.com/?ip.34.206.50.228) | ec2-34-206-50-228.compute-1.amazonaws.com | - | Medium
|
||||
57 | [45.32.28.232](https://vuldb.com/?ip.45.32.28.232) | - | - | High
|
||||
58 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | - | High
|
||||
59 | [45.56.117.118](https://vuldb.com/?ip.45.56.117.118) | li935-118.members.linode.com | - | High
|
||||
60 | [45.63.25.55](https://vuldb.com/?ip.45.63.25.55) | 45.63.25.55.vultr.com | - | Medium
|
||||
61 | [45.63.99.180](https://vuldb.com/?ip.45.63.99.180) | 45.63.99.180.vultr.com | - | Medium
|
||||
62 | [45.90.34.87](https://vuldb.com/?ip.45.90.34.87) | - | - | High
|
||||
63 | [46.165.221.154](https://vuldb.com/?ip.46.165.221.154) | - | - | High
|
||||
64 | [49.128.155.97](https://vuldb.com/?ip.49.128.155.97) | i49-128-155-097.us.mics.ne.jp | - | High
|
||||
65 | [50.74.193.180](https://vuldb.com/?ip.50.74.193.180) | rrcs-50-74-193-180.nyc.biz.rr.com | - | High
|
||||
66 | [50.80.204.45](https://vuldb.com/?ip.50.80.204.45) | 50-80-204-45.client.mchsi.com | - | High
|
||||
67 | [52.2.101.52](https://vuldb.com/?ip.52.2.101.52) | ec2-52-2-101-52.compute-1.amazonaws.com | - | Medium
|
||||
68 | [52.21.132.24](https://vuldb.com/?ip.52.21.132.24) | ec2-52-21-132-24.compute-1.amazonaws.com | - | Medium
|
||||
69 | ... | ... | ... | ...
|
||||
|
||||
There are 66 more IOC items available. Please use our online service to access the data.
|
||||
There are 274 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -50,10 +101,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,36 +112,65 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/login_action.cgi` | High
|
||||
2 | File | `/DbXmlInfo.xml` | High
|
||||
3 | File | `/forms/web_importTFTP` | High
|
||||
4 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
5 | File | `/plugin/extended-choice-parameter/js/` | High
|
||||
6 | File | `/rest/api/1.0/render` | High
|
||||
7 | File | `/sap/public/bc/abap` | High
|
||||
8 | File | `/search.php` | Medium
|
||||
9 | File | `/shell?cmd` | Medium
|
||||
10 | File | `activateuser.aspx` | High
|
||||
11 | File | `addentry.php` | Medium
|
||||
12 | File | `AndroidManifest.xml` | High
|
||||
13 | File | `application/admin/controller/Admin.php` | High
|
||||
14 | File | `asm/preproc.c` | High
|
||||
15 | File | `auth-gss2.c` | Medium
|
||||
16 | File | `authent.php4` | Medium
|
||||
17 | File | `bgp_packet.c` | Medium
|
||||
18 | File | `catalog.asp` | Medium
|
||||
19 | File | `Cgi/confirm.py` | High
|
||||
20 | File | `cli/caff.c` | Medium
|
||||
21 | File | `cli/dsdiff.c` | Medium
|
||||
22 | File | `content/unity-api.js` | High
|
||||
23 | ... | ... | ...
|
||||
1 | File | `/.ssh/authorized_keys` | High
|
||||
2 | File | `/car.php` | Medium
|
||||
3 | File | `/cgi-bin/luci/api/auth` | High
|
||||
4 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
5 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
6 | File | `/core/admin/categories.php` | High
|
||||
7 | File | `/dashboards/#` | High
|
||||
8 | File | `/etc/config/image_sign` | High
|
||||
9 | File | `/etc/controller-agent/agent.conf` | High
|
||||
10 | File | `/etc/groups` | Medium
|
||||
11 | File | `/etc/sudoers` | Medium
|
||||
12 | File | `/filemanager/php/connector.php` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/fudforum/adm/hlplist.php` | High
|
||||
15 | File | `/GponForm/fsetup_Form` | High
|
||||
16 | File | `/log_download.cgi` | High
|
||||
17 | File | `/mgmt/tm/util/bash` | High
|
||||
18 | File | `/modules/profile/index.php` | High
|
||||
19 | File | `/MTFWU` | Low
|
||||
20 | File | `/out.php` | Medium
|
||||
21 | File | `/php/passport/index.php` | High
|
||||
22 | File | `/public/plugins/` | High
|
||||
23 | File | `/s/` | Low
|
||||
24 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
25 | File | `/server-info` | Medium
|
||||
26 | File | `/tmp` | Low
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/updown/upload.cgi` | High
|
||||
29 | File | `/user-utils/users/md5.json` | High
|
||||
30 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 191 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 264 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
|
||||
* https://blog.talosintelligence.com/2019/04/threat-roundup-0405-0412.html
|
||||
* https://blog.talosintelligence.com/2019/04/threat-roundup-0412-0419.html
|
||||
* https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
|
||||
* https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
|
||||
* https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html
|
||||
* https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
|
||||
* https://blog.talosintelligence.com/2019/09/threat-roundup-0913-0920.html
|
||||
* https://blog.talosintelligence.com/2019/09/threat-roundup-0920-0927.html
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html
|
||||
* https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html
|
||||
* https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html
|
||||
* https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
|
||||
* https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html
|
||||
* https://blog.talosintelligence.com/2020/04/threat-roundup-0403-0410.html
|
||||
* https://blog.talosintelligence.com/2020/04/threat-roundup-0417-0424.html
|
||||
* https://blog.talosintelligence.com/2020/07/threat-roundup-0724-0731.html
|
||||
* https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-1002-1009.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-1023-1030.html
|
||||
* https://blog.talosintelligence.com/2020/11/threat-roundup-1106-1113.html
|
||||
* https://blog.talosintelligence.com/2021/01/threat-roundup-0122.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0129-0205.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0205-0212.html
|
||||
|
@ -101,6 +181,9 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
|
||||
* https://blog.talosintelligence.com/2021/11/threat-roundup-1029-1105.html
|
||||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0128-0204.html
|
||||
* https://blog.talosintelligence.com/2022/04/threat-roundup-0415-0422.html
|
||||
* https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
|
||||
* https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -81,7 +81,7 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `admin.php` | Medium
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 254 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,31 +24,35 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [5.34.248.225](https://vuldb.com/?ip.5.34.248.225) | ns2.newsnet.li | - | High
|
||||
2 | [5.39.81.111](https://vuldb.com/?ip.5.39.81.111) | pm.theglu.org | - | High
|
||||
3 | [5.103.128.88](https://vuldb.com/?ip.5.103.128.88) | 5.103.128.88.static.fibianet.dk | - | High
|
||||
4 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
5 | [13.107.246.13](https://vuldb.com/?ip.13.107.246.13) | - | - | High
|
||||
6 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
|
||||
7 | [20.41.46.145](https://vuldb.com/?ip.20.41.46.145) | - | - | High
|
||||
8 | [20.45.1.107](https://vuldb.com/?ip.20.45.1.107) | - | - | High
|
||||
9 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
|
||||
10 | [31.28.161.68](https://vuldb.com/?ip.31.28.161.68) | ntp.exact-time.org | - | High
|
||||
11 | [34.107.221.82](https://vuldb.com/?ip.34.107.221.82) | 82.221.107.34.bc.googleusercontent.com | - | Medium
|
||||
12 | [35.229.93.46](https://vuldb.com/?ip.35.229.93.46) | 46.93.229.35.bc.googleusercontent.com | - | Medium
|
||||
13 | [35.231.151.7](https://vuldb.com/?ip.35.231.151.7) | 7.151.231.35.bc.googleusercontent.com | - | Medium
|
||||
14 | [35.244.181.201](https://vuldb.com/?ip.35.244.181.201) | 201.181.244.35.bc.googleusercontent.com | - | Medium
|
||||
15 | [37.187.5.167](https://vuldb.com/?ip.37.187.5.167) | ks3370497.kimsufi.com | - | High
|
||||
16 | [37.187.20.28](https://vuldb.com/?ip.37.187.20.28) | ns397460.ip-37-187-20.eu | - | High
|
||||
17 | [40.67.189.14](https://vuldb.com/?ip.40.67.189.14) | - | - | High
|
||||
18 | [40.70.224.146](https://vuldb.com/?ip.40.70.224.146) | - | - | High
|
||||
19 | [40.76.4.15](https://vuldb.com/?ip.40.76.4.15) | - | - | High
|
||||
20 | [40.90.247.210](https://vuldb.com/?ip.40.90.247.210) | - | - | High
|
||||
21 | [40.91.124.111](https://vuldb.com/?ip.40.91.124.111) | - | - | High
|
||||
22 | [40.112.72.205](https://vuldb.com/?ip.40.112.72.205) | - | - | High
|
||||
23 | [40.113.200.201](https://vuldb.com/?ip.40.113.200.201) | - | - | High
|
||||
24 | [45.87.76.3](https://vuldb.com/?ip.45.87.76.3) | ntp.devrandom.be | - | High
|
||||
25 | [46.17.46.226](https://vuldb.com/?ip.46.17.46.226) | brtnjbjgyi.quest | - | High
|
||||
26 | ... | ... | ... | ...
|
||||
4 | [5.199.135.170](https://vuldb.com/?ip.5.199.135.170) | ve1124.venus.servdiscount-customer.com | - | High
|
||||
5 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
6 | [13.107.246.13](https://vuldb.com/?ip.13.107.246.13) | - | - | High
|
||||
7 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
|
||||
8 | [20.41.46.145](https://vuldb.com/?ip.20.41.46.145) | - | - | High
|
||||
9 | [20.45.1.107](https://vuldb.com/?ip.20.45.1.107) | - | - | High
|
||||
10 | [20.72.235.82](https://vuldb.com/?ip.20.72.235.82) | - | - | High
|
||||
11 | [20.109.209.108](https://vuldb.com/?ip.20.109.209.108) | - | - | High
|
||||
12 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
|
||||
13 | [31.28.161.68](https://vuldb.com/?ip.31.28.161.68) | ntp.exact-time.org | - | High
|
||||
14 | [34.107.221.82](https://vuldb.com/?ip.34.107.221.82) | 82.221.107.34.bc.googleusercontent.com | - | Medium
|
||||
15 | [35.229.93.46](https://vuldb.com/?ip.35.229.93.46) | 46.93.229.35.bc.googleusercontent.com | - | Medium
|
||||
16 | [35.231.151.7](https://vuldb.com/?ip.35.231.151.7) | 7.151.231.35.bc.googleusercontent.com | - | Medium
|
||||
17 | [35.244.181.201](https://vuldb.com/?ip.35.244.181.201) | 201.181.244.35.bc.googleusercontent.com | - | Medium
|
||||
18 | [37.187.5.167](https://vuldb.com/?ip.37.187.5.167) | ks3370497.kimsufi.com | - | High
|
||||
19 | [37.187.20.28](https://vuldb.com/?ip.37.187.20.28) | ns397460.ip-37-187-20.eu | - | High
|
||||
20 | [40.67.189.14](https://vuldb.com/?ip.40.67.189.14) | - | - | High
|
||||
21 | [40.70.224.146](https://vuldb.com/?ip.40.70.224.146) | - | - | High
|
||||
22 | [40.76.4.15](https://vuldb.com/?ip.40.76.4.15) | - | - | High
|
||||
23 | [40.90.247.210](https://vuldb.com/?ip.40.90.247.210) | - | - | High
|
||||
24 | [40.91.124.111](https://vuldb.com/?ip.40.91.124.111) | - | - | High
|
||||
25 | [40.112.72.205](https://vuldb.com/?ip.40.112.72.205) | - | - | High
|
||||
26 | [40.113.200.201](https://vuldb.com/?ip.40.113.200.201) | - | - | High
|
||||
27 | [45.87.76.3](https://vuldb.com/?ip.45.87.76.3) | ntp.devrandom.be | - | High
|
||||
28 | [46.17.46.226](https://vuldb.com/?ip.46.17.46.226) | brtnjbjgyi.quest | - | High
|
||||
29 | [46.54.224.12](https://vuldb.com/?ip.46.54.224.12) | ntp1.kate-wing.si | - | High
|
||||
30 | ... | ... | ... | ...
|
||||
|
||||
There are 100 more IOC items available. Please use our online service to access the data.
|
||||
There are 118 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -72,39 +76,35 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/admin/config.php?display=disa&view=form` | High
|
||||
5 | File | `/category_view.php` | High
|
||||
6 | File | `/dev/kmem` | Medium
|
||||
7 | File | `/file?action=download&file` | High
|
||||
8 | File | `/medical/inventories.php` | High
|
||||
9 | File | `/monitoring` | Medium
|
||||
10 | File | `/NAGErrors` | Medium
|
||||
11 | File | `/plugins/servlet/audit/resource` | High
|
||||
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
13 | File | `/proc/ioports` | High
|
||||
14 | File | `/replication` | Medium
|
||||
15 | File | `/RestAPI` | Medium
|
||||
16 | File | `/rom-0` | Low
|
||||
17 | File | `/tmp` | Low
|
||||
18 | File | `/tmp/speedtest_urls.xml` | High
|
||||
19 | File | `/tmp/zarafa-vacation-*` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/upload` | Low
|
||||
22 | File | `/var/log/nginx` | High
|
||||
23 | File | `/wp-admin/admin.php` | High
|
||||
24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
25 | File | `abook_database.php` | High
|
||||
26 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
27 | File | `admin/index.php` | High
|
||||
28 | File | `admin/login.php` | High
|
||||
29 | File | `admin\model\catalog\download.php` | High
|
||||
30 | File | `ajax/render/widget_php` | High
|
||||
31 | File | `apcupsd.pid` | Medium
|
||||
32 | File | `api/sms/send-sms` | High
|
||||
33 | File | `api/v1/alarms` | High
|
||||
34 | ... | ... | ...
|
||||
4 | File | `/category_view.php` | High
|
||||
5 | File | `/dev/kmem` | Medium
|
||||
6 | File | `/file?action=download&file` | High
|
||||
7 | File | `/medical/inventories.php` | High
|
||||
8 | File | `/monitoring` | Medium
|
||||
9 | File | `/NAGErrors` | Medium
|
||||
10 | File | `/plugins/servlet/audit/resource` | High
|
||||
11 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
12 | File | `/replication` | Medium
|
||||
13 | File | `/RestAPI` | Medium
|
||||
14 | File | `/tmp` | Low
|
||||
15 | File | `/tmp/speedtest_urls.xml` | High
|
||||
16 | File | `/tmp/zarafa-vacation-*` | High
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `/upload` | Low
|
||||
19 | File | `/var/log/nginx` | High
|
||||
20 | File | `/wp-admin/admin.php` | High
|
||||
21 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
22 | File | `admin/index.php` | High
|
||||
23 | File | `admin\model\catalog\download.php` | High
|
||||
24 | File | `apcupsd.pid` | Medium
|
||||
25 | File | `api/sms/send-sms` | High
|
||||
26 | File | `api/v1/alarms` | High
|
||||
27 | File | `application/controller/InstallerController.php` | High
|
||||
28 | File | `apport/hookutils.py` | High
|
||||
29 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 295 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 258 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -119,6 +119,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2020/12/threat-roundup-1127-1204.html
|
||||
* https://blog.talosintelligence.com/2021/01/threat-roundup-0122.html
|
||||
* https://blog.talosintelligence.com/2021/09/threat-roundup-0903-0910.html
|
||||
* https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -54,10 +54,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -65,44 +65,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
3 | File | `/admin.php/Label/page_del` | High
|
||||
4 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
5 | File | `/admin/dl_sendsms.php` | High
|
||||
6 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
||||
7 | File | `/admin/uesrs.php&action=display&value=Hide` | High
|
||||
8 | File | `/administrator/templates/default/html/windows/right.php` | High
|
||||
9 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
10 | File | `/api/part_categories` | High
|
||||
11 | File | `/api/programs/orgUnits?programs` | High
|
||||
12 | File | `/api/students/me/courses/` | High
|
||||
13 | File | `/api/students/me/messages/` | High
|
||||
14 | File | `/Applications/Utilities/Terminal` | High
|
||||
15 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
16 | File | `/asms/classes/Master.php?f=delete_product` | High
|
||||
17 | File | `/asms/classes/Master.php?f=save_product` | High
|
||||
18 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
19 | File | `/cdsms/classes/Master.php?f=delete_package` | High
|
||||
20 | File | `/checklogin.jsp` | High
|
||||
21 | File | `/classes/master.php?f=delete_facility` | High
|
||||
22 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
23 | File | `/coreframe/app/member/admin/group.php` | High
|
||||
24 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
25 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
26 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
27 | File | `/default.php?idx=17` | High
|
||||
28 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
29 | File | `/ecrire` | Low
|
||||
30 | File | `/eris/index.php?q=result&searchfor=advancesearch` | High
|
||||
31 | File | `/goform/aspForm` | High
|
||||
32 | File | `/goform/saveParentControlInfo` | High
|
||||
33 | File | `/goform/SetClientState` | High
|
||||
34 | File | `/goform/SysToolReboot` | High
|
||||
35 | File | `/hocms/classes/Master.php?f=delete_member` | High
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
4 | File | `/admin.php/Label/page_del` | High
|
||||
5 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
6 | File | `/admin/dl_sendmail.php` | High
|
||||
7 | File | `/admin/dl_sendsms.php` | High
|
||||
8 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
9 | File | `/api/part_categories` | High
|
||||
10 | File | `/api/programs/orgUnits?programs` | High
|
||||
11 | File | `/api/students/me/courses/` | High
|
||||
12 | File | `/Applications/Utilities/Terminal` | High
|
||||
13 | File | `/asms/classes/Master.php?f=delete_product` | High
|
||||
14 | File | `/asms/classes/Master.php?f=save_product` | High
|
||||
15 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
16 | File | `/bsms/?page=manage_account` | High
|
||||
17 | File | `/cgi-bin/kerbynet` | High
|
||||
18 | File | `/checklogin.jsp` | High
|
||||
19 | File | `/classes/master.php?f=delete_facility` | High
|
||||
20 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
21 | File | `/company` | Medium
|
||||
22 | File | `/company/service/increment/add/im` | High
|
||||
23 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
24 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
25 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
26 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
27 | File | `/ecrire` | Low
|
||||
28 | File | `/eris/index.php?q=result&searchfor=advancesearch` | High
|
||||
29 | File | `/goform/aspForm` | High
|
||||
30 | File | `/goform/saveParentControlInfo` | High
|
||||
31 | File | `/goform/SetClientState` | High
|
||||
32 | File | `/htdocs/cgibin` | High
|
||||
33 | File | `/html/Solar_Ftp.php` | High
|
||||
34 | File | `/hub/api/user` | High
|
||||
35 | File | `/include/chart_generator.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 305 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -58,68 +58,66 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
3 | File | `/assets/ctx` | Medium
|
||||
4 | File | `/bsms/?page=products` | High
|
||||
5 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
6 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
7 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
8 | File | `/config/getuser` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
11 | File | `/ext/phar/phar_object.c` | High
|
||||
12 | File | `/filemanager/php/connector.php` | High
|
||||
13 | File | `/get_getnetworkconf.cgi` | High
|
||||
14 | File | `/HNAP1` | Low
|
||||
15 | File | `/include/chart_generator.php` | High
|
||||
16 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
17 | File | `/info.cgi` | Medium
|
||||
18 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
19 | File | `/mgmt/tm/util/bash` | High
|
||||
20 | File | `/modx/manager/index.php` | High
|
||||
21 | File | `/osm/REGISTER.cmd` | High
|
||||
22 | File | `/replication` | Medium
|
||||
23 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
24 | File | `/spip.php` | Medium
|
||||
25 | File | `/type.php` | Medium
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/usr/bin/pkexec` | High
|
||||
28 | File | `/Wedding-Management/package_detail.php` | High
|
||||
29 | File | `/zm/index.php` | High
|
||||
30 | File | `4.2.0.CP09` | Medium
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `802dot1xclientcert.cgi` | High
|
||||
33 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
34 | File | `add.exe` | Low
|
||||
35 | File | `admin-ajax.php` | High
|
||||
36 | File | `admin.color.php` | High
|
||||
37 | File | `admin.cropcanvas.php` | High
|
||||
38 | File | `admin.joomlaradiov5.php` | High
|
||||
39 | File | `admin.php` | Medium
|
||||
40 | File | `admin.php?m=Food&a=addsave` | High
|
||||
41 | File | `admin/conf_users_edit.php` | High
|
||||
42 | File | `admin/index.php` | High
|
||||
43 | File | `admin/limits.php` | High
|
||||
44 | File | `admin/user.php` | High
|
||||
45 | File | `admin/write-post.php` | High
|
||||
46 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
47 | File | `admin_events.php` | High
|
||||
48 | File | `akocomments.php` | High
|
||||
49 | File | `allopass-error.php` | High
|
||||
50 | File | `announcement.php` | High
|
||||
51 | File | `app.php` | Low
|
||||
52 | File | `apply.cgi` | Medium
|
||||
53 | File | `appointment.php` | High
|
||||
54 | File | `archiver\index.php` | High
|
||||
55 | File | `artlinks.dispnew.php` | High
|
||||
56 | File | `auth.inc.php` | Medium
|
||||
57 | File | `authorization.do` | High
|
||||
58 | File | `bb_usage_stats.php` | High
|
||||
59 | File | `binder.c` | Medium
|
||||
60 | ... | ... | ...
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
4 | File | `/assets/ctx` | Medium
|
||||
5 | File | `/bsms/?page=products` | High
|
||||
6 | File | `/cgi-bin/kerbynet` | High
|
||||
7 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
8 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
9 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
10 | File | `/config/getuser` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
13 | File | `/ext/phar/phar_object.c` | High
|
||||
14 | File | `/filemanager/php/connector.php` | High
|
||||
15 | File | `/get_getnetworkconf.cgi` | High
|
||||
16 | File | `/HNAP1` | Low
|
||||
17 | File | `/include/chart_generator.php` | High
|
||||
18 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
19 | File | `/info.cgi` | Medium
|
||||
20 | File | `/lists/admin/` | High
|
||||
21 | File | `/MagickCore/image.c` | High
|
||||
22 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
23 | File | `/mgmt/tm/util/bash` | High
|
||||
24 | File | `/modx/manager/index.php` | High
|
||||
25 | File | `/osm/REGISTER.cmd` | High
|
||||
26 | File | `/replication` | Medium
|
||||
27 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
28 | File | `/spip.php` | Medium
|
||||
29 | File | `/type.php` | Medium
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/usr/bin/pkexec` | High
|
||||
32 | File | `/Wedding-Management/package_detail.php` | High
|
||||
33 | File | `/zm/index.php` | High
|
||||
34 | File | `4.2.0.CP09` | Medium
|
||||
35 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
36 | File | `802dot1xclientcert.cgi` | High
|
||||
37 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
38 | File | `add.exe` | Low
|
||||
39 | File | `admin-ajax.php` | High
|
||||
40 | File | `admin.color.php` | High
|
||||
41 | File | `admin.cropcanvas.php` | High
|
||||
42 | File | `admin.joomlaradiov5.php` | High
|
||||
43 | File | `admin.php` | Medium
|
||||
44 | File | `admin.php?m=Food&a=addsave` | High
|
||||
45 | File | `admin/conf_users_edit.php` | High
|
||||
46 | File | `admin/index.php` | High
|
||||
47 | File | `admin/limits.php` | High
|
||||
48 | File | `admin/user.php` | High
|
||||
49 | File | `admin/write-post.php` | High
|
||||
50 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
51 | File | `admin_events.php` | High
|
||||
52 | File | `akocomments.php` | High
|
||||
53 | File | `allopass-error.php` | High
|
||||
54 | File | `announcement.php` | High
|
||||
55 | File | `app.php` | Low
|
||||
56 | File | `apply.cgi` | Medium
|
||||
57 | File | `appointment.php` | High
|
||||
58 | ... | ... | ...
|
||||
|
||||
There are 521 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 508 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -15,12 +15,12 @@ The following _campaigns_ are known and can be associated with Conti:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Conti:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 30 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -28,62 +28,495 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.11.85.34](https://vuldb.com/?ip.3.11.85.34) | ec2-3-11-85-34.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
2 | [3.135.216.86](https://vuldb.com/?ip.3.135.216.86) | ec2-3-135-216-86.us-east-2.compute.amazonaws.com | - | Medium
|
||||
3 | [5.1.81.68](https://vuldb.com/?ip.5.1.81.68) | mx4.tarifvergleichbhv.net | - | High
|
||||
4 | [5.2.78.37](https://vuldb.com/?ip.5.2.78.37) | - | - | High
|
||||
5 | [5.2.78.121](https://vuldb.com/?ip.5.2.78.121) | - | - | High
|
||||
6 | [5.34.178.185](https://vuldb.com/?ip.5.34.178.185) | hathi1.co.in | - | High
|
||||
7 | [5.34.181.18](https://vuldb.com/?ip.5.34.181.18) | storage-669286.hosted-by.itldc.com | - | High
|
||||
8 | [5.181.80.113](https://vuldb.com/?ip.5.181.80.113) | ip-80-113-bullethost.net | - | High
|
||||
9 | [5.181.80.214](https://vuldb.com/?ip.5.181.80.214) | ip-80-214-bullethost.net | - | High
|
||||
10 | [5.181.156.15](https://vuldb.com/?ip.5.181.156.15) | no-rdns.mivocloud.com | - | High
|
||||
11 | [5.181.156.166](https://vuldb.com/?ip.5.181.156.166) | 5-181-156-166.mivocloud.com | - | High
|
||||
12 | [5.181.156.226](https://vuldb.com/?ip.5.181.156.226) | no-rdns.mivocloud.com | - | High
|
||||
13 | [5.183.95.6](https://vuldb.com/?ip.5.183.95.6) | mail.zeakids.de | - | High
|
||||
14 | [5.196.197.27](https://vuldb.com/?ip.5.196.197.27) | - | - | High
|
||||
15 | [11.22.33.44](https://vuldb.com/?ip.11.22.33.44) | - | - | High
|
||||
16 | [13.56.161.214](https://vuldb.com/?ip.13.56.161.214) | ec2-13-56-161-214.us-west-1.compute.amazonaws.com | BazarLoader | Medium
|
||||
17 | [23.81.246.30](https://vuldb.com/?ip.23.81.246.30) | - | - | High
|
||||
18 | [23.82.140.137](https://vuldb.com/?ip.23.82.140.137) | - | - | High
|
||||
19 | [23.95.231.200](https://vuldb.com/?ip.23.95.231.200) | 23-95-231-200-host.colocrossing.com | - | High
|
||||
20 | [23.106.160.174](https://vuldb.com/?ip.23.106.160.174) | - | - | High
|
||||
21 | [23.146.242.134](https://vuldb.com/?ip.23.146.242.134) | - | - | High
|
||||
22 | [23.254.228.234](https://vuldb.com/?ip.23.254.228.234) | hwsrv-935246.hostwindsdns.com | - | High
|
||||
23 | [24.185.61.99](https://vuldb.com/?ip.24.185.61.99) | ool-18b93d63.dyn.optonline.net | - | High
|
||||
24 | [31.13.195.26](https://vuldb.com/?ip.31.13.195.26) | - | - | High
|
||||
25 | [31.13.195.144](https://vuldb.com/?ip.31.13.195.144) | - | - | High
|
||||
26 | [31.13.195.184](https://vuldb.com/?ip.31.13.195.184) | - | - | High
|
||||
27 | [31.14.40.95](https://vuldb.com/?ip.31.14.40.95) | - | - | High
|
||||
28 | [31.14.40.160](https://vuldb.com/?ip.31.14.40.160) | perico.cavepanel.com | BazarLoader | High
|
||||
29 | [31.14.40.220](https://vuldb.com/?ip.31.14.40.220) | - | - | High
|
||||
30 | [31.214.157.242](https://vuldb.com/?ip.31.214.157.242) | - | - | High
|
||||
31 | [34.219.130.241](https://vuldb.com/?ip.34.219.130.241) | ec2-34-219-130-241.us-west-2.compute.amazonaws.com | BazarLoader | Medium
|
||||
32 | [37.0.8.166](https://vuldb.com/?ip.37.0.8.166) | - | - | High
|
||||
33 | [37.1.209.181](https://vuldb.com/?ip.37.1.209.181) | - | - | High
|
||||
34 | [37.187.24.215](https://vuldb.com/?ip.37.187.24.215) | ns3206394.ip-37-187-24.eu | - | High
|
||||
35 | [37.220.6.122](https://vuldb.com/?ip.37.220.6.122) | mail.foxlontech.com | - | High
|
||||
36 | [37.235.53.46](https://vuldb.com/?ip.37.235.53.46) | gw1.mad1.vitalng.com | - | High
|
||||
37 | [38.88.223.172](https://vuldb.com/?ip.38.88.223.172) | - | - | High
|
||||
38 | [38.92.176.125](https://vuldb.com/?ip.38.92.176.125) | - | - | High
|
||||
39 | [38.92.191.89](https://vuldb.com/?ip.38.92.191.89) | - | - | High
|
||||
40 | [38.135.122.194](https://vuldb.com/?ip.38.135.122.194) | h194-us122.fcsrv.net | - | High
|
||||
41 | [43.126.75.91](https://vuldb.com/?ip.43.126.75.91) | - | - | High
|
||||
42 | [45.11.183.198](https://vuldb.com/?ip.45.11.183.198) | - | - | High
|
||||
43 | [45.11.183.211](https://vuldb.com/?ip.45.11.183.211) | - | - | High
|
||||
44 | [45.14.226.23](https://vuldb.com/?ip.45.14.226.23) | - | - | High
|
||||
45 | [45.14.226.47](https://vuldb.com/?ip.45.14.226.47) | - | - | High
|
||||
46 | [45.32.131.223](https://vuldb.com/?ip.45.32.131.223) | - | - | High
|
||||
47 | [45.32.132.182](https://vuldb.com/?ip.45.32.132.182) | 45.32.132.182.vultr.com | - | Medium
|
||||
48 | [45.61.136.221](https://vuldb.com/?ip.45.61.136.221) | - | - | High
|
||||
49 | [45.61.138.153](https://vuldb.com/?ip.45.61.138.153) | - | - | High
|
||||
50 | [45.67.228.196](https://vuldb.com/?ip.45.67.228.196) | moe.m | - | High
|
||||
51 | [45.126.75.91](https://vuldb.com/?ip.45.126.75.91) | 43.126.75.91.stargatecommunications.com | - | High
|
||||
52 | [45.141.101.253](https://vuldb.com/?ip.45.141.101.253) | ongu.golderitu.com | - | High
|
||||
53 | [45.141.103.194](https://vuldb.com/?ip.45.141.103.194) | ptr.ruvds.com | - | High
|
||||
54 | ... | ... | ... | ...
|
||||
1 | [1.1.1.1](https://vuldb.com/?ip.1.1.1.1) | one.one.one.one | - | High
|
||||
2 | [1.1.1.2](https://vuldb.com/?ip.1.1.1.2) | - | - | High
|
||||
3 | [1.1.1.22](https://vuldb.com/?ip.1.1.1.22) | - | - | High
|
||||
4 | [1.1.1.23](https://vuldb.com/?ip.1.1.1.23) | - | - | High
|
||||
5 | [1.1.1.31](https://vuldb.com/?ip.1.1.1.31) | - | - | High
|
||||
6 | [1.1.1.32](https://vuldb.com/?ip.1.1.1.32) | - | - | High
|
||||
7 | [1.1.1.47](https://vuldb.com/?ip.1.1.1.47) | - | - | High
|
||||
8 | [1.1.1.56](https://vuldb.com/?ip.1.1.1.56) | - | - | High
|
||||
9 | [1.1.1.112](https://vuldb.com/?ip.1.1.1.112) | - | - | High
|
||||
10 | [1.1.1.132](https://vuldb.com/?ip.1.1.1.132) | - | - | High
|
||||
11 | [1.1.2.1](https://vuldb.com/?ip.1.1.2.1) | - | - | High
|
||||
12 | [1.1.2.2](https://vuldb.com/?ip.1.1.2.2) | - | - | High
|
||||
13 | [1.1.2.4](https://vuldb.com/?ip.1.1.2.4) | - | - | High
|
||||
14 | [1.1.3.6](https://vuldb.com/?ip.1.1.3.6) | - | - | High
|
||||
15 | [1.1.3.7](https://vuldb.com/?ip.1.1.3.7) | - | - | High
|
||||
16 | [1.1.3.8](https://vuldb.com/?ip.1.1.3.8) | - | - | High
|
||||
17 | [1.1.4.1](https://vuldb.com/?ip.1.1.4.1) | - | - | High
|
||||
18 | [1.1.4.19](https://vuldb.com/?ip.1.1.4.19) | - | - | High
|
||||
19 | [1.1.4.223](https://vuldb.com/?ip.1.1.4.223) | - | - | High
|
||||
20 | [1.1.5.1](https://vuldb.com/?ip.1.1.5.1) | - | - | High
|
||||
21 | [1.1.6.1](https://vuldb.com/?ip.1.1.6.1) | - | - | High
|
||||
22 | [1.1.7.32](https://vuldb.com/?ip.1.1.7.32) | - | - | High
|
||||
23 | [1.1.8.1](https://vuldb.com/?ip.1.1.8.1) | - | - | High
|
||||
24 | [1.1.8.23](https://vuldb.com/?ip.1.1.8.23) | - | - | High
|
||||
25 | [1.1.9.1](https://vuldb.com/?ip.1.1.9.1) | - | - | High
|
||||
26 | [1.1.9.6](https://vuldb.com/?ip.1.1.9.6) | - | - | High
|
||||
27 | [1.1.9.33](https://vuldb.com/?ip.1.1.9.33) | - | - | High
|
||||
28 | [1.1.9.126](https://vuldb.com/?ip.1.1.9.126) | - | - | High
|
||||
29 | [1.1.11.1](https://vuldb.com/?ip.1.1.11.1) | - | - | High
|
||||
30 | [1.1.12.1](https://vuldb.com/?ip.1.1.12.1) | - | - | High
|
||||
31 | [1.1.19.1](https://vuldb.com/?ip.1.1.19.1) | - | - | High
|
||||
32 | [1.1.21.1](https://vuldb.com/?ip.1.1.21.1) | - | - | High
|
||||
33 | [1.1.25.1](https://vuldb.com/?ip.1.1.25.1) | - | - | High
|
||||
34 | [1.1.28.1](https://vuldb.com/?ip.1.1.28.1) | - | - | High
|
||||
35 | [1.1.83.99](https://vuldb.com/?ip.1.1.83.99) | - | - | High
|
||||
36 | [1.2.1.2](https://vuldb.com/?ip.1.2.1.2) | - | - | High
|
||||
37 | [1.2.1.7](https://vuldb.com/?ip.1.2.1.7) | - | - | High
|
||||
38 | [1.2.1.24](https://vuldb.com/?ip.1.2.1.24) | - | - | High
|
||||
39 | [1.2.1.25](https://vuldb.com/?ip.1.2.1.25) | - | - | High
|
||||
40 | [1.2.1.53](https://vuldb.com/?ip.1.2.1.53) | - | - | High
|
||||
41 | [1.2.1.85](https://vuldb.com/?ip.1.2.1.85) | - | - | High
|
||||
42 | [1.2.2.3](https://vuldb.com/?ip.1.2.2.3) | - | - | High
|
||||
43 | [1.2.2.37](https://vuldb.com/?ip.1.2.2.37) | - | - | High
|
||||
44 | [1.2.3.4](https://vuldb.com/?ip.1.2.3.4) | - | - | High
|
||||
45 | [1.2.3.14](https://vuldb.com/?ip.1.2.3.14) | - | - | High
|
||||
46 | [1.2.3.255](https://vuldb.com/?ip.1.2.3.255) | - | - | High
|
||||
47 | [1.2.4.28](https://vuldb.com/?ip.1.2.4.28) | - | - | High
|
||||
48 | [1.2.6.7](https://vuldb.com/?ip.1.2.6.7) | - | - | High
|
||||
49 | [1.2.11.1](https://vuldb.com/?ip.1.2.11.1) | - | - | High
|
||||
50 | [1.2.11.2](https://vuldb.com/?ip.1.2.11.2) | - | - | High
|
||||
51 | [1.2.14.135](https://vuldb.com/?ip.1.2.14.135) | - | - | High
|
||||
52 | [1.2.18.5](https://vuldb.com/?ip.1.2.18.5) | - | - | High
|
||||
53 | [1.2.22.1](https://vuldb.com/?ip.1.2.22.1) | - | - | High
|
||||
54 | [1.2.23.1](https://vuldb.com/?ip.1.2.23.1) | - | - | High
|
||||
55 | [1.2.25.1](https://vuldb.com/?ip.1.2.25.1) | - | - | High
|
||||
56 | [1.2.26.1](https://vuldb.com/?ip.1.2.26.1) | - | - | High
|
||||
57 | [1.2.31.2](https://vuldb.com/?ip.1.2.31.2) | - | - | High
|
||||
58 | [1.2.126.84](https://vuldb.com/?ip.1.2.126.84) | - | - | High
|
||||
59 | [1.3.1.1](https://vuldb.com/?ip.1.3.1.1) | - | - | High
|
||||
60 | [1.3.1.173](https://vuldb.com/?ip.1.3.1.173) | - | - | High
|
||||
61 | [1.3.2.18](https://vuldb.com/?ip.1.3.2.18) | - | - | High
|
||||
62 | [1.3.2.74](https://vuldb.com/?ip.1.3.2.74) | - | - | High
|
||||
63 | [1.3.3.41](https://vuldb.com/?ip.1.3.3.41) | - | - | High
|
||||
64 | [1.3.4.66](https://vuldb.com/?ip.1.3.4.66) | - | - | High
|
||||
65 | [1.3.6.9](https://vuldb.com/?ip.1.3.6.9) | - | - | High
|
||||
66 | [1.3.21.115](https://vuldb.com/?ip.1.3.21.115) | - | - | High
|
||||
67 | [1.3.25.11](https://vuldb.com/?ip.1.3.25.11) | - | - | High
|
||||
68 | [1.3.26.4](https://vuldb.com/?ip.1.3.26.4) | - | - | High
|
||||
69 | [1.3.28.15](https://vuldb.com/?ip.1.3.28.15) | - | - | High
|
||||
70 | [1.3.31.5](https://vuldb.com/?ip.1.3.31.5) | - | - | High
|
||||
71 | [1.3.32.136](https://vuldb.com/?ip.1.3.32.136) | - | - | High
|
||||
72 | [1.3.33.17](https://vuldb.com/?ip.1.3.33.17) | - | - | High
|
||||
73 | [1.3.33.23](https://vuldb.com/?ip.1.3.33.23) | - | - | High
|
||||
74 | [1.3.34.7](https://vuldb.com/?ip.1.3.34.7) | - | - | High
|
||||
75 | [1.3.34.17](https://vuldb.com/?ip.1.3.34.17) | - | - | High
|
||||
76 | [1.3.34.26](https://vuldb.com/?ip.1.3.34.26) | - | - | High
|
||||
77 | [1.3.35.1](https://vuldb.com/?ip.1.3.35.1) | - | - | High
|
||||
78 | [1.3.35.45](https://vuldb.com/?ip.1.3.35.45) | - | - | High
|
||||
79 | [1.3.36.6](https://vuldb.com/?ip.1.3.36.6) | - | - | High
|
||||
80 | [1.3.36.51](https://vuldb.com/?ip.1.3.36.51) | - | - | High
|
||||
81 | [1.3.38.13](https://vuldb.com/?ip.1.3.38.13) | - | - | High
|
||||
82 | [1.3.38.16](https://vuldb.com/?ip.1.3.38.16) | - | - | High
|
||||
83 | [1.3.38.34](https://vuldb.com/?ip.1.3.38.34) | - | - | High
|
||||
84 | [1.3.38.35](https://vuldb.com/?ip.1.3.38.35) | - | - | High
|
||||
85 | [1.3.38.92](https://vuldb.com/?ip.1.3.38.92) | - | - | High
|
||||
86 | [1.3.38.94](https://vuldb.com/?ip.1.3.38.94) | - | - | High
|
||||
87 | [1.3.85.73](https://vuldb.com/?ip.1.3.85.73) | - | - | High
|
||||
88 | [1.3.129.37](https://vuldb.com/?ip.1.3.129.37) | - | - | High
|
||||
89 | [1.3.135.29](https://vuldb.com/?ip.1.3.135.29) | - | - | High
|
||||
90 | [1.3.151.27](https://vuldb.com/?ip.1.3.151.27) | - | - | High
|
||||
91 | [1.3.153.47](https://vuldb.com/?ip.1.3.153.47) | - | - | High
|
||||
92 | [1.3.153.53](https://vuldb.com/?ip.1.3.153.53) | - | - | High
|
||||
93 | [1.3.153.55](https://vuldb.com/?ip.1.3.153.55) | - | - | High
|
||||
94 | [1.3.153.57](https://vuldb.com/?ip.1.3.153.57) | - | - | High
|
||||
95 | [1.4.1.255](https://vuldb.com/?ip.1.4.1.255) | - | - | High
|
||||
96 | [1.4.2.1](https://vuldb.com/?ip.1.4.2.1) | - | - | High
|
||||
97 | [1.4.2.79](https://vuldb.com/?ip.1.4.2.79) | - | - | High
|
||||
98 | [1.4.2.82](https://vuldb.com/?ip.1.4.2.82) | - | - | High
|
||||
99 | [1.4.3.1](https://vuldb.com/?ip.1.4.3.1) | - | - | High
|
||||
100 | [1.4.3.3](https://vuldb.com/?ip.1.4.3.3) | - | - | High
|
||||
101 | [1.4.4.1](https://vuldb.com/?ip.1.4.4.1) | - | - | High
|
||||
102 | [1.4.5.5](https://vuldb.com/?ip.1.4.5.5) | - | - | High
|
||||
103 | [1.4.5.17](https://vuldb.com/?ip.1.4.5.17) | - | - | High
|
||||
104 | [1.4.7.1](https://vuldb.com/?ip.1.4.7.1) | - | - | High
|
||||
105 | [1.4.8.2](https://vuldb.com/?ip.1.4.8.2) | - | - | High
|
||||
106 | [1.4.9.2](https://vuldb.com/?ip.1.4.9.2) | - | - | High
|
||||
107 | [1.4.14.1](https://vuldb.com/?ip.1.4.14.1) | - | - | High
|
||||
108 | [1.4.14.2](https://vuldb.com/?ip.1.4.14.2) | - | - | High
|
||||
109 | [1.4.15.1](https://vuldb.com/?ip.1.4.15.1) | - | - | High
|
||||
110 | [1.4.22.1](https://vuldb.com/?ip.1.4.22.1) | - | - | High
|
||||
111 | [1.4.32.1](https://vuldb.com/?ip.1.4.32.1) | - | - | High
|
||||
112 | [1.5.1.7](https://vuldb.com/?ip.1.5.1.7) | - | - | High
|
||||
113 | [1.5.2.1](https://vuldb.com/?ip.1.5.2.1) | - | - | High
|
||||
114 | [1.5.6.15](https://vuldb.com/?ip.1.5.6.15) | - | - | High
|
||||
115 | [1.5.6.17](https://vuldb.com/?ip.1.5.6.17) | - | - | High
|
||||
116 | [1.5.6.19](https://vuldb.com/?ip.1.5.6.19) | - | - | High
|
||||
117 | [1.5.7.9](https://vuldb.com/?ip.1.5.7.9) | - | - | High
|
||||
118 | [1.6.2.4](https://vuldb.com/?ip.1.6.2.4) | - | - | High
|
||||
119 | [1.6.3.1](https://vuldb.com/?ip.1.6.3.1) | - | - | High
|
||||
120 | [1.6.3.24](https://vuldb.com/?ip.1.6.3.24) | - | - | High
|
||||
121 | [1.7.2.4](https://vuldb.com/?ip.1.7.2.4) | - | - | High
|
||||
122 | [1.7.4.3](https://vuldb.com/?ip.1.7.4.3) | - | - | High
|
||||
123 | [1.7.5.63](https://vuldb.com/?ip.1.7.5.63) | - | - | High
|
||||
124 | [1.7.45.16](https://vuldb.com/?ip.1.7.45.16) | - | - | High
|
||||
125 | [1.8.3.212](https://vuldb.com/?ip.1.8.3.212) | - | - | High
|
||||
126 | [1.8.4.1](https://vuldb.com/?ip.1.8.4.1) | - | - | High
|
||||
127 | [1.9.1.15](https://vuldb.com/?ip.1.9.1.15) | - | - | High
|
||||
128 | [1.9.2.8](https://vuldb.com/?ip.1.9.2.8) | - | - | High
|
||||
129 | [1.9.5.68](https://vuldb.com/?ip.1.9.5.68) | - | - | High
|
||||
130 | [1.9.7.2](https://vuldb.com/?ip.1.9.7.2) | - | - | High
|
||||
131 | [1.9.7.27](https://vuldb.com/?ip.1.9.7.27) | - | - | High
|
||||
132 | [1.13.2.28](https://vuldb.com/?ip.1.13.2.28) | - | - | High
|
||||
133 | [1.16.33.1](https://vuldb.com/?ip.1.16.33.1) | - | - | High
|
||||
134 | [1.16.41.3](https://vuldb.com/?ip.1.16.41.3) | - | - | High
|
||||
135 | [1.16.43.1](https://vuldb.com/?ip.1.16.43.1) | - | - | High
|
||||
136 | [1.16.47.1](https://vuldb.com/?ip.1.16.47.1) | - | - | High
|
||||
137 | [1.16.56.1](https://vuldb.com/?ip.1.16.56.1) | - | - | High
|
||||
138 | [1.16.61.1](https://vuldb.com/?ip.1.16.61.1) | - | - | High
|
||||
139 | [1.18.15.1](https://vuldb.com/?ip.1.18.15.1) | - | - | High
|
||||
140 | [1.19.9.1](https://vuldb.com/?ip.1.19.9.1) | - | - | High
|
||||
141 | [1.21.1.38](https://vuldb.com/?ip.1.21.1.38) | - | - | High
|
||||
142 | [1.21.2.1](https://vuldb.com/?ip.1.21.2.1) | 1-21-2-1.s1st1.gt1.hqmo.net | - | High
|
||||
143 | [1.31.1.122](https://vuldb.com/?ip.1.31.1.122) | - | - | High
|
||||
144 | [1.31.8.1](https://vuldb.com/?ip.1.31.8.1) | - | - | High
|
||||
145 | [1.31.36.19](https://vuldb.com/?ip.1.31.36.19) | - | - | High
|
||||
146 | [1.31.36.23](https://vuldb.com/?ip.1.31.36.23) | - | - | High
|
||||
147 | [1.31.38.54](https://vuldb.com/?ip.1.31.38.54) | - | - | High
|
||||
148 | [1.35.127.1](https://vuldb.com/?ip.1.35.127.1) | 1-35-127-1.dynamic-ip.hinet.net | - | High
|
||||
149 | [1.35.133.1](https://vuldb.com/?ip.1.35.133.1) | 1-35-133-1.dynamic-ip.hinet.net | - | High
|
||||
150 | [1.43.128.3](https://vuldb.com/?ip.1.43.128.3) | n1-43-128-3.mas2.nsw.optusnet.com.au | - | High
|
||||
151 | [1.45.2.52](https://vuldb.com/?ip.1.45.2.52) | - | - | High
|
||||
152 | [1.49.213.1](https://vuldb.com/?ip.1.49.213.1) | - | - | High
|
||||
153 | [1.67.12.19](https://vuldb.com/?ip.1.67.12.19) | mo1-67-12-19.air.mopera.net | - | High
|
||||
154 | [1.67.12.24](https://vuldb.com/?ip.1.67.12.24) | mo1-67-12-24.air.mopera.net | - | High
|
||||
155 | [2.1.1.1](https://vuldb.com/?ip.2.1.1.1) | - | - | High
|
||||
156 | [2.1.1.3](https://vuldb.com/?ip.2.1.1.3) | - | - | High
|
||||
157 | [2.1.1.116](https://vuldb.com/?ip.2.1.1.116) | - | - | High
|
||||
158 | [2.1.3.5](https://vuldb.com/?ip.2.1.3.5) | - | - | High
|
||||
159 | [2.1.3.127](https://vuldb.com/?ip.2.1.3.127) | - | - | High
|
||||
160 | [2.1.6.9](https://vuldb.com/?ip.2.1.6.9) | - | - | High
|
||||
161 | [2.1.8.6](https://vuldb.com/?ip.2.1.8.6) | - | - | High
|
||||
162 | [2.1.9.5](https://vuldb.com/?ip.2.1.9.5) | - | - | High
|
||||
163 | [2.1.28.1](https://vuldb.com/?ip.2.1.28.1) | - | - | High
|
||||
164 | [2.1.28.63](https://vuldb.com/?ip.2.1.28.63) | - | - | High
|
||||
165 | [2.1.67.1](https://vuldb.com/?ip.2.1.67.1) | - | - | High
|
||||
166 | [2.1.71.14](https://vuldb.com/?ip.2.1.71.14) | - | - | High
|
||||
167 | [2.2.1.37](https://vuldb.com/?ip.2.2.1.37) | - | - | High
|
||||
168 | [2.2.2.2](https://vuldb.com/?ip.2.2.2.2) | - | - | High
|
||||
169 | [2.2.3.51](https://vuldb.com/?ip.2.2.3.51) | - | - | High
|
||||
170 | [2.2.3.57](https://vuldb.com/?ip.2.2.3.57) | - | - | High
|
||||
171 | [2.2.3.148](https://vuldb.com/?ip.2.2.3.148) | - | - | High
|
||||
172 | [2.2.4.35](https://vuldb.com/?ip.2.2.4.35) | - | - | High
|
||||
173 | [2.2.4.44](https://vuldb.com/?ip.2.2.4.44) | - | - | High
|
||||
174 | [2.2.4.85](https://vuldb.com/?ip.2.2.4.85) | - | - | High
|
||||
175 | [2.2.5.1](https://vuldb.com/?ip.2.2.5.1) | - | - | High
|
||||
176 | [2.2.6.87](https://vuldb.com/?ip.2.2.6.87) | - | - | High
|
||||
177 | [2.2.32.1](https://vuldb.com/?ip.2.2.32.1) | - | - | High
|
||||
178 | [2.2.51.84](https://vuldb.com/?ip.2.2.51.84) | - | - | High
|
||||
179 | [2.3.1.4](https://vuldb.com/?ip.2.3.1.4) | lfbn-cle-1-2-4.w2-3.abo.wanadoo.fr | - | High
|
||||
180 | [2.3.2.26](https://vuldb.com/?ip.2.3.2.26) | lfbn-cle-1-113-26.w2-3.abo.wanadoo.fr | - | High
|
||||
181 | [2.3.2.48](https://vuldb.com/?ip.2.3.2.48) | lfbn-cle-1-113-48.w2-3.abo.wanadoo.fr | - | High
|
||||
182 | [2.3.3.1](https://vuldb.com/?ip.2.3.3.1) | lfbn-cle-1-180-1.w2-3.abo.wanadoo.fr | - | High
|
||||
183 | [2.3.3.3](https://vuldb.com/?ip.2.3.3.3) | lfbn-cle-1-180-3.w2-3.abo.wanadoo.fr | - | High
|
||||
184 | [2.3.4.5](https://vuldb.com/?ip.2.3.4.5) | lfbn-cle-1-191-5.w2-3.abo.wanadoo.fr | - | High
|
||||
185 | [2.3.25.112](https://vuldb.com/?ip.2.3.25.112) | lfbn-cle-1-169-112.w2-3.abo.wanadoo.fr | - | High
|
||||
186 | [2.3.69.53](https://vuldb.com/?ip.2.3.69.53) | lfbn-cle-1-223-53.w2-3.abo.wanadoo.fr | - | High
|
||||
187 | [2.4.1.2](https://vuldb.com/?ip.2.4.1.2) | lfbn-mon-1-514-2.w2-4.abo.wanadoo.fr | - | High
|
||||
188 | [2.4.1.51](https://vuldb.com/?ip.2.4.1.51) | lfbn-mon-1-514-51.w2-4.abo.wanadoo.fr | - | High
|
||||
189 | [2.4.2.1](https://vuldb.com/?ip.2.4.2.1) | lfbn-mon-1-625-1.w2-4.abo.wanadoo.fr | - | High
|
||||
190 | [2.4.3.35](https://vuldb.com/?ip.2.4.3.35) | lfbn-mon-1-692-35.w2-4.abo.wanadoo.fr | - | High
|
||||
191 | [2.4.4.75](https://vuldb.com/?ip.2.4.4.75) | lfbn-mon-1-703-75.w2-4.abo.wanadoo.fr | - | High
|
||||
192 | [2.4.4.184](https://vuldb.com/?ip.2.4.4.184) | lfbn-mon-1-703-184.w2-4.abo.wanadoo.fr | - | High
|
||||
193 | [2.4.8.1](https://vuldb.com/?ip.2.4.8.1) | lfbn-mon-1-747-1.w2-4.abo.wanadoo.fr | - | High
|
||||
194 | [2.5.1.15](https://vuldb.com/?ip.2.5.1.15) | alille-656-1-156-15.w2-5.abo.wanadoo.fr | - | High
|
||||
195 | [2.5.1.177](https://vuldb.com/?ip.2.5.1.177) | alille-656-1-156-177.w2-5.abo.wanadoo.fr | - | High
|
||||
196 | [2.5.2.26](https://vuldb.com/?ip.2.5.2.26) | alille-656-1-157-26.w2-5.abo.wanadoo.fr | - | High
|
||||
197 | [2.5.8.27](https://vuldb.com/?ip.2.5.8.27) | aamiens-157-1-19-27.w2-5.abo.wanadoo.fr | - | High
|
||||
198 | [2.5.171.27](https://vuldb.com/?ip.2.5.171.27) | - | - | High
|
||||
199 | [2.6.1.5](https://vuldb.com/?ip.2.6.1.5) | - | - | High
|
||||
200 | [2.6.3.1](https://vuldb.com/?ip.2.6.3.1) | - | - | High
|
||||
201 | [2.6.3.135](https://vuldb.com/?ip.2.6.3.135) | - | - | High
|
||||
202 | [2.6.5.1](https://vuldb.com/?ip.2.6.5.1) | atoulouse-652-1-38-1.w2-6.abo.wanadoo.fr | - | High
|
||||
203 | [2.7.1.111](https://vuldb.com/?ip.2.7.1.111) | lfbn-lyo-1-258-111.w2-7.abo.wanadoo.fr | - | High
|
||||
204 | [2.8.3.3](https://vuldb.com/?ip.2.8.3.3) | anantes-650-1-206-3.w2-8.abo.wanadoo.fr | - | High
|
||||
205 | [2.8.3.96](https://vuldb.com/?ip.2.8.3.96) | anantes-650-1-206-96.w2-8.abo.wanadoo.fr | - | High
|
||||
206 | [2.8.4.1](https://vuldb.com/?ip.2.8.4.1) | anantes-650-1-207-1.w2-8.abo.wanadoo.fr | - | High
|
||||
207 | [2.8.25.18](https://vuldb.com/?ip.2.8.25.18) | anantes-650-1-122-18.w2-8.abo.wanadoo.fr | - | High
|
||||
208 | [2.8.31.13](https://vuldb.com/?ip.2.8.31.13) | anantes-159-1-30-13.w2-8.abo.wanadoo.fr | - | High
|
||||
209 | [2.8.51.16](https://vuldb.com/?ip.2.8.51.16) | anantes-557-1-196-16.w2-8.abo.wanadoo.fr | - | High
|
||||
210 | [2.8.66.18](https://vuldb.com/?ip.2.8.66.18) | anantes-652-1-211-18.w2-8.abo.wanadoo.fr | - | High
|
||||
211 | [2.8.71.15](https://vuldb.com/?ip.2.8.71.15) | anantes-652-1-216-15.w2-8.abo.wanadoo.fr | - | High
|
||||
212 | [2.8.73.2](https://vuldb.com/?ip.2.8.73.2) | anantes-658-1-126-2.w2-8.abo.wanadoo.fr | - | High
|
||||
213 | [2.8.91.15](https://vuldb.com/?ip.2.8.91.15) | anantes-659-1-164-15.w2-8.abo.wanadoo.fr | - | High
|
||||
214 | [2.8.111.14](https://vuldb.com/?ip.2.8.111.14) | anantes-652-1-256-14.w2-8.abo.wanadoo.fr | - | High
|
||||
215 | [2.8.144.1](https://vuldb.com/?ip.2.8.144.1) | anantes-659-1-137-1.w2-8.abo.wanadoo.fr | - | High
|
||||
216 | [2.8.151.12](https://vuldb.com/?ip.2.8.151.12) | anantes-650-1-172-12.w2-8.abo.wanadoo.fr | - | High
|
||||
217 | [2.8.161.12](https://vuldb.com/?ip.2.8.161.12) | anantes-658-1-114-12.w2-8.abo.wanadoo.fr | - | High
|
||||
218 | [2.8.171.11](https://vuldb.com/?ip.2.8.171.11) | anantes-159-1-24-11.w2-8.abo.wanadoo.fr | - | High
|
||||
219 | [2.8.181.13](https://vuldb.com/?ip.2.8.181.13) | anantes-557-1-206-13.w2-8.abo.wanadoo.fr | - | High
|
||||
220 | [2.8.191.12](https://vuldb.com/?ip.2.8.191.12) | anantes-652-1-224-12.w2-8.abo.wanadoo.fr | - | High
|
||||
221 | [2.8.211.12](https://vuldb.com/?ip.2.8.211.12) | anantes-650-1-120-12.w2-8.abo.wanadoo.fr | - | High
|
||||
222 | [2.8.221.11](https://vuldb.com/?ip.2.8.221.11) | anantes-659-1-158-11.w2-8.abo.wanadoo.fr | - | High
|
||||
223 | [2.8.231.11](https://vuldb.com/?ip.2.8.231.11) | anantes-659-1-200-11.w2-8.abo.wanadoo.fr | - | High
|
||||
224 | [2.8.241.7](https://vuldb.com/?ip.2.8.241.7) | anantes-650-1-90-7.w2-8.abo.wanadoo.fr | - | High
|
||||
225 | [2.8.251.8](https://vuldb.com/?ip.2.8.251.8) | anantes-652-1-276-8.w2-8.abo.wanadoo.fr | - | High
|
||||
226 | [2.9.1.3](https://vuldb.com/?ip.2.9.1.3) | anantes-156-1-2-3.w2-9.abo.wanadoo.fr | - | High
|
||||
227 | [2.9.5.3](https://vuldb.com/?ip.2.9.5.3) | anantes-154-1-70-3.w2-9.abo.wanadoo.fr | - | High
|
||||
228 | [2.9.5.41](https://vuldb.com/?ip.2.9.5.41) | anantes-154-1-70-41.w2-9.abo.wanadoo.fr | - | High
|
||||
229 | [2.9.8.11](https://vuldb.com/?ip.2.9.8.11) | anantes-154-1-73-11.w2-9.abo.wanadoo.fr | - | High
|
||||
230 | [2.11.4.125](https://vuldb.com/?ip.2.11.4.125) | arennes-258-1-165-125.w2-11.abo.wanadoo.fr | - | High
|
||||
231 | [2.11.13.53](https://vuldb.com/?ip.2.11.13.53) | arennes-258-1-174-53.w2-11.abo.wanadoo.fr | - | High
|
||||
232 | [2.11.52.58](https://vuldb.com/?ip.2.11.52.58) | arennes-652-1-53-58.w2-11.abo.wanadoo.fr | - | High
|
||||
233 | [2.12.3.86](https://vuldb.com/?ip.2.12.3.86) | arennes-651-1-300-86.w2-12.abo.wanadoo.fr | - | High
|
||||
234 | [2.12.12.4](https://vuldb.com/?ip.2.12.12.4) | arennes-662-1-35-4.w2-12.abo.wanadoo.fr | - | High
|
||||
235 | [2.18.1.1](https://vuldb.com/?ip.2.18.1.1) | a2-18-1-1.deploy.static.akamaitechnologies.com | - | High
|
||||
236 | [2.19.4.32](https://vuldb.com/?ip.2.19.4.32) | a2-19-4-32.deploy.static.akamaitechnologies.com | - | High
|
||||
237 | [2.21.24.34](https://vuldb.com/?ip.2.21.24.34) | a2-21-24-34.deploy.static.akamaitechnologies.com | - | High
|
||||
238 | [2.56.115.39](https://vuldb.com/?ip.2.56.115.39) | - | - | High
|
||||
239 | [3.1.1.1](https://vuldb.com/?ip.3.1.1.1) | ec2-3-1-1-1.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
240 | [3.1.1.3](https://vuldb.com/?ip.3.1.1.3) | ec2-3-1-1-3.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
241 | [3.1.1.35](https://vuldb.com/?ip.3.1.1.35) | ec2-3-1-1-35.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
242 | [3.1.2.4](https://vuldb.com/?ip.3.1.2.4) | ec2-3-1-2-4.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
243 | [3.1.2.9](https://vuldb.com/?ip.3.1.2.9) | ec2-3-1-2-9.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
244 | [3.1.2.36](https://vuldb.com/?ip.3.1.2.36) | ec2-3-1-2-36.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
245 | [3.1.2.41](https://vuldb.com/?ip.3.1.2.41) | ec2-3-1-2-41.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
246 | [3.1.3.34](https://vuldb.com/?ip.3.1.3.34) | ec2-3-1-3-34.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
247 | [3.1.9.5](https://vuldb.com/?ip.3.1.9.5) | ec2-3-1-9-5.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
248 | [3.1.11.38](https://vuldb.com/?ip.3.1.11.38) | ec2-3-1-11-38.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
249 | [3.1.13.29](https://vuldb.com/?ip.3.1.13.29) | ec2-3-1-13-29.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
250 | [3.1.17.213](https://vuldb.com/?ip.3.1.17.213) | ec2-3-1-17-213.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
251 | [3.1.19.214](https://vuldb.com/?ip.3.1.19.214) | ec2-3-1-19-214.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
252 | [3.1.21.215](https://vuldb.com/?ip.3.1.21.215) | ec2-3-1-21-215.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
253 | [3.1.44.5](https://vuldb.com/?ip.3.1.44.5) | ec2-3-1-44-5.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
254 | [3.1.64.11](https://vuldb.com/?ip.3.1.64.11) | ec2-3-1-64-11.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
255 | [3.2.1.2](https://vuldb.com/?ip.3.2.1.2) | - | - | High
|
||||
256 | [3.2.7.175](https://vuldb.com/?ip.3.2.7.175) | - | - | High
|
||||
257 | [3.3.1.3](https://vuldb.com/?ip.3.3.1.3) | - | - | High
|
||||
258 | [3.3.2.18](https://vuldb.com/?ip.3.3.2.18) | - | - | High
|
||||
259 | [3.3.2.198](https://vuldb.com/?ip.3.3.2.198) | - | - | High
|
||||
260 | [3.3.4.29](https://vuldb.com/?ip.3.3.4.29) | - | - | High
|
||||
261 | [3.3.13.227](https://vuldb.com/?ip.3.3.13.227) | - | - | High
|
||||
262 | [3.3.14.5](https://vuldb.com/?ip.3.3.14.5) | - | - | High
|
||||
263 | [3.3.14.231](https://vuldb.com/?ip.3.3.14.231) | - | - | High
|
||||
264 | [3.4.1.83](https://vuldb.com/?ip.3.4.1.83) | - | - | High
|
||||
265 | [3.4.2.2](https://vuldb.com/?ip.3.4.2.2) | - | - | High
|
||||
266 | [3.4.4.132](https://vuldb.com/?ip.3.4.4.132) | - | - | High
|
||||
267 | [3.4.8.2](https://vuldb.com/?ip.3.4.8.2) | - | - | High
|
||||
268 | [3.4.8.3](https://vuldb.com/?ip.3.4.8.3) | - | - | High
|
||||
269 | [3.4.8.4](https://vuldb.com/?ip.3.4.8.4) | - | - | High
|
||||
270 | [3.4.8.16](https://vuldb.com/?ip.3.4.8.16) | - | - | High
|
||||
271 | [3.4.18.177](https://vuldb.com/?ip.3.4.18.177) | - | - | High
|
||||
272 | [3.5.1.119](https://vuldb.com/?ip.3.5.1.119) | - | - | High
|
||||
273 | [3.5.1.252](https://vuldb.com/?ip.3.5.1.252) | - | - | High
|
||||
274 | [3.5.8.14](https://vuldb.com/?ip.3.5.8.14) | s3.us-east-1.amazonaws.com | - | Medium
|
||||
275 | [3.5.9.181](https://vuldb.com/?ip.3.5.9.181) | - | - | High
|
||||
276 | [3.5.171.27](https://vuldb.com/?ip.3.5.171.27) | - | - | High
|
||||
277 | [3.6.1.27](https://vuldb.com/?ip.3.6.1.27) | ec2-3-6-1-27.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
278 | [3.6.1.33](https://vuldb.com/?ip.3.6.1.33) | ec2-3-6-1-33.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
279 | [3.6.8.2](https://vuldb.com/?ip.3.6.8.2) | ec2-3-6-8-2.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
280 | [3.7.1.13](https://vuldb.com/?ip.3.7.1.13) | ec2-3-7-1-13.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
281 | [3.7.1.28](https://vuldb.com/?ip.3.7.1.28) | ec2-3-7-1-28.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
282 | [3.7.1.46](https://vuldb.com/?ip.3.7.1.46) | ec2-3-7-1-46.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
283 | [3.7.2.3](https://vuldb.com/?ip.3.7.2.3) | ec2-3-7-2-3.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
284 | [3.7.3.1](https://vuldb.com/?ip.3.7.3.1) | ec2-3-7-3-1.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
285 | [3.7.5.1](https://vuldb.com/?ip.3.7.5.1) | ec2-3-7-5-1.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
286 | [3.7.8.2](https://vuldb.com/?ip.3.7.8.2) | ec2-3-7-8-2.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
287 | [3.8.1.23](https://vuldb.com/?ip.3.8.1.23) | ec2-3-8-1-23.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
288 | [3.8.3.29](https://vuldb.com/?ip.3.8.3.29) | ec2-3-8-3-29.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
289 | [3.8.5.29](https://vuldb.com/?ip.3.8.5.29) | ec2-3-8-5-29.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
290 | [3.9.1.33](https://vuldb.com/?ip.3.9.1.33) | ec2-3-9-1-33.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
291 | [3.9.1.171](https://vuldb.com/?ip.3.9.1.171) | ec2-3-9-1-171.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
292 | [3.9.1.245](https://vuldb.com/?ip.3.9.1.245) | ec2-3-9-1-245.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
293 | [3.9.2.1](https://vuldb.com/?ip.3.9.2.1) | ec2-3-9-2-1.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
294 | [3.9.2.57](https://vuldb.com/?ip.3.9.2.57) | ec2-3-9-2-57.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
295 | [3.9.7.11](https://vuldb.com/?ip.3.9.7.11) | ec2-3-9-7-11.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
296 | [3.9.9.46](https://vuldb.com/?ip.3.9.9.46) | ec2-3-9-9-46.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
297 | [3.9.14.1](https://vuldb.com/?ip.3.9.14.1) | ec2-3-9-14-1.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
298 | [3.9.141.25](https://vuldb.com/?ip.3.9.141.25) | ec2-3-9-141-25.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
299 | [3.11.2.63](https://vuldb.com/?ip.3.11.2.63) | ec2-3-11-2-63.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
300 | [3.11.85.34](https://vuldb.com/?ip.3.11.85.34) | ec2-3-11-85-34.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
301 | [3.12.41.3](https://vuldb.com/?ip.3.12.41.3) | ec2-3-12-41-3.us-east-2.compute.amazonaws.com | - | Medium
|
||||
302 | [3.12.41.157](https://vuldb.com/?ip.3.12.41.157) | ec2-3-12-41-157.us-east-2.compute.amazonaws.com | - | Medium
|
||||
303 | [3.15.36.195](https://vuldb.com/?ip.3.15.36.195) | ec2-3-15-36-195.us-east-2.compute.amazonaws.com | - | Medium
|
||||
304 | [3.21.2.2](https://vuldb.com/?ip.3.21.2.2) | ec2-3-21-2-2.us-east-2.compute.amazonaws.com | - | Medium
|
||||
305 | [3.81.126.82](https://vuldb.com/?ip.3.81.126.82) | ec2-3-81-126-82.compute-1.amazonaws.com | - | Medium
|
||||
306 | [3.82.197.66](https://vuldb.com/?ip.3.82.197.66) | ec2-3-82-197-66.compute-1.amazonaws.com | - | Medium
|
||||
307 | [3.84.251.164](https://vuldb.com/?ip.3.84.251.164) | ec2-3-84-251-164.compute-1.amazonaws.com | - | Medium
|
||||
308 | [3.86.163.159](https://vuldb.com/?ip.3.86.163.159) | ec2-3-86-163-159.compute-1.amazonaws.com | - | Medium
|
||||
309 | [3.88.67.132](https://vuldb.com/?ip.3.88.67.132) | ec2-3-88-67-132.compute-1.amazonaws.com | - | Medium
|
||||
310 | [3.91.47.199](https://vuldb.com/?ip.3.91.47.199) | ec2-3-91-47-199.compute-1.amazonaws.com | - | Medium
|
||||
311 | [3.94.2.21](https://vuldb.com/?ip.3.94.2.21) | ec2-3-94-2-21.compute-1.amazonaws.com | - | Medium
|
||||
312 | [3.95.231.52](https://vuldb.com/?ip.3.95.231.52) | ec2-3-95-231-52.compute-1.amazonaws.com | - | Medium
|
||||
313 | [3.97.2.2](https://vuldb.com/?ip.3.97.2.2) | ec2-3-97-2-2.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
314 | [3.128.1.1](https://vuldb.com/?ip.3.128.1.1) | ec2-3-128-1-1.us-east-2.compute.amazonaws.com | - | Medium
|
||||
315 | [3.128.1.29](https://vuldb.com/?ip.3.128.1.29) | ec2-3-128-1-29.us-east-2.compute.amazonaws.com | - | Medium
|
||||
316 | [3.128.197.68](https://vuldb.com/?ip.3.128.197.68) | ec2-3-128-197-68.us-east-2.compute.amazonaws.com | - | Medium
|
||||
317 | [3.128.222.222](https://vuldb.com/?ip.3.128.222.222) | ec2-3-128-222-222.us-east-2.compute.amazonaws.com | - | Medium
|
||||
318 | [3.135.193.147](https://vuldb.com/?ip.3.135.193.147) | ec2-3-135-193-147.us-east-2.compute.amazonaws.com | - | Medium
|
||||
319 | [3.135.216.86](https://vuldb.com/?ip.3.135.216.86) | ec2-3-135-216-86.us-east-2.compute.amazonaws.com | - | Medium
|
||||
320 | [3.137.174.178](https://vuldb.com/?ip.3.137.174.178) | ec2-3-137-174-178.us-east-2.compute.amazonaws.com | - | Medium
|
||||
321 | [3.138.117.231](https://vuldb.com/?ip.3.138.117.231) | ec2-3-138-117-231.us-east-2.compute.amazonaws.com | - | Medium
|
||||
322 | [3.139.97.6](https://vuldb.com/?ip.3.139.97.6) | ec2-3-139-97-6.us-east-2.compute.amazonaws.com | - | Medium
|
||||
323 | [3.215.239.59](https://vuldb.com/?ip.3.215.239.59) | ess.com | - | High
|
||||
324 | [3.235.164.215](https://vuldb.com/?ip.3.235.164.215) | ec2-3-235-164-215.compute-1.amazonaws.com | - | Medium
|
||||
325 | [3.238.75.236](https://vuldb.com/?ip.3.238.75.236) | ec2-3-238-75-236.compute-1.amazonaws.com | - | Medium
|
||||
326 | [3.238.77.5](https://vuldb.com/?ip.3.238.77.5) | ec2-3-238-77-5.compute-1.amazonaws.com | - | Medium
|
||||
327 | [4.1.1.14](https://vuldb.com/?ip.4.1.1.14) | - | - | High
|
||||
328 | [4.1.1.33](https://vuldb.com/?ip.4.1.1.33) | ae31-346.bar2.SaltLakeCity1.Level3.net | - | High
|
||||
329 | [4.1.1.64](https://vuldb.com/?ip.4.1.1.64) | - | - | High
|
||||
330 | [4.1.1.65](https://vuldb.com/?ip.4.1.1.65) | ae31-1367.bar2.SaltLakeCity1.Level3.net | - | High
|
||||
331 | [4.1.2.73](https://vuldb.com/?ip.4.1.2.73) | - | - | High
|
||||
332 | [4.1.3.3](https://vuldb.com/?ip.4.1.3.3) | - | - | High
|
||||
333 | [4.1.4.3](https://vuldb.com/?ip.4.1.4.3) | - | - | High
|
||||
334 | [4.1.4.254](https://vuldb.com/?ip.4.1.4.254) | - | - | High
|
||||
335 | [4.1.5.3](https://vuldb.com/?ip.4.1.5.3) | - | - | High
|
||||
336 | [4.1.5.97](https://vuldb.com/?ip.4.1.5.97) | ae30-111.bar3.SaltLakeCity1.Level3.net | - | High
|
||||
337 | [4.1.6.32](https://vuldb.com/?ip.4.1.6.32) | - | - | High
|
||||
338 | [4.1.11.34](https://vuldb.com/?ip.4.1.11.34) | - | - | High
|
||||
339 | [4.1.11.36](https://vuldb.com/?ip.4.1.11.36) | - | - | High
|
||||
340 | [4.1.41.223](https://vuldb.com/?ip.4.1.41.223) | - | - | High
|
||||
341 | [4.2.1.28](https://vuldb.com/?ip.4.2.1.28) | - | - | High
|
||||
342 | [4.2.1.89](https://vuldb.com/?ip.4.2.1.89) | - | - | High
|
||||
343 | [4.2.3.1](https://vuldb.com/?ip.4.2.3.1) | - | - | High
|
||||
344 | [4.2.4.154](https://vuldb.com/?ip.4.2.4.154) | - | - | High
|
||||
345 | [4.2.5.168](https://vuldb.com/?ip.4.2.5.168) | - | - | High
|
||||
346 | [4.2.6.18](https://vuldb.com/?ip.4.2.6.18) | - | - | High
|
||||
347 | [4.2.11.42](https://vuldb.com/?ip.4.2.11.42) | - | - | High
|
||||
348 | [4.2.41.27](https://vuldb.com/?ip.4.2.41.27) | e0.nycmny1-ercp1.bbnplanet.net | - | High
|
||||
349 | [4.2.235.73](https://vuldb.com/?ip.4.2.235.73) | lag-30-2698-99.bear2.Houston1.Level3.net | - | High
|
||||
350 | [4.3.2.1](https://vuldb.com/?ip.4.3.2.1) | - | - | High
|
||||
351 | [4.3.2.132](https://vuldb.com/?ip.4.3.2.132) | - | - | High
|
||||
352 | [4.3.2.171](https://vuldb.com/?ip.4.3.2.171) | - | - | High
|
||||
353 | [4.3.9.62](https://vuldb.com/?ip.4.3.9.62) | - | - | High
|
||||
354 | [4.3.9.244](https://vuldb.com/?ip.4.3.9.244) | - | - | High
|
||||
355 | [4.4.1.7](https://vuldb.com/?ip.4.4.1.7) | - | - | High
|
||||
356 | [4.4.1.122](https://vuldb.com/?ip.4.4.1.122) | - | - | High
|
||||
357 | [4.4.3.149](https://vuldb.com/?ip.4.4.3.149) | - | - | High
|
||||
358 | [4.4.4.126](https://vuldb.com/?ip.4.4.4.126) | - | - | High
|
||||
359 | [4.4.8.56](https://vuldb.com/?ip.4.4.8.56) | - | - | High
|
||||
360 | [4.4.8.137](https://vuldb.com/?ip.4.4.8.137) | lag-30-2387-99.bear1.Nashville1.Level3.net | - | High
|
||||
361 | [4.4.9.142](https://vuldb.com/?ip.4.4.9.142) | - | - | High
|
||||
362 | [4.4.129.1](https://vuldb.com/?ip.4.4.129.1) | 2-1-c26-2.ear1.Spokane3.Level3.net | - | High
|
||||
363 | [4.5.2.157](https://vuldb.com/?ip.4.5.2.157) | - | - | High
|
||||
364 | [4.5.4.1](https://vuldb.com/?ip.4.5.4.1) | - | - | High
|
||||
365 | [4.5.4.2](https://vuldb.com/?ip.4.5.4.2) | - | - | High
|
||||
366 | [4.5.41.23](https://vuldb.com/?ip.4.5.41.23) | - | - | High
|
||||
367 | [4.5.146.1](https://vuldb.com/?ip.4.5.146.1) | - | - | High
|
||||
368 | [4.5.245.1](https://vuldb.com/?ip.4.5.245.1) | - | - | High
|
||||
369 | [4.6.1.1](https://vuldb.com/?ip.4.6.1.1) | - | - | High
|
||||
370 | [4.6.1.6](https://vuldb.com/?ip.4.6.1.6) | - | - | High
|
||||
371 | [4.6.5.184](https://vuldb.com/?ip.4.6.5.184) | - | - | High
|
||||
372 | [4.6.6.1](https://vuldb.com/?ip.4.6.6.1) | - | - | High
|
||||
373 | [4.6.11.191](https://vuldb.com/?ip.4.6.11.191) | - | - | High
|
||||
374 | [4.6.12.241](https://vuldb.com/?ip.4.6.12.241) | - | - | High
|
||||
375 | [4.6.13.29](https://vuldb.com/?ip.4.6.13.29) | - | - | High
|
||||
376 | [4.6.21.1](https://vuldb.com/?ip.4.6.21.1) | - | - | High
|
||||
377 | [4.6.22.1](https://vuldb.com/?ip.4.6.22.1) | - | - | High
|
||||
378 | [4.6.23.1](https://vuldb.com/?ip.4.6.23.1) | - | - | High
|
||||
379 | [4.6.39.2](https://vuldb.com/?ip.4.6.39.2) | - | - | High
|
||||
380 | [4.7.5.249](https://vuldb.com/?ip.4.7.5.249) | - | - | High
|
||||
381 | [4.8.1.7](https://vuldb.com/?ip.4.8.1.7) | - | - | High
|
||||
382 | [4.8.12.29](https://vuldb.com/?ip.4.8.12.29) | - | - | High
|
||||
383 | [4.8.84.163](https://vuldb.com/?ip.4.8.84.163) | - | - | High
|
||||
384 | [4.9.1.1](https://vuldb.com/?ip.4.9.1.1) | - | - | High
|
||||
385 | [4.9.1.72](https://vuldb.com/?ip.4.9.1.72) | - | - | High
|
||||
386 | [4.12.5.8](https://vuldb.com/?ip.4.12.5.8) | - | - | High
|
||||
387 | [4.12.5.36](https://vuldb.com/?ip.4.12.5.36) | - | - | High
|
||||
388 | [4.13.1.38](https://vuldb.com/?ip.4.13.1.38) | - | - | High
|
||||
389 | [4.13.3.38](https://vuldb.com/?ip.4.13.3.38) | - | - | High
|
||||
390 | [4.17.1.19](https://vuldb.com/?ip.4.17.1.19) | - | - | High
|
||||
391 | [4.22.1.6](https://vuldb.com/?ip.4.22.1.6) | - | - | High
|
||||
392 | [4.65.5.65](https://vuldb.com/?ip.4.65.5.65) | - | - | High
|
||||
393 | [5.1.1.118](https://vuldb.com/?ip.5.1.1.118) | 5-1-1-118.datagroup.ua | - | High
|
||||
394 | [5.1.4.119](https://vuldb.com/?ip.5.1.4.119) | 5-1-4-119.datagroup.ua | - | High
|
||||
395 | [5.1.8.12](https://vuldb.com/?ip.5.1.8.12) | 5-1-8-12.datagroup.ua | - | High
|
||||
396 | [5.1.14.61](https://vuldb.com/?ip.5.1.14.61) | 5-1-14-61.datagroup.ua | - | High
|
||||
397 | [5.1.25.49](https://vuldb.com/?ip.5.1.25.49) | 5-1-25-49.datagroup.ua | - | High
|
||||
398 | [5.1.81.68](https://vuldb.com/?ip.5.1.81.68) | mx4.tarifvergleichbhv.net | - | High
|
||||
399 | [5.1.219.93](https://vuldb.com/?ip.5.1.219.93) | - | - | High
|
||||
400 | [5.2.1.44](https://vuldb.com/?ip.5.2.1.44) | - | - | High
|
||||
401 | [5.2.1.129](https://vuldb.com/?ip.5.2.1.129) | - | - | High
|
||||
402 | [5.2.5.1](https://vuldb.com/?ip.5.2.5.1) | - | - | High
|
||||
403 | [5.2.9.2](https://vuldb.com/?ip.5.2.9.2) | - | - | High
|
||||
404 | [5.2.78.37](https://vuldb.com/?ip.5.2.78.37) | - | - | High
|
||||
405 | [5.2.78.121](https://vuldb.com/?ip.5.2.78.121) | - | - | High
|
||||
406 | [5.3.1.47](https://vuldb.com/?ip.5.3.1.47) | 5x3x1x47.static-business.spb.ertelecom.ru | - | High
|
||||
407 | [5.3.1.138](https://vuldb.com/?ip.5.3.1.138) | 5x3x1x138.static-business.spb.ertelecom.ru | - | High
|
||||
408 | [5.3.2.138](https://vuldb.com/?ip.5.3.2.138) | 5x3x2x138.static-business.spb.ertelecom.ru | - | High
|
||||
409 | [5.3.21.42](https://vuldb.com/?ip.5.3.21.42) | 5x3x21x42.static-business.belgorod.ertelecom.ru | - | High
|
||||
410 | [5.3.138.1](https://vuldb.com/?ip.5.3.138.1) | 5x3x138x1.dynamic.oren.ertelecom.ru | - | High
|
||||
411 | [5.4.1.149](https://vuldb.com/?ip.5.4.1.149) | dynamic-005-004-001-149.5.4.pool.telefonica.de | - | High
|
||||
412 | [5.4.2.41](https://vuldb.com/?ip.5.4.2.41) | dynamic-005-004-002-041.5.4.pool.telefonica.de | - | High
|
||||
413 | [5.4.3.39](https://vuldb.com/?ip.5.4.3.39) | dynamic-005-004-003-039.5.4.pool.telefonica.de | - | High
|
||||
414 | [5.4.3.151](https://vuldb.com/?ip.5.4.3.151) | dynamic-005-004-003-151.5.4.pool.telefonica.de | - | High
|
||||
415 | [5.5.1.34](https://vuldb.com/?ip.5.5.1.34) | dynamic-005-005-001-034.5.5.pool.telefonica.de | - | High
|
||||
416 | [5.5.1.38](https://vuldb.com/?ip.5.5.1.38) | dynamic-005-005-001-038.5.5.pool.telefonica.de | - | High
|
||||
417 | [5.5.2.52](https://vuldb.com/?ip.5.5.2.52) | dynamic-005-005-002-052.5.5.pool.telefonica.de | - | High
|
||||
418 | [5.5.2.197](https://vuldb.com/?ip.5.5.2.197) | dynamic-005-005-002-197.5.5.pool.telefonica.de | - | High
|
||||
419 | [5.5.3.61](https://vuldb.com/?ip.5.5.3.61) | dynamic-005-005-003-061.5.5.pool.telefonica.de | - | High
|
||||
420 | [5.5.4.26](https://vuldb.com/?ip.5.5.4.26) | dynamic-005-005-004-026.5.5.pool.telefonica.de | - | High
|
||||
421 | [5.6.5.236](https://vuldb.com/?ip.5.6.5.236) | dynamic-005-006-005-236.5.6.pool.telefonica.de | - | High
|
||||
422 | [5.6.6.232](https://vuldb.com/?ip.5.6.6.232) | dynamic-005-006-006-232.5.6.pool.telefonica.de | - | High
|
||||
423 | [5.6.7.8](https://vuldb.com/?ip.5.6.7.8) | dynamic-005-006-007-008.5.6.pool.telefonica.de | - | High
|
||||
424 | [5.6.7.43](https://vuldb.com/?ip.5.6.7.43) | dynamic-005-006-007-043.5.6.pool.telefonica.de | - | High
|
||||
425 | [5.7.1.116](https://vuldb.com/?ip.5.7.1.116) | dynamic-005-007-001-116.5.7.pool.telefonica.de | - | High
|
||||
426 | [5.7.1.179](https://vuldb.com/?ip.5.7.1.179) | dynamic-005-007-001-179.5.7.pool.telefonica.de | - | High
|
||||
427 | [5.7.4.39](https://vuldb.com/?ip.5.7.4.39) | dynamic-005-007-004-039.5.7.pool.telefonica.de | - | High
|
||||
428 | [5.7.21.28](https://vuldb.com/?ip.5.7.21.28) | dynamic-005-007-021-028.5.7.pool.telefonica.de | - | High
|
||||
429 | [5.9.7.72](https://vuldb.com/?ip.5.9.7.72) | static.72.7.9.5.clients.your-server.de | - | High
|
||||
430 | [5.9.178.75](https://vuldb.com/?ip.5.9.178.75) | glass-expander.bentneed.org | - | High
|
||||
431 | [5.17.161.235](https://vuldb.com/?ip.5.17.161.235) | 5x17x161x235.static-business.spb.ertelecom.ru | - | High
|
||||
432 | [5.34.178.59](https://vuldb.com/?ip.5.34.178.59) | yaalex32.isplevel.pro | - | High
|
||||
433 | [5.34.178.185](https://vuldb.com/?ip.5.34.178.185) | hathi1.co.in | - | High
|
||||
434 | [5.34.178.247](https://vuldb.com/?ip.5.34.178.247) | us.vps.98 | - | High
|
||||
435 | [5.34.181.18](https://vuldb.com/?ip.5.34.181.18) | storage-669286.hosted-by.itldc.com | - | High
|
||||
436 | [5.34.181.32](https://vuldb.com/?ip.5.34.181.32) | vds15933.example.nl | - | High
|
||||
437 | [5.39.1.6](https://vuldb.com/?ip.5.39.1.6) | ip6.ip-5-39-1.eu | - | High
|
||||
438 | [5.39.63.98](https://vuldb.com/?ip.5.39.63.98) | - | - | High
|
||||
439 | [5.61.32.173](https://vuldb.com/?ip.5.61.32.173) | - | - | High
|
||||
440 | [5.61.33.195](https://vuldb.com/?ip.5.61.33.195) | mail.chesm.org | - | High
|
||||
441 | [5.61.34.63](https://vuldb.com/?ip.5.61.34.63) | - | - | High
|
||||
442 | [5.61.34.245](https://vuldb.com/?ip.5.61.34.245) | prikolisti.net | - | High
|
||||
443 | [5.61.36.89](https://vuldb.com/?ip.5.61.36.89) | - | - | High
|
||||
444 | [5.61.45.151](https://vuldb.com/?ip.5.61.45.151) | - | - | High
|
||||
445 | [5.61.61.169](https://vuldb.com/?ip.5.61.61.169) | - | - | High
|
||||
446 | [5.181.80.113](https://vuldb.com/?ip.5.181.80.113) | ip-80-113-bullethost.net | - | High
|
||||
447 | [5.181.80.214](https://vuldb.com/?ip.5.181.80.214) | ip-80-214-bullethost.net | - | High
|
||||
448 | [5.181.156.15](https://vuldb.com/?ip.5.181.156.15) | no-rdns.mivocloud.com | - | High
|
||||
449 | [5.181.156.16](https://vuldb.com/?ip.5.181.156.16) | 5-181-156-16.mivocloud.com | - | High
|
||||
450 | [5.181.156.69](https://vuldb.com/?ip.5.181.156.69) | no-rdns.mivocloud.com | - | High
|
||||
451 | [5.181.156.166](https://vuldb.com/?ip.5.181.156.166) | 5-181-156-166.mivocloud.com | - | High
|
||||
452 | [5.181.156.211](https://vuldb.com/?ip.5.181.156.211) | 5-181-156-211.mivocloud.com | - | High
|
||||
453 | [5.181.156.226](https://vuldb.com/?ip.5.181.156.226) | no-rdns.mivocloud.com | - | High
|
||||
454 | [5.181.156.238](https://vuldb.com/?ip.5.181.156.238) | no-rdns.mivocloud.com | - | High
|
||||
455 | [5.182.211.25](https://vuldb.com/?ip.5.182.211.25) | - | - | High
|
||||
456 | [5.182.211.47](https://vuldb.com/?ip.5.182.211.47) | - | - | High
|
||||
457 | [5.182.211.124](https://vuldb.com/?ip.5.182.211.124) | mu124.mundial.web.tr | - | High
|
||||
458 | [5.182.211.125](https://vuldb.com/?ip.5.182.211.125) | - | - | High
|
||||
459 | [5.182.211.138](https://vuldb.com/?ip.5.182.211.138) | - | - | High
|
||||
460 | [5.182.211.218](https://vuldb.com/?ip.5.182.211.218) | - | - | High
|
||||
461 | [5.182.211.222](https://vuldb.com/?ip.5.182.211.222) | adlt.locrum.icu | - | High
|
||||
462 | [5.182.211.223](https://vuldb.com/?ip.5.182.211.223) | ernu.locrum.icu | - | High
|
||||
463 | [5.183.95.6](https://vuldb.com/?ip.5.183.95.6) | mail.zeakids.de | - | High
|
||||
464 | [5.188.133.193](https://vuldb.com/?ip.5.188.133.193) | stack.example.com | - | High
|
||||
465 | [5.196.197.27](https://vuldb.com/?ip.5.196.197.27) | - | - | High
|
||||
466 | [5.199.174.223](https://vuldb.com/?ip.5.199.174.223) | - | - | High
|
||||
467 | [5.255.96.16](https://vuldb.com/?ip.5.255.96.16) | - | - | High
|
||||
468 | [5.255.255.5](https://vuldb.com/?ip.5.255.255.5) | yandex.ru | - | High
|
||||
469 | [6.1.1.8](https://vuldb.com/?ip.6.1.1.8) | - | - | High
|
||||
470 | [6.1.1.28](https://vuldb.com/?ip.6.1.1.28) | - | - | High
|
||||
471 | [6.1.1.35](https://vuldb.com/?ip.6.1.1.35) | - | - | High
|
||||
472 | [6.1.4.2](https://vuldb.com/?ip.6.1.4.2) | - | - | High
|
||||
473 | [6.1.19.84](https://vuldb.com/?ip.6.1.19.84) | - | - | High
|
||||
474 | [6.2.1.19](https://vuldb.com/?ip.6.2.1.19) | - | - | High
|
||||
475 | [6.2.2.1](https://vuldb.com/?ip.6.2.2.1) | - | - | High
|
||||
476 | [6.2.2.2](https://vuldb.com/?ip.6.2.2.2) | - | - | High
|
||||
477 | [6.2.2.3](https://vuldb.com/?ip.6.2.2.3) | - | - | High
|
||||
478 | [6.2.2.224](https://vuldb.com/?ip.6.2.2.224) | - | - | High
|
||||
479 | [6.2.3.248](https://vuldb.com/?ip.6.2.3.248) | - | - | High
|
||||
480 | [6.2.3.251](https://vuldb.com/?ip.6.2.3.251) | - | - | High
|
||||
481 | [6.2.4.2](https://vuldb.com/?ip.6.2.4.2) | - | - | High
|
||||
482 | [6.2.4.27](https://vuldb.com/?ip.6.2.4.27) | - | - | High
|
||||
483 | [6.2.5.2](https://vuldb.com/?ip.6.2.5.2) | - | - | High
|
||||
484 | [6.2.16.1](https://vuldb.com/?ip.6.2.16.1) | - | - | High
|
||||
485 | [6.2.18.1](https://vuldb.com/?ip.6.2.18.1) | - | - | High
|
||||
486 | [6.2.39.1](https://vuldb.com/?ip.6.2.39.1) | - | - | High
|
||||
487 | ... | ... | ... | ...
|
||||
|
||||
There are 213 more IOC items available. Please use our online service to access the data.
|
||||
There are 1943 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -93,10 +526,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -108,52 +541,46 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/admin/contenttemp` | High
|
||||
4 | File | `/admin/modules/system/custom_field.php` | High
|
||||
5 | File | `/Ap4RtpAtom.cpp` | High
|
||||
6 | File | `/api/crontab` | Medium
|
||||
7 | File | `/bcms/admin/?page=user/list` | High
|
||||
8 | File | `/bin/boa` | Medium
|
||||
5 | File | `/admin/user/UserAdmin.do` | High
|
||||
6 | File | `/Ap4RtpAtom.cpp` | High
|
||||
7 | File | `/api/crontab` | Medium
|
||||
8 | File | `/bcms/admin/?page=user/list` | High
|
||||
9 | File | `/cgi-bin/wapopen` | High
|
||||
10 | File | `/cgi-mod/lookup.cgi` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/controller/Index.php` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
14 | File | `/fuel/sitevariables/delete/4` | High
|
||||
15 | File | `/iissamples` | Medium
|
||||
16 | File | `/mgmt/tm/util/bash` | High
|
||||
17 | File | `/modules/profile/index.php` | High
|
||||
18 | File | `/new` | Low
|
||||
19 | File | `/nova/bin/console` | High
|
||||
20 | File | `/proc/<pid>/status` | High
|
||||
21 | File | `/public/plugins/` | High
|
||||
22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
23 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
24 | File | `/show_news.php` | High
|
||||
25 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
26 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
27 | File | `/tmp` | Low
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/usr/bin/pkexec` | High
|
||||
30 | File | `/usr/sbin/suexec` | High
|
||||
31 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
32 | File | `/WEB-INF/web.xml` | High
|
||||
33 | File | `/wp-admin/admin-ajax.php` | High
|
||||
34 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
35 | File | `AccountManagerService.java` | High
|
||||
36 | File | `actions/CompanyDetailsSave.php` | High
|
||||
37 | File | `ActivityManagerService.java` | High
|
||||
38 | File | `admin.php` | Medium
|
||||
39 | File | `admin.php?page=languages` | High
|
||||
40 | File | `admin/add-glossary.php` | High
|
||||
41 | File | `admin/admin.php` | High
|
||||
42 | ... | ... | ...
|
||||
13 | File | `/devices/acurite.c` | High
|
||||
14 | File | `/example/editor` | High
|
||||
15 | File | `/file?action=download&file` | High
|
||||
16 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
17 | File | `/fuel/sitevariables/delete/4` | High
|
||||
18 | File | `/goform/login_process` | High
|
||||
19 | File | `/goform/rlmswitchr_process` | High
|
||||
20 | File | `/goforms/rlminfo` | High
|
||||
21 | File | `/include/chart_generator.php` | High
|
||||
22 | File | `/mgmt/tm/util/bash` | High
|
||||
23 | File | `/mhds/clinic/view_details.php` | High
|
||||
24 | File | `/newsDia.php` | Medium
|
||||
25 | File | `/nova/bin/console` | High
|
||||
26 | File | `/product_list.php` | High
|
||||
27 | File | `/ptms/?page=user` | High
|
||||
28 | File | `/scas/admin/` | Medium
|
||||
29 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
31 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
32 | File | `/tmp/zarafa-vacation-*` | High
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/upload` | Low
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 361 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 300 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://ddanchev.blogspot.com/2022/02/exposing-conti-ransomware-gang-osint_28.html
|
||||
* https://ddanchev.blogspot.com/2022/06/how-to-take-down-conti-ransomware-gang.html
|
||||
* https://github.com/sophoslabs/IoCs/blob/master/Ransomware-Conti.csv
|
||||
* https://thedfirreport.com/2021/05/12/conti-ransomware/
|
||||
* https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/
|
||||
|
|
|
@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with CopyKittens:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CopyKittens:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -59,7 +59,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -70,38 +70,40 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/?module=fileman§ion=get&page=grid` | High
|
||||
2 | File | `/admin.php/singer/admin/singer/hy` | High
|
||||
3 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
4 | File | `/admin/edit.php` | High
|
||||
5 | File | `/admin/modules/system/custom_field.php` | High
|
||||
6 | File | `/admin/new-content` | High
|
||||
7 | File | `/admin/weixin.php` | High
|
||||
8 | File | `/alerts/alertLightbox.php` | High
|
||||
9 | File | `/api /v3/auth` | High
|
||||
10 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
11 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
12 | File | `/bcms/admin/courts/manage_court.php` | High
|
||||
13 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
|
||||
14 | File | `/car-rental-management-system/admin/manage_booking.php` | High
|
||||
15 | File | `/classes/Users.php?f=save` | High
|
||||
16 | File | `/cloud_config/router_post/upgrade_info` | High
|
||||
17 | File | `/cms/classes/Master.php?f=delete_client` | High
|
||||
18 | File | `/config` | Low
|
||||
19 | File | `/defaultui/player/modern.html` | High
|
||||
20 | File | `/gaia-job-admin/user/add` | High
|
||||
21 | File | `/goform/aspForm` | High
|
||||
22 | File | `/goform/login_process` | High
|
||||
23 | File | `/goform/SetInternetLanInfo` | High
|
||||
24 | File | `/goform/setNetworkLan` | High
|
||||
25 | File | `/goform/setPicListItem` | High
|
||||
26 | File | `/goform/SetSysTimeCfg` | High
|
||||
27 | File | `/html/Solar_Ftp.php` | High
|
||||
28 | File | `/lists/admin/` | High
|
||||
29 | File | `/mngset/authset` | High
|
||||
30 | File | `/mtms/admin/?page=transaction/send` | High
|
||||
31 | File | `/ok_png.c` | Medium
|
||||
32 | File | `/one_church/userregister.php` | High
|
||||
33 | ... | ... | ...
|
||||
4 | File | `/admin/deluser.php` | High
|
||||
5 | File | `/admin/edit.php` | High
|
||||
6 | File | `/admin/googleads.php` | High
|
||||
7 | File | `/admin/new-content` | High
|
||||
8 | File | `/admin/operations/tax.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/scheprofile.cgi` | High
|
||||
11 | File | `/admin/weixin.php` | High
|
||||
12 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
13 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
14 | File | `/bcms/admin/courts/manage_court.php` | High
|
||||
15 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
|
||||
16 | File | `/car-rental-management-system/admin/manage_booking.php` | High
|
||||
17 | File | `/cgi-bin/kerbynet` | High
|
||||
18 | File | `/classes/Users.php?f=save` | High
|
||||
19 | File | `/cms/classes/Master.php?f=delete_client` | High
|
||||
20 | File | `/config` | Low
|
||||
21 | File | `/defaultui/player/modern.html` | High
|
||||
22 | File | `/ffos/admin/categories/manage_category.php` | High
|
||||
23 | File | `/ffos/admin/menus/view_menu.php` | High
|
||||
24 | File | `/gaia-job-admin/user/add` | High
|
||||
25 | File | `/goform/aspForm` | High
|
||||
26 | File | `/goform/login_process` | High
|
||||
27 | File | `/goform/setNetworkLan` | High
|
||||
28 | File | `/goform/SetSysTimeCfg` | High
|
||||
29 | File | `/html/Solar_Ftp.php` | High
|
||||
30 | File | `/lists/admin/` | High
|
||||
31 | File | `/mngset/authset` | High
|
||||
32 | File | `/mtms/admin/?page=transaction/send` | High
|
||||
33 | File | `/orrs/admin/trains/manage_train.php` | High
|
||||
34 | File | `/otps/classes/Master.php?f=delete_team` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 284 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -51,7 +51,7 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 45 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 46 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1548.002 | CWE-285 | Improper Authorization | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -49,17 +49,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/etc/passwd` | Medium
|
||||
2 | File | `/tmp` | Low
|
||||
3 | File | `AbstractController.php` | High
|
||||
4 | File | `ActBar.ocx` | Medium
|
||||
5 | File | `add_ons.php` | Medium
|
||||
6 | File | `admin.comms.php` | High
|
||||
7 | File | `admin.php` | Medium
|
||||
8 | File | `admin/bad.php` | High
|
||||
9 | ... | ... | ...
|
||||
1 | File | `/doorgets/app/views/ajax/commentView.php` | High
|
||||
2 | File | `/etc/passwd` | Medium
|
||||
3 | File | `/tmp` | Low
|
||||
4 | File | `AbstractController.php` | High
|
||||
5 | File | `ActBar.ocx` | Medium
|
||||
6 | File | `add_ons.php` | Medium
|
||||
7 | File | `admin.comms.php` | High
|
||||
8 | File | `admin.php` | Medium
|
||||
9 | File | `admin/bad.php` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 67 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 71 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -74,7 +74,7 @@ ID | Type | Indicator | Confidence
|
|||
21 | File | `/mtms/admin/?page=user/manage_user` | High
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 180 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 182 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,12 +20,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -33,13 +33,33 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/adm/setmain.php` | High
|
||||
2 | File | `/classes/master.php?f=delete_facility` | High
|
||||
3 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
4 | File | `/ecrire` | Low
|
||||
5 | ... | ... | ...
|
||||
1 | File | `/admin/deluser.php` | High
|
||||
2 | File | `/admin/dl_sendmail.php` | High
|
||||
3 | File | `/admin/operations/tax.php` | High
|
||||
4 | File | `/admin/showbad.php` | High
|
||||
5 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
6 | File | `/api/v2/config` | High
|
||||
7 | File | `/appinfo/save` | High
|
||||
8 | File | `/ATL/VQ23` | Medium
|
||||
9 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||
10 | File | `/coreframe/app/pay/admin/index.php` | High
|
||||
11 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
12 | File | `/dl/dl_sendmail.php` | High
|
||||
13 | File | `/dl/dl_sendsms.php` | High
|
||||
14 | File | `/ffos/admin/categories/manage_category.php` | High
|
||||
15 | File | `/ffos/admin/categories/view_category.php` | High
|
||||
16 | File | `/ffos/admin/menus/manage_menu.php` | High
|
||||
17 | File | `/ffos/admin/sales/receipt.php` | High
|
||||
18 | File | `/ffos/classes/Master.php?f=delete_category` | High
|
||||
19 | File | `/ffos/classes/Master.php?f=delete_img` | High
|
||||
20 | File | `/ffos/classes/Master.php?f=delete_menu` | High
|
||||
21 | File | `/hprms/admin/?page=patients/view_patient` | High
|
||||
22 | File | `/hprms/admin/?page=user/manage_user` | High
|
||||
23 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
24 | File | `/hprms/admin/doctors/view_doctor.php` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 30 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 210 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Domestic Kitten:
|
||||
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
@ -77,9 +77,10 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `admin\model\catalog\download.php` | High
|
||||
29 | File | `apcupsd.pid` | Medium
|
||||
30 | File | `api/sms/send-sms` | High
|
||||
31 | ... | ... | ...
|
||||
31 | File | `api/v1/alarms` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 272 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -146,19 +146,19 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
2 | File | `/admin/powerline` | High
|
||||
3 | File | `/admin/syslog` | High
|
||||
4 | File | `/api` | Low
|
||||
5 | File | `/api/upload` | Medium
|
||||
6 | File | `/bcms/admin/?page=user/list` | High
|
||||
7 | File | `/cgi-bin` | Medium
|
||||
8 | File | `/cgi-bin/kerbynet` | High
|
||||
9 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/fudforum/adm/hlplist.php` | High
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
3 | File | `/admin/powerline` | High
|
||||
4 | File | `/admin/syslog` | High
|
||||
5 | File | `/Ap4RtpAtom.cpp` | High
|
||||
6 | File | `/api` | Low
|
||||
7 | File | `/api/upload` | Medium
|
||||
8 | File | `/bcms/admin/?page=user/list` | High
|
||||
9 | File | `/cgi-bin` | Medium
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
13 | File | `/login` | Low
|
||||
13 | File | `/fuel/sitevariables/delete/4` | High
|
||||
14 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
15 | File | `/mgmt/tm/util/bash` | High
|
||||
16 | File | `/monitoring` | Medium
|
||||
|
@ -181,10 +181,9 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `AccountManagerService.java` | High
|
||||
34 | File | `actions/CompanyDetailsSave.php` | High
|
||||
35 | File | `ActiveServices.java` | High
|
||||
36 | File | `ActivityManagerService.java` | High
|
||||
37 | ... | ... | ...
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -404,12 +404,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1222 | CWE-275 | Permission Issues | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -417,39 +417,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/account/ResetPassword` | High
|
||||
2 | File | `/admin.php/news/admin/topic/save` | High
|
||||
3 | File | `/anony/mjpg.cgi` | High
|
||||
4 | File | `/api/crontab` | Medium
|
||||
5 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
6 | File | `/bcms/admin/?page=user/list` | High
|
||||
7 | File | `/cgi-bin/supervisor/adcommand.cgi` | High
|
||||
8 | File | `/current_action.php?action=reboot` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/etc/config/image_sign` | High
|
||||
11 | File | `/etc/password` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
14 | File | `/IISADMPWD` | Medium
|
||||
15 | File | `/mgmt/tm/util/bash` | High
|
||||
16 | File | `/proc/stat` | Medium
|
||||
17 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
18 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
19 | File | `/src/njs/src/njs_module.c` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/user-utils/users/md5.json` | High
|
||||
22 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
23 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
24 | File | `/wp-admin/admin-ajax.php` | High
|
||||
25 | File | `/_internal` | Medium
|
||||
26 | File | `4.edu.php` | Medium
|
||||
27 | File | `aam/v1/authenticate` | High
|
||||
28 | File | `acl.c` | Low
|
||||
29 | File | `admin.webring.docs.php` | High
|
||||
30 | File | `admin/?page=students` | High
|
||||
31 | ... | ... | ...
|
||||
1 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
2 | File | `/alarm_pi/alarmService.php` | High
|
||||
3 | File | `/blog/blog.php` | High
|
||||
4 | File | `/bsms/?page=manage_account` | High
|
||||
5 | File | `/company` | Medium
|
||||
6 | File | `/company/account/safety/trade` | High
|
||||
7 | File | `/company/down_resume/total/nature` | High
|
||||
8 | File | `/company/service/increment/add/im` | High
|
||||
9 | File | `/company/view_be_browsed/total` | High
|
||||
10 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
11 | File | `/dashboard/reports/logs/view` | High
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 261 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 95 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -486,7 +467,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2019/09/threat-roundup-0906-0913.html
|
||||
* https://blog.talosintelligence.com/2019/09/threat-roundup-0913-0920.html
|
||||
* https://blog.talosintelligence.com/2019/09/threat-roundup-0920-0927.html
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.htmlhttps://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-for-september-27-to.html
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [KR](https://vuldb.com/?country.kr)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -41,7 +41,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -53,15 +53,16 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/filemanager/upload.php` | High
|
||||
2 | File | `/usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php` | High
|
||||
3 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
4 | File | `admin/modules/tools/ip_history_logs.php` | High
|
||||
5 | File | `api_poller.php` | High
|
||||
6 | File | `application/controllers/admin/dataentry.php` | High
|
||||
7 | ... | ... | ...
|
||||
1 | File | `/cgi-bin/luci/api/auth` | High
|
||||
2 | File | `/filemanager/upload.php` | High
|
||||
3 | File | `/usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php` | High
|
||||
4 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
5 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
6 | File | `admin/modules/tools/ip_history_logs.php` | High
|
||||
7 | File | `api_poller.php` | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 48 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 54 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -54,15 +54,16 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/ofrs/admin/?page=requests/view_request` | High
|
||||
9 | File | `/services/details.asp` | High
|
||||
10 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
11 | File | `/_core/profile/` | High
|
||||
12 | File | `adclick.php` | Medium
|
||||
13 | File | `additem.asp` | Medium
|
||||
14 | File | `addsite.php` | Medium
|
||||
15 | File | `admin/review.php` | High
|
||||
16 | File | `AdvancedBluetoothDetailsHeaderController.java` | High
|
||||
17 | ... | ... | ...
|
||||
11 | File | `/user/dls_download.php` | High
|
||||
12 | File | `/_core/profile/` | High
|
||||
13 | File | `adclick.php` | Medium
|
||||
14 | File | `additem.asp` | Medium
|
||||
15 | File | `addsite.php` | Medium
|
||||
16 | File | `admin/review.php` | High
|
||||
17 | File | `AdvancedBluetoothDetailsHeaderController.java` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 142 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 143 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
@ -94,53 +94,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
2 | File | `/Ap4RtpAtom.cpp` | High
|
||||
3 | File | `/bcms/admin/?page=user/list` | High
|
||||
4 | File | `/bsms/?page=products` | High
|
||||
5 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
6 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
7 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
8 | File | `/debug/pprof` | Medium
|
||||
9 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
10 | File | `/ext/phar/phar_object.c` | High
|
||||
11 | File | `/filemanager/php/connector.php` | High
|
||||
12 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
13 | File | `/include/chart_generator.php` | High
|
||||
14 | File | `/info.cgi` | Medium
|
||||
15 | File | `/mgmt/tm/util/bash` | High
|
||||
16 | File | `/modx/manager/index.php` | High
|
||||
17 | File | `/proc/<pid>/status` | High
|
||||
18 | File | `/public/login.htm` | High
|
||||
19 | File | `/public/plugins/` | High
|
||||
20 | File | `/replication` | Medium
|
||||
21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
24 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
25 | File | `/spip.php` | Medium
|
||||
26 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
27 | File | `/tmp` | Low
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/usr/bin/pkexec` | High
|
||||
30 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
31 | File | `/Wedding-Management/package_detail.php` | High
|
||||
32 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
33 | File | `802dot1xclientcert.cgi` | High
|
||||
34 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
35 | File | `AccountManagerService.java` | High
|
||||
36 | File | `actions/CompanyDetailsSave.php` | High
|
||||
37 | File | `ActivityManagerService.java` | High
|
||||
38 | File | `add.exe` | Low
|
||||
39 | File | `admin.php` | Medium
|
||||
40 | File | `admin.php?m=Food&a=addsave` | High
|
||||
41 | File | `admin/add-glossary.php` | High
|
||||
42 | File | `admin/conf_users_edit.php` | High
|
||||
43 | File | `admin/edit-comments.php` | High
|
||||
44 | File | `admin/index.php` | High
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
4 | File | `/Ap4RtpAtom.cpp` | High
|
||||
5 | File | `/bcms/admin/?page=user/list` | High
|
||||
6 | File | `/bsms/?page=manage_account` | High
|
||||
7 | File | `/bsms/?page=products` | High
|
||||
8 | File | `/cgi-bin/kerbynet` | High
|
||||
9 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
10 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
14 | File | `/ext/phar/phar_object.c` | High
|
||||
15 | File | `/filemanager/php/connector.php` | High
|
||||
16 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
17 | File | `/fuel/sitevariables/delete/4` | High
|
||||
18 | File | `/include/chart_generator.php` | High
|
||||
19 | File | `/info.cgi` | Medium
|
||||
20 | File | `/lists/admin/` | High
|
||||
21 | File | `/MagickCore/image.c` | High
|
||||
22 | File | `/mgmt/tm/util/bash` | High
|
||||
23 | File | `/modx/manager/index.php` | High
|
||||
24 | File | `/proc/<pid>/status` | High
|
||||
25 | File | `/public/login.htm` | High
|
||||
26 | File | `/public/plugins/` | High
|
||||
27 | File | `/replication` | Medium
|
||||
28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
29 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
30 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
31 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
32 | File | `/spip.php` | Medium
|
||||
33 | File | `/tmp` | Low
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/usr/bin/pkexec` | High
|
||||
36 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
37 | File | `/Wedding-Management/package_detail.php` | High
|
||||
38 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
39 | File | `802dot1xclientcert.cgi` | High
|
||||
40 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
41 | File | `AccountManagerService.java` | High
|
||||
42 | File | `actions/CompanyDetailsSave.php` | High
|
||||
43 | File | `ActiveServices.java` | High
|
||||
44 | File | `ActivityManagerService.java` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 389 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
35 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
|
||||
36 | ... | ... | ... | ...
|
||||
|
||||
There are 141 more IOC items available. Please use our online service to access the data.
|
||||
There are 142 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -100,7 +100,7 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `actionHandler/ajax_managed_services.php` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 110 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 111 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -116,6 +116,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
|
||||
* https://blog.talosintelligence.com/2021/11/threat-roundup-1029-1105.html
|
||||
* https://blog.talosintelligence.com/2022/04/threat-roundup-0415-0422.html
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-07%20Formbook%20IOCs
|
||||
* https://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FritzFrog:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -331,12 +331,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -344,50 +344,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/#/CampaignManager/users` | High
|
||||
2 | File | `/admin/admin_login.php` | High
|
||||
3 | File | `/anony/mjpg.cgi` | High
|
||||
4 | File | `/cgi-bin/luci/api/auth` | High
|
||||
5 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
6 | File | `/data/vendor/tcl` | High
|
||||
7 | File | `/debug/pprof` | Medium
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/HNAP1` | Low
|
||||
10 | File | `/i/:data/ipa.plist` | High
|
||||
11 | File | `/login` | Low
|
||||
12 | File | `/member/index/login.html` | High
|
||||
13 | File | `/mgmt/tm/util/bash` | High
|
||||
14 | File | `/php/passport/index.php` | High
|
||||
15 | File | `/plesk-site-preview/` | High
|
||||
16 | File | `/requests.php` | High
|
||||
17 | File | `/saml/login` | Medium
|
||||
18 | File | `/ScadaBR/login.htm` | High
|
||||
19 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
20 | File | `/ServletAPI/accounts/login` | High
|
||||
21 | File | `/ubus/uci.apply` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/upload` | Low
|
||||
24 | File | `/usr/bin/pkexec` | High
|
||||
25 | File | `/var/adm/btmp` | High
|
||||
26 | File | `/var/log/messages` | High
|
||||
27 | File | `/var/run/zabbix` | High
|
||||
28 | File | `/wp-admin/admin-ajax.php` | High
|
||||
29 | File | `account/login.php` | High
|
||||
30 | File | `ad/login.asp` | Medium
|
||||
31 | File | `adclick.php` | Medium
|
||||
32 | File | `admin.php` | Medium
|
||||
33 | File | `admin.webring.docs.php` | High
|
||||
34 | File | `admin/admin_ping.php` | High
|
||||
35 | File | `admin/login.php` | High
|
||||
36 | File | `admin/viewtheatre.php` | High
|
||||
37 | File | `adminer.php` | Medium
|
||||
38 | File | `agenda.php3` | Medium
|
||||
39 | File | `ajaxp.php` | Medium
|
||||
40 | File | `anonymous/authenticated` | High
|
||||
41 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
|
||||
42 | ... | ... | ...
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/admin.php/news/admin/topic/save` | High
|
||||
3 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
4 | File | `/api/crontab` | Medium
|
||||
5 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
6 | File | `/cgi-bin/cgiServer.exx` | High
|
||||
7 | File | `/cgi-bin/kerbynet` | High
|
||||
8 | File | `/cgi-bin/supervisor/adcommand.cgi` | High
|
||||
9 | File | `/cmd?cmd=connect` | High
|
||||
10 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
11 | File | `/componetns/user/class.user.php` | High
|
||||
12 | File | `/config/getuser` | High
|
||||
13 | File | `/current_action.php?action=reboot` | High
|
||||
14 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
15 | File | `/etc/config/image_sign` | High
|
||||
16 | File | `/etc/hosts` | Medium
|
||||
17 | File | `/etc/password` | High
|
||||
18 | File | `/etc/quagga` | Medium
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/gaia-job-admin/user/add` | High
|
||||
21 | File | `/HNAP1` | Low
|
||||
22 | File | `/info.cgi` | Medium
|
||||
23 | File | `/lists/admin/` | High
|
||||
24 | File | `/proc/stat` | Medium
|
||||
25 | File | `/public/plugins/` | High
|
||||
26 | File | `/ram/pckg/security/nova/bin/ipsec` | High
|
||||
27 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
28 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
29 | File | `/spip.php` | Medium
|
||||
30 | File | `/sql/sql_string.h` | High
|
||||
31 | File | `/sql/sql_type.cc` | High
|
||||
32 | File | `/strings/ctype-latin1.c` | High
|
||||
33 | File | `/strings/ctype-simple.c` | High
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/upload/localhost` | High
|
||||
36 | File | `/user-utils/users/md5.json` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 365 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,107 @@
|
|||
# GALLIUM - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GALLIUM](https://vuldb.com/?actor.gallium). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gallium](https://vuldb.com/?actor.gallium)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with GALLIUM:
|
||||
|
||||
* PingPull
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GALLIUM:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [HK](https://vuldb.com/?country.hk)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GALLIUM.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.58.242.229](https://vuldb.com/?ip.2.58.242.229) | 242-58-2-229.hostinginside.com | - | High
|
||||
2 | [2.58.242.230](https://vuldb.com/?ip.2.58.242.230) | 242-58-2-230.hostinginside.com | - | High
|
||||
3 | [2.58.242.231](https://vuldb.com/?ip.2.58.242.231) | 242-58-2-231.hostinginside.com | - | High
|
||||
4 | [2.58.242.232](https://vuldb.com/?ip.2.58.242.232) | 242-58-2-232.hostinginside.com | - | High
|
||||
5 | [2.58.242.235](https://vuldb.com/?ip.2.58.242.235) | 242-58-2-235.hostinginside.com | - | High
|
||||
6 | [2.58.242.236](https://vuldb.com/?ip.2.58.242.236) | 242-58-2-236.hostinginside.com | - | High
|
||||
7 | [5.8.71.97](https://vuldb.com/?ip.5.8.71.97) | goodluck23.jp.us | PingPull | High
|
||||
8 | [5.181.25.55](https://vuldb.com/?ip.5.181.25.55) | vps76.example.com | PingPull | High
|
||||
9 | [5.188.33.237](https://vuldb.com/?ip.5.188.33.237) | firman00467.example.com | - | High
|
||||
10 | [37.61.229.104](https://vuldb.com/?ip.37.61.229.104) | theodore974.example.com | - | High
|
||||
11 | [37.61.229.106](https://vuldb.com/?ip.37.61.229.106) | oliver7891.example.com | - | High
|
||||
12 | [43.254.218.43](https://vuldb.com/?ip.43.254.218.43) | - | - | High
|
||||
13 | [43.254.218.57](https://vuldb.com/?ip.43.254.218.57) | - | - | High
|
||||
14 | [43.254.218.98](https://vuldb.com/?ip.43.254.218.98) | - | - | High
|
||||
15 | [43.254.218.104](https://vuldb.com/?ip.43.254.218.104) | - | - | High
|
||||
16 | [43.254.218.114](https://vuldb.com/?ip.43.254.218.114) | - | - | High
|
||||
17 | [45.14.66.230](https://vuldb.com/?ip.45.14.66.230) | 45.14.66.230.static.xtom.com | - | High
|
||||
18 | [45.76.113.163](https://vuldb.com/?ip.45.76.113.163) | 45.76.113.163.vultrusercontent.com | - | High
|
||||
19 | [45.116.13.153](https://vuldb.com/?ip.45.116.13.153) | 45.116.13.153.static.xtom.hk | - | High
|
||||
20 | [45.121.50.230](https://vuldb.com/?ip.45.121.50.230) | - | - | High
|
||||
21 | [45.128.221.61](https://vuldb.com/?ip.45.128.221.61) | - | - | High
|
||||
22 | [45.128.221.66](https://vuldb.com/?ip.45.128.221.66) | - | - | High
|
||||
23 | [45.128.221.169](https://vuldb.com/?ip.45.128.221.169) | - | - | High
|
||||
24 | [45.128.221.172](https://vuldb.com/?ip.45.128.221.172) | - | - | High
|
||||
25 | [45.128.221.182](https://vuldb.com/?ip.45.128.221.182) | - | - | High
|
||||
26 | [45.128.221.186](https://vuldb.com/?ip.45.128.221.186) | - | - | High
|
||||
27 | ... | ... | ... | ...
|
||||
|
||||
There are 103 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _GALLIUM_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by GALLIUM. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/api/trackedEntityInstances` | High
|
||||
2 | File | `/cgi-bin/portal` | High
|
||||
3 | File | `/cgi-bin/wapopen` | High
|
||||
4 | File | `/Items/*/RemoteImages/Download` | High
|
||||
5 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
6 | File | `/owa/auth/logon.aspx` | High
|
||||
7 | File | `/service/upload` | High
|
||||
8 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
9 | File | `/uncpath/` | Medium
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://unit42.paloaltonetworks.com/pingpull-gallium/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -40,14 +40,14 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
2 | File | `base/ErrorHandler.php` | High
|
||||
3 | File | `blog.php` | Medium
|
||||
4 | File | `c4t64fx.c` | Medium
|
||||
5 | File | `cgi-bin/webcm` | High
|
||||
1 | File | `/admin/dl_sendmail.php` | High
|
||||
2 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
3 | File | `base/ErrorHandler.php` | High
|
||||
4 | File | `blog.php` | Medium
|
||||
5 | File | `c4t64fx.c` | Medium
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 38 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 40 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -22,59 +22,59 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.59.41.5](https://vuldb.com/?ip.2.59.41.5) | vds-sizaus.timeweb.ru | - | High
|
||||
2 | [5.63.152.233](https://vuldb.com/?ip.5.63.152.233) | 5-63-152-233.cloudvps.regruhosting.ru | - | High
|
||||
3 | [5.63.154.19](https://vuldb.com/?ip.5.63.154.19) | 5-63-154-19.cloudvps.regruhosting.ru | - | High
|
||||
4 | [5.63.154.128](https://vuldb.com/?ip.5.63.154.128) | 5-63-154-128.cloudvps.regruhosting.ru | - | High
|
||||
5 | [5.63.158.179](https://vuldb.com/?ip.5.63.158.179) | 5-63-158-179.cloudvps.regruhosting.ru | - | High
|
||||
6 | [5.63.158.233](https://vuldb.com/?ip.5.63.158.233) | 5-63-158-233.cloudvps.regruhosting.ru | - | High
|
||||
7 | [5.63.158.238](https://vuldb.com/?ip.5.63.158.238) | 5-63-158-238.cloudvps.regruhosting.ru | - | High
|
||||
8 | [5.252.193.204](https://vuldb.com/?ip.5.252.193.204) | - | - | High
|
||||
9 | [31.31.203.17](https://vuldb.com/?ip.31.31.203.17) | 31-31-203-17.cloudvps.regruhosting.ru | - | High
|
||||
10 | [31.31.203.71](https://vuldb.com/?ip.31.31.203.71) | 31-31-203-71.cloudvps.regruhosting.ru | - | High
|
||||
11 | [31.31.203.219](https://vuldb.com/?ip.31.31.203.219) | 31-31-203-219.cloudvps.regruhosting.ru | - | High
|
||||
12 | [31.40.251.145](https://vuldb.com/?ip.31.40.251.145) | - | - | High
|
||||
13 | [31.40.251.171](https://vuldb.com/?ip.31.40.251.171) | - | - | High
|
||||
14 | [37.77.105.102](https://vuldb.com/?ip.37.77.105.102) | 701115-cm83897.tmweb.ru | Ukraine | High
|
||||
15 | [37.140.195.137](https://vuldb.com/?ip.37.140.195.137) | 37-140-195-137.cloudvps.regruhosting.ru | - | High
|
||||
16 | [37.140.197.55](https://vuldb.com/?ip.37.140.197.55) | 37-140-197-55.cloudvps.regruhosting.ru | - | High
|
||||
17 | [37.140.197.206](https://vuldb.com/?ip.37.140.197.206) | 37-140-197-206.cloudvps.regruhosting.ru | - | High
|
||||
18 | [37.140.199.20](https://vuldb.com/?ip.37.140.199.20) | 37-140-199-20.cloudvps.regruhosting.ru | - | High
|
||||
19 | [37.140.199.224](https://vuldb.com/?ip.37.140.199.224) | nedvizhimostdoma.ru | - | High
|
||||
20 | [45.32.149.8](https://vuldb.com/?ip.45.32.149.8) | 45.32.149.8.vultr.com | - | Medium
|
||||
21 | [45.134.255.131](https://vuldb.com/?ip.45.134.255.131) | - | - | High
|
||||
22 | [70.34.194.31](https://vuldb.com/?ip.70.34.194.31) | 70.34.194.31.vultr.com | - | Medium
|
||||
23 | [70.34.194.123](https://vuldb.com/?ip.70.34.194.123) | 70.34.194.123.vultr.com | - | Medium
|
||||
24 | [70.34.195.75](https://vuldb.com/?ip.70.34.195.75) | 70.34.195.75.vultr.com | - | Medium
|
||||
25 | [70.34.197.185](https://vuldb.com/?ip.70.34.197.185) | 70.34.197.185.vultr.com | - | Medium
|
||||
26 | [70.34.198.226](https://vuldb.com/?ip.70.34.198.226) | 70.34.198.226.vultr.com | - | Medium
|
||||
27 | [70.34.199.214](https://vuldb.com/?ip.70.34.199.214) | 70.34.199.214.vultr.com | - | Medium
|
||||
28 | [70.34.202.55](https://vuldb.com/?ip.70.34.202.55) | 70.34.202.55.vultr.com | - | Medium
|
||||
29 | [70.34.204.74](https://vuldb.com/?ip.70.34.204.74) | 70.34.204.74.vultr.com | - | Medium
|
||||
30 | [70.34.204.141](https://vuldb.com/?ip.70.34.204.141) | 70.34.204.141.vultr.com | - | Medium
|
||||
31 | [70.34.208.32](https://vuldb.com/?ip.70.34.208.32) | 70.34.208.32.vultr.com | - | Medium
|
||||
32 | [78.40.219.12](https://vuldb.com/?ip.78.40.219.12) | 628153-cn06191.tmweb.ru | Ukraine | High
|
||||
33 | [80.78.240.210](https://vuldb.com/?ip.80.78.240.210) | 80-78-240-210.cloudvps.regruhosting.ru | - | High
|
||||
34 | [80.78.241.88](https://vuldb.com/?ip.80.78.241.88) | 80-78-241-88.cloudvps.regruhosting.ru | - | High
|
||||
35 | [80.78.241.253](https://vuldb.com/?ip.80.78.241.253) | 80-78-241-253.cloudvps.regruhosting.ru | - | High
|
||||
36 | [80.78.244.124](https://vuldb.com/?ip.80.78.244.124) | 80-78-244-124.cloudvps.regruhosting.ru | - | High
|
||||
37 | [80.78.244.199](https://vuldb.com/?ip.80.78.244.199) | 80-78-244-199.cloudvps.regruhosting.ru | - | High
|
||||
38 | [80.78.245.89](https://vuldb.com/?ip.80.78.245.89) | mail-open-3.nascom.nasa.gov | - | High
|
||||
39 | [80.78.245.223](https://vuldb.com/?ip.80.78.245.223) | 80-78-245-223.cloudvps.regruhosting.ru | - | High
|
||||
40 | [80.78.245.254](https://vuldb.com/?ip.80.78.245.254) | scraper.betty.network | - | High
|
||||
41 | [80.78.248.22](https://vuldb.com/?ip.80.78.248.22) | - | - | High
|
||||
42 | [80.78.248.167](https://vuldb.com/?ip.80.78.248.167) | hadassah.moscow | - | High
|
||||
43 | [80.78.248.222](https://vuldb.com/?ip.80.78.248.222) | 80-78-248-222.cloudvps.regruhosting.ru | - | High
|
||||
44 | [80.78.251.4](https://vuldb.com/?ip.80.78.251.4) | 80-78-251-4.cloudvps.regruhosting.ru | - | High
|
||||
45 | [80.78.251.191](https://vuldb.com/?ip.80.78.251.191) | 80-78-251-191.cloudvps.regruhosting.ru | - | High
|
||||
46 | [80.78.251.231](https://vuldb.com/?ip.80.78.251.231) | 80-78-251-231.cloudvps.regruhosting.ru | - | High
|
||||
47 | [80.78.253.26](https://vuldb.com/?ip.80.78.253.26) | 80-78-253-26.cloudvps.regruhosting.ru | - | High
|
||||
48 | [80.78.253.86](https://vuldb.com/?ip.80.78.253.86) | 80-78-253-86.cloudvps.regruhosting.ru | - | High
|
||||
49 | [80.78.253.196](https://vuldb.com/?ip.80.78.253.196) | 80-78-253-196.cloudvps.regruhosting.ru | - | High
|
||||
50 | [80.78.254.238](https://vuldb.com/?ip.80.78.254.238) | 80-78-254-238.cloudvps.regruhosting.ru | - | High
|
||||
1 | [2.59.36.194](https://vuldb.com/?ip.2.59.36.194) | - | - | High
|
||||
2 | [2.59.41.5](https://vuldb.com/?ip.2.59.41.5) | vds-sizaus.timeweb.ru | - | High
|
||||
3 | [5.63.152.233](https://vuldb.com/?ip.5.63.152.233) | 5-63-152-233.cloudvps.regruhosting.ru | - | High
|
||||
4 | [5.63.154.19](https://vuldb.com/?ip.5.63.154.19) | 5-63-154-19.cloudvps.regruhosting.ru | - | High
|
||||
5 | [5.63.154.128](https://vuldb.com/?ip.5.63.154.128) | 5-63-154-128.cloudvps.regruhosting.ru | - | High
|
||||
6 | [5.63.158.179](https://vuldb.com/?ip.5.63.158.179) | 5-63-158-179.cloudvps.regruhosting.ru | - | High
|
||||
7 | [5.63.158.233](https://vuldb.com/?ip.5.63.158.233) | 5-63-158-233.cloudvps.regruhosting.ru | - | High
|
||||
8 | [5.63.158.238](https://vuldb.com/?ip.5.63.158.238) | 5-63-158-238.cloudvps.regruhosting.ru | - | High
|
||||
9 | [5.252.193.204](https://vuldb.com/?ip.5.252.193.204) | - | - | High
|
||||
10 | [31.31.203.17](https://vuldb.com/?ip.31.31.203.17) | 31-31-203-17.cloudvps.regruhosting.ru | - | High
|
||||
11 | [31.31.203.71](https://vuldb.com/?ip.31.31.203.71) | 31-31-203-71.cloudvps.regruhosting.ru | - | High
|
||||
12 | [31.31.203.219](https://vuldb.com/?ip.31.31.203.219) | 31-31-203-219.cloudvps.regruhosting.ru | - | High
|
||||
13 | [31.40.251.145](https://vuldb.com/?ip.31.40.251.145) | - | - | High
|
||||
14 | [31.40.251.171](https://vuldb.com/?ip.31.40.251.171) | - | - | High
|
||||
15 | [37.77.105.102](https://vuldb.com/?ip.37.77.105.102) | 701115-cm83897.tmweb.ru | Ukraine | High
|
||||
16 | [37.140.195.137](https://vuldb.com/?ip.37.140.195.137) | 37-140-195-137.cloudvps.regruhosting.ru | - | High
|
||||
17 | [37.140.197.55](https://vuldb.com/?ip.37.140.197.55) | 37-140-197-55.cloudvps.regruhosting.ru | - | High
|
||||
18 | [37.140.197.206](https://vuldb.com/?ip.37.140.197.206) | 37-140-197-206.cloudvps.regruhosting.ru | - | High
|
||||
19 | [37.140.199.20](https://vuldb.com/?ip.37.140.199.20) | 37-140-199-20.cloudvps.regruhosting.ru | - | High
|
||||
20 | [37.140.199.224](https://vuldb.com/?ip.37.140.199.224) | nedvizhimostdoma.ru | - | High
|
||||
21 | [45.32.149.8](https://vuldb.com/?ip.45.32.149.8) | 45.32.149.8.vultr.com | - | Medium
|
||||
22 | [45.134.255.131](https://vuldb.com/?ip.45.134.255.131) | - | - | High
|
||||
23 | [70.34.194.31](https://vuldb.com/?ip.70.34.194.31) | 70.34.194.31.vultr.com | - | Medium
|
||||
24 | [70.34.194.123](https://vuldb.com/?ip.70.34.194.123) | 70.34.194.123.vultr.com | - | Medium
|
||||
25 | [70.34.195.75](https://vuldb.com/?ip.70.34.195.75) | 70.34.195.75.vultr.com | - | Medium
|
||||
26 | [70.34.197.185](https://vuldb.com/?ip.70.34.197.185) | 70.34.197.185.vultr.com | - | Medium
|
||||
27 | [70.34.198.226](https://vuldb.com/?ip.70.34.198.226) | 70.34.198.226.vultr.com | - | Medium
|
||||
28 | [70.34.199.214](https://vuldb.com/?ip.70.34.199.214) | 70.34.199.214.vultr.com | - | Medium
|
||||
29 | [70.34.202.55](https://vuldb.com/?ip.70.34.202.55) | 70.34.202.55.vultr.com | - | Medium
|
||||
30 | [70.34.204.74](https://vuldb.com/?ip.70.34.204.74) | 70.34.204.74.vultr.com | - | Medium
|
||||
31 | [70.34.204.141](https://vuldb.com/?ip.70.34.204.141) | 70.34.204.141.vultr.com | - | Medium
|
||||
32 | [70.34.208.32](https://vuldb.com/?ip.70.34.208.32) | 70.34.208.32.vultr.com | - | Medium
|
||||
33 | [78.40.219.12](https://vuldb.com/?ip.78.40.219.12) | 628153-cn06191.tmweb.ru | Ukraine | High
|
||||
34 | [80.78.240.210](https://vuldb.com/?ip.80.78.240.210) | 80-78-240-210.cloudvps.regruhosting.ru | - | High
|
||||
35 | [80.78.241.88](https://vuldb.com/?ip.80.78.241.88) | 80-78-241-88.cloudvps.regruhosting.ru | - | High
|
||||
36 | [80.78.241.253](https://vuldb.com/?ip.80.78.241.253) | 80-78-241-253.cloudvps.regruhosting.ru | - | High
|
||||
37 | [80.78.244.124](https://vuldb.com/?ip.80.78.244.124) | 80-78-244-124.cloudvps.regruhosting.ru | - | High
|
||||
38 | [80.78.244.199](https://vuldb.com/?ip.80.78.244.199) | 80-78-244-199.cloudvps.regruhosting.ru | - | High
|
||||
39 | [80.78.245.89](https://vuldb.com/?ip.80.78.245.89) | mail-open-3.nascom.nasa.gov | - | High
|
||||
40 | [80.78.245.223](https://vuldb.com/?ip.80.78.245.223) | 80-78-245-223.cloudvps.regruhosting.ru | - | High
|
||||
41 | [80.78.245.254](https://vuldb.com/?ip.80.78.245.254) | scraper.betty.network | - | High
|
||||
42 | [80.78.248.22](https://vuldb.com/?ip.80.78.248.22) | - | - | High
|
||||
43 | [80.78.248.167](https://vuldb.com/?ip.80.78.248.167) | hadassah.moscow | - | High
|
||||
44 | [80.78.248.222](https://vuldb.com/?ip.80.78.248.222) | 80-78-248-222.cloudvps.regruhosting.ru | - | High
|
||||
45 | [80.78.251.4](https://vuldb.com/?ip.80.78.251.4) | 80-78-251-4.cloudvps.regruhosting.ru | - | High
|
||||
46 | [80.78.251.191](https://vuldb.com/?ip.80.78.251.191) | 80-78-251-191.cloudvps.regruhosting.ru | - | High
|
||||
47 | [80.78.251.231](https://vuldb.com/?ip.80.78.251.231) | 80-78-251-231.cloudvps.regruhosting.ru | - | High
|
||||
48 | [80.78.253.26](https://vuldb.com/?ip.80.78.253.26) | 80-78-253-26.cloudvps.regruhosting.ru | - | High
|
||||
49 | [80.78.253.86](https://vuldb.com/?ip.80.78.253.86) | 80-78-253-86.cloudvps.regruhosting.ru | - | High
|
||||
50 | [80.78.253.196](https://vuldb.com/?ip.80.78.253.196) | 80-78-253-196.cloudvps.regruhosting.ru | - | High
|
||||
51 | ... | ... | ... | ...
|
||||
|
||||
There are 198 more IOC items available. Please use our online service to access the data.
|
||||
There are 200 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -90,7 +90,9 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/
|
||||
* https://github.com/blackorbird/APT_REPORT/blob/master/Gamaredon/Gamaredon202102_ioc1000%2B.csv
|
||||
* https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_JAN2022.txt
|
||||
* https://github.com/SentineLabs/Gamaredon-APT/blob/master/2020-02-04-gamaredon-blog-iocs-vk.misp.csv
|
||||
* https://github.com/stamparm/maltrail/blob/2d0339af3523b230d8e9a08efd22af032ec7a18e/trails/static/malware/apt_gamaredon.txt
|
||||
* https://pastebin.com/Vhb4KF5L
|
||||
* https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine
|
||||
* https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/
|
||||
|
|
|
@ -22,38 +22,42 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.64.163.50](https://vuldb.com/?ip.3.64.163.50) | ec2-3-64-163-50.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
2 | [5.39.221.60](https://vuldb.com/?ip.5.39.221.60) | - | - | High
|
||||
3 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | - | High
|
||||
4 | [5.144.168.210](https://vuldb.com/?ip.5.144.168.210) | mail.xdeers.com | - | High
|
||||
5 | [13.76.158.123](https://vuldb.com/?ip.13.76.158.123) | - | - | High
|
||||
6 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
7 | [20.50.64.11](https://vuldb.com/?ip.20.50.64.11) | - | - | High
|
||||
8 | [23.100.15.180](https://vuldb.com/?ip.23.100.15.180) | - | - | High
|
||||
9 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
|
||||
10 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
11 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
||||
12 | [39.107.34.197](https://vuldb.com/?ip.39.107.34.197) | - | - | High
|
||||
13 | [45.33.91.79](https://vuldb.com/?ip.45.33.91.79) | li1037-79.members.linode.com | - | High
|
||||
14 | [45.118.145.96](https://vuldb.com/?ip.45.118.145.96) | - | - | High
|
||||
15 | [46.32.228.22](https://vuldb.com/?ip.46.32.228.22) | 720808.vps-10.com | - | High
|
||||
16 | [47.75.206.148](https://vuldb.com/?ip.47.75.206.148) | - | - | High
|
||||
17 | [50.63.202.89](https://vuldb.com/?ip.50.63.202.89) | ip-50-63-202-89.ip.secureserver.net | - | High
|
||||
18 | [50.87.58.165](https://vuldb.com/?ip.50.87.58.165) | 50-87-58-165.unifiedlayer.com | - | High
|
||||
19 | [51.68.50.168](https://vuldb.com/?ip.51.68.50.168) | ip168.ip-51-68-50.eu | - | High
|
||||
20 | [51.254.25.115](https://vuldb.com/?ip.51.254.25.115) | ip115.ip-51-254-25.eu | - | High
|
||||
21 | [51.255.48.78](https://vuldb.com/?ip.51.255.48.78) | vps-ede152ed.vps.ovh.net | - | High
|
||||
22 | [52.17.9.185](https://vuldb.com/?ip.52.17.9.185) | ec2-52-17-9-185.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
23 | [52.29.192.136](https://vuldb.com/?ip.52.29.192.136) | ec2-52-29-192-136.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
24 | [52.116.175.70](https://vuldb.com/?ip.52.116.175.70) | hs20.name.tools | - | High
|
||||
25 | [54.36.194.90](https://vuldb.com/?ip.54.36.194.90) | ip90.ip-54-36-194.eu | - | High
|
||||
26 | [62.210.24.116](https://vuldb.com/?ip.62.210.24.116) | 62-210-24-116.rev.poneytelecom.eu | - | High
|
||||
27 | [66.96.147.67](https://vuldb.com/?ip.66.96.147.67) | 67.147.96.66.static.eigbox.net | - | High
|
||||
28 | [66.96.147.103](https://vuldb.com/?ip.66.96.147.103) | 103.147.96.66.static.eigbox.net | - | High
|
||||
29 | [66.171.248.178](https://vuldb.com/?ip.66.171.248.178) | api1.whatismyipaddress.com | - | High
|
||||
30 | [67.227.236.96](https://vuldb.com/?ip.67.227.236.96) | servidor2247.el.controladordns.com | - | High
|
||||
31 | ... | ... | ... | ...
|
||||
2 | [3.215.23.197](https://vuldb.com/?ip.3.215.23.197) | ec2-3-215-23-197.compute-1.amazonaws.com | - | Medium
|
||||
3 | [5.39.221.60](https://vuldb.com/?ip.5.39.221.60) | - | - | High
|
||||
4 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | - | High
|
||||
5 | [5.144.168.210](https://vuldb.com/?ip.5.144.168.210) | mail.xdeers.com | - | High
|
||||
6 | [13.76.158.123](https://vuldb.com/?ip.13.76.158.123) | - | - | High
|
||||
7 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
8 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
|
||||
9 | [20.42.73.29](https://vuldb.com/?ip.20.42.73.29) | - | - | High
|
||||
10 | [20.50.64.11](https://vuldb.com/?ip.20.50.64.11) | - | - | High
|
||||
11 | [20.189.173.20](https://vuldb.com/?ip.20.189.173.20) | - | - | High
|
||||
12 | [23.100.15.180](https://vuldb.com/?ip.23.100.15.180) | - | - | High
|
||||
13 | [23.205.105.157](https://vuldb.com/?ip.23.205.105.157) | a23-205-105-157.deploy.static.akamaitechnologies.com | - | High
|
||||
14 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
|
||||
15 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
16 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
||||
17 | [39.107.34.197](https://vuldb.com/?ip.39.107.34.197) | - | - | High
|
||||
18 | [45.33.91.79](https://vuldb.com/?ip.45.33.91.79) | li1037-79.members.linode.com | - | High
|
||||
19 | [45.118.145.96](https://vuldb.com/?ip.45.118.145.96) | - | - | High
|
||||
20 | [46.32.228.22](https://vuldb.com/?ip.46.32.228.22) | 720808.vps-10.com | - | High
|
||||
21 | [47.75.206.148](https://vuldb.com/?ip.47.75.206.148) | - | - | High
|
||||
22 | [50.63.202.89](https://vuldb.com/?ip.50.63.202.89) | ip-50-63-202-89.ip.secureserver.net | - | High
|
||||
23 | [50.87.58.165](https://vuldb.com/?ip.50.87.58.165) | 50-87-58-165.unifiedlayer.com | - | High
|
||||
24 | [51.68.50.168](https://vuldb.com/?ip.51.68.50.168) | ip168.ip-51-68-50.eu | - | High
|
||||
25 | [51.254.25.115](https://vuldb.com/?ip.51.254.25.115) | ip115.ip-51-254-25.eu | - | High
|
||||
26 | [51.255.48.78](https://vuldb.com/?ip.51.255.48.78) | vps-ede152ed.vps.ovh.net | - | High
|
||||
27 | [52.17.9.185](https://vuldb.com/?ip.52.17.9.185) | ec2-52-17-9-185.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
28 | [52.29.192.136](https://vuldb.com/?ip.52.29.192.136) | ec2-52-29-192-136.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
29 | [52.58.78.16](https://vuldb.com/?ip.52.58.78.16) | ec2-52-58-78-16.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
30 | [52.116.175.70](https://vuldb.com/?ip.52.116.175.70) | hs20.name.tools | - | High
|
||||
31 | [52.168.117.173](https://vuldb.com/?ip.52.168.117.173) | - | - | High
|
||||
32 | [52.182.143.212](https://vuldb.com/?ip.52.182.143.212) | - | - | High
|
||||
33 | [54.36.194.90](https://vuldb.com/?ip.54.36.194.90) | ip90.ip-54-36-194.eu | - | High
|
||||
34 | [62.210.24.116](https://vuldb.com/?ip.62.210.24.116) | 62-210-24-116.rev.poneytelecom.eu | - | High
|
||||
35 | ... | ... | ... | ...
|
||||
|
||||
There are 122 more IOC items available. Please use our online service to access the data.
|
||||
There are 134 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -66,7 +70,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -77,12 +81,12 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.htpasswd` | Medium
|
||||
2 | File | `/../conf/config.properties` | High
|
||||
3 | File | `/drivers/infiniband/core/cm.c` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/horde/util/go.php` | High
|
||||
6 | File | `/images/` | Medium
|
||||
7 | File | `/inc/parser/xhtml.php` | High
|
||||
8 | File | `/login` | Low
|
||||
9 | File | `/mgmt/shared/authz/users/` | High
|
||||
4 | File | `/files.md5` | Medium
|
||||
5 | File | `/forum/away.php` | High
|
||||
6 | File | `/horde/util/go.php` | High
|
||||
7 | File | `/images/` | Medium
|
||||
8 | File | `/inc/parser/xhtml.php` | High
|
||||
9 | File | `/login` | Low
|
||||
10 | File | `/modules/profile/index.php` | High
|
||||
11 | File | `/one_church/userregister.php` | High
|
||||
12 | File | `/out.php` | Medium
|
||||
|
@ -93,20 +97,20 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
18 | File | `/system/proxy` | High
|
||||
19 | File | `/tmp/phpglibccheck` | High
|
||||
20 | File | `adclick.php` | Medium
|
||||
21 | File | `add.php` | Low
|
||||
22 | File | `addentry.php` | Medium
|
||||
23 | File | `addressbookprovider.php` | High
|
||||
24 | File | `admin.jcomments.php` | High
|
||||
25 | File | `admin/pageUploadCSV.php` | High
|
||||
26 | File | `ajax_udf.php` | Medium
|
||||
27 | File | `AppCompatCache.exe` | High
|
||||
28 | File | `application.js.php` | High
|
||||
29 | File | `arm/lithium-codegen-arm.cc` | High
|
||||
30 | File | `authenticate.c` | High
|
||||
20 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
21 | File | `4.edu.php` | Medium
|
||||
22 | File | `adclick.php` | Medium
|
||||
23 | File | `add.php` | Low
|
||||
24 | File | `addentry.php` | Medium
|
||||
25 | File | `addressbookprovider.php` | High
|
||||
26 | File | `admin.jcomments.php` | High
|
||||
27 | File | `admin/pageUploadCSV.php` | High
|
||||
28 | File | `ajax_udf.php` | Medium
|
||||
29 | File | `AppCompatCache.exe` | High
|
||||
30 | File | `application.js.php` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 260 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -118,9 +122,13 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html
|
||||
* https://blog.talosintelligence.com/2019/05/threat-roundup-0524-0531.html
|
||||
* https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
|
||||
* https://blog.talosintelligence.com/2019/12/threat-roundup-1213-1220.html
|
||||
* https://blog.talosintelligence.com/2020/05/threat-roundup-0522-0529.html
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html
|
||||
* https://blog.talosintelligence.com/2021/10/threat-roundup-1001-1008.html
|
||||
* https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
|
||||
* https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
|
||||
* https://community.blueliv.com/#!/s/5afd59bd82df413e376682f2
|
||||
* https://isc.sans.edu/forums/diary/GandCrab+Ransomware+Now+Coming+From+Malspam/23321/
|
||||
* https://precisionsec.com/threat-intelligence-feeds/gandcrab/
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -114,49 +114,50 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/#/CampaignManager/users` | High
|
||||
3 | File | `/admin/admin_login.php` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/bin/sh` | Low
|
||||
6 | File | `/cgi-bin/luci/api/auth` | High
|
||||
7 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
8 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/dev/tty` | Medium
|
||||
11 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
|
||||
12 | File | `/etc/config/image_sign` | High
|
||||
13 | File | `/etc/groups` | Medium
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/gaia-job-admin/user/add` | High
|
||||
16 | File | `/goforms/rlminfo` | High
|
||||
17 | File | `/HNAP1` | Low
|
||||
18 | File | `/login` | Low
|
||||
19 | File | `/login.html` | Medium
|
||||
20 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
21 | File | `/member/index/login.html` | High
|
||||
22 | File | `/mgmt/tm/util/bash` | High
|
||||
23 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
24 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
5 | File | `/cgi-bin/luci/api/auth` | High
|
||||
6 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
7 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
8 | File | `/debug/pprof` | Medium
|
||||
9 | File | `/dev/tty` | Medium
|
||||
10 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
|
||||
11 | File | `/etc/config/image_sign` | High
|
||||
12 | File | `/etc/groups` | Medium
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/gaia-job-admin/user/add` | High
|
||||
15 | File | `/goforms/rlminfo` | High
|
||||
16 | File | `/HNAP1` | Low
|
||||
17 | File | `/login` | Low
|
||||
18 | File | `/login.html` | Medium
|
||||
19 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
20 | File | `/member/index/login.html` | High
|
||||
21 | File | `/mgmt/tm/util/bash` | High
|
||||
22 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
23 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
24 | File | `/p1/p2/:name` | Medium
|
||||
25 | File | `/php/passport/index.php` | High
|
||||
26 | File | `/requests.php` | High
|
||||
27 | File | `/saml/login` | Medium
|
||||
28 | File | `/ScadaBR/login.htm` | High
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/upload` | Low
|
||||
31 | File | `/user-utils/users/md5.json` | High
|
||||
32 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
33 | File | `/var/adm/btmp` | High
|
||||
34 | File | `/vloggers_merch/?p=view_product` | High
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `/wp-json` | Medium
|
||||
37 | File | `account/login.php` | High
|
||||
38 | File | `ad/login.asp` | Medium
|
||||
39 | File | `admin.inc.php` | High
|
||||
40 | File | `admin/?page=students` | High
|
||||
41 | File | `admin/admin_ping.php` | High
|
||||
42 | File | `admin/index.php` | High
|
||||
43 | File | `admin/login.asp` | High
|
||||
44 | File | `admin/login.php` | High
|
||||
45 | ... | ... | ...
|
||||
26 | File | `/rdms/admin/?page=user/manage_user` | High
|
||||
27 | File | `/requests.php` | High
|
||||
28 | File | `/saml/login` | Medium
|
||||
29 | File | `/ScadaBR/login.htm` | High
|
||||
30 | File | `/setting/setDeviceName` | High
|
||||
31 | File | `/setting/setLanguageCfg` | High
|
||||
32 | File | `/setting/setUploadSetting` | High
|
||||
33 | File | `/upload` | Low
|
||||
34 | File | `/user-utils/users/md5.json` | High
|
||||
35 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
36 | File | `/var/adm/btmp` | High
|
||||
37 | File | `/vloggers_merch/?p=view_product` | High
|
||||
38 | File | `/wp-admin/admin-ajax.php` | High
|
||||
39 | File | `account/login.php` | High
|
||||
40 | File | `ad/login.asp` | Medium
|
||||
41 | File | `admin.inc.php` | High
|
||||
42 | File | `admin/?page=students` | High
|
||||
43 | File | `admin/admin_ping.php` | High
|
||||
44 | File | `admin/conf_users_edit.php` | High
|
||||
45 | File | `admin/index.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 391 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -47,16 +47,16 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/comment.php` | High
|
||||
3 | File | `/admin/index.php` | High
|
||||
4 | File | `/login.html` | Medium
|
||||
5 | File | `/new` | Low
|
||||
6 | File | `/system?action=ServiceAdmin` | High
|
||||
7 | File | `/tlogin.cgi` | Medium
|
||||
8 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
9 | File | `/var/log/nginx` | High
|
||||
10 | File | `add_vhost.php` | High
|
||||
4 | File | `/etc/postfix/sender_login` | High
|
||||
5 | File | `/login.html` | Medium
|
||||
6 | File | `/new` | Low
|
||||
7 | File | `/system?action=ServiceAdmin` | High
|
||||
8 | File | `/tlogin.cgi` | Medium
|
||||
9 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
10 | File | `/var/log/nginx` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 83 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -172,39 +172,40 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
4 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
|
||||
5 | File | `/admin.php` | Medium
|
||||
6 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
7 | File | `/anony/mjpg.cgi` | High
|
||||
8 | File | `/Ap4RtpAtom.cpp` | High
|
||||
9 | File | `/api/students/me/messages/` | High
|
||||
10 | File | `/api/trackedEntityInstances` | High
|
||||
11 | File | `/AvalancheWeb/image` | High
|
||||
12 | File | `/bcms/admin/?page=user/list` | High
|
||||
13 | File | `/car-rental-management-system/admin/manage_user.php` | High
|
||||
14 | File | `/category.php` | High
|
||||
15 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
16 | File | `/cdsms/classes/Master.php?f=delete_package` | High
|
||||
17 | File | `/cgi-bin/kerbynet` | High
|
||||
18 | File | `/cgi-bin/login.cgi` | High
|
||||
19 | File | `/cgi-bin/luci/api/switch` | High
|
||||
20 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
21 | File | `/cms/admin/?page=invoice/manage_invoice` | High
|
||||
22 | File | `/cms/classes/Master.php?f=delete_invoice` | High
|
||||
23 | File | `/cms/classes/Users.php?f=delete` | High
|
||||
24 | File | `/common/info.cgi` | High
|
||||
25 | File | `/course/api/upload/pic` | High
|
||||
26 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
27 | File | `/debug/pprof` | Medium
|
||||
28 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
29 | File | `/fuel/sitevariables/delete/4` | High
|
||||
30 | File | `/getcfg.php` | Medium
|
||||
31 | File | `/goform/WifiExtraSet` | High
|
||||
32 | File | `/guest/s/default/` | High
|
||||
33 | File | `/hub/api/user` | High
|
||||
34 | File | `/include/chart_generator.php` | High
|
||||
35 | ... | ... | ...
|
||||
5 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
6 | File | `/anony/mjpg.cgi` | High
|
||||
7 | File | `/Ap4RtpAtom.cpp` | High
|
||||
8 | File | `/api/students/me/messages/` | High
|
||||
9 | File | `/bcms/admin/?page=user/list` | High
|
||||
10 | File | `/car-rental-management-system/admin/manage_user.php` | High
|
||||
11 | File | `/category.php` | High
|
||||
12 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
13 | File | `/cdsms/classes/Master.php?f=delete_package` | High
|
||||
14 | File | `/cgi-bin/kerbynet` | High
|
||||
15 | File | `/cgi-bin/login.cgi` | High
|
||||
16 | File | `/cgi-bin/luci/api/switch` | High
|
||||
17 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
18 | File | `/cms/admin/?page=invoice/manage_invoice` | High
|
||||
19 | File | `/cms/classes/Master.php?f=delete_invoice` | High
|
||||
20 | File | `/cms/classes/Users.php?f=delete` | High
|
||||
21 | File | `/common/info.cgi` | High
|
||||
22 | File | `/course/api/upload/pic` | High
|
||||
23 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
24 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
27 | File | `/fuel/sitevariables/delete/4` | High
|
||||
28 | File | `/getcfg.php` | Medium
|
||||
29 | File | `/goform/SetFirewallCfg` | High
|
||||
30 | File | `/goform/WifiExtraSet` | High
|
||||
31 | File | `/guest/s/default/` | High
|
||||
32 | File | `/hub/api/user` | High
|
||||
33 | File | `/include/chart_generator.php` | High
|
||||
34 | File | `/Items/*/RemoteImages/Download` | High
|
||||
35 | File | `/itop/webservices/export-v2.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -74,13 +74,13 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/auth/session` | High
|
||||
3 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
4 | File | `/download` | Medium
|
||||
5 | File | `/drivers/infiniband/core/cm.c` | High
|
||||
6 | File | `/files.md5` | Medium
|
||||
7 | File | `/forum/away.php` | High
|
||||
8 | File | `/horde/util/go.php` | High
|
||||
9 | File | `/images/` | Medium
|
||||
10 | File | `/inc/extensions.php` | High
|
||||
11 | File | `/inc/parser/xhtml.php` | High
|
||||
5 | File | `/files.md5` | Medium
|
||||
6 | File | `/forum/away.php` | High
|
||||
7 | File | `/horde/util/go.php` | High
|
||||
8 | File | `/images/` | Medium
|
||||
9 | File | `/inc/extensions.php` | High
|
||||
10 | File | `/inc/parser/xhtml.php` | High
|
||||
11 | File | `/lists/index.php` | High
|
||||
12 | File | `/login` | Low
|
||||
13 | File | `/modules/profile/index.php` | High
|
||||
14 | File | `/nova/bin/console` | High
|
||||
|
@ -107,7 +107,7 @@ ID | Type | Indicator | Confidence
|
|||
35 | File | `adclick.php` | Medium
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 307 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
# HermeticWiper - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [HermeticWiper](https://vuldb.com/?actor.hermeticwiper). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hermeticwiper](https://vuldb.com/?actor.hermeticwiper)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with HermeticWiper:
|
||||
|
||||
* Ukraine
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with HermeticWiper:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of HermeticWiper.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [94.158.244.27](https://vuldb.com/?ip.94.158.244.27) | 94-158-244-27.mivocloud.com | Ukraine | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by HermeticWiper. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `printf.c` | Medium
|
||||
2 | File | `wp-includes/class-wp-query.php` | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.zscaler.com/blogs/security-research/hermeticwiper-resurgence-targeted-attacks-ukraine
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Houdini - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Houdini](https://vuldb.com/?actor.houdini). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.houdini](https://vuldb.com/?actor.houdini)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Houdini.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [194.5.97.17](https://vuldb.com/?ip.194.5.97.17) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -118,7 +118,7 @@ ID | Type | Indicator | Confidence
|
|||
47 | File | `api.cc` | Low
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 414 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 413 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -14,8 +14,8 @@ The following _campaigns_ are known and can be associated with Inception:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Inception:
|
||||
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* ...
|
||||
|
||||
|
@ -40,12 +40,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -59,34 +59,36 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin.php/singer/admin/lists/zhuan` | High
|
||||
5 | File | `/admin.php/singer/admin/singer/hy` | High
|
||||
6 | File | `/admin.php?id=posts&action=display&value=1&postid=` | High
|
||||
7 | File | `/admin/inbox.php&action=read` | High
|
||||
8 | File | `/admin/news/news_mod.php` | High
|
||||
9 | File | `/admin/page_edit/3` | High
|
||||
10 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
11 | File | `/api/part_categories` | High
|
||||
12 | File | `/api/programs/orgUnits?programs` | High
|
||||
13 | File | `/api/students/me/courses/` | High
|
||||
14 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
15 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
16 | File | `/bcms/admin/?page=service_transactions/view_details` | High
|
||||
17 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
|
||||
18 | File | `/blog/blog.php` | High
|
||||
19 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
20 | File | `/cgi-bin/main.cgi` | High
|
||||
21 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
7 | File | `/admin/featured.php` | High
|
||||
8 | File | `/admin/general.cgi` | High
|
||||
9 | File | `/admin/inbox.php&action=read` | High
|
||||
10 | File | `/admin/usermanagement.php` | High
|
||||
11 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
12 | File | `/api/part_categories` | High
|
||||
13 | File | `/api/programs/orgUnits?programs` | High
|
||||
14 | File | `/api/students/me/courses/` | High
|
||||
15 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
16 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
17 | File | `/bcms/admin/?page=service_transactions/view_details` | High
|
||||
18 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
|
||||
19 | File | `/blog/blog.php` | High
|
||||
20 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
21 | File | `/cgi-bin/main.cgi` | High
|
||||
22 | File | `/cgi-mod/lookup.cgi` | High
|
||||
23 | File | `/cms/classes/Master.php?f=delete_designation` | High
|
||||
24 | File | `/controller/Adv.php` | High
|
||||
25 | File | `/createnewaccount` | High
|
||||
26 | File | `/dev/urandom` | Medium
|
||||
27 | File | `/dvcset/sysset/set.cgi` | High
|
||||
28 | File | `/ecrire` | Low
|
||||
29 | File | `/etc/sudoers` | Medium
|
||||
30 | File | `/example/editor` | High
|
||||
31 | File | `/food/admin/all_users.php` | High
|
||||
32 | ... | ... | ...
|
||||
23 | File | `/cgi/ansi` | Medium
|
||||
24 | File | `/cms/classes/Master.php?f=delete_designation` | High
|
||||
25 | File | `/controller/Adv.php` | High
|
||||
26 | File | `/createnewaccount` | High
|
||||
27 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
28 | File | `/dev/urandom` | Medium
|
||||
29 | File | `/dl/dl_sendmail.php` | High
|
||||
30 | File | `/dvcset/sysset/set.cgi` | High
|
||||
31 | File | `/ecrire` | Low
|
||||
32 | File | `/etc/sudoers` | Medium
|
||||
33 | File | `/example/editor` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Indexsinas:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [HK](https://vuldb.com/?country.hk)
|
||||
* [NZ](https://vuldb.com/?country.nz)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -287,12 +287,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -300,37 +300,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
||||
4 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
5 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
|
||||
6 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
7 | File | `/admin.php/news/admin/topic/save` | High
|
||||
8 | File | `/api/crontab` | Medium
|
||||
9 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
10 | File | `/cgi-bin/login.cgi` | High
|
||||
11 | File | `/cgi-bin/supervisor/adcommand.cgi` | High
|
||||
12 | File | `/cms/admin/?page=invoice/manage_invoice` | High
|
||||
13 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
14 | File | `/cms/admin/?page=user/manage_user` | High
|
||||
15 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
16 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
17 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
18 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
19 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
20 | File | `/ctpms/classes/Master.php?f=delete_application` | High
|
||||
21 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
22 | File | `/current_action.php?action=reboot` | High
|
||||
23 | File | `/etc/config/image_sign` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/help/treecontent.jsp` | High
|
||||
26 | File | `/IISADMPWD` | Medium
|
||||
27 | File | `/mgmt/tm/util/bash` | High
|
||||
28 | File | `/mtms/admin/?page=transaction/send` | High
|
||||
29 | ... | ... | ...
|
||||
1 | File | `/admin/deluser.php` | High
|
||||
2 | File | `/admin/dl_sendmail.php` | High
|
||||
3 | File | `/admin/general.cgi` | High
|
||||
4 | File | `/admin/scheprofile.cgi` | High
|
||||
5 | File | `/admin/showbad.php` | High
|
||||
6 | File | `/admin/usermanagement.php` | High
|
||||
7 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
8 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
9 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
10 | File | `/data/vendor/tcl` | High
|
||||
11 | File | `/dl/dl_sendmail.php` | High
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,11 +20,11 @@ There are 5 more campaign items available. Please use our online service to acce
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kwampirs:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [NZ](https://vuldb.com/?country.nz)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [NZ](https://vuldb.com/?country.nz)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -138,11 +138,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -150,48 +150,54 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\checkmk\agent\local` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/#/CampaignManager/users` | High
|
||||
4 | File | `//` | Low
|
||||
5 | File | `/admin.php?action=themeinstall` | High
|
||||
6 | File | `/admin/?setting-base.htm` | High
|
||||
7 | File | `/admin/admin_login.php` | High
|
||||
8 | File | `/admin/login.php` | High
|
||||
9 | File | `/adminzone/index.php?page=admin-commandr` | High
|
||||
10 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
11 | File | `/apply_noauth.cgi` | High
|
||||
12 | File | `/audit/log/log_management.php` | High
|
||||
13 | File | `/bin/login` | Medium
|
||||
14 | File | `/bin/sh` | Low
|
||||
15 | File | `/cgi-bin/login` | High
|
||||
16 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
17 | File | `/classes/profile.class.php` | High
|
||||
18 | File | `/cloud_config/router_post/reset_cloud_pwd` | High
|
||||
19 | File | `/dev/tty` | Medium
|
||||
20 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
|
||||
21 | File | `/downloads/` | Medium
|
||||
22 | File | `/index.php` | Medium
|
||||
23 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
24 | File | `/member/index/login.html` | High
|
||||
25 | File | `/modules/certinfo/index.php` | High
|
||||
26 | File | `/ptms/classes/Users.php` | High
|
||||
27 | File | `/ScadaBR/login.htm` | High
|
||||
28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
29 | File | `/system/tool/ping.php` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/uploads/exam_question/` | High
|
||||
32 | File | `/usr/bin/pkexec` | High
|
||||
33 | File | `/usr/local/www/pkg.php` | High
|
||||
34 | File | `/var/WEB-GUI/cgi-bin/downloadfile.cgi` | High
|
||||
35 | File | `/wp-json` | Medium
|
||||
36 | File | `5.2.9\syscrb.exe` | High
|
||||
37 | File | `?location=search` | High
|
||||
38 | File | `account/login.php` | High
|
||||
39 | File | `add.php` | Low
|
||||
40 | ... | ... | ...
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/#/CampaignManager/users` | High
|
||||
3 | File | `/admin/admin_login.php` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/bin/sh` | Low
|
||||
6 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
7 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
8 | File | `/data/vendor/tcl` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/dev/tty` | Medium
|
||||
11 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
|
||||
12 | File | `/gaia-job-admin/user/add` | High
|
||||
13 | File | `/goforms/rlminfo` | High
|
||||
14 | File | `/HNAP1` | Low
|
||||
15 | File | `/login` | Low
|
||||
16 | File | `/login.html` | Medium
|
||||
17 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
18 | File | `/member/index/login.html` | High
|
||||
19 | File | `/mgmt/tm/util/bash` | High
|
||||
20 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
21 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
22 | File | `/product.php` | Medium
|
||||
23 | File | `/rdms/admin/?page=user/manage_user` | High
|
||||
24 | File | `/requests.php` | High
|
||||
25 | File | `/saml/login` | Medium
|
||||
26 | File | `/ScadaBR/login.htm` | High
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/upload` | Low
|
||||
29 | File | `/var/adm/btmp` | High
|
||||
30 | File | `/vloggers_merch/?p=view_product` | High
|
||||
31 | File | `/wp-admin/admin-ajax.php` | High
|
||||
32 | File | `/wp-json` | Medium
|
||||
33 | File | `5.2.9\syscrb.exe` | High
|
||||
34 | File | `account/login.php` | High
|
||||
35 | File | `ad/login.asp` | Medium
|
||||
36 | File | `admin.inc.php` | High
|
||||
37 | File | `admin/admin_ping.php` | High
|
||||
38 | File | `admin/conf_users_edit.php` | High
|
||||
39 | File | `admin/index.php` | High
|
||||
40 | File | `admin/login.asp` | High
|
||||
41 | File | `admin/login.php` | High
|
||||
42 | File | `admin/nos/login` | High
|
||||
43 | File | `admin/viewtheatre.php` | High
|
||||
44 | File | `agenda.php3` | Medium
|
||||
45 | File | `ajaxp.php` | Medium
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 341 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 399 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,11 +21,8 @@ There are 8 more campaign items available. Please use our online service to acce
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lazarus:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IN](https://vuldb.com/?country.in)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -228,12 +225,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -241,32 +238,22 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/account/ResetPassword` | High
|
||||
2 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
3 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
4 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
||||
5 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
6 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
|
||||
7 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
8 | File | `/assets/partials/_handleLogin.php` | High
|
||||
9 | File | `/cgi-bin/login.cgi` | High
|
||||
10 | File | `/cms/admin/?page=client/view_client` | High
|
||||
11 | File | `/cms/admin/?page=invoice/manage_invoice` | High
|
||||
12 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
13 | File | `/cms/admin/?page=user/manage_user` | High
|
||||
14 | File | `/cms/admin/maintenance/manage_service.php` | High
|
||||
15 | File | `/cms/classes/Users.php?f=delete` | High
|
||||
16 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
17 | File | `/componetns/user/class.user.php` | High
|
||||
18 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
19 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
20 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
21 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
22 | File | `/ctpms/classes/Master.php?f=delete_application` | High
|
||||
23 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
24 | ... | ... | ...
|
||||
1 | File | `/alarm_pi/alarmService.php` | High
|
||||
2 | File | `/bsms/?page=manage_account` | High
|
||||
3 | File | `/company` | Medium
|
||||
4 | File | `/company/account/safety/trade` | High
|
||||
5 | File | `/company/down_resume/total/nature` | High
|
||||
6 | File | `/company/service/increment/add/im` | High
|
||||
7 | File | `/company/view_be_browsed/total` | High
|
||||
8 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
|
||||
9 | File | `/fm-data.lua` | Medium
|
||||
10 | File | `/freelance/resume_list` | High
|
||||
11 | File | `/home/campus/campus_job` | High
|
||||
12 | File | `/home/job/index` | High
|
||||
13 | File | `/home/job/map` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 108 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -69,37 +69,38 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/goforms/rlminfo` | High
|
||||
15 | File | `/login` | Low
|
||||
16 | File | `/navigate/navigate_download.php` | High
|
||||
17 | File | `/owa/auth/logon.aspx` | High
|
||||
18 | File | `/p` | Low
|
||||
19 | File | `/password.html` | High
|
||||
20 | File | `/proc/ioports` | High
|
||||
21 | File | `/property-list/property_view.php` | High
|
||||
22 | File | `/ptms/classes/Users.php` | High
|
||||
23 | File | `/rest` | Low
|
||||
24 | File | `/rest/api/2/search` | High
|
||||
25 | File | `/s/` | Low
|
||||
26 | File | `/scripts/cpan_config` | High
|
||||
27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
28 | File | `/services/system/setup.json` | High
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/vloggers_merch/?p=view_product` | High
|
||||
31 | File | `/webconsole/APIController` | High
|
||||
32 | File | `/websocket/exec` | High
|
||||
33 | File | `/wp-admin/admin-ajax.php` | High
|
||||
34 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
35 | File | `/wp-json` | Medium
|
||||
36 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
37 | File | `/_next` | Low
|
||||
38 | File | `4.edu.php\conn\function.php` | High
|
||||
39 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `addentry.php` | Medium
|
||||
42 | File | `admin/category.inc.php` | High
|
||||
43 | File | `admin/conf_users_edit.php` | High
|
||||
44 | File | `admin/dl_sendmail.php` | High
|
||||
45 | ... | ... | ...
|
||||
17 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
18 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
19 | File | `/owa/auth/logon.aspx` | High
|
||||
20 | File | `/p` | Low
|
||||
21 | File | `/password.html` | High
|
||||
22 | File | `/proc/ioports` | High
|
||||
23 | File | `/property-list/property_view.php` | High
|
||||
24 | File | `/ptms/classes/Users.php` | High
|
||||
25 | File | `/rest` | Low
|
||||
26 | File | `/rest/api/2/search` | High
|
||||
27 | File | `/s/` | Low
|
||||
28 | File | `/scripts/cpan_config` | High
|
||||
29 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
30 | File | `/services/system/setup.json` | High
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/vloggers_merch/?p=view_product` | High
|
||||
33 | File | `/webconsole/APIController` | High
|
||||
34 | File | `/websocket/exec` | High
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
37 | File | `/wp-json` | Medium
|
||||
38 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
39 | File | `/_next` | Low
|
||||
40 | File | `4.edu.php\conn\function.php` | High
|
||||
41 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
42 | File | `adclick.php` | Medium
|
||||
43 | File | `addentry.php` | Medium
|
||||
44 | File | `admin/category.inc.php` | High
|
||||
45 | File | `admin/conf_users_edit.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Magecart:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -29,9 +29,19 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
6 | [8.211.5.139](https://vuldb.com/?ip.8.211.5.139) | - | - | High
|
||||
7 | [35.246.189.253](https://vuldb.com/?ip.35.246.189.253) | 253.189.246.35.bc.googleusercontent.com | - | Medium
|
||||
8 | [37.59.47.208](https://vuldb.com/?ip.37.59.47.208) | ns3000975.ip-37-59-47.eu | - | High
|
||||
9 | ... | ... | ... | ...
|
||||
9 | [47.254.169.212](https://vuldb.com/?ip.47.254.169.212) | - | - | High
|
||||
10 | [47.254.170.245](https://vuldb.com/?ip.47.254.170.245) | - | - | High
|
||||
11 | [47.254.175.211](https://vuldb.com/?ip.47.254.175.211) | - | - | High
|
||||
12 | [51.83.209.11](https://vuldb.com/?ip.51.83.209.11) | ip11.ip-51-83-209.eu | - | High
|
||||
13 | [54.38.49.244](https://vuldb.com/?ip.54.38.49.244) | ip244.ip-54-38-49.eu | - | High
|
||||
14 | [62.133.58.60](https://vuldb.com/?ip.62.133.58.60) | - | - | High
|
||||
15 | [74.119.239.234](https://vuldb.com/?ip.74.119.239.234) | - | - | High
|
||||
16 | [76.119.1.112](https://vuldb.com/?ip.76.119.1.112) | c-76-119-1-112.hsd1.ct.comcast.net | - | High
|
||||
17 | [77.246.157.133](https://vuldb.com/?ip.77.246.157.133) | test.com | - | High
|
||||
18 | [80.78.249.78](https://vuldb.com/?ip.80.78.249.78) | - | - | High
|
||||
19 | ... | ... | ... | ...
|
||||
|
||||
There are 33 more IOC items available. Please use our online service to access the data.
|
||||
There are 72 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -40,7 +50,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -58,37 +68,36 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin.php/pic/admin/type/del` | High
|
||||
5 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
6 | File | `/admin.php?p=/User/index` | High
|
||||
7 | File | `/admin/users.php?source=edit_user&id=1` | High
|
||||
8 | File | `/admin/weixin.php` | High
|
||||
7 | File | `/admin/communitymanagement.php` | High
|
||||
8 | File | `/admin/conferences/get-all-status/` | High
|
||||
9 | File | `/Ap4RtpAtom.cpp` | High
|
||||
10 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
11 | File | `/assets/partials/_handleLogin.php` | High
|
||||
12 | File | `/bcms/admin/?page=user/list` | High
|
||||
13 | File | `/bcms/admin/?page=user/manage_user` | High
|
||||
14 | File | `/bcms/admin/services/view_service.php` | High
|
||||
10 | File | `/assets/partials/_handleLogin.php` | High
|
||||
11 | File | `/bcms/admin/?page=user/list` | High
|
||||
12 | File | `/bcms/admin/?page=user/manage_user` | High
|
||||
13 | File | `/bcms/admin/services/view_service.php` | High
|
||||
14 | File | `/bsms/?page=manage_account` | High
|
||||
15 | File | `/cardo/api` | Medium
|
||||
16 | File | `/cgi-bin/editBookmark` | High
|
||||
17 | File | `/cms/classes/Master.php?f=delete_designation` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/ecrire` | Low
|
||||
20 | File | `/eris/admin/applicants/index.php?view=view` | High
|
||||
21 | File | `/etc/cron.daily/upstart` | High
|
||||
22 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
23 | File | `/fuel/sitevariables/delete/4` | High
|
||||
24 | File | `/goform/aspForm` | High
|
||||
25 | File | `/goform/setpptpservercfg` | High
|
||||
26 | File | `/help/treecontent.jsp` | High
|
||||
27 | File | `/insurance/editNominee.php` | High
|
||||
28 | File | `/lists/admin/` | High
|
||||
29 | File | `/mgmt/tm/util/bash` | High
|
||||
30 | File | `/my/unicorn/uc.c` | High
|
||||
31 | File | `/ordering/admin/category/index.php?view=edit` | High
|
||||
32 | File | `/ordering/admin/stockin/index.php?view=edit` | High
|
||||
33 | File | `/p1/p2/:name` | Medium
|
||||
34 | File | `/php/ajax.php` | High
|
||||
35 | ... | ... | ...
|
||||
18 | File | `/company` | Medium
|
||||
19 | File | `/dashboard/reports/logs/view` | High
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/ecrire` | Low
|
||||
22 | File | `/eris/admin/applicants/index.php?view=view` | High
|
||||
23 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
24 | File | `/fuel/sitevariables/delete/4` | High
|
||||
25 | File | `/getImage` | Medium
|
||||
26 | File | `/goform/aspForm` | High
|
||||
27 | File | `/goform/setpptpservercfg` | High
|
||||
28 | File | `/help/treecontent.jsp` | High
|
||||
29 | File | `/hprms/admin/?page=patients/view_patient` | High
|
||||
30 | File | `/hprms/admin/patients/manage_patient.php` | High
|
||||
31 | File | `/insurance/editNominee.php` | High
|
||||
32 | File | `/librarian/bookdetails.php` | High
|
||||
33 | File | `/lists/admin/` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 292 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -98,6 +107,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.bushidotoken.net/2020/12/analysis-of-meyhod-javascript-web.html
|
||||
* https://blog.bushidotoken.net/2021/04/mo-money-mo-magecart.html
|
||||
* https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/
|
||||
* https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/
|
||||
* https://github.com/blackorbird/APT_REPORT/tree/master/Magecart
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Middle East Unknown:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
@ -47,12 +47,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -60,36 +60,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/admin.php?module=admin_group_edit&agID` | High
|
||||
2 | File | `/admin/configure.php` | High
|
||||
3 | File | `/admin/edit.php` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/admin/modules/system/custom_field.php` | High
|
||||
6 | File | `/admin/new-content` | High
|
||||
7 | File | `/admin/weixin.php` | High
|
||||
8 | File | `/alerts/alertLightbox.php` | High
|
||||
9 | File | `/api /v3/auth` | High
|
||||
10 | File | `/apilog.php` | Medium
|
||||
11 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
12 | File | `/box_code_base.c` | High
|
||||
13 | File | `/cloud_config/router_post/upgrade_info` | High
|
||||
14 | File | `/goform/login_process` | High
|
||||
15 | File | `/goform/SetInternetLanInfo` | High
|
||||
16 | File | `/goform/setPicListItem` | High
|
||||
17 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
|
||||
18 | File | `/mngset/authset` | High
|
||||
19 | File | `/ok_png.c` | Medium
|
||||
20 | File | `/one_church/userregister.php` | High
|
||||
21 | File | `/php/ajax.php` | High
|
||||
22 | File | `/reps/classes/Master.php?f=delete_estate` | High
|
||||
23 | File | `/sql/sql_string.h` | High
|
||||
24 | File | `/tmp/swhkd.sock` | High
|
||||
25 | File | `/tos/index.php?app/hand_app` | High
|
||||
26 | File | `AdbService.java` | High
|
||||
27 | File | `admin.php` | Medium
|
||||
28 | ... | ... | ...
|
||||
1 | File | `/?module=fileman§ion=get&page=grid` | High
|
||||
2 | File | `/admin.php/singer/admin/singer/hy` | High
|
||||
3 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
4 | File | `/admin/deluser.php` | High
|
||||
5 | File | `/admin/edit.php` | High
|
||||
6 | File | `/admin/googleads.php` | High
|
||||
7 | File | `/admin/new-content` | High
|
||||
8 | File | `/admin/operations/tax.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/scheprofile.cgi` | High
|
||||
11 | File | `/admin/weixin.php` | High
|
||||
12 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
13 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
14 | File | `/bcms/admin/courts/manage_court.php` | High
|
||||
15 | File | `/bcms/classes/Master.php?f=save_court_rental` | High
|
||||
16 | File | `/car-rental-management-system/admin/manage_booking.php` | High
|
||||
17 | File | `/cgi-bin/kerbynet` | High
|
||||
18 | File | `/classes/Users.php?f=save` | High
|
||||
19 | File | `/cms/classes/Master.php?f=delete_client` | High
|
||||
20 | File | `/config` | Low
|
||||
21 | File | `/defaultui/player/modern.html` | High
|
||||
22 | File | `/ffos/admin/categories/manage_category.php` | High
|
||||
23 | File | `/ffos/admin/menus/view_menu.php` | High
|
||||
24 | File | `/gaia-job-admin/user/add` | High
|
||||
25 | File | `/goform/aspForm` | High
|
||||
26 | File | `/goform/login_process` | High
|
||||
27 | File | `/goform/setNetworkLan` | High
|
||||
28 | File | `/goform/SetSysTimeCfg` | High
|
||||
29 | File | `/html/Solar_Ftp.php` | High
|
||||
30 | File | `/lists/admin/` | High
|
||||
31 | File | `/mngset/authset` | High
|
||||
32 | File | `/mtms/admin/?page=transaction/send` | High
|
||||
33 | File | `/orrs/admin/trains/manage_train.php` | High
|
||||
34 | File | `/otps/classes/Master.php?f=delete_team` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 233 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -49,7 +49,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -69,31 +69,31 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
7 | File | `/admin/?page=system_info/contact_info` | High
|
||||
8 | File | `/admin/comn/service/update.json` | High
|
||||
9 | File | `/admin/dl_sendsms.php` | High
|
||||
10 | File | `/Ap4RtpAtom.cpp` | High
|
||||
11 | File | `/api/part_categories` | High
|
||||
12 | File | `/api/programs/orgUnits?programs` | High
|
||||
13 | File | `/api/students/me/courses/` | High
|
||||
14 | File | `/Applications/Utilities/Terminal` | High
|
||||
9 | File | `/admin/dl_sendmail.php` | High
|
||||
10 | File | `/admin/dl_sendsms.php` | High
|
||||
11 | File | `/Ap4RtpAtom.cpp` | High
|
||||
12 | File | `/api/part_categories` | High
|
||||
13 | File | `/api/programs/orgUnits?programs` | High
|
||||
14 | File | `/api/students/me/courses/` | High
|
||||
15 | File | `/asms/classes/Master.php?f=delete_product` | High
|
||||
16 | File | `/asms/classes/Master.php?f=save_product` | High
|
||||
17 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
18 | File | `/bcms/admin/?page=user/list` | High
|
||||
19 | File | `/checklogin.jsp` | High
|
||||
20 | File | `/classes/master.php?f=delete_facility` | High
|
||||
21 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
22 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
23 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
24 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
25 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
26 | File | `/ctpms/classes/Master.php?f=delete_application` | High
|
||||
27 | File | `/debug/pprof` | Medium
|
||||
28 | File | `/ecrire` | Low
|
||||
29 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
30 | File | `/fuel/sitevariables/delete/4` | High
|
||||
31 | File | `/goform/aspForm` | High
|
||||
32 | File | `/goform/saveParentControlInfo` | High
|
||||
33 | File | `/goform/SetClientState` | High
|
||||
21 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
22 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/dl/dl_sendmail.php` | High
|
||||
25 | File | `/ecrire` | Low
|
||||
26 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
27 | File | `/fuel/sitevariables/delete/4` | High
|
||||
28 | File | `/goform/aspForm` | High
|
||||
29 | File | `/goform/saveParentControlInfo` | High
|
||||
30 | File | `/goform/SetClientState` | High
|
||||
31 | File | `/htdocs/cgibin` | High
|
||||
32 | File | `/hub/api/user` | High
|
||||
33 | File | `/includes/init.php` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 293 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -56,15 +56,16 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/html/repository` | High
|
||||
8 | File | `/modules/projects/vw_files.php` | High
|
||||
9 | File | `/nova/bin/console` | High
|
||||
10 | File | `/rapi/read_url` | High
|
||||
11 | File | `/services/config/config.xml` | High
|
||||
12 | File | `/services/system/setup.json` | High
|
||||
13 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
14 | File | `/uncpath/` | Medium
|
||||
15 | File | `/WEB-INF/web.xml` | High
|
||||
16 | ... | ... | ...
|
||||
10 | File | `/owa/auth/logon.aspx` | High
|
||||
11 | File | `/rapi/read_url` | High
|
||||
12 | File | `/services/config/config.xml` | High
|
||||
13 | File | `/services/system/setup.json` | High
|
||||
14 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
15 | File | `/uncpath/` | Medium
|
||||
16 | File | `/WEB-INF/web.xml` | High
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 129 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 133 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -76,13 +76,13 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/v2/devices/add` | High
|
||||
15 | File | `/var/ipfire/backup/bin/backup.pl` | High
|
||||
16 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
17 | File | `adclick.php` | Medium
|
||||
18 | File | `AddEvent.php` | Medium
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | File | `admin/scripts/FileUploader/php.php` | High
|
||||
17 | File | `accounts/view_details.php` | High
|
||||
18 | File | `adclick.php` | Medium
|
||||
19 | File | `AddEvent.php` | Medium
|
||||
20 | File | `admin.php` | Medium
|
||||
21 | ... | ... | ...
|
||||
|
||||
There are 170 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 176 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [SI](https://vuldb.com/?country.si)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.needles](https://vuldb.com/?actor.needles)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Needles:
|
||||
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Needles.
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Nemucod:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -23,10 +23,14 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [24.96.108.157](https://vuldb.com/?ip.24.96.108.157) | static-24-96-108-157.knology.net | - | High
|
||||
2 | [61.134.39.188](https://vuldb.com/?ip.61.134.39.188) | - | - | High
|
||||
3 | [133.30.115.97](https://vuldb.com/?ip.133.30.115.97) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
3 | [62.173.145.104](https://vuldb.com/?ip.62.173.145.104) | sadovaya-mebel.com | - | High
|
||||
4 | [76.73.17.194](https://vuldb.com/?ip.76.73.17.194) | - | - | High
|
||||
5 | [78.129.150.54](https://vuldb.com/?ip.78.129.150.54) | - | - | High
|
||||
6 | [82.192.94.125](https://vuldb.com/?ip.82.192.94.125) | - | - | High
|
||||
7 | [85.93.145.251](https://vuldb.com/?ip.85.93.145.251) | mail.boanywhere.com | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
There are 30 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -34,12 +38,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -47,50 +51,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
2 | File | `/admin/powerline` | High
|
||||
3 | File | `/admin/syslog` | High
|
||||
4 | File | `/api/upload` | Medium
|
||||
5 | File | `/cgi-bin` | Medium
|
||||
6 | File | `/cgi-bin/kerbynet` | High
|
||||
7 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
8 | File | `/dcim/sites/add/` | High
|
||||
9 | File | `/EXCU_SHELL` | Medium
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/fudforum/adm/hlplist.php` | High
|
||||
12 | File | `/login` | Low
|
||||
13 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
14 | File | `/monitoring` | Medium
|
||||
15 | File | `/new` | Low
|
||||
16 | File | `/proc/<pid>/status` | High
|
||||
17 | File | `/public/login.htm` | High
|
||||
18 | File | `/public/plugins/` | High
|
||||
19 | File | `/rom` | Low
|
||||
20 | File | `/scripts/killpvhost` | High
|
||||
21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
24 | File | `/tmp` | Low
|
||||
25 | File | `/tmp/redis.ds` | High
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/ViewUserHover.jspa` | High
|
||||
28 | File | `/wp-admin` | Medium
|
||||
29 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
30 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
31 | File | `AccountManagerService.java` | High
|
||||
32 | File | `actions/CompanyDetailsSave.php` | High
|
||||
33 | File | `ActiveServices.java` | High
|
||||
34 | File | `ActivityManagerService.java` | High
|
||||
35 | File | `addlink.php` | Medium
|
||||
36 | ... | ... | ...
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
3 | File | `/admin-panel1.php` | High
|
||||
4 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
5 | File | `/Ap4RtpAtom.cpp` | High
|
||||
6 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
7 | File | `/bcms/admin/?page=user/list` | High
|
||||
8 | File | `/car-rental-management-system/admin/manage_user.php` | High
|
||||
9 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
10 | File | `/cgi-bin/login.cgi` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/extensionsinstruction` | High
|
||||
15 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
16 | File | `/fuel/sitevariables/delete/4` | High
|
||||
17 | File | `/ifs` | Low
|
||||
18 | File | `/include/chart_generator.php` | High
|
||||
19 | File | `/mgmt/tm/util/bash` | High
|
||||
20 | File | `/monitoring` | Medium
|
||||
21 | File | `/mtms/admin/?page=transaction/send` | High
|
||||
22 | File | `/new` | Low
|
||||
23 | File | `/proc/<pid>/status` | High
|
||||
24 | File | `/public/login.htm` | High
|
||||
25 | File | `/public/plugins/` | High
|
||||
26 | File | `/question/ask` | High
|
||||
27 | File | `/reps/admin/?page=agents/manage_agent` | High
|
||||
28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
29 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
30 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
31 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
32 | File | `/student-grading-system/rms.php?page=school_year` | High
|
||||
33 | File | `/tmp` | Low
|
||||
34 | File | `/tos/index.php?app/del` | High
|
||||
35 | File | `/uncpath/` | Medium
|
||||
36 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
37 | File | `/wordpress-gallery-transformation/gallery.php` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 323 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/12/threat-roundup-1207-1214.html
|
||||
* https://blog.talosintelligence.com/2019/05/threat-roundup-0524-0531.html
|
||||
* https://isc.sans.edu/forums/diary/NemucodAES+and+the+malspam+that+distributes+it/22614/
|
||||
* https://unit42.paloaltonetworks.com/unit42-practice-makes-perfect-nemucod-evolves-delivery-obfuscation-techniques-harvest-credentials/
|
||||
|
||||
|
|
|
@ -74,10 +74,9 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/usr/bin/at` | Medium
|
||||
22 | File | `/usr/bin/pkexec` | High
|
||||
23 | File | `/WEB-INF/web.xml` | High
|
||||
24 | ... | ... | ...
|
||||
23 | ... | ... | ...
|
||||
|
||||
There are 199 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 194 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -50,15 +50,15 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/portal` | High
|
||||
2 | File | `/etc/passwd` | Medium
|
||||
3 | File | `/etc/shadow` | Medium
|
||||
4 | File | `/htmlcode/html/indexdefault.asp` | High
|
||||
5 | File | `/include/config.cache.php` | High
|
||||
6 | File | `/include/helpers/upload.helper.php` | High
|
||||
1 | File | `/admin/uploads.php` | High
|
||||
2 | File | `/cgi-bin/portal` | High
|
||||
3 | File | `/etc/passwd` | Medium
|
||||
4 | File | `/etc/shadow` | Medium
|
||||
5 | File | `/htmlcode/html/indexdefault.asp` | High
|
||||
6 | File | `/include/config.cache.php` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 49 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 52 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -47,41 +47,41 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
||||
3 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
4 | File | `/admin/?page=system_info/contact_info` | High
|
||||
5 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
5 | File | `/Ap4RtpAtom.cpp` | High
|
||||
6 | File | `/api/part_categories` | High
|
||||
7 | File | `/api/students/me/messages/` | High
|
||||
8 | File | `/auditLogAction.do` | High
|
||||
9 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
10 | File | `/cgi-bin` | Medium
|
||||
11 | File | `/cgi-bin/luci/api/switch` | High
|
||||
12 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
13 | File | `/cms/admin/?page=client/view_client` | High
|
||||
14 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
15 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
16 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
17 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
18 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
19 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
20 | File | `/dict/list.do` | High
|
||||
21 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
22 | File | `/etc/cron.daily/upstart` | High
|
||||
23 | File | `/farm/store.php` | High
|
||||
24 | File | `/fuel/sitevariables/delete/4` | High
|
||||
25 | File | `/goform/aspForm` | High
|
||||
26 | File | `/goform/setsambacfg` | High
|
||||
27 | File | `/index.php?page=reserve` | High
|
||||
28 | File | `/Items/*/RemoteImages/Download` | High
|
||||
29 | File | `/mdiy/dict/listExcludeApp` | High
|
||||
30 | File | `/mgmt/tm/util/bash` | High
|
||||
31 | File | `/ofrs/admin/?page=reports` | High
|
||||
32 | File | `/PC/WebService.asmx` | High
|
||||
33 | File | `/RestAPI` | Medium
|
||||
34 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
35 | File | `/scbs/classes/Users.php?f=delete_client` | High
|
||||
36 | File | `/scripts/unlock_tasks.php` | High
|
||||
7 | File | `/auditLogAction.do` | High
|
||||
8 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
9 | File | `/cgi-bin` | Medium
|
||||
10 | File | `/cgi-bin/webproc` | High
|
||||
11 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
12 | File | `/cms/admin/?page=client/view_client` | High
|
||||
13 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
14 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
15 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
16 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
17 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
18 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
19 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
20 | File | `/etc/cron.daily/upstart` | High
|
||||
21 | File | `/fuel/sitevariables/delete/4` | High
|
||||
22 | File | `/goform/aspForm` | High
|
||||
23 | File | `/IISADMPWD` | Medium
|
||||
24 | File | `/index.php?page=reserve` | High
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/job` | Low
|
||||
27 | File | `/linkedcontent/editfolder.php` | High
|
||||
28 | File | `/mdiy/dict/listExcludeApp` | High
|
||||
29 | File | `/mgmt/tm/util/bash` | High
|
||||
30 | File | `/ofrs/admin/?page=reports` | High
|
||||
31 | File | `/PC/WebService.asmx` | High
|
||||
32 | File | `/pms/admin/inmates/manage_inmate.php` | High
|
||||
33 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
34 | File | `/scbs/classes/Users.php?f=delete_client` | High
|
||||
35 | File | `/school/model/get_events.php` | High
|
||||
36 | File | `/scms/student.php` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -121,56 +121,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/.ssh/authorized_keys` | High
|
||||
4 | File | `/admin/default.asp` | High
|
||||
5 | File | `/admin/index.php` | High
|
||||
6 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
7 | File | `/apply_noauth.cgi` | High
|
||||
8 | File | `/assets/ctx` | Medium
|
||||
9 | File | `/cgi-bin/wapopen` | High
|
||||
10 | File | `/cms/print.php` | High
|
||||
11 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
12 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
13 | File | `/data/remove` | Medium
|
||||
14 | File | `/goforms/rlminfo` | High
|
||||
15 | File | `/htdocs/cgibin` | High
|
||||
16 | File | `/login` | Low
|
||||
17 | File | `/navigate/navigate_download.php` | High
|
||||
18 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
19 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
20 | File | `/owa/auth/logon.aspx` | High
|
||||
21 | File | `/password.html` | High
|
||||
22 | File | `/proc/ioports` | High
|
||||
23 | File | `/property-list/property_view.php` | High
|
||||
24 | File | `/ptms/classes/Users.php` | High
|
||||
25 | File | `/rest/api/2/search` | High
|
||||
26 | File | `/s/` | Low
|
||||
27 | File | `/scripts/cpan_config` | High
|
||||
28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
29 | File | `/services/system/setup.json` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/videotalk` | Medium
|
||||
32 | File | `/vloggers_merch/?p=view_product` | High
|
||||
33 | File | `/web/MCmsAction.java` | High
|
||||
34 | File | `/webconsole/APIController` | High
|
||||
35 | File | `/websocket/exec` | High
|
||||
36 | File | `/wp-admin/admin-ajax.php` | High
|
||||
37 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
38 | File | `/wp-json` | Medium
|
||||
39 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
40 | File | `/_next` | Low
|
||||
41 | File | `4.edu.php\conn\function.php` | High
|
||||
42 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
43 | File | `about.php` | Medium
|
||||
44 | File | `acl.c` | Low
|
||||
45 | File | `activity_log.php` | High
|
||||
46 | File | `addentry.php` | Medium
|
||||
47 | File | `add_vhost.php` | High
|
||||
48 | File | `admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user` | High
|
||||
2 | File | `/.ssh/authorized_keys` | High
|
||||
3 | File | `/admin/default.asp` | High
|
||||
4 | File | `/admin/index.php` | High
|
||||
5 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
6 | File | `/apply_noauth.cgi` | High
|
||||
7 | File | `/cgi-bin/wapopen` | High
|
||||
8 | File | `/cms/print.php` | High
|
||||
9 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
10 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
11 | File | `/data/remove` | Medium
|
||||
12 | File | `/goforms/rlminfo` | High
|
||||
13 | File | `/htdocs/cgibin` | High
|
||||
14 | File | `/login` | Low
|
||||
15 | File | `/navigate/navigate_download.php` | High
|
||||
16 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
17 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
18 | File | `/owa/auth/logon.aspx` | High
|
||||
19 | File | `/password.html` | High
|
||||
20 | File | `/proc/ioports` | High
|
||||
21 | File | `/property-list/property_view.php` | High
|
||||
22 | File | `/ptms/classes/Users.php` | High
|
||||
23 | File | `/rest/api/2/search` | High
|
||||
24 | File | `/s/` | Low
|
||||
25 | File | `/scripts/cpan_config` | High
|
||||
26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
27 | File | `/services/system/setup.json` | High
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/videotalk` | Medium
|
||||
30 | File | `/vloggers_merch/?p=view_product` | High
|
||||
31 | File | `/web/MCmsAction.java` | High
|
||||
32 | File | `/webconsole/APIController` | High
|
||||
33 | File | `/websocket/exec` | High
|
||||
34 | File | `/wp-admin/admin-ajax.php` | High
|
||||
35 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
36 | File | `/wp-json` | Medium
|
||||
37 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
38 | File | `/_next` | Low
|
||||
39 | File | `4.edu.php\conn\function.php` | High
|
||||
40 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
41 | File | `about.php` | Medium
|
||||
42 | File | `acl.c` | Low
|
||||
43 | File | `activity_log.php` | High
|
||||
44 | File | `addentry.php` | Medium
|
||||
45 | File | `add_vhost.php` | High
|
||||
46 | File | `admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user` | High
|
||||
47 | File | `admin/category.inc.php` | High
|
||||
48 | File | `admin/conf_users_edit.php` | High
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 427 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 422 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -67,41 +67,41 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/domains/index.fts` | High
|
||||
12 | File | `/download` | Medium
|
||||
13 | File | `/DroboAccess/delete_user` | High
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/foundry/modules/news/newscolumns.php` | High
|
||||
16 | File | `/ghost/preview` | High
|
||||
17 | File | `/GponForm/device_Form?script/` | High
|
||||
18 | File | `/LDMS/frm_splitfrm.aspx` | High
|
||||
19 | File | `/media/api` | Medium
|
||||
20 | File | `/modules/profile/index.php` | High
|
||||
21 | File | `/Mum.Geo.Services/DataAccessService.svc` | High
|
||||
22 | File | `/NAGErrors` | Medium
|
||||
23 | File | `/q` | Low
|
||||
24 | File | `/RestAPI` | Medium
|
||||
25 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
26 | File | `/service-list` | High
|
||||
27 | File | `/smstest.html` | High
|
||||
28 | File | `/start-stop` | Medium
|
||||
29 | File | `/subscribe/subscribe` | High
|
||||
30 | File | `/tmp` | Low
|
||||
31 | File | `/tmp/kamailio_fifo` | High
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/view/friend_profile.php` | High
|
||||
34 | File | `/WEB-INF/web.xml` | High
|
||||
35 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
36 | File | `actions/authenticate.php` | High
|
||||
37 | File | `actions/doreport.php` | High
|
||||
38 | File | `addlyricsform.php` | High
|
||||
39 | File | `addmerchpicform.php` | High
|
||||
40 | File | `addresses_export.php` | High
|
||||
41 | File | `adherents/cartes/carte.php` | High
|
||||
42 | File | `admin.php` | Medium
|
||||
43 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
||||
44 | File | `admin/admin.php` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/foundry/modules/news/newscolumns.php` | High
|
||||
15 | File | `/ghost/preview` | High
|
||||
16 | File | `/GponForm/device_Form?script/` | High
|
||||
17 | File | `/LDMS/frm_splitfrm.aspx` | High
|
||||
18 | File | `/media/api` | Medium
|
||||
19 | File | `/modules/profile/index.php` | High
|
||||
20 | File | `/Mum.Geo.Services/DataAccessService.svc` | High
|
||||
21 | File | `/NAGErrors` | Medium
|
||||
22 | File | `/q` | Low
|
||||
23 | File | `/RestAPI` | Medium
|
||||
24 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
25 | File | `/service-list` | High
|
||||
26 | File | `/smstest.html` | High
|
||||
27 | File | `/start-stop` | Medium
|
||||
28 | File | `/subscribe/subscribe` | High
|
||||
29 | File | `/tmp` | Low
|
||||
30 | File | `/tmp/kamailio_fifo` | High
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/view/friend_profile.php` | High
|
||||
33 | File | `/WEB-INF/web.xml` | High
|
||||
34 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
35 | File | `actions/authenticate.php` | High
|
||||
36 | File | `actions/doreport.php` | High
|
||||
37 | File | `addlyricsform.php` | High
|
||||
38 | File | `addmerchpicform.php` | High
|
||||
39 | File | `addresses_export.php` | High
|
||||
40 | File | `adherents/cartes/carte.php` | High
|
||||
41 | File | `admin.php` | Medium
|
||||
42 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
||||
43 | File | `admin/admin.php` | High
|
||||
44 | File | `admin/admin/fileUploadAction_fileUpload.action` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -42,33 +42,33 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/config.php?display=disa&view=form` | High
|
||||
2 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
3 | File | `/edit-db.php` | Medium
|
||||
4 | File | `/etc/waipass` | Medium
|
||||
3 | File | `/cgi/get_param.cgi` | High
|
||||
4 | File | `/edit-db.php` | Medium
|
||||
5 | File | `/ext/phar/phar_object.c` | High
|
||||
6 | File | `/files/password` | High
|
||||
7 | File | `/guest_auth/cfg/upLoadCfg.php` | High
|
||||
8 | File | `/hocms/classes/Master.php?f=delete_member` | High
|
||||
9 | File | `/phppath/php` | Medium
|
||||
10 | File | `/services/getFile.cmd` | High
|
||||
11 | File | `/sns/classes/Master.php?f=delete_img` | High
|
||||
12 | File | `/usr/bin/pkexec` | High
|
||||
13 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
14 | File | `/var/log/messages` | High
|
||||
15 | File | `/web/jquery/uploader/multi_uploadify.php` | High
|
||||
16 | File | `/webconsole/Controller` | High
|
||||
17 | File | `/wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC` | High
|
||||
18 | File | `abook_database.php` | High
|
||||
19 | File | `acl/save_user.cgi` | High
|
||||
20 | File | `adaptive-images-script.php` | High
|
||||
21 | File | `admin/auth.php` | High
|
||||
22 | File | `admin/cgi-bin/listdir.pl` | High
|
||||
23 | File | `adminuseredit.php?usertoedit=XSS` | High
|
||||
24 | File | `AvastSvc.exe` | Medium
|
||||
25 | File | `backupsettings.conf` | High
|
||||
26 | File | `base/ErrorHandler.php` | High
|
||||
9 | File | `/lists/admin/` | High
|
||||
10 | File | `/phppath/php` | Medium
|
||||
11 | File | `/services/getFile.cmd` | High
|
||||
12 | File | `/sns/classes/Master.php?f=delete_img` | High
|
||||
13 | File | `/usr/bin/pkexec` | High
|
||||
14 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
15 | File | `/var/log/messages` | High
|
||||
16 | File | `/web/jquery/uploader/multi_uploadify.php` | High
|
||||
17 | File | `/webconsole/Controller` | High
|
||||
18 | File | `/wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC` | High
|
||||
19 | File | `abook_database.php` | High
|
||||
20 | File | `acl/save_user.cgi` | High
|
||||
21 | File | `adaptive-images-script.php` | High
|
||||
22 | File | `admin/auth.php` | High
|
||||
23 | File | `admin/cgi-bin/listdir.pl` | High
|
||||
24 | File | `adminuseredit.php?usertoedit=XSS` | High
|
||||
25 | File | `AvastSvc.exe` | Medium
|
||||
26 | File | `backupsettings.conf` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 225 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -16,10 +16,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [SC](https://vuldb.com/?country.sc)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
@ -59,39 +59,39 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `../FILEDIR` | Medium
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/admin/?page=system_info/contact_info` | High
|
||||
4 | File | `/Ap4RtpAtom.cpp` | High
|
||||
5 | File | `/api/part_categories` | High
|
||||
6 | File | `/api/programs/orgUnits?programs` | High
|
||||
7 | File | `/auditLogAction.do` | High
|
||||
8 | File | `/bcms/admin/?page=court_rentals/view_court_rental` | High
|
||||
9 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
|
||||
10 | File | `/bcms/admin/?page=sales/view_details` | High
|
||||
11 | File | `/bcms/admin/?page=service_transactions/manage_service_transaction` | High
|
||||
12 | File | `/bcms/admin/?page=service_transactions/view_details` | High
|
||||
13 | File | `/bcms/admin/?page=user/manage_user` | High
|
||||
14 | File | `/cgi-bin` | Medium
|
||||
15 | File | `/cgi-bin/kerbynet` | High
|
||||
16 | File | `/checklogin.jsp` | High
|
||||
17 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
18 | File | `/course/api/upload/pic` | High
|
||||
19 | File | `/etc/cron.daily/upstart` | High
|
||||
20 | File | `/fuel/sitevariables/delete/4` | High
|
||||
21 | File | `/goform/aspForm` | High
|
||||
22 | File | `/itop/webservices/export-v2.php` | High
|
||||
23 | File | `/modules/profile/index.php` | High
|
||||
24 | File | `/nova/bin/sniffer` | High
|
||||
25 | File | `/ocwbs/admin/?page=bookings/view_details` | High
|
||||
26 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
27 | File | `/ofrs/admin/?page=reports` | High
|
||||
28 | File | `/ofrs/admin/?page=requests/manage_request` | High
|
||||
29 | File | `/ofrs/admin/?page=teams/manage_team` | High
|
||||
30 | File | `/ofrs/admin/?page=teams/view_team` | High
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin/scheprofile.cgi` | High
|
||||
3 | File | `/admin/showbad.php` | High
|
||||
4 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
5 | File | `/alarm_pi/alarmService.php` | High
|
||||
6 | File | `/Ap4RtpAtom.cpp` | High
|
||||
7 | File | `/api/part_categories` | High
|
||||
8 | File | `/cgi-bin/kerbynet` | High
|
||||
9 | File | `/cgi-bin/webproc` | High
|
||||
10 | File | `/cgi/get_param.cgi` | High
|
||||
11 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
12 | File | `/company` | Medium
|
||||
13 | File | `/company/account/safety/trade` | High
|
||||
14 | File | `/company/service/increment/add/im` | High
|
||||
15 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
16 | File | `/dashboard/reports/logs/view` | High
|
||||
17 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
18 | File | `/defaultui/player/modern.html` | High
|
||||
19 | File | `/dl/dl_sendmail.php` | High
|
||||
20 | File | `/dl/dl_sendsms.php` | High
|
||||
21 | File | `/fuel/sitevariables/delete/4` | High
|
||||
22 | File | `/goform/aspForm` | High
|
||||
23 | File | `/home/campus/campus_job` | High
|
||||
24 | File | `/home/job/index` | High
|
||||
25 | File | `/IISADMPWD` | Medium
|
||||
26 | File | `/images/background/1.php` | High
|
||||
27 | File | `/index.php?action=seomatic/file/seo-file-link` | High
|
||||
28 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
29 | File | `/itop/webservices/export-v2.php` | High
|
||||
30 | File | `/job` | Low
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 265 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -47,13 +47,14 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//etc/RT2870STA.dat` | High
|
||||
2 | File | `/cgi-bin/wapopen` | High
|
||||
3 | File | `/HNAP1` | Low
|
||||
4 | File | `/setSystemAdmin` | High
|
||||
5 | File | `/updown/upload.cgi` | High
|
||||
6 | File | `/usr/bin/pkexec` | High
|
||||
7 | File | `acl.c` | Low
|
||||
8 | ... | ... | ...
|
||||
4 | File | `/mgmt/tm/util/bash` | High
|
||||
5 | File | `/setSystemAdmin` | High
|
||||
6 | File | `/updown/upload.cgi` | High
|
||||
7 | File | `/usr/bin/pkexec` | High
|
||||
8 | File | `acl.c` | Low
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 58 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 62 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -171,48 +171,48 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin/?setting-base.htm` | High
|
||||
4 | File | `/admin/admin_login.php` | High
|
||||
5 | File | `/admin/login.php` | High
|
||||
6 | File | `/apply_noauth.cgi` | High
|
||||
7 | File | `/bin/sh` | Low
|
||||
8 | File | `/componetns/user/class.user.php` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/dev/tty` | Medium
|
||||
11 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
|
||||
12 | File | `/gaia-job-admin/user/add` | High
|
||||
13 | File | `/HNAP1` | Low
|
||||
14 | File | `/include/chart_generator.php` | High
|
||||
15 | File | `/login` | Low
|
||||
16 | File | `/login.html` | Medium
|
||||
17 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
18 | File | `/member/index/login.html` | High
|
||||
19 | File | `/requests.php` | High
|
||||
20 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
21 | File | `/saml/login` | Medium
|
||||
22 | File | `/ScadaBR/login.htm` | High
|
||||
23 | File | `/ServletAPI/accounts/login` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/upload` | Low
|
||||
26 | File | `/var/adm/btmp` | High
|
||||
27 | File | `/var/log/messages` | High
|
||||
28 | File | `/websocket/exec` | High
|
||||
29 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
30 | File | `account/login.php` | High
|
||||
31 | File | `ad/login.asp` | Medium
|
||||
32 | File | `add.php` | Low
|
||||
33 | File | `admin.inc.php` | High
|
||||
34 | File | `admin.php` | Medium
|
||||
35 | File | `admin/admin_ping.php` | High
|
||||
36 | File | `admin/index.php` | High
|
||||
37 | File | `admin/login.asp` | High
|
||||
38 | File | `admin/login.php` | High
|
||||
39 | File | `admin/nos/login` | High
|
||||
40 | File | `admin/viewtheatre.php` | High
|
||||
41 | File | `adminer.php` | Medium
|
||||
42 | File | `admin_ajax.php?action=checkrepeat` | High
|
||||
43 | File | `admin_delete.php` | High
|
||||
44 | File | `agenda.php3` | Medium
|
||||
6 | File | `/bin/sh` | Low
|
||||
7 | File | `/componetns/user/class.user.php` | High
|
||||
8 | File | `/debug/pprof` | Medium
|
||||
9 | File | `/dev/tty` | Medium
|
||||
10 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
|
||||
11 | File | `/gaia-job-admin/user/add` | High
|
||||
12 | File | `/HNAP1` | Low
|
||||
13 | File | `/include/chart_generator.php` | High
|
||||
14 | File | `/login` | Low
|
||||
15 | File | `/login.html` | Medium
|
||||
16 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
17 | File | `/member/index/login.html` | High
|
||||
18 | File | `/requests.php` | High
|
||||
19 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
20 | File | `/saml/login` | Medium
|
||||
21 | File | `/ScadaBR/login.htm` | High
|
||||
22 | File | `/ServletAPI/accounts/login` | High
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/upload` | Low
|
||||
25 | File | `/var/adm/btmp` | High
|
||||
26 | File | `/var/log/messages` | High
|
||||
27 | File | `/websocket/exec` | High
|
||||
28 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
29 | File | `account/login.php` | High
|
||||
30 | File | `ad/login.asp` | Medium
|
||||
31 | File | `add.php` | Low
|
||||
32 | File | `admin.inc.php` | High
|
||||
33 | File | `admin.php` | Medium
|
||||
34 | File | `admin/admin_ping.php` | High
|
||||
35 | File | `admin/index.php` | High
|
||||
36 | File | `admin/login.asp` | High
|
||||
37 | File | `admin/login.php` | High
|
||||
38 | File | `admin/nos/login` | High
|
||||
39 | File | `admin/viewtheatre.php` | High
|
||||
40 | File | `adminer.php` | Medium
|
||||
41 | File | `admin_ajax.php?action=checkrepeat` | High
|
||||
42 | File | `admin_delete.php` | High
|
||||
43 | File | `agenda.php3` | Medium
|
||||
44 | File | `ajaxp.php` | Medium
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -65,9 +65,10 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `akocomments.php` | High
|
||||
8 | File | `auth.inc.php` | Medium
|
||||
9 | File | `bgpd/bgp_aspath.c` | High
|
||||
10 | ... | ... | ...
|
||||
10 | File | `cgi-bin/luci` | Medium
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 77 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -35,79 +35,80 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
6 | [8.253.139.120](https://vuldb.com/?ip.8.253.139.120) | - | - | High
|
||||
7 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
8 | [13.107.42.12](https://vuldb.com/?ip.13.107.42.12) | 1drv.ms | - | High
|
||||
9 | [13.107.43.12](https://vuldb.com/?ip.13.107.43.12) | - | - | High
|
||||
10 | [13.107.43.13](https://vuldb.com/?ip.13.107.43.13) | - | - | High
|
||||
11 | [13.225.230.20](https://vuldb.com/?ip.13.225.230.20) | server-13-225-230-20.jfk51.r.cloudfront.net | - | High
|
||||
12 | [13.250.255.10](https://vuldb.com/?ip.13.250.255.10) | ec2-13-250-255-10.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
13 | [15.197.142.173](https://vuldb.com/?ip.15.197.142.173) | a4ec4c6ea1c92e2e6.awsglobalaccelerator.com | - | High
|
||||
14 | [18.214.132.216](https://vuldb.com/?ip.18.214.132.216) | ec2-18-214-132-216.compute-1.amazonaws.com | - | Medium
|
||||
15 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
|
||||
16 | [20.42.73.27](https://vuldb.com/?ip.20.42.73.27) | - | - | High
|
||||
17 | [20.190.151.7](https://vuldb.com/?ip.20.190.151.7) | - | - | High
|
||||
18 | [20.190.151.8](https://vuldb.com/?ip.20.190.151.8) | - | - | High
|
||||
19 | [20.190.151.68](https://vuldb.com/?ip.20.190.151.68) | - | - | High
|
||||
20 | [20.190.151.70](https://vuldb.com/?ip.20.190.151.70) | - | - | High
|
||||
21 | [20.190.151.131](https://vuldb.com/?ip.20.190.151.131) | - | - | High
|
||||
22 | [20.190.151.132](https://vuldb.com/?ip.20.190.151.132) | - | - | High
|
||||
23 | [20.190.151.133](https://vuldb.com/?ip.20.190.151.133) | - | - | High
|
||||
24 | [20.190.152.21](https://vuldb.com/?ip.20.190.152.21) | - | - | High
|
||||
25 | [20.190.154.139](https://vuldb.com/?ip.20.190.154.139) | - | - | High
|
||||
26 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
27 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
28 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
||||
29 | [23.21.205.229](https://vuldb.com/?ip.23.21.205.229) | ec2-23-21-205-229.compute-1.amazonaws.com | - | Medium
|
||||
30 | [23.21.213.140](https://vuldb.com/?ip.23.21.213.140) | ec2-23-21-213-140.compute-1.amazonaws.com | - | Medium
|
||||
31 | [23.38.131.139](https://vuldb.com/?ip.23.38.131.139) | a23-38-131-139.deploy.static.akamaitechnologies.com | - | High
|
||||
32 | [23.46.239.18](https://vuldb.com/?ip.23.46.239.18) | a23-46-239-18.deploy.static.akamaitechnologies.com | - | High
|
||||
33 | [23.56.9.181](https://vuldb.com/?ip.23.56.9.181) | a23-56-9-181.deploy.static.akamaitechnologies.com | - | High
|
||||
34 | [23.78.173.83](https://vuldb.com/?ip.23.78.173.83) | a23-78-173-83.deploy.static.akamaitechnologies.com | - | High
|
||||
35 | [23.82.12.29](https://vuldb.com/?ip.23.82.12.29) | - | - | High
|
||||
36 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | - | - | High
|
||||
37 | [23.196.74.222](https://vuldb.com/?ip.23.196.74.222) | a23-196-74-222.deploy.static.akamaitechnologies.com | - | High
|
||||
38 | [23.199.63.11](https://vuldb.com/?ip.23.199.63.11) | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High
|
||||
39 | [23.199.63.83](https://vuldb.com/?ip.23.199.63.83) | a23-199-63-83.deploy.static.akamaitechnologies.com | - | High
|
||||
40 | [23.223.37.181](https://vuldb.com/?ip.23.223.37.181) | a23-223-37-181.deploy.static.akamaitechnologies.com | - | High
|
||||
41 | [23.227.38.74](https://vuldb.com/?ip.23.227.38.74) | - | - | High
|
||||
42 | [34.96.116.138](https://vuldb.com/?ip.34.96.116.138) | 138.116.96.34.bc.googleusercontent.com | - | Medium
|
||||
43 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
44 | [34.117.168.233](https://vuldb.com/?ip.34.117.168.233) | 233.168.117.34.bc.googleusercontent.com | - | Medium
|
||||
45 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
|
||||
46 | [34.197.12.81](https://vuldb.com/?ip.34.197.12.81) | ec2-34-197-12-81.compute-1.amazonaws.com | - | Medium
|
||||
47 | [34.202.33.33](https://vuldb.com/?ip.34.202.33.33) | ec2-34-202-33-33.compute-1.amazonaws.com | - | Medium
|
||||
48 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
||||
49 | [35.214.144.124](https://vuldb.com/?ip.35.214.144.124) | 124.144.214.35.bc.googleusercontent.com | - | Medium
|
||||
50 | [37.1.206.16](https://vuldb.com/?ip.37.1.206.16) | free.ispiria.net | - | High
|
||||
51 | [37.19.193.217](https://vuldb.com/?ip.37.19.193.217) | unn-37-19-193-217.cdn77.com | - | High
|
||||
52 | [37.120.138.222](https://vuldb.com/?ip.37.120.138.222) | - | - | High
|
||||
53 | [37.123.118.150](https://vuldb.com/?ip.37.123.118.150) | - | - | High
|
||||
54 | [37.139.64.106](https://vuldb.com/?ip.37.139.64.106) | - | - | High
|
||||
55 | [37.230.130.153](https://vuldb.com/?ip.37.230.130.153) | - | - | High
|
||||
56 | [37.235.1.174](https://vuldb.com/?ip.37.235.1.174) | resolver1.freedns.zone.powered.by.virtexxa.com | - | High
|
||||
57 | [40.126.26.134](https://vuldb.com/?ip.40.126.26.134) | - | - | High
|
||||
58 | [40.126.28.12](https://vuldb.com/?ip.40.126.28.12) | - | - | High
|
||||
59 | [40.126.28.22](https://vuldb.com/?ip.40.126.28.22) | - | - | High
|
||||
60 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
|
||||
61 | [44.238.161.76](https://vuldb.com/?ip.44.238.161.76) | ec2-44-238-161-76.us-west-2.compute.amazonaws.com | - | Medium
|
||||
62 | [45.15.143.148](https://vuldb.com/?ip.45.15.143.148) | - | - | High
|
||||
63 | [45.74.32.12](https://vuldb.com/?ip.45.74.32.12) | - | - | High
|
||||
64 | [45.95.168.62](https://vuldb.com/?ip.45.95.168.62) | maxko-hosting.com | - | High
|
||||
65 | [45.148.17.62](https://vuldb.com/?ip.45.148.17.62) | mail.spokel.se | - | High
|
||||
66 | [46.2.255.122](https://vuldb.com/?ip.46.2.255.122) | - | - | High
|
||||
67 | [46.105.127.143](https://vuldb.com/?ip.46.105.127.143) | ns385442.ip-46-105-127.eu | - | High
|
||||
68 | [46.243.147.194](https://vuldb.com/?ip.46.243.147.194) | - | - | High
|
||||
69 | [46.243.239.153](https://vuldb.com/?ip.46.243.239.153) | - | - | High
|
||||
70 | [46.243.249.150](https://vuldb.com/?ip.46.243.249.150) | - | - | High
|
||||
71 | [46.246.80.68](https://vuldb.com/?ip.46.246.80.68) | c-46-246-80-68.ip4.frootvpn.com | - | High
|
||||
72 | [47.254.172.117](https://vuldb.com/?ip.47.254.172.117) | - | - | High
|
||||
73 | [50.16.234.229](https://vuldb.com/?ip.50.16.234.229) | ec2-50-16-234-229.compute-1.amazonaws.com | - | Medium
|
||||
74 | [50.63.202.36](https://vuldb.com/?ip.50.63.202.36) | ip-50-63-202-36.ip.secureserver.net | - | High
|
||||
75 | [51.15.229.127](https://vuldb.com/?ip.51.15.229.127) | 127-229-15-51.instances.scw.cloud | - | High
|
||||
76 | [51.75.209.242](https://vuldb.com/?ip.51.75.209.242) | ip242.ip-51-75-209.eu | - | High
|
||||
77 | [51.91.236.193](https://vuldb.com/?ip.51.91.236.193) | cluster028.hosting.ovh.net | - | High
|
||||
78 | [51.103.16.165](https://vuldb.com/?ip.51.103.16.165) | - | - | High
|
||||
79 | ... | ... | ... | ...
|
||||
9 | [13.107.42.13](https://vuldb.com/?ip.13.107.42.13) | - | - | High
|
||||
10 | [13.107.43.12](https://vuldb.com/?ip.13.107.43.12) | - | - | High
|
||||
11 | [13.107.43.13](https://vuldb.com/?ip.13.107.43.13) | - | - | High
|
||||
12 | [13.225.230.20](https://vuldb.com/?ip.13.225.230.20) | server-13-225-230-20.jfk51.r.cloudfront.net | - | High
|
||||
13 | [13.250.255.10](https://vuldb.com/?ip.13.250.255.10) | ec2-13-250-255-10.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
14 | [15.197.142.173](https://vuldb.com/?ip.15.197.142.173) | a4ec4c6ea1c92e2e6.awsglobalaccelerator.com | - | High
|
||||
15 | [18.214.132.216](https://vuldb.com/?ip.18.214.132.216) | ec2-18-214-132-216.compute-1.amazonaws.com | - | Medium
|
||||
16 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
|
||||
17 | [20.42.73.27](https://vuldb.com/?ip.20.42.73.27) | - | - | High
|
||||
18 | [20.190.151.7](https://vuldb.com/?ip.20.190.151.7) | - | - | High
|
||||
19 | [20.190.151.8](https://vuldb.com/?ip.20.190.151.8) | - | - | High
|
||||
20 | [20.190.151.68](https://vuldb.com/?ip.20.190.151.68) | - | - | High
|
||||
21 | [20.190.151.70](https://vuldb.com/?ip.20.190.151.70) | - | - | High
|
||||
22 | [20.190.151.131](https://vuldb.com/?ip.20.190.151.131) | - | - | High
|
||||
23 | [20.190.151.132](https://vuldb.com/?ip.20.190.151.132) | - | - | High
|
||||
24 | [20.190.151.133](https://vuldb.com/?ip.20.190.151.133) | - | - | High
|
||||
25 | [20.190.152.21](https://vuldb.com/?ip.20.190.152.21) | - | - | High
|
||||
26 | [20.190.154.139](https://vuldb.com/?ip.20.190.154.139) | - | - | High
|
||||
27 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
28 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
29 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
||||
30 | [23.21.205.229](https://vuldb.com/?ip.23.21.205.229) | ec2-23-21-205-229.compute-1.amazonaws.com | - | Medium
|
||||
31 | [23.21.213.140](https://vuldb.com/?ip.23.21.213.140) | ec2-23-21-213-140.compute-1.amazonaws.com | - | Medium
|
||||
32 | [23.38.131.139](https://vuldb.com/?ip.23.38.131.139) | a23-38-131-139.deploy.static.akamaitechnologies.com | - | High
|
||||
33 | [23.46.239.18](https://vuldb.com/?ip.23.46.239.18) | a23-46-239-18.deploy.static.akamaitechnologies.com | - | High
|
||||
34 | [23.56.9.181](https://vuldb.com/?ip.23.56.9.181) | a23-56-9-181.deploy.static.akamaitechnologies.com | - | High
|
||||
35 | [23.78.173.83](https://vuldb.com/?ip.23.78.173.83) | a23-78-173-83.deploy.static.akamaitechnologies.com | - | High
|
||||
36 | [23.82.12.29](https://vuldb.com/?ip.23.82.12.29) | - | - | High
|
||||
37 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | - | - | High
|
||||
38 | [23.196.74.222](https://vuldb.com/?ip.23.196.74.222) | a23-196-74-222.deploy.static.akamaitechnologies.com | - | High
|
||||
39 | [23.199.63.11](https://vuldb.com/?ip.23.199.63.11) | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High
|
||||
40 | [23.199.63.83](https://vuldb.com/?ip.23.199.63.83) | a23-199-63-83.deploy.static.akamaitechnologies.com | - | High
|
||||
41 | [23.223.37.181](https://vuldb.com/?ip.23.223.37.181) | a23-223-37-181.deploy.static.akamaitechnologies.com | - | High
|
||||
42 | [23.227.38.74](https://vuldb.com/?ip.23.227.38.74) | - | - | High
|
||||
43 | [34.96.116.138](https://vuldb.com/?ip.34.96.116.138) | 138.116.96.34.bc.googleusercontent.com | - | Medium
|
||||
44 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
45 | [34.117.168.233](https://vuldb.com/?ip.34.117.168.233) | 233.168.117.34.bc.googleusercontent.com | - | Medium
|
||||
46 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
|
||||
47 | [34.197.12.81](https://vuldb.com/?ip.34.197.12.81) | ec2-34-197-12-81.compute-1.amazonaws.com | - | Medium
|
||||
48 | [34.202.33.33](https://vuldb.com/?ip.34.202.33.33) | ec2-34-202-33-33.compute-1.amazonaws.com | - | Medium
|
||||
49 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
||||
50 | [35.214.144.124](https://vuldb.com/?ip.35.214.144.124) | 124.144.214.35.bc.googleusercontent.com | - | Medium
|
||||
51 | [37.1.206.16](https://vuldb.com/?ip.37.1.206.16) | free.ispiria.net | - | High
|
||||
52 | [37.19.193.217](https://vuldb.com/?ip.37.19.193.217) | unn-37-19-193-217.cdn77.com | - | High
|
||||
53 | [37.120.138.222](https://vuldb.com/?ip.37.120.138.222) | - | - | High
|
||||
54 | [37.123.118.150](https://vuldb.com/?ip.37.123.118.150) | - | - | High
|
||||
55 | [37.139.64.106](https://vuldb.com/?ip.37.139.64.106) | - | - | High
|
||||
56 | [37.230.130.153](https://vuldb.com/?ip.37.230.130.153) | - | - | High
|
||||
57 | [37.235.1.174](https://vuldb.com/?ip.37.235.1.174) | resolver1.freedns.zone.powered.by.virtexxa.com | - | High
|
||||
58 | [40.126.26.134](https://vuldb.com/?ip.40.126.26.134) | - | - | High
|
||||
59 | [40.126.28.12](https://vuldb.com/?ip.40.126.28.12) | - | - | High
|
||||
60 | [40.126.28.22](https://vuldb.com/?ip.40.126.28.22) | - | - | High
|
||||
61 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
|
||||
62 | [44.238.161.76](https://vuldb.com/?ip.44.238.161.76) | ec2-44-238-161-76.us-west-2.compute.amazonaws.com | - | Medium
|
||||
63 | [45.15.143.148](https://vuldb.com/?ip.45.15.143.148) | - | - | High
|
||||
64 | [45.74.32.12](https://vuldb.com/?ip.45.74.32.12) | - | - | High
|
||||
65 | [45.95.168.62](https://vuldb.com/?ip.45.95.168.62) | maxko-hosting.com | - | High
|
||||
66 | [45.148.17.62](https://vuldb.com/?ip.45.148.17.62) | mail.spokel.se | - | High
|
||||
67 | [46.2.255.122](https://vuldb.com/?ip.46.2.255.122) | - | - | High
|
||||
68 | [46.105.127.143](https://vuldb.com/?ip.46.105.127.143) | ns385442.ip-46-105-127.eu | - | High
|
||||
69 | [46.243.147.194](https://vuldb.com/?ip.46.243.147.194) | - | - | High
|
||||
70 | [46.243.239.153](https://vuldb.com/?ip.46.243.239.153) | - | - | High
|
||||
71 | [46.243.249.150](https://vuldb.com/?ip.46.243.249.150) | - | - | High
|
||||
72 | [46.246.80.68](https://vuldb.com/?ip.46.246.80.68) | c-46-246-80-68.ip4.frootvpn.com | - | High
|
||||
73 | [47.254.172.117](https://vuldb.com/?ip.47.254.172.117) | - | - | High
|
||||
74 | [50.16.234.229](https://vuldb.com/?ip.50.16.234.229) | ec2-50-16-234-229.compute-1.amazonaws.com | - | Medium
|
||||
75 | [50.63.202.36](https://vuldb.com/?ip.50.63.202.36) | ip-50-63-202-36.ip.secureserver.net | - | High
|
||||
76 | [51.15.229.127](https://vuldb.com/?ip.51.15.229.127) | 127-229-15-51.instances.scw.cloud | - | High
|
||||
77 | [51.75.209.242](https://vuldb.com/?ip.51.75.209.242) | ip242.ip-51-75-209.eu | - | High
|
||||
78 | [51.91.236.193](https://vuldb.com/?ip.51.91.236.193) | cluster028.hosting.ovh.net | - | High
|
||||
79 | [51.103.16.165](https://vuldb.com/?ip.51.103.16.165) | - | - | High
|
||||
80 | ... | ... | ... | ...
|
||||
|
||||
There are 313 more IOC items available. Please use our online service to access the data.
|
||||
There are 318 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -130,29 +131,30 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `.procmailrc` | Medium
|
||||
2 | File | `/anony/mjpg.cgi` | High
|
||||
3 | File | `/api/crontab` | Medium
|
||||
4 | File | `/as/authorization.oauth2` | High
|
||||
5 | File | `/bin/mail` | Medium
|
||||
6 | File | `/cgi-bin/delete_CA` | High
|
||||
7 | File | `/common/info.cgi` | High
|
||||
8 | File | `/data/vendor/tcl` | High
|
||||
9 | File | `/dev/random` | Medium
|
||||
10 | File | `/etc/passwd` | Medium
|
||||
11 | File | `/etc/password` | High
|
||||
12 | File | `/files.md5` | Medium
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/include/chart_generator.php` | High
|
||||
15 | File | `/mgmt/tm/util/bash` | High
|
||||
16 | File | `/one_church/userregister.php` | High
|
||||
17 | File | `/op/op.LockDocument.php` | High
|
||||
18 | File | `/plesk-site-preview/` | High
|
||||
19 | File | `/proc/self/setgroups` | High
|
||||
20 | File | `/proc/stat` | Medium
|
||||
21 | File | `/rest/api/2/search` | High
|
||||
22 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
23 | ... | ... | ...
|
||||
3 | File | `/bin/mail` | Medium
|
||||
4 | File | `/common/info.cgi` | High
|
||||
5 | File | `/data/vendor/tcl` | High
|
||||
6 | File | `/dev/random` | Medium
|
||||
7 | File | `/etc/hosts` | Medium
|
||||
8 | File | `/etc/passwd` | Medium
|
||||
9 | File | `/etc/password` | High
|
||||
10 | File | `/files.md5` | Medium
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/include/chart_generator.php` | High
|
||||
13 | File | `/mgmt/tm/util/bash` | High
|
||||
14 | File | `/op/op.LockDocument.php` | High
|
||||
15 | File | `/plesk-site-preview/` | High
|
||||
16 | File | `/proc/self/setgroups` | High
|
||||
17 | File | `/proc/stat` | Medium
|
||||
18 | File | `/ram/pckg/security/nova/bin/ipsec` | High
|
||||
19 | File | `/rest/api/2/search` | High
|
||||
20 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
21 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
22 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
23 | File | `/tmp` | Low
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 189 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 199 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -202,6 +204,10 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.html
|
||||
* https://blog.talosintelligence.com/2022/03/ukraine-invasion-scams-malware.html
|
||||
* https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-17%20Remcos%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Remcos%20RAT%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Remcos%20RAT%20IOCs%202
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-09-15%20Remcos%20IOCs
|
||||
* https://isc.sans.edu/forums/diary/Malspam+using+passwordprotected+Word+docs+to+push+Remcos+RAT/25292/
|
||||
* https://twitter.com/Paladin3161/status/1197842954037018625
|
||||
|
||||
|
|
|
@ -57,7 +57,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -69,26 +69,27 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
|
||||
3 | File | `/apply.cgi` | Medium
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
6 | File | `/objects/getImageMP4.php` | High
|
||||
7 | File | `/payu/icpcheckout/` | High
|
||||
8 | File | `/proc/kcore/` | Medium
|
||||
9 | File | `/uncpath/` | Medium
|
||||
10 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
|
||||
11 | File | `adclick.php` | Medium
|
||||
12 | File | `add_comment.php` | High
|
||||
13 | File | `admin.jcomments.php` | High
|
||||
14 | File | `admin.php` | Medium
|
||||
15 | File | `admin/index.php` | High
|
||||
16 | File | `AppCompatCache.exe` | High
|
||||
17 | File | `asn1fix_retrieve.c` | High
|
||||
18 | File | `bigsam_guestbook.php` | High
|
||||
19 | File | `books.php` | Medium
|
||||
20 | File | `card/pay/.../amount` | High
|
||||
21 | File | `category.cfm` | Medium
|
||||
22 | ... | ... | ...
|
||||
5 | File | `/mgmt/tm/util/bash` | High
|
||||
6 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
7 | File | `/objects/getImageMP4.php` | High
|
||||
8 | File | `/payu/icpcheckout/` | High
|
||||
9 | File | `/proc/kcore/` | Medium
|
||||
10 | File | `/uncpath/` | Medium
|
||||
11 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
|
||||
12 | File | `adclick.php` | Medium
|
||||
13 | File | `add_comment.php` | High
|
||||
14 | File | `admin.jcomments.php` | High
|
||||
15 | File | `admin.php` | Medium
|
||||
16 | File | `admin/index.php` | High
|
||||
17 | File | `AppCompatCache.exe` | High
|
||||
18 | File | `asn1fix_retrieve.c` | High
|
||||
19 | File | `bigsam_guestbook.php` | High
|
||||
20 | File | `books.php` | Medium
|
||||
21 | File | `card/pay/.../amount` | High
|
||||
22 | File | `category.cfm` | Medium
|
||||
23 | ... | ... | ...
|
||||
|
||||
There are 187 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 191 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,59 @@
|
|||
# Rock Phish - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Rock Phish](https://vuldb.com/?actor.rock_phish). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.rock_phish](https://vuldb.com/?actor.rock_phish)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Rock Phish:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Rock Phish.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [81.16.131.40](https://vuldb.com/?ip.81.16.131.40) | - | - | High
|
||||
2 | [200.72.139.67](https://vuldb.com/?ip.200.72.139.67) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Rock Phish_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1600 | CWE-310 | Cryptographic Issues | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Rock Phish. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `cloud.php` | Medium
|
||||
2 | File | `inc/config.php` | High
|
||||
3 | File | `register.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://ddanchev.blogspot.com/2007/12/2091-host-locked.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -58,45 +58,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
2 | File | `/admin.php?action=page` | High
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
3 | File | `/admin.php?mod=user&` | High
|
||||
4 | File | `/admin/powerline` | High
|
||||
5 | File | `/admin/syslog` | High
|
||||
6 | File | `/api/upload` | Medium
|
||||
7 | File | `/bcms/admin/?page=user/list` | High
|
||||
8 | File | `/cgi-bin` | Medium
|
||||
9 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
4 | File | `/admin/dl_sendmail.php` | High
|
||||
5 | File | `/Ap4RtpAtom.cpp` | High
|
||||
6 | File | `/bcms/admin/?page=user/list` | High
|
||||
7 | File | `/bsms/?page=manage_account` | High
|
||||
8 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
9 | File | `/dashboard/reports/logs/view` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/dl/dl_print.php` | High
|
||||
12 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
13 | File | `/mgmt/tm/util/bash` | High
|
||||
14 | File | `/moddable/xs/sources/xsDebug.c` | High
|
||||
15 | File | `/monitoring` | Medium
|
||||
16 | File | `/new` | Low
|
||||
17 | File | `/nova/bin/diskd` | High
|
||||
18 | File | `/proc/<pid>/status` | High
|
||||
19 | File | `/public/plugins/` | High
|
||||
20 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
21 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
22 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
23 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
24 | File | `/StdC/Ap4StdCFileByteStream.cpp` | High
|
||||
25 | File | `/tmp` | Low
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/usr/bin/pkexec` | High
|
||||
28 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
29 | File | `/wp-admin` | Medium
|
||||
13 | File | `/fuel/sitevariables/delete/4` | High
|
||||
14 | File | `/mgmt/tm/util/bash` | High
|
||||
15 | File | `/moddable/xs/sources/xsDebug.c` | High
|
||||
16 | File | `/monitoring` | Medium
|
||||
17 | File | `/new` | Low
|
||||
18 | File | `/odfs/classes/Master.php?f=save_category` | High
|
||||
19 | File | `/proc/<pid>/status` | High
|
||||
20 | File | `/public/plugins/` | High
|
||||
21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
24 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
25 | File | `/StdC/Ap4StdCFileByteStream.cpp` | High
|
||||
26 | File | `/tmp` | Low
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/usr/bin/pkexec` | High
|
||||
29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
30 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `AccountManagerService.java` | High
|
||||
33 | File | `actions/CompanyDetailsSave.php` | High
|
||||
34 | File | `ActiveServices.java` | High
|
||||
35 | File | `ActivityManagerService.java` | High
|
||||
36 | File | `admin.php` | Medium
|
||||
37 | ... | ... | ...
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -763,37 +763,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/advance_push/public/login` | High
|
||||
2 | File | `/bcms/admin/?page=user/list` | High
|
||||
3 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
4 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
5 | File | `/mgmt/tm/util/bash` | High
|
||||
6 | File | `/monitoring` | Medium
|
||||
7 | File | `/new` | Low
|
||||
8 | File | `/proc/<pid>/status` | High
|
||||
9 | File | `/public/plugins/` | High
|
||||
10 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
11 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
12 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
13 | File | `/tmp` | Low
|
||||
14 | File | `/uncpath/` | Medium
|
||||
15 | File | `/usr/bin/pkexec` | High
|
||||
16 | File | `/WEB-INF/web.xml` | High
|
||||
17 | File | `/wp-admin/admin-ajax.php` | High
|
||||
18 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
19 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
20 | File | `AccountManagerService.java` | High
|
||||
21 | File | `actions/CompanyDetailsSave.php` | High
|
||||
22 | File | `ActivityManagerService.java` | High
|
||||
23 | File | `admin.php` | Medium
|
||||
24 | File | `admin/add-glossary.php` | High
|
||||
25 | File | `admin/conf_users_edit.php` | High
|
||||
26 | File | `admin/controllers/Albumsgalleries.php` | High
|
||||
27 | File | `admin/edit-comments.php` | High
|
||||
28 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
29 | ... | ... | ...
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/advance_push/public/login` | High
|
||||
3 | File | `/Ap4RtpAtom.cpp` | High
|
||||
4 | File | `/bcms/admin/?page=user/list` | High
|
||||
5 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
6 | File | `/debug/pprof` | Medium
|
||||
7 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
8 | File | `/fuel/sitevariables/delete/4` | High
|
||||
9 | File | `/mgmt/tm/util/bash` | High
|
||||
10 | File | `/monitoring` | Medium
|
||||
11 | File | `/new` | Low
|
||||
12 | File | `/proc/<pid>/status` | High
|
||||
13 | File | `/public/plugins/` | High
|
||||
14 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
15 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
16 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
17 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
18 | File | `/tmp` | Low
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/usr/bin/pkexec` | High
|
||||
21 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
22 | File | `/wp-admin/admin-ajax.php` | High
|
||||
23 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
25 | File | `AccountManagerService.java` | High
|
||||
26 | File | `actions/CompanyDetailsSave.php` | High
|
||||
27 | File | `ActiveServices.java` | High
|
||||
28 | File | `ActivityManagerService.java` | High
|
||||
29 | File | `admin.php` | Medium
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 255 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -56,18 +56,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/error` | Low
|
||||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `/gena.cgi` | Medium
|
||||
4 | File | `/login` | Low
|
||||
5 | File | `/php/ajax.php` | High
|
||||
6 | File | `/rapi/read_url` | High
|
||||
7 | File | `/sec/content/sec_asa_users_local_db_add.html` | High
|
||||
8 | File | `/see_more_details.php` | High
|
||||
9 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
1 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
|
||||
2 | File | `/error` | Low
|
||||
3 | File | `/forum/away.php` | High
|
||||
4 | File | `/gena.cgi` | Medium
|
||||
5 | File | `/login` | Low
|
||||
6 | File | `/php/ajax.php` | High
|
||||
7 | File | `/rapi/read_url` | High
|
||||
8 | File | `/sec/content/sec_asa_users_local_db_add.html` | High
|
||||
9 | File | `/see_more_details.php` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 77 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 78 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -16,10 +16,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -30,14 +30,19 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | Tsunami | High
|
||||
2 | [5.196.8.173](https://vuldb.com/?ip.5.196.8.173) | vps-b5645e9a.vps.ovh.net | - | High
|
||||
3 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
4 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
5 | [31.13.65.36](https://vuldb.com/?ip.31.13.65.36) | edge-star-mini-shv-01-atl3.facebook.com | - | High
|
||||
6 | [31.210.170.195](https://vuldb.com/?ip.31.210.170.195) | vps16632.hosted-by.eurohoster.online | - | High
|
||||
7 | [51.254.25.115](https://vuldb.com/?ip.51.254.25.115) | ip115.ip-51-254-25.eu | Tsunami | High
|
||||
8 | [51.255.48.78](https://vuldb.com/?ip.51.255.48.78) | vps-ede152ed.vps.ovh.net | Tsunami | High
|
||||
9 | ... | ... | ... | ...
|
||||
4 | [20.45.1.107](https://vuldb.com/?ip.20.45.1.107) | - | - | High
|
||||
5 | [23.0.48.75](https://vuldb.com/?ip.23.0.48.75) | a23-0-48-75.deploy.static.akamaitechnologies.com | - | High
|
||||
6 | [23.0.209.167](https://vuldb.com/?ip.23.0.209.167) | a23-0-209-167.deploy.static.akamaitechnologies.com | - | High
|
||||
7 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
8 | [23.6.69.99](https://vuldb.com/?ip.23.6.69.99) | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High
|
||||
9 | [23.13.211.142](https://vuldb.com/?ip.23.13.211.142) | a23-13-211-142.deploy.static.akamaitechnologies.com | - | High
|
||||
10 | [23.20.239.12](https://vuldb.com/?ip.23.20.239.12) | ec2-23-20-239-12.compute-1.amazonaws.com | - | Medium
|
||||
11 | [23.66.61.153](https://vuldb.com/?ip.23.66.61.153) | a23-66-61-153.deploy.static.akamaitechnologies.com | - | High
|
||||
12 | [23.193.177.127](https://vuldb.com/?ip.23.193.177.127) | a23-193-177-127.deploy.static.akamaitechnologies.com | - | High
|
||||
13 | [23.218.40.161](https://vuldb.com/?ip.23.218.40.161) | a23-218-40-161.deploy.static.akamaitechnologies.com | - | High
|
||||
14 | ... | ... | ... | ...
|
||||
|
||||
There are 30 more IOC items available. Please use our online service to access the data.
|
||||
There are 52 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -50,7 +55,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -67,49 +72,56 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/cgi-bin/pass` | High
|
||||
8 | File | `/cgi/ansi` | Medium
|
||||
9 | File | `/ClickAndBanexDemo/admin/admin.asp` | High
|
||||
10 | File | `/config/getuser` | High
|
||||
11 | File | `/etc/gsissh/sshd_config` | High
|
||||
12 | File | `/etc/passwd` | Medium
|
||||
13 | File | `/etc/sudoers` | Medium
|
||||
14 | File | `/getcfg.php` | Medium
|
||||
15 | File | `/goform/GetNewDir` | High
|
||||
16 | File | `/goform/telnet` | High
|
||||
17 | File | `/goform/WanParameterSetting` | High
|
||||
18 | File | `/hnap.cgi` | Medium
|
||||
19 | File | `/HNAP1` | Low
|
||||
20 | File | `/include/makecvs.php` | High
|
||||
21 | File | `/includes/common.inc.php` | High
|
||||
22 | File | `/knomi/analyze` | High
|
||||
23 | File | `/opt/pia/ruby/64/ruby` | High
|
||||
24 | File | `/out.php` | Medium
|
||||
25 | File | `/outgoing.php` | High
|
||||
26 | File | `/scripts/iisadmin/bdir.htr` | High
|
||||
27 | File | `/tmp` | Low
|
||||
28 | File | `/tmp/csman/0` | Medium
|
||||
29 | File | `/ui/cbpc/login` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/var/avamar/f_cache.dat` | High
|
||||
32 | File | `/var/hnap/timestamp` | High
|
||||
33 | File | `/var/run/storage_account_root` | High
|
||||
34 | File | `/webmail/` | Medium
|
||||
35 | File | `/wp-content/plugins/forum-server/feed.php` | High
|
||||
36 | File | `/{ADMIN-FILE}/` | High
|
||||
37 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
38 | File | `address.html` | Medium
|
||||
39 | File | `adm/systools.asp` | High
|
||||
40 | File | `admin.php` | Medium
|
||||
41 | File | `admin/index.php` | High
|
||||
42 | File | `administrador.asp` | High
|
||||
43 | File | `AdminQuickAccessesController.php` | High
|
||||
44 | ... | ... | ...
|
||||
10 | File | `/config.cgi?webmin` | High
|
||||
11 | File | `/config/getuser` | High
|
||||
12 | File | `/etc/gsissh/sshd_config` | High
|
||||
13 | File | `/etc/passwd` | Medium
|
||||
14 | File | `/etc/sudoers` | Medium
|
||||
15 | File | `/gateway/services/EdgeServiceImpl` | High
|
||||
16 | File | `/getcfg.php` | Medium
|
||||
17 | File | `/goform/dir_setWanWifi` | High
|
||||
18 | File | `/goform/GetNewDir` | High
|
||||
19 | File | `/goform/telnet` | High
|
||||
20 | File | `/goform/WanParameterSetting` | High
|
||||
21 | File | `/hnap.cgi` | Medium
|
||||
22 | File | `/HNAP1` | Low
|
||||
23 | File | `/include/makecvs.php` | High
|
||||
24 | File | `/includes/common.inc.php` | High
|
||||
25 | File | `/knomi/analyze` | High
|
||||
26 | File | `/mgmt/tm/util/bash` | High
|
||||
27 | File | `/monitoring` | Medium
|
||||
28 | File | `/opt/pia/ruby/64/ruby` | High
|
||||
29 | File | `/opt/tms/bin/cli` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/outgoing.php` | High
|
||||
32 | File | `/Pwrchute` | Medium
|
||||
33 | File | `/reports/rwservlet` | High
|
||||
34 | File | `/scripts/iisadmin/bdir.htr` | High
|
||||
35 | File | `/skyboxview-softwareupdate/services/CollectorSoftwareUpdate` | High
|
||||
36 | File | `/tmp` | Low
|
||||
37 | File | `/tmp/csman/0` | Medium
|
||||
38 | File | `/ui/cbpc/login` | High
|
||||
39 | File | `/uncpath/` | Medium
|
||||
40 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
41 | File | `/var/avamar/f_cache.dat` | High
|
||||
42 | File | `/var/hnap/timestamp` | High
|
||||
43 | File | `/var/run/storage_account_root` | High
|
||||
44 | File | `/webmail/` | Medium
|
||||
45 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
46 | File | `/wp-content/plugins/forum-server/feed.php` | High
|
||||
47 | File | `/{ADMIN-FILE}/` | High
|
||||
48 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2020/01/threat-roundup-0124-0131.html
|
||||
* https://blog.talosintelligence.com/2021/07/threat-roundup-0716-0723.html
|
||||
* https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/
|
||||
* https://research.checkpoint.com/2019/2019-resurgence-of-smokeloader/
|
||||
* https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -51,7 +51,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -63,67 +63,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/.ssh/authorized_keys` | High
|
||||
4 | File | `/assets/ctx` | Medium
|
||||
5 | File | `/bsms/?page=products` | High
|
||||
6 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
7 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
8 | File | `/config/getuser` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/ext/phar/phar_object.c` | High
|
||||
11 | File | `/filemanager/php/connector.php` | High
|
||||
12 | File | `/get_getnetworkconf.cgi` | High
|
||||
13 | File | `/HNAP1` | Low
|
||||
14 | File | `/include/chart_generator.php` | High
|
||||
15 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
16 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
17 | File | `/modx/manager/index.php` | High
|
||||
18 | File | `/osm/REGISTER.cmd` | High
|
||||
19 | File | `/product_list.php` | High
|
||||
20 | File | `/replication` | Medium
|
||||
21 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
22 | File | `/supervisor/procesa_carga.php` | High
|
||||
23 | File | `/type.php` | Medium
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/usr/bin/pkexec` | High
|
||||
26 | File | `/zm/index.php` | High
|
||||
27 | File | `4.2.0.CP09` | Medium
|
||||
28 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
29 | File | `802dot1xclientcert.cgi` | High
|
||||
30 | File | `add.exe` | Low
|
||||
31 | File | `addentry.php` | Medium
|
||||
32 | File | `admin-ajax.php` | High
|
||||
33 | File | `admin.color.php` | High
|
||||
34 | File | `admin.cropcanvas.php` | High
|
||||
35 | File | `admin.joomlaradiov5.php` | High
|
||||
36 | File | `admin.php` | Medium
|
||||
37 | File | `admin.php?m=Food&a=addsave` | High
|
||||
38 | File | `admin/conf_users_edit.php` | High
|
||||
39 | File | `admin/index.php` | High
|
||||
40 | File | `admin/user.php` | High
|
||||
41 | File | `admin/write-post.php` | High
|
||||
42 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
43 | File | `admin_events.php` | High
|
||||
44 | File | `ajax_new_account.php` | High
|
||||
45 | File | `akocomments.php` | High
|
||||
46 | File | `allopass-error.php` | High
|
||||
47 | File | `announcement.php` | High
|
||||
48 | File | `apply.cgi` | Medium
|
||||
49 | File | `archiver\index.php` | High
|
||||
50 | File | `artlinks.dispnew.php` | High
|
||||
51 | File | `auth.inc.php` | Medium
|
||||
52 | File | `authorization.do` | High
|
||||
53 | File | `awstats.pl` | Medium
|
||||
54 | File | `backoffice/login.asp` | High
|
||||
55 | File | `bb_usage_stats.php` | High
|
||||
56 | File | `binder.c` | Medium
|
||||
57 | File | `books.php` | Medium
|
||||
58 | File | `C:\Python27` | Medium
|
||||
59 | ... | ... | ...
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
3 | File | `/assets/ctx` | Medium
|
||||
4 | File | `/bsms/?page=products` | High
|
||||
5 | File | `/cgi-bin/kerbynet` | High
|
||||
6 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
7 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
8 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
9 | File | `/config/getuser` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
12 | File | `/ext/phar/phar_object.c` | High
|
||||
13 | File | `/filemanager/php/connector.php` | High
|
||||
14 | File | `/get_getnetworkconf.cgi` | High
|
||||
15 | File | `/HNAP1` | Low
|
||||
16 | File | `/include/chart_generator.php` | High
|
||||
17 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
18 | File | `/info.cgi` | Medium
|
||||
19 | File | `/lists/admin/` | High
|
||||
20 | File | `/MagickCore/image.c` | High
|
||||
21 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
22 | File | `/mgmt/tm/util/bash` | High
|
||||
23 | File | `/modx/manager/index.php` | High
|
||||
24 | File | `/osm/REGISTER.cmd` | High
|
||||
25 | File | `/replication` | Medium
|
||||
26 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
27 | File | `/spip.php` | Medium
|
||||
28 | File | `/type.php` | Medium
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/usr/bin/pkexec` | High
|
||||
31 | File | `/Wedding-Management/package_detail.php` | High
|
||||
32 | File | `/zm/index.php` | High
|
||||
33 | File | `4.2.0.CP09` | Medium
|
||||
34 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
35 | File | `802dot1xclientcert.cgi` | High
|
||||
36 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
37 | File | `add.exe` | Low
|
||||
38 | File | `admin-ajax.php` | High
|
||||
39 | File | `admin.color.php` | High
|
||||
40 | File | `admin.cropcanvas.php` | High
|
||||
41 | File | `admin.joomlaradiov5.php` | High
|
||||
42 | File | `admin.php` | Medium
|
||||
43 | File | `admin.php?m=Food&a=addsave` | High
|
||||
44 | File | `admin/conf_users_edit.php` | High
|
||||
45 | File | `admin/index.php` | High
|
||||
46 | File | `admin/limits.php` | High
|
||||
47 | File | `admin/user.php` | High
|
||||
48 | File | `admin/write-post.php` | High
|
||||
49 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
50 | File | `admin_events.php` | High
|
||||
51 | File | `akocomments.php` | High
|
||||
52 | File | `allopass-error.php` | High
|
||||
53 | File | `announcement.php` | High
|
||||
54 | File | `apply.cgi` | Medium
|
||||
55 | File | `appointment.php` | High
|
||||
56 | File | `archiver\index.php` | High
|
||||
57 | File | `artlinks.dispnew.php` | High
|
||||
58 | File | `auth.inc.php` | Medium
|
||||
59 | File | `authorization.do` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 513 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -68,44 +68,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
2 | File | `/admin/powerline` | High
|
||||
3 | File | `/admin/syslog` | High
|
||||
4 | File | `/api/upload` | Medium
|
||||
5 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
|
||||
6 | File | `/bcms/admin/?page=user/list` | High
|
||||
7 | File | `/cgi-bin` | Medium
|
||||
8 | File | `/cgi-bin/kerbynet` | High
|
||||
9 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
10 | File | `/fudforum/adm/hlplist.php` | High
|
||||
11 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
12 | File | `/login` | Low
|
||||
13 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
14 | File | `/mgmt/tm/util/bash` | High
|
||||
15 | File | `/monitoring` | Medium
|
||||
16 | File | `/new` | Low
|
||||
17 | File | `/proc/<pid>/status` | High
|
||||
18 | File | `/public/plugins/` | High
|
||||
19 | File | `/rom` | Low
|
||||
20 | File | `/scripts/killpvhost` | High
|
||||
21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
24 | File | `/tmp` | Low
|
||||
25 | File | `/tmp/redis.ds` | High
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/wp-admin` | Medium
|
||||
28 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
29 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
30 | File | `AccountManagerService.java` | High
|
||||
31 | File | `actions/CompanyDetailsSave.php` | High
|
||||
32 | File | `ActiveServices.java` | High
|
||||
33 | File | `ActivityManagerService.java` | High
|
||||
34 | File | `adclick.php` | Medium
|
||||
35 | File | `admin.php` | Medium
|
||||
36 | ... | ... | ...
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
3 | File | `/admin/powerline` | High
|
||||
4 | File | `/admin/syslog` | High
|
||||
5 | File | `/Ap4RtpAtom.cpp` | High
|
||||
6 | File | `/api/upload` | Medium
|
||||
7 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
|
||||
8 | File | `/bcms/admin/?page=user/list` | High
|
||||
9 | File | `/cgi-bin` | Medium
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
13 | File | `/fuel/sitevariables/delete/4` | High
|
||||
14 | File | `/login` | Low
|
||||
15 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
16 | File | `/mgmt/tm/util/bash` | High
|
||||
17 | File | `/monitoring` | Medium
|
||||
18 | File | `/new` | Low
|
||||
19 | File | `/proc/<pid>/status` | High
|
||||
20 | File | `/public/plugins/` | High
|
||||
21 | File | `/scripts/killpvhost` | High
|
||||
22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
23 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
24 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
25 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
26 | File | `/tmp` | Low
|
||||
27 | File | `/tmp/redis.ds` | High
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
30 | File | `/wp-admin` | Medium
|
||||
31 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
32 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
33 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
34 | File | `AccountManagerService.java` | High
|
||||
35 | File | `actions/CompanyDetailsSave.php` | High
|
||||
36 | File | `ActiveServices.java` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 312 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -77,28 +77,28 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/mgmt/tm/util/bash` | High
|
||||
10 | File | `/modules/tasks/summary.inc.php` | High
|
||||
11 | File | `/nagiosql/admin/checkcommands.php` | High
|
||||
12 | File | `/rest/api/2/user/picker` | High
|
||||
13 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
14 | File | `/tmp` | Low
|
||||
15 | File | `/ui/artifactimport/upload` | High
|
||||
16 | File | `/uncpath/` | Medium
|
||||
17 | File | `/usr/5bin/su` | Medium
|
||||
18 | File | `/usr/bin/mail` | High
|
||||
19 | File | `/usr/bin/pkexec` | High
|
||||
20 | File | `/var/dt/` | Medium
|
||||
21 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
12 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
13 | File | `/tmp` | Low
|
||||
14 | File | `/ui/artifactimport/upload` | High
|
||||
15 | File | `/uncpath/` | Medium
|
||||
16 | File | `/usr/5bin/su` | Medium
|
||||
17 | File | `/usr/bin/mail` | High
|
||||
18 | File | `/usr/bin/pkexec` | High
|
||||
19 | File | `/var/dt/` | Medium
|
||||
20 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
21 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
22 | File | `00.jsp` | Low
|
||||
23 | File | `account_activations/edit` | High
|
||||
24 | File | `adclick.php` | Medium
|
||||
25 | File | `AddResolution.jspa` | High
|
||||
26 | File | `admin.asp` | Medium
|
||||
27 | File | `admin.jcomments.php` | High
|
||||
28 | File | `admin.php` | Medium
|
||||
29 | File | `admin/` | Low
|
||||
30 | File | `admin/manage-comments.php` | High
|
||||
31 | File | `administration/comments.php` | High
|
||||
32 | File | `administrator/mail/download.cfm` | High
|
||||
33 | File | `AdminViewError/AdminAddadmin` | High
|
||||
25 | File | `admin.asp` | Medium
|
||||
26 | File | `admin.jcomments.php` | High
|
||||
27 | File | `admin.php` | Medium
|
||||
28 | File | `admin/` | Low
|
||||
29 | File | `admin/manage-comments.php` | High
|
||||
30 | File | `administration/comments.php` | High
|
||||
31 | File | `administrator/mail/download.cfm` | High
|
||||
32 | File | `AdminViewError/AdminAddadmin` | High
|
||||
33 | File | `admin_edit_comment.php` | High
|
||||
34 | File | `agentdisplay.php` | High
|
||||
35 | File | `ajaxhelper.php` | High
|
||||
36 | File | `album_portal.php` | High
|
||||
|
@ -106,9 +106,10 @@ ID | Type | Indicator | Confidence
|
|||
38 | File | `app/call_centers/cmd.php` | High
|
||||
39 | File | `arch/x86/kvm/hyperv.c` | High
|
||||
40 | File | `auction.cgi` | Medium
|
||||
41 | ... | ... | ...
|
||||
41 | File | `autologin.jsp` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 351 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -74,7 +74,8 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `adclick.php` | Medium
|
||||
12 | File | `admin.php` | Medium
|
||||
13 | File | `admin/conf_users_edit.php` | High
|
||||
14 | ... | ... | ...
|
||||
14 | File | `admin/getparam.cgi` | High
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
# TA578 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [TA578](https://vuldb.com/?actor.ta578). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ta578](https://vuldb.com/?actor.ta578)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with TA578:
|
||||
|
||||
* BumbleBee
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TA578:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of TA578.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [194.165.16.60](https://vuldb.com/?ip.194.165.16.60) | - | BumbleBee | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _TA578_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by TA578. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/common/ticket_associated_tickets.php` | High
|
||||
2 | File | `msg.c` | Low
|
||||
3 | Argument | `title` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://twitter.com/malware_traffic/status/1537168576162979843
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -62,9 +62,10 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/usr/bin/pkexec` | High
|
||||
4 | File | `admin/categories_industry.php` | High
|
||||
5 | File | `admin/content/postcategory` | High
|
||||
6 | ... | ... | ...
|
||||
6 | File | `Adminstrator/Users/Edit/` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 43 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 45 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -154,19 +154,19 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
3 | File | `/admin/powerline` | High
|
||||
4 | File | `/admin/syslog` | High
|
||||
5 | File | `/Ap4RtpAtom.cpp` | High
|
||||
6 | File | `/api/upload` | Medium
|
||||
7 | File | `/bcms/admin/?page=user/list` | High
|
||||
8 | File | `/cgi-bin` | Medium
|
||||
9 | File | `/cgi-bin/kerbynet` | High
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
4 | File | `/admin/powerline` | High
|
||||
5 | File | `/admin/syslog` | High
|
||||
6 | File | `/Ap4RtpAtom.cpp` | High
|
||||
7 | File | `/api/upload` | Medium
|
||||
8 | File | `/bcms/admin/?page=user/list` | High
|
||||
9 | File | `/cgi-bin` | Medium
|
||||
10 | File | `/Config/SaveUploadedHotspotLogoFile` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/fudforum/adm/hlplist.php` | High
|
||||
14 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
13 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
14 | File | `/fuel/sitevariables/delete/4` | High
|
||||
15 | File | `/login` | Low
|
||||
16 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
17 | File | `/mgmt/tm/util/bash` | High
|
||||
|
@ -191,7 +191,7 @@ ID | Type | Indicator | Confidence
|
|||
36 | File | `AccountManagerService.java` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 314 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with TrickBot:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TrickBot:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -27,176 +27,180 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.224.145.145](https://vuldb.com/?ip.3.224.145.145) | ec2-3-224-145-145.compute-1.amazonaws.com | - | Medium
|
||||
2 | [5.1.81.68](https://vuldb.com/?ip.5.1.81.68) | mx4.tarifvergleichbhv.net | - | High
|
||||
3 | [5.2.70.145](https://vuldb.com/?ip.5.2.70.145) | merlinsbeard.co.uk | - | High
|
||||
4 | [5.2.72.84](https://vuldb.com/?ip.5.2.72.84) | cipixia.com | - | High
|
||||
5 | [5.2.75.93](https://vuldb.com/?ip.5.2.75.93) | - | - | High
|
||||
6 | [5.2.75.167](https://vuldb.com/?ip.5.2.75.167) | coms.a9v34.com.cn | - | High
|
||||
7 | [5.2.76.122](https://vuldb.com/?ip.5.2.76.122) | mx3.ximple.eu | - | High
|
||||
8 | [5.34.177.50](https://vuldb.com/?ip.5.34.177.50) | unallocated.layer6.net | - | High
|
||||
9 | [5.34.178.126](https://vuldb.com/?ip.5.34.178.126) | yhlas111410.pserver.ru | - | High
|
||||
10 | [5.39.47.22](https://vuldb.com/?ip.5.39.47.22) | mail.dmgs.site | - | High
|
||||
11 | [5.53.124.49](https://vuldb.com/?ip.5.53.124.49) | dgbtechnologies.com | - | High
|
||||
12 | [5.59.205.32](https://vuldb.com/?ip.5.59.205.32) | dhcp-32-205-59-5.metro86.ru | - | High
|
||||
13 | [5.133.179.108](https://vuldb.com/?ip.5.133.179.108) | 5-133-179-108.freeucouponsnow.ru | - | High
|
||||
14 | [5.149.253.99](https://vuldb.com/?ip.5.149.253.99) | - | - | High
|
||||
15 | [5.182.210.30](https://vuldb.com/?ip.5.182.210.30) | realestatepromotion.ru | - | High
|
||||
16 | [5.182.210.109](https://vuldb.com/?ip.5.182.210.109) | - | - | High
|
||||
17 | [5.182.210.132](https://vuldb.com/?ip.5.182.210.132) | - | - | High
|
||||
18 | [5.182.210.178](https://vuldb.com/?ip.5.182.210.178) | mail.rainingdreams.to | - | High
|
||||
19 | [5.182.210.226](https://vuldb.com/?ip.5.182.210.226) | - | - | High
|
||||
20 | [5.182.210.230](https://vuldb.com/?ip.5.182.210.230) | - | - | High
|
||||
21 | [5.182.210.246](https://vuldb.com/?ip.5.182.210.246) | - | - | High
|
||||
22 | [5.182.210.254](https://vuldb.com/?ip.5.182.210.254) | n01-nlam.kdktech.com | - | High
|
||||
23 | [5.182.211.44](https://vuldb.com/?ip.5.182.211.44) | - | - | High
|
||||
24 | [5.196.247.14](https://vuldb.com/?ip.5.196.247.14) | ip14.ip-5-196-247.eu | - | High
|
||||
25 | [5.230.22.40](https://vuldb.com/?ip.5.230.22.40) | - | - | High
|
||||
26 | [5.255.96.217](https://vuldb.com/?ip.5.255.96.217) | vps11.host1.be | - | High
|
||||
27 | [5.255.96.218](https://vuldb.com/?ip.5.255.96.218) | - | - | High
|
||||
28 | [14.241.244.60](https://vuldb.com/?ip.14.241.244.60) | - | - | High
|
||||
29 | [18.213.79.189](https://vuldb.com/?ip.18.213.79.189) | ec2-18-213-79-189.compute-1.amazonaws.com | - | Medium
|
||||
30 | [18.233.90.151](https://vuldb.com/?ip.18.233.90.151) | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
|
||||
31 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
32 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
33 | [23.3.125.111](https://vuldb.com/?ip.23.3.125.111) | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
|
||||
34 | [23.20.220.174](https://vuldb.com/?ip.23.20.220.174) | ec2-23-20-220-174.compute-1.amazonaws.com | - | Medium
|
||||
35 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
||||
36 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
|
||||
37 | [23.21.121.219](https://vuldb.com/?ip.23.21.121.219) | ec2-23-21-121-219.compute-1.amazonaws.com | - | Medium
|
||||
38 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
|
||||
39 | [23.23.83.153](https://vuldb.com/?ip.23.23.83.153) | ec2-23-23-83-153.compute-1.amazonaws.com | - | Medium
|
||||
40 | [23.23.243.154](https://vuldb.com/?ip.23.23.243.154) | ec2-23-23-243-154.compute-1.amazonaws.com | - | Medium
|
||||
41 | [23.62.6.161](https://vuldb.com/?ip.23.62.6.161) | a23-62-6-161.deploy.static.akamaitechnologies.com | - | High
|
||||
42 | [23.62.6.170](https://vuldb.com/?ip.23.62.6.170) | a23-62-6-170.deploy.static.akamaitechnologies.com | - | High
|
||||
43 | [23.94.233.210](https://vuldb.com/?ip.23.94.233.210) | 23-94-233-210-host.colocrossing.com | - | High
|
||||
44 | [23.95.231.187](https://vuldb.com/?ip.23.95.231.187) | 23-95-231-187-host.colocrossing.com | - | High
|
||||
45 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
|
||||
46 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
|
||||
47 | [23.160.193.106](https://vuldb.com/?ip.23.160.193.106) | unknown.ip-xfer.net | - | High
|
||||
48 | [23.202.231.166](https://vuldb.com/?ip.23.202.231.166) | a23-202-231-166.deploy.static.akamaitechnologies.com | - | High
|
||||
49 | [23.217.138.107](https://vuldb.com/?ip.23.217.138.107) | a23-217-138-107.deploy.static.akamaitechnologies.com | - | High
|
||||
50 | [24.162.214.166](https://vuldb.com/?ip.24.162.214.166) | cpe-24-162-214-166.elp.res.rr.com | - | High
|
||||
51 | [27.72.107.215](https://vuldb.com/?ip.27.72.107.215) | dynamic-adsl.viettel.vn | - | High
|
||||
52 | [27.147.173.227](https://vuldb.com/?ip.27.147.173.227) | 173.227.cetus.link3.net | - | High
|
||||
53 | [31.131.26.122](https://vuldb.com/?ip.31.131.26.122) | - | - | High
|
||||
54 | [31.134.60.181](https://vuldb.com/?ip.31.134.60.181) | 31-134-60-181.telico.pl | - | High
|
||||
55 | [31.134.124.90](https://vuldb.com/?ip.31.134.124.90) | - | - | High
|
||||
56 | [31.172.177.90](https://vuldb.com/?ip.31.172.177.90) | poczta.mp-lift.pl | - | High
|
||||
57 | [31.184.253.6](https://vuldb.com/?ip.31.184.253.6) | - | - | High
|
||||
58 | [31.184.253.37](https://vuldb.com/?ip.31.184.253.37) | models9.vixgrafica.de | - | High
|
||||
59 | [31.202.132.22](https://vuldb.com/?ip.31.202.132.22) | - | - | High
|
||||
60 | [31.211.85.110](https://vuldb.com/?ip.31.211.85.110) | - | - | High
|
||||
61 | [31.214.138.207](https://vuldb.com/?ip.31.214.138.207) | f0a4213918138.rev.snt.net.pl | - | High
|
||||
62 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
|
||||
63 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
|
||||
64 | [34.196.181.158](https://vuldb.com/?ip.34.196.181.158) | ec2-34-196-181-158.compute-1.amazonaws.com | - | Medium
|
||||
65 | [34.198.132.204](https://vuldb.com/?ip.34.198.132.204) | ec2-34-198-132-204.compute-1.amazonaws.com | - | Medium
|
||||
66 | [34.233.102.38](https://vuldb.com/?ip.34.233.102.38) | ec2-34-233-102-38.compute-1.amazonaws.com | - | Medium
|
||||
67 | [36.37.176.6](https://vuldb.com/?ip.36.37.176.6) | - | - | High
|
||||
68 | [36.66.115.180](https://vuldb.com/?ip.36.66.115.180) | - | - | High
|
||||
69 | [36.89.85.103](https://vuldb.com/?ip.36.89.85.103) | - | - | High
|
||||
70 | [36.89.191.119](https://vuldb.com/?ip.36.89.191.119) | - | - | High
|
||||
71 | [36.89.193.181](https://vuldb.com/?ip.36.89.193.181) | - | - | High
|
||||
72 | [36.89.193.235](https://vuldb.com/?ip.36.89.193.235) | - | - | High
|
||||
73 | [36.89.228.201](https://vuldb.com/?ip.36.89.228.201) | - | - | High
|
||||
74 | [36.89.243.241](https://vuldb.com/?ip.36.89.243.241) | - | - | High
|
||||
75 | [36.91.45.10](https://vuldb.com/?ip.36.91.45.10) | - | - | High
|
||||
76 | [36.91.88.164](https://vuldb.com/?ip.36.91.88.164) | - | - | High
|
||||
77 | [36.91.117.231](https://vuldb.com/?ip.36.91.117.231) | - | - | High
|
||||
78 | [36.91.186.235](https://vuldb.com/?ip.36.91.186.235) | - | - | High
|
||||
79 | [36.94.27.124](https://vuldb.com/?ip.36.94.27.124) | - | - | High
|
||||
80 | [36.94.33.102](https://vuldb.com/?ip.36.94.33.102) | - | - | High
|
||||
81 | [36.94.100.202](https://vuldb.com/?ip.36.94.100.202) | - | - | High
|
||||
82 | [36.95.23.89](https://vuldb.com/?ip.36.95.23.89) | - | - | High
|
||||
83 | [36.95.27.243](https://vuldb.com/?ip.36.95.27.243) | - | - | High
|
||||
84 | [37.44.212.179](https://vuldb.com/?ip.37.44.212.179) | - | - | High
|
||||
85 | [37.44.212.216](https://vuldb.com/?ip.37.44.212.216) | - | - | High
|
||||
86 | [37.59.183.142](https://vuldb.com/?ip.37.59.183.142) | - | - | High
|
||||
87 | [37.228.70.134](https://vuldb.com/?ip.37.228.70.134) | - | - | High
|
||||
88 | [37.228.117.146](https://vuldb.com/?ip.37.228.117.146) | metobor.ru | - | High
|
||||
89 | [37.228.117.250](https://vuldb.com/?ip.37.228.117.250) | janome.ru | - | High
|
||||
90 | [37.230.112.146](https://vuldb.com/?ip.37.230.112.146) | audiotop.ru | - | High
|
||||
91 | [37.230.114.93](https://vuldb.com/?ip.37.230.114.93) | admin1.fvds.ru | - | High
|
||||
92 | [37.230.114.248](https://vuldb.com/?ip.37.230.114.248) | kosmolot.com | - | High
|
||||
93 | [37.230.115.129](https://vuldb.com/?ip.37.230.115.129) | dvcarry.fvds.ru | - | High
|
||||
94 | [37.230.115.133](https://vuldb.com/?ip.37.230.115.133) | wdai.io | - | High
|
||||
95 | [37.230.115.138](https://vuldb.com/?ip.37.230.115.138) | i2.com | - | High
|
||||
96 | [37.230.115.171](https://vuldb.com/?ip.37.230.115.171) | geobrox.com | - | High
|
||||
97 | [37.230.115.184](https://vuldb.com/?ip.37.230.115.184) | 21922vdscom.com | - | High
|
||||
98 | [38.132.99.174](https://vuldb.com/?ip.38.132.99.174) | - | - | High
|
||||
99 | [41.77.134.250](https://vuldb.com/?ip.41.77.134.250) | cliente6386477933.clubnet.mz | - | High
|
||||
100 | [41.243.29.182](https://vuldb.com/?ip.41.243.29.182) | 182-29-243-41.r.airtel.cd | - | High
|
||||
101 | [43.245.216.116](https://vuldb.com/?ip.43.245.216.116) | - | - | High
|
||||
102 | [45.5.152.39](https://vuldb.com/?ip.45.5.152.39) | - | - | High
|
||||
103 | [45.6.16.68](https://vuldb.com/?ip.45.6.16.68) | - | - | High
|
||||
104 | [45.14.226.115](https://vuldb.com/?ip.45.14.226.115) | - | - | High
|
||||
105 | [45.36.99.184](https://vuldb.com/?ip.45.36.99.184) | cpe-45-36-99-184.triad.res.rr.com | - | High
|
||||
106 | [45.66.11.116](https://vuldb.com/?ip.45.66.11.116) | vm1488716.2ssd.had.wf | - | High
|
||||
107 | [45.80.148.30](https://vuldb.com/?ip.45.80.148.30) | - | - | High
|
||||
108 | [45.115.172.105](https://vuldb.com/?ip.45.115.172.105) | - | - | High
|
||||
109 | [45.125.1.34](https://vuldb.com/?ip.45.125.1.34) | 45.125.1.34.static.xtom.hk | - | High
|
||||
110 | [45.127.222.8](https://vuldb.com/?ip.45.127.222.8) | - | - | High
|
||||
111 | [45.137.151.198](https://vuldb.com/?ip.45.137.151.198) | ourdiaspora.net | - | High
|
||||
112 | [45.138.158.32](https://vuldb.com/?ip.45.138.158.32) | - | - | High
|
||||
113 | [45.142.213.58](https://vuldb.com/?ip.45.142.213.58) | vm372119.pq.hosting | - | High
|
||||
114 | [45.148.120.153](https://vuldb.com/?ip.45.148.120.153) | - | - | High
|
||||
115 | [45.148.120.195](https://vuldb.com/?ip.45.148.120.195) | pe195.peryon.web.tr | - | High
|
||||
116 | [45.155.173.242](https://vuldb.com/?ip.45.155.173.242) | - | - | High
|
||||
117 | [45.160.145.11](https://vuldb.com/?ip.45.160.145.11) | - | - | High
|
||||
118 | [45.160.145.179](https://vuldb.com/?ip.45.160.145.179) | - | - | High
|
||||
119 | [45.160.145.216](https://vuldb.com/?ip.45.160.145.216) | - | - | High
|
||||
120 | [45.167.249.126](https://vuldb.com/?ip.45.167.249.126) | - | - | High
|
||||
121 | [45.178.142.14](https://vuldb.com/?ip.45.178.142.14) | - | - | High
|
||||
122 | [45.201.134.202](https://vuldb.com/?ip.45.201.134.202) | - | - | High
|
||||
123 | [45.224.214.34](https://vuldb.com/?ip.45.224.214.34) | clientes-214-34.intercommtech.com.br | - | High
|
||||
124 | [45.229.71.211](https://vuldb.com/?ip.45.229.71.211) | static-45-229-71-211.extrememt.com.br | - | High
|
||||
125 | [45.234.248.154](https://vuldb.com/?ip.45.234.248.154) | 45.-234.248-154.rev.voanet.br | - | High
|
||||
126 | [46.4.167.250](https://vuldb.com/?ip.46.4.167.250) | ip-subnet46-4-167.unassigned.theideahosting.net | - | High
|
||||
127 | [46.8.21.10](https://vuldb.com/?ip.46.8.21.10) | 53980.web.hosting-russia.ru | - | High
|
||||
128 | [46.8.21.113](https://vuldb.com/?ip.46.8.21.113) | 64403.web.hosting-russia.ru | - | High
|
||||
129 | [46.30.41.229](https://vuldb.com/?ip.46.30.41.229) | vm494526.eurodir.ru | - | High
|
||||
130 | [46.30.45.208](https://vuldb.com/?ip.46.30.45.208) | vm418209.eurodir.ru | - | High
|
||||
131 | [46.99.175.217](https://vuldb.com/?ip.46.99.175.217) | - | - | High
|
||||
132 | [46.209.140.220](https://vuldb.com/?ip.46.209.140.220) | - | - | High
|
||||
133 | [46.254.128.174](https://vuldb.com/?ip.46.254.128.174) | 46.254.128.174.lanultra.net | - | High
|
||||
134 | [49.156.34.134](https://vuldb.com/?ip.49.156.34.134) | - | - | High
|
||||
135 | [50.16.229.140](https://vuldb.com/?ip.50.16.229.140) | ec2-50-16-229-140.compute-1.amazonaws.com | - | Medium
|
||||
136 | [50.19.247.198](https://vuldb.com/?ip.50.19.247.198) | ec2-50-19-247-198.compute-1.amazonaws.com | - | Medium
|
||||
137 | [51.38.101.194](https://vuldb.com/?ip.51.38.101.194) | - | - | High
|
||||
138 | [51.68.247.62](https://vuldb.com/?ip.51.68.247.62) | ip62.ip-51-68-247.eu | - | High
|
||||
139 | [51.77.92.215](https://vuldb.com/?ip.51.77.92.215) | - | - | High
|
||||
140 | [51.81.112.144](https://vuldb.com/?ip.51.81.112.144) | - | - | High
|
||||
141 | [51.89.73.159](https://vuldb.com/?ip.51.89.73.159) | theladbible.site | - | High
|
||||
142 | [51.89.115.101](https://vuldb.com/?ip.51.89.115.101) | secure-3111.buzztary.com | - | High
|
||||
143 | [51.89.115.108](https://vuldb.com/?ip.51.89.115.108) | coms.jt120.com.cn | - | High
|
||||
144 | [51.89.115.110](https://vuldb.com/?ip.51.89.115.110) | pocket-usage.nationfox.net | - | High
|
||||
145 | [51.89.115.112](https://vuldb.com/?ip.51.89.115.112) | brides-crude.nationfox.net | - | High
|
||||
146 | [51.89.115.116](https://vuldb.com/?ip.51.89.115.116) | tombe.nationfox.net | - | High
|
||||
147 | [51.89.115.121](https://vuldb.com/?ip.51.89.115.121) | mail1.cmailer.online | - | High
|
||||
148 | [51.89.115.124](https://vuldb.com/?ip.51.89.115.124) | mta.ga-emailcamel.com | - | High
|
||||
149 | [51.89.177.20](https://vuldb.com/?ip.51.89.177.20) | ip20.ip-51-89-177.eu | - | High
|
||||
150 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
|
||||
151 | [51.254.69.244](https://vuldb.com/?ip.51.254.69.244) | - | - | High
|
||||
152 | [51.254.83.17](https://vuldb.com/?ip.51.254.83.17) | ip17.ip-51-254-83.eu | - | High
|
||||
153 | [51.254.164.243](https://vuldb.com/?ip.51.254.164.243) | amortizserv.info | - | High
|
||||
154 | [51.254.164.244](https://vuldb.com/?ip.51.254.164.244) | y9gs.gaurented.com | - | High
|
||||
155 | [51.254.164.245](https://vuldb.com/?ip.51.254.164.245) | ip245.ip-51-254-164.eu | - | High
|
||||
156 | [51.254.164.249](https://vuldb.com/?ip.51.254.164.249) | ip249.ip-51-254-164.eu | - | High
|
||||
157 | [52.0.197.231](https://vuldb.com/?ip.52.0.197.231) | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
|
||||
158 | [52.20.197.7](https://vuldb.com/?ip.52.20.197.7) | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
|
||||
159 | [52.44.169.135](https://vuldb.com/?ip.52.44.169.135) | ec2-52-44-169-135.compute-1.amazonaws.com | - | Medium
|
||||
160 | [52.55.255.113](https://vuldb.com/?ip.52.55.255.113) | ec2-52-55-255-113.compute-1.amazonaws.com | - | Medium
|
||||
161 | [52.202.139.131](https://vuldb.com/?ip.52.202.139.131) | ec2-52-202-139-131.compute-1.amazonaws.com | - | Medium
|
||||
162 | [52.204.109.97](https://vuldb.com/?ip.52.204.109.97) | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium
|
||||
163 | [52.206.161.133](https://vuldb.com/?ip.52.206.161.133) | ec2-52-206-161-133.compute-1.amazonaws.com | - | Medium
|
||||
164 | [52.206.178.1](https://vuldb.com/?ip.52.206.178.1) | ec2-52-206-178-1.compute-1.amazonaws.com | - | Medium
|
||||
165 | [54.39.106.25](https://vuldb.com/?ip.54.39.106.25) | ns560342.ip-54-39-106.net | - | High
|
||||
166 | [54.204.36.156](https://vuldb.com/?ip.54.204.36.156) | ec2-54-204-36-156.compute-1.amazonaws.com | - | Medium
|
||||
167 | [54.221.253.252](https://vuldb.com/?ip.54.221.253.252) | ec2-54-221-253-252.compute-1.amazonaws.com | - | Medium
|
||||
168 | ... | ... | ... | ...
|
||||
1 | [3.209.171.143](https://vuldb.com/?ip.3.209.171.143) | ec2-3-209-171-143.compute-1.amazonaws.com | - | Medium
|
||||
2 | [3.217.175.153](https://vuldb.com/?ip.3.217.175.153) | ec2-3-217-175-153.compute-1.amazonaws.com | - | Medium
|
||||
3 | [3.224.145.145](https://vuldb.com/?ip.3.224.145.145) | ec2-3-224-145-145.compute-1.amazonaws.com | - | Medium
|
||||
4 | [3.231.23.10](https://vuldb.com/?ip.3.231.23.10) | ec2-3-231-23-10.compute-1.amazonaws.com | - | Medium
|
||||
5 | [5.1.81.68](https://vuldb.com/?ip.5.1.81.68) | mx4.tarifvergleichbhv.net | - | High
|
||||
6 | [5.2.70.145](https://vuldb.com/?ip.5.2.70.145) | merlinsbeard.co.uk | - | High
|
||||
7 | [5.2.72.84](https://vuldb.com/?ip.5.2.72.84) | cipixia.com | - | High
|
||||
8 | [5.2.75.93](https://vuldb.com/?ip.5.2.75.93) | - | - | High
|
||||
9 | [5.2.75.167](https://vuldb.com/?ip.5.2.75.167) | coms.a9v34.com.cn | - | High
|
||||
10 | [5.2.76.122](https://vuldb.com/?ip.5.2.76.122) | mx3.ximple.eu | - | High
|
||||
11 | [5.34.177.50](https://vuldb.com/?ip.5.34.177.50) | unallocated.layer6.net | - | High
|
||||
12 | [5.34.178.126](https://vuldb.com/?ip.5.34.178.126) | yhlas111410.pserver.ru | - | High
|
||||
13 | [5.39.47.22](https://vuldb.com/?ip.5.39.47.22) | mail.dmgs.site | - | High
|
||||
14 | [5.53.124.49](https://vuldb.com/?ip.5.53.124.49) | dgbtechnologies.com | - | High
|
||||
15 | [5.59.205.32](https://vuldb.com/?ip.5.59.205.32) | dhcp-32-205-59-5.metro86.ru | - | High
|
||||
16 | [5.133.179.108](https://vuldb.com/?ip.5.133.179.108) | 5-133-179-108.freeucouponsnow.ru | - | High
|
||||
17 | [5.149.253.99](https://vuldb.com/?ip.5.149.253.99) | - | - | High
|
||||
18 | [5.182.210.30](https://vuldb.com/?ip.5.182.210.30) | realestatepromotion.ru | - | High
|
||||
19 | [5.182.210.109](https://vuldb.com/?ip.5.182.210.109) | - | - | High
|
||||
20 | [5.182.210.132](https://vuldb.com/?ip.5.182.210.132) | - | - | High
|
||||
21 | [5.182.210.178](https://vuldb.com/?ip.5.182.210.178) | mail.rainingdreams.to | - | High
|
||||
22 | [5.182.210.226](https://vuldb.com/?ip.5.182.210.226) | - | - | High
|
||||
23 | [5.182.210.230](https://vuldb.com/?ip.5.182.210.230) | - | - | High
|
||||
24 | [5.182.210.246](https://vuldb.com/?ip.5.182.210.246) | - | - | High
|
||||
25 | [5.182.210.254](https://vuldb.com/?ip.5.182.210.254) | n01-nlam.kdktech.com | - | High
|
||||
26 | [5.182.211.44](https://vuldb.com/?ip.5.182.211.44) | - | - | High
|
||||
27 | [5.196.247.14](https://vuldb.com/?ip.5.196.247.14) | ip14.ip-5-196-247.eu | - | High
|
||||
28 | [5.230.22.40](https://vuldb.com/?ip.5.230.22.40) | - | - | High
|
||||
29 | [5.255.96.217](https://vuldb.com/?ip.5.255.96.217) | vps11.host1.be | - | High
|
||||
30 | [5.255.96.218](https://vuldb.com/?ip.5.255.96.218) | - | - | High
|
||||
31 | [14.241.244.60](https://vuldb.com/?ip.14.241.244.60) | - | - | High
|
||||
32 | [18.213.79.189](https://vuldb.com/?ip.18.213.79.189) | ec2-18-213-79-189.compute-1.amazonaws.com | - | Medium
|
||||
33 | [18.233.90.151](https://vuldb.com/?ip.18.233.90.151) | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
|
||||
34 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
35 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
36 | [23.3.125.111](https://vuldb.com/?ip.23.3.125.111) | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
|
||||
37 | [23.19.31.135](https://vuldb.com/?ip.23.19.31.135) | - | - | High
|
||||
38 | [23.20.220.174](https://vuldb.com/?ip.23.20.220.174) | ec2-23-20-220-174.compute-1.amazonaws.com | - | Medium
|
||||
39 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
||||
40 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
|
||||
41 | [23.21.121.219](https://vuldb.com/?ip.23.21.121.219) | ec2-23-21-121-219.compute-1.amazonaws.com | - | Medium
|
||||
42 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
|
||||
43 | [23.23.83.153](https://vuldb.com/?ip.23.23.83.153) | ec2-23-23-83-153.compute-1.amazonaws.com | - | Medium
|
||||
44 | [23.23.243.154](https://vuldb.com/?ip.23.23.243.154) | ec2-23-23-243-154.compute-1.amazonaws.com | - | Medium
|
||||
45 | [23.62.6.161](https://vuldb.com/?ip.23.62.6.161) | a23-62-6-161.deploy.static.akamaitechnologies.com | - | High
|
||||
46 | [23.62.6.170](https://vuldb.com/?ip.23.62.6.170) | a23-62-6-170.deploy.static.akamaitechnologies.com | - | High
|
||||
47 | [23.94.233.210](https://vuldb.com/?ip.23.94.233.210) | 23-94-233-210-host.colocrossing.com | - | High
|
||||
48 | [23.95.231.187](https://vuldb.com/?ip.23.95.231.187) | 23-95-231-187-host.colocrossing.com | - | High
|
||||
49 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
|
||||
50 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
|
||||
51 | [23.160.193.106](https://vuldb.com/?ip.23.160.193.106) | unknown.ip-xfer.net | - | High
|
||||
52 | [23.202.231.166](https://vuldb.com/?ip.23.202.231.166) | a23-202-231-166.deploy.static.akamaitechnologies.com | - | High
|
||||
53 | [23.217.138.107](https://vuldb.com/?ip.23.217.138.107) | a23-217-138-107.deploy.static.akamaitechnologies.com | - | High
|
||||
54 | [24.162.214.166](https://vuldb.com/?ip.24.162.214.166) | cpe-24-162-214-166.elp.res.rr.com | - | High
|
||||
55 | [27.72.107.215](https://vuldb.com/?ip.27.72.107.215) | dynamic-adsl.viettel.vn | - | High
|
||||
56 | [27.147.173.227](https://vuldb.com/?ip.27.147.173.227) | 173.227.cetus.link3.net | - | High
|
||||
57 | [31.131.26.122](https://vuldb.com/?ip.31.131.26.122) | - | - | High
|
||||
58 | [31.134.60.181](https://vuldb.com/?ip.31.134.60.181) | 31-134-60-181.telico.pl | - | High
|
||||
59 | [31.134.124.90](https://vuldb.com/?ip.31.134.124.90) | - | - | High
|
||||
60 | [31.172.177.90](https://vuldb.com/?ip.31.172.177.90) | poczta.mp-lift.pl | - | High
|
||||
61 | [31.184.253.6](https://vuldb.com/?ip.31.184.253.6) | - | - | High
|
||||
62 | [31.184.253.37](https://vuldb.com/?ip.31.184.253.37) | models9.vixgrafica.de | - | High
|
||||
63 | [31.202.132.22](https://vuldb.com/?ip.31.202.132.22) | - | - | High
|
||||
64 | [31.211.85.110](https://vuldb.com/?ip.31.211.85.110) | - | - | High
|
||||
65 | [31.214.138.207](https://vuldb.com/?ip.31.214.138.207) | f0a4213918138.rev.snt.net.pl | - | High
|
||||
66 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
|
||||
67 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
|
||||
68 | [34.196.181.158](https://vuldb.com/?ip.34.196.181.158) | ec2-34-196-181-158.compute-1.amazonaws.com | - | Medium
|
||||
69 | [34.198.132.204](https://vuldb.com/?ip.34.198.132.204) | ec2-34-198-132-204.compute-1.amazonaws.com | - | Medium
|
||||
70 | [34.233.102.38](https://vuldb.com/?ip.34.233.102.38) | ec2-34-233-102-38.compute-1.amazonaws.com | - | Medium
|
||||
71 | [36.37.176.6](https://vuldb.com/?ip.36.37.176.6) | - | - | High
|
||||
72 | [36.66.115.180](https://vuldb.com/?ip.36.66.115.180) | - | - | High
|
||||
73 | [36.89.85.103](https://vuldb.com/?ip.36.89.85.103) | - | - | High
|
||||
74 | [36.89.191.119](https://vuldb.com/?ip.36.89.191.119) | - | - | High
|
||||
75 | [36.89.193.181](https://vuldb.com/?ip.36.89.193.181) | - | - | High
|
||||
76 | [36.89.193.235](https://vuldb.com/?ip.36.89.193.235) | - | - | High
|
||||
77 | [36.89.228.201](https://vuldb.com/?ip.36.89.228.201) | - | - | High
|
||||
78 | [36.89.243.241](https://vuldb.com/?ip.36.89.243.241) | - | - | High
|
||||
79 | [36.91.45.10](https://vuldb.com/?ip.36.91.45.10) | - | - | High
|
||||
80 | [36.91.88.164](https://vuldb.com/?ip.36.91.88.164) | - | - | High
|
||||
81 | [36.91.117.231](https://vuldb.com/?ip.36.91.117.231) | - | - | High
|
||||
82 | [36.91.186.235](https://vuldb.com/?ip.36.91.186.235) | - | - | High
|
||||
83 | [36.94.27.124](https://vuldb.com/?ip.36.94.27.124) | - | - | High
|
||||
84 | [36.94.33.102](https://vuldb.com/?ip.36.94.33.102) | - | - | High
|
||||
85 | [36.94.100.202](https://vuldb.com/?ip.36.94.100.202) | - | - | High
|
||||
86 | [36.95.23.89](https://vuldb.com/?ip.36.95.23.89) | - | - | High
|
||||
87 | [36.95.27.243](https://vuldb.com/?ip.36.95.27.243) | - | - | High
|
||||
88 | [37.44.212.179](https://vuldb.com/?ip.37.44.212.179) | - | - | High
|
||||
89 | [37.44.212.216](https://vuldb.com/?ip.37.44.212.216) | - | - | High
|
||||
90 | [37.59.183.142](https://vuldb.com/?ip.37.59.183.142) | - | - | High
|
||||
91 | [37.228.70.134](https://vuldb.com/?ip.37.228.70.134) | - | - | High
|
||||
92 | [37.228.117.146](https://vuldb.com/?ip.37.228.117.146) | metobor.ru | - | High
|
||||
93 | [37.228.117.250](https://vuldb.com/?ip.37.228.117.250) | janome.ru | - | High
|
||||
94 | [37.230.112.146](https://vuldb.com/?ip.37.230.112.146) | audiotop.ru | - | High
|
||||
95 | [37.230.114.93](https://vuldb.com/?ip.37.230.114.93) | admin1.fvds.ru | - | High
|
||||
96 | [37.230.114.248](https://vuldb.com/?ip.37.230.114.248) | kosmolot.com | - | High
|
||||
97 | [37.230.115.129](https://vuldb.com/?ip.37.230.115.129) | dvcarry.fvds.ru | - | High
|
||||
98 | [37.230.115.133](https://vuldb.com/?ip.37.230.115.133) | wdai.io | - | High
|
||||
99 | [37.230.115.138](https://vuldb.com/?ip.37.230.115.138) | i2.com | - | High
|
||||
100 | [37.230.115.171](https://vuldb.com/?ip.37.230.115.171) | geobrox.com | - | High
|
||||
101 | [37.230.115.184](https://vuldb.com/?ip.37.230.115.184) | 21922vdscom.com | - | High
|
||||
102 | [38.132.99.174](https://vuldb.com/?ip.38.132.99.174) | - | - | High
|
||||
103 | [41.77.134.250](https://vuldb.com/?ip.41.77.134.250) | cliente6386477933.clubnet.mz | - | High
|
||||
104 | [41.243.29.182](https://vuldb.com/?ip.41.243.29.182) | 182-29-243-41.r.airtel.cd | - | High
|
||||
105 | [43.245.216.116](https://vuldb.com/?ip.43.245.216.116) | - | - | High
|
||||
106 | [45.5.152.39](https://vuldb.com/?ip.45.5.152.39) | - | - | High
|
||||
107 | [45.6.16.68](https://vuldb.com/?ip.45.6.16.68) | - | - | High
|
||||
108 | [45.14.226.115](https://vuldb.com/?ip.45.14.226.115) | - | - | High
|
||||
109 | [45.36.99.184](https://vuldb.com/?ip.45.36.99.184) | cpe-45-36-99-184.triad.res.rr.com | - | High
|
||||
110 | [45.66.11.116](https://vuldb.com/?ip.45.66.11.116) | vm1488716.2ssd.had.wf | - | High
|
||||
111 | [45.80.148.30](https://vuldb.com/?ip.45.80.148.30) | - | - | High
|
||||
112 | [45.115.172.105](https://vuldb.com/?ip.45.115.172.105) | - | - | High
|
||||
113 | [45.125.1.34](https://vuldb.com/?ip.45.125.1.34) | 45.125.1.34.static.xtom.hk | - | High
|
||||
114 | [45.127.222.8](https://vuldb.com/?ip.45.127.222.8) | - | - | High
|
||||
115 | [45.137.151.198](https://vuldb.com/?ip.45.137.151.198) | ourdiaspora.net | - | High
|
||||
116 | [45.138.158.32](https://vuldb.com/?ip.45.138.158.32) | - | - | High
|
||||
117 | [45.142.213.58](https://vuldb.com/?ip.45.142.213.58) | vm372119.pq.hosting | - | High
|
||||
118 | [45.148.120.153](https://vuldb.com/?ip.45.148.120.153) | - | - | High
|
||||
119 | [45.148.120.195](https://vuldb.com/?ip.45.148.120.195) | pe195.peryon.web.tr | - | High
|
||||
120 | [45.155.173.242](https://vuldb.com/?ip.45.155.173.242) | - | - | High
|
||||
121 | [45.160.145.11](https://vuldb.com/?ip.45.160.145.11) | - | - | High
|
||||
122 | [45.160.145.179](https://vuldb.com/?ip.45.160.145.179) | - | - | High
|
||||
123 | [45.160.145.216](https://vuldb.com/?ip.45.160.145.216) | - | - | High
|
||||
124 | [45.167.249.126](https://vuldb.com/?ip.45.167.249.126) | - | - | High
|
||||
125 | [45.178.142.14](https://vuldb.com/?ip.45.178.142.14) | - | - | High
|
||||
126 | [45.201.134.202](https://vuldb.com/?ip.45.201.134.202) | - | - | High
|
||||
127 | [45.224.214.34](https://vuldb.com/?ip.45.224.214.34) | clientes-214-34.intercommtech.com.br | - | High
|
||||
128 | [45.229.71.211](https://vuldb.com/?ip.45.229.71.211) | static-45-229-71-211.extrememt.com.br | - | High
|
||||
129 | [45.234.248.154](https://vuldb.com/?ip.45.234.248.154) | 45.-234.248-154.rev.voanet.br | - | High
|
||||
130 | [46.4.167.250](https://vuldb.com/?ip.46.4.167.250) | ip-subnet46-4-167.unassigned.theideahosting.net | - | High
|
||||
131 | [46.8.21.10](https://vuldb.com/?ip.46.8.21.10) | 53980.web.hosting-russia.ru | - | High
|
||||
132 | [46.8.21.113](https://vuldb.com/?ip.46.8.21.113) | 64403.web.hosting-russia.ru | - | High
|
||||
133 | [46.30.41.229](https://vuldb.com/?ip.46.30.41.229) | vm494526.eurodir.ru | - | High
|
||||
134 | [46.30.45.208](https://vuldb.com/?ip.46.30.45.208) | vm418209.eurodir.ru | - | High
|
||||
135 | [46.99.175.217](https://vuldb.com/?ip.46.99.175.217) | - | - | High
|
||||
136 | [46.209.140.220](https://vuldb.com/?ip.46.209.140.220) | - | - | High
|
||||
137 | [46.237.117.193](https://vuldb.com/?ip.46.237.117.193) | - | - | High
|
||||
138 | [46.254.128.174](https://vuldb.com/?ip.46.254.128.174) | 46.254.128.174.lanultra.net | - | High
|
||||
139 | [49.156.34.134](https://vuldb.com/?ip.49.156.34.134) | - | - | High
|
||||
140 | [50.16.229.140](https://vuldb.com/?ip.50.16.229.140) | ec2-50-16-229-140.compute-1.amazonaws.com | - | Medium
|
||||
141 | [50.19.247.198](https://vuldb.com/?ip.50.19.247.198) | ec2-50-19-247-198.compute-1.amazonaws.com | - | Medium
|
||||
142 | [51.38.101.194](https://vuldb.com/?ip.51.38.101.194) | - | - | High
|
||||
143 | [51.68.247.62](https://vuldb.com/?ip.51.68.247.62) | ip62.ip-51-68-247.eu | - | High
|
||||
144 | [51.77.92.215](https://vuldb.com/?ip.51.77.92.215) | - | - | High
|
||||
145 | [51.81.112.144](https://vuldb.com/?ip.51.81.112.144) | - | - | High
|
||||
146 | [51.89.73.159](https://vuldb.com/?ip.51.89.73.159) | theladbible.site | - | High
|
||||
147 | [51.89.115.101](https://vuldb.com/?ip.51.89.115.101) | secure-3111.buzztary.com | - | High
|
||||
148 | [51.89.115.108](https://vuldb.com/?ip.51.89.115.108) | coms.jt120.com.cn | - | High
|
||||
149 | [51.89.115.110](https://vuldb.com/?ip.51.89.115.110) | pocket-usage.nationfox.net | - | High
|
||||
150 | [51.89.115.112](https://vuldb.com/?ip.51.89.115.112) | brides-crude.nationfox.net | - | High
|
||||
151 | [51.89.115.116](https://vuldb.com/?ip.51.89.115.116) | tombe.nationfox.net | - | High
|
||||
152 | [51.89.115.121](https://vuldb.com/?ip.51.89.115.121) | mail1.cmailer.online | - | High
|
||||
153 | [51.89.115.124](https://vuldb.com/?ip.51.89.115.124) | mta.ga-emailcamel.com | - | High
|
||||
154 | [51.89.177.20](https://vuldb.com/?ip.51.89.177.20) | ip20.ip-51-89-177.eu | - | High
|
||||
155 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
|
||||
156 | [51.254.69.244](https://vuldb.com/?ip.51.254.69.244) | - | - | High
|
||||
157 | [51.254.83.17](https://vuldb.com/?ip.51.254.83.17) | ip17.ip-51-254-83.eu | - | High
|
||||
158 | [51.254.164.243](https://vuldb.com/?ip.51.254.164.243) | amortizserv.info | - | High
|
||||
159 | [51.254.164.244](https://vuldb.com/?ip.51.254.164.244) | y9gs.gaurented.com | - | High
|
||||
160 | [51.254.164.245](https://vuldb.com/?ip.51.254.164.245) | ip245.ip-51-254-164.eu | - | High
|
||||
161 | [51.254.164.249](https://vuldb.com/?ip.51.254.164.249) | ip249.ip-51-254-164.eu | - | High
|
||||
162 | [52.0.197.231](https://vuldb.com/?ip.52.0.197.231) | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
|
||||
163 | [52.20.78.240](https://vuldb.com/?ip.52.20.78.240) | ec2-52-20-78-240.compute-1.amazonaws.com | - | Medium
|
||||
164 | [52.20.197.7](https://vuldb.com/?ip.52.20.197.7) | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
|
||||
165 | [52.44.169.135](https://vuldb.com/?ip.52.44.169.135) | ec2-52-44-169-135.compute-1.amazonaws.com | - | Medium
|
||||
166 | [52.55.255.113](https://vuldb.com/?ip.52.55.255.113) | ec2-52-55-255-113.compute-1.amazonaws.com | - | Medium
|
||||
167 | [52.202.139.131](https://vuldb.com/?ip.52.202.139.131) | ec2-52-202-139-131.compute-1.amazonaws.com | - | Medium
|
||||
168 | [52.204.109.97](https://vuldb.com/?ip.52.204.109.97) | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium
|
||||
169 | [52.206.161.133](https://vuldb.com/?ip.52.206.161.133) | ec2-52-206-161-133.compute-1.amazonaws.com | - | Medium
|
||||
170 | [52.206.178.1](https://vuldb.com/?ip.52.206.178.1) | ec2-52-206-178-1.compute-1.amazonaws.com | - | Medium
|
||||
171 | [54.39.106.25](https://vuldb.com/?ip.54.39.106.25) | ns560342.ip-54-39-106.net | - | High
|
||||
172 | ... | ... | ... | ...
|
||||
|
||||
There are 667 more IOC items available. Please use our online service to access the data.
|
||||
There are 685 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -205,11 +209,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -217,35 +221,22 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
||||
4 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
5 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
|
||||
6 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
7 | File | `/admin/new-content` | High
|
||||
8 | File | `/Ap4RtpAtom.cpp` | High
|
||||
9 | File | `/bcms/admin/?page=user/list` | High
|
||||
10 | File | `/cgi-bin/login.cgi` | High
|
||||
11 | File | `/cgi-bin/luci/api/auth` | High
|
||||
12 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
13 | File | `/cgi-bin/luci/api/switch` | High
|
||||
14 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
15 | File | `/coreframe/app/member/admin/group.php` | High
|
||||
16 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
17 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
18 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
19 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
20 | File | `/ctpms/classes/Master.php?f=delete_application` | High
|
||||
21 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/dict/list.do` | High
|
||||
24 | File | `/fantasticblog/single.php` | High
|
||||
25 | File | `/farm/store.php` | High
|
||||
26 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
27 | ... | ... | ...
|
||||
1 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
2 | File | `/alarm_pi/alarmService.php` | High
|
||||
3 | File | `/bsms/?page=manage_account` | High
|
||||
4 | File | `/company` | Medium
|
||||
5 | File | `/company/account/safety/trade` | High
|
||||
6 | File | `/company/down_resume/total/nature` | High
|
||||
7 | File | `/company/service/increment/add/im` | High
|
||||
8 | File | `/company/view_be_browsed/total` | High
|
||||
9 | File | `/dashboard/blocks/stacks/view_details/` | High
|
||||
10 | File | `/dashboard/reports/logs/view` | High
|
||||
11 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
12 | File | `/dashboard/system/express/entities/forms/save_control/[GUID]` | High
|
||||
13 | File | `/freelance/resume_list` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 109 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -285,6 +276,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/11/threat-roundup-1105-1112.html
|
||||
* https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
|
||||
* https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html
|
||||
* https://blog.talosintelligence.com/2022/06/threat-roundup-0617-0624.html
|
||||
* https://blogs.blackberry.com/en/2019/09/blackberry-cylance-vs-trickbot-infostealer-malware
|
||||
* https://feodotracker.abuse.ch/downloads/ipblocklist.csv
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20Trickbot%20IOCs
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
@ -330,7 +330,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -338,34 +338,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/edit.php` | High
|
||||
2 | File | `/admin/new-content` | High
|
||||
3 | File | `/ad_js.php` | Medium
|
||||
4 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
5 | File | `/backups/` | Medium
|
||||
6 | File | `/bcms/admin/?page=user/list` | High
|
||||
7 | File | `/blog/blog.php` | High
|
||||
8 | File | `/cardo/api` | Medium
|
||||
9 | File | `/cgi-bin/login.cgi` | High
|
||||
10 | File | `/cgi-bin/luci/api/auth` | High
|
||||
11 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
12 | File | `/cgi-bin/luci/api/switch` | High
|
||||
13 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
14 | File | `/cgi-mod/lookup.cgi` | High
|
||||
15 | File | `/edit-db.php` | Medium
|
||||
16 | File | `/etc/networkd-dispatcher` | High
|
||||
17 | File | `/fantasticblog/single.php` | High
|
||||
18 | File | `/goform/AdvSetLanIp` | High
|
||||
19 | File | `/goform/editassignment` | High
|
||||
20 | File | `/goform/form2IPQoSTcAdd` | High
|
||||
21 | File | `/goform/setDeviceSettings` | High
|
||||
22 | File | `/goform/setMacFilterCfg` | High
|
||||
23 | File | `/goform/SetNetControlList` | High
|
||||
24 | File | `/goform/setNetworkLan` | High
|
||||
25 | File | `/goform/setpptpservercfg` | High
|
||||
26 | ... | ... | ...
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin.php/pic/admin/lists/zhuan` | High
|
||||
3 | File | `/admin/?page=inmates/view_inmate` | High
|
||||
4 | File | `/admin/?page=system_info/contact_info` | High
|
||||
5 | File | `/admin/new-content` | High
|
||||
6 | File | `/admin/sign/out` | High
|
||||
7 | File | `/ad_js.php` | Medium
|
||||
8 | File | `/backups/` | Medium
|
||||
9 | File | `/bcms/admin/?page=user/list` | High
|
||||
10 | File | `/cardo/api` | Medium
|
||||
11 | File | `/cgi-bin/login.cgi` | High
|
||||
12 | File | `/cgi-bin/luci/api/auth` | High
|
||||
13 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
14 | File | `/cgi-bin/luci/api/switch` | High
|
||||
15 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
16 | File | `/cgi-mod/lookup.cgi` | High
|
||||
17 | File | `/classes/Users.php?f=save` | High
|
||||
18 | File | `/edit-db.php` | Medium
|
||||
19 | File | `/etc/networkd-dispatcher` | High
|
||||
20 | File | `/etc/shadow.sample` | High
|
||||
21 | File | `/fantasticblog/single.php` | High
|
||||
22 | File | `/goform/AdvSetLanIp` | High
|
||||
23 | File | `/goform/editassignment` | High
|
||||
24 | File | `/goform/form2IPQoSTcAdd` | High
|
||||
25 | File | `/goform/saveParentControlInfo` | High
|
||||
26 | File | `/goform/setDeviceSettings` | High
|
||||
27 | File | `/goform/SetFirewallCfg` | High
|
||||
28 | File | `/goform/setMacFilterCfg` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 222 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 249 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
本差異變更的檔案數量過多導致部分檔案未顯示 顯示更多
載入中…
新增問題並參考