Update June 2023
This commit is contained in:
parent
4357a66095
commit
b057cc617d
|
@ -64,35 +64,36 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/Admin/login.php` | High
|
||||
8 | File | `/admin/products/manage_product.php` | High
|
||||
9 | File | `/admin/user/manage_user.php` | High
|
||||
10 | File | `/api/upload` | Medium
|
||||
11 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
12 | File | `/cms/category/list` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/Default/Bd` | Medium
|
||||
15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
16 | File | `/domain/add` | Medium
|
||||
17 | File | `/donor-wall` | Medium
|
||||
18 | File | `/ebics-server/ebics.aspx` | High
|
||||
19 | File | `/esbus/servlet/GetSQLData` | High
|
||||
20 | File | `/film-rating.php` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goform/formLogin` | High
|
||||
23 | File | `/HNAP1` | Low
|
||||
24 | File | `/horde/util/go.php` | High
|
||||
25 | File | `/ishttpd/localweb/java/` | High
|
||||
26 | File | `/KK_LS9ReportingPortal/GetData` | High
|
||||
27 | File | `/mcategory.php` | High
|
||||
28 | File | `/out.php` | Medium
|
||||
29 | File | `/p` | Low
|
||||
30 | File | `/pages/processlogin.php` | High
|
||||
31 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
32 | File | `/services/Card/findUser` | High
|
||||
33 | File | `/template/edit` | High
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/usr/bin/uucp` | High
|
||||
36 | ... | ... | ...
|
||||
10 | File | `/ajax.php?action=read_msg` | High
|
||||
11 | File | `/api/upload` | Medium
|
||||
12 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
13 | File | `/cms/category/list` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/Default/Bd` | Medium
|
||||
16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
17 | File | `/domain/add` | Medium
|
||||
18 | File | `/donor-wall` | Medium
|
||||
19 | File | `/ebics-server/ebics.aspx` | High
|
||||
20 | File | `/esbus/servlet/GetSQLData` | High
|
||||
21 | File | `/film-rating.php` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goform/formLogin` | High
|
||||
24 | File | `/HNAP1` | Low
|
||||
25 | File | `/horde/util/go.php` | High
|
||||
26 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
27 | File | `/ishttpd/localweb/java/` | High
|
||||
28 | File | `/KK_LS9ReportingPortal/GetData` | High
|
||||
29 | File | `/mcategory.php` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/p` | Low
|
||||
32 | File | `/pages/processlogin.php` | High
|
||||
33 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
34 | File | `/services/Card/findUser` | High
|
||||
35 | File | `/template/edit` | High
|
||||
36 | File | `/uncpath/` | Medium
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 320 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -115,47 +115,48 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/file?action=download&file` | High
|
||||
9 | File | `/hardware` | Medium
|
||||
10 | File | `/index.php` | Medium
|
||||
11 | File | `/messageboard/view.php` | High
|
||||
12 | File | `/mgmt/tm/util/bash` | High
|
||||
13 | File | `/mkshop/Men/profile.php` | High
|
||||
14 | File | `/modules/projects/vw_files.php` | High
|
||||
15 | File | `/monitoring` | Medium
|
||||
16 | File | `/MTFWU` | Low
|
||||
17 | File | `/Noxen-master/users.php` | High
|
||||
18 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
19 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
20 | File | `/plugins/servlet/audit/resource` | High
|
||||
21 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
22 | File | `/REBOOTSYSTEM` | High
|
||||
23 | File | `/replication` | Medium
|
||||
24 | File | `/RestAPI` | Medium
|
||||
25 | File | `/servlet/webacc` | High
|
||||
26 | File | `/textpattern/index.php` | High
|
||||
27 | File | `/tmp/zarafa-vacation-*` | High
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/upload` | Low
|
||||
30 | File | `/user/loader.php?api=1` | High
|
||||
31 | File | `/usr/bin/at` | Medium
|
||||
32 | File | `/var/log/nginx` | High
|
||||
33 | File | `/var/run/watchman.pid` | High
|
||||
34 | File | `/viewer/krpano.html` | High
|
||||
35 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
36 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
37 | File | `20review.asp` | Medium
|
||||
38 | File | `account.asp` | Medium
|
||||
39 | File | `ActivityManagerService.java` | High
|
||||
40 | File | `additem.asp` | Medium
|
||||
41 | File | `admin.a6mambocredits.php` | High
|
||||
42 | File | `admin.cropcanvas.php` | High
|
||||
43 | File | `admin.joomlaradiov5.php` | High
|
||||
44 | File | `admin.php` | Medium
|
||||
45 | File | `admin.remository.php` | High
|
||||
46 | File | `admin/addons/archive/archive.php` | High
|
||||
47 | File | `adminAvatars.php` | High
|
||||
48 | File | `AdxDSrv.exe` | Medium
|
||||
49 | ... | ... | ...
|
||||
11 | File | `/librarian/bookdetails.php` | High
|
||||
12 | File | `/messageboard/view.php` | High
|
||||
13 | File | `/mgmt/tm/util/bash` | High
|
||||
14 | File | `/mkshop/Men/profile.php` | High
|
||||
15 | File | `/modules/projects/vw_files.php` | High
|
||||
16 | File | `/monitoring` | Medium
|
||||
17 | File | `/MTFWU` | Low
|
||||
18 | File | `/Noxen-master/users.php` | High
|
||||
19 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
20 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
21 | File | `/plugins/servlet/audit/resource` | High
|
||||
22 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
23 | File | `/REBOOTSYSTEM` | High
|
||||
24 | File | `/replication` | Medium
|
||||
25 | File | `/RestAPI` | Medium
|
||||
26 | File | `/servlet/webacc` | High
|
||||
27 | File | `/textpattern/index.php` | High
|
||||
28 | File | `/tmp/zarafa-vacation-*` | High
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/upload` | Low
|
||||
31 | File | `/user/loader.php?api=1` | High
|
||||
32 | File | `/usr/bin/at` | Medium
|
||||
33 | File | `/var/log/nginx` | High
|
||||
34 | File | `/var/run/watchman.pid` | High
|
||||
35 | File | `/viewer/krpano.html` | High
|
||||
36 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
37 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
38 | File | `20review.asp` | Medium
|
||||
39 | File | `account.asp` | Medium
|
||||
40 | File | `ActivityManagerService.java` | High
|
||||
41 | File | `additem.asp` | Medium
|
||||
42 | File | `admin.a6mambocredits.php` | High
|
||||
43 | File | `admin.cropcanvas.php` | High
|
||||
44 | File | `admin.joomlaradiov5.php` | High
|
||||
45 | File | `admin.php` | Medium
|
||||
46 | File | `admin.remository.php` | High
|
||||
47 | File | `admin/addons/archive/archive.php` | High
|
||||
48 | File | `adminAvatars.php` | High
|
||||
49 | File | `AdxDSrv.exe` | Medium
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 428 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -75,7 +75,7 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `appserv/main.php` | High
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 117 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
15 | [81.17.56.249](https://vuldb.com/?ip.81.17.56.249) | - | - | High
|
||||
16 | ... | ... | ... | ...
|
||||
|
||||
There are 59 more IOC items available. Please use our online service to access the data.
|
||||
There are 60 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -50,7 +50,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -82,22 +82,23 @@ ID | Type | Indicator | Confidence
|
|||
19 | File | `/hrm/employeeview.php` | High
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
22 | File | `/login.php` | Medium
|
||||
23 | File | `/mgmt/tm/util/bash` | High
|
||||
24 | File | `/mkshop/Men/profile.php` | High
|
||||
25 | File | `/monitoring` | Medium
|
||||
26 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
27 | File | `/pages/apply_vacancy.php` | High
|
||||
28 | File | `/php_action/createUser.php` | High
|
||||
29 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
30 | File | `/plugins/servlet/audit/resource` | High
|
||||
31 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
32 | File | `/PROD_ar/twbkwbis.P_FirstMenu` | High
|
||||
33 | File | `/replication` | Medium
|
||||
34 | File | `/RestAPI` | Medium
|
||||
35 | ... | ... | ...
|
||||
22 | File | `/librarian/bookdetails.php` | High
|
||||
23 | File | `/login.php` | Medium
|
||||
24 | File | `/mgmt/tm/util/bash` | High
|
||||
25 | File | `/mkshop/Men/profile.php` | High
|
||||
26 | File | `/monitoring` | Medium
|
||||
27 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
28 | File | `/pages/apply_vacancy.php` | High
|
||||
29 | File | `/php_action/createUser.php` | High
|
||||
30 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
31 | File | `/plugins/servlet/audit/resource` | High
|
||||
32 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
33 | File | `/PROD_ar/twbkwbis.P_FirstMenu` | High
|
||||
34 | File | `/replication` | Medium
|
||||
35 | File | `/RestAPI` | Medium
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 305 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -110,6 +111,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://unit42.paloaltonetworks.com/unit42-oilrig-uses-updated-bondupdater-target-middle-eastern-government/
|
||||
* https://unit42.paloaltonetworks.com/unit42-oopsie-oilrig-uses-threedollars-deliver-new-trojan/
|
||||
* https://www.clearskysec.com/oilrig/
|
||||
* https://www.cyber45.com
|
||||
* https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
|
||||
* https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -122,7 +122,7 @@ ID | Type | Indicator | Confidence
|
|||
44 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,66 @@
|
|||
# AV Tech Support Scam - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AV Tech Support Scam](https://vuldb.com/?actor.av_tech_support_scam). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.av_tech_support_scam](https://vuldb.com/?actor.av_tech_support_scam)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AV Tech Support Scam:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [UA](https://vuldb.com/?country.ua)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AV Tech Support Scam.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [68.183.175.204](https://vuldb.com/?ip.68.183.175.204) | - | - | High
|
||||
2 | [104.27.184.14](https://vuldb.com/?ip.104.27.184.14) | - | - | High
|
||||
3 | [134.249.116.78](https://vuldb.com/?ip.134.249.116.78) | 134-249-116-78.broadband.kyivstar.net | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AV Tech Support Scam_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21 | Pathname Traversal | High
|
||||
2 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1592 | CWE-200 | Configuration | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AV Tech Support Scam. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/nova/bin/bfd` | High
|
||||
2 | File | `net/xfrm/xfrm_user.c` | High
|
||||
3 | Argument | `-q` | Low
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,59 @@
|
|||
# AZORult and NanoCore - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AZORult and NanoCore](https://vuldb.com/?actor.azorult_and_nanocore). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.azorult_and_nanocore](https://vuldb.com/?actor.azorult_and_nanocore)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AZORult and NanoCore:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AZORult and NanoCore.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.81.246.150](https://vuldb.com/?ip.23.81.246.150) | - | - | High
|
||||
2 | [23.247.102.10](https://vuldb.com/?ip.23.247.102.10) | word-finish.golddoubly.com | - | High
|
||||
3 | [216.170.114.4](https://vuldb.com/?ip.216.170.114.4) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AZORult and NanoCore_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AZORult and NanoCore. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `admin/categories_industry.php` | High
|
||||
2 | File | `register/check/username?username` | High
|
||||
3 | Argument | `p_name` | Low
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.zscaler.com/blogs/research/multistage-freedom-loader-used-spread-azorult-and-nanocore-rat
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -48,9 +48,10 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
3 | File | `admin/index.php` | High
|
||||
4 | File | `books.php` | Medium
|
||||
5 | ... | ... | ...
|
||||
5 | File | `data/gbconfiguration.dat` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 34 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 35 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
# AdKoob - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AdKoob](https://vuldb.com/?actor.adkoob). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.adkoob](https://vuldb.com/?actor.adkoob)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AdKoob:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AdKoob.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.32.91.128](https://vuldb.com/?ip.45.32.91.128) | 45.32.91.128.vultrusercontent.com | - | High
|
||||
2 | [104.200.131.253](https://vuldb.com/?ip.104.200.131.253) | - | - | High
|
||||
3 | [107.151.152.220](https://vuldb.com/?ip.107.151.152.220) | esp-152-220.grotesqueyam.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AdKoob_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AdKoob. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/forum/away.php` | High
|
||||
2 | File | `/rapi/read_url` | High
|
||||
3 | File | `admin/index.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 20 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,104 @@
|
|||
# AdvisorsBot - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AdvisorsBot](https://vuldb.com/?actor.advisorsbot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.advisorsbot](https://vuldb.com/?actor.advisorsbot)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AdvisorsBot:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AdvisorsBot.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.180.198.56](https://vuldb.com/?ip.185.180.198.56) | . | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AdvisorsBot_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AdvisorsBot. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/ad_js.php` | Medium
|
||||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/app/options.py` | High
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/boat/login.php` | High
|
||||
17 | File | `/bsms_ci/index.php/book` | High
|
||||
18 | File | `/cgi-bin` | Medium
|
||||
19 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
21 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
22 | File | `/dashboard/reports/logs/view` | High
|
||||
23 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/etc/hosts` | Medium
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/goform/setmac` | High
|
||||
28 | File | `/goform/wizard_end` | High
|
||||
29 | File | `/manage-apartment.php` | High
|
||||
30 | File | `/medicines/profile.php` | High
|
||||
31 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
32 | File | `/pages/apply_vacancy.php` | High
|
||||
33 | File | `/proc/<PID>/mem` | High
|
||||
34 | File | `/proxy` | Low
|
||||
35 | File | `/reservation/add_message.php` | High
|
||||
36 | File | `/spip.php` | Medium
|
||||
37 | File | `/tmp` | Low
|
||||
38 | File | `/uncpath/` | Medium
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -113,8 +113,7 @@ ID | Type | Indicator | Confidence
|
|||
46 | File | `admin/content.php` | High
|
||||
47 | File | `admin/import/class-import-settings.php` | High
|
||||
48 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
49 | File | `admin/sitesettings.php` | High
|
||||
50 | ... | ... | ...
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# AgentTesla - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AgentTesla](https://vuldb.com/?actor.agenttesla). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.agenttesla](https://vuldb.com/?actor.agenttesla)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AgentTesla.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.4.1.4](https://vuldb.com/?ip.3.4.1.4) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Ako - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ako](https://vuldb.com/?actor.ako). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ako](https://vuldb.com/?actor.ako)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Ako.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.29.17.1](https://vuldb.com/?ip.3.29.17.1) | ec2-3-29-17-1.me-central-1.compute.amazonaws.com | - | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.bleepingcomputer.com/news/security/ako-ransomware-another-day-another-infection-attacking-businesses/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -85,36 +85,36 @@ ID | Type | Indicator | Confidence
|
|||
18 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
19 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
20 | File | `/index.php?page=category_list` | High
|
||||
21 | File | `/mims/login.php` | High
|
||||
22 | File | `/Moosikay/order.php` | High
|
||||
23 | File | `/opac/Actions.php?a=login` | High
|
||||
24 | File | `/php-scrm/login.php` | High
|
||||
25 | File | `/PreviewHandler.ashx` | High
|
||||
26 | File | `/proxy` | Low
|
||||
27 | File | `/public/launchNewWindow.jsp` | High
|
||||
28 | File | `/reservation/add_message.php` | High
|
||||
29 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
30 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
31 | File | `/text/pdf/PdfReader.java` | High
|
||||
32 | File | `/textpattern/index.php` | High
|
||||
33 | File | `/tmp` | Low
|
||||
34 | File | `/user/updatePwd` | High
|
||||
35 | File | `/usr/bin/at` | Medium
|
||||
36 | File | `/wp-admin/admin-ajax.php` | High
|
||||
37 | File | `a-forms.php` | Medium
|
||||
38 | File | `account/signup.php` | High
|
||||
39 | File | `activenews_view.asp` | High
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `addentry.php` | Medium
|
||||
42 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
|
||||
43 | File | `admin.a6mambocredits.php` | High
|
||||
44 | File | `admin.cropcanvas.php` | High
|
||||
45 | File | `admin.jcomments.php` | High
|
||||
46 | File | `admin.php` | Medium
|
||||
47 | File | `admin/admin_editor.php` | High
|
||||
48 | File | `admin/asset/grid-proxy` | High
|
||||
49 | File | `admin/auditTrail.jsf` | High
|
||||
50 | File | `admin/conf_users_edit.php` | High
|
||||
21 | File | `/jobinfo/` | Medium
|
||||
22 | File | `/mims/login.php` | High
|
||||
23 | File | `/Moosikay/order.php` | High
|
||||
24 | File | `/opac/Actions.php?a=login` | High
|
||||
25 | File | `/php-scrm/login.php` | High
|
||||
26 | File | `/PreviewHandler.ashx` | High
|
||||
27 | File | `/proxy` | Low
|
||||
28 | File | `/public/launchNewWindow.jsp` | High
|
||||
29 | File | `/reservation/add_message.php` | High
|
||||
30 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
31 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
32 | File | `/text/pdf/PdfReader.java` | High
|
||||
33 | File | `/textpattern/index.php` | High
|
||||
34 | File | `/tmp` | Low
|
||||
35 | File | `/user/updatePwd` | High
|
||||
36 | File | `/usr/bin/at` | Medium
|
||||
37 | File | `/wp-admin/admin-ajax.php` | High
|
||||
38 | File | `a-forms.php` | Medium
|
||||
39 | File | `account/signup.php` | High
|
||||
40 | File | `activenews_view.asp` | High
|
||||
41 | File | `adclick.php` | Medium
|
||||
42 | File | `addentry.php` | Medium
|
||||
43 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
|
||||
44 | File | `admin.a6mambocredits.php` | High
|
||||
45 | File | `admin.cropcanvas.php` | High
|
||||
46 | File | `admin.jcomments.php` | High
|
||||
47 | File | `admin.php` | Medium
|
||||
48 | File | `admin/admin_editor.php` | High
|
||||
49 | File | `admin/asset/grid-proxy` | High
|
||||
50 | File | `admin/auditTrail.jsf` | High
|
||||
51 | ... | ... | ...
|
||||
|
||||
There are 445 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -23,39 +23,42 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.56.56.210](https://vuldb.com/?ip.2.56.56.210) | nunel.top | - | High
|
||||
2 | [2.56.59.26](https://vuldb.com/?ip.2.56.59.26) | - | - | High
|
||||
3 | [5.75.139.35](https://vuldb.com/?ip.5.75.139.35) | static.35.139.75.5.clients.your-server.de | - | High
|
||||
4 | [5.182.4.47](https://vuldb.com/?ip.5.182.4.47) | - | - | High
|
||||
5 | [5.188.118.7](https://vuldb.com/?ip.5.188.118.7) | - | - | High
|
||||
6 | [23.106.215.95](https://vuldb.com/?ip.23.106.215.95) | - | - | High
|
||||
7 | [31.41.244.15](https://vuldb.com/?ip.31.41.244.15) | - | - | High
|
||||
8 | [31.41.244.17](https://vuldb.com/?ip.31.41.244.17) | - | - | High
|
||||
9 | [31.41.244.60](https://vuldb.com/?ip.31.41.244.60) | - | - | High
|
||||
10 | [31.41.244.146](https://vuldb.com/?ip.31.41.244.146) | - | - | High
|
||||
11 | [31.41.244.158](https://vuldb.com/?ip.31.41.244.158) | - | - | High
|
||||
12 | [31.41.244.167](https://vuldb.com/?ip.31.41.244.167) | - | - | High
|
||||
13 | [31.41.244.200](https://vuldb.com/?ip.31.41.244.200) | - | - | High
|
||||
14 | [31.41.244.237](https://vuldb.com/?ip.31.41.244.237) | - | - | High
|
||||
15 | [37.220.87.85](https://vuldb.com/?ip.37.220.87.85) | ipn-37-220-87-85.artem-catv.ru | - | High
|
||||
16 | [45.9.74.80](https://vuldb.com/?ip.45.9.74.80) | - | - | High
|
||||
17 | [45.15.156.216](https://vuldb.com/?ip.45.15.156.216) | - | - | High
|
||||
18 | [45.32.200.113](https://vuldb.com/?ip.45.32.200.113) | 45.32.200.113.vultrusercontent.com | - | High
|
||||
19 | [45.66.230.123](https://vuldb.com/?ip.45.66.230.123) | - | - | High
|
||||
20 | [45.155.205.172](https://vuldb.com/?ip.45.155.205.172) | - | - | High
|
||||
21 | [45.227.255.49](https://vuldb.com/?ip.45.227.255.49) | - | - | High
|
||||
22 | [46.17.96.36](https://vuldb.com/?ip.46.17.96.36) | - | - | High
|
||||
23 | [49.12.117.51](https://vuldb.com/?ip.49.12.117.51) | static.51.117.12.49.clients.your-server.de | - | High
|
||||
24 | [62.204.41.4](https://vuldb.com/?ip.62.204.41.4) | - | - | High
|
||||
25 | [62.204.41.5](https://vuldb.com/?ip.62.204.41.5) | - | - | High
|
||||
26 | [62.204.41.6](https://vuldb.com/?ip.62.204.41.6) | - | - | High
|
||||
27 | [62.204.41.13](https://vuldb.com/?ip.62.204.41.13) | - | - | High
|
||||
28 | [62.204.41.17](https://vuldb.com/?ip.62.204.41.17) | - | - | High
|
||||
29 | [62.204.41.25](https://vuldb.com/?ip.62.204.41.25) | - | - | High
|
||||
30 | [62.204.41.27](https://vuldb.com/?ip.62.204.41.27) | - | - | High
|
||||
31 | [62.204.41.32](https://vuldb.com/?ip.62.204.41.32) | - | - | High
|
||||
32 | [62.204.41.59](https://vuldb.com/?ip.62.204.41.59) | - | - | High
|
||||
33 | ... | ... | ... | ...
|
||||
3 | [2.59.42.63](https://vuldb.com/?ip.2.59.42.63) | vds-cw08597.timeweb.ru | - | High
|
||||
4 | [5.42.65.1](https://vuldb.com/?ip.5.42.65.1) | - | - | High
|
||||
5 | [5.42.65.80](https://vuldb.com/?ip.5.42.65.80) | - | - | High
|
||||
6 | [5.75.139.35](https://vuldb.com/?ip.5.75.139.35) | static.35.139.75.5.clients.your-server.de | - | High
|
||||
7 | [5.182.4.47](https://vuldb.com/?ip.5.182.4.47) | - | - | High
|
||||
8 | [5.188.118.7](https://vuldb.com/?ip.5.188.118.7) | - | - | High
|
||||
9 | [23.106.215.95](https://vuldb.com/?ip.23.106.215.95) | - | - | High
|
||||
10 | [31.41.244.15](https://vuldb.com/?ip.31.41.244.15) | - | - | High
|
||||
11 | [31.41.244.17](https://vuldb.com/?ip.31.41.244.17) | - | - | High
|
||||
12 | [31.41.244.60](https://vuldb.com/?ip.31.41.244.60) | - | - | High
|
||||
13 | [31.41.244.146](https://vuldb.com/?ip.31.41.244.146) | - | - | High
|
||||
14 | [31.41.244.158](https://vuldb.com/?ip.31.41.244.158) | - | - | High
|
||||
15 | [31.41.244.167](https://vuldb.com/?ip.31.41.244.167) | - | - | High
|
||||
16 | [31.41.244.200](https://vuldb.com/?ip.31.41.244.200) | - | - | High
|
||||
17 | [31.41.244.237](https://vuldb.com/?ip.31.41.244.237) | - | - | High
|
||||
18 | [37.220.87.85](https://vuldb.com/?ip.37.220.87.85) | ipn-37-220-87-85.artem-catv.ru | - | High
|
||||
19 | [45.9.74.80](https://vuldb.com/?ip.45.9.74.80) | - | - | High
|
||||
20 | [45.15.156.216](https://vuldb.com/?ip.45.15.156.216) | - | - | High
|
||||
21 | [45.32.200.113](https://vuldb.com/?ip.45.32.200.113) | 45.32.200.113.vultrusercontent.com | - | High
|
||||
22 | [45.66.230.123](https://vuldb.com/?ip.45.66.230.123) | - | - | High
|
||||
23 | [45.155.205.172](https://vuldb.com/?ip.45.155.205.172) | - | - | High
|
||||
24 | [45.227.255.49](https://vuldb.com/?ip.45.227.255.49) | - | - | High
|
||||
25 | [46.17.96.36](https://vuldb.com/?ip.46.17.96.36) | - | - | High
|
||||
26 | [49.12.117.51](https://vuldb.com/?ip.49.12.117.51) | static.51.117.12.49.clients.your-server.de | - | High
|
||||
27 | [62.182.156.152](https://vuldb.com/?ip.62.182.156.152) | - | - | High
|
||||
28 | [62.204.41.4](https://vuldb.com/?ip.62.204.41.4) | - | - | High
|
||||
29 | [62.204.41.5](https://vuldb.com/?ip.62.204.41.5) | - | - | High
|
||||
30 | [62.204.41.6](https://vuldb.com/?ip.62.204.41.6) | - | - | High
|
||||
31 | [62.204.41.13](https://vuldb.com/?ip.62.204.41.13) | - | - | High
|
||||
32 | [62.204.41.17](https://vuldb.com/?ip.62.204.41.17) | - | - | High
|
||||
33 | [62.204.41.25](https://vuldb.com/?ip.62.204.41.25) | - | - | High
|
||||
34 | [62.204.41.27](https://vuldb.com/?ip.62.204.41.27) | - | - | High
|
||||
35 | [62.204.41.32](https://vuldb.com/?ip.62.204.41.32) | - | - | High
|
||||
36 | ... | ... | ... | ...
|
||||
|
||||
There are 129 more IOC items available. Please use our online service to access the data.
|
||||
There are 139 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -66,11 +69,11 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -96,63 +99,66 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `/api/admin/store/product/list` | High
|
||||
17 | File | `/api/stl/actions/search` | High
|
||||
18 | File | `/api/v2/cli/commands` | High
|
||||
19 | File | `/apply.cgi` | Medium
|
||||
20 | File | `/APR/login.php` | High
|
||||
21 | File | `/bin/httpd` | Medium
|
||||
22 | File | `/boat/login.php` | High
|
||||
23 | File | `/cgi-bin` | Medium
|
||||
24 | File | `/cgi-bin/wapopen` | High
|
||||
25 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
26 | File | `/College/admin/teacher.php` | High
|
||||
27 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
19 | File | `/APR/login.php` | High
|
||||
20 | File | `/bin/httpd` | Medium
|
||||
21 | File | `/boat/login.php` | High
|
||||
22 | File | `/cgi-bin` | Medium
|
||||
23 | File | `/cgi-bin/wapopen` | High
|
||||
24 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
25 | File | `/College/admin/teacher.php` | High
|
||||
26 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
27 | File | `/dcim/rack-roles/` | High
|
||||
28 | File | `/debug/pprof` | Medium
|
||||
29 | File | `/feeds/post/publish` | High
|
||||
30 | File | `/film-rating.php` | High
|
||||
31 | File | `/forum/away.php` | High
|
||||
32 | File | `/goform/aspForm` | High
|
||||
33 | File | `/home/masterConsole` | High
|
||||
34 | File | `/home/sendBroadcast` | High
|
||||
35 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
36 | File | `/inc/topBarNav.php` | High
|
||||
37 | File | `/index.php` | Medium
|
||||
38 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
39 | File | `/librarian/bookdetails.php` | High
|
||||
40 | File | `/medicines/profile.php` | High
|
||||
41 | File | `/Moosikay/order.php` | High
|
||||
42 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
43 | File | `/opac/Actions.php?a=login` | High
|
||||
44 | File | `/php-opos/index.php` | High
|
||||
45 | File | `/public/launchNewWindow.jsp` | High
|
||||
46 | File | `/reservation/add_message.php` | High
|
||||
47 | File | `/spip.php` | Medium
|
||||
48 | File | `/student/bookdetails.php` | High
|
||||
49 | File | `/uncpath/` | Medium
|
||||
50 | File | `/user/updatePwd` | High
|
||||
51 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
52 | File | `/video-sharing-script/watch-video.php` | High
|
||||
53 | File | `/wireless/security.asp` | High
|
||||
54 | File | `a-forms.php` | Medium
|
||||
55 | File | `account.asp` | Medium
|
||||
56 | File | `acloudCosAction.php.SQL` | High
|
||||
57 | File | `AcquisiAction.class.php` | High
|
||||
58 | File | `activenews_view.asp` | High
|
||||
59 | File | `ActiveServices.java` | High
|
||||
60 | File | `adclick.php` | Medium
|
||||
61 | File | `add_product.php` | High
|
||||
62 | File | `admin.a6mambocredits.php` | High
|
||||
63 | File | `admin.cropcanvas.php` | High
|
||||
64 | File | `admin.php` | Medium
|
||||
65 | File | `admin/abc.php` | High
|
||||
66 | File | `admin/add_payment.php` | High
|
||||
67 | ... | ... | ...
|
||||
29 | File | `/env` | Low
|
||||
30 | File | `/feeds/post/publish` | High
|
||||
31 | File | `/film-rating.php` | High
|
||||
32 | File | `/forum/away.php` | High
|
||||
33 | File | `/goform/aspForm` | High
|
||||
34 | File | `/home/masterConsole` | High
|
||||
35 | File | `/home/sendBroadcast` | High
|
||||
36 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
37 | File | `/inc/topBarNav.php` | High
|
||||
38 | File | `/index.php` | Medium
|
||||
39 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
40 | File | `/index.php?page=category_list` | High
|
||||
41 | File | `/jobinfo/` | Medium
|
||||
42 | File | `/kelas/data` | Medium
|
||||
43 | File | `/librarian/bookdetails.php` | High
|
||||
44 | File | `/Moosikay/order.php` | High
|
||||
45 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
46 | File | `/opac/Actions.php?a=login` | High
|
||||
47 | File | `/php-opos/index.php` | High
|
||||
48 | File | `/PreviewHandler.ashx` | High
|
||||
49 | File | `/public/launchNewWindow.jsp` | High
|
||||
50 | File | `/reservation/add_message.php` | High
|
||||
51 | File | `/student/bookdetails.php` | High
|
||||
52 | File | `/uncpath/` | Medium
|
||||
53 | File | `/user/updatePwd` | High
|
||||
54 | File | `/video-sharing-script/watch-video.php` | High
|
||||
55 | File | `/wireless/security.asp` | High
|
||||
56 | File | `/wp-admin/admin-ajax.php` | High
|
||||
57 | File | `a-forms.php` | Medium
|
||||
58 | File | `account.asp` | Medium
|
||||
59 | File | `acloudCosAction.php.SQL` | High
|
||||
60 | File | `AcquisiAction.class.php` | High
|
||||
61 | File | `activenews_view.asp` | High
|
||||
62 | File | `ActiveServices.java` | High
|
||||
63 | File | `adclick.php` | Medium
|
||||
64 | File | `admin.a6mambocredits.php` | High
|
||||
65 | ... | ... | ...
|
||||
|
||||
There are 586 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 574 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://app.any.run/tasks/6b4a52a0-4bbe-4c57-a196-a7c0e3425220
|
||||
* https://cofense.com/new-phishing-campaign-targets-u-s-taxpayers-dropping-amadey-botnet/
|
||||
* https://threatfox.abuse.ch
|
||||
* https://threatvector.cylance.com/en_us/home/threat-spotlight-amadey-bot.html
|
||||
* https://tracker.viriback.com/index.php?q=5.42.65.1
|
||||
* https://tracker.viriback.com/index.php?q=5.42.65.80
|
||||
* https://tracker.viriback.com/index.php?q=5.75.139.35
|
||||
* https://tracker.viriback.com/index.php?q=31.41.244.146
|
||||
* https://tracker.viriback.com/index.php?q=31.41.244.158
|
||||
|
@ -196,6 +202,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://tracker.viriback.com/index.php?q=77.73.134.45
|
||||
* https://tracker.viriback.com/index.php?q=77.73.134.52
|
||||
* https://tracker.viriback.com/index.php?q=77.73.134.66
|
||||
* https://tracker.viriback.com/index.php?q=77.91.68.62
|
||||
* https://tracker.viriback.com/index.php?q=77.91.78.118
|
||||
* https://tracker.viriback.com/index.php?q=77.91.78.242
|
||||
* https://tracker.viriback.com/index.php?q=77.91.124.20
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
# Android Battery Saving Scam - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Android Battery Saving Scam](https://vuldb.com/?actor.android_battery_saving_scam). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.android_battery_saving_scam](https://vuldb.com/?actor.android_battery_saving_scam)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Android Battery Saving Scam.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [109.169.85.117](https://vuldb.com/?ip.109.169.85.117) | - | - | High
|
||||
2 | [109.169.85.119](https://vuldb.com/?ip.109.169.85.119) | - | - | High
|
||||
3 | [109.169.87.58](https://vuldb.com/?ip.109.169.87.58) | scan09.fgxintel.com | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,116 @@
|
|||
# Applejeus - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Applejeus](https://vuldb.com/?actor.applejeus). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.applejeus](https://vuldb.com/?actor.applejeus)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Applejeus:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Applejeus.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.254.217.53](https://vuldb.com/?ip.23.254.217.53) | client-23-254-217-53.hostwindsdns.com | - | High
|
||||
2 | [80.82.64.91](https://vuldb.com/?ip.80.82.64.91) | - | - | High
|
||||
3 | [95.213.232.170](https://vuldb.com/?ip.95.213.232.170) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Applejeus_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Applejeus. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/admin/upload/upload` | High
|
||||
4 | File | `/api/gen/clients/{language}` | High
|
||||
5 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
6 | File | `/classes/Users.php` | High
|
||||
7 | File | `/config/getuser` | High
|
||||
8 | File | `/config/myfield/test.php` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/ecshop/admin/template.php` | High
|
||||
11 | File | `/example/editor` | High
|
||||
12 | File | `/file/upload/1` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/forum/PostPrivateMessage` | High
|
||||
15 | File | `/HNAP1` | Low
|
||||
16 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
17 | File | `/iu-application/controllers/administration/auth.php` | High
|
||||
18 | File | `/Kofax/KFS/ThinClient/document/upload/` | High
|
||||
19 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
20 | File | `/net-banking/customer_transactions.php` | High
|
||||
21 | File | `/obs/book.php` | High
|
||||
22 | File | `/ossn/administrator/com_installer` | High
|
||||
23 | File | `/pms/update_user.php?user_id=1` | High
|
||||
24 | File | `/requests.php` | High
|
||||
25 | File | `/spip.php` | Medium
|
||||
26 | File | `/sre/params.php` | High
|
||||
27 | File | `/tmp` | Low
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/user/upload/upload` | High
|
||||
30 | File | `/Users` | Low
|
||||
31 | File | `/var/spool/hylafax` | High
|
||||
32 | File | `/vendor` | Low
|
||||
33 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
34 | File | `action/addproject.php` | High
|
||||
35 | File | `adclick.php` | Medium
|
||||
36 | File | `add_contestant.php` | High
|
||||
37 | File | `admin.php` | Medium
|
||||
38 | File | `admin/index.php` | High
|
||||
39 | File | `admin/make_payments.php` | High
|
||||
40 | File | `Advanced_ASUSDDNS_Content.asp` | High
|
||||
41 | File | `af_netlink.c` | Medium
|
||||
42 | File | `album_portal.php` | High
|
||||
43 | File | `api_jsonrpc.php` | High
|
||||
44 | File | `artreplydelete.asp` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://securelist.com/operation-applejeus-sequel/95596/
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -54,11 +54,11 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/getcfg.php` | Medium
|
||||
3 | File | `act.php` | Low
|
||||
4 | File | `admin.php` | Medium
|
||||
5 | File | `app/admin/import-export/import-load-data.php` | High
|
||||
6 | File | `boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php` | High
|
||||
5 | File | `admin\posts\manage_post.php` | High
|
||||
6 | File | `app/admin/import-export/import-load-data.php` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 44 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 48 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,131 @@
|
|||
# Asylum Ambuscade - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Asylum Ambuscade](https://vuldb.com/?actor.asylum_ambuscade). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.asylum_ambuscade](https://vuldb.com/?actor.asylum_ambuscade)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Asylum Ambuscade:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Asylum Ambuscade.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.39.222.150](https://vuldb.com/?ip.5.39.222.150) | - | - | High
|
||||
2 | [5.44.42.27](https://vuldb.com/?ip.5.44.42.27) | mexomail-smtp.ip-ptr.tech | - | High
|
||||
3 | [5.230.68.137](https://vuldb.com/?ip.5.230.68.137) | placeholder.noezserver.de | - | High
|
||||
4 | [5.230.71.166](https://vuldb.com/?ip.5.230.71.166) | - | - | High
|
||||
5 | [5.230.72.38](https://vuldb.com/?ip.5.230.72.38) | placeholder.noezserver.de | - | High
|
||||
6 | [5.230.72.148](https://vuldb.com/?ip.5.230.72.148) | placeholder.noezserver.de | - | High
|
||||
7 | [5.230.73.57](https://vuldb.com/?ip.5.230.73.57) | - | - | High
|
||||
8 | [5.230.73.63](https://vuldb.com/?ip.5.230.73.63) | ringbirdapp.com | - | High
|
||||
9 | [5.230.73.241](https://vuldb.com/?ip.5.230.73.241) | - | - | High
|
||||
10 | [5.230.73.247](https://vuldb.com/?ip.5.230.73.247) | - | - | High
|
||||
11 | [5.230.73.248](https://vuldb.com/?ip.5.230.73.248) | - | - | High
|
||||
12 | [5.230.73.250](https://vuldb.com/?ip.5.230.73.250) | - | - | High
|
||||
13 | [5.252.118.132](https://vuldb.com/?ip.5.252.118.132) | mail2.delivery2023.info | - | High
|
||||
14 | [5.252.118.204](https://vuldb.com/?ip.5.252.118.204) | acceptable-scarecrow.aeza.network | - | High
|
||||
15 | [5.255.88.222](https://vuldb.com/?ip.5.255.88.222) | alphawolve.com | - | High
|
||||
16 | [23.106.123.119](https://vuldb.com/?ip.23.106.123.119) | - | - | High
|
||||
17 | [31.192.105.28](https://vuldb.com/?ip.31.192.105.28) | - | - | High
|
||||
18 | [45.76.211.131](https://vuldb.com/?ip.45.76.211.131) | 45.76.211.131.vultrusercontent.com | - | High
|
||||
19 | ... | ... | ... | ...
|
||||
|
||||
There are 70 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Asylum Ambuscade_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Asylum Ambuscade. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
3 | File | `/admin.add` | Medium
|
||||
4 | File | `/admin.php/news/admin/topic/save` | High
|
||||
5 | File | `/admin/api/theme-edit/` | High
|
||||
6 | File | `/admin/comn/service/update.json` | High
|
||||
7 | File | `/admin/fst_upload.inc.php` | High
|
||||
8 | File | `/admin/login.php` | High
|
||||
9 | File | `/admin/maintenance/view_designation.php` | High
|
||||
10 | File | `/admin/robot/approval/list` | High
|
||||
11 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
12 | File | `/api/v2/labels/` | High
|
||||
13 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
|
||||
14 | File | `/apply.cgi` | Medium
|
||||
15 | File | `/cgi-bin/go` | Medium
|
||||
16 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
17 | File | `/cgi-bin/wapopen` | High
|
||||
18 | File | `/dl/dl_print.php` | High
|
||||
19 | File | `/etc/gsissh/sshd_config` | High
|
||||
20 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/forum/PostPrivateMessage` | High
|
||||
23 | File | `/getcfg.php` | Medium
|
||||
24 | File | `/home/masterConsole` | High
|
||||
25 | File | `/hrm/employeeadd.php` | High
|
||||
26 | File | `/hrm/employeeview.php` | High
|
||||
27 | File | `/info.xml` | Medium
|
||||
28 | File | `/librarian/bookdetails.php` | High
|
||||
29 | File | `/mgmt/tm/util/bash` | High
|
||||
30 | File | `/nova/bin/sniffer` | High
|
||||
31 | File | `/ofcms/company-c-47` | High
|
||||
32 | File | `/opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def` | High
|
||||
33 | File | `/pms/update_user.php?user_id=1` | High
|
||||
34 | File | `/public/login.htm` | High
|
||||
35 | File | `/rom-0` | Low
|
||||
36 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
37 | File | `/secure/ViewCollectors` | High
|
||||
38 | File | `/Session` | Medium
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | File | `/uncpath/` | Medium
|
||||
41 | File | `/usr/local/nagiosxi/html/admin/sshterm.php` | High
|
||||
42 | File | `/usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php` | High
|
||||
43 | File | `/usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php` | High
|
||||
44 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 392 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AsyncRAT:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [SH](https://vuldb.com/?country.sh)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -37,273 +37,284 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
14 | [2.58.56.44](https://vuldb.com/?ip.2.58.56.44) | powered.by.rdp.sh | - | High
|
||||
15 | [2.58.56.106](https://vuldb.com/?ip.2.58.56.106) | powered.by.rdp.sh | - | High
|
||||
16 | [2.58.56.120](https://vuldb.com/?ip.2.58.56.120) | powered.by.rdp.sh | - | High
|
||||
17 | [2.58.56.148](https://vuldb.com/?ip.2.58.56.148) | powered.by.rdp.sh | - | High
|
||||
18 | [2.58.56.183](https://vuldb.com/?ip.2.58.56.183) | powered.by.rdp.sh | - | High
|
||||
19 | [2.58.56.243](https://vuldb.com/?ip.2.58.56.243) | powered.by.rdp.sh | - | High
|
||||
20 | [2.59.119.56](https://vuldb.com/?ip.2.59.119.56) | lumajobedis.site | - | High
|
||||
21 | [2.59.119.66](https://vuldb.com/?ip.2.59.119.66) | webmafyasi.net | - | High
|
||||
22 | [2.59.119.84](https://vuldb.com/?ip.2.59.119.84) | cukurovayasam.com | - | High
|
||||
23 | [2.207.101.83](https://vuldb.com/?ip.2.207.101.83) | dslb-002-207-101-083.002.207.pools.vodafone-ip.de | - | High
|
||||
24 | [2.224.144.191](https://vuldb.com/?ip.2.224.144.191) | 2-224-144-191.ip170.fastwebnet.it | - | High
|
||||
25 | [3.13.191.225](https://vuldb.com/?ip.3.13.191.225) | ec2-3-13-191-225.us-east-2.compute.amazonaws.com | - | Medium
|
||||
26 | [3.19.130.43](https://vuldb.com/?ip.3.19.130.43) | ec2-3-19-130-43.us-east-2.compute.amazonaws.com | - | Medium
|
||||
27 | [3.66.38.117](https://vuldb.com/?ip.3.66.38.117) | ec2-3-66-38-117.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
28 | [3.68.95.191](https://vuldb.com/?ip.3.68.95.191) | ec2-3-68-95-191.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
29 | [3.68.171.119](https://vuldb.com/?ip.3.68.171.119) | ec2-3-68-171-119.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
30 | [3.69.115.178](https://vuldb.com/?ip.3.69.115.178) | ec2-3-69-115-178.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
31 | [3.69.157.220](https://vuldb.com/?ip.3.69.157.220) | ec2-3-69-157-220.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
32 | [3.125.115.192](https://vuldb.com/?ip.3.125.115.192) | ec2-3-125-115-192.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
33 | [3.129.187.220](https://vuldb.com/?ip.3.129.187.220) | ec2-3-129-187-220.us-east-2.compute.amazonaws.com | - | Medium
|
||||
34 | [3.136.65.236](https://vuldb.com/?ip.3.136.65.236) | ec2-3-136-65-236.us-east-2.compute.amazonaws.com | - | Medium
|
||||
35 | [3.138.45.170](https://vuldb.com/?ip.3.138.45.170) | ec2-3-138-45-170.us-east-2.compute.amazonaws.com | - | Medium
|
||||
36 | [3.138.180.119](https://vuldb.com/?ip.3.138.180.119) | ec2-3-138-180-119.us-east-2.compute.amazonaws.com | - | Medium
|
||||
37 | [3.138.228.94](https://vuldb.com/?ip.3.138.228.94) | ec2-3-138-228-94.us-east-2.compute.amazonaws.com | - | Medium
|
||||
38 | [3.141.142.211](https://vuldb.com/?ip.3.141.142.211) | ec2-3-141-142-211.us-east-2.compute.amazonaws.com | - | Medium
|
||||
39 | [3.141.210.37](https://vuldb.com/?ip.3.141.210.37) | ec2-3-141-210-37.us-east-2.compute.amazonaws.com | - | Medium
|
||||
40 | [3.142.81.166](https://vuldb.com/?ip.3.142.81.166) | ec2-3-142-81-166.us-east-2.compute.amazonaws.com | - | Medium
|
||||
41 | [3.142.129.56](https://vuldb.com/?ip.3.142.129.56) | ec2-3-142-129-56.us-east-2.compute.amazonaws.com | - | Medium
|
||||
42 | [3.142.167.4](https://vuldb.com/?ip.3.142.167.4) | ec2-3-142-167-4.us-east-2.compute.amazonaws.com | - | Medium
|
||||
43 | [3.142.167.54](https://vuldb.com/?ip.3.142.167.54) | ec2-3-142-167-54.us-east-2.compute.amazonaws.com | - | Medium
|
||||
44 | [3.144.124.4](https://vuldb.com/?ip.3.144.124.4) | ec2-3-144-124-4.us-east-2.compute.amazonaws.com | - | Medium
|
||||
45 | [3.219.26.62](https://vuldb.com/?ip.3.219.26.62) | ec2-3-219-26-62.compute-1.amazonaws.com | - | Medium
|
||||
46 | [3.237.100.172](https://vuldb.com/?ip.3.237.100.172) | ec2-3-237-100-172.compute-1.amazonaws.com | - | Medium
|
||||
47 | [4.227.187.147](https://vuldb.com/?ip.4.227.187.147) | - | - | High
|
||||
48 | [4.229.235.23](https://vuldb.com/?ip.4.229.235.23) | - | - | High
|
||||
49 | [4.231.233.180](https://vuldb.com/?ip.4.231.233.180) | - | - | High
|
||||
50 | [5.39.15.167](https://vuldb.com/?ip.5.39.15.167) | - | - | High
|
||||
51 | [5.68.138.73](https://vuldb.com/?ip.5.68.138.73) | 05448a49.skybroadband.com | - | High
|
||||
52 | [5.68.199.16](https://vuldb.com/?ip.5.68.199.16) | 0544c710.skybroadband.com | - | High
|
||||
53 | [5.78.65.18](https://vuldb.com/?ip.5.78.65.18) | static.18.65.78.5.clients.your-server.de | - | High
|
||||
54 | [5.161.76.198](https://vuldb.com/?ip.5.161.76.198) | static.198.76.161.5.clients.your-server.de | - | High
|
||||
55 | [5.161.115.90](https://vuldb.com/?ip.5.161.115.90) | static.90.115.161.5.clients.your-server.de | - | High
|
||||
56 | [5.161.139.136](https://vuldb.com/?ip.5.161.139.136) | static.136.139.161.5.clients.your-server.de | - | High
|
||||
57 | [5.180.104.172](https://vuldb.com/?ip.5.180.104.172) | protection.sdflare.com | - | High
|
||||
58 | [5.180.107.130](https://vuldb.com/?ip.5.180.107.130) | ip.serverscity.net | - | High
|
||||
59 | [5.181.80.120](https://vuldb.com/?ip.5.181.80.120) | alarmedbook.de | - | High
|
||||
60 | [5.181.234.149](https://vuldb.com/?ip.5.181.234.149) | - | - | High
|
||||
61 | [5.188.51.32](https://vuldb.com/?ip.5.188.51.32) | vps.43284172.llhost-inc.eu | - | High
|
||||
62 | [5.188.86.237](https://vuldb.com/?ip.5.188.86.237) | - | - | High
|
||||
63 | [5.196.35.57](https://vuldb.com/?ip.5.196.35.57) | ip57.ip-5-196-35.eu | - | High
|
||||
64 | [5.196.102.93](https://vuldb.com/?ip.5.196.102.93) | ip93.ip-5-196-102.eu | - | High
|
||||
65 | [5.196.174.49](https://vuldb.com/?ip.5.196.174.49) | - | - | High
|
||||
66 | [5.224.222.214](https://vuldb.com/?ip.5.224.222.214) | 5-224-222-214.red-acceso.airtel.net | - | High
|
||||
67 | [5.230.68.234](https://vuldb.com/?ip.5.230.68.234) | placeholder.noezserver.de | - | High
|
||||
68 | [5.230.69.11](https://vuldb.com/?ip.5.230.69.11) | placeholder.noezserver.de | - | High
|
||||
69 | [5.230.70.13](https://vuldb.com/?ip.5.230.70.13) | placeholder.noezserver.de | - | High
|
||||
70 | [5.230.70.106](https://vuldb.com/?ip.5.230.70.106) | placeholder.noezserver.de | - | High
|
||||
71 | [5.230.72.132](https://vuldb.com/?ip.5.230.72.132) | placeholder.noezserver.de | - | High
|
||||
72 | [5.230.84.50](https://vuldb.com/?ip.5.230.84.50) | - | - | High
|
||||
73 | [5.249.165.85](https://vuldb.com/?ip.5.249.165.85) | vps-zap756760-2.zap-srv.com | - | High
|
||||
74 | [5.252.165.130](https://vuldb.com/?ip.5.252.165.130) | - | - | High
|
||||
75 | [8.39.147.42](https://vuldb.com/?ip.8.39.147.42) | jinis.co.uk | - | High
|
||||
76 | [8.210.121.56](https://vuldb.com/?ip.8.210.121.56) | - | - | High
|
||||
77 | [13.36.178.139](https://vuldb.com/?ip.13.36.178.139) | ec2-13-36-178-139.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
78 | [13.59.15.185](https://vuldb.com/?ip.13.59.15.185) | ec2-13-59-15-185.us-east-2.compute.amazonaws.com | - | Medium
|
||||
79 | [13.66.153.98](https://vuldb.com/?ip.13.66.153.98) | - | - | High
|
||||
80 | [13.72.107.36](https://vuldb.com/?ip.13.72.107.36) | - | - | High
|
||||
81 | [13.76.94.179](https://vuldb.com/?ip.13.76.94.179) | - | - | High
|
||||
82 | [13.77.222.211](https://vuldb.com/?ip.13.77.222.211) | - | - | High
|
||||
83 | [13.233.168.154](https://vuldb.com/?ip.13.233.168.154) | ec2-13-233-168-154.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
84 | [14.17.115.109](https://vuldb.com/?ip.14.17.115.109) | - | - | High
|
||||
85 | [14.173.70.169](https://vuldb.com/?ip.14.173.70.169) | static.vnpt.vn | - | High
|
||||
86 | [14.186.155.171](https://vuldb.com/?ip.14.186.155.171) | static.vnpt.vn | - | High
|
||||
87 | [14.191.50.101](https://vuldb.com/?ip.14.191.50.101) | static.vnpt.vn | - | High
|
||||
88 | [15.165.236.45](https://vuldb.com/?ip.15.165.236.45) | ec2-15-165-236-45.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
89 | [15.204.170.1](https://vuldb.com/?ip.15.204.170.1) | ip1.ip-15-204-170.us | - | High
|
||||
90 | [15.235.10.108](https://vuldb.com/?ip.15.235.10.108) | ns5008350.ip-15-235-10.net | - | High
|
||||
91 | [15.235.13.122](https://vuldb.com/?ip.15.235.13.122) | ns5009176.ip-15-235-13.net | - | High
|
||||
92 | [18.133.124.202](https://vuldb.com/?ip.18.133.124.202) | ec2-18-133-124-202.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
93 | [18.139.9.214](https://vuldb.com/?ip.18.139.9.214) | ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
94 | [18.141.129.246](https://vuldb.com/?ip.18.141.129.246) | ec2-18-141-129-246.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
95 | [18.188.14.8](https://vuldb.com/?ip.18.188.14.8) | ec2-18-188-14-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
96 | [18.192.31.165](https://vuldb.com/?ip.18.192.31.165) | ec2-18-192-31-165.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
97 | [18.195.138.26](https://vuldb.com/?ip.18.195.138.26) | ec2-18-195-138-26.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
98 | [18.207.218.15](https://vuldb.com/?ip.18.207.218.15) | ec2-18-207-218-15.compute-1.amazonaws.com | - | Medium
|
||||
99 | [20.4.6.16](https://vuldb.com/?ip.20.4.6.16) | - | - | High
|
||||
100 | [20.8.122.174](https://vuldb.com/?ip.20.8.122.174) | - | - | High
|
||||
101 | [20.12.204.46](https://vuldb.com/?ip.20.12.204.46) | - | - | High
|
||||
102 | [20.16.8.148](https://vuldb.com/?ip.20.16.8.148) | - | - | High
|
||||
103 | [20.25.94.83](https://vuldb.com/?ip.20.25.94.83) | - | - | High
|
||||
104 | [20.42.114.46](https://vuldb.com/?ip.20.42.114.46) | - | - | High
|
||||
105 | [20.52.33.123](https://vuldb.com/?ip.20.52.33.123) | - | - | High
|
||||
106 | [20.52.138.14](https://vuldb.com/?ip.20.52.138.14) | - | - | High
|
||||
107 | [20.52.142.130](https://vuldb.com/?ip.20.52.142.130) | - | - | High
|
||||
108 | [20.52.151.53](https://vuldb.com/?ip.20.52.151.53) | - | - | High
|
||||
109 | [20.52.178.148](https://vuldb.com/?ip.20.52.178.148) | - | - | High
|
||||
110 | [20.54.113.5](https://vuldb.com/?ip.20.54.113.5) | - | - | High
|
||||
111 | [20.62.3.66](https://vuldb.com/?ip.20.62.3.66) | - | - | High
|
||||
112 | [20.67.243.141](https://vuldb.com/?ip.20.67.243.141) | - | - | High
|
||||
113 | [20.68.110.75](https://vuldb.com/?ip.20.68.110.75) | - | - | High
|
||||
114 | [20.69.124.187](https://vuldb.com/?ip.20.69.124.187) | - | - | High
|
||||
115 | [20.69.152.28](https://vuldb.com/?ip.20.69.152.28) | - | - | High
|
||||
116 | [20.77.254.176](https://vuldb.com/?ip.20.77.254.176) | - | - | High
|
||||
117 | [20.83.245.27](https://vuldb.com/?ip.20.83.245.27) | - | - | High
|
||||
118 | [20.86.25.230](https://vuldb.com/?ip.20.86.25.230) | - | - | High
|
||||
119 | [20.98.96.97](https://vuldb.com/?ip.20.98.96.97) | - | - | High
|
||||
120 | [20.98.113.24](https://vuldb.com/?ip.20.98.113.24) | - | - | High
|
||||
121 | [20.98.203.218](https://vuldb.com/?ip.20.98.203.218) | - | - | High
|
||||
122 | [20.100.196.69](https://vuldb.com/?ip.20.100.196.69) | - | - | High
|
||||
123 | [20.107.115.162](https://vuldb.com/?ip.20.107.115.162) | - | - | High
|
||||
124 | [20.108.44.45](https://vuldb.com/?ip.20.108.44.45) | - | - | High
|
||||
125 | [20.111.19.215](https://vuldb.com/?ip.20.111.19.215) | - | - | High
|
||||
126 | [20.111.34.199](https://vuldb.com/?ip.20.111.34.199) | - | - | High
|
||||
127 | [20.111.63.231](https://vuldb.com/?ip.20.111.63.231) | - | - | High
|
||||
128 | [20.113.159.145](https://vuldb.com/?ip.20.113.159.145) | - | - | High
|
||||
129 | [20.114.139.208](https://vuldb.com/?ip.20.114.139.208) | - | - | High
|
||||
130 | [20.117.208.193](https://vuldb.com/?ip.20.117.208.193) | - | - | High
|
||||
131 | [20.123.180.103](https://vuldb.com/?ip.20.123.180.103) | - | - | High
|
||||
132 | [20.125.118.35](https://vuldb.com/?ip.20.125.118.35) | - | - | High
|
||||
133 | [20.125.122.98](https://vuldb.com/?ip.20.125.122.98) | - | - | High
|
||||
134 | [20.127.4.172](https://vuldb.com/?ip.20.127.4.172) | - | - | High
|
||||
135 | [20.151.221.59](https://vuldb.com/?ip.20.151.221.59) | - | - | High
|
||||
136 | [20.166.62.124](https://vuldb.com/?ip.20.166.62.124) | - | - | High
|
||||
137 | [20.169.37.196](https://vuldb.com/?ip.20.169.37.196) | - | - | High
|
||||
138 | [20.169.104.228](https://vuldb.com/?ip.20.169.104.228) | - | - | High
|
||||
139 | [20.171.107.243](https://vuldb.com/?ip.20.171.107.243) | - | - | High
|
||||
140 | [20.184.2.45](https://vuldb.com/?ip.20.184.2.45) | - | - | High
|
||||
141 | [20.197.177.229](https://vuldb.com/?ip.20.197.177.229) | - | - | High
|
||||
142 | [20.197.196.201](https://vuldb.com/?ip.20.197.196.201) | - | - | High
|
||||
143 | [20.197.226.40](https://vuldb.com/?ip.20.197.226.40) | - | - | High
|
||||
144 | [20.199.101.68](https://vuldb.com/?ip.20.199.101.68) | - | - | High
|
||||
145 | [20.199.112.16](https://vuldb.com/?ip.20.199.112.16) | - | - | High
|
||||
146 | [20.199.120.149](https://vuldb.com/?ip.20.199.120.149) | - | - | High
|
||||
147 | [20.199.121.197](https://vuldb.com/?ip.20.199.121.197) | - | - | High
|
||||
148 | [20.203.178.116](https://vuldb.com/?ip.20.203.178.116) | - | - | High
|
||||
149 | [20.211.5.151](https://vuldb.com/?ip.20.211.5.151) | - | - | High
|
||||
150 | [20.212.19.59](https://vuldb.com/?ip.20.212.19.59) | - | - | High
|
||||
151 | [20.224.162.224](https://vuldb.com/?ip.20.224.162.224) | - | - | High
|
||||
152 | [20.226.0.95](https://vuldb.com/?ip.20.226.0.95) | - | - | High
|
||||
153 | [20.226.101.17](https://vuldb.com/?ip.20.226.101.17) | - | - | High
|
||||
154 | [20.226.120.127](https://vuldb.com/?ip.20.226.120.127) | - | - | High
|
||||
155 | [20.238.78.172](https://vuldb.com/?ip.20.238.78.172) | - | - | High
|
||||
156 | [20.240.61.211](https://vuldb.com/?ip.20.240.61.211) | - | - | High
|
||||
157 | [23.94.82.24](https://vuldb.com/?ip.23.94.82.24) | 23-94-82-24-host.colocrossing.com | - | High
|
||||
158 | [23.94.159.212](https://vuldb.com/?ip.23.94.159.212) | 23-94-159-212-host.colocrossing.com | - | High
|
||||
159 | [23.94.236.147](https://vuldb.com/?ip.23.94.236.147) | 23-94-236-147-host.colocrossing.com | - | High
|
||||
160 | [23.95.13.189](https://vuldb.com/?ip.23.95.13.189) | 23-95-13-189-host.colocrossing.com | - | High
|
||||
161 | [23.95.115.74](https://vuldb.com/?ip.23.95.115.74) | rawss.futurce.org.uk | - | High
|
||||
162 | [23.101.213.237](https://vuldb.com/?ip.23.101.213.237) | - | - | High
|
||||
163 | [23.102.1.5](https://vuldb.com/?ip.23.102.1.5) | - | - | High
|
||||
164 | [23.102.122.72](https://vuldb.com/?ip.23.102.122.72) | - | - | High
|
||||
165 | [23.102.129.234](https://vuldb.com/?ip.23.102.129.234) | - | - | High
|
||||
166 | [23.105.131.196](https://vuldb.com/?ip.23.105.131.196) | mail196.nessfist.com | - | High
|
||||
167 | [23.105.131.207](https://vuldb.com/?ip.23.105.131.207) | mail207.nessfist.com | - | High
|
||||
168 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | mail209.nessfist.com | - | High
|
||||
169 | [23.105.131.212](https://vuldb.com/?ip.23.105.131.212) | mail212.nessfist.com | - | High
|
||||
170 | [23.105.131.236](https://vuldb.com/?ip.23.105.131.236) | mail236.nessfist.com | - | High
|
||||
171 | [23.105.131.239](https://vuldb.com/?ip.23.105.131.239) | mail239.nessfist.com | - | High
|
||||
172 | [23.129.232.160](https://vuldb.com/?ip.23.129.232.160) | - | - | High
|
||||
173 | [23.146.242.100](https://vuldb.com/?ip.23.146.242.100) | - | - | High
|
||||
174 | [23.226.77.22](https://vuldb.com/?ip.23.226.77.22) | we.love.servers.at.ioflood.net | - | High
|
||||
175 | [23.237.25.246](https://vuldb.com/?ip.23.237.25.246) | - | - | High
|
||||
176 | [23.238.217.173](https://vuldb.com/?ip.23.238.217.173) | orja4.teki.notredamians.org | - | High
|
||||
177 | [23.254.130.126](https://vuldb.com/?ip.23.254.130.126) | hwsrv-1069616.hostwindsdns.com | - | High
|
||||
178 | [23.254.227.121](https://vuldb.com/?ip.23.254.227.121) | hwsrv-1063912.hostwindsdns.com | - | High
|
||||
179 | [23.254.231.83](https://vuldb.com/?ip.23.254.231.83) | hwsrv-1070248.hostwindsdns.com | - | High
|
||||
180 | [31.41.244.135](https://vuldb.com/?ip.31.41.244.135) | - | - | High
|
||||
181 | [31.170.22.28](https://vuldb.com/?ip.31.170.22.28) | - | - | High
|
||||
182 | [31.192.236.139](https://vuldb.com/?ip.31.192.236.139) | winupdate02.pserver.ru | - | High
|
||||
183 | [31.210.20.79](https://vuldb.com/?ip.31.210.20.79) | - | - | High
|
||||
184 | [31.210.20.167](https://vuldb.com/?ip.31.210.20.167) | - | - | High
|
||||
185 | [31.210.20.192](https://vuldb.com/?ip.31.210.20.192) | - | - | High
|
||||
186 | [31.210.21.188](https://vuldb.com/?ip.31.210.21.188) | linir.top | - | High
|
||||
187 | [34.69.119.138](https://vuldb.com/?ip.34.69.119.138) | 138.119.69.34.bc.googleusercontent.com | - | Medium
|
||||
188 | [34.71.81.158](https://vuldb.com/?ip.34.71.81.158) | 158.81.71.34.bc.googleusercontent.com | - | Medium
|
||||
189 | [34.125.144.45](https://vuldb.com/?ip.34.125.144.45) | 45.144.125.34.bc.googleusercontent.com | - | Medium
|
||||
190 | [34.140.211.85](https://vuldb.com/?ip.34.140.211.85) | 85.211.140.34.bc.googleusercontent.com | - | Medium
|
||||
191 | [35.239.113.160](https://vuldb.com/?ip.35.239.113.160) | 160.113.239.35.bc.googleusercontent.com | - | Medium
|
||||
192 | [36.255.96.200](https://vuldb.com/?ip.36.255.96.200) | - | - | High
|
||||
193 | [37.0.8.17](https://vuldb.com/?ip.37.0.8.17) | stokes.springtimemartialarts.com | - | High
|
||||
194 | [37.0.8.20](https://vuldb.com/?ip.37.0.8.20) | jacksonirwin.springtimemartialarts.com | - | High
|
||||
195 | [37.0.8.67](https://vuldb.com/?ip.37.0.8.67) | willis.capitolreservations.com | - | High
|
||||
196 | [37.0.8.93](https://vuldb.com/?ip.37.0.8.93) | shawtran.capitolreservations.com | - | High
|
||||
197 | [37.0.8.191](https://vuldb.com/?ip.37.0.8.191) | frederick.athinneru.com | - | High
|
||||
198 | [37.0.10.214](https://vuldb.com/?ip.37.0.10.214) | - | - | High
|
||||
199 | [37.0.11.45](https://vuldb.com/?ip.37.0.11.45) | - | - | High
|
||||
200 | [37.0.11.246](https://vuldb.com/?ip.37.0.11.246) | - | - | High
|
||||
201 | [37.0.14.196](https://vuldb.com/?ip.37.0.14.196) | - | - | High
|
||||
202 | [37.0.14.197](https://vuldb.com/?ip.37.0.14.197) | - | - | High
|
||||
203 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
204 | [37.0.14.203](https://vuldb.com/?ip.37.0.14.203) | - | - | High
|
||||
205 | [37.0.14.204](https://vuldb.com/?ip.37.0.14.204) | - | - | High
|
||||
206 | [37.49.230.185](https://vuldb.com/?ip.37.49.230.185) | - | - | High
|
||||
207 | [37.120.208.36](https://vuldb.com/?ip.37.120.208.36) | - | - | High
|
||||
208 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
|
||||
209 | [37.120.212.235](https://vuldb.com/?ip.37.120.212.235) | - | - | High
|
||||
210 | [37.120.217.243](https://vuldb.com/?ip.37.120.217.243) | - | - | High
|
||||
211 | [37.120.247.24](https://vuldb.com/?ip.37.120.247.24) | - | - | High
|
||||
212 | [37.196.152.120](https://vuldb.com/?ip.37.196.152.120) | m37-196-152-120.cust.tele2.se | - | High
|
||||
213 | [37.221.121.20](https://vuldb.com/?ip.37.221.121.20) | chvt-mail-129.stashkeen.com | - | High
|
||||
214 | [37.221.122.76](https://vuldb.com/?ip.37.221.122.76) | server.modernizmir.net | - | High
|
||||
215 | [37.249.78.26](https://vuldb.com/?ip.37.249.78.26) | apn-37-249-78-26.dynamic.gprs.plus.pl | - | High
|
||||
216 | [38.17.51.104](https://vuldb.com/?ip.38.17.51.104) | - | - | High
|
||||
217 | [38.47.205.151](https://vuldb.com/?ip.38.47.205.151) | - | - | High
|
||||
218 | [38.105.209.167](https://vuldb.com/?ip.38.105.209.167) | vmi737189.contaboserver.net | - | High
|
||||
219 | [38.130.221.190](https://vuldb.com/?ip.38.130.221.190) | 38.130.221.190.hosted.at.cloudsouth.com | - | High
|
||||
220 | [38.132.99.156](https://vuldb.com/?ip.38.132.99.156) | - | - | High
|
||||
221 | [38.242.242.149](https://vuldb.com/?ip.38.242.242.149) | vmi1313701.contaboserver.net | - | High
|
||||
222 | [40.90.210.21](https://vuldb.com/?ip.40.90.210.21) | - | - | High
|
||||
223 | [40.113.131.31](https://vuldb.com/?ip.40.113.131.31) | - | - | High
|
||||
224 | [40.118.53.192](https://vuldb.com/?ip.40.118.53.192) | - | - | High
|
||||
225 | [40.122.131.23](https://vuldb.com/?ip.40.122.131.23) | - | - | High
|
||||
226 | [41.72.146.10](https://vuldb.com/?ip.41.72.146.10) | - | - | High
|
||||
227 | [41.141.211.80](https://vuldb.com/?ip.41.141.211.80) | - | - | High
|
||||
228 | [41.216.183.61](https://vuldb.com/?ip.41.216.183.61) | - | - | High
|
||||
229 | [41.216.183.175](https://vuldb.com/?ip.41.216.183.175) | - | - | High
|
||||
230 | [41.250.187.176](https://vuldb.com/?ip.41.250.187.176) | - | - | High
|
||||
231 | [41.251.4.158](https://vuldb.com/?ip.41.251.4.158) | - | - | High
|
||||
232 | [41.251.51.168](https://vuldb.com/?ip.41.251.51.168) | - | - | High
|
||||
233 | [43.138.160.55](https://vuldb.com/?ip.43.138.160.55) | - | - | High
|
||||
234 | [43.139.124.22](https://vuldb.com/?ip.43.139.124.22) | - | - | High
|
||||
235 | [43.154.97.109](https://vuldb.com/?ip.43.154.97.109) | - | - | High
|
||||
236 | [43.226.49.147](https://vuldb.com/?ip.43.226.49.147) | - | - | High
|
||||
237 | [43.249.30.55](https://vuldb.com/?ip.43.249.30.55) | - | - | High
|
||||
238 | [44.192.67.149](https://vuldb.com/?ip.44.192.67.149) | ec2-44-192-67-149.compute-1.amazonaws.com | - | Medium
|
||||
239 | [45.12.253.31](https://vuldb.com/?ip.45.12.253.31) | - | - | High
|
||||
240 | [45.12.253.58](https://vuldb.com/?ip.45.12.253.58) | - | - | High
|
||||
241 | [45.14.224.94](https://vuldb.com/?ip.45.14.224.94) | web117.excw.nl | - | High
|
||||
242 | [45.15.143.183](https://vuldb.com/?ip.45.15.143.183) | - | - | High
|
||||
243 | [45.15.143.191](https://vuldb.com/?ip.45.15.143.191) | - | - | High
|
||||
244 | [45.15.143.199](https://vuldb.com/?ip.45.15.143.199) | - | - | High
|
||||
245 | [45.32.99.249](https://vuldb.com/?ip.45.32.99.249) | 45.32.99.249.vultrusercontent.com | - | High
|
||||
246 | [45.32.211.35](https://vuldb.com/?ip.45.32.211.35) | 45.32.211.35.vultrusercontent.com | - | High
|
||||
247 | [45.58.190.125](https://vuldb.com/?ip.45.58.190.125) | - | - | High
|
||||
248 | [45.66.248.114](https://vuldb.com/?ip.45.66.248.114) | - | - | High
|
||||
249 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
250 | [45.74.38.17](https://vuldb.com/?ip.45.74.38.17) | - | - | High
|
||||
251 | [45.76.56.26](https://vuldb.com/?ip.45.76.56.26) | 45.76.56.26.vultrusercontent.com | - | High
|
||||
252 | [45.77.142.82](https://vuldb.com/?ip.45.77.142.82) | 45.77.142.82.vultrusercontent.com | - | High
|
||||
253 | [45.80.29.139](https://vuldb.com/?ip.45.80.29.139) | hostifox.com.tr | - | High
|
||||
254 | [45.80.158.57](https://vuldb.com/?ip.45.80.158.57) | - | - | High
|
||||
255 | [45.80.158.65](https://vuldb.com/?ip.45.80.158.65) | - | - | High
|
||||
256 | [45.80.158.108](https://vuldb.com/?ip.45.80.158.108) | - | - | High
|
||||
257 | [45.80.158.114](https://vuldb.com/?ip.45.80.158.114) | - | - | High
|
||||
258 | [45.80.158.127](https://vuldb.com/?ip.45.80.158.127) | - | - | High
|
||||
259 | [45.80.158.160](https://vuldb.com/?ip.45.80.158.160) | - | - | High
|
||||
260 | [45.80.158.237](https://vuldb.com/?ip.45.80.158.237) | - | - | High
|
||||
261 | [45.81.243.217](https://vuldb.com/?ip.45.81.243.217) | - | - | High
|
||||
262 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
263 | [45.88.67.12](https://vuldb.com/?ip.45.88.67.12) | - | - | High
|
||||
264 | [45.88.79.224](https://vuldb.com/?ip.45.88.79.224) | free.example.com | - | High
|
||||
265 | [45.92.1.24](https://vuldb.com/?ip.45.92.1.24) | - | - | High
|
||||
266 | [45.92.1.59](https://vuldb.com/?ip.45.92.1.59) | - | - | High
|
||||
267 | [45.92.1.71](https://vuldb.com/?ip.45.92.1.71) | - | - | High
|
||||
268 | [45.95.168.110](https://vuldb.com/?ip.45.95.168.110) | news.maxko.hr | - | High
|
||||
269 | [45.95.168.116](https://vuldb.com/?ip.45.95.168.116) | maxko-hosting.com | - | High
|
||||
270 | [45.95.169.112](https://vuldb.com/?ip.45.95.169.112) | xdhmhs.com | - | High
|
||||
271 | [45.119.84.166](https://vuldb.com/?ip.45.119.84.166) | - | - | High
|
||||
272 | [45.131.1.70](https://vuldb.com/?ip.45.131.1.70) | ip.serverscity.net | - | High
|
||||
273 | [45.133.1.47](https://vuldb.com/?ip.45.133.1.47) | - | - | High
|
||||
274 | [45.133.1.152](https://vuldb.com/?ip.45.133.1.152) | - | - | High
|
||||
275 | [45.133.174.122](https://vuldb.com/?ip.45.133.174.122) | - | - | High
|
||||
276 | [45.134.140.152](https://vuldb.com/?ip.45.134.140.152) | unn-45-134-140-152.datapacket.com | - | High
|
||||
277 | [45.134.142.193](https://vuldb.com/?ip.45.134.142.193) | unn-45-134-142-193.datapacket.com | - | High
|
||||
278 | [45.134.142.211](https://vuldb.com/?ip.45.134.142.211) | unn-45-134-142-211.datapacket.com | - | High
|
||||
279 | [45.136.4.99](https://vuldb.com/?ip.45.136.4.99) | host-45.136.4.99.saga.net.tr | - | High
|
||||
280 | [45.136.4.101](https://vuldb.com/?ip.45.136.4.101) | host-45.136.4.101.saga.net.tr | - | High
|
||||
281 | ... | ... | ... | ...
|
||||
17 | [2.58.56.143](https://vuldb.com/?ip.2.58.56.143) | powered.by.rdp.sh | - | High
|
||||
18 | [2.58.56.148](https://vuldb.com/?ip.2.58.56.148) | powered.by.rdp.sh | - | High
|
||||
19 | [2.58.56.183](https://vuldb.com/?ip.2.58.56.183) | powered.by.rdp.sh | - | High
|
||||
20 | [2.58.56.243](https://vuldb.com/?ip.2.58.56.243) | powered.by.rdp.sh | - | High
|
||||
21 | [2.59.119.56](https://vuldb.com/?ip.2.59.119.56) | lumajobedis.site | - | High
|
||||
22 | [2.59.119.66](https://vuldb.com/?ip.2.59.119.66) | webmafyasi.net | - | High
|
||||
23 | [2.59.119.84](https://vuldb.com/?ip.2.59.119.84) | cukurovayasam.com | - | High
|
||||
24 | [2.207.101.83](https://vuldb.com/?ip.2.207.101.83) | dslb-002-207-101-083.002.207.pools.vodafone-ip.de | - | High
|
||||
25 | [2.224.144.191](https://vuldb.com/?ip.2.224.144.191) | 2-224-144-191.ip170.fastwebnet.it | - | High
|
||||
26 | [3.13.191.225](https://vuldb.com/?ip.3.13.191.225) | ec2-3-13-191-225.us-east-2.compute.amazonaws.com | - | Medium
|
||||
27 | [3.19.130.43](https://vuldb.com/?ip.3.19.130.43) | ec2-3-19-130-43.us-east-2.compute.amazonaws.com | - | Medium
|
||||
28 | [3.66.38.117](https://vuldb.com/?ip.3.66.38.117) | ec2-3-66-38-117.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
29 | [3.68.95.191](https://vuldb.com/?ip.3.68.95.191) | ec2-3-68-95-191.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
30 | [3.68.171.119](https://vuldb.com/?ip.3.68.171.119) | ec2-3-68-171-119.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
31 | [3.69.115.178](https://vuldb.com/?ip.3.69.115.178) | ec2-3-69-115-178.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
32 | [3.69.157.220](https://vuldb.com/?ip.3.69.157.220) | ec2-3-69-157-220.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
33 | [3.125.115.192](https://vuldb.com/?ip.3.125.115.192) | ec2-3-125-115-192.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
34 | [3.129.187.220](https://vuldb.com/?ip.3.129.187.220) | ec2-3-129-187-220.us-east-2.compute.amazonaws.com | - | Medium
|
||||
35 | [3.136.65.236](https://vuldb.com/?ip.3.136.65.236) | ec2-3-136-65-236.us-east-2.compute.amazonaws.com | - | Medium
|
||||
36 | [3.138.45.170](https://vuldb.com/?ip.3.138.45.170) | ec2-3-138-45-170.us-east-2.compute.amazonaws.com | - | Medium
|
||||
37 | [3.138.180.119](https://vuldb.com/?ip.3.138.180.119) | ec2-3-138-180-119.us-east-2.compute.amazonaws.com | - | Medium
|
||||
38 | [3.138.228.94](https://vuldb.com/?ip.3.138.228.94) | ec2-3-138-228-94.us-east-2.compute.amazonaws.com | - | Medium
|
||||
39 | [3.141.142.211](https://vuldb.com/?ip.3.141.142.211) | ec2-3-141-142-211.us-east-2.compute.amazonaws.com | - | Medium
|
||||
40 | [3.141.210.37](https://vuldb.com/?ip.3.141.210.37) | ec2-3-141-210-37.us-east-2.compute.amazonaws.com | - | Medium
|
||||
41 | [3.142.81.166](https://vuldb.com/?ip.3.142.81.166) | ec2-3-142-81-166.us-east-2.compute.amazonaws.com | - | Medium
|
||||
42 | [3.142.129.56](https://vuldb.com/?ip.3.142.129.56) | ec2-3-142-129-56.us-east-2.compute.amazonaws.com | - | Medium
|
||||
43 | [3.142.167.4](https://vuldb.com/?ip.3.142.167.4) | ec2-3-142-167-4.us-east-2.compute.amazonaws.com | - | Medium
|
||||
44 | [3.142.167.54](https://vuldb.com/?ip.3.142.167.54) | ec2-3-142-167-54.us-east-2.compute.amazonaws.com | - | Medium
|
||||
45 | [3.144.124.4](https://vuldb.com/?ip.3.144.124.4) | ec2-3-144-124-4.us-east-2.compute.amazonaws.com | - | Medium
|
||||
46 | [3.219.26.62](https://vuldb.com/?ip.3.219.26.62) | ec2-3-219-26-62.compute-1.amazonaws.com | - | Medium
|
||||
47 | [3.237.100.172](https://vuldb.com/?ip.3.237.100.172) | ec2-3-237-100-172.compute-1.amazonaws.com | - | Medium
|
||||
48 | [4.227.187.147](https://vuldb.com/?ip.4.227.187.147) | - | - | High
|
||||
49 | [4.229.235.23](https://vuldb.com/?ip.4.229.235.23) | - | - | High
|
||||
50 | [4.231.233.180](https://vuldb.com/?ip.4.231.233.180) | - | - | High
|
||||
51 | [5.39.15.167](https://vuldb.com/?ip.5.39.15.167) | - | - | High
|
||||
52 | [5.68.138.73](https://vuldb.com/?ip.5.68.138.73) | 05448a49.skybroadband.com | - | High
|
||||
53 | [5.68.199.16](https://vuldb.com/?ip.5.68.199.16) | 0544c710.skybroadband.com | - | High
|
||||
54 | [5.78.65.18](https://vuldb.com/?ip.5.78.65.18) | static.18.65.78.5.clients.your-server.de | - | High
|
||||
55 | [5.161.76.198](https://vuldb.com/?ip.5.161.76.198) | static.198.76.161.5.clients.your-server.de | - | High
|
||||
56 | [5.161.115.90](https://vuldb.com/?ip.5.161.115.90) | static.90.115.161.5.clients.your-server.de | - | High
|
||||
57 | [5.161.139.136](https://vuldb.com/?ip.5.161.139.136) | static.136.139.161.5.clients.your-server.de | - | High
|
||||
58 | [5.161.192.28](https://vuldb.com/?ip.5.161.192.28) | static.28.192.161.5.clients.your-server.de | - | High
|
||||
59 | [5.180.104.172](https://vuldb.com/?ip.5.180.104.172) | protection.sdflare.com | - | High
|
||||
60 | [5.180.107.130](https://vuldb.com/?ip.5.180.107.130) | ip.serverscity.net | - | High
|
||||
61 | [5.181.80.120](https://vuldb.com/?ip.5.181.80.120) | alarmedbook.de | - | High
|
||||
62 | [5.181.234.149](https://vuldb.com/?ip.5.181.234.149) | - | - | High
|
||||
63 | [5.188.51.32](https://vuldb.com/?ip.5.188.51.32) | vps.43284172.llhost-inc.eu | - | High
|
||||
64 | [5.188.86.237](https://vuldb.com/?ip.5.188.86.237) | - | - | High
|
||||
65 | [5.196.35.57](https://vuldb.com/?ip.5.196.35.57) | ip57.ip-5-196-35.eu | - | High
|
||||
66 | [5.196.102.93](https://vuldb.com/?ip.5.196.102.93) | ip93.ip-5-196-102.eu | - | High
|
||||
67 | [5.196.174.49](https://vuldb.com/?ip.5.196.174.49) | - | - | High
|
||||
68 | [5.224.222.63](https://vuldb.com/?ip.5.224.222.63) | 5-224-222-63.red-acceso.airtel.net | - | High
|
||||
69 | [5.224.222.214](https://vuldb.com/?ip.5.224.222.214) | 5-224-222-214.red-acceso.airtel.net | - | High
|
||||
70 | [5.230.68.234](https://vuldb.com/?ip.5.230.68.234) | placeholder.noezserver.de | - | High
|
||||
71 | [5.230.69.11](https://vuldb.com/?ip.5.230.69.11) | placeholder.noezserver.de | - | High
|
||||
72 | [5.230.70.13](https://vuldb.com/?ip.5.230.70.13) | placeholder.noezserver.de | - | High
|
||||
73 | [5.230.70.106](https://vuldb.com/?ip.5.230.70.106) | placeholder.noezserver.de | - | High
|
||||
74 | [5.230.72.132](https://vuldb.com/?ip.5.230.72.132) | placeholder.noezserver.de | - | High
|
||||
75 | [5.230.84.50](https://vuldb.com/?ip.5.230.84.50) | - | - | High
|
||||
76 | [5.249.165.85](https://vuldb.com/?ip.5.249.165.85) | vps-zap756760-2.zap-srv.com | - | High
|
||||
77 | [5.252.165.130](https://vuldb.com/?ip.5.252.165.130) | - | - | High
|
||||
78 | [8.39.147.42](https://vuldb.com/?ip.8.39.147.42) | jinis.co.uk | - | High
|
||||
79 | [8.210.121.56](https://vuldb.com/?ip.8.210.121.56) | - | - | High
|
||||
80 | [13.36.178.139](https://vuldb.com/?ip.13.36.178.139) | ec2-13-36-178-139.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
81 | [13.59.15.185](https://vuldb.com/?ip.13.59.15.185) | ec2-13-59-15-185.us-east-2.compute.amazonaws.com | - | Medium
|
||||
82 | [13.66.153.98](https://vuldb.com/?ip.13.66.153.98) | - | - | High
|
||||
83 | [13.72.107.36](https://vuldb.com/?ip.13.72.107.36) | - | - | High
|
||||
84 | [13.76.94.179](https://vuldb.com/?ip.13.76.94.179) | - | - | High
|
||||
85 | [13.77.222.211](https://vuldb.com/?ip.13.77.222.211) | - | - | High
|
||||
86 | [13.233.168.154](https://vuldb.com/?ip.13.233.168.154) | ec2-13-233-168-154.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
87 | [14.17.115.109](https://vuldb.com/?ip.14.17.115.109) | - | - | High
|
||||
88 | [14.173.70.169](https://vuldb.com/?ip.14.173.70.169) | static.vnpt.vn | - | High
|
||||
89 | [14.186.155.171](https://vuldb.com/?ip.14.186.155.171) | static.vnpt.vn | - | High
|
||||
90 | [14.191.50.101](https://vuldb.com/?ip.14.191.50.101) | static.vnpt.vn | - | High
|
||||
91 | [15.165.236.45](https://vuldb.com/?ip.15.165.236.45) | ec2-15-165-236-45.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
92 | [15.204.170.1](https://vuldb.com/?ip.15.204.170.1) | ip1.ip-15-204-170.us | - | High
|
||||
93 | [15.235.10.108](https://vuldb.com/?ip.15.235.10.108) | ns5008350.ip-15-235-10.net | - | High
|
||||
94 | [15.235.13.122](https://vuldb.com/?ip.15.235.13.122) | ns5009176.ip-15-235-13.net | - | High
|
||||
95 | [18.133.124.202](https://vuldb.com/?ip.18.133.124.202) | ec2-18-133-124-202.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
96 | [18.139.9.214](https://vuldb.com/?ip.18.139.9.214) | ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
97 | [18.141.129.246](https://vuldb.com/?ip.18.141.129.246) | ec2-18-141-129-246.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
98 | [18.188.14.8](https://vuldb.com/?ip.18.188.14.8) | ec2-18-188-14-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
99 | [18.192.31.165](https://vuldb.com/?ip.18.192.31.165) | ec2-18-192-31-165.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
100 | [18.195.138.26](https://vuldb.com/?ip.18.195.138.26) | ec2-18-195-138-26.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
101 | [18.207.218.15](https://vuldb.com/?ip.18.207.218.15) | ec2-18-207-218-15.compute-1.amazonaws.com | - | Medium
|
||||
102 | [20.4.6.16](https://vuldb.com/?ip.20.4.6.16) | - | - | High
|
||||
103 | [20.8.122.174](https://vuldb.com/?ip.20.8.122.174) | - | - | High
|
||||
104 | [20.12.204.46](https://vuldb.com/?ip.20.12.204.46) | - | - | High
|
||||
105 | [20.16.8.148](https://vuldb.com/?ip.20.16.8.148) | - | - | High
|
||||
106 | [20.25.94.83](https://vuldb.com/?ip.20.25.94.83) | - | - | High
|
||||
107 | [20.42.114.46](https://vuldb.com/?ip.20.42.114.46) | - | - | High
|
||||
108 | [20.52.33.123](https://vuldb.com/?ip.20.52.33.123) | - | - | High
|
||||
109 | [20.52.138.14](https://vuldb.com/?ip.20.52.138.14) | - | - | High
|
||||
110 | [20.52.142.130](https://vuldb.com/?ip.20.52.142.130) | - | - | High
|
||||
111 | [20.52.151.53](https://vuldb.com/?ip.20.52.151.53) | - | - | High
|
||||
112 | [20.52.178.148](https://vuldb.com/?ip.20.52.178.148) | - | - | High
|
||||
113 | [20.54.113.5](https://vuldb.com/?ip.20.54.113.5) | - | - | High
|
||||
114 | [20.62.3.66](https://vuldb.com/?ip.20.62.3.66) | - | - | High
|
||||
115 | [20.67.243.141](https://vuldb.com/?ip.20.67.243.141) | - | - | High
|
||||
116 | [20.68.110.75](https://vuldb.com/?ip.20.68.110.75) | - | - | High
|
||||
117 | [20.69.124.187](https://vuldb.com/?ip.20.69.124.187) | - | - | High
|
||||
118 | [20.69.152.28](https://vuldb.com/?ip.20.69.152.28) | - | - | High
|
||||
119 | [20.77.254.176](https://vuldb.com/?ip.20.77.254.176) | - | - | High
|
||||
120 | [20.83.245.27](https://vuldb.com/?ip.20.83.245.27) | - | - | High
|
||||
121 | [20.86.25.230](https://vuldb.com/?ip.20.86.25.230) | - | - | High
|
||||
122 | [20.98.96.97](https://vuldb.com/?ip.20.98.96.97) | - | - | High
|
||||
123 | [20.98.113.24](https://vuldb.com/?ip.20.98.113.24) | - | - | High
|
||||
124 | [20.98.203.218](https://vuldb.com/?ip.20.98.203.218) | - | - | High
|
||||
125 | [20.100.196.69](https://vuldb.com/?ip.20.100.196.69) | - | - | High
|
||||
126 | [20.107.115.162](https://vuldb.com/?ip.20.107.115.162) | - | - | High
|
||||
127 | [20.108.44.45](https://vuldb.com/?ip.20.108.44.45) | - | - | High
|
||||
128 | [20.111.19.215](https://vuldb.com/?ip.20.111.19.215) | - | - | High
|
||||
129 | [20.111.34.199](https://vuldb.com/?ip.20.111.34.199) | - | - | High
|
||||
130 | [20.111.63.231](https://vuldb.com/?ip.20.111.63.231) | - | - | High
|
||||
131 | [20.113.159.145](https://vuldb.com/?ip.20.113.159.145) | - | - | High
|
||||
132 | [20.114.139.208](https://vuldb.com/?ip.20.114.139.208) | - | - | High
|
||||
133 | [20.117.208.193](https://vuldb.com/?ip.20.117.208.193) | - | - | High
|
||||
134 | [20.123.180.103](https://vuldb.com/?ip.20.123.180.103) | - | - | High
|
||||
135 | [20.125.118.35](https://vuldb.com/?ip.20.125.118.35) | - | - | High
|
||||
136 | [20.125.122.98](https://vuldb.com/?ip.20.125.122.98) | - | - | High
|
||||
137 | [20.127.4.172](https://vuldb.com/?ip.20.127.4.172) | - | - | High
|
||||
138 | [20.150.193.28](https://vuldb.com/?ip.20.150.193.28) | - | - | High
|
||||
139 | [20.151.221.59](https://vuldb.com/?ip.20.151.221.59) | - | - | High
|
||||
140 | [20.166.62.124](https://vuldb.com/?ip.20.166.62.124) | - | - | High
|
||||
141 | [20.169.37.196](https://vuldb.com/?ip.20.169.37.196) | - | - | High
|
||||
142 | [20.169.104.228](https://vuldb.com/?ip.20.169.104.228) | - | - | High
|
||||
143 | [20.171.107.243](https://vuldb.com/?ip.20.171.107.243) | - | - | High
|
||||
144 | [20.184.2.45](https://vuldb.com/?ip.20.184.2.45) | - | - | High
|
||||
145 | [20.197.177.229](https://vuldb.com/?ip.20.197.177.229) | - | - | High
|
||||
146 | [20.197.196.201](https://vuldb.com/?ip.20.197.196.201) | - | - | High
|
||||
147 | [20.197.226.40](https://vuldb.com/?ip.20.197.226.40) | - | - | High
|
||||
148 | [20.199.101.68](https://vuldb.com/?ip.20.199.101.68) | - | - | High
|
||||
149 | [20.199.112.16](https://vuldb.com/?ip.20.199.112.16) | - | - | High
|
||||
150 | [20.199.120.149](https://vuldb.com/?ip.20.199.120.149) | - | - | High
|
||||
151 | [20.199.121.197](https://vuldb.com/?ip.20.199.121.197) | - | - | High
|
||||
152 | [20.200.63.2](https://vuldb.com/?ip.20.200.63.2) | - | - | High
|
||||
153 | [20.203.178.116](https://vuldb.com/?ip.20.203.178.116) | - | - | High
|
||||
154 | [20.211.5.151](https://vuldb.com/?ip.20.211.5.151) | - | - | High
|
||||
155 | [20.212.19.59](https://vuldb.com/?ip.20.212.19.59) | - | - | High
|
||||
156 | [20.224.162.224](https://vuldb.com/?ip.20.224.162.224) | - | - | High
|
||||
157 | [20.226.0.95](https://vuldb.com/?ip.20.226.0.95) | - | - | High
|
||||
158 | [20.226.101.17](https://vuldb.com/?ip.20.226.101.17) | - | - | High
|
||||
159 | [20.226.120.127](https://vuldb.com/?ip.20.226.120.127) | - | - | High
|
||||
160 | [20.238.78.172](https://vuldb.com/?ip.20.238.78.172) | - | - | High
|
||||
161 | [20.240.61.211](https://vuldb.com/?ip.20.240.61.211) | - | - | High
|
||||
162 | [23.94.82.24](https://vuldb.com/?ip.23.94.82.24) | 23-94-82-24-host.colocrossing.com | - | High
|
||||
163 | [23.94.159.212](https://vuldb.com/?ip.23.94.159.212) | 23-94-159-212-host.colocrossing.com | - | High
|
||||
164 | [23.94.236.147](https://vuldb.com/?ip.23.94.236.147) | 23-94-236-147-host.colocrossing.com | - | High
|
||||
165 | [23.95.13.189](https://vuldb.com/?ip.23.95.13.189) | 23-95-13-189-host.colocrossing.com | - | High
|
||||
166 | [23.95.115.74](https://vuldb.com/?ip.23.95.115.74) | rawss.futurce.org.uk | - | High
|
||||
167 | [23.101.143.72](https://vuldb.com/?ip.23.101.143.72) | - | - | High
|
||||
168 | [23.101.213.237](https://vuldb.com/?ip.23.101.213.237) | - | - | High
|
||||
169 | [23.102.1.5](https://vuldb.com/?ip.23.102.1.5) | - | - | High
|
||||
170 | [23.102.122.72](https://vuldb.com/?ip.23.102.122.72) | - | - | High
|
||||
171 | [23.102.129.234](https://vuldb.com/?ip.23.102.129.234) | - | - | High
|
||||
172 | [23.105.131.196](https://vuldb.com/?ip.23.105.131.196) | mail196.nessfist.com | - | High
|
||||
173 | [23.105.131.207](https://vuldb.com/?ip.23.105.131.207) | mail207.nessfist.com | - | High
|
||||
174 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | mail209.nessfist.com | - | High
|
||||
175 | [23.105.131.212](https://vuldb.com/?ip.23.105.131.212) | mail212.nessfist.com | - | High
|
||||
176 | [23.105.131.236](https://vuldb.com/?ip.23.105.131.236) | mail236.nessfist.com | - | High
|
||||
177 | [23.105.131.239](https://vuldb.com/?ip.23.105.131.239) | mail239.nessfist.com | - | High
|
||||
178 | [23.129.232.160](https://vuldb.com/?ip.23.129.232.160) | - | - | High
|
||||
179 | [23.146.242.100](https://vuldb.com/?ip.23.146.242.100) | - | - | High
|
||||
180 | [23.226.77.22](https://vuldb.com/?ip.23.226.77.22) | we.love.servers.at.ioflood.net | - | High
|
||||
181 | [23.237.25.246](https://vuldb.com/?ip.23.237.25.246) | - | - | High
|
||||
182 | [23.238.217.173](https://vuldb.com/?ip.23.238.217.173) | orja4.teki.notredamians.org | - | High
|
||||
183 | [23.254.130.126](https://vuldb.com/?ip.23.254.130.126) | hwsrv-1069616.hostwindsdns.com | - | High
|
||||
184 | [23.254.227.121](https://vuldb.com/?ip.23.254.227.121) | hwsrv-1063912.hostwindsdns.com | - | High
|
||||
185 | [23.254.231.83](https://vuldb.com/?ip.23.254.231.83) | hwsrv-1070248.hostwindsdns.com | - | High
|
||||
186 | [31.41.244.135](https://vuldb.com/?ip.31.41.244.135) | - | - | High
|
||||
187 | [31.170.22.28](https://vuldb.com/?ip.31.170.22.28) | - | - | High
|
||||
188 | [31.192.236.139](https://vuldb.com/?ip.31.192.236.139) | winupdate02.pserver.ru | - | High
|
||||
189 | [31.210.20.79](https://vuldb.com/?ip.31.210.20.79) | - | - | High
|
||||
190 | [31.210.20.167](https://vuldb.com/?ip.31.210.20.167) | - | - | High
|
||||
191 | [31.210.20.192](https://vuldb.com/?ip.31.210.20.192) | - | - | High
|
||||
192 | [31.210.21.188](https://vuldb.com/?ip.31.210.21.188) | linir.top | - | High
|
||||
193 | [34.69.119.138](https://vuldb.com/?ip.34.69.119.138) | 138.119.69.34.bc.googleusercontent.com | - | Medium
|
||||
194 | [34.71.81.158](https://vuldb.com/?ip.34.71.81.158) | 158.81.71.34.bc.googleusercontent.com | - | Medium
|
||||
195 | [34.125.144.45](https://vuldb.com/?ip.34.125.144.45) | 45.144.125.34.bc.googleusercontent.com | - | Medium
|
||||
196 | [34.140.211.85](https://vuldb.com/?ip.34.140.211.85) | 85.211.140.34.bc.googleusercontent.com | - | Medium
|
||||
197 | [35.239.113.160](https://vuldb.com/?ip.35.239.113.160) | 160.113.239.35.bc.googleusercontent.com | - | Medium
|
||||
198 | [36.255.96.200](https://vuldb.com/?ip.36.255.96.200) | - | - | High
|
||||
199 | [37.0.8.17](https://vuldb.com/?ip.37.0.8.17) | stokes.springtimemartialarts.com | - | High
|
||||
200 | [37.0.8.20](https://vuldb.com/?ip.37.0.8.20) | jacksonirwin.springtimemartialarts.com | - | High
|
||||
201 | [37.0.8.67](https://vuldb.com/?ip.37.0.8.67) | willis.capitolreservations.com | - | High
|
||||
202 | [37.0.8.93](https://vuldb.com/?ip.37.0.8.93) | shawtran.capitolreservations.com | - | High
|
||||
203 | [37.0.8.191](https://vuldb.com/?ip.37.0.8.191) | frederick.athinneru.com | - | High
|
||||
204 | [37.0.10.214](https://vuldb.com/?ip.37.0.10.214) | - | - | High
|
||||
205 | [37.0.11.45](https://vuldb.com/?ip.37.0.11.45) | - | - | High
|
||||
206 | [37.0.11.246](https://vuldb.com/?ip.37.0.11.246) | - | - | High
|
||||
207 | [37.0.14.196](https://vuldb.com/?ip.37.0.14.196) | - | - | High
|
||||
208 | [37.0.14.197](https://vuldb.com/?ip.37.0.14.197) | - | - | High
|
||||
209 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
210 | [37.0.14.203](https://vuldb.com/?ip.37.0.14.203) | - | - | High
|
||||
211 | [37.0.14.204](https://vuldb.com/?ip.37.0.14.204) | - | - | High
|
||||
212 | [37.49.230.185](https://vuldb.com/?ip.37.49.230.185) | - | - | High
|
||||
213 | [37.120.208.36](https://vuldb.com/?ip.37.120.208.36) | - | - | High
|
||||
214 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
|
||||
215 | [37.120.212.235](https://vuldb.com/?ip.37.120.212.235) | - | - | High
|
||||
216 | [37.120.217.243](https://vuldb.com/?ip.37.120.217.243) | - | - | High
|
||||
217 | [37.120.247.24](https://vuldb.com/?ip.37.120.247.24) | - | - | High
|
||||
218 | [37.196.152.120](https://vuldb.com/?ip.37.196.152.120) | m37-196-152-120.cust.tele2.se | - | High
|
||||
219 | [37.221.121.20](https://vuldb.com/?ip.37.221.121.20) | chvt-mail-129.stashkeen.com | - | High
|
||||
220 | [37.221.122.76](https://vuldb.com/?ip.37.221.122.76) | server.modernizmir.net | - | High
|
||||
221 | [37.249.78.26](https://vuldb.com/?ip.37.249.78.26) | apn-37-249-78-26.dynamic.gprs.plus.pl | - | High
|
||||
222 | [38.17.51.104](https://vuldb.com/?ip.38.17.51.104) | - | - | High
|
||||
223 | [38.47.205.151](https://vuldb.com/?ip.38.47.205.151) | - | - | High
|
||||
224 | [38.105.209.167](https://vuldb.com/?ip.38.105.209.167) | vmi737189.contaboserver.net | - | High
|
||||
225 | [38.130.221.190](https://vuldb.com/?ip.38.130.221.190) | 38.130.221.190.hosted.at.cloudsouth.com | - | High
|
||||
226 | [38.132.99.156](https://vuldb.com/?ip.38.132.99.156) | - | - | High
|
||||
227 | [38.242.242.149](https://vuldb.com/?ip.38.242.242.149) | vmi1313701.contaboserver.net | - | High
|
||||
228 | [40.90.210.21](https://vuldb.com/?ip.40.90.210.21) | - | - | High
|
||||
229 | [40.113.131.31](https://vuldb.com/?ip.40.113.131.31) | - | - | High
|
||||
230 | [40.118.53.192](https://vuldb.com/?ip.40.118.53.192) | - | - | High
|
||||
231 | [40.122.131.23](https://vuldb.com/?ip.40.122.131.23) | - | - | High
|
||||
232 | [41.72.146.10](https://vuldb.com/?ip.41.72.146.10) | - | - | High
|
||||
233 | [41.141.211.80](https://vuldb.com/?ip.41.141.211.80) | - | - | High
|
||||
234 | [41.216.183.61](https://vuldb.com/?ip.41.216.183.61) | - | - | High
|
||||
235 | [41.216.183.175](https://vuldb.com/?ip.41.216.183.175) | - | - | High
|
||||
236 | [41.250.187.176](https://vuldb.com/?ip.41.250.187.176) | - | - | High
|
||||
237 | [41.251.4.158](https://vuldb.com/?ip.41.251.4.158) | - | - | High
|
||||
238 | [41.251.51.168](https://vuldb.com/?ip.41.251.51.168) | - | - | High
|
||||
239 | [43.138.160.55](https://vuldb.com/?ip.43.138.160.55) | - | - | High
|
||||
240 | [43.139.124.22](https://vuldb.com/?ip.43.139.124.22) | - | - | High
|
||||
241 | [43.154.97.109](https://vuldb.com/?ip.43.154.97.109) | - | - | High
|
||||
242 | [43.226.49.147](https://vuldb.com/?ip.43.226.49.147) | - | - | High
|
||||
243 | [43.249.30.55](https://vuldb.com/?ip.43.249.30.55) | - | - | High
|
||||
244 | [44.192.67.149](https://vuldb.com/?ip.44.192.67.149) | ec2-44-192-67-149.compute-1.amazonaws.com | - | Medium
|
||||
245 | [45.12.253.31](https://vuldb.com/?ip.45.12.253.31) | - | - | High
|
||||
246 | [45.12.253.58](https://vuldb.com/?ip.45.12.253.58) | - | - | High
|
||||
247 | [45.14.224.94](https://vuldb.com/?ip.45.14.224.94) | web117.excw.nl | - | High
|
||||
248 | [45.15.143.183](https://vuldb.com/?ip.45.15.143.183) | - | - | High
|
||||
249 | [45.15.143.191](https://vuldb.com/?ip.45.15.143.191) | - | - | High
|
||||
250 | [45.15.143.199](https://vuldb.com/?ip.45.15.143.199) | - | - | High
|
||||
251 | [45.32.99.249](https://vuldb.com/?ip.45.32.99.249) | 45.32.99.249.vultrusercontent.com | - | High
|
||||
252 | [45.32.211.35](https://vuldb.com/?ip.45.32.211.35) | 45.32.211.35.vultrusercontent.com | - | High
|
||||
253 | [45.58.190.125](https://vuldb.com/?ip.45.58.190.125) | - | - | High
|
||||
254 | [45.66.248.114](https://vuldb.com/?ip.45.66.248.114) | - | - | High
|
||||
255 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
256 | [45.74.38.17](https://vuldb.com/?ip.45.74.38.17) | - | - | High
|
||||
257 | [45.76.56.26](https://vuldb.com/?ip.45.76.56.26) | 45.76.56.26.vultrusercontent.com | - | High
|
||||
258 | [45.77.142.82](https://vuldb.com/?ip.45.77.142.82) | 45.77.142.82.vultrusercontent.com | - | High
|
||||
259 | [45.80.29.139](https://vuldb.com/?ip.45.80.29.139) | hostifox.com.tr | - | High
|
||||
260 | [45.80.158.57](https://vuldb.com/?ip.45.80.158.57) | - | - | High
|
||||
261 | [45.80.158.65](https://vuldb.com/?ip.45.80.158.65) | - | - | High
|
||||
262 | [45.80.158.108](https://vuldb.com/?ip.45.80.158.108) | - | - | High
|
||||
263 | [45.80.158.114](https://vuldb.com/?ip.45.80.158.114) | - | - | High
|
||||
264 | [45.80.158.116](https://vuldb.com/?ip.45.80.158.116) | - | - | High
|
||||
265 | [45.80.158.127](https://vuldb.com/?ip.45.80.158.127) | - | - | High
|
||||
266 | [45.80.158.160](https://vuldb.com/?ip.45.80.158.160) | - | - | High
|
||||
267 | [45.80.158.237](https://vuldb.com/?ip.45.80.158.237) | - | - | High
|
||||
268 | [45.81.243.217](https://vuldb.com/?ip.45.81.243.217) | - | - | High
|
||||
269 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
270 | [45.88.67.12](https://vuldb.com/?ip.45.88.67.12) | - | - | High
|
||||
271 | [45.88.79.224](https://vuldb.com/?ip.45.88.79.224) | free.example.com | - | High
|
||||
272 | [45.92.1.24](https://vuldb.com/?ip.45.92.1.24) | - | - | High
|
||||
273 | [45.92.1.59](https://vuldb.com/?ip.45.92.1.59) | - | - | High
|
||||
274 | [45.92.1.71](https://vuldb.com/?ip.45.92.1.71) | - | - | High
|
||||
275 | [45.95.168.110](https://vuldb.com/?ip.45.95.168.110) | news.maxko.hr | - | High
|
||||
276 | [45.95.168.116](https://vuldb.com/?ip.45.95.168.116) | maxko-hosting.com | - | High
|
||||
277 | [45.95.169.112](https://vuldb.com/?ip.45.95.169.112) | xdhmhs.com | - | High
|
||||
278 | [45.119.84.166](https://vuldb.com/?ip.45.119.84.166) | - | - | High
|
||||
279 | [45.125.48.112](https://vuldb.com/?ip.45.125.48.112) | - | - | High
|
||||
280 | [45.131.1.70](https://vuldb.com/?ip.45.131.1.70) | ip.serverscity.net | - | High
|
||||
281 | [45.133.1.47](https://vuldb.com/?ip.45.133.1.47) | - | - | High
|
||||
282 | [45.133.1.152](https://vuldb.com/?ip.45.133.1.152) | - | - | High
|
||||
283 | [45.133.174.122](https://vuldb.com/?ip.45.133.174.122) | - | - | High
|
||||
284 | [45.134.140.152](https://vuldb.com/?ip.45.134.140.152) | unn-45-134-140-152.datapacket.com | - | High
|
||||
285 | [45.134.142.193](https://vuldb.com/?ip.45.134.142.193) | unn-45-134-142-193.datapacket.com | - | High
|
||||
286 | [45.134.142.211](https://vuldb.com/?ip.45.134.142.211) | unn-45-134-142-211.datapacket.com | - | High
|
||||
287 | [45.136.4.99](https://vuldb.com/?ip.45.136.4.99) | host-45.136.4.99.saga.net.tr | - | High
|
||||
288 | [45.136.4.101](https://vuldb.com/?ip.45.136.4.101) | host-45.136.4.101.saga.net.tr | - | High
|
||||
289 | [45.136.6.79](https://vuldb.com/?ip.45.136.6.79) | - | - | High
|
||||
290 | [45.137.22.41](https://vuldb.com/?ip.45.137.22.41) | hosted-by.rootlayer.net | - | High
|
||||
291 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
292 | ... | ... | ... | ...
|
||||
|
||||
There are 1121 more IOC items available. Please use our online service to access the data.
|
||||
There are 1162 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -311,11 +322,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-29, CWE-50, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -326,38 +337,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
2 | File | `/admin/?page=user/list` | High
|
||||
1 | File | `/admin/?page=user/list` | High
|
||||
2 | File | `/admin/addproduct.php` | High
|
||||
3 | File | `/admin/ajax.php?action=save_area` | High
|
||||
4 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
5 | File | `/admin/modal_add_product.php` | High
|
||||
6 | File | `/admin/reportupload.aspx` | High
|
||||
7 | File | `/admin/update_s6.php` | High
|
||||
8 | File | `/ajax.php?action=read_msg` | High
|
||||
9 | File | `/ajax.php?action=save_company` | High
|
||||
10 | File | `/ajax.php?action=save_user` | High
|
||||
11 | File | `/api/login` | Medium
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/bin/login` | Medium
|
||||
14 | File | `/dcim/rack-roles/` | High
|
||||
4 | File | `/admin/modal_add_product.php` | High
|
||||
5 | File | `/admin/update_s6.php` | High
|
||||
6 | File | `/ajax.php?action=read_msg` | High
|
||||
7 | File | `/ajax.php?action=save_company` | High
|
||||
8 | File | `/api/login` | Medium
|
||||
9 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
10 | File | `/authenticationendpoint/login.do` | High
|
||||
11 | File | `/bin/login` | Medium
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/changeimage.php` | High
|
||||
14 | File | `/classes/Users.php?f=save` | High
|
||||
15 | File | `/DXR.axd` | Medium
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
18 | File | `/kelas/data` | Medium
|
||||
19 | File | `/Login/CheckLogin` | High
|
||||
20 | File | `/menu.html` | Medium
|
||||
16 | File | `/env` | Low
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/goform/WifiGuestSet` | High
|
||||
19 | File | `/HNAP1` | Low
|
||||
20 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
21 | File | `/note/index/delete` | High
|
||||
22 | File | `/out.php` | Medium
|
||||
23 | File | `/services/indexing/preview` | High
|
||||
24 | ... | ... | ...
|
||||
23 | File | `/owa/auth/logon.aspx` | High
|
||||
24 | File | `/services/indexing/preview` | High
|
||||
25 | File | `/tmp/boa-temp` | High
|
||||
26 | File | `/userfs/bin/tcapi` | High
|
||||
27 | File | `/var/log/nginx` | High
|
||||
28 | File | `/wp-admin/admin-ajax.php` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 200 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 241 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://1275.ru/ioc/195/asyncrat-rat-iocs/
|
||||
* https://app.any.run/tasks/95160d1b-ccef-4cb0-96f3-db66219fc141
|
||||
* https://app.any.run/tasks/449279b2-867e-44d0-995b-3104cc4ca8b3
|
||||
* https://app.any.run/tasks/baf364d4-7ee4-4ccf-81b1-ede9751a429e
|
||||
* https://asec.ahnlab.com/en/36315/
|
||||
|
@ -462,6 +479,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/8ad036d5f41579768454931925f1a273c98834a033507154f1db95f962dfd45e/
|
||||
* https://bazaar.abuse.ch/sample/8b3bcce39aee0df9fc37b2f009ecc2e9c570c665f632c576f7ae8c2f32a87a1d/
|
||||
* https://bazaar.abuse.ch/sample/8b99770a23cd1e75ccd0d33d3bd17f33c95f35e101b33f3f11d539571f8ce94a/
|
||||
* https://bazaar.abuse.ch/sample/8c3057efae2cde8ec6748817e460e114af9379e63f3413609f3136567c1a7476/
|
||||
* https://bazaar.abuse.ch/sample/8ced69a3c6796be12a0433300b9935b4c63fe4817b0830e1965b07fffaa360df/
|
||||
* https://bazaar.abuse.ch/sample/8d49f4d62f32381186bb74d032803832867dc89aa8b9f039db8417da8f721a66/
|
||||
* https://bazaar.abuse.ch/sample/8d69095834bac3c4cc270b37c761cc10a1279c659dd8c77b82f86e45274a313a/
|
||||
|
@ -646,6 +664,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/2568251040acb82859e2944aac69d01701c95d89d3d28e30a02b5445a0946ca1/
|
||||
* https://bazaar.abuse.ch/sample/9218755901d3d68d1e17b5cc7782666a2abedfb09ecbf7b34cd30f4ab7cd15c1/
|
||||
* https://bazaar.abuse.ch/sample/367286675076c14b4d7adedc674cd1902200003f703975bbfae71f5dfcdc18a6/
|
||||
* https://bazaar.abuse.ch/sample/577047181197a34939a106666deec71d3e91e386deda32d412ef1e8b3de2b000/
|
||||
* https://bazaar.abuse.ch/sample/440568713266249eddfaaa8bf9666ce0ae4879a61fbea23e987acf352e89ef4a/
|
||||
* https://bazaar.abuse.ch/sample/8638697480078473d60b20cbeb522b7745dde8ae749159064356b0a31a825e88/
|
||||
* https://bazaar.abuse.ch/sample/a0bf6f09f394949c603b878ab42b001155d347e5812b59f09a2ab9d387d548f6/
|
||||
|
@ -684,10 +703,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/af6794ebbb7d1dd19893bb919c5881cb6d8c026afaf5931cae3c294e6baee7ea/
|
||||
* https://bazaar.abuse.ch/sample/af8558a48c8cd10691fc61aba79b6522807ff92a85fe833556445dba63f149d6/
|
||||
* https://bazaar.abuse.ch/sample/afcb71ef974b144b346c784c8e3c778ac5abe0217acb1c82352e6fda26e9bdbe/
|
||||
* https://bazaar.abuse.ch/sample/b0e1d8b8115f50b5e89ad950bb7f9d6df0c540c3eb8706656de8c3eb8992a690/
|
||||
* https://bazaar.abuse.ch/sample/b019743a2d8f648bbe2d91149e2b4d368ec619a279930421adc2ce6c50d8c098/
|
||||
* https://bazaar.abuse.ch/sample/b07ef4c584528991957dfbc17e62984fe06a6ae8ab441062b3d6910bbedf36b5/
|
||||
* https://bazaar.abuse.ch/sample/b3b6795b16eee2bbf70101ce54f0a3623faca88d941402b110ee4b55964b2066/
|
||||
* https://bazaar.abuse.ch/sample/b3c03aa6149be60b83639ba25785b99cdc709d5a1e9c025e9b7a79f6553b8b22/
|
||||
* https://bazaar.abuse.ch/sample/b5a07ffef279e824561d2fb7c6f3f8f2ce86f8fd407fd091820fa35f4dc3a99a/
|
||||
* https://bazaar.abuse.ch/sample/b5c98bb2d9391ffb93eea1ff796c1c924493c8e58160278c4ffe7ed3ba234ed2/
|
||||
* https://bazaar.abuse.ch/sample/b8ef460b24a26277b9d6a2a703a3b0e87485bb5ec442b40da6c71e181587b2d2/
|
||||
* https://bazaar.abuse.ch/sample/b11e3001340981c07bfba49edb915ffb4a8f599af6991179ea5d81a79a29c7fa/
|
||||
|
@ -751,6 +772,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/cdcc8531c42e3ede33c0ecbcb82f7a6e5445e959eee3796475258df830a18813/
|
||||
* https://bazaar.abuse.ch/sample/ce0530832a781bd0ca193f10973c554c051cbebd189339c2ff31b60638914a89/
|
||||
* https://bazaar.abuse.ch/sample/ce6c323cfd23a417fc1cf770b569a688779a0fe55278878fc76abc4ca6bc92df/
|
||||
* https://bazaar.abuse.ch/sample/ce19ced2d3f31d4e5393708d993dceca2717b59e6d58b76515cea0db262807c9/
|
||||
* https://bazaar.abuse.ch/sample/cf1de08c2a552617a6e8591a2bd25c72d597854e9564246a700329aa60b08be7/
|
||||
* https://bazaar.abuse.ch/sample/cf7197b0cda0b202978ad64f10b4eeb25c10774e4275558148cd47e7fd000fa6/
|
||||
* https://bazaar.abuse.ch/sample/cf9821c4c08a6d62cbe17ebc6c0d6ea40336c145e8e9369fe76505e1d3dc8674/
|
||||
|
@ -777,6 +799,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/dcb41f434fc87cd777cb31a8e6ec3bee26268ce246779ab1814b438d2e88288c/
|
||||
* https://bazaar.abuse.ch/sample/dcef9be7998958aa6f72aab41f6fb01c8bceb039b1fd111849c399bd5eab4fb4/
|
||||
* https://bazaar.abuse.ch/sample/de0cb500125d733becbdeb53cf7b3f1bace4dc91e54805007718970124ef6797/
|
||||
* https://bazaar.abuse.ch/sample/de1b9f6d4bf9909be6073eb4bb16b724a824e3d3d75baef2cfee19f538c79c7e/
|
||||
* https://bazaar.abuse.ch/sample/def82eea2b57f5b879e8e7c14eb6e0c5a6cd58874835c53f0cfd4ee18d30101e/
|
||||
* https://bazaar.abuse.ch/sample/df5958a9823d8990969a3a03a628e3e50eea124f457c38367a28202d3f431407/
|
||||
* https://bazaar.abuse.ch/sample/df6578f3c5e7c688dc42539aa6d4c874b010e2138ba0612034f158477f4e5286/
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
# AutoCAD Malware - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AutoCAD Malware](https://vuldb.com/?actor.autocad_malware). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.autocad_malware](https://vuldb.com/?actor.autocad_malware)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AutoCAD Malware:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AutoCAD Malware.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [98.126.72.138](https://vuldb.com/?ip.98.126.72.138) | 98.126.72.138.krypt.com | - | High
|
||||
2 | [98.126.72.139](https://vuldb.com/?ip.98.126.72.139) | 98.126.72.139.krypt.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AutoCAD Malware_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [LU](https://vuldb.com/?country.lu)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -31,13 +31,9 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
8 | [51.15.43.205](https://vuldb.com/?ip.51.15.43.205) | 205-43-15-51.instances.scw.cloud | - | High
|
||||
9 | [62.102.148.68](https://vuldb.com/?ip.62.102.148.68) | - | - | High
|
||||
10 | [62.102.148.69](https://vuldb.com/?ip.62.102.148.69) | - | - | High
|
||||
11 | [81.17.18.62](https://vuldb.com/?ip.81.17.18.62) | block1-che.interlayer.co.uk | - | High
|
||||
12 | [104.244.73.126](https://vuldb.com/?ip.104.244.73.126) | lu1.exit.tor.alkyl.eu.org | - | High
|
||||
13 | [109.201.133.100](https://vuldb.com/?ip.109.201.133.100) | . | - | High
|
||||
14 | [162.247.74.27](https://vuldb.com/?ip.162.247.74.27) | turing.tor-exit.calyxinstitute.org | - | High
|
||||
15 | ... | ... | ... | ...
|
||||
11 | ... | ... | ... | ...
|
||||
|
||||
There are 54 more IOC items available. Please use our online service to access the data.
|
||||
There are 40 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -46,13 +42,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -62,62 +58,64 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/admin` | Low
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/attendance_row.php` | High
|
||||
7 | File | `/admin/bookings/manage_booking.php` | High
|
||||
8 | File | `/admin/bookings/view_booking.php` | High
|
||||
9 | File | `/admin/bookings/view_details.php` | High
|
||||
3 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
4 | File | `/admin/addproduct.php` | High
|
||||
5 | File | `/admin/attendance_row.php` | High
|
||||
6 | File | `/admin/bookings/manage_booking.php` | High
|
||||
7 | File | `/admin/bookings/view_booking.php` | High
|
||||
8 | File | `/admin/bookings/view_details.php` | High
|
||||
9 | File | `/admin/budget/manage_budget.php` | High
|
||||
10 | File | `/admin/cashadvance_row.php` | High
|
||||
11 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
12 | File | `/admin/deduction_row.php` | High
|
||||
13 | File | `/admin/departments/view_department.php` | High
|
||||
14 | File | `/admin/doctors.php` | High
|
||||
15 | File | `/admin/employee_row.php` | High
|
||||
16 | File | `/admin/index.php` | High
|
||||
17 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
18 | File | `/admin/login.php` | High
|
||||
19 | File | `/admin/maintenance/brand.php` | High
|
||||
20 | File | `/admin/maintenance/manage_category.php` | High
|
||||
21 | File | `/admin/maintenance/view_designation.php` | High
|
||||
22 | File | `/admin/manage_academic.php` | High
|
||||
23 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
24 | File | `/admin/offenses/view_details.php` | High
|
||||
25 | File | `/admin/orders/update_status.php` | High
|
||||
26 | File | `/admin/product/manage.php` | High
|
||||
27 | File | `/admin/products/manage_product.php` | High
|
||||
28 | File | `/admin/products/view_product.php` | High
|
||||
29 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
30 | File | `/admin/report/index.php` | High
|
||||
31 | File | `/admin/sales/manage_sale.php` | High
|
||||
32 | File | `/admin/services/manage_service.php` | High
|
||||
33 | File | `/admin/services/view_service.php` | High
|
||||
34 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
35 | File | `/admin/transactions/track_shipment.php` | High
|
||||
36 | File | `/admin/user/manage_user.php` | High
|
||||
37 | File | `/admin/userprofile.php` | High
|
||||
38 | File | `/ajax/update_certificate` | High
|
||||
39 | File | `/alphaware/details.php` | High
|
||||
40 | File | `/alphaware/summary.php` | High
|
||||
41 | File | `/api/` | Low
|
||||
42 | File | `/api/admin/store/product/list` | High
|
||||
43 | File | `/api/gen/clients/{language}` | High
|
||||
44 | File | `/api/v2/cli/commands` | High
|
||||
45 | File | `/articles/{id}` | High
|
||||
46 | File | `/boafrm/formFilter` | High
|
||||
47 | File | `/boafrm/formHomeWlanSetup` | High
|
||||
48 | File | `/boat/login.php` | High
|
||||
49 | File | `/cgi-bin` | Medium
|
||||
50 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
51 | File | `/cgi-bin/ping.cgi` | High
|
||||
52 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
53 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
54 | File | `/classes/Login.php` | High
|
||||
55 | File | `/classes/Master.php` | High
|
||||
56 | ... | ... | ...
|
||||
11 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
12 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
13 | File | `/admin/deduction_row.php` | High
|
||||
14 | File | `/admin/departments/view_department.php` | High
|
||||
15 | File | `/admin/edit_subject.php` | High
|
||||
16 | File | `/admin/employee_row.php` | High
|
||||
17 | File | `/admin/index.php` | High
|
||||
18 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
19 | File | `/admin/login.php` | High
|
||||
20 | File | `/admin/maintenance/brand.php` | High
|
||||
21 | File | `/admin/maintenance/manage_category.php` | High
|
||||
22 | File | `/admin/maintenance/view_designation.php` | High
|
||||
23 | File | `/admin/manage_academic.php` | High
|
||||
24 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
25 | File | `/admin/modal_add_product.php` | High
|
||||
26 | File | `/admin/offenses/view_details.php` | High
|
||||
27 | File | `/admin/orders/update_status.php` | High
|
||||
28 | File | `/admin/product/manage.php` | High
|
||||
29 | File | `/admin/products/manage_product.php` | High
|
||||
30 | File | `/admin/products/view_product.php` | High
|
||||
31 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
32 | File | `/admin/report/index.php` | High
|
||||
33 | File | `/admin/reportupload.aspx` | High
|
||||
34 | File | `/admin/sales/manage_sale.php` | High
|
||||
35 | File | `/admin/service.php` | High
|
||||
36 | File | `/admin/services/manage_service.php` | High
|
||||
37 | File | `/admin/services/view_service.php` | High
|
||||
38 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
39 | File | `/admin/transactions/track_shipment.php` | High
|
||||
40 | File | `/admin/update_s6.php` | High
|
||||
41 | File | `/admin/user/manage_user.php` | High
|
||||
42 | File | `/admin/userprofile.php` | High
|
||||
43 | File | `/ajax.php?action=read_msg` | High
|
||||
44 | File | `/ajax.php?action=save_company` | High
|
||||
45 | File | `/api/gen/clients/{language}` | High
|
||||
46 | File | `/api/stl/actions/search` | High
|
||||
47 | File | `/api/v2/cli/commands` | High
|
||||
48 | File | `/articles/{id}` | High
|
||||
49 | File | `/boafrm/formFilter` | High
|
||||
50 | File | `/boafrm/formHomeWlanSetup` | High
|
||||
51 | File | `/cgi-bin` | Medium
|
||||
52 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
53 | File | `/cgi-bin/ping.cgi` | High
|
||||
54 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
55 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
56 | File | `/changeimage.php` | High
|
||||
57 | File | `/classes/Login.php` | High
|
||||
58 | ... | ... | ...
|
||||
|
||||
There are 486 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 510 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -60,58 +60,56 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/administrator/components/table_manager/` | High
|
||||
3 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
4 | File | `/api/gen/clients/{language}` | High
|
||||
5 | File | `/app/options.py` | High
|
||||
6 | File | `/bin/httpd` | Medium
|
||||
7 | File | `/cgi-bin/wapopen` | High
|
||||
8 | File | `/ci_spms/admin/category` | High
|
||||
9 | File | `/ci_spms/admin/search/searching/` | High
|
||||
10 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
11 | File | `/classes/Master.php?f=delete_train` | High
|
||||
12 | File | `/cms/print.php` | High
|
||||
13 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
14 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
15 | File | `/ctcprotocol/Protocol` | High
|
||||
16 | File | `/dashboard/menu-list.php` | High
|
||||
17 | File | `/data/remove` | Medium
|
||||
18 | File | `/ebics-server/ebics.aspx` | High
|
||||
19 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
20 | File | `/filemanager/upload/drop` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goforms/rlminfo` | High
|
||||
23 | File | `/HNAP1` | Low
|
||||
24 | File | `/HNAP1/SetClientInfo` | High
|
||||
25 | File | `/index.php/newsletter/subscriber/new/` | High
|
||||
26 | File | `/Items/*/RemoteImages/Download` | High
|
||||
27 | File | `/menu.html` | Medium
|
||||
28 | File | `/mkshop/Men/profile.php` | High
|
||||
29 | File | `/modules/profile/index.php` | High
|
||||
30 | File | `/navigate/navigate_download.php` | High
|
||||
31 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
32 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
33 | File | `/out.php` | Medium
|
||||
34 | File | `/password.html` | High
|
||||
35 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
36 | File | `/proc/ioports` | High
|
||||
37 | File | `/property-list/property_view.php` | High
|
||||
38 | File | `/ptms/classes/Users.php` | High
|
||||
39 | File | `/resources//../` | High
|
||||
40 | File | `/rest/api/2/search` | High
|
||||
41 | File | `/s/` | Low
|
||||
42 | File | `/scripts/cpan_config` | High
|
||||
43 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
|
||||
46 | ... | ... | ...
|
||||
3 | File | `/ajax.php?action=read_msg` | High
|
||||
4 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
5 | File | `/api/gen/clients/{language}` | High
|
||||
6 | File | `/app/options.py` | High
|
||||
7 | File | `/bin/httpd` | Medium
|
||||
8 | File | `/cgi-bin/wapopen` | High
|
||||
9 | File | `/ci_spms/admin/category` | High
|
||||
10 | File | `/ci_spms/admin/search/searching/` | High
|
||||
11 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
12 | File | `/classes/Master.php?f=delete_train` | High
|
||||
13 | File | `/cms/print.php` | High
|
||||
14 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
15 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
16 | File | `/ctcprotocol/Protocol` | High
|
||||
17 | File | `/dashboard/menu-list.php` | High
|
||||
18 | File | `/data/remove` | Medium
|
||||
19 | File | `/ebics-server/ebics.aspx` | High
|
||||
20 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
21 | File | `/filemanager/upload/drop` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goforms/rlminfo` | High
|
||||
24 | File | `/HNAP1` | Low
|
||||
25 | File | `/HNAP1/SetClientInfo` | High
|
||||
26 | File | `/index.php/newsletter/subscriber/new/` | High
|
||||
27 | File | `/Items/*/RemoteImages/Download` | High
|
||||
28 | File | `/menu.html` | Medium
|
||||
29 | File | `/mkshop/Men/profile.php` | High
|
||||
30 | File | `/modules/profile/index.php` | High
|
||||
31 | File | `/navigate/navigate_download.php` | High
|
||||
32 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
33 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
34 | File | `/out.php` | Medium
|
||||
35 | File | `/password.html` | High
|
||||
36 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
37 | File | `/proc/ioports` | High
|
||||
38 | File | `/property-list/property_view.php` | High
|
||||
39 | File | `/ptms/classes/Users.php` | High
|
||||
40 | File | `/resources//../` | High
|
||||
41 | File | `/rest/api/2/search` | High
|
||||
42 | File | `/s/` | Low
|
||||
43 | File | `/scripts/cpan_config` | High
|
||||
44 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 397 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 392 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/eset/malware-ioc/tree/master/backdoordiplomacy
|
||||
* https://www.bitdefender.com/files/News/CaseStudies/study/426/Bitdefender-PR-Whitepaper-BackdoorDiplomacy-creat6507-en-EN.pdf
|
||||
* https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
|
||||
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
# Bad Rabbit - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bad Rabbit](https://vuldb.com/?actor.bad_rabbit). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bad_rabbit](https://vuldb.com/?actor.bad_rabbit)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bad Rabbit:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bad Rabbit.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.149.120.3](https://vuldb.com/?ip.185.149.120.3) | ddos-guard.net | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Bad Rabbit_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bad Rabbit. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/var/log/nginx` | High
|
||||
2 | File | `cgi/config_user.cgi` | High
|
||||
3 | File | `cloudinit/config/cc_set_passwords.py` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -22,147 +22,152 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.56.56.94](https://vuldb.com/?ip.2.56.56.94) | nutos.top | - | High
|
||||
2 | [2.58.149.40](https://vuldb.com/?ip.2.58.149.40) | - | - | High
|
||||
3 | [2.58.149.173](https://vuldb.com/?ip.2.58.149.173) | - | - | High
|
||||
4 | [3.69.60.58](https://vuldb.com/?ip.3.69.60.58) | ec2-3-69-60-58.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
5 | [3.75.95.184](https://vuldb.com/?ip.3.75.95.184) | ec2-3-75-95-184.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
6 | [3.143.112.92](https://vuldb.com/?ip.3.143.112.92) | ec2-3-143-112-92.us-east-2.compute.amazonaws.com | - | Medium
|
||||
7 | [5.2.70.22](https://vuldb.com/?ip.5.2.70.22) | - | - | High
|
||||
8 | [5.2.73.241](https://vuldb.com/?ip.5.2.73.241) | - | - | High
|
||||
9 | [5.154.181.68](https://vuldb.com/?ip.5.154.181.68) | 667477-vds-nisik737.gmhost.pp.ua | - | High
|
||||
10 | [5.181.80.13](https://vuldb.com/?ip.5.181.80.13) | - | - | High
|
||||
11 | [5.181.80.18](https://vuldb.com/?ip.5.181.80.18) | innovproduct.com | - | High
|
||||
12 | [5.181.80.119](https://vuldb.com/?ip.5.181.80.119) | rate-lead.cheapjerseysbrewers.com | - | High
|
||||
13 | [5.181.159.19](https://vuldb.com/?ip.5.181.159.19) | 5-181-159-19.mivocloud.com | - | High
|
||||
14 | [5.181.159.128](https://vuldb.com/?ip.5.181.159.128) | no-rdns.mivocloud.com | - | High
|
||||
15 | [5.182.210.145](https://vuldb.com/?ip.5.182.210.145) | - | - | High
|
||||
16 | [5.188.6.139](https://vuldb.com/?ip.5.188.6.139) | roy9.ren.example.com | - | High
|
||||
17 | [5.189.141.159](https://vuldb.com/?ip.5.189.141.159) | vmi1293024.contaboserver.net | - | High
|
||||
18 | [5.199.169.12](https://vuldb.com/?ip.5.199.169.12) | - | - | High
|
||||
19 | [5.199.169.21](https://vuldb.com/?ip.5.199.169.21) | - | - | High
|
||||
20 | [5.206.227.11](https://vuldb.com/?ip.5.206.227.11) | - | - | High
|
||||
21 | [5.206.227.77](https://vuldb.com/?ip.5.206.227.77) | neptun | - | High
|
||||
22 | [5.206.227.132](https://vuldb.com/?ip.5.206.227.132) | ioweytqwd.423.com | - | High
|
||||
23 | [5.249.162.136](https://vuldb.com/?ip.5.249.162.136) | - | - | High
|
||||
24 | [5.252.199.138](https://vuldb.com/?ip.5.252.199.138) | - | - | High
|
||||
25 | [5.255.98.75](https://vuldb.com/?ip.5.255.98.75) | - | - | High
|
||||
26 | [5.255.101.135](https://vuldb.com/?ip.5.255.101.135) | - | - | High
|
||||
27 | [13.250.126.74](https://vuldb.com/?ip.13.250.126.74) | ec2-13-250-126-74.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
28 | [15.235.131.10](https://vuldb.com/?ip.15.235.131.10) | ip10.ip-15-235-131.net | - | High
|
||||
29 | [20.25.153.134](https://vuldb.com/?ip.20.25.153.134) | - | - | High
|
||||
30 | [20.63.103.150](https://vuldb.com/?ip.20.63.103.150) | - | - | High
|
||||
31 | [23.88.113.7](https://vuldb.com/?ip.23.88.113.7) | static.7.113.88.23.clients.your-server.de | - | High
|
||||
32 | [23.94.7.153](https://vuldb.com/?ip.23.94.7.153) | ac13.xxmails.com | - | High
|
||||
33 | [23.94.7.197](https://vuldb.com/?ip.23.94.7.197) | 23-94-7-197-host.colocrossing.com | - | High
|
||||
34 | [23.94.22.112](https://vuldb.com/?ip.23.94.22.112) | 23-94-22-112-host.colocrossing.com | - | High
|
||||
35 | [23.94.24.109](https://vuldb.com/?ip.23.94.24.109) | 23-94-24-109-host.colocrossing.com | - | High
|
||||
36 | [23.94.26.138](https://vuldb.com/?ip.23.94.26.138) | 23-94-26-138-host.colocrossing.com | - | High
|
||||
37 | [23.94.27.204](https://vuldb.com/?ip.23.94.27.204) | 23-94-27-204-host.colocrossing.com | - | High
|
||||
38 | [23.94.36.134](https://vuldb.com/?ip.23.94.36.134) | 23-94-36-134-host.colocrossing.com | - | High
|
||||
39 | [23.94.77.150](https://vuldb.com/?ip.23.94.77.150) | 23-94-77-150-host.colocrossing.com | - | High
|
||||
40 | [23.94.138.109](https://vuldb.com/?ip.23.94.138.109) | 23-94-138-109-host.colocrossing.com | - | High
|
||||
41 | [23.94.182.29](https://vuldb.com/?ip.23.94.182.29) | 23-94-182-29-host.colocrossing.com | - | High
|
||||
42 | [23.94.190.149](https://vuldb.com/?ip.23.94.190.149) | 23-94-190-149-host.colocrossing.com | - | High
|
||||
43 | [23.94.245.9](https://vuldb.com/?ip.23.94.245.9) | 23-94-245-9-host.colocrossing.com | - | High
|
||||
44 | [23.95.9.231](https://vuldb.com/?ip.23.95.9.231) | 23-95-9-231-host.colocrossing.com | - | High
|
||||
45 | [23.95.213.111](https://vuldb.com/?ip.23.95.213.111) | 23-95-213-111-host.colocrossing.com | - | High
|
||||
46 | [23.95.222.185](https://vuldb.com/?ip.23.95.222.185) | - | - | High
|
||||
47 | [23.95.226.100](https://vuldb.com/?ip.23.95.226.100) | 100-226-tizess.hornbe.sbs | - | High
|
||||
48 | [23.95.230.108](https://vuldb.com/?ip.23.95.230.108) | 108-230-kharoshthi.conessf.cloud | - | High
|
||||
49 | [23.160.192.157](https://vuldb.com/?ip.23.160.192.157) | unknown.ip-xfer.net | - | High
|
||||
50 | [23.160.193.38](https://vuldb.com/?ip.23.160.193.38) | unknown.ip-xfer.net | - | High
|
||||
51 | [23.160.193.99](https://vuldb.com/?ip.23.160.193.99) | unknown.ip-xfer.net | - | High
|
||||
52 | [23.160.193.123](https://vuldb.com/?ip.23.160.193.123) | unknown.ip-xfer.net | - | High
|
||||
53 | [23.224.189.182](https://vuldb.com/?ip.23.224.189.182) | - | - | High
|
||||
54 | [23.225.14.201](https://vuldb.com/?ip.23.225.14.201) | - | - | High
|
||||
55 | [23.225.14.209](https://vuldb.com/?ip.23.225.14.209) | - | - | High
|
||||
56 | [23.227.146.106](https://vuldb.com/?ip.23.227.146.106) | - | - | High
|
||||
57 | [23.227.184.194](https://vuldb.com/?ip.23.227.184.194) | glad.allrico.in | - | High
|
||||
58 | [31.7.62.22](https://vuldb.com/?ip.31.7.62.22) | amaz0nprime.club | - | High
|
||||
59 | [31.42.186.52](https://vuldb.com/?ip.31.42.186.52) | remaintaintinue.com | - | High
|
||||
60 | [31.42.186.77](https://vuldb.com/?ip.31.42.186.77) | itay.org.uk | - | High
|
||||
61 | [31.210.20.60](https://vuldb.com/?ip.31.210.20.60) | - | - | High
|
||||
62 | [31.214.243.29](https://vuldb.com/?ip.31.214.243.29) | - | - | High
|
||||
63 | [31.214.243.99](https://vuldb.com/?ip.31.214.243.99) | - | - | High
|
||||
64 | [31.220.51.145](https://vuldb.com/?ip.31.220.51.145) | - | - | High
|
||||
65 | [31.222.202.229](https://vuldb.com/?ip.31.222.202.229) | - | - | High
|
||||
66 | [34.127.55.77](https://vuldb.com/?ip.34.127.55.77) | 77.55.127.34.bc.googleusercontent.com | - | Medium
|
||||
67 | [35.204.65.246](https://vuldb.com/?ip.35.204.65.246) | 246.65.204.35.bc.googleusercontent.com | - | Medium
|
||||
68 | [37.0.10.182](https://vuldb.com/?ip.37.0.10.182) | - | - | High
|
||||
69 | [37.0.10.210](https://vuldb.com/?ip.37.0.10.210) | - | - | High
|
||||
70 | [37.0.10.214](https://vuldb.com/?ip.37.0.10.214) | - | - | High
|
||||
71 | [37.44.238.172](https://vuldb.com/?ip.37.44.238.172) | ssd2-1227.9023 | - | High
|
||||
72 | [37.44.238.182](https://vuldb.com/?ip.37.44.238.182) | ssd1-2031.9321 | - | High
|
||||
73 | [37.44.238.191](https://vuldb.com/?ip.37.44.238.191) | - | - | High
|
||||
74 | [37.44.238.234](https://vuldb.com/?ip.37.44.238.234) | - | - | High
|
||||
75 | [37.49.229.52](https://vuldb.com/?ip.37.49.229.52) | - | - | High
|
||||
76 | [37.49.230.83](https://vuldb.com/?ip.37.49.230.83) | - | - | High
|
||||
77 | [37.49.230.122](https://vuldb.com/?ip.37.49.230.122) | - | - | High
|
||||
78 | [37.221.65.77](https://vuldb.com/?ip.37.221.65.77) | vivid | - | High
|
||||
79 | [37.221.65.228](https://vuldb.com/?ip.37.221.65.228) | cenmiesteamul1989 | - | High
|
||||
80 | [37.221.92.202](https://vuldb.com/?ip.37.221.92.202) | static-202-37.bulletvm.io | - | High
|
||||
81 | [38.48.123.55](https://vuldb.com/?ip.38.48.123.55) | - | - | High
|
||||
82 | [41.216.182.17](https://vuldb.com/?ip.41.216.182.17) | - | - | High
|
||||
83 | [41.216.182.42](https://vuldb.com/?ip.41.216.182.42) | - | - | High
|
||||
84 | [41.216.182.131](https://vuldb.com/?ip.41.216.182.131) | - | - | High
|
||||
85 | [41.216.182.140](https://vuldb.com/?ip.41.216.182.140) | - | - | High
|
||||
86 | [41.216.182.144](https://vuldb.com/?ip.41.216.182.144) | - | - | High
|
||||
87 | [41.216.182.203](https://vuldb.com/?ip.41.216.182.203) | - | - | High
|
||||
88 | [41.216.182.214](https://vuldb.com/?ip.41.216.182.214) | - | - | High
|
||||
89 | [43.153.37.45](https://vuldb.com/?ip.43.153.37.45) | - | - | High
|
||||
90 | [45.9.168.102](https://vuldb.com/?ip.45.9.168.102) | - | - | High
|
||||
91 | [45.11.181.37](https://vuldb.com/?ip.45.11.181.37) | - | - | High
|
||||
92 | [45.14.226.72](https://vuldb.com/?ip.45.14.226.72) | hml03.pugginesl.info | - | High
|
||||
93 | [45.32.202.111](https://vuldb.com/?ip.45.32.202.111) | 45.32.202.111.vultrusercontent.com | - | High
|
||||
94 | [45.33.63.122](https://vuldb.com/?ip.45.33.63.122) | 45-33-63-122.ip.linodeusercontent.com | - | High
|
||||
95 | [45.56.96.91](https://vuldb.com/?ip.45.56.96.91) | 45-56-96-91.ip.linodeusercontent.com | - | High
|
||||
96 | [45.61.144.146](https://vuldb.com/?ip.45.61.144.146) | - | - | High
|
||||
97 | [45.61.186.4](https://vuldb.com/?ip.45.61.186.4) | - | - | High
|
||||
98 | [45.61.187.108](https://vuldb.com/?ip.45.61.187.108) | sayonara.hp | - | High
|
||||
99 | [45.61.188.118](https://vuldb.com/?ip.45.61.188.118) | ms2.hostwithlove.com | - | High
|
||||
100 | [45.61.188.150](https://vuldb.com/?ip.45.61.188.150) | - | - | High
|
||||
101 | [45.61.188.220](https://vuldb.com/?ip.45.61.188.220) | - | - | High
|
||||
102 | [45.76.253.113](https://vuldb.com/?ip.45.76.253.113) | 45.76.253.113.vultrusercontent.com | - | High
|
||||
103 | [45.77.46.118](https://vuldb.com/?ip.45.77.46.118) | 8.8.8.8.google.com | - | High
|
||||
104 | [45.79.207.123](https://vuldb.com/?ip.45.79.207.123) | se1.izlae.com | - | High
|
||||
105 | [45.81.39.172](https://vuldb.com/?ip.45.81.39.172) | - | - | High
|
||||
106 | [45.85.90.172](https://vuldb.com/?ip.45.85.90.172) | lanenap.sa.com | - | High
|
||||
107 | [45.88.66.177](https://vuldb.com/?ip.45.88.66.177) | - | - | High
|
||||
108 | [45.90.160.173](https://vuldb.com/?ip.45.90.160.173) | - | - | High
|
||||
109 | [45.90.161.92](https://vuldb.com/?ip.45.90.161.92) | - | - | High
|
||||
110 | [45.90.162.184](https://vuldb.com/?ip.45.90.162.184) | - | - | High
|
||||
111 | [45.95.55.54](https://vuldb.com/?ip.45.95.55.54) | flyhosting.de | - | High
|
||||
112 | [45.95.55.232](https://vuldb.com/?ip.45.95.55.232) | flyhosting.de | - | High
|
||||
113 | [45.95.169.115](https://vuldb.com/?ip.45.95.169.115) | - | - | High
|
||||
114 | [45.95.169.119](https://vuldb.com/?ip.45.95.169.119) | 0mrn.hitoritabifans.com | - | High
|
||||
115 | [45.95.169.133](https://vuldb.com/?ip.45.95.169.133) | - | - | High
|
||||
116 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
|
||||
117 | [45.128.153.154](https://vuldb.com/?ip.45.128.153.154) | - | - | High
|
||||
118 | [45.128.232.144](https://vuldb.com/?ip.45.128.232.144) | 144.232.128.45.pfcloud.io | - | High
|
||||
119 | [45.128.234.72](https://vuldb.com/?ip.45.128.234.72) | - | - | High
|
||||
120 | [45.132.88.184](https://vuldb.com/?ip.45.132.88.184) | 45.132.88.184.mc-host24.de | - | High
|
||||
121 | [45.134.10.88](https://vuldb.com/?ip.45.134.10.88) | hosted-by.infraly.co | - | High
|
||||
122 | [45.134.11.110](https://vuldb.com/?ip.45.134.11.110) | mail.knowallthings.com | - | High
|
||||
123 | [45.137.206.188](https://vuldb.com/?ip.45.137.206.188) | hosted-by.varixx.org | - | High
|
||||
124 | [45.140.188.33](https://vuldb.com/?ip.45.140.188.33) | hosted-by.royalehosting.net | - | High
|
||||
125 | [45.140.188.40](https://vuldb.com/?ip.45.140.188.40) | minrow.populatively.com | - | High
|
||||
126 | [45.140.188.109](https://vuldb.com/?ip.45.140.188.109) | hosted-by.royalehosting.net | - | High
|
||||
127 | [45.141.239.114](https://vuldb.com/?ip.45.141.239.114) | - | - | High
|
||||
128 | [45.142.107.167](https://vuldb.com/?ip.45.142.107.167) | tube-hosting.com | - | High
|
||||
129 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
|
||||
130 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
|
||||
131 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
|
||||
132 | [45.148.10.76](https://vuldb.com/?ip.45.148.10.76) | - | - | High
|
||||
133 | [45.148.10.243](https://vuldb.com/?ip.45.148.10.243) | - | - | High
|
||||
134 | [45.148.120.80](https://vuldb.com/?ip.45.148.120.80) | - | - | High
|
||||
135 | [45.148.120.171](https://vuldb.com/?ip.45.148.120.171) | - | - | High
|
||||
136 | [45.148.120.226](https://vuldb.com/?ip.45.148.120.226) | 45-148-120-226.hosted-by.phanes.cloud | - | High
|
||||
137 | [45.148.121.228](https://vuldb.com/?ip.45.148.121.228) | - | - | High
|
||||
138 | [45.148.123.10](https://vuldb.com/?ip.45.148.123.10) | - | - | High
|
||||
139 | [45.148.123.58](https://vuldb.com/?ip.45.148.123.58) | - | - | High
|
||||
140 | ... | ... | ... | ...
|
||||
2 | [2.57.122.117](https://vuldb.com/?ip.2.57.122.117) | - | - | High
|
||||
3 | [2.58.149.40](https://vuldb.com/?ip.2.58.149.40) | - | - | High
|
||||
4 | [2.58.149.173](https://vuldb.com/?ip.2.58.149.173) | - | - | High
|
||||
5 | [3.69.60.58](https://vuldb.com/?ip.3.69.60.58) | ec2-3-69-60-58.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
6 | [3.75.95.184](https://vuldb.com/?ip.3.75.95.184) | ec2-3-75-95-184.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
7 | [3.143.112.92](https://vuldb.com/?ip.3.143.112.92) | ec2-3-143-112-92.us-east-2.compute.amazonaws.com | - | Medium
|
||||
8 | [5.2.70.22](https://vuldb.com/?ip.5.2.70.22) | - | - | High
|
||||
9 | [5.2.73.241](https://vuldb.com/?ip.5.2.73.241) | - | - | High
|
||||
10 | [5.154.181.68](https://vuldb.com/?ip.5.154.181.68) | 667477-vds-nisik737.gmhost.pp.ua | - | High
|
||||
11 | [5.181.80.13](https://vuldb.com/?ip.5.181.80.13) | - | - | High
|
||||
12 | [5.181.80.18](https://vuldb.com/?ip.5.181.80.18) | innovproduct.com | - | High
|
||||
13 | [5.181.80.119](https://vuldb.com/?ip.5.181.80.119) | rate-lead.cheapjerseysbrewers.com | - | High
|
||||
14 | [5.181.80.188](https://vuldb.com/?ip.5.181.80.188) | lewis.autoshowvolvo.com | - | High
|
||||
15 | [5.181.159.19](https://vuldb.com/?ip.5.181.159.19) | 5-181-159-19.mivocloud.com | - | High
|
||||
16 | [5.181.159.128](https://vuldb.com/?ip.5.181.159.128) | no-rdns.mivocloud.com | - | High
|
||||
17 | [5.182.210.145](https://vuldb.com/?ip.5.182.210.145) | - | - | High
|
||||
18 | [5.188.6.139](https://vuldb.com/?ip.5.188.6.139) | roy9.ren.example.com | - | High
|
||||
19 | [5.189.141.159](https://vuldb.com/?ip.5.189.141.159) | vmi1293024.contaboserver.net | - | High
|
||||
20 | [5.199.169.12](https://vuldb.com/?ip.5.199.169.12) | - | - | High
|
||||
21 | [5.199.169.21](https://vuldb.com/?ip.5.199.169.21) | - | - | High
|
||||
22 | [5.206.227.11](https://vuldb.com/?ip.5.206.227.11) | - | - | High
|
||||
23 | [5.206.227.77](https://vuldb.com/?ip.5.206.227.77) | neptun | - | High
|
||||
24 | [5.206.227.132](https://vuldb.com/?ip.5.206.227.132) | ioweytqwd.423.com | - | High
|
||||
25 | [5.249.162.136](https://vuldb.com/?ip.5.249.162.136) | - | - | High
|
||||
26 | [5.252.199.138](https://vuldb.com/?ip.5.252.199.138) | - | - | High
|
||||
27 | [5.255.98.75](https://vuldb.com/?ip.5.255.98.75) | - | - | High
|
||||
28 | [5.255.101.135](https://vuldb.com/?ip.5.255.101.135) | - | - | High
|
||||
29 | [13.250.126.74](https://vuldb.com/?ip.13.250.126.74) | ec2-13-250-126-74.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
30 | [15.204.49.165](https://vuldb.com/?ip.15.204.49.165) | ip165.ip-15-204-49.us | - | High
|
||||
31 | [15.235.131.10](https://vuldb.com/?ip.15.235.131.10) | ip10.ip-15-235-131.net | - | High
|
||||
32 | [20.25.153.134](https://vuldb.com/?ip.20.25.153.134) | - | - | High
|
||||
33 | [20.63.103.150](https://vuldb.com/?ip.20.63.103.150) | - | - | High
|
||||
34 | [23.88.113.7](https://vuldb.com/?ip.23.88.113.7) | static.7.113.88.23.clients.your-server.de | - | High
|
||||
35 | [23.94.7.153](https://vuldb.com/?ip.23.94.7.153) | ac13.xxmails.com | - | High
|
||||
36 | [23.94.7.197](https://vuldb.com/?ip.23.94.7.197) | 23-94-7-197-host.colocrossing.com | - | High
|
||||
37 | [23.94.22.112](https://vuldb.com/?ip.23.94.22.112) | 23-94-22-112-host.colocrossing.com | - | High
|
||||
38 | [23.94.24.109](https://vuldb.com/?ip.23.94.24.109) | 23-94-24-109-host.colocrossing.com | - | High
|
||||
39 | [23.94.26.138](https://vuldb.com/?ip.23.94.26.138) | 23-94-26-138-host.colocrossing.com | - | High
|
||||
40 | [23.94.27.204](https://vuldb.com/?ip.23.94.27.204) | 23-94-27-204-host.colocrossing.com | - | High
|
||||
41 | [23.94.36.134](https://vuldb.com/?ip.23.94.36.134) | 23-94-36-134-host.colocrossing.com | - | High
|
||||
42 | [23.94.77.150](https://vuldb.com/?ip.23.94.77.150) | 23-94-77-150-host.colocrossing.com | - | High
|
||||
43 | [23.94.138.109](https://vuldb.com/?ip.23.94.138.109) | 23-94-138-109-host.colocrossing.com | - | High
|
||||
44 | [23.94.182.29](https://vuldb.com/?ip.23.94.182.29) | 23-94-182-29-host.colocrossing.com | - | High
|
||||
45 | [23.94.190.149](https://vuldb.com/?ip.23.94.190.149) | 23-94-190-149-host.colocrossing.com | - | High
|
||||
46 | [23.94.245.9](https://vuldb.com/?ip.23.94.245.9) | 23-94-245-9-host.colocrossing.com | - | High
|
||||
47 | [23.95.9.231](https://vuldb.com/?ip.23.95.9.231) | 23-95-9-231-host.colocrossing.com | - | High
|
||||
48 | [23.95.213.111](https://vuldb.com/?ip.23.95.213.111) | 23-95-213-111-host.colocrossing.com | - | High
|
||||
49 | [23.95.222.185](https://vuldb.com/?ip.23.95.222.185) | - | - | High
|
||||
50 | [23.95.226.100](https://vuldb.com/?ip.23.95.226.100) | 100-226-tizess.hornbe.sbs | - | High
|
||||
51 | [23.95.230.108](https://vuldb.com/?ip.23.95.230.108) | 108-230-kharoshthi.conessf.cloud | - | High
|
||||
52 | [23.160.192.157](https://vuldb.com/?ip.23.160.192.157) | unknown.ip-xfer.net | - | High
|
||||
53 | [23.160.193.38](https://vuldb.com/?ip.23.160.193.38) | unknown.ip-xfer.net | - | High
|
||||
54 | [23.160.193.99](https://vuldb.com/?ip.23.160.193.99) | unknown.ip-xfer.net | - | High
|
||||
55 | [23.160.193.123](https://vuldb.com/?ip.23.160.193.123) | unknown.ip-xfer.net | - | High
|
||||
56 | [23.224.189.182](https://vuldb.com/?ip.23.224.189.182) | - | - | High
|
||||
57 | [23.225.14.201](https://vuldb.com/?ip.23.225.14.201) | - | - | High
|
||||
58 | [23.225.14.209](https://vuldb.com/?ip.23.225.14.209) | - | - | High
|
||||
59 | [23.227.146.106](https://vuldb.com/?ip.23.227.146.106) | - | - | High
|
||||
60 | [23.227.184.194](https://vuldb.com/?ip.23.227.184.194) | glad.allrico.in | - | High
|
||||
61 | [31.7.62.22](https://vuldb.com/?ip.31.7.62.22) | amaz0nprime.club | - | High
|
||||
62 | [31.42.186.52](https://vuldb.com/?ip.31.42.186.52) | remaintaintinue.com | - | High
|
||||
63 | [31.42.186.77](https://vuldb.com/?ip.31.42.186.77) | itay.org.uk | - | High
|
||||
64 | [31.210.20.60](https://vuldb.com/?ip.31.210.20.60) | - | - | High
|
||||
65 | [31.214.243.29](https://vuldb.com/?ip.31.214.243.29) | - | - | High
|
||||
66 | [31.214.243.99](https://vuldb.com/?ip.31.214.243.99) | - | - | High
|
||||
67 | [31.220.51.145](https://vuldb.com/?ip.31.220.51.145) | - | - | High
|
||||
68 | [31.222.202.229](https://vuldb.com/?ip.31.222.202.229) | - | - | High
|
||||
69 | [34.127.55.77](https://vuldb.com/?ip.34.127.55.77) | 77.55.127.34.bc.googleusercontent.com | - | Medium
|
||||
70 | [35.204.65.246](https://vuldb.com/?ip.35.204.65.246) | 246.65.204.35.bc.googleusercontent.com | - | Medium
|
||||
71 | [37.0.10.182](https://vuldb.com/?ip.37.0.10.182) | - | - | High
|
||||
72 | [37.0.10.210](https://vuldb.com/?ip.37.0.10.210) | - | - | High
|
||||
73 | [37.0.10.214](https://vuldb.com/?ip.37.0.10.214) | - | - | High
|
||||
74 | [37.44.238.172](https://vuldb.com/?ip.37.44.238.172) | ssd2-1227.9023 | - | High
|
||||
75 | [37.44.238.182](https://vuldb.com/?ip.37.44.238.182) | ssd1-2031.9321 | - | High
|
||||
76 | [37.44.238.191](https://vuldb.com/?ip.37.44.238.191) | - | - | High
|
||||
77 | [37.44.238.234](https://vuldb.com/?ip.37.44.238.234) | - | - | High
|
||||
78 | [37.49.229.52](https://vuldb.com/?ip.37.49.229.52) | - | - | High
|
||||
79 | [37.49.230.83](https://vuldb.com/?ip.37.49.230.83) | - | - | High
|
||||
80 | [37.49.230.122](https://vuldb.com/?ip.37.49.230.122) | - | - | High
|
||||
81 | [37.221.65.77](https://vuldb.com/?ip.37.221.65.77) | vivid | - | High
|
||||
82 | [37.221.65.228](https://vuldb.com/?ip.37.221.65.228) | cenmiesteamul1989 | - | High
|
||||
83 | [37.221.92.202](https://vuldb.com/?ip.37.221.92.202) | static-202-37.bulletvm.io | - | High
|
||||
84 | [38.48.123.55](https://vuldb.com/?ip.38.48.123.55) | - | - | High
|
||||
85 | [41.216.182.17](https://vuldb.com/?ip.41.216.182.17) | - | - | High
|
||||
86 | [41.216.182.42](https://vuldb.com/?ip.41.216.182.42) | - | - | High
|
||||
87 | [41.216.182.131](https://vuldb.com/?ip.41.216.182.131) | - | - | High
|
||||
88 | [41.216.182.140](https://vuldb.com/?ip.41.216.182.140) | - | - | High
|
||||
89 | [41.216.182.144](https://vuldb.com/?ip.41.216.182.144) | - | - | High
|
||||
90 | [41.216.182.203](https://vuldb.com/?ip.41.216.182.203) | - | - | High
|
||||
91 | [41.216.182.214](https://vuldb.com/?ip.41.216.182.214) | - | - | High
|
||||
92 | [43.153.37.45](https://vuldb.com/?ip.43.153.37.45) | - | - | High
|
||||
93 | [45.9.168.102](https://vuldb.com/?ip.45.9.168.102) | - | - | High
|
||||
94 | [45.11.181.37](https://vuldb.com/?ip.45.11.181.37) | - | - | High
|
||||
95 | [45.14.226.72](https://vuldb.com/?ip.45.14.226.72) | hml03.pugginesl.info | - | High
|
||||
96 | [45.32.202.111](https://vuldb.com/?ip.45.32.202.111) | 45.32.202.111.vultrusercontent.com | - | High
|
||||
97 | [45.33.63.122](https://vuldb.com/?ip.45.33.63.122) | 45-33-63-122.ip.linodeusercontent.com | - | High
|
||||
98 | [45.56.96.91](https://vuldb.com/?ip.45.56.96.91) | 45-56-96-91.ip.linodeusercontent.com | - | High
|
||||
99 | [45.61.144.146](https://vuldb.com/?ip.45.61.144.146) | - | - | High
|
||||
100 | [45.61.186.4](https://vuldb.com/?ip.45.61.186.4) | - | - | High
|
||||
101 | [45.61.187.108](https://vuldb.com/?ip.45.61.187.108) | sayonara.hp | - | High
|
||||
102 | [45.61.188.118](https://vuldb.com/?ip.45.61.188.118) | ms2.hostwithlove.com | - | High
|
||||
103 | [45.61.188.150](https://vuldb.com/?ip.45.61.188.150) | - | - | High
|
||||
104 | [45.61.188.220](https://vuldb.com/?ip.45.61.188.220) | - | - | High
|
||||
105 | [45.66.230.173](https://vuldb.com/?ip.45.66.230.173) | - | - | High
|
||||
106 | [45.76.253.113](https://vuldb.com/?ip.45.76.253.113) | 45.76.253.113.vultrusercontent.com | - | High
|
||||
107 | [45.77.46.118](https://vuldb.com/?ip.45.77.46.118) | 8.8.8.8.google.com | - | High
|
||||
108 | [45.79.127.90](https://vuldb.com/?ip.45.79.127.90) | 45-79-127-90.ip.linodeusercontent.com | - | High
|
||||
109 | [45.79.207.123](https://vuldb.com/?ip.45.79.207.123) | se1.izlae.com | - | High
|
||||
110 | [45.81.39.172](https://vuldb.com/?ip.45.81.39.172) | - | - | High
|
||||
111 | [45.85.90.172](https://vuldb.com/?ip.45.85.90.172) | lanenap.sa.com | - | High
|
||||
112 | [45.88.66.177](https://vuldb.com/?ip.45.88.66.177) | - | - | High
|
||||
113 | [45.90.14.172](https://vuldb.com/?ip.45.90.14.172) | chivalrous.acquiretm.com | - | High
|
||||
114 | [45.90.160.173](https://vuldb.com/?ip.45.90.160.173) | - | - | High
|
||||
115 | [45.90.161.73](https://vuldb.com/?ip.45.90.161.73) | - | - | High
|
||||
116 | [45.90.161.92](https://vuldb.com/?ip.45.90.161.92) | - | - | High
|
||||
117 | [45.90.162.184](https://vuldb.com/?ip.45.90.162.184) | - | - | High
|
||||
118 | [45.95.55.54](https://vuldb.com/?ip.45.95.55.54) | flyhosting.de | - | High
|
||||
119 | [45.95.55.232](https://vuldb.com/?ip.45.95.55.232) | flyhosting.de | - | High
|
||||
120 | [45.95.169.115](https://vuldb.com/?ip.45.95.169.115) | - | - | High
|
||||
121 | [45.95.169.119](https://vuldb.com/?ip.45.95.169.119) | 0mrn.hitoritabifans.com | - | High
|
||||
122 | [45.95.169.133](https://vuldb.com/?ip.45.95.169.133) | - | - | High
|
||||
123 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
|
||||
124 | [45.128.153.154](https://vuldb.com/?ip.45.128.153.154) | - | - | High
|
||||
125 | [45.128.232.144](https://vuldb.com/?ip.45.128.232.144) | 144.232.128.45.pfcloud.io | - | High
|
||||
126 | [45.128.234.72](https://vuldb.com/?ip.45.128.234.72) | - | - | High
|
||||
127 | [45.132.88.184](https://vuldb.com/?ip.45.132.88.184) | 45.132.88.184.mc-host24.de | - | High
|
||||
128 | [45.134.10.88](https://vuldb.com/?ip.45.134.10.88) | hosted-by.infraly.co | - | High
|
||||
129 | [45.134.11.110](https://vuldb.com/?ip.45.134.11.110) | mail.knowallthings.com | - | High
|
||||
130 | [45.137.206.188](https://vuldb.com/?ip.45.137.206.188) | hosted-by.varixx.org | - | High
|
||||
131 | [45.140.188.33](https://vuldb.com/?ip.45.140.188.33) | hosted-by.royalehosting.net | - | High
|
||||
132 | [45.140.188.40](https://vuldb.com/?ip.45.140.188.40) | minrow.populatively.com | - | High
|
||||
133 | [45.140.188.109](https://vuldb.com/?ip.45.140.188.109) | hosted-by.royalehosting.net | - | High
|
||||
134 | [45.141.239.114](https://vuldb.com/?ip.45.141.239.114) | - | - | High
|
||||
135 | [45.142.107.167](https://vuldb.com/?ip.45.142.107.167) | tube-hosting.com | - | High
|
||||
136 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
|
||||
137 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
|
||||
138 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
|
||||
139 | [45.148.10.76](https://vuldb.com/?ip.45.148.10.76) | - | - | High
|
||||
140 | [45.148.10.243](https://vuldb.com/?ip.45.148.10.243) | - | - | High
|
||||
141 | [45.148.120.80](https://vuldb.com/?ip.45.148.120.80) | - | - | High
|
||||
142 | [45.148.120.171](https://vuldb.com/?ip.45.148.120.171) | - | - | High
|
||||
143 | [45.148.120.226](https://vuldb.com/?ip.45.148.120.226) | 45-148-120-226.hosted-by.phanes.cloud | - | High
|
||||
144 | [45.148.121.228](https://vuldb.com/?ip.45.148.121.228) | - | - | High
|
||||
145 | ... | ... | ... | ...
|
||||
|
||||
There are 557 more IOC items available. Please use our online service to access the data.
|
||||
There are 574 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -177,7 +182,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -185,53 +190,55 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/admin/user/manage_user.php` | High
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/doctors.php` | High
|
||||
6 | File | `/admin/user/manage_user.php` | High
|
||||
7 | File | `/admin/userprofile.php` | High
|
||||
8 | File | `/ajax.php?action=read_msg` | High
|
||||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/gen/clients/{language}` | High
|
||||
13 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
14 | File | `/api/stl/actions/search` | High
|
||||
15 | File | `/api/sys_username_passwd.cmd` | High
|
||||
16 | File | `/api/v2/cli/commands` | High
|
||||
17 | File | `/apply.cgi` | Medium
|
||||
18 | File | `/attachments` | Medium
|
||||
19 | File | `/boat/login.php` | High
|
||||
20 | File | `/bsms_ci/index.php/book` | High
|
||||
21 | File | `/cgi-bin` | Medium
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
24 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
25 | File | `/ctcprotocol/Protocol` | High
|
||||
26 | File | `/debug/pprof` | Medium
|
||||
27 | File | `/ebics-server/ebics.aspx` | High
|
||||
28 | File | `/etc/hosts` | Medium
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/goform/wizard_end` | High
|
||||
13 | File | `/api/stl/actions/search` | High
|
||||
14 | File | `/api/v2/cli/commands` | High
|
||||
15 | File | `/apply.cgi` | Medium
|
||||
16 | File | `/boat/login.php` | High
|
||||
17 | File | `/bsms_ci/index.php/book` | High
|
||||
18 | File | `/cgi-bin` | Medium
|
||||
19 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
20 | File | `/College/admin/teacher.php` | High
|
||||
21 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
22 | File | `/ctcprotocol/Protocol` | High
|
||||
23 | File | `/dcim/rack-roles/` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/ebics-server/ebics.aspx` | High
|
||||
26 | File | `/env` | Low
|
||||
27 | File | `/etc/hosts` | Medium
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/goform/aspForm` | High
|
||||
30 | File | `/goform/delAd` | High
|
||||
31 | File | `/HNAP1` | Low
|
||||
32 | File | `/HNAP1/SetClientInfo` | High
|
||||
33 | File | `/medicines/profile.php` | High
|
||||
34 | File | `/menu.html` | Medium
|
||||
35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
36 | File | `/modules/profile/index.php` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/requests.php` | High
|
||||
41 | File | `/reservation/add_message.php` | High
|
||||
42 | File | `/resources//../` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
|
||||
45 | ... | ... | ...
|
||||
33 | File | `/inc/topBarNav.php` | High
|
||||
34 | File | `/kelas/data` | Medium
|
||||
35 | File | `/medicines/profile.php` | High
|
||||
36 | File | `/menu.html` | Medium
|
||||
37 | File | `/modules/profile/index.php` | High
|
||||
38 | File | `/Moosikay/order.php` | High
|
||||
39 | File | `/reservation/add_message.php` | High
|
||||
40 | File | `/resources//../` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
|
||||
43 | File | `/sys/dict/queryTableData` | High
|
||||
44 | File | `/tmp` | Low
|
||||
45 | File | `/user/updatePwd` | High
|
||||
46 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 405 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -255,6 +262,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/01f5a2fa92b15cbd4946b022896756898dfde3cd703346ac2ae5515e81ac8628/
|
||||
* https://bazaar.abuse.ch/sample/012886c5dcd11b91edc190134a04c03420066a347f73716fb4b52315861b15b8/
|
||||
* https://bazaar.abuse.ch/sample/014767c5f79964e88e30ef7b062520f9c726fd6a7e0e1bc196d0af6e7765004e/
|
||||
* https://bazaar.abuse.ch/sample/025abb54e3a396927219650f041123edb96132bd854221bd3922a656ba2c8bb7/
|
||||
* https://bazaar.abuse.ch/sample/042d6c47e8035d85d17c315e5586ffd86d13b3e3f872d3cb4ecd13f9f12546aa/
|
||||
* https://bazaar.abuse.ch/sample/0429928ede5a26392b28068f5ec2d0bc4c73f7347ac3536676a50546b05a7ed2/
|
||||
* https://bazaar.abuse.ch/sample/043e481109ec7d14fdf465daba8a008a75536fea0ba5f6b9503121bc3c10dbdd/
|
||||
* https://bazaar.abuse.ch/sample/0464ee1e592ba309ccfcbef4b7e543dc2e699742340cdff43f9e7026cb311475/
|
||||
|
@ -355,11 +364,13 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/8abd98e70f8f07c391d8d54587fe088aada94a5544bde1c4313671e1222c8110/
|
||||
* https://bazaar.abuse.ch/sample/8b9ae45f6e43d11ff3dd540e6d8c64c8ffc23f5df652212652359ed229fde0a8/
|
||||
* https://bazaar.abuse.ch/sample/8baa61d17f084601d9b4014c73c391ab6a893f46d076e9e5d55a55991d94b057/
|
||||
* https://bazaar.abuse.ch/sample/8c0e1b9faeacac7b923f6f907f740c8b65d31c22248b3a765775809fc23002b5/
|
||||
* https://bazaar.abuse.ch/sample/8c55851ca920533baf36b529bc0dde320630234f9e2f10395be7c4262e03d3b6/
|
||||
* https://bazaar.abuse.ch/sample/8ce82806ab6b604dca17051bf30d96f6ddd8c09067ad0dcb3abf0b4587566584/
|
||||
* https://bazaar.abuse.ch/sample/8d11aac643d27f90e7e53b84fdad477d6514c039cde8a00ef08a5e709576630b/
|
||||
* https://bazaar.abuse.ch/sample/8eeb01b0963485edba1736a7a03f41b88c11ee9c5a70a2c761156e7f1381b9cd/
|
||||
* https://bazaar.abuse.ch/sample/8f6a2c5d17f924af5435f1d6c42d7af0cbf208fc0296184f1e95e79125cd6e17/
|
||||
* https://bazaar.abuse.ch/sample/8f24d9c22274b4ecfc02d537ba92f4337d94661586177b8222570e081beb3725/
|
||||
* https://bazaar.abuse.ch/sample/9a15be7c12fa6ae4a380bada990ab3024d55ec0c1e9fcf6935f18969a085ea6e/
|
||||
* https://bazaar.abuse.ch/sample/9a16268c0e9fe89697c55cda80b2f09e9ba6a03ecf456daa07ddb89bef6eef5f/
|
||||
* https://bazaar.abuse.ch/sample/9ab929ac75e5c3627fd537aeb34d137b246129e5fad1158d845e4021ce6bb3e1/
|
||||
|
@ -377,6 +388,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/9f6826c8582e9a6d8995b5a530e61f490235c70b865f0f800d83c6ee95365988/
|
||||
* https://bazaar.abuse.ch/sample/13d4c09e4c4528b62e0a37fe11438f0c82e1a730bac1b2982d65d39172473fcf/
|
||||
* https://bazaar.abuse.ch/sample/14d2209984ec4a688c2ea085feaa817bde27d4604aeb4ee607bf0fe43fe7b04e/
|
||||
* https://bazaar.abuse.ch/sample/15c5279d2fd33c5e7f0ef6991fcc5d2322c1c2461472d5c83e1215aec27f0218/
|
||||
* https://bazaar.abuse.ch/sample/16de867d548b31900a96c03bb6b3d0efce7dcdd6a5b1c627e683e671d409542a/
|
||||
* https://bazaar.abuse.ch/sample/16ebf3a10dc532d6499a715868a290306cb5eb715ffe24e32b688507798e54a6/
|
||||
* https://bazaar.abuse.ch/sample/19f00143f89a13f1671dd3ca95b4f0de81fd87de1779a043758740cbdb801cd6/
|
||||
|
@ -398,6 +410,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/42f7733efb9299efd82c35a95c0de1e5cf1726e057852500851179d7eb86464e/
|
||||
* https://bazaar.abuse.ch/sample/44ad731ef5a135e92aba3d295b56cf9ddaeef3adc2b83d8c68af84a0479cce98/
|
||||
* https://bazaar.abuse.ch/sample/44d061191bb6feb5a925bf88f29ac1a77fe998e6871f07073751a170e649a2c8/
|
||||
* https://bazaar.abuse.ch/sample/44e874ef748ca3398444659e87c76b6203bd0dd0ef889a2cb086bb78ab396b2f/
|
||||
* https://bazaar.abuse.ch/sample/44ea7deb3fb907d1cd986529bf026f3b4d1676ad3a4c9ce5fa99288272bdd134/
|
||||
* https://bazaar.abuse.ch/sample/46ddac8d35ba120b36bf677dbd54168a8d45432798790d5587d0130ef87dd7d6/
|
||||
* https://bazaar.abuse.ch/sample/50a25384aff2ccee0bec3954cca6437b5bdff7c8d65a7c8e96b2a10be280fe67/
|
||||
|
@ -425,6 +438,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/73fcfb03ad89a105e1210f2b32cf4a38ceaa09beac6fdb9b9202c4a66297f83b/
|
||||
* https://bazaar.abuse.ch/sample/74eed23bbd2e04b2694386cddedf8b4f0e7334c9be2bff9c9a40aeb28806275f/
|
||||
* https://bazaar.abuse.ch/sample/80d7d535edefb1846919e96ba320a18734f93e28c9a564575fc5cf5f6a828243/
|
||||
* https://bazaar.abuse.ch/sample/81fe27c667b45e07653d6c9d98ec43651f60308da6c3e5fecc101dcf88eb6a4f/
|
||||
* https://bazaar.abuse.ch/sample/82b7ed7f2c99fbf16918ffa62eddd2e75613fd6c4f7652541161c326238f91f7/
|
||||
* https://bazaar.abuse.ch/sample/85c315d10debcab5e66e738d801245ce16f12b3d01861429e0d8499e2a0c872f/
|
||||
* https://bazaar.abuse.ch/sample/85cf1750e7db631650ce6dbf4ed883074dfb96497e714e38912cee0e0307517f/
|
||||
|
@ -460,6 +474,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/399b9f44795e44ad320b7a6a7a8248f323a707bcecdf0ef2f2b469f4317d5543/
|
||||
* https://bazaar.abuse.ch/sample/409c05edafcce77fc3b63621258a37b4d8722cfcc99d4a8f20b0a7fb89d0186a/
|
||||
* https://bazaar.abuse.ch/sample/409c7de58028290499129af1e7963351dc88eccf0b37b7ab4f382a88021aecda/
|
||||
* https://bazaar.abuse.ch/sample/454cad0234e9989c9996128856ce6ef8400760dff35a2945d511acb1344ffc90/
|
||||
* https://bazaar.abuse.ch/sample/457d4f916d51596a347041fab667502237d2a95ba1da20bb64731edc6f7475d5/
|
||||
* https://bazaar.abuse.ch/sample/498e42bf4073c9682d4427d237009166f703893e4ec756d75b05194fb0463af7/
|
||||
* https://bazaar.abuse.ch/sample/521cc5404a70afcfcdb43a4a8e66b4761514d8303df2e9395732c417073b9ef2/
|
||||
|
@ -492,6 +507,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/3393ebd016d931844f5fecfb5dca819778730a1c0c00caa576228eb8b47d9ce8/
|
||||
* https://bazaar.abuse.ch/sample/3441b0320fe7ff51f243a71250ec19502a2a2cc7d4ca41247483c791be61d1f1/
|
||||
* https://bazaar.abuse.ch/sample/3952dcd10ea2f2a8ae7d5d270f780501029371b8ae89d59e56d8232678be5091/
|
||||
* https://bazaar.abuse.ch/sample/4104f74e940338379deac6fa0bff564e01a16b0a792ccf6ec39ee880ccad298e/
|
||||
* https://bazaar.abuse.ch/sample/4494a9852237a3f8fb52c7ffe3575b8b04bdf96796fd246ce5483fa87caed08d/
|
||||
* https://bazaar.abuse.ch/sample/4859b7ede05ad13c187ded9fa899d2822c666b328f9725558f13790f1f13e50c/
|
||||
* https://bazaar.abuse.ch/sample/4987b2d6a220ede7286c8b1d0b34f0641bfd233d0d863eb656077b7b9148b55b/
|
||||
|
@ -635,10 +651,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/c54203083169b7b2eaa8402a73c44c8db6d970a500e15fb94cc0393f5cfbd54f/
|
||||
* https://bazaar.abuse.ch/sample/ca03a919da50246c8d681c9a9bcf43b9f54be415027422025ed55244232943df/
|
||||
* https://bazaar.abuse.ch/sample/cb1f968f4520d9d63b472a1b8dea3c96c2b4918d0c18933772f0a76c6d622ba7/
|
||||
* https://bazaar.abuse.ch/sample/cb56d30869585ae0951c322a5fc6b747dede60e49e647744ed5eff66e87f3379/
|
||||
* https://bazaar.abuse.ch/sample/cc4479b28097895c93fd3649afd5072761268cd09baafb41d1fa5050f0fad910/
|
||||
* https://bazaar.abuse.ch/sample/ccc88c66491dd6abef0277d61a8bc777bfe6a897c6940435de285ebee03f1196/
|
||||
* https://bazaar.abuse.ch/sample/cd3c85bc861db67dbfc985812350d37a85826f15f5f72d6e7cbf54be237a84d6/
|
||||
* https://bazaar.abuse.ch/sample/cd7f708c7708787fdffbfac30e8a3116daf37748d2217cca159a40e0fa3ebe10/
|
||||
* https://bazaar.abuse.ch/sample/cd293f409d06aba7ca4d8daa8ebb043b28d13fc898e71db27a9be80c2e87529a/
|
||||
* https://bazaar.abuse.ch/sample/cd19984ad0bb7e6ceaafcde2e150a0754091ed19ae357db28803b653610b40f4/
|
||||
* https://bazaar.abuse.ch/sample/cdf8dbe78311b3d2d027bffb602e105398ec83f899ddfdc4e6c0ee70b3cd2118/
|
||||
* https://bazaar.abuse.ch/sample/cdf16795ec6ea3857851ece799fbe687e0b646a3f555ebd34199a64500b705eb/
|
||||
|
@ -671,6 +689,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/dc30e6500ebcf937a237d027acdd40c2dd68741b4f40a9523196ee82eb13e3c3/
|
||||
* https://bazaar.abuse.ch/sample/dcc99ae051b251c1bcff9cdaa7cc3accc2e80f8131959f5631b0c5c3a8800b32/
|
||||
* https://bazaar.abuse.ch/sample/dd9d16f672cc1cf0023a154a5142c077946e76799aef7b292a05f623b6d2a300/
|
||||
* https://bazaar.abuse.ch/sample/ddcd6597887d10885d055ab2c0693d1a089f1ae546c547ba0a467a3e7c355b9c/
|
||||
* https://bazaar.abuse.ch/sample/df87aa5b1c59a1e4efbc9c294433e44441a4d770213abb7626eede01b2acee88/
|
||||
* https://bazaar.abuse.ch/sample/df282dc8473ef5d4d872f62d72da72471dd0bdce8b71c428197f74d86bcb329f/
|
||||
* https://bazaar.abuse.ch/sample/df6855b5e0c6add516d3ca7a3c848e71ad6296709e4ccbc9bd3b6b76729c7158/
|
||||
|
@ -707,6 +726,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/f0479dda24538651043306bfdc8dfb0e016ad457944d54d8952a69cabb261cb0/
|
||||
* https://bazaar.abuse.ch/sample/f4c9bff4713ab599f795c5da87e9b681a627c60dd196ca5e32ff28afc7381915/
|
||||
* https://bazaar.abuse.ch/sample/f7a2abbfd146528c5de8cd1986581d0e163a802820d76b927d22cbb8e9f492c9/
|
||||
* https://bazaar.abuse.ch/sample/f9b4d0aa926b74ddd408433a30f19376b5d8844d011eb832ef8abb4fde8d1015/
|
||||
* https://bazaar.abuse.ch/sample/f10edcdb6065a39ba6190227fce7cf6f5349e41e9e4f73fe07312e763ca58067/
|
||||
* https://bazaar.abuse.ch/sample/f18c841d054a80f66cb93b7152746f85f7640f8e2d9514d4f994f0036ff517ec/
|
||||
* https://bazaar.abuse.ch/sample/f44fd297fbb5db0d50699a82e902cbafbad66a585e52bf8c0377038964b1d74b/
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,152 +21,152 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.2.67.108](https://vuldb.com/?ip.5.2.67.108) | - | - | High
|
||||
2 | [5.2.70.80](https://vuldb.com/?ip.5.2.70.80) | - | - | High
|
||||
3 | [5.2.78.37](https://vuldb.com/?ip.5.2.78.37) | - | - | High
|
||||
4 | [5.34.179.33](https://vuldb.com/?ip.5.34.179.33) | - | - | High
|
||||
5 | [5.39.63.98](https://vuldb.com/?ip.5.39.63.98) | - | - | High
|
||||
6 | [5.39.63.103](https://vuldb.com/?ip.5.39.63.103) | - | - | High
|
||||
7 | [5.135.255.247](https://vuldb.com/?ip.5.135.255.247) | - | - | High
|
||||
8 | [5.181.80.16](https://vuldb.com/?ip.5.181.80.16) | ip-80-16-bullethost.net | - | High
|
||||
9 | [5.181.80.22](https://vuldb.com/?ip.5.181.80.22) | zara.net | - | High
|
||||
10 | [5.181.80.108](https://vuldb.com/?ip.5.181.80.108) | ip-80-108-bullethost.net | - | High
|
||||
11 | [5.181.80.141](https://vuldb.com/?ip.5.181.80.141) | - | - | High
|
||||
12 | [5.181.80.166](https://vuldb.com/?ip.5.181.80.166) | log-pwd-against.electrastate.net | - | High
|
||||
13 | [5.181.80.177](https://vuldb.com/?ip.5.181.80.177) | 2803-master.electrastate.net | - | High
|
||||
14 | [5.181.156.16](https://vuldb.com/?ip.5.181.156.16) | 5-181-156-16.mivocloud.com | - | High
|
||||
15 | [5.181.156.53](https://vuldb.com/?ip.5.181.156.53) | 5-181-156-53.mivocloud.com | - | High
|
||||
16 | [5.181.156.67](https://vuldb.com/?ip.5.181.156.67) | 5-181-156-67.mivocloud.com | - | High
|
||||
17 | [5.181.156.203](https://vuldb.com/?ip.5.181.156.203) | 5-181-156-203.mivocloud.com | - | High
|
||||
18 | [5.182.207.28](https://vuldb.com/?ip.5.182.207.28) | home-server.justin-gruenwald.de | - | High
|
||||
19 | [5.183.78.108](https://vuldb.com/?ip.5.183.78.108) | lake.battletime.vip | - | High
|
||||
20 | [5.252.177.62](https://vuldb.com/?ip.5.252.177.62) | no-rdns.mivocloud.com | - | High
|
||||
21 | [5.255.97.234](https://vuldb.com/?ip.5.255.97.234) | - | - | High
|
||||
22 | [5.255.97.235](https://vuldb.com/?ip.5.255.97.235) | - | - | High
|
||||
23 | [5.255.97.236](https://vuldb.com/?ip.5.255.97.236) | - | - | High
|
||||
24 | [5.255.97.237](https://vuldb.com/?ip.5.255.97.237) | - | - | High
|
||||
25 | [8.209.92.187](https://vuldb.com/?ip.8.209.92.187) | - | - | High
|
||||
26 | [23.160.193.12](https://vuldb.com/?ip.23.160.193.12) | unknown.ip-xfer.net | - | High
|
||||
27 | [23.160.193.16](https://vuldb.com/?ip.23.160.193.16) | unknown.ip-xfer.net | - | High
|
||||
28 | [23.160.193.24](https://vuldb.com/?ip.23.160.193.24) | unknown.ip-xfer.net | - | High
|
||||
29 | [23.160.193.38](https://vuldb.com/?ip.23.160.193.38) | unknown.ip-xfer.net | - | High
|
||||
30 | [23.160.193.62](https://vuldb.com/?ip.23.160.193.62) | unknown.ip-xfer.net | - | High
|
||||
31 | [23.160.193.91](https://vuldb.com/?ip.23.160.193.91) | unknown.ip-xfer.net | - | High
|
||||
32 | [23.160.193.119](https://vuldb.com/?ip.23.160.193.119) | unknown.ip-xfer.net | - | High
|
||||
33 | [23.160.193.190](https://vuldb.com/?ip.23.160.193.190) | usa-il-01.vpn.rapidz.xyz | - | High
|
||||
34 | [23.160.193.217](https://vuldb.com/?ip.23.160.193.217) | unknown.ip-xfer.net | - | High
|
||||
35 | [23.160.193.221](https://vuldb.com/?ip.23.160.193.221) | unknown.ip-xfer.net | - | High
|
||||
36 | [23.160.193.223](https://vuldb.com/?ip.23.160.193.223) | unknown.ip-xfer.net | - | High
|
||||
37 | [23.254.211.173](https://vuldb.com/?ip.23.254.211.173) | hwsrv-1062535.hostwindsdns.com | - | High
|
||||
38 | [27.123.255.182](https://vuldb.com/?ip.27.123.255.182) | 27-123-255-182-mcnbd.com | - | High
|
||||
39 | [31.13.195.13](https://vuldb.com/?ip.31.13.195.13) | - | - | High
|
||||
40 | [31.13.195.26](https://vuldb.com/?ip.31.13.195.26) | - | - | High
|
||||
41 | [31.13.195.32](https://vuldb.com/?ip.31.13.195.32) | - | - | High
|
||||
42 | [31.13.195.40](https://vuldb.com/?ip.31.13.195.40) | - | - | High
|
||||
43 | [31.13.195.71](https://vuldb.com/?ip.31.13.195.71) | - | - | High
|
||||
44 | [31.13.195.85](https://vuldb.com/?ip.31.13.195.85) | - | - | High
|
||||
45 | [31.13.195.87](https://vuldb.com/?ip.31.13.195.87) | mta0.wimston.com | - | High
|
||||
46 | [31.13.195.90](https://vuldb.com/?ip.31.13.195.90) | news.uroids.to | - | High
|
||||
47 | [31.13.195.107](https://vuldb.com/?ip.31.13.195.107) | - | - | High
|
||||
48 | [31.13.195.108](https://vuldb.com/?ip.31.13.195.108) | - | - | High
|
||||
49 | [31.13.195.115](https://vuldb.com/?ip.31.13.195.115) | - | - | High
|
||||
50 | [31.13.195.125](https://vuldb.com/?ip.31.13.195.125) | - | - | High
|
||||
51 | [31.13.195.126](https://vuldb.com/?ip.31.13.195.126) | - | - | High
|
||||
52 | [31.13.195.129](https://vuldb.com/?ip.31.13.195.129) | - | - | High
|
||||
53 | [31.13.195.133](https://vuldb.com/?ip.31.13.195.133) | - | - | High
|
||||
54 | [31.13.195.140](https://vuldb.com/?ip.31.13.195.140) | - | - | High
|
||||
55 | [31.13.195.144](https://vuldb.com/?ip.31.13.195.144) | - | - | High
|
||||
56 | [31.13.195.145](https://vuldb.com/?ip.31.13.195.145) | - | - | High
|
||||
57 | [31.13.195.152](https://vuldb.com/?ip.31.13.195.152) | - | - | High
|
||||
58 | [31.13.195.187](https://vuldb.com/?ip.31.13.195.187) | lostaholicss.com | - | High
|
||||
59 | [31.13.195.188](https://vuldb.com/?ip.31.13.195.188) | - | - | High
|
||||
60 | [31.13.195.189](https://vuldb.com/?ip.31.13.195.189) | mta0.speerasoc.com | - | High
|
||||
61 | [45.14.226.23](https://vuldb.com/?ip.45.14.226.23) | - | - | High
|
||||
62 | [45.14.226.182](https://vuldb.com/?ip.45.14.226.182) | 45-14-226-182.hosted-by.phanes.cloud | - | High
|
||||
63 | [45.14.226.234](https://vuldb.com/?ip.45.14.226.234) | 45-14-226-234.hosted-by.phanes.cloud | - | High
|
||||
64 | [45.15.131.126](https://vuldb.com/?ip.45.15.131.126) | - | - | High
|
||||
65 | [45.41.204.137](https://vuldb.com/?ip.45.41.204.137) | hattouch.xyz | - | High
|
||||
66 | [45.41.204.150](https://vuldb.com/?ip.45.41.204.150) | - | - | High
|
||||
67 | [45.41.204.151](https://vuldb.com/?ip.45.41.204.151) | - | - | High
|
||||
68 | [45.41.204.153](https://vuldb.com/?ip.45.41.204.153) | - | - | High
|
||||
69 | [45.41.204.156](https://vuldb.com/?ip.45.41.204.156) | - | - | High
|
||||
70 | [45.41.204.158](https://vuldb.com/?ip.45.41.204.158) | - | - | High
|
||||
71 | [45.42.201.123](https://vuldb.com/?ip.45.42.201.123) | - | - | High
|
||||
72 | [45.61.136.128](https://vuldb.com/?ip.45.61.136.128) | - | - | High
|
||||
73 | [45.61.136.243](https://vuldb.com/?ip.45.61.136.243) | - | - | High
|
||||
74 | [45.63.108.27](https://vuldb.com/?ip.45.63.108.27) | 45.63.108.27.vultrusercontent.com | - | High
|
||||
75 | [45.77.185.151](https://vuldb.com/?ip.45.77.185.151) | 45.77.185.151.vultrusercontent.com | - | High
|
||||
76 | [45.79.38.25](https://vuldb.com/?ip.45.79.38.25) | 45-79-38-25.ip.linodeusercontent.com | - | High
|
||||
77 | [45.80.184.53](https://vuldb.com/?ip.45.80.184.53) | - | - | High
|
||||
78 | [45.89.106.80](https://vuldb.com/?ip.45.89.106.80) | - | - | High
|
||||
79 | [45.89.106.210](https://vuldb.com/?ip.45.89.106.210) | - | - | High
|
||||
80 | [45.89.127.63](https://vuldb.com/?ip.45.89.127.63) | smtp.polishedfog.com | - | High
|
||||
81 | [45.95.186.118](https://vuldb.com/?ip.45.95.186.118) | - | - | High
|
||||
82 | [45.131.66.226](https://vuldb.com/?ip.45.131.66.226) | - | - | High
|
||||
83 | [45.138.51.223](https://vuldb.com/?ip.45.138.51.223) | - | - | High
|
||||
84 | [45.148.123.47](https://vuldb.com/?ip.45.148.123.47) | rover.yourptflixmovies.com | - | High
|
||||
85 | [46.101.23.183](https://vuldb.com/?ip.46.101.23.183) | - | - | High
|
||||
86 | [46.101.144.128](https://vuldb.com/?ip.46.101.144.128) | - | - | High
|
||||
87 | [46.101.158.148](https://vuldb.com/?ip.46.101.158.148) | - | - | High
|
||||
88 | [46.101.160.136](https://vuldb.com/?ip.46.101.160.136) | - | - | High
|
||||
89 | [46.101.200.191](https://vuldb.com/?ip.46.101.200.191) | - | - | High
|
||||
90 | [46.101.243.72](https://vuldb.com/?ip.46.101.243.72) | - | - | High
|
||||
91 | [51.89.128.193](https://vuldb.com/?ip.51.89.128.193) | - | - | High
|
||||
92 | [62.86.87.126](https://vuldb.com/?ip.62.86.87.126) | host-62-86-87-126.business.telecomitalia.it | - | High
|
||||
93 | [63.251.235.76](https://vuldb.com/?ip.63.251.235.76) | - | - | High
|
||||
94 | [64.225.65.20](https://vuldb.com/?ip.64.225.65.20) | - | - | High
|
||||
95 | [64.225.67.59](https://vuldb.com/?ip.64.225.67.59) | - | - | High
|
||||
96 | [64.225.67.166](https://vuldb.com/?ip.64.225.67.166) | - | - | High
|
||||
97 | [64.225.68.0](https://vuldb.com/?ip.64.225.68.0) | - | - | High
|
||||
98 | [64.225.71.82](https://vuldb.com/?ip.64.225.71.82) | - | - | High
|
||||
99 | [64.225.71.166](https://vuldb.com/?ip.64.225.71.166) | - | - | High
|
||||
100 | [64.225.71.185](https://vuldb.com/?ip.64.225.71.185) | - | - | High
|
||||
101 | [64.225.71.198](https://vuldb.com/?ip.64.225.71.198) | - | - | High
|
||||
102 | [64.225.79.44](https://vuldb.com/?ip.64.225.79.44) | minitractoronline.tempurl.host | - | High
|
||||
103 | [64.225.98.197](https://vuldb.com/?ip.64.225.98.197) | - | - | High
|
||||
104 | [64.225.98.255](https://vuldb.com/?ip.64.225.98.255) | - | - | High
|
||||
105 | [64.225.102.174](https://vuldb.com/?ip.64.225.102.174) | - | - | High
|
||||
106 | [64.225.105.20](https://vuldb.com/?ip.64.225.105.20) | - | - | High
|
||||
107 | [64.225.105.147](https://vuldb.com/?ip.64.225.105.147) | - | - | High
|
||||
108 | [64.225.105.222](https://vuldb.com/?ip.64.225.105.222) | mail.bmk.imagenesandinas.com.ar | - | High
|
||||
109 | [64.225.106.4](https://vuldb.com/?ip.64.225.106.4) | - | - | High
|
||||
110 | [64.225.108.199](https://vuldb.com/?ip.64.225.108.199) | scram4-renamed.dkirov-be | - | High
|
||||
111 | [64.225.110.48](https://vuldb.com/?ip.64.225.110.48) | driver-job.eu | - | High
|
||||
112 | [64.227.65.21](https://vuldb.com/?ip.64.227.65.21) | cdae.com | - | High
|
||||
113 | [64.227.65.60](https://vuldb.com/?ip.64.227.65.60) | - | - | High
|
||||
114 | [64.227.65.82](https://vuldb.com/?ip.64.227.65.82) | 695932.cloudwaysapps.com | - | High
|
||||
115 | [64.227.66.10](https://vuldb.com/?ip.64.227.66.10) | defitower.one | - | High
|
||||
116 | [64.227.68.7](https://vuldb.com/?ip.64.227.68.7) | leezroptiek.nl | - | High
|
||||
117 | [64.227.69.92](https://vuldb.com/?ip.64.227.69.92) | - | - | High
|
||||
118 | [64.227.72.14](https://vuldb.com/?ip.64.227.72.14) | dmocci.ekuljwbiigs | - | High
|
||||
119 | [64.227.72.58](https://vuldb.com/?ip.64.227.72.58) | - | - | High
|
||||
120 | [64.227.72.83](https://vuldb.com/?ip.64.227.72.83) | - | - | High
|
||||
121 | [64.227.73.19](https://vuldb.com/?ip.64.227.73.19) | - | - | High
|
||||
122 | [64.227.73.32](https://vuldb.com/?ip.64.227.73.32) | daarom.tempurl.host | - | High
|
||||
123 | [64.227.73.80](https://vuldb.com/?ip.64.227.73.80) | - | - | High
|
||||
124 | [64.227.75.136](https://vuldb.com/?ip.64.227.75.136) | - | - | High
|
||||
125 | [64.227.75.195](https://vuldb.com/?ip.64.227.75.195) | - | - | High
|
||||
126 | [64.227.77.21](https://vuldb.com/?ip.64.227.77.21) | - | - | High
|
||||
127 | [64.227.77.91](https://vuldb.com/?ip.64.227.77.91) | - | - | High
|
||||
128 | [64.227.77.160](https://vuldb.com/?ip.64.227.77.160) | - | - | High
|
||||
129 | [64.227.78.70](https://vuldb.com/?ip.64.227.78.70) | - | - | High
|
||||
130 | [64.227.79.47](https://vuldb.com/?ip.64.227.79.47) | - | - | High
|
||||
131 | [64.227.114.0](https://vuldb.com/?ip.64.227.114.0) | - | - | High
|
||||
132 | [64.227.116.94](https://vuldb.com/?ip.64.227.116.94) | - | - | High
|
||||
133 | [64.227.118.34](https://vuldb.com/?ip.64.227.118.34) | - | - | High
|
||||
134 | [64.227.122.248](https://vuldb.com/?ip.64.227.122.248) | - | - | High
|
||||
135 | [66.42.103.186](https://vuldb.com/?ip.66.42.103.186) | 66.42.103.186.vultrusercontent.com | - | High
|
||||
136 | [68.183.14.255](https://vuldb.com/?ip.68.183.14.255) | - | - | High
|
||||
137 | [68.183.65.211](https://vuldb.com/?ip.68.183.65.211) | hairtrust.gr | - | High
|
||||
138 | [68.183.67.170](https://vuldb.com/?ip.68.183.67.170) | - | - | High
|
||||
139 | [68.183.67.197](https://vuldb.com/?ip.68.183.67.197) | - | - | High
|
||||
140 | [68.183.69.194](https://vuldb.com/?ip.68.183.69.194) | - | - | High
|
||||
141 | [80.71.158.22](https://vuldb.com/?ip.80.71.158.22) | - | - | High
|
||||
142 | [80.71.158.42](https://vuldb.com/?ip.80.71.158.42) | free.ntup.net | - | High
|
||||
143 | [80.71.158.106](https://vuldb.com/?ip.80.71.158.106) | - | - | High
|
||||
1 | [3.89.160.167](https://vuldb.com/?ip.3.89.160.167) | ec2-3-89-160-167.compute-1.amazonaws.com | - | Medium
|
||||
2 | [5.2.67.108](https://vuldb.com/?ip.5.2.67.108) | - | - | High
|
||||
3 | [5.2.70.80](https://vuldb.com/?ip.5.2.70.80) | - | - | High
|
||||
4 | [5.2.78.37](https://vuldb.com/?ip.5.2.78.37) | - | - | High
|
||||
5 | [5.34.179.33](https://vuldb.com/?ip.5.34.179.33) | - | - | High
|
||||
6 | [5.39.63.98](https://vuldb.com/?ip.5.39.63.98) | - | - | High
|
||||
7 | [5.39.63.103](https://vuldb.com/?ip.5.39.63.103) | - | - | High
|
||||
8 | [5.135.255.247](https://vuldb.com/?ip.5.135.255.247) | - | - | High
|
||||
9 | [5.181.80.16](https://vuldb.com/?ip.5.181.80.16) | ip-80-16-bullethost.net | - | High
|
||||
10 | [5.181.80.22](https://vuldb.com/?ip.5.181.80.22) | zara.net | - | High
|
||||
11 | [5.181.80.108](https://vuldb.com/?ip.5.181.80.108) | ip-80-108-bullethost.net | - | High
|
||||
12 | [5.181.80.141](https://vuldb.com/?ip.5.181.80.141) | - | - | High
|
||||
13 | [5.181.80.166](https://vuldb.com/?ip.5.181.80.166) | log-pwd-against.electrastate.net | - | High
|
||||
14 | [5.181.80.177](https://vuldb.com/?ip.5.181.80.177) | 2803-master.electrastate.net | - | High
|
||||
15 | [5.181.156.16](https://vuldb.com/?ip.5.181.156.16) | 5-181-156-16.mivocloud.com | - | High
|
||||
16 | [5.181.156.53](https://vuldb.com/?ip.5.181.156.53) | 5-181-156-53.mivocloud.com | - | High
|
||||
17 | [5.181.156.67](https://vuldb.com/?ip.5.181.156.67) | 5-181-156-67.mivocloud.com | - | High
|
||||
18 | [5.181.156.203](https://vuldb.com/?ip.5.181.156.203) | 5-181-156-203.mivocloud.com | - | High
|
||||
19 | [5.182.207.28](https://vuldb.com/?ip.5.182.207.28) | home-server.justin-gruenwald.de | - | High
|
||||
20 | [5.183.78.108](https://vuldb.com/?ip.5.183.78.108) | lake.battletime.vip | - | High
|
||||
21 | [5.252.177.62](https://vuldb.com/?ip.5.252.177.62) | no-rdns.mivocloud.com | - | High
|
||||
22 | [5.255.97.234](https://vuldb.com/?ip.5.255.97.234) | - | - | High
|
||||
23 | [5.255.97.235](https://vuldb.com/?ip.5.255.97.235) | - | - | High
|
||||
24 | [5.255.97.236](https://vuldb.com/?ip.5.255.97.236) | - | - | High
|
||||
25 | [5.255.97.237](https://vuldb.com/?ip.5.255.97.237) | - | - | High
|
||||
26 | [8.209.92.187](https://vuldb.com/?ip.8.209.92.187) | - | - | High
|
||||
27 | [23.160.193.12](https://vuldb.com/?ip.23.160.193.12) | unknown.ip-xfer.net | - | High
|
||||
28 | [23.160.193.16](https://vuldb.com/?ip.23.160.193.16) | unknown.ip-xfer.net | - | High
|
||||
29 | [23.160.193.24](https://vuldb.com/?ip.23.160.193.24) | unknown.ip-xfer.net | - | High
|
||||
30 | [23.160.193.38](https://vuldb.com/?ip.23.160.193.38) | unknown.ip-xfer.net | - | High
|
||||
31 | [23.160.193.62](https://vuldb.com/?ip.23.160.193.62) | unknown.ip-xfer.net | - | High
|
||||
32 | [23.160.193.91](https://vuldb.com/?ip.23.160.193.91) | unknown.ip-xfer.net | - | High
|
||||
33 | [23.160.193.119](https://vuldb.com/?ip.23.160.193.119) | unknown.ip-xfer.net | - | High
|
||||
34 | [23.160.193.190](https://vuldb.com/?ip.23.160.193.190) | usa-il-01.vpn.rapidz.xyz | - | High
|
||||
35 | [23.160.193.217](https://vuldb.com/?ip.23.160.193.217) | unknown.ip-xfer.net | - | High
|
||||
36 | [23.160.193.221](https://vuldb.com/?ip.23.160.193.221) | unknown.ip-xfer.net | - | High
|
||||
37 | [23.160.193.223](https://vuldb.com/?ip.23.160.193.223) | unknown.ip-xfer.net | - | High
|
||||
38 | [23.254.211.173](https://vuldb.com/?ip.23.254.211.173) | hwsrv-1062535.hostwindsdns.com | - | High
|
||||
39 | [27.123.255.182](https://vuldb.com/?ip.27.123.255.182) | 27-123-255-182-mcnbd.com | - | High
|
||||
40 | [31.13.195.13](https://vuldb.com/?ip.31.13.195.13) | - | - | High
|
||||
41 | [31.13.195.26](https://vuldb.com/?ip.31.13.195.26) | - | - | High
|
||||
42 | [31.13.195.32](https://vuldb.com/?ip.31.13.195.32) | - | - | High
|
||||
43 | [31.13.195.40](https://vuldb.com/?ip.31.13.195.40) | - | - | High
|
||||
44 | [31.13.195.71](https://vuldb.com/?ip.31.13.195.71) | - | - | High
|
||||
45 | [31.13.195.85](https://vuldb.com/?ip.31.13.195.85) | - | - | High
|
||||
46 | [31.13.195.87](https://vuldb.com/?ip.31.13.195.87) | mta0.wimston.com | - | High
|
||||
47 | [31.13.195.90](https://vuldb.com/?ip.31.13.195.90) | news.uroids.to | - | High
|
||||
48 | [31.13.195.107](https://vuldb.com/?ip.31.13.195.107) | - | - | High
|
||||
49 | [31.13.195.108](https://vuldb.com/?ip.31.13.195.108) | - | - | High
|
||||
50 | [31.13.195.115](https://vuldb.com/?ip.31.13.195.115) | - | - | High
|
||||
51 | [31.13.195.125](https://vuldb.com/?ip.31.13.195.125) | - | - | High
|
||||
52 | [31.13.195.126](https://vuldb.com/?ip.31.13.195.126) | - | - | High
|
||||
53 | [31.13.195.129](https://vuldb.com/?ip.31.13.195.129) | - | - | High
|
||||
54 | [31.13.195.133](https://vuldb.com/?ip.31.13.195.133) | - | - | High
|
||||
55 | [31.13.195.140](https://vuldb.com/?ip.31.13.195.140) | - | - | High
|
||||
56 | [31.13.195.144](https://vuldb.com/?ip.31.13.195.144) | - | - | High
|
||||
57 | [31.13.195.145](https://vuldb.com/?ip.31.13.195.145) | - | - | High
|
||||
58 | [31.13.195.152](https://vuldb.com/?ip.31.13.195.152) | - | - | High
|
||||
59 | [31.13.195.187](https://vuldb.com/?ip.31.13.195.187) | lostaholicss.com | - | High
|
||||
60 | [31.13.195.188](https://vuldb.com/?ip.31.13.195.188) | - | - | High
|
||||
61 | [31.13.195.189](https://vuldb.com/?ip.31.13.195.189) | mta0.speerasoc.com | - | High
|
||||
62 | [45.14.226.23](https://vuldb.com/?ip.45.14.226.23) | - | - | High
|
||||
63 | [45.14.226.182](https://vuldb.com/?ip.45.14.226.182) | 45-14-226-182.hosted-by.phanes.cloud | - | High
|
||||
64 | [45.14.226.234](https://vuldb.com/?ip.45.14.226.234) | 45-14-226-234.hosted-by.phanes.cloud | - | High
|
||||
65 | [45.15.131.126](https://vuldb.com/?ip.45.15.131.126) | - | - | High
|
||||
66 | [45.41.204.137](https://vuldb.com/?ip.45.41.204.137) | hattouch.xyz | - | High
|
||||
67 | [45.41.204.150](https://vuldb.com/?ip.45.41.204.150) | - | - | High
|
||||
68 | [45.41.204.151](https://vuldb.com/?ip.45.41.204.151) | - | - | High
|
||||
69 | [45.41.204.153](https://vuldb.com/?ip.45.41.204.153) | - | - | High
|
||||
70 | [45.41.204.156](https://vuldb.com/?ip.45.41.204.156) | - | - | High
|
||||
71 | [45.41.204.158](https://vuldb.com/?ip.45.41.204.158) | - | - | High
|
||||
72 | [45.42.201.123](https://vuldb.com/?ip.45.42.201.123) | - | - | High
|
||||
73 | [45.61.136.128](https://vuldb.com/?ip.45.61.136.128) | - | - | High
|
||||
74 | [45.61.136.243](https://vuldb.com/?ip.45.61.136.243) | - | - | High
|
||||
75 | [45.63.108.27](https://vuldb.com/?ip.45.63.108.27) | 45.63.108.27.vultrusercontent.com | - | High
|
||||
76 | [45.77.185.151](https://vuldb.com/?ip.45.77.185.151) | 45.77.185.151.vultrusercontent.com | - | High
|
||||
77 | [45.79.38.25](https://vuldb.com/?ip.45.79.38.25) | 45-79-38-25.ip.linodeusercontent.com | - | High
|
||||
78 | [45.80.184.53](https://vuldb.com/?ip.45.80.184.53) | - | - | High
|
||||
79 | [45.89.106.80](https://vuldb.com/?ip.45.89.106.80) | - | - | High
|
||||
80 | [45.89.106.210](https://vuldb.com/?ip.45.89.106.210) | - | - | High
|
||||
81 | [45.89.127.63](https://vuldb.com/?ip.45.89.127.63) | smtp.polishedfog.com | - | High
|
||||
82 | [45.95.186.118](https://vuldb.com/?ip.45.95.186.118) | - | - | High
|
||||
83 | [45.131.66.226](https://vuldb.com/?ip.45.131.66.226) | - | - | High
|
||||
84 | [45.138.51.223](https://vuldb.com/?ip.45.138.51.223) | - | - | High
|
||||
85 | [45.148.123.47](https://vuldb.com/?ip.45.148.123.47) | rover.yourptflixmovies.com | - | High
|
||||
86 | [46.101.23.183](https://vuldb.com/?ip.46.101.23.183) | - | - | High
|
||||
87 | [46.101.144.128](https://vuldb.com/?ip.46.101.144.128) | - | - | High
|
||||
88 | [46.101.158.148](https://vuldb.com/?ip.46.101.158.148) | - | - | High
|
||||
89 | [46.101.160.136](https://vuldb.com/?ip.46.101.160.136) | - | - | High
|
||||
90 | [46.101.200.191](https://vuldb.com/?ip.46.101.200.191) | - | - | High
|
||||
91 | [46.101.243.72](https://vuldb.com/?ip.46.101.243.72) | - | - | High
|
||||
92 | [51.89.128.193](https://vuldb.com/?ip.51.89.128.193) | - | - | High
|
||||
93 | [62.86.87.126](https://vuldb.com/?ip.62.86.87.126) | host-62-86-87-126.business.telecomitalia.it | - | High
|
||||
94 | [63.251.235.76](https://vuldb.com/?ip.63.251.235.76) | - | - | High
|
||||
95 | [64.225.65.20](https://vuldb.com/?ip.64.225.65.20) | - | - | High
|
||||
96 | [64.225.67.59](https://vuldb.com/?ip.64.225.67.59) | - | - | High
|
||||
97 | [64.225.67.166](https://vuldb.com/?ip.64.225.67.166) | - | - | High
|
||||
98 | [64.225.68.0](https://vuldb.com/?ip.64.225.68.0) | - | - | High
|
||||
99 | [64.225.71.82](https://vuldb.com/?ip.64.225.71.82) | - | - | High
|
||||
100 | [64.225.71.166](https://vuldb.com/?ip.64.225.71.166) | - | - | High
|
||||
101 | [64.225.71.185](https://vuldb.com/?ip.64.225.71.185) | - | - | High
|
||||
102 | [64.225.71.198](https://vuldb.com/?ip.64.225.71.198) | - | - | High
|
||||
103 | [64.225.79.44](https://vuldb.com/?ip.64.225.79.44) | minitractoronline.tempurl.host | - | High
|
||||
104 | [64.225.98.197](https://vuldb.com/?ip.64.225.98.197) | - | - | High
|
||||
105 | [64.225.98.255](https://vuldb.com/?ip.64.225.98.255) | - | - | High
|
||||
106 | [64.225.102.174](https://vuldb.com/?ip.64.225.102.174) | - | - | High
|
||||
107 | [64.225.105.20](https://vuldb.com/?ip.64.225.105.20) | - | - | High
|
||||
108 | [64.225.105.147](https://vuldb.com/?ip.64.225.105.147) | - | - | High
|
||||
109 | [64.225.105.222](https://vuldb.com/?ip.64.225.105.222) | mail.bmk.imagenesandinas.com.ar | - | High
|
||||
110 | [64.225.106.4](https://vuldb.com/?ip.64.225.106.4) | - | - | High
|
||||
111 | [64.225.108.199](https://vuldb.com/?ip.64.225.108.199) | scram4-renamed.dkirov-be | - | High
|
||||
112 | [64.225.110.48](https://vuldb.com/?ip.64.225.110.48) | driver-job.eu | - | High
|
||||
113 | [64.227.65.21](https://vuldb.com/?ip.64.227.65.21) | cdae.com | - | High
|
||||
114 | [64.227.65.60](https://vuldb.com/?ip.64.227.65.60) | - | - | High
|
||||
115 | [64.227.65.82](https://vuldb.com/?ip.64.227.65.82) | 695932.cloudwaysapps.com | - | High
|
||||
116 | [64.227.66.10](https://vuldb.com/?ip.64.227.66.10) | defitower.one | - | High
|
||||
117 | [64.227.68.7](https://vuldb.com/?ip.64.227.68.7) | leezroptiek.nl | - | High
|
||||
118 | [64.227.69.92](https://vuldb.com/?ip.64.227.69.92) | - | - | High
|
||||
119 | [64.227.72.14](https://vuldb.com/?ip.64.227.72.14) | dmocci.ekuljwbiigs | - | High
|
||||
120 | [64.227.72.58](https://vuldb.com/?ip.64.227.72.58) | - | - | High
|
||||
121 | [64.227.72.83](https://vuldb.com/?ip.64.227.72.83) | - | - | High
|
||||
122 | [64.227.73.19](https://vuldb.com/?ip.64.227.73.19) | - | - | High
|
||||
123 | [64.227.73.32](https://vuldb.com/?ip.64.227.73.32) | daarom.tempurl.host | - | High
|
||||
124 | [64.227.73.80](https://vuldb.com/?ip.64.227.73.80) | - | - | High
|
||||
125 | [64.227.75.136](https://vuldb.com/?ip.64.227.75.136) | - | - | High
|
||||
126 | [64.227.75.195](https://vuldb.com/?ip.64.227.75.195) | - | - | High
|
||||
127 | [64.227.77.21](https://vuldb.com/?ip.64.227.77.21) | - | - | High
|
||||
128 | [64.227.77.91](https://vuldb.com/?ip.64.227.77.91) | - | - | High
|
||||
129 | [64.227.77.160](https://vuldb.com/?ip.64.227.77.160) | - | - | High
|
||||
130 | [64.227.78.70](https://vuldb.com/?ip.64.227.78.70) | - | - | High
|
||||
131 | [64.227.79.47](https://vuldb.com/?ip.64.227.79.47) | - | - | High
|
||||
132 | [64.227.114.0](https://vuldb.com/?ip.64.227.114.0) | - | - | High
|
||||
133 | [64.227.116.94](https://vuldb.com/?ip.64.227.116.94) | - | - | High
|
||||
134 | [64.227.118.34](https://vuldb.com/?ip.64.227.118.34) | - | - | High
|
||||
135 | [64.227.122.248](https://vuldb.com/?ip.64.227.122.248) | - | - | High
|
||||
136 | [66.42.103.186](https://vuldb.com/?ip.66.42.103.186) | 66.42.103.186.vultrusercontent.com | - | High
|
||||
137 | [68.183.14.255](https://vuldb.com/?ip.68.183.14.255) | - | - | High
|
||||
138 | [68.183.65.211](https://vuldb.com/?ip.68.183.65.211) | hairtrust.gr | - | High
|
||||
139 | [68.183.67.170](https://vuldb.com/?ip.68.183.67.170) | - | - | High
|
||||
140 | [68.183.67.197](https://vuldb.com/?ip.68.183.67.197) | - | - | High
|
||||
141 | [68.183.69.194](https://vuldb.com/?ip.68.183.69.194) | - | - | High
|
||||
142 | [80.71.158.22](https://vuldb.com/?ip.80.71.158.22) | - | - | High
|
||||
143 | [80.71.158.42](https://vuldb.com/?ip.80.71.158.42) | free.ntup.net | - | High
|
||||
144 | ... | ... | ... | ...
|
||||
|
||||
There are 570 more IOC items available. Please use our online service to access the data.
|
||||
There are 573 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -175,13 +175,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -189,56 +189,55 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/?p=products` | Medium
|
||||
4 | File | `/action/wirelessConnect` | High
|
||||
5 | File | `/admin` | Low
|
||||
6 | File | `/admin-ajax.php?action=eps_redirect_save` | High
|
||||
7 | File | `/admin/assign/assign.php` | High
|
||||
8 | File | `/admin/cashadvance_row.php` | High
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/action/wirelessConnect` | High
|
||||
4 | File | `/admin` | Low
|
||||
5 | File | `/admin-ajax.php?action=eps_redirect_save` | High
|
||||
6 | File | `/admin/assign/assign.php` | High
|
||||
7 | File | `/admin/cashadvance_row.php` | High
|
||||
8 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
9 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
10 | File | `/admin/departments/view_department.php` | High
|
||||
11 | File | `/admin/login.php` | High
|
||||
12 | File | `/admin/maintenance/view_designation.php` | High
|
||||
13 | File | `/admin/patient.php` | High
|
||||
14 | File | `/admin/suppliers/view_details.php` | High
|
||||
15 | File | `/admin/user/manage_user.php` | High
|
||||
16 | File | `/admin/user/uploadImg` | High
|
||||
17 | File | `/api/admin/store/product/list` | High
|
||||
18 | File | `/apply.cgi` | Medium
|
||||
19 | File | `/as/authorization.oauth2` | High
|
||||
13 | File | `/admin/suppliers/view_details.php` | High
|
||||
14 | File | `/admin/user/manage_user.php` | High
|
||||
15 | File | `/admin/user/uploadImg` | High
|
||||
16 | File | `/api/admin/store/product/list` | High
|
||||
17 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
18 | File | `/authenticationendpoint/login.do` | High
|
||||
19 | File | `/bin/login` | Medium
|
||||
20 | File | `/cgi-bin/kerbynet` | High
|
||||
21 | File | `/cgi-bin/luci/api/auth` | High
|
||||
22 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
23 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
24 | File | `/churchcrm/EventAttendance.php` | High
|
||||
25 | File | `/classes/Master.php` | High
|
||||
26 | File | `/classes/Master.php?f=delete_item` | High
|
||||
27 | File | `/config/getuser` | High
|
||||
28 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
29 | File | `/DXR.axd` | Medium
|
||||
30 | File | `/filemanager/php/connector.php` | High
|
||||
31 | File | `/forms/doLogin` | High
|
||||
32 | File | `/forum/away.php` | High
|
||||
33 | File | `/licenses` | Medium
|
||||
34 | File | `/login/index.php` | High
|
||||
35 | File | `/mhds/clinic/view_details.php` | High
|
||||
36 | File | `/mims/login.php` | High
|
||||
37 | File | `/modules/projects/vw_files.php` | High
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/plain` | Low
|
||||
40 | File | `/public/launchNewWindow.jsp` | High
|
||||
41 | File | `/qsr_server/device/reboot` | High
|
||||
42 | ... | ... | ...
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/churchcrm/EventAttendance.php` | High
|
||||
23 | File | `/classes/Master.php` | High
|
||||
24 | File | `/classes/Master.php?f=delete_item` | High
|
||||
25 | File | `/config/getuser` | High
|
||||
26 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
27 | File | `/forms/doLogin` | High
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/licenses` | Medium
|
||||
31 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
32 | File | `/login/index.php` | High
|
||||
33 | File | `/menu.html` | Medium
|
||||
34 | File | `/mims/login.php` | High
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/plain` | Low
|
||||
37 | File | `/public/launchNewWindow.jsp` | High
|
||||
38 | File | `/qsr_server/device/reboot` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 367 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 339 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://bazaar.abuse.ch/sample/06a3c3cff1631cf486c6420e18b2bb2b7ee671ed273b94836e831a437badfaae/
|
||||
* https://pastebin.com/CUC1KXVk
|
||||
* https://pastebin.com/DBrd7fHk
|
||||
* https://pastebin.com/raw/sTTGEvD5
|
||||
* https://raw.githubusercontent.com/executemalware/Malware-IOCs/main/2022-01-24%20Bazarloader%20IOCs
|
||||
* https://threatfox.abuse.ch
|
||||
|
|
|
@ -0,0 +1,75 @@
|
|||
# Beapy - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Beapy](https://vuldb.com/?actor.beapy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.beapy](https://vuldb.com/?actor.beapy)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Beapy:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Beapy.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [27.102.107.137](https://vuldb.com/?ip.27.102.107.137) | - | - | High
|
||||
2 | [27.102.130.126](https://vuldb.com/?ip.27.102.130.126) | - | - | High
|
||||
3 | [123.129.254.12](https://vuldb.com/?ip.123.129.254.12) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Beapy_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Beapy. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/webproc` | High
|
||||
2 | File | `/crmeb/crmeb/services/UploadService.php` | High
|
||||
3 | File | `/env` | Low
|
||||
4 | File | `/expert_wizard.php` | High
|
||||
5 | File | `/s/` | Low
|
||||
6 | File | `/static/ueditor/php/controller.php` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 45 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://content.connect.symantec.com/sites/default/files/2019-04/Beapy_IOCs.txt
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -53,51 +53,55 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
30 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
|
||||
31 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
|
||||
32 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
|
||||
33 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
|
||||
34 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
|
||||
35 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
|
||||
36 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
|
||||
37 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
|
||||
38 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
|
||||
39 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
|
||||
40 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
|
||||
41 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
42 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
43 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
44 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
45 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
46 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
|
||||
47 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
|
||||
48 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
|
||||
49 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
|
||||
50 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
|
||||
51 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
|
||||
52 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
|
||||
53 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
|
||||
54 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
|
||||
55 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
|
||||
56 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
|
||||
57 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
|
||||
58 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
59 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
|
||||
60 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
|
||||
61 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
|
||||
62 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
|
||||
63 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
|
||||
64 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
|
||||
65 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
|
||||
66 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
|
||||
67 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
|
||||
68 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
|
||||
69 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
|
||||
70 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
|
||||
71 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
|
||||
72 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
|
||||
73 | [45.128.156.43](https://vuldb.com/?ip.45.128.156.43) | buyetcapp.store | - | High
|
||||
74 | [45.134.174.99](https://vuldb.com/?ip.45.134.174.99) | dedicated.vsys.host | - | High
|
||||
75 | ... | ... | ... | ...
|
||||
33 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
|
||||
34 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
|
||||
35 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
|
||||
36 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
|
||||
37 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
|
||||
38 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
|
||||
39 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
|
||||
40 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
|
||||
41 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
|
||||
42 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
43 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
44 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
45 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
46 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
47 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
|
||||
48 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
|
||||
49 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
|
||||
50 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
|
||||
51 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
|
||||
52 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
|
||||
53 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
|
||||
54 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
|
||||
55 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
|
||||
56 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
|
||||
57 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
|
||||
58 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
|
||||
59 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
|
||||
60 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
61 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
|
||||
62 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
|
||||
63 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
|
||||
64 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
|
||||
65 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
|
||||
66 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
|
||||
67 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
|
||||
68 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
|
||||
69 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
|
||||
70 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
|
||||
71 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
|
||||
72 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
|
||||
73 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
|
||||
74 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
|
||||
75 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
|
||||
76 | [45.128.156.43](https://vuldb.com/?ip.45.128.156.43) | buyetcapp.store | - | High
|
||||
77 | [45.134.174.99](https://vuldb.com/?ip.45.134.174.99) | dedicated.vsys.host | - | High
|
||||
78 | [45.138.172.80](https://vuldb.com/?ip.45.138.172.80) | - | - | High
|
||||
79 | ... | ... | ... | ...
|
||||
|
||||
There are 298 more IOC items available. Please use our online service to access the data.
|
||||
There are 311 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -110,9 +114,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -128,23 +133,35 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/AgilePointServer/Extension/FetchUsingEncodedData` | High
|
||||
7 | File | `/ajax_crud` | Medium
|
||||
8 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
9 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
10 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/goform/aspForm` | High
|
||||
14 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
15 | File | `/login/index.php` | High
|
||||
16 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
17 | File | `/ms/cms/content/list.do` | High
|
||||
18 | File | `/orms/` | Low
|
||||
19 | File | `/plesk-site-preview/` | High
|
||||
20 | File | `/project/PROJECTNAME/reports/` | High
|
||||
21 | File | `/school/model/get_admin_profile.php` | High
|
||||
22 | File | `/student-grading-system/rms.php?page=grade` | High
|
||||
23 | ... | ... | ...
|
||||
9 | File | `/cgi-bin/user/Config.cgi` | High
|
||||
10 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
11 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/DXR.axd` | Medium
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/goform/aspForm` | High
|
||||
16 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
17 | File | `/htdocs/cgibin` | High
|
||||
18 | File | `/login/index.php` | High
|
||||
19 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
20 | File | `/ms/cms/content/list.do` | High
|
||||
21 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
22 | File | `/orms/` | Low
|
||||
23 | File | `/plesk-site-preview/` | High
|
||||
24 | File | `/project/PROJECTNAME/reports/` | High
|
||||
25 | File | `/school/model/get_admin_profile.php` | High
|
||||
26 | File | `/student-grading-system/rms.php?page=grade` | High
|
||||
27 | File | `/timeline2.php` | High
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
30 | File | `/usr/sbin/suexec` | High
|
||||
31 | File | `/videotalk` | Medium
|
||||
32 | File | `/WEB-INF/web.xml` | High
|
||||
33 | File | `/web/MCmsAction.java` | High
|
||||
34 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 190 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -158,6 +175,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a9f0dba902298a463c27d83b8c539ba267995f5e7ee65e6ac24b0fad9d4b83c4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a6150f19c37c92bfbc6d92db21a83fea6d08116bfeec2e88443603fc9b65aef0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a27982e0af10780db6224003b8e218125615499d536f297770cf7c6bcf9c8b76%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a681760a71d31230a323648f4b6c5429dcf0c245c9c7a2d7a53aa65005c67a8f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22a7326393f03e54e90918dc7729821ed29ae88b550040641405923a694604f911%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22aa2c27c05c61d6ce67aafa430e381e1ec947ba318b29a7745b1270d9d483bdd3%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22aabb7c5c4d4c15839a37e5ab08f90107e96e68e8f59f0fef4101b1f0bbcaacda%22
|
||||
|
@ -195,6 +213,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22cd274fe56f25f49fa8b2108e8692611aed1eff06908b1929b13701a7b8121757%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d0a1ce295d8cb17121c2d53fc57720071168552b851cb8dcb48d0d8291d19495%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d62e30b1ad3e4a5e6af1f3e0451ee6432c7949b73751d3a456be5b40c13a447e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d360ecb50280e8747808acda5f0e2bc9f7e29f4b60576af14284ec6aa87f676b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dbddfe3e7c9f992b12a776387ec36baef4689c90e76e70c32f5742fca707cf07%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dc8dec49562c502d5929f89a163adc46ad398ce6767271fbc9cc8ef40561d094%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dd4cc003b956b0a908bea3043b14477517ffe658967581ffce3e31abdf7d2021%22
|
||||
|
@ -209,6 +228,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e8751ab788f4ff73d0facc30a0b2ec5ea37a18fce1b1aa38f8eadcec19745a5e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e62160ae86ff880d0516811cb33e8fe31949daf9dee136cec2a96b72dd115518%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e66120330cb75ae54b0443c8f8a2d4a2a29c0990ccc5a2416dfad8bf3fd9522d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22eae5fabb16ede8270183e6f9140a8adcd73a98225ed038f7f75cb65b5fcd0432%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ebcbd208dfc442cdfb1be34d6cc99cac2d35f87bfe4fd6d7b1b87c1e212bbfa2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ef39fdbc59a559df2462ce0956458a80e6338d58d04f366d90cdb7965f5edcb2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22f02f1bfc14e0a9b0cfb4946154468df5d7fa6b1c57d1649a98754652883cb020%22
|
||||
|
@ -238,7 +258,9 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224a943035ece09785d49f4ed52e49faf12c3559fec100e3937f009d7f585854df%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224a5267702429ff9be90c1551a33984297ef388f440de12b60c1c90a959490309%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224cf314b141acb1f2cf2a4a88d39e1d6aa7c8bda40fb44edf5c33850416bea988%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224da0d71509226e8aed9a04e389b2a78fedd527469c1c429c634ab821d9b8ec65%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225b36c58791e18728d53b05f27abc88b93724c4ce08c3f62c749c5e563da82a14%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d5ff125ad48581ab86d75669d2ca79c1e02de1be746508c5cdcf767fd6b1eb0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a80cb5adacc61a445d3b1962a79ed40adb62e4eaddebea7131ddbc2bfebf108%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a93688d69aeab73fb28239f0b7ccb8b15ef876d6b134c379ae36a2526d29d83%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a165551d34f38fd44b9fb1949685d14cc36220c99e0e6b05db8907229f7182d%22
|
||||
|
@ -247,12 +269,14 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226c6d464110a46f813722131e8cce268bdccfdfeb705ce25fcc51cabe0b88c8e4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226cbb0cef1838f2b253613796470b7fcc3cd4453d3f5be8220aeda52f383fb781%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226d64edc2a8867b924b85d762657e103ad3338e1bd40b3ffca92633df41e9003e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226ff2935c1dc9d4750155451ca7a63c9183335d11a97bd53c7b3bef1c30dadbe5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227b15ca0e6613e8f7b008165d20fb40bdbc31805143ff35636dfd60b27eba719d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227c0104c32dbf057cc59cd672786089d020422bd85264a8f0a69a57f98e7105c9%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227d00b3f46e02d00732cc66030bc2addb9b05ed50057afe2a63b334b72360d5f0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227d187d521097b1c7fa30d78d0691f33e845069d0b4c6522f81b1ff96e93e920a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227dc2846444a74b2a4090fea4c48a5e5e8d04ae81be94fac62ce50af24701b83b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227de4a51d9fd29fe60f6e79a8dd16ca21fd1250a3f76015fca9f1ced7e407ffd3%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228d99137fde73683c67b4701cfb75b61cc42a23858d065a47a8e7ae01e6070140%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228f532fe8babcbda860f2916592d90b128b327990fd75e34dff68204efc1c6a47%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ae1a707bdb87aa40ec1139533ee543b5bcdf6ce89f7b9c560520d5868e5353e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ccaaf6ad700e922565d1947ac46839e4a8c8a18af7a94605f4ebfcbb916b4f4%22
|
||||
|
@ -264,7 +288,9 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2213fec9dcab49872fcfa8dc703a7baca213497abb1b5a2f8862be0aa1a9e93c83%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2214c9b49486497c56292f24e25801ed4f76998d4798ca51d801a666b0e2a397d6%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2218f3618dfd6257ef264e2b046d2acededb423e7558b0f3b405b9366953b74f8d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220cb8ebe1f1cc16e7650f45c75b3ca0e9d6308998bb58ac3f3fbb1c501f1a0dc%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2222e86fc171d87ccc9c172c719af38245ef9bf8161b54f60ca274e01891a94c08%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2227b04ac57339ca7542a1c1a9ebd0cc84a4cb13f5add52da4a563e7a12d23b105%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2227b262ee97133072dff8ecef3062eeb69d658f0f240d618b6a7f0d5d7cbed34f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2233b6af004f0cd8ab4a9976dba81ca09d682d3531eda5b889a4c6f5debaeaf8f8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2235cde68303f6694d9b3947bd945ee98dd088c98199381fd5b52778513dd283b8%22
|
||||
|
@ -278,13 +304,18 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2277f6340d0bf20df9da3554448d58f092560efd91b2d9665fffe294cabbdf40fd%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2279ad05f691ad8394b1b2a9bfd89f5d90bb61d54d67d07ae3d3a1decc41bf9432%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2280b4844cfce9fcfaaa849478a079e757eff4c268a26c6895c2a1dd4099fcd5d4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2284dd10727e6b29b3278e3f64dbbab293711957835f23cc755b3226b58ec5ef51%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296af81d660c79e3f90f94b28c419a86b89071aa6c17648e95bcb961460d24152%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296cce5f34ad1dac4100822fa1f8e4ed96d06a9aa08f98ded27891eeec656d4f7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2298af871908ffc7c141802d96f585def4a160491c875118ef88c545ce04194cd8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2299b3f3b85d0fc68918abbde16579009b2ebae3300d633fd0ed81d96ba98a38d8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22108f811bc2de45a7dab2156c4617ce3fa42cf3eb5abb72759839a63cefec4cad%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22354c6d8d9033668867406be1bb6238647e207cb5f2de6a776ae3d461637efa8e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22409e50ae1c3f70cf81350be6f3cd218b0c9ef15eb03439c15d53a6012bddae2f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22432ed1ee42746631cefc6d8a69c3ff06ce34c5540437c228a49a4c1c0eb3928a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22465b0d83b7e5e1426d3adf546c9496d63c1a6116364af2be294da83699033b4f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22467e9ded44012e1bec85365276e90fdde7a7cd5fc459f180e2a89355a3a989bb%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22479e1f86c7200a3dc99742937c7db6f9fb75f4ee3a8bd42ad17e8132091982f3%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22520e684445f6257e1aeb5f74ceee23789d75517270876b92dd2860705aec037c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22532a3c38c20c60a3c64f548ad9bd3807e0585f70c78db495c0983fae44da056e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22674a2fef172685c51fda91aba205c20fb95e0c63fa4f0ecb598fb6213775ede5%22
|
||||
|
@ -323,11 +354,14 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2268976f0a08c0ebe81aad2a831b31ad8da59c5293658b60e5d359451d6c7e487a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2276149e95ec0d8218b1d5aa4630174991eecc19935c58f7f29a5fb7050ccd56f5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2278724ff0250bf9ac2d098033e6bbc20e26f5cf0f0f71f54883565fd607f633b9%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2298385a3548d87a841124069aa32398cca8a3175b75eb00e2da3973e6f3888503%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22005886c7f475614044a55712d5c059435c2871ef7ebbc6d3bcec8238cffea263%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22132044ee6a1b025a47fce929ce779c3dc657ee313e84741b69de8006bc428b05%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22356727d03cb2d01f1e9f4e0f06a130c18ea22b3246344c3cff4224472c4e4795%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22748386bf1196c9f3909c8a99ef12dc3faa30b06f0d26b7fe81d69b7925ef7bb0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22775632c25ea7b8f539d03be15fc817583ce646d2699826335c3d0fb52f436d93%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220049443cf44deab0ff3d83e548d4164c8a37f5b1024b6ed2c9a46f64592a9159%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224053867fcc6f7a00de2fc98aa984fb81d2ec2e1017be5f225727e24c87dd62b8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226271256f5ca11039296e33c3a114a174f6b11c692bdd1f2f1901f650070944da%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229595314db92bc0575aa07715462bdb5a5f4456becc3a8315e34da61616bd6291%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2235882624f349cd67b31d2d54dfbe3d16a783eaa89088470e5c3ac7de74192feb%22
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -179,7 +179,7 @@ ID | Type | Indicator | Confidence
|
|||
59 | File | `admin/abc.php` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 527 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 526 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
# BlackTDS - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BlackTDS](https://vuldb.com/?actor.blacktds). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.blacktds](https://vuldb.com/?actor.blacktds)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BlackTDS.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [46.30.45.78](https://vuldb.com/?ip.46.30.45.78) | vm553734.eurodir.ru | - | High
|
||||
2 | [88.99.48.65](https://vuldb.com/?ip.88.99.48.65) | static.65.48.99.88.clients.your-server.de | - | High
|
||||
3 | [193.70.73.251](https://vuldb.com/?ip.193.70.73.251) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,59 @@
|
|||
# Blackgear Cyberespionage - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Blackgear Cyberespionage](https://vuldb.com/?actor.blackgear_cyberespionage). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.blackgear_cyberespionage](https://vuldb.com/?actor.blackgear_cyberespionage)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Blackgear Cyberespionage:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Blackgear Cyberespionage.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [61.170.201.107](https://vuldb.com/?ip.61.170.201.107) | 107.201.170.61.broad.xw.sh.dynamic.163data.com.cn | - | High
|
||||
2 | [111.200.189.88](https://vuldb.com/?ip.111.200.189.88) | - | - | High
|
||||
3 | [113.196.70.151](https://vuldb.com/?ip.113.196.70.151) | 113.196.70.151.ll.static.sparqnet.net | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Blackgear Cyberespionage_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Blackgear Cyberespionage. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `svr-auth.c` | Medium
|
||||
2 | Input Value | `%2E` | Low
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,79 @@
|
|||
# Blackwater - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Blackwater](https://vuldb.com/?actor.blackwater). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.blackwater](https://vuldb.com/?actor.blackwater)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Blackwater:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Blackwater.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [38.132.99.167](https://vuldb.com/?ip.38.132.99.167) | - | - | High
|
||||
2 | [82.102.8.101](https://vuldb.com/?ip.82.102.8.101) | h82-102-8-101.host.redstation.co.uk | - | High
|
||||
3 | [94.23.148.194](https://vuldb.com/?ip.94.23.148.194) | ip194.ip-94-23-148.eu | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Blackwater_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Blackwater. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMFILES%\MyQ\PHP\Sessions\` | High
|
||||
2 | File | `/.flatpak-info` | High
|
||||
3 | File | `/admin/edit.php` | High
|
||||
4 | File | `/admin/googleads.php` | High
|
||||
5 | File | `/admin/renewaldue.php` | High
|
||||
6 | File | `/analysisProject/pagingQueryData` | High
|
||||
7 | File | `/dashboard/add-portfolio.php` | High
|
||||
8 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
9 | File | `/jurusanmatkul/data` | High
|
||||
10 | File | `/login.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html?m=1
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,100 @@
|
|||
# BlueHero - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BlueHero](https://vuldb.com/?actor.bluehero). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bluehero](https://vuldb.com/?actor.bluehero)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BlueHero:
|
||||
|
||||
* [IN](https://vuldb.com/?country.in)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BlueHero.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.5.10.1](https://vuldb.com/?ip.2.5.10.1) | - | - | High
|
||||
2 | [10.3.6.0](https://vuldb.com/?ip.10.3.6.0) | - | - | High
|
||||
3 | [12.1.3.0](https://vuldb.com/?ip.12.1.3.0) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _BlueHero_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BlueHero. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.FBCIndex` | Medium
|
||||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/blog/blogcategory/add/?_to_field=id&_popup=1` | High
|
||||
5 | File | `/admin/edit.php` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/aya/module/admin/fst_down.inc.php` | High
|
||||
8 | File | `/boat/login.php` | High
|
||||
9 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
10 | File | `/cas/logout` | Medium
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/goform/wizard_end` | High
|
||||
15 | File | `/ims/login.php` | High
|
||||
16 | File | `/mhds/clinic/view_details.php` | High
|
||||
17 | File | `/modules/profile/index.php` | High
|
||||
18 | File | `/out.php` | Medium
|
||||
19 | File | `/php-opos/index.php` | High
|
||||
20 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
21 | File | `/shell` | Low
|
||||
22 | File | `/spip.php` | Medium
|
||||
23 | File | `/tourism/rate_review.php` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/usr/www/ja/mnt_cmd.cgi` | High
|
||||
26 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
27 | File | `/wp-admin/admin-ajax.php` | High
|
||||
28 | File | `action-visitor.php` | High
|
||||
29 | File | `action.php` | Medium
|
||||
30 | File | `adclick.php` | Medium
|
||||
31 | File | `AdHocQuery_Processor.aspx` | High
|
||||
32 | File | `admin.php?action=file&ctrl=download&path=../../1.txt` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 283 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.zscaler.com/blogs/research/recent-bulehero-botnet-payload
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,60 @@
|
|||
# Bluekeep Exploit - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bluekeep Exploit](https://vuldb.com/?actor.bluekeep_exploit). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bluekeep_exploit](https://vuldb.com/?actor.bluekeep_exploit)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bluekeep Exploit:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ID](https://vuldb.com/?country.id)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bluekeep Exploit.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.3.1.6](https://vuldb.com/?ip.1.3.1.6) | - | - | High
|
||||
2 | [1.3.2.8](https://vuldb.com/?ip.1.3.2.8) | - | - | High
|
||||
3 | [1.45.76.1](https://vuldb.com/?ip.1.45.76.1) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Bluekeep Exploit_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bluekeep Exploit. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `mongoose.c` | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://doublepulsar.com/bluekeep-exploitation-activity-seen-in-the-wild-bd6ee6e599a6
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,67 @@
|
|||
# Boostwrite and RDFSniffer - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Boostwrite and RDFSniffer](https://vuldb.com/?actor.boostwrite_and_rdfsniffer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.boostwrite_and_rdfsniffer](https://vuldb.com/?actor.boostwrite_and_rdfsniffer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Boostwrite and RDFSniffer:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [SE](https://vuldb.com/?country.se)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Boostwrite and RDFSniffer.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [109.230.199.227](https://vuldb.com/?ip.109.230.199.227) | reserved07.theonlygreeting.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Boostwrite and RDFSniffer_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Boostwrite and RDFSniffer. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
2 | File | `download.rsp` | Medium
|
||||
3 | File | `grel.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -84,9 +84,10 @@ ID | Type | Indicator | Confidence
|
|||
34 | File | `allopass-error.php` | High
|
||||
35 | File | `app/application.cpp` | High
|
||||
36 | File | `ashnews.php/ashheadlines.php` | High
|
||||
37 | ... | ... | ...
|
||||
37 | File | `auth-gss2.c` | Medium
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 327 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Bronze President - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bronze President](https://vuldb.com/?actor.bronze_president). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bronze_president](https://vuldb.com/?actor.bronze_president)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bronze President.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [116.93.154.250](https://vuldb.com/?ip.116.93.154.250) | 116-93-154-250.gree.jp | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.secureworks.com/research/bronze-president-targets-ngos
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -27,33 +27,36 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
4 | [3.110.56.219](https://vuldb.com/?ip.3.110.56.219) | ec2-3-110-56-219.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
5 | [3.115.144.47](https://vuldb.com/?ip.3.115.144.47) | ec2-3-115-144-47.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
6 | [3.133.7.69](https://vuldb.com/?ip.3.133.7.69) | ec2-3-133-7-69.us-east-2.compute.amazonaws.com | - | Medium
|
||||
7 | [8.222.133.105](https://vuldb.com/?ip.8.222.133.105) | - | - | High
|
||||
8 | [13.82.141.216](https://vuldb.com/?ip.13.82.141.216) | - | - | High
|
||||
9 | [13.114.48.174](https://vuldb.com/?ip.13.114.48.174) | ec2-13-114-48-174.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
10 | [13.114.78.162](https://vuldb.com/?ip.13.114.78.162) | ec2-13-114-78-162.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
11 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
12 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
13 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
14 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
15 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
16 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
17 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
18 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
19 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
20 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
21 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
22 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
23 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
24 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
25 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
26 | [31.42.189.61](https://vuldb.com/?ip.31.42.189.61) | caponystmodo.live | - | High
|
||||
27 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
|
||||
28 | [34.195.122.225](https://vuldb.com/?ip.34.195.122.225) | ec2-34-195-122-225.compute-1.amazonaws.com | - | Medium
|
||||
29 | [34.243.172.90](https://vuldb.com/?ip.34.243.172.90) | ec2-34-243-172-90.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
30 | [35.72.0.113](https://vuldb.com/?ip.35.72.0.113) | ec2-35-72-0-113.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
31 | ... | ... | ... | ...
|
||||
7 | [3.221.126.84](https://vuldb.com/?ip.3.221.126.84) | ec2-3-221-126-84.compute-1.amazonaws.com | - | Medium
|
||||
8 | [8.222.133.105](https://vuldb.com/?ip.8.222.133.105) | - | - | High
|
||||
9 | [13.82.141.216](https://vuldb.com/?ip.13.82.141.216) | - | - | High
|
||||
10 | [13.114.48.174](https://vuldb.com/?ip.13.114.48.174) | ec2-13-114-48-174.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
11 | [13.114.78.162](https://vuldb.com/?ip.13.114.78.162) | ec2-13-114-78-162.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
12 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
13 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
14 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
15 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
16 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
17 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
18 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
19 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
20 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
21 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
22 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
23 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
24 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
25 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
26 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
27 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
28 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
29 | [23.254.167.32](https://vuldb.com/?ip.23.254.167.32) | hwsrv-1075866.hostwindsdns.com | - | High
|
||||
30 | [31.42.189.61](https://vuldb.com/?ip.31.42.189.61) | caponystmodo.live | - | High
|
||||
31 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
|
||||
32 | [34.195.122.225](https://vuldb.com/?ip.34.195.122.225) | ec2-34-195-122-225.compute-1.amazonaws.com | - | Medium
|
||||
33 | [34.206.147.4](https://vuldb.com/?ip.34.206.147.4) | ec2-34-206-147-4.compute-1.amazonaws.com | - | Medium
|
||||
34 | ... | ... | ... | ...
|
||||
|
||||
There are 120 more IOC items available. Please use our online service to access the data.
|
||||
There are 132 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -106,50 +109,47 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
29 | File | `/index.php?page=category_list` | High
|
||||
30 | File | `/items/view_item.php` | High
|
||||
31 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
32 | File | `/lookin/info` | Medium
|
||||
33 | File | `/manager/index.php` | High
|
||||
31 | File | `/jobinfo/` | Medium
|
||||
32 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
33 | File | `/lookin/info` | Medium
|
||||
34 | File | `/medical/inventories.php` | High
|
||||
35 | File | `/modules/profile/index.php` | High
|
||||
36 | File | `/modules/projects/vw_files.php` | High
|
||||
37 | File | `/modules/public/calendar.php` | High
|
||||
38 | File | `/Moosikay/order.php` | High
|
||||
39 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
40 | File | `/newsDia.php` | Medium
|
||||
41 | File | `/opac/Actions.php?a=login` | High
|
||||
42 | File | `/out.php` | Medium
|
||||
43 | File | `/php-opos/index.php` | High
|
||||
44 | File | `/PreviewHandler.ashx` | High
|
||||
45 | File | `/proxy` | Low
|
||||
46 | File | `/public/launchNewWindow.jsp` | High
|
||||
47 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
48 | File | `/reports/rwservlet` | High
|
||||
49 | File | `/reservation/add_message.php` | High
|
||||
50 | File | `/spip.php` | Medium
|
||||
51 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
52 | File | `/staff/bookdetails.php` | High
|
||||
53 | File | `/uncpath/` | Medium
|
||||
54 | File | `/user/updatePwd` | High
|
||||
55 | File | `/user/update_booking.php` | High
|
||||
56 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
57 | File | `/wireless/security.asp` | High
|
||||
58 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
59 | File | `01article.php` | High
|
||||
60 | File | `a-forms.php` | Medium
|
||||
61 | File | `AbstractScheduleJob.java` | High
|
||||
62 | File | `actionphp/download.File.php` | High
|
||||
63 | File | `activenews_view.asp` | High
|
||||
64 | File | `adclick.php` | Medium
|
||||
65 | File | `addtocart.asp` | High
|
||||
66 | File | `admin.a6mambocredits.php` | High
|
||||
67 | File | `admin.cropcanvas.php` | High
|
||||
68 | File | `admin.php` | Medium
|
||||
69 | File | `admin/abc.php` | High
|
||||
70 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
71 | File | `admin/admin/adminsave.html` | High
|
||||
72 | ... | ... | ...
|
||||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/Moosikay/order.php` | High
|
||||
38 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
39 | File | `/newsDia.php` | Medium
|
||||
40 | File | `/opac/Actions.php?a=login` | High
|
||||
41 | File | `/out.php` | Medium
|
||||
42 | File | `/php-opos/index.php` | High
|
||||
43 | File | `/PreviewHandler.ashx` | High
|
||||
44 | File | `/proxy` | Low
|
||||
45 | File | `/public/launchNewWindow.jsp` | High
|
||||
46 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
47 | File | `/reports/rwservlet` | High
|
||||
48 | File | `/reservation/add_message.php` | High
|
||||
49 | File | `/spip.php` | Medium
|
||||
50 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
51 | File | `/staff/bookdetails.php` | High
|
||||
52 | File | `/uncpath/` | Medium
|
||||
53 | File | `/user/updatePwd` | High
|
||||
54 | File | `/user/update_booking.php` | High
|
||||
55 | File | `/wireless/security.asp` | High
|
||||
56 | File | `/wp-admin/admin-ajax.php` | High
|
||||
57 | File | `01article.php` | High
|
||||
58 | File | `a-forms.php` | Medium
|
||||
59 | File | `AbstractScheduleJob.java` | High
|
||||
60 | File | `actionphp/download.File.php` | High
|
||||
61 | File | `activenews_view.asp` | High
|
||||
62 | File | `adclick.php` | Medium
|
||||
63 | File | `admin.a6mambocredits.php` | High
|
||||
64 | File | `admin.cropcanvas.php` | High
|
||||
65 | File | `admin.php` | Medium
|
||||
66 | File | `admin/abc.php` | High
|
||||
67 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
68 | File | `admin/admin/adminsave.html` | High
|
||||
69 | ... | ... | ...
|
||||
|
||||
There are 631 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 603 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -158,6 +158,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://1275.ru/ioc/409/brute-ratel-c4-brc4-iocs/
|
||||
* https://search.censys.io/hosts/3.28.39.6
|
||||
* https://search.censys.io/hosts/3.115.144.47
|
||||
* https://search.censys.io/hosts/3.221.126.84
|
||||
* https://search.censys.io/hosts/8.222.133.105
|
||||
* https://search.censys.io/hosts/13.82.141.216
|
||||
* https://search.censys.io/hosts/13.114.48.174
|
||||
|
@ -170,15 +171,20 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/18.163.6.122
|
||||
* https://search.censys.io/hosts/18.176.20.234
|
||||
* https://search.censys.io/hosts/18.177.226.88
|
||||
* https://search.censys.io/hosts/18.178.244.246
|
||||
* https://search.censys.io/hosts/18.182.126.252
|
||||
* https://search.censys.io/hosts/18.188.54.77
|
||||
* https://search.censys.io/hosts/18.208.87.99
|
||||
* https://search.censys.io/hosts/31.42.189.61
|
||||
* https://search.censys.io/hosts/34.206.147.4
|
||||
* https://search.censys.io/hosts/35.72.0.113
|
||||
* https://search.censys.io/hosts/35.72.94.12
|
||||
* https://search.censys.io/hosts/35.72.100.201
|
||||
* https://search.censys.io/hosts/35.73.220.65
|
||||
* https://search.censys.io/hosts/35.75.27.89
|
||||
* https://search.censys.io/hosts/35.75.94.192
|
||||
* https://search.censys.io/hosts/35.76.16.247
|
||||
* https://search.censys.io/hosts/35.79.109.52
|
||||
* https://search.censys.io/hosts/37.119.57.169
|
||||
* https://search.censys.io/hosts/37.119.57.195
|
||||
* https://search.censys.io/hosts/43.207.8.102
|
||||
|
@ -187,6 +193,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/52.68.31.77
|
||||
* https://search.censys.io/hosts/52.192.109.110
|
||||
* https://search.censys.io/hosts/52.192.166.233
|
||||
* https://search.censys.io/hosts/52.193.175.78
|
||||
* https://search.censys.io/hosts/52.193.185.144
|
||||
* https://search.censys.io/hosts/52.193.203.8
|
||||
* https://search.censys.io/hosts/52.194.85.123
|
||||
|
@ -194,6 +201,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/52.196.8.3
|
||||
* https://search.censys.io/hosts/52.196.36.24
|
||||
* https://search.censys.io/hosts/52.197.43.5
|
||||
* https://search.censys.io/hosts/52.198.154.115
|
||||
* https://search.censys.io/hosts/52.198.193.213
|
||||
* https://search.censys.io/hosts/54.65.93.113
|
||||
* https://search.censys.io/hosts/54.92.24.114
|
||||
|
@ -205,6 +213,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/54.238.220.105
|
||||
* https://search.censys.io/hosts/54.248.200.60
|
||||
* https://search.censys.io/hosts/54.249.26.2
|
||||
* https://search.censys.io/hosts/54.249.130.36
|
||||
* https://search.censys.io/hosts/54.249.158.59
|
||||
* https://search.censys.io/hosts/54.249.216.44
|
||||
* https://search.censys.io/hosts/64.226.109.199
|
||||
* https://search.censys.io/hosts/82.84.39.65
|
||||
|
@ -248,8 +258,11 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/188.166.72.93
|
||||
* https://search.censys.io/hosts/193.149.180.84
|
||||
* https://search.censys.io/hosts/206.81.1.31
|
||||
* https://search.censys.io/hosts/213.219.214.113
|
||||
* https://search.censys.io/hosts/213.227.155.115
|
||||
* https://search.censys.io/hosts/217.25.91.146
|
||||
* https://search.censys.io/hosts/217.76.52.219
|
||||
* https://search.censys.io/hosts/217.182.54.211
|
||||
* https://threatfox.abuse.ch
|
||||
* https://twitter.com/IronNetTR/status/1603042127251877889
|
||||
* https://www.trendmicro.com/en_us/research/22/j/black-basta-infiltrates-networks-via-qakbot-brute-ratel-and-coba.html
|
||||
|
|
|
@ -1,190 +1,426 @@
|
|||
# Bumblebee - Cyber Threat Intelligence
|
||||
# BumbleBee - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bumblebee](https://vuldb.com/?actor.bumblebee). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BumbleBee](https://vuldb.com/?actor.bumblebee). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bumblebee](https://vuldb.com/?actor.bumblebee)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bumblebee:
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BumbleBee:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bumblebee.
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BumbleBee.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.32.39.22](https://vuldb.com/?ip.1.32.39.22) | - | - | High
|
||||
2 | [1.39.166.217](https://vuldb.com/?ip.1.39.166.217) | 1-39-166-217.live.vodafone.in | - | High
|
||||
3 | [2.97.24.126](https://vuldb.com/?ip.2.97.24.126) | host-2-97-24-126.as13285.net | - | High
|
||||
4 | [2.190.89.140](https://vuldb.com/?ip.2.190.89.140) | - | - | High
|
||||
5 | [2.211.111.213](https://vuldb.com/?ip.2.211.111.213) | dynamic-002-211-111-213.2.211.pool.telefonica.de | - | High
|
||||
6 | [3.85.198.66](https://vuldb.com/?ip.3.85.198.66) | ec2-3-85-198-66.compute-1.amazonaws.com | - | Medium
|
||||
7 | [3.144.143.242](https://vuldb.com/?ip.3.144.143.242) | ec2-3-144-143-242.us-east-2.compute.amazonaws.com | - | Medium
|
||||
8 | [3.172.226.46](https://vuldb.com/?ip.3.172.226.46) | - | - | High
|
||||
9 | [4.165.175.212](https://vuldb.com/?ip.4.165.175.212) | - | - | High
|
||||
10 | [5.152.80.211](https://vuldb.com/?ip.5.152.80.211) | - | - | High
|
||||
11 | [5.239.33.172](https://vuldb.com/?ip.5.239.33.172) | - | - | High
|
||||
12 | [6.30.139.246](https://vuldb.com/?ip.6.30.139.246) | - | - | High
|
||||
13 | [6.249.22.42](https://vuldb.com/?ip.6.249.22.42) | - | - | High
|
||||
14 | [7.233.9.154](https://vuldb.com/?ip.7.233.9.154) | - | - | High
|
||||
15 | [8.12.181.20](https://vuldb.com/?ip.8.12.181.20) | - | - | High
|
||||
16 | [9.63.15.101](https://vuldb.com/?ip.9.63.15.101) | - | - | High
|
||||
17 | [9.240.112.25](https://vuldb.com/?ip.9.240.112.25) | - | - | High
|
||||
18 | [10.28.17.62](https://vuldb.com/?ip.10.28.17.62) | - | - | High
|
||||
19 | [11.1.201.27](https://vuldb.com/?ip.11.1.201.27) | - | - | High
|
||||
20 | [12.75.186.131](https://vuldb.com/?ip.12.75.186.131) | 131.newark-21-23rs.nj.dial-access.att.net | - | High
|
||||
21 | [12.115.36.174](https://vuldb.com/?ip.12.115.36.174) | - | - | High
|
||||
22 | [12.153.80.238](https://vuldb.com/?ip.12.153.80.238) | - | - | High
|
||||
23 | [12.202.229.195](https://vuldb.com/?ip.12.202.229.195) | - | - | High
|
||||
24 | [12.236.242.155](https://vuldb.com/?ip.12.236.242.155) | - | - | High
|
||||
25 | [13.2.200.200](https://vuldb.com/?ip.13.2.200.200) | - | - | High
|
||||
26 | [13.218.205.215](https://vuldb.com/?ip.13.218.205.215) | - | - | High
|
||||
27 | [14.7.69.141](https://vuldb.com/?ip.14.7.69.141) | - | - | High
|
||||
28 | [14.40.68.19](https://vuldb.com/?ip.14.40.68.19) | - | - | High
|
||||
29 | [14.102.170.127](https://vuldb.com/?ip.14.102.170.127) | cache-ipnet01.nexlogic.ph | - | High
|
||||
30 | [14.155.143.74](https://vuldb.com/?ip.14.155.143.74) | - | - | High
|
||||
31 | [14.163.179.250](https://vuldb.com/?ip.14.163.179.250) | static.vnpt.vn | - | High
|
||||
32 | [15.209.19.148](https://vuldb.com/?ip.15.209.19.148) | - | - | High
|
||||
33 | [18.8.71.243](https://vuldb.com/?ip.18.8.71.243) | - | - | High
|
||||
34 | [18.127.96.221](https://vuldb.com/?ip.18.127.96.221) | - | - | High
|
||||
35 | [19.32.56.182](https://vuldb.com/?ip.19.32.56.182) | - | - | High
|
||||
36 | [19.71.13.153](https://vuldb.com/?ip.19.71.13.153) | - | - | High
|
||||
37 | [20.150.149.28](https://vuldb.com/?ip.20.150.149.28) | - | - | High
|
||||
38 | [21.21.141.32](https://vuldb.com/?ip.21.21.141.32) | - | - | High
|
||||
39 | [21.29.238.98](https://vuldb.com/?ip.21.29.238.98) | - | - | High
|
||||
40 | [21.175.22.99](https://vuldb.com/?ip.21.175.22.99) | - | - | High
|
||||
41 | [21.246.85.34](https://vuldb.com/?ip.21.246.85.34) | - | - | High
|
||||
42 | [22.83.186.45](https://vuldb.com/?ip.22.83.186.45) | - | - | High
|
||||
43 | [22.175.0.90](https://vuldb.com/?ip.22.175.0.90) | - | - | High
|
||||
44 | [23.81.246.187](https://vuldb.com/?ip.23.81.246.187) | - | - | High
|
||||
45 | [23.82.19.208](https://vuldb.com/?ip.23.82.19.208) | - | - | High
|
||||
46 | [23.82.140.133](https://vuldb.com/?ip.23.82.140.133) | - | - | High
|
||||
47 | [23.82.141.184](https://vuldb.com/?ip.23.82.141.184) | - | - | High
|
||||
48 | [23.83.133.1](https://vuldb.com/?ip.23.83.133.1) | v327.er01.dal.ubiquity.io | - | High
|
||||
49 | [23.83.133.182](https://vuldb.com/?ip.23.83.133.182) | - | - | High
|
||||
50 | [23.83.133.216](https://vuldb.com/?ip.23.83.133.216) | - | - | High
|
||||
51 | [23.83.134.110](https://vuldb.com/?ip.23.83.134.110) | - | - | High
|
||||
52 | [23.83.134.136](https://vuldb.com/?ip.23.83.134.136) | - | - | High
|
||||
53 | [23.106.160.39](https://vuldb.com/?ip.23.106.160.39) | - | - | High
|
||||
54 | [23.106.160.120](https://vuldb.com/?ip.23.106.160.120) | - | - | High
|
||||
55 | [23.106.215.123](https://vuldb.com/?ip.23.106.215.123) | - | - | High
|
||||
56 | [23.108.57.13](https://vuldb.com/?ip.23.108.57.13) | - | - | High
|
||||
57 | [23.227.198.217](https://vuldb.com/?ip.23.227.198.217) | 23-227-198-217.static.hvvc.us | - | High
|
||||
58 | [23.254.201.97](https://vuldb.com/?ip.23.254.201.97) | hwsrv-974106.hostwindsdns.com | - | High
|
||||
59 | [23.254.202.59](https://vuldb.com/?ip.23.254.202.59) | hwsrv-987701.hostwindsdns.com | - | High
|
||||
60 | [23.254.217.20](https://vuldb.com/?ip.23.254.217.20) | hwsrv-984041.hostwindsdns.com | - | High
|
||||
61 | [23.254.217.222](https://vuldb.com/?ip.23.254.217.222) | hwsrv-976272.hostwindsdns.com | - | High
|
||||
62 | [23.254.227.144](https://vuldb.com/?ip.23.254.227.144) | hwsrv-982332.hostwindsdns.com | - | High
|
||||
63 | [23.254.229.131](https://vuldb.com/?ip.23.254.229.131) | ruth.gobuddy.info | - | High
|
||||
64 | [24.4.68.32](https://vuldb.com/?ip.24.4.68.32) | c-24-4-68-32.hsd1.ca.comcast.net | - | High
|
||||
65 | [24.57.185.167](https://vuldb.com/?ip.24.57.185.167) | d24-57-185-167.home.cgocable.net | - | High
|
||||
66 | [24.121.25.160](https://vuldb.com/?ip.24.121.25.160) | 24-121-25-160.sdoncmtk01.com.dyn.suddenlink.net | - | High
|
||||
67 | [25.5.198.104](https://vuldb.com/?ip.25.5.198.104) | - | - | High
|
||||
68 | [25.170.215.18](https://vuldb.com/?ip.25.170.215.18) | - | - | High
|
||||
69 | [25.181.64.39](https://vuldb.com/?ip.25.181.64.39) | - | - | High
|
||||
70 | [26.6.83.53](https://vuldb.com/?ip.26.6.83.53) | - | - | High
|
||||
71 | [28.11.143.222](https://vuldb.com/?ip.28.11.143.222) | - | - | High
|
||||
72 | [28.53.120.108](https://vuldb.com/?ip.28.53.120.108) | - | - | High
|
||||
73 | [28.107.38.196](https://vuldb.com/?ip.28.107.38.196) | - | - | High
|
||||
74 | [28.148.236.16](https://vuldb.com/?ip.28.148.236.16) | - | - | High
|
||||
75 | [29.64.0.111](https://vuldb.com/?ip.29.64.0.111) | - | - | High
|
||||
76 | [29.122.243.158](https://vuldb.com/?ip.29.122.243.158) | - | - | High
|
||||
77 | [30.17.4.146](https://vuldb.com/?ip.30.17.4.146) | - | - | High
|
||||
78 | [30.65.48.152](https://vuldb.com/?ip.30.65.48.152) | - | - | High
|
||||
79 | [30.205.76.70](https://vuldb.com/?ip.30.205.76.70) | - | - | High
|
||||
80 | [31.228.253.114](https://vuldb.com/?ip.31.228.253.114) | - | - | High
|
||||
81 | [32.181.245.23](https://vuldb.com/?ip.32.181.245.23) | - | - | High
|
||||
82 | [33.93.97.183](https://vuldb.com/?ip.33.93.97.183) | - | - | High
|
||||
83 | [33.145.184.132](https://vuldb.com/?ip.33.145.184.132) | - | - | High
|
||||
84 | [34.229.154.31](https://vuldb.com/?ip.34.229.154.31) | ec2-34-229-154-31.compute-1.amazonaws.com | - | Medium
|
||||
85 | [35.120.155.220](https://vuldb.com/?ip.35.120.155.220) | - | - | High
|
||||
86 | [36.110.58.103](https://vuldb.com/?ip.36.110.58.103) | 103.58.110.36.static.bjtelecom.net | - | High
|
||||
87 | [37.64.220.2](https://vuldb.com/?ip.37.64.220.2) | 2.220.64.37.rev.sfr.net | - | High
|
||||
88 | [37.72.174.9](https://vuldb.com/?ip.37.72.174.9) | emailmail.org.uk | - | High
|
||||
89 | [37.72.174.23](https://vuldb.com/?ip.37.72.174.23) | 37-72-174-23.static.hvvc.us | - | High
|
||||
90 | [37.120.198.248](https://vuldb.com/?ip.37.120.198.248) | - | - | High
|
||||
91 | [38.12.57.131](https://vuldb.com/?ip.38.12.57.131) | - | - | High
|
||||
92 | [39.57.152.217](https://vuldb.com/?ip.39.57.152.217) | - | - | High
|
||||
93 | [40.72.17.141](https://vuldb.com/?ip.40.72.17.141) | - | - | High
|
||||
94 | [41.28.188.77](https://vuldb.com/?ip.41.28.188.77) | vc-gp-s-41-28-188-77.umts.vodacom.co.za | - | High
|
||||
95 | [41.56.181.200](https://vuldb.com/?ip.41.56.181.200) | - | - | High
|
||||
96 | [45.3.236.177](https://vuldb.com/?ip.45.3.236.177) | 045-003-236-177.biz.spectrum.com | - | High
|
||||
97 | [45.11.19.224](https://vuldb.com/?ip.45.11.19.224) | - | - | High
|
||||
98 | [45.66.151.155](https://vuldb.com/?ip.45.66.151.155) | - | - | High
|
||||
99 | [45.84.0.13](https://vuldb.com/?ip.45.84.0.13) | vm523902.stark-industries.solutions | - | High
|
||||
100 | [45.138.172.246](https://vuldb.com/?ip.45.138.172.246) | - | - | High
|
||||
101 | [45.140.146.30](https://vuldb.com/?ip.45.140.146.30) | vm542320.stark-industries.solutions | - | High
|
||||
102 | [45.140.146.244](https://vuldb.com/?ip.45.140.146.244) | - | - | High
|
||||
103 | [45.142.214.120](https://vuldb.com/?ip.45.142.214.120) | vm516885.stark-industries.solutions | - | High
|
||||
104 | [45.142.214.167](https://vuldb.com/?ip.45.142.214.167) | - | - | High
|
||||
105 | [45.147.229.23](https://vuldb.com/?ip.45.147.229.23) | - | - | High
|
||||
106 | [45.147.229.50](https://vuldb.com/?ip.45.147.229.50) | - | - | High
|
||||
107 | [45.147.229.101](https://vuldb.com/?ip.45.147.229.101) | - | - | High
|
||||
108 | [45.147.229.177](https://vuldb.com/?ip.45.147.229.177) | - | - | High
|
||||
109 | [45.147.229.199](https://vuldb.com/?ip.45.147.229.199) | - | - | High
|
||||
110 | [45.147.231.107](https://vuldb.com/?ip.45.147.231.107) | - | - | High
|
||||
111 | [45.147.231.202](https://vuldb.com/?ip.45.147.231.202) | - | - | High
|
||||
112 | [45.153.240.139](https://vuldb.com/?ip.45.153.240.139) | - | - | High
|
||||
113 | [45.153.241.187](https://vuldb.com/?ip.45.153.241.187) | - | - | High
|
||||
114 | [45.153.241.234](https://vuldb.com/?ip.45.153.241.234) | - | - | High
|
||||
115 | [46.21.153.145](https://vuldb.com/?ip.46.21.153.145) | 145.153.21.46.static.swiftway.net | - | High
|
||||
116 | [46.44.240.53](https://vuldb.com/?ip.46.44.240.53) | 46-44-240-53.ip.welcomeitalia.it | - | High
|
||||
117 | ... | ... | ... | ...
|
||||
1 | [0.151.228.146](https://vuldb.com/?ip.0.151.228.146) | - | - | High
|
||||
2 | [0.208.210.72](https://vuldb.com/?ip.0.208.210.72) | - | - | High
|
||||
3 | [1.32.39.22](https://vuldb.com/?ip.1.32.39.22) | - | - | High
|
||||
4 | [1.39.166.217](https://vuldb.com/?ip.1.39.166.217) | 1-39-166-217.live.vodafone.in | - | High
|
||||
5 | [2.50.39.29](https://vuldb.com/?ip.2.50.39.29) | bba-2-50-39-29.alshamil.net.ae | - | High
|
||||
6 | [2.56.10.16](https://vuldb.com/?ip.2.56.10.16) | - | - | High
|
||||
7 | [2.97.24.126](https://vuldb.com/?ip.2.97.24.126) | host-2-97-24-126.as13285.net | - | High
|
||||
8 | [2.100.7.120](https://vuldb.com/?ip.2.100.7.120) | host-2-100-7-120.as13285.net | - | High
|
||||
9 | [2.126.13.36](https://vuldb.com/?ip.2.126.13.36) | 027e0d24.bb.sky.com | - | High
|
||||
10 | [2.190.89.140](https://vuldb.com/?ip.2.190.89.140) | - | - | High
|
||||
11 | [2.211.111.213](https://vuldb.com/?ip.2.211.111.213) | dynamic-002-211-111-213.2.211.pool.telefonica.de | - | High
|
||||
12 | [2.240.132.127](https://vuldb.com/?ip.2.240.132.127) | dynamic-002-240-132-127.2.240.pool.telefonica.de | - | High
|
||||
13 | [3.85.198.66](https://vuldb.com/?ip.3.85.198.66) | ec2-3-85-198-66.compute-1.amazonaws.com | - | Medium
|
||||
14 | [3.144.143.242](https://vuldb.com/?ip.3.144.143.242) | ec2-3-144-143-242.us-east-2.compute.amazonaws.com | - | Medium
|
||||
15 | [3.172.226.46](https://vuldb.com/?ip.3.172.226.46) | - | - | High
|
||||
16 | [3.215.24.1](https://vuldb.com/?ip.3.215.24.1) | ec2-3-215-24-1.compute-1.amazonaws.com | - | Medium
|
||||
17 | [4.13.210.199](https://vuldb.com/?ip.4.13.210.199) | - | - | High
|
||||
18 | [4.165.175.212](https://vuldb.com/?ip.4.165.175.212) | - | - | High
|
||||
19 | [4.177.13.86](https://vuldb.com/?ip.4.177.13.86) | - | - | High
|
||||
20 | [4.236.88.115](https://vuldb.com/?ip.4.236.88.115) | - | - | High
|
||||
21 | [5.45.54.50](https://vuldb.com/?ip.5.45.54.50) | - | - | High
|
||||
22 | [5.53.19.66](https://vuldb.com/?ip.5.53.19.66) | dhcp-66-19-53-5.metrosg.ru | - | High
|
||||
23 | [5.141.46.137](https://vuldb.com/?ip.5.141.46.137) | - | - | High
|
||||
24 | [5.152.80.211](https://vuldb.com/?ip.5.152.80.211) | - | - | High
|
||||
25 | [5.237.231.132](https://vuldb.com/?ip.5.237.231.132) | - | - | High
|
||||
26 | [5.239.33.172](https://vuldb.com/?ip.5.239.33.172) | - | - | High
|
||||
27 | [6.10.249.12](https://vuldb.com/?ip.6.10.249.12) | - | - | High
|
||||
28 | [6.30.139.246](https://vuldb.com/?ip.6.30.139.246) | - | - | High
|
||||
29 | [6.249.22.42](https://vuldb.com/?ip.6.249.22.42) | - | - | High
|
||||
30 | [7.12.29.221](https://vuldb.com/?ip.7.12.29.221) | - | - | High
|
||||
31 | [7.71.244.186](https://vuldb.com/?ip.7.71.244.186) | - | - | High
|
||||
32 | [7.233.9.154](https://vuldb.com/?ip.7.233.9.154) | - | - | High
|
||||
33 | [8.12.181.20](https://vuldb.com/?ip.8.12.181.20) | - | - | High
|
||||
34 | [8.76.233.176](https://vuldb.com/?ip.8.76.233.176) | - | - | High
|
||||
35 | [8.126.95.33](https://vuldb.com/?ip.8.126.95.33) | - | - | High
|
||||
36 | [8.219.132.142](https://vuldb.com/?ip.8.219.132.142) | - | - | High
|
||||
37 | [8.222.227.103](https://vuldb.com/?ip.8.222.227.103) | - | - | High
|
||||
38 | [8.253.171.67](https://vuldb.com/?ip.8.253.171.67) | - | - | High
|
||||
39 | [9.63.15.101](https://vuldb.com/?ip.9.63.15.101) | - | - | High
|
||||
40 | [9.240.112.25](https://vuldb.com/?ip.9.240.112.25) | - | - | High
|
||||
41 | [10.28.17.62](https://vuldb.com/?ip.10.28.17.62) | - | - | High
|
||||
42 | [11.1.201.27](https://vuldb.com/?ip.11.1.201.27) | - | - | High
|
||||
43 | [12.75.186.131](https://vuldb.com/?ip.12.75.186.131) | 131.newark-21-23rs.nj.dial-access.att.net | - | High
|
||||
44 | [12.115.36.174](https://vuldb.com/?ip.12.115.36.174) | - | - | High
|
||||
45 | [12.153.80.238](https://vuldb.com/?ip.12.153.80.238) | - | - | High
|
||||
46 | [12.194.222.34](https://vuldb.com/?ip.12.194.222.34) | - | - | High
|
||||
47 | [12.202.229.195](https://vuldb.com/?ip.12.202.229.195) | - | - | High
|
||||
48 | [12.236.242.155](https://vuldb.com/?ip.12.236.242.155) | - | - | High
|
||||
49 | [13.2.200.200](https://vuldb.com/?ip.13.2.200.200) | - | - | High
|
||||
50 | [13.218.205.215](https://vuldb.com/?ip.13.218.205.215) | - | - | High
|
||||
51 | [13.234.171.104](https://vuldb.com/?ip.13.234.171.104) | ec2-13-234-171-104.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
52 | [14.7.69.141](https://vuldb.com/?ip.14.7.69.141) | - | - | High
|
||||
53 | [14.11.77.37](https://vuldb.com/?ip.14.11.77.37) | M014011077037.v4.enabler.ne.jp | - | High
|
||||
54 | [14.40.68.19](https://vuldb.com/?ip.14.40.68.19) | - | - | High
|
||||
55 | [14.63.191.213](https://vuldb.com/?ip.14.63.191.213) | - | - | High
|
||||
56 | [14.102.170.127](https://vuldb.com/?ip.14.102.170.127) | cache-ipnet01.nexlogic.ph | - | High
|
||||
57 | [14.128.51.19](https://vuldb.com/?ip.14.128.51.19) | - | - | High
|
||||
58 | [14.155.143.74](https://vuldb.com/?ip.14.155.143.74) | - | - | High
|
||||
59 | [14.163.179.250](https://vuldb.com/?ip.14.163.179.250) | static.vnpt.vn | - | High
|
||||
60 | [14.195.237.81](https://vuldb.com/?ip.14.195.237.81) | static-81.237.195.14-tataidc.co.in | - | High
|
||||
61 | [15.209.19.148](https://vuldb.com/?ip.15.209.19.148) | - | - | High
|
||||
62 | [15.248.60.137](https://vuldb.com/?ip.15.248.60.137) | - | - | High
|
||||
63 | [16.86.113.88](https://vuldb.com/?ip.16.86.113.88) | - | - | High
|
||||
64 | [16.249.204.133](https://vuldb.com/?ip.16.249.204.133) | - | - | High
|
||||
65 | [17.29.249.188](https://vuldb.com/?ip.17.29.249.188) | - | - | High
|
||||
66 | [17.147.212.14](https://vuldb.com/?ip.17.147.212.14) | - | - | High
|
||||
67 | [18.8.71.243](https://vuldb.com/?ip.18.8.71.243) | - | - | High
|
||||
68 | [18.127.96.221](https://vuldb.com/?ip.18.127.96.221) | - | - | High
|
||||
69 | [18.141.105.98](https://vuldb.com/?ip.18.141.105.98) | ec2-18-141-105-98.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
70 | [18.151.45.13](https://vuldb.com/?ip.18.151.45.13) | - | - | High
|
||||
71 | [18.210.196.217](https://vuldb.com/?ip.18.210.196.217) | ec2-18-210-196-217.compute-1.amazonaws.com | - | Medium
|
||||
72 | [19.32.56.182](https://vuldb.com/?ip.19.32.56.182) | - | - | High
|
||||
73 | [19.71.13.153](https://vuldb.com/?ip.19.71.13.153) | - | - | High
|
||||
74 | [19.128.78.21](https://vuldb.com/?ip.19.128.78.21) | - | - | High
|
||||
75 | [20.150.149.28](https://vuldb.com/?ip.20.150.149.28) | - | - | High
|
||||
76 | [21.21.141.32](https://vuldb.com/?ip.21.21.141.32) | - | - | High
|
||||
77 | [21.29.238.98](https://vuldb.com/?ip.21.29.238.98) | - | - | High
|
||||
78 | [21.175.22.99](https://vuldb.com/?ip.21.175.22.99) | - | - | High
|
||||
79 | [21.246.85.34](https://vuldb.com/?ip.21.246.85.34) | - | - | High
|
||||
80 | [22.39.164.0](https://vuldb.com/?ip.22.39.164.0) | - | - | High
|
||||
81 | [22.83.186.45](https://vuldb.com/?ip.22.83.186.45) | - | - | High
|
||||
82 | [22.175.0.90](https://vuldb.com/?ip.22.175.0.90) | - | - | High
|
||||
83 | [22.252.18.49](https://vuldb.com/?ip.22.252.18.49) | - | - | High
|
||||
84 | [23.19.58.176](https://vuldb.com/?ip.23.19.58.176) | i58.176.lofame.net | - | High
|
||||
85 | [23.19.58.212](https://vuldb.com/?ip.23.19.58.212) | - | - | High
|
||||
86 | [23.19.58.251](https://vuldb.com/?ip.23.19.58.251) | - | - | High
|
||||
87 | [23.29.115.164](https://vuldb.com/?ip.23.29.115.164) | 23-29-115-164.static.hvvc.us | - | High
|
||||
88 | [23.29.115.172](https://vuldb.com/?ip.23.29.115.172) | 23-29-115-172.static.hvvc.us | - | High
|
||||
89 | [23.81.246.17](https://vuldb.com/?ip.23.81.246.17) | - | - | High
|
||||
90 | [23.81.246.22](https://vuldb.com/?ip.23.81.246.22) | - | - | High
|
||||
91 | [23.81.246.171](https://vuldb.com/?ip.23.81.246.171) | - | - | High
|
||||
92 | [23.81.246.187](https://vuldb.com/?ip.23.81.246.187) | - | - | High
|
||||
93 | [23.81.246.205](https://vuldb.com/?ip.23.81.246.205) | - | - | High
|
||||
94 | [23.82.19.119](https://vuldb.com/?ip.23.82.19.119) | - | - | High
|
||||
95 | [23.82.19.208](https://vuldb.com/?ip.23.82.19.208) | - | - | High
|
||||
96 | [23.82.128.11](https://vuldb.com/?ip.23.82.128.11) | - | - | High
|
||||
97 | [23.82.128.116](https://vuldb.com/?ip.23.82.128.116) | - | - | High
|
||||
98 | [23.82.128.127](https://vuldb.com/?ip.23.82.128.127) | - | - | High
|
||||
99 | [23.82.128.149](https://vuldb.com/?ip.23.82.128.149) | - | - | High
|
||||
100 | [23.82.140.14](https://vuldb.com/?ip.23.82.140.14) | - | - | High
|
||||
101 | [23.82.140.100](https://vuldb.com/?ip.23.82.140.100) | - | - | High
|
||||
102 | [23.82.140.133](https://vuldb.com/?ip.23.82.140.133) | - | - | High
|
||||
103 | [23.82.140.155](https://vuldb.com/?ip.23.82.140.155) | - | - | High
|
||||
104 | [23.82.140.180](https://vuldb.com/?ip.23.82.140.180) | - | - | High
|
||||
105 | [23.82.141.11](https://vuldb.com/?ip.23.82.141.11) | - | - | High
|
||||
106 | [23.82.141.184](https://vuldb.com/?ip.23.82.141.184) | - | - | High
|
||||
107 | [23.82.141.185](https://vuldb.com/?ip.23.82.141.185) | - | - | High
|
||||
108 | [23.83.133.1](https://vuldb.com/?ip.23.83.133.1) | v327.er01.dal.ubiquity.io | - | High
|
||||
109 | [23.83.133.13](https://vuldb.com/?ip.23.83.133.13) | - | - | High
|
||||
110 | [23.83.133.182](https://vuldb.com/?ip.23.83.133.182) | - | - | High
|
||||
111 | [23.83.133.215](https://vuldb.com/?ip.23.83.133.215) | - | - | High
|
||||
112 | [23.83.133.216](https://vuldb.com/?ip.23.83.133.216) | - | - | High
|
||||
113 | [23.83.134.110](https://vuldb.com/?ip.23.83.134.110) | - | - | High
|
||||
114 | [23.83.134.133](https://vuldb.com/?ip.23.83.134.133) | - | - | High
|
||||
115 | [23.83.134.136](https://vuldb.com/?ip.23.83.134.136) | - | - | High
|
||||
116 | [23.88.117.246](https://vuldb.com/?ip.23.88.117.246) | static.246.117.88.23.clients.your-server.de | - | High
|
||||
117 | [23.106.124.23](https://vuldb.com/?ip.23.106.124.23) | - | - | High
|
||||
118 | [23.106.124.154](https://vuldb.com/?ip.23.106.124.154) | - | - | High
|
||||
119 | [23.106.160.33](https://vuldb.com/?ip.23.106.160.33) | - | - | High
|
||||
120 | [23.106.160.39](https://vuldb.com/?ip.23.106.160.39) | - | - | High
|
||||
121 | [23.106.160.40](https://vuldb.com/?ip.23.106.160.40) | - | - | High
|
||||
122 | [23.106.160.52](https://vuldb.com/?ip.23.106.160.52) | - | - | High
|
||||
123 | [23.106.160.82](https://vuldb.com/?ip.23.106.160.82) | - | - | High
|
||||
124 | [23.106.160.112](https://vuldb.com/?ip.23.106.160.112) | - | - | High
|
||||
125 | [23.106.160.117](https://vuldb.com/?ip.23.106.160.117) | - | - | High
|
||||
126 | [23.106.160.120](https://vuldb.com/?ip.23.106.160.120) | - | - | High
|
||||
127 | [23.106.160.137](https://vuldb.com/?ip.23.106.160.137) | - | - | High
|
||||
128 | [23.106.160.141](https://vuldb.com/?ip.23.106.160.141) | - | - | High
|
||||
129 | [23.106.215.45](https://vuldb.com/?ip.23.106.215.45) | - | - | High
|
||||
130 | [23.106.215.60](https://vuldb.com/?ip.23.106.215.60) | - | - | High
|
||||
131 | [23.106.215.82](https://vuldb.com/?ip.23.106.215.82) | - | - | High
|
||||
132 | [23.106.215.123](https://vuldb.com/?ip.23.106.215.123) | - | - | High
|
||||
133 | [23.106.215.133](https://vuldb.com/?ip.23.106.215.133) | - | - | High
|
||||
134 | [23.106.215.141](https://vuldb.com/?ip.23.106.215.141) | - | - | High
|
||||
135 | [23.106.215.165](https://vuldb.com/?ip.23.106.215.165) | zootech.click | - | High
|
||||
136 | [23.106.215.225](https://vuldb.com/?ip.23.106.215.225) | - | - | High
|
||||
137 | [23.106.215.230](https://vuldb.com/?ip.23.106.215.230) | - | - | High
|
||||
138 | [23.106.215.233](https://vuldb.com/?ip.23.106.215.233) | - | - | High
|
||||
139 | [23.106.223.1](https://vuldb.com/?ip.23.106.223.1) | - | - | High
|
||||
140 | [23.106.223.14](https://vuldb.com/?ip.23.106.223.14) | - | - | High
|
||||
141 | [23.106.223.130](https://vuldb.com/?ip.23.106.223.130) | - | - | High
|
||||
142 | [23.106.223.144](https://vuldb.com/?ip.23.106.223.144) | - | - | High
|
||||
143 | [23.106.223.182](https://vuldb.com/?ip.23.106.223.182) | - | - | High
|
||||
144 | [23.106.223.197](https://vuldb.com/?ip.23.106.223.197) | - | - | High
|
||||
145 | [23.106.223.209](https://vuldb.com/?ip.23.106.223.209) | - | - | High
|
||||
146 | [23.106.223.219](https://vuldb.com/?ip.23.106.223.219) | - | - | High
|
||||
147 | [23.106.223.222](https://vuldb.com/?ip.23.106.223.222) | - | - | High
|
||||
148 | [23.108.57.5](https://vuldb.com/?ip.23.108.57.5) | - | - | High
|
||||
149 | [23.108.57.13](https://vuldb.com/?ip.23.108.57.13) | - | - | High
|
||||
150 | [23.108.57.29](https://vuldb.com/?ip.23.108.57.29) | - | - | High
|
||||
151 | [23.108.57.57](https://vuldb.com/?ip.23.108.57.57) | tuks.net | - | High
|
||||
152 | [23.108.57.59](https://vuldb.com/?ip.23.108.57.59) | - | - | High
|
||||
153 | [23.108.57.65](https://vuldb.com/?ip.23.108.57.65) | - | - | High
|
||||
154 | [23.108.57.66](https://vuldb.com/?ip.23.108.57.66) | - | - | High
|
||||
155 | [23.108.57.79](https://vuldb.com/?ip.23.108.57.79) | - | - | High
|
||||
156 | [23.108.57.87](https://vuldb.com/?ip.23.108.57.87) | - | - | High
|
||||
157 | [23.108.57.161](https://vuldb.com/?ip.23.108.57.161) | - | - | High
|
||||
158 | [23.108.57.200](https://vuldb.com/?ip.23.108.57.200) | - | - | High
|
||||
159 | [23.108.57.201](https://vuldb.com/?ip.23.108.57.201) | - | - | High
|
||||
160 | [23.108.57.250](https://vuldb.com/?ip.23.108.57.250) | - | - | High
|
||||
161 | [23.136.208.76](https://vuldb.com/?ip.23.136.208.76) | - | - | High
|
||||
162 | [23.227.198.195](https://vuldb.com/?ip.23.227.198.195) | multiatom.com | - | High
|
||||
163 | [23.227.198.217](https://vuldb.com/?ip.23.227.198.217) | 23-227-198-217.static.hvvc.us | - | High
|
||||
164 | [23.227.198.241](https://vuldb.com/?ip.23.227.198.241) | 23-227-198-241.static.hvvc.us | - | High
|
||||
165 | [23.227.202.179](https://vuldb.com/?ip.23.227.202.179) | trackvous.com | - | High
|
||||
166 | [23.227.203.120](https://vuldb.com/?ip.23.227.203.120) | 23-227-203-120.static.hvvc.us | - | High
|
||||
167 | [23.229.117.229](https://vuldb.com/?ip.23.229.117.229) | - | - | High
|
||||
168 | [23.254.142.159](https://vuldb.com/?ip.23.254.142.159) | client-23-254-142-159.hostwindsdns.com | - | High
|
||||
169 | [23.254.161.46](https://vuldb.com/?ip.23.254.161.46) | hwsrv-1063022.hostwindsdns.com | - | High
|
||||
170 | [23.254.167.63](https://vuldb.com/?ip.23.254.167.63) | hwsrv-1063920.hostwindsdns.com | - | High
|
||||
171 | [23.254.167.143](https://vuldb.com/?ip.23.254.167.143) | client-23-254-167-143.hostwindsdns.com | - | High
|
||||
172 | [23.254.201.97](https://vuldb.com/?ip.23.254.201.97) | hwsrv-974106.hostwindsdns.com | - | High
|
||||
173 | [23.254.202.59](https://vuldb.com/?ip.23.254.202.59) | hwsrv-987701.hostwindsdns.com | - | High
|
||||
174 | [23.254.204.109](https://vuldb.com/?ip.23.254.204.109) | client-23-254-204-109.hostwindsdns.com | - | High
|
||||
175 | [23.254.204.210](https://vuldb.com/?ip.23.254.204.210) | hwsrv-1046249.hostwindsdns.com | - | High
|
||||
176 | [23.254.217.20](https://vuldb.com/?ip.23.254.217.20) | hwsrv-984041.hostwindsdns.com | - | High
|
||||
177 | [23.254.217.222](https://vuldb.com/?ip.23.254.217.222) | hwsrv-976272.hostwindsdns.com | - | High
|
||||
178 | [23.254.224.200](https://vuldb.com/?ip.23.254.224.200) | hwsrv-1001143.hostwindsdns.com | - | High
|
||||
179 | [23.254.225.130](https://vuldb.com/?ip.23.254.225.130) | hwsrv-1067630.hostwindsdns.com | - | High
|
||||
180 | [23.254.225.249](https://vuldb.com/?ip.23.254.225.249) | client-23-254-225-249.hostwindsdns.com | - | High
|
||||
181 | [23.254.227.53](https://vuldb.com/?ip.23.254.227.53) | hwsrv-1057942.hostwindsdns.com | - | High
|
||||
182 | [23.254.227.144](https://vuldb.com/?ip.23.254.227.144) | hwsrv-982332.hostwindsdns.com | - | High
|
||||
183 | [23.254.229.131](https://vuldb.com/?ip.23.254.229.131) | ruth.gobuddy.info | - | High
|
||||
184 | [23.254.229.210](https://vuldb.com/?ip.23.254.229.210) | tigern.throwbackdinos.com | - | High
|
||||
185 | [23.254.247.48](https://vuldb.com/?ip.23.254.247.48) | hwsrv-1063028.hostwindsdns.com | - | High
|
||||
186 | [24.4.68.32](https://vuldb.com/?ip.24.4.68.32) | c-24-4-68-32.hsd1.ca.comcast.net | - | High
|
||||
187 | [24.57.185.167](https://vuldb.com/?ip.24.57.185.167) | d24-57-185-167.home.cgocable.net | - | High
|
||||
188 | [24.121.25.160](https://vuldb.com/?ip.24.121.25.160) | 24-121-25-160.sdoncmtk01.com.dyn.suddenlink.net | - | High
|
||||
189 | [24.183.132.242](https://vuldb.com/?ip.24.183.132.242) | 024-183-132-242.res.spectrum.com | - | High
|
||||
190 | [25.5.198.104](https://vuldb.com/?ip.25.5.198.104) | - | - | High
|
||||
191 | [25.131.252.242](https://vuldb.com/?ip.25.131.252.242) | - | - | High
|
||||
192 | [25.169.42.242](https://vuldb.com/?ip.25.169.42.242) | - | - | High
|
||||
193 | [25.170.215.18](https://vuldb.com/?ip.25.170.215.18) | - | - | High
|
||||
194 | [25.181.64.39](https://vuldb.com/?ip.25.181.64.39) | - | - | High
|
||||
195 | [26.6.83.53](https://vuldb.com/?ip.26.6.83.53) | - | - | High
|
||||
196 | [27.31.180.123](https://vuldb.com/?ip.27.31.180.123) | - | - | High
|
||||
197 | [28.11.143.222](https://vuldb.com/?ip.28.11.143.222) | - | - | High
|
||||
198 | [28.23.200.103](https://vuldb.com/?ip.28.23.200.103) | - | - | High
|
||||
199 | [28.53.120.108](https://vuldb.com/?ip.28.53.120.108) | - | - | High
|
||||
200 | [28.107.38.196](https://vuldb.com/?ip.28.107.38.196) | - | - | High
|
||||
201 | [28.148.236.16](https://vuldb.com/?ip.28.148.236.16) | - | - | High
|
||||
202 | [28.183.174.200](https://vuldb.com/?ip.28.183.174.200) | - | - | High
|
||||
203 | [29.15.120.102](https://vuldb.com/?ip.29.15.120.102) | - | - | High
|
||||
204 | [29.64.0.111](https://vuldb.com/?ip.29.64.0.111) | - | - | High
|
||||
205 | [29.122.243.158](https://vuldb.com/?ip.29.122.243.158) | - | - | High
|
||||
206 | [29.203.98.166](https://vuldb.com/?ip.29.203.98.166) | - | - | High
|
||||
207 | [30.17.4.146](https://vuldb.com/?ip.30.17.4.146) | - | - | High
|
||||
208 | [30.65.48.152](https://vuldb.com/?ip.30.65.48.152) | - | - | High
|
||||
209 | [30.140.193.246](https://vuldb.com/?ip.30.140.193.246) | - | - | High
|
||||
210 | [30.205.76.70](https://vuldb.com/?ip.30.205.76.70) | - | - | High
|
||||
211 | [30.225.24.243](https://vuldb.com/?ip.30.225.24.243) | - | - | High
|
||||
212 | [31.135.71.34](https://vuldb.com/?ip.31.135.71.34) | - | - | High
|
||||
213 | [31.228.253.114](https://vuldb.com/?ip.31.228.253.114) | - | - | High
|
||||
214 | [31.232.16.192](https://vuldb.com/?ip.31.232.16.192) | - | - | High
|
||||
215 | [32.54.188.44](https://vuldb.com/?ip.32.54.188.44) | - | - | High
|
||||
216 | [32.181.245.23](https://vuldb.com/?ip.32.181.245.23) | - | - | High
|
||||
217 | [33.93.97.183](https://vuldb.com/?ip.33.93.97.183) | - | - | High
|
||||
218 | [33.145.184.132](https://vuldb.com/?ip.33.145.184.132) | - | - | High
|
||||
219 | [33.191.119.32](https://vuldb.com/?ip.33.191.119.32) | - | - | High
|
||||
220 | [34.1.180.202](https://vuldb.com/?ip.34.1.180.202) | - | - | High
|
||||
221 | [34.2.221.48](https://vuldb.com/?ip.34.2.221.48) | - | - | High
|
||||
222 | [34.34.152.166](https://vuldb.com/?ip.34.34.152.166) | 166.152.34.34.bc.googleusercontent.com | - | Medium
|
||||
223 | [34.119.95.6](https://vuldb.com/?ip.34.119.95.6) | 6.95.119.34.bc.googleusercontent.com | - | Medium
|
||||
224 | [34.229.154.31](https://vuldb.com/?ip.34.229.154.31) | ec2-34-229-154-31.compute-1.amazonaws.com | - | Medium
|
||||
225 | [35.120.155.220](https://vuldb.com/?ip.35.120.155.220) | - | - | High
|
||||
226 | [36.110.58.103](https://vuldb.com/?ip.36.110.58.103) | 103.58.110.36.static.bjtelecom.net | - | High
|
||||
227 | [36.150.76.13](https://vuldb.com/?ip.36.150.76.13) | - | - | High
|
||||
228 | [36.201.196.202](https://vuldb.com/?ip.36.201.196.202) | - | - | High
|
||||
229 | [37.1.214.72](https://vuldb.com/?ip.37.1.214.72) | - | - | High
|
||||
230 | [37.1.214.229](https://vuldb.com/?ip.37.1.214.229) | - | - | High
|
||||
231 | [37.28.155.36](https://vuldb.com/?ip.37.28.155.36) | d155036.artnet.gda.pl | - | High
|
||||
232 | [37.28.156.24](https://vuldb.com/?ip.37.28.156.24) | d156024.artnet.gda.pl | - | High
|
||||
233 | [37.28.157.29](https://vuldb.com/?ip.37.28.157.29) | d157029.artnet.gda.pl | - | High
|
||||
234 | [37.42.62.77](https://vuldb.com/?ip.37.42.62.77) | - | - | High
|
||||
235 | [37.64.220.2](https://vuldb.com/?ip.37.64.220.2) | 2.220.64.37.rev.sfr.net | - | High
|
||||
236 | [37.72.174.9](https://vuldb.com/?ip.37.72.174.9) | emailmail.org.uk | - | High
|
||||
237 | [37.72.174.23](https://vuldb.com/?ip.37.72.174.23) | 37-72-174-23.static.hvvc.us | - | High
|
||||
238 | [37.120.198.248](https://vuldb.com/?ip.37.120.198.248) | - | - | High
|
||||
239 | [37.189.74.5](https://vuldb.com/?ip.37.189.74.5) | bl28-74-5.dsl.telepac.pt | - | High
|
||||
240 | [37.221.67.104](https://vuldb.com/?ip.37.221.67.104) | host001 | - | High
|
||||
241 | [37.221.67.122](https://vuldb.com/?ip.37.221.67.122) | finese | - | High
|
||||
242 | [38.12.57.131](https://vuldb.com/?ip.38.12.57.131) | - | - | High
|
||||
243 | [38.48.147.152](https://vuldb.com/?ip.38.48.147.152) | - | - | High
|
||||
244 | [38.180.4.165](https://vuldb.com/?ip.38.180.4.165) | - | - | High
|
||||
245 | [38.180.25.71](https://vuldb.com/?ip.38.180.25.71) | - | - | High
|
||||
246 | [38.180.25.111](https://vuldb.com/?ip.38.180.25.111) | - | - | High
|
||||
247 | [39.57.152.217](https://vuldb.com/?ip.39.57.152.217) | - | - | High
|
||||
248 | [40.47.149.113](https://vuldb.com/?ip.40.47.149.113) | - | - | High
|
||||
249 | [40.72.17.141](https://vuldb.com/?ip.40.72.17.141) | - | - | High
|
||||
250 | [41.7.15.180](https://vuldb.com/?ip.41.7.15.180) | vc-cpt-41-7-15-180.umts.vodacom.co.za | - | High
|
||||
251 | [41.15.71.157](https://vuldb.com/?ip.41.15.71.157) | vc-gp-n-41-15-71-157.umts.vodacom.co.za | - | High
|
||||
252 | [41.28.188.77](https://vuldb.com/?ip.41.28.188.77) | vc-gp-s-41-28-188-77.umts.vodacom.co.za | - | High
|
||||
253 | [41.56.181.200](https://vuldb.com/?ip.41.56.181.200) | - | - | High
|
||||
254 | [41.70.42.112](https://vuldb.com/?ip.41.70.42.112) | - | - | High
|
||||
255 | [42.63.100.82](https://vuldb.com/?ip.42.63.100.82) | - | - | High
|
||||
256 | [42.104.196.184](https://vuldb.com/?ip.42.104.196.184) | - | - | High
|
||||
257 | [42.179.23.39](https://vuldb.com/?ip.42.179.23.39) | - | - | High
|
||||
258 | [43.184.255.110](https://vuldb.com/?ip.43.184.255.110) | - | - | High
|
||||
259 | [44.94.75.93](https://vuldb.com/?ip.44.94.75.93) | - | - | High
|
||||
260 | [44.224.48.159](https://vuldb.com/?ip.44.224.48.159) | ec2-44-224-48-159.us-west-2.compute.amazonaws.com | - | Medium
|
||||
261 | [45.3.236.177](https://vuldb.com/?ip.45.3.236.177) | 045-003-236-177.biz.spectrum.com | - | High
|
||||
262 | [45.11.19.70](https://vuldb.com/?ip.45.11.19.70) | - | - | High
|
||||
263 | [45.11.19.86](https://vuldb.com/?ip.45.11.19.86) | - | - | High
|
||||
264 | [45.11.19.208](https://vuldb.com/?ip.45.11.19.208) | - | - | High
|
||||
265 | [45.11.19.224](https://vuldb.com/?ip.45.11.19.224) | - | - | High
|
||||
266 | [45.11.19.252](https://vuldb.com/?ip.45.11.19.252) | - | - | High
|
||||
267 | [45.32.37.109](https://vuldb.com/?ip.45.32.37.109) | 45.32.37.109.vultrusercontent.com | - | High
|
||||
268 | [45.61.184.8](https://vuldb.com/?ip.45.61.184.8) | mail.oelke.tec.br | - | High
|
||||
269 | [45.61.184.24](https://vuldb.com/?ip.45.61.184.24) | - | - | High
|
||||
270 | [45.61.184.227](https://vuldb.com/?ip.45.61.184.227) | MiamiTorNew1.Quetzalcoatl-relays.org | - | High
|
||||
271 | [45.61.185.65](https://vuldb.com/?ip.45.61.185.65) | exitrelay40.medvideos-tor.org | - | High
|
||||
272 | [45.61.185.227](https://vuldb.com/?ip.45.61.185.227) | - | - | High
|
||||
273 | [45.61.186.18](https://vuldb.com/?ip.45.61.186.18) | - | - | High
|
||||
274 | [45.61.186.51](https://vuldb.com/?ip.45.61.186.51) | - | - | High
|
||||
275 | [45.61.187.10](https://vuldb.com/?ip.45.61.187.10) | 45-61-187-10.ger.priv.allsafevpn.com | - | High
|
||||
276 | [45.61.187.40](https://vuldb.com/?ip.45.61.187.40) | - | - | High
|
||||
277 | [45.61.187.123](https://vuldb.com/?ip.45.61.187.123) | smtp20.shbgura.xyz | - | High
|
||||
278 | [45.61.187.160](https://vuldb.com/?ip.45.61.187.160) | - | - | High
|
||||
279 | [45.61.187.170](https://vuldb.com/?ip.45.61.187.170) | - | - | High
|
||||
280 | [45.61.187.204](https://vuldb.com/?ip.45.61.187.204) | - | - | High
|
||||
281 | [45.61.187.225](https://vuldb.com/?ip.45.61.187.225) | - | - | High
|
||||
282 | [45.66.151.59](https://vuldb.com/?ip.45.66.151.59) | - | - | High
|
||||
283 | [45.66.151.142](https://vuldb.com/?ip.45.66.151.142) | - | - | High
|
||||
284 | [45.66.151.150](https://vuldb.com/?ip.45.66.151.150) | - | - | High
|
||||
285 | [45.66.151.151](https://vuldb.com/?ip.45.66.151.151) | - | - | High
|
||||
286 | [45.66.151.155](https://vuldb.com/?ip.45.66.151.155) | - | - | High
|
||||
287 | [45.66.151.193](https://vuldb.com/?ip.45.66.151.193) | - | - | High
|
||||
288 | [45.66.248.61](https://vuldb.com/?ip.45.66.248.61) | parts861.simplestartvideos.com | - | High
|
||||
289 | [45.66.248.64](https://vuldb.com/?ip.45.66.248.64) | 0n3reye0i0.alyanova.com | - | High
|
||||
290 | [45.66.248.156](https://vuldb.com/?ip.45.66.248.156) | - | - | High
|
||||
291 | [45.66.248.216](https://vuldb.com/?ip.45.66.248.216) | spam.lastmer.xyz | - | High
|
||||
292 | [45.67.231.123](https://vuldb.com/?ip.45.67.231.123) | mihome.ru | - | High
|
||||
293 | [45.67.231.151](https://vuldb.com/?ip.45.67.231.151) | vm1197030.stark-industries.solutions | - | High
|
||||
294 | [45.84.0.13](https://vuldb.com/?ip.45.84.0.13) | vm523902.stark-industries.solutions | - | High
|
||||
295 | [45.84.240.87](https://vuldb.com/?ip.45.84.240.87) | - | - | High
|
||||
296 | [45.132.180.49](https://vuldb.com/?ip.45.132.180.49) | - | - | High
|
||||
297 | [45.138.172.22](https://vuldb.com/?ip.45.138.172.22) | - | - | High
|
||||
298 | [45.138.172.246](https://vuldb.com/?ip.45.138.172.246) | - | - | High
|
||||
299 | [45.140.146.30](https://vuldb.com/?ip.45.140.146.30) | vm542320.stark-industries.solutions | - | High
|
||||
300 | [45.140.146.244](https://vuldb.com/?ip.45.140.146.244) | - | - | High
|
||||
301 | [45.141.58.37](https://vuldb.com/?ip.45.141.58.37) | - | - | High
|
||||
302 | [45.141.58.139](https://vuldb.com/?ip.45.141.58.139) | galorebase.com | - | High
|
||||
303 | [45.142.214.120](https://vuldb.com/?ip.45.142.214.120) | vm516885.stark-industries.solutions | - | High
|
||||
304 | [45.142.214.167](https://vuldb.com/?ip.45.142.214.167) | - | - | High
|
||||
305 | [45.147.229.23](https://vuldb.com/?ip.45.147.229.23) | - | - | High
|
||||
306 | [45.147.229.47](https://vuldb.com/?ip.45.147.229.47) | - | - | High
|
||||
307 | [45.147.229.50](https://vuldb.com/?ip.45.147.229.50) | - | - | High
|
||||
308 | [45.147.229.101](https://vuldb.com/?ip.45.147.229.101) | - | - | High
|
||||
309 | [45.147.229.177](https://vuldb.com/?ip.45.147.229.177) | - | - | High
|
||||
310 | [45.147.229.199](https://vuldb.com/?ip.45.147.229.199) | - | - | High
|
||||
311 | [45.147.229.223](https://vuldb.com/?ip.45.147.229.223) | - | - | High
|
||||
312 | [45.147.230.179](https://vuldb.com/?ip.45.147.230.179) | - | - | High
|
||||
313 | [45.147.230.233](https://vuldb.com/?ip.45.147.230.233) | - | - | High
|
||||
314 | [45.147.230.245](https://vuldb.com/?ip.45.147.230.245) | poppuworls.club | - | High
|
||||
315 | [45.147.231.107](https://vuldb.com/?ip.45.147.231.107) | - | - | High
|
||||
316 | [45.147.231.156](https://vuldb.com/?ip.45.147.231.156) | - | - | High
|
||||
317 | [45.147.231.202](https://vuldb.com/?ip.45.147.231.202) | - | - | High
|
||||
318 | [45.147.231.232](https://vuldb.com/?ip.45.147.231.232) | - | - | High
|
||||
319 | [45.150.67.154](https://vuldb.com/?ip.45.150.67.154) | vm1326648.stark-industries.solutions | - | High
|
||||
320 | [45.153.240.56](https://vuldb.com/?ip.45.153.240.56) | - | - | High
|
||||
321 | [45.153.240.94](https://vuldb.com/?ip.45.153.240.94) | - | - | High
|
||||
322 | [45.153.240.139](https://vuldb.com/?ip.45.153.240.139) | - | - | High
|
||||
323 | [45.153.240.155](https://vuldb.com/?ip.45.153.240.155) | - | - | High
|
||||
324 | [45.153.241.19](https://vuldb.com/?ip.45.153.241.19) | - | - | High
|
||||
325 | [45.153.241.64](https://vuldb.com/?ip.45.153.241.64) | - | - | High
|
||||
326 | [45.153.241.120](https://vuldb.com/?ip.45.153.241.120) | - | - | High
|
||||
327 | [45.153.241.187](https://vuldb.com/?ip.45.153.241.187) | - | - | High
|
||||
328 | [45.153.241.209](https://vuldb.com/?ip.45.153.241.209) | - | - | High
|
||||
329 | [45.153.241.234](https://vuldb.com/?ip.45.153.241.234) | - | - | High
|
||||
330 | [45.153.241.245](https://vuldb.com/?ip.45.153.241.245) | - | - | High
|
||||
331 | [45.153.242.61](https://vuldb.com/?ip.45.153.242.61) | - | - | High
|
||||
332 | [45.153.242.100](https://vuldb.com/?ip.45.153.242.100) | - | - | High
|
||||
333 | [45.153.242.105](https://vuldb.com/?ip.45.153.242.105) | - | - | High
|
||||
334 | [45.153.242.183](https://vuldb.com/?ip.45.153.242.183) | - | - | High
|
||||
335 | [45.153.242.184](https://vuldb.com/?ip.45.153.242.184) | - | - | High
|
||||
336 | [45.153.242.242](https://vuldb.com/?ip.45.153.242.242) | - | - | High
|
||||
337 | [45.153.243.82](https://vuldb.com/?ip.45.153.243.82) | - | - | High
|
||||
338 | [45.153.243.93](https://vuldb.com/?ip.45.153.243.93) | - | - | High
|
||||
339 | [45.153.243.111](https://vuldb.com/?ip.45.153.243.111) | - | - | High
|
||||
340 | [45.153.243.126](https://vuldb.com/?ip.45.153.243.126) | - | - | High
|
||||
341 | [45.153.243.130](https://vuldb.com/?ip.45.153.243.130) | - | - | High
|
||||
342 | [45.153.243.222](https://vuldb.com/?ip.45.153.243.222) | - | - | High
|
||||
343 | [46.21.153.145](https://vuldb.com/?ip.46.21.153.145) | 145.153.21.46.static.swiftway.net | - | High
|
||||
344 | [46.21.153.157](https://vuldb.com/?ip.46.21.153.157) | 157.153.21.46.static.swiftway.net | - | High
|
||||
345 | [46.21.153.246](https://vuldb.com/?ip.46.21.153.246) | 246.153.21.46.static.swiftway.net | - | High
|
||||
346 | [46.44.240.53](https://vuldb.com/?ip.46.44.240.53) | 46-44-240-53.ip.welcomeitalia.it | - | High
|
||||
347 | [46.142.186.28](https://vuldb.com/?ip.46.142.186.28) | 28-186-142-46.pool.kielnet.net | - | High
|
||||
348 | [46.142.187.27](https://vuldb.com/?ip.46.142.187.27) | 27-187-142-46.pool.kielnet.net | - | High
|
||||
349 | ... | ... | ... | ...
|
||||
|
||||
There are 466 more IOC items available. Please use our online service to access the data.
|
||||
There are 1393 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Bumblebee_. This data is unique as it uses our predictive model for actor profiling.
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _BumbleBee_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-37, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bumblebee. This data is unique as it uses our predictive model for actor profiling.
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BumbleBee. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/action/wirelessConnect` | High
|
||||
3 | File | `/admin/assign/assign.php` | High
|
||||
4 | File | `/admin/index.php` | High
|
||||
5 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
6 | File | `/admin/services/manage_service.php` | High
|
||||
7 | File | `/admin/services/view_service.php` | High
|
||||
8 | File | `/admin/user/uploadImg` | High
|
||||
9 | File | `/bin/ate` | Medium
|
||||
10 | File | `/boafrm/formFilter` | High
|
||||
11 | File | `/cgi-bin/ping.cgi` | High
|
||||
12 | File | `/classes/Master.php` | High
|
||||
13 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
14 | File | `/classes/Master.php?f=delete_item` | High
|
||||
15 | File | `/classes/Master.php?f=delete_service` | High
|
||||
16 | File | `/classes/Master.php?f=save_service` | High
|
||||
17 | File | `/classes/Users.php` | High
|
||||
18 | File | `/config/getuser` | High
|
||||
19 | File | `/dosen/data` | Medium
|
||||
20 | File | `/etc/networkd-dispatcher` | High
|
||||
21 | ... | ... | ...
|
||||
1 | File | `/admin/?page=user/list` | High
|
||||
2 | File | `/admin/addproduct.php` | High
|
||||
3 | File | `/admin/ajax.php?action=save_area` | High
|
||||
4 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
5 | File | `/admin/edit_subject.php` | High
|
||||
6 | File | `/admin/modal_add_product.php` | High
|
||||
7 | File | `/admin/reportupload.aspx` | High
|
||||
8 | File | `/admin/update_s6.php` | High
|
||||
9 | File | `/ajax.php?action=read_msg` | High
|
||||
10 | File | `/ajax.php?action=save_company` | High
|
||||
11 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
12 | File | `/bin/ate` | Medium
|
||||
13 | File | `/bin/login` | Medium
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/changeimage.php` | High
|
||||
16 | File | `/classes/Master.php?f=delete_category` | High
|
||||
17 | File | `/classes/Users.php?f=save` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/DXR.axd` | Medium
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/HNAP1` | Low
|
||||
22 | File | `/news/*.html` | Medium
|
||||
23 | File | `/note/index/delete` | High
|
||||
24 | File | `/owa/auth/logon.aspx` | High
|
||||
25 | File | `/tmp/boa-temp` | High
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 174 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 219 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -194,6 +430,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://1275.ru/ioc/250/bumblebee-malware-iocs-part-3/
|
||||
* https://1275.ru/ioc/287/bumblebee-malware-iocs-part-4/
|
||||
* https://1275.ru/ioc/347/bumblebee-loader-iocs-part-5/
|
||||
* https://bazaar.abuse.ch/sample/c5e1089ccd97a0c10fe296a313a5f0731bc883ac5e0d6309164ab8f0bc7652dc/
|
||||
* https://blog.cyble.com/2022/06/07/bumblebee-loader-on-the-rise/
|
||||
* https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/
|
||||
* https://community.blueliv.com/#!/s/62b165ee82df417a00331a19
|
||||
|
@ -213,7 +450,13 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://github.com/pr0xylife/Bumblebee/blob/main/Bumblebee_27.06.2022.txt
|
||||
* https://research.checkpoint.com/2022/bumblebee-increasing-its-capacity-and-evolving-its-ttps/
|
||||
* https://thedfirreport.com/2022/09/26/bumblebee-round-two/
|
||||
* https://threatfox.abuse.ch
|
||||
* https://twitter.com/k3dg3/status/1524443218519240706
|
||||
* https://twitter.com/Max_Mal_/status/1595806604443754496
|
||||
* https://urlhaus.abuse.ch/url/2231415/
|
||||
* https://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterprise-domain-control
|
||||
* https://www.joesandbox.com/analysis/717845/0/html
|
||||
* https://www.joesandbox.com/analysis/1085369
|
||||
* https://www.trendmicro.com/en_us/research/22/i/buzzing-in-the-background-bumblebee-a-new-modular-backdoor-evolv.html
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -0,0 +1,72 @@
|
|||
# Bushido - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bushido](https://vuldb.com/?actor.bushido). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bushido](https://vuldb.com/?actor.bushido)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bushido:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [AU](https://vuldb.com/?country.au)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bushido.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
2 | [46.17.43.229](https://vuldb.com/?ip.46.17.43.229) | mail.wxtestyule.cn | - | High
|
||||
3 | [46.29.163.168](https://vuldb.com/?ip.46.29.163.168) | nycxsd.cn | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Bushido_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bushido. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `comments/feed` | High
|
||||
2 | File | `drivers/hwmon/xgene-hwmon.c` | High
|
||||
3 | File | `mainfunction.cgi` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# BusyGasper - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BusyGasper](https://vuldb.com/?actor.busygasper). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.busygasper](https://vuldb.com/?actor.busygasper)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BusyGasper.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [213.174.157.151](https://vuldb.com/?ip.213.174.157.151) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -94,7 +94,7 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `/nova/bin/sniffer` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 288 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,70 @@
|
|||
# Capesand - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Capesand](https://vuldb.com/?actor.capesand). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.capesand](https://vuldb.com/?actor.capesand)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Capesand:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ID](https://vuldb.com/?country.id)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Capesand.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [107.167.244.67](https://vuldb.com/?ip.107.167.244.67) | - | - | High
|
||||
2 | [138.68.15.227](https://vuldb.com/?ip.138.68.15.227) | dev.aneuhealthandwellness.com | - | High
|
||||
3 | [198.199.104.8](https://vuldb.com/?ip.198.199.104.8) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Capesand_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Capesand. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/etc/sudoers` | Medium
|
||||
2 | File | `/REBOOTSYSTEM` | High
|
||||
3 | File | `/uncpath/` | Medium
|
||||
4 | File | `actionHandler/ajax_managed_services.php` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 33 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.trendmicro.com/trendlabs-security-intelligence/new-exploit-kit-capesand-reuses-old-and-new-public-exploits-and-tools-blockchain-ruse/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -86,7 +86,7 @@ ID | Type | Indicator | Confidence
|
|||
32 | File | `admin/article_category.php?rec=update` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 278 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LU](https://vuldb.com/?country.lu)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -30,7 +30,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
7 | [43.142.157.239](https://vuldb.com/?ip.43.142.157.239) | - | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
|
||||
There are 26 more IOC items available. Please use our online service to access the data.
|
||||
There are 28 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -38,14 +38,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -55,48 +55,51 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php/singer/admin/lists/zhuan` | High
|
||||
2 | File | `/admin.php/User/level_sort` | High
|
||||
3 | File | `/authUserAction!edit.action` | High
|
||||
4 | File | `/baseOpLog.do` | High
|
||||
5 | File | `/blog/edit` | Medium
|
||||
6 | File | `/bmis/pages/resident/resident.php` | High
|
||||
7 | File | `/cgi-bin/luci/api/auth` | High
|
||||
8 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
9 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
10 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/claire_blake` | High
|
||||
13 | File | `/core/admin/categories.php` | High
|
||||
14 | File | `/dashboard/contact` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
17 | File | `/export` | Low
|
||||
18 | File | `/files.md5` | Medium
|
||||
19 | File | `/food/admin/all_users.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/hrm/employeeview.php` | High
|
||||
22 | File | `/htdocs/cgibin` | High
|
||||
23 | File | `/isms/classes/Users.php` | High
|
||||
24 | File | `/librarian/bookdetails.php` | High
|
||||
25 | File | `/mc` | Low
|
||||
26 | File | `/messageboard/view.php` | High
|
||||
27 | File | `/mkshop/Men/profile.php` | High
|
||||
28 | File | `/ofrs/admin/?page=teams/view_team` | High
|
||||
29 | File | `/one_church/userregister.php` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
32 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
33 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
34 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
35 | File | `/sns/classes/Master.php?f=delete_img` | High
|
||||
36 | File | `/Source/C++/Core/Ap4Array.h` | High
|
||||
37 | ... | ... | ...
|
||||
3 | File | `/admin/getallarticleinfo` | High
|
||||
4 | File | `/admin/services/view_service.php` | High
|
||||
5 | File | `/auparse/auparse.c` | High
|
||||
6 | File | `/authUserAction!edit.action` | High
|
||||
7 | File | `/baseOpLog.do` | High
|
||||
8 | File | `/blog/edit` | Medium
|
||||
9 | File | `/bmis/pages/resident/resident.php` | High
|
||||
10 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
11 | File | `/cgi-bin/luci/api/auth` | High
|
||||
12 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
13 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/ci_hms/search` | High
|
||||
16 | File | `/claire_blake` | High
|
||||
17 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
18 | File | `/dashboard/contact` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/env` | Low
|
||||
21 | File | `/export` | Low
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goform/addRouting` | High
|
||||
24 | File | `/goform/aspForm` | High
|
||||
25 | File | `/goform/setDiagnoseInfo` | High
|
||||
26 | File | `/goform/WifiBasicSet` | High
|
||||
27 | File | `/hrm/employeeview.php` | High
|
||||
28 | File | `/htdocs/cgibin` | High
|
||||
29 | File | `/isms/classes/Users.php` | High
|
||||
30 | File | `/librarian/bookdetails.php` | High
|
||||
31 | File | `/matkul/data` | Medium
|
||||
32 | File | `/mc` | Low
|
||||
33 | File | `/message/form/` | High
|
||||
34 | File | `/messageboard/view.php` | High
|
||||
35 | File | `/mkshop/Men/profile.php` | High
|
||||
36 | File | `/ofrs/admin/?page=teams/view_team` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/pages/faculty_sched.php` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 333 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://cloudsecurityalliance.org/blog/2023/06/15/chaos-malware-quietly-evolves-persistence-and-evasion-techniques/
|
||||
* https://community.blueliv.com/#!/s/63353bd382df413eb5359c9b
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
# China Chopper and HIGHNOON - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [China Chopper and HIGHNOON](https://vuldb.com/?actor.china_chopper_and_highnoon). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.china_chopper_and_highnoon](https://vuldb.com/?actor.china_chopper_and_highnoon)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with China Chopper and HIGHNOON:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of China Chopper and HIGHNOON.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [67.229.97.229](https://vuldb.com/?ip.67.229.97.229) | uratsu.direectis.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _China Chopper and HIGHNOON_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -96,7 +96,7 @@ ID | Type | Indicator | Confidence
|
|||
44 | File | `/timeline2.php` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 391 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,65 @@
|
|||
# CoinTicker - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CoinTicker](https://vuldb.com/?actor.cointicker). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cointicker](https://vuldb.com/?actor.cointicker)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoinTicker:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [AG](https://vuldb.com/?country.ag)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CoinTicker.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [94.156.189.77](https://vuldb.com/?ip.94.156.189.77) | seednode3.parsicoin.net | - | High
|
||||
2 | [185.206.144.226](https://vuldb.com/?ip.185.206.144.226) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _CoinTicker_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1202 | CWE-77, CWE-78 | Command Injection | High
|
||||
3 | T1204.001 | CWE-601 | Open Redirect | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by CoinTicker. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `appGet.cgi` | Medium
|
||||
2 | File | `class.phpmailer.php` | High
|
||||
3 | File | `HealthPage.aspx` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,143 @@
|
|||
# Colombian Govt Attacks - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Colombian Govt Attacks](https://vuldb.com/?actor.colombian_govt_attacks). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.colombian_govt_attacks](https://vuldb.com/?actor.colombian_govt_attacks)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Colombian Govt Attacks:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Colombian Govt Attacks.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [128.90.106.22](https://vuldb.com/?ip.128.90.106.22) | undefined.hostname.localhost | - | High
|
||||
2 | [128.90.107.21](https://vuldb.com/?ip.128.90.107.21) | undefined.hostname.localhost | - | High
|
||||
3 | [128.90.107.189](https://vuldb.com/?ip.128.90.107.189) | undefined.hostname.localhost | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Colombian Govt Attacks_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Colombian Govt Attacks. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `//WEB-INF` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/admin/cashadvance_row.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/userprofile.php` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
11 | File | `/apilog.php` | Medium
|
||||
12 | File | `/APR/login.php` | High
|
||||
13 | File | `/bin/httpd` | Medium
|
||||
14 | File | `/cgi-bin/wapopen` | High
|
||||
15 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
17 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
18 | File | `/feeds/post/publish` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/home/masterConsole` | High
|
||||
23 | File | `/home/sendBroadcast` | High
|
||||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
29 | File | `/index.php?page=category_list` | High
|
||||
30 | File | `/items/view_item.php` | High
|
||||
31 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
32 | File | `/lookin/info` | Medium
|
||||
33 | File | `/manager/index.php` | High
|
||||
34 | File | `/medical/inventories.php` | High
|
||||
35 | File | `/modules/profile/index.php` | High
|
||||
36 | File | `/modules/projects/vw_files.php` | High
|
||||
37 | File | `/modules/public/calendar.php` | High
|
||||
38 | File | `/Moosikay/order.php` | High
|
||||
39 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
40 | File | `/newsDia.php` | Medium
|
||||
41 | File | `/opac/Actions.php?a=login` | High
|
||||
42 | File | `/out.php` | Medium
|
||||
43 | File | `/php-opos/index.php` | High
|
||||
44 | File | `/PreviewHandler.ashx` | High
|
||||
45 | File | `/proxy` | Low
|
||||
46 | File | `/public/launchNewWindow.jsp` | High
|
||||
47 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
48 | File | `/reports/rwservlet` | High
|
||||
49 | File | `/reservation/add_message.php` | High
|
||||
50 | File | `/spip.php` | Medium
|
||||
51 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
52 | File | `/staff/bookdetails.php` | High
|
||||
53 | File | `/uncpath/` | Medium
|
||||
54 | File | `/user/updatePwd` | High
|
||||
55 | File | `/user/update_booking.php` | High
|
||||
56 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
57 | File | `/wireless/security.asp` | High
|
||||
58 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
59 | File | `/wp-admin/admin-ajax.php` | High
|
||||
60 | File | `01article.php` | High
|
||||
61 | File | `a-forms.php` | Medium
|
||||
62 | File | `AbstractScheduleJob.java` | High
|
||||
63 | File | `actionphp/download.File.php` | High
|
||||
64 | File | `activenews_view.asp` | High
|
||||
65 | File | `adclick.php` | Medium
|
||||
66 | File | `addtocart.asp` | High
|
||||
67 | File | `admin.a6mambocredits.php` | High
|
||||
68 | File | `admin.cropcanvas.php` | High
|
||||
69 | File | `admin.php` | Medium
|
||||
70 | File | `admin/abc.php` | High
|
||||
71 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
72 | File | `admin/admin/adminsave.html` | High
|
||||
73 | ... | ... | ...
|
||||
|
||||
There are 638 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,74 @@
|
|||
# Coronavirus scams - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Coronavirus scams](https://vuldb.com/?actor.coronavirus_scams). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.coronavirus_scams](https://vuldb.com/?actor.coronavirus_scams)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Coronavirus scams:
|
||||
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Coronavirus scams.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
2 | [45.128.134.14](https://vuldb.com/?ip.45.128.134.14) | - | - | High
|
||||
3 | [159.69.16.177](https://vuldb.com/?ip.159.69.16.177) | static.177.16.69.159.clients.your-server.de | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Coronavirus scams_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Coronavirus scams. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/uncpath/` | Medium
|
||||
3 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
4 | File | `add_vhost.php` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 28 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.fortinet.com/blog/threat-research/attackers-taking-advantage-of-the-coronavirus-covid-19-media-frenzy.html
|
||||
* https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# CrySIS - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CrySIS](https://vuldb.com/?actor.crysis). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.crysis](https://vuldb.com/?actor.crysis)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CrySIS.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.5.6.4](https://vuldb.com/?ip.2.5.6.4) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -22,7 +22,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
3 | [8.248.167.254](https://vuldb.com/?ip.8.248.167.254) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 13 more IOC items available. Please use our online service to access the data.
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -55,6 +55,7 @@ There are 2 more IOA items available (file, library, argument, input value, patt
|
|||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2021/10/threat-roundup-1008-1015.html
|
||||
* https://threatfox.abuse.ch
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# CryptoApi Exploit - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CryptoApi Exploit](https://vuldb.com/?actor.cryptoapi_exploit). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cryptoapi_exploit](https://vuldb.com/?actor.cryptoapi_exploit)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CryptoApi Exploit.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.fortinet.com/blog/threat-research/curveball-exploit-making-rounds.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LU](https://vuldb.com/?country.lu)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -48,11 +48,11 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -63,54 +63,53 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/action/wirelessConnect` | High
|
||||
4 | File | `/admin` | Low
|
||||
5 | File | `/admin-ajax.php?action=eps_redirect_save` | High
|
||||
6 | File | `/admin/assign/assign.php` | High
|
||||
7 | File | `/admin/attendance_row.php` | High
|
||||
8 | File | `/admin/cashadvance_row.php` | High
|
||||
9 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
10 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
11 | File | `/admin/departments/view_department.php` | High
|
||||
12 | File | `/admin/edit_subject.php` | High
|
||||
13 | File | `/admin/employee_row.php` | High
|
||||
14 | File | `/admin/login.php` | High
|
||||
15 | File | `/admin/maintenance/brand.php` | High
|
||||
16 | File | `/admin/maintenance/view_designation.php` | High
|
||||
17 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
18 | File | `/admin/reportupload.aspx` | High
|
||||
19 | File | `/admin/service.php` | High
|
||||
20 | File | `/admin/suppliers/view_details.php` | High
|
||||
21 | File | `/admin/transactions/track_shipment.php` | High
|
||||
22 | File | `/admin/user/manage_user.php` | High
|
||||
23 | File | `/admin/user/uploadImg` | High
|
||||
4 | File | `/admin-ajax.php?action=eps_redirect_save` | High
|
||||
5 | File | `/admin/assign/assign.php` | High
|
||||
6 | File | `/admin/attendance_row.php` | High
|
||||
7 | File | `/admin/cashadvance_row.php` | High
|
||||
8 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
9 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
10 | File | `/admin/departments/view_department.php` | High
|
||||
11 | File | `/admin/edit_subject.php` | High
|
||||
12 | File | `/admin/employee_row.php` | High
|
||||
13 | File | `/admin/login.php` | High
|
||||
14 | File | `/admin/maintenance/brand.php` | High
|
||||
15 | File | `/admin/maintenance/view_designation.php` | High
|
||||
16 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
17 | File | `/admin/reportupload.aspx` | High
|
||||
18 | File | `/admin/service.php` | High
|
||||
19 | File | `/admin/suppliers/view_details.php` | High
|
||||
20 | File | `/admin/transactions/track_shipment.php` | High
|
||||
21 | File | `/admin/user/manage_user.php` | High
|
||||
22 | File | `/admin/user/uploadImg` | High
|
||||
23 | File | `/ajax.php?action=read_msg` | High
|
||||
24 | File | `/api/admin/store/product/list` | High
|
||||
25 | File | `/cgi-bin/kerbynet` | High
|
||||
26 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
27 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
28 | File | `/churchcrm/EventAttendance.php` | High
|
||||
29 | File | `/classes/Master.php` | High
|
||||
30 | File | `/classes/Master.php?f=delete_item` | High
|
||||
31 | File | `/config/getuser` | High
|
||||
32 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
33 | File | `/forms/doLogin` | High
|
||||
34 | File | `/forum/away.php` | High
|
||||
35 | File | `/install/index.php` | High
|
||||
36 | File | `/licenses` | Medium
|
||||
37 | File | `/login/index.php` | High
|
||||
38 | File | `/menu.html` | Medium
|
||||
39 | File | `/mhds/clinic/view_details.php` | High
|
||||
40 | File | `/mims/login.php` | High
|
||||
41 | File | `/modules/projects/vw_files.php` | High
|
||||
42 | File | `/out.php` | Medium
|
||||
43 | File | `/plain` | Low
|
||||
25 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
26 | File | `/bin/login` | Medium
|
||||
27 | File | `/cgi-bin/kerbynet` | High
|
||||
28 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
29 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
30 | File | `/classes/Master.php` | High
|
||||
31 | File | `/classes/Master.php?f=delete_item` | High
|
||||
32 | File | `/config/getuser` | High
|
||||
33 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
34 | File | `/forms/doLogin` | High
|
||||
35 | File | `/forum/away.php` | High
|
||||
36 | File | `/HNAP1` | Low
|
||||
37 | File | `/install/index.php` | High
|
||||
38 | File | `/licenses` | Medium
|
||||
39 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
40 | File | `/login/index.php` | High
|
||||
41 | File | `/menu.html` | Medium
|
||||
42 | File | `/mims/login.php` | High
|
||||
43 | File | `/out.php` | Medium
|
||||
44 | File | `/public/launchNewWindow.jsp` | High
|
||||
45 | File | `/qsr_server/device/reboot` | High
|
||||
46 | File | `/spip.php` | Medium
|
||||
47 | File | `/staff/bookdetails.php` | High
|
||||
48 | File | `/staff_login.php` | High
|
||||
49 | ... | ... | ...
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 428 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 412 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DCRat:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,12 +21,22 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.135.83.205](https://vuldb.com/?ip.5.135.83.205) | 5-135-83-205.asyx.ru | - | High
|
||||
2 | [62.109.5.94](https://vuldb.com/?ip.62.109.5.94) | fvds-2.lm17.ru | - | High
|
||||
3 | [91.193.75.139](https://vuldb.com/?ip.91.193.75.139) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | [1.165.96.128](https://vuldb.com/?ip.1.165.96.128) | 1-165-96-128.dynamic-ip.hinet.net | - | High
|
||||
2 | [1.242.139.44](https://vuldb.com/?ip.1.242.139.44) | - | - | High
|
||||
3 | [5.135.83.205](https://vuldb.com/?ip.5.135.83.205) | 5-135-83-205.asyx.ru | - | High
|
||||
4 | [5.178.3.191](https://vuldb.com/?ip.5.178.3.191) | - | - | High
|
||||
5 | [20.223.128.97](https://vuldb.com/?ip.20.223.128.97) | - | - | High
|
||||
6 | [43.243.111.229](https://vuldb.com/?ip.43.243.111.229) | - | - | High
|
||||
7 | [45.77.34.211](https://vuldb.com/?ip.45.77.34.211) | 45.77.34.211.vultrusercontent.com | - | High
|
||||
8 | [45.95.19.170](https://vuldb.com/?ip.45.95.19.170) | - | - | High
|
||||
9 | [45.95.19.172](https://vuldb.com/?ip.45.95.19.172) | - | - | High
|
||||
10 | [45.95.19.173](https://vuldb.com/?ip.45.95.19.173) | - | - | High
|
||||
11 | [45.95.19.174](https://vuldb.com/?ip.45.95.19.174) | - | - | High
|
||||
12 | [45.140.147.214](https://vuldb.com/?ip.45.140.147.214) | vm1329418.stark-industries.solutions | - | High
|
||||
13 | [46.149.77.33](https://vuldb.com/?ip.46.149.77.33) | v1874993.hosted-by-vdsina.ru | - | High
|
||||
14 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
There are 52 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -34,12 +44,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -47,19 +59,97 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/see_more_details.php` | High
|
||||
2 | File | `/template/edit` | High
|
||||
3 | File | `/uncpath/` | Medium
|
||||
4 | ... | ... | ...
|
||||
1 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
2 | File | `/adfs/ls` | Medium
|
||||
3 | File | `/admin/access` | High
|
||||
4 | File | `/admin/ajax/avatar.php` | High
|
||||
5 | File | `/admin/inventory/manage_stock.php` | High
|
||||
6 | File | `/admin/media/upload` | High
|
||||
7 | File | `/admin/options` | High
|
||||
8 | File | `/admin/show.php` | High
|
||||
9 | File | `/api/blade-log/api/list` | High
|
||||
10 | File | `/api/RecordingList/download` | High
|
||||
11 | File | `/Applications/Calculator.app/Contents/MacOS/Calculator` | High
|
||||
12 | File | `/batm/app/admin/standalone/deployments` | High
|
||||
13 | File | `/cgi-bin/go` | Medium
|
||||
14 | File | `/cgi-bin/webproc` | High
|
||||
15 | File | `/classes/conf/db.properties&config=filemanager.config.js` | High
|
||||
16 | File | `/common/info.cgi` | High
|
||||
17 | File | `/etc` | Low
|
||||
18 | File | `/exec/` | Low
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/getcfg.php` | Medium
|
||||
21 | File | `/HNAP1` | Low
|
||||
22 | File | `/Home/GetAttachment` | High
|
||||
23 | File | `/htdocs/cgibin` | High
|
||||
24 | File | `/index.php?s=/admin-tpl-del&id=` | High
|
||||
25 | File | `/my_photo_gallery/image.php` | High
|
||||
26 | File | `/new` | Low
|
||||
27 | File | `/oauth/authorized_applications.json` | High
|
||||
28 | File | `/opt/tplink/EAPController/lib/eap-web-3.2.6.jar` | High
|
||||
29 | File | `/patient/doctors.php` | High
|
||||
30 | File | `/phpinventory/editcategory.php` | High
|
||||
31 | File | `/phpinventory/edituser.php` | High
|
||||
32 | File | `/probe?target` | High
|
||||
33 | File | `/rk-responsive-contact-form/include/rk_user_list.php` | High
|
||||
34 | File | `/root/.urcaps` | High
|
||||
35 | File | `/schedules/view_schedule.php` | High
|
||||
36 | File | `/see_more_details.php` | High
|
||||
37 | File | `/service/upload` | High
|
||||
38 | File | `/spip.php` | Medium
|
||||
39 | File | `/template/edit` | High
|
||||
40 | File | `/uncpath/` | Medium
|
||||
41 | File | `/upload` | Low
|
||||
42 | File | `/var/run/jboss-eap/` | High
|
||||
43 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
44 | File | `4.edu.php\conn\function.php` | High
|
||||
45 | File | `a1disp2.cgi/a1disp3.cgi/a1disp4.cgi` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 22 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://app.any.run/tasks/0c6eba9e-a4ca-4c40-beb1-a03bc903d904
|
||||
* https://app.any.run/tasks/1a6872e0-d42c-4949-82ae-e8f8f96d47a7
|
||||
* https://app.any.run/tasks/5f4f4268-36ec-4a62-8602-532292ddb0e0
|
||||
* https://app.any.run/tasks/25cd593b-83ba-4940-b968-cbd2e8e7f7a2
|
||||
* https://app.any.run/tasks/84d243ec-d740-414e-bbd1-d319ffcc0629
|
||||
* https://app.any.run/tasks/cbaabb75-75e6-4441-a38f-f78948e1d925
|
||||
* https://search.censys.io/hosts/1.165.96.128
|
||||
* https://search.censys.io/hosts/1.242.139.44
|
||||
* https://search.censys.io/hosts/5.178.3.191
|
||||
* https://search.censys.io/hosts/20.223.128.97
|
||||
* https://search.censys.io/hosts/43.243.111.229
|
||||
* https://search.censys.io/hosts/45.77.34.211
|
||||
* https://search.censys.io/hosts/45.95.19.170
|
||||
* https://search.censys.io/hosts/45.95.19.172
|
||||
* https://search.censys.io/hosts/45.95.19.173
|
||||
* https://search.censys.io/hosts/45.95.19.174
|
||||
* https://search.censys.io/hosts/64.44.166.203
|
||||
* https://search.censys.io/hosts/64.176.43.239
|
||||
* https://search.censys.io/hosts/77.92.154.211
|
||||
* https://search.censys.io/hosts/87.121.221.220
|
||||
* https://search.censys.io/hosts/89.23.96.202
|
||||
* https://search.censys.io/hosts/91.227.113.154
|
||||
* https://search.censys.io/hosts/95.214.26.63
|
||||
* https://search.censys.io/hosts/103.144.148.219
|
||||
* https://search.censys.io/hosts/103.146.78.130
|
||||
* https://search.censys.io/hosts/103.170.118.35
|
||||
* https://search.censys.io/hosts/103.186.108.229
|
||||
* https://search.censys.io/hosts/104.219.234.167
|
||||
* https://search.censys.io/hosts/109.195.94.247
|
||||
* https://search.censys.io/hosts/111.229.139.47
|
||||
* https://search.censys.io/hosts/112.213.98.87
|
||||
* https://search.censys.io/hosts/139.180.143.50
|
||||
* https://search.censys.io/hosts/142.202.242.168
|
||||
* https://search.censys.io/hosts/154.53.42.53
|
||||
* https://search.censys.io/hosts/179.61.251.188
|
||||
* https://search.censys.io/hosts/192.99.10.207
|
||||
* https://search.censys.io/hosts/193.42.32.159
|
||||
* https://search.censys.io/hosts/198.23.212.148
|
||||
* https://threatfox.abuse.ch
|
||||
* https://tria.ge/220411-rpjwpsagg7
|
||||
* https://tria.ge/220421-rkv36sbagj
|
||||
|
@ -72,6 +162,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://tria.ge/220613-ttxz8shcbl
|
||||
* https://tria.ge/220613-vjml7aheal
|
||||
* https://tria.ge/220623-pbhelschbq
|
||||
* https://tria.ge/230531-xdl5kshe47
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
# DHL-THEMED MALSPAM - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DHL-THEMED MALSPAM](https://vuldb.com/?actor.dhl-themed_malspam). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dhl-themed_malspam](https://vuldb.com/?actor.dhl-themed_malspam)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DHL-THEMED MALSPAM:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of DHL-THEMED MALSPAM.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [199.188.200.49](https://vuldb.com/?ip.199.188.200.49) | server239-4.web-hosting.com | - | High
|
||||
2 | [206.189.23.191](https://vuldb.com/?ip.206.189.23.191) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _DHL-THEMED MALSPAM_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by DHL-THEMED MALSPAM. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `awstats.pl` | Medium
|
||||
2 | File | `bl-kernel/ajax/upload-images.php` | High
|
||||
3 | File | `detail.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,31 @@
|
|||
# DMALocker - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DMALocker](https://vuldb.com/?actor.dmalocker). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dmalocker](https://vuldb.com/?actor.dmalocker)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of DMALocker.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.8.63.54](https://vuldb.com/?ip.5.8.63.54) | 5-8-63-54.static.x5x.tech | - | High
|
||||
2 | [95.213.192.77](https://vuldb.com/?ip.95.213.192.77) | mta11.misoslavis.com | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,11 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DanaBot:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -23,15 +19,37 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.8.55.205](https://vuldb.com/?ip.5.8.55.205) | carpbaboon.com | - | High
|
||||
2 | [5.9.224.217](https://vuldb.com/?ip.5.9.224.217) | static.217.224.9.5.clients.your-server.de | - | High
|
||||
3 | [23.106.122.14](https://vuldb.com/?ip.23.106.122.14) | - | - | High
|
||||
4 | [23.106.123.224](https://vuldb.com/?ip.23.106.123.224) | - | - | High
|
||||
5 | [23.254.226.52](https://vuldb.com/?ip.23.254.226.52) | client-23-254-226-52.hostwindsdns.com | - | High
|
||||
6 | [31.214.157.12](https://vuldb.com/?ip.31.214.157.12) | mail.private-mail.nl | - | High
|
||||
7 | [45.147.231.79](https://vuldb.com/?ip.45.147.231.79) | - | - | High
|
||||
8 | [46.173.218.13](https://vuldb.com/?ip.46.173.218.13) | - | - | High
|
||||
9 | ... | ... | ... | ...
|
||||
3 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
4 | [23.106.122.14](https://vuldb.com/?ip.23.106.122.14) | - | - | High
|
||||
5 | [23.106.123.224](https://vuldb.com/?ip.23.106.123.224) | - | - | High
|
||||
6 | [23.106.123.249](https://vuldb.com/?ip.23.106.123.249) | - | - | High
|
||||
7 | [23.254.129.180](https://vuldb.com/?ip.23.254.129.180) | hwsrv-1035456.hostwindsdns.com | - | High
|
||||
8 | [23.254.133.7](https://vuldb.com/?ip.23.254.133.7) | client-23-254-133-7.hostwindsdns.com | - | High
|
||||
9 | [23.254.134.53](https://vuldb.com/?ip.23.254.134.53) | hwsrv-1045495.hostwindsdns.com | - | High
|
||||
10 | [23.254.144.209](https://vuldb.com/?ip.23.254.144.209) | client-23-254-144-209.hostwindsdns.com | - | High
|
||||
11 | [23.254.164.106](https://vuldb.com/?ip.23.254.164.106) | hwsrv-978595.hostwindsdns.com | - | High
|
||||
12 | [23.254.201.147](https://vuldb.com/?ip.23.254.201.147) | WIN-FRBTX5I65I.com | - | High
|
||||
13 | [23.254.217.192](https://vuldb.com/?ip.23.254.217.192) | hwsrv-982289.hostwindsdns.com | - | High
|
||||
14 | [23.254.226.52](https://vuldb.com/?ip.23.254.226.52) | client-23-254-226-52.hostwindsdns.com | - | High
|
||||
15 | [23.254.226.136](https://vuldb.com/?ip.23.254.226.136) | box.sostenibilidadsocia.online | - | High
|
||||
16 | [23.254.227.74](https://vuldb.com/?ip.23.254.227.74) | hwsrv-1042388.hostwindsdns.com | - | High
|
||||
17 | [23.254.228.176](https://vuldb.com/?ip.23.254.228.176) | client-23-254-228-176.hostwindsdns.com | - | High
|
||||
18 | [26.64.30.13](https://vuldb.com/?ip.26.64.30.13) | - | - | High
|
||||
19 | [31.214.157.12](https://vuldb.com/?ip.31.214.157.12) | mail.private-mail.nl | - | High
|
||||
20 | [34.90.104.246](https://vuldb.com/?ip.34.90.104.246) | 246.104.90.34.bc.googleusercontent.com | - | Medium
|
||||
21 | [34.95.4.102](https://vuldb.com/?ip.34.95.4.102) | 102.4.95.34.bc.googleusercontent.com | - | Medium
|
||||
22 | [34.105.203.100](https://vuldb.com/?ip.34.105.203.100) | 100.203.105.34.bc.googleusercontent.com | - | Medium
|
||||
23 | [34.129.5.173](https://vuldb.com/?ip.34.129.5.173) | 173.5.129.34.bc.googleusercontent.com | - | Medium
|
||||
24 | [34.247.234.201](https://vuldb.com/?ip.34.247.234.201) | ec2-34-247-234-201.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
25 | [35.194.193.144](https://vuldb.com/?ip.35.194.193.144) | 144.193.194.35.bc.googleusercontent.com | - | Medium
|
||||
26 | [35.199.99.16](https://vuldb.com/?ip.35.199.99.16) | 16.99.199.35.bc.googleusercontent.com | - | Medium
|
||||
27 | [35.199.103.5](https://vuldb.com/?ip.35.199.103.5) | 5.103.199.35.bc.googleusercontent.com | - | Medium
|
||||
28 | [35.220.142.90](https://vuldb.com/?ip.35.220.142.90) | 90.142.220.35.bc.googleusercontent.com | - | Medium
|
||||
29 | [35.220.149.58](https://vuldb.com/?ip.35.220.149.58) | 58.149.220.35.bc.googleusercontent.com | - | Medium
|
||||
30 | [35.226.27.224](https://vuldb.com/?ip.35.226.27.224) | 224.27.226.35.bc.googleusercontent.com | - | Medium
|
||||
31 | ... | ... | ... | ...
|
||||
|
||||
There are 32 more IOC items available. Please use our online service to access the data.
|
||||
There are 121 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -39,13 +57,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -53,32 +70,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/account/ResetPassword` | High
|
||||
3 | File | `/addnews.html` | High
|
||||
4 | File | `/cgi-bin/go` | Medium
|
||||
5 | File | `/cm/delete` | Medium
|
||||
6 | File | `/download` | Medium
|
||||
7 | File | `/forum/away.php` | High
|
||||
8 | File | `/GetSimpleCMS-3.3.15/admin/log.php` | High
|
||||
9 | File | `/lms/admin.php` | High
|
||||
10 | File | `/my_photo_gallery/image.php` | High
|
||||
11 | File | `/redpass.cgi` | Medium
|
||||
12 | File | `/reps/classes/Users.php?f=delete_agent` | High
|
||||
13 | File | `/rom-0` | Low
|
||||
14 | File | `/secure/admin/ImporterFinishedPage.jspa` | High
|
||||
15 | File | `/uncpath/` | Medium
|
||||
16 | File | `/usr/ucb/mail` | High
|
||||
17 | File | `adclick.php` | Medium
|
||||
18 | File | `add-category.php` | High
|
||||
19 | File | `add_comment.php` | High
|
||||
20 | File | `admin.php` | Medium
|
||||
21 | File | `admin/admin.shtml` | High
|
||||
22 | File | `admin/content.php` | High
|
||||
23 | File | `admin/index.php` | High
|
||||
24 | ... | ... | ...
|
||||
1 | File | `/cgi-bin/kerbynet` | High
|
||||
2 | File | `/uncpath/` | Medium
|
||||
3 | File | `Deliver_SendMail.class.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 18 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -89,7 +86,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://github.com/eset/malware-ioc/tree/master/danabot
|
||||
* https://isc.sans.edu/forums/diary/Example+of+Danabot+distributed+through+malspam/27744/
|
||||
* https://research.checkpoint.com/2019/danabot-demands-a-ransom-payment/
|
||||
* https://threatfox.abuse.ch
|
||||
* https://tria.ge/220106-qkhmeabcd2
|
||||
* https://tria.ge/s/family:danabot
|
||||
* https://twitter.com/CERT_OPL/status/1138810411149643777
|
||||
* https://www.fortinet.com/blog/threat-research/breakdown-of-a-targeted-danabot-attack.html
|
||||
* https://www.virustotal.com/gui/file/6134ee02f86b79ea77b58ef215c36d45a849f70d4421dee96efdc1b9f011a8fd
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Dark Tequila - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dark Tequila](https://vuldb.com/?actor.dark_tequila). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dark_tequila](https://vuldb.com/?actor.dark_tequila)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dark Tequila.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [75.126.60.251](https://vuldb.com/?ip.75.126.60.251) | fb.3c.7e4b.ip4.static.sl-reverse.com | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# DeathRansom - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DeathRansom](https://vuldb.com/?actor.deathransom). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.deathransom](https://vuldb.com/?actor.deathransom)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of DeathRansom.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.fortinet.com/blog/threat-research/death-ransom-attribution.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -46,7 +46,7 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `data/gbconfiguration.dat` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 29 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 31 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
# Diicot - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Diicot](https://vuldb.com/?actor.diicot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.diicot](https://vuldb.com/?actor.diicot)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Diicot:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Diicot.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.88.67.94](https://vuldb.com/?ip.45.88.67.94) | - | - | High
|
||||
2 | [84.54.50.198](https://vuldb.com/?ip.84.54.50.198) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Diicot_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Diicot. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/etc/master.passwd` | High
|
||||
2 | File | `/index.php` | Medium
|
||||
3 | File | `/web_cste/cgi-bin/product.ini` | High
|
||||
4 | File | `admin.php` | Medium
|
||||
5 | File | `admin/scripts/FileUploader/php.php` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 41 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cadosecurity.com/tracking-diicot-an-emerging-romanian-threat-actor/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,101 @@
|
|||
# Divergent - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Divergent](https://vuldb.com/?actor.divergent). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.divergent](https://vuldb.com/?actor.divergent)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Divergent:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Divergent.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.9.41.178](https://vuldb.com/?ip.5.9.41.178) | static.178.41.9.5.clients.your-server.de | - | High
|
||||
2 | [13.228.224.121](https://vuldb.com/?ip.13.228.224.121) | api-13-228-224-121.stripe.com | - | High
|
||||
3 | [23.227.38.32](https://vuldb.com/?ip.23.227.38.32) | myshopify.com | - | High
|
||||
4 | [31.31.196.120](https://vuldb.com/?ip.31.31.196.120) | server146.hosting.reg.ru | - | High
|
||||
5 | [43.250.192.87](https://vuldb.com/?ip.43.250.192.87) | - | - | High
|
||||
6 | [43.250.192.98](https://vuldb.com/?ip.43.250.192.98) | - | - | High
|
||||
7 | [45.55.154.177](https://vuldb.com/?ip.45.55.154.177) | - | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
|
||||
There are 30 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Divergent_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Divergent. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.kedpm/history` | High
|
||||
2 | File | `/adfs/ls` | Medium
|
||||
3 | File | `/api/v11/users/sessions` | High
|
||||
4 | File | `/cmf/process/<process_id>/logs` | High
|
||||
5 | File | `/config/getuser` | High
|
||||
6 | File | `/etc/shadow` | Medium
|
||||
7 | File | `/Forms/oadmin_1` | High
|
||||
8 | File | `/goform/` | Medium
|
||||
9 | File | `/goform/formLogout` | High
|
||||
10 | File | `/home/dna/spool/.pfile` | High
|
||||
11 | File | `/includes/lib/tree.php` | High
|
||||
12 | File | `/index.php` | Medium
|
||||
13 | File | `/MagickCore/enhance.c` | High
|
||||
14 | File | `/MagickCore/quantize.c` | High
|
||||
15 | File | `/MagickCore/statistic.c` | High
|
||||
16 | File | `/onvif/device_service` | High
|
||||
17 | File | `/private/var` | Medium
|
||||
18 | File | `/sanadata/seo/index.asp` | High
|
||||
19 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/var/tmp/audacity-$USER` | High
|
||||
22 | File | `admin/components/menu/views/menuitems.php` | High
|
||||
23 | File | `admin/convertutf8/index.php` | High
|
||||
24 | File | `admin/download.php` | High
|
||||
25 | File | `admin/editusertag.php` | High
|
||||
26 | File | `adm_config_report.php` | High
|
||||
27 | File | `adm_program/modules/dates/dates_function.php` | High
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 239 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/09/divergent-analysis.html?m=1
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,38 @@
|
|||
# ELLECTRICFISH - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ELLECTRICFISH](https://vuldb.com/?actor.ellectricfish). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ellectricfish](https://vuldb.com/?actor.ellectricfish)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with ELLECTRICFISH:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of ELLECTRICFISH.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.23.23.23](https://vuldb.com/?ip.23.23.23.23) | select.zone | - | High
|
||||
2 | [24.24.24.24](https://vuldb.com/?ip.24.24.24.24) | - | - | High
|
||||
3 | [192.1.1.3](https://vuldb.com/?ip.192.1.1.3) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.us-cert.gov/ncas/analysis-reports/AR19-129A
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,77 @@
|
|||
# Earth Preta - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Earth Preta](https://vuldb.com/?actor.earth_preta). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.earth_preta](https://vuldb.com/?actor.earth_preta)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Earth Preta:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Earth Preta.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.188.33.190](https://vuldb.com/?ip.5.188.33.190) | helenacarlson.lp | - | High
|
||||
2 | [80.85.156.151](https://vuldb.com/?ip.80.85.156.151) | localhost.ru | - | High
|
||||
3 | [80.85.156.232](https://vuldb.com/?ip.80.85.156.232) | aldnanosolutions.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Earth Preta_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Earth Preta. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/app1/admin#foo` | High
|
||||
2 | File | `/config/server.xml` | High
|
||||
3 | File | `/coreframe/app/guestbook/myissue.php` | High
|
||||
4 | File | `/data/config.ftp.php` | High
|
||||
5 | File | `/debug/pprof` | Medium
|
||||
6 | File | `/include/helpers/upload.helper.php` | High
|
||||
7 | File | `/info.xml` | Medium
|
||||
8 | File | `/Items/*/RemoteImages/Download` | High
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 63 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.trendmicro.com/en_us/research/23/f/behind-the-scenes-unveiling-the-hidden-workings-of-earth-preta.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,82 @@
|
|||
# Eking - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Eking](https://vuldb.com/?actor.eking). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.eking](https://vuldb.com/?actor.eking)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with Eking:
|
||||
|
||||
* Government Organizations
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Eking:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Eking.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.62.170.237](https://vuldb.com/?ip.45.62.170.237) | - | Government Organizations | High
|
||||
2 | [107.179.20.214](https://vuldb.com/?ip.107.179.20.214) | happya.eordergo.com | Government Organizations | High
|
||||
3 | [129.56.36.26](https://vuldb.com/?ip.129.56.36.26) | - | Government Organizations | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Eking_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Eking. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||
2 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||
3 | File | `/confirm` | Medium
|
||||
4 | File | `/DesignTools/CssEditor.aspx` | High
|
||||
5 | File | `/etc/config/luci` | High
|
||||
6 | File | `/net/nfc/netlink.c` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 45 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://darktrace.com/blog/ransomware-as-a-service-eking-targets-government-organization
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,83 @@
|
|||
# ElectrumDosMiner - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ElectrumDosMiner](https://vuldb.com/?actor.electrumdosminer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.electrumdosminer](https://vuldb.com/?actor.electrumdosminer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with ElectrumDosMiner:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of ElectrumDosMiner.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.5.6.1](https://vuldb.com/?ip.2.5.6.1) | - | - | High
|
||||
2 | [178.159.37.113](https://vuldb.com/?ip.178.159.37.113) | free.example.com | - | High
|
||||
3 | [188.214.135.174](https://vuldb.com/?ip.188.214.135.174) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _ElectrumDosMiner_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80, CWE-84 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by ElectrumDosMiner. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/edit_member.php` | High
|
||||
2 | File | `/admin/maintenance/view_designation.php` | High
|
||||
3 | File | `/cgi-bin` | Medium
|
||||
4 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||
5 | File | `/include/comm_post.inc.php` | High
|
||||
6 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
7 | File | `/register.do` | Medium
|
||||
8 | File | `/secure/EditSubscription.jspa` | High
|
||||
9 | File | `admin.php` | Medium
|
||||
10 | File | `admin/admin.php` | High
|
||||
11 | File | `admin/conf_users_edit.php` | High
|
||||
12 | File | `admin/index.php` | High
|
||||
13 | File | `AppCompatCache.exe` | High
|
||||
14 | File | `ardguest.php` | Medium
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 121 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.malwarebytes.com/cybercrime/2019/04/electrum-ddos-botnet-reaches-152000-infected-hosts/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,74 @@
|
|||
# Energetic Bear - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Energetic Bear](https://vuldb.com/?actor.energetic_bear). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.energetic_bear](https://vuldb.com/?actor.energetic_bear)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Energetic Bear:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* [AO](https://vuldb.com/?country.ao)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Energetic Bear.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.229.10.193](https://vuldb.com/?ip.2.229.10.193) | 2-229-10-193.ip194.fastwebnet.it | - | High
|
||||
2 | [5.150.143.107](https://vuldb.com/?ip.5.150.143.107) | 107.143.150.5.host.static.ip.kpnqwest.it | - | High
|
||||
3 | [5.153.58.45](https://vuldb.com/?ip.5.153.58.45) | 2d.3a.9905.ip4.static.sl-reverse.com | - | High
|
||||
4 | [41.78.157.34](https://vuldb.com/?ip.41.78.157.34) | - | - | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Energetic Bear_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Energetic Bear. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/debug` | Low
|
||||
2 | File | `abook_database.php` | High
|
||||
3 | File | `addentry.php` | Medium
|
||||
4 | File | `add_comment.php` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 33 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,77 @@
|
|||
# FAKE UPDATER - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FAKE UPDATER](https://vuldb.com/?actor.fake_updater). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.fake_updater](https://vuldb.com/?actor.fake_updater)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FAKE UPDATER:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of FAKE UPDATER.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.95.97.32](https://vuldb.com/?ip.23.95.97.32) | 23-95-97-32-host.colocrossing.com | - | High
|
||||
2 | [46.249.59.67](https://vuldb.com/?ip.46.249.59.67) | - | - | High
|
||||
3 | [185.238.1.188](https://vuldb.com/?ip.185.238.1.188) | free.ptr1.ru | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _FAKE UPDATER_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by FAKE UPDATER. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/account/details.php` | High
|
||||
2 | File | `/cgi/get_param.cgi` | High
|
||||
3 | File | `/modules/registration_admission/patient_register.php` | High
|
||||
4 | File | `/out.php` | Medium
|
||||
5 | File | `/sbin/gs_config` | High
|
||||
6 | File | `add_comment.php` | High
|
||||
7 | File | `album_portal.php` | High
|
||||
8 | File | `browse-category.php` | High
|
||||
9 | File | `category.cfm` | Medium
|
||||
10 | File | `ClientModeImpl.java` | High
|
||||
11 | File | `comment_add.asp` | High
|
||||
12 | File | `data/gbconfiguration.dat` | High
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 98 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,60 @@
|
|||
# FTP Info Stealer - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FTP Info Stealer](https://vuldb.com/?actor.ftp_info_stealer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ftp_info_stealer](https://vuldb.com/?actor.ftp_info_stealer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FTP Info Stealer:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of FTP Info Stealer.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [89.46.222.42](https://vuldb.com/?ip.89.46.222.42) | 42.222.46.89.in-addr.arpa | - | High
|
||||
2 | [205.186.187.108](https://vuldb.com/?ip.205.186.187.108) | ekiaiooqio.c06.mtsvc.net | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _FTP Info Stealer_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
3 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by FTP Info Stealer. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `add_comment.php` | High
|
||||
2 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.malware-traffic-analysis.net/2019/02/07/index.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,64 @@
|
|||
# Fake Interview - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Fake Interview](https://vuldb.com/?actor.fake_interview). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.fake_interview](https://vuldb.com/?actor.fake_interview)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Fake Interview:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Fake Interview.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [51.38.87.199](https://vuldb.com/?ip.51.38.87.199) | - | - | High
|
||||
2 | [51.89.237.233](https://vuldb.com/?ip.51.89.237.233) | ip233.ip-51-89-237.eu | - | High
|
||||
3 | [51.89.237.234](https://vuldb.com/?ip.51.89.237.234) | ip234.ip-51-89-237.eu | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Fake Interview_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
3 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Fake Interview. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `add_comment.php` | High
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `email.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.certfa.com/posts/fake-interview-the-new-activity-of-charming-kitten/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Felipe - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Felipe](https://vuldb.com/?actor.felipe). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.felipe](https://vuldb.com/?actor.felipe)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Felipe.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [192.99.215.95](https://vuldb.com/?ip.192.99.215.95) | ip95.ip-192-99-215.net | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.zscaler.com/blogs/research/felipe-new-infostealer-trojan
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,83 @@
|
|||
# FelixRoot - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FelixRoot](https://vuldb.com/?actor.felixroot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.felixroot](https://vuldb.com/?actor.felixroot)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FelixRoot:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of FelixRoot.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [88.198.13.116](https://vuldb.com/?ip.88.198.13.116) | static.88.198.13.116.clients.your-server.de | - | High
|
||||
2 | [193.23.181.151](https://vuldb.com/?ip.193.23.181.151) | dedicated.vsys.host | - | High
|
||||
3 | [217.12.204.100](https://vuldb.com/?ip.217.12.204.100) | bezerra.tld | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _FelixRoot_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by FelixRoot. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/?page=system_info/contact_info` | High
|
||||
2 | File | `/admin/login.php` | High
|
||||
3 | File | `/admin/produts/controller.php` | High
|
||||
4 | File | `/admin/user/team` | High
|
||||
5 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
6 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
7 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
8 | File | `/DXR.axd` | Medium
|
||||
9 | File | `/forum/away.php` | High
|
||||
10 | File | `/goform/aspForm` | High
|
||||
11 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
12 | File | `/InternalPages/ExecuteTask.aspx` | High
|
||||
13 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
14 | File | `/ms/cms/content/list.do` | High
|
||||
15 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
16 | File | `/orms/` | Low
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 142 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,56 @@
|
|||
# Fileless Brazil Banking Trojan - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Fileless Brazil Banking Trojan](https://vuldb.com/?actor.fileless_brazil_banking_trojan). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.fileless_brazil_banking_trojan](https://vuldb.com/?actor.fileless_brazil_banking_trojan)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Fileless Brazil Banking Trojan.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [35.227.52.26](https://vuldb.com/?ip.35.227.52.26) | 26.52.227.35.bc.googleusercontent.com | - | Medium
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Fileless Brazil Banking Trojan_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1202 | CWE-77 | Command Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Fileless Brazil Banking Trojan. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/uncpath/` | Medium
|
||||
2 | File | `oracle_common/modules/com.bea.core.apache.commons.collections.jar` | High
|
||||
3 | File | `Redmine.pm` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-banking-trojan-targeting-brazilian-banks-downloads-possible-botnet-capability-info-stealers/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,139 @@
|
|||
# FlawedGrace - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FlawedGrace](https://vuldb.com/?actor.flawedgrace). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.flawedgrace](https://vuldb.com/?actor.flawedgrace)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FlawedGrace:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of FlawedGrace.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.188.86.18](https://vuldb.com/?ip.5.188.86.18) | - | - | High
|
||||
2 | [81.19.135.30](https://vuldb.com/?ip.81.19.135.30) | undefined.hostname.localhost | - | High
|
||||
3 | [92.118.36.199](https://vuldb.com/?ip.92.118.36.199) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _FlawedGrace_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by FlawedGrace. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `//WEB-INF` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/admin/cashadvance_row.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/userprofile.php` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
11 | File | `/apilog.php` | Medium
|
||||
12 | File | `/APR/login.php` | High
|
||||
13 | File | `/bin/httpd` | Medium
|
||||
14 | File | `/cgi-bin/wapopen` | High
|
||||
15 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
17 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
18 | File | `/feeds/post/publish` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/home/masterConsole` | High
|
||||
23 | File | `/home/sendBroadcast` | High
|
||||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
29 | File | `/index.php?page=category_list` | High
|
||||
30 | File | `/items/view_item.php` | High
|
||||
31 | File | `/jobinfo/` | Medium
|
||||
32 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
33 | File | `/lookin/info` | Medium
|
||||
34 | File | `/manager/index.php` | High
|
||||
35 | File | `/medical/inventories.php` | High
|
||||
36 | File | `/modules/profile/index.php` | High
|
||||
37 | File | `/modules/projects/vw_files.php` | High
|
||||
38 | File | `/modules/public/calendar.php` | High
|
||||
39 | File | `/Moosikay/order.php` | High
|
||||
40 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
41 | File | `/newsDia.php` | Medium
|
||||
42 | File | `/opac/Actions.php?a=login` | High
|
||||
43 | File | `/out.php` | Medium
|
||||
44 | File | `/php-opos/index.php` | High
|
||||
45 | File | `/PreviewHandler.ashx` | High
|
||||
46 | File | `/proxy` | Low
|
||||
47 | File | `/public/launchNewWindow.jsp` | High
|
||||
48 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
49 | File | `/reports/rwservlet` | High
|
||||
50 | File | `/reservation/add_message.php` | High
|
||||
51 | File | `/spip.php` | Medium
|
||||
52 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
53 | File | `/staff/bookdetails.php` | High
|
||||
54 | File | `/uncpath/` | Medium
|
||||
55 | File | `/user/updatePwd` | High
|
||||
56 | File | `/user/update_booking.php` | High
|
||||
57 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
58 | File | `/wireless/security.asp` | High
|
||||
59 | File | `/wp-admin/admin-ajax.php` | High
|
||||
60 | File | `01article.php` | High
|
||||
61 | File | `a-forms.php` | Medium
|
||||
62 | File | `AbstractScheduleJob.java` | High
|
||||
63 | File | `actionphp/download.File.php` | High
|
||||
64 | File | `activenews_view.asp` | High
|
||||
65 | File | `adclick.php` | Medium
|
||||
66 | File | `addtocart.asp` | High
|
||||
67 | File | `admin.a6mambocredits.php` | High
|
||||
68 | File | `admin.cropcanvas.php` | High
|
||||
69 | File | `admin.php` | Medium
|
||||
70 | File | `admin/abc.php` | High
|
||||
71 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
72 | ... | ... | ...
|
||||
|
||||
There are 632 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -328,14 +328,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29, CWE-37 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-29, CWE-50 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -343,47 +343,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
1 | File | `.FBCIndex` | Medium
|
||||
2 | File | `//WEB-INF` | Medium
|
||||
3 | File | `/?ajax-request=jnews` | High
|
||||
4 | File | `/about.php` | Medium
|
||||
5 | File | `/action/wirelessConnect` | High
|
||||
6 | File | `/admin.php/update/getFile.html` | High
|
||||
7 | File | `/admin/assign/assign.php` | High
|
||||
8 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
9 | File | `/admin/user/uploadImg` | High
|
||||
10 | File | `/analysisProject/pagingQueryData` | High
|
||||
11 | File | `/api/login` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
5 | File | `/api/login` | Medium
|
||||
6 | File | `/application/common.php#action_log` | High
|
||||
7 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
8 | File | `/authenticationendpoint/login.do` | High
|
||||
9 | File | `/bin/ate` | Medium
|
||||
10 | File | `/bin/login` | Medium
|
||||
11 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
12 | File | `/cas/logout` | Medium
|
||||
13 | File | `/cgi-bin/kerbynet` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/classes/Master.php` | High
|
||||
16 | File | `/classes/Master.php?f=delete_category` | High
|
||||
17 | File | `/classes/Master.php?f=delete_item` | High
|
||||
18 | File | `/classes/Master.php?f=save_service` | High
|
||||
19 | File | `/config/getuser` | High
|
||||
20 | File | `/data/remove` | Medium
|
||||
21 | File | `/databases/database/list` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/DXR.axd` | Medium
|
||||
24 | File | `/export` | Low
|
||||
25 | File | `/feeds/post/publish` | High
|
||||
26 | File | `/forms/doLogin` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
29 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
30 | File | `/index.php?page=category_list` | High
|
||||
31 | File | `/menu.html` | Medium
|
||||
32 | File | `/mims/login.php` | High
|
||||
33 | File | `/Moosikay/order.php` | High
|
||||
34 | File | `/opac/Actions.php?a=login` | High
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/PreviewHandler.ashx` | High
|
||||
37 | File | `/reservation/add_message.php` | High
|
||||
38 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
39 | ... | ... | ...
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/classes/Master.php?f=delete_category` | High
|
||||
15 | File | `/classes/Master.php?f=save_service` | High
|
||||
16 | File | `/data/remove` | Medium
|
||||
17 | File | `/databases/database/list` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/DXR.axd` | Medium
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/ghost/preview` | High
|
||||
22 | File | `/goForm/aspForm` | High
|
||||
23 | File | `/HNAP1` | Low
|
||||
24 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
25 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
26 | File | `/index.php?page=category_list` | High
|
||||
27 | File | `/jobinfo/` | Medium
|
||||
28 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
29 | File | `/login.php` | Medium
|
||||
30 | File | `/menu.html` | Medium
|
||||
31 | File | `/Moosikay/order.php` | High
|
||||
32 | File | `/news/*.html` | Medium
|
||||
33 | File | `/out.php` | Medium
|
||||
34 | File | `/owa/auth/logon.aspx` | High
|
||||
35 | File | `/PreviewHandler.ashx` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 332 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
# GPlayed - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GPlayed](https://vuldb.com/?actor.gplayed). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gplayed](https://vuldb.com/?actor.gplayed)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GPlayed.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.9.12.0](https://vuldb.com/?ip.2.9.12.0) | anantes-154-1-77-net.w2-9.abo.wanadoo.fr | - | High
|
||||
2 | [5.9.33.226](https://vuldb.com/?ip.5.9.33.226) | static.226.33.9.5.clients.your-server.de | - | High
|
||||
3 | [172.110.10.171](https://vuldb.com/?ip.172.110.10.171) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -98,7 +98,7 @@ ID | Type | Indicator | Confidence
|
|||
31 | File | `admin/controller/pages/localisation/language.php` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 276 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 274 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,76 @@
|
|||
# GandCrab 2.1 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GandCrab 2.1](https://vuldb.com/?actor.gandcrab_2.1). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gandcrab_2.1](https://vuldb.com/?actor.gandcrab_2.1)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GandCrab 2.1:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [BG](https://vuldb.com/?country.bg)
|
||||
* [RO](https://vuldb.com/?country.ro)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GandCrab 2.1.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [37.143.160.70](https://vuldb.com/?ip.37.143.160.70) | net1-customer70.adrana.ro | - | High
|
||||
2 | [66.171.248.178](https://vuldb.com/?ip.66.171.248.178) | api1.whatismyipaddress.com | - | High
|
||||
3 | [82.114.65.50](https://vuldb.com/?ip.82.114.65.50) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _GandCrab 2.1_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by GandCrab 2.1. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
2 | File | `/ext/phar/phar_object.c` | High
|
||||
3 | File | `/inc/campaign/count_of_send.php` | High
|
||||
4 | File | `/rdms/admin/?page=user/manage_user` | High
|
||||
5 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
6 | File | `/transmission/rpc` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 57 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,61 @@
|
|||
# GandCrab v5.0.4 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GandCrab v5.0.4](https://vuldb.com/?actor.gandcrab_v5.0.4). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gandcrab_v5.0.4](https://vuldb.com/?actor.gandcrab_v5.0.4)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GandCrab v5.0.4.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [92.63.197.48](https://vuldb.com/?ip.92.63.197.48) | - | - | High
|
||||
2 | [172.16.8.0](https://vuldb.com/?ip.172.16.8.0) | - | - | High
|
||||
3 | [172.16.8.1](https://vuldb.com/?ip.172.16.8.1) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _GandCrab v5.0.4_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by GandCrab v5.0.4. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `ajax/api/hook/decodeArguments` | High
|
||||
2 | File | `breadcrumbs_create.php` | High
|
||||
3 | File | `forumrunner/includes/moderation.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 22 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,56 @@
|
|||
# GandCrab v5 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GandCrab v5](https://vuldb.com/?actor.gandcrab_v5). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gandcrab_v5](https://vuldb.com/?actor.gandcrab_v5)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GandCrab v5.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [92.63.197.48](https://vuldb.com/?ip.92.63.197.48) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _GandCrab v5_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by GandCrab v5. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `ajax/api/hook/decodeArguments` | High
|
||||
2 | File | `breadcrumbs_create.php` | High
|
||||
3 | File | `forumrunner/includes/moderation.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 22 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,64 @@
|
|||
# Gandcrab v3 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gandcrab v3](https://vuldb.com/?actor.gandcrab_v3). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gandcrab_v3](https://vuldb.com/?actor.gandcrab_v3)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gandcrab v3:
|
||||
|
||||
* [ID](https://vuldb.com/?country.id)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Gandcrab v3.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [172.104.40.92](https://vuldb.com/?ip.172.104.40.92) | 172-104-40-92.ip.linodeusercontent.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Gandcrab v3_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Gandcrab v3. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/plugin` | Low
|
||||
2 | File | `Admin/DataAction.class.php` | High
|
||||
3 | File | `index.php?s=Admin-Data-Down-id-..` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# GermanWiper - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GermanWiper](https://vuldb.com/?actor.germanwiper). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.germanwiper](https://vuldb.com/?actor.germanwiper)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GermanWiper.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [178.33.106.120](https://vuldb.com/?ip.178.33.106.120) | mysql57-gra2.ubatserver.ovh | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.bleepingcomputer.com/forums/t/701735/germanwiper-ransomware-with-random-extensions-08kja-avco3-oqn1b/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -89,7 +89,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
66 | [58.221.47.41](https://vuldb.com/?ip.58.221.47.41) | - | - | High
|
||||
67 | ... | ... | ... | ...
|
||||
|
||||
There are 262 more IOC items available. Please use our online service to access the data.
|
||||
There are 263 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -114,12 +114,12 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?r=email/api/mark&op=delFromSend` | High
|
||||
2 | File | `/admin/maintenance/view_designation.php` | High
|
||||
3 | File | `/admin/upload/upload` | High
|
||||
4 | File | `/ajax.php?action=read_msg` | High
|
||||
5 | File | `/analysisProject/pagingQueryData` | High
|
||||
6 | File | `/api/admin/system/store/order/list` | High
|
||||
7 | File | `/api/gen/clients/{language}` | High
|
||||
8 | File | `/api/geojson` | Medium
|
||||
3 | File | `/ajax.php?action=read_msg` | High
|
||||
4 | File | `/analysisProject/pagingQueryData` | High
|
||||
5 | File | `/api/admin/system/store/order/list` | High
|
||||
6 | File | `/api/gen/clients/{language}` | High
|
||||
7 | File | `/api/geojson` | Medium
|
||||
8 | File | `/bin/ate` | Medium
|
||||
9 | File | `/bin/sh` | Low
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/classes/Master.php?f=delete_category` | High
|
||||
|
@ -145,12 +145,13 @@ ID | Type | Indicator | Confidence
|
|||
31 | File | `/modules/profile/index.php` | High
|
||||
32 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
33 | File | `/net-banking/customer_transactions.php` | High
|
||||
34 | File | `/obs/book.php` | High
|
||||
35 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
36 | File | `/requests.php` | High
|
||||
37 | ... | ... | ...
|
||||
34 | File | `/news/*.html` | Medium
|
||||
35 | File | `/obs/book.php` | High
|
||||
36 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
37 | File | `/owa/auth/logon.aspx` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 315 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -199,6 +200,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2022/05/threat-roundup-0520-0527.html
|
||||
* https://blog.talosintelligence.com/threat-roundup-1202-1209/
|
||||
* https://blog.talosintelligence.com/threat-roundup-1209-1216/
|
||||
* https://www.alienvault.com/blogs/labs-research/the-odd-case-of-a-gh0strat-variant
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -36,7 +36,8 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
13 | [39.109.113.141](https://vuldb.com/?ip.39.109.113.141) | - | - | High
|
||||
14 | [43.129.192.59](https://vuldb.com/?ip.43.129.192.59) | - | - | High
|
||||
15 | [43.142.38.153](https://vuldb.com/?ip.43.142.38.153) | - | - | High
|
||||
16 | ... | ... | ... | ...
|
||||
16 | [43.249.195.178](https://vuldb.com/?ip.43.249.195.178) | - | - | High
|
||||
17 | ... | ... | ... | ...
|
||||
|
||||
There are 62 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -0,0 +1,67 @@
|
|||
# GhostSecret - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GhostSecret](https://vuldb.com/?actor.ghostsecret). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ghostsecret](https://vuldb.com/?actor.ghostsecret)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GhostSecret:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [IN](https://vuldb.com/?country.in)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GhostSecret.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [14.140.116.172](https://vuldb.com/?ip.14.140.116.172) | 14-140-116-172-sapient.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _GhostSecret_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by GhostSecret. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/bookings/view_details.php` | High
|
||||
2 | File | `/uncpath/` | Medium
|
||||
3 | File | `data/console/redirect` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [IR](https://vuldb.com/?country.ir)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -0,0 +1,147 @@
|
|||
# GravityRAT - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GravityRAT](https://vuldb.com/?actor.gravityrat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gravityrat](https://vuldb.com/?actor.gravityrat)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GravityRAT:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GravityRAT.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.189.159.23](https://vuldb.com/?ip.5.189.159.23) | mail.camzx.com | - | High
|
||||
2 | [213.152.161.174](https://vuldb.com/?ip.213.152.161.174) | hosted-by.airvpn.org | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _GravityRAT_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by GravityRAT. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.kss.pid` | Medium
|
||||
2 | File | `/admin.php?m=Config&a=add` | High
|
||||
3 | File | `/admin/login.php` | High
|
||||
4 | File | `/adminsys/index.php?load=admins&act=edit_info&act_type=add` | High
|
||||
5 | File | `/advance_push/public/login` | High
|
||||
6 | File | `/bin/goahead` | Medium
|
||||
7 | File | `/box_code_base.c` | High
|
||||
8 | File | `/cgi-bin` | Medium
|
||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
10 | File | `/configs/application.ini` | High
|
||||
11 | File | `/core/MY_Security.php` | High
|
||||
12 | File | `/download` | Medium
|
||||
13 | File | `/dus/shopliste/index.php` | High
|
||||
14 | File | `/egroupware/index.php` | High
|
||||
15 | File | `/etc/passwd` | Medium
|
||||
16 | File | `/event-management/index.php` | High
|
||||
17 | File | `/ext/phar/phar_object.c` | High
|
||||
18 | File | `/fpui/jsp/index.jsp` | High
|
||||
19 | File | `/goform/langSwitch` | High
|
||||
20 | File | `/goform/setLang` | High
|
||||
21 | File | `/HNAP1` | Low
|
||||
22 | File | `/Hospital-Management-System-master/contact.php` | High
|
||||
23 | File | `/Hospital-Management-System-master/func.php` | High
|
||||
24 | File | `/htdocs/cgibin` | High
|
||||
25 | File | `/iisadmin` | Medium
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/jerry-core/ecma/base/ecma-helpers.c` | High
|
||||
28 | File | `/knowledgebase/view.php` | High
|
||||
29 | File | `/LEPTON_stable_2.2.2/upload/admins/pages/index.php` | High
|
||||
30 | File | `/Manager/index.aspx` | High
|
||||
31 | File | `/mc-admin/page-edit.php` | High
|
||||
32 | File | `/navigate/navigate_download.php` | High
|
||||
33 | File | `/opensis/modules/users/Staff.php` | High
|
||||
34 | File | `/pay-with-paypal/{id}` | High
|
||||
35 | File | `/preferences/tags` | High
|
||||
36 | File | `/product_list.php` | High
|
||||
37 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
38 | File | `/spacecom/login.php` | High
|
||||
39 | File | `/var/run/jboss-eap/` | High
|
||||
40 | File | `/var/www/core/controller/index.php` | High
|
||||
41 | File | `/wp-json` | Medium
|
||||
42 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
43 | File | `act.php` | Low
|
||||
44 | File | `addfav.php` | Medium
|
||||
45 | File | `addguest.cgi` | Medium
|
||||
46 | File | `admin.php` | Medium
|
||||
47 | File | `Admin.php` | Medium
|
||||
48 | File | `admin.php?action=file&ctrl=download&path=../../1.txt` | High
|
||||
49 | File | `admin/add-news.php` | High
|
||||
50 | File | `admin/admin.php` | High
|
||||
51 | File | `admin/file.do` | High
|
||||
52 | File | `admin/index.php` | High
|
||||
53 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
54 | File | `adsearch.php` | Medium
|
||||
55 | File | `announcements.php` | High
|
||||
56 | File | `ans.pl` | Low
|
||||
57 | File | `apachectl` | Medium
|
||||
58 | File | `app/admin/controller/themecontroller.php` | High
|
||||
59 | File | `arch/arm64/kernel/sys.c` | High
|
||||
60 | File | `archive_read_extract2.c` | High
|
||||
61 | File | `article.php` | Medium
|
||||
62 | File | `article2pdf_getfile.php` | High
|
||||
63 | File | `articles/index.php` | High
|
||||
64 | File | `assets/download.aspx` | High
|
||||
65 | File | `audio/SDL_wave.c` | High
|
||||
66 | File | `auth.c` | Low
|
||||
67 | File | `auth.php` | Medium
|
||||
68 | File | `C.html` | Low
|
||||
69 | File | `C:\dir` | Low
|
||||
70 | File | `cairo-truetype-subset.c` | High
|
||||
71 | File | `calc.php` | Medium
|
||||
72 | File | `cart.php` | Medium
|
||||
73 | File | `category.php` | Medium
|
||||
74 | File | `category_list.php` | High
|
||||
75 | File | `cgi-bin` | Low
|
||||
76 | File | `checkuser.php` | High
|
||||
77 | File | `client.c` | Medium
|
||||
78 | File | `clients/editclient.php` | High
|
||||
79 | File | `clone-master-clean-up.sh` | High
|
||||
80 | File | `cloud.php` | Medium
|
||||
81 | File | `cobc/parser.y` | High
|
||||
82 | File | `CodeBrws.asp` | Medium
|
||||
83 | File | `collect` | Low
|
||||
84 | File | `comments.php` | Medium
|
||||
85 | File | `CommentsService.ashx` | High
|
||||
86 | File | `comment_delete_cgi.php` | High
|
||||
87 | ... | ... | ...
|
||||
|
||||
There are 764 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,59 @@
|
|||
# Grobios - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Grobios](https://vuldb.com/?actor.grobios). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.grobios](https://vuldb.com/?actor.grobios)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grobios:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Grobios.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [169.239.129.17](https://vuldb.com/?ip.169.239.129.17) | rns.za.zappiehost.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Grobios_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
3 | T1592 | CWE-200 | Configuration | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Grobios. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `userfiles/modules/users/controller/controller.php` | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,68 @@
|
|||
# HenBox - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [HenBox](https://vuldb.com/?actor.henbox). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.henbox](https://vuldb.com/?actor.henbox)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with HenBox:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of HenBox.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [47.90.81.23](https://vuldb.com/?ip.47.90.81.23) | - | - | High
|
||||
2 | [59.188.196.172](https://vuldb.com/?ip.59.188.196.172) | - | - | High
|
||||
3 | [60.191.57.35](https://vuldb.com/?ip.60.191.57.35) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _HenBox_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by HenBox. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `binder.c` | Medium
|
||||
2 | File | `gatt_cl.cc` | Medium
|
||||
3 | File | `hw/display/ati_2d.c` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,60 @@
|
|||
# Hermes - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hermes](https://vuldb.com/?actor.hermes). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hermes](https://vuldb.com/?actor.hermes)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hermes:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Hermes.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [159.65.131.94](https://vuldb.com/?ip.159.65.131.94) | - | - | High
|
||||
2 | [207.148.104.5](https://vuldb.com/?ip.207.148.104.5) | 207.148.104.5.vultrusercontent.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Hermes_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Hermes. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `exit.php` | Medium
|
||||
2 | File | `register/check/username?username` | High
|
||||
3 | File | `util.c` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 3 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,60 @@
|
|||
# Hide and Seek - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hide and Seek](https://vuldb.com/?actor.hide_and_seek). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hide_and_seek](https://vuldb.com/?actor.hide_and_seek)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hide and Seek:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Hide and Seek.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [194.58.111.187](https://vuldb.com/?ip.194.58.111.187) | 194-58-111-187.cloudvps.regruhosting.ru | - | High
|
||||
2 | [194.147.32.237](https://vuldb.com/?ip.194.147.32.237) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Hide and Seek_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Hide and Seek. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `ajax/render/widget_tabbedcontainer_tab_panel` | High
|
||||
2 | File | `breadcrumbs_create.php` | High
|
||||
3 | File | `plugin.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 3 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/11/custom-dropper-hide-and-seek.html?m=1
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,55 @@
|
|||
# Higaisa - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Higaisa](https://vuldb.com/?actor.higaisa). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.higaisa](https://vuldb.com/?actor.higaisa)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Higaisa:
|
||||
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Higaisa.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.4.1.6](https://vuldb.com/?ip.3.4.1.6) | - | - | High
|
||||
2 | [45.76.6.149](https://vuldb.com/?ip.45.76.6.149) | 45.76.6.149.vultrusercontent.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Higaisa_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Higaisa. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `goform/setUsbUnload` | High
|
||||
2 | Argument | `deviceName` | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -68,9 +68,10 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/patient/settings.php` | High
|
||||
16 | File | `/proc/*/cmdline"` | High
|
||||
17 | File | `/proc/pid/syscall` | High
|
||||
18 | ... | ... | ...
|
||||
18 | File | `/sbin/acos_service` | High
|
||||
19 | ... | ... | ...
|
||||
|
||||
There are 149 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 152 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,103 @@
|
|||
# HopLight - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [HopLight](https://vuldb.com/?actor.hoplight). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hoplight](https://vuldb.com/?actor.hoplight)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with HopLight:
|
||||
|
||||
* [HK](https://vuldb.com/?country.hk)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of HopLight.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [10.10.30.130](https://vuldb.com/?ip.10.10.30.130) | - | - | High
|
||||
2 | [14.140.116.172](https://vuldb.com/?ip.14.140.116.172) | 14-140-116-172-sapient.com | - | High
|
||||
3 | [21.0.0.0](https://vuldb.com/?ip.21.0.0.0) | - | - | High
|
||||
4 | [21.252.107.198](https://vuldb.com/?ip.21.252.107.198) | - | - | High
|
||||
5 | [21.255.255.255](https://vuldb.com/?ip.21.255.255.255) | - | - | High
|
||||
6 | [26.0.0.0](https://vuldb.com/?ip.26.0.0.0) | - | - | High
|
||||
7 | [26.165.218.44](https://vuldb.com/?ip.26.165.218.44) | - | - | High
|
||||
8 | [26.255.255.255](https://vuldb.com/?ip.26.255.255.255) | - | - | High
|
||||
9 | [47.206.4.145](https://vuldb.com/?ip.47.206.4.145) | static-47-206-4-145.srst.fl.frontiernet.net | - | High
|
||||
10 | ... | ... | ... | ...
|
||||
|
||||
There are 35 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _HopLight_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by HopLight. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin-panel1.php` | High
|
||||
2 | File | `/admin/academic/studenview_left.php` | High
|
||||
3 | File | `/admin/bookings/view_details.php` | High
|
||||
4 | File | `/admin/controller/JobLogController.java` | High
|
||||
5 | File | `/admin/login.php` | High
|
||||
6 | File | `/ad_js.php` | Medium
|
||||
7 | File | `/alerts/alertConfigField.php` | High
|
||||
8 | File | `/API/system/admins/session` | High
|
||||
9 | File | `/config/myfield/test.php` | High
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
12 | File | `/data/remove` | Medium
|
||||
13 | File | `/ECT_Provider/` | High
|
||||
14 | File | `/etc/passwd` | Medium
|
||||
15 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
16 | File | `/forms/doLogin` | High
|
||||
17 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
18 | File | `/fuel/index.php/fuel/pages/items` | High
|
||||
19 | File | `/image_zoom.php` | High
|
||||
20 | File | `/include/config.cache.php` | High
|
||||
21 | File | `/index.php` | Medium
|
||||
22 | File | `/mkshop/Men/profile.php` | High
|
||||
23 | File | `/param.file.tgz` | High
|
||||
24 | File | `/proxy/` | Low
|
||||
25 | File | `/public/plugins/` | High
|
||||
26 | File | `/rest/api/2/search` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 230 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.us-cert.gov/ncas/analysis-reports/ar20-045g
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Hussarini - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hussarini](https://vuldb.com/?actor.hussarini). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hussarini](https://vuldb.com/?actor.hussarini)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Hussarini.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [157.52.167.71](https://vuldb.com/?ip.157.52.167.71) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,104 @@
|
|||
# IRCflu and Interplanetary Storm - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [IRCflu and Interplanetary Storm](https://vuldb.com/?actor.ircflu_and_interplanetary_storm). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ircflu_and_interplanetary_storm](https://vuldb.com/?actor.ircflu_and_interplanetary_storm)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with IRCflu and Interplanetary Storm:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of IRCflu and Interplanetary Storm.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.234.216.34](https://vuldb.com/?ip.185.234.216.34) | - | - | High
|
||||
2 | [193.56.28.120](https://vuldb.com/?ip.193.56.28.120) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _IRCflu and Interplanetary Storm_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by IRCflu and Interplanetary Storm. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/admin/loginc.php` | High
|
||||
3 | File | `/admin/students/view_student.php` | High
|
||||
4 | File | `/Applications/Calculator.app/Contents/MacOS/Calculator` | High
|
||||
5 | File | `/cgi-bin/` | Medium
|
||||
6 | File | `/cgi-bin/luci` | High
|
||||
7 | File | `/common/info.cgi` | High
|
||||
8 | File | `/config.cgi?webmin` | High
|
||||
9 | File | `/data/inc/images.php` | High
|
||||
10 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
11 | File | `/edit` | Low
|
||||
12 | File | `/etc/passwd` | Medium
|
||||
13 | File | `/etc/stunnel.key` | High
|
||||
14 | File | `/etc/sysconfig/btrfsmaintenance` | High
|
||||
15 | File | `/framework/modules/notfound/controllers/notfoundController.php` | High
|
||||
16 | File | `/gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php` | High
|
||||
17 | File | `/job-details` | Medium
|
||||
18 | File | `/mib.db` | Low
|
||||
19 | File | `/page/add` | Medium
|
||||
20 | File | `/squashfs-root/www/HNAP1/control/SetWizardConfig.php` | High
|
||||
21 | File | `/system-info/health` | High
|
||||
22 | File | `/tmp/s48lose.tmp` | High
|
||||
23 | File | `/tmp/xbindkeysrc-tmp` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/usr/local` | Medium
|
||||
26 | File | `/var/log/nginx` | High
|
||||
27 | File | `/var/run/jboss-eap/` | High
|
||||
28 | File | `admin-ajax.php` | High
|
||||
29 | File | `admin.jcomments.php` | High
|
||||
30 | File | `admin.php` | Medium
|
||||
31 | File | `admin/?n=language&c=language_general&a=doSearchParameter` | High
|
||||
32 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
33 | File | `admin/admin_log/index.html?user_id` | High
|
||||
34 | File | `admin/admin_menu.php` | High
|
||||
35 | File | `admin/config.php` | High
|
||||
36 | File | `admin/content.php` | High
|
||||
37 | File | `admin/edit_category.php` | High
|
||||
38 | File | `admin/users` | Medium
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 333 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://labs.bitdefender.com/2020/06/ssh-targeting-golang-bots-becoming-the-new-norm/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,63 @@
|
|||
# Innfirat - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Innfirat](https://vuldb.com/?actor.innfirat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.innfirat](https://vuldb.com/?actor.innfirat)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Innfirat:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Innfirat.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [62.210.142.219](https://vuldb.com/?ip.62.210.142.219) | 62-210-142-219.rev.poneytelecom.eu | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Innfirat_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Innfirat. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/forum/away.php` | High
|
||||
2 | File | `adclick.php` | Medium
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 18 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,51 @@
|
|||
# Iserik - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Iserik](https://vuldb.com/?actor.iserik). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.iserik](https://vuldb.com/?actor.iserik)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Iserik:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Iserik.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.9.0.1](https://vuldb.com/?ip.1.9.0.1) | - | - | High
|
||||
2 | [1.9.1.0](https://vuldb.com/?ip.1.9.1.0) | - | - | High
|
||||
3 | [1.9.1.1](https://vuldb.com/?ip.1.9.1.1) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Iserik_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://labs.bitdefender.com/wp-content/uploads/downloads/iserik-indicators-of-compromise/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue