Update March 2023

actors/APT1/README.md

@@ -66,12 +66,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/public/plugins/` | High
-2 | File | `/systemrw/` | Medium
-3 | File | `adm/boardgroup_form_update.php` | High
+1 | File | `/api/upload` | Medium
+2 | File | `/public/plugins/` | High
+3 | File | `/systemrw/` | Medium
 4 | ... | ... | ...
 
-There are 22 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT2/README.md

@@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [KR](https://vuldb.com/?country.kr)
 * ...
 
-There are 1 more country items available. Please use our online service to access the data.
+There are 2 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 

actors/APT28/README.md

@@ -131,9 +131,10 @@ ID | Type | Indicator | Confidence
 24 | File | `/REBOOTSYSTEM` | High
 25 | File | `/replication` | Medium
 26 | File | `/RestAPI` | Medium
-27 | ... | ... | ...
+27 | File | `/tmp/zarafa-vacation-*` | High
+28 | ... | ... | ...
 
-There are 229 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT29/README.md

@@ -64,10 +64,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | ... | ... | ... | ...
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
 
 There are 18 more TTP items available. Please use our online service to access the data.
 

actors/APT3/README.md

@@ -57,57 +57,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `/.env` | Low
-3 | File | `/.ssh/authorized_keys` | High
-4 | File | `/admin/default.asp` | High
-5 | File | `/ajax/networking/get_netcfg.php` | High
-6 | File | `/app/options.py` | High
-7 | File | `/assets/ctx` | Medium
-8 | File | `/bin/httpd` | Medium
-9 | File | `/cgi-bin/wapopen` | High
-10 | File | `/ci_spms/admin/category` | High
-11 | File | `/ci_spms/admin/search/searching/` | High
-12 | File | `/classes/Master.php?f=delete_appointment` | High
-13 | File | `/classes/Master.php?f=delete_train` | High
-14 | File | `/cms/print.php` | High
-15 | File | `/concat?/%2557EB-INF/web.xml` | High
-16 | File | `/Content/Template/root/reverse-shell.aspx` | High
-17 | File | `/ctcprotocol/Protocol` | High
-18 | File | `/dashboard/menu-list.php` | High
-19 | File | `/data/remove` | Medium
-20 | File | `/ebics-server/ebics.aspx` | High
-21 | File | `/ffos/classes/Master.php?f=save_category` | High
-22 | File | `/forum/away.php` | High
-23 | File | `/goforms/rlminfo` | High
-24 | File | `/Items/*/RemoteImages/Download` | High
-25 | File | `/login` | Low
-26 | File | `/menu.html` | Medium
-27 | File | `/navigate/navigate_download.php` | High
-28 | File | `/ocwbs/admin/?page=user/manage_user` | High
-29 | File | `/ofrs/admin/?page=user/manage_user` | High
-30 | File | `/out.php` | Medium
-31 | File | `/owa/auth/logon.aspx` | High
-32 | File | `/password.html` | High
-33 | File | `/php_action/fetchSelectedUser.php` | High
-34 | File | `/proc/ioports` | High
-35 | File | `/property-list/property_view.php` | High
-36 | File | `/ptms/classes/Users.php` | High
-37 | File | `/resources//../` | High
-38 | File | `/rest/api/2/search` | High
-39 | File | `/s/` | Low
-40 | File | `/scripts/cpan_config` | High
-41 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-42 | File | `/services/system/setup.json` | High
-43 | File | `/spip.php` | Medium
-44 | File | `/sys/dict/queryTableData` | High
-45 | File | `/tmp` | Low
-46 | File | `/uncpath/` | Medium
-47 | File | `/vloggers_merch/?p=view_product` | High
-48 | File | `/webconsole/APIController` | High
-49 | File | `/websocket/exec` | High
-50 | ... | ... | ...
+2 | File | `/.ssh/authorized_keys` | High
+3 | File | `/admin/default.asp` | High
+4 | File | `/ajax/networking/get_netcfg.php` | High
+5 | File | `/app/options.py` | High
+6 | File | `/bin/httpd` | Medium
+7 | File | `/cgi-bin/wapopen` | High
+8 | File | `/ci_spms/admin/category` | High
+9 | File | `/ci_spms/admin/search/searching/` | High
+10 | File | `/classes/Master.php?f=delete_appointment` | High
+11 | File | `/classes/Master.php?f=delete_train` | High
+12 | File | `/cms/print.php` | High
+13 | File | `/concat?/%2557EB-INF/web.xml` | High
+14 | File | `/Content/Template/root/reverse-shell.aspx` | High
+15 | File | `/ctcprotocol/Protocol` | High
+16 | File | `/dashboard/menu-list.php` | High
+17 | File | `/data/remove` | Medium
+18 | File | `/ebics-server/ebics.aspx` | High
+19 | File | `/ffos/classes/Master.php?f=save_category` | High
+20 | File | `/forum/away.php` | High
+21 | File | `/goforms/rlminfo` | High
+22 | File | `/HNAP1/SetClientInfo` | High
+23 | File | `/Items/*/RemoteImages/Download` | High
+24 | File | `/login` | Low
+25 | File | `/menu.html` | Medium
+26 | File | `/navigate/navigate_download.php` | High
+27 | File | `/ocwbs/admin/?page=user/manage_user` | High
+28 | File | `/ofrs/admin/?page=user/manage_user` | High
+29 | File | `/out.php` | Medium
+30 | File | `/owa/auth/logon.aspx` | High
+31 | File | `/password.html` | High
+32 | File | `/php_action/fetchSelectedUser.php` | High
+33 | File | `/proc/ioports` | High
+34 | File | `/property-list/property_view.php` | High
+35 | File | `/ptms/classes/Users.php` | High
+36 | File | `/resources//../` | High
+37 | File | `/rest/api/2/search` | High
+38 | File | `/s/` | Low
+39 | File | `/scripts/cpan_config` | High
+40 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+41 | File | `/services/system/setup.json` | High
+42 | File | `/spip.php` | Medium
+43 | File | `/sys/dict/queryTableData` | High
+44 | File | `/tmp` | Low
+45 | File | `/uncpath/` | Medium
+46 | File | `/vloggers_merch/?p=view_product` | High
+47 | File | `/webconsole/APIController` | High
+48 | File | `/websocket/exec` | High
+49 | ... | ... | ...
 
-There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 429 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT31/README.md

@@ -74,7 +74,7 @@ ID | Type | Indicator | Confidence
 13 | File | `bb_usage_stats.php` | High
 14 | ... | ... | ...
 
-There are 112 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 113 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT32/README.md

@@ -90,7 +90,7 @@ ID | Type | Indicator | Confidence
 24 | File | `arch/x86/include/asm/fpu/internal.h` | High
 25 | ... | ... | ...
 
-There are 207 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 209 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT33/README.md

@@ -21,7 +21,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [SV](https://vuldb.com/?country.sv)
 * ...
 
-There are 8 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -117,7 +117,7 @@ ID | Type | Indicator | Confidence
 45 | File | `addrtoname.c` | Medium
 46 | ... | ... | ...
 
-There are 395 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 396 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT34/README.md

@@ -93,7 +93,7 @@ ID | Type | Indicator | Confidence
 30 | File | `/RestAPI` | Medium
 31 | ... | ... | ...
 
-There are 266 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT41/README.md

@@ -80,47 +80,47 @@ ID | Type | Indicator | Confidence
 2 | File | `/api/blade-log/api/list` | High
 3 | File | `/api/trackedEntityInstances` | High
 4 | File | `/application/common.php#action_log` | High
-5 | File | `/baseOpLog.do` | High
-6 | File | `/category_view.php` | High
-7 | File | `/cgi-bin/portal` | High
-8 | File | `/cgi-bin/system_mgr.cgi` | High
-9 | File | `/common/download?filename=1.jsp&delete=false` | High
-10 | File | `/csms/?page=contact_us` | High
-11 | File | `/debug` | Low
-12 | File | `/debug/pprof` | Medium
-13 | File | `/forum/away.php` | High
-14 | File | `/goform/PowerSaveSet` | High
-15 | File | `/include/make.php` | High
-16 | File | `/index.php` | Medium
-17 | File | `/jeecg-boot/sys/common/upload` | High
-18 | File | `/lists/admin/` | High
-19 | File | `/login.cgi?logout=1` | High
-20 | File | `/medical/inventories.php` | High
-21 | File | `/members/view_member.php` | High
-22 | File | `/mgmt/tm/util/bash` | High
-23 | File | `/module/admin_logs` | High
-24 | File | `/nova/bin/console` | High
-25 | File | `/owa/auth/logon.aspx` | High
-26 | File | `/plesk-site-preview/` | High
-27 | File | `/public/login.htm` | High
-28 | File | `/public/plugins/` | High
-29 | File | `/replication` | Medium
-30 | File | `/SASWebReportStudio/logonAndRender.do` | High
-31 | File | `/scas/classes/Users.php?f=save_user` | High
-32 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-33 | File | `/secure/admin/ViewInstrumentation.jspa` | High
-34 | File | `/secure/QueryComponent!Default.jspa` | High
-35 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
-36 | File | `/start-stop` | Medium
-37 | File | `/start_apply.htm` | High
-38 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
-39 | File | `/tmp/app/.env` | High
-40 | File | `/uncpath/` | Medium
-41 | File | `/upload` | Low
-42 | File | `/usr/bin/pkexec` | High
-43 | File | `/v2/quantum/save-data-upload-big-file` | High
-44 | File | `/WEB-INF/web.xml` | High
-45 | File | `/wp-admin/admin-ajax.php` | High
+5 | File | `/authUserAction!edit.action` | High
+6 | File | `/baseOpLog.do` | High
+7 | File | `/category_view.php` | High
+8 | File | `/cgi-bin/portal` | High
+9 | File | `/cgi-bin/system_mgr.cgi` | High
+10 | File | `/common/download?filename=1.jsp&delete=false` | High
+11 | File | `/csms/?page=contact_us` | High
+12 | File | `/debug` | Low
+13 | File | `/debug/pprof` | Medium
+14 | File | `/forum/away.php` | High
+15 | File | `/goform/PowerSaveSet` | High
+16 | File | `/include/make.php` | High
+17 | File | `/index.php` | Medium
+18 | File | `/jeecg-boot/sys/common/upload` | High
+19 | File | `/lists/admin/` | High
+20 | File | `/login.cgi?logout=1` | High
+21 | File | `/medical/inventories.php` | High
+22 | File | `/members/view_member.php` | High
+23 | File | `/mgmt/tm/util/bash` | High
+24 | File | `/module/admin_logs` | High
+25 | File | `/nova/bin/console` | High
+26 | File | `/owa/auth/logon.aspx` | High
+27 | File | `/plesk-site-preview/` | High
+28 | File | `/public/login.htm` | High
+29 | File | `/public/plugins/` | High
+30 | File | `/replication` | Medium
+31 | File | `/SASWebReportStudio/logonAndRender.do` | High
+32 | File | `/scas/classes/Users.php?f=save_user` | High
+33 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+34 | File | `/secure/admin/ViewInstrumentation.jspa` | High
+35 | File | `/secure/QueryComponent!Default.jspa` | High
+36 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
+37 | File | `/start-stop` | Medium
+38 | File | `/start_apply.htm` | High
+39 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
+40 | File | `/tmp/app/.env` | High
+41 | File | `/uncpath/` | Medium
+42 | File | `/upload` | Low
+43 | File | `/usr/bin/pkexec` | High
+44 | File | `/v2/quantum/save-data-upload-big-file` | High
+45 | File | `/WEB-INF/web.xml` | High
 46 | ... | ... | ...
 
 There are 395 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

actors/Africa Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [NL](https://vuldb.com/?country.nl)
 * ...
 
-There are 25 more country items available. Please use our online service to access the data.
+There are 23 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -2206,7 +2206,7 @@ ID | Technique | Weakness | Description | Confidence
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 20 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -2218,50 +2218,56 @@ ID | Type | Indicator | Confidence
 2 | File | `/admin.php?action=themeinstall` | High
 3 | File | `/admin/api/admin/articles/` | High
 4 | File | `/admin/controller/JobLogController.java` | High
-5 | File | `/admin/students/manage.php` | High
-6 | File | `/admin/subnets/ripe-query.php` | High
-7 | File | `/api/audits` | Medium
-8 | File | `/api/resource/Item?fields` | High
-9 | File | `/api/v1/attack/token` | High
-10 | File | `/balance/service/list` | High
-11 | File | `/cgi-bin/luci/api/wireless` | High
-12 | File | `/cgi-bin/webadminget.cgi` | High
-13 | File | `/crmeb/crmeb/services/UploadService.php` | High
-14 | File | `/debug/pprof` | Medium
-15 | File | `/dev/block/mmcblk0rpmb` | High
-16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-17 | File | `/env` | Low
-18 | File | `/etc/passwd` | Medium
-19 | File | `/etc/sudoers` | Medium
-20 | File | `/face-recognition-php/facepay-master/camera.php` | High
-21 | File | `/fos/admin/ajax.php?action=login` | High
-22 | File | `/fos/admin/index.php?page=menu` | High
-23 | File | `/goform/WifiBasicSet` | High
-24 | File | `/hardware` | Medium
-25 | File | `/home/masterConsole` | High
-26 | File | `/home/sendBroadcast` | High
-27 | File | `/hrm/controller/employee.php` | High
-28 | File | `/hrm/employeeadd.php` | High
-29 | File | `/hrm/employeeview.php` | High
-30 | File | `/includes/login.php` | High
-31 | File | `/Items/*/RemoteImages/Download` | High
-32 | File | `/jerry-core/parser/js/js-scanner-util.c` | High
-33 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-34 | File | `/lookin/info` | Medium
-35 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
-36 | File | `/out.php` | Medium
-37 | File | `/php-sms/classes/Master.php` | High
-38 | File | `/php-sms/classes/SystemSettings.php` | High
-39 | File | `/plugin/getList` | High
-40 | File | `/proxy` | Low
-41 | File | `/psrs/admin/?page=inquiries/view_inquiry` | High
-42 | File | `/Redcock-Farm/farm/category.php` | High
-43 | File | `/reports/rwservlet` | High
-44 | File | `/sacco_shield/manage_payment.php` | High
-45 | File | `/spip.php` | Medium
-46 | ... | ... | ...
+5 | File | `/admin/index2.html` | High
+6 | File | `/admin/scripts/pi-hole/phpqueryads.php` | High
+7 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+8 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+9 | File | `/api/audits` | Medium
+10 | File | `/api/resource/Item?fields` | High
+11 | File | `/APR/login.php` | High
+12 | File | `/APR/signup.php` | High
+13 | File | `/bin/httpd` | Medium
+14 | File | `/cgi-bin/kerbynet` | High
+15 | File | `/cgi-bin/luci/api/wireless` | High
+16 | File | `/cgi-bin/wapopen` | High
+17 | File | `/cgi-bin/webadminget.cgi` | High
+18 | File | `/controller/OnlinePreviewController.java` | High
+19 | File | `/debug/pprof` | Medium
+20 | File | `/dev/block/mmcblk0rpmb` | High
+21 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+22 | File | `/env` | Low
+23 | File | `/etc/sudoers` | Medium
+24 | File | `/face-recognition-php/facepay-master/camera.php` | High
+25 | File | `/forum/away.php` | High
+26 | File | `/fos/admin/ajax.php?action=login` | High
+27 | File | `/fos/admin/index.php?page=menu` | High
+28 | File | `/goform/WifiBasicSet` | High
+29 | File | `/hardware` | Medium
+30 | File | `/home/masterConsole` | High
+31 | File | `/home/sendBroadcast` | High
+32 | File | `/hrm/controller/employee.php` | High
+33 | File | `/hrm/employeeadd.php` | High
+34 | File | `/hrm/employeeview.php` | High
+35 | File | `/IISADMPWD` | Medium
+36 | File | `/includes/login.php` | High
+37 | File | `/index.php` | Medium
+38 | File | `/Items/*/RemoteImages/Download` | High
+39 | File | `/jerry-core/parser/js/js-scanner-util.c` | High
+40 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+41 | File | `/lookin/info` | Medium
+42 | File | `/Moosikay/order.php` | High
+43 | File | `/mygym/admin/index.php?view_exercises` | High
+44 | File | `/out.php` | Medium
+45 | File | `/pet_shop/admin/orders/update_status.php` | High
+46 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
+47 | File | `/php-opos/index.php` | High
+48 | File | `/proxy` | Low
+49 | File | `/psrs/admin/?page=inquiries/view_inquiry` | High
+50 | File | `/reports/rwservlet` | High
+51 | File | `/sacco_shield/manage_payment.php` | High
+52 | ... | ... | ...
 
-There are 402 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 451 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Agent Tesla/README.md

@@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
-* [CA](https://vuldb.com/?country.ca)
+* [GB](https://vuldb.com/?country.gb)
 * ...
 
 There are 19 more country items available. Please use our online service to access the data.
@@ -84,29 +84,29 @@ ID | Type | Indicator | Confidence
 21 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
 22 | File | `/var/log/nginx` | High
 23 | File | `/var/tmp/sess_*` | High
-24 | File | `/youthappam/add-food.php` | High
-25 | File | `/youthappam/editclient.php` | High
-26 | File | `action.php` | Medium
-27 | File | `actionphp/download.File.php` | High
-28 | File | `add_comment.php` | High
-29 | File | `admin.a6mambocredits.php` | High
-30 | File | `admin.php` | Medium
-31 | File | `admin/admin.php` | High
-32 | File | `admin/content.php` | High
-33 | File | `admin/import/class-import-settings.php` | High
-34 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
-35 | File | `admin/sitesettings.php` | High
-36 | File | `admin_gallery.php3` | High
-37 | File | `affich.php` | Medium
-38 | File | `agent/Core/Controller/SendRequest.cpp` | High
-39 | File | `akeyActivationLogin.do` | High
-40 | File | `album_portal.php` | High
-41 | File | `apache-auth.conf` | High
-42 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
-43 | File | `Asc.exe` | Low
+24 | File | `/wp-admin/options.php` | High
+25 | File | `/youthappam/add-food.php` | High
+26 | File | `/youthappam/editclient.php` | High
+27 | File | `action.php` | Medium
+28 | File | `actionphp/download.File.php` | High
+29 | File | `add_comment.php` | High
+30 | File | `admin.a6mambocredits.php` | High
+31 | File | `admin.php` | Medium
+32 | File | `admin/admin.php` | High
+33 | File | `admin/content.php` | High
+34 | File | `admin/import/class-import-settings.php` | High
+35 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
+36 | File | `admin/sitesettings.php` | High
+37 | File | `admin_gallery.php3` | High
+38 | File | `affich.php` | Medium
+39 | File | `agent/Core/Controller/SendRequest.cpp` | High
+40 | File | `akeyActivationLogin.do` | High
+41 | File | `album_portal.php` | High
+42 | File | `apache-auth.conf` | High
+43 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
 44 | ... | ... | ...
 
-There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 380 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Agent/README.md

@@ -53,41 +53,41 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/+CSCOE+/logon.html` | High
 2 | File | `/.ssh/authorized_keys` | High
-3 | File | `/admin/default.asp` | High
-4 | File | `/ajax/networking/get_netcfg.php` | High
-5 | File | `/api` | Low
-6 | File | `/app/options.py` | High
-7 | File | `/bin/httpd` | Medium
-8 | File | `/cgi-bin/wapopen` | High
-9 | File | `/ci_spms/admin/category` | High
-10 | File | `/ci_spms/admin/search/searching/` | High
-11 | File | `/classes/Master.php?f=delete_appointment` | High
-12 | File | `/classes/Master.php?f=delete_train` | High
-13 | File | `/cms/print.php` | High
-14 | File | `/concat?/%2557EB-INF/web.xml` | High
-15 | File | `/Content/Template/root/reverse-shell.aspx` | High
-16 | File | `/ctcprotocol/Protocol` | High
-17 | File | `/dashboard/menu-list.php` | High
-18 | File | `/dashboard/updatelogo.php` | High
-19 | File | `/data/remove` | Medium
-20 | File | `/download` | Medium
+3 | File | `/ajax/networking/get_netcfg.php` | High
+4 | File | `/api` | Low
+5 | File | `/app/options.py` | High
+6 | File | `/bin/httpd` | Medium
+7 | File | `/cgi-bin/wapopen` | High
+8 | File | `/ci_spms/admin/category` | High
+9 | File | `/ci_spms/admin/search/searching/` | High
+10 | File | `/classes/Master.php?f=delete_appointment` | High
+11 | File | `/classes/Master.php?f=delete_train` | High
+12 | File | `/cms/print.php` | High
+13 | File | `/concat?/%2557EB-INF/web.xml` | High
+14 | File | `/Content/Template/root/reverse-shell.aspx` | High
+15 | File | `/ctcprotocol/Protocol` | High
+16 | File | `/dashboard/menu-list.php` | High
+17 | File | `/dashboard/updatelogo.php` | High
+18 | File | `/data/remove` | Medium
+19 | File | `/download` | Medium
+20 | File | `/ebics-server/ebics.aspx` | High
 21 | File | `/etc/openshift/server_priv.pem` | High
 22 | File | `/ffos/classes/Master.php?f=save_category` | High
 23 | File | `/forum/away.php` | High
 24 | File | `/goforms/rlminfo` | High
-25 | File | `/hospital/hms/admin/patient-search.php` | High
-26 | File | `/index.php` | Medium
-27 | File | `/Items/*/RemoteImages/Download` | High
-28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-29 | File | `/menu.html` | Medium
-30 | File | `/mkshop/Men/profile.php` | High
-31 | File | `/modules/announcement/index.php?view=edit` | High
-32 | File | `/navigate/navigate_download.php` | High
-33 | File | `/Noxen-master/users.php` | High
-34 | File | `/ocwbs/admin/?page=user/manage_user` | High
-35 | File | `/ofrs/admin/?page=user/manage_user` | High
-36 | File | `/out.php` | Medium
-37 | File | `/owa/auth/logon.aspx` | High
+25 | File | `/HNAP1/SetClientInfo` | High
+26 | File | `/hospital/hms/admin/patient-search.php` | High
+27 | File | `/index.php` | Medium
+28 | File | `/Items/*/RemoteImages/Download` | High
+29 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+30 | File | `/menu.html` | Medium
+31 | File | `/mkshop/Men/profile.php` | High
+32 | File | `/modules/announcement/index.php?view=edit` | High
+33 | File | `/navigate/navigate_download.php` | High
+34 | File | `/Noxen-master/users.php` | High
+35 | File | `/ocwbs/admin/?page=user/manage_user` | High
+36 | File | `/ofrs/admin/?page=user/manage_user` | High
+37 | File | `/out.php` | Medium
 38 | File | `/password.html` | High
 39 | File | `/php_action/fetchSelectedUser.php` | High
 40 | File | `/port_3480/data_request` | High
@@ -97,11 +97,9 @@ ID | Type | Indicator | Confidence
 44 | File | `/resources//../` | High
 45 | File | `/rest/api/2/search` | High
 46 | File | `/s/` | Low
-47 | File | `/scripts/cpan_config` | High
-48 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-49 | ... | ... | ...
+47 | ... | ... | ...
 
-There are 424 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 406 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Arkei/README.md

@@ -42,7 +42,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1059.007 | CWE-79 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
 
-There are 5 more TTP items available. Please use our online service to access the data.
+There are 6 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -57,7 +57,7 @@ ID | Type | Indicator | Confidence
 5 | File | `boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php` | High
 6 | ... | ... | ...
 
-There are 36 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 38 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Asia Unknown/README.md

@@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Asia Unknown:
 
 * [US](https://vuldb.com/?country.us)
-* [VN](https://vuldb.com/?country.vn)
 * [JP](https://vuldb.com/?country.jp)
+* [VN](https://vuldb.com/?country.vn)
 * ...
 
 There are 21 more country items available. Please use our online service to access the data.
@@ -13650,14 +13650,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
-6 | ... | ... | ... | ...
+1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...
 
-There are 19 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -13665,42 +13664,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `$GIT_DIR/objects` | High
-2 | File | `/admin/admin.php` | High
-3 | File | `/admin/admin_manage/delete` | High
-4 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-5 | File | `/api/` | Low
-6 | File | `/backup.pl` | Medium
-7 | File | `/bin/httpd` | Medium
-8 | File | `/bin/sh` | Low
-9 | File | `/debug/pprof` | Medium
-10 | File | `/ecshop/admin/template.php` | High
-11 | File | `/etc/config/product.ini` | High
-12 | File | `/etc/tomcat8/Catalina/attack` | High
-13 | File | `/forms/doLogin` | High
-14 | File | `/forum/away.php` | High
-15 | File | `/forum/PostPrivateMessage` | High
-16 | File | `/home/cavesConsole` | High
-17 | File | `/home/masterConsole` | High
-18 | File | `/home/sendBroadcast` | High
-19 | File | `/oews/classes/Master.php?f=update_cart` | High
-20 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
-21 | File | `/out.php` | Medium
-22 | File | `/param.file.tgz` | High
-23 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
-24 | File | `/php-opos/index.php` | High
-25 | File | `/public/login.htm` | High
-26 | File | `/secure/QueryComponent!Default.jspa` | High
-27 | File | `/spip.php` | Medium
-28 | File | `/start_apply.htm` | High
-29 | File | `/tmp` | Low
-30 | File | `/uncpath/` | Medium
-31 | File | `/user/updatePwd` | High
-32 | File | `/users/delete/2` | High
-33 | File | `/usr/bin/pkexec` | High
-34 | ... | ... | ...
+1 | File | `/+CSCOE+/logon.html` | High
+2 | File | `/admin.php/accessory/filesdel.html` | High
+3 | File | `/admin/` | Low
+4 | File | `/admin/?page=user/manage` | High
+5 | File | `/admin/add-new.php` | High
+6 | File | `/admin/doctors.php` | High
+7 | File | `/admin/edit-doc.php` | High
+8 | File | `/admin/index3.php` | High
+9 | File | `/admin/main/mod-blog` | High
+10 | File | `/admin/patient.php` | High
+11 | File | `/advanced/adv_dns.xgi` | High
+12 | File | `/agc/vicidial.php` | High
+13 | File | `/alphaware/summary.php` | High
+14 | File | `/api/admin/system/store/order/list` | High
+15 | File | `/APR/login.php` | High
+16 | File | `/APR/signup.php` | High
+17 | File | `/boat/login.php` | High
+18 | File | `/browse.PROJECTKEY` | High
+19 | File | `/cgi-bin/luci/api/auth` | High
+20 | File | `/cgi-bin/mft/wireless_mft` | High
+21 | File | `/debug/pprof` | Medium
+22 | File | `/edoc/doctor/patient.php` | High
+23 | File | `/filemanager/php/connector.php` | High
+24 | File | `/home/www/cgi-bin/login.cgi` | High
+25 | File | `/mims/login.php` | High
+26 | File | `/Moosikay/order.php` | High
+27 | File | `/php-scrm/login.php` | High
+28 | File | `/plugins/playbooks/api/v0/playbooks/[playbookID` | High
+29 | File | `/plugins/playbooks/api/v0/runs` | High
+30 | File | `/reservation/add_message.php` | High
+31 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
+32 | File | `/rukovoditel/index.php?module=users/login` | High
+33 | File | `/secure/QueryComponent!Default.jspa` | High
+34 | File | `/static/ueditor/php/controller.php` | High
+35 | File | `/textpattern/index.php` | High
+36 | File | `/tmp` | Low
+37 | ... | ... | ...
 
-There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Australia Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...
 
-There are 22 more country items available. Please use our online service to access the data.
+There are 14 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -2002,12 +2002,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
 2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...
 
 There are 18 more TTP items available. Please use our online service to access the data.
 
@@ -2018,50 +2017,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `$GIT_DIR/objects` | High
-2 | File | `.github/workflows/combine-prs.yml` | High
-3 | File | `/admin/admin_manage/delete` | High
-4 | File | `/admin/api/admin/articles/` | High
+2 | File | `/admin.php?action=themeinstall` | High
+3 | File | `/admin/` | Low
+4 | File | `/admin/admin_manage/delete` | High
 5 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
 6 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-7 | File | `/alarm_pi/alarmService.php` | High
-8 | File | `/api/` | Low
-9 | File | `/bin/httpd` | Medium
-10 | File | `/bsms_ci/index.php/book` | High
+7 | File | `/api/` | Low
+8 | File | `/APR/signup.php` | High
+9 | File | `/backup.pl` | Medium
+10 | File | `/bin/httpd` | Medium
 11 | File | `/cgi-bin/luci/api/wireless` | High
-12 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
-13 | File | `/debug/pprof` | Medium
-14 | File | `/dev/block/mmcblk0rpmb` | High
-15 | File | `/env` | Low
+12 | File | `/cgi-bin/supervisor/adcommand.cgi` | High
+13 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
+14 | File | `/cmscp/ext/collect/fetch_url.do` | High
+15 | File | `/debug/pprof` | Medium
 16 | File | `/face-recognition-php/facepay-master/camera.php` | High
 17 | File | `/forms/doLogin` | High
-18 | File | `/forum/away.php` | High
-19 | File | `/forum/PostPrivateMessage` | High
-20 | File | `/fos/admin/ajax.php?action=login` | High
-21 | File | `/fos/admin/index.php?page=menu` | High
-22 | File | `/home/masterConsole` | High
-23 | File | `/home/sendBroadcast` | High
-24 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-25 | File | `/login/index.php` | High
-26 | File | `/medicines/profile.php` | High
-27 | File | `/orrs/admin/?page=user/manage_user` | High
-28 | File | `/out.php` | Medium
-29 | File | `/param.file.tgz` | High
-30 | File | `/proxy` | Low
-31 | File | `/reports/rwservlet` | High
-32 | File | `/secure/QueryComponent!Default.jspa` | High
-33 | File | `/SkycaijiApp/admin/controller/Mystore.php` | High
-34 | File | `/spip.php` | Medium
-35 | File | `/template/edit` | High
-36 | File | `/tmp` | Low
-37 | File | `/uncpath/` | Medium
-38 | File | `/user/s.php` | Medium
-39 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
-40 | File | `/wireless/guestnetwork.asp` | High
-41 | File | `/wireless/security.asp` | High
-42 | File | `/wp-admin/admin-ajax.php` | High
-43 | ... | ... | ...
+18 | File | `/forum/PostPrivateMessage` | High
+19 | File | `/home/masterConsole` | High
+20 | File | `/home/sendBroadcast` | High
+21 | File | `/Hospital-Management-System-master/func.php` | High
+22 | File | `/includes/login.php` | High
+23 | File | `/login/index.php` | High
+24 | File | `/mims/login.php` | High
+25 | File | `/mygym/admin/index.php?view_exercises` | High
+26 | File | `/orrs/admin/?page=user/manage_user` | High
+27 | File | `/param.file.tgz` | High
+28 | File | `/php-opos/index.php` | High
+29 | File | `/php-scrm/login.php` | High
+30 | File | `/secure/QueryComponent!Default.jspa` | High
+31 | File | `/SkycaijiApp/admin/controller/Mystore.php` | High
+32 | File | `/spip.php` | Medium
+33 | File | `/tmp` | Low
+34 | File | `/uncpath/` | Medium
+35 | File | `/user/s.php` | Medium
+36 | ... | ... | ...
 
-There are 373 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/B1txor20/README.md

@@ -52,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 21 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -62,37 +62,44 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
 2 | File | `/admin.php/accessory/filesdel.html` | High
-3 | File | `/admin/index3.php` | High
-4 | File | `/admin_area/login_transfer.php` | High
-5 | File | `/adms/admin/?page=user/manage_user` | High
-6 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-7 | File | `/apply.cgi` | Medium
-8 | File | `/bsms_ci/index.php/book` | High
-9 | File | `/cgi-bin/wlogin.cgi` | High
-10 | File | `/debug/pprof` | Medium
-11 | File | `/ecshop/admin/template.php` | High
-12 | File | `/forum/away.php` | High
-13 | File | `/forums.php?action=post` | High
-14 | File | `/goform/formDefault` | High
-15 | File | `/goform/formLogin` | High
-16 | File | `/goform/formSysCmd` | High
-17 | File | `/goform/fromSetWirelessRepeat` | High
-18 | File | `/index.php` | Medium
-19 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
-20 | File | `/list.php` | Medium
-21 | File | `/login/index.php` | High
-22 | File | `/medicines/profile.php` | High
-23 | File | `/Moosikay/order.php` | High
-24 | File | `/SetNetworkSettings/SubnetMask` | High
-25 | File | `/setNTP.cgi` | Medium
-26 | File | `/spip.php` | Medium
-27 | File | `/tmp` | Low
-28 | File | `/tpts/manage_user.php` | High
-29 | File | `/user/s.php` | Medium
-30 | File | `/usr/etc/restore0.9` | High
-31 | ... | ... | ...
+3 | File | `/admin/?page=user/manage` | High
+4 | File | `/admin/add-new.php` | High
+5 | File | `/admin/doctors.php` | High
+6 | File | `/admin/index3.php` | High
+7 | File | `/admin_area/login_transfer.php` | High
+8 | File | `/adms/admin/?page=user/manage_user` | High
+9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+10 | File | `/ajax/update_certificate` | High
+11 | File | `/alphaware/summary.php` | High
+12 | File | `/apply.cgi` | Medium
+13 | File | `/boat/login.php` | High
+14 | File | `/bsms_ci/index.php/book` | High
+15 | File | `/cgi-bin/wlogin.cgi` | High
+16 | File | `/debug/pprof` | Medium
+17 | File | `/ecshop/admin/template.php` | High
+18 | File | `/eduauth/student/search.php` | High
+19 | File | `/forum/away.php` | High
+20 | File | `/forums.php?action=post` | High
+21 | File | `/goform/formDefault` | High
+22 | File | `/goform/formLogin` | High
+23 | File | `/goform/formSysCmd` | High
+24 | File | `/goform/fromSetWirelessRepeat` | High
+25 | File | `/goform/WifiBasicSet` | High
+26 | File | `/index.php` | Medium
+27 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
+28 | File | `/list.php` | Medium
+29 | File | `/login/index.php` | High
+30 | File | `/medicines/profile.php` | High
+31 | File | `/Moosikay/order.php` | High
+32 | File | `/philosophy/admin/user/controller.php?action=add` | High
+33 | File | `/php-opos/signup.php` | High
+34 | File | `/reservation/add_message.php` | High
+35 | File | `/SetNetworkSettings/SubnetMask` | High
+36 | File | `/setNTP.cgi` | Medium
+37 | File | `/spip.php` | Medium
+38 | ... | ... | ...
 
-There are 267 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 327 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/BackdoorDiplomacy/README.md

@@ -49,7 +49,7 @@ ID | Technique | Weakness | Description | Confidence
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 21 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -79,9 +79,9 @@ ID | Type | Indicator | Confidence
 20 | File | `/ffos/classes/Master.php?f=save_category` | High
 21 | File | `/forum/away.php` | High
 22 | File | `/goforms/rlminfo` | High
-23 | File | `/index.php/newsletter/subscriber/new/` | High
-24 | File | `/Items/*/RemoteImages/Download` | High
-25 | File | `/login` | Low
+23 | File | `/HNAP1/SetClientInfo` | High
+24 | File | `/index.php/newsletter/subscriber/new/` | High
+25 | File | `/Items/*/RemoteImages/Download` | High
 26 | File | `/menu.html` | Medium
 27 | File | `/mkshop/Men/profile.php` | High
 28 | File | `/navigate/navigate_download.php` | High
@@ -104,15 +104,15 @@ ID | Type | Indicator | Confidence
 45 | File | `/sys/dict/queryTableData` | High
 46 | File | `/tmp` | Low
 47 | File | `/uncpath/` | Medium
-48 | File | `/vloggers_merch/?p=view_product` | High
-49 | ... | ... | ...
+48 | ... | ... | ...
 
-There are 426 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 419 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
+* https://github.com/eset/malware-ioc/tree/master/backdoordiplomacy
 * https://www.bitdefender.com/files/News/CaseStudies/study/426/Bitdefender-PR-Whitepaper-BackdoorDiplomacy-creat6507-en-EN.pdf
 * https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
 

actors/Bahamas Unknown/README.md

@@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [US](https://vuldb.com/?country.us)
 * [ES](https://vuldb.com/?country.es)
-* [DE](https://vuldb.com/?country.de)
+* [AR](https://vuldb.com/?country.ar)
 * ...
 
-There are 19 more country items available. Please use our online service to access the data.
+There are 17 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -23,19 +23,24 @@ ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [5.62.56.24](https://vuldb.com/?ip.5.62.56.24) | r-24-56-62-5.consumer-pool.prcdn.net | - | High
 2 | [5.62.58.24](https://vuldb.com/?ip.5.62.58.24) | r-24-58-62-5.consumer-pool.prcdn.net | - | High
-3 | [23.232.250.0](https://vuldb.com/?ip.23.232.250.0) | - | - | High
-4 | [24.51.64.0](https://vuldb.com/?ip.24.51.64.0) | - | - | High
-5 | [24.206.0.0](https://vuldb.com/?ip.24.206.0.0) | - | - | High
-6 | [24.231.32.0](https://vuldb.com/?ip.24.231.32.0) | - | - | High
-7 | [24.244.128.0](https://vuldb.com/?ip.24.244.128.0) | - | - | High
-8 | [31.220.6.0](https://vuldb.com/?ip.31.220.6.0) | - | - | High
-9 | [45.12.70.32](https://vuldb.com/?ip.45.12.70.32) | blushers.get-eye.com | - | High
-10 | [45.12.71.32](https://vuldb.com/?ip.45.12.71.32) | - | - | High
-11 | [45.62.191.48](https://vuldb.com/?ip.45.62.191.48) | - | - | High
-12 | [63.245.112.0](https://vuldb.com/?ip.63.245.112.0) | d-63-245-112-0.batelnet.bs | - | High
-13 | ... | ... | ... | ...
+3 | [23.185.48.0](https://vuldb.com/?ip.23.185.48.0) | - | - | High
+4 | [23.190.112.0](https://vuldb.com/?ip.23.190.112.0) | - | - | High
+5 | [23.232.250.0](https://vuldb.com/?ip.23.232.250.0) | - | - | High
+6 | [24.51.64.0](https://vuldb.com/?ip.24.51.64.0) | - | - | High
+7 | [24.206.0.0](https://vuldb.com/?ip.24.206.0.0) | - | - | High
+8 | [24.231.32.0](https://vuldb.com/?ip.24.231.32.0) | - | - | High
+9 | [24.244.128.0](https://vuldb.com/?ip.24.244.128.0) | - | - | High
+10 | [24.244.160.0](https://vuldb.com/?ip.24.244.160.0) | - | - | High
+11 | [24.244.168.0](https://vuldb.com/?ip.24.244.168.0) | - | - | High
+12 | [24.244.170.0](https://vuldb.com/?ip.24.244.170.0) | - | - | High
+13 | [24.244.172.0](https://vuldb.com/?ip.24.244.172.0) | - | - | High
+14 | [24.244.176.0](https://vuldb.com/?ip.24.244.176.0) | - | - | High
+15 | [31.220.6.0](https://vuldb.com/?ip.31.220.6.0) | - | - | High
+16 | [45.12.70.32](https://vuldb.com/?ip.45.12.70.32) | blushers.get-eye.com | - | High
+17 | [45.12.71.32](https://vuldb.com/?ip.45.12.71.32) | - | - | High
+18 | ... | ... | ... | ...
 
-There are 46 more IOC items available. Please use our online service to access the data.
+There are 67 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -43,13 +48,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-22 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 5 | ... | ... | ... | ...
 
-There are 15 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -57,70 +62,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin/photo.php` | High
-2 | File | `/admin/user/add` | High
-3 | File | `/APP_Installation.asp` | High
-4 | File | `/categorypage.php` | High
-5 | File | `/cm/delete` | Medium
-6 | File | `/common/logViewer/logViewer.jsf` | High
-7 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
-8 | File | `/drivers/media/media-device.c` | High
-9 | File | `/etc/master.passwd` | High
-10 | File | `/filemanager/upload.php` | High
-11 | File | `/forum/away.php` | High
-12 | File | `/getcfg.php` | Medium
-13 | File | `/home.php` | Medium
-14 | File | `/homeaction.php` | High
-15 | File | `/horde/util/go.php` | High
-16 | File | `/index.php` | Medium
-17 | File | `/modules/profile/index.php` | High
-18 | File | `/modules/tasks/summary.inc.php` | High
-19 | File | `/multi-vendor-shopping-script/product-list.php` | High
-20 | File | `/out.php` | Medium
-21 | File | `/p` | Low
-22 | File | `/preauth` | Medium
-23 | File | `/products/details.asp` | High
-24 | File | `/recordings/index.php` | High
-25 | File | `/see_more_details.php` | High
-26 | File | `/show_news.php` | High
-27 | File | `/tmp/before` | Medium
-28 | File | `/uncpath/` | Medium
-29 | File | `/updownload/t.report` | High
-30 | File | `/user.profile.php` | High
-31 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
-32 | File | `/wordpress/wp-admin/options-general.php` | High
-33 | File | `/wp-admin` | Medium
-34 | File | `/wp-admin/admin-ajax.php` | High
-35 | File | `account.asp` | Medium
-36 | File | `adclick.php` | Medium
-37 | File | `add_comment.php` | High
-38 | File | `adm/systools.asp` | High
-39 | File | `admin.php` | Medium
-40 | File | `admin/admin.shtml` | High
-41 | File | `Admin/ADM_Pagina.php` | High
-42 | File | `admin/category.inc.php` | High
-43 | File | `admin/main.asp` | High
-44 | File | `admin/param/param_func.inc.php` | High
-45 | File | `admin/y_admin.asp` | High
-46 | File | `adminer.php` | Medium
-47 | File | `administrator/components/com_media/helpers/media.php` | High
-48 | File | `admin_ok.asp` | Medium
-49 | File | `app/Core/Paginator.php` | High
-50 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
-51 | File | `artlinks.dispnew.php` | High
-52 | File | `auth.php` | Medium
-53 | File | `bin/named/query.c` | High
-54 | File | `blank.php` | Medium
-55 | File | `blocklayered-ajax.php` | High
-56 | ... | ... | ...
+1 | File | `/?admin/user.html` | High
+2 | File | `/addnews.html` | High
+3 | File | `/admin.php?r=admin/AdminBackup/del` | High
+4 | File | `/admin/addemployee.php` | High
+5 | File | `/admin/edit.php` | High
+6 | File | `/admin/index.php/template/ajax?action=delete` | High
+7 | File | `/admin/index.php?mode=content&page=media&action=edit` | High
+8 | File | `/admin/photo.php` | High
+9 | File | `/admin/users.php?source=edit_user&id=1` | High
+10 | File | `/administrator/alerts/alertLightbox.php` | High
+11 | File | `/administrator/templates/default/html/windows/right.php` | High
+12 | File | `/apps/acs-commons/content/page-compare.html` | High
+13 | File | `/cgi-bin/webadminget.cgi` | High
+14 | File | `/demo/module/?module=HERE` | High
+15 | File | `/download/set.cgi` | High
+16 | File | `/dvcset/sysset/set.cgi` | High
+17 | File | `/forum/away.php` | High
+18 | File | `/goform/SysToolReboot` | High
+19 | File | `/goform/WifiExtraSet` | High
+20 | File | `/index.php` | Medium
+21 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
+22 | File | `/mkshop/Men/profile.php` | High
+23 | File | `/mngset/authset` | High
+24 | File | `/mobile/downloadfile.aspx` | High
+25 | File | `/net/nfc/netlink.c` | High
+26 | File | `/out.php` | Medium
+27 | File | `/outgoing.php` | High
+28 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
+29 | File | `/preauth` | Medium
+30 | File | `/presale/join` | High
+31 | ... | ... | ...
 
-There are 487 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 260 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bs.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bs.netset
 
 ## Literature
 

actors/Bahrain Unknown/README.md

@@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bahrain Unknown:
 
 * [US](https://vuldb.com/?country.us)
-* [CN](https://vuldb.com/?country.cn)
-* [GB](https://vuldb.com/?country.gb)
+* [JP](https://vuldb.com/?country.jp)
+* [DE](https://vuldb.com/?country.de)
 * ...
 
-There are 21 more country items available. Please use our online service to access the data.
+There are 22 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -21,29 +21,41 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [5.1.42.0](https://vuldb.com/?ip.5.1.42.0) | customer.mikronet.it | - | High
-2 | [5.62.60.20](https://vuldb.com/?ip.5.62.60.20) | r-20-60-62-5.consumer-pool.prcdn.net | - | High
-3 | [5.62.62.20](https://vuldb.com/?ip.5.62.62.20) | r-20-62-62-5.consumer-pool.prcdn.net | - | High
-4 | [13.248.106.0](https://vuldb.com/?ip.13.248.106.0) | - | - | High
-5 | [15.185.0.0](https://vuldb.com/?ip.15.185.0.0) | ec2-15-185-0-0.me-south-1.compute.amazonaws.com | - | Medium
-6 | [23.247.137.0](https://vuldb.com/?ip.23.247.137.0) | - | - | High
-7 | [37.131.0.0](https://vuldb.com/?ip.37.131.0.0) | - | - | High
-8 | [45.11.72.0](https://vuldb.com/?ip.45.11.72.0) | - | - | High
-9 | [45.11.75.0](https://vuldb.com/?ip.45.11.75.0) | - | - | High
-10 | [45.12.70.23](https://vuldb.com/?ip.45.12.70.23) | dealer.get-eye.com | - | High
-11 | [45.12.71.23](https://vuldb.com/?ip.45.12.71.23) | - | - | High
-12 | [45.149.84.0](https://vuldb.com/?ip.45.149.84.0) | - | - | High
-13 | [46.42.64.0](https://vuldb.com/?ip.46.42.64.0) | - | - | High
-14 | [46.184.128.0](https://vuldb.com/?ip.46.184.128.0) | - | - | High
-15 | [46.235.208.0](https://vuldb.com/?ip.46.235.208.0) | - | - | High
-16 | [46.243.150.0](https://vuldb.com/?ip.46.243.150.0) | - | - | High
-17 | [52.93.69.0](https://vuldb.com/?ip.52.93.69.0) | - | - | High
-18 | [52.93.224.0](https://vuldb.com/?ip.52.93.224.0) | - | - | High
-19 | [52.94.249.160](https://vuldb.com/?ip.52.94.249.160) | - | - | High
-20 | [52.95.172.0](https://vuldb.com/?ip.52.95.172.0) | s3-r-w.me-south-1.amazonaws.com | - | Medium
-21 | ... | ... | ... | ...
+1 | [3.5.48.0](https://vuldb.com/?ip.3.5.48.0) | - | - | High
+2 | [3.5.220.0](https://vuldb.com/?ip.3.5.220.0) | - | - | High
+3 | [3.28.0.0](https://vuldb.com/?ip.3.28.0.0) | ec2-3-28-0-0.me-central-1.compute.amazonaws.com | - | Medium
+4 | [5.1.42.0](https://vuldb.com/?ip.5.1.42.0) | customer.mikronet.it | - | High
+5 | [5.62.60.20](https://vuldb.com/?ip.5.62.60.20) | r-20-60-62-5.consumer-pool.prcdn.net | - | High
+6 | [5.62.62.20](https://vuldb.com/?ip.5.62.62.20) | r-20-62-62-5.consumer-pool.prcdn.net | - | High
+7 | [13.34.35.0](https://vuldb.com/?ip.13.34.35.0) | - | - | High
+8 | [13.226.117.0](https://vuldb.com/?ip.13.226.117.0) | server-13-226-117-0.bah53.r.cloudfront.net | - | High
+9 | [13.226.118.0](https://vuldb.com/?ip.13.226.118.0) | server-13-226-118-0.bah53.r.cloudfront.net | - | High
+10 | [13.227.0.0](https://vuldb.com/?ip.13.227.0.0) | server-13-227-0-0.bah53.r.cloudfront.net | - | High
+11 | [13.227.4.0](https://vuldb.com/?ip.13.227.4.0) | server-13-227-4-0.bah53.r.cloudfront.net | - | High
+12 | [13.227.8.0](https://vuldb.com/?ip.13.227.8.0) | server-13-227-8-0.bah53.r.cloudfront.net | - | High
+13 | [13.248.66.0](https://vuldb.com/?ip.13.248.66.0) | - | - | High
+14 | [13.248.106.0](https://vuldb.com/?ip.13.248.106.0) | - | - | High
+15 | [15.177.87.0](https://vuldb.com/?ip.15.177.87.0) | - | - | High
+16 | [15.184.0.0](https://vuldb.com/?ip.15.184.0.0) | ec2-15-184-0-0.me-south-1.compute.amazonaws.com | - | Medium
+17 | [15.184.128.0](https://vuldb.com/?ip.15.184.128.0) | ec2-15-184-128-0.me-south-1.compute.amazonaws.com | - | Medium
+18 | [15.184.144.0](https://vuldb.com/?ip.15.184.144.0) | ec2-15-184-144-0.me-south-1.compute.amazonaws.com | - | Medium
+19 | [15.184.152.0](https://vuldb.com/?ip.15.184.152.0) | ec2-15-184-152-0.me-south-1.compute.amazonaws.com | - | Medium
+20 | [15.184.154.0](https://vuldb.com/?ip.15.184.154.0) | ec2-15-184-154-0.me-south-1.compute.amazonaws.com | - | Medium
+21 | [15.184.156.0](https://vuldb.com/?ip.15.184.156.0) | ec2-15-184-156-0.me-south-1.compute.amazonaws.com | - | Medium
+22 | [15.184.160.0](https://vuldb.com/?ip.15.184.160.0) | ec2-15-184-160-0.me-south-1.compute.amazonaws.com | - | Medium
+23 | [15.184.192.0](https://vuldb.com/?ip.15.184.192.0) | ec2-15-184-192-0.me-south-1.compute.amazonaws.com | - | Medium
+24 | [15.185.0.0](https://vuldb.com/?ip.15.185.0.0) | ec2-15-185-0-0.me-south-1.compute.amazonaws.com | - | Medium
+25 | [15.185.128.0](https://vuldb.com/?ip.15.185.128.0) | ec2-15-185-128-0.me-south-1.compute.amazonaws.com | - | Medium
+26 | [15.185.192.0](https://vuldb.com/?ip.15.185.192.0) | ec2-15-185-192-0.me-south-1.compute.amazonaws.com | - | Medium
+27 | [15.185.224.0](https://vuldb.com/?ip.15.185.224.0) | ec2-15-185-224-0.me-south-1.compute.amazonaws.com | - | Medium
+28 | [15.185.240.0](https://vuldb.com/?ip.15.185.240.0) | ec2-15-185-240-0.me-south-1.compute.amazonaws.com | - | Medium
+29 | [15.185.244.0](https://vuldb.com/?ip.15.185.244.0) | ec2-15-185-244-0.me-south-1.compute.amazonaws.com | - | Medium
+30 | [15.185.246.0](https://vuldb.com/?ip.15.185.246.0) | ec2-15-185-246-0.me-south-1.compute.amazonaws.com | - | Medium
+31 | [15.185.248.0](https://vuldb.com/?ip.15.185.248.0) | ec2-15-185-248-0.me-south-1.compute.amazonaws.com | - | Medium
+32 | [15.230.69.0](https://vuldb.com/?ip.15.230.69.0) | - | - | High
+33 | ... | ... | ... | ...
 
-There are 82 more IOC items available. Please use our online service to access the data.
+There are 126 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -54,9 +66,8 @@ ID | Technique | Weakness | Description | Confidence
 1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | ... | ... | ... | ...
 
 There are 18 more TTP items available. Please use our online service to access the data.
 
@@ -66,73 +77,58 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.github/workflows/combine-prs.yml` | High
-2 | File | `.htaccess` | Medium
-3 | File | `/Admin/add-student.php` | High
-4 | File | `/admin/api/admin/articles/` | High
-5 | File | `/admin/conferences/list/` | High
-6 | File | `/admin/edit_admin_details.php?id=admin` | High
-7 | File | `/admin/generalsettings.php` | High
-8 | File | `/Admin/login.php` | High
-9 | File | `/admin/payment.php` | High
-10 | File | `/admin/reports.php` | High
-11 | File | `/admin/showbad.php` | High
-12 | File | `/apilog.php` | Medium
-13 | File | `/cgi-bin/kerbynet` | High
-14 | File | `/cgi-bin/wlogin.cgi` | High
-15 | File | `/connectors/index.php` | High
-16 | File | `/dev/block/mmcblk0rpmb` | High
-17 | File | `/dms/admin/reports/daily_collection_report.php` | High
-18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-19 | File | `/face-recognition-php/facepay-master/camera.php` | High
-20 | File | `/forum/away.php` | High
-21 | File | `/fos/admin/ajax.php?action=login` | High
-22 | File | `/fos/admin/index.php?page=menu` | High
-23 | File | `/hrm/employeeadd.php` | High
-24 | File | `/hrm/employeeview.php` | High
-25 | File | `/index.php` | Medium
-26 | File | `/Items/*/RemoteImages/Download` | High
-27 | File | `/items/view_item.php` | High
-28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-29 | File | `/lists/admin/` | High
-30 | File | `/lookin/info` | Medium
-31 | File | `/MagickCore/image.c` | High
-32 | File | `/manager/index.php` | High
-33 | File | `/medical/inventories.php` | High
-34 | File | `/modules/profile/index.php` | High
-35 | File | `/modules/projects/vw_files.php` | High
-36 | File | `/modules/public/calendar.php` | High
-37 | File | `/newsDia.php` | Medium
-38 | File | `/out.php` | Medium
-39 | File | `/proxy` | Low
-40 | File | `/public/launchNewWindow.jsp` | High
-41 | File | `/Redcock-Farm/farm/category.php` | High
-42 | File | `/reports/rwservlet` | High
-43 | File | `/sacco_shield/manage_user.php` | High
-44 | File | `/spip.php` | Medium
-45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-46 | File | `/staff/bookdetails.php` | High
-47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
-48 | File | `/user/update_booking.php` | High
-49 | File | `/WEB-INF/web.xml` | High
-50 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
-51 | File | `/wordpress/wp-admin/options-general.php` | High
-52 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-53 | File | `01article.php` | High
-54 | File | `AbstractScheduleJob.java` | High
-55 | File | `actionphp/download.File.php` | High
-56 | File | `AdClass.php` | Medium
-57 | File | `adclick.php` | Medium
-58 | File | `addtocart.asp` | High
-59 | ... | ... | ...
+1 | File | `$GIT_DIR/objects` | High
+2 | File | `$HOME/.printers` | High
+3 | File | `/admin.php/accessory/filesdel.html` | High
+4 | File | `/admin.php/update/getFile.html` | High
+5 | File | `/admin/?page=user/manage` | High
+6 | File | `/admin/add-new.php` | High
+7 | File | `/admin/admin.php` | High
+8 | File | `/admin/doctors.php` | High
+9 | File | `/admin/edit-doc.php` | High
+10 | File | `/admin/index3.php` | High
+11 | File | `/admin/patient.php` | High
+12 | File | `/adms/admin/?page=user/manage_user` | High
+13 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+14 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+15 | File | `/adms/classes/Users.php` | High
+16 | File | `/api/admin/system/store/order/list` | High
+17 | File | `/APR/signup.php` | High
+18 | File | `/backup.pl` | Medium
+19 | File | `/bin/httpd` | Medium
+20 | File | `/boat/login.php` | High
+21 | File | `/cgi-bin/mainfunction.cgi` | High
+22 | File | `/CPE` | Low
+23 | File | `/data/config.ftp.php` | High
+24 | File | `/ecshop/admin/template.php` | High
+25 | File | `/editor/index.php` | High
+26 | File | `/edoc/doctor/patient.php` | High
+27 | File | `/etc/tomcat8/Catalina/attack` | High
+28 | File | `/forum/PostPrivateMessage` | High
+29 | File | `/goform/SetSysTimeCfg` | High
+30 | File | `/home/cavesConsole` | High
+31 | File | `/home/kickPlayer` | High
+32 | File | `/home/masterConsole` | High
+33 | File | `/home/sendBroadcast` | High
+34 | File | `/mygym/admin/index.php?view_exercises` | High
+35 | File | `/oews/classes/Master.php?f=update_cart` | High
+36 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
+37 | File | `/param.file.tgz` | High
+38 | File | `/pet_shop/admin/orders/update_status.php` | High
+39 | File | `/php-opos/index.php` | High
+40 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
+41 | File | `/setnetworksettings/IPAddress` | High
+42 | File | `/SetNetworkSettings/SubnetMask` | High
+43 | ... | ... | ...
 
-There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bh.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bh.netset
 
 ## Literature
 

actors/Baldr/README.md

@@ -91,8 +91,7 @@ ID | Type | Indicator | Confidence
 23 | File | `/var/log/nginx` | High
 24 | File | `/var/run/watchman.pid` | High
 25 | File | `/viewer/krpano.html` | High
-26 | File | `/wp-json/oembed/1.0/embed?url` | High
-27 | ... | ... | ...
+26 | ... | ... | ...
 
 There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 

actors/Bangladesh Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...
 
-There are 28 more country items available. Please use our online service to access the data.
+There are 12 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -372,12 +372,11 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-22 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
 4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
-6 | ... | ... | ... | ...
+5 | ... | ... | ... | ...
 
-There are 19 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -385,71 +384,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.github/workflows/combine-prs.yml` | High
-2 | File | `.php.gif` | Medium
-3 | File | `/?admin/user.html` | High
-4 | File | `/Admin/add-student.php` | High
-5 | File | `/admin/api/admin/articles/` | High
-6 | File | `/admin/submit-articles` | High
-7 | File | `/admin/subnets/ripe-query.php` | High
-8 | File | `/apilog.php` | Medium
-9 | File | `/bin/httpd` | Medium
-10 | File | `/bin/sh` | Low
-11 | File | `/cgi-bin/webadminget.cgi` | High
-12 | File | `/connectors/index.php` | High
-13 | File | `/Default/Bd` | Medium
-14 | File | `/dev/block/mmcblk0rpmb` | High
-15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-16 | File | `/employeeview.php` | High
-17 | File | `/face-recognition-php/facepay-master/camera.php` | High
-18 | File | `/forum/away.php` | High
-19 | File | `/forum/PostPrivateMessage` | High
-20 | File | `/fos/admin/ajax.php?action=login` | High
-21 | File | `/fos/admin/index.php?page=menu` | High
-22 | File | `/home/masterConsole` | High
-23 | File | `/home/sendBroadcast` | High
-24 | File | `/hrm/controller/employee.php` | High
-25 | File | `/hrm/employeeadd.php` | High
-26 | File | `/hrm/employeeview.php` | High
-27 | File | `/index.php` | Medium
-28 | File | `/items/view_item.php` | High
-29 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-30 | File | `/lookin/info` | Medium
-31 | File | `/manager/index.php` | High
-32 | File | `/medical/inventories.php` | High
-33 | File | `/modules/profile/index.php` | High
-34 | File | `/modules/projects/vw_files.php` | High
-35 | File | `/modules/public/calendar.php` | High
-36 | File | `/net/nfc/netlink.c` | High
-37 | File | `/newsDia.php` | Medium
-38 | File | `/out.php` | Medium
-39 | File | `/php_action/editProductImage.php` | High
-40 | File | `/product/savenewproduct.php?flag=1` | High
-41 | File | `/proxy` | Low
-42 | File | `/Redcock-Farm/farm/category.php` | High
-43 | File | `/reports/rwservlet` | High
-44 | File | `/sacco_shield/manage_user.php` | High
-45 | File | `/services/Card/findUser` | High
-46 | File | `/spip.php` | Medium
-47 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-48 | File | `/staff/bookdetails.php` | High
-49 | File | `/uncpath/` | Medium
-50 | File | `/user/update_booking.php` | High
-51 | File | `/view-property.php` | High
-52 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
-53 | File | `/wireless/security.asp` | High
-54 | File | `/wordpress/wp-admin/options-general.php` | High
-55 | File | `/wp-content/plugins/updraftplus/admin.php` | High
-56 | File | `01article.php` | High
-57 | File | `AbstractScheduleJob.java` | High
-58 | File | `action.php` | Medium
-59 | File | `actionphp/download.File.php` | High
-60 | File | `adclick.php` | Medium
-61 | File | `addtocart.asp` | High
-62 | File | `admin.php` | Medium
-63 | ... | ... | ...
+1 | File | `/admin/` | Low
+2 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+3 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+4 | File | `/APR/signup.php` | High
+5 | File | `/bin/httpd` | Medium
+6 | File | `/bin/sh` | Low
+7 | File | `/dev/block/mmcblk0rpmb` | High
+8 | File | `/forum/away.php` | High
+9 | File | `/forum/PostPrivateMessage` | High
+10 | File | `/fos/admin/ajax.php?action=login` | High
+11 | File | `/fos/admin/index.php?page=menu` | High
+12 | File | `/home/masterConsole` | High
+13 | File | `/home/sendBroadcast` | High
+14 | File | `/mims/login.php` | High
+15 | File | `/mygym/admin/index.php?view_exercises` | High
+16 | File | `/out.php` | Medium
+17 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
+18 | File | `/php-opos/index.php` | High
+19 | File | `/php-scrm/login.php` | High
+20 | File | `/spip.php` | Medium
+21 | File | `/uncpath/` | Medium
+22 | File | `/wireless/security.asp` | High
+23 | File | `01article.php` | High
+24 | File | `account-signup.php` | High
+25 | File | `account/signup.php` | High
+26 | File | `action.php` | Medium
+27 | File | `addentry.php` | Medium
+28 | File | `admin.php` | Medium
+29 | File | `admin/abc.php` | High
+30 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+31 | File | `admin/admin/adminsave.html` | High
+32 | File | `admin/admin_editor.php` | High
+33 | ... | ... | ...
 
-There are 552 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 278 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Barbados Unknown/README.md

@@ -17,37 +17,43 @@ ID | IP address | Hostname | Campaign | Confidence
 5 | [45.12.71.18](https://vuldb.com/?ip.45.12.71.18) | - | - | High
 6 | [45.62.191.112](https://vuldb.com/?ip.45.62.191.112) | - | - | High
 7 | [45.74.22.128](https://vuldb.com/?ip.45.74.22.128) | - | - | High
-8 | [57.91.16.0](https://vuldb.com/?ip.57.91.16.0) | - | - | High
-9 | [63.143.76.0](https://vuldb.com/?ip.63.143.76.0) | - | - | High
-10 | [63.170.68.0](https://vuldb.com/?ip.63.170.68.0) | - | - | High
-11 | [63.175.156.0](https://vuldb.com/?ip.63.175.156.0) | - | - | High
-12 | [64.119.192.0](https://vuldb.com/?ip.64.119.192.0) | - | - | High
-13 | [64.210.40.0](https://vuldb.com/?ip.64.210.40.0) | - | - | High
-14 | [65.48.128.0](https://vuldb.com/?ip.65.48.128.0) | - | - | High
-15 | [65.48.132.0](https://vuldb.com/?ip.65.48.132.0) | - | - | High
-16 | [65.48.144.0](https://vuldb.com/?ip.65.48.144.0) | - | - | High
-17 | [65.48.160.0](https://vuldb.com/?ip.65.48.160.0) | - | - | High
-18 | [65.48.168.0](https://vuldb.com/?ip.65.48.168.0) | - | - | High
-19 | [65.48.174.0](https://vuldb.com/?ip.65.48.174.0) | - | - | High
-20 | [65.48.176.0](https://vuldb.com/?ip.65.48.176.0) | - | - | High
-21 | [65.48.192.0](https://vuldb.com/?ip.65.48.192.0) | - | - | High
-22 | [65.48.200.0](https://vuldb.com/?ip.65.48.200.0) | - | - | High
-23 | [65.48.207.0](https://vuldb.com/?ip.65.48.207.0) | - | - | High
-24 | [65.48.208.0](https://vuldb.com/?ip.65.48.208.0) | - | - | High
-25 | [65.48.212.0](https://vuldb.com/?ip.65.48.212.0) | - | - | High
-26 | [65.48.214.0](https://vuldb.com/?ip.65.48.214.0) | - | - | High
-27 | [65.48.217.0](https://vuldb.com/?ip.65.48.217.0) | - | - | High
-28 | [65.48.221.0](https://vuldb.com/?ip.65.48.221.0) | - | - | High
-29 | [65.48.222.0](https://vuldb.com/?ip.65.48.222.0) | - | - | High
-30 | ... | ... | ... | ...
+8 | [57.74.122.0](https://vuldb.com/?ip.57.74.122.0) | - | - | High
+9 | [57.91.16.0](https://vuldb.com/?ip.57.91.16.0) | - | - | High
+10 | [63.143.76.0](https://vuldb.com/?ip.63.143.76.0) | - | - | High
+11 | [63.170.68.0](https://vuldb.com/?ip.63.170.68.0) | - | - | High
+12 | [63.175.156.0](https://vuldb.com/?ip.63.175.156.0) | - | - | High
+13 | [63.245.48.0](https://vuldb.com/?ip.63.245.48.0) | - | - | High
+14 | [64.119.192.0](https://vuldb.com/?ip.64.119.192.0) | - | - | High
+15 | [64.210.40.0](https://vuldb.com/?ip.64.210.40.0) | - | - | High
+16 | [65.48.128.0](https://vuldb.com/?ip.65.48.128.0) | - | - | High
+17 | [65.48.132.0](https://vuldb.com/?ip.65.48.132.0) | - | - | High
+18 | [65.48.144.0](https://vuldb.com/?ip.65.48.144.0) | - | - | High
+19 | [65.48.152.0](https://vuldb.com/?ip.65.48.152.0) | - | - | High
+20 | [65.48.155.0](https://vuldb.com/?ip.65.48.155.0) | - | - | High
+21 | [65.48.156.0](https://vuldb.com/?ip.65.48.156.0) | - | - | High
+22 | [65.48.160.0](https://vuldb.com/?ip.65.48.160.0) | - | - | High
+23 | [65.48.168.0](https://vuldb.com/?ip.65.48.168.0) | - | - | High
+24 | [65.48.174.0](https://vuldb.com/?ip.65.48.174.0) | - | - | High
+25 | [65.48.176.0](https://vuldb.com/?ip.65.48.176.0) | - | - | High
+26 | [65.48.192.0](https://vuldb.com/?ip.65.48.192.0) | - | - | High
+27 | [65.48.200.0](https://vuldb.com/?ip.65.48.200.0) | - | - | High
+28 | [65.48.207.0](https://vuldb.com/?ip.65.48.207.0) | - | - | High
+29 | [65.48.208.0](https://vuldb.com/?ip.65.48.208.0) | - | - | High
+30 | [65.48.212.0](https://vuldb.com/?ip.65.48.212.0) | - | - | High
+31 | [65.48.214.0](https://vuldb.com/?ip.65.48.214.0) | - | - | High
+32 | [65.48.217.0](https://vuldb.com/?ip.65.48.217.0) | - | - | High
+33 | [65.48.221.0](https://vuldb.com/?ip.65.48.221.0) | - | - | High
+34 | [65.48.222.0](https://vuldb.com/?ip.65.48.222.0) | - | - | High
+35 | ... | ... | ... | ...
 
-There are 118 more IOC items available. Please use our online service to access the data.
+There are 136 more IOC items available. Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bb.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bb.netset
 
 ## Literature
 

actors/Barys/README.md

@@ -40,7 +40,7 @@ ID | IP address | Hostname | Campaign | Confidence
 17 | [58.215.145.95](https://vuldb.com/?ip.58.215.145.95) | - | - | High
 18 | ... | ... | ... | ...
 
-There are 68 more IOC items available. Please use our online service to access the data.
+There are 69 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -129,6 +129,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2021/08/threat-roundup-0820-0827.html
 * https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
 * https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
+* https://blog.talosintelligence.com/threat-roundup-0127-0203/
 * https://blog.talosintelligence.com/threat-roundup-1202-1209/
 
 ## Literature

actors/BazarLoader/README.md

@@ -75,7 +75,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1059 | CWE-94 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
 
-There are 11 more TTP items available. Please use our online service to access the data.
+There are 12 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -85,17 +85,17 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/api` | Low
 2 | File | `/api/sys_username_passwd.cmd` | High
-3 | File | `/include/makecvs.php` | High
-4 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
-5 | File | `/requests.php` | High
-6 | File | `/usr/local/psa/admin/sbin/wrapper` | High
-7 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
-8 | File | `add.php` | Low
-9 | File | `admin/admin.shtml` | High
-10 | File | `bpf-object-fuzzer.c` | High
+3 | File | `/forum/away.php` | High
+4 | File | `/include/makecvs.php` | High
+5 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
+6 | File | `/requests.php` | High
+7 | File | `/usr/local/psa/admin/sbin/wrapper` | High
+8 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
+9 | File | `add.php` | Low
+10 | File | `admin/admin.shtml` | High
 11 | ... | ... | ...
 
-There are 81 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 84 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/BeamWinHTTP/README.md

@@ -35,7 +35,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
 
-There are 13 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -63,20 +63,20 @@ ID | Type | Indicator | Confidence
 18 | File | `/Hospital-Management-System-master/contact.php` | High
 19 | File | `/include/friends.inc.php` | High
 20 | File | `/index.php?module=configuration/application` | High
-21 | File | `/members/view_member.php` | High
-22 | File | `/services/view_service.php` | High
-23 | File | `/servlet/webacc` | High
-24 | File | `/sitemagic/upgrade.php` | High
-25 | File | `/userui/ticket_list.php` | High
-26 | File | `/usr/5bin/su` | Medium
-27 | File | `/wp-admin/options-general.php` | High
-28 | File | `/zm/index.php` | High
-29 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
-30 | File | `abook_database.php` | High
-31 | File | `accounts/inc/include.php` | High
-32 | File | `adaptive-images-script.php` | High
-33 | File | `additem.asp` | Medium
-34 | File | `addtocart.asp` | High
+21 | File | `/kruxton/receipt.php` | High
+22 | File | `/members/view_member.php` | High
+23 | File | `/services/view_service.php` | High
+24 | File | `/servlet/webacc` | High
+25 | File | `/sitemagic/upgrade.php` | High
+26 | File | `/userui/ticket_list.php` | High
+27 | File | `/usr/5bin/su` | Medium
+28 | File | `/wp-admin/options-general.php` | High
+29 | File | `/zm/index.php` | High
+30 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
+31 | File | `abook_database.php` | High
+32 | File | `accounts/inc/include.php` | High
+33 | File | `adaptive-images-script.php` | High
+34 | File | `additem.asp` | Medium
 35 | File | `adherents/subscription/info.php` | High
 36 | File | `admin.asp` | Medium
 37 | File | `admin.php` | Medium
@@ -99,23 +99,23 @@ ID | Type | Indicator | Confidence
 54 | File | `administrator/components/com_media/helpers/media.php` | High
 55 | File | `administrator/index.php` | High
 56 | File | `admin_login.asp` | High
-57 | File | `adv_search.asp` | High
-58 | File | `ajax_url.php` | Medium
-59 | File | `album_portal.php` | High
-60 | File | `al_initialize.php` | High
-61 | File | `anjel.index.php` | High
-62 | File | `annonces-p-f.php` | High
-63 | File | `announce.php` | Medium
-64 | File | `announcement.php` | High
-65 | File | `announcements.php` | High
-66 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
-67 | File | `application/config/config.php` | High
-68 | File | `application/controllers/basedata/inventory.php` | High
-69 | File | `apply.cgi` | Medium
-70 | File | `apps/app_article/controller/rating.php` | High
-71 | File | `article.php` | Medium
-72 | File | `articles.php` | Medium
-73 | File | `artikel_anzeige.php` | High
+57 | File | `ajax_url.php` | Medium
+58 | File | `album_portal.php` | High
+59 | File | `al_initialize.php` | High
+60 | File | `anjel.index.php` | High
+61 | File | `annonces-p-f.php` | High
+62 | File | `announce.php` | Medium
+63 | File | `announcement.php` | High
+64 | File | `announcements.php` | High
+65 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
+66 | File | `application/config/config.php` | High
+67 | File | `application/controllers/basedata/inventory.php` | High
+68 | File | `apply.cgi` | Medium
+69 | File | `apps/app_article/controller/rating.php` | High
+70 | File | `article.php` | Medium
+71 | File | `articles.php` | Medium
+72 | File | `artikel_anzeige.php` | High
+73 | File | `AudioFlinger.cpp` | High
 74 | File | `auktion.cgi` | Medium
 75 | File | `auth.php` | Medium
 76 | File | `authfiles/login.asp` | High
@@ -137,8 +137,7 @@ ID | Type | Indicator | Confidence
 92 | File | `category.cfm` | Medium
 93 | File | `category.php` | Medium
 94 | File | `category_list.php` | High
-95 | File | `cgi-bin/awstats.pl` | High
-96 | ... | ... | ...
+95 | ... | ... | ...
 
 There are 844 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 

actors/Belarus Unknown/README.md

@@ -20,48 +20,58 @@ ID | IP address | Hostname | Campaign | Confidence
 1 | [5.62.60.28](https://vuldb.com/?ip.5.62.60.28) | r-28-60-62-5.consumer-pool.prcdn.net | - | High
 2 | [5.62.62.28](https://vuldb.com/?ip.5.62.62.28) | r-28-62-62-5.consumer-pool.prcdn.net | - | High
 3 | [5.100.192.0](https://vuldb.com/?ip.5.100.192.0) | - | - | High
-4 | [31.24.88.0](https://vuldb.com/?ip.31.24.88.0) | - | - | High
-5 | [31.130.200.0](https://vuldb.com/?ip.31.130.200.0) | - | - | High
-6 | [31.148.198.0](https://vuldb.com/?ip.31.148.198.0) | - | - | High
-7 | [31.148.248.0](https://vuldb.com/?ip.31.148.248.0) | - | - | High
-8 | [34.99.32.0](https://vuldb.com/?ip.34.99.32.0) | 0.32.99.34.bc.googleusercontent.com | - | Medium
-9 | [34.103.32.0](https://vuldb.com/?ip.34.103.32.0) | 0.32.103.34.bc.googleusercontent.com | - | Medium
-10 | [37.17.0.0](https://vuldb.com/?ip.37.17.0.0) | - | - | High
-11 | [37.44.64.0](https://vuldb.com/?ip.37.44.64.0) | mm-0-64-44-37.mf.dynamic.pppoe.byfly.by | - | High
-12 | [37.45.0.0](https://vuldb.com/?ip.37.45.0.0) | mm-0-0-45-37.brest.dynamic.pppoe.byfly.by | - | High
-13 | [37.212.0.0](https://vuldb.com/?ip.37.212.0.0) | mm-0-0-212-37.vitebsk.dynamic.pppoe.byfly.by | - | High
-14 | [45.12.70.36](https://vuldb.com/?ip.45.12.70.36) | anagogical.get-eye.com | - | High
-15 | [45.12.71.36](https://vuldb.com/?ip.45.12.71.36) | - | - | High
-16 | [45.74.27.128](https://vuldb.com/?ip.45.74.27.128) | - | - | High
-17 | [45.89.231.0](https://vuldb.com/?ip.45.89.231.0) | - | - | High
-18 | [45.129.171.0](https://vuldb.com/?ip.45.129.171.0) | - | - | High
-19 | [45.132.194.0](https://vuldb.com/?ip.45.132.194.0) | - | - | High
-20 | [45.136.68.0](https://vuldb.com/?ip.45.136.68.0) | - | - | High
-21 | [45.138.159.0](https://vuldb.com/?ip.45.138.159.0) | - | - | High
-22 | [45.139.29.0](https://vuldb.com/?ip.45.139.29.0) | - | - | High
-23 | [45.145.160.0](https://vuldb.com/?ip.45.145.160.0) | - | - | High
-24 | [45.152.213.0](https://vuldb.com/?ip.45.152.213.0) | - | - | High
-25 | [45.153.53.0](https://vuldb.com/?ip.45.153.53.0) | - | - | High
-26 | [45.155.60.0](https://vuldb.com/?ip.45.155.60.0) | - | - | High
-27 | [46.28.96.0](https://vuldb.com/?ip.46.28.96.0) | - | - | High
-28 | [46.36.202.26](https://vuldb.com/?ip.46.36.202.26) | - | - | High
-29 | [46.53.128.0](https://vuldb.com/?ip.46.53.128.0) | - | - | High
-30 | [46.56.0.0](https://vuldb.com/?ip.46.56.0.0) | - | - | High
-31 | [46.175.168.0](https://vuldb.com/?ip.46.175.168.0) | - | - | High
-32 | [46.182.48.0](https://vuldb.com/?ip.46.182.48.0) | leased-line-46-182-48-0.telecom.by | - | High
-33 | [46.191.0.0](https://vuldb.com/?ip.46.191.0.0) | - | - | High
-34 | [46.216.0.0](https://vuldb.com/?ip.46.216.0.0) | - | - | High
-35 | [46.243.183.0](https://vuldb.com/?ip.46.243.183.0) | - | - | High
-36 | [62.187.241.0](https://vuldb.com/?ip.62.187.241.0) | - | - | High
-37 | [77.67.128.0](https://vuldb.com/?ip.77.67.128.0) | - | - | High
-38 | [77.74.32.0](https://vuldb.com/?ip.77.74.32.0) | - | - | High
-39 | [79.98.48.0](https://vuldb.com/?ip.79.98.48.0) | - | - | High
-40 | [79.110.20.0](https://vuldb.com/?ip.79.110.20.0) | - | - | High
-41 | [79.170.104.0](https://vuldb.com/?ip.79.170.104.0) | - | - | High
-42 | [80.66.84.0](https://vuldb.com/?ip.80.66.84.0) | - | - | High
-43 | ... | ... | ... | ...
+4 | [5.188.7.0](https://vuldb.com/?ip.5.188.7.0) | - | - | High
+5 | [31.24.88.0](https://vuldb.com/?ip.31.24.88.0) | - | - | High
+6 | [31.130.200.0](https://vuldb.com/?ip.31.130.200.0) | - | - | High
+7 | [31.148.198.0](https://vuldb.com/?ip.31.148.198.0) | - | - | High
+8 | [31.148.248.0](https://vuldb.com/?ip.31.148.248.0) | - | - | High
+9 | [31.148.250.0](https://vuldb.com/?ip.31.148.250.0) | - | - | High
+10 | [31.222.240.0](https://vuldb.com/?ip.31.222.240.0) | - | - | High
+11 | [34.99.32.0](https://vuldb.com/?ip.34.99.32.0) | 0.32.99.34.bc.googleusercontent.com | - | Medium
+12 | [34.103.32.0](https://vuldb.com/?ip.34.103.32.0) | 0.32.103.34.bc.googleusercontent.com | - | Medium
+13 | [37.9.66.0](https://vuldb.com/?ip.37.9.66.0) | - | - | High
+14 | [37.17.0.0](https://vuldb.com/?ip.37.17.0.0) | - | - | High
+15 | [37.44.64.0](https://vuldb.com/?ip.37.44.64.0) | mm-0-64-44-37.mf.dynamic.pppoe.byfly.by | - | High
+16 | [37.45.0.0](https://vuldb.com/?ip.37.45.0.0) | mm-0-0-45-37.brest.dynamic.pppoe.byfly.by | - | High
+17 | [37.212.0.0](https://vuldb.com/?ip.37.212.0.0) | mm-0-0-212-37.vitebsk.dynamic.pppoe.byfly.by | - | High
+18 | [45.12.70.36](https://vuldb.com/?ip.45.12.70.36) | anagogical.get-eye.com | - | High
+19 | [45.12.71.36](https://vuldb.com/?ip.45.12.71.36) | - | - | High
+20 | [45.74.27.128](https://vuldb.com/?ip.45.74.27.128) | - | - | High
+21 | [45.89.231.0](https://vuldb.com/?ip.45.89.231.0) | - | - | High
+22 | [45.128.205.0](https://vuldb.com/?ip.45.128.205.0) | - | - | High
+23 | [45.129.171.0](https://vuldb.com/?ip.45.129.171.0) | - | - | High
+24 | [45.132.194.0](https://vuldb.com/?ip.45.132.194.0) | - | - | High
+25 | [45.135.234.0](https://vuldb.com/?ip.45.135.234.0) | 45.135.234.0.static.hostfly.by | - | High
+26 | [45.136.68.0](https://vuldb.com/?ip.45.136.68.0) | - | - | High
+27 | [45.138.159.0](https://vuldb.com/?ip.45.138.159.0) | - | - | High
+28 | [45.139.29.0](https://vuldb.com/?ip.45.139.29.0) | - | - | High
+29 | [45.145.160.0](https://vuldb.com/?ip.45.145.160.0) | - | - | High
+30 | [45.152.213.0](https://vuldb.com/?ip.45.152.213.0) | - | - | High
+31 | [45.153.53.0](https://vuldb.com/?ip.45.153.53.0) | - | - | High
+32 | [45.155.60.0](https://vuldb.com/?ip.45.155.60.0) | - | - | High
+33 | [46.28.96.0](https://vuldb.com/?ip.46.28.96.0) | - | - | High
+34 | [46.36.202.26](https://vuldb.com/?ip.46.36.202.26) | - | - | High
+35 | [46.53.128.0](https://vuldb.com/?ip.46.53.128.0) | - | - | High
+36 | [46.56.0.0](https://vuldb.com/?ip.46.56.0.0) | - | - | High
+37 | [46.175.168.0](https://vuldb.com/?ip.46.175.168.0) | - | - | High
+38 | [46.182.48.0](https://vuldb.com/?ip.46.182.48.0) | leased-line-46-182-48-0.telecom.by | - | High
+39 | [46.191.0.0](https://vuldb.com/?ip.46.191.0.0) | - | - | High
+40 | [46.216.0.0](https://vuldb.com/?ip.46.216.0.0) | - | - | High
+41 | [46.243.183.0](https://vuldb.com/?ip.46.243.183.0) | - | - | High
+42 | [46.243.186.0](https://vuldb.com/?ip.46.243.186.0) | - | - | High
+43 | [57.86.172.0](https://vuldb.com/?ip.57.86.172.0) | - | - | High
+44 | [57.87.208.0](https://vuldb.com/?ip.57.87.208.0) | - | - | High
+45 | [62.32.47.0](https://vuldb.com/?ip.62.32.47.0) | - | - | High
+46 | [62.187.241.0](https://vuldb.com/?ip.62.187.241.0) | - | - | High
+47 | [77.67.128.0](https://vuldb.com/?ip.77.67.128.0) | - | - | High
+48 | [77.74.32.0](https://vuldb.com/?ip.77.74.32.0) | - | - | High
+49 | [77.88.24.0](https://vuldb.com/?ip.77.88.24.0) | - | - | High
+50 | [77.94.44.0](https://vuldb.com/?ip.77.94.44.0) | - | - | High
+51 | [77.94.56.0](https://vuldb.com/?ip.77.94.56.0) | - | - | High
+52 | [78.41.109.0](https://vuldb.com/?ip.78.41.109.0) | - | - | High
+53 | ... | ... | ... | ...
 
-There are 169 more IOC items available. Please use our online service to access the data.
+There are 208 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -94,6 +104,7 @@ There are 3 more IOA items available (file, library, argument, input value, patt
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_by.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_by.netset
 
 ## Literature
 

actors/Belgium Unknown/README.md

@@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [US](https://vuldb.com/?country.us)
 * [JP](https://vuldb.com/?country.jp)
-* [ES](https://vuldb.com/?country.es)
+* [DK](https://vuldb.com/?country.dk)
 * ...
 
-There are 20 more country items available. Please use our online service to access the data.
+There are 25 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -1145,14 +1145,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-35 | Pathname Traversal | High
-2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
+4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+5 | ... | ... | ... | ...
 
-There are 19 more TTP items available. Please use our online service to access the data.
+There are 15 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -1160,53 +1159,54 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `$HOME/.printers` | High
-2 | File | `/appliance/users?action=edit` | High
-3 | File | `/CPE` | Low
-4 | File | `/dev/block/mmcblk0rpmb` | High
-5 | File | `/forum/away.php` | High
-6 | File | `/forum/PostPrivateMessage` | High
-7 | File | `/fos/admin/ajax.php?action=login` | High
-8 | File | `/fos/admin/index.php?page=menu` | High
-9 | File | `/home/cavesConsole` | High
-10 | File | `/home/kickPlayer` | High
-11 | File | `/home/masterConsole` | High
-12 | File | `/home/sendBroadcast` | High
-13 | File | `/login/index.php` | High
-14 | File | `/oews/classes/Master.php?f=update_cart` | High
-15 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
-16 | File | `/out.php` | Medium
-17 | File | `/param.file.tgz` | High
-18 | File | `/ptippage.cgi` | High
-19 | File | `/ptipupgrade.cgi` | High
-20 | File | `/public_html/users.php` | High
-21 | File | `/royal_event/userregister.php` | High
-22 | File | `/setnetworksettings/IPAddress` | High
-23 | File | `/SetNetworkSettings/SubnetMask` | High
-24 | File | `/u/username.json` | High
-25 | File | `/user/s.php` | Medium
-26 | File | `/user/updatePwd` | High
-27 | File | `/wireless/basic.asp` | High
-28 | File | `/wireless/guestnetwork.asp` | High
-29 | File | `/wireless/security.asp` | High
-30 | File | `01article.php` | High
-31 | File | `adclick.php` | Medium
-32 | File | `add-locker-form.php` | High
-33 | File | `admin/abc.php` | High
-34 | File | `admin/add_payment.php` | High
-35 | File | `admin/admin/adminsave.html` | High
-36 | File | `admin/approve_user.php` | High
-37 | File | `admin/booking_report.php` | High
-38 | File | `admin/conf_users_edit.php` | High
-39 | File | `admin/disapprove_user.php` | High
-40 | File | `admin/expense_report.php` | High
-41 | File | `admin/forget_password.php` | High
-42 | File | `admin/index.php` | High
-43 | File | `admin/make_payments.php` | High
-44 | File | `admin/manage_user.php` | High
-45 | ... | ... | ...
+1 | File | `$GIT_DIR/objects` | High
+2 | File | `/?ajax-request=jnews` | High
+3 | File | `/admin.php/accessory/filesdel.html` | High
+4 | File | `/admin.php/update/getFile.html` | High
+5 | File | `/admin/?page=user/manage` | High
+6 | File | `/admin/add-new.php` | High
+7 | File | `/admin/admin.php` | High
+8 | File | `/admin/content/index` | High
+9 | File | `/admin/doctors.php` | High
+10 | File | `/admin/edit-doc.php` | High
+11 | File | `/admin/index3.php` | High
+12 | File | `/admin/login.php` | High
+13 | File | `/admin/patient.php` | High
+14 | File | `/adms/admin/?page=user/manage_user` | High
+15 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+16 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+17 | File | `/adms/classes/Users.php` | High
+18 | File | `/alphaware/summary.php` | High
+19 | File | `/api/admin/system/store/order/list` | High
+20 | File | `/APR/login.php` | High
+21 | File | `/APR/signup.php` | High
+22 | File | `/backup.pl` | Medium
+23 | File | `/bin/httpd` | Medium
+24 | File | `/boat/login.php` | High
+25 | File | `/cgi-bin/mainfunction.cgi` | High
+26 | File | `/cgi-bin/mft/wireless_mft` | High
+27 | File | `/data/config.ftp.php` | High
+28 | File | `/ecshop/admin/template.php` | High
+29 | File | `/editor/index.php` | High
+30 | File | `/edoc/doctor/patient.php` | High
+31 | File | `/file_manager/login.php` | High
+32 | File | `/forum/away.php` | High
+33 | File | `/goform/SetSysTimeCfg` | High
+34 | File | `/Moosikay/order.php` | High
+35 | File | `/mygym/admin/index.php?view_exercises` | High
+36 | File | `/oews/classes/Master.php?f=update_cart` | High
+37 | File | `/out.php` | Medium
+38 | File | `/param.file.tgz` | High
+39 | File | `/pet_shop/admin/orders/update_status.php` | High
+40 | File | `/philosophy/admin/login.php` | High
+41 | File | `/philosophy/admin/user/controller.php?action=add` | High
+42 | File | `/php-opos/index.php` | High
+43 | File | `/php-scrm/login.php` | High
+44 | File | `/plugins/playbooks/api/v0/playbooks/[playbookID` | High
+45 | File | `/plugins/playbooks/api/v0/runs` | High
+46 | ... | ... | ...
 
-There are 391 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 396 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Belize Unknown/README.md

@@ -30,34 +30,40 @@ ID | IP address | Hostname | Campaign | Confidence
 7 | [45.12.71.37](https://vuldb.com/?ip.45.12.71.37) | - | - | High
 8 | [45.70.228.0](https://vuldb.com/?ip.45.70.228.0) | - | - | High
 9 | [45.70.240.0](https://vuldb.com/?ip.45.70.240.0) | - | - | High
-10 | [45.147.56.0](https://vuldb.com/?ip.45.147.56.0) | - | - | High
-11 | [45.180.120.0](https://vuldb.com/?ip.45.180.120.0) | - | - | High
-12 | [45.225.42.0](https://vuldb.com/?ip.45.225.42.0) | - | - | High
-13 | [45.228.156.0](https://vuldb.com/?ip.45.228.156.0) | - | - | High
-14 | [45.231.206.0](https://vuldb.com/?ip.45.231.206.0) | undefined.hostname.localhost | - | High
-15 | [45.234.88.0](https://vuldb.com/?ip.45.234.88.0) | - | - | High
-16 | [45.236.140.0](https://vuldb.com/?ip.45.236.140.0) | - | - | High
-17 | [50.30.36.26](https://vuldb.com/?ip.50.30.36.26) | static-ip-50-30-36-26.inaddr.ip-pool.com | - | High
-18 | [50.30.36.28](https://vuldb.com/?ip.50.30.36.28) | static-ip-50-30-36-28.inaddr.ip-pool.com | - | High
-19 | [57.75.144.0](https://vuldb.com/?ip.57.75.144.0) | - | - | High
-20 | [62.77.131.0](https://vuldb.com/?ip.62.77.131.0) | - | - | High
-21 | [66.96.125.192](https://vuldb.com/?ip.66.96.125.192) | - | - | High
-22 | [69.64.42.107](https://vuldb.com/?ip.69.64.42.107) | static-ip-69-64-42-107.inaddr.ip-pool.com | - | High
-23 | [69.64.42.119](https://vuldb.com/?ip.69.64.42.119) | static-ip-69-64-42-119.inaddr.ip-pool.com | - | High
-24 | [69.64.48.248](https://vuldb.com/?ip.69.64.48.248) | totalcputime.teslae.net | - | High
-25 | [69.64.53.173](https://vuldb.com/?ip.69.64.53.173) | static-ip-69-64-53-173.inaddr.ip-pool.com | - | High
-26 | [69.64.55.30](https://vuldb.com/?ip.69.64.55.30) | static-ip-69-64-55-30.inaddr.ip-pool.com | - | High
-27 | [77.81.120.0](https://vuldb.com/?ip.77.81.120.0) | - | - | High
-28 | [80.87.204.0](https://vuldb.com/?ip.80.87.204.0) | bill.artplanet.ru | - | High
-29 | [80.87.207.0](https://vuldb.com/?ip.80.87.207.0) | subnet.artplanet.su | - | High
-30 | [91.226.97.0](https://vuldb.com/?ip.91.226.97.0) | - | - | High
-31 | [94.247.84.0](https://vuldb.com/?ip.94.247.84.0) | - | - | High
-32 | [96.44.188.0](https://vuldb.com/?ip.96.44.188.0) | unassigned.quadranet.com | - | High
-33 | [103.68.108.0](https://vuldb.com/?ip.103.68.108.0) | - | - | High
-34 | [103.230.140.0](https://vuldb.com/?ip.103.230.140.0) | - | - | High
-35 | ... | ... | ... | ...
+10 | [45.131.4.0](https://vuldb.com/?ip.45.131.4.0) | - | - | High
+11 | [45.131.208.0](https://vuldb.com/?ip.45.131.208.0) | - | - | High
+12 | [45.147.56.0](https://vuldb.com/?ip.45.147.56.0) | - | - | High
+13 | [45.180.120.0](https://vuldb.com/?ip.45.180.120.0) | - | - | High
+14 | [45.225.42.0](https://vuldb.com/?ip.45.225.42.0) | - | - | High
+15 | [45.227.254.0](https://vuldb.com/?ip.45.227.254.0) | - | - | High
+16 | [45.228.156.0](https://vuldb.com/?ip.45.228.156.0) | - | - | High
+17 | [45.231.206.0](https://vuldb.com/?ip.45.231.206.0) | undefined.hostname.localhost | - | High
+18 | [45.234.88.0](https://vuldb.com/?ip.45.234.88.0) | - | - | High
+19 | [45.236.140.0](https://vuldb.com/?ip.45.236.140.0) | - | - | High
+20 | [50.30.36.26](https://vuldb.com/?ip.50.30.36.26) | static-ip-50-30-36-26.inaddr.ip-pool.com | - | High
+21 | [50.30.36.28](https://vuldb.com/?ip.50.30.36.28) | static-ip-50-30-36-28.inaddr.ip-pool.com | - | High
+22 | [57.74.88.0](https://vuldb.com/?ip.57.74.88.0) | - | - | High
+23 | [57.75.144.0](https://vuldb.com/?ip.57.75.144.0) | - | - | High
+24 | [62.77.131.0](https://vuldb.com/?ip.62.77.131.0) | - | - | High
+25 | [64.34.230.0](https://vuldb.com/?ip.64.34.230.0) | - | - | High
+26 | [66.96.125.192](https://vuldb.com/?ip.66.96.125.192) | - | - | High
+27 | [66.212.236.0](https://vuldb.com/?ip.66.212.236.0) | - | - | High
+28 | [66.212.246.0](https://vuldb.com/?ip.66.212.246.0) | - | - | High
+29 | [69.64.42.107](https://vuldb.com/?ip.69.64.42.107) | static-ip-69-64-42-107.inaddr.ip-pool.com | - | High
+30 | [69.64.42.119](https://vuldb.com/?ip.69.64.42.119) | static-ip-69-64-42-119.inaddr.ip-pool.com | - | High
+31 | [69.64.48.248](https://vuldb.com/?ip.69.64.48.248) | totalcputime.teslae.net | - | High
+32 | [69.64.53.173](https://vuldb.com/?ip.69.64.53.173) | static-ip-69-64-53-173.inaddr.ip-pool.com | - | High
+33 | [69.64.55.30](https://vuldb.com/?ip.69.64.55.30) | static-ip-69-64-55-30.inaddr.ip-pool.com | - | High
+34 | [77.81.120.0](https://vuldb.com/?ip.77.81.120.0) | - | - | High
+35 | [78.108.187.0](https://vuldb.com/?ip.78.108.187.0) | - | - | High
+36 | [80.67.32.0](https://vuldb.com/?ip.80.67.32.0) | - | - | High
+37 | [80.87.204.0](https://vuldb.com/?ip.80.87.204.0) | bill.artplanet.ru | - | High
+38 | [80.87.207.0](https://vuldb.com/?ip.80.87.207.0) | subnet.artplanet.su | - | High
+39 | [82.118.242.0](https://vuldb.com/?ip.82.118.242.0) | - | - | High
+40 | [85.202.80.0](https://vuldb.com/?ip.85.202.80.0) | - | - | High
+41 | ... | ... | ... | ...
 
-There are 137 more IOC items available. Please use our online service to access the data.
+There are 162 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -81,73 +87,75 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.github/workflows/combine-prs.yml` | High
-2 | File | `.htaccess` | Medium
-3 | File | `/Admin/add-student.php` | High
-4 | File | `/admin/api/admin/articles/` | High
-5 | File | `/admin/conferences/list/` | High
-6 | File | `/admin/edit_admin_details.php?id=admin` | High
-7 | File | `/admin/generalsettings.php` | High
-8 | File | `/Admin/login.php` | High
-9 | File | `/admin/payment.php` | High
-10 | File | `/admin/reports.php` | High
-11 | File | `/admin/showbad.php` | High
-12 | File | `/apilog.php` | Medium
-13 | File | `/cgi-bin/kerbynet` | High
-14 | File | `/cgi-bin/wlogin.cgi` | High
-15 | File | `/connectors/index.php` | High
-16 | File | `/dev/block/mmcblk0rpmb` | High
-17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-18 | File | `/face-recognition-php/facepay-master/camera.php` | High
-19 | File | `/forum/away.php` | High
-20 | File | `/fos/admin/ajax.php?action=login` | High
-21 | File | `/fos/admin/index.php?page=menu` | High
+2 | File | `/Admin/add-student.php` | High
+3 | File | `/admin/api/admin/articles/` | High
+4 | File | `/admin/conferences/list/` | High
+5 | File | `/Admin/login.php` | High
+6 | File | `/admin/showbad.php` | High
+7 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+8 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+9 | File | `/apilog.php` | Medium
+10 | File | `/APR/login.php` | High
+11 | File | `/bin/httpd` | Medium
+12 | File | `/cgi-bin/wlogin.cgi` | High
+13 | File | `/connectors/index.php` | High
+14 | File | `/dev/block/mmcblk0rpmb` | High
+15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+16 | File | `/face-recognition-php/facepay-master/camera.php` | High
+17 | File | `/forum/away.php` | High
+18 | File | `/fos/admin/ajax.php?action=login` | High
+19 | File | `/fos/admin/index.php?page=menu` | High
+20 | File | `/home/masterConsole` | High
+21 | File | `/home/sendBroadcast` | High
 22 | File | `/hrm/employeeadd.php` | High
 23 | File | `/hrm/employeeview.php` | High
 24 | File | `/index.php` | Medium
-25 | File | `/Items/*/RemoteImages/Download` | High
-26 | File | `/items/view_item.php` | High
-27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-28 | File | `/lists/admin/` | High
-29 | File | `/lookin/info` | Medium
-30 | File | `/MagickCore/image.c` | High
-31 | File | `/manager/index.php` | High
-32 | File | `/medical/inventories.php` | High
-33 | File | `/modules/profile/index.php` | High
-34 | File | `/modules/projects/vw_files.php` | High
-35 | File | `/modules/public/calendar.php` | High
-36 | File | `/newsDia.php` | Medium
-37 | File | `/out.php` | Medium
-38 | File | `/proxy` | Low
-39 | File | `/public/launchNewWindow.jsp` | High
-40 | File | `/Redcock-Farm/farm/category.php` | High
-41 | File | `/reports/rwservlet` | High
-42 | File | `/sacco_shield/manage_user.php` | High
-43 | File | `/spip.php` | Medium
-44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-45 | File | `/staff/bookdetails.php` | High
-46 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
-47 | File | `/user/update_booking.php` | High
-48 | File | `/var/log/nginx` | High
-49 | File | `/WEB-INF/web.xml` | High
-50 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+25 | File | `/items/view_item.php` | High
+26 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+27 | File | `/lookin/info` | Medium
+28 | File | `/manager/index.php` | High
+29 | File | `/medical/inventories.php` | High
+30 | File | `/modules/profile/index.php` | High
+31 | File | `/modules/projects/vw_files.php` | High
+32 | File | `/modules/public/calendar.php` | High
+33 | File | `/mygym/admin/index.php?view_exercises` | High
+34 | File | `/newsDia.php` | Medium
+35 | File | `/out.php` | Medium
+36 | File | `/php-opos/index.php` | High
+37 | File | `/proxy` | Low
+38 | File | `/public/launchNewWindow.jsp` | High
+39 | File | `/Redcock-Farm/farm/category.php` | High
+40 | File | `/reports/rwservlet` | High
+41 | File | `/sacco_shield/manage_user.php` | High
+42 | File | `/spip.php` | Medium
+43 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
+44 | File | `/staff/bookdetails.php` | High
+45 | File | `/uncpath/` | Medium
+46 | File | `/user/update_booking.php` | High
+47 | File | `/var/log/nginx` | High
+48 | File | `/WEB-INF/web.xml` | High
+49 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+50 | File | `/wireless/security.asp` | High
 51 | File | `/wordpress/wp-admin/options-general.php` | High
 52 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
 53 | File | `01article.php` | High
 54 | File | `AbstractScheduleJob.java` | High
 55 | File | `actionphp/download.File.php` | High
-56 | File | `AdClass.php` | Medium
-57 | File | `adclick.php` | Medium
-58 | File | `addtocart.asp` | High
-59 | File | `admin.php` | Medium
-60 | ... | ... | ...
+56 | File | `adclick.php` | Medium
+57 | File | `addtocart.asp` | High
+58 | File | `admin.php` | Medium
+59 | File | `admin/abc.php` | High
+60 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+61 | ... | ... | ...
 
-There are 523 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 534 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bz.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bz.netset
 
 ## Literature
 

actors/Benin Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...
 
-There are 16 more country items available. Please use our online service to access the data.
+There are 18 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -30,9 +30,10 @@ ID | IP address | Hostname | Campaign | Confidence
 7 | [41.86.224.0](https://vuldb.com/?ip.41.86.224.0) | - | - | High
 8 | [41.138.88.0](https://vuldb.com/?ip.41.138.88.0) | - | - | High
 9 | [41.190.64.0](https://vuldb.com/?ip.41.190.64.0) | - | - | High
-10 | ... | ... | ... | ...
+10 | [41.191.84.0](https://vuldb.com/?ip.41.191.84.0) | - | - | High
+11 | ... | ... | ... | ...
 
-There are 34 more IOC items available. Please use our online service to access the data.
+There are 41 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -89,13 +90,14 @@ ID | Type | Indicator | Confidence
 33 | File | `application/home/controller/debug.php` | High
 34 | ... | ... | ...
 
-There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 295 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bj.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bj.netset
 
 ## Literature
 

actors/Bermuda Unknown/README.md

@@ -25,19 +25,22 @@ ID | IP address | Hostname | Campaign | Confidence
 2 | [5.62.58.36](https://vuldb.com/?ip.5.62.58.36) | r-36-58-62-5.consumer-pool.prcdn.net | - | High
 3 | [45.12.70.27](https://vuldb.com/?ip.45.12.70.27) | specious.get-eye.com | - | High
 4 | [45.12.71.27](https://vuldb.com/?ip.45.12.71.27) | - | - | High
-5 | [45.74.26.0](https://vuldb.com/?ip.45.74.26.0) | - | - | High
-6 | [64.37.32.0](https://vuldb.com/?ip.64.37.32.0) | - | - | High
-7 | [64.147.80.0](https://vuldb.com/?ip.64.147.80.0) | 64.147.80.0.transact.bm | - | High
-8 | [65.171.98.0](https://vuldb.com/?ip.65.171.98.0) | - | - | High
-9 | [66.55.112.0](https://vuldb.com/?ip.66.55.112.0) | - | - | High
-10 | [66.97.172.0](https://vuldb.com/?ip.66.97.172.0) | - | - | High
-11 | [66.110.73.68](https://vuldb.com/?ip.66.110.73.68) | - | - | High
-12 | [66.110.73.96](https://vuldb.com/?ip.66.110.73.96) | - | - | High
-13 | [69.17.192.0](https://vuldb.com/?ip.69.17.192.0) | - | - | High
-14 | [74.114.240.0](https://vuldb.com/?ip.74.114.240.0) | - | - | High
-15 | ... | ... | ... | ...
+5 | [45.42.144.0](https://vuldb.com/?ip.45.42.144.0) | - | - | High
+6 | [45.74.26.0](https://vuldb.com/?ip.45.74.26.0) | - | - | High
+7 | [63.85.42.0](https://vuldb.com/?ip.63.85.42.0) | - | - | High
+8 | [64.37.32.0](https://vuldb.com/?ip.64.37.32.0) | - | - | High
+9 | [64.147.80.0](https://vuldb.com/?ip.64.147.80.0) | 64.147.80.0.transact.bm | - | High
+10 | [65.171.98.0](https://vuldb.com/?ip.65.171.98.0) | - | - | High
+11 | [66.55.112.0](https://vuldb.com/?ip.66.55.112.0) | - | - | High
+12 | [66.97.172.0](https://vuldb.com/?ip.66.97.172.0) | - | - | High
+13 | [66.110.73.68](https://vuldb.com/?ip.66.110.73.68) | - | - | High
+14 | [66.110.73.96](https://vuldb.com/?ip.66.110.73.96) | - | - | High
+15 | [69.17.192.0](https://vuldb.com/?ip.69.17.192.0) | - | - | High
+16 | [74.114.240.0](https://vuldb.com/?ip.74.114.240.0) | - | - | High
+17 | [76.8.32.0](https://vuldb.com/?ip.76.8.32.0) | - | - | High
+18 | ... | ... | ... | ...
 
-There are 56 more IOC items available. Please use our online service to access the data.
+There are 66 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -121,6 +124,7 @@ There are 471 more IOA items available (file, library, argument, input value, pa
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bm.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bm.netset
 
 ## Literature
 

actors/Bhutan Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [FR](https://vuldb.com/?country.fr)
 * ...
 
-There are 22 more country items available. Please use our online service to access the data.
+There are 23 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -98,7 +98,7 @@ ID | Type | Indicator | Confidence
 42 | File | `ajax/render/widget_php` | High
 43 | ... | ... | ...
 
-There are 370 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 372 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/BianLian/README.md

@@ -80,29 +80,30 @@ ID | Type | Indicator | Confidence
 20 | File | `/classes/Master.php?f=delete_appointment` | High
 21 | File | `/Core/Ap4Utils.h` | High
 22 | File | `/ctpms/classes/Master.php?f=delete_application` | High
-23 | File | `/etc/passwd` | Medium
-24 | File | `/front/roomtype-details.php` | High
-25 | File | `/goform/aspForm` | High
-26 | File | `/hdf5/src/H5T.c` | High
-27 | File | `/homeaction.php` | High
-28 | File | `/horde/imp/search.php` | High
-29 | File | `/index.php` | Medium
-30 | File | `/installer/upgrade_start` | High
-31 | File | `/Items/*/RemoteImages/Download` | High
-32 | File | `/items/view_item.php` | High
-33 | File | `/lan.asp` | Medium
-34 | File | `/librarian/bookdetails.php` | High
-35 | File | `/lists/admin/` | High
-36 | File | `/login/index.php` | High
-37 | File | `/mail/index.html` | High
-38 | File | `/navigate/navigate_download.php` | High
-39 | File | `/public/plugins/` | High
-40 | File | `/rapi/read_url` | High
-41 | File | `/reps/admin/?page=agents/manage_agent` | High
-42 | File | `/rest/api/1.0/render` | High
-43 | ... | ... | ...
+23 | File | `/front/roomtype-details.php` | High
+24 | File | `/goform/aspForm` | High
+25 | File | `/hdf5/src/H5T.c` | High
+26 | File | `/homeaction.php` | High
+27 | File | `/horde/imp/search.php` | High
+28 | File | `/index.php` | Medium
+29 | File | `/installer/upgrade_start` | High
+30 | File | `/Items/*/RemoteImages/Download` | High
+31 | File | `/items/view_item.php` | High
+32 | File | `/lan.asp` | Medium
+33 | File | `/librarian/bookdetails.php` | High
+34 | File | `/lists/admin/` | High
+35 | File | `/login/index.php` | High
+36 | File | `/mail/index.html` | High
+37 | File | `/navigate/navigate_download.php` | High
+38 | File | `/public/plugins/` | High
+39 | File | `/rapi/read_url` | High
+40 | File | `/reps/admin/?page=agents/manage_agent` | High
+41 | File | `/rest/api/1.0/render` | High
+42 | File | `/rest/api/latest/projectvalidate/key` | High
+43 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
+44 | ... | ... | ...
 
-There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 377 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Bifrost/README.md

@@ -8,7 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bifrost:
 
+* [US](https://vuldb.com/?country.us)
+* [RU](https://vuldb.com/?country.ru)
 * [ES](https://vuldb.com/?country.es)
+* ...
+
+There are 1 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -16,12 +21,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [23.222.236.33](https://vuldb.com/?ip.23.222.236.33) | a23-222-236-33.deploy.static.akamaitechnologies.com | - | High
-2 | [24.201.72.161](https://vuldb.com/?ip.24.201.72.161) | modemcable161.72-201-24.mc.videotron.ca | - | High
-3 | [104.18.10.39](https://vuldb.com/?ip.104.18.10.39) | - | - | High
+1 | [20.72.235.82](https://vuldb.com/?ip.20.72.235.82) | - | - | High
+2 | [23.222.236.33](https://vuldb.com/?ip.23.222.236.33) | a23-222-236-33.deploy.static.akamaitechnologies.com | - | High
+3 | [24.201.72.161](https://vuldb.com/?ip.24.201.72.161) | modemcable161.72-201-24.mc.videotron.ca | - | High
 4 | ... | ... | ... | ...
 
-There are 5 more IOC items available. Please use our online service to access the data.
+There are 13 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -29,7 +34,25 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1059.007 | CWE-79 | Cross Site Scripting | High
+3 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
+4 | ... | ... | ... | ...
+
+There are 2 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bifrost. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `/lists/admin/` | High
+2 | File | `convert.c` | Medium
+3 | File | `inc/autoload.function.php` | High
+4 | ... | ... | ...
+
+There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
@@ -39,6 +62,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.html
 * https://blog.talosintelligence.com/2021/05/threat-roundup-0430-0507.html
 * https://blog.talosintelligence.com/threat-roundup-0106-0113/
+* https://blog.talosintelligence.com/threat-roundup-0120-0127/
 
 ## Literature
 

actors/Bitter/README.md

@@ -77,9 +77,10 @@ ID | Type | Indicator | Confidence
 26 | File | `5.2.9\syscrb.exe` | High
 27 | File | `abc-pcie.c` | Medium
 28 | File | `accounts/payment_history.php` | High
-29 | ... | ... | ...
+29 | File | `adclick.php` | Medium
+30 | ... | ... | ...
 
-There are 248 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 254 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Black Basta/README.md

@@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with Black Basta:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Black Basta:
 
 * [US](https://vuldb.com/?country.us)
-* [CO](https://vuldb.com/?country.co)
-* [IN](https://vuldb.com/?country.in)
+* [GB](https://vuldb.com/?country.gb)
+* [RU](https://vuldb.com/?country.ru)
 * ...
 
-There are 9 more country items available. Please use our online service to access the data.
+There are 31 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -27,20 +27,25 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [23.106.160.188](https://vuldb.com/?ip.23.106.160.188) | - | - | High
-2 | [24.49.232.96](https://vuldb.com/?ip.24.49.232.96) | 24-49-232-96.resi.cgocable.ca | Qbot | High
-3 | [24.64.114.59](https://vuldb.com/?ip.24.64.114.59) | S0106b06ebfd79790.cg.shawcable.net | Qbot | High
-4 | [24.178.196.44](https://vuldb.com/?ip.24.178.196.44) | 024-178-196-044.biz.spectrum.com | - | High
-5 | [37.186.54.185](https://vuldb.com/?ip.37.186.54.185) | - | - | High
-6 | [39.44.144.182](https://vuldb.com/?ip.39.44.144.182) | - | - | High
-7 | [45.63.1.88](https://vuldb.com/?ip.45.63.1.88) | 45.63.1.88.vultrusercontent.com | - | High
-8 | [46.176.222.241](https://vuldb.com/?ip.46.176.222.241) | ppp046176222241.access.hol.gr | - | High
-9 | [47.23.89.126](https://vuldb.com/?ip.47.23.89.126) | ool-2f17597e.static.optonline.net | - | High
-10 | [70.50.3.214](https://vuldb.com/?ip.70.50.3.214) | bras-base-mtrlpq4809w-grc-15-70-50-3-214.dsl.bell.ca | Qbot | High
-11 | [70.64.77.115](https://vuldb.com/?ip.70.64.77.115) | S0106ac4ca5feeb27.ss.shawcable.net | Qbot | High
-12 | ... | ... | ... | ...
+1 | [5.62.43.252](https://vuldb.com/?ip.5.62.43.252) | r-252-43-62-5.consumer-pool.prcdn.net | - | High
+2 | [5.196.124.228](https://vuldb.com/?ip.5.196.124.228) | ip228.ip-5-196-124.eu | - | High
+3 | [23.106.160.188](https://vuldb.com/?ip.23.106.160.188) | - | - | High
+4 | [24.49.232.96](https://vuldb.com/?ip.24.49.232.96) | 24-49-232-96.resi.cgocable.ca | Qbot | High
+5 | [24.64.114.59](https://vuldb.com/?ip.24.64.114.59) | S0106b06ebfd79790.cg.shawcable.net | Qbot | High
+6 | [24.178.196.44](https://vuldb.com/?ip.24.178.196.44) | 024-178-196-044.biz.spectrum.com | - | High
+7 | [37.186.54.185](https://vuldb.com/?ip.37.186.54.185) | - | - | High
+8 | [39.44.144.182](https://vuldb.com/?ip.39.44.144.182) | - | - | High
+9 | [45.63.1.88](https://vuldb.com/?ip.45.63.1.88) | 45.63.1.88.vultrusercontent.com | - | High
+10 | [45.67.229.148](https://vuldb.com/?ip.45.67.229.148) | vm978261.stark-industries.solutions | - | High
+11 | [45.87.154.208](https://vuldb.com/?ip.45.87.154.208) | vm1075965.stark-industries.solutions | - | High
+12 | [45.133.216.39](https://vuldb.com/?ip.45.133.216.39) | vm627637.stark-industries.solutions | - | High
+13 | [45.153.241.167](https://vuldb.com/?ip.45.153.241.167) | - | - | High
+14 | [46.176.222.241](https://vuldb.com/?ip.46.176.222.241) | ppp046176222241.access.hol.gr | - | High
+15 | [47.23.89.126](https://vuldb.com/?ip.47.23.89.126) | ool-2f17597e.static.optonline.net | - | High
+16 | [69.46.15.147](https://vuldb.com/?ip.69.46.15.147) | 69-46-15-147.static.hvvc.us | - | High
+17 | ... | ... | ... | ...
 
-There are 42 more IOC items available. Please use our online service to access the data.
+There are 66 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -48,12 +53,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-22 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
 
-There are 10 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -62,20 +69,71 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `/cardo/api` | Medium
-3 | File | `/index.php` | Medium
-4 | File | `/s/` | Low
-5 | File | `/sendrcpackage?keyid=-2544&keysymbol=-4081` | High
-6 | File | `/uncpath/` | Medium
-7 | ... | ... | ...
+2 | File | `/addnews.html` | High
+3 | File | `/admin/admin.php` | High
+4 | File | `/api/trackedEntityInstances` | High
+5 | File | `/bin/login.php` | High
+6 | File | `/cgi-bin/hi3510/param.cgi` | High
+7 | File | `/cgi-bin/system_mgr.cgi` | High
+8 | File | `/cgi/sshcheck.cgi` | High
+9 | File | `/common/logViewer/logViewer.jsf` | High
+10 | File | `/ConsoleHelp/` | High
+11 | File | `/etc/sudoers` | Medium
+12 | File | `/export` | Low
+13 | File | `/horde/imp/search.php` | High
+14 | File | `/index.php` | Medium
+15 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+16 | File | `/LEPTON_stable_2.2.2/upload/admins/media/index.php` | High
+17 | File | `/login` | Low
+18 | File | `/modules/projects/vw_files.php` | High
+19 | File | `/news.dtl.php` | High
+20 | File | `/opensis/modules/grades/InputFinalGrades.php` | High
+21 | File | `/opensis/modules/users/Staff.php` | High
+22 | File | `/plesk-site-preview/` | High
+23 | File | `/proc/self/environ` | High
+24 | File | `/rest/api/2/user/picker` | High
+25 | File | `/s/` | Low
+26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+27 | File | `/secure/QueryComponent!Default.jspa` | High
+28 | File | `/sendrcpackage?keyid=-2544&keysymbol=-4081` | High
+29 | File | `/services` | Medium
+30 | File | `/system?action=ServiceAdmin` | High
+31 | File | `/var/WEB-GUI/cgi-bin/downloadfile.cgi` | High
+32 | File | `/vicidial/user_stats.php` | High
+33 | File | `/websocket/exec` | High
+34 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+35 | File | `access.conf` | Medium
+36 | File | `adclick.php` | Medium
+37 | File | `addentry.php` | Medium
+38 | File | `admin.php?m=backup&c=backup&a=doback` | High
+39 | File | `admin/admin_users.php` | High
+40 | File | `admin/login.php` | High
+41 | File | `admin/upload.php` | High
+42 | File | `administers` | Medium
+43 | File | `Administrator_list.php` | High
+44 | File | `advancedsetup_websiteblocking.html` | High
+45 | File | `ajax_mail_autoreply.php` | High
+46 | File | `ajax_save_name.php` | High
+47 | File | `allocator.cc` | Medium
+48 | File | `announcements.php` | High
+49 | File | `ap1.com` | Low
+50 | File | `apache2/modsecurity.c` | High
+51 | File | `api_jsonrpc.php` | High
+52 | File | `app/admin/controller/Ajax.php` | High
+53 | File | `App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf` | High
+54 | File | `AppCompatCache.exe` | High
+55 | File | `application.php` | High
+56 | File | `apply.cgi` | Medium
+57 | ... | ... | ...
 
-There are 45 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 497 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://1275.ru/ioc/311/black-basta-apt-iocs/
+* https://get.zerofox.com/rs/143-DHV-007/images/ZeroFox-Intelligence-Update-Black-Basta-Ransomware-Report-2023.pdf
 * https://www.cybereason.com/blog/threat-alert-aggressive-qakbot-campaign-and-the-black-basta-ransomware-group-targeting-u.s.-companies
 * https://www.trendmicro.com/de_de/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
 

actors/Black KingDom/README.md

@@ -8,12 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Black KingDom:
 
-* [DE](https://vuldb.com/?country.de)
 * [US](https://vuldb.com/?country.us)
-* [FR](https://vuldb.com/?country.fr)
-* ...
-
-There are 8 more country items available. Please use our online service to access the data.
+* [IR](https://vuldb.com/?country.ir)
 
 ## IOC - Indicator of Compromise
 
@@ -34,11 +30,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-24 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-264, CWE-269, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
 There are 22 more TTP items available. Please use our online service to access the data.
@@ -50,43 +46,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.authlie` | Medium
-2 | File | `.github/workflows/combine-prs.yml` | High
-3 | File | `/admin/ajax.php?action=delete_user` | High
-4 | File | `/admin/ajax.php?action=delete_window` | High
-5 | File | `/admin/ajax.php?action=save_queue` | High
-6 | File | `/admin/article_category.php` | High
-7 | File | `/admin/manage_user.php` | High
-8 | File | `/adminui/history_log.php` | High
-9 | File | `/apply.cgi` | Medium
-10 | File | `/classes/Master.php?f=delete_brand` | High
-11 | File | `/classes/Master.php?f=delete_category` | High
-12 | File | `/config/api/v1/reboot` | High
-13 | File | `/etc/passwd` | Medium
-14 | File | `/etc/shadow` | Medium
-15 | File | `/goform/WifiBasicSet` | High
-16 | File | `/hss/admin/?page=client/manage_client` | High
-17 | File | `/login/index.php` | High
-18 | File | `/opt/Citrix/ICAClient/util/ctxwebhelper` | High
-19 | File | `/output/outdbg.c` | High
-20 | File | `/output/outieee.c` | High
-21 | File | `/setNTP.cgi` | Medium
-22 | File | `/system/site.php` | High
-23 | File | `/tiki-importer.php` | High
-24 | File | `/tmp` | Low
-25 | File | `/tpts/manage_user.php` | High
-26 | File | `/trufusionPortal/upDwModuleProxy` | High
-27 | File | `/uncpath/` | Medium
-28 | File | `/var/log/nginx` | High
-29 | File | `/wp-admin/options-general.php` | High
-30 | File | `/wp-json/wc/v3/webhooks` | High
-31 | File | `0_change-gallery.php` | High
-32 | File | `addToWishlist.asp` | High
-33 | File | `admin/manage_user.php` | High
-34 | File | `admin/page-login.php` | High
-35 | File | `admin/panels/uploader/admin.uploader.php` | High
-36 | ... | ... | ...
+2 | File | `/admin/ajax.php?action=delete_user` | High
+3 | File | `/admin/ajax.php?action=delete_window` | High
+4 | File | `/admin/ajax.php?action=save_queue` | High
+5 | File | `/admin/article_category.php` | High
+6 | File | `/admin/manage_user.php` | High
+7 | File | `/apply.cgi` | Medium
+8 | File | `/bsms_ci/index.php/book` | High
+9 | File | `/classes/Master.php?f=delete_brand` | High
+10 | File | `/classes/Master.php?f=delete_category` | High
+11 | File | `/config/api/v1/reboot` | High
+12 | File | `/etc/shadow` | Medium
+13 | File | `/forums.php?action=post` | High
+14 | File | `/goform/WifiBasicSet` | High
+15 | File | `/hss/admin/?page=client/manage_client` | High
+16 | File | `/index.php` | Medium
+17 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
+18 | File | `/login/index.php` | High
+19 | File | `/opt/Citrix/ICAClient/util/ctxwebhelper` | High
+20 | File | `/output/outdbg.c` | High
+21 | File | `/output/outieee.c` | High
+22 | File | `/setNTP.cgi` | Medium
+23 | File | `/system/site.php` | High
+24 | File | `/tiki-importer.php` | High
+25 | File | `/tmp` | Low
+26 | File | `/tpts/manage_user.php` | High
+27 | File | `/trufusionPortal/upDwModuleProxy` | High
+28 | File | `/uncpath/` | Medium
+29 | File | `/usr/etc/restore0.9` | High
+30 | ... | ... | ...
 
-There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 251 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/BlackCat/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...
 
-There are 8 more country items available. Please use our online service to access the data.
+There are 10 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -72,27 +72,27 @@ ID | Type | Indicator | Confidence
 20 | File | `/contacts/listcontacts.php` | High
 21 | File | `/csms/admin/?page=user/manage_user` | High
 22 | File | `/Default/Bd` | Medium
-23 | File | `/forum/away.php` | High
-24 | File | `/fos/admin/index.php?page=menu` | High
-25 | File | `/goform/AddSysLogRule` | High
-26 | File | `/goform/SafeEmailFilter` | High
-27 | File | `/goform/SetIpMacBind` | High
-28 | File | `/goform/setSnmpInfo` | High
-29 | File | `/goform/setUplinkInfo` | High
-30 | File | `/goform/SysToolReboot` | High
-31 | File | `/goform/WifiBasicSet` | High
-32 | File | `/graphql` | Medium
-33 | File | `/home/hjsz/jsonlint/src/lexer` | High
-34 | File | `/hrm/employeeview.php` | High
-35 | File | `/hss/?page=categories` | High
-36 | File | `/hss/admin/brands/manage_brand.php` | High
-37 | File | `/index.php?module=entities/entities` | High
-38 | File | `/index.php?module=global_lists/lists` | High
-39 | File | `/index.php?module=help_pages/pages&entities_id=24` | High
-40 | File | `/index.php?module=users_alerts/users_alerts` | High
+23 | File | `/ext/phar/phar_object.c` | High
+24 | File | `/forum/away.php` | High
+25 | File | `/fos/admin/index.php?page=menu` | High
+26 | File | `/goform/AddSysLogRule` | High
+27 | File | `/goform/SafeEmailFilter` | High
+28 | File | `/goform/SetIpMacBind` | High
+29 | File | `/goform/setSnmpInfo` | High
+30 | File | `/goform/setUplinkInfo` | High
+31 | File | `/goform/SysToolReboot` | High
+32 | File | `/goform/WifiBasicSet` | High
+33 | File | `/graphql` | Medium
+34 | File | `/home/hjsz/jsonlint/src/lexer` | High
+35 | File | `/hrm/employeeview.php` | High
+36 | File | `/hss/?page=categories` | High
+37 | File | `/hss/admin/brands/manage_brand.php` | High
+38 | File | `/index.php?module=entities/entities` | High
+39 | File | `/index.php?module=global_lists/lists` | High
+40 | File | `/index.php?module=help_pages/pages&entities_id=24` | High
 41 | ... | ... | ...
 
-There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 354 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/BlackEnergy/README.md

@@ -38,7 +38,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
-2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
@@ -52,40 +52,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `//proc/kcore` | Medium
-2 | File | `/about.php` | Medium
-3 | File | `/admin/dl_sendmail.php` | High
-4 | File | `/admin/submit-articles` | High
-5 | File | `/ad_js.php` | Medium
-6 | File | `/Ap4RtpAtom.cpp` | High
-7 | File | `/api/v2/cli/commands` | High
-8 | File | `/app/options.py` | High
-9 | File | `/attachments` | Medium
-10 | File | `/bsms/?page=manage_account` | High
-11 | File | `/cgi-bin/login.cgi` | High
-12 | File | `/cgi-bin/luci/api/wireless` | High
-13 | File | `/ci_hms/massage_room/edit/1` | High
-14 | File | `/context/%2e/WEB-INF/web.xml` | High
-15 | File | `/dashboard/reports/logs/view` | High
-16 | File | `/debian/patches/load_ppp_generic_if_needed` | High
-17 | File | `/debug/pprof` | Medium
-18 | File | `/etc/hosts` | Medium
-19 | File | `/fuel/sitevariables/delete/4` | High
-20 | File | `/goform/setmac` | High
-21 | File | `/goform/wizard_end` | High
-22 | File | `/hprms/admin/doctors/manage_doctor.php` | High
-23 | File | `/index/jobfairol/show/` | High
-24 | File | `/librarian/bookdetails.php` | High
-25 | File | `/manage-apartment.php` | High
+1 | File | `/about.php` | Medium
+2 | File | `/admin.php/accessory/filesdel.html` | High
+3 | File | `/admin/?page=user/manage` | High
+4 | File | `/admin/add-new.php` | High
+5 | File | `/admin/doctors.php` | High
+6 | File | `/admin/submit-articles` | High
+7 | File | `/ad_js.php` | Medium
+8 | File | `/alphaware/summary.php` | High
+9 | File | `/api/v2/cli/commands` | High
+10 | File | `/app/options.py` | High
+11 | File | `/attachments` | Medium
+12 | File | `/boat/login.php` | High
+13 | File | `/bsms_ci/index.php/book` | High
+14 | File | `/cgi-bin/luci/api/wireless` | High
+15 | File | `/ci_hms/massage_room/edit/1` | High
+16 | File | `/context/%2e/WEB-INF/web.xml` | High
+17 | File | `/dashboard/reports/logs/view` | High
+18 | File | `/debian/patches/load_ppp_generic_if_needed` | High
+19 | File | `/debug/pprof` | Medium
+20 | File | `/etc/hosts` | Medium
+21 | File | `/forum/away.php` | High
+22 | File | `/goform/setmac` | High
+23 | File | `/goform/wizard_end` | High
+24 | File | `/manage-apartment.php` | High
+25 | File | `/medicines/profile.php` | High
 26 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
 27 | File | `/out.php` | Medium
 28 | File | `/pages/apply_vacancy.php` | High
 29 | File | `/pet_shop/admin/?page=maintenance/manage_category` | High
 30 | File | `/proc/<PID>/mem` | High
 31 | File | `/proxy` | Low
-32 | ... | ... | ...
+32 | File | `/reservation/add_message.php` | High
+33 | File | `/spip.php` | Medium
+34 | File | `/tmp` | Low
+35 | File | `/uncpath/` | Medium
+36 | File | `/upload` | Low
+37 | ... | ... | ...
 
-There are 272 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/BlackTech/README.md

@@ -76,7 +76,7 @@ ID | Type | Indicator | Confidence
 17 | File | `administrator/components/com_media/helpers/media.php` | High
 18 | ... | ... | ...
 
-There are 143 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 145 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/BlueFox/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...
 
-There are 4 more country items available. Please use our online service to access the data.
+There are 5 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
 
-There are 6 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -49,18 +49,18 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/index.php` | Medium
 2 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
-3 | File | `addtocart.asp` | High
-4 | File | `admin/adm/test.php` | High
-5 | File | `agora.cgi` | Medium
-6 | File | `books.php` | Medium
-7 | File | `cat.asp` | Low
-8 | File | `catalog.php` | Medium
-9 | File | `categories.php` | High
-10 | File | `default.php` | Medium
-11 | File | `detail.php` | Medium
+3 | File | `adclick.php` | Medium
+4 | File | `addtocart.asp` | High
+5 | File | `admin/adm/test.php` | High
+6 | File | `agora.cgi` | Medium
+7 | File | `books.php` | Medium
+8 | File | `cat.asp` | Low
+9 | File | `catalog.php` | Medium
+10 | File | `categories.php` | High
+11 | File | `default.php` | Medium
 12 | ... | ... | ...
 
-There are 89 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 91 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Bolivia Unknown/README.md

@@ -19,36 +19,40 @@ ID | IP address | Hostname | Campaign | Confidence
 1 | [2.57.68.0](https://vuldb.com/?ip.2.57.68.0) | - | - | High
 2 | [5.62.56.40](https://vuldb.com/?ip.5.62.56.40) | r-40-56-62-5.consumer-pool.prcdn.net | - | High
 3 | [5.62.58.40](https://vuldb.com/?ip.5.62.58.40) | r-40-58-62-5.consumer-pool.prcdn.net | - | High
-4 | [34.100.4.0](https://vuldb.com/?ip.34.100.4.0) | 0.4.100.34.bc.googleusercontent.com | - | Medium
-5 | [34.100.46.0](https://vuldb.com/?ip.34.100.46.0) | 0.46.100.34.bc.googleusercontent.com | - | Medium
-6 | [37.230.187.0](https://vuldb.com/?ip.37.230.187.0) | - | - | High
-7 | [45.4.98.0](https://vuldb.com/?ip.45.4.98.0) | 45.4.98.0.prodem.bo | - | High
-8 | [45.5.13.0](https://vuldb.com/?ip.45.5.13.0) | - | - | High
-9 | [45.12.70.29](https://vuldb.com/?ip.45.12.70.29) | abseiled.get-eye.com | - | High
-10 | [45.12.71.29](https://vuldb.com/?ip.45.12.71.29) | - | - | High
-11 | [45.14.72.0](https://vuldb.com/?ip.45.14.72.0) | - | - | High
-12 | [45.70.180.0](https://vuldb.com/?ip.45.70.180.0) | - | - | High
-13 | [45.74.19.0](https://vuldb.com/?ip.45.74.19.0) | - | - | High
-14 | [45.148.104.0](https://vuldb.com/?ip.45.148.104.0) | - | - | High
-15 | [45.163.18.0](https://vuldb.com/?ip.45.163.18.0) | - | - | High
-16 | [45.183.184.0](https://vuldb.com/?ip.45.183.184.0) | 45-183-184-0.golochtelnet.com | - | High
-17 | [45.225.75.0](https://vuldb.com/?ip.45.225.75.0) | - | - | High
-18 | [45.226.32.0](https://vuldb.com/?ip.45.226.32.0) | - | - | High
-19 | [45.227.61.0](https://vuldb.com/?ip.45.227.61.0) | - | - | High
-20 | [45.229.195.0](https://vuldb.com/?ip.45.229.195.0) | - | - | High
-21 | [45.229.244.0](https://vuldb.com/?ip.45.229.244.0) | - | - | High
-22 | [45.232.46.0](https://vuldb.com/?ip.45.232.46.0) | - | - | High
-23 | [45.236.192.0](https://vuldb.com/?ip.45.236.192.0) | - | - | High
-24 | [46.36.200.21](https://vuldb.com/?ip.46.36.200.21) | - | - | High
-25 | [46.36.200.22](https://vuldb.com/?ip.46.36.200.22) | - | - | High
-26 | [46.36.200.24](https://vuldb.com/?ip.46.36.200.24) | - | - | High
-27 | [46.36.200.28](https://vuldb.com/?ip.46.36.200.28) | - | - | High
-28 | [46.36.200.30](https://vuldb.com/?ip.46.36.200.30) | - | - | High
-29 | [46.36.200.81](https://vuldb.com/?ip.46.36.200.81) | - | - | High
-30 | [46.36.200.82](https://vuldb.com/?ip.46.36.200.82) | - | - | High
-31 | ... | ... | ... | ...
+4 | [12.144.83.0](https://vuldb.com/?ip.12.144.83.0) | - | - | High
+5 | [12.144.84.0](https://vuldb.com/?ip.12.144.84.0) | - | - | High
+6 | [34.100.4.0](https://vuldb.com/?ip.34.100.4.0) | 0.4.100.34.bc.googleusercontent.com | - | Medium
+7 | [34.100.46.0](https://vuldb.com/?ip.34.100.46.0) | 0.46.100.34.bc.googleusercontent.com | - | Medium
+8 | [37.230.187.0](https://vuldb.com/?ip.37.230.187.0) | - | - | High
+9 | [45.4.98.0](https://vuldb.com/?ip.45.4.98.0) | 45.4.98.0.prodem.bo | - | High
+10 | [45.5.13.0](https://vuldb.com/?ip.45.5.13.0) | - | - | High
+11 | [45.12.70.29](https://vuldb.com/?ip.45.12.70.29) | abseiled.get-eye.com | - | High
+12 | [45.12.71.29](https://vuldb.com/?ip.45.12.71.29) | - | - | High
+13 | [45.14.72.0](https://vuldb.com/?ip.45.14.72.0) | - | - | High
+14 | [45.68.0.0](https://vuldb.com/?ip.45.68.0.0) | - | - | High
+15 | [45.70.180.0](https://vuldb.com/?ip.45.70.180.0) | - | - | High
+16 | [45.74.19.0](https://vuldb.com/?ip.45.74.19.0) | - | - | High
+17 | [45.148.104.0](https://vuldb.com/?ip.45.148.104.0) | - | - | High
+18 | [45.163.18.0](https://vuldb.com/?ip.45.163.18.0) | - | - | High
+19 | [45.183.184.0](https://vuldb.com/?ip.45.183.184.0) | 45-183-184-0.golochtelnet.com | - | High
+20 | [45.225.75.0](https://vuldb.com/?ip.45.225.75.0) | - | - | High
+21 | [45.226.32.0](https://vuldb.com/?ip.45.226.32.0) | - | - | High
+22 | [45.227.61.0](https://vuldb.com/?ip.45.227.61.0) | - | - | High
+23 | [45.229.195.0](https://vuldb.com/?ip.45.229.195.0) | - | - | High
+24 | [45.229.244.0](https://vuldb.com/?ip.45.229.244.0) | - | - | High
+25 | [45.232.46.0](https://vuldb.com/?ip.45.232.46.0) | - | - | High
+26 | [45.236.192.0](https://vuldb.com/?ip.45.236.192.0) | - | - | High
+27 | [46.36.200.21](https://vuldb.com/?ip.46.36.200.21) | - | - | High
+28 | [46.36.200.22](https://vuldb.com/?ip.46.36.200.22) | - | - | High
+29 | [46.36.200.24](https://vuldb.com/?ip.46.36.200.24) | - | - | High
+30 | [46.36.200.28](https://vuldb.com/?ip.46.36.200.28) | - | - | High
+31 | [46.36.200.30](https://vuldb.com/?ip.46.36.200.30) | - | - | High
+32 | [46.36.200.81](https://vuldb.com/?ip.46.36.200.81) | - | - | High
+33 | [46.36.200.82](https://vuldb.com/?ip.46.36.200.82) | - | - | High
+34 | [46.36.200.84](https://vuldb.com/?ip.46.36.200.84) | - | - | High
+35 | ... | ... | ... | ...
 
-There are 119 more IOC items available. Please use our online service to access the data.
+There are 136 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -74,6 +78,7 @@ ID | Type | Indicator | Confidence
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bo.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bo.netset
 
 ## Literature
 

actors/Bosnia and Herzegovina Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [DE](https://vuldb.com/?country.de)
 * ...
 
-There are 21 more country items available. Please use our online service to access the data.
+There are 22 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -60,12 +60,15 @@ ID | IP address | Hostname | Campaign | Confidence
 37 | [46.36.200.20](https://vuldb.com/?ip.46.36.200.20) | - | - | High
 38 | [46.163.48.0](https://vuldb.com/?ip.46.163.48.0) | - | - | High
 39 | [46.163.50.0](https://vuldb.com/?ip.46.163.50.0) | - | - | High
-40 | [46.163.60.0](https://vuldb.com/?ip.46.163.60.0) | - | - | High
-41 | [46.239.0.0](https://vuldb.com/?ip.46.239.0.0) | - | - | High
-42 | [57.90.72.0](https://vuldb.com/?ip.57.90.72.0) | - | - | High
-43 | ... | ... | ... | ...
+40 | [46.163.54.0](https://vuldb.com/?ip.46.163.54.0) | - | - | High
+41 | [46.163.60.0](https://vuldb.com/?ip.46.163.60.0) | - | - | High
+42 | [46.239.0.0](https://vuldb.com/?ip.46.239.0.0) | - | - | High
+43 | [57.90.56.0](https://vuldb.com/?ip.57.90.56.0) | - | - | High
+44 | [57.90.72.0](https://vuldb.com/?ip.57.90.72.0) | - | - | High
+45 | [62.4.113.0](https://vuldb.com/?ip.62.4.113.0) | - | - | High
+46 | ... | ... | ... | ...
 
-There are 168 more IOC items available. Please use our online service to access the data.
+There are 182 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -89,70 +92,74 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.github/workflows/combine-prs.yml` | High
-2 | File | `.htaccess` | Medium
-3 | File | `/Admin/add-student.php` | High
-4 | File | `/admin/api/admin/articles/` | High
-5 | File | `/admin/conferences/list/` | High
-6 | File | `/admin/edit_admin_details.php?id=admin` | High
-7 | File | `/admin/generalsettings.php` | High
-8 | File | `/Admin/login.php` | High
-9 | File | `/admin/payment.php` | High
-10 | File | `/admin/reports.php` | High
-11 | File | `/admin/showbad.php` | High
-12 | File | `/apilog.php` | Medium
-13 | File | `/cgi-bin/kerbynet` | High
-14 | File | `/cgi-bin/wlogin.cgi` | High
-15 | File | `/connectors/index.php` | High
-16 | File | `/dev/block/mmcblk0rpmb` | High
-17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-18 | File | `/face-recognition-php/facepay-master/camera.php` | High
-19 | File | `/forum/away.php` | High
-20 | File | `/fos/admin/ajax.php?action=login` | High
-21 | File | `/fos/admin/index.php?page=menu` | High
-22 | File | `/hrm/employeeadd.php` | High
-23 | File | `/hrm/employeeview.php` | High
-24 | File | `/index.php` | Medium
-25 | File | `/Items/*/RemoteImages/Download` | High
-26 | File | `/items/view_item.php` | High
-27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-28 | File | `/lookin/info` | Medium
-29 | File | `/MagickCore/image.c` | High
-30 | File | `/manager/index.php` | High
-31 | File | `/medical/inventories.php` | High
-32 | File | `/modules/profile/index.php` | High
-33 | File | `/modules/projects/vw_files.php` | High
-34 | File | `/modules/public/calendar.php` | High
-35 | File | `/newsDia.php` | Medium
-36 | File | `/out.php` | Medium
-37 | File | `/proxy` | Low
-38 | File | `/public/launchNewWindow.jsp` | High
-39 | File | `/Redcock-Farm/farm/category.php` | High
-40 | File | `/reports/rwservlet` | High
-41 | File | `/sacco_shield/manage_user.php` | High
-42 | File | `/spip.php` | Medium
-43 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-44 | File | `/staff/bookdetails.php` | High
-45 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
-46 | File | `/user/update_booking.php` | High
-47 | File | `/WEB-INF/web.xml` | High
-48 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+2 | File | `/Admin/add-student.php` | High
+3 | File | `/admin/api/admin/articles/` | High
+4 | File | `/Admin/login.php` | High
+5 | File | `/admin/showbad.php` | High
+6 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+7 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+8 | File | `/apilog.php` | Medium
+9 | File | `/APR/login.php` | High
+10 | File | `/bin/httpd` | Medium
+11 | File | `/cgi-bin/wlogin.cgi` | High
+12 | File | `/connectors/index.php` | High
+13 | File | `/dev/block/mmcblk0rpmb` | High
+14 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+15 | File | `/face-recognition-php/facepay-master/camera.php` | High
+16 | File | `/forum/away.php` | High
+17 | File | `/fos/admin/ajax.php?action=login` | High
+18 | File | `/fos/admin/index.php?page=menu` | High
+19 | File | `/home/masterConsole` | High
+20 | File | `/home/sendBroadcast` | High
+21 | File | `/hrm/employeeadd.php` | High
+22 | File | `/hrm/employeeview.php` | High
+23 | File | `/index.php` | Medium
+24 | File | `/items/view_item.php` | High
+25 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+26 | File | `/lookin/info` | Medium
+27 | File | `/manager/index.php` | High
+28 | File | `/medical/inventories.php` | High
+29 | File | `/modules/profile/index.php` | High
+30 | File | `/modules/projects/vw_files.php` | High
+31 | File | `/modules/public/calendar.php` | High
+32 | File | `/mygym/admin/index.php?view_exercises` | High
+33 | File | `/newsDia.php` | Medium
+34 | File | `/out.php` | Medium
+35 | File | `/php-opos/index.php` | High
+36 | File | `/proxy` | Low
+37 | File | `/public/launchNewWindow.jsp` | High
+38 | File | `/Redcock-Farm/farm/category.php` | High
+39 | File | `/reports/rwservlet` | High
+40 | File | `/sacco_shield/manage_user.php` | High
+41 | File | `/spip.php` | Medium
+42 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
+43 | File | `/staff/bookdetails.php` | High
+44 | File | `/uncpath/` | Medium
+45 | File | `/user/update_booking.php` | High
+46 | File | `/WEB-INF/web.xml` | High
+47 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+48 | File | `/wireless/security.asp` | High
 49 | File | `/wordpress/wp-admin/options-general.php` | High
 50 | File | `/wp-admin/admin-ajax.php` | High
 51 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
 52 | File | `01article.php` | High
 53 | File | `AbstractScheduleJob.java` | High
 54 | File | `actionphp/download.File.php` | High
-55 | File | `AdClass.php` | Medium
-56 | File | `adclick.php` | Medium
-57 | ... | ... | ...
+55 | File | `adclick.php` | Medium
+56 | File | `addtocart.asp` | High
+57 | File | `admin.php` | Medium
+58 | File | `admin/abc.php` | High
+59 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+60 | ... | ... | ...
 
-There are 501 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 523 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_ba.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_ba.netset
 
 ## Literature
 

actors/Botswana Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [FR](https://vuldb.com/?country.fr)
 * ...
 
-There are 16 more country items available. Please use our online service to access the data.
+There are 17 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -23,20 +23,23 @@ ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [5.62.60.44](https://vuldb.com/?ip.5.62.60.44) | r-44-60-62-5.consumer-pool.prcdn.net | - | High
 2 | [5.62.62.44](https://vuldb.com/?ip.5.62.62.44) | r-44-62-62-5.consumer-pool.prcdn.net | - | High
-3 | [41.60.215.0](https://vuldb.com/?ip.41.60.215.0) | - | - | High
-4 | [41.74.48.0](https://vuldb.com/?ip.41.74.48.0) | - | - | High
-5 | [41.75.0.0](https://vuldb.com/?ip.41.75.0.0) | - | - | High
-6 | [41.76.240.0](https://vuldb.com/?ip.41.76.240.0) | - | - | High
-7 | [41.77.88.0](https://vuldb.com/?ip.41.77.88.0) | - | - | High
-8 | [41.78.95.0](https://vuldb.com/?ip.41.78.95.0) | - | - | High
-9 | [41.79.32.0](https://vuldb.com/?ip.41.79.32.0) | - | - | High
-10 | [41.79.136.0](https://vuldb.com/?ip.41.79.136.0) | 41-79-136-0.abaricom.co.bw | - | High
-11 | [41.87.160.0](https://vuldb.com/?ip.41.87.160.0) | - | - | High
-12 | [41.138.72.0](https://vuldb.com/?ip.41.138.72.0) | - | - | High
-13 | [41.190.244.0](https://vuldb.com/?ip.41.190.244.0) | - | - | High
-14 | ... | ... | ... | ...
+3 | [41.60.156.0](https://vuldb.com/?ip.41.60.156.0) | - | - | High
+4 | [41.60.215.0](https://vuldb.com/?ip.41.60.215.0) | - | - | High
+5 | [41.74.48.0](https://vuldb.com/?ip.41.74.48.0) | - | - | High
+6 | [41.75.0.0](https://vuldb.com/?ip.41.75.0.0) | - | - | High
+7 | [41.76.240.0](https://vuldb.com/?ip.41.76.240.0) | - | - | High
+8 | [41.77.88.0](https://vuldb.com/?ip.41.77.88.0) | - | - | High
+9 | [41.78.95.0](https://vuldb.com/?ip.41.78.95.0) | - | - | High
+10 | [41.79.32.0](https://vuldb.com/?ip.41.79.32.0) | - | - | High
+11 | [41.79.136.0](https://vuldb.com/?ip.41.79.136.0) | 41-79-136-0.abaricom.co.bw | - | High
+12 | [41.87.160.0](https://vuldb.com/?ip.41.87.160.0) | - | - | High
+13 | [41.138.72.0](https://vuldb.com/?ip.41.138.72.0) | - | - | High
+14 | [41.190.244.0](https://vuldb.com/?ip.41.190.244.0) | - | - | High
+15 | [41.191.64.0](https://vuldb.com/?ip.41.191.64.0) | - | - | High
+16 | [41.191.216.0](https://vuldb.com/?ip.41.191.216.0) | - | - | High
+17 | ... | ... | ... | ...
 
-There are 50 more IOC items available. Please use our online service to access the data.
+There are 65 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -91,15 +94,18 @@ ID | Type | Indicator | Confidence
 31 | File | `album_portal.php` | High
 32 | File | `api.php` | Low
 33 | File | `app/xml_cdr/xml_cdr_search.php` | High
-34 | ... | ... | ...
+34 | File | `application/home/controller/debug.php` | High
+35 | File | `articulo.php` | Medium
+36 | ... | ... | ...
 
-There are 294 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bw.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bw.netset
 
 ## Literature
 

actors/Bouncing Golf/README.md

@@ -83,7 +83,7 @@ ID | Type | Indicator | Confidence
 33 | File | `boardrule.php` | High
 34 | ... | ... | ...
 
-There are 290 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Brazil Unknown/README.md

@@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...
 
-There are 24 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -1398,14 +1398,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-22 | Pathname Traversal | High
+1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
-6 | ... | ... | ... | ...
+3 | T1059 | CWE-94 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
 
-There are 19 more TTP items available. Please use our online service to access the data.
+There are 13 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -1413,55 +1411,33 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.github/workflows/combine-prs.yml` | High
-2 | File | `/admin/` | Low
-3 | File | `/admin/api/admin/articles/` | High
-4 | File | `/admin/submit-articles` | High
-5 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-6 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-7 | File | `/auth` | Low
-8 | File | `/bin/httpd` | Medium
-9 | File | `/Default/Bd` | Medium
-10 | File | `/dev/block/mmcblk0rpmb` | High
-11 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-12 | File | `/download` | Medium
-13 | File | `/face-recognition-php/facepay-master/camera.php` | High
-14 | File | `/forum/away.php` | High
-15 | File | `/forum/PostPrivateMessage` | High
-16 | File | `/fos/admin/ajax.php?action=login` | High
-17 | File | `/fos/admin/index.php?page=menu` | High
-18 | File | `/home/masterConsole` | High
-19 | File | `/home/sendBroadcast` | High
-20 | File | `/hrm/controller/employee.php` | High
-21 | File | `/hrm/employeeadd.php` | High
-22 | File | `/hrm/employeeview.php` | High
-23 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-24 | File | `/lookin/info` | Medium
-25 | File | `/mygym/admin/index.php?view_exercises` | High
-26 | File | `/param.file.tgz` | High
-27 | File | `/php-opos/index.php` | High
-28 | File | `/php-scrm/login.php` | High
-29 | File | `/php/` | Low
-30 | File | `/php_action/editProductImage.php` | High
-31 | File | `/product/savenewproduct.php?flag=1` | High
-32 | File | `/proxy` | Low
-33 | File | `/Redcock-Farm/farm/category.php` | High
-34 | File | `/reports/rwservlet` | High
-35 | File | `/services/Card/findUser` | High
-36 | File | `/spip.php` | Medium
-37 | File | `/uncpath/` | Medium
-38 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
-39 | File | `/view-property.php` | High
-40 | File | `/wireless/security.asp` | High
-41 | File | `/wp-content/plugins/updraftplus/admin.php` | High
-42 | File | `01article.php` | High
-43 | File | `2020\Messages\SDNotify.exe` | High
-44 | File | `AbstractScheduleJob.java` | High
-45 | File | `action.php` | Medium
-46 | File | `actionphp/download.File.php` | High
-47 | ... | ... | ...
+1 | File | `/admin/` | Low
+2 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+3 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+4 | File | `/APR/login.php` | High
+5 | File | `/APR/signup.php` | High
+6 | File | `/cgi-bin/wapopen` | High
+7 | File | `/forum/away.php` | High
+8 | File | `/mims/login.php` | High
+9 | File | `/mygym/admin/index.php?view_exercises` | High
+10 | File | `/php-opos/index.php` | High
+11 | File | `/php-scrm/login.php` | High
+12 | File | `/textpattern/index.php` | High
+13 | File | `/tmp` | Low
+14 | File | `account-signup.php` | High
+15 | File | `account/signup.php` | High
+16 | File | `action.php` | Medium
+17 | File | `addentry.php` | Medium
+18 | File | `admin-ajax.php` | High
+19 | File | `admin.php` | Medium
+20 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+21 | File | `admin/admin_editor.php` | High
+22 | File | `admin/conf_users_edit.php` | High
+23 | File | `adminer.php` | Medium
+24 | File | `blocks/block-Old_Articles.php` | High
+25 | ... | ... | ...
 
-There are 409 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 214 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Bronze Butler/README.md

@@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
-* [KR](https://vuldb.com/?country.kr)
+* [JP](https://vuldb.com/?country.jp)
 * ...
 
 There are 1 more country items available. Please use our online service to access the data.
@@ -49,10 +49,10 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/out.php` | Medium
 2 | File | `data/gbconfiguration.dat` | High
-3 | File | `wp-login.php` | Medium
+3 | File | `miniserv.pl` | Medium
 4 | ... | ... | ...
 
-There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 8 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Bronze Starlight/README.md

@@ -42,7 +42,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...
 
-There are 5 more TTP items available. Please use our online service to access the data.
+There are 6 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -55,7 +55,7 @@ ID | Type | Indicator | Confidence
 3 | File | `adm/config_form_update.php` | High
 4 | ... | ... | ...
 
-There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 12 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Brunhilda/README.md

@@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Brunhilda:
 
-* [FR](https://vuldb.com/?country.fr)
 * [US](https://vuldb.com/?country.us)
+* [FR](https://vuldb.com/?country.fr)
 * [DE](https://vuldb.com/?country.de)
 
 ## IOC - Indicator of Compromise

actors/Brute Ratel C4/README.md

@@ -72,7 +72,7 @@ ID | Type | Indicator | Confidence
 16 | File | `/login.php` | Medium
 17 | ... | ... | ...
 
-There are 135 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 136 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Chaos/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...
 
-There are 8 more country items available. Please use our online service to access the data.
+There are 6 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -85,10 +85,9 @@ ID | Type | Indicator | Confidence
 30 | File | `/ofrs/admin/?page=teams/view_team` | High
 31 | File | `/one_church/userregister.php` | High
 32 | File | `/out.php` | Medium
-33 | File | `/public/plugins/` | High
-34 | ... | ... | ...
+33 | ... | ... | ...
 
-There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Chimera/README.md

@@ -10,6 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [VN](https://vuldb.com/?country.vn)
 * [CN](https://vuldb.com/?country.cn)
+* [US](https://vuldb.com/?country.us)
 
 ## IOC - Indicator of Compromise
 
@@ -32,7 +33,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
-2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
@@ -47,41 +48,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.FBCIndex` | Medium
-2 | File | `/.ssh/authorized_keys` | High
-3 | File | `/admin/admin.php` | High
-4 | File | `/blogengine/api/posts` | High
-5 | File | `/bsms_ci/index.php` | High
-6 | File | `/bsms_ci/index.php/user/edit_user/` | High
-7 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
-8 | File | `/cgi-bin/api-get_line_status` | High
-9 | File | `/cgi-bin/luci` | High
-10 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
-11 | File | `/cgi-bin/qcmap_auth` | High
-12 | File | `/cgi-bin/upload_vpntar` | High
-13 | File | `/cgi-bin/wlogin.cgi` | High
-14 | File | `/CommunitySSORedirect.jsp` | High
-15 | File | `/Content/Template/root/reverse-shell.aspx` | High
-16 | File | `/diagnostic/editclient.php` | High
-17 | File | `/export` | Low
-18 | File | `/filemanager/php/connector.php` | High
-19 | File | `/forum/away.php` | High
-20 | File | `/h/calendar` | Medium
-21 | File | `/hrm/controller/employee.php` | High
-22 | File | `/index.php?module=global_lists/lists` | High
-23 | File | `/login/index.php` | High
-24 | File | `/mkshope/login.php` | High
-25 | File | `/network_test.php` | High
-26 | File | `/obs/book.php` | High
-27 | File | `/okm:root` | Medium
-28 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
-29 | File | `/out.php` | Medium
-30 | File | `/products/view_product.php` | High
-31 | File | `/public/launchNewWindow.jsp` | High
-32 | File | `/public_html/animals` | High
-33 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
-34 | ... | ... | ...
+2 | File | `/.env` | Low
+3 | File | `/.ssh/authorized_keys` | High
+4 | File | `/as/authorization.oauth2` | High
+5 | File | `/blogengine/api/posts` | High
+6 | File | `/cgi-bin/api-get_line_status` | High
+7 | File | `/cgi-bin/luci` | High
+8 | File | `/cgi-bin/luci/api/auth` | High
+9 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
+10 | File | `/cgi-bin/upload_vpntar` | High
+11 | File | `/cgi-bin/wlogin.cgi` | High
+12 | File | `/Content/Template/root/reverse-shell.aspx` | High
+13 | File | `/export` | Low
+14 | File | `/forum/away.php` | High
+15 | File | `/h/calendar` | Medium
+16 | File | `/hrm/controller/employee.php` | High
+17 | File | `/login/index.php` | High
+18 | File | `/mkshope/login.php` | High
+19 | File | `/network_test.php` | High
+20 | File | `/obs/book.php` | High
+21 | File | `/products/view_product.php` | High
+22 | File | `/public/launchNewWindow.jsp` | High
+23 | File | `/public/login.htm` | High
+24 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
+25 | File | `/secure/QueryComponent!Default.jspa` | High
+26 | File | `/self.key` | Medium
+27 | File | `/services/view_service.php` | High
+28 | File | `/shell` | Low
+29 | File | `/spip.php` | Medium
+30 | File | `/uncpath/` | Medium
+31 | ... | ... | ...
 
-There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 262 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Christmas Island Unknown/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [FR](https://vuldb.com/?country.fr)
 * ...
 
-There are 14 more country items available. Please use our online service to access the data.
+There are 15 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -81,7 +81,7 @@ ID | Type | Indicator | Confidence
 32 | File | `articulo.php` | Medium
 33 | ... | ... | ...
 
-There are 279 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 284 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Chthonic/README.md

@@ -101,7 +101,7 @@ ID | Type | Indicator | Confidence
 25 | File | `/viewer/krpano.html` | High
 26 | ... | ... | ...
 
-There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 216 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Cobalt Strike/README.md

@@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Strike:
 
-* [VN](https://vuldb.com/?country.vn)
 * [US](https://vuldb.com/?country.us)
+* [VN](https://vuldb.com/?country.vn)
 * [CN](https://vuldb.com/?country.cn)
 * ...
 
-There are 13 more country items available. Please use our online service to access the data.
+There are 7 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -26,55 +26,55 @@ ID | IP address | Hostname | Campaign | Confidence
 3 | [5.199.173.152](https://vuldb.com/?ip.5.199.173.152) | - | - | High
 4 | [5.199.174.219](https://vuldb.com/?ip.5.199.174.219) | - | - | High
 5 | [5.252.177.199](https://vuldb.com/?ip.5.252.177.199) | 5-252-177-199.mivocloud.com | - | High
-6 | [5.254.64.234](https://vuldb.com/?ip.5.254.64.234) | - | - | High
-7 | [5.254.112.226](https://vuldb.com/?ip.5.254.112.226) | - | - | High
-8 | [5.255.98.144](https://vuldb.com/?ip.5.255.98.144) | - | - | High
-9 | [14.229.140.66](https://vuldb.com/?ip.14.229.140.66) | static.vnpt.vn | - | High
-10 | [23.19.227.147](https://vuldb.com/?ip.23.19.227.147) | - | - | High
-11 | [23.81.246.32](https://vuldb.com/?ip.23.81.246.32) | - | - | High
-12 | [23.81.246.187](https://vuldb.com/?ip.23.81.246.187) | - | - | High
-13 | [23.82.19.208](https://vuldb.com/?ip.23.82.19.208) | - | - | High
-14 | [23.82.140.91](https://vuldb.com/?ip.23.82.140.91) | - | - | High
-15 | [23.82.140.133](https://vuldb.com/?ip.23.82.140.133) | - | - | High
-16 | [23.82.141.184](https://vuldb.com/?ip.23.82.141.184) | - | - | High
-17 | [23.83.133.1](https://vuldb.com/?ip.23.83.133.1) | v327.er01.dal.ubiquity.io | - | High
-18 | [23.83.133.182](https://vuldb.com/?ip.23.83.133.182) | - | - | High
-19 | [23.83.133.216](https://vuldb.com/?ip.23.83.133.216) | - | - | High
-20 | [23.83.134.110](https://vuldb.com/?ip.23.83.134.110) | - | - | High
-21 | [23.83.134.136](https://vuldb.com/?ip.23.83.134.136) | - | - | High
-22 | [23.106.160.39](https://vuldb.com/?ip.23.106.160.39) | - | - | High
-23 | [23.106.160.120](https://vuldb.com/?ip.23.106.160.120) | - | - | High
-24 | [23.106.160.188](https://vuldb.com/?ip.23.106.160.188) | - | - | High
-25 | [23.108.57.13](https://vuldb.com/?ip.23.108.57.13) | - | - | High
-26 | [23.108.57.39](https://vuldb.com/?ip.23.108.57.39) | - | - | High
-27 | [23.108.57.108](https://vuldb.com/?ip.23.108.57.108) | - | - | High
-28 | [23.160.193.55](https://vuldb.com/?ip.23.160.193.55) | unknown.ip-xfer.net | - | High
-29 | [23.227.194.86](https://vuldb.com/?ip.23.227.194.86) | 23-227-194-86.static.hvvc.us | - | High
-30 | [23.227.198.217](https://vuldb.com/?ip.23.227.198.217) | 23-227-198-217.static.hvvc.us | - | High
-31 | [23.227.199.10](https://vuldb.com/?ip.23.227.199.10) | 23-227-199-10.static.hvvc.us | - | High
-32 | [23.229.36.43](https://vuldb.com/?ip.23.229.36.43) | bet5jn-day-43.bettertisholiday.com | - | High
-33 | [23.236.77.94](https://vuldb.com/?ip.23.236.77.94) | - | - | High
-34 | [23.236.174.190](https://vuldb.com/?ip.23.236.174.190) | - | - | High
-35 | [23.254.202.59](https://vuldb.com/?ip.23.254.202.59) | client-23-254-202-59.hostwindsdns.com | - | High
-36 | [28.11.143.222](https://vuldb.com/?ip.28.11.143.222) | - | - | High
-37 | [37.0.8.252](https://vuldb.com/?ip.37.0.8.252) | - | - | High
-38 | [37.72.174.9](https://vuldb.com/?ip.37.72.174.9) | emailmail.org.uk | - | High
-39 | [37.120.198.225](https://vuldb.com/?ip.37.120.198.225) | - | - | High
-40 | [39.104.90.45](https://vuldb.com/?ip.39.104.90.45) | - | - | High
-41 | [39.109.5.135](https://vuldb.com/?ip.39.109.5.135) | - | - | High
-42 | [43.154.175.230](https://vuldb.com/?ip.43.154.175.230) | - | - | High
-43 | [43.250.200.106](https://vuldb.com/?ip.43.250.200.106) | - | - | High
-44 | [43.250.201.71](https://vuldb.com/?ip.43.250.201.71) | - | - | High
-45 | [45.9.248.74](https://vuldb.com/?ip.45.9.248.74) | te-4-3-177.pe2.man4.uk.m247.com | - | High
-46 | [45.11.19.224](https://vuldb.com/?ip.45.11.19.224) | - | - | High
-47 | [45.15.131.96](https://vuldb.com/?ip.45.15.131.96) | - | - | High
-48 | [45.66.158.14](https://vuldb.com/?ip.45.66.158.14) | 14.158-66-45.rdns.scalabledns.com | - | High
-49 | [45.84.0.116](https://vuldb.com/?ip.45.84.0.116) | n5336.md | - | High
-50 | [45.134.26.174](https://vuldb.com/?ip.45.134.26.174) | - | - | High
-51 | [45.140.146.30](https://vuldb.com/?ip.45.140.146.30) | vm582590.stark-industries.solutions | - | High
+6 | [5.253.234.40](https://vuldb.com/?ip.5.253.234.40) | - | - | High
+7 | [5.254.64.234](https://vuldb.com/?ip.5.254.64.234) | - | - | High
+8 | [5.254.112.226](https://vuldb.com/?ip.5.254.112.226) | - | - | High
+9 | [5.255.98.144](https://vuldb.com/?ip.5.255.98.144) | - | - | High
+10 | [14.229.140.66](https://vuldb.com/?ip.14.229.140.66) | static.vnpt.vn | - | High
+11 | [23.19.227.147](https://vuldb.com/?ip.23.19.227.147) | - | - | High
+12 | [23.81.246.32](https://vuldb.com/?ip.23.81.246.32) | - | - | High
+13 | [23.81.246.187](https://vuldb.com/?ip.23.81.246.187) | - | - | High
+14 | [23.82.19.208](https://vuldb.com/?ip.23.82.19.208) | - | - | High
+15 | [23.82.140.91](https://vuldb.com/?ip.23.82.140.91) | - | - | High
+16 | [23.82.140.133](https://vuldb.com/?ip.23.82.140.133) | - | - | High
+17 | [23.82.141.184](https://vuldb.com/?ip.23.82.141.184) | - | - | High
+18 | [23.83.133.1](https://vuldb.com/?ip.23.83.133.1) | v327.er01.dal.ubiquity.io | - | High
+19 | [23.83.133.182](https://vuldb.com/?ip.23.83.133.182) | - | - | High
+20 | [23.83.133.216](https://vuldb.com/?ip.23.83.133.216) | - | - | High
+21 | [23.83.134.110](https://vuldb.com/?ip.23.83.134.110) | - | - | High
+22 | [23.83.134.136](https://vuldb.com/?ip.23.83.134.136) | - | - | High
+23 | [23.106.160.39](https://vuldb.com/?ip.23.106.160.39) | - | - | High
+24 | [23.106.160.120](https://vuldb.com/?ip.23.106.160.120) | - | - | High
+25 | [23.106.160.188](https://vuldb.com/?ip.23.106.160.188) | - | - | High
+26 | [23.108.57.13](https://vuldb.com/?ip.23.108.57.13) | - | - | High
+27 | [23.108.57.39](https://vuldb.com/?ip.23.108.57.39) | - | - | High
+28 | [23.108.57.108](https://vuldb.com/?ip.23.108.57.108) | - | - | High
+29 | [23.160.193.55](https://vuldb.com/?ip.23.160.193.55) | unknown.ip-xfer.net | - | High
+30 | [23.227.194.86](https://vuldb.com/?ip.23.227.194.86) | 23-227-194-86.static.hvvc.us | - | High
+31 | [23.227.198.217](https://vuldb.com/?ip.23.227.198.217) | 23-227-198-217.static.hvvc.us | - | High
+32 | [23.227.199.10](https://vuldb.com/?ip.23.227.199.10) | 23-227-199-10.static.hvvc.us | - | High
+33 | [23.229.36.43](https://vuldb.com/?ip.23.229.36.43) | bet5jn-day-43.bettertisholiday.com | - | High
+34 | [23.236.77.94](https://vuldb.com/?ip.23.236.77.94) | - | - | High
+35 | [23.236.174.190](https://vuldb.com/?ip.23.236.174.190) | - | - | High
+36 | [23.254.202.59](https://vuldb.com/?ip.23.254.202.59) | client-23-254-202-59.hostwindsdns.com | - | High
+37 | [28.11.143.222](https://vuldb.com/?ip.28.11.143.222) | - | - | High
+38 | [37.0.8.252](https://vuldb.com/?ip.37.0.8.252) | - | - | High
+39 | [37.72.174.9](https://vuldb.com/?ip.37.72.174.9) | emailmail.org.uk | - | High
+40 | [37.120.198.225](https://vuldb.com/?ip.37.120.198.225) | - | - | High
+41 | [39.104.90.45](https://vuldb.com/?ip.39.104.90.45) | - | - | High
+42 | [39.109.5.135](https://vuldb.com/?ip.39.109.5.135) | - | - | High
+43 | [43.154.175.230](https://vuldb.com/?ip.43.154.175.230) | - | - | High
+44 | [43.250.200.106](https://vuldb.com/?ip.43.250.200.106) | - | - | High
+45 | [43.250.201.71](https://vuldb.com/?ip.43.250.201.71) | - | - | High
+46 | [45.9.248.74](https://vuldb.com/?ip.45.9.248.74) | te-4-3-177.pe2.man4.uk.m247.com | - | High
+47 | [45.11.19.224](https://vuldb.com/?ip.45.11.19.224) | - | - | High
+48 | [45.15.131.96](https://vuldb.com/?ip.45.15.131.96) | - | - | High
+49 | [45.66.158.14](https://vuldb.com/?ip.45.66.158.14) | 14.158-66-45.rdns.scalabledns.com | - | High
+50 | [45.84.0.116](https://vuldb.com/?ip.45.84.0.116) | n5336.md | - | High
+51 | [45.134.26.174](https://vuldb.com/?ip.45.134.26.174) | - | - | High
 52 | ... | ... | ... | ...
 
-There are 205 more IOC items available. Please use our online service to access the data.
+There are 206 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -82,14 +82,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-35 | Pathname Traversal | High
-2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
-3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-94 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
 
-There are 22 more TTP items available. Please use our online service to access the data.
+There are 14 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -98,44 +96,34 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/.env` | Low
-2 | File | `/admin/ajax.php?action=delete_window` | High
-3 | File | `/admin/ajax.php?action=save_window` | High
-4 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-5 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-6 | File | `/bin/httpd` | Medium
-7 | File | `/blogengine/api/posts` | High
-8 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
-9 | File | `/cgi-bin/wlogin.cgi` | High
-10 | File | `/config/api/v1/reboot` | High
-11 | File | `/dev/block/mmcblk0rpmb` | High
-12 | File | `/ebics-server/ebics.aspx` | High
-13 | File | `/etc` | Low
-14 | File | `/etc/passwd` | Medium
-15 | File | `/forum/away.php` | High
-16 | File | `/forum/PostPrivateMessage` | High
-17 | File | `/fos/admin/ajax.php?action=login` | High
-18 | File | `/fos/admin/index.php?page=menu` | High
-19 | File | `/home/masterConsole` | High
-20 | File | `/home/sendBroadcast` | High
-21 | File | `/hss/admin/?page=client/manage_client` | High
-22 | File | `/login/index.php` | High
-23 | File | `/php-scrm/login.php` | High
-24 | File | `/products/view_product.php` | High
-25 | File | `/public/login.htm` | High
-26 | File | `/resources//../` | High
-27 | File | `/secure/QueryComponent!Default.jspa` | High
-28 | File | `/setNTP.cgi` | Medium
-29 | File | `/shell` | Low
-30 | File | `/spip.php` | Medium
-31 | File | `/sys/dict/queryTableData` | High
-32 | File | `/tpts/manage_user.php` | High
-33 | File | `/trufusionPortal/upDwModuleProxy` | High
-34 | File | `/uncpath/` | Medium
-35 | File | `/usr/bin/tddp` | High
-36 | File | `/wireless/security.asp` | High
-37 | ... | ... | ...
+2 | File | `/admin/` | Low
+3 | File | `/APR/login.php` | High
+4 | File | `/APR/signup.php` | High
+5 | File | `/as/authorization.oauth2` | High
+6 | File | `/cgi-bin/luci/api/auth` | High
+7 | File | `/DXR.axd` | Medium
+8 | File | `/filemanager/php/connector.php` | High
+9 | File | `/forum/away.php` | High
+10 | File | `/mims/login.php` | High
+11 | File | `/php-scrm/login.php` | High
+12 | File | `/rukovoditel/index.php?module=users/login` | High
+13 | File | `/textpattern/index.php` | High
+14 | File | `/tmp` | Low
+15 | File | `account-signup.php` | High
+16 | File | `account/signup.php` | High
+17 | File | `addentry.php` | Medium
+18 | File | `admin.php` | Medium
+19 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+20 | File | `admin/admin_editor.php` | High
+21 | File | `admin/conf_users_edit.php` | High
+22 | File | `admin/template/js/uploadify/uploadify.swf` | High
+23 | File | `admin/TemplateController.java` | High
+24 | File | `AndroidManifest.xml` | High
+25 | File | `App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf` | High
+26 | File | `blocks/block-Old_Articles.php` | High
+27 | ... | ... | ...
 
-There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 
@@ -159,6 +147,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://cert.gov.ua/article/703548
 * https://community.blueliv.com/#!/s/62ea177182df417ed033152e
 * https://community.blueliv.com/#!/s/62454e1682df417ed0330b8b
+* https://ddanchev.blogspot.com/2023/01/exposing-currently-active-and-spreading.html
 * https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-17%20Hancitor%20IOCs
 * https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-18%20Hancitor%20IOCs
 * https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-26%20Hancitor%20IOCs

actors/Confucius/README.md

@@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...
 
-There are 22 more country items available. Please use our online service to access the data.
+There are 21 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -64,66 +64,65 @@ ID | Type | Indicator | Confidence
 2 | File | `/Admin/add-student.php` | High
 3 | File | `/admin/api/admin/articles/` | High
 4 | File | `/admin/conferences/list/` | High
-5 | File | `/admin/generalsettings.php` | High
-6 | File | `/Admin/login.php` | High
-7 | File | `/admin/payment.php` | High
-8 | File | `/admin/reports.php` | High
-9 | File | `/admin/showbad.php` | High
-10 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-12 | File | `/apilog.php` | Medium
-13 | File | `/bin/httpd` | Medium
-14 | File | `/cgi-bin/wlogin.cgi` | High
-15 | File | `/connectors/index.php` | High
-16 | File | `/dev/block/mmcblk0rpmb` | High
-17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-18 | File | `/face-recognition-php/facepay-master/camera.php` | High
-19 | File | `/forum/away.php` | High
-20 | File | `/fos/admin/ajax.php?action=login` | High
-21 | File | `/fos/admin/index.php?page=menu` | High
-22 | File | `/home/masterConsole` | High
-23 | File | `/home/sendBroadcast` | High
-24 | File | `/hrm/employeeadd.php` | High
-25 | File | `/hrm/employeeview.php` | High
-26 | File | `/index.php` | Medium
-27 | File | `/items/view_item.php` | High
-28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-29 | File | `/lookin/info` | Medium
-30 | File | `/manager/index.php` | High
-31 | File | `/medical/inventories.php` | High
-32 | File | `/modules/profile/index.php` | High
-33 | File | `/modules/projects/vw_files.php` | High
-34 | File | `/modules/public/calendar.php` | High
-35 | File | `/mygym/admin/index.php?view_exercises` | High
-36 | File | `/newsDia.php` | Medium
-37 | File | `/out.php` | Medium
-38 | File | `/php-opos/index.php` | High
-39 | File | `/proxy` | Low
-40 | File | `/public/launchNewWindow.jsp` | High
-41 | File | `/Redcock-Farm/farm/category.php` | High
-42 | File | `/reports/rwservlet` | High
-43 | File | `/sacco_shield/manage_user.php` | High
-44 | File | `/spip.php` | Medium
-45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-46 | File | `/staff/bookdetails.php` | High
-47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
-48 | File | `/uncpath/` | Medium
-49 | File | `/user/update_booking.php` | High
-50 | File | `/WEB-INF/web.xml` | High
-51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
-52 | File | `/wireless/security.asp` | High
-53 | File | `/wordpress/wp-admin/options-general.php` | High
-54 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-55 | File | `01article.php` | High
-56 | File | `AbstractScheduleJob.java` | High
-57 | File | `actionphp/download.File.php` | High
-58 | File | `AdClass.php` | Medium
-59 | File | `adclick.php` | Medium
-60 | File | `addtocart.asp` | High
-61 | File | `admin.php` | Medium
-62 | ... | ... | ...
+5 | File | `/Admin/login.php` | High
+6 | File | `/admin/showbad.php` | High
+7 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+8 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+9 | File | `/apilog.php` | Medium
+10 | File | `/APR/login.php` | High
+11 | File | `/bin/httpd` | Medium
+12 | File | `/cgi-bin/wapopen` | High
+13 | File | `/cgi-bin/wlogin.cgi` | High
+14 | File | `/connectors/index.php` | High
+15 | File | `/dev/block/mmcblk0rpmb` | High
+16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+17 | File | `/face-recognition-php/facepay-master/camera.php` | High
+18 | File | `/forum/away.php` | High
+19 | File | `/fos/admin/ajax.php?action=login` | High
+20 | File | `/fos/admin/index.php?page=menu` | High
+21 | File | `/home/masterConsole` | High
+22 | File | `/home/sendBroadcast` | High
+23 | File | `/hrm/employeeadd.php` | High
+24 | File | `/hrm/employeeview.php` | High
+25 | File | `/index.php` | Medium
+26 | File | `/items/view_item.php` | High
+27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+28 | File | `/lookin/info` | Medium
+29 | File | `/manager/index.php` | High
+30 | File | `/medical/inventories.php` | High
+31 | File | `/modules/profile/index.php` | High
+32 | File | `/modules/projects/vw_files.php` | High
+33 | File | `/modules/public/calendar.php` | High
+34 | File | `/mygym/admin/index.php?view_exercises` | High
+35 | File | `/newsDia.php` | Medium
+36 | File | `/out.php` | Medium
+37 | File | `/php-opos/index.php` | High
+38 | File | `/proxy` | Low
+39 | File | `/public/launchNewWindow.jsp` | High
+40 | File | `/Redcock-Farm/farm/category.php` | High
+41 | File | `/reports/rwservlet` | High
+42 | File | `/sacco_shield/manage_user.php` | High
+43 | File | `/spip.php` | Medium
+44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
+45 | File | `/staff/bookdetails.php` | High
+46 | File | `/uncpath/` | Medium
+47 | File | `/user/update_booking.php` | High
+48 | File | `/WEB-INF/web.xml` | High
+49 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+50 | File | `/wireless/security.asp` | High
+51 | File | `/wordpress/wp-admin/options-general.php` | High
+52 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+53 | File | `01article.php` | High
+54 | File | `AbstractScheduleJob.java` | High
+55 | File | `actionphp/download.File.php` | High
+56 | File | `adclick.php` | Medium
+57 | File | `addtocart.asp` | High
+58 | File | `admin.php` | Medium
+59 | File | `admin/abc.php` | High
+60 | File | `admin/admin.php?action=users&mode=info&user=2` | High
+61 | ... | ... | ...
 
-There are 538 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 531 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Conti/README.md

@@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [NL](https://vuldb.com/?country.nl)
 * ...
 
-There are 26 more country items available. Please use our online service to access the data.
+There are 28 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -529,8 +529,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-94 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
-7 | ... | ... | ... | ...
+6 | ... | ... | ... | ...
 
 There are 22 more TTP items available. Please use our online service to access the data.
 
@@ -541,48 +540,51 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.../gogo/` | Medium
-2 | File | `/admin/students/manage.php` | High
-3 | File | `/admin/submit-articles` | High
-4 | File | `/admin/subnets/ripe-query.php` | High
-5 | File | `/appliance/users?action=edit` | High
-6 | File | `/attachments` | Medium
-7 | File | `/backup.pl` | Medium
-8 | File | `/bsms_ci/index.php/book` | High
-9 | File | `/context/%2e/WEB-INF/web.xml` | High
-10 | File | `/debug/pprof` | Medium
-11 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-12 | File | `/etc/hosts` | Medium
-13 | File | `/etc/ldap.conf` | High
-14 | File | `/etc/quagga` | Medium
-15 | File | `/etc/shadow` | Medium
-16 | File | `/event/admin/?page=user/list` | High
-17 | File | `/foms/place-order.php` | High
-18 | File | `/forum/away.php` | High
-19 | File | `/goform/wizard_end` | High
-20 | File | `/h/calendar` | Medium
-21 | File | `/hardware` | Medium
-22 | File | `/index.php` | Medium
-23 | File | `/medicines/profile.php` | High
-24 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
-25 | File | `/out.php` | Medium
-26 | File | `/php-scrm/login.php` | High
-27 | File | `/proxy` | Low
-28 | File | `/spip.php` | Medium
-29 | File | `/tmp` | Low
-30 | File | `/uncpath/` | Medium
-31 | File | `/user/loader.php?api=1` | High
-32 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
-33 | File | `/video-sharing-script/watch-video.php` | High
-34 | File | `/wp-admin/admin-ajax.php` | High
-35 | File | `action.php` | Medium
-36 | File | `ActivityRecord.java` | High
-37 | File | `adclick.php` | Medium
-38 | File | `add-patient.php` | High
-39 | File | `adm.cgi` | Low
-40 | File | `admin.php` | Medium
-41 | ... | ... | ...
+2 | File | `/?ajax-request=jnews` | High
+3 | File | `/admin.php/accessory/filesdel.html` | High
+4 | File | `/admin/?page=user/manage` | High
+5 | File | `/admin/add-new.php` | High
+6 | File | `/admin/doctors.php` | High
+7 | File | `/admin/submit-articles` | High
+8 | File | `/admin/subnets/ripe-query.php` | High
+9 | File | `/alphaware/summary.php` | High
+10 | File | `/appliance/users?action=edit` | High
+11 | File | `/apply.cgi` | Medium
+12 | File | `/attachments` | Medium
+13 | File | `/backup.pl` | Medium
+14 | File | `/boat/login.php` | High
+15 | File | `/bsms_ci/index.php/book` | High
+16 | File | `/context/%2e/WEB-INF/web.xml` | High
+17 | File | `/debug/pprof` | Medium
+18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+19 | File | `/edoc/doctor/patient.php` | High
+20 | File | `/etc/hosts` | Medium
+21 | File | `/etc/ldap.conf` | High
+22 | File | `/etc/quagga` | Medium
+23 | File | `/etc/shadow` | Medium
+24 | File | `/event/admin/?page=user/list` | High
+25 | File | `/foms/place-order.php` | High
+26 | File | `/forum/away.php` | High
+27 | File | `/h/calendar` | Medium
+28 | File | `/hardware` | Medium
+29 | File | `/index.php` | Medium
+30 | File | `/medicines/profile.php` | High
+31 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
+32 | File | `/out.php` | Medium
+33 | File | `/php-scrm/login.php` | High
+34 | File | `/proxy` | Low
+35 | File | `/reservation/add_message.php` | High
+36 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
+37 | File | `/spip.php` | Medium
+38 | File | `/tmp` | Low
+39 | File | `/uncpath/` | Medium
+40 | File | `/user/loader.php?api=1` | High
+41 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+42 | File | `/video-sharing-script/watch-video.php` | High
+43 | File | `/wp-admin/admin-ajax.php` | High
+44 | ... | ... | ...
 
-There are 355 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Cuba Ransomware/README.md

@@ -53,7 +53,7 @@ ID | Technique | Weakness | Description | Confidence
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 22 more TTP items available. Please use our online service to access the data.
+There are 20 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -64,48 +64,46 @@ ID | Type | Indicator | Confidence
 1 | File | `/.env` | Low
 2 | File | `/admin/ajax.php?action=delete_window` | High
 3 | File | `/admin/api/admin/articles/` | High
-4 | File | `/admin/api/admin/v2_products` | High
-5 | File | `/admin/api/theme-edit/` | High
+4 | File | `/admin/api/theme-edit/` | High
+5 | File | `/as/authorization.oauth2` | High
 6 | File | `/blogengine/api/posts` | High
-7 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
-8 | File | `/cgi-bin/upload_vpntar` | High
+7 | File | `/cgi-bin/luci/api/auth` | High
+8 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
 9 | File | `/cgi-bin/wlogin.cgi` | High
-10 | File | `/Content/Template/root/reverse-shell.aspx` | High
-11 | File | `/event/admin/?page=user/list` | High
-12 | File | `/forum/away.php` | High
-13 | File | `/fos/admin/ajax.php?action=login` | High
-14 | File | `/goform/SysToolChangePwd` | High
-15 | File | `/goform/WifiBasicSet` | High
-16 | File | `/index/user/user_edit.html` | High
-17 | File | `/login/index.php` | High
-18 | File | `/obs/book.php` | High
-19 | File | `/products/view_product.php` | High
-20 | File | `/proxy` | Low
-21 | File | `/public/login.htm` | High
-22 | File | `/secure/QueryComponent!Default.jspa` | High
-23 | File | `/shell` | Low
-24 | File | `/spip.php` | Medium
-25 | File | `/uncpath/` | Medium
-26 | File | `/usr/bin/tddp` | High
-27 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
-28 | File | `/wp-admin/admin-ajax.php` | High
-29 | File | `/wp-admin/options.php` | High
-30 | File | `/wp-json/wc/v3/webhooks` | High
-31 | File | `/_vti_pvt/access.cnf` | High
-32 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
-33 | File | `actions/UploadAction.php` | High
-34 | File | `adclick.php` | Medium
-35 | File | `add_contestant.php` | High
-36 | File | `admin/import/class-import-settings.php` | High
-37 | File | `admin/manage_user.php` | High
-38 | File | `admin/page-login.php` | High
-39 | File | `admin/panels/uploader/admin.uploader.php` | High
-40 | File | `admin/practice_pdf.php` | High
-41 | File | `administrator/components/com_joomgallery/views/config/tmpl/default.php` | High
-42 | File | `announce.php` | Medium
-43 | ... | ... | ...
+10 | File | `/event/admin/?page=user/list` | High
+11 | File | `/forum/away.php` | High
+12 | File | `/fos/admin/ajax.php?action=login` | High
+13 | File | `/goform/SysToolChangePwd` | High
+14 | File | `/goform/WifiBasicSet` | High
+15 | File | `/index/user/user_edit.html` | High
+16 | File | `/login/index.php` | High
+17 | File | `/obs/book.php` | High
+18 | File | `/products/view_product.php` | High
+19 | File | `/proxy` | Low
+20 | File | `/public/login.htm` | High
+21 | File | `/secure/QueryComponent!Default.jspa` | High
+22 | File | `/shell` | Low
+23 | File | `/spip.php` | Medium
+24 | File | `/uncpath/` | Medium
+25 | File | `/usr/bin/tddp` | High
+26 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+27 | File | `/wp-admin/admin-ajax.php` | High
+28 | File | `/wp-admin/options.php` | High
+29 | File | `/wp-json/wc/v3/webhooks` | High
+30 | File | `/_vti_pvt/access.cnf` | High
+31 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
+32 | File | `actions/UploadAction.php` | High
+33 | File | `adclick.php` | Medium
+34 | File | `add_contestant.php` | High
+35 | File | `admin/import/class-import-settings.php` | High
+36 | File | `admin/manage_user.php` | High
+37 | File | `admin/page-login.php` | High
+38 | File | `admin/panels/uploader/admin.uploader.php` | High
+39 | File | `admin/practice_pdf.php` | High
+40 | File | `admin/template/js/uploadify/uploadify.swf` | High
+41 | ... | ... | ...
 
-There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 356 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Dalbit/README.md

@@ -0,0 +1,74 @@
+# Dalbit - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dalbit](https://vuldb.com/?actor.dalbit). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dalbit](https://vuldb.com/?actor.dalbit)
+
+## Campaigns
+
+The following _campaigns_ are known and can be associated with Dalbit:
+
+* South Korea
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dalbit:
+
+* [CN](https://vuldb.com/?country.cn)
+* [US](https://vuldb.com/?country.us)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dalbit.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [45.93.28.103](https://vuldb.com/?ip.45.93.28.103) | - | South Korea | High
+2 | [45.93.31.75](https://vuldb.com/?ip.45.93.31.75) | - | South Korea | High
+3 | [45.93.31.122](https://vuldb.com/?ip.45.93.31.122) | - | South Korea | High
+4 | ... | ... | ... | ...
+
+There are 6 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Dalbit_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1055 | CWE-74 | Injection | High
+3 | T1059 | CWE-88 | Cross Site Scripting | High
+4 | ... | ... | ... | ...
+
+There are 10 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Dalbit. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `/baseOpLog.do` | High
+2 | File | `/debug/pprof` | Medium
+3 | File | `/uncpath/` | Medium
+4 | ... | ... | ...
+
+There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://asec.ahnlab.com/en/47455/
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

actors/DanaBot/README.md

@@ -56,27 +56,27 @@ ID | Type | Indicator | Confidence
 1 | File | `.htaccess` | Medium
 2 | File | `/account/ResetPassword` | High
 3 | File | `/addnews.html` | High
-4 | File | `/cm/delete` | Medium
-5 | File | `/download` | Medium
-6 | File | `/forum/away.php` | High
-7 | File | `/GetSimpleCMS-3.3.15/admin/log.php` | High
-8 | File | `/lms/admin.php` | High
-9 | File | `/my_photo_gallery/image.php` | High
-10 | File | `/redpass.cgi` | Medium
-11 | File | `/reps/classes/Users.php?f=delete_agent` | High
-12 | File | `/rom-0` | Low
-13 | File | `/secure/admin/ImporterFinishedPage.jspa` | High
-14 | File | `/uncpath/` | Medium
-15 | File | `/usr/ucb/mail` | High
-16 | File | `adclick.php` | Medium
-17 | File | `add-category.php` | High
-18 | File | `add_comment.php` | High
-19 | File | `admin.php` | Medium
-20 | File | `admin/admin.shtml` | High
-21 | File | `admin/content.php` | High
+4 | File | `/cgi-bin/go` | Medium
+5 | File | `/cm/delete` | Medium
+6 | File | `/download` | Medium
+7 | File | `/forum/away.php` | High
+8 | File | `/GetSimpleCMS-3.3.15/admin/log.php` | High
+9 | File | `/lms/admin.php` | High
+10 | File | `/my_photo_gallery/image.php` | High
+11 | File | `/redpass.cgi` | Medium
+12 | File | `/reps/classes/Users.php?f=delete_agent` | High
+13 | File | `/rom-0` | Low
+14 | File | `/secure/admin/ImporterFinishedPage.jspa` | High
+15 | File | `/uncpath/` | Medium
+16 | File | `/usr/ucb/mail` | High
+17 | File | `adclick.php` | Medium
+18 | File | `add-category.php` | High
+19 | File | `add_comment.php` | High
+20 | File | `admin.php` | Medium
+21 | File | `admin/admin.shtml` | High
 22 | ... | ... | ...
 
-There are 181 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 186 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/DarkComet/README.md

@@ -42,14 +42,16 @@ ID | IP address | Hostname | Campaign | Confidence
 23 | [23.67.200.172](https://vuldb.com/?ip.23.67.200.172) | a23-67-200-172.deploy.static.akamaitechnologies.com | - | High
 24 | [23.78.173.83](https://vuldb.com/?ip.23.78.173.83) | a23-78-173-83.deploy.static.akamaitechnologies.com | - | High
 25 | [23.218.140.208](https://vuldb.com/?ip.23.218.140.208) | a23-218-140-208.deploy.static.akamaitechnologies.com | - | High
-26 | [25.109.69.178](https://vuldb.com/?ip.25.109.69.178) | - | - | High
-27 | [31.170.166.110](https://vuldb.com/?ip.31.170.166.110) | - | - | High
-28 | [31.193.90.60](https://vuldb.com/?ip.31.193.90.60) | - | - | High
-29 | [31.202.203.58](https://vuldb.com/?ip.31.202.203.58) | 31.202.203.58.format-tv.net | - | High
-30 | [34.107.221.82](https://vuldb.com/?ip.34.107.221.82) | 82.221.107.34.bc.googleusercontent.com | - | Medium
-31 | ... | ... | ... | ...
+26 | [24.122.252.19](https://vuldb.com/?ip.24.122.252.19) | 24-122-252-19.resi.cgocable.ca | - | High
+27 | [25.109.69.178](https://vuldb.com/?ip.25.109.69.178) | - | - | High
+28 | [31.170.166.110](https://vuldb.com/?ip.31.170.166.110) | - | - | High
+29 | [31.193.90.60](https://vuldb.com/?ip.31.193.90.60) | - | - | High
+30 | [31.202.203.58](https://vuldb.com/?ip.31.202.203.58) | 31.202.203.58.format-tv.net | - | High
+31 | [34.107.221.82](https://vuldb.com/?ip.34.107.221.82) | 82.221.107.34.bc.googleusercontent.com | - | Medium
+32 | [34.213.158.239](https://vuldb.com/?ip.34.213.158.239) | ec2-34-213-158-239.us-west-2.compute.amazonaws.com | - | Medium
+33 | ... | ... | ... | ...
 
-There are 121 more IOC items available. Please use our online service to access the data.
+There are 127 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -105,6 +107,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2022/07/threat-roundup-0701-0708.html
 * https://blog.talosintelligence.com/2022/08/threat-roundup-0805-0812.html
 * https://blog.talosintelligence.com/2022/10/threat-roundup-1014-1021.html
+* https://blog.talosintelligence.com/threat-roundup-0127-0203/
 
 ## Literature
 

actors/DePriMon/README.md

@@ -49,17 +49,17 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.htaccess` | Medium
 2 | File | `/api/RecordingList/DownloadRecord?file=` | High
-3 | File | `/netflow/jspui/editProfile.jsp` | High
-4 | File | `/rapi/read_url` | High
-5 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
-6 | File | `admin/google_search_console/class-gsc-table.php` | High
-7 | File | `administrator/components/com_media/helpers/media.php` | High
-8 | File | `cgi-bin/qcmap_web_cgi` | High
-9 | File | `class/debug/debug_show.php` | High
-10 | File | `coders/png.c` | Medium
+3 | File | `/apply.cgi` | Medium
+4 | File | `/netflow/jspui/editProfile.jsp` | High
+5 | File | `/rapi/read_url` | High
+6 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
+7 | File | `admin/google_search_console/class-gsc-table.php` | High
+8 | File | `administrator/components/com_media/helpers/media.php` | High
+9 | File | `cgi-bin/qcmap_web_cgi` | High
+10 | File | `class/debug/debug_show.php` | High
 11 | ... | ... | ...
 
-There are 82 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 83 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Dealply/README.md

@@ -40,7 +40,7 @@ ID | Technique | Weakness | Description | Confidence
 5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 20 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -48,46 +48,54 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `$GIT_DIR/objects` | High
-2 | File | `/admin.php/accessory/filesdel.html` | High
-3 | File | `/admin.php/update/getFile.html` | High
-4 | File | `/admin/index2.html` | High
-5 | File | `/admin/index3.php` | High
-6 | File | `/admin/main/mod-blog` | High
-7 | File | `/admin_area/login_transfer.php` | High
-8 | File | `/adms/admin/?page=user/manage_user` | High
-9 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-10 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-11 | File | `/adms/classes/Users.php` | High
-12 | File | `/alphaware/summary.php` | High
-13 | File | `/api/public/register/family` | High
-14 | File | `/api/sys_msg/list/1/10` | High
-15 | File | `/APR/login.php` | High
-16 | File | `/APR/signup.php` | High
-17 | File | `/backup.pl` | Medium
-18 | File | `/bin/httpd` | Medium
-19 | File | `/boat/login.php` | High
-20 | File | `/cgi-bin/ExportLogs.sh` | High
-21 | File | `/cgi-bin/mainfunction.cgi` | High
-22 | File | `/cgi-bin/mft/wireless_mft` | High
-23 | File | `/check` | Low
-24 | File | `/data/config.ftp.php` | High
-25 | File | `/ecshop/admin/template.php` | High
-26 | File | `/editor/index.php` | High
-27 | File | `/formwork/panel/dashboard` | High
-28 | File | `/goform/formEasySetupWizard3` | High
-29 | File | `/goform/formLogin` | High
-30 | File | `/goform/formSchedule` | High
-31 | File | `/goform/formSetACLFilter` | High
-32 | File | `/goform/formSetEmail` | High
-33 | File | `/goform/formSetRoute` | High
-34 | File | `/goform/formSetWanDhcpplus` | High
-35 | File | `/goform/formSysCmd` | High
-36 | File | `/goform/formWlanGuestSetup` | High
-37 | File | `/goform/formWPS` | High
-38 | ... | ... | ...
+1 | File | `/admin.php/accessory/filesdel.html` | High
+2 | File | `/admin.php/update/getFile.html` | High
+3 | File | `/admin/?page=user/manage` | High
+4 | File | `/admin/add-new.php` | High
+5 | File | `/admin/content/index` | High
+6 | File | `/admin/convert/export_z3950_new.php` | High
+7 | File | `/admin/doctors.php` | High
+8 | File | `/admin/edit-doc.php` | High
+9 | File | `/admin/index3.php` | High
+10 | File | `/admin/login.php` | High
+11 | File | `/admin/main/mod-blog` | High
+12 | File | `/admin/manage_user.php` | High
+13 | File | `/admin/navbar.php` | High
+14 | File | `/admin/patient.php` | High
+15 | File | `/admin/view_order.php` | High
+16 | File | `/admin1/config/update` | High
+17 | File | `/admin1/file/download` | High
+18 | File | `/adms/admin/?page=user/manage_user` | High
+19 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+20 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+21 | File | `/adms/classes/Users.php` | High
+22 | File | `/agc/vicidial.php` | High
+23 | File | `/ajax/update_certificate` | High
+24 | File | `/alphaware/summary.php` | High
+25 | File | `/api/admin/system/store/order/list` | High
+26 | File | `/api/admin/user/list` | High
+27 | File | `/api/jmeter/download/files` | High
+28 | File | `/APR/login.php` | High
+29 | File | `/APR/signup.php` | High
+30 | File | `/billing/home.php` | High
+31 | File | `/boat/login.php` | High
+32 | File | `/cgi-bin/mainfunction.cgi` | High
+33 | File | `/cgi-bin/mft/wireless_mft` | High
+34 | File | `/data/config.ftp.php` | High
+35 | File | `/databases/database/edit` | High
+36 | File | `/databases/database/list` | High
+37 | File | `/databases/table/columns` | High
+38 | File | `/databases/table/list` | High
+39 | File | `/dist/index.js` | High
+40 | File | `/editor/index.php` | High
+41 | File | `/edoc/doctor/patient.php` | High
+42 | File | `/eduauth/student/search.php` | High
+43 | File | `/etc/init.d/openfire` | High
+44 | File | `/files/import` | High
+45 | File | `/file_manager/login.php` | High
+46 | ... | ... | ...
 
-There are 328 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Dijo/README.md

@@ -26,7 +26,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1592 | CWE-200 | Configuration | High
+1 | T1204.001 | CWE-601 | Open Redirect | High
+2 | T1592 | CWE-200 | Configuration | High
 
 ## IOA - Indicator of Attack
 

actors/Dragonfly/README.md

@@ -65,9 +65,10 @@ ID | Type | Indicator | Confidence
 8 | File | `admin/import/class-import-settings.php` | High
 9 | File | `ajax/comments.php` | High
 10 | File | `architext.conf` | High
-11 | ... | ... | ...
+11 | File | `attachment_send.php` | High
+12 | ... | ... | ...
 
-There are 87 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/FIN6/README.md

@@ -122,7 +122,7 @@ ID | Type | Indicator | Confidence
 53 | File | `add_edit_cat.asp` | High
 54 | ... | ... | ...
 
-There are 473 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 472 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/FIN7/README.md

@@ -96,14 +96,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-28 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 20 more TTP items available. Please use our online service to access the data.
+There are 21 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -112,65 +112,59 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.github/workflows/combine-prs.yml` | High
-2 | File | `/admin/api/admin/articles/` | High
-3 | File | `/admin/submit-articles` | High
-4 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-5 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-6 | File | `/apilog.php` | Medium
-7 | File | `/attachments` | Medium
-8 | File | `/bin/httpd` | Medium
-9 | File | `/bsms_ci/index.php/book` | High
-10 | File | `/context/%2e/WEB-INF/web.xml` | High
-11 | File | `/debug/pprof` | Medium
-12 | File | `/dev/block/mmcblk0rpmb` | High
-13 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-14 | File | `/etc/hosts` | Medium
-15 | File | `/face-recognition-php/facepay-master/camera.php` | High
-16 | File | `/forum/away.php` | High
-17 | File | `/fos/admin/ajax.php?action=login` | High
-18 | File | `/fos/admin/index.php?page=menu` | High
-19 | File | `/goform/wizard_end` | High
-20 | File | `/home/masterConsole` | High
-21 | File | `/home/sendBroadcast` | High
-22 | File | `/hrm/employeeadd.php` | High
-23 | File | `/hrm/employeeview.php` | High
-24 | File | `/index.php` | Medium
-25 | File | `/items/view_item.php` | High
-26 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-27 | File | `/lookin/info` | Medium
-28 | File | `/medical/inventories.php` | High
-29 | File | `/medicines/profile.php` | High
-30 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
-31 | File | `/modules/profile/index.php` | High
-32 | File | `/modules/public/calendar.php` | High
-33 | File | `/mygym/admin/index.php?view_exercises` | High
-34 | File | `/newsDia.php` | Medium
-35 | File | `/out.php` | Medium
-36 | File | `/php-opos/index.php` | High
-37 | File | `/proxy` | Low
-38 | File | `/Redcock-Farm/farm/category.php` | High
-39 | File | `/reports/rwservlet` | High
-40 | File | `/spip.php` | Medium
-41 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-42 | File | `/staff/bookdetails.php` | High
-43 | File | `/tmp` | Low
-44 | File | `/uncpath/` | Medium
-45 | File | `/user/update_booking.php` | High
-46 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
-47 | File | `/video-sharing-script/watch-video.php` | High
-48 | File | `/wireless/security.asp` | High
-49 | File | `01article.php` | High
-50 | File | `AbstractScheduleJob.java` | High
-51 | File | `actionphp/download.File.php` | High
-52 | File | `ActivityRecord.java` | High
-53 | File | `adclick.php` | Medium
-54 | File | `admin.php` | Medium
-55 | File | `admin/abc.php` | High
-56 | File | `admin/add_payment.php` | High
-57 | File | `admin/admin.php?action=users&mode=info&user=2` | High
-58 | ... | ... | ...
+2 | File | `/admin.php/accessory/filesdel.html` | High
+3 | File | `/admin/?page=user/manage` | High
+4 | File | `/admin/add-new.php` | High
+5 | File | `/admin/api/admin/articles/` | High
+6 | File | `/admin/doctors.php` | High
+7 | File | `/admin/submit-articles` | High
+8 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+10 | File | `/alphaware/summary.php` | High
+11 | File | `/apply.cgi` | Medium
+12 | File | `/APR/login.php` | High
+13 | File | `/attachments` | Medium
+14 | File | `/bin/httpd` | Medium
+15 | File | `/boat/login.php` | High
+16 | File | `/bsms_ci/index.php/book` | High
+17 | File | `/cgi-bin/wapopen` | High
+18 | File | `/context/%2e/WEB-INF/web.xml` | High
+19 | File | `/debug/pprof` | Medium
+20 | File | `/dev/block/mmcblk0rpmb` | High
+21 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+22 | File | `/etc/hosts` | Medium
+23 | File | `/face-recognition-php/facepay-master/camera.php` | High
+24 | File | `/forum/away.php` | High
+25 | File | `/fos/admin/ajax.php?action=login` | High
+26 | File | `/fos/admin/index.php?page=menu` | High
+27 | File | `/goform/wizard_end` | High
+28 | File | `/home/masterConsole` | High
+29 | File | `/home/sendBroadcast` | High
+30 | File | `/hrm/employeeadd.php` | High
+31 | File | `/hrm/employeeview.php` | High
+32 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+33 | File | `/lookin/info` | Medium
+34 | File | `/medicines/profile.php` | High
+35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
+36 | File | `/mygym/admin/index.php?view_exercises` | High
+37 | File | `/out.php` | Medium
+38 | File | `/php-opos/index.php` | High
+39 | File | `/proxy` | Low
+40 | File | `/Redcock-Farm/farm/category.php` | High
+41 | File | `/reports/rwservlet` | High
+42 | File | `/reservation/add_message.php` | High
+43 | File | `/secure/QueryComponent!Default.jspa` | High
+44 | File | `/spip.php` | Medium
+45 | File | `/tmp` | Low
+46 | File | `/uncpath/` | Medium
+47 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+48 | File | `/video-sharing-script/watch-video.php` | High
+49 | File | `/wireless/security.asp` | High
+50 | File | `/xxl-job-admin/jobinfo` | High
+51 | File | `01article.php` | High
+52 | ... | ... | ...
 
-There are 507 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 452 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/FritzFrog/README.md

@@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FritzFrog:
 
 * [VN](https://vuldb.com/?country.vn)
-* [ES](https://vuldb.com/?country.es)
 * [US](https://vuldb.com/?country.us)
+* [ES](https://vuldb.com/?country.es)
 * ...
 
-There are 13 more country items available. Please use our online service to access the data.
+There are 18 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -331,14 +331,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Pathname Traversal | High
-2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...
 
-There are 20 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -346,47 +345,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/.dbus-keyrings` | High
-2 | File | `/admin.php?action=themeinstall` | High
-3 | File | `/Admin/add-student.php` | High
-4 | File | `/admin/upload/upload` | High
-5 | File | `/aya/module/admin/fst_down.inc.php` | High
-6 | File | `/bin/sh` | Low
-7 | File | `/bitrix/admin/ldap_server_edit.php` | High
-8 | File | `/blogengine/api/posts` | High
-9 | File | `/cgi-bin/luci/api/wireless` | High
-10 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
-11 | File | `/debug/pprof` | Medium
-12 | File | `/dev/block/mmcblk0rpmb` | High
-13 | File | `/etc/sudoers` | Medium
-14 | File | `/forum/away.php` | High
-15 | File | `/fos/admin/ajax.php?action=login` | High
-16 | File | `/fos/admin/index.php?page=menu` | High
-17 | File | `/hrm/controller/employee.php` | High
-18 | File | `/ims/login.php` | High
-19 | File | `/login/index.php` | High
-20 | File | `/obs/book.php` | High
-21 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
-22 | File | `/opt/Citrix/ICAClient/util/ctxwebhelper` | High
-23 | File | `/orrs/admin/?page=user/manage_user` | High
-24 | File | `/out.php` | Medium
-25 | File | `/products/view_product.php` | High
-26 | File | `/psrs/admin/?page=inquiries/view_inquiry` | High
-27 | File | `/reports/rwservlet` | High
-28 | File | `/shell` | Low
-29 | File | `/spip.php` | Medium
-30 | File | `/storage/poc.svg` | High
-31 | File | `/subtitles.php` | High
-32 | File | `/upload` | Low
-33 | File | `/user/upload/upload` | High
-34 | File | `/usr/bin/tddp` | High
-35 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
-36 | File | `/wp-admin/admin-ajax.php` | High
-37 | File | `/wp-json/oembed/1.0/embed?url` | High
-38 | File | `/wp-json/wc/v3/webhooks` | High
-39 | ... | ... | ...
+1 | File | `/.env` | Low
+2 | File | `/admin/index2.html` | High
+3 | File | `/admin/scripts/pi-hole/phpqueryads.php` | High
+4 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+5 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+6 | File | `/APR/signup.php` | High
+7 | File | `/as/authorization.oauth2` | High
+8 | File | `/bin/httpd` | Medium
+9 | File | `/bin/sh` | Low
+10 | File | `/boat/login.php` | High
+11 | File | `/bsms_ci/index.php/user/edit_user/` | High
+12 | File | `/cgi-bin/luci/api/auth` | High
+13 | File | `/cgi-bin/luci/api/wireless` | High
+14 | File | `/cgi-bin/wlogin.cgi` | High
+15 | File | `/cimom` | Low
+16 | File | `/context/%2e/WEB-INF/web.xml` | High
+17 | File | `/controller/OnlinePreviewController.java` | High
+18 | File | `/data/wps.setup.json` | High
+19 | File | `/debug/pprof` | Medium
+20 | File | `/ecshop/admin/template.php` | High
+21 | File | `/etc/openstack-dashboard/local_settings` | High
+22 | File | `/forum/away.php` | High
+23 | File | `/forum/PostPrivateMessage` | High
+24 | File | `/home/masterConsole` | High
+25 | File | `/home/sendBroadcast` | High
+26 | File | `/home/www/cgi-bin/login.cgi` | High
+27 | File | `/IISADMPWD` | Medium
+28 | File | `/Moosikay/order.php` | High
+29 | File | `/mygym/admin/index.php?view_exercises` | High
+30 | File | `/net-banking/customer_transactions.php` | High
+31 | File | `/out.php` | Medium
+32 | File | `/pet_shop/admin/orders/update_status.php` | High
+33 | File | `/php-opos/index.php` | High
+34 | File | `/public/login.htm` | High
+35 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
+36 | File | `/secure/QueryComponent!Default.jspa` | High
+37 | ... | ... | ...
 
-There are 332 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/GALLIUM/README.md

@@ -87,10 +87,10 @@ ID | Type | Indicator | Confidence
 9 | File | `/service/upload` | High
 10 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
 11 | File | `/uncpath/` | Medium
-12 | File | `administrator/components/com_media/helpers/media.php` | High
+12 | File | `adclick.php` | Medium
 13 | ... | ... | ...
 
-There are 98 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 104 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/GRU/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RO](https://vuldb.com/?country.ro)
 * ...
 
-There are 14 more country items available. Please use our online service to access the data.
+There are 15 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -48,20 +48,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.htaccess` | Medium
-2 | File | `/admin/students/view_student.php` | High
-3 | File | `/CommunitySSORedirect.jsp` | High
-4 | File | `/loginLess/../../etc/passwd` | High
-5 | File | `/see_more_details.php` | High
-6 | File | `/system/proxy` | High
-7 | File | `/uncpath/` | Medium
-8 | File | `accountancy/customer/card.php` | High
-9 | File | `addentry.php` | Medium
-10 | File | `add_comment.php` | High
-11 | File | `admin.php` | Medium
-12 | File | `admin/create-package.php` | High
+2 | File | `/?ajax-request=jnews` | High
+3 | File | `/admin/students/view_student.php` | High
+4 | File | `/CommunitySSORedirect.jsp` | High
+5 | File | `/loginLess/../../etc/passwd` | High
+6 | File | `/see_more_details.php` | High
+7 | File | `/system/proxy` | High
+8 | File | `/uncpath/` | Medium
+9 | File | `accountancy/customer/card.php` | High
+10 | File | `addentry.php` | Medium
+11 | File | `add_comment.php` | High
+12 | File | `admin.php` | Medium
 13 | ... | ... | ...
 
-There are 103 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 105 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Gabon/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...
 
-There are 14 more country items available. Please use our online service to access the data.
+There are 15 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -93,7 +93,7 @@ ID | Type | Indicator | Confidence
 33 | File | `application/home/controller/debug.php` | High
 34 | ... | ... | ...
 
-There are 288 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 290 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Gamaredon/README.md

@@ -45,44 +45,47 @@ ID | IP address | Hostname | Campaign | Confidence
 20 | [37.140.199.224](https://vuldb.com/?ip.37.140.199.224) | nedvizhimostdoma.ru | - | High
 21 | [45.32.149.8](https://vuldb.com/?ip.45.32.149.8) | 45.32.149.8.vultr.com | - | Medium
 22 | [45.63.42.255](https://vuldb.com/?ip.45.63.42.255) | 45.63.42.255.vultrusercontent.com | - | High
-23 | [45.77.237.252](https://vuldb.com/?ip.45.77.237.252) | 45.77.237.252.vultrusercontent.com | Ukraine Government | High
-24 | [45.134.255.131](https://vuldb.com/?ip.45.134.255.131) | - | - | High
-25 | [45.135.134.139](https://vuldb.com/?ip.45.135.134.139) | ckus.site | - | High
-26 | [68.183.3.178](https://vuldb.com/?ip.68.183.3.178) | - | - | High
-27 | [70.34.194.31](https://vuldb.com/?ip.70.34.194.31) | 70.34.194.31.vultr.com | - | Medium
-28 | [70.34.194.123](https://vuldb.com/?ip.70.34.194.123) | 70.34.194.123.vultr.com | - | Medium
-29 | [70.34.195.75](https://vuldb.com/?ip.70.34.195.75) | 70.34.195.75.vultr.com | - | Medium
-30 | [70.34.197.185](https://vuldb.com/?ip.70.34.197.185) | 70.34.197.185.vultr.com | - | Medium
-31 | [70.34.198.226](https://vuldb.com/?ip.70.34.198.226) | 70.34.198.226.vultr.com | - | Medium
-32 | [70.34.199.214](https://vuldb.com/?ip.70.34.199.214) | 70.34.199.214.vultr.com | - | Medium
-33 | [70.34.202.55](https://vuldb.com/?ip.70.34.202.55) | 70.34.202.55.vultr.com | - | Medium
-34 | [70.34.204.74](https://vuldb.com/?ip.70.34.204.74) | 70.34.204.74.vultr.com | - | Medium
-35 | [70.34.204.141](https://vuldb.com/?ip.70.34.204.141) | 70.34.204.141.vultr.com | - | Medium
-36 | [70.34.208.32](https://vuldb.com/?ip.70.34.208.32) | 70.34.208.32.vultr.com | - | Medium
-37 | [78.40.219.12](https://vuldb.com/?ip.78.40.219.12) | 628153-cn06191.tmweb.ru | Ukraine | High
-38 | [80.78.240.210](https://vuldb.com/?ip.80.78.240.210) | 80-78-240-210.cloudvps.regruhosting.ru | - | High
-39 | [80.78.241.88](https://vuldb.com/?ip.80.78.241.88) | 80-78-241-88.cloudvps.regruhosting.ru | - | High
-40 | [80.78.241.253](https://vuldb.com/?ip.80.78.241.253) | 80-78-241-253.cloudvps.regruhosting.ru | - | High
-41 | [80.78.244.124](https://vuldb.com/?ip.80.78.244.124) | 80-78-244-124.cloudvps.regruhosting.ru | - | High
-42 | [80.78.244.199](https://vuldb.com/?ip.80.78.244.199) | 80-78-244-199.cloudvps.regruhosting.ru | - | High
-43 | [80.78.245.89](https://vuldb.com/?ip.80.78.245.89) | mail-open-3.nascom.nasa.gov | - | High
-44 | [80.78.245.223](https://vuldb.com/?ip.80.78.245.223) | 80-78-245-223.cloudvps.regruhosting.ru | - | High
-45 | [80.78.245.254](https://vuldb.com/?ip.80.78.245.254) | scraper.betty.network | - | High
-46 | [80.78.248.22](https://vuldb.com/?ip.80.78.248.22) | - | - | High
-47 | [80.78.248.167](https://vuldb.com/?ip.80.78.248.167) | hadassah.moscow | - | High
-48 | [80.78.248.222](https://vuldb.com/?ip.80.78.248.222) | 80-78-248-222.cloudvps.regruhosting.ru | - | High
-49 | [80.78.251.4](https://vuldb.com/?ip.80.78.251.4) | 80-78-251-4.cloudvps.regruhosting.ru | - | High
-50 | [80.78.251.191](https://vuldb.com/?ip.80.78.251.191) | 80-78-251-191.cloudvps.regruhosting.ru | - | High
-51 | [80.78.251.231](https://vuldb.com/?ip.80.78.251.231) | 80-78-251-231.cloudvps.regruhosting.ru | - | High
-52 | [80.78.253.26](https://vuldb.com/?ip.80.78.253.26) | 80-78-253-26.cloudvps.regruhosting.ru | - | High
-53 | [80.78.253.86](https://vuldb.com/?ip.80.78.253.86) | 80-78-253-86.cloudvps.regruhosting.ru | - | High
-54 | [80.78.253.196](https://vuldb.com/?ip.80.78.253.196) | 80-78-253-196.cloudvps.regruhosting.ru | - | High
-55 | [80.78.254.238](https://vuldb.com/?ip.80.78.254.238) | 80-78-254-238.cloudvps.regruhosting.ru | - | High
-56 | [83.166.242.108](https://vuldb.com/?ip.83.166.242.108) | - | - | High
-57 | [83.166.247.110](https://vuldb.com/?ip.83.166.247.110) | - | - | High
-58 | ... | ... | ... | ...
+23 | [45.77.11.107](https://vuldb.com/?ip.45.77.11.107) | 45.77.11.107.vultrusercontent.com | - | High
+24 | [45.77.229.187](https://vuldb.com/?ip.45.77.229.187) | 45.77.229.187.vultrusercontent.com | - | High
+25 | [45.77.237.252](https://vuldb.com/?ip.45.77.237.252) | 45.77.237.252.vultrusercontent.com | Ukraine Government | High
+26 | [45.134.255.131](https://vuldb.com/?ip.45.134.255.131) | - | - | High
+27 | [45.135.134.139](https://vuldb.com/?ip.45.135.134.139) | ckus.site | - | High
+28 | [68.183.3.178](https://vuldb.com/?ip.68.183.3.178) | - | - | High
+29 | [70.34.194.31](https://vuldb.com/?ip.70.34.194.31) | 70.34.194.31.vultr.com | - | Medium
+30 | [70.34.194.123](https://vuldb.com/?ip.70.34.194.123) | 70.34.194.123.vultr.com | - | Medium
+31 | [70.34.195.75](https://vuldb.com/?ip.70.34.195.75) | 70.34.195.75.vultr.com | - | Medium
+32 | [70.34.197.185](https://vuldb.com/?ip.70.34.197.185) | 70.34.197.185.vultr.com | - | Medium
+33 | [70.34.198.226](https://vuldb.com/?ip.70.34.198.226) | 70.34.198.226.vultr.com | - | Medium
+34 | [70.34.199.214](https://vuldb.com/?ip.70.34.199.214) | 70.34.199.214.vultr.com | - | Medium
+35 | [70.34.202.55](https://vuldb.com/?ip.70.34.202.55) | 70.34.202.55.vultr.com | - | Medium
+36 | [70.34.204.74](https://vuldb.com/?ip.70.34.204.74) | 70.34.204.74.vultr.com | - | Medium
+37 | [70.34.204.141](https://vuldb.com/?ip.70.34.204.141) | 70.34.204.141.vultr.com | - | Medium
+38 | [70.34.208.32](https://vuldb.com/?ip.70.34.208.32) | 70.34.208.32.vultr.com | - | Medium
+39 | [78.40.219.12](https://vuldb.com/?ip.78.40.219.12) | 628153-cn06191.tmweb.ru | Ukraine | High
+40 | [80.78.240.210](https://vuldb.com/?ip.80.78.240.210) | 80-78-240-210.cloudvps.regruhosting.ru | - | High
+41 | [80.78.241.88](https://vuldb.com/?ip.80.78.241.88) | 80-78-241-88.cloudvps.regruhosting.ru | - | High
+42 | [80.78.241.253](https://vuldb.com/?ip.80.78.241.253) | 80-78-241-253.cloudvps.regruhosting.ru | - | High
+43 | [80.78.244.124](https://vuldb.com/?ip.80.78.244.124) | 80-78-244-124.cloudvps.regruhosting.ru | - | High
+44 | [80.78.244.199](https://vuldb.com/?ip.80.78.244.199) | 80-78-244-199.cloudvps.regruhosting.ru | - | High
+45 | [80.78.245.89](https://vuldb.com/?ip.80.78.245.89) | mail-open-3.nascom.nasa.gov | - | High
+46 | [80.78.245.223](https://vuldb.com/?ip.80.78.245.223) | 80-78-245-223.cloudvps.regruhosting.ru | - | High
+47 | [80.78.245.254](https://vuldb.com/?ip.80.78.245.254) | scraper.betty.network | - | High
+48 | [80.78.248.22](https://vuldb.com/?ip.80.78.248.22) | - | - | High
+49 | [80.78.248.167](https://vuldb.com/?ip.80.78.248.167) | hadassah.moscow | - | High
+50 | [80.78.248.222](https://vuldb.com/?ip.80.78.248.222) | 80-78-248-222.cloudvps.regruhosting.ru | - | High
+51 | [80.78.251.4](https://vuldb.com/?ip.80.78.251.4) | 80-78-251-4.cloudvps.regruhosting.ru | - | High
+52 | [80.78.251.191](https://vuldb.com/?ip.80.78.251.191) | 80-78-251-191.cloudvps.regruhosting.ru | - | High
+53 | [80.78.251.231](https://vuldb.com/?ip.80.78.251.231) | 80-78-251-231.cloudvps.regruhosting.ru | - | High
+54 | [80.78.253.26](https://vuldb.com/?ip.80.78.253.26) | 80-78-253-26.cloudvps.regruhosting.ru | - | High
+55 | [80.78.253.86](https://vuldb.com/?ip.80.78.253.86) | 80-78-253-86.cloudvps.regruhosting.ru | - | High
+56 | [80.78.253.196](https://vuldb.com/?ip.80.78.253.196) | 80-78-253-196.cloudvps.regruhosting.ru | - | High
+57 | [80.78.254.238](https://vuldb.com/?ip.80.78.254.238) | 80-78-254-238.cloudvps.regruhosting.ru | - | High
+58 | [82.146.39.104](https://vuldb.com/?ip.82.146.39.104) | web.eng | - | High
+59 | [83.166.242.108](https://vuldb.com/?ip.83.166.242.108) | - | - | High
+60 | [83.166.247.110](https://vuldb.com/?ip.83.166.247.110) | - | - | High
+61 | ... | ... | ... | ...
 
-There are 230 more IOC items available. Please use our online service to access the data.
+There are 239 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -124,6 +127,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blogs.blackberry.com/en/2023/01/gamaredon-abuses-telegram-to-target-ukrainian-organizations
 * https://cert.gov.ua/article/10702
 * https://github.com/blackorbird/APT_REPORT/blob/master/Gamaredon/Gamaredon202102_ioc1000%2B.csv
+* https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt
 * https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_JAN2022.txt
 * https://github.com/SentineLabs/Gamaredon-APT/blob/master/2020-02-04-gamaredon-blog-iocs-vk.misp.csv
 * https://github.com/stamparm/maltrail/blob/2d0339af3523b230d8e9a08efd22af032ec7a18e/trails/static/malware/apt_gamaredon.txt

actors/GandCrab/README.md

@@ -108,7 +108,7 @@ ID | Type | Indicator | Confidence
 26 | File | `admin/pageUploadCSV.php` | High
 27 | ... | ... | ...
 
-There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 230 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Gh0stRAT/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [VN](https://vuldb.com/?country.vn)
 * ...
 
-There are 9 more country items available. Please use our online service to access the data.
+There are 11 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -123,46 +123,43 @@ ID | Type | Indicator | Confidence
 8 | File | `/debug/pprof` | Medium
 9 | File | `/ebics-server/ebics.aspx` | High
 10 | File | `/ecshop/admin/template.php` | High
-11 | File | `/forum/away.php` | High
-12 | File | `/forum/PostPrivateMessage` | High
-13 | File | `/menu.html` | Medium
-14 | File | `/modules/snf/index.php` | High
-15 | File | `/obs/book.php` | High
-16 | File | `/orrs/admin/?page=user/manage_user` | High
-17 | File | `/ossn/administrator/com_installer` | High
-18 | File | `/pms/update_user.php?user_id=1` | High
-19 | File | `/resources//../` | High
-20 | File | `/subtitles.php` | High
-21 | File | `/sys/dict/queryTableData` | High
-22 | File | `/user/upload/upload` | High
-23 | File | `/vendor` | Low
-24 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
-25 | File | `accountrecoveryendpoint/recoverpassword.do` | High
-26 | File | `adclick.php` | Medium
-27 | File | `add_contestant.php` | High
-28 | File | `add_postit.php` | High
-29 | File | `admin.php` | Medium
-30 | File | `admin/index.php` | High
-31 | File | `admin/make_payments.php` | High
-32 | File | `admin/shophelp.php` | High
-33 | File | `administration.jsp` | High
-34 | File | `adminquery.php` | High
-35 | File | `ansfaq.asp` | Medium
-36 | File | `APKINDEX.tar.gz` | High
-37 | File | `app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb` | High
-38 | File | `appconfig.ini` | High
-39 | File | `appGet.cgi` | Medium
-40 | File | `artreplydelete.asp` | High
-41 | File | `AtlTraceTool8.exe` | High
-42 | File | `attachment.cgi` | High
-43 | File | `autocms.php` | Medium
-44 | File | `avahi-core/socket.c` | High
-45 | File | `base_qry_main.php` | High
-46 | File | `bgp_packet.c` | Medium
-47 | File | `Binder.java` | Medium
-48 | ... | ... | ...
+11 | File | `/etc/openstack-dashboard/local_settings` | High
+12 | File | `/forum/away.php` | High
+13 | File | `/forum/PostPrivateMessage` | High
+14 | File | `/HNAP1/SetClientInfo` | High
+15 | File | `/home/www/cgi-bin/login.cgi` | High
+16 | File | `/menu.html` | Medium
+17 | File | `/modules/snf/index.php` | High
+18 | File | `/net-banking/customer_transactions.php` | High
+19 | File | `/obs/book.php` | High
+20 | File | `/orrs/admin/?page=user/manage_user` | High
+21 | File | `/ossn/administrator/com_installer` | High
+22 | File | `/pms/update_user.php?user_id=1` | High
+23 | File | `/resources//../` | High
+24 | File | `/secure/QueryComponent!Default.jspa` | High
+25 | File | `/subtitles.php` | High
+26 | File | `/sys/dict/queryTableData` | High
+27 | File | `/user/upload/upload` | High
+28 | File | `/vendor` | Low
+29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
+30 | File | `accountrecoveryendpoint/recoverpassword.do` | High
+31 | File | `adclick.php` | Medium
+32 | File | `add_contestant.php` | High
+33 | File | `add_postit.php` | High
+34 | File | `admin.php` | Medium
+35 | File | `admin/index.php` | High
+36 | File | `admin/make_payments.php` | High
+37 | File | `admin/shophelp.php` | High
+38 | File | `admin/TemplateController.java` | High
+39 | File | `administration.jsp` | High
+40 | File | `adminquery.php` | High
+41 | File | `ansfaq.asp` | Medium
+42 | File | `ApiController.class.php` | High
+43 | File | `APKINDEX.tar.gz` | High
+44 | File | `app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb` | High
+45 | ... | ... | ...
 
-There are 412 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Gibraltar Unknown/README.md

@@ -4,17 +4,6 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
 
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gibraltar_unknown](https://vuldb.com/?actor.gibraltar_unknown)
 
-## Countries
-
-These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gibraltar Unknown:
-
-* [US](https://vuldb.com/?country.us)
-* [ES](https://vuldb.com/?country.es)
-* [RO](https://vuldb.com/?country.ro)
-* ...
-
-There are 18 more country items available. Please use our online service to access the data.
-
 ## IOC - Indicator of Compromise
 
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Gibraltar Unknown.
@@ -31,79 +20,28 @@ ID | IP address | Hostname | Campaign | Confidence
 8 | [45.12.70.84](https://vuldb.com/?ip.45.12.70.84) | feeble-log.yourbandinc.com | - | High
 9 | [45.12.71.84](https://vuldb.com/?ip.45.12.71.84) | - | - | High
 10 | [45.59.179.0](https://vuldb.com/?ip.45.59.179.0) | - | - | High
-11 | [45.157.136.0](https://vuldb.com/?ip.45.157.136.0) | - | - | High
-12 | [45.157.138.0](https://vuldb.com/?ip.45.157.138.0) | - | - | High
-13 | [85.115.128.0](https://vuldb.com/?ip.85.115.128.0) | - | - | High
-14 | [85.159.120.0](https://vuldb.com/?ip.85.159.120.0) | - | - | High
-15 | [85.208.60.0](https://vuldb.com/?ip.85.208.60.0) | - | - | High
-16 | [85.208.62.0](https://vuldb.com/?ip.85.208.62.0) | - | - | High
-17 | ... | ... | ... | ...
+11 | [45.130.164.0](https://vuldb.com/?ip.45.130.164.0) | - | - | High
+12 | [45.157.136.0](https://vuldb.com/?ip.45.157.136.0) | - | - | High
+13 | [45.157.138.0](https://vuldb.com/?ip.45.157.138.0) | - | - | High
+14 | [81.94.218.0](https://vuldb.com/?ip.81.94.218.0) | - | - | High
+15 | [85.115.128.0](https://vuldb.com/?ip.85.115.128.0) | - | - | High
+16 | [85.159.120.0](https://vuldb.com/?ip.85.159.120.0) | - | - | High
+17 | [85.208.60.0](https://vuldb.com/?ip.85.208.60.0) | - | - | High
+18 | [85.208.62.0](https://vuldb.com/?ip.85.208.62.0) | - | - | High
+19 | [91.109.248.0](https://vuldb.com/?ip.91.109.248.0) | - | - | High
+20 | [91.193.74.0](https://vuldb.com/?ip.91.193.74.0) | - | - | High
+21 | [91.198.133.0](https://vuldb.com/?ip.91.198.133.0) | - | - | High
+22 | [91.198.166.0](https://vuldb.com/?ip.91.198.166.0) | - | - | High
+23 | ... | ... | ... | ...
 
-There are 63 more IOC items available. Please use our online service to access the data.
-
-## TTP - Tactics, Techniques, Procedures
-
-_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Gibraltar Unknown_. This data is unique as it uses our predictive model for actor profiling.
-
-ID | Technique | Weakness | Description | Confidence
--- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-94 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | ... | ... | ... | ...
-
-There are 15 more TTP items available. Please use our online service to access the data.
-
-## IOA - Indicator of Attack
-
-These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Gibraltar Unknown. This data is unique as it uses our predictive model for actor profiling.
-
-ID | Type | Indicator | Confidence
--- | ---- | --------- | ----------
-1 | File | `/?Page=Node/OBJ=/System/DeviceFolder/DeviceFolder/DateTime/Action=Submit` | High
-2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
-3 | File | `/admin/ajax/avatar.php` | High
-4 | File | `/admin/index.php` | High
-5 | File | `/admin/payment.php` | High
-6 | File | `/admin/show.php` | High
-7 | File | `/default.php?idx=17` | High
-8 | File | `/download` | Medium
-9 | File | `/etc/ajenti/config.yml` | High
-10 | File | `/forum/away.php` | High
-11 | File | `/index.php` | Medium
-12 | File | `/opt/bin/cli` | Medium
-13 | File | `/p` | Low
-14 | File | `/patient/doctors.php` | High
-15 | File | `/phpinventory/editcategory.php` | High
-16 | File | `/plugins/servlet/gadgets/makeRequest` | High
-17 | File | `/product-list.php` | High
-18 | File | `/public/plugins/` | High
-19 | File | `/spip.php` | Medium
-20 | File | `/uncpath/` | Medium
-21 | File | `/updown/upload.cgi` | High
-22 | File | `/user/del.php` | High
-23 | File | `/_next` | Low
-24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-25 | File | `123flashchat.php` | High
-26 | File | `act.php` | Low
-27 | File | `admin/bad.php` | High
-28 | File | `admin/index.php` | High
-29 | File | `admin/index.php/user/del/1` | High
-30 | File | `admin/index.php?id=themes&action=edit_chunk` | High
-31 | File | `administrator/index.php` | High
-32 | File | `ajax/render/widget_php` | High
-33 | File | `album_portal.php` | High
-34 | File | `api.php` | Low
-35 | ... | ... | ...
-
-There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 89 more IOC items available. Please use our online service to access the data.
 
 ## References
 
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_gi.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_gi.netset
 
 ## Literature
 

actors/Glupteba/README.md

@@ -10,6 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [ES](https://vuldb.com/?country.es)
 * [US](https://vuldb.com/?country.us)
+* [FR](https://vuldb.com/?country.fr)
 
 ## IOC - Indicator of Compromise
 
@@ -50,8 +51,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059 | CWE-94 | Cross Site Scripting | High
-2 | T1505 | CWE-89 | SQL Injection | High
-3 | T1600 | CWE-326 | J2EE Misconfiguration: Data Transmission Without Encryption | High
+2 | T1059.007 | CWE-79 | Cross Site Scripting | High
+3 | T1505 | CWE-89 | SQL Injection | High
+4 | ... | ... | ... | ...
+
+There are 1 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 

actors/GoldBrute/README.md

@@ -10,6 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 
 * [CN](https://vuldb.com/?country.cn)
 * [US](https://vuldb.com/?country.us)
+* [IE](https://vuldb.com/?country.ie)
 
 ## IOC - Indicator of Compromise
 
@@ -44,7 +45,7 @@ ID | Type | Indicator | Confidence
 3 | File | `CartView.php` | Medium
 4 | ... | ... | ...
 
-There are 13 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Grabit/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [GB](https://vuldb.com/?country.gb)
 * ...
 
-There are 21 more country items available. Please use our online service to access the data.
+There are 22 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -53,65 +53,66 @@ ID | Type | Indicator | Confidence
 2 | File | `/Admin/add-student.php` | High
 3 | File | `/admin/api/admin/articles/` | High
 4 | File | `/admin/conferences/list/` | High
-5 | File | `/admin/edit_admin_details.php?id=admin` | High
-6 | File | `/admin/generalsettings.php` | High
-7 | File | `/Admin/login.php` | High
-8 | File | `/admin/payment.php` | High
-9 | File | `/admin/reports.php` | High
-10 | File | `/admin/showbad.php` | High
-11 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
-12 | File | `/adms/admin/?page=vehicles/view_transaction` | High
-13 | File | `/apilog.php` | Medium
-14 | File | `/bin/httpd` | Medium
-15 | File | `/cgi-bin/wlogin.cgi` | High
-16 | File | `/connectors/index.php` | High
-17 | File | `/dev/block/mmcblk0rpmb` | High
-18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
-19 | File | `/face-recognition-php/facepay-master/camera.php` | High
-20 | File | `/forum/away.php` | High
-21 | File | `/fos/admin/ajax.php?action=login` | High
-22 | File | `/fos/admin/index.php?page=menu` | High
-23 | File | `/home/masterConsole` | High
-24 | File | `/home/sendBroadcast` | High
-25 | File | `/hrm/employeeadd.php` | High
-26 | File | `/hrm/employeeview.php` | High
-27 | File | `/index.php` | Medium
-28 | File | `/Items/*/RemoteImages/Download` | High
-29 | File | `/items/view_item.php` | High
-30 | File | `/jsoa/hntdCustomDesktopActionContent` | High
-31 | File | `/lookin/info` | Medium
-32 | File | `/manager/index.php` | High
-33 | File | `/medical/inventories.php` | High
-34 | File | `/modules/profile/index.php` | High
-35 | File | `/modules/projects/vw_files.php` | High
-36 | File | `/modules/public/calendar.php` | High
-37 | File | `/newsDia.php` | Medium
-38 | File | `/out.php` | Medium
-39 | File | `/php-opos/index.php` | High
-40 | File | `/proxy` | Low
-41 | File | `/public/launchNewWindow.jsp` | High
-42 | File | `/Redcock-Farm/farm/category.php` | High
-43 | File | `/reports/rwservlet` | High
-44 | File | `/sacco_shield/manage_user.php` | High
-45 | File | `/spip.php` | Medium
-46 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
-47 | File | `/staff/bookdetails.php` | High
-48 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
-49 | File | `/uncpath/` | Medium
-50 | File | `/user/update_booking.php` | High
-51 | File | `/WEB-INF/web.xml` | High
-52 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
-53 | File | `/wireless/security.asp` | High
-54 | File | `/wordpress/wp-admin/options-general.php` | High
-55 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-56 | File | `01article.php` | High
-57 | File | `AbstractScheduleJob.java` | High
-58 | File | `actionphp/download.File.php` | High
-59 | File | `AdClass.php` | Medium
-60 | File | `adclick.php` | Medium
-61 | ... | ... | ...
+5 | File | `/admin/generalsettings.php` | High
+6 | File | `/Admin/login.php` | High
+7 | File | `/admin/payment.php` | High
+8 | File | `/admin/reports.php` | High
+9 | File | `/admin/showbad.php` | High
+10 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+12 | File | `/apilog.php` | Medium
+13 | File | `/bin/httpd` | Medium
+14 | File | `/cgi-bin/wlogin.cgi` | High
+15 | File | `/connectors/index.php` | High
+16 | File | `/dev/block/mmcblk0rpmb` | High
+17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+18 | File | `/face-recognition-php/facepay-master/camera.php` | High
+19 | File | `/forum/away.php` | High
+20 | File | `/fos/admin/ajax.php?action=login` | High
+21 | File | `/fos/admin/index.php?page=menu` | High
+22 | File | `/home/masterConsole` | High
+23 | File | `/home/sendBroadcast` | High
+24 | File | `/hrm/employeeadd.php` | High
+25 | File | `/hrm/employeeview.php` | High
+26 | File | `/index.php` | Medium
+27 | File | `/items/view_item.php` | High
+28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+29 | File | `/lookin/info` | Medium
+30 | File | `/manager/index.php` | High
+31 | File | `/medical/inventories.php` | High
+32 | File | `/modules/profile/index.php` | High
+33 | File | `/modules/projects/vw_files.php` | High
+34 | File | `/modules/public/calendar.php` | High
+35 | File | `/mygym/admin/index.php?view_exercises` | High
+36 | File | `/newsDia.php` | Medium
+37 | File | `/out.php` | Medium
+38 | File | `/php-opos/index.php` | High
+39 | File | `/proxy` | Low
+40 | File | `/public/launchNewWindow.jsp` | High
+41 | File | `/Redcock-Farm/farm/category.php` | High
+42 | File | `/reports/rwservlet` | High
+43 | File | `/sacco_shield/manage_user.php` | High
+44 | File | `/spip.php` | Medium
+45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
+46 | File | `/staff/bookdetails.php` | High
+47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
+48 | File | `/uncpath/` | Medium
+49 | File | `/user/update_booking.php` | High
+50 | File | `/WEB-INF/web.xml` | High
+51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+52 | File | `/wireless/security.asp` | High
+53 | File | `/wordpress/wp-admin/options-general.php` | High
+54 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+55 | File | `01article.php` | High
+56 | File | `AbstractScheduleJob.java` | High
+57 | File | `actionphp/download.File.php` | High
+58 | File | `AdClass.php` | Medium
+59 | File | `adclick.php` | Medium
+60 | File | `addtocart.asp` | High
+61 | File | `admin.php` | Medium
+62 | ... | ... | ...
 
-There are 536 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 541 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Hafnium/README.md

@@ -33,12 +33,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-24 | Pathname Traversal | High
 2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-94 | Cross Site Scripting | High
-4 | ... | ... | ... | ...
+3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+4 | T1059.007 | CWE-79 | Cross Site Scripting | High
+5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
+6 | ... | ... | ... | ...
 
-There are 9 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -46,12 +48,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/.env` | Low
-2 | File | `/ajax/networking/get_netcfg.php` | High
-3 | File | `/auth/session` | High
-4 | ... | ... | ...
+1 | File | `.github/workflows/combine-prs.yml` | High
+2 | File | `/.env` | Low
+3 | File | `/ajax/networking/get_netcfg.php` | High
+4 | File | `/auth/session` | High
+5 | File | `/backups/` | Medium
+6 | File | `/bcms/admin/?page=user/list` | High
+7 | File | `/bin/httpd` | Medium
+8 | File | `/cardo/api` | Medium
+9 | File | `/CMD_ACCOUNT_ADMIN` | High
+10 | File | `/ecshop/admin/template.php` | High
+11 | File | `/forum/PostPrivateMessage` | High
+12 | File | `/fos/admin/ajax.php?action=login` | High
+13 | File | `/fos/admin/index.php?page=menu` | High
+14 | File | `/home/cavesConsole` | High
+15 | File | `/home/kickPlayer` | High
+16 | File | `/home/masterConsole` | High
+17 | File | `/home/sendBroadcast` | High
+18 | File | `/oews/classes/Master.php?f=update_cart` | High
+19 | File | `/param.file.tgz` | High
+20 | File | `/picturesPreview` | High
+21 | File | `/royal_event/companyprofile.php` | High
+22 | File | `/royal_event/userregister.php` | High
+23 | File | `/user/s.php` | Medium
+24 | File | `/user/updatePwd` | High
+25 | File | `/wireless/basic.asp` | High
+26 | File | `/wireless/guestnetwork.asp` | High
+27 | File | `/wireless/security.asp` | High
+28 | File | `/zoo/admin/public_html/view_accounts?type=zookeeper` | High
+29 | File | `01article.php` | High
+30 | File | `action.php` | Medium
+31 | File | `adclick.php` | Medium
+32 | File | `add-locker-form.php` | High
+33 | File | `add.php` | Low
+34 | File | `add_contestant.php` | High
+35 | File | `admin.php/index/upload because app/common/service/UploadService.php` | High
+36 | File | `admin/?page=students` | High
+37 | File | `admin/abc.php` | High
+38 | File | `admin/add_payment.php` | High
+39 | File | `admin/approve_user.php` | High
+40 | File | `admin/booking_report.php` | High
+41 | File | `admin/disapprove_user.php` | High
+42 | File | `admin/expense_report.php` | High
+43 | File | `admin/forget_password.php` | High
+44 | File | `admin/login.php` | High
+45 | File | `admin/manage-ticket.php` | High
+46 | File | `admin/manage_user.php` | High
+47 | File | `admin/page-login.php` | High
+48 | File | `admin/panels/entry/admin.entry.list.php` | High
+49 | File | `admin/panels/uploader/admin.uploader.php` | High
+50 | File | `admin/practice_pdf.php` | High
+51 | File | `admin/_cmdstat.jsp` | High
+52 | File | `administrator/components/com_joomgallery/views/config/tmpl/default.php` | High
+53 | File | `admin_class.php` | High
+54 | File | `agent/listener/templates/tail.html` | High
+55 | File | `announce.php` | Medium
+56 | File | `APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java` | High
+57 | File | `api.php` | Low
+58 | File | `api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java` | High
+59 | File | `api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java` | High
+60 | ... | ... | ...
 
-There are 22 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 522 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Hydrochasma/README.md

@@ -0,0 +1,41 @@
+# Hydrochasma - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hydrochasma](https://vuldb.com/?actor.hydrochasma). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hydrochasma](https://vuldb.com/?actor.hydrochasma)
+
+## Campaigns
+
+The following _campaigns_ are known and can be associated with Hydrochasma:
+
+* Medical and Shipping
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Hydrochasma.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [39.101.194.61](https://vuldb.com/?ip.39.101.194.61) | - | Medical and Shipping | High
+2 | [47.92.138.241](https://vuldb.com/?ip.47.92.138.241) | - | Medical and Shipping | High
+3 | [106.14.184.148](https://vuldb.com/?ip.106.14.184.148) | - | Medical and Shipping | High
+4 | ... | ... | ... | ...
+
+There are 1 more IOC items available. Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

actors/Iceland Unknown/README.md

@@ -0,0 +1,165 @@
+# Iceland Unknown - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Iceland Unknown](https://vuldb.com/?actor.iceland_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.iceland_unknown](https://vuldb.com/?actor.iceland_unknown)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Iceland Unknown:
+
+* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)
+* [GB](https://vuldb.com/?country.gb)
+* ...
+
+There are 22 more country items available. Please use our online service to access the data.
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Iceland Unknown.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [5.23.64.0](https://vuldb.com/?ip.5.23.64.0) | 5-23-64-0.du.xdsl.is | - | High
+2 | [8.39.213.0](https://vuldb.com/?ip.8.39.213.0) | - | - | High
+3 | [31.15.112.0](https://vuldb.com/?ip.31.15.112.0) | - | - | High
+4 | [31.43.172.0](https://vuldb.com/?ip.31.43.172.0) | - | - | High
+5 | [31.209.136.0](https://vuldb.com/?ip.31.209.136.0) | - | - | High
+6 | [31.209.144.0](https://vuldb.com/?ip.31.209.144.0) | 0-144-209-31.xdsl.hringdu.is | - | High
+7 | [31.209.192.0](https://vuldb.com/?ip.31.209.192.0) | - | - | High
+8 | [37.152.64.0](https://vuldb.com/?ip.37.152.64.0) | - | - | High
+9 | [37.205.32.0](https://vuldb.com/?ip.37.205.32.0) | - | - | High
+10 | [37.235.49.0](https://vuldb.com/?ip.37.235.49.0) | - | - | High
+11 | [45.89.244.0](https://vuldb.com/?ip.45.89.244.0) | - | - | High
+12 | [45.93.55.0](https://vuldb.com/?ip.45.93.55.0) | - | - | High
+13 | [45.130.121.0](https://vuldb.com/?ip.45.130.121.0) | - | - | High
+14 | [45.133.192.0](https://vuldb.com/?ip.45.133.192.0) | - | - | High
+15 | [45.140.96.0](https://vuldb.com/?ip.45.140.96.0) | - | - | High
+16 | [46.22.96.0](https://vuldb.com/?ip.46.22.96.0) | 0-96-22-46.internal.hringdu.is | - | High
+17 | [46.28.152.0](https://vuldb.com/?ip.46.28.152.0) | - | - | High
+18 | [46.182.184.0](https://vuldb.com/?ip.46.182.184.0) | nova-046-182-184-000.nat.novanet.is | - | High
+19 | [46.239.192.0](https://vuldb.com/?ip.46.239.192.0) | 46-239-192-0.du.xdsl.is | - | High
+20 | [57.86.80.0](https://vuldb.com/?ip.57.86.80.0) | - | - | High
+21 | [62.145.128.0](https://vuldb.com/?ip.62.145.128.0) | - | - | High
+22 | [77.73.33.0](https://vuldb.com/?ip.77.73.33.0) | - | - | High
+23 | [78.40.248.0](https://vuldb.com/?ip.78.40.248.0) | - | - | High
+24 | [79.134.224.0](https://vuldb.com/?ip.79.134.224.0) | null.fink-telecom.com | - | High
+25 | [79.134.227.0](https://vuldb.com/?ip.79.134.227.0) | - | - | High
+26 | [79.171.96.0](https://vuldb.com/?ip.79.171.96.0) | - | - | High
+27 | [80.248.16.0](https://vuldb.com/?ip.80.248.16.0) | - | - | High
+28 | [80.249.116.0](https://vuldb.com/?ip.80.249.116.0) | - | - | High
+29 | [81.15.0.0](https://vuldb.com/?ip.81.15.0.0) | - | - | High
+30 | [82.112.64.0](https://vuldb.com/?ip.82.112.64.0) | - | - | High
+31 | [82.148.64.0](https://vuldb.com/?ip.82.148.64.0) | - | - | High
+32 | [82.221.0.0](https://vuldb.com/?ip.82.221.0.0) | - | - | High
+33 | [82.221.128.0](https://vuldb.com/?ip.82.221.128.0) | - | - | High
+34 | [82.221.160.0](https://vuldb.com/?ip.82.221.160.0) | - | - | High
+35 | [82.221.167.0](https://vuldb.com/?ip.82.221.167.0) | - | - | High
+36 | [82.221.168.0](https://vuldb.com/?ip.82.221.168.0) | netst10pe01.hysing.is | - | High
+37 | ... | ... | ... | ...
+
+There are 143 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Iceland Unknown_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
+
+There are 18 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Iceland Unknown. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `.github/workflows/combine-prs.yml` | High
+2 | File | `/Admin/add-student.php` | High
+3 | File | `/admin/api/admin/articles/` | High
+4 | File | `/admin/conferences/list/` | High
+5 | File | `/admin/generalsettings.php` | High
+6 | File | `/Admin/login.php` | High
+7 | File | `/admin/payment.php` | High
+8 | File | `/admin/reports.php` | High
+9 | File | `/admin/showbad.php` | High
+10 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+12 | File | `/apilog.php` | Medium
+13 | File | `/bin/httpd` | Medium
+14 | File | `/cgi-bin/wlogin.cgi` | High
+15 | File | `/connectors/index.php` | High
+16 | File | `/dev/block/mmcblk0rpmb` | High
+17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+18 | File | `/face-recognition-php/facepay-master/camera.php` | High
+19 | File | `/forum/away.php` | High
+20 | File | `/fos/admin/ajax.php?action=login` | High
+21 | File | `/fos/admin/index.php?page=menu` | High
+22 | File | `/home/masterConsole` | High
+23 | File | `/home/sendBroadcast` | High
+24 | File | `/hrm/employeeadd.php` | High
+25 | File | `/hrm/employeeview.php` | High
+26 | File | `/index.php` | Medium
+27 | File | `/items/view_item.php` | High
+28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+29 | File | `/lookin/info` | Medium
+30 | File | `/manager/index.php` | High
+31 | File | `/medical/inventories.php` | High
+32 | File | `/modules/profile/index.php` | High
+33 | File | `/modules/projects/vw_files.php` | High
+34 | File | `/modules/public/calendar.php` | High
+35 | File | `/mygym/admin/index.php?view_exercises` | High
+36 | File | `/newsDia.php` | Medium
+37 | File | `/out.php` | Medium
+38 | File | `/php-opos/index.php` | High
+39 | File | `/proxy` | Low
+40 | File | `/public/launchNewWindow.jsp` | High
+41 | File | `/Redcock-Farm/farm/category.php` | High
+42 | File | `/reports/rwservlet` | High
+43 | File | `/sacco_shield/manage_user.php` | High
+44 | File | `/spip.php` | Medium
+45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
+46 | File | `/staff/bookdetails.php` | High
+47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
+48 | File | `/uncpath/` | Medium
+49 | File | `/user/update_booking.php` | High
+50 | File | `/WEB-INF/web.xml` | High
+51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+52 | File | `/wireless/security.asp` | High
+53 | File | `/wordpress/wp-admin/options-general.php` | High
+54 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+55 | File | `01article.php` | High
+56 | File | `AbstractScheduleJob.java` | High
+57 | File | `actionphp/download.File.php` | High
+58 | File | `AdClass.php` | Medium
+59 | File | `adclick.php` | Medium
+60 | File | `addtocart.asp` | High
+61 | File | `admin.php` | Medium
+62 | ... | ... | ...
+
+There are 539 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_is.netset
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

actors/Indexsinas/README.md

@@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Indexsinas:
 
 * [VN](https://vuldb.com/?country.vn)
+* [NZ](https://vuldb.com/?country.nz)
 * [US](https://vuldb.com/?country.us)
-* [HK](https://vuldb.com/?country.hk)
 * ...
 
 There are 5 more country items available. Please use our online service to access the data.
@@ -287,14 +287,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28, CWE-425 | Pathname Traversal | High
-2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...
 
-There are 18 more TTP items available. Please use our online service to access the data.
+There are 16 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -302,51 +301,34 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `/admin/conferences/list/` | High
-3 | File | `/admin/upload/upload` | High
-4 | File | `/assets` | Low
-5 | File | `/blogengine/api/posts` | High
-6 | File | `/bsms_ci/index.php` | High
-7 | File | `/bsms_ci/index.php/user/edit_user/` | High
-8 | File | `/cgi-bin/api-get_line_status` | High
-9 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
-10 | File | `/cgi-bin/upload_vpntar` | High
-11 | File | `/cgi-bin/wlogin.cgi` | High
-12 | File | `/Content/Template/root/reverse-shell.aspx` | High
-13 | File | `/export` | Low
-14 | File | `/filemanager/upload.php` | High
-15 | File | `/forum/away.php` | High
-16 | File | `/h/calendar` | Medium
-17 | File | `/horde/util/go.php` | High
-18 | File | `/hrm/controller/employee.php` | High
-19 | File | `/hrm/employeeadd.php` | High
-20 | File | `/hrm/employeeview.php` | High
-21 | File | `/hss/admin/?page=products/manage_product` | High
-22 | File | `/ims/login.php` | High
-23 | File | `/login/index.php` | High
-24 | File | `/mhds/clinic/view_details.php` | High
-25 | File | `/modules/profile/index.php` | High
-26 | File | `/oauth/logout?redirect=url` | High
-27 | File | `/obs/book.php` | High
-28 | File | `/ossn/administrator/com_installer` | High
-29 | File | `/pms/update_user.php?user_id=1` | High
-30 | File | `/see_more_details.php` | High
-31 | File | `/services/view_service.php` | High
-32 | File | `/spip.php` | Medium
-33 | File | `/uncpath/` | Medium
-34 | File | `/user/upload/upload` | High
-35 | File | `/Users` | Low
-36 | File | `/vendor` | Low
-37 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
-38 | File | `/view-property.php` | High
-39 | File | `/wp-admin/admin-ajax.php` | High
-40 | File | `accountrecoveryendpoint/recoverpassword.do` | High
-41 | File | `adclick.php` | Medium
-42 | File | `add_contestant.php` | High
-43 | ... | ... | ...
+1 | File | `/.env` | Low
+2 | File | `//` | Low
+3 | File | `/api/admin/system/store/order/list` | High
+4 | File | `/api/blade-log/api/list` | High
+5 | File | `/api/jmeter/download/files` | High
+6 | File | `/api/v2/cli/commands` | High
+7 | File | `/APR/login.php` | High
+8 | File | `/as/authorization.oauth2` | High
+9 | File | `/bsms_ci/index.php` | High
+10 | File | `/bsms_ci/index.php/user/edit_user/` | High
+11 | File | `/cgi-bin/luci/api/auth` | High
+12 | File | `/cgi-bin/system_mgr.cgi` | High
+13 | File | `/cgi-bin/wlogin.cgi` | High
+14 | File | `/DXR.axd` | Medium
+15 | File | `/ecshop/admin/template.php` | High
+16 | File | `/filemanager/php/connector.php` | High
+17 | File | `/files/import` | High
+18 | File | `/forum/away.php` | High
+19 | File | `/forum/PostPrivateMessage` | High
+20 | File | `/home/www/cgi-bin/login.cgi` | High
+21 | File | `/hrm/employeeview.php` | High
+22 | File | `/Moosikay/order.php` | High
+23 | File | `/net-banking/customer_transactions.php` | High
+24 | File | `/net-banking/send_funds.php` | High
+25 | File | `/out.php` | Medium
+26 | ... | ... | ...
 
-There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 216 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Jordan Unknown/README.md

@@ -0,0 +1,91 @@
+# Jordan Unknown - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Jordan Unknown](https://vuldb.com/?actor.jordan_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.jordan_unknown](https://vuldb.com/?actor.jordan_unknown)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Jordan Unknown:
+
+* [JO](https://vuldb.com/?country.jo)
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Jordan Unknown.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [2.17.24.0](https://vuldb.com/?ip.2.17.24.0) | a2-17-24-0.deploy.static.akamaitechnologies.com | - | High
+2 | [5.45.128.0](https://vuldb.com/?ip.5.45.128.0) | - | - | High
+3 | [5.198.240.0](https://vuldb.com/?ip.5.198.240.0) | - | - | High
+4 | [5.199.184.0](https://vuldb.com/?ip.5.199.184.0) | - | - | High
+5 | [34.99.162.0](https://vuldb.com/?ip.34.99.162.0) | 0.162.99.34.bc.googleusercontent.com | - | Medium
+6 | [34.99.234.0](https://vuldb.com/?ip.34.99.234.0) | 0.234.99.34.bc.googleusercontent.com | - | Medium
+7 | [34.103.178.0](https://vuldb.com/?ip.34.103.178.0) | 0.178.103.34.bc.googleusercontent.com | - | Medium
+8 | [34.103.234.0](https://vuldb.com/?ip.34.103.234.0) | 0.234.103.34.bc.googleusercontent.com | - | Medium
+9 | [34.124.73.0](https://vuldb.com/?ip.34.124.73.0) | 0.73.124.34.bc.googleusercontent.com | - | Medium
+10 | [37.17.192.0](https://vuldb.com/?ip.37.17.192.0) | - | - | High
+11 | [37.44.32.0](https://vuldb.com/?ip.37.44.32.0) | - | - | High
+12 | [37.75.144.0](https://vuldb.com/?ip.37.75.144.0) | - | - | High
+13 | [37.75.146.0](https://vuldb.com/?ip.37.75.146.0) | - | - | High
+14 | [37.75.148.0](https://vuldb.com/?ip.37.75.148.0) | - | - | High
+15 | [37.123.64.0](https://vuldb.com/?ip.37.123.64.0) | - | - | High
+16 | [37.152.0.0](https://vuldb.com/?ip.37.152.0.0) | - | - | High
+17 | [37.202.64.0](https://vuldb.com/?ip.37.202.64.0) | - | - | High
+18 | [37.220.112.0](https://vuldb.com/?ip.37.220.112.0) | - | - | High
+19 | [37.252.222.0](https://vuldb.com/?ip.37.252.222.0) | - | - | High
+20 | [45.67.60.0](https://vuldb.com/?ip.45.67.60.0) | - | - | High
+21 | [45.142.197.0](https://vuldb.com/?ip.45.142.197.0) | - | - | High
+22 | [45.142.198.0](https://vuldb.com/?ip.45.142.198.0) | - | - | High
+23 | [46.23.112.0](https://vuldb.com/?ip.46.23.112.0) | - | - | High
+24 | [46.32.96.0](https://vuldb.com/?ip.46.32.96.0) | - | - | High
+25 | [46.185.128.0](https://vuldb.com/?ip.46.185.128.0) | - | - | High
+26 | [46.248.192.0](https://vuldb.com/?ip.46.248.192.0) | - | - | High
+27 | [57.83.24.0](https://vuldb.com/?ip.57.83.24.0) | - | - | High
+28 | [57.88.128.0](https://vuldb.com/?ip.57.88.128.0) | - | - | High
+29 | [57.188.4.0](https://vuldb.com/?ip.57.188.4.0) | - | - | High
+30 | [62.72.160.0](https://vuldb.com/?ip.62.72.160.0) | - | - | High
+31 | [77.245.0.0](https://vuldb.com/?ip.77.245.0.0) | - | - | High
+32 | [79.134.128.0](https://vuldb.com/?ip.79.134.128.0) | - | - | High
+33 | [79.173.192.0](https://vuldb.com/?ip.79.173.192.0) | 79.173.x.0.go.com.jo | - | High
+34 | [80.10.8.0](https://vuldb.com/?ip.80.10.8.0) | - | - | High
+35 | ... | ... | ... | ...
+
+There are 134 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Jordan Unknown_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059 | CWE-94 | Cross Site Scripting | High
+2 | T1505 | CWE-89 | SQL Injection | High
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Jordan Unknown. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | Argument | `filter_order_Dir/cat/filter_letter` | High
+2 | Argument | `quesList` | Medium
+3 | Network Port | `tcp/3389 (rdp)` | High
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_jo.netset
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

actors/Jupyter/README.md

@@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Jupyter:
 
 * [US](https://vuldb.com/?country.us)
-* [RU](https://vuldb.com/?country.ru)
 * [FR](https://vuldb.com/?country.fr)
+* [RU](https://vuldb.com/?country.ru)
 * ...
 
-There are 31 more country items available. Please use our online service to access the data.
+There are 32 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -36,14 +36,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
 2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
-4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
 5 | T1059.007 | CWE-79, CWE-80, CWE-87 | Cross Site Scripting | High
 6 | ... | ... | ... | ...
 
-There are 21 more TTP items available. Please use our online service to access the data.
+There are 22 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -73,38 +73,41 @@ ID | Type | Indicator | Confidence
 20 | File | `/api/user/upsert/<uuid>` | High
 21 | File | `/api2/html/` | Medium
 22 | File | `/apiadmin/notice/add` | High
-23 | File | `/bin/boa` | Medium
-24 | File | `/cgi-bin/wapopen` | High
-25 | File | `/cgi-bin/wlogin.cgi` | High
-26 | File | `/cgi-mod/lookup.cgi` | High
-27 | File | `/cloud_config/router_post/register` | High
-28 | File | `/dashboard/updatelogo.php` | High
-29 | File | `/designer/add/layout` | High
-30 | File | `/etc/ldap.conf` | High
-31 | File | `/etc/shadow` | Medium
-32 | File | `/filemanager/upload/drop` | High
-33 | File | `/forum/away.php` | High
-34 | File | `/h/calendar` | Medium
-35 | File | `/h/compose` | Medium
-36 | File | `/h/search?action=voicemail&action=listen` | High
-37 | File | `/iissamples` | Medium
-38 | File | `/include/chart_generator.php` | High
-39 | File | `/index.php` | Medium
-40 | File | `/librarian/bookdetails.php` | High
-41 | File | `/loginVaLidation.php` | High
-42 | File | `/manage-apartment.php` | High
-43 | File | `/manager/index.php` | High
-44 | File | `/mgmt/tm/util/bash` | High
-45 | File | `/mkshop/Men/profile.php` | High
-46 | File | `/Noxen-master/users.php` | High
-47 | File | `/opac/Actions.php?a=login` | High
-48 | File | `/owa/auth/logon.aspx` | High
-49 | File | `/p1/p2/:name` | Medium
-50 | File | `/pages/animals.php` | High
-51 | File | `/pages/processlogin.php` | High
-52 | ... | ... | ...
+23 | File | `/appliance/users?action=edit` | High
+24 | File | `/backup.pl` | Medium
+25 | File | `/cgi-bin/wapopen` | High
+26 | File | `/cgi-bin/wlogin.cgi` | High
+27 | File | `/cgi-mod/lookup.cgi` | High
+28 | File | `/cloud_config/router_post/register` | High
+29 | File | `/dashboard/updatelogo.php` | High
+30 | File | `/designer/add/layout` | High
+31 | File | `/etc/ldap.conf` | High
+32 | File | `/etc/shadow` | Medium
+33 | File | `/ext/phar/phar_object.c` | High
+34 | File | `/filemanager/upload/drop` | High
+35 | File | `/forum/away.php` | High
+36 | File | `/forum/PostPrivateMessage` | High
+37 | File | `/h/calendar` | Medium
+38 | File | `/h/compose` | Medium
+39 | File | `/h/search?action=voicemail&action=listen` | High
+40 | File | `/home/cavesConsole` | High
+41 | File | `/include/chart_generator.php` | High
+42 | File | `/index.php` | Medium
+43 | File | `/librarian/bookdetails.php` | High
+44 | File | `/login/index.php` | High
+45 | File | `/loginVaLidation.php` | High
+46 | File | `/manage-apartment.php` | High
+47 | File | `/manager/index.php` | High
+48 | File | `/mgmt/tm/util/bash` | High
+49 | File | `/mkshop/Men/profile.php` | High
+50 | File | `/Noxen-master/users.php` | High
+51 | File | `/opac/Actions.php?a=login` | High
+52 | File | `/owa/auth/logon.aspx` | High
+53 | File | `/p1/p2/:name` | Medium
+54 | File | `/pages/animals.php` | High
+55 | ... | ... | ...
 
-There are 454 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 479 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/KHRAT/README.md

@@ -60,7 +60,7 @@ ID | Type | Indicator | Confidence
 10 | File | `Config/SaveUploadedHotspotLogoFile` | High
 11 | ... | ... | ...
 
-There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 81 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Kimsuky/README.md

@@ -62,32 +62,32 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/.env` | Low
 2 | File | `/?/admin/snippet/add` | High
-3 | File | `/assets/something/services/AppModule.class` | High
-4 | File | `/bin/false` | Medium
-5 | File | `/cgi-bin/luci/api/wireless` | High
-6 | File | `/cgi-bin/webproc` | High
-7 | File | `/editsettings` | High
-8 | File | `/expert_wizard.php` | High
-9 | File | `/forum/away.php` | High
-10 | File | `/images/browserslide.jpg` | High
-11 | File | `/includes/lib/get.php` | High
-12 | File | `/login` | Low
-13 | File | `/main?cmd=invalid_browser` | High
-14 | File | `/manager?action=getlogcat` | High
-15 | File | `/mc` | Low
-16 | File | `/plugins/Dashboard/Controller.php` | High
-17 | File | `/public/plugins/` | High
-18 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
-19 | File | `/SASWebReportStudio/logonAndRender.do` | High
-20 | File | `/scas/admin/` | Medium
-21 | File | `/static/ueditor/php/controller.php` | High
-22 | File | `/tlogin.cgi` | Medium
-23 | File | `/tmp/scfgdndf` | High
-24 | File | `/uncpath/` | Medium
-25 | File | `/upload` | Low
+3 | File | `/api/upload` | Medium
+4 | File | `/assets/something/services/AppModule.class` | High
+5 | File | `/bin/false` | Medium
+6 | File | `/cgi-bin/luci/api/wireless` | High
+7 | File | `/cgi-bin/webproc` | High
+8 | File | `/editsettings` | High
+9 | File | `/expert_wizard.php` | High
+10 | File | `/forum/away.php` | High
+11 | File | `/images/browserslide.jpg` | High
+12 | File | `/includes/lib/get.php` | High
+13 | File | `/login` | Low
+14 | File | `/main?cmd=invalid_browser` | High
+15 | File | `/manager?action=getlogcat` | High
+16 | File | `/mc` | Low
+17 | File | `/plugins/Dashboard/Controller.php` | High
+18 | File | `/public/plugins/` | High
+19 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
+20 | File | `/SASWebReportStudio/logonAndRender.do` | High
+21 | File | `/scas/admin/` | Medium
+22 | File | `/static/ueditor/php/controller.php` | High
+23 | File | `/tlogin.cgi` | Medium
+24 | File | `/tmp/scfgdndf` | High
+25 | File | `/uncpath/` | Medium
 26 | ... | ... | ...
 
-There are 221 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Kiribati Unknown/README.md

@@ -26,7 +26,7 @@ ID | IP address | Hostname | Campaign | Confidence
 3 | [45.12.70.119](https://vuldb.com/?ip.45.12.70.119) | band-hump.yourbandinc.com | - | High
 4 | ... | ... | ... | ...
 
-There are 10 more IOC items available. Please use our online service to access the data.
+There are 14 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -109,6 +109,7 @@ There are 461 more IOA items available (file, library, argument, input value, pa
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_ki.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_ki.netset
 
 ## Literature
 

actors/Kuwait Unknown/README.md

@@ -24,48 +24,58 @@ ID | IP address | Hostname | Campaign | Confidence
 1 | [5.1.40.0](https://vuldb.com/?ip.5.1.40.0) | - | - | High
 2 | [5.62.60.200](https://vuldb.com/?ip.5.62.60.200) | r-200-60-62-5.consumer-pool.prcdn.net | - | High
 3 | [5.62.62.192](https://vuldb.com/?ip.5.62.62.192) | r-192-62-62-5.consumer-pool.prcdn.net | - | High
-4 | [5.175.184.128](https://vuldb.com/?ip.5.175.184.128) | - | - | High
-5 | [5.182.132.0](https://vuldb.com/?ip.5.182.132.0) | - | - | High
-6 | [31.203.0.0](https://vuldb.com/?ip.31.203.0.0) | - | - | High
-7 | [31.214.0.0](https://vuldb.com/?ip.31.214.0.0) | - | - | High
-8 | [31.217.224.0](https://vuldb.com/?ip.31.217.224.0) | - | - | High
-9 | [34.99.164.0](https://vuldb.com/?ip.34.99.164.0) | 0.164.99.34.bc.googleusercontent.com | - | Medium
-10 | [34.99.236.0](https://vuldb.com/?ip.34.99.236.0) | 0.236.99.34.bc.googleusercontent.com | - | Medium
-11 | [34.103.180.0](https://vuldb.com/?ip.34.103.180.0) | 0.180.103.34.bc.googleusercontent.com | - | Medium
-12 | [37.34.128.0](https://vuldb.com/?ip.37.34.128.0) | - | - | High
-13 | [37.36.0.0](https://vuldb.com/?ip.37.36.0.0) | - | - | High
-14 | [37.231.0.0](https://vuldb.com/?ip.37.231.0.0) | - | - | High
-15 | [45.12.70.124](https://vuldb.com/?ip.45.12.70.124) | emulation-new.yourbandinc.com | - | High
-16 | [45.12.71.124](https://vuldb.com/?ip.45.12.71.124) | - | - | High
-17 | [45.15.228.0](https://vuldb.com/?ip.45.15.228.0) | - | - | High
-18 | [45.66.0.0](https://vuldb.com/?ip.45.66.0.0) | - | - | High
-19 | [45.130.36.0](https://vuldb.com/?ip.45.130.36.0) | - | - | High
-20 | [45.158.96.0](https://vuldb.com/?ip.45.158.96.0) | - | - | High
-21 | [45.158.212.0](https://vuldb.com/?ip.45.158.212.0) | - | - | High
-22 | [46.186.128.0](https://vuldb.com/?ip.46.186.128.0) | - | - | High
-23 | [62.150.0.0](https://vuldb.com/?ip.62.150.0.0) | - | - | High
-24 | [62.215.0.0](https://vuldb.com/?ip.62.215.0.0) | - | - | High
-25 | [65.170.52.108](https://vuldb.com/?ip.65.170.52.108) | - | - | High
-26 | [69.61.23.136](https://vuldb.com/?ip.69.61.23.136) | - | - | High
-27 | [78.89.0.0](https://vuldb.com/?ip.78.89.0.0) | - | - | High
-28 | [78.154.192.0](https://vuldb.com/?ip.78.154.192.0) | - | - | High
-29 | [78.159.160.0](https://vuldb.com/?ip.78.159.160.0) | - | - | High
-30 | [80.76.166.128](https://vuldb.com/?ip.80.76.166.128) | - | - | High
-31 | [80.184.0.0](https://vuldb.com/?ip.80.184.0.0) | - | - | High
-32 | [82.116.137.160](https://vuldb.com/?ip.82.116.137.160) | - | - | High
-33 | [82.116.137.192](https://vuldb.com/?ip.82.116.137.192) | - | - | High
-34 | [82.116.138.0](https://vuldb.com/?ip.82.116.138.0) | - | - | High
-35 | [82.116.138.32](https://vuldb.com/?ip.82.116.138.32) | out.samegas.com | - | High
-36 | [82.116.138.64](https://vuldb.com/?ip.82.116.138.64) | - | - | High
-37 | [82.116.138.128](https://vuldb.com/?ip.82.116.138.128) | - | - | High
-38 | [82.116.139.0](https://vuldb.com/?ip.82.116.139.0) | - | - | High
-39 | [82.116.139.128](https://vuldb.com/?ip.82.116.139.128) | - | - | High
-40 | [82.116.140.0](https://vuldb.com/?ip.82.116.140.0) | - | - | High
-41 | [82.116.149.0](https://vuldb.com/?ip.82.116.149.0) | - | - | High
-42 | [82.116.150.0](https://vuldb.com/?ip.82.116.150.0) | - | - | High
-43 | ... | ... | ... | ...
+4 | [5.104.66.0](https://vuldb.com/?ip.5.104.66.0) | lo0.core1.xij.edgecastcdn.net | - | High
+5 | [5.175.184.128](https://vuldb.com/?ip.5.175.184.128) | - | - | High
+6 | [5.182.132.0](https://vuldb.com/?ip.5.182.132.0) | - | - | High
+7 | [23.56.240.0](https://vuldb.com/?ip.23.56.240.0) | a23-56-240-0.deploy.static.akamaitechnologies.com | - | High
+8 | [31.203.0.0](https://vuldb.com/?ip.31.203.0.0) | - | - | High
+9 | [31.214.0.0](https://vuldb.com/?ip.31.214.0.0) | - | - | High
+10 | [31.217.224.0](https://vuldb.com/?ip.31.217.224.0) | - | - | High
+11 | [34.99.164.0](https://vuldb.com/?ip.34.99.164.0) | 0.164.99.34.bc.googleusercontent.com | - | Medium
+12 | [34.99.236.0](https://vuldb.com/?ip.34.99.236.0) | 0.236.99.34.bc.googleusercontent.com | - | Medium
+13 | [34.103.180.0](https://vuldb.com/?ip.34.103.180.0) | 0.180.103.34.bc.googleusercontent.com | - | Medium
+14 | [34.103.235.0](https://vuldb.com/?ip.34.103.235.0) | 0.235.103.34.bc.googleusercontent.com | - | Medium
+15 | [34.124.74.0](https://vuldb.com/?ip.34.124.74.0) | 0.74.124.34.bc.googleusercontent.com | - | Medium
+16 | [37.34.128.0](https://vuldb.com/?ip.37.34.128.0) | - | - | High
+17 | [37.36.0.0](https://vuldb.com/?ip.37.36.0.0) | - | - | High
+18 | [37.231.0.0](https://vuldb.com/?ip.37.231.0.0) | - | - | High
+19 | [45.12.70.124](https://vuldb.com/?ip.45.12.70.124) | emulation-new.yourbandinc.com | - | High
+20 | [45.12.71.124](https://vuldb.com/?ip.45.12.71.124) | - | - | High
+21 | [45.15.228.0](https://vuldb.com/?ip.45.15.228.0) | - | - | High
+22 | [45.66.0.0](https://vuldb.com/?ip.45.66.0.0) | - | - | High
+23 | [45.130.36.0](https://vuldb.com/?ip.45.130.36.0) | - | - | High
+24 | [45.158.96.0](https://vuldb.com/?ip.45.158.96.0) | - | - | High
+25 | [45.158.212.0](https://vuldb.com/?ip.45.158.212.0) | - | - | High
+26 | [46.186.128.0](https://vuldb.com/?ip.46.186.128.0) | - | - | High
+27 | [47.246.30.0](https://vuldb.com/?ip.47.246.30.0) | - | - | High
+28 | [57.83.96.0](https://vuldb.com/?ip.57.83.96.0) | - | - | High
+29 | [57.88.144.0](https://vuldb.com/?ip.57.88.144.0) | - | - | High
+30 | [62.150.0.0](https://vuldb.com/?ip.62.150.0.0) | - | - | High
+31 | [62.209.31.0](https://vuldb.com/?ip.62.209.31.0) | 62-209-31-0.rev.bb.zain.com | - | High
+32 | [62.215.0.0](https://vuldb.com/?ip.62.215.0.0) | - | - | High
+33 | [65.170.52.108](https://vuldb.com/?ip.65.170.52.108) | - | - | High
+34 | [69.61.23.136](https://vuldb.com/?ip.69.61.23.136) | - | - | High
+35 | [77.73.198.0](https://vuldb.com/?ip.77.73.198.0) | - | - | High
+36 | [78.24.76.0](https://vuldb.com/?ip.78.24.76.0) | - | - | High
+37 | [78.89.0.0](https://vuldb.com/?ip.78.89.0.0) | - | - | High
+38 | [78.154.192.0](https://vuldb.com/?ip.78.154.192.0) | - | - | High
+39 | [78.159.160.0](https://vuldb.com/?ip.78.159.160.0) | - | - | High
+40 | [80.76.166.128](https://vuldb.com/?ip.80.76.166.128) | - | - | High
+41 | [80.184.0.0](https://vuldb.com/?ip.80.184.0.0) | - | - | High
+42 | [82.116.137.160](https://vuldb.com/?ip.82.116.137.160) | - | - | High
+43 | [82.116.137.192](https://vuldb.com/?ip.82.116.137.192) | - | - | High
+44 | [82.116.138.0](https://vuldb.com/?ip.82.116.138.0) | - | - | High
+45 | [82.116.138.32](https://vuldb.com/?ip.82.116.138.32) | out.samegas.com | - | High
+46 | [82.116.138.64](https://vuldb.com/?ip.82.116.138.64) | - | - | High
+47 | [82.116.138.128](https://vuldb.com/?ip.82.116.138.128) | - | - | High
+48 | [82.116.139.0](https://vuldb.com/?ip.82.116.139.0) | - | - | High
+49 | [82.116.139.128](https://vuldb.com/?ip.82.116.139.128) | - | - | High
+50 | [82.116.140.0](https://vuldb.com/?ip.82.116.140.0) | - | - | High
+51 | [82.116.149.0](https://vuldb.com/?ip.82.116.149.0) | - | - | High
+52 | [82.116.150.0](https://vuldb.com/?ip.82.116.150.0) | - | - | High
+53 | ... | ... | ... | ...
 
-There are 170 more IOC items available. Please use our online service to access the data.
+There are 208 more IOC items available. Please use our online service to access the data.
 
 ## TTP - Tactics, Techniques, Procedures
 
@@ -98,6 +108,7 @@ There are 14 more IOA items available (file, library, argument, input value, pat
 The following list contains _external sources_ which discuss the actor and the associated activities:
 
 * https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_kw.netset
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_kw.netset
 
 ## Literature
 

actors/Lazarus/README.md

@@ -26,7 +26,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * ...
 
-There are 13 more country items available. Please use our online service to access the data.
+There are 12 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -278,7 +278,8 @@ ID | Technique | Weakness | Description | Confidence
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
-5 | ... | ... | ... | ...
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
 
 There are 18 more TTP items available. Please use our online service to access the data.
 
@@ -295,36 +296,34 @@ ID | Type | Indicator | Confidence
 5 | File | `/bsms_ci/index.php/user/edit_user/` | High
 6 | File | `/cgi-bin/R14.2/easy1350.pl` | High
 7 | File | `/cgi-bin/R14.2/log.pl` | High
-8 | File | `/ctcprotocol/Protocol` | High
-9 | File | `/ebics-server/ebics.aspx` | High
-10 | File | `/etc/tomcat8/Catalina/attack` | High
+8 | File | `/ebics-server/ebics.aspx` | High
+9 | File | `/etc/tomcat8/Catalina/attack` | High
+10 | File | `/files/import` | High
 11 | File | `/forum/away.php` | High
 12 | File | `/hrm/controller/employee.php` | High
 13 | File | `/hrm/employeeadd.php` | High
 14 | File | `/hrm/employeeview.php` | High
 15 | File | `/ims/login.php` | High
 16 | File | `/login/index.php` | High
-17 | File | `/menu.html` | Medium
-18 | File | `/mhds/clinic/view_details.php` | High
-19 | File | `/Moosikay/order.php` | High
-20 | File | `/nova/bin/detnet` | High
-21 | File | `/out.php` | Medium
-22 | File | `/php-opos/index.php` | High
-23 | File | `/resources//../` | High
-24 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
-25 | File | `/sys/dict/queryTableData` | High
-26 | File | `/tmp/boa-temp` | High
-27 | File | `/tourism/rate_review.php` | High
-28 | File | `/uncpath/` | Medium
-29 | File | `/view-property.php` | High
-30 | File | `/wp-admin/admin-ajax.php` | High
-31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-32 | File | `action-visitor.php` | High
-33 | File | `action.php` | Medium
-34 | File | `adclick.php` | Medium
-35 | ... | ... | ...
+17 | File | `/mhds/clinic/view_details.php` | High
+18 | File | `/Moosikay/order.php` | High
+19 | File | `/nova/bin/detnet` | High
+20 | File | `/out.php` | Medium
+21 | File | `/php-opos/index.php` | High
+22 | File | `/resources//../` | High
+23 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
+24 | File | `/sys/dict/queryTableData` | High
+25 | File | `/tmp/boa-temp` | High
+26 | File | `/tourism/rate_review.php` | High
+27 | File | `/uncpath/` | Medium
+28 | File | `/view-property.php` | High
+29 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+30 | File | `action.php` | Medium
+31 | File | `adclick.php` | Medium
+32 | File | `admin.jcomments.php` | High
+33 | ... | ... | ...
 
-There are 297 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Lemon Duck/README.md

@@ -52,10 +52,9 @@ ID | Technique | Weakness | Description | Confidence
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
-5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-6 | ... | ... | ... | ...
+5 | ... | ... | ... | ...
 
-There are 20 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -63,41 +62,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.FBCIndex` | Medium
-2 | File | `/.env` | Low
-3 | File | `/.ssh/authorized_keys` | High
-4 | File | `/as/authorization.oauth2` | High
-5 | File | `/blogengine/api/posts` | High
-6 | File | `/cgi-bin/api-get_line_status` | High
-7 | File | `/cgi-bin/luci` | High
-8 | File | `/cgi-bin/luci/api/auth` | High
-9 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
-10 | File | `/cgi-bin/upload_vpntar` | High
-11 | File | `/cgi-bin/wlogin.cgi` | High
-12 | File | `/cgi/trustclustermaster.cgi` | High
-13 | File | `/Content/Template/root/reverse-shell.aspx` | High
-14 | File | `/debug/pprof` | Medium
+1 | File | `/.env` | Low
+2 | File | `/admin/edit-doc.php` | High
+3 | File | `/as/authorization.oauth2` | High
+4 | File | `/blogengine/api/posts` | High
+5 | File | `/cgi-bin/api-get_line_status` | High
+6 | File | `/cgi-bin/luci` | High
+7 | File | `/cgi-bin/luci/api/auth` | High
+8 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
+9 | File | `/cgi-bin/upload_vpntar` | High
+10 | File | `/cgi-bin/wlogin.cgi` | High
+11 | File | `/cgi/trustclustermaster.cgi` | High
+12 | File | `/Content/Template/root/reverse-shell.aspx` | High
+13 | File | `/debug/pprof` | Medium
+14 | File | `/DXR.axd` | Medium
 15 | File | `/export` | Low
-16 | File | `/forum/away.php` | High
-17 | File | `/goform/SetPptpServerCfg` | High
-18 | File | `/h/calendar` | Medium
-19 | File | `/hrm/controller/employee.php` | High
-20 | File | `/js/app.js` | Medium
-21 | File | `/login/index.php` | High
-22 | File | `/mkshope/login.php` | High
+16 | File | `/filemanager/php/connector.php` | High
+17 | File | `/forum/away.php` | High
+18 | File | `/goform/SetPptpServerCfg` | High
+19 | File | `/h/calendar` | Medium
+20 | File | `/hrm/controller/employee.php` | High
+21 | File | `/js/app.js` | Medium
+22 | File | `/login/index.php` | High
 23 | File | `/obs/book.php` | High
 24 | File | `/products/view_product.php` | High
-25 | File | `/public/launchNewWindow.jsp` | High
-26 | File | `/public/login.htm` | High
-27 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
-28 | File | `/secure/QueryComponent!Default.jspa` | High
-29 | File | `/self.key` | Medium
-30 | File | `/services/view_service.php` | High
-31 | File | `/shell` | Low
-32 | File | `/spip.php` | Medium
+25 | File | `/public/login.htm` | High
+26 | File | `/rukovoditel/index.php?module=users/login` | High
+27 | File | `/secure/QueryComponent!Default.jspa` | High
+28 | File | `/services/view_service.php` | High
+29 | File | `/shell` | Low
+30 | File | `/spip.php` | Medium
+31 | File | `/uncpath/` | Medium
+32 | File | `/usr/bin/tddp` | High
 33 | ... | ... | ...
 
-There are 281 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 283 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Liberty Front Press/README.md

@@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [VN](https://vuldb.com/?country.vn)
 * ...
 
-There are 11 more country items available. Please use our online service to access the data.
+There are 14 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -90,13 +90,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1006 | CWE-21, CWE-22, CWE-28 | Pathname Traversal | High
-2 | T1055 | CWE-74 | Injection | High
-3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
-4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-5 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
 
-There are 18 more TTP items available. Please use our online service to access the data.
+There are 19 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -105,55 +106,60 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `/admin/api/theme-edit/` | High
-3 | File | `/admin/upload/upload` | High
-4 | File | `/bsms_ci/index.php/book` | High
-5 | File | `/cgi-bin/wlogin.cgi` | High
-6 | File | `/config/getuser` | High
-7 | File | `/debug/pprof` | Medium
-8 | File | `/etc/hosts` | Medium
-9 | File | `/example/editor` | High
-10 | File | `/forum/away.php` | High
-11 | File | `/HNAP1` | Low
-12 | File | `/iu-application/controllers/administration/auth.php` | High
-13 | File | `/Kofax/KFS/ThinClient/document/upload/` | High
-14 | File | `/medicines/profile.php` | High
-15 | File | `/obs/book.php` | High
-16 | File | `/ossn/administrator/com_installer` | High
-17 | File | `/param.file.tgz` | High
-18 | File | `/pms/update_user.php?user_id=1` | High
-19 | File | `/public_html/users.php` | High
-20 | File | `/spip.php` | Medium
-21 | File | `/sre/params.php` | High
-22 | File | `/tmp` | Low
-23 | File | `/user/s.php` | Medium
-24 | File | `/user/upload/upload` | High
-25 | File | `/Users` | Low
-26 | File | `/var/spool/hylafax` | High
-27 | File | `/vendor` | Low
-28 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
-29 | File | `/wireless/guestnetwork.asp` | High
-30 | File | `accountrecoveryendpoint/recoverpassword.do` | High
-31 | File | `action/addproject.php` | High
-32 | File | `adclick.php` | Medium
-33 | File | `add-locker-form.php` | High
-34 | File | `add_contestant.php` | High
-35 | File | `admin.php` | Medium
-36 | File | `admin/add_payment.php` | High
-37 | File | `admin/booking_report.php` | High
-38 | File | `admin/disapprove_user.php` | High
-39 | File | `admin/expense_report.php` | High
-40 | File | `admin/forget_password.php` | High
-41 | File | `admin/index.php` | High
-42 | File | `admin/make_payments.php` | High
-43 | File | `admin/sysCheckFile_deal.php` | High
-44 | File | `Advanced_ASUSDDNS_Content.asp` | High
-45 | File | `af_netlink.c` | Medium
-46 | File | `album_portal.php` | High
-47 | File | `application/libraries/LanguageTask.php` | High
-48 | ... | ... | ...
+2 | File | `/admin.php/accessory/filesdel.html` | High
+3 | File | `/admin/?page=user/manage` | High
+4 | File | `/admin/add-new.php` | High
+5 | File | `/admin/api/theme-edit/` | High
+6 | File | `/admin/doctors.php` | High
+7 | File | `/admin/index3.php` | High
+8 | File | `/admin/upload/upload` | High
+9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+10 | File | `/alphaware/summary.php` | High
+11 | File | `/boat/login.php` | High
+12 | File | `/bsms_ci/index.php/book` | High
+13 | File | `/cgi-bin/wlogin.cgi` | High
+14 | File | `/config/getuser` | High
+15 | File | `/debug/pprof` | Medium
+16 | File | `/ecshop/admin/template.php` | High
+17 | File | `/forum/away.php` | High
+18 | File | `/forum/PostPrivateMessage` | High
+19 | File | `/home/www/cgi-bin/login.cgi` | High
+20 | File | `/medicines/profile.php` | High
+21 | File | `/net-banking/customer_transactions.php` | High
+22 | File | `/obs/book.php` | High
+23 | File | `/ossn/administrator/com_installer` | High
+24 | File | `/param.file.tgz` | High
+25 | File | `/pms/update_user.php?user_id=1` | High
+26 | File | `/public_html/users.php` | High
+27 | File | `/reservation/add_message.php` | High
+28 | File | `/spip.php` | Medium
+29 | File | `/sre/params.php` | High
+30 | File | `/tmp` | Low
+31 | File | `/user/s.php` | Medium
+32 | File | `/user/upload/upload` | High
+33 | File | `/Users` | Low
+34 | File | `/var/spool/hylafax` | High
+35 | File | `/vendor` | Low
+36 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+37 | File | `/video-sharing-script/watch-video.php` | High
+38 | File | `/wireless/guestnetwork.asp` | High
+39 | File | `accountrecoveryendpoint/recoverpassword.do` | High
+40 | File | `AcquisiAction.class.php` | High
+41 | File | `adclick.php` | Medium
+42 | File | `add-locker-form.php` | High
+43 | File | `add_contestant.php` | High
+44 | File | `admin.php` | Medium
+45 | File | `admin/add_payment.php` | High
+46 | File | `admin/booking_report.php` | High
+47 | File | `admin/conf_users_edit.php` | High
+48 | File | `admin/disapprove_user.php` | High
+49 | File | `admin/expense_report.php` | High
+50 | File | `admin/fecalysis_form.php` | High
+51 | File | `admin/forget_password.php` | High
+52 | File | `admin/index.php` | High
+53 | ... | ... | ...
 
-There are 418 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 461 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Lithuania Unknown/README.md

@@ -0,0 +1,266 @@
+# Lithuania Unknown - Cyber Threat Intelligence
+
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Lithuania Unknown](https://vuldb.com/?actor.lithuania_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
+
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.lithuania_unknown](https://vuldb.com/?actor.lithuania_unknown)
+
+## Countries
+
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lithuania Unknown:
+
+* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)
+* [RU](https://vuldb.com/?country.ru)
+* ...
+
+There are 26 more country items available. Please use our online service to access the data.
+
+## IOC - Indicator of Compromise
+
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Lithuania Unknown.
+
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [2.56.184.0](https://vuldb.com/?ip.2.56.184.0) | - | - | High
+2 | [2.58.232.0](https://vuldb.com/?ip.2.58.232.0) | - | - | High
+3 | [2.59.150.0](https://vuldb.com/?ip.2.59.150.0) | - | - | High
+4 | [2.59.157.0](https://vuldb.com/?ip.2.59.157.0) | - | - | High
+5 | [2.249.168.0](https://vuldb.com/?ip.2.249.168.0) | - | - | High
+6 | [5.1.40.0](https://vuldb.com/?ip.5.1.40.0) | - | - | High
+7 | [5.20.0.0](https://vuldb.com/?ip.5.20.0.0) | - | - | High
+8 | [5.133.64.0](https://vuldb.com/?ip.5.133.64.0) | - | - | High
+9 | [5.188.172.0](https://vuldb.com/?ip.5.188.172.0) | subnet.infra.ds.melbicom.net | - | High
+10 | [5.199.160.0](https://vuldb.com/?ip.5.199.160.0) | - | - | High
+11 | [5.252.184.0](https://vuldb.com/?ip.5.252.184.0) | undefined.hostname.localhost | - | High
+12 | [5.253.240.0](https://vuldb.com/?ip.5.253.240.0) | - | - | High
+13 | [8.39.207.0](https://vuldb.com/?ip.8.39.207.0) | - | - | High
+14 | [31.6.54.0](https://vuldb.com/?ip.31.6.54.0) | - | - | High
+15 | [31.14.176.0](https://vuldb.com/?ip.31.14.176.0) | 31-14.network.serveriai.lt | - | High
+16 | [31.44.96.0](https://vuldb.com/?ip.31.44.96.0) | lan-31-44-96-0.vln.penki.lt | - | High
+17 | [31.135.216.0](https://vuldb.com/?ip.31.135.216.0) | - | - | High
+18 | [31.172.224.0](https://vuldb.com/?ip.31.172.224.0) | cl-31-172-224-0.fastlink.lt.224.172.31.in-addr.arpa | - | High
+19 | [31.177.8.0](https://vuldb.com/?ip.31.177.8.0) | 31-177-8-0.roventa.lt | - | High
+20 | [31.193.192.0](https://vuldb.com/?ip.31.193.192.0) | - | - | High
+21 | [31.209.64.0](https://vuldb.com/?ip.31.209.64.0) | data3-64-0.cgates.lt | - | High
+22 | [31.220.46.0](https://vuldb.com/?ip.31.220.46.0) | - | - | High
+23 | [34.99.40.0](https://vuldb.com/?ip.34.99.40.0) | 0.40.99.34.bc.googleusercontent.com | - | Medium
+24 | [34.103.34.0](https://vuldb.com/?ip.34.103.34.0) | 0.34.103.34.bc.googleusercontent.com | - | Medium
+25 | [37.0.216.0](https://vuldb.com/?ip.37.0.216.0) | m37-0-216-0.cust.tele2.lt | - | High
+26 | [37.0.224.0](https://vuldb.com/?ip.37.0.224.0) | m37-0-224-0.cust.tele2.lt | - | High
+27 | [37.156.216.0](https://vuldb.com/?ip.37.156.216.0) | - | - | High
+28 | [37.157.0.0](https://vuldb.com/?ip.37.157.0.0) | - | - | High
+29 | [37.157.144.0](https://vuldb.com/?ip.37.157.144.0) | client-37-157-144-0.cgates.lt | - | High
+30 | [37.230.180.0](https://vuldb.com/?ip.37.230.180.0) | - | - | High
+31 | [45.11.192.0](https://vuldb.com/?ip.45.11.192.0) | 45-11-192-0.netnamas.com | - | High
+32 | [45.13.52.0](https://vuldb.com/?ip.45.13.52.0) | - | - | High
+33 | [45.65.124.0](https://vuldb.com/?ip.45.65.124.0) | 45-65-124-0.kvantanetas.com | - | High
+34 | [45.66.196.0](https://vuldb.com/?ip.45.66.196.0) | 45.66.196.0.aji.lt | - | High
+35 | [45.80.216.0](https://vuldb.com/?ip.45.80.216.0) | - | - | High
+36 | [45.81.56.0](https://vuldb.com/?ip.45.81.56.0) | - | - | High
+37 | [45.81.252.0](https://vuldb.com/?ip.45.81.252.0) | - | - | High
+38 | [45.81.254.0](https://vuldb.com/?ip.45.81.254.0) | 0.i02.rfox.cloud | - | High
+39 | [45.82.32.0](https://vuldb.com/?ip.45.82.32.0) | - | - | High
+40 | [45.84.204.0](https://vuldb.com/?ip.45.84.204.0) | - | - | High
+41 | [45.84.244.0](https://vuldb.com/?ip.45.84.244.0) | cl-45-84-244-0.fastlink.lt.244.84.45.in-addr.arpa | - | High
+42 | [45.87.44.0](https://vuldb.com/?ip.45.87.44.0) | - | - | High
+43 | [45.87.106.0](https://vuldb.com/?ip.45.87.106.0) | - | - | High
+44 | [45.87.172.0](https://vuldb.com/?ip.45.87.172.0) | - | - | High
+45 | [45.88.196.0](https://vuldb.com/?ip.45.88.196.0) | - | - | High
+46 | [45.91.136.0](https://vuldb.com/?ip.45.91.136.0) | - | - | High
+47 | [45.92.188.0](https://vuldb.com/?ip.45.92.188.0) | - | - | High
+48 | [45.93.136.0](https://vuldb.com/?ip.45.93.136.0) | - | - | High
+49 | [45.123.190.0](https://vuldb.com/?ip.45.123.190.0) | - | - | High
+50 | [45.125.66.0](https://vuldb.com/?ip.45.125.66.0) | - | - | High
+51 | [45.128.160.0](https://vuldb.com/?ip.45.128.160.0) | - | - | High
+52 | [45.128.163.0](https://vuldb.com/?ip.45.128.163.0) | - | - | High
+53 | [45.130.76.0](https://vuldb.com/?ip.45.130.76.0) | network-addr | - | High
+54 | [45.134.72.0](https://vuldb.com/?ip.45.134.72.0) | - | - | High
+55 | [45.135.35.0](https://vuldb.com/?ip.45.135.35.0) | - | - | High
+56 | [45.145.32.0](https://vuldb.com/?ip.45.145.32.0) | - | - | High
+57 | [45.146.200.0](https://vuldb.com/?ip.45.146.200.0) | - | - | High
+58 | [45.147.132.0](https://vuldb.com/?ip.45.147.132.0) | - | - | High
+59 | [45.147.152.0](https://vuldb.com/?ip.45.147.152.0) | unknown | - | High
+60 | [45.152.240.0](https://vuldb.com/?ip.45.152.240.0) | - | - | High
+61 | [45.155.16.0](https://vuldb.com/?ip.45.155.16.0) | - | - | High
+62 | [46.17.174.0](https://vuldb.com/?ip.46.17.174.0) | - | - | High
+63 | [46.36.64.0](https://vuldb.com/?ip.46.36.64.0) | - | - | High
+64 | [46.166.160.0](https://vuldb.com/?ip.46.166.160.0) | - | - | High
+65 | [46.249.160.0](https://vuldb.com/?ip.46.249.160.0) | th-160-0.splius.lt | - | High
+66 | [46.251.32.0](https://vuldb.com/?ip.46.251.32.0) | data3-32-0.cgates.lt | - | High
+67 | [46.255.208.0](https://vuldb.com/?ip.46.255.208.0) | - | - | High
+68 | [57.86.164.0](https://vuldb.com/?ip.57.86.164.0) | - | - | High
+69 | [57.87.160.0](https://vuldb.com/?ip.57.87.160.0) | - | - | High
+70 | [62.77.152.0](https://vuldb.com/?ip.62.77.152.0) | 62-77.network.serveriai.lt | - | High
+71 | [62.80.224.0](https://vuldb.com/?ip.62.80.224.0) | - | - | High
+72 | [62.115.250.0](https://vuldb.com/?ip.62.115.250.0) | 62-115-64-0.teliacarrier-cust.com | - | High
+73 | [62.122.76.0](https://vuldb.com/?ip.62.122.76.0) | 62-122-76-0.static.zebra.lt | - | High
+74 | [62.192.180.0](https://vuldb.com/?ip.62.192.180.0) | - | - | High
+75 | [62.212.192.0](https://vuldb.com/?ip.62.212.192.0) | - | - | High
+76 | [64.64.111.0](https://vuldb.com/?ip.64.64.111.0) | - | - | High
+77 | [64.64.122.0](https://vuldb.com/?ip.64.64.122.0) | - | - | High
+78 | [64.64.125.0](https://vuldb.com/?ip.64.64.125.0) | - | - | High
+79 | [77.75.40.0](https://vuldb.com/?ip.77.75.40.0) | - | - | High
+80 | [77.79.0.0](https://vuldb.com/?ip.77.79.0.0) | hst-0-0.splius.lt | - | High
+81 | [77.86.253.0](https://vuldb.com/?ip.77.86.253.0) | - | - | High
+82 | [77.87.8.0](https://vuldb.com/?ip.77.87.8.0) | - | - | High
+83 | [77.90.64.0](https://vuldb.com/?ip.77.90.64.0) | - | - | High
+84 | [77.94.32.0](https://vuldb.com/?ip.77.94.32.0) | 77.94.32.0.satgate.net | - | High
+85 | [77.94.34.0](https://vuldb.com/?ip.77.94.34.0) | 77.94.34.0.satgate.net | - | High
+86 | [77.94.41.0](https://vuldb.com/?ip.77.94.41.0) | 77.94.41.0.satgate.net | - | High
+87 | [77.94.42.0](https://vuldb.com/?ip.77.94.42.0) | - | - | High
+88 | [77.94.48.0](https://vuldb.com/?ip.77.94.48.0) | 77.94.48.0.satgate.net | - | High
+89 | [77.94.51.0](https://vuldb.com/?ip.77.94.51.0) | - | - | High
+90 | [77.94.52.0](https://vuldb.com/?ip.77.94.52.0) | - | - | High
+91 | [77.221.64.0](https://vuldb.com/?ip.77.221.64.0) | data2-64-0.cgates.lt | - | High
+92 | [77.237.230.0](https://vuldb.com/?ip.77.237.230.0) | - | - | High
+93 | [77.240.248.0](https://vuldb.com/?ip.77.240.248.0) | - | - | High
+94 | [77.241.192.0](https://vuldb.com/?ip.77.241.192.0) | - | - | High
+95 | [78.31.184.0](https://vuldb.com/?ip.78.31.184.0) | ip-78-31-184-0.infiumhost.net | - | High
+96 | [78.31.188.0](https://vuldb.com/?ip.78.31.188.0) | ip-78-31-188-0.infiumhost.net | - | High
+97 | [78.31.190.0](https://vuldb.com/?ip.78.31.190.0) | ip-78-31-190-0.infiumhost.net | - | High
+98 | [78.31.224.0](https://vuldb.com/?ip.78.31.224.0) | - | - | High
+99 | [78.56.0.0](https://vuldb.com/?ip.78.56.0.0) | 78-56-0-0.static.zebra.lt | - | High
+100 | [78.138.1.0](https://vuldb.com/?ip.78.138.1.0) | - | - | High
+101 | [78.157.64.0](https://vuldb.com/?ip.78.157.64.0) | lan-78-157-64-0.vln.penki.lt | - | High
+102 | [78.158.0.0](https://vuldb.com/?ip.78.158.0.0) | cl-78-158-0-0.fastlink.lt | - | High
+103 | [79.98.24.0](https://vuldb.com/?ip.79.98.24.0) | 79-98.network.serveriai.lt | - | High
+104 | [79.132.160.0](https://vuldb.com/?ip.79.132.160.0) | - | - | High
+105 | [79.133.224.0](https://vuldb.com/?ip.79.133.224.0) | cable-224-0.cgates.lt | - | High
+106 | [79.142.112.0](https://vuldb.com/?ip.79.142.112.0) | - | - | High
+107 | [80.208.224.0](https://vuldb.com/?ip.80.208.224.0) | 80-208.network.serveriai.lt | - | High
+108 | [80.209.224.0](https://vuldb.com/?ip.80.209.224.0) | 80-209.network.serveriai.lt | - | High
+109 | [80.239.200.0](https://vuldb.com/?ip.80.239.200.0) | 80-239-200-0.teliacarrier-cust.com | - | High
+110 | [80.239.206.0](https://vuldb.com/?ip.80.239.206.0) | 80-239-206-0.teliacarrier-cust.com | - | High
+111 | [80.239.231.0](https://vuldb.com/?ip.80.239.231.0) | 80-239-231-0.teliacarrier-cust.com | - | High
+112 | [80.239.252.0](https://vuldb.com/?ip.80.239.252.0) | 80-239-252-0.teliacarrier-cust.com | - | High
+113 | [80.240.0.0](https://vuldb.com/?ip.80.240.0.0) | cable-0-0.cgates.lt | - | High
+114 | [80.243.16.0](https://vuldb.com/?ip.80.243.16.0) | data4-16-0.cgates.lt | - | High
+115 | [81.7.64.0](https://vuldb.com/?ip.81.7.64.0) | 81-7-64-0.static.zebra.lt | - | High
+116 | [81.16.224.0](https://vuldb.com/?ip.81.16.224.0) | - | - | High
+117 | [81.29.16.0](https://vuldb.com/?ip.81.29.16.0) | cable-16-0.cgates.lt | - | High
+118 | [82.135.128.0](https://vuldb.com/?ip.82.135.128.0) | 82-135-128-0.static.zebra.lt | - | High
+119 | [82.140.128.0](https://vuldb.com/?ip.82.140.128.0) | - | - | High
+120 | [82.198.0.0](https://vuldb.com/?ip.82.198.0.0) | 82.198.0.0.satgate.net | - | High
+121 | [82.198.3.0](https://vuldb.com/?ip.82.198.3.0) | 82.198.3.0.satgate.net | - | High
+122 | [82.198.6.0](https://vuldb.com/?ip.82.198.6.0) | - | - | High
+123 | [82.198.14.0](https://vuldb.com/?ip.82.198.14.0) | 82.198.14.0.satgate.net | - | High
+124 | [82.198.16.0](https://vuldb.com/?ip.82.198.16.0) | - | - | High
+125 | [82.198.18.0](https://vuldb.com/?ip.82.198.18.0) | 82.198.18.0.satgate.net | - | High
+126 | [82.198.24.0](https://vuldb.com/?ip.82.198.24.0) | 82.198.24.0.satgate.net | - | High
+127 | [82.198.27.0](https://vuldb.com/?ip.82.198.27.0) | - | - | High
+128 | [82.198.28.0](https://vuldb.com/?ip.82.198.28.0) | - | - | High
+129 | [82.198.31.0](https://vuldb.com/?ip.82.198.31.0) | 82.198.31.0.satgate.net | - | High
+130 | [83.171.0.0](https://vuldb.com/?ip.83.171.0.0) | - | - | High
+131 | [83.176.160.0](https://vuldb.com/?ip.83.176.160.0) | m83-176-160-0.cust.tele2.lt | - | High
+132 | [83.176.192.0](https://vuldb.com/?ip.83.176.192.0) | m83-176-192-0.cust.tele2.lt | - | High
+133 | [83.178.56.0](https://vuldb.com/?ip.83.178.56.0) | m83-178-56-0.cust.tele2.lt | - | High
+134 | [83.179.0.0](https://vuldb.com/?ip.83.179.0.0) | m83-179-0-0.cust.tele2.lt | - | High
+135 | [83.181.56.0](https://vuldb.com/?ip.83.181.56.0) | m83-181-56-0.cust.tele2.lt | - | High
+136 | [83.181.60.0](https://vuldb.com/?ip.83.181.60.0) | - | - | High
+137 | [83.181.64.0](https://vuldb.com/?ip.83.181.64.0) | m83-181-64-0.cust.tele2.lt | - | High
+138 | [83.181.160.0](https://vuldb.com/?ip.83.181.160.0) | m83-181-160-0.cust.tele2.lt | - | High
+139 | ... | ... | ... | ...
+
+There are 552 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Lithuania Unknown_. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1006 | CWE-21, CWE-22, CWE-28 | Pathname Traversal | High
+2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
+
+There are 21 more TTP items available. Please use our online service to access the data.
+
+## IOA - Indicator of Attack
+
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Lithuania Unknown. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Type | Indicator | Confidence
+-- | ---- | --------- | ----------
+1 | File | `.github/workflows/combine-prs.yml` | High
+2 | File | `/admin/api/admin/articles/` | High
+3 | File | `/admin/submit-articles` | High
+4 | File | `/admin/subnets/ripe-query.php` | High
+5 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
+6 | File | `/adms/admin/?page=vehicles/view_transaction` | High
+7 | File | `/apilog.php` | Medium
+8 | File | `/attachments` | Medium
+9 | File | `/bin/httpd` | Medium
+10 | File | `/bsms_ci/index.php/book` | High
+11 | File | `/context/%2e/WEB-INF/web.xml` | High
+12 | File | `/debug/pprof` | Medium
+13 | File | `/dev/block/mmcblk0rpmb` | High
+14 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
+15 | File | `/etc/hosts` | Medium
+16 | File | `/face-recognition-php/facepay-master/camera.php` | High
+17 | File | `/forum/away.php` | High
+18 | File | `/fos/admin/ajax.php?action=login` | High
+19 | File | `/fos/admin/index.php?page=menu` | High
+20 | File | `/goform/wizard_end` | High
+21 | File | `/home/masterConsole` | High
+22 | File | `/home/sendBroadcast` | High
+23 | File | `/hrm/employeeadd.php` | High
+24 | File | `/hrm/employeeview.php` | High
+25 | File | `/index.php` | Medium
+26 | File | `/items/view_item.php` | High
+27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
+28 | File | `/lookin/info` | Medium
+29 | File | `/manager/index.php` | High
+30 | File | `/medical/inventories.php` | High
+31 | File | `/medicines/profile.php` | High
+32 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
+33 | File | `/modules/profile/index.php` | High
+34 | File | `/modules/projects/vw_files.php` | High
+35 | File | `/modules/public/calendar.php` | High
+36 | File | `/mygym/admin/index.php?view_exercises` | High
+37 | File | `/newsDia.php` | Medium
+38 | File | `/out.php` | Medium
+39 | File | `/php-opos/index.php` | High
+40 | File | `/proxy` | Low
+41 | File | `/Redcock-Farm/farm/category.php` | High
+42 | File | `/reports/rwservlet` | High
+43 | File | `/spip.php` | Medium
+44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
+45 | File | `/staff/bookdetails.php` | High
+46 | File | `/tmp` | Low
+47 | File | `/uncpath/` | Medium
+48 | File | `/user/update_booking.php` | High
+49 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
+50 | File | `/video-sharing-script/watch-video.php` | High
+51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
+52 | File | `/wireless/security.asp` | High
+53 | File | `/wordpress/wp-admin/options-general.php` | High
+54 | File | `01article.php` | High
+55 | File | `AbstractScheduleJob.java` | High
+56 | File | `actionphp/download.File.php` | High
+57 | File | `ActivityRecord.java` | High
+58 | File | `adclick.php` | Medium
+59 | File | `addtocart.asp` | High
+60 | File | `admin.php` | Medium
+61 | ... | ... | ...
+
+There are 529 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+
+## References
+
+The following list contains _external sources_ which discuss the actor and the associated activities:
+
+* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_lt.netset
+
+## Literature
+
+The following _articles_ explain our unique predictive cyber threat intelligence:
+
+* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
+* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
+
+## License
+
+(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

actors/LockBit/README.md

@@ -67,7 +67,7 @@ ID | Type | Indicator | Confidence
 17 | File | `backend/Login/load/` | High
 18 | ... | ... | ...
 
-There are 142 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 150 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/LockFile/README.md

@@ -63,39 +63,39 @@ ID | Type | Indicator | Confidence
 17 | File | `/ctcprotocol/Protocol` | High
 18 | File | `/dashboard/menu-list.php` | High
 19 | File | `/data/remove` | Medium
-20 | File | `/ffos/classes/Master.php?f=save_category` | High
-21 | File | `/filemanager/upload.php` | High
-22 | File | `/forum/away.php` | High
-23 | File | `/goforms/rlminfo` | High
-24 | File | `/Items/*/RemoteImages/Download` | High
-25 | File | `/login` | Low
-26 | File | `/menu.html` | Medium
-27 | File | `/navigate/navigate_download.php` | High
-28 | File | `/ocwbs/admin/?page=user/manage_user` | High
-29 | File | `/ofrs/admin/?page=user/manage_user` | High
-30 | File | `/out.php` | Medium
-31 | File | `/owa/auth/logon.aspx` | High
-32 | File | `/password.html` | High
-33 | File | `/php_action/fetchSelectedUser.php` | High
-34 | File | `/proc/ioports` | High
-35 | File | `/property-list/property_view.php` | High
-36 | File | `/ptms/classes/Users.php` | High
-37 | File | `/resources//../` | High
-38 | File | `/rest/api/2/search` | High
-39 | File | `/s/` | Low
-40 | File | `/scripts/cpan_config` | High
-41 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-42 | File | `/services/system/setup.json` | High
-43 | File | `/spip.php` | Medium
-44 | File | `/sys/dict/queryTableData` | High
-45 | File | `/tmp` | Low
-46 | File | `/uncpath/` | Medium
-47 | File | `/vloggers_merch/?p=view_product` | High
-48 | File | `/webconsole/APIController` | High
-49 | File | `/websocket/exec` | High
+20 | File | `/ebics-server/ebics.aspx` | High
+21 | File | `/ffos/classes/Master.php?f=save_category` | High
+22 | File | `/filemanager/upload.php` | High
+23 | File | `/forum/away.php` | High
+24 | File | `/goforms/rlminfo` | High
+25 | File | `/Items/*/RemoteImages/Download` | High
+26 | File | `/login` | Low
+27 | File | `/menu.html` | Medium
+28 | File | `/navigate/navigate_download.php` | High
+29 | File | `/ocwbs/admin/?page=user/manage_user` | High
+30 | File | `/ofrs/admin/?page=user/manage_user` | High
+31 | File | `/out.php` | Medium
+32 | File | `/owa/auth/logon.aspx` | High
+33 | File | `/password.html` | High
+34 | File | `/php_action/fetchSelectedUser.php` | High
+35 | File | `/proc/ioports` | High
+36 | File | `/property-list/property_view.php` | High
+37 | File | `/ptms/classes/Users.php` | High
+38 | File | `/resources//../` | High
+39 | File | `/rest/api/2/search` | High
+40 | File | `/s/` | Low
+41 | File | `/scripts/cpan_config` | High
+42 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+43 | File | `/services/system/setup.json` | High
+44 | File | `/spip.php` | Medium
+45 | File | `/sys/dict/queryTableData` | High
+46 | File | `/tmp` | Low
+47 | File | `/uncpath/` | Medium
+48 | File | `/vloggers_merch/?p=view_product` | High
+49 | File | `/webconsole/APIController` | High
 50 | ... | ... | ...
 
-There are 434 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 431 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Lotus Blossom/README.md

@@ -64,53 +64,53 @@ ID | Type | Indicator | Confidence
 1 | File | `/+CSCOE+/logon.html` | High
 2 | File | `/cgi-bin/wapopen` | High
 3 | File | `/etc/ajenti/config.yml` | High
-4 | File | `/goform/telnet` | High
-5 | File | `/modules/profile/index.php` | High
-6 | File | `/rom-0` | Low
-7 | File | `/tmp/phpglibccheck` | High
-8 | File | `/uncpath/` | Medium
-9 | File | `/var/tmp/sess_*` | High
-10 | File | `/vmi/manager/engine/management/commands/apns_worker.py` | High
-11 | File | `action.php` | Medium
-12 | File | `actionphp/download.File.php` | High
-13 | File | `add_comment.php` | High
-14 | File | `admin/admin.php` | High
-15 | File | `admin/content.php` | High
-16 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
-17 | File | `admin/memberviewdetails.php` | High
-18 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
-19 | File | `admin_gallery.php3` | High
-20 | File | `affich.php` | Medium
-21 | File | `agent/Core/Controller/SendRequest.cpp` | High
-22 | File | `akeyActivationLogin.do` | High
-23 | File | `album_portal.php` | High
-24 | File | `apache-auth.conf` | High
-25 | File | `askapache-firefox-adsense.php` | High
-26 | File | `attachment.cgi` | High
-27 | File | `basic_search_result.php` | High
-28 | File | `blueprints/sections/edit/1` | High
-29 | File | `books.php` | Medium
-30 | File | `cart_add.php` | Medium
-31 | File | `CFS.c` | Low
-32 | File | `cgi-bin/gnudip.cgi` | High
-33 | File | `checktransferstatus.php` | High
-34 | File | `checkuser.php` | High
-35 | File | `class.SystemAction.php` | High
-36 | File | `clientarea.php` | High
-37 | File | `cmdmon.c` | Medium
-38 | File | `collectivite.class.php` | High
-39 | File | `confirm.php` | Medium
-40 | File | `contact` | Low
-41 | File | `control.c` | Medium
-42 | File | `core-util.c` | Medium
-43 | File | `core/coreuserinputhandler.cpp` | High
-44 | File | `cve-bin/moreBlockInfo.cgi` | High
-45 | File | `d1_both.c` | Medium
-46 | File | `data/gbconfiguration.dat` | High
-47 | File | `Debug_command_page.asp` | High
+4 | File | `/forum/away.php` | High
+5 | File | `/goform/telnet` | High
+6 | File | `/modules/profile/index.php` | High
+7 | File | `/rom-0` | Low
+8 | File | `/tmp/phpglibccheck` | High
+9 | File | `/uncpath/` | Medium
+10 | File | `/var/tmp/sess_*` | High
+11 | File | `/vmi/manager/engine/management/commands/apns_worker.py` | High
+12 | File | `action.php` | Medium
+13 | File | `actionphp/download.File.php` | High
+14 | File | `add_comment.php` | High
+15 | File | `admin/admin.php` | High
+16 | File | `admin/content.php` | High
+17 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
+18 | File | `admin/memberviewdetails.php` | High
+19 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
+20 | File | `admin_gallery.php3` | High
+21 | File | `affich.php` | Medium
+22 | File | `agent/Core/Controller/SendRequest.cpp` | High
+23 | File | `akeyActivationLogin.do` | High
+24 | File | `album_portal.php` | High
+25 | File | `apache-auth.conf` | High
+26 | File | `askapache-firefox-adsense.php` | High
+27 | File | `attachment.cgi` | High
+28 | File | `basic_search_result.php` | High
+29 | File | `blueprints/sections/edit/1` | High
+30 | File | `books.php` | Medium
+31 | File | `cart_add.php` | Medium
+32 | File | `CFS.c` | Low
+33 | File | `cgi-bin/gnudip.cgi` | High
+34 | File | `checktransferstatus.php` | High
+35 | File | `checkuser.php` | High
+36 | File | `class.SystemAction.php` | High
+37 | File | `clientarea.php` | High
+38 | File | `cmdmon.c` | Medium
+39 | File | `collectivite.class.php` | High
+40 | File | `confirm.php` | Medium
+41 | File | `contact` | Low
+42 | File | `control.c` | Medium
+43 | File | `core-util.c` | Medium
+44 | File | `core/coreuserinputhandler.cpp` | High
+45 | File | `cve-bin/moreBlockInfo.cgi` | High
+46 | File | `d1_both.c` | Medium
+47 | File | `data/gbconfiguration.dat` | High
 48 | ... | ... | ...
 
-There are 419 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 414 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Luna Moth/README.md

@@ -90,7 +90,7 @@ ID | Type | Indicator | Confidence
 22 | File | `cng.sys` | Low
 23 | ... | ... | ...
 
-There are 191 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 194 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Magecart/README.md

@@ -109,7 +109,7 @@ ID | Type | Indicator | Confidence
 42 | File | `/var/log/messages` | High
 43 | ... | ... | ...
 
-There are 370 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/Mars Stealer/README.md

@@ -87,9 +87,10 @@ ID | Type | Indicator | Confidence
 28 | File | `/spip.php` | Medium
 29 | File | `/uncpath/` | Medium
 30 | File | `/usr/www/ja/mnt_cmd.cgi` | High
-31 | ... | ... | ...
+31 | File | `/videotalk` | Medium
+32 | ... | ... | ...
 
-There are 264 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 272 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References