Update March 2023
这个提交包含在:
父节点
b09d019b43
当前提交
b78aaf637e
|
@ -66,12 +66,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/public/plugins/` | High
|
||||
2 | File | `/systemrw/` | Medium
|
||||
3 | File | `adm/boardgroup_form_update.php` | High
|
||||
1 | File | `/api/upload` | Medium
|
||||
2 | File | `/public/plugins/` | High
|
||||
3 | File | `/systemrw/` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 22 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [KR](https://vuldb.com/?country.kr)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -131,9 +131,10 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `/REBOOTSYSTEM` | High
|
||||
25 | File | `/replication` | Medium
|
||||
26 | File | `/RestAPI` | Medium
|
||||
27 | ... | ... | ...
|
||||
27 | File | `/tmp/zarafa-vacation-*` | High
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 229 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -64,10 +64,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -57,57 +57,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/.ssh/authorized_keys` | High
|
||||
4 | File | `/admin/default.asp` | High
|
||||
5 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
6 | File | `/app/options.py` | High
|
||||
7 | File | `/assets/ctx` | Medium
|
||||
8 | File | `/bin/httpd` | Medium
|
||||
9 | File | `/cgi-bin/wapopen` | High
|
||||
10 | File | `/ci_spms/admin/category` | High
|
||||
11 | File | `/ci_spms/admin/search/searching/` | High
|
||||
12 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
13 | File | `/classes/Master.php?f=delete_train` | High
|
||||
14 | File | `/cms/print.php` | High
|
||||
15 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
16 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
17 | File | `/ctcprotocol/Protocol` | High
|
||||
18 | File | `/dashboard/menu-list.php` | High
|
||||
19 | File | `/data/remove` | Medium
|
||||
20 | File | `/ebics-server/ebics.aspx` | High
|
||||
21 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goforms/rlminfo` | High
|
||||
24 | File | `/Items/*/RemoteImages/Download` | High
|
||||
25 | File | `/login` | Low
|
||||
26 | File | `/menu.html` | Medium
|
||||
27 | File | `/navigate/navigate_download.php` | High
|
||||
28 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
29 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/owa/auth/logon.aspx` | High
|
||||
32 | File | `/password.html` | High
|
||||
33 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
34 | File | `/proc/ioports` | High
|
||||
35 | File | `/property-list/property_view.php` | High
|
||||
36 | File | `/ptms/classes/Users.php` | High
|
||||
37 | File | `/resources//../` | High
|
||||
38 | File | `/rest/api/2/search` | High
|
||||
39 | File | `/s/` | Low
|
||||
40 | File | `/scripts/cpan_config` | High
|
||||
41 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
42 | File | `/services/system/setup.json` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/sys/dict/queryTableData` | High
|
||||
45 | File | `/tmp` | Low
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/vloggers_merch/?p=view_product` | High
|
||||
48 | File | `/webconsole/APIController` | High
|
||||
49 | File | `/websocket/exec` | High
|
||||
50 | ... | ... | ...
|
||||
2 | File | `/.ssh/authorized_keys` | High
|
||||
3 | File | `/admin/default.asp` | High
|
||||
4 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
5 | File | `/app/options.py` | High
|
||||
6 | File | `/bin/httpd` | Medium
|
||||
7 | File | `/cgi-bin/wapopen` | High
|
||||
8 | File | `/ci_spms/admin/category` | High
|
||||
9 | File | `/ci_spms/admin/search/searching/` | High
|
||||
10 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
11 | File | `/classes/Master.php?f=delete_train` | High
|
||||
12 | File | `/cms/print.php` | High
|
||||
13 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
14 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
15 | File | `/ctcprotocol/Protocol` | High
|
||||
16 | File | `/dashboard/menu-list.php` | High
|
||||
17 | File | `/data/remove` | Medium
|
||||
18 | File | `/ebics-server/ebics.aspx` | High
|
||||
19 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/goforms/rlminfo` | High
|
||||
22 | File | `/HNAP1/SetClientInfo` | High
|
||||
23 | File | `/Items/*/RemoteImages/Download` | High
|
||||
24 | File | `/login` | Low
|
||||
25 | File | `/menu.html` | Medium
|
||||
26 | File | `/navigate/navigate_download.php` | High
|
||||
27 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
28 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
29 | File | `/out.php` | Medium
|
||||
30 | File | `/owa/auth/logon.aspx` | High
|
||||
31 | File | `/password.html` | High
|
||||
32 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
33 | File | `/proc/ioports` | High
|
||||
34 | File | `/property-list/property_view.php` | High
|
||||
35 | File | `/ptms/classes/Users.php` | High
|
||||
36 | File | `/resources//../` | High
|
||||
37 | File | `/rest/api/2/search` | High
|
||||
38 | File | `/s/` | Low
|
||||
39 | File | `/scripts/cpan_config` | High
|
||||
40 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
41 | File | `/services/system/setup.json` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/sys/dict/queryTableData` | High
|
||||
44 | File | `/tmp` | Low
|
||||
45 | File | `/uncpath/` | Medium
|
||||
46 | File | `/vloggers_merch/?p=view_product` | High
|
||||
47 | File | `/webconsole/APIController` | High
|
||||
48 | File | `/websocket/exec` | High
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 429 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -74,7 +74,7 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `bb_usage_stats.php` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 112 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 113 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -90,7 +90,7 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `arch/x86/include/asm/fpu/internal.h` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 207 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 209 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [SV](https://vuldb.com/?country.sv)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -117,7 +117,7 @@ ID | Type | Indicator | Confidence
|
|||
45 | File | `addrtoname.c` | Medium
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 395 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 396 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -93,7 +93,7 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `/RestAPI` | Medium
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 266 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -80,47 +80,47 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/api/blade-log/api/list` | High
|
||||
3 | File | `/api/trackedEntityInstances` | High
|
||||
4 | File | `/application/common.php#action_log` | High
|
||||
5 | File | `/baseOpLog.do` | High
|
||||
6 | File | `/category_view.php` | High
|
||||
7 | File | `/cgi-bin/portal` | High
|
||||
8 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
9 | File | `/common/download?filename=1.jsp&delete=false` | High
|
||||
10 | File | `/csms/?page=contact_us` | High
|
||||
11 | File | `/debug` | Low
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/goform/PowerSaveSet` | High
|
||||
15 | File | `/include/make.php` | High
|
||||
16 | File | `/index.php` | Medium
|
||||
17 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
18 | File | `/lists/admin/` | High
|
||||
19 | File | `/login.cgi?logout=1` | High
|
||||
20 | File | `/medical/inventories.php` | High
|
||||
21 | File | `/members/view_member.php` | High
|
||||
22 | File | `/mgmt/tm/util/bash` | High
|
||||
23 | File | `/module/admin_logs` | High
|
||||
24 | File | `/nova/bin/console` | High
|
||||
25 | File | `/owa/auth/logon.aspx` | High
|
||||
26 | File | `/plesk-site-preview/` | High
|
||||
27 | File | `/public/login.htm` | High
|
||||
28 | File | `/public/plugins/` | High
|
||||
29 | File | `/replication` | Medium
|
||||
30 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
31 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
32 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
33 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
34 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
35 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
36 | File | `/start-stop` | Medium
|
||||
37 | File | `/start_apply.htm` | High
|
||||
38 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
39 | File | `/tmp/app/.env` | High
|
||||
40 | File | `/uncpath/` | Medium
|
||||
41 | File | `/upload` | Low
|
||||
42 | File | `/usr/bin/pkexec` | High
|
||||
43 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
44 | File | `/WEB-INF/web.xml` | High
|
||||
45 | File | `/wp-admin/admin-ajax.php` | High
|
||||
5 | File | `/authUserAction!edit.action` | High
|
||||
6 | File | `/baseOpLog.do` | High
|
||||
7 | File | `/category_view.php` | High
|
||||
8 | File | `/cgi-bin/portal` | High
|
||||
9 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
10 | File | `/common/download?filename=1.jsp&delete=false` | High
|
||||
11 | File | `/csms/?page=contact_us` | High
|
||||
12 | File | `/debug` | Low
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/goform/PowerSaveSet` | High
|
||||
16 | File | `/include/make.php` | High
|
||||
17 | File | `/index.php` | Medium
|
||||
18 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
19 | File | `/lists/admin/` | High
|
||||
20 | File | `/login.cgi?logout=1` | High
|
||||
21 | File | `/medical/inventories.php` | High
|
||||
22 | File | `/members/view_member.php` | High
|
||||
23 | File | `/mgmt/tm/util/bash` | High
|
||||
24 | File | `/module/admin_logs` | High
|
||||
25 | File | `/nova/bin/console` | High
|
||||
26 | File | `/owa/auth/logon.aspx` | High
|
||||
27 | File | `/plesk-site-preview/` | High
|
||||
28 | File | `/public/login.htm` | High
|
||||
29 | File | `/public/plugins/` | High
|
||||
30 | File | `/replication` | Medium
|
||||
31 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
32 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
33 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
34 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
35 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
36 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
37 | File | `/start-stop` | Medium
|
||||
38 | File | `/start_apply.htm` | High
|
||||
39 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
40 | File | `/tmp/app/.env` | High
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | File | `/upload` | Low
|
||||
43 | File | `/usr/bin/pkexec` | High
|
||||
44 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
45 | File | `/WEB-INF/web.xml` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 395 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -2206,7 +2206,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -2218,50 +2218,56 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin.php?action=themeinstall` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/controller/JobLogController.java` | High
|
||||
5 | File | `/admin/students/manage.php` | High
|
||||
6 | File | `/admin/subnets/ripe-query.php` | High
|
||||
7 | File | `/api/audits` | Medium
|
||||
8 | File | `/api/resource/Item?fields` | High
|
||||
9 | File | `/api/v1/attack/token` | High
|
||||
10 | File | `/balance/service/list` | High
|
||||
11 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
12 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
13 | File | `/crmeb/crmeb/services/UploadService.php` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
17 | File | `/env` | Low
|
||||
18 | File | `/etc/passwd` | Medium
|
||||
19 | File | `/etc/sudoers` | Medium
|
||||
20 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
21 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
22 | File | `/fos/admin/index.php?page=menu` | High
|
||||
23 | File | `/goform/WifiBasicSet` | High
|
||||
24 | File | `/hardware` | Medium
|
||||
25 | File | `/home/masterConsole` | High
|
||||
26 | File | `/home/sendBroadcast` | High
|
||||
27 | File | `/hrm/controller/employee.php` | High
|
||||
28 | File | `/hrm/employeeadd.php` | High
|
||||
29 | File | `/hrm/employeeview.php` | High
|
||||
30 | File | `/includes/login.php` | High
|
||||
31 | File | `/Items/*/RemoteImages/Download` | High
|
||||
32 | File | `/jerry-core/parser/js/js-scanner-util.c` | High
|
||||
33 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
34 | File | `/lookin/info` | Medium
|
||||
35 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
36 | File | `/out.php` | Medium
|
||||
37 | File | `/php-sms/classes/Master.php` | High
|
||||
38 | File | `/php-sms/classes/SystemSettings.php` | High
|
||||
39 | File | `/plugin/getList` | High
|
||||
40 | File | `/proxy` | Low
|
||||
41 | File | `/psrs/admin/?page=inquiries/view_inquiry` | High
|
||||
42 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
43 | File | `/reports/rwservlet` | High
|
||||
44 | File | `/sacco_shield/manage_payment.php` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | ... | ... | ...
|
||||
5 | File | `/admin/index2.html` | High
|
||||
6 | File | `/admin/scripts/pi-hole/phpqueryads.php` | High
|
||||
7 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
8 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
9 | File | `/api/audits` | Medium
|
||||
10 | File | `/api/resource/Item?fields` | High
|
||||
11 | File | `/APR/login.php` | High
|
||||
12 | File | `/APR/signup.php` | High
|
||||
13 | File | `/bin/httpd` | Medium
|
||||
14 | File | `/cgi-bin/kerbynet` | High
|
||||
15 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
16 | File | `/cgi-bin/wapopen` | High
|
||||
17 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
18 | File | `/controller/OnlinePreviewController.java` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
21 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
22 | File | `/env` | Low
|
||||
23 | File | `/etc/sudoers` | Medium
|
||||
24 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
27 | File | `/fos/admin/index.php?page=menu` | High
|
||||
28 | File | `/goform/WifiBasicSet` | High
|
||||
29 | File | `/hardware` | Medium
|
||||
30 | File | `/home/masterConsole` | High
|
||||
31 | File | `/home/sendBroadcast` | High
|
||||
32 | File | `/hrm/controller/employee.php` | High
|
||||
33 | File | `/hrm/employeeadd.php` | High
|
||||
34 | File | `/hrm/employeeview.php` | High
|
||||
35 | File | `/IISADMPWD` | Medium
|
||||
36 | File | `/includes/login.php` | High
|
||||
37 | File | `/index.php` | Medium
|
||||
38 | File | `/Items/*/RemoteImages/Download` | High
|
||||
39 | File | `/jerry-core/parser/js/js-scanner-util.c` | High
|
||||
40 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
41 | File | `/lookin/info` | Medium
|
||||
42 | File | `/Moosikay/order.php` | High
|
||||
43 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
44 | File | `/out.php` | Medium
|
||||
45 | File | `/pet_shop/admin/orders/update_status.php` | High
|
||||
46 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
47 | File | `/php-opos/index.php` | High
|
||||
48 | File | `/proxy` | Low
|
||||
49 | File | `/psrs/admin/?page=inquiries/view_inquiry` | High
|
||||
50 | File | `/reports/rwservlet` | High
|
||||
51 | File | `/sacco_shield/manage_payment.php` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 402 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 451 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
|
@ -84,29 +84,29 @@ ID | Type | Indicator | Confidence
|
|||
21 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
|
||||
22 | File | `/var/log/nginx` | High
|
||||
23 | File | `/var/tmp/sess_*` | High
|
||||
24 | File | `/youthappam/add-food.php` | High
|
||||
25 | File | `/youthappam/editclient.php` | High
|
||||
26 | File | `action.php` | Medium
|
||||
27 | File | `actionphp/download.File.php` | High
|
||||
28 | File | `add_comment.php` | High
|
||||
29 | File | `admin.a6mambocredits.php` | High
|
||||
30 | File | `admin.php` | Medium
|
||||
31 | File | `admin/admin.php` | High
|
||||
32 | File | `admin/content.php` | High
|
||||
33 | File | `admin/import/class-import-settings.php` | High
|
||||
34 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
35 | File | `admin/sitesettings.php` | High
|
||||
36 | File | `admin_gallery.php3` | High
|
||||
37 | File | `affich.php` | Medium
|
||||
38 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
39 | File | `akeyActivationLogin.do` | High
|
||||
40 | File | `album_portal.php` | High
|
||||
41 | File | `apache-auth.conf` | High
|
||||
42 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
|
||||
43 | File | `Asc.exe` | Low
|
||||
24 | File | `/wp-admin/options.php` | High
|
||||
25 | File | `/youthappam/add-food.php` | High
|
||||
26 | File | `/youthappam/editclient.php` | High
|
||||
27 | File | `action.php` | Medium
|
||||
28 | File | `actionphp/download.File.php` | High
|
||||
29 | File | `add_comment.php` | High
|
||||
30 | File | `admin.a6mambocredits.php` | High
|
||||
31 | File | `admin.php` | Medium
|
||||
32 | File | `admin/admin.php` | High
|
||||
33 | File | `admin/content.php` | High
|
||||
34 | File | `admin/import/class-import-settings.php` | High
|
||||
35 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
36 | File | `admin/sitesettings.php` | High
|
||||
37 | File | `admin_gallery.php3` | High
|
||||
38 | File | `affich.php` | Medium
|
||||
39 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
40 | File | `akeyActivationLogin.do` | High
|
||||
41 | File | `album_portal.php` | High
|
||||
42 | File | `apache-auth.conf` | High
|
||||
43 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 380 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -53,41 +53,41 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/.ssh/authorized_keys` | High
|
||||
3 | File | `/admin/default.asp` | High
|
||||
4 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
5 | File | `/api` | Low
|
||||
6 | File | `/app/options.py` | High
|
||||
7 | File | `/bin/httpd` | Medium
|
||||
8 | File | `/cgi-bin/wapopen` | High
|
||||
9 | File | `/ci_spms/admin/category` | High
|
||||
10 | File | `/ci_spms/admin/search/searching/` | High
|
||||
11 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
12 | File | `/classes/Master.php?f=delete_train` | High
|
||||
13 | File | `/cms/print.php` | High
|
||||
14 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
15 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
16 | File | `/ctcprotocol/Protocol` | High
|
||||
17 | File | `/dashboard/menu-list.php` | High
|
||||
18 | File | `/dashboard/updatelogo.php` | High
|
||||
19 | File | `/data/remove` | Medium
|
||||
20 | File | `/download` | Medium
|
||||
3 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
4 | File | `/api` | Low
|
||||
5 | File | `/app/options.py` | High
|
||||
6 | File | `/bin/httpd` | Medium
|
||||
7 | File | `/cgi-bin/wapopen` | High
|
||||
8 | File | `/ci_spms/admin/category` | High
|
||||
9 | File | `/ci_spms/admin/search/searching/` | High
|
||||
10 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
11 | File | `/classes/Master.php?f=delete_train` | High
|
||||
12 | File | `/cms/print.php` | High
|
||||
13 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
14 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
15 | File | `/ctcprotocol/Protocol` | High
|
||||
16 | File | `/dashboard/menu-list.php` | High
|
||||
17 | File | `/dashboard/updatelogo.php` | High
|
||||
18 | File | `/data/remove` | Medium
|
||||
19 | File | `/download` | Medium
|
||||
20 | File | `/ebics-server/ebics.aspx` | High
|
||||
21 | File | `/etc/openshift/server_priv.pem` | High
|
||||
22 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/goforms/rlminfo` | High
|
||||
25 | File | `/hospital/hms/admin/patient-search.php` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/Items/*/RemoteImages/Download` | High
|
||||
28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
29 | File | `/menu.html` | Medium
|
||||
30 | File | `/mkshop/Men/profile.php` | High
|
||||
31 | File | `/modules/announcement/index.php?view=edit` | High
|
||||
32 | File | `/navigate/navigate_download.php` | High
|
||||
33 | File | `/Noxen-master/users.php` | High
|
||||
34 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
35 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
36 | File | `/out.php` | Medium
|
||||
37 | File | `/owa/auth/logon.aspx` | High
|
||||
25 | File | `/HNAP1/SetClientInfo` | High
|
||||
26 | File | `/hospital/hms/admin/patient-search.php` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/Items/*/RemoteImages/Download` | High
|
||||
29 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
30 | File | `/menu.html` | Medium
|
||||
31 | File | `/mkshop/Men/profile.php` | High
|
||||
32 | File | `/modules/announcement/index.php?view=edit` | High
|
||||
33 | File | `/navigate/navigate_download.php` | High
|
||||
34 | File | `/Noxen-master/users.php` | High
|
||||
35 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
36 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/password.html` | High
|
||||
39 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
40 | File | `/port_3480/data_request` | High
|
||||
|
@ -97,11 +97,9 @@ ID | Type | Indicator | Confidence
|
|||
44 | File | `/resources//../` | High
|
||||
45 | File | `/rest/api/2/search` | High
|
||||
46 | File | `/s/` | Low
|
||||
47 | File | `/scripts/cpan_config` | High
|
||||
48 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
49 | ... | ... | ...
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 424 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 406 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -42,7 +42,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -57,7 +57,7 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 36 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 38 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Asia Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
@ -13650,14 +13650,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -13665,42 +13664,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$GIT_DIR/objects` | High
|
||||
2 | File | `/admin/admin.php` | High
|
||||
3 | File | `/admin/admin_manage/delete` | High
|
||||
4 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
5 | File | `/api/` | Low
|
||||
6 | File | `/backup.pl` | Medium
|
||||
7 | File | `/bin/httpd` | Medium
|
||||
8 | File | `/bin/sh` | Low
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/ecshop/admin/template.php` | High
|
||||
11 | File | `/etc/config/product.ini` | High
|
||||
12 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
13 | File | `/forms/doLogin` | High
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/forum/PostPrivateMessage` | High
|
||||
16 | File | `/home/cavesConsole` | High
|
||||
17 | File | `/home/masterConsole` | High
|
||||
18 | File | `/home/sendBroadcast` | High
|
||||
19 | File | `/oews/classes/Master.php?f=update_cart` | High
|
||||
20 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/param.file.tgz` | High
|
||||
23 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
24 | File | `/php-opos/index.php` | High
|
||||
25 | File | `/public/login.htm` | High
|
||||
26 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
27 | File | `/spip.php` | Medium
|
||||
28 | File | `/start_apply.htm` | High
|
||||
29 | File | `/tmp` | Low
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/user/updatePwd` | High
|
||||
32 | File | `/users/delete/2` | High
|
||||
33 | File | `/usr/bin/pkexec` | High
|
||||
34 | ... | ... | ...
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/edit-doc.php` | High
|
||||
8 | File | `/admin/index3.php` | High
|
||||
9 | File | `/admin/main/mod-blog` | High
|
||||
10 | File | `/admin/patient.php` | High
|
||||
11 | File | `/advanced/adv_dns.xgi` | High
|
||||
12 | File | `/agc/vicidial.php` | High
|
||||
13 | File | `/alphaware/summary.php` | High
|
||||
14 | File | `/api/admin/system/store/order/list` | High
|
||||
15 | File | `/APR/login.php` | High
|
||||
16 | File | `/APR/signup.php` | High
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/browse.PROJECTKEY` | High
|
||||
19 | File | `/cgi-bin/luci/api/auth` | High
|
||||
20 | File | `/cgi-bin/mft/wireless_mft` | High
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/edoc/doctor/patient.php` | High
|
||||
23 | File | `/filemanager/php/connector.php` | High
|
||||
24 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
25 | File | `/mims/login.php` | High
|
||||
26 | File | `/Moosikay/order.php` | High
|
||||
27 | File | `/php-scrm/login.php` | High
|
||||
28 | File | `/plugins/playbooks/api/v0/playbooks/[playbookID` | High
|
||||
29 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
30 | File | `/reservation/add_message.php` | High
|
||||
31 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
32 | File | `/rukovoditel/index.php?module=users/login` | High
|
||||
33 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
34 | File | `/static/ueditor/php/controller.php` | High
|
||||
35 | File | `/textpattern/index.php` | High
|
||||
36 | File | `/tmp` | Low
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -2002,12 +2002,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -2018,50 +2017,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$GIT_DIR/objects` | High
|
||||
2 | File | `.github/workflows/combine-prs.yml` | High
|
||||
3 | File | `/admin/admin_manage/delete` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
2 | File | `/admin.php?action=themeinstall` | High
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/admin_manage/delete` | High
|
||||
5 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
6 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
7 | File | `/alarm_pi/alarmService.php` | High
|
||||
8 | File | `/api/` | Low
|
||||
9 | File | `/bin/httpd` | Medium
|
||||
10 | File | `/bsms_ci/index.php/book` | High
|
||||
7 | File | `/api/` | Low
|
||||
8 | File | `/APR/signup.php` | High
|
||||
9 | File | `/backup.pl` | Medium
|
||||
10 | File | `/bin/httpd` | Medium
|
||||
11 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
12 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
15 | File | `/env` | Low
|
||||
12 | File | `/cgi-bin/supervisor/adcommand.cgi` | High
|
||||
13 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
14 | File | `/cmscp/ext/collect/fetch_url.do` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
17 | File | `/forms/doLogin` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/forum/PostPrivateMessage` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/home/masterConsole` | High
|
||||
23 | File | `/home/sendBroadcast` | High
|
||||
24 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
25 | File | `/login/index.php` | High
|
||||
26 | File | `/medicines/profile.php` | High
|
||||
27 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
28 | File | `/out.php` | Medium
|
||||
29 | File | `/param.file.tgz` | High
|
||||
30 | File | `/proxy` | Low
|
||||
31 | File | `/reports/rwservlet` | High
|
||||
32 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
33 | File | `/SkycaijiApp/admin/controller/Mystore.php` | High
|
||||
34 | File | `/spip.php` | Medium
|
||||
35 | File | `/template/edit` | High
|
||||
36 | File | `/tmp` | Low
|
||||
37 | File | `/uncpath/` | Medium
|
||||
38 | File | `/user/s.php` | Medium
|
||||
39 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
40 | File | `/wireless/guestnetwork.asp` | High
|
||||
41 | File | `/wireless/security.asp` | High
|
||||
42 | File | `/wp-admin/admin-ajax.php` | High
|
||||
43 | ... | ... | ...
|
||||
18 | File | `/forum/PostPrivateMessage` | High
|
||||
19 | File | `/home/masterConsole` | High
|
||||
20 | File | `/home/sendBroadcast` | High
|
||||
21 | File | `/Hospital-Management-System-master/func.php` | High
|
||||
22 | File | `/includes/login.php` | High
|
||||
23 | File | `/login/index.php` | High
|
||||
24 | File | `/mims/login.php` | High
|
||||
25 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
26 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
27 | File | `/param.file.tgz` | High
|
||||
28 | File | `/php-opos/index.php` | High
|
||||
29 | File | `/php-scrm/login.php` | High
|
||||
30 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
31 | File | `/SkycaijiApp/admin/controller/Mystore.php` | High
|
||||
32 | File | `/spip.php` | Medium
|
||||
33 | File | `/tmp` | Low
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/user/s.php` | Medium
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 373 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -62,37 +62,44 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/index3.php` | High
|
||||
4 | File | `/admin_area/login_transfer.php` | High
|
||||
5 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
6 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
7 | File | `/apply.cgi` | Medium
|
||||
8 | File | `/bsms_ci/index.php/book` | High
|
||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/ecshop/admin/template.php` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/forums.php?action=post` | High
|
||||
14 | File | `/goform/formDefault` | High
|
||||
15 | File | `/goform/formLogin` | High
|
||||
16 | File | `/goform/formSysCmd` | High
|
||||
17 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
18 | File | `/index.php` | Medium
|
||||
19 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
|
||||
20 | File | `/list.php` | Medium
|
||||
21 | File | `/login/index.php` | High
|
||||
22 | File | `/medicines/profile.php` | High
|
||||
23 | File | `/Moosikay/order.php` | High
|
||||
24 | File | `/SetNetworkSettings/SubnetMask` | High
|
||||
25 | File | `/setNTP.cgi` | Medium
|
||||
26 | File | `/spip.php` | Medium
|
||||
27 | File | `/tmp` | Low
|
||||
28 | File | `/tpts/manage_user.php` | High
|
||||
29 | File | `/user/s.php` | Medium
|
||||
30 | File | `/usr/etc/restore0.9` | High
|
||||
31 | ... | ... | ...
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/doctors.php` | High
|
||||
6 | File | `/admin/index3.php` | High
|
||||
7 | File | `/admin_area/login_transfer.php` | High
|
||||
8 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
10 | File | `/ajax/update_certificate` | High
|
||||
11 | File | `/alphaware/summary.php` | High
|
||||
12 | File | `/apply.cgi` | Medium
|
||||
13 | File | `/boat/login.php` | High
|
||||
14 | File | `/bsms_ci/index.php/book` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/debug/pprof` | Medium
|
||||
17 | File | `/ecshop/admin/template.php` | High
|
||||
18 | File | `/eduauth/student/search.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/forums.php?action=post` | High
|
||||
21 | File | `/goform/formDefault` | High
|
||||
22 | File | `/goform/formLogin` | High
|
||||
23 | File | `/goform/formSysCmd` | High
|
||||
24 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
25 | File | `/goform/WifiBasicSet` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
|
||||
28 | File | `/list.php` | Medium
|
||||
29 | File | `/login/index.php` | High
|
||||
30 | File | `/medicines/profile.php` | High
|
||||
31 | File | `/Moosikay/order.php` | High
|
||||
32 | File | `/philosophy/admin/user/controller.php?action=add` | High
|
||||
33 | File | `/php-opos/signup.php` | High
|
||||
34 | File | `/reservation/add_message.php` | High
|
||||
35 | File | `/SetNetworkSettings/SubnetMask` | High
|
||||
36 | File | `/setNTP.cgi` | Medium
|
||||
37 | File | `/spip.php` | Medium
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 267 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 327 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -79,9 +79,9 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goforms/rlminfo` | High
|
||||
23 | File | `/index.php/newsletter/subscriber/new/` | High
|
||||
24 | File | `/Items/*/RemoteImages/Download` | High
|
||||
25 | File | `/login` | Low
|
||||
23 | File | `/HNAP1/SetClientInfo` | High
|
||||
24 | File | `/index.php/newsletter/subscriber/new/` | High
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/menu.html` | Medium
|
||||
27 | File | `/mkshop/Men/profile.php` | High
|
||||
28 | File | `/navigate/navigate_download.php` | High
|
||||
|
@ -104,15 +104,15 @@ ID | Type | Indicator | Confidence
|
|||
45 | File | `/sys/dict/queryTableData` | High
|
||||
46 | File | `/tmp` | Low
|
||||
47 | File | `/uncpath/` | Medium
|
||||
48 | File | `/vloggers_merch/?p=view_product` | High
|
||||
49 | ... | ... | ...
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 426 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 419 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/eset/malware-ioc/tree/master/backdoordiplomacy
|
||||
* https://www.bitdefender.com/files/News/CaseStudies/study/426/Bitdefender-PR-Whitepaper-BackdoorDiplomacy-creat6507-en-EN.pdf
|
||||
* https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -23,19 +23,24 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.62.56.24](https://vuldb.com/?ip.5.62.56.24) | r-24-56-62-5.consumer-pool.prcdn.net | - | High
|
||||
2 | [5.62.58.24](https://vuldb.com/?ip.5.62.58.24) | r-24-58-62-5.consumer-pool.prcdn.net | - | High
|
||||
3 | [23.232.250.0](https://vuldb.com/?ip.23.232.250.0) | - | - | High
|
||||
4 | [24.51.64.0](https://vuldb.com/?ip.24.51.64.0) | - | - | High
|
||||
5 | [24.206.0.0](https://vuldb.com/?ip.24.206.0.0) | - | - | High
|
||||
6 | [24.231.32.0](https://vuldb.com/?ip.24.231.32.0) | - | - | High
|
||||
7 | [24.244.128.0](https://vuldb.com/?ip.24.244.128.0) | - | - | High
|
||||
8 | [31.220.6.0](https://vuldb.com/?ip.31.220.6.0) | - | - | High
|
||||
9 | [45.12.70.32](https://vuldb.com/?ip.45.12.70.32) | blushers.get-eye.com | - | High
|
||||
10 | [45.12.71.32](https://vuldb.com/?ip.45.12.71.32) | - | - | High
|
||||
11 | [45.62.191.48](https://vuldb.com/?ip.45.62.191.48) | - | - | High
|
||||
12 | [63.245.112.0](https://vuldb.com/?ip.63.245.112.0) | d-63-245-112-0.batelnet.bs | - | High
|
||||
13 | ... | ... | ... | ...
|
||||
3 | [23.185.48.0](https://vuldb.com/?ip.23.185.48.0) | - | - | High
|
||||
4 | [23.190.112.0](https://vuldb.com/?ip.23.190.112.0) | - | - | High
|
||||
5 | [23.232.250.0](https://vuldb.com/?ip.23.232.250.0) | - | - | High
|
||||
6 | [24.51.64.0](https://vuldb.com/?ip.24.51.64.0) | - | - | High
|
||||
7 | [24.206.0.0](https://vuldb.com/?ip.24.206.0.0) | - | - | High
|
||||
8 | [24.231.32.0](https://vuldb.com/?ip.24.231.32.0) | - | - | High
|
||||
9 | [24.244.128.0](https://vuldb.com/?ip.24.244.128.0) | - | - | High
|
||||
10 | [24.244.160.0](https://vuldb.com/?ip.24.244.160.0) | - | - | High
|
||||
11 | [24.244.168.0](https://vuldb.com/?ip.24.244.168.0) | - | - | High
|
||||
12 | [24.244.170.0](https://vuldb.com/?ip.24.244.170.0) | - | - | High
|
||||
13 | [24.244.172.0](https://vuldb.com/?ip.24.244.172.0) | - | - | High
|
||||
14 | [24.244.176.0](https://vuldb.com/?ip.24.244.176.0) | - | - | High
|
||||
15 | [31.220.6.0](https://vuldb.com/?ip.31.220.6.0) | - | - | High
|
||||
16 | [45.12.70.32](https://vuldb.com/?ip.45.12.70.32) | blushers.get-eye.com | - | High
|
||||
17 | [45.12.71.32](https://vuldb.com/?ip.45.12.71.32) | - | - | High
|
||||
18 | ... | ... | ... | ...
|
||||
|
||||
There are 46 more IOC items available. Please use our online service to access the data.
|
||||
There are 67 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -43,13 +48,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -57,70 +62,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/photo.php` | High
|
||||
2 | File | `/admin/user/add` | High
|
||||
3 | File | `/APP_Installation.asp` | High
|
||||
4 | File | `/categorypage.php` | High
|
||||
5 | File | `/cm/delete` | Medium
|
||||
6 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
7 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
8 | File | `/drivers/media/media-device.c` | High
|
||||
9 | File | `/etc/master.passwd` | High
|
||||
10 | File | `/filemanager/upload.php` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/getcfg.php` | Medium
|
||||
13 | File | `/home.php` | Medium
|
||||
14 | File | `/homeaction.php` | High
|
||||
15 | File | `/horde/util/go.php` | High
|
||||
16 | File | `/index.php` | Medium
|
||||
17 | File | `/modules/profile/index.php` | High
|
||||
18 | File | `/modules/tasks/summary.inc.php` | High
|
||||
19 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
20 | File | `/out.php` | Medium
|
||||
21 | File | `/p` | Low
|
||||
22 | File | `/preauth` | Medium
|
||||
23 | File | `/products/details.asp` | High
|
||||
24 | File | `/recordings/index.php` | High
|
||||
25 | File | `/see_more_details.php` | High
|
||||
26 | File | `/show_news.php` | High
|
||||
27 | File | `/tmp/before` | Medium
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/updownload/t.report` | High
|
||||
30 | File | `/user.profile.php` | High
|
||||
31 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
32 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
33 | File | `/wp-admin` | Medium
|
||||
34 | File | `/wp-admin/admin-ajax.php` | High
|
||||
35 | File | `account.asp` | Medium
|
||||
36 | File | `adclick.php` | Medium
|
||||
37 | File | `add_comment.php` | High
|
||||
38 | File | `adm/systools.asp` | High
|
||||
39 | File | `admin.php` | Medium
|
||||
40 | File | `admin/admin.shtml` | High
|
||||
41 | File | `Admin/ADM_Pagina.php` | High
|
||||
42 | File | `admin/category.inc.php` | High
|
||||
43 | File | `admin/main.asp` | High
|
||||
44 | File | `admin/param/param_func.inc.php` | High
|
||||
45 | File | `admin/y_admin.asp` | High
|
||||
46 | File | `adminer.php` | Medium
|
||||
47 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
48 | File | `admin_ok.asp` | Medium
|
||||
49 | File | `app/Core/Paginator.php` | High
|
||||
50 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
51 | File | `artlinks.dispnew.php` | High
|
||||
52 | File | `auth.php` | Medium
|
||||
53 | File | `bin/named/query.c` | High
|
||||
54 | File | `blank.php` | Medium
|
||||
55 | File | `blocklayered-ajax.php` | High
|
||||
56 | ... | ... | ...
|
||||
1 | File | `/?admin/user.html` | High
|
||||
2 | File | `/addnews.html` | High
|
||||
3 | File | `/admin.php?r=admin/AdminBackup/del` | High
|
||||
4 | File | `/admin/addemployee.php` | High
|
||||
5 | File | `/admin/edit.php` | High
|
||||
6 | File | `/admin/index.php/template/ajax?action=delete` | High
|
||||
7 | File | `/admin/index.php?mode=content&page=media&action=edit` | High
|
||||
8 | File | `/admin/photo.php` | High
|
||||
9 | File | `/admin/users.php?source=edit_user&id=1` | High
|
||||
10 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
11 | File | `/administrator/templates/default/html/windows/right.php` | High
|
||||
12 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
13 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
14 | File | `/demo/module/?module=HERE` | High
|
||||
15 | File | `/download/set.cgi` | High
|
||||
16 | File | `/dvcset/sysset/set.cgi` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/goform/SysToolReboot` | High
|
||||
19 | File | `/goform/WifiExtraSet` | High
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
|
||||
22 | File | `/mkshop/Men/profile.php` | High
|
||||
23 | File | `/mngset/authset` | High
|
||||
24 | File | `/mobile/downloadfile.aspx` | High
|
||||
25 | File | `/net/nfc/netlink.c` | High
|
||||
26 | File | `/out.php` | Medium
|
||||
27 | File | `/outgoing.php` | High
|
||||
28 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
29 | File | `/preauth` | Medium
|
||||
30 | File | `/presale/join` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 487 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 260 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bs.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bs.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bahrain Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,29 +21,41 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.1.42.0](https://vuldb.com/?ip.5.1.42.0) | customer.mikronet.it | - | High
|
||||
2 | [5.62.60.20](https://vuldb.com/?ip.5.62.60.20) | r-20-60-62-5.consumer-pool.prcdn.net | - | High
|
||||
3 | [5.62.62.20](https://vuldb.com/?ip.5.62.62.20) | r-20-62-62-5.consumer-pool.prcdn.net | - | High
|
||||
4 | [13.248.106.0](https://vuldb.com/?ip.13.248.106.0) | - | - | High
|
||||
5 | [15.185.0.0](https://vuldb.com/?ip.15.185.0.0) | ec2-15-185-0-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
6 | [23.247.137.0](https://vuldb.com/?ip.23.247.137.0) | - | - | High
|
||||
7 | [37.131.0.0](https://vuldb.com/?ip.37.131.0.0) | - | - | High
|
||||
8 | [45.11.72.0](https://vuldb.com/?ip.45.11.72.0) | - | - | High
|
||||
9 | [45.11.75.0](https://vuldb.com/?ip.45.11.75.0) | - | - | High
|
||||
10 | [45.12.70.23](https://vuldb.com/?ip.45.12.70.23) | dealer.get-eye.com | - | High
|
||||
11 | [45.12.71.23](https://vuldb.com/?ip.45.12.71.23) | - | - | High
|
||||
12 | [45.149.84.0](https://vuldb.com/?ip.45.149.84.0) | - | - | High
|
||||
13 | [46.42.64.0](https://vuldb.com/?ip.46.42.64.0) | - | - | High
|
||||
14 | [46.184.128.0](https://vuldb.com/?ip.46.184.128.0) | - | - | High
|
||||
15 | [46.235.208.0](https://vuldb.com/?ip.46.235.208.0) | - | - | High
|
||||
16 | [46.243.150.0](https://vuldb.com/?ip.46.243.150.0) | - | - | High
|
||||
17 | [52.93.69.0](https://vuldb.com/?ip.52.93.69.0) | - | - | High
|
||||
18 | [52.93.224.0](https://vuldb.com/?ip.52.93.224.0) | - | - | High
|
||||
19 | [52.94.249.160](https://vuldb.com/?ip.52.94.249.160) | - | - | High
|
||||
20 | [52.95.172.0](https://vuldb.com/?ip.52.95.172.0) | s3-r-w.me-south-1.amazonaws.com | - | Medium
|
||||
21 | ... | ... | ... | ...
|
||||
1 | [3.5.48.0](https://vuldb.com/?ip.3.5.48.0) | - | - | High
|
||||
2 | [3.5.220.0](https://vuldb.com/?ip.3.5.220.0) | - | - | High
|
||||
3 | [3.28.0.0](https://vuldb.com/?ip.3.28.0.0) | ec2-3-28-0-0.me-central-1.compute.amazonaws.com | - | Medium
|
||||
4 | [5.1.42.0](https://vuldb.com/?ip.5.1.42.0) | customer.mikronet.it | - | High
|
||||
5 | [5.62.60.20](https://vuldb.com/?ip.5.62.60.20) | r-20-60-62-5.consumer-pool.prcdn.net | - | High
|
||||
6 | [5.62.62.20](https://vuldb.com/?ip.5.62.62.20) | r-20-62-62-5.consumer-pool.prcdn.net | - | High
|
||||
7 | [13.34.35.0](https://vuldb.com/?ip.13.34.35.0) | - | - | High
|
||||
8 | [13.226.117.0](https://vuldb.com/?ip.13.226.117.0) | server-13-226-117-0.bah53.r.cloudfront.net | - | High
|
||||
9 | [13.226.118.0](https://vuldb.com/?ip.13.226.118.0) | server-13-226-118-0.bah53.r.cloudfront.net | - | High
|
||||
10 | [13.227.0.0](https://vuldb.com/?ip.13.227.0.0) | server-13-227-0-0.bah53.r.cloudfront.net | - | High
|
||||
11 | [13.227.4.0](https://vuldb.com/?ip.13.227.4.0) | server-13-227-4-0.bah53.r.cloudfront.net | - | High
|
||||
12 | [13.227.8.0](https://vuldb.com/?ip.13.227.8.0) | server-13-227-8-0.bah53.r.cloudfront.net | - | High
|
||||
13 | [13.248.66.0](https://vuldb.com/?ip.13.248.66.0) | - | - | High
|
||||
14 | [13.248.106.0](https://vuldb.com/?ip.13.248.106.0) | - | - | High
|
||||
15 | [15.177.87.0](https://vuldb.com/?ip.15.177.87.0) | - | - | High
|
||||
16 | [15.184.0.0](https://vuldb.com/?ip.15.184.0.0) | ec2-15-184-0-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
17 | [15.184.128.0](https://vuldb.com/?ip.15.184.128.0) | ec2-15-184-128-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
18 | [15.184.144.0](https://vuldb.com/?ip.15.184.144.0) | ec2-15-184-144-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
19 | [15.184.152.0](https://vuldb.com/?ip.15.184.152.0) | ec2-15-184-152-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
20 | [15.184.154.0](https://vuldb.com/?ip.15.184.154.0) | ec2-15-184-154-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
21 | [15.184.156.0](https://vuldb.com/?ip.15.184.156.0) | ec2-15-184-156-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
22 | [15.184.160.0](https://vuldb.com/?ip.15.184.160.0) | ec2-15-184-160-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
23 | [15.184.192.0](https://vuldb.com/?ip.15.184.192.0) | ec2-15-184-192-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
24 | [15.185.0.0](https://vuldb.com/?ip.15.185.0.0) | ec2-15-185-0-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
25 | [15.185.128.0](https://vuldb.com/?ip.15.185.128.0) | ec2-15-185-128-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
26 | [15.185.192.0](https://vuldb.com/?ip.15.185.192.0) | ec2-15-185-192-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
27 | [15.185.224.0](https://vuldb.com/?ip.15.185.224.0) | ec2-15-185-224-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
28 | [15.185.240.0](https://vuldb.com/?ip.15.185.240.0) | ec2-15-185-240-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
29 | [15.185.244.0](https://vuldb.com/?ip.15.185.244.0) | ec2-15-185-244-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
30 | [15.185.246.0](https://vuldb.com/?ip.15.185.246.0) | ec2-15-185-246-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
31 | [15.185.248.0](https://vuldb.com/?ip.15.185.248.0) | ec2-15-185-248-0.me-south-1.compute.amazonaws.com | - | Medium
|
||||
32 | [15.230.69.0](https://vuldb.com/?ip.15.230.69.0) | - | - | High
|
||||
33 | ... | ... | ... | ...
|
||||
|
||||
There are 82 more IOC items available. Please use our online service to access the data.
|
||||
There are 126 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -54,9 +66,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -66,73 +77,58 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/Admin/login.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/reports.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
12 | File | `/apilog.php` | Medium
|
||||
13 | File | `/cgi-bin/kerbynet` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
19 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
22 | File | `/fos/admin/index.php?page=menu` | High
|
||||
23 | File | `/hrm/employeeadd.php` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
25 | File | `/index.php` | Medium
|
||||
26 | File | `/Items/*/RemoteImages/Download` | High
|
||||
27 | File | `/items/view_item.php` | High
|
||||
28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
29 | File | `/lists/admin/` | High
|
||||
30 | File | `/lookin/info` | Medium
|
||||
31 | File | `/MagickCore/image.c` | High
|
||||
32 | File | `/manager/index.php` | High
|
||||
33 | File | `/medical/inventories.php` | High
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
35 | File | `/modules/projects/vw_files.php` | High
|
||||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/newsDia.php` | Medium
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/public/launchNewWindow.jsp` | High
|
||||
41 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
42 | File | `/reports/rwservlet` | High
|
||||
43 | File | `/sacco_shield/manage_user.php` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
46 | File | `/staff/bookdetails.php` | High
|
||||
47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
48 | File | `/user/update_booking.php` | High
|
||||
49 | File | `/WEB-INF/web.xml` | High
|
||||
50 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
51 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
52 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
53 | File | `01article.php` | High
|
||||
54 | File | `AbstractScheduleJob.java` | High
|
||||
55 | File | `actionphp/download.File.php` | High
|
||||
56 | File | `AdClass.php` | Medium
|
||||
57 | File | `adclick.php` | Medium
|
||||
58 | File | `addtocart.asp` | High
|
||||
59 | ... | ... | ...
|
||||
1 | File | `$GIT_DIR/objects` | High
|
||||
2 | File | `$HOME/.printers` | High
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/?page=user/manage` | High
|
||||
6 | File | `/admin/add-new.php` | High
|
||||
7 | File | `/admin/admin.php` | High
|
||||
8 | File | `/admin/doctors.php` | High
|
||||
9 | File | `/admin/edit-doc.php` | High
|
||||
10 | File | `/admin/index3.php` | High
|
||||
11 | File | `/admin/patient.php` | High
|
||||
12 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
13 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
14 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
15 | File | `/adms/classes/Users.php` | High
|
||||
16 | File | `/api/admin/system/store/order/list` | High
|
||||
17 | File | `/APR/signup.php` | High
|
||||
18 | File | `/backup.pl` | Medium
|
||||
19 | File | `/bin/httpd` | Medium
|
||||
20 | File | `/boat/login.php` | High
|
||||
21 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
22 | File | `/CPE` | Low
|
||||
23 | File | `/data/config.ftp.php` | High
|
||||
24 | File | `/ecshop/admin/template.php` | High
|
||||
25 | File | `/editor/index.php` | High
|
||||
26 | File | `/edoc/doctor/patient.php` | High
|
||||
27 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
28 | File | `/forum/PostPrivateMessage` | High
|
||||
29 | File | `/goform/SetSysTimeCfg` | High
|
||||
30 | File | `/home/cavesConsole` | High
|
||||
31 | File | `/home/kickPlayer` | High
|
||||
32 | File | `/home/masterConsole` | High
|
||||
33 | File | `/home/sendBroadcast` | High
|
||||
34 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
35 | File | `/oews/classes/Master.php?f=update_cart` | High
|
||||
36 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
||||
37 | File | `/param.file.tgz` | High
|
||||
38 | File | `/pet_shop/admin/orders/update_status.php` | High
|
||||
39 | File | `/php-opos/index.php` | High
|
||||
40 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
41 | File | `/setnetworksettings/IPAddress` | High
|
||||
42 | File | `/SetNetworkSettings/SubnetMask` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bh.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bh.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -91,8 +91,7 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `/var/log/nginx` | High
|
||||
24 | File | `/var/run/watchman.pid` | High
|
||||
25 | File | `/viewer/krpano.html` | High
|
||||
26 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
27 | ... | ... | ...
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -372,12 +372,11 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -385,71 +384,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.php.gif` | Medium
|
||||
3 | File | `/?admin/user.html` | High
|
||||
4 | File | `/Admin/add-student.php` | High
|
||||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/admin/submit-articles` | High
|
||||
7 | File | `/admin/subnets/ripe-query.php` | High
|
||||
8 | File | `/apilog.php` | Medium
|
||||
9 | File | `/bin/httpd` | Medium
|
||||
10 | File | `/bin/sh` | Low
|
||||
11 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
12 | File | `/connectors/index.php` | High
|
||||
13 | File | `/Default/Bd` | Medium
|
||||
14 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
16 | File | `/employeeview.php` | High
|
||||
17 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/forum/PostPrivateMessage` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/home/masterConsole` | High
|
||||
23 | File | `/home/sendBroadcast` | High
|
||||
24 | File | `/hrm/controller/employee.php` | High
|
||||
25 | File | `/hrm/employeeadd.php` | High
|
||||
26 | File | `/hrm/employeeview.php` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/items/view_item.php` | High
|
||||
29 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
30 | File | `/lookin/info` | Medium
|
||||
31 | File | `/manager/index.php` | High
|
||||
32 | File | `/medical/inventories.php` | High
|
||||
33 | File | `/modules/profile/index.php` | High
|
||||
34 | File | `/modules/projects/vw_files.php` | High
|
||||
35 | File | `/modules/public/calendar.php` | High
|
||||
36 | File | `/net/nfc/netlink.c` | High
|
||||
37 | File | `/newsDia.php` | Medium
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/php_action/editProductImage.php` | High
|
||||
40 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
41 | File | `/proxy` | Low
|
||||
42 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
43 | File | `/reports/rwservlet` | High
|
||||
44 | File | `/sacco_shield/manage_user.php` | High
|
||||
45 | File | `/services/Card/findUser` | High
|
||||
46 | File | `/spip.php` | Medium
|
||||
47 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
48 | File | `/staff/bookdetails.php` | High
|
||||
49 | File | `/uncpath/` | Medium
|
||||
50 | File | `/user/update_booking.php` | High
|
||||
51 | File | `/view-property.php` | High
|
||||
52 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
53 | File | `/wireless/security.asp` | High
|
||||
54 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
55 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
56 | File | `01article.php` | High
|
||||
57 | File | `AbstractScheduleJob.java` | High
|
||||
58 | File | `action.php` | Medium
|
||||
59 | File | `actionphp/download.File.php` | High
|
||||
60 | File | `adclick.php` | Medium
|
||||
61 | File | `addtocart.asp` | High
|
||||
62 | File | `admin.php` | Medium
|
||||
63 | ... | ... | ...
|
||||
1 | File | `/admin/` | Low
|
||||
2 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
3 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
4 | File | `/APR/signup.php` | High
|
||||
5 | File | `/bin/httpd` | Medium
|
||||
6 | File | `/bin/sh` | Low
|
||||
7 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/forum/PostPrivateMessage` | High
|
||||
10 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
11 | File | `/fos/admin/index.php?page=menu` | High
|
||||
12 | File | `/home/masterConsole` | High
|
||||
13 | File | `/home/sendBroadcast` | High
|
||||
14 | File | `/mims/login.php` | High
|
||||
15 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
16 | File | `/out.php` | Medium
|
||||
17 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
18 | File | `/php-opos/index.php` | High
|
||||
19 | File | `/php-scrm/login.php` | High
|
||||
20 | File | `/spip.php` | Medium
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/wireless/security.asp` | High
|
||||
23 | File | `01article.php` | High
|
||||
24 | File | `account-signup.php` | High
|
||||
25 | File | `account/signup.php` | High
|
||||
26 | File | `action.php` | Medium
|
||||
27 | File | `addentry.php` | Medium
|
||||
28 | File | `admin.php` | Medium
|
||||
29 | File | `admin/abc.php` | High
|
||||
30 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
31 | File | `admin/admin/adminsave.html` | High
|
||||
32 | File | `admin/admin_editor.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 552 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 278 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,37 +17,43 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
5 | [45.12.71.18](https://vuldb.com/?ip.45.12.71.18) | - | - | High
|
||||
6 | [45.62.191.112](https://vuldb.com/?ip.45.62.191.112) | - | - | High
|
||||
7 | [45.74.22.128](https://vuldb.com/?ip.45.74.22.128) | - | - | High
|
||||
8 | [57.91.16.0](https://vuldb.com/?ip.57.91.16.0) | - | - | High
|
||||
9 | [63.143.76.0](https://vuldb.com/?ip.63.143.76.0) | - | - | High
|
||||
10 | [63.170.68.0](https://vuldb.com/?ip.63.170.68.0) | - | - | High
|
||||
11 | [63.175.156.0](https://vuldb.com/?ip.63.175.156.0) | - | - | High
|
||||
12 | [64.119.192.0](https://vuldb.com/?ip.64.119.192.0) | - | - | High
|
||||
13 | [64.210.40.0](https://vuldb.com/?ip.64.210.40.0) | - | - | High
|
||||
14 | [65.48.128.0](https://vuldb.com/?ip.65.48.128.0) | - | - | High
|
||||
15 | [65.48.132.0](https://vuldb.com/?ip.65.48.132.0) | - | - | High
|
||||
16 | [65.48.144.0](https://vuldb.com/?ip.65.48.144.0) | - | - | High
|
||||
17 | [65.48.160.0](https://vuldb.com/?ip.65.48.160.0) | - | - | High
|
||||
18 | [65.48.168.0](https://vuldb.com/?ip.65.48.168.0) | - | - | High
|
||||
19 | [65.48.174.0](https://vuldb.com/?ip.65.48.174.0) | - | - | High
|
||||
20 | [65.48.176.0](https://vuldb.com/?ip.65.48.176.0) | - | - | High
|
||||
21 | [65.48.192.0](https://vuldb.com/?ip.65.48.192.0) | - | - | High
|
||||
22 | [65.48.200.0](https://vuldb.com/?ip.65.48.200.0) | - | - | High
|
||||
23 | [65.48.207.0](https://vuldb.com/?ip.65.48.207.0) | - | - | High
|
||||
24 | [65.48.208.0](https://vuldb.com/?ip.65.48.208.0) | - | - | High
|
||||
25 | [65.48.212.0](https://vuldb.com/?ip.65.48.212.0) | - | - | High
|
||||
26 | [65.48.214.0](https://vuldb.com/?ip.65.48.214.0) | - | - | High
|
||||
27 | [65.48.217.0](https://vuldb.com/?ip.65.48.217.0) | - | - | High
|
||||
28 | [65.48.221.0](https://vuldb.com/?ip.65.48.221.0) | - | - | High
|
||||
29 | [65.48.222.0](https://vuldb.com/?ip.65.48.222.0) | - | - | High
|
||||
30 | ... | ... | ... | ...
|
||||
8 | [57.74.122.0](https://vuldb.com/?ip.57.74.122.0) | - | - | High
|
||||
9 | [57.91.16.0](https://vuldb.com/?ip.57.91.16.0) | - | - | High
|
||||
10 | [63.143.76.0](https://vuldb.com/?ip.63.143.76.0) | - | - | High
|
||||
11 | [63.170.68.0](https://vuldb.com/?ip.63.170.68.0) | - | - | High
|
||||
12 | [63.175.156.0](https://vuldb.com/?ip.63.175.156.0) | - | - | High
|
||||
13 | [63.245.48.0](https://vuldb.com/?ip.63.245.48.0) | - | - | High
|
||||
14 | [64.119.192.0](https://vuldb.com/?ip.64.119.192.0) | - | - | High
|
||||
15 | [64.210.40.0](https://vuldb.com/?ip.64.210.40.0) | - | - | High
|
||||
16 | [65.48.128.0](https://vuldb.com/?ip.65.48.128.0) | - | - | High
|
||||
17 | [65.48.132.0](https://vuldb.com/?ip.65.48.132.0) | - | - | High
|
||||
18 | [65.48.144.0](https://vuldb.com/?ip.65.48.144.0) | - | - | High
|
||||
19 | [65.48.152.0](https://vuldb.com/?ip.65.48.152.0) | - | - | High
|
||||
20 | [65.48.155.0](https://vuldb.com/?ip.65.48.155.0) | - | - | High
|
||||
21 | [65.48.156.0](https://vuldb.com/?ip.65.48.156.0) | - | - | High
|
||||
22 | [65.48.160.0](https://vuldb.com/?ip.65.48.160.0) | - | - | High
|
||||
23 | [65.48.168.0](https://vuldb.com/?ip.65.48.168.0) | - | - | High
|
||||
24 | [65.48.174.0](https://vuldb.com/?ip.65.48.174.0) | - | - | High
|
||||
25 | [65.48.176.0](https://vuldb.com/?ip.65.48.176.0) | - | - | High
|
||||
26 | [65.48.192.0](https://vuldb.com/?ip.65.48.192.0) | - | - | High
|
||||
27 | [65.48.200.0](https://vuldb.com/?ip.65.48.200.0) | - | - | High
|
||||
28 | [65.48.207.0](https://vuldb.com/?ip.65.48.207.0) | - | - | High
|
||||
29 | [65.48.208.0](https://vuldb.com/?ip.65.48.208.0) | - | - | High
|
||||
30 | [65.48.212.0](https://vuldb.com/?ip.65.48.212.0) | - | - | High
|
||||
31 | [65.48.214.0](https://vuldb.com/?ip.65.48.214.0) | - | - | High
|
||||
32 | [65.48.217.0](https://vuldb.com/?ip.65.48.217.0) | - | - | High
|
||||
33 | [65.48.221.0](https://vuldb.com/?ip.65.48.221.0) | - | - | High
|
||||
34 | [65.48.222.0](https://vuldb.com/?ip.65.48.222.0) | - | - | High
|
||||
35 | ... | ... | ... | ...
|
||||
|
||||
There are 118 more IOC items available. Please use our online service to access the data.
|
||||
There are 136 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bb.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bb.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
17 | [58.215.145.95](https://vuldb.com/?ip.58.215.145.95) | - | - | High
|
||||
18 | ... | ... | ... | ...
|
||||
|
||||
There are 68 more IOC items available. Please use our online service to access the data.
|
||||
There are 69 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -129,6 +129,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/08/threat-roundup-0820-0827.html
|
||||
* https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
|
||||
* https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
|
||||
* https://blog.talosintelligence.com/threat-roundup-0127-0203/
|
||||
* https://blog.talosintelligence.com/threat-roundup-1202-1209/
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -75,7 +75,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -85,17 +85,17 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/api` | Low
|
||||
2 | File | `/api/sys_username_passwd.cmd` | High
|
||||
3 | File | `/include/makecvs.php` | High
|
||||
4 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||
5 | File | `/requests.php` | High
|
||||
6 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
7 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
8 | File | `add.php` | Low
|
||||
9 | File | `admin/admin.shtml` | High
|
||||
10 | File | `bpf-object-fuzzer.c` | High
|
||||
3 | File | `/forum/away.php` | High
|
||||
4 | File | `/include/makecvs.php` | High
|
||||
5 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||
6 | File | `/requests.php` | High
|
||||
7 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
8 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
9 | File | `add.php` | Low
|
||||
10 | File | `admin/admin.shtml` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 81 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 84 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -63,20 +63,20 @@ ID | Type | Indicator | Confidence
|
|||
18 | File | `/Hospital-Management-System-master/contact.php` | High
|
||||
19 | File | `/include/friends.inc.php` | High
|
||||
20 | File | `/index.php?module=configuration/application` | High
|
||||
21 | File | `/members/view_member.php` | High
|
||||
22 | File | `/services/view_service.php` | High
|
||||
23 | File | `/servlet/webacc` | High
|
||||
24 | File | `/sitemagic/upgrade.php` | High
|
||||
25 | File | `/userui/ticket_list.php` | High
|
||||
26 | File | `/usr/5bin/su` | Medium
|
||||
27 | File | `/wp-admin/options-general.php` | High
|
||||
28 | File | `/zm/index.php` | High
|
||||
29 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
|
||||
30 | File | `abook_database.php` | High
|
||||
31 | File | `accounts/inc/include.php` | High
|
||||
32 | File | `adaptive-images-script.php` | High
|
||||
33 | File | `additem.asp` | Medium
|
||||
34 | File | `addtocart.asp` | High
|
||||
21 | File | `/kruxton/receipt.php` | High
|
||||
22 | File | `/members/view_member.php` | High
|
||||
23 | File | `/services/view_service.php` | High
|
||||
24 | File | `/servlet/webacc` | High
|
||||
25 | File | `/sitemagic/upgrade.php` | High
|
||||
26 | File | `/userui/ticket_list.php` | High
|
||||
27 | File | `/usr/5bin/su` | Medium
|
||||
28 | File | `/wp-admin/options-general.php` | High
|
||||
29 | File | `/zm/index.php` | High
|
||||
30 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
|
||||
31 | File | `abook_database.php` | High
|
||||
32 | File | `accounts/inc/include.php` | High
|
||||
33 | File | `adaptive-images-script.php` | High
|
||||
34 | File | `additem.asp` | Medium
|
||||
35 | File | `adherents/subscription/info.php` | High
|
||||
36 | File | `admin.asp` | Medium
|
||||
37 | File | `admin.php` | Medium
|
||||
|
@ -99,23 +99,23 @@ ID | Type | Indicator | Confidence
|
|||
54 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
55 | File | `administrator/index.php` | High
|
||||
56 | File | `admin_login.asp` | High
|
||||
57 | File | `adv_search.asp` | High
|
||||
58 | File | `ajax_url.php` | Medium
|
||||
59 | File | `album_portal.php` | High
|
||||
60 | File | `al_initialize.php` | High
|
||||
61 | File | `anjel.index.php` | High
|
||||
62 | File | `annonces-p-f.php` | High
|
||||
63 | File | `announce.php` | Medium
|
||||
64 | File | `announcement.php` | High
|
||||
65 | File | `announcements.php` | High
|
||||
66 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
|
||||
67 | File | `application/config/config.php` | High
|
||||
68 | File | `application/controllers/basedata/inventory.php` | High
|
||||
69 | File | `apply.cgi` | Medium
|
||||
70 | File | `apps/app_article/controller/rating.php` | High
|
||||
71 | File | `article.php` | Medium
|
||||
72 | File | `articles.php` | Medium
|
||||
73 | File | `artikel_anzeige.php` | High
|
||||
57 | File | `ajax_url.php` | Medium
|
||||
58 | File | `album_portal.php` | High
|
||||
59 | File | `al_initialize.php` | High
|
||||
60 | File | `anjel.index.php` | High
|
||||
61 | File | `annonces-p-f.php` | High
|
||||
62 | File | `announce.php` | Medium
|
||||
63 | File | `announcement.php` | High
|
||||
64 | File | `announcements.php` | High
|
||||
65 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
|
||||
66 | File | `application/config/config.php` | High
|
||||
67 | File | `application/controllers/basedata/inventory.php` | High
|
||||
68 | File | `apply.cgi` | Medium
|
||||
69 | File | `apps/app_article/controller/rating.php` | High
|
||||
70 | File | `article.php` | Medium
|
||||
71 | File | `articles.php` | Medium
|
||||
72 | File | `artikel_anzeige.php` | High
|
||||
73 | File | `AudioFlinger.cpp` | High
|
||||
74 | File | `auktion.cgi` | Medium
|
||||
75 | File | `auth.php` | Medium
|
||||
76 | File | `authfiles/login.asp` | High
|
||||
|
@ -137,8 +137,7 @@ ID | Type | Indicator | Confidence
|
|||
92 | File | `category.cfm` | Medium
|
||||
93 | File | `category.php` | Medium
|
||||
94 | File | `category_list.php` | High
|
||||
95 | File | `cgi-bin/awstats.pl` | High
|
||||
96 | ... | ... | ...
|
||||
95 | ... | ... | ...
|
||||
|
||||
There are 844 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -20,48 +20,58 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [5.62.60.28](https://vuldb.com/?ip.5.62.60.28) | r-28-60-62-5.consumer-pool.prcdn.net | - | High
|
||||
2 | [5.62.62.28](https://vuldb.com/?ip.5.62.62.28) | r-28-62-62-5.consumer-pool.prcdn.net | - | High
|
||||
3 | [5.100.192.0](https://vuldb.com/?ip.5.100.192.0) | - | - | High
|
||||
4 | [31.24.88.0](https://vuldb.com/?ip.31.24.88.0) | - | - | High
|
||||
5 | [31.130.200.0](https://vuldb.com/?ip.31.130.200.0) | - | - | High
|
||||
6 | [31.148.198.0](https://vuldb.com/?ip.31.148.198.0) | - | - | High
|
||||
7 | [31.148.248.0](https://vuldb.com/?ip.31.148.248.0) | - | - | High
|
||||
8 | [34.99.32.0](https://vuldb.com/?ip.34.99.32.0) | 0.32.99.34.bc.googleusercontent.com | - | Medium
|
||||
9 | [34.103.32.0](https://vuldb.com/?ip.34.103.32.0) | 0.32.103.34.bc.googleusercontent.com | - | Medium
|
||||
10 | [37.17.0.0](https://vuldb.com/?ip.37.17.0.0) | - | - | High
|
||||
11 | [37.44.64.0](https://vuldb.com/?ip.37.44.64.0) | mm-0-64-44-37.mf.dynamic.pppoe.byfly.by | - | High
|
||||
12 | [37.45.0.0](https://vuldb.com/?ip.37.45.0.0) | mm-0-0-45-37.brest.dynamic.pppoe.byfly.by | - | High
|
||||
13 | [37.212.0.0](https://vuldb.com/?ip.37.212.0.0) | mm-0-0-212-37.vitebsk.dynamic.pppoe.byfly.by | - | High
|
||||
14 | [45.12.70.36](https://vuldb.com/?ip.45.12.70.36) | anagogical.get-eye.com | - | High
|
||||
15 | [45.12.71.36](https://vuldb.com/?ip.45.12.71.36) | - | - | High
|
||||
16 | [45.74.27.128](https://vuldb.com/?ip.45.74.27.128) | - | - | High
|
||||
17 | [45.89.231.0](https://vuldb.com/?ip.45.89.231.0) | - | - | High
|
||||
18 | [45.129.171.0](https://vuldb.com/?ip.45.129.171.0) | - | - | High
|
||||
19 | [45.132.194.0](https://vuldb.com/?ip.45.132.194.0) | - | - | High
|
||||
20 | [45.136.68.0](https://vuldb.com/?ip.45.136.68.0) | - | - | High
|
||||
21 | [45.138.159.0](https://vuldb.com/?ip.45.138.159.0) | - | - | High
|
||||
22 | [45.139.29.0](https://vuldb.com/?ip.45.139.29.0) | - | - | High
|
||||
23 | [45.145.160.0](https://vuldb.com/?ip.45.145.160.0) | - | - | High
|
||||
24 | [45.152.213.0](https://vuldb.com/?ip.45.152.213.0) | - | - | High
|
||||
25 | [45.153.53.0](https://vuldb.com/?ip.45.153.53.0) | - | - | High
|
||||
26 | [45.155.60.0](https://vuldb.com/?ip.45.155.60.0) | - | - | High
|
||||
27 | [46.28.96.0](https://vuldb.com/?ip.46.28.96.0) | - | - | High
|
||||
28 | [46.36.202.26](https://vuldb.com/?ip.46.36.202.26) | - | - | High
|
||||
29 | [46.53.128.0](https://vuldb.com/?ip.46.53.128.0) | - | - | High
|
||||
30 | [46.56.0.0](https://vuldb.com/?ip.46.56.0.0) | - | - | High
|
||||
31 | [46.175.168.0](https://vuldb.com/?ip.46.175.168.0) | - | - | High
|
||||
32 | [46.182.48.0](https://vuldb.com/?ip.46.182.48.0) | leased-line-46-182-48-0.telecom.by | - | High
|
||||
33 | [46.191.0.0](https://vuldb.com/?ip.46.191.0.0) | - | - | High
|
||||
34 | [46.216.0.0](https://vuldb.com/?ip.46.216.0.0) | - | - | High
|
||||
35 | [46.243.183.0](https://vuldb.com/?ip.46.243.183.0) | - | - | High
|
||||
36 | [62.187.241.0](https://vuldb.com/?ip.62.187.241.0) | - | - | High
|
||||
37 | [77.67.128.0](https://vuldb.com/?ip.77.67.128.0) | - | - | High
|
||||
38 | [77.74.32.0](https://vuldb.com/?ip.77.74.32.0) | - | - | High
|
||||
39 | [79.98.48.0](https://vuldb.com/?ip.79.98.48.0) | - | - | High
|
||||
40 | [79.110.20.0](https://vuldb.com/?ip.79.110.20.0) | - | - | High
|
||||
41 | [79.170.104.0](https://vuldb.com/?ip.79.170.104.0) | - | - | High
|
||||
42 | [80.66.84.0](https://vuldb.com/?ip.80.66.84.0) | - | - | High
|
||||
43 | ... | ... | ... | ...
|
||||
4 | [5.188.7.0](https://vuldb.com/?ip.5.188.7.0) | - | - | High
|
||||
5 | [31.24.88.0](https://vuldb.com/?ip.31.24.88.0) | - | - | High
|
||||
6 | [31.130.200.0](https://vuldb.com/?ip.31.130.200.0) | - | - | High
|
||||
7 | [31.148.198.0](https://vuldb.com/?ip.31.148.198.0) | - | - | High
|
||||
8 | [31.148.248.0](https://vuldb.com/?ip.31.148.248.0) | - | - | High
|
||||
9 | [31.148.250.0](https://vuldb.com/?ip.31.148.250.0) | - | - | High
|
||||
10 | [31.222.240.0](https://vuldb.com/?ip.31.222.240.0) | - | - | High
|
||||
11 | [34.99.32.0](https://vuldb.com/?ip.34.99.32.0) | 0.32.99.34.bc.googleusercontent.com | - | Medium
|
||||
12 | [34.103.32.0](https://vuldb.com/?ip.34.103.32.0) | 0.32.103.34.bc.googleusercontent.com | - | Medium
|
||||
13 | [37.9.66.0](https://vuldb.com/?ip.37.9.66.0) | - | - | High
|
||||
14 | [37.17.0.0](https://vuldb.com/?ip.37.17.0.0) | - | - | High
|
||||
15 | [37.44.64.0](https://vuldb.com/?ip.37.44.64.0) | mm-0-64-44-37.mf.dynamic.pppoe.byfly.by | - | High
|
||||
16 | [37.45.0.0](https://vuldb.com/?ip.37.45.0.0) | mm-0-0-45-37.brest.dynamic.pppoe.byfly.by | - | High
|
||||
17 | [37.212.0.0](https://vuldb.com/?ip.37.212.0.0) | mm-0-0-212-37.vitebsk.dynamic.pppoe.byfly.by | - | High
|
||||
18 | [45.12.70.36](https://vuldb.com/?ip.45.12.70.36) | anagogical.get-eye.com | - | High
|
||||
19 | [45.12.71.36](https://vuldb.com/?ip.45.12.71.36) | - | - | High
|
||||
20 | [45.74.27.128](https://vuldb.com/?ip.45.74.27.128) | - | - | High
|
||||
21 | [45.89.231.0](https://vuldb.com/?ip.45.89.231.0) | - | - | High
|
||||
22 | [45.128.205.0](https://vuldb.com/?ip.45.128.205.0) | - | - | High
|
||||
23 | [45.129.171.0](https://vuldb.com/?ip.45.129.171.0) | - | - | High
|
||||
24 | [45.132.194.0](https://vuldb.com/?ip.45.132.194.0) | - | - | High
|
||||
25 | [45.135.234.0](https://vuldb.com/?ip.45.135.234.0) | 45.135.234.0.static.hostfly.by | - | High
|
||||
26 | [45.136.68.0](https://vuldb.com/?ip.45.136.68.0) | - | - | High
|
||||
27 | [45.138.159.0](https://vuldb.com/?ip.45.138.159.0) | - | - | High
|
||||
28 | [45.139.29.0](https://vuldb.com/?ip.45.139.29.0) | - | - | High
|
||||
29 | [45.145.160.0](https://vuldb.com/?ip.45.145.160.0) | - | - | High
|
||||
30 | [45.152.213.0](https://vuldb.com/?ip.45.152.213.0) | - | - | High
|
||||
31 | [45.153.53.0](https://vuldb.com/?ip.45.153.53.0) | - | - | High
|
||||
32 | [45.155.60.0](https://vuldb.com/?ip.45.155.60.0) | - | - | High
|
||||
33 | [46.28.96.0](https://vuldb.com/?ip.46.28.96.0) | - | - | High
|
||||
34 | [46.36.202.26](https://vuldb.com/?ip.46.36.202.26) | - | - | High
|
||||
35 | [46.53.128.0](https://vuldb.com/?ip.46.53.128.0) | - | - | High
|
||||
36 | [46.56.0.0](https://vuldb.com/?ip.46.56.0.0) | - | - | High
|
||||
37 | [46.175.168.0](https://vuldb.com/?ip.46.175.168.0) | - | - | High
|
||||
38 | [46.182.48.0](https://vuldb.com/?ip.46.182.48.0) | leased-line-46-182-48-0.telecom.by | - | High
|
||||
39 | [46.191.0.0](https://vuldb.com/?ip.46.191.0.0) | - | - | High
|
||||
40 | [46.216.0.0](https://vuldb.com/?ip.46.216.0.0) | - | - | High
|
||||
41 | [46.243.183.0](https://vuldb.com/?ip.46.243.183.0) | - | - | High
|
||||
42 | [46.243.186.0](https://vuldb.com/?ip.46.243.186.0) | - | - | High
|
||||
43 | [57.86.172.0](https://vuldb.com/?ip.57.86.172.0) | - | - | High
|
||||
44 | [57.87.208.0](https://vuldb.com/?ip.57.87.208.0) | - | - | High
|
||||
45 | [62.32.47.0](https://vuldb.com/?ip.62.32.47.0) | - | - | High
|
||||
46 | [62.187.241.0](https://vuldb.com/?ip.62.187.241.0) | - | - | High
|
||||
47 | [77.67.128.0](https://vuldb.com/?ip.77.67.128.0) | - | - | High
|
||||
48 | [77.74.32.0](https://vuldb.com/?ip.77.74.32.0) | - | - | High
|
||||
49 | [77.88.24.0](https://vuldb.com/?ip.77.88.24.0) | - | - | High
|
||||
50 | [77.94.44.0](https://vuldb.com/?ip.77.94.44.0) | - | - | High
|
||||
51 | [77.94.56.0](https://vuldb.com/?ip.77.94.56.0) | - | - | High
|
||||
52 | [78.41.109.0](https://vuldb.com/?ip.78.41.109.0) | - | - | High
|
||||
53 | ... | ... | ... | ...
|
||||
|
||||
There are 169 more IOC items available. Please use our online service to access the data.
|
||||
There are 208 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -94,6 +104,7 @@ There are 3 more IOA items available (file, library, argument, input value, patt
|
|||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_by.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_by.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [DK](https://vuldb.com/?country.dk)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -1145,14 +1145,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-35 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -1160,53 +1159,54 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$HOME/.printers` | High
|
||||
2 | File | `/appliance/users?action=edit` | High
|
||||
3 | File | `/CPE` | Low
|
||||
4 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
5 | File | `/forum/away.php` | High
|
||||
6 | File | `/forum/PostPrivateMessage` | High
|
||||
7 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
8 | File | `/fos/admin/index.php?page=menu` | High
|
||||
9 | File | `/home/cavesConsole` | High
|
||||
10 | File | `/home/kickPlayer` | High
|
||||
11 | File | `/home/masterConsole` | High
|
||||
12 | File | `/home/sendBroadcast` | High
|
||||
13 | File | `/login/index.php` | High
|
||||
14 | File | `/oews/classes/Master.php?f=update_cart` | High
|
||||
15 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
||||
16 | File | `/out.php` | Medium
|
||||
17 | File | `/param.file.tgz` | High
|
||||
18 | File | `/ptippage.cgi` | High
|
||||
19 | File | `/ptipupgrade.cgi` | High
|
||||
20 | File | `/public_html/users.php` | High
|
||||
21 | File | `/royal_event/userregister.php` | High
|
||||
22 | File | `/setnetworksettings/IPAddress` | High
|
||||
23 | File | `/SetNetworkSettings/SubnetMask` | High
|
||||
24 | File | `/u/username.json` | High
|
||||
25 | File | `/user/s.php` | Medium
|
||||
26 | File | `/user/updatePwd` | High
|
||||
27 | File | `/wireless/basic.asp` | High
|
||||
28 | File | `/wireless/guestnetwork.asp` | High
|
||||
29 | File | `/wireless/security.asp` | High
|
||||
30 | File | `01article.php` | High
|
||||
31 | File | `adclick.php` | Medium
|
||||
32 | File | `add-locker-form.php` | High
|
||||
33 | File | `admin/abc.php` | High
|
||||
34 | File | `admin/add_payment.php` | High
|
||||
35 | File | `admin/admin/adminsave.html` | High
|
||||
36 | File | `admin/approve_user.php` | High
|
||||
37 | File | `admin/booking_report.php` | High
|
||||
38 | File | `admin/conf_users_edit.php` | High
|
||||
39 | File | `admin/disapprove_user.php` | High
|
||||
40 | File | `admin/expense_report.php` | High
|
||||
41 | File | `admin/forget_password.php` | High
|
||||
42 | File | `admin/index.php` | High
|
||||
43 | File | `admin/make_payments.php` | High
|
||||
44 | File | `admin/manage_user.php` | High
|
||||
45 | ... | ... | ...
|
||||
1 | File | `$GIT_DIR/objects` | High
|
||||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/?page=user/manage` | High
|
||||
6 | File | `/admin/add-new.php` | High
|
||||
7 | File | `/admin/admin.php` | High
|
||||
8 | File | `/admin/content/index` | High
|
||||
9 | File | `/admin/doctors.php` | High
|
||||
10 | File | `/admin/edit-doc.php` | High
|
||||
11 | File | `/admin/index3.php` | High
|
||||
12 | File | `/admin/login.php` | High
|
||||
13 | File | `/admin/patient.php` | High
|
||||
14 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
15 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
16 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
17 | File | `/adms/classes/Users.php` | High
|
||||
18 | File | `/alphaware/summary.php` | High
|
||||
19 | File | `/api/admin/system/store/order/list` | High
|
||||
20 | File | `/APR/login.php` | High
|
||||
21 | File | `/APR/signup.php` | High
|
||||
22 | File | `/backup.pl` | Medium
|
||||
23 | File | `/bin/httpd` | Medium
|
||||
24 | File | `/boat/login.php` | High
|
||||
25 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
26 | File | `/cgi-bin/mft/wireless_mft` | High
|
||||
27 | File | `/data/config.ftp.php` | High
|
||||
28 | File | `/ecshop/admin/template.php` | High
|
||||
29 | File | `/editor/index.php` | High
|
||||
30 | File | `/edoc/doctor/patient.php` | High
|
||||
31 | File | `/file_manager/login.php` | High
|
||||
32 | File | `/forum/away.php` | High
|
||||
33 | File | `/goform/SetSysTimeCfg` | High
|
||||
34 | File | `/Moosikay/order.php` | High
|
||||
35 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
36 | File | `/oews/classes/Master.php?f=update_cart` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/param.file.tgz` | High
|
||||
39 | File | `/pet_shop/admin/orders/update_status.php` | High
|
||||
40 | File | `/philosophy/admin/login.php` | High
|
||||
41 | File | `/philosophy/admin/user/controller.php?action=add` | High
|
||||
42 | File | `/php-opos/index.php` | High
|
||||
43 | File | `/php-scrm/login.php` | High
|
||||
44 | File | `/plugins/playbooks/api/v0/playbooks/[playbookID` | High
|
||||
45 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 391 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 396 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -30,34 +30,40 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
7 | [45.12.71.37](https://vuldb.com/?ip.45.12.71.37) | - | - | High
|
||||
8 | [45.70.228.0](https://vuldb.com/?ip.45.70.228.0) | - | - | High
|
||||
9 | [45.70.240.0](https://vuldb.com/?ip.45.70.240.0) | - | - | High
|
||||
10 | [45.147.56.0](https://vuldb.com/?ip.45.147.56.0) | - | - | High
|
||||
11 | [45.180.120.0](https://vuldb.com/?ip.45.180.120.0) | - | - | High
|
||||
12 | [45.225.42.0](https://vuldb.com/?ip.45.225.42.0) | - | - | High
|
||||
13 | [45.228.156.0](https://vuldb.com/?ip.45.228.156.0) | - | - | High
|
||||
14 | [45.231.206.0](https://vuldb.com/?ip.45.231.206.0) | undefined.hostname.localhost | - | High
|
||||
15 | [45.234.88.0](https://vuldb.com/?ip.45.234.88.0) | - | - | High
|
||||
16 | [45.236.140.0](https://vuldb.com/?ip.45.236.140.0) | - | - | High
|
||||
17 | [50.30.36.26](https://vuldb.com/?ip.50.30.36.26) | static-ip-50-30-36-26.inaddr.ip-pool.com | - | High
|
||||
18 | [50.30.36.28](https://vuldb.com/?ip.50.30.36.28) | static-ip-50-30-36-28.inaddr.ip-pool.com | - | High
|
||||
19 | [57.75.144.0](https://vuldb.com/?ip.57.75.144.0) | - | - | High
|
||||
20 | [62.77.131.0](https://vuldb.com/?ip.62.77.131.0) | - | - | High
|
||||
21 | [66.96.125.192](https://vuldb.com/?ip.66.96.125.192) | - | - | High
|
||||
22 | [69.64.42.107](https://vuldb.com/?ip.69.64.42.107) | static-ip-69-64-42-107.inaddr.ip-pool.com | - | High
|
||||
23 | [69.64.42.119](https://vuldb.com/?ip.69.64.42.119) | static-ip-69-64-42-119.inaddr.ip-pool.com | - | High
|
||||
24 | [69.64.48.248](https://vuldb.com/?ip.69.64.48.248) | totalcputime.teslae.net | - | High
|
||||
25 | [69.64.53.173](https://vuldb.com/?ip.69.64.53.173) | static-ip-69-64-53-173.inaddr.ip-pool.com | - | High
|
||||
26 | [69.64.55.30](https://vuldb.com/?ip.69.64.55.30) | static-ip-69-64-55-30.inaddr.ip-pool.com | - | High
|
||||
27 | [77.81.120.0](https://vuldb.com/?ip.77.81.120.0) | - | - | High
|
||||
28 | [80.87.204.0](https://vuldb.com/?ip.80.87.204.0) | bill.artplanet.ru | - | High
|
||||
29 | [80.87.207.0](https://vuldb.com/?ip.80.87.207.0) | subnet.artplanet.su | - | High
|
||||
30 | [91.226.97.0](https://vuldb.com/?ip.91.226.97.0) | - | - | High
|
||||
31 | [94.247.84.0](https://vuldb.com/?ip.94.247.84.0) | - | - | High
|
||||
32 | [96.44.188.0](https://vuldb.com/?ip.96.44.188.0) | unassigned.quadranet.com | - | High
|
||||
33 | [103.68.108.0](https://vuldb.com/?ip.103.68.108.0) | - | - | High
|
||||
34 | [103.230.140.0](https://vuldb.com/?ip.103.230.140.0) | - | - | High
|
||||
35 | ... | ... | ... | ...
|
||||
10 | [45.131.4.0](https://vuldb.com/?ip.45.131.4.0) | - | - | High
|
||||
11 | [45.131.208.0](https://vuldb.com/?ip.45.131.208.0) | - | - | High
|
||||
12 | [45.147.56.0](https://vuldb.com/?ip.45.147.56.0) | - | - | High
|
||||
13 | [45.180.120.0](https://vuldb.com/?ip.45.180.120.0) | - | - | High
|
||||
14 | [45.225.42.0](https://vuldb.com/?ip.45.225.42.0) | - | - | High
|
||||
15 | [45.227.254.0](https://vuldb.com/?ip.45.227.254.0) | - | - | High
|
||||
16 | [45.228.156.0](https://vuldb.com/?ip.45.228.156.0) | - | - | High
|
||||
17 | [45.231.206.0](https://vuldb.com/?ip.45.231.206.0) | undefined.hostname.localhost | - | High
|
||||
18 | [45.234.88.0](https://vuldb.com/?ip.45.234.88.0) | - | - | High
|
||||
19 | [45.236.140.0](https://vuldb.com/?ip.45.236.140.0) | - | - | High
|
||||
20 | [50.30.36.26](https://vuldb.com/?ip.50.30.36.26) | static-ip-50-30-36-26.inaddr.ip-pool.com | - | High
|
||||
21 | [50.30.36.28](https://vuldb.com/?ip.50.30.36.28) | static-ip-50-30-36-28.inaddr.ip-pool.com | - | High
|
||||
22 | [57.74.88.0](https://vuldb.com/?ip.57.74.88.0) | - | - | High
|
||||
23 | [57.75.144.0](https://vuldb.com/?ip.57.75.144.0) | - | - | High
|
||||
24 | [62.77.131.0](https://vuldb.com/?ip.62.77.131.0) | - | - | High
|
||||
25 | [64.34.230.0](https://vuldb.com/?ip.64.34.230.0) | - | - | High
|
||||
26 | [66.96.125.192](https://vuldb.com/?ip.66.96.125.192) | - | - | High
|
||||
27 | [66.212.236.0](https://vuldb.com/?ip.66.212.236.0) | - | - | High
|
||||
28 | [66.212.246.0](https://vuldb.com/?ip.66.212.246.0) | - | - | High
|
||||
29 | [69.64.42.107](https://vuldb.com/?ip.69.64.42.107) | static-ip-69-64-42-107.inaddr.ip-pool.com | - | High
|
||||
30 | [69.64.42.119](https://vuldb.com/?ip.69.64.42.119) | static-ip-69-64-42-119.inaddr.ip-pool.com | - | High
|
||||
31 | [69.64.48.248](https://vuldb.com/?ip.69.64.48.248) | totalcputime.teslae.net | - | High
|
||||
32 | [69.64.53.173](https://vuldb.com/?ip.69.64.53.173) | static-ip-69-64-53-173.inaddr.ip-pool.com | - | High
|
||||
33 | [69.64.55.30](https://vuldb.com/?ip.69.64.55.30) | static-ip-69-64-55-30.inaddr.ip-pool.com | - | High
|
||||
34 | [77.81.120.0](https://vuldb.com/?ip.77.81.120.0) | - | - | High
|
||||
35 | [78.108.187.0](https://vuldb.com/?ip.78.108.187.0) | - | - | High
|
||||
36 | [80.67.32.0](https://vuldb.com/?ip.80.67.32.0) | - | - | High
|
||||
37 | [80.87.204.0](https://vuldb.com/?ip.80.87.204.0) | bill.artplanet.ru | - | High
|
||||
38 | [80.87.207.0](https://vuldb.com/?ip.80.87.207.0) | subnet.artplanet.su | - | High
|
||||
39 | [82.118.242.0](https://vuldb.com/?ip.82.118.242.0) | - | - | High
|
||||
40 | [85.202.80.0](https://vuldb.com/?ip.85.202.80.0) | - | - | High
|
||||
41 | ... | ... | ... | ...
|
||||
|
||||
There are 137 more IOC items available. Please use our online service to access the data.
|
||||
There are 162 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -81,73 +87,75 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/Admin/login.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/reports.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
12 | File | `/apilog.php` | Medium
|
||||
13 | File | `/cgi-bin/kerbynet` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
18 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/conferences/list/` | High
|
||||
5 | File | `/Admin/login.php` | High
|
||||
6 | File | `/admin/showbad.php` | High
|
||||
7 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
8 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
9 | File | `/apilog.php` | Medium
|
||||
10 | File | `/APR/login.php` | High
|
||||
11 | File | `/bin/httpd` | Medium
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/connectors/index.php` | High
|
||||
14 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
16 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
19 | File | `/fos/admin/index.php?page=menu` | High
|
||||
20 | File | `/home/masterConsole` | High
|
||||
21 | File | `/home/sendBroadcast` | High
|
||||
22 | File | `/hrm/employeeadd.php` | High
|
||||
23 | File | `/hrm/employeeview.php` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/items/view_item.php` | High
|
||||
27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
28 | File | `/lists/admin/` | High
|
||||
29 | File | `/lookin/info` | Medium
|
||||
30 | File | `/MagickCore/image.c` | High
|
||||
31 | File | `/manager/index.php` | High
|
||||
32 | File | `/medical/inventories.php` | High
|
||||
33 | File | `/modules/profile/index.php` | High
|
||||
34 | File | `/modules/projects/vw_files.php` | High
|
||||
35 | File | `/modules/public/calendar.php` | High
|
||||
36 | File | `/newsDia.php` | Medium
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/public/launchNewWindow.jsp` | High
|
||||
40 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
41 | File | `/reports/rwservlet` | High
|
||||
42 | File | `/sacco_shield/manage_user.php` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
45 | File | `/staff/bookdetails.php` | High
|
||||
46 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
47 | File | `/user/update_booking.php` | High
|
||||
48 | File | `/var/log/nginx` | High
|
||||
49 | File | `/WEB-INF/web.xml` | High
|
||||
50 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
25 | File | `/items/view_item.php` | High
|
||||
26 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
27 | File | `/lookin/info` | Medium
|
||||
28 | File | `/manager/index.php` | High
|
||||
29 | File | `/medical/inventories.php` | High
|
||||
30 | File | `/modules/profile/index.php` | High
|
||||
31 | File | `/modules/projects/vw_files.php` | High
|
||||
32 | File | `/modules/public/calendar.php` | High
|
||||
33 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
34 | File | `/newsDia.php` | Medium
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/php-opos/index.php` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
40 | File | `/reports/rwservlet` | High
|
||||
41 | File | `/sacco_shield/manage_user.php` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
44 | File | `/staff/bookdetails.php` | High
|
||||
45 | File | `/uncpath/` | Medium
|
||||
46 | File | `/user/update_booking.php` | High
|
||||
47 | File | `/var/log/nginx` | High
|
||||
48 | File | `/WEB-INF/web.xml` | High
|
||||
49 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
50 | File | `/wireless/security.asp` | High
|
||||
51 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
52 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
53 | File | `01article.php` | High
|
||||
54 | File | `AbstractScheduleJob.java` | High
|
||||
55 | File | `actionphp/download.File.php` | High
|
||||
56 | File | `AdClass.php` | Medium
|
||||
57 | File | `adclick.php` | Medium
|
||||
58 | File | `addtocart.asp` | High
|
||||
59 | File | `admin.php` | Medium
|
||||
60 | ... | ... | ...
|
||||
56 | File | `adclick.php` | Medium
|
||||
57 | File | `addtocart.asp` | High
|
||||
58 | File | `admin.php` | Medium
|
||||
59 | File | `admin/abc.php` | High
|
||||
60 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 523 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 534 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bz.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bz.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -30,9 +30,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
7 | [41.86.224.0](https://vuldb.com/?ip.41.86.224.0) | - | - | High
|
||||
8 | [41.138.88.0](https://vuldb.com/?ip.41.138.88.0) | - | - | High
|
||||
9 | [41.190.64.0](https://vuldb.com/?ip.41.190.64.0) | - | - | High
|
||||
10 | ... | ... | ... | ...
|
||||
10 | [41.191.84.0](https://vuldb.com/?ip.41.191.84.0) | - | - | High
|
||||
11 | ... | ... | ... | ...
|
||||
|
||||
There are 34 more IOC items available. Please use our online service to access the data.
|
||||
There are 41 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -89,13 +90,14 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `application/home/controller/debug.php` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 295 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bj.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bj.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -25,19 +25,22 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
2 | [5.62.58.36](https://vuldb.com/?ip.5.62.58.36) | r-36-58-62-5.consumer-pool.prcdn.net | - | High
|
||||
3 | [45.12.70.27](https://vuldb.com/?ip.45.12.70.27) | specious.get-eye.com | - | High
|
||||
4 | [45.12.71.27](https://vuldb.com/?ip.45.12.71.27) | - | - | High
|
||||
5 | [45.74.26.0](https://vuldb.com/?ip.45.74.26.0) | - | - | High
|
||||
6 | [64.37.32.0](https://vuldb.com/?ip.64.37.32.0) | - | - | High
|
||||
7 | [64.147.80.0](https://vuldb.com/?ip.64.147.80.0) | 64.147.80.0.transact.bm | - | High
|
||||
8 | [65.171.98.0](https://vuldb.com/?ip.65.171.98.0) | - | - | High
|
||||
9 | [66.55.112.0](https://vuldb.com/?ip.66.55.112.0) | - | - | High
|
||||
10 | [66.97.172.0](https://vuldb.com/?ip.66.97.172.0) | - | - | High
|
||||
11 | [66.110.73.68](https://vuldb.com/?ip.66.110.73.68) | - | - | High
|
||||
12 | [66.110.73.96](https://vuldb.com/?ip.66.110.73.96) | - | - | High
|
||||
13 | [69.17.192.0](https://vuldb.com/?ip.69.17.192.0) | - | - | High
|
||||
14 | [74.114.240.0](https://vuldb.com/?ip.74.114.240.0) | - | - | High
|
||||
15 | ... | ... | ... | ...
|
||||
5 | [45.42.144.0](https://vuldb.com/?ip.45.42.144.0) | - | - | High
|
||||
6 | [45.74.26.0](https://vuldb.com/?ip.45.74.26.0) | - | - | High
|
||||
7 | [63.85.42.0](https://vuldb.com/?ip.63.85.42.0) | - | - | High
|
||||
8 | [64.37.32.0](https://vuldb.com/?ip.64.37.32.0) | - | - | High
|
||||
9 | [64.147.80.0](https://vuldb.com/?ip.64.147.80.0) | 64.147.80.0.transact.bm | - | High
|
||||
10 | [65.171.98.0](https://vuldb.com/?ip.65.171.98.0) | - | - | High
|
||||
11 | [66.55.112.0](https://vuldb.com/?ip.66.55.112.0) | - | - | High
|
||||
12 | [66.97.172.0](https://vuldb.com/?ip.66.97.172.0) | - | - | High
|
||||
13 | [66.110.73.68](https://vuldb.com/?ip.66.110.73.68) | - | - | High
|
||||
14 | [66.110.73.96](https://vuldb.com/?ip.66.110.73.96) | - | - | High
|
||||
15 | [69.17.192.0](https://vuldb.com/?ip.69.17.192.0) | - | - | High
|
||||
16 | [74.114.240.0](https://vuldb.com/?ip.74.114.240.0) | - | - | High
|
||||
17 | [76.8.32.0](https://vuldb.com/?ip.76.8.32.0) | - | - | High
|
||||
18 | ... | ... | ... | ...
|
||||
|
||||
There are 56 more IOC items available. Please use our online service to access the data.
|
||||
There are 66 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -121,6 +124,7 @@ There are 471 more IOA items available (file, library, argument, input value, pa
|
|||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bm.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bm.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -98,7 +98,7 @@ ID | Type | Indicator | Confidence
|
|||
42 | File | `ajax/render/widget_php` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 370 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 372 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -80,29 +80,30 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
21 | File | `/Core/Ap4Utils.h` | High
|
||||
22 | File | `/ctpms/classes/Master.php?f=delete_application` | High
|
||||
23 | File | `/etc/passwd` | Medium
|
||||
24 | File | `/front/roomtype-details.php` | High
|
||||
25 | File | `/goform/aspForm` | High
|
||||
26 | File | `/hdf5/src/H5T.c` | High
|
||||
27 | File | `/homeaction.php` | High
|
||||
28 | File | `/horde/imp/search.php` | High
|
||||
29 | File | `/index.php` | Medium
|
||||
30 | File | `/installer/upgrade_start` | High
|
||||
31 | File | `/Items/*/RemoteImages/Download` | High
|
||||
32 | File | `/items/view_item.php` | High
|
||||
33 | File | `/lan.asp` | Medium
|
||||
34 | File | `/librarian/bookdetails.php` | High
|
||||
35 | File | `/lists/admin/` | High
|
||||
36 | File | `/login/index.php` | High
|
||||
37 | File | `/mail/index.html` | High
|
||||
38 | File | `/navigate/navigate_download.php` | High
|
||||
39 | File | `/public/plugins/` | High
|
||||
40 | File | `/rapi/read_url` | High
|
||||
41 | File | `/reps/admin/?page=agents/manage_agent` | High
|
||||
42 | File | `/rest/api/1.0/render` | High
|
||||
43 | ... | ... | ...
|
||||
23 | File | `/front/roomtype-details.php` | High
|
||||
24 | File | `/goform/aspForm` | High
|
||||
25 | File | `/hdf5/src/H5T.c` | High
|
||||
26 | File | `/homeaction.php` | High
|
||||
27 | File | `/horde/imp/search.php` | High
|
||||
28 | File | `/index.php` | Medium
|
||||
29 | File | `/installer/upgrade_start` | High
|
||||
30 | File | `/Items/*/RemoteImages/Download` | High
|
||||
31 | File | `/items/view_item.php` | High
|
||||
32 | File | `/lan.asp` | Medium
|
||||
33 | File | `/librarian/bookdetails.php` | High
|
||||
34 | File | `/lists/admin/` | High
|
||||
35 | File | `/login/index.php` | High
|
||||
36 | File | `/mail/index.html` | High
|
||||
37 | File | `/navigate/navigate_download.php` | High
|
||||
38 | File | `/public/plugins/` | High
|
||||
39 | File | `/rapi/read_url` | High
|
||||
40 | File | `/reps/admin/?page=agents/manage_agent` | High
|
||||
41 | File | `/rest/api/1.0/render` | High
|
||||
42 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
43 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 377 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,7 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bifrost:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -16,12 +21,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.222.236.33](https://vuldb.com/?ip.23.222.236.33) | a23-222-236-33.deploy.static.akamaitechnologies.com | - | High
|
||||
2 | [24.201.72.161](https://vuldb.com/?ip.24.201.72.161) | modemcable161.72-201-24.mc.videotron.ca | - | High
|
||||
3 | [104.18.10.39](https://vuldb.com/?ip.104.18.10.39) | - | - | High
|
||||
1 | [20.72.235.82](https://vuldb.com/?ip.20.72.235.82) | - | - | High
|
||||
2 | [23.222.236.33](https://vuldb.com/?ip.23.222.236.33) | a23-222-236-33.deploy.static.akamaitechnologies.com | - | High
|
||||
3 | [24.201.72.161](https://vuldb.com/?ip.24.201.72.161) | modemcable161.72-201-24.mc.videotron.ca | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more IOC items available. Please use our online service to access the data.
|
||||
There are 13 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -29,7 +34,25 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bifrost. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/lists/admin/` | High
|
||||
2 | File | `convert.c` | Medium
|
||||
3 | File | `inc/autoload.function.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -39,6 +62,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.html
|
||||
* https://blog.talosintelligence.com/2021/05/threat-roundup-0430-0507.html
|
||||
* https://blog.talosintelligence.com/threat-roundup-0106-0113/
|
||||
* https://blog.talosintelligence.com/threat-roundup-0120-0127/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -77,9 +77,10 @@ ID | Type | Indicator | Confidence
|
|||
26 | File | `5.2.9\syscrb.exe` | High
|
||||
27 | File | `abc-pcie.c` | Medium
|
||||
28 | File | `accounts/payment_history.php` | High
|
||||
29 | ... | ... | ...
|
||||
29 | File | `adclick.php` | Medium
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 248 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 254 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with Black Basta:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Black Basta:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CO](https://vuldb.com/?country.co)
|
||||
* [IN](https://vuldb.com/?country.in)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 31 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -27,20 +27,25 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.106.160.188](https://vuldb.com/?ip.23.106.160.188) | - | - | High
|
||||
2 | [24.49.232.96](https://vuldb.com/?ip.24.49.232.96) | 24-49-232-96.resi.cgocable.ca | Qbot | High
|
||||
3 | [24.64.114.59](https://vuldb.com/?ip.24.64.114.59) | S0106b06ebfd79790.cg.shawcable.net | Qbot | High
|
||||
4 | [24.178.196.44](https://vuldb.com/?ip.24.178.196.44) | 024-178-196-044.biz.spectrum.com | - | High
|
||||
5 | [37.186.54.185](https://vuldb.com/?ip.37.186.54.185) | - | - | High
|
||||
6 | [39.44.144.182](https://vuldb.com/?ip.39.44.144.182) | - | - | High
|
||||
7 | [45.63.1.88](https://vuldb.com/?ip.45.63.1.88) | 45.63.1.88.vultrusercontent.com | - | High
|
||||
8 | [46.176.222.241](https://vuldb.com/?ip.46.176.222.241) | ppp046176222241.access.hol.gr | - | High
|
||||
9 | [47.23.89.126](https://vuldb.com/?ip.47.23.89.126) | ool-2f17597e.static.optonline.net | - | High
|
||||
10 | [70.50.3.214](https://vuldb.com/?ip.70.50.3.214) | bras-base-mtrlpq4809w-grc-15-70-50-3-214.dsl.bell.ca | Qbot | High
|
||||
11 | [70.64.77.115](https://vuldb.com/?ip.70.64.77.115) | S0106ac4ca5feeb27.ss.shawcable.net | Qbot | High
|
||||
12 | ... | ... | ... | ...
|
||||
1 | [5.62.43.252](https://vuldb.com/?ip.5.62.43.252) | r-252-43-62-5.consumer-pool.prcdn.net | - | High
|
||||
2 | [5.196.124.228](https://vuldb.com/?ip.5.196.124.228) | ip228.ip-5-196-124.eu | - | High
|
||||
3 | [23.106.160.188](https://vuldb.com/?ip.23.106.160.188) | - | - | High
|
||||
4 | [24.49.232.96](https://vuldb.com/?ip.24.49.232.96) | 24-49-232-96.resi.cgocable.ca | Qbot | High
|
||||
5 | [24.64.114.59](https://vuldb.com/?ip.24.64.114.59) | S0106b06ebfd79790.cg.shawcable.net | Qbot | High
|
||||
6 | [24.178.196.44](https://vuldb.com/?ip.24.178.196.44) | 024-178-196-044.biz.spectrum.com | - | High
|
||||
7 | [37.186.54.185](https://vuldb.com/?ip.37.186.54.185) | - | - | High
|
||||
8 | [39.44.144.182](https://vuldb.com/?ip.39.44.144.182) | - | - | High
|
||||
9 | [45.63.1.88](https://vuldb.com/?ip.45.63.1.88) | 45.63.1.88.vultrusercontent.com | - | High
|
||||
10 | [45.67.229.148](https://vuldb.com/?ip.45.67.229.148) | vm978261.stark-industries.solutions | - | High
|
||||
11 | [45.87.154.208](https://vuldb.com/?ip.45.87.154.208) | vm1075965.stark-industries.solutions | - | High
|
||||
12 | [45.133.216.39](https://vuldb.com/?ip.45.133.216.39) | vm627637.stark-industries.solutions | - | High
|
||||
13 | [45.153.241.167](https://vuldb.com/?ip.45.153.241.167) | - | - | High
|
||||
14 | [46.176.222.241](https://vuldb.com/?ip.46.176.222.241) | ppp046176222241.access.hol.gr | - | High
|
||||
15 | [47.23.89.126](https://vuldb.com/?ip.47.23.89.126) | ool-2f17597e.static.optonline.net | - | High
|
||||
16 | [69.46.15.147](https://vuldb.com/?ip.69.46.15.147) | 69-46-15-147.static.hvvc.us | - | High
|
||||
17 | ... | ... | ... | ...
|
||||
|
||||
There are 42 more IOC items available. Please use our online service to access the data.
|
||||
There are 66 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -48,12 +53,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -62,20 +69,71 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/cardo/api` | Medium
|
||||
3 | File | `/index.php` | Medium
|
||||
4 | File | `/s/` | Low
|
||||
5 | File | `/sendrcpackage?keyid=-2544&keysymbol=-4081` | High
|
||||
6 | File | `/uncpath/` | Medium
|
||||
7 | ... | ... | ...
|
||||
2 | File | `/addnews.html` | High
|
||||
3 | File | `/admin/admin.php` | High
|
||||
4 | File | `/api/trackedEntityInstances` | High
|
||||
5 | File | `/bin/login.php` | High
|
||||
6 | File | `/cgi-bin/hi3510/param.cgi` | High
|
||||
7 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
8 | File | `/cgi/sshcheck.cgi` | High
|
||||
9 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
10 | File | `/ConsoleHelp/` | High
|
||||
11 | File | `/etc/sudoers` | Medium
|
||||
12 | File | `/export` | Low
|
||||
13 | File | `/horde/imp/search.php` | High
|
||||
14 | File | `/index.php` | Medium
|
||||
15 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
16 | File | `/LEPTON_stable_2.2.2/upload/admins/media/index.php` | High
|
||||
17 | File | `/login` | Low
|
||||
18 | File | `/modules/projects/vw_files.php` | High
|
||||
19 | File | `/news.dtl.php` | High
|
||||
20 | File | `/opensis/modules/grades/InputFinalGrades.php` | High
|
||||
21 | File | `/opensis/modules/users/Staff.php` | High
|
||||
22 | File | `/plesk-site-preview/` | High
|
||||
23 | File | `/proc/self/environ` | High
|
||||
24 | File | `/rest/api/2/user/picker` | High
|
||||
25 | File | `/s/` | Low
|
||||
26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
27 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
28 | File | `/sendrcpackage?keyid=-2544&keysymbol=-4081` | High
|
||||
29 | File | `/services` | Medium
|
||||
30 | File | `/system?action=ServiceAdmin` | High
|
||||
31 | File | `/var/WEB-GUI/cgi-bin/downloadfile.cgi` | High
|
||||
32 | File | `/vicidial/user_stats.php` | High
|
||||
33 | File | `/websocket/exec` | High
|
||||
34 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
35 | File | `access.conf` | Medium
|
||||
36 | File | `adclick.php` | Medium
|
||||
37 | File | `addentry.php` | Medium
|
||||
38 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
||||
39 | File | `admin/admin_users.php` | High
|
||||
40 | File | `admin/login.php` | High
|
||||
41 | File | `admin/upload.php` | High
|
||||
42 | File | `administers` | Medium
|
||||
43 | File | `Administrator_list.php` | High
|
||||
44 | File | `advancedsetup_websiteblocking.html` | High
|
||||
45 | File | `ajax_mail_autoreply.php` | High
|
||||
46 | File | `ajax_save_name.php` | High
|
||||
47 | File | `allocator.cc` | Medium
|
||||
48 | File | `announcements.php` | High
|
||||
49 | File | `ap1.com` | Low
|
||||
50 | File | `apache2/modsecurity.c` | High
|
||||
51 | File | `api_jsonrpc.php` | High
|
||||
52 | File | `app/admin/controller/Ajax.php` | High
|
||||
53 | File | `App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf` | High
|
||||
54 | File | `AppCompatCache.exe` | High
|
||||
55 | File | `application.php` | High
|
||||
56 | File | `apply.cgi` | Medium
|
||||
57 | ... | ... | ...
|
||||
|
||||
There are 45 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 497 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://1275.ru/ioc/311/black-basta-apt-iocs/
|
||||
* https://get.zerofox.com/rs/143-DHV-007/images/ZeroFox-Intelligence-Update-Black-Basta-Ransomware-Report-2023.pdf
|
||||
* https://www.cybereason.com/blog/threat-alert-aggressive-qakbot-campaign-and-the-black-basta-ransomware-group-targeting-u.s.-companies
|
||||
* https://www.trendmicro.com/de_de/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
|
||||
|
||||
|
|
|
@ -8,12 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Black KingDom:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,11 +30,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -50,43 +46,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.authlie` | Medium
|
||||
2 | File | `.github/workflows/combine-prs.yml` | High
|
||||
3 | File | `/admin/ajax.php?action=delete_user` | High
|
||||
4 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
5 | File | `/admin/ajax.php?action=save_queue` | High
|
||||
6 | File | `/admin/article_category.php` | High
|
||||
7 | File | `/admin/manage_user.php` | High
|
||||
8 | File | `/adminui/history_log.php` | High
|
||||
9 | File | `/apply.cgi` | Medium
|
||||
10 | File | `/classes/Master.php?f=delete_brand` | High
|
||||
11 | File | `/classes/Master.php?f=delete_category` | High
|
||||
12 | File | `/config/api/v1/reboot` | High
|
||||
13 | File | `/etc/passwd` | Medium
|
||||
14 | File | `/etc/shadow` | Medium
|
||||
15 | File | `/goform/WifiBasicSet` | High
|
||||
16 | File | `/hss/admin/?page=client/manage_client` | High
|
||||
17 | File | `/login/index.php` | High
|
||||
18 | File | `/opt/Citrix/ICAClient/util/ctxwebhelper` | High
|
||||
19 | File | `/output/outdbg.c` | High
|
||||
20 | File | `/output/outieee.c` | High
|
||||
21 | File | `/setNTP.cgi` | Medium
|
||||
22 | File | `/system/site.php` | High
|
||||
23 | File | `/tiki-importer.php` | High
|
||||
24 | File | `/tmp` | Low
|
||||
25 | File | `/tpts/manage_user.php` | High
|
||||
26 | File | `/trufusionPortal/upDwModuleProxy` | High
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/var/log/nginx` | High
|
||||
29 | File | `/wp-admin/options-general.php` | High
|
||||
30 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
31 | File | `0_change-gallery.php` | High
|
||||
32 | File | `addToWishlist.asp` | High
|
||||
33 | File | `admin/manage_user.php` | High
|
||||
34 | File | `admin/page-login.php` | High
|
||||
35 | File | `admin/panels/uploader/admin.uploader.php` | High
|
||||
36 | ... | ... | ...
|
||||
2 | File | `/admin/ajax.php?action=delete_user` | High
|
||||
3 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
4 | File | `/admin/ajax.php?action=save_queue` | High
|
||||
5 | File | `/admin/article_category.php` | High
|
||||
6 | File | `/admin/manage_user.php` | High
|
||||
7 | File | `/apply.cgi` | Medium
|
||||
8 | File | `/bsms_ci/index.php/book` | High
|
||||
9 | File | `/classes/Master.php?f=delete_brand` | High
|
||||
10 | File | `/classes/Master.php?f=delete_category` | High
|
||||
11 | File | `/config/api/v1/reboot` | High
|
||||
12 | File | `/etc/shadow` | Medium
|
||||
13 | File | `/forums.php?action=post` | High
|
||||
14 | File | `/goform/WifiBasicSet` | High
|
||||
15 | File | `/hss/admin/?page=client/manage_client` | High
|
||||
16 | File | `/index.php` | Medium
|
||||
17 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
|
||||
18 | File | `/login/index.php` | High
|
||||
19 | File | `/opt/Citrix/ICAClient/util/ctxwebhelper` | High
|
||||
20 | File | `/output/outdbg.c` | High
|
||||
21 | File | `/output/outieee.c` | High
|
||||
22 | File | `/setNTP.cgi` | Medium
|
||||
23 | File | `/system/site.php` | High
|
||||
24 | File | `/tiki-importer.php` | High
|
||||
25 | File | `/tmp` | Low
|
||||
26 | File | `/tpts/manage_user.php` | High
|
||||
27 | File | `/trufusionPortal/upDwModuleProxy` | High
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/usr/etc/restore0.9` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 251 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -72,27 +72,27 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/contacts/listcontacts.php` | High
|
||||
21 | File | `/csms/admin/?page=user/manage_user` | High
|
||||
22 | File | `/Default/Bd` | Medium
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/fos/admin/index.php?page=menu` | High
|
||||
25 | File | `/goform/AddSysLogRule` | High
|
||||
26 | File | `/goform/SafeEmailFilter` | High
|
||||
27 | File | `/goform/SetIpMacBind` | High
|
||||
28 | File | `/goform/setSnmpInfo` | High
|
||||
29 | File | `/goform/setUplinkInfo` | High
|
||||
30 | File | `/goform/SysToolReboot` | High
|
||||
31 | File | `/goform/WifiBasicSet` | High
|
||||
32 | File | `/graphql` | Medium
|
||||
33 | File | `/home/hjsz/jsonlint/src/lexer` | High
|
||||
34 | File | `/hrm/employeeview.php` | High
|
||||
35 | File | `/hss/?page=categories` | High
|
||||
36 | File | `/hss/admin/brands/manage_brand.php` | High
|
||||
37 | File | `/index.php?module=entities/entities` | High
|
||||
38 | File | `/index.php?module=global_lists/lists` | High
|
||||
39 | File | `/index.php?module=help_pages/pages&entities_id=24` | High
|
||||
40 | File | `/index.php?module=users_alerts/users_alerts` | High
|
||||
23 | File | `/ext/phar/phar_object.c` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/fos/admin/index.php?page=menu` | High
|
||||
26 | File | `/goform/AddSysLogRule` | High
|
||||
27 | File | `/goform/SafeEmailFilter` | High
|
||||
28 | File | `/goform/SetIpMacBind` | High
|
||||
29 | File | `/goform/setSnmpInfo` | High
|
||||
30 | File | `/goform/setUplinkInfo` | High
|
||||
31 | File | `/goform/SysToolReboot` | High
|
||||
32 | File | `/goform/WifiBasicSet` | High
|
||||
33 | File | `/graphql` | Medium
|
||||
34 | File | `/home/hjsz/jsonlint/src/lexer` | High
|
||||
35 | File | `/hrm/employeeview.php` | High
|
||||
36 | File | `/hss/?page=categories` | High
|
||||
37 | File | `/hss/admin/brands/manage_brand.php` | High
|
||||
38 | File | `/index.php?module=entities/entities` | High
|
||||
39 | File | `/index.php?module=global_lists/lists` | High
|
||||
40 | File | `/index.php?module=help_pages/pages&entities_id=24` | High
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 354 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
|
@ -52,40 +52,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin/dl_sendmail.php` | High
|
||||
4 | File | `/admin/submit-articles` | High
|
||||
5 | File | `/ad_js.php` | Medium
|
||||
6 | File | `/Ap4RtpAtom.cpp` | High
|
||||
7 | File | `/api/v2/cli/commands` | High
|
||||
8 | File | `/app/options.py` | High
|
||||
9 | File | `/attachments` | Medium
|
||||
10 | File | `/bsms/?page=manage_account` | High
|
||||
11 | File | `/cgi-bin/login.cgi` | High
|
||||
12 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
13 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
14 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
15 | File | `/dashboard/reports/logs/view` | High
|
||||
16 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/etc/hosts` | Medium
|
||||
19 | File | `/fuel/sitevariables/delete/4` | High
|
||||
20 | File | `/goform/setmac` | High
|
||||
21 | File | `/goform/wizard_end` | High
|
||||
22 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
23 | File | `/index/jobfairol/show/` | High
|
||||
24 | File | `/librarian/bookdetails.php` | High
|
||||
25 | File | `/manage-apartment.php` | High
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/doctors.php` | High
|
||||
6 | File | `/admin/submit-articles` | High
|
||||
7 | File | `/ad_js.php` | Medium
|
||||
8 | File | `/alphaware/summary.php` | High
|
||||
9 | File | `/api/v2/cli/commands` | High
|
||||
10 | File | `/app/options.py` | High
|
||||
11 | File | `/attachments` | Medium
|
||||
12 | File | `/boat/login.php` | High
|
||||
13 | File | `/bsms_ci/index.php/book` | High
|
||||
14 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
15 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
16 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
17 | File | `/dashboard/reports/logs/view` | High
|
||||
18 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/etc/hosts` | Medium
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goform/setmac` | High
|
||||
23 | File | `/goform/wizard_end` | High
|
||||
24 | File | `/manage-apartment.php` | High
|
||||
25 | File | `/medicines/profile.php` | High
|
||||
26 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
27 | File | `/out.php` | Medium
|
||||
28 | File | `/pages/apply_vacancy.php` | High
|
||||
29 | File | `/pet_shop/admin/?page=maintenance/manage_category` | High
|
||||
30 | File | `/proc/<PID>/mem` | High
|
||||
31 | File | `/proxy` | Low
|
||||
32 | ... | ... | ...
|
||||
32 | File | `/reservation/add_message.php` | High
|
||||
33 | File | `/spip.php` | Medium
|
||||
34 | File | `/tmp` | Low
|
||||
35 | File | `/uncpath/` | Medium
|
||||
36 | File | `/upload` | Low
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 272 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -76,7 +76,7 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 143 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 145 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -49,18 +49,18 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/index.php` | Medium
|
||||
2 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
3 | File | `addtocart.asp` | High
|
||||
4 | File | `admin/adm/test.php` | High
|
||||
5 | File | `agora.cgi` | Medium
|
||||
6 | File | `books.php` | Medium
|
||||
7 | File | `cat.asp` | Low
|
||||
8 | File | `catalog.php` | Medium
|
||||
9 | File | `categories.php` | High
|
||||
10 | File | `default.php` | Medium
|
||||
11 | File | `detail.php` | Medium
|
||||
3 | File | `adclick.php` | Medium
|
||||
4 | File | `addtocart.asp` | High
|
||||
5 | File | `admin/adm/test.php` | High
|
||||
6 | File | `agora.cgi` | Medium
|
||||
7 | File | `books.php` | Medium
|
||||
8 | File | `cat.asp` | Low
|
||||
9 | File | `catalog.php` | Medium
|
||||
10 | File | `categories.php` | High
|
||||
11 | File | `default.php` | Medium
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 89 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 91 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,36 +19,40 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [2.57.68.0](https://vuldb.com/?ip.2.57.68.0) | - | - | High
|
||||
2 | [5.62.56.40](https://vuldb.com/?ip.5.62.56.40) | r-40-56-62-5.consumer-pool.prcdn.net | - | High
|
||||
3 | [5.62.58.40](https://vuldb.com/?ip.5.62.58.40) | r-40-58-62-5.consumer-pool.prcdn.net | - | High
|
||||
4 | [34.100.4.0](https://vuldb.com/?ip.34.100.4.0) | 0.4.100.34.bc.googleusercontent.com | - | Medium
|
||||
5 | [34.100.46.0](https://vuldb.com/?ip.34.100.46.0) | 0.46.100.34.bc.googleusercontent.com | - | Medium
|
||||
6 | [37.230.187.0](https://vuldb.com/?ip.37.230.187.0) | - | - | High
|
||||
7 | [45.4.98.0](https://vuldb.com/?ip.45.4.98.0) | 45.4.98.0.prodem.bo | - | High
|
||||
8 | [45.5.13.0](https://vuldb.com/?ip.45.5.13.0) | - | - | High
|
||||
9 | [45.12.70.29](https://vuldb.com/?ip.45.12.70.29) | abseiled.get-eye.com | - | High
|
||||
10 | [45.12.71.29](https://vuldb.com/?ip.45.12.71.29) | - | - | High
|
||||
11 | [45.14.72.0](https://vuldb.com/?ip.45.14.72.0) | - | - | High
|
||||
12 | [45.70.180.0](https://vuldb.com/?ip.45.70.180.0) | - | - | High
|
||||
13 | [45.74.19.0](https://vuldb.com/?ip.45.74.19.0) | - | - | High
|
||||
14 | [45.148.104.0](https://vuldb.com/?ip.45.148.104.0) | - | - | High
|
||||
15 | [45.163.18.0](https://vuldb.com/?ip.45.163.18.0) | - | - | High
|
||||
16 | [45.183.184.0](https://vuldb.com/?ip.45.183.184.0) | 45-183-184-0.golochtelnet.com | - | High
|
||||
17 | [45.225.75.0](https://vuldb.com/?ip.45.225.75.0) | - | - | High
|
||||
18 | [45.226.32.0](https://vuldb.com/?ip.45.226.32.0) | - | - | High
|
||||
19 | [45.227.61.0](https://vuldb.com/?ip.45.227.61.0) | - | - | High
|
||||
20 | [45.229.195.0](https://vuldb.com/?ip.45.229.195.0) | - | - | High
|
||||
21 | [45.229.244.0](https://vuldb.com/?ip.45.229.244.0) | - | - | High
|
||||
22 | [45.232.46.0](https://vuldb.com/?ip.45.232.46.0) | - | - | High
|
||||
23 | [45.236.192.0](https://vuldb.com/?ip.45.236.192.0) | - | - | High
|
||||
24 | [46.36.200.21](https://vuldb.com/?ip.46.36.200.21) | - | - | High
|
||||
25 | [46.36.200.22](https://vuldb.com/?ip.46.36.200.22) | - | - | High
|
||||
26 | [46.36.200.24](https://vuldb.com/?ip.46.36.200.24) | - | - | High
|
||||
27 | [46.36.200.28](https://vuldb.com/?ip.46.36.200.28) | - | - | High
|
||||
28 | [46.36.200.30](https://vuldb.com/?ip.46.36.200.30) | - | - | High
|
||||
29 | [46.36.200.81](https://vuldb.com/?ip.46.36.200.81) | - | - | High
|
||||
30 | [46.36.200.82](https://vuldb.com/?ip.46.36.200.82) | - | - | High
|
||||
31 | ... | ... | ... | ...
|
||||
4 | [12.144.83.0](https://vuldb.com/?ip.12.144.83.0) | - | - | High
|
||||
5 | [12.144.84.0](https://vuldb.com/?ip.12.144.84.0) | - | - | High
|
||||
6 | [34.100.4.0](https://vuldb.com/?ip.34.100.4.0) | 0.4.100.34.bc.googleusercontent.com | - | Medium
|
||||
7 | [34.100.46.0](https://vuldb.com/?ip.34.100.46.0) | 0.46.100.34.bc.googleusercontent.com | - | Medium
|
||||
8 | [37.230.187.0](https://vuldb.com/?ip.37.230.187.0) | - | - | High
|
||||
9 | [45.4.98.0](https://vuldb.com/?ip.45.4.98.0) | 45.4.98.0.prodem.bo | - | High
|
||||
10 | [45.5.13.0](https://vuldb.com/?ip.45.5.13.0) | - | - | High
|
||||
11 | [45.12.70.29](https://vuldb.com/?ip.45.12.70.29) | abseiled.get-eye.com | - | High
|
||||
12 | [45.12.71.29](https://vuldb.com/?ip.45.12.71.29) | - | - | High
|
||||
13 | [45.14.72.0](https://vuldb.com/?ip.45.14.72.0) | - | - | High
|
||||
14 | [45.68.0.0](https://vuldb.com/?ip.45.68.0.0) | - | - | High
|
||||
15 | [45.70.180.0](https://vuldb.com/?ip.45.70.180.0) | - | - | High
|
||||
16 | [45.74.19.0](https://vuldb.com/?ip.45.74.19.0) | - | - | High
|
||||
17 | [45.148.104.0](https://vuldb.com/?ip.45.148.104.0) | - | - | High
|
||||
18 | [45.163.18.0](https://vuldb.com/?ip.45.163.18.0) | - | - | High
|
||||
19 | [45.183.184.0](https://vuldb.com/?ip.45.183.184.0) | 45-183-184-0.golochtelnet.com | - | High
|
||||
20 | [45.225.75.0](https://vuldb.com/?ip.45.225.75.0) | - | - | High
|
||||
21 | [45.226.32.0](https://vuldb.com/?ip.45.226.32.0) | - | - | High
|
||||
22 | [45.227.61.0](https://vuldb.com/?ip.45.227.61.0) | - | - | High
|
||||
23 | [45.229.195.0](https://vuldb.com/?ip.45.229.195.0) | - | - | High
|
||||
24 | [45.229.244.0](https://vuldb.com/?ip.45.229.244.0) | - | - | High
|
||||
25 | [45.232.46.0](https://vuldb.com/?ip.45.232.46.0) | - | - | High
|
||||
26 | [45.236.192.0](https://vuldb.com/?ip.45.236.192.0) | - | - | High
|
||||
27 | [46.36.200.21](https://vuldb.com/?ip.46.36.200.21) | - | - | High
|
||||
28 | [46.36.200.22](https://vuldb.com/?ip.46.36.200.22) | - | - | High
|
||||
29 | [46.36.200.24](https://vuldb.com/?ip.46.36.200.24) | - | - | High
|
||||
30 | [46.36.200.28](https://vuldb.com/?ip.46.36.200.28) | - | - | High
|
||||
31 | [46.36.200.30](https://vuldb.com/?ip.46.36.200.30) | - | - | High
|
||||
32 | [46.36.200.81](https://vuldb.com/?ip.46.36.200.81) | - | - | High
|
||||
33 | [46.36.200.82](https://vuldb.com/?ip.46.36.200.82) | - | - | High
|
||||
34 | [46.36.200.84](https://vuldb.com/?ip.46.36.200.84) | - | - | High
|
||||
35 | ... | ... | ... | ...
|
||||
|
||||
There are 119 more IOC items available. Please use our online service to access the data.
|
||||
There are 136 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -74,6 +78,7 @@ ID | Type | Indicator | Confidence
|
|||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bo.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bo.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -60,12 +60,15 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
37 | [46.36.200.20](https://vuldb.com/?ip.46.36.200.20) | - | - | High
|
||||
38 | [46.163.48.0](https://vuldb.com/?ip.46.163.48.0) | - | - | High
|
||||
39 | [46.163.50.0](https://vuldb.com/?ip.46.163.50.0) | - | - | High
|
||||
40 | [46.163.60.0](https://vuldb.com/?ip.46.163.60.0) | - | - | High
|
||||
41 | [46.239.0.0](https://vuldb.com/?ip.46.239.0.0) | - | - | High
|
||||
42 | [57.90.72.0](https://vuldb.com/?ip.57.90.72.0) | - | - | High
|
||||
43 | ... | ... | ... | ...
|
||||
40 | [46.163.54.0](https://vuldb.com/?ip.46.163.54.0) | - | - | High
|
||||
41 | [46.163.60.0](https://vuldb.com/?ip.46.163.60.0) | - | - | High
|
||||
42 | [46.239.0.0](https://vuldb.com/?ip.46.239.0.0) | - | - | High
|
||||
43 | [57.90.56.0](https://vuldb.com/?ip.57.90.56.0) | - | - | High
|
||||
44 | [57.90.72.0](https://vuldb.com/?ip.57.90.72.0) | - | - | High
|
||||
45 | [62.4.113.0](https://vuldb.com/?ip.62.4.113.0) | - | - | High
|
||||
46 | ... | ... | ... | ...
|
||||
|
||||
There are 168 more IOC items available. Please use our online service to access the data.
|
||||
There are 182 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -89,70 +92,74 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/Admin/login.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/reports.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
12 | File | `/apilog.php` | Medium
|
||||
13 | File | `/cgi-bin/kerbynet` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
18 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/hrm/employeeadd.php` | High
|
||||
23 | File | `/hrm/employeeview.php` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/items/view_item.php` | High
|
||||
27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
28 | File | `/lookin/info` | Medium
|
||||
29 | File | `/MagickCore/image.c` | High
|
||||
30 | File | `/manager/index.php` | High
|
||||
31 | File | `/medical/inventories.php` | High
|
||||
32 | File | `/modules/profile/index.php` | High
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/modules/public/calendar.php` | High
|
||||
35 | File | `/newsDia.php` | Medium
|
||||
36 | File | `/out.php` | Medium
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
40 | File | `/reports/rwservlet` | High
|
||||
41 | File | `/sacco_shield/manage_user.php` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
44 | File | `/staff/bookdetails.php` | High
|
||||
45 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
46 | File | `/user/update_booking.php` | High
|
||||
47 | File | `/WEB-INF/web.xml` | High
|
||||
48 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/Admin/login.php` | High
|
||||
5 | File | `/admin/showbad.php` | High
|
||||
6 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
7 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
8 | File | `/apilog.php` | Medium
|
||||
9 | File | `/APR/login.php` | High
|
||||
10 | File | `/bin/httpd` | Medium
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/connectors/index.php` | High
|
||||
13 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
14 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
15 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
18 | File | `/fos/admin/index.php?page=menu` | High
|
||||
19 | File | `/home/masterConsole` | High
|
||||
20 | File | `/home/sendBroadcast` | High
|
||||
21 | File | `/hrm/employeeadd.php` | High
|
||||
22 | File | `/hrm/employeeview.php` | High
|
||||
23 | File | `/index.php` | Medium
|
||||
24 | File | `/items/view_item.php` | High
|
||||
25 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
26 | File | `/lookin/info` | Medium
|
||||
27 | File | `/manager/index.php` | High
|
||||
28 | File | `/medical/inventories.php` | High
|
||||
29 | File | `/modules/profile/index.php` | High
|
||||
30 | File | `/modules/projects/vw_files.php` | High
|
||||
31 | File | `/modules/public/calendar.php` | High
|
||||
32 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
33 | File | `/newsDia.php` | Medium
|
||||
34 | File | `/out.php` | Medium
|
||||
35 | File | `/php-opos/index.php` | High
|
||||
36 | File | `/proxy` | Low
|
||||
37 | File | `/public/launchNewWindow.jsp` | High
|
||||
38 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
39 | File | `/reports/rwservlet` | High
|
||||
40 | File | `/sacco_shield/manage_user.php` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
43 | File | `/staff/bookdetails.php` | High
|
||||
44 | File | `/uncpath/` | Medium
|
||||
45 | File | `/user/update_booking.php` | High
|
||||
46 | File | `/WEB-INF/web.xml` | High
|
||||
47 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
48 | File | `/wireless/security.asp` | High
|
||||
49 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
50 | File | `/wp-admin/admin-ajax.php` | High
|
||||
51 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
52 | File | `01article.php` | High
|
||||
53 | File | `AbstractScheduleJob.java` | High
|
||||
54 | File | `actionphp/download.File.php` | High
|
||||
55 | File | `AdClass.php` | Medium
|
||||
56 | File | `adclick.php` | Medium
|
||||
57 | ... | ... | ...
|
||||
55 | File | `adclick.php` | Medium
|
||||
56 | File | `addtocart.asp` | High
|
||||
57 | File | `admin.php` | Medium
|
||||
58 | File | `admin/abc.php` | High
|
||||
59 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 501 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 523 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_ba.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_ba.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -23,20 +23,23 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.62.60.44](https://vuldb.com/?ip.5.62.60.44) | r-44-60-62-5.consumer-pool.prcdn.net | - | High
|
||||
2 | [5.62.62.44](https://vuldb.com/?ip.5.62.62.44) | r-44-62-62-5.consumer-pool.prcdn.net | - | High
|
||||
3 | [41.60.215.0](https://vuldb.com/?ip.41.60.215.0) | - | - | High
|
||||
4 | [41.74.48.0](https://vuldb.com/?ip.41.74.48.0) | - | - | High
|
||||
5 | [41.75.0.0](https://vuldb.com/?ip.41.75.0.0) | - | - | High
|
||||
6 | [41.76.240.0](https://vuldb.com/?ip.41.76.240.0) | - | - | High
|
||||
7 | [41.77.88.0](https://vuldb.com/?ip.41.77.88.0) | - | - | High
|
||||
8 | [41.78.95.0](https://vuldb.com/?ip.41.78.95.0) | - | - | High
|
||||
9 | [41.79.32.0](https://vuldb.com/?ip.41.79.32.0) | - | - | High
|
||||
10 | [41.79.136.0](https://vuldb.com/?ip.41.79.136.0) | 41-79-136-0.abaricom.co.bw | - | High
|
||||
11 | [41.87.160.0](https://vuldb.com/?ip.41.87.160.0) | - | - | High
|
||||
12 | [41.138.72.0](https://vuldb.com/?ip.41.138.72.0) | - | - | High
|
||||
13 | [41.190.244.0](https://vuldb.com/?ip.41.190.244.0) | - | - | High
|
||||
14 | ... | ... | ... | ...
|
||||
3 | [41.60.156.0](https://vuldb.com/?ip.41.60.156.0) | - | - | High
|
||||
4 | [41.60.215.0](https://vuldb.com/?ip.41.60.215.0) | - | - | High
|
||||
5 | [41.74.48.0](https://vuldb.com/?ip.41.74.48.0) | - | - | High
|
||||
6 | [41.75.0.0](https://vuldb.com/?ip.41.75.0.0) | - | - | High
|
||||
7 | [41.76.240.0](https://vuldb.com/?ip.41.76.240.0) | - | - | High
|
||||
8 | [41.77.88.0](https://vuldb.com/?ip.41.77.88.0) | - | - | High
|
||||
9 | [41.78.95.0](https://vuldb.com/?ip.41.78.95.0) | - | - | High
|
||||
10 | [41.79.32.0](https://vuldb.com/?ip.41.79.32.0) | - | - | High
|
||||
11 | [41.79.136.0](https://vuldb.com/?ip.41.79.136.0) | 41-79-136-0.abaricom.co.bw | - | High
|
||||
12 | [41.87.160.0](https://vuldb.com/?ip.41.87.160.0) | - | - | High
|
||||
13 | [41.138.72.0](https://vuldb.com/?ip.41.138.72.0) | - | - | High
|
||||
14 | [41.190.244.0](https://vuldb.com/?ip.41.190.244.0) | - | - | High
|
||||
15 | [41.191.64.0](https://vuldb.com/?ip.41.191.64.0) | - | - | High
|
||||
16 | [41.191.216.0](https://vuldb.com/?ip.41.191.216.0) | - | - | High
|
||||
17 | ... | ... | ... | ...
|
||||
|
||||
There are 50 more IOC items available. Please use our online service to access the data.
|
||||
There are 65 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -91,15 +94,18 @@ ID | Type | Indicator | Confidence
|
|||
31 | File | `album_portal.php` | High
|
||||
32 | File | `api.php` | Low
|
||||
33 | File | `app/xml_cdr/xml_cdr_search.php` | High
|
||||
34 | ... | ... | ...
|
||||
34 | File | `application/home/controller/debug.php` | High
|
||||
35 | File | `articulo.php` | Medium
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 294 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_bw.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_bw.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -83,7 +83,7 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `boardrule.php` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 290 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -1398,14 +1398,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -1413,55 +1411,33 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `/admin/` | Low
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/submit-articles` | High
|
||||
5 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
6 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
7 | File | `/auth` | Low
|
||||
8 | File | `/bin/httpd` | Medium
|
||||
9 | File | `/Default/Bd` | Medium
|
||||
10 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
11 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
12 | File | `/download` | Medium
|
||||
13 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/forum/PostPrivateMessage` | High
|
||||
16 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
17 | File | `/fos/admin/index.php?page=menu` | High
|
||||
18 | File | `/home/masterConsole` | High
|
||||
19 | File | `/home/sendBroadcast` | High
|
||||
20 | File | `/hrm/controller/employee.php` | High
|
||||
21 | File | `/hrm/employeeadd.php` | High
|
||||
22 | File | `/hrm/employeeview.php` | High
|
||||
23 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
24 | File | `/lookin/info` | Medium
|
||||
25 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
26 | File | `/param.file.tgz` | High
|
||||
27 | File | `/php-opos/index.php` | High
|
||||
28 | File | `/php-scrm/login.php` | High
|
||||
29 | File | `/php/` | Low
|
||||
30 | File | `/php_action/editProductImage.php` | High
|
||||
31 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
32 | File | `/proxy` | Low
|
||||
33 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
34 | File | `/reports/rwservlet` | High
|
||||
35 | File | `/services/Card/findUser` | High
|
||||
36 | File | `/spip.php` | Medium
|
||||
37 | File | `/uncpath/` | Medium
|
||||
38 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
39 | File | `/view-property.php` | High
|
||||
40 | File | `/wireless/security.asp` | High
|
||||
41 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
42 | File | `01article.php` | High
|
||||
43 | File | `2020\Messages\SDNotify.exe` | High
|
||||
44 | File | `AbstractScheduleJob.java` | High
|
||||
45 | File | `action.php` | Medium
|
||||
46 | File | `actionphp/download.File.php` | High
|
||||
47 | ... | ... | ...
|
||||
1 | File | `/admin/` | Low
|
||||
2 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
3 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
4 | File | `/APR/login.php` | High
|
||||
5 | File | `/APR/signup.php` | High
|
||||
6 | File | `/cgi-bin/wapopen` | High
|
||||
7 | File | `/forum/away.php` | High
|
||||
8 | File | `/mims/login.php` | High
|
||||
9 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
10 | File | `/php-opos/index.php` | High
|
||||
11 | File | `/php-scrm/login.php` | High
|
||||
12 | File | `/textpattern/index.php` | High
|
||||
13 | File | `/tmp` | Low
|
||||
14 | File | `account-signup.php` | High
|
||||
15 | File | `account/signup.php` | High
|
||||
16 | File | `action.php` | Medium
|
||||
17 | File | `addentry.php` | Medium
|
||||
18 | File | `admin-ajax.php` | High
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
21 | File | `admin/admin_editor.php` | High
|
||||
22 | File | `admin/conf_users_edit.php` | High
|
||||
23 | File | `adminer.php` | Medium
|
||||
24 | File | `blocks/block-Old_Articles.php` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 409 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 214 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [KR](https://vuldb.com/?country.kr)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
@ -49,10 +49,10 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/out.php` | Medium
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `wp-login.php` | Medium
|
||||
3 | File | `miniserv.pl` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 8 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -42,7 +42,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -55,7 +55,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `adm/config_form_update.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 12 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Brunhilda:
|
||||
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
|
|
@ -72,7 +72,7 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `/login.php` | Medium
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 135 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 136 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -85,10 +85,9 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `/ofrs/admin/?page=teams/view_team` | High
|
||||
31 | File | `/one_church/userregister.php` | High
|
||||
32 | File | `/out.php` | Medium
|
||||
33 | File | `/public/plugins/` | High
|
||||
34 | ... | ... | ...
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -32,7 +33,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
|
@ -47,41 +48,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.FBCIndex` | Medium
|
||||
2 | File | `/.ssh/authorized_keys` | High
|
||||
3 | File | `/admin/admin.php` | High
|
||||
4 | File | `/blogengine/api/posts` | High
|
||||
5 | File | `/bsms_ci/index.php` | High
|
||||
6 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
7 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||
8 | File | `/cgi-bin/api-get_line_status` | High
|
||||
9 | File | `/cgi-bin/luci` | High
|
||||
10 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
11 | File | `/cgi-bin/qcmap_auth` | High
|
||||
12 | File | `/cgi-bin/upload_vpntar` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/CommunitySSORedirect.jsp` | High
|
||||
15 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
16 | File | `/diagnostic/editclient.php` | High
|
||||
17 | File | `/export` | Low
|
||||
18 | File | `/filemanager/php/connector.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/h/calendar` | Medium
|
||||
21 | File | `/hrm/controller/employee.php` | High
|
||||
22 | File | `/index.php?module=global_lists/lists` | High
|
||||
23 | File | `/login/index.php` | High
|
||||
24 | File | `/mkshope/login.php` | High
|
||||
25 | File | `/network_test.php` | High
|
||||
26 | File | `/obs/book.php` | High
|
||||
27 | File | `/okm:root` | Medium
|
||||
28 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
29 | File | `/out.php` | Medium
|
||||
30 | File | `/products/view_product.php` | High
|
||||
31 | File | `/public/launchNewWindow.jsp` | High
|
||||
32 | File | `/public_html/animals` | High
|
||||
33 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
34 | ... | ... | ...
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/.ssh/authorized_keys` | High
|
||||
4 | File | `/as/authorization.oauth2` | High
|
||||
5 | File | `/blogengine/api/posts` | High
|
||||
6 | File | `/cgi-bin/api-get_line_status` | High
|
||||
7 | File | `/cgi-bin/luci` | High
|
||||
8 | File | `/cgi-bin/luci/api/auth` | High
|
||||
9 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
10 | File | `/cgi-bin/upload_vpntar` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
13 | File | `/export` | Low
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/h/calendar` | Medium
|
||||
16 | File | `/hrm/controller/employee.php` | High
|
||||
17 | File | `/login/index.php` | High
|
||||
18 | File | `/mkshope/login.php` | High
|
||||
19 | File | `/network_test.php` | High
|
||||
20 | File | `/obs/book.php` | High
|
||||
21 | File | `/products/view_product.php` | High
|
||||
22 | File | `/public/launchNewWindow.jsp` | High
|
||||
23 | File | `/public/login.htm` | High
|
||||
24 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
25 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
26 | File | `/self.key` | Medium
|
||||
27 | File | `/services/view_service.php` | High
|
||||
28 | File | `/shell` | Low
|
||||
29 | File | `/spip.php` | Medium
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 262 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
文件差异内容过多而无法显示
加载差异
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -81,7 +81,7 @@ ID | Type | Indicator | Confidence
|
|||
32 | File | `articulo.php` | Medium
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 279 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 284 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -101,7 +101,7 @@ ID | Type | Indicator | Confidence
|
|||
25 | File | `/viewer/krpano.html` | High
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 216 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Strike:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -26,55 +26,55 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
3 | [5.199.173.152](https://vuldb.com/?ip.5.199.173.152) | - | - | High
|
||||
4 | [5.199.174.219](https://vuldb.com/?ip.5.199.174.219) | - | - | High
|
||||
5 | [5.252.177.199](https://vuldb.com/?ip.5.252.177.199) | 5-252-177-199.mivocloud.com | - | High
|
||||
6 | [5.254.64.234](https://vuldb.com/?ip.5.254.64.234) | - | - | High
|
||||
7 | [5.254.112.226](https://vuldb.com/?ip.5.254.112.226) | - | - | High
|
||||
8 | [5.255.98.144](https://vuldb.com/?ip.5.255.98.144) | - | - | High
|
||||
9 | [14.229.140.66](https://vuldb.com/?ip.14.229.140.66) | static.vnpt.vn | - | High
|
||||
10 | [23.19.227.147](https://vuldb.com/?ip.23.19.227.147) | - | - | High
|
||||
11 | [23.81.246.32](https://vuldb.com/?ip.23.81.246.32) | - | - | High
|
||||
12 | [23.81.246.187](https://vuldb.com/?ip.23.81.246.187) | - | - | High
|
||||
13 | [23.82.19.208](https://vuldb.com/?ip.23.82.19.208) | - | - | High
|
||||
14 | [23.82.140.91](https://vuldb.com/?ip.23.82.140.91) | - | - | High
|
||||
15 | [23.82.140.133](https://vuldb.com/?ip.23.82.140.133) | - | - | High
|
||||
16 | [23.82.141.184](https://vuldb.com/?ip.23.82.141.184) | - | - | High
|
||||
17 | [23.83.133.1](https://vuldb.com/?ip.23.83.133.1) | v327.er01.dal.ubiquity.io | - | High
|
||||
18 | [23.83.133.182](https://vuldb.com/?ip.23.83.133.182) | - | - | High
|
||||
19 | [23.83.133.216](https://vuldb.com/?ip.23.83.133.216) | - | - | High
|
||||
20 | [23.83.134.110](https://vuldb.com/?ip.23.83.134.110) | - | - | High
|
||||
21 | [23.83.134.136](https://vuldb.com/?ip.23.83.134.136) | - | - | High
|
||||
22 | [23.106.160.39](https://vuldb.com/?ip.23.106.160.39) | - | - | High
|
||||
23 | [23.106.160.120](https://vuldb.com/?ip.23.106.160.120) | - | - | High
|
||||
24 | [23.106.160.188](https://vuldb.com/?ip.23.106.160.188) | - | - | High
|
||||
25 | [23.108.57.13](https://vuldb.com/?ip.23.108.57.13) | - | - | High
|
||||
26 | [23.108.57.39](https://vuldb.com/?ip.23.108.57.39) | - | - | High
|
||||
27 | [23.108.57.108](https://vuldb.com/?ip.23.108.57.108) | - | - | High
|
||||
28 | [23.160.193.55](https://vuldb.com/?ip.23.160.193.55) | unknown.ip-xfer.net | - | High
|
||||
29 | [23.227.194.86](https://vuldb.com/?ip.23.227.194.86) | 23-227-194-86.static.hvvc.us | - | High
|
||||
30 | [23.227.198.217](https://vuldb.com/?ip.23.227.198.217) | 23-227-198-217.static.hvvc.us | - | High
|
||||
31 | [23.227.199.10](https://vuldb.com/?ip.23.227.199.10) | 23-227-199-10.static.hvvc.us | - | High
|
||||
32 | [23.229.36.43](https://vuldb.com/?ip.23.229.36.43) | bet5jn-day-43.bettertisholiday.com | - | High
|
||||
33 | [23.236.77.94](https://vuldb.com/?ip.23.236.77.94) | - | - | High
|
||||
34 | [23.236.174.190](https://vuldb.com/?ip.23.236.174.190) | - | - | High
|
||||
35 | [23.254.202.59](https://vuldb.com/?ip.23.254.202.59) | client-23-254-202-59.hostwindsdns.com | - | High
|
||||
36 | [28.11.143.222](https://vuldb.com/?ip.28.11.143.222) | - | - | High
|
||||
37 | [37.0.8.252](https://vuldb.com/?ip.37.0.8.252) | - | - | High
|
||||
38 | [37.72.174.9](https://vuldb.com/?ip.37.72.174.9) | emailmail.org.uk | - | High
|
||||
39 | [37.120.198.225](https://vuldb.com/?ip.37.120.198.225) | - | - | High
|
||||
40 | [39.104.90.45](https://vuldb.com/?ip.39.104.90.45) | - | - | High
|
||||
41 | [39.109.5.135](https://vuldb.com/?ip.39.109.5.135) | - | - | High
|
||||
42 | [43.154.175.230](https://vuldb.com/?ip.43.154.175.230) | - | - | High
|
||||
43 | [43.250.200.106](https://vuldb.com/?ip.43.250.200.106) | - | - | High
|
||||
44 | [43.250.201.71](https://vuldb.com/?ip.43.250.201.71) | - | - | High
|
||||
45 | [45.9.248.74](https://vuldb.com/?ip.45.9.248.74) | te-4-3-177.pe2.man4.uk.m247.com | - | High
|
||||
46 | [45.11.19.224](https://vuldb.com/?ip.45.11.19.224) | - | - | High
|
||||
47 | [45.15.131.96](https://vuldb.com/?ip.45.15.131.96) | - | - | High
|
||||
48 | [45.66.158.14](https://vuldb.com/?ip.45.66.158.14) | 14.158-66-45.rdns.scalabledns.com | - | High
|
||||
49 | [45.84.0.116](https://vuldb.com/?ip.45.84.0.116) | n5336.md | - | High
|
||||
50 | [45.134.26.174](https://vuldb.com/?ip.45.134.26.174) | - | - | High
|
||||
51 | [45.140.146.30](https://vuldb.com/?ip.45.140.146.30) | vm582590.stark-industries.solutions | - | High
|
||||
6 | [5.253.234.40](https://vuldb.com/?ip.5.253.234.40) | - | - | High
|
||||
7 | [5.254.64.234](https://vuldb.com/?ip.5.254.64.234) | - | - | High
|
||||
8 | [5.254.112.226](https://vuldb.com/?ip.5.254.112.226) | - | - | High
|
||||
9 | [5.255.98.144](https://vuldb.com/?ip.5.255.98.144) | - | - | High
|
||||
10 | [14.229.140.66](https://vuldb.com/?ip.14.229.140.66) | static.vnpt.vn | - | High
|
||||
11 | [23.19.227.147](https://vuldb.com/?ip.23.19.227.147) | - | - | High
|
||||
12 | [23.81.246.32](https://vuldb.com/?ip.23.81.246.32) | - | - | High
|
||||
13 | [23.81.246.187](https://vuldb.com/?ip.23.81.246.187) | - | - | High
|
||||
14 | [23.82.19.208](https://vuldb.com/?ip.23.82.19.208) | - | - | High
|
||||
15 | [23.82.140.91](https://vuldb.com/?ip.23.82.140.91) | - | - | High
|
||||
16 | [23.82.140.133](https://vuldb.com/?ip.23.82.140.133) | - | - | High
|
||||
17 | [23.82.141.184](https://vuldb.com/?ip.23.82.141.184) | - | - | High
|
||||
18 | [23.83.133.1](https://vuldb.com/?ip.23.83.133.1) | v327.er01.dal.ubiquity.io | - | High
|
||||
19 | [23.83.133.182](https://vuldb.com/?ip.23.83.133.182) | - | - | High
|
||||
20 | [23.83.133.216](https://vuldb.com/?ip.23.83.133.216) | - | - | High
|
||||
21 | [23.83.134.110](https://vuldb.com/?ip.23.83.134.110) | - | - | High
|
||||
22 | [23.83.134.136](https://vuldb.com/?ip.23.83.134.136) | - | - | High
|
||||
23 | [23.106.160.39](https://vuldb.com/?ip.23.106.160.39) | - | - | High
|
||||
24 | [23.106.160.120](https://vuldb.com/?ip.23.106.160.120) | - | - | High
|
||||
25 | [23.106.160.188](https://vuldb.com/?ip.23.106.160.188) | - | - | High
|
||||
26 | [23.108.57.13](https://vuldb.com/?ip.23.108.57.13) | - | - | High
|
||||
27 | [23.108.57.39](https://vuldb.com/?ip.23.108.57.39) | - | - | High
|
||||
28 | [23.108.57.108](https://vuldb.com/?ip.23.108.57.108) | - | - | High
|
||||
29 | [23.160.193.55](https://vuldb.com/?ip.23.160.193.55) | unknown.ip-xfer.net | - | High
|
||||
30 | [23.227.194.86](https://vuldb.com/?ip.23.227.194.86) | 23-227-194-86.static.hvvc.us | - | High
|
||||
31 | [23.227.198.217](https://vuldb.com/?ip.23.227.198.217) | 23-227-198-217.static.hvvc.us | - | High
|
||||
32 | [23.227.199.10](https://vuldb.com/?ip.23.227.199.10) | 23-227-199-10.static.hvvc.us | - | High
|
||||
33 | [23.229.36.43](https://vuldb.com/?ip.23.229.36.43) | bet5jn-day-43.bettertisholiday.com | - | High
|
||||
34 | [23.236.77.94](https://vuldb.com/?ip.23.236.77.94) | - | - | High
|
||||
35 | [23.236.174.190](https://vuldb.com/?ip.23.236.174.190) | - | - | High
|
||||
36 | [23.254.202.59](https://vuldb.com/?ip.23.254.202.59) | client-23-254-202-59.hostwindsdns.com | - | High
|
||||
37 | [28.11.143.222](https://vuldb.com/?ip.28.11.143.222) | - | - | High
|
||||
38 | [37.0.8.252](https://vuldb.com/?ip.37.0.8.252) | - | - | High
|
||||
39 | [37.72.174.9](https://vuldb.com/?ip.37.72.174.9) | emailmail.org.uk | - | High
|
||||
40 | [37.120.198.225](https://vuldb.com/?ip.37.120.198.225) | - | - | High
|
||||
41 | [39.104.90.45](https://vuldb.com/?ip.39.104.90.45) | - | - | High
|
||||
42 | [39.109.5.135](https://vuldb.com/?ip.39.109.5.135) | - | - | High
|
||||
43 | [43.154.175.230](https://vuldb.com/?ip.43.154.175.230) | - | - | High
|
||||
44 | [43.250.200.106](https://vuldb.com/?ip.43.250.200.106) | - | - | High
|
||||
45 | [43.250.201.71](https://vuldb.com/?ip.43.250.201.71) | - | - | High
|
||||
46 | [45.9.248.74](https://vuldb.com/?ip.45.9.248.74) | te-4-3-177.pe2.man4.uk.m247.com | - | High
|
||||
47 | [45.11.19.224](https://vuldb.com/?ip.45.11.19.224) | - | - | High
|
||||
48 | [45.15.131.96](https://vuldb.com/?ip.45.15.131.96) | - | - | High
|
||||
49 | [45.66.158.14](https://vuldb.com/?ip.45.66.158.14) | 14.158-66-45.rdns.scalabledns.com | - | High
|
||||
50 | [45.84.0.116](https://vuldb.com/?ip.45.84.0.116) | n5336.md | - | High
|
||||
51 | [45.134.26.174](https://vuldb.com/?ip.45.134.26.174) | - | - | High
|
||||
52 | ... | ... | ... | ...
|
||||
|
||||
There are 205 more IOC items available. Please use our online service to access the data.
|
||||
There are 206 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -82,14 +82,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-35 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -98,44 +96,34 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
3 | File | `/admin/ajax.php?action=save_window` | High
|
||||
4 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
5 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
6 | File | `/bin/httpd` | Medium
|
||||
7 | File | `/blogengine/api/posts` | High
|
||||
8 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
10 | File | `/config/api/v1/reboot` | High
|
||||
11 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
12 | File | `/ebics-server/ebics.aspx` | High
|
||||
13 | File | `/etc` | Low
|
||||
14 | File | `/etc/passwd` | Medium
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/forum/PostPrivateMessage` | High
|
||||
17 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
18 | File | `/fos/admin/index.php?page=menu` | High
|
||||
19 | File | `/home/masterConsole` | High
|
||||
20 | File | `/home/sendBroadcast` | High
|
||||
21 | File | `/hss/admin/?page=client/manage_client` | High
|
||||
22 | File | `/login/index.php` | High
|
||||
23 | File | `/php-scrm/login.php` | High
|
||||
24 | File | `/products/view_product.php` | High
|
||||
25 | File | `/public/login.htm` | High
|
||||
26 | File | `/resources//../` | High
|
||||
27 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
28 | File | `/setNTP.cgi` | Medium
|
||||
29 | File | `/shell` | Low
|
||||
30 | File | `/spip.php` | Medium
|
||||
31 | File | `/sys/dict/queryTableData` | High
|
||||
32 | File | `/tpts/manage_user.php` | High
|
||||
33 | File | `/trufusionPortal/upDwModuleProxy` | High
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/usr/bin/tddp` | High
|
||||
36 | File | `/wireless/security.asp` | High
|
||||
37 | ... | ... | ...
|
||||
2 | File | `/admin/` | Low
|
||||
3 | File | `/APR/login.php` | High
|
||||
4 | File | `/APR/signup.php` | High
|
||||
5 | File | `/as/authorization.oauth2` | High
|
||||
6 | File | `/cgi-bin/luci/api/auth` | High
|
||||
7 | File | `/DXR.axd` | Medium
|
||||
8 | File | `/filemanager/php/connector.php` | High
|
||||
9 | File | `/forum/away.php` | High
|
||||
10 | File | `/mims/login.php` | High
|
||||
11 | File | `/php-scrm/login.php` | High
|
||||
12 | File | `/rukovoditel/index.php?module=users/login` | High
|
||||
13 | File | `/textpattern/index.php` | High
|
||||
14 | File | `/tmp` | Low
|
||||
15 | File | `account-signup.php` | High
|
||||
16 | File | `account/signup.php` | High
|
||||
17 | File | `addentry.php` | Medium
|
||||
18 | File | `admin.php` | Medium
|
||||
19 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
20 | File | `admin/admin_editor.php` | High
|
||||
21 | File | `admin/conf_users_edit.php` | High
|
||||
22 | File | `admin/template/js/uploadify/uploadify.swf` | High
|
||||
23 | File | `admin/TemplateController.java` | High
|
||||
24 | File | `AndroidManifest.xml` | High
|
||||
25 | File | `App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf` | High
|
||||
26 | File | `blocks/block-Old_Articles.php` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -159,6 +147,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://cert.gov.ua/article/703548
|
||||
* https://community.blueliv.com/#!/s/62ea177182df417ed033152e
|
||||
* https://community.blueliv.com/#!/s/62454e1682df417ed0330b8b
|
||||
* https://ddanchev.blogspot.com/2023/01/exposing-currently-active-and-spreading.html
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-17%20Hancitor%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-18%20Hancitor%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-26%20Hancitor%20IOCs
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -64,66 +64,65 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/conferences/list/` | High
|
||||
5 | File | `/admin/generalsettings.php` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/reports.php` | High
|
||||
9 | File | `/admin/showbad.php` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
12 | File | `/apilog.php` | Medium
|
||||
13 | File | `/bin/httpd` | Medium
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
18 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/home/masterConsole` | High
|
||||
23 | File | `/home/sendBroadcast` | High
|
||||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/items/view_item.php` | High
|
||||
28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
29 | File | `/lookin/info` | Medium
|
||||
30 | File | `/manager/index.php` | High
|
||||
31 | File | `/medical/inventories.php` | High
|
||||
32 | File | `/modules/profile/index.php` | High
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/modules/public/calendar.php` | High
|
||||
35 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
36 | File | `/newsDia.php` | Medium
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/php-opos/index.php` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/public/launchNewWindow.jsp` | High
|
||||
41 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
42 | File | `/reports/rwservlet` | High
|
||||
43 | File | `/sacco_shield/manage_user.php` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
46 | File | `/staff/bookdetails.php` | High
|
||||
47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
48 | File | `/uncpath/` | Medium
|
||||
49 | File | `/user/update_booking.php` | High
|
||||
50 | File | `/WEB-INF/web.xml` | High
|
||||
51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
52 | File | `/wireless/security.asp` | High
|
||||
53 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
54 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
55 | File | `01article.php` | High
|
||||
56 | File | `AbstractScheduleJob.java` | High
|
||||
57 | File | `actionphp/download.File.php` | High
|
||||
58 | File | `AdClass.php` | Medium
|
||||
59 | File | `adclick.php` | Medium
|
||||
60 | File | `addtocart.asp` | High
|
||||
61 | File | `admin.php` | Medium
|
||||
62 | ... | ... | ...
|
||||
5 | File | `/Admin/login.php` | High
|
||||
6 | File | `/admin/showbad.php` | High
|
||||
7 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
8 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
9 | File | `/apilog.php` | Medium
|
||||
10 | File | `/APR/login.php` | High
|
||||
11 | File | `/bin/httpd` | Medium
|
||||
12 | File | `/cgi-bin/wapopen` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/connectors/index.php` | High
|
||||
15 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
17 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
20 | File | `/fos/admin/index.php?page=menu` | High
|
||||
21 | File | `/home/masterConsole` | High
|
||||
22 | File | `/home/sendBroadcast` | High
|
||||
23 | File | `/hrm/employeeadd.php` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
25 | File | `/index.php` | Medium
|
||||
26 | File | `/items/view_item.php` | High
|
||||
27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
28 | File | `/lookin/info` | Medium
|
||||
29 | File | `/manager/index.php` | High
|
||||
30 | File | `/medical/inventories.php` | High
|
||||
31 | File | `/modules/profile/index.php` | High
|
||||
32 | File | `/modules/projects/vw_files.php` | High
|
||||
33 | File | `/modules/public/calendar.php` | High
|
||||
34 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
35 | File | `/newsDia.php` | Medium
|
||||
36 | File | `/out.php` | Medium
|
||||
37 | File | `/php-opos/index.php` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/public/launchNewWindow.jsp` | High
|
||||
40 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
41 | File | `/reports/rwservlet` | High
|
||||
42 | File | `/sacco_shield/manage_user.php` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
45 | File | `/staff/bookdetails.php` | High
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/user/update_booking.php` | High
|
||||
48 | File | `/WEB-INF/web.xml` | High
|
||||
49 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
50 | File | `/wireless/security.asp` | High
|
||||
51 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
52 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
53 | File | `01article.php` | High
|
||||
54 | File | `AbstractScheduleJob.java` | High
|
||||
55 | File | `actionphp/download.File.php` | High
|
||||
56 | File | `adclick.php` | Medium
|
||||
57 | File | `addtocart.asp` | High
|
||||
58 | File | `admin.php` | Medium
|
||||
59 | File | `admin/abc.php` | High
|
||||
60 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 538 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 531 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -529,8 +529,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -541,48 +540,51 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.../gogo/` | Medium
|
||||
2 | File | `/admin/students/manage.php` | High
|
||||
3 | File | `/admin/submit-articles` | High
|
||||
4 | File | `/admin/subnets/ripe-query.php` | High
|
||||
5 | File | `/appliance/users?action=edit` | High
|
||||
6 | File | `/attachments` | Medium
|
||||
7 | File | `/backup.pl` | Medium
|
||||
8 | File | `/bsms_ci/index.php/book` | High
|
||||
9 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
12 | File | `/etc/hosts` | Medium
|
||||
13 | File | `/etc/ldap.conf` | High
|
||||
14 | File | `/etc/quagga` | Medium
|
||||
15 | File | `/etc/shadow` | Medium
|
||||
16 | File | `/event/admin/?page=user/list` | High
|
||||
17 | File | `/foms/place-order.php` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/goform/wizard_end` | High
|
||||
20 | File | `/h/calendar` | Medium
|
||||
21 | File | `/hardware` | Medium
|
||||
22 | File | `/index.php` | Medium
|
||||
23 | File | `/medicines/profile.php` | High
|
||||
24 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
25 | File | `/out.php` | Medium
|
||||
26 | File | `/php-scrm/login.php` | High
|
||||
27 | File | `/proxy` | Low
|
||||
28 | File | `/spip.php` | Medium
|
||||
29 | File | `/tmp` | Low
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/user/loader.php?api=1` | High
|
||||
32 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
33 | File | `/video-sharing-script/watch-video.php` | High
|
||||
34 | File | `/wp-admin/admin-ajax.php` | High
|
||||
35 | File | `action.php` | Medium
|
||||
36 | File | `ActivityRecord.java` | High
|
||||
37 | File | `adclick.php` | Medium
|
||||
38 | File | `add-patient.php` | High
|
||||
39 | File | `adm.cgi` | Low
|
||||
40 | File | `admin.php` | Medium
|
||||
41 | ... | ... | ...
|
||||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/admin/subnets/ripe-query.php` | High
|
||||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/appliance/users?action=edit` | High
|
||||
11 | File | `/apply.cgi` | Medium
|
||||
12 | File | `/attachments` | Medium
|
||||
13 | File | `/backup.pl` | Medium
|
||||
14 | File | `/boat/login.php` | High
|
||||
15 | File | `/bsms_ci/index.php/book` | High
|
||||
16 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
19 | File | `/edoc/doctor/patient.php` | High
|
||||
20 | File | `/etc/hosts` | Medium
|
||||
21 | File | `/etc/ldap.conf` | High
|
||||
22 | File | `/etc/quagga` | Medium
|
||||
23 | File | `/etc/shadow` | Medium
|
||||
24 | File | `/event/admin/?page=user/list` | High
|
||||
25 | File | `/foms/place-order.php` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/h/calendar` | Medium
|
||||
28 | File | `/hardware` | Medium
|
||||
29 | File | `/index.php` | Medium
|
||||
30 | File | `/medicines/profile.php` | High
|
||||
31 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
32 | File | `/out.php` | Medium
|
||||
33 | File | `/php-scrm/login.php` | High
|
||||
34 | File | `/proxy` | Low
|
||||
35 | File | `/reservation/add_message.php` | High
|
||||
36 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
37 | File | `/spip.php` | Medium
|
||||
38 | File | `/tmp` | Low
|
||||
39 | File | `/uncpath/` | Medium
|
||||
40 | File | `/user/loader.php?api=1` | High
|
||||
41 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
42 | File | `/video-sharing-script/watch-video.php` | High
|
||||
43 | File | `/wp-admin/admin-ajax.php` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 355 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -53,7 +53,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -64,48 +64,46 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/api/admin/v2_products` | High
|
||||
5 | File | `/admin/api/theme-edit/` | High
|
||||
4 | File | `/admin/api/theme-edit/` | High
|
||||
5 | File | `/as/authorization.oauth2` | High
|
||||
6 | File | `/blogengine/api/posts` | High
|
||||
7 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
8 | File | `/cgi-bin/upload_vpntar` | High
|
||||
7 | File | `/cgi-bin/luci/api/auth` | High
|
||||
8 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
10 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
11 | File | `/event/admin/?page=user/list` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
14 | File | `/goform/SysToolChangePwd` | High
|
||||
15 | File | `/goform/WifiBasicSet` | High
|
||||
16 | File | `/index/user/user_edit.html` | High
|
||||
17 | File | `/login/index.php` | High
|
||||
18 | File | `/obs/book.php` | High
|
||||
19 | File | `/products/view_product.php` | High
|
||||
20 | File | `/proxy` | Low
|
||||
21 | File | `/public/login.htm` | High
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/shell` | Low
|
||||
24 | File | `/spip.php` | Medium
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/usr/bin/tddp` | High
|
||||
27 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
28 | File | `/wp-admin/admin-ajax.php` | High
|
||||
29 | File | `/wp-admin/options.php` | High
|
||||
30 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
31 | File | `/_vti_pvt/access.cnf` | High
|
||||
32 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
|
||||
33 | File | `actions/UploadAction.php` | High
|
||||
34 | File | `adclick.php` | Medium
|
||||
35 | File | `add_contestant.php` | High
|
||||
36 | File | `admin/import/class-import-settings.php` | High
|
||||
37 | File | `admin/manage_user.php` | High
|
||||
38 | File | `admin/page-login.php` | High
|
||||
39 | File | `admin/panels/uploader/admin.uploader.php` | High
|
||||
40 | File | `admin/practice_pdf.php` | High
|
||||
41 | File | `administrator/components/com_joomgallery/views/config/tmpl/default.php` | High
|
||||
42 | File | `announce.php` | Medium
|
||||
43 | ... | ... | ...
|
||||
10 | File | `/event/admin/?page=user/list` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
13 | File | `/goform/SysToolChangePwd` | High
|
||||
14 | File | `/goform/WifiBasicSet` | High
|
||||
15 | File | `/index/user/user_edit.html` | High
|
||||
16 | File | `/login/index.php` | High
|
||||
17 | File | `/obs/book.php` | High
|
||||
18 | File | `/products/view_product.php` | High
|
||||
19 | File | `/proxy` | Low
|
||||
20 | File | `/public/login.htm` | High
|
||||
21 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
22 | File | `/shell` | Low
|
||||
23 | File | `/spip.php` | Medium
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/usr/bin/tddp` | High
|
||||
26 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
27 | File | `/wp-admin/admin-ajax.php` | High
|
||||
28 | File | `/wp-admin/options.php` | High
|
||||
29 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
30 | File | `/_vti_pvt/access.cnf` | High
|
||||
31 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
|
||||
32 | File | `actions/UploadAction.php` | High
|
||||
33 | File | `adclick.php` | Medium
|
||||
34 | File | `add_contestant.php` | High
|
||||
35 | File | `admin/import/class-import-settings.php` | High
|
||||
36 | File | `admin/manage_user.php` | High
|
||||
37 | File | `admin/page-login.php` | High
|
||||
38 | File | `admin/panels/uploader/admin.uploader.php` | High
|
||||
39 | File | `admin/practice_pdf.php` | High
|
||||
40 | File | `admin/template/js/uploadify/uploadify.swf` | High
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 356 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,74 @@
|
|||
# Dalbit - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dalbit](https://vuldb.com/?actor.dalbit). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dalbit](https://vuldb.com/?actor.dalbit)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with Dalbit:
|
||||
|
||||
* South Korea
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dalbit:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dalbit.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.93.28.103](https://vuldb.com/?ip.45.93.28.103) | - | South Korea | High
|
||||
2 | [45.93.31.75](https://vuldb.com/?ip.45.93.31.75) | - | South Korea | High
|
||||
3 | [45.93.31.122](https://vuldb.com/?ip.45.93.31.122) | - | South Korea | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Dalbit_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Dalbit. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/baseOpLog.do` | High
|
||||
2 | File | `/debug/pprof` | Medium
|
||||
3 | File | `/uncpath/` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://asec.ahnlab.com/en/47455/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -56,27 +56,27 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/account/ResetPassword` | High
|
||||
3 | File | `/addnews.html` | High
|
||||
4 | File | `/cm/delete` | Medium
|
||||
5 | File | `/download` | Medium
|
||||
6 | File | `/forum/away.php` | High
|
||||
7 | File | `/GetSimpleCMS-3.3.15/admin/log.php` | High
|
||||
8 | File | `/lms/admin.php` | High
|
||||
9 | File | `/my_photo_gallery/image.php` | High
|
||||
10 | File | `/redpass.cgi` | Medium
|
||||
11 | File | `/reps/classes/Users.php?f=delete_agent` | High
|
||||
12 | File | `/rom-0` | Low
|
||||
13 | File | `/secure/admin/ImporterFinishedPage.jspa` | High
|
||||
14 | File | `/uncpath/` | Medium
|
||||
15 | File | `/usr/ucb/mail` | High
|
||||
16 | File | `adclick.php` | Medium
|
||||
17 | File | `add-category.php` | High
|
||||
18 | File | `add_comment.php` | High
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | File | `admin/admin.shtml` | High
|
||||
21 | File | `admin/content.php` | High
|
||||
4 | File | `/cgi-bin/go` | Medium
|
||||
5 | File | `/cm/delete` | Medium
|
||||
6 | File | `/download` | Medium
|
||||
7 | File | `/forum/away.php` | High
|
||||
8 | File | `/GetSimpleCMS-3.3.15/admin/log.php` | High
|
||||
9 | File | `/lms/admin.php` | High
|
||||
10 | File | `/my_photo_gallery/image.php` | High
|
||||
11 | File | `/redpass.cgi` | Medium
|
||||
12 | File | `/reps/classes/Users.php?f=delete_agent` | High
|
||||
13 | File | `/rom-0` | Low
|
||||
14 | File | `/secure/admin/ImporterFinishedPage.jspa` | High
|
||||
15 | File | `/uncpath/` | Medium
|
||||
16 | File | `/usr/ucb/mail` | High
|
||||
17 | File | `adclick.php` | Medium
|
||||
18 | File | `add-category.php` | High
|
||||
19 | File | `add_comment.php` | High
|
||||
20 | File | `admin.php` | Medium
|
||||
21 | File | `admin/admin.shtml` | High
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 181 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 186 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -42,14 +42,16 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
23 | [23.67.200.172](https://vuldb.com/?ip.23.67.200.172) | a23-67-200-172.deploy.static.akamaitechnologies.com | - | High
|
||||
24 | [23.78.173.83](https://vuldb.com/?ip.23.78.173.83) | a23-78-173-83.deploy.static.akamaitechnologies.com | - | High
|
||||
25 | [23.218.140.208](https://vuldb.com/?ip.23.218.140.208) | a23-218-140-208.deploy.static.akamaitechnologies.com | - | High
|
||||
26 | [25.109.69.178](https://vuldb.com/?ip.25.109.69.178) | - | - | High
|
||||
27 | [31.170.166.110](https://vuldb.com/?ip.31.170.166.110) | - | - | High
|
||||
28 | [31.193.90.60](https://vuldb.com/?ip.31.193.90.60) | - | - | High
|
||||
29 | [31.202.203.58](https://vuldb.com/?ip.31.202.203.58) | 31.202.203.58.format-tv.net | - | High
|
||||
30 | [34.107.221.82](https://vuldb.com/?ip.34.107.221.82) | 82.221.107.34.bc.googleusercontent.com | - | Medium
|
||||
31 | ... | ... | ... | ...
|
||||
26 | [24.122.252.19](https://vuldb.com/?ip.24.122.252.19) | 24-122-252-19.resi.cgocable.ca | - | High
|
||||
27 | [25.109.69.178](https://vuldb.com/?ip.25.109.69.178) | - | - | High
|
||||
28 | [31.170.166.110](https://vuldb.com/?ip.31.170.166.110) | - | - | High
|
||||
29 | [31.193.90.60](https://vuldb.com/?ip.31.193.90.60) | - | - | High
|
||||
30 | [31.202.203.58](https://vuldb.com/?ip.31.202.203.58) | 31.202.203.58.format-tv.net | - | High
|
||||
31 | [34.107.221.82](https://vuldb.com/?ip.34.107.221.82) | 82.221.107.34.bc.googleusercontent.com | - | Medium
|
||||
32 | [34.213.158.239](https://vuldb.com/?ip.34.213.158.239) | ec2-34-213-158-239.us-west-2.compute.amazonaws.com | - | Medium
|
||||
33 | ... | ... | ... | ...
|
||||
|
||||
There are 121 more IOC items available. Please use our online service to access the data.
|
||||
There are 127 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -105,6 +107,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2022/07/threat-roundup-0701-0708.html
|
||||
* https://blog.talosintelligence.com/2022/08/threat-roundup-0805-0812.html
|
||||
* https://blog.talosintelligence.com/2022/10/threat-roundup-1014-1021.html
|
||||
* https://blog.talosintelligence.com/threat-roundup-0127-0203/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -49,17 +49,17 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
3 | File | `/netflow/jspui/editProfile.jsp` | High
|
||||
4 | File | `/rapi/read_url` | High
|
||||
5 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
6 | File | `admin/google_search_console/class-gsc-table.php` | High
|
||||
7 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
8 | File | `cgi-bin/qcmap_web_cgi` | High
|
||||
9 | File | `class/debug/debug_show.php` | High
|
||||
10 | File | `coders/png.c` | Medium
|
||||
3 | File | `/apply.cgi` | Medium
|
||||
4 | File | `/netflow/jspui/editProfile.jsp` | High
|
||||
5 | File | `/rapi/read_url` | High
|
||||
6 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
7 | File | `admin/google_search_console/class-gsc-table.php` | High
|
||||
8 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
9 | File | `cgi-bin/qcmap_web_cgi` | High
|
||||
10 | File | `class/debug/debug_show.php` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 82 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 83 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,46 +48,54 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$GIT_DIR/objects` | High
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/index2.html` | High
|
||||
5 | File | `/admin/index3.php` | High
|
||||
6 | File | `/admin/main/mod-blog` | High
|
||||
7 | File | `/admin_area/login_transfer.php` | High
|
||||
8 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
11 | File | `/adms/classes/Users.php` | High
|
||||
12 | File | `/alphaware/summary.php` | High
|
||||
13 | File | `/api/public/register/family` | High
|
||||
14 | File | `/api/sys_msg/list/1/10` | High
|
||||
15 | File | `/APR/login.php` | High
|
||||
16 | File | `/APR/signup.php` | High
|
||||
17 | File | `/backup.pl` | Medium
|
||||
18 | File | `/bin/httpd` | Medium
|
||||
19 | File | `/boat/login.php` | High
|
||||
20 | File | `/cgi-bin/ExportLogs.sh` | High
|
||||
21 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
22 | File | `/cgi-bin/mft/wireless_mft` | High
|
||||
23 | File | `/check` | Low
|
||||
24 | File | `/data/config.ftp.php` | High
|
||||
25 | File | `/ecshop/admin/template.php` | High
|
||||
26 | File | `/editor/index.php` | High
|
||||
27 | File | `/formwork/panel/dashboard` | High
|
||||
28 | File | `/goform/formEasySetupWizard3` | High
|
||||
29 | File | `/goform/formLogin` | High
|
||||
30 | File | `/goform/formSchedule` | High
|
||||
31 | File | `/goform/formSetACLFilter` | High
|
||||
32 | File | `/goform/formSetEmail` | High
|
||||
33 | File | `/goform/formSetRoute` | High
|
||||
34 | File | `/goform/formSetWanDhcpplus` | High
|
||||
35 | File | `/goform/formSysCmd` | High
|
||||
36 | File | `/goform/formWlanGuestSetup` | High
|
||||
37 | File | `/goform/formWPS` | High
|
||||
38 | ... | ... | ...
|
||||
1 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
2 | File | `/admin.php/update/getFile.html` | High
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/content/index` | High
|
||||
6 | File | `/admin/convert/export_z3950_new.php` | High
|
||||
7 | File | `/admin/doctors.php` | High
|
||||
8 | File | `/admin/edit-doc.php` | High
|
||||
9 | File | `/admin/index3.php` | High
|
||||
10 | File | `/admin/login.php` | High
|
||||
11 | File | `/admin/main/mod-blog` | High
|
||||
12 | File | `/admin/manage_user.php` | High
|
||||
13 | File | `/admin/navbar.php` | High
|
||||
14 | File | `/admin/patient.php` | High
|
||||
15 | File | `/admin/view_order.php` | High
|
||||
16 | File | `/admin1/config/update` | High
|
||||
17 | File | `/admin1/file/download` | High
|
||||
18 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
19 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
20 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
21 | File | `/adms/classes/Users.php` | High
|
||||
22 | File | `/agc/vicidial.php` | High
|
||||
23 | File | `/ajax/update_certificate` | High
|
||||
24 | File | `/alphaware/summary.php` | High
|
||||
25 | File | `/api/admin/system/store/order/list` | High
|
||||
26 | File | `/api/admin/user/list` | High
|
||||
27 | File | `/api/jmeter/download/files` | High
|
||||
28 | File | `/APR/login.php` | High
|
||||
29 | File | `/APR/signup.php` | High
|
||||
30 | File | `/billing/home.php` | High
|
||||
31 | File | `/boat/login.php` | High
|
||||
32 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
33 | File | `/cgi-bin/mft/wireless_mft` | High
|
||||
34 | File | `/data/config.ftp.php` | High
|
||||
35 | File | `/databases/database/edit` | High
|
||||
36 | File | `/databases/database/list` | High
|
||||
37 | File | `/databases/table/columns` | High
|
||||
38 | File | `/databases/table/list` | High
|
||||
39 | File | `/dist/index.js` | High
|
||||
40 | File | `/editor/index.php` | High
|
||||
41 | File | `/edoc/doctor/patient.php` | High
|
||||
42 | File | `/eduauth/student/search.php` | High
|
||||
43 | File | `/etc/init.d/openfire` | High
|
||||
44 | File | `/files/import` | High
|
||||
45 | File | `/file_manager/login.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 328 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -26,7 +26,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1592 | CWE-200 | Configuration | High
|
||||
1 | T1204.001 | CWE-601 | Open Redirect | High
|
||||
2 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -65,9 +65,10 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `admin/import/class-import-settings.php` | High
|
||||
9 | File | `ajax/comments.php` | High
|
||||
10 | File | `architext.conf` | High
|
||||
11 | ... | ... | ...
|
||||
11 | File | `attachment_send.php` | High
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 87 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -122,7 +122,7 @@ ID | Type | Indicator | Confidence
|
|||
53 | File | `add_edit_cat.asp` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 473 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 472 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -96,14 +96,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-28 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -112,65 +112,59 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `/admin/api/admin/articles/` | High
|
||||
3 | File | `/admin/submit-articles` | High
|
||||
4 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
5 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
6 | File | `/apilog.php` | Medium
|
||||
7 | File | `/attachments` | Medium
|
||||
8 | File | `/bin/httpd` | Medium
|
||||
9 | File | `/bsms_ci/index.php/book` | High
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
13 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
14 | File | `/etc/hosts` | Medium
|
||||
15 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
18 | File | `/fos/admin/index.php?page=menu` | High
|
||||
19 | File | `/goform/wizard_end` | High
|
||||
20 | File | `/home/masterConsole` | High
|
||||
21 | File | `/home/sendBroadcast` | High
|
||||
22 | File | `/hrm/employeeadd.php` | High
|
||||
23 | File | `/hrm/employeeview.php` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/items/view_item.php` | High
|
||||
26 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
27 | File | `/lookin/info` | Medium
|
||||
28 | File | `/medical/inventories.php` | High
|
||||
29 | File | `/medicines/profile.php` | High
|
||||
30 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
31 | File | `/modules/profile/index.php` | High
|
||||
32 | File | `/modules/public/calendar.php` | High
|
||||
33 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
34 | File | `/newsDia.php` | Medium
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/php-opos/index.php` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
39 | File | `/reports/rwservlet` | High
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
42 | File | `/staff/bookdetails.php` | High
|
||||
43 | File | `/tmp` | Low
|
||||
44 | File | `/uncpath/` | Medium
|
||||
45 | File | `/user/update_booking.php` | High
|
||||
46 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
47 | File | `/video-sharing-script/watch-video.php` | High
|
||||
48 | File | `/wireless/security.asp` | High
|
||||
49 | File | `01article.php` | High
|
||||
50 | File | `AbstractScheduleJob.java` | High
|
||||
51 | File | `actionphp/download.File.php` | High
|
||||
52 | File | `ActivityRecord.java` | High
|
||||
53 | File | `adclick.php` | Medium
|
||||
54 | File | `admin.php` | Medium
|
||||
55 | File | `admin/abc.php` | High
|
||||
56 | File | `admin/add_payment.php` | High
|
||||
57 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
58 | ... | ... | ...
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
10 | File | `/alphaware/summary.php` | High
|
||||
11 | File | `/apply.cgi` | Medium
|
||||
12 | File | `/APR/login.php` | High
|
||||
13 | File | `/attachments` | Medium
|
||||
14 | File | `/bin/httpd` | Medium
|
||||
15 | File | `/boat/login.php` | High
|
||||
16 | File | `/bsms_ci/index.php/book` | High
|
||||
17 | File | `/cgi-bin/wapopen` | High
|
||||
18 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
21 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
22 | File | `/etc/hosts` | Medium
|
||||
23 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
26 | File | `/fos/admin/index.php?page=menu` | High
|
||||
27 | File | `/goform/wizard_end` | High
|
||||
28 | File | `/home/masterConsole` | High
|
||||
29 | File | `/home/sendBroadcast` | High
|
||||
30 | File | `/hrm/employeeadd.php` | High
|
||||
31 | File | `/hrm/employeeview.php` | High
|
||||
32 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
33 | File | `/lookin/info` | Medium
|
||||
34 | File | `/medicines/profile.php` | High
|
||||
35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
36 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/php-opos/index.php` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
41 | File | `/reports/rwservlet` | High
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/tmp` | Low
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
48 | File | `/video-sharing-script/watch-video.php` | High
|
||||
49 | File | `/wireless/security.asp` | High
|
||||
50 | File | `/xxl-job-admin/jobinfo` | High
|
||||
51 | File | `01article.php` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 507 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 452 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FritzFrog:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -331,14 +331,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -346,47 +345,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.dbus-keyrings` | High
|
||||
2 | File | `/admin.php?action=themeinstall` | High
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/upload/upload` | High
|
||||
5 | File | `/aya/module/admin/fst_down.inc.php` | High
|
||||
6 | File | `/bin/sh` | Low
|
||||
7 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
8 | File | `/blogengine/api/posts` | High
|
||||
9 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
10 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
13 | File | `/etc/sudoers` | Medium
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
16 | File | `/fos/admin/index.php?page=menu` | High
|
||||
17 | File | `/hrm/controller/employee.php` | High
|
||||
18 | File | `/ims/login.php` | High
|
||||
19 | File | `/login/index.php` | High
|
||||
20 | File | `/obs/book.php` | High
|
||||
21 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
||||
22 | File | `/opt/Citrix/ICAClient/util/ctxwebhelper` | High
|
||||
23 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
24 | File | `/out.php` | Medium
|
||||
25 | File | `/products/view_product.php` | High
|
||||
26 | File | `/psrs/admin/?page=inquiries/view_inquiry` | High
|
||||
27 | File | `/reports/rwservlet` | High
|
||||
28 | File | `/shell` | Low
|
||||
29 | File | `/spip.php` | Medium
|
||||
30 | File | `/storage/poc.svg` | High
|
||||
31 | File | `/subtitles.php` | High
|
||||
32 | File | `/upload` | Low
|
||||
33 | File | `/user/upload/upload` | High
|
||||
34 | File | `/usr/bin/tddp` | High
|
||||
35 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
36 | File | `/wp-admin/admin-ajax.php` | High
|
||||
37 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
38 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
39 | ... | ... | ...
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/index2.html` | High
|
||||
3 | File | `/admin/scripts/pi-hole/phpqueryads.php` | High
|
||||
4 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
5 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
6 | File | `/APR/signup.php` | High
|
||||
7 | File | `/as/authorization.oauth2` | High
|
||||
8 | File | `/bin/httpd` | Medium
|
||||
9 | File | `/bin/sh` | Low
|
||||
10 | File | `/boat/login.php` | High
|
||||
11 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
12 | File | `/cgi-bin/luci/api/auth` | High
|
||||
13 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/cimom` | Low
|
||||
16 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
17 | File | `/controller/OnlinePreviewController.java` | High
|
||||
18 | File | `/data/wps.setup.json` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/ecshop/admin/template.php` | High
|
||||
21 | File | `/etc/openstack-dashboard/local_settings` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/forum/PostPrivateMessage` | High
|
||||
24 | File | `/home/masterConsole` | High
|
||||
25 | File | `/home/sendBroadcast` | High
|
||||
26 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
27 | File | `/IISADMPWD` | Medium
|
||||
28 | File | `/Moosikay/order.php` | High
|
||||
29 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
30 | File | `/net-banking/customer_transactions.php` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/pet_shop/admin/orders/update_status.php` | High
|
||||
33 | File | `/php-opos/index.php` | High
|
||||
34 | File | `/public/login.htm` | High
|
||||
35 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
36 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 332 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -87,10 +87,10 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/service/upload` | High
|
||||
10 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
12 | File | `adclick.php` | Medium
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 98 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 104 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RO](https://vuldb.com/?country.ro)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -48,20 +48,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/admin/students/view_student.php` | High
|
||||
3 | File | `/CommunitySSORedirect.jsp` | High
|
||||
4 | File | `/loginLess/../../etc/passwd` | High
|
||||
5 | File | `/see_more_details.php` | High
|
||||
6 | File | `/system/proxy` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | File | `accountancy/customer/card.php` | High
|
||||
9 | File | `addentry.php` | Medium
|
||||
10 | File | `add_comment.php` | High
|
||||
11 | File | `admin.php` | Medium
|
||||
12 | File | `admin/create-package.php` | High
|
||||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/admin/students/view_student.php` | High
|
||||
4 | File | `/CommunitySSORedirect.jsp` | High
|
||||
5 | File | `/loginLess/../../etc/passwd` | High
|
||||
6 | File | `/see_more_details.php` | High
|
||||
7 | File | `/system/proxy` | High
|
||||
8 | File | `/uncpath/` | Medium
|
||||
9 | File | `accountancy/customer/card.php` | High
|
||||
10 | File | `addentry.php` | Medium
|
||||
11 | File | `add_comment.php` | High
|
||||
12 | File | `admin.php` | Medium
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 103 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 105 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -93,7 +93,7 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `application/home/controller/debug.php` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 288 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 290 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -45,44 +45,47 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
20 | [37.140.199.224](https://vuldb.com/?ip.37.140.199.224) | nedvizhimostdoma.ru | - | High
|
||||
21 | [45.32.149.8](https://vuldb.com/?ip.45.32.149.8) | 45.32.149.8.vultr.com | - | Medium
|
||||
22 | [45.63.42.255](https://vuldb.com/?ip.45.63.42.255) | 45.63.42.255.vultrusercontent.com | - | High
|
||||
23 | [45.77.237.252](https://vuldb.com/?ip.45.77.237.252) | 45.77.237.252.vultrusercontent.com | Ukraine Government | High
|
||||
24 | [45.134.255.131](https://vuldb.com/?ip.45.134.255.131) | - | - | High
|
||||
25 | [45.135.134.139](https://vuldb.com/?ip.45.135.134.139) | ckus.site | - | High
|
||||
26 | [68.183.3.178](https://vuldb.com/?ip.68.183.3.178) | - | - | High
|
||||
27 | [70.34.194.31](https://vuldb.com/?ip.70.34.194.31) | 70.34.194.31.vultr.com | - | Medium
|
||||
28 | [70.34.194.123](https://vuldb.com/?ip.70.34.194.123) | 70.34.194.123.vultr.com | - | Medium
|
||||
29 | [70.34.195.75](https://vuldb.com/?ip.70.34.195.75) | 70.34.195.75.vultr.com | - | Medium
|
||||
30 | [70.34.197.185](https://vuldb.com/?ip.70.34.197.185) | 70.34.197.185.vultr.com | - | Medium
|
||||
31 | [70.34.198.226](https://vuldb.com/?ip.70.34.198.226) | 70.34.198.226.vultr.com | - | Medium
|
||||
32 | [70.34.199.214](https://vuldb.com/?ip.70.34.199.214) | 70.34.199.214.vultr.com | - | Medium
|
||||
33 | [70.34.202.55](https://vuldb.com/?ip.70.34.202.55) | 70.34.202.55.vultr.com | - | Medium
|
||||
34 | [70.34.204.74](https://vuldb.com/?ip.70.34.204.74) | 70.34.204.74.vultr.com | - | Medium
|
||||
35 | [70.34.204.141](https://vuldb.com/?ip.70.34.204.141) | 70.34.204.141.vultr.com | - | Medium
|
||||
36 | [70.34.208.32](https://vuldb.com/?ip.70.34.208.32) | 70.34.208.32.vultr.com | - | Medium
|
||||
37 | [78.40.219.12](https://vuldb.com/?ip.78.40.219.12) | 628153-cn06191.tmweb.ru | Ukraine | High
|
||||
38 | [80.78.240.210](https://vuldb.com/?ip.80.78.240.210) | 80-78-240-210.cloudvps.regruhosting.ru | - | High
|
||||
39 | [80.78.241.88](https://vuldb.com/?ip.80.78.241.88) | 80-78-241-88.cloudvps.regruhosting.ru | - | High
|
||||
40 | [80.78.241.253](https://vuldb.com/?ip.80.78.241.253) | 80-78-241-253.cloudvps.regruhosting.ru | - | High
|
||||
41 | [80.78.244.124](https://vuldb.com/?ip.80.78.244.124) | 80-78-244-124.cloudvps.regruhosting.ru | - | High
|
||||
42 | [80.78.244.199](https://vuldb.com/?ip.80.78.244.199) | 80-78-244-199.cloudvps.regruhosting.ru | - | High
|
||||
43 | [80.78.245.89](https://vuldb.com/?ip.80.78.245.89) | mail-open-3.nascom.nasa.gov | - | High
|
||||
44 | [80.78.245.223](https://vuldb.com/?ip.80.78.245.223) | 80-78-245-223.cloudvps.regruhosting.ru | - | High
|
||||
45 | [80.78.245.254](https://vuldb.com/?ip.80.78.245.254) | scraper.betty.network | - | High
|
||||
46 | [80.78.248.22](https://vuldb.com/?ip.80.78.248.22) | - | - | High
|
||||
47 | [80.78.248.167](https://vuldb.com/?ip.80.78.248.167) | hadassah.moscow | - | High
|
||||
48 | [80.78.248.222](https://vuldb.com/?ip.80.78.248.222) | 80-78-248-222.cloudvps.regruhosting.ru | - | High
|
||||
49 | [80.78.251.4](https://vuldb.com/?ip.80.78.251.4) | 80-78-251-4.cloudvps.regruhosting.ru | - | High
|
||||
50 | [80.78.251.191](https://vuldb.com/?ip.80.78.251.191) | 80-78-251-191.cloudvps.regruhosting.ru | - | High
|
||||
51 | [80.78.251.231](https://vuldb.com/?ip.80.78.251.231) | 80-78-251-231.cloudvps.regruhosting.ru | - | High
|
||||
52 | [80.78.253.26](https://vuldb.com/?ip.80.78.253.26) | 80-78-253-26.cloudvps.regruhosting.ru | - | High
|
||||
53 | [80.78.253.86](https://vuldb.com/?ip.80.78.253.86) | 80-78-253-86.cloudvps.regruhosting.ru | - | High
|
||||
54 | [80.78.253.196](https://vuldb.com/?ip.80.78.253.196) | 80-78-253-196.cloudvps.regruhosting.ru | - | High
|
||||
55 | [80.78.254.238](https://vuldb.com/?ip.80.78.254.238) | 80-78-254-238.cloudvps.regruhosting.ru | - | High
|
||||
56 | [83.166.242.108](https://vuldb.com/?ip.83.166.242.108) | - | - | High
|
||||
57 | [83.166.247.110](https://vuldb.com/?ip.83.166.247.110) | - | - | High
|
||||
58 | ... | ... | ... | ...
|
||||
23 | [45.77.11.107](https://vuldb.com/?ip.45.77.11.107) | 45.77.11.107.vultrusercontent.com | - | High
|
||||
24 | [45.77.229.187](https://vuldb.com/?ip.45.77.229.187) | 45.77.229.187.vultrusercontent.com | - | High
|
||||
25 | [45.77.237.252](https://vuldb.com/?ip.45.77.237.252) | 45.77.237.252.vultrusercontent.com | Ukraine Government | High
|
||||
26 | [45.134.255.131](https://vuldb.com/?ip.45.134.255.131) | - | - | High
|
||||
27 | [45.135.134.139](https://vuldb.com/?ip.45.135.134.139) | ckus.site | - | High
|
||||
28 | [68.183.3.178](https://vuldb.com/?ip.68.183.3.178) | - | - | High
|
||||
29 | [70.34.194.31](https://vuldb.com/?ip.70.34.194.31) | 70.34.194.31.vultr.com | - | Medium
|
||||
30 | [70.34.194.123](https://vuldb.com/?ip.70.34.194.123) | 70.34.194.123.vultr.com | - | Medium
|
||||
31 | [70.34.195.75](https://vuldb.com/?ip.70.34.195.75) | 70.34.195.75.vultr.com | - | Medium
|
||||
32 | [70.34.197.185](https://vuldb.com/?ip.70.34.197.185) | 70.34.197.185.vultr.com | - | Medium
|
||||
33 | [70.34.198.226](https://vuldb.com/?ip.70.34.198.226) | 70.34.198.226.vultr.com | - | Medium
|
||||
34 | [70.34.199.214](https://vuldb.com/?ip.70.34.199.214) | 70.34.199.214.vultr.com | - | Medium
|
||||
35 | [70.34.202.55](https://vuldb.com/?ip.70.34.202.55) | 70.34.202.55.vultr.com | - | Medium
|
||||
36 | [70.34.204.74](https://vuldb.com/?ip.70.34.204.74) | 70.34.204.74.vultr.com | - | Medium
|
||||
37 | [70.34.204.141](https://vuldb.com/?ip.70.34.204.141) | 70.34.204.141.vultr.com | - | Medium
|
||||
38 | [70.34.208.32](https://vuldb.com/?ip.70.34.208.32) | 70.34.208.32.vultr.com | - | Medium
|
||||
39 | [78.40.219.12](https://vuldb.com/?ip.78.40.219.12) | 628153-cn06191.tmweb.ru | Ukraine | High
|
||||
40 | [80.78.240.210](https://vuldb.com/?ip.80.78.240.210) | 80-78-240-210.cloudvps.regruhosting.ru | - | High
|
||||
41 | [80.78.241.88](https://vuldb.com/?ip.80.78.241.88) | 80-78-241-88.cloudvps.regruhosting.ru | - | High
|
||||
42 | [80.78.241.253](https://vuldb.com/?ip.80.78.241.253) | 80-78-241-253.cloudvps.regruhosting.ru | - | High
|
||||
43 | [80.78.244.124](https://vuldb.com/?ip.80.78.244.124) | 80-78-244-124.cloudvps.regruhosting.ru | - | High
|
||||
44 | [80.78.244.199](https://vuldb.com/?ip.80.78.244.199) | 80-78-244-199.cloudvps.regruhosting.ru | - | High
|
||||
45 | [80.78.245.89](https://vuldb.com/?ip.80.78.245.89) | mail-open-3.nascom.nasa.gov | - | High
|
||||
46 | [80.78.245.223](https://vuldb.com/?ip.80.78.245.223) | 80-78-245-223.cloudvps.regruhosting.ru | - | High
|
||||
47 | [80.78.245.254](https://vuldb.com/?ip.80.78.245.254) | scraper.betty.network | - | High
|
||||
48 | [80.78.248.22](https://vuldb.com/?ip.80.78.248.22) | - | - | High
|
||||
49 | [80.78.248.167](https://vuldb.com/?ip.80.78.248.167) | hadassah.moscow | - | High
|
||||
50 | [80.78.248.222](https://vuldb.com/?ip.80.78.248.222) | 80-78-248-222.cloudvps.regruhosting.ru | - | High
|
||||
51 | [80.78.251.4](https://vuldb.com/?ip.80.78.251.4) | 80-78-251-4.cloudvps.regruhosting.ru | - | High
|
||||
52 | [80.78.251.191](https://vuldb.com/?ip.80.78.251.191) | 80-78-251-191.cloudvps.regruhosting.ru | - | High
|
||||
53 | [80.78.251.231](https://vuldb.com/?ip.80.78.251.231) | 80-78-251-231.cloudvps.regruhosting.ru | - | High
|
||||
54 | [80.78.253.26](https://vuldb.com/?ip.80.78.253.26) | 80-78-253-26.cloudvps.regruhosting.ru | - | High
|
||||
55 | [80.78.253.86](https://vuldb.com/?ip.80.78.253.86) | 80-78-253-86.cloudvps.regruhosting.ru | - | High
|
||||
56 | [80.78.253.196](https://vuldb.com/?ip.80.78.253.196) | 80-78-253-196.cloudvps.regruhosting.ru | - | High
|
||||
57 | [80.78.254.238](https://vuldb.com/?ip.80.78.254.238) | 80-78-254-238.cloudvps.regruhosting.ru | - | High
|
||||
58 | [82.146.39.104](https://vuldb.com/?ip.82.146.39.104) | web.eng | - | High
|
||||
59 | [83.166.242.108](https://vuldb.com/?ip.83.166.242.108) | - | - | High
|
||||
60 | [83.166.247.110](https://vuldb.com/?ip.83.166.247.110) | - | - | High
|
||||
61 | ... | ... | ... | ...
|
||||
|
||||
There are 230 more IOC items available. Please use our online service to access the data.
|
||||
There are 239 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -124,6 +127,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blogs.blackberry.com/en/2023/01/gamaredon-abuses-telegram-to-target-ukrainian-organizations
|
||||
* https://cert.gov.ua/article/10702
|
||||
* https://github.com/blackorbird/APT_REPORT/blob/master/Gamaredon/Gamaredon202102_ioc1000%2B.csv
|
||||
* https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_DEC2022.txt
|
||||
* https://github.com/pan-unit42/iocs/blob/master/Gamaredon/Gamaredon_IoCs_JAN2022.txt
|
||||
* https://github.com/SentineLabs/Gamaredon-APT/blob/master/2020-02-04-gamaredon-blog-iocs-vk.misp.csv
|
||||
* https://github.com/stamparm/maltrail/blob/2d0339af3523b230d8e9a08efd22af032ec7a18e/trails/static/malware/apt_gamaredon.txt
|
||||
|
|
|
@ -108,7 +108,7 @@ ID | Type | Indicator | Confidence
|
|||
26 | File | `admin/pageUploadCSV.php` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 230 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -123,46 +123,43 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/debug/pprof` | Medium
|
||||
9 | File | `/ebics-server/ebics.aspx` | High
|
||||
10 | File | `/ecshop/admin/template.php` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/forum/PostPrivateMessage` | High
|
||||
13 | File | `/menu.html` | Medium
|
||||
14 | File | `/modules/snf/index.php` | High
|
||||
15 | File | `/obs/book.php` | High
|
||||
16 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
17 | File | `/ossn/administrator/com_installer` | High
|
||||
18 | File | `/pms/update_user.php?user_id=1` | High
|
||||
19 | File | `/resources//../` | High
|
||||
20 | File | `/subtitles.php` | High
|
||||
21 | File | `/sys/dict/queryTableData` | High
|
||||
22 | File | `/user/upload/upload` | High
|
||||
23 | File | `/vendor` | Low
|
||||
24 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
25 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
26 | File | `adclick.php` | Medium
|
||||
27 | File | `add_contestant.php` | High
|
||||
28 | File | `add_postit.php` | High
|
||||
29 | File | `admin.php` | Medium
|
||||
30 | File | `admin/index.php` | High
|
||||
31 | File | `admin/make_payments.php` | High
|
||||
32 | File | `admin/shophelp.php` | High
|
||||
33 | File | `administration.jsp` | High
|
||||
34 | File | `adminquery.php` | High
|
||||
35 | File | `ansfaq.asp` | Medium
|
||||
36 | File | `APKINDEX.tar.gz` | High
|
||||
37 | File | `app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb` | High
|
||||
38 | File | `appconfig.ini` | High
|
||||
39 | File | `appGet.cgi` | Medium
|
||||
40 | File | `artreplydelete.asp` | High
|
||||
41 | File | `AtlTraceTool8.exe` | High
|
||||
42 | File | `attachment.cgi` | High
|
||||
43 | File | `autocms.php` | Medium
|
||||
44 | File | `avahi-core/socket.c` | High
|
||||
45 | File | `base_qry_main.php` | High
|
||||
46 | File | `bgp_packet.c` | Medium
|
||||
47 | File | `Binder.java` | Medium
|
||||
48 | ... | ... | ...
|
||||
11 | File | `/etc/openstack-dashboard/local_settings` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/forum/PostPrivateMessage` | High
|
||||
14 | File | `/HNAP1/SetClientInfo` | High
|
||||
15 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
16 | File | `/menu.html` | Medium
|
||||
17 | File | `/modules/snf/index.php` | High
|
||||
18 | File | `/net-banking/customer_transactions.php` | High
|
||||
19 | File | `/obs/book.php` | High
|
||||
20 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
21 | File | `/ossn/administrator/com_installer` | High
|
||||
22 | File | `/pms/update_user.php?user_id=1` | High
|
||||
23 | File | `/resources//../` | High
|
||||
24 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
25 | File | `/subtitles.php` | High
|
||||
26 | File | `/sys/dict/queryTableData` | High
|
||||
27 | File | `/user/upload/upload` | High
|
||||
28 | File | `/vendor` | Low
|
||||
29 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
30 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
31 | File | `adclick.php` | Medium
|
||||
32 | File | `add_contestant.php` | High
|
||||
33 | File | `add_postit.php` | High
|
||||
34 | File | `admin.php` | Medium
|
||||
35 | File | `admin/index.php` | High
|
||||
36 | File | `admin/make_payments.php` | High
|
||||
37 | File | `admin/shophelp.php` | High
|
||||
38 | File | `admin/TemplateController.java` | High
|
||||
39 | File | `administration.jsp` | High
|
||||
40 | File | `adminquery.php` | High
|
||||
41 | File | `ansfaq.asp` | Medium
|
||||
42 | File | `ApiController.class.php` | High
|
||||
43 | File | `APKINDEX.tar.gz` | High
|
||||
44 | File | `app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 412 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -4,17 +4,6 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gibraltar_unknown](https://vuldb.com/?actor.gibraltar_unknown)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gibraltar Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [RO](https://vuldb.com/?country.ro)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Gibraltar Unknown.
|
||||
|
@ -31,79 +20,28 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
8 | [45.12.70.84](https://vuldb.com/?ip.45.12.70.84) | feeble-log.yourbandinc.com | - | High
|
||||
9 | [45.12.71.84](https://vuldb.com/?ip.45.12.71.84) | - | - | High
|
||||
10 | [45.59.179.0](https://vuldb.com/?ip.45.59.179.0) | - | - | High
|
||||
11 | [45.157.136.0](https://vuldb.com/?ip.45.157.136.0) | - | - | High
|
||||
12 | [45.157.138.0](https://vuldb.com/?ip.45.157.138.0) | - | - | High
|
||||
13 | [85.115.128.0](https://vuldb.com/?ip.85.115.128.0) | - | - | High
|
||||
14 | [85.159.120.0](https://vuldb.com/?ip.85.159.120.0) | - | - | High
|
||||
15 | [85.208.60.0](https://vuldb.com/?ip.85.208.60.0) | - | - | High
|
||||
16 | [85.208.62.0](https://vuldb.com/?ip.85.208.62.0) | - | - | High
|
||||
17 | ... | ... | ... | ...
|
||||
11 | [45.130.164.0](https://vuldb.com/?ip.45.130.164.0) | - | - | High
|
||||
12 | [45.157.136.0](https://vuldb.com/?ip.45.157.136.0) | - | - | High
|
||||
13 | [45.157.138.0](https://vuldb.com/?ip.45.157.138.0) | - | - | High
|
||||
14 | [81.94.218.0](https://vuldb.com/?ip.81.94.218.0) | - | - | High
|
||||
15 | [85.115.128.0](https://vuldb.com/?ip.85.115.128.0) | - | - | High
|
||||
16 | [85.159.120.0](https://vuldb.com/?ip.85.159.120.0) | - | - | High
|
||||
17 | [85.208.60.0](https://vuldb.com/?ip.85.208.60.0) | - | - | High
|
||||
18 | [85.208.62.0](https://vuldb.com/?ip.85.208.62.0) | - | - | High
|
||||
19 | [91.109.248.0](https://vuldb.com/?ip.91.109.248.0) | - | - | High
|
||||
20 | [91.193.74.0](https://vuldb.com/?ip.91.193.74.0) | - | - | High
|
||||
21 | [91.198.133.0](https://vuldb.com/?ip.91.198.133.0) | - | - | High
|
||||
22 | [91.198.166.0](https://vuldb.com/?ip.91.198.166.0) | - | - | High
|
||||
23 | ... | ... | ... | ...
|
||||
|
||||
There are 63 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Gibraltar Unknown_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Gibraltar Unknown. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?Page=Node/OBJ=/System/DeviceFolder/DeviceFolder/DateTime/Action=Submit` | High
|
||||
2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
3 | File | `/admin/ajax/avatar.php` | High
|
||||
4 | File | `/admin/index.php` | High
|
||||
5 | File | `/admin/payment.php` | High
|
||||
6 | File | `/admin/show.php` | High
|
||||
7 | File | `/default.php?idx=17` | High
|
||||
8 | File | `/download` | Medium
|
||||
9 | File | `/etc/ajenti/config.yml` | High
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/index.php` | Medium
|
||||
12 | File | `/opt/bin/cli` | Medium
|
||||
13 | File | `/p` | Low
|
||||
14 | File | `/patient/doctors.php` | High
|
||||
15 | File | `/phpinventory/editcategory.php` | High
|
||||
16 | File | `/plugins/servlet/gadgets/makeRequest` | High
|
||||
17 | File | `/product-list.php` | High
|
||||
18 | File | `/public/plugins/` | High
|
||||
19 | File | `/spip.php` | Medium
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/updown/upload.cgi` | High
|
||||
22 | File | `/user/del.php` | High
|
||||
23 | File | `/_next` | Low
|
||||
24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
25 | File | `123flashchat.php` | High
|
||||
26 | File | `act.php` | Low
|
||||
27 | File | `admin/bad.php` | High
|
||||
28 | File | `admin/index.php` | High
|
||||
29 | File | `admin/index.php/user/del/1` | High
|
||||
30 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
31 | File | `administrator/index.php` | High
|
||||
32 | File | `ajax/render/widget_php` | High
|
||||
33 | File | `album_portal.php` | High
|
||||
34 | File | `api.php` | Low
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 89 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_gi.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_gi.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -50,8 +51,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
3 | T1600 | CWE-326 | J2EE Misconfiguration: Data Transmission Without Encryption | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IE](https://vuldb.com/?country.ie)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -44,7 +45,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `CartView.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 13 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -53,65 +53,66 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/conferences/list/` | High
|
||||
5 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
6 | File | `/admin/generalsettings.php` | High
|
||||
7 | File | `/Admin/login.php` | High
|
||||
8 | File | `/admin/payment.php` | High
|
||||
9 | File | `/admin/reports.php` | High
|
||||
10 | File | `/admin/showbad.php` | High
|
||||
11 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
12 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
13 | File | `/apilog.php` | Medium
|
||||
14 | File | `/bin/httpd` | Medium
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/connectors/index.php` | High
|
||||
17 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
19 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
22 | File | `/fos/admin/index.php?page=menu` | High
|
||||
23 | File | `/home/masterConsole` | High
|
||||
24 | File | `/home/sendBroadcast` | High
|
||||
25 | File | `/hrm/employeeadd.php` | High
|
||||
26 | File | `/hrm/employeeview.php` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/Items/*/RemoteImages/Download` | High
|
||||
29 | File | `/items/view_item.php` | High
|
||||
30 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
31 | File | `/lookin/info` | Medium
|
||||
32 | File | `/manager/index.php` | High
|
||||
33 | File | `/medical/inventories.php` | High
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
35 | File | `/modules/projects/vw_files.php` | High
|
||||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/newsDia.php` | Medium
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/php-opos/index.php` | High
|
||||
40 | File | `/proxy` | Low
|
||||
41 | File | `/public/launchNewWindow.jsp` | High
|
||||
42 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
43 | File | `/reports/rwservlet` | High
|
||||
44 | File | `/sacco_shield/manage_user.php` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
47 | File | `/staff/bookdetails.php` | High
|
||||
48 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
49 | File | `/uncpath/` | Medium
|
||||
50 | File | `/user/update_booking.php` | High
|
||||
51 | File | `/WEB-INF/web.xml` | High
|
||||
52 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
53 | File | `/wireless/security.asp` | High
|
||||
54 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
55 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
56 | File | `01article.php` | High
|
||||
57 | File | `AbstractScheduleJob.java` | High
|
||||
58 | File | `actionphp/download.File.php` | High
|
||||
59 | File | `AdClass.php` | Medium
|
||||
60 | File | `adclick.php` | Medium
|
||||
61 | ... | ... | ...
|
||||
5 | File | `/admin/generalsettings.php` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/reports.php` | High
|
||||
9 | File | `/admin/showbad.php` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
12 | File | `/apilog.php` | Medium
|
||||
13 | File | `/bin/httpd` | Medium
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
18 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/home/masterConsole` | High
|
||||
23 | File | `/home/sendBroadcast` | High
|
||||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/items/view_item.php` | High
|
||||
28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
29 | File | `/lookin/info` | Medium
|
||||
30 | File | `/manager/index.php` | High
|
||||
31 | File | `/medical/inventories.php` | High
|
||||
32 | File | `/modules/profile/index.php` | High
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/modules/public/calendar.php` | High
|
||||
35 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
36 | File | `/newsDia.php` | Medium
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/php-opos/index.php` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/public/launchNewWindow.jsp` | High
|
||||
41 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
42 | File | `/reports/rwservlet` | High
|
||||
43 | File | `/sacco_shield/manage_user.php` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
46 | File | `/staff/bookdetails.php` | High
|
||||
47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
48 | File | `/uncpath/` | Medium
|
||||
49 | File | `/user/update_booking.php` | High
|
||||
50 | File | `/WEB-INF/web.xml` | High
|
||||
51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
52 | File | `/wireless/security.asp` | High
|
||||
53 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
54 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
55 | File | `01article.php` | High
|
||||
56 | File | `AbstractScheduleJob.java` | High
|
||||
57 | File | `actionphp/download.File.php` | High
|
||||
58 | File | `AdClass.php` | Medium
|
||||
59 | File | `adclick.php` | Medium
|
||||
60 | File | `addtocart.asp` | High
|
||||
61 | File | `admin.php` | Medium
|
||||
62 | ... | ... | ...
|
||||
|
||||
There are 536 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 541 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -33,12 +33,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -46,12 +48,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
3 | File | `/auth/session` | High
|
||||
4 | ... | ... | ...
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
4 | File | `/auth/session` | High
|
||||
5 | File | `/backups/` | Medium
|
||||
6 | File | `/bcms/admin/?page=user/list` | High
|
||||
7 | File | `/bin/httpd` | Medium
|
||||
8 | File | `/cardo/api` | Medium
|
||||
9 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
10 | File | `/ecshop/admin/template.php` | High
|
||||
11 | File | `/forum/PostPrivateMessage` | High
|
||||
12 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
13 | File | `/fos/admin/index.php?page=menu` | High
|
||||
14 | File | `/home/cavesConsole` | High
|
||||
15 | File | `/home/kickPlayer` | High
|
||||
16 | File | `/home/masterConsole` | High
|
||||
17 | File | `/home/sendBroadcast` | High
|
||||
18 | File | `/oews/classes/Master.php?f=update_cart` | High
|
||||
19 | File | `/param.file.tgz` | High
|
||||
20 | File | `/picturesPreview` | High
|
||||
21 | File | `/royal_event/companyprofile.php` | High
|
||||
22 | File | `/royal_event/userregister.php` | High
|
||||
23 | File | `/user/s.php` | Medium
|
||||
24 | File | `/user/updatePwd` | High
|
||||
25 | File | `/wireless/basic.asp` | High
|
||||
26 | File | `/wireless/guestnetwork.asp` | High
|
||||
27 | File | `/wireless/security.asp` | High
|
||||
28 | File | `/zoo/admin/public_html/view_accounts?type=zookeeper` | High
|
||||
29 | File | `01article.php` | High
|
||||
30 | File | `action.php` | Medium
|
||||
31 | File | `adclick.php` | Medium
|
||||
32 | File | `add-locker-form.php` | High
|
||||
33 | File | `add.php` | Low
|
||||
34 | File | `add_contestant.php` | High
|
||||
35 | File | `admin.php/index/upload because app/common/service/UploadService.php` | High
|
||||
36 | File | `admin/?page=students` | High
|
||||
37 | File | `admin/abc.php` | High
|
||||
38 | File | `admin/add_payment.php` | High
|
||||
39 | File | `admin/approve_user.php` | High
|
||||
40 | File | `admin/booking_report.php` | High
|
||||
41 | File | `admin/disapprove_user.php` | High
|
||||
42 | File | `admin/expense_report.php` | High
|
||||
43 | File | `admin/forget_password.php` | High
|
||||
44 | File | `admin/login.php` | High
|
||||
45 | File | `admin/manage-ticket.php` | High
|
||||
46 | File | `admin/manage_user.php` | High
|
||||
47 | File | `admin/page-login.php` | High
|
||||
48 | File | `admin/panels/entry/admin.entry.list.php` | High
|
||||
49 | File | `admin/panels/uploader/admin.uploader.php` | High
|
||||
50 | File | `admin/practice_pdf.php` | High
|
||||
51 | File | `admin/_cmdstat.jsp` | High
|
||||
52 | File | `administrator/components/com_joomgallery/views/config/tmpl/default.php` | High
|
||||
53 | File | `admin_class.php` | High
|
||||
54 | File | `agent/listener/templates/tail.html` | High
|
||||
55 | File | `announce.php` | Medium
|
||||
56 | File | `APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java` | High
|
||||
57 | File | `api.php` | Low
|
||||
58 | File | `api/src/main/java/org/openmrs/module/appointmentscheduling/AppointmentRequest.java` | High
|
||||
59 | File | `api/src/main/java/org/openmrs/module/appointmentscheduling/validator/AppointmentTypeValidator.java` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 22 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 522 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
# Hydrochasma - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hydrochasma](https://vuldb.com/?actor.hydrochasma). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hydrochasma](https://vuldb.com/?actor.hydrochasma)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with Hydrochasma:
|
||||
|
||||
* Medical and Shipping
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Hydrochasma.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [39.101.194.61](https://vuldb.com/?ip.39.101.194.61) | - | Medical and Shipping | High
|
||||
2 | [47.92.138.241](https://vuldb.com/?ip.47.92.138.241) | - | Medical and Shipping | High
|
||||
3 | [106.14.184.148](https://vuldb.com/?ip.106.14.184.148) | - | Medical and Shipping | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,165 @@
|
|||
# Iceland Unknown - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Iceland Unknown](https://vuldb.com/?actor.iceland_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.iceland_unknown](https://vuldb.com/?actor.iceland_unknown)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Iceland Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Iceland Unknown.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.23.64.0](https://vuldb.com/?ip.5.23.64.0) | 5-23-64-0.du.xdsl.is | - | High
|
||||
2 | [8.39.213.0](https://vuldb.com/?ip.8.39.213.0) | - | - | High
|
||||
3 | [31.15.112.0](https://vuldb.com/?ip.31.15.112.0) | - | - | High
|
||||
4 | [31.43.172.0](https://vuldb.com/?ip.31.43.172.0) | - | - | High
|
||||
5 | [31.209.136.0](https://vuldb.com/?ip.31.209.136.0) | - | - | High
|
||||
6 | [31.209.144.0](https://vuldb.com/?ip.31.209.144.0) | 0-144-209-31.xdsl.hringdu.is | - | High
|
||||
7 | [31.209.192.0](https://vuldb.com/?ip.31.209.192.0) | - | - | High
|
||||
8 | [37.152.64.0](https://vuldb.com/?ip.37.152.64.0) | - | - | High
|
||||
9 | [37.205.32.0](https://vuldb.com/?ip.37.205.32.0) | - | - | High
|
||||
10 | [37.235.49.0](https://vuldb.com/?ip.37.235.49.0) | - | - | High
|
||||
11 | [45.89.244.0](https://vuldb.com/?ip.45.89.244.0) | - | - | High
|
||||
12 | [45.93.55.0](https://vuldb.com/?ip.45.93.55.0) | - | - | High
|
||||
13 | [45.130.121.0](https://vuldb.com/?ip.45.130.121.0) | - | - | High
|
||||
14 | [45.133.192.0](https://vuldb.com/?ip.45.133.192.0) | - | - | High
|
||||
15 | [45.140.96.0](https://vuldb.com/?ip.45.140.96.0) | - | - | High
|
||||
16 | [46.22.96.0](https://vuldb.com/?ip.46.22.96.0) | 0-96-22-46.internal.hringdu.is | - | High
|
||||
17 | [46.28.152.0](https://vuldb.com/?ip.46.28.152.0) | - | - | High
|
||||
18 | [46.182.184.0](https://vuldb.com/?ip.46.182.184.0) | nova-046-182-184-000.nat.novanet.is | - | High
|
||||
19 | [46.239.192.0](https://vuldb.com/?ip.46.239.192.0) | 46-239-192-0.du.xdsl.is | - | High
|
||||
20 | [57.86.80.0](https://vuldb.com/?ip.57.86.80.0) | - | - | High
|
||||
21 | [62.145.128.0](https://vuldb.com/?ip.62.145.128.0) | - | - | High
|
||||
22 | [77.73.33.0](https://vuldb.com/?ip.77.73.33.0) | - | - | High
|
||||
23 | [78.40.248.0](https://vuldb.com/?ip.78.40.248.0) | - | - | High
|
||||
24 | [79.134.224.0](https://vuldb.com/?ip.79.134.224.0) | null.fink-telecom.com | - | High
|
||||
25 | [79.134.227.0](https://vuldb.com/?ip.79.134.227.0) | - | - | High
|
||||
26 | [79.171.96.0](https://vuldb.com/?ip.79.171.96.0) | - | - | High
|
||||
27 | [80.248.16.0](https://vuldb.com/?ip.80.248.16.0) | - | - | High
|
||||
28 | [80.249.116.0](https://vuldb.com/?ip.80.249.116.0) | - | - | High
|
||||
29 | [81.15.0.0](https://vuldb.com/?ip.81.15.0.0) | - | - | High
|
||||
30 | [82.112.64.0](https://vuldb.com/?ip.82.112.64.0) | - | - | High
|
||||
31 | [82.148.64.0](https://vuldb.com/?ip.82.148.64.0) | - | - | High
|
||||
32 | [82.221.0.0](https://vuldb.com/?ip.82.221.0.0) | - | - | High
|
||||
33 | [82.221.128.0](https://vuldb.com/?ip.82.221.128.0) | - | - | High
|
||||
34 | [82.221.160.0](https://vuldb.com/?ip.82.221.160.0) | - | - | High
|
||||
35 | [82.221.167.0](https://vuldb.com/?ip.82.221.167.0) | - | - | High
|
||||
36 | [82.221.168.0](https://vuldb.com/?ip.82.221.168.0) | netst10pe01.hysing.is | - | High
|
||||
37 | ... | ... | ... | ...
|
||||
|
||||
There are 143 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Iceland Unknown_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Iceland Unknown. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/conferences/list/` | High
|
||||
5 | File | `/admin/generalsettings.php` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/reports.php` | High
|
||||
9 | File | `/admin/showbad.php` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
12 | File | `/apilog.php` | Medium
|
||||
13 | File | `/bin/httpd` | Medium
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
18 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/home/masterConsole` | High
|
||||
23 | File | `/home/sendBroadcast` | High
|
||||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/items/view_item.php` | High
|
||||
28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
29 | File | `/lookin/info` | Medium
|
||||
30 | File | `/manager/index.php` | High
|
||||
31 | File | `/medical/inventories.php` | High
|
||||
32 | File | `/modules/profile/index.php` | High
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/modules/public/calendar.php` | High
|
||||
35 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
36 | File | `/newsDia.php` | Medium
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/php-opos/index.php` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/public/launchNewWindow.jsp` | High
|
||||
41 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
42 | File | `/reports/rwservlet` | High
|
||||
43 | File | `/sacco_shield/manage_user.php` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
46 | File | `/staff/bookdetails.php` | High
|
||||
47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
48 | File | `/uncpath/` | Medium
|
||||
49 | File | `/user/update_booking.php` | High
|
||||
50 | File | `/WEB-INF/web.xml` | High
|
||||
51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
52 | File | `/wireless/security.asp` | High
|
||||
53 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
54 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
55 | File | `01article.php` | High
|
||||
56 | File | `AbstractScheduleJob.java` | High
|
||||
57 | File | `actionphp/download.File.php` | High
|
||||
58 | File | `AdClass.php` | Medium
|
||||
59 | File | `adclick.php` | Medium
|
||||
60 | File | `addtocart.asp` | High
|
||||
61 | File | `admin.php` | Medium
|
||||
62 | ... | ... | ...
|
||||
|
||||
There are 539 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_is.netset
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Indexsinas:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [NZ](https://vuldb.com/?country.nz)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [HK](https://vuldb.com/?country.hk)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
@ -287,14 +287,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -302,51 +301,34 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin/conferences/list/` | High
|
||||
3 | File | `/admin/upload/upload` | High
|
||||
4 | File | `/assets` | Low
|
||||
5 | File | `/blogengine/api/posts` | High
|
||||
6 | File | `/bsms_ci/index.php` | High
|
||||
7 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
8 | File | `/cgi-bin/api-get_line_status` | High
|
||||
9 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
10 | File | `/cgi-bin/upload_vpntar` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
13 | File | `/export` | Low
|
||||
14 | File | `/filemanager/upload.php` | High
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/h/calendar` | Medium
|
||||
17 | File | `/horde/util/go.php` | High
|
||||
18 | File | `/hrm/controller/employee.php` | High
|
||||
19 | File | `/hrm/employeeadd.php` | High
|
||||
20 | File | `/hrm/employeeview.php` | High
|
||||
21 | File | `/hss/admin/?page=products/manage_product` | High
|
||||
22 | File | `/ims/login.php` | High
|
||||
23 | File | `/login/index.php` | High
|
||||
24 | File | `/mhds/clinic/view_details.php` | High
|
||||
25 | File | `/modules/profile/index.php` | High
|
||||
26 | File | `/oauth/logout?redirect=url` | High
|
||||
27 | File | `/obs/book.php` | High
|
||||
28 | File | `/ossn/administrator/com_installer` | High
|
||||
29 | File | `/pms/update_user.php?user_id=1` | High
|
||||
30 | File | `/see_more_details.php` | High
|
||||
31 | File | `/services/view_service.php` | High
|
||||
32 | File | `/spip.php` | Medium
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/user/upload/upload` | High
|
||||
35 | File | `/Users` | Low
|
||||
36 | File | `/vendor` | Low
|
||||
37 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
38 | File | `/view-property.php` | High
|
||||
39 | File | `/wp-admin/admin-ajax.php` | High
|
||||
40 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
41 | File | `adclick.php` | Medium
|
||||
42 | File | `add_contestant.php` | High
|
||||
43 | ... | ... | ...
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `//` | Low
|
||||
3 | File | `/api/admin/system/store/order/list` | High
|
||||
4 | File | `/api/blade-log/api/list` | High
|
||||
5 | File | `/api/jmeter/download/files` | High
|
||||
6 | File | `/api/v2/cli/commands` | High
|
||||
7 | File | `/APR/login.php` | High
|
||||
8 | File | `/as/authorization.oauth2` | High
|
||||
9 | File | `/bsms_ci/index.php` | High
|
||||
10 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
11 | File | `/cgi-bin/luci/api/auth` | High
|
||||
12 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/DXR.axd` | Medium
|
||||
15 | File | `/ecshop/admin/template.php` | High
|
||||
16 | File | `/filemanager/php/connector.php` | High
|
||||
17 | File | `/files/import` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/forum/PostPrivateMessage` | High
|
||||
20 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
21 | File | `/hrm/employeeview.php` | High
|
||||
22 | File | `/Moosikay/order.php` | High
|
||||
23 | File | `/net-banking/customer_transactions.php` | High
|
||||
24 | File | `/net-banking/send_funds.php` | High
|
||||
25 | File | `/out.php` | Medium
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 216 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
文件差异内容过多而无法显示
加载差异
|
@ -0,0 +1,91 @@
|
|||
# Jordan Unknown - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Jordan Unknown](https://vuldb.com/?actor.jordan_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.jordan_unknown](https://vuldb.com/?actor.jordan_unknown)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Jordan Unknown:
|
||||
|
||||
* [JO](https://vuldb.com/?country.jo)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Jordan Unknown.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.17.24.0](https://vuldb.com/?ip.2.17.24.0) | a2-17-24-0.deploy.static.akamaitechnologies.com | - | High
|
||||
2 | [5.45.128.0](https://vuldb.com/?ip.5.45.128.0) | - | - | High
|
||||
3 | [5.198.240.0](https://vuldb.com/?ip.5.198.240.0) | - | - | High
|
||||
4 | [5.199.184.0](https://vuldb.com/?ip.5.199.184.0) | - | - | High
|
||||
5 | [34.99.162.0](https://vuldb.com/?ip.34.99.162.0) | 0.162.99.34.bc.googleusercontent.com | - | Medium
|
||||
6 | [34.99.234.0](https://vuldb.com/?ip.34.99.234.0) | 0.234.99.34.bc.googleusercontent.com | - | Medium
|
||||
7 | [34.103.178.0](https://vuldb.com/?ip.34.103.178.0) | 0.178.103.34.bc.googleusercontent.com | - | Medium
|
||||
8 | [34.103.234.0](https://vuldb.com/?ip.34.103.234.0) | 0.234.103.34.bc.googleusercontent.com | - | Medium
|
||||
9 | [34.124.73.0](https://vuldb.com/?ip.34.124.73.0) | 0.73.124.34.bc.googleusercontent.com | - | Medium
|
||||
10 | [37.17.192.0](https://vuldb.com/?ip.37.17.192.0) | - | - | High
|
||||
11 | [37.44.32.0](https://vuldb.com/?ip.37.44.32.0) | - | - | High
|
||||
12 | [37.75.144.0](https://vuldb.com/?ip.37.75.144.0) | - | - | High
|
||||
13 | [37.75.146.0](https://vuldb.com/?ip.37.75.146.0) | - | - | High
|
||||
14 | [37.75.148.0](https://vuldb.com/?ip.37.75.148.0) | - | - | High
|
||||
15 | [37.123.64.0](https://vuldb.com/?ip.37.123.64.0) | - | - | High
|
||||
16 | [37.152.0.0](https://vuldb.com/?ip.37.152.0.0) | - | - | High
|
||||
17 | [37.202.64.0](https://vuldb.com/?ip.37.202.64.0) | - | - | High
|
||||
18 | [37.220.112.0](https://vuldb.com/?ip.37.220.112.0) | - | - | High
|
||||
19 | [37.252.222.0](https://vuldb.com/?ip.37.252.222.0) | - | - | High
|
||||
20 | [45.67.60.0](https://vuldb.com/?ip.45.67.60.0) | - | - | High
|
||||
21 | [45.142.197.0](https://vuldb.com/?ip.45.142.197.0) | - | - | High
|
||||
22 | [45.142.198.0](https://vuldb.com/?ip.45.142.198.0) | - | - | High
|
||||
23 | [46.23.112.0](https://vuldb.com/?ip.46.23.112.0) | - | - | High
|
||||
24 | [46.32.96.0](https://vuldb.com/?ip.46.32.96.0) | - | - | High
|
||||
25 | [46.185.128.0](https://vuldb.com/?ip.46.185.128.0) | - | - | High
|
||||
26 | [46.248.192.0](https://vuldb.com/?ip.46.248.192.0) | - | - | High
|
||||
27 | [57.83.24.0](https://vuldb.com/?ip.57.83.24.0) | - | - | High
|
||||
28 | [57.88.128.0](https://vuldb.com/?ip.57.88.128.0) | - | - | High
|
||||
29 | [57.188.4.0](https://vuldb.com/?ip.57.188.4.0) | - | - | High
|
||||
30 | [62.72.160.0](https://vuldb.com/?ip.62.72.160.0) | - | - | High
|
||||
31 | [77.245.0.0](https://vuldb.com/?ip.77.245.0.0) | - | - | High
|
||||
32 | [79.134.128.0](https://vuldb.com/?ip.79.134.128.0) | - | - | High
|
||||
33 | [79.173.192.0](https://vuldb.com/?ip.79.173.192.0) | 79.173.x.0.go.com.jo | - | High
|
||||
34 | [80.10.8.0](https://vuldb.com/?ip.80.10.8.0) | - | - | High
|
||||
35 | ... | ... | ... | ...
|
||||
|
||||
There are 134 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Jordan Unknown_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Jordan Unknown. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | Argument | `filter_order_Dir/cat/filter_letter` | High
|
||||
2 | Argument | `quesList` | Medium
|
||||
3 | Network Port | `tcp/3389 (rdp)` | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_jo.netset
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Jupyter:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 31 more country items available. Please use our online service to access the data.
|
||||
There are 32 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -36,14 +36,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80, CWE-87 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -73,38 +73,41 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/api/user/upsert/<uuid>` | High
|
||||
21 | File | `/api2/html/` | Medium
|
||||
22 | File | `/apiadmin/notice/add` | High
|
||||
23 | File | `/bin/boa` | Medium
|
||||
24 | File | `/cgi-bin/wapopen` | High
|
||||
25 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
26 | File | `/cgi-mod/lookup.cgi` | High
|
||||
27 | File | `/cloud_config/router_post/register` | High
|
||||
28 | File | `/dashboard/updatelogo.php` | High
|
||||
29 | File | `/designer/add/layout` | High
|
||||
30 | File | `/etc/ldap.conf` | High
|
||||
31 | File | `/etc/shadow` | Medium
|
||||
32 | File | `/filemanager/upload/drop` | High
|
||||
33 | File | `/forum/away.php` | High
|
||||
34 | File | `/h/calendar` | Medium
|
||||
35 | File | `/h/compose` | Medium
|
||||
36 | File | `/h/search?action=voicemail&action=listen` | High
|
||||
37 | File | `/iissamples` | Medium
|
||||
38 | File | `/include/chart_generator.php` | High
|
||||
39 | File | `/index.php` | Medium
|
||||
40 | File | `/librarian/bookdetails.php` | High
|
||||
41 | File | `/loginVaLidation.php` | High
|
||||
42 | File | `/manage-apartment.php` | High
|
||||
43 | File | `/manager/index.php` | High
|
||||
44 | File | `/mgmt/tm/util/bash` | High
|
||||
45 | File | `/mkshop/Men/profile.php` | High
|
||||
46 | File | `/Noxen-master/users.php` | High
|
||||
47 | File | `/opac/Actions.php?a=login` | High
|
||||
48 | File | `/owa/auth/logon.aspx` | High
|
||||
49 | File | `/p1/p2/:name` | Medium
|
||||
50 | File | `/pages/animals.php` | High
|
||||
51 | File | `/pages/processlogin.php` | High
|
||||
52 | ... | ... | ...
|
||||
23 | File | `/appliance/users?action=edit` | High
|
||||
24 | File | `/backup.pl` | Medium
|
||||
25 | File | `/cgi-bin/wapopen` | High
|
||||
26 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
27 | File | `/cgi-mod/lookup.cgi` | High
|
||||
28 | File | `/cloud_config/router_post/register` | High
|
||||
29 | File | `/dashboard/updatelogo.php` | High
|
||||
30 | File | `/designer/add/layout` | High
|
||||
31 | File | `/etc/ldap.conf` | High
|
||||
32 | File | `/etc/shadow` | Medium
|
||||
33 | File | `/ext/phar/phar_object.c` | High
|
||||
34 | File | `/filemanager/upload/drop` | High
|
||||
35 | File | `/forum/away.php` | High
|
||||
36 | File | `/forum/PostPrivateMessage` | High
|
||||
37 | File | `/h/calendar` | Medium
|
||||
38 | File | `/h/compose` | Medium
|
||||
39 | File | `/h/search?action=voicemail&action=listen` | High
|
||||
40 | File | `/home/cavesConsole` | High
|
||||
41 | File | `/include/chart_generator.php` | High
|
||||
42 | File | `/index.php` | Medium
|
||||
43 | File | `/librarian/bookdetails.php` | High
|
||||
44 | File | `/login/index.php` | High
|
||||
45 | File | `/loginVaLidation.php` | High
|
||||
46 | File | `/manage-apartment.php` | High
|
||||
47 | File | `/manager/index.php` | High
|
||||
48 | File | `/mgmt/tm/util/bash` | High
|
||||
49 | File | `/mkshop/Men/profile.php` | High
|
||||
50 | File | `/Noxen-master/users.php` | High
|
||||
51 | File | `/opac/Actions.php?a=login` | High
|
||||
52 | File | `/owa/auth/logon.aspx` | High
|
||||
53 | File | `/p1/p2/:name` | Medium
|
||||
54 | File | `/pages/animals.php` | High
|
||||
55 | ... | ... | ...
|
||||
|
||||
There are 454 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 479 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `Config/SaveUploadedHotspotLogoFile` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 81 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -62,32 +62,32 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/?/admin/snippet/add` | High
|
||||
3 | File | `/assets/something/services/AppModule.class` | High
|
||||
4 | File | `/bin/false` | Medium
|
||||
5 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
6 | File | `/cgi-bin/webproc` | High
|
||||
7 | File | `/editsettings` | High
|
||||
8 | File | `/expert_wizard.php` | High
|
||||
9 | File | `/forum/away.php` | High
|
||||
10 | File | `/images/browserslide.jpg` | High
|
||||
11 | File | `/includes/lib/get.php` | High
|
||||
12 | File | `/login` | Low
|
||||
13 | File | `/main?cmd=invalid_browser` | High
|
||||
14 | File | `/manager?action=getlogcat` | High
|
||||
15 | File | `/mc` | Low
|
||||
16 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
17 | File | `/public/plugins/` | High
|
||||
18 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
|
||||
19 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
20 | File | `/scas/admin/` | Medium
|
||||
21 | File | `/static/ueditor/php/controller.php` | High
|
||||
22 | File | `/tlogin.cgi` | Medium
|
||||
23 | File | `/tmp/scfgdndf` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/upload` | Low
|
||||
3 | File | `/api/upload` | Medium
|
||||
4 | File | `/assets/something/services/AppModule.class` | High
|
||||
5 | File | `/bin/false` | Medium
|
||||
6 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
7 | File | `/cgi-bin/webproc` | High
|
||||
8 | File | `/editsettings` | High
|
||||
9 | File | `/expert_wizard.php` | High
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/images/browserslide.jpg` | High
|
||||
12 | File | `/includes/lib/get.php` | High
|
||||
13 | File | `/login` | Low
|
||||
14 | File | `/main?cmd=invalid_browser` | High
|
||||
15 | File | `/manager?action=getlogcat` | High
|
||||
16 | File | `/mc` | Low
|
||||
17 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
18 | File | `/public/plugins/` | High
|
||||
19 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
|
||||
20 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
21 | File | `/scas/admin/` | Medium
|
||||
22 | File | `/static/ueditor/php/controller.php` | High
|
||||
23 | File | `/tlogin.cgi` | Medium
|
||||
24 | File | `/tmp/scfgdndf` | High
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 221 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
3 | [45.12.70.119](https://vuldb.com/?ip.45.12.70.119) | band-hump.yourbandinc.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -109,6 +109,7 @@ There are 461 more IOA items available (file, library, argument, input value, pa
|
|||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_ki.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_ki.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -24,48 +24,58 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [5.1.40.0](https://vuldb.com/?ip.5.1.40.0) | - | - | High
|
||||
2 | [5.62.60.200](https://vuldb.com/?ip.5.62.60.200) | r-200-60-62-5.consumer-pool.prcdn.net | - | High
|
||||
3 | [5.62.62.192](https://vuldb.com/?ip.5.62.62.192) | r-192-62-62-5.consumer-pool.prcdn.net | - | High
|
||||
4 | [5.175.184.128](https://vuldb.com/?ip.5.175.184.128) | - | - | High
|
||||
5 | [5.182.132.0](https://vuldb.com/?ip.5.182.132.0) | - | - | High
|
||||
6 | [31.203.0.0](https://vuldb.com/?ip.31.203.0.0) | - | - | High
|
||||
7 | [31.214.0.0](https://vuldb.com/?ip.31.214.0.0) | - | - | High
|
||||
8 | [31.217.224.0](https://vuldb.com/?ip.31.217.224.0) | - | - | High
|
||||
9 | [34.99.164.0](https://vuldb.com/?ip.34.99.164.0) | 0.164.99.34.bc.googleusercontent.com | - | Medium
|
||||
10 | [34.99.236.0](https://vuldb.com/?ip.34.99.236.0) | 0.236.99.34.bc.googleusercontent.com | - | Medium
|
||||
11 | [34.103.180.0](https://vuldb.com/?ip.34.103.180.0) | 0.180.103.34.bc.googleusercontent.com | - | Medium
|
||||
12 | [37.34.128.0](https://vuldb.com/?ip.37.34.128.0) | - | - | High
|
||||
13 | [37.36.0.0](https://vuldb.com/?ip.37.36.0.0) | - | - | High
|
||||
14 | [37.231.0.0](https://vuldb.com/?ip.37.231.0.0) | - | - | High
|
||||
15 | [45.12.70.124](https://vuldb.com/?ip.45.12.70.124) | emulation-new.yourbandinc.com | - | High
|
||||
16 | [45.12.71.124](https://vuldb.com/?ip.45.12.71.124) | - | - | High
|
||||
17 | [45.15.228.0](https://vuldb.com/?ip.45.15.228.0) | - | - | High
|
||||
18 | [45.66.0.0](https://vuldb.com/?ip.45.66.0.0) | - | - | High
|
||||
19 | [45.130.36.0](https://vuldb.com/?ip.45.130.36.0) | - | - | High
|
||||
20 | [45.158.96.0](https://vuldb.com/?ip.45.158.96.0) | - | - | High
|
||||
21 | [45.158.212.0](https://vuldb.com/?ip.45.158.212.0) | - | - | High
|
||||
22 | [46.186.128.0](https://vuldb.com/?ip.46.186.128.0) | - | - | High
|
||||
23 | [62.150.0.0](https://vuldb.com/?ip.62.150.0.0) | - | - | High
|
||||
24 | [62.215.0.0](https://vuldb.com/?ip.62.215.0.0) | - | - | High
|
||||
25 | [65.170.52.108](https://vuldb.com/?ip.65.170.52.108) | - | - | High
|
||||
26 | [69.61.23.136](https://vuldb.com/?ip.69.61.23.136) | - | - | High
|
||||
27 | [78.89.0.0](https://vuldb.com/?ip.78.89.0.0) | - | - | High
|
||||
28 | [78.154.192.0](https://vuldb.com/?ip.78.154.192.0) | - | - | High
|
||||
29 | [78.159.160.0](https://vuldb.com/?ip.78.159.160.0) | - | - | High
|
||||
30 | [80.76.166.128](https://vuldb.com/?ip.80.76.166.128) | - | - | High
|
||||
31 | [80.184.0.0](https://vuldb.com/?ip.80.184.0.0) | - | - | High
|
||||
32 | [82.116.137.160](https://vuldb.com/?ip.82.116.137.160) | - | - | High
|
||||
33 | [82.116.137.192](https://vuldb.com/?ip.82.116.137.192) | - | - | High
|
||||
34 | [82.116.138.0](https://vuldb.com/?ip.82.116.138.0) | - | - | High
|
||||
35 | [82.116.138.32](https://vuldb.com/?ip.82.116.138.32) | out.samegas.com | - | High
|
||||
36 | [82.116.138.64](https://vuldb.com/?ip.82.116.138.64) | - | - | High
|
||||
37 | [82.116.138.128](https://vuldb.com/?ip.82.116.138.128) | - | - | High
|
||||
38 | [82.116.139.0](https://vuldb.com/?ip.82.116.139.0) | - | - | High
|
||||
39 | [82.116.139.128](https://vuldb.com/?ip.82.116.139.128) | - | - | High
|
||||
40 | [82.116.140.0](https://vuldb.com/?ip.82.116.140.0) | - | - | High
|
||||
41 | [82.116.149.0](https://vuldb.com/?ip.82.116.149.0) | - | - | High
|
||||
42 | [82.116.150.0](https://vuldb.com/?ip.82.116.150.0) | - | - | High
|
||||
43 | ... | ... | ... | ...
|
||||
4 | [5.104.66.0](https://vuldb.com/?ip.5.104.66.0) | lo0.core1.xij.edgecastcdn.net | - | High
|
||||
5 | [5.175.184.128](https://vuldb.com/?ip.5.175.184.128) | - | - | High
|
||||
6 | [5.182.132.0](https://vuldb.com/?ip.5.182.132.0) | - | - | High
|
||||
7 | [23.56.240.0](https://vuldb.com/?ip.23.56.240.0) | a23-56-240-0.deploy.static.akamaitechnologies.com | - | High
|
||||
8 | [31.203.0.0](https://vuldb.com/?ip.31.203.0.0) | - | - | High
|
||||
9 | [31.214.0.0](https://vuldb.com/?ip.31.214.0.0) | - | - | High
|
||||
10 | [31.217.224.0](https://vuldb.com/?ip.31.217.224.0) | - | - | High
|
||||
11 | [34.99.164.0](https://vuldb.com/?ip.34.99.164.0) | 0.164.99.34.bc.googleusercontent.com | - | Medium
|
||||
12 | [34.99.236.0](https://vuldb.com/?ip.34.99.236.0) | 0.236.99.34.bc.googleusercontent.com | - | Medium
|
||||
13 | [34.103.180.0](https://vuldb.com/?ip.34.103.180.0) | 0.180.103.34.bc.googleusercontent.com | - | Medium
|
||||
14 | [34.103.235.0](https://vuldb.com/?ip.34.103.235.0) | 0.235.103.34.bc.googleusercontent.com | - | Medium
|
||||
15 | [34.124.74.0](https://vuldb.com/?ip.34.124.74.0) | 0.74.124.34.bc.googleusercontent.com | - | Medium
|
||||
16 | [37.34.128.0](https://vuldb.com/?ip.37.34.128.0) | - | - | High
|
||||
17 | [37.36.0.0](https://vuldb.com/?ip.37.36.0.0) | - | - | High
|
||||
18 | [37.231.0.0](https://vuldb.com/?ip.37.231.0.0) | - | - | High
|
||||
19 | [45.12.70.124](https://vuldb.com/?ip.45.12.70.124) | emulation-new.yourbandinc.com | - | High
|
||||
20 | [45.12.71.124](https://vuldb.com/?ip.45.12.71.124) | - | - | High
|
||||
21 | [45.15.228.0](https://vuldb.com/?ip.45.15.228.0) | - | - | High
|
||||
22 | [45.66.0.0](https://vuldb.com/?ip.45.66.0.0) | - | - | High
|
||||
23 | [45.130.36.0](https://vuldb.com/?ip.45.130.36.0) | - | - | High
|
||||
24 | [45.158.96.0](https://vuldb.com/?ip.45.158.96.0) | - | - | High
|
||||
25 | [45.158.212.0](https://vuldb.com/?ip.45.158.212.0) | - | - | High
|
||||
26 | [46.186.128.0](https://vuldb.com/?ip.46.186.128.0) | - | - | High
|
||||
27 | [47.246.30.0](https://vuldb.com/?ip.47.246.30.0) | - | - | High
|
||||
28 | [57.83.96.0](https://vuldb.com/?ip.57.83.96.0) | - | - | High
|
||||
29 | [57.88.144.0](https://vuldb.com/?ip.57.88.144.0) | - | - | High
|
||||
30 | [62.150.0.0](https://vuldb.com/?ip.62.150.0.0) | - | - | High
|
||||
31 | [62.209.31.0](https://vuldb.com/?ip.62.209.31.0) | 62-209-31-0.rev.bb.zain.com | - | High
|
||||
32 | [62.215.0.0](https://vuldb.com/?ip.62.215.0.0) | - | - | High
|
||||
33 | [65.170.52.108](https://vuldb.com/?ip.65.170.52.108) | - | - | High
|
||||
34 | [69.61.23.136](https://vuldb.com/?ip.69.61.23.136) | - | - | High
|
||||
35 | [77.73.198.0](https://vuldb.com/?ip.77.73.198.0) | - | - | High
|
||||
36 | [78.24.76.0](https://vuldb.com/?ip.78.24.76.0) | - | - | High
|
||||
37 | [78.89.0.0](https://vuldb.com/?ip.78.89.0.0) | - | - | High
|
||||
38 | [78.154.192.0](https://vuldb.com/?ip.78.154.192.0) | - | - | High
|
||||
39 | [78.159.160.0](https://vuldb.com/?ip.78.159.160.0) | - | - | High
|
||||
40 | [80.76.166.128](https://vuldb.com/?ip.80.76.166.128) | - | - | High
|
||||
41 | [80.184.0.0](https://vuldb.com/?ip.80.184.0.0) | - | - | High
|
||||
42 | [82.116.137.160](https://vuldb.com/?ip.82.116.137.160) | - | - | High
|
||||
43 | [82.116.137.192](https://vuldb.com/?ip.82.116.137.192) | - | - | High
|
||||
44 | [82.116.138.0](https://vuldb.com/?ip.82.116.138.0) | - | - | High
|
||||
45 | [82.116.138.32](https://vuldb.com/?ip.82.116.138.32) | out.samegas.com | - | High
|
||||
46 | [82.116.138.64](https://vuldb.com/?ip.82.116.138.64) | - | - | High
|
||||
47 | [82.116.138.128](https://vuldb.com/?ip.82.116.138.128) | - | - | High
|
||||
48 | [82.116.139.0](https://vuldb.com/?ip.82.116.139.0) | - | - | High
|
||||
49 | [82.116.139.128](https://vuldb.com/?ip.82.116.139.128) | - | - | High
|
||||
50 | [82.116.140.0](https://vuldb.com/?ip.82.116.140.0) | - | - | High
|
||||
51 | [82.116.149.0](https://vuldb.com/?ip.82.116.149.0) | - | - | High
|
||||
52 | [82.116.150.0](https://vuldb.com/?ip.82.116.150.0) | - | - | High
|
||||
53 | ... | ... | ... | ...
|
||||
|
||||
There are 170 more IOC items available. Please use our online service to access the data.
|
||||
There are 208 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -98,6 +108,7 @@ There are 14 more IOA items available (file, library, argument, input value, pat
|
|||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_kw.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_kw.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -278,7 +278,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -295,36 +296,34 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
6 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
7 | File | `/cgi-bin/R14.2/log.pl` | High
|
||||
8 | File | `/ctcprotocol/Protocol` | High
|
||||
9 | File | `/ebics-server/ebics.aspx` | High
|
||||
10 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
8 | File | `/ebics-server/ebics.aspx` | High
|
||||
9 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
10 | File | `/files/import` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/hrm/controller/employee.php` | High
|
||||
13 | File | `/hrm/employeeadd.php` | High
|
||||
14 | File | `/hrm/employeeview.php` | High
|
||||
15 | File | `/ims/login.php` | High
|
||||
16 | File | `/login/index.php` | High
|
||||
17 | File | `/menu.html` | Medium
|
||||
18 | File | `/mhds/clinic/view_details.php` | High
|
||||
19 | File | `/Moosikay/order.php` | High
|
||||
20 | File | `/nova/bin/detnet` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/php-opos/index.php` | High
|
||||
23 | File | `/resources//../` | High
|
||||
24 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
25 | File | `/sys/dict/queryTableData` | High
|
||||
26 | File | `/tmp/boa-temp` | High
|
||||
27 | File | `/tourism/rate_review.php` | High
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/view-property.php` | High
|
||||
30 | File | `/wp-admin/admin-ajax.php` | High
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `action-visitor.php` | High
|
||||
33 | File | `action.php` | Medium
|
||||
34 | File | `adclick.php` | Medium
|
||||
35 | ... | ... | ...
|
||||
17 | File | `/mhds/clinic/view_details.php` | High
|
||||
18 | File | `/Moosikay/order.php` | High
|
||||
19 | File | `/nova/bin/detnet` | High
|
||||
20 | File | `/out.php` | Medium
|
||||
21 | File | `/php-opos/index.php` | High
|
||||
22 | File | `/resources//../` | High
|
||||
23 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
24 | File | `/sys/dict/queryTableData` | High
|
||||
25 | File | `/tmp/boa-temp` | High
|
||||
26 | File | `/tourism/rate_review.php` | High
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/view-property.php` | High
|
||||
29 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
30 | File | `action.php` | Medium
|
||||
31 | File | `adclick.php` | Medium
|
||||
32 | File | `admin.jcomments.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 297 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -52,10 +52,9 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -63,41 +62,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.FBCIndex` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/.ssh/authorized_keys` | High
|
||||
4 | File | `/as/authorization.oauth2` | High
|
||||
5 | File | `/blogengine/api/posts` | High
|
||||
6 | File | `/cgi-bin/api-get_line_status` | High
|
||||
7 | File | `/cgi-bin/luci` | High
|
||||
8 | File | `/cgi-bin/luci/api/auth` | High
|
||||
9 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
10 | File | `/cgi-bin/upload_vpntar` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/cgi/trustclustermaster.cgi` | High
|
||||
13 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/edit-doc.php` | High
|
||||
3 | File | `/as/authorization.oauth2` | High
|
||||
4 | File | `/blogengine/api/posts` | High
|
||||
5 | File | `/cgi-bin/api-get_line_status` | High
|
||||
6 | File | `/cgi-bin/luci` | High
|
||||
7 | File | `/cgi-bin/luci/api/auth` | High
|
||||
8 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
9 | File | `/cgi-bin/upload_vpntar` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/cgi/trustclustermaster.cgi` | High
|
||||
12 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/DXR.axd` | Medium
|
||||
15 | File | `/export` | Low
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/goform/SetPptpServerCfg` | High
|
||||
18 | File | `/h/calendar` | Medium
|
||||
19 | File | `/hrm/controller/employee.php` | High
|
||||
20 | File | `/js/app.js` | Medium
|
||||
21 | File | `/login/index.php` | High
|
||||
22 | File | `/mkshope/login.php` | High
|
||||
16 | File | `/filemanager/php/connector.php` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/goform/SetPptpServerCfg` | High
|
||||
19 | File | `/h/calendar` | Medium
|
||||
20 | File | `/hrm/controller/employee.php` | High
|
||||
21 | File | `/js/app.js` | Medium
|
||||
22 | File | `/login/index.php` | High
|
||||
23 | File | `/obs/book.php` | High
|
||||
24 | File | `/products/view_product.php` | High
|
||||
25 | File | `/public/launchNewWindow.jsp` | High
|
||||
26 | File | `/public/login.htm` | High
|
||||
27 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
28 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
29 | File | `/self.key` | Medium
|
||||
30 | File | `/services/view_service.php` | High
|
||||
31 | File | `/shell` | Low
|
||||
32 | File | `/spip.php` | Medium
|
||||
25 | File | `/public/login.htm` | High
|
||||
26 | File | `/rukovoditel/index.php?module=users/login` | High
|
||||
27 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
28 | File | `/services/view_service.php` | High
|
||||
29 | File | `/shell` | Low
|
||||
30 | File | `/spip.php` | Medium
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/usr/bin/tddp` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 281 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 283 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -90,13 +90,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-28 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -105,55 +106,60 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin/api/theme-edit/` | High
|
||||
3 | File | `/admin/upload/upload` | High
|
||||
4 | File | `/bsms_ci/index.php/book` | High
|
||||
5 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
6 | File | `/config/getuser` | High
|
||||
7 | File | `/debug/pprof` | Medium
|
||||
8 | File | `/etc/hosts` | Medium
|
||||
9 | File | `/example/editor` | High
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/HNAP1` | Low
|
||||
12 | File | `/iu-application/controllers/administration/auth.php` | High
|
||||
13 | File | `/Kofax/KFS/ThinClient/document/upload/` | High
|
||||
14 | File | `/medicines/profile.php` | High
|
||||
15 | File | `/obs/book.php` | High
|
||||
16 | File | `/ossn/administrator/com_installer` | High
|
||||
17 | File | `/param.file.tgz` | High
|
||||
18 | File | `/pms/update_user.php?user_id=1` | High
|
||||
19 | File | `/public_html/users.php` | High
|
||||
20 | File | `/spip.php` | Medium
|
||||
21 | File | `/sre/params.php` | High
|
||||
22 | File | `/tmp` | Low
|
||||
23 | File | `/user/s.php` | Medium
|
||||
24 | File | `/user/upload/upload` | High
|
||||
25 | File | `/Users` | Low
|
||||
26 | File | `/var/spool/hylafax` | High
|
||||
27 | File | `/vendor` | Low
|
||||
28 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
29 | File | `/wireless/guestnetwork.asp` | High
|
||||
30 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
31 | File | `action/addproject.php` | High
|
||||
32 | File | `adclick.php` | Medium
|
||||
33 | File | `add-locker-form.php` | High
|
||||
34 | File | `add_contestant.php` | High
|
||||
35 | File | `admin.php` | Medium
|
||||
36 | File | `admin/add_payment.php` | High
|
||||
37 | File | `admin/booking_report.php` | High
|
||||
38 | File | `admin/disapprove_user.php` | High
|
||||
39 | File | `admin/expense_report.php` | High
|
||||
40 | File | `admin/forget_password.php` | High
|
||||
41 | File | `admin/index.php` | High
|
||||
42 | File | `admin/make_payments.php` | High
|
||||
43 | File | `admin/sysCheckFile_deal.php` | High
|
||||
44 | File | `Advanced_ASUSDDNS_Content.asp` | High
|
||||
45 | File | `af_netlink.c` | Medium
|
||||
46 | File | `album_portal.php` | High
|
||||
47 | File | `application/libraries/LanguageTask.php` | High
|
||||
48 | ... | ... | ...
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/api/theme-edit/` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/index3.php` | High
|
||||
8 | File | `/admin/upload/upload` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
10 | File | `/alphaware/summary.php` | High
|
||||
11 | File | `/boat/login.php` | High
|
||||
12 | File | `/bsms_ci/index.php/book` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/config/getuser` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/ecshop/admin/template.php` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/forum/PostPrivateMessage` | High
|
||||
19 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
20 | File | `/medicines/profile.php` | High
|
||||
21 | File | `/net-banking/customer_transactions.php` | High
|
||||
22 | File | `/obs/book.php` | High
|
||||
23 | File | `/ossn/administrator/com_installer` | High
|
||||
24 | File | `/param.file.tgz` | High
|
||||
25 | File | `/pms/update_user.php?user_id=1` | High
|
||||
26 | File | `/public_html/users.php` | High
|
||||
27 | File | `/reservation/add_message.php` | High
|
||||
28 | File | `/spip.php` | Medium
|
||||
29 | File | `/sre/params.php` | High
|
||||
30 | File | `/tmp` | Low
|
||||
31 | File | `/user/s.php` | Medium
|
||||
32 | File | `/user/upload/upload` | High
|
||||
33 | File | `/Users` | Low
|
||||
34 | File | `/var/spool/hylafax` | High
|
||||
35 | File | `/vendor` | Low
|
||||
36 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
37 | File | `/video-sharing-script/watch-video.php` | High
|
||||
38 | File | `/wireless/guestnetwork.asp` | High
|
||||
39 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
40 | File | `AcquisiAction.class.php` | High
|
||||
41 | File | `adclick.php` | Medium
|
||||
42 | File | `add-locker-form.php` | High
|
||||
43 | File | `add_contestant.php` | High
|
||||
44 | File | `admin.php` | Medium
|
||||
45 | File | `admin/add_payment.php` | High
|
||||
46 | File | `admin/booking_report.php` | High
|
||||
47 | File | `admin/conf_users_edit.php` | High
|
||||
48 | File | `admin/disapprove_user.php` | High
|
||||
49 | File | `admin/expense_report.php` | High
|
||||
50 | File | `admin/fecalysis_form.php` | High
|
||||
51 | File | `admin/forget_password.php` | High
|
||||
52 | File | `admin/index.php` | High
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 418 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 461 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,266 @@
|
|||
# Lithuania Unknown - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Lithuania Unknown](https://vuldb.com/?actor.lithuania_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.lithuania_unknown](https://vuldb.com/?actor.lithuania_unknown)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lithuania Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Lithuania Unknown.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.56.184.0](https://vuldb.com/?ip.2.56.184.0) | - | - | High
|
||||
2 | [2.58.232.0](https://vuldb.com/?ip.2.58.232.0) | - | - | High
|
||||
3 | [2.59.150.0](https://vuldb.com/?ip.2.59.150.0) | - | - | High
|
||||
4 | [2.59.157.0](https://vuldb.com/?ip.2.59.157.0) | - | - | High
|
||||
5 | [2.249.168.0](https://vuldb.com/?ip.2.249.168.0) | - | - | High
|
||||
6 | [5.1.40.0](https://vuldb.com/?ip.5.1.40.0) | - | - | High
|
||||
7 | [5.20.0.0](https://vuldb.com/?ip.5.20.0.0) | - | - | High
|
||||
8 | [5.133.64.0](https://vuldb.com/?ip.5.133.64.0) | - | - | High
|
||||
9 | [5.188.172.0](https://vuldb.com/?ip.5.188.172.0) | subnet.infra.ds.melbicom.net | - | High
|
||||
10 | [5.199.160.0](https://vuldb.com/?ip.5.199.160.0) | - | - | High
|
||||
11 | [5.252.184.0](https://vuldb.com/?ip.5.252.184.0) | undefined.hostname.localhost | - | High
|
||||
12 | [5.253.240.0](https://vuldb.com/?ip.5.253.240.0) | - | - | High
|
||||
13 | [8.39.207.0](https://vuldb.com/?ip.8.39.207.0) | - | - | High
|
||||
14 | [31.6.54.0](https://vuldb.com/?ip.31.6.54.0) | - | - | High
|
||||
15 | [31.14.176.0](https://vuldb.com/?ip.31.14.176.0) | 31-14.network.serveriai.lt | - | High
|
||||
16 | [31.44.96.0](https://vuldb.com/?ip.31.44.96.0) | lan-31-44-96-0.vln.penki.lt | - | High
|
||||
17 | [31.135.216.0](https://vuldb.com/?ip.31.135.216.0) | - | - | High
|
||||
18 | [31.172.224.0](https://vuldb.com/?ip.31.172.224.0) | cl-31-172-224-0.fastlink.lt.224.172.31.in-addr.arpa | - | High
|
||||
19 | [31.177.8.0](https://vuldb.com/?ip.31.177.8.0) | 31-177-8-0.roventa.lt | - | High
|
||||
20 | [31.193.192.0](https://vuldb.com/?ip.31.193.192.0) | - | - | High
|
||||
21 | [31.209.64.0](https://vuldb.com/?ip.31.209.64.0) | data3-64-0.cgates.lt | - | High
|
||||
22 | [31.220.46.0](https://vuldb.com/?ip.31.220.46.0) | - | - | High
|
||||
23 | [34.99.40.0](https://vuldb.com/?ip.34.99.40.0) | 0.40.99.34.bc.googleusercontent.com | - | Medium
|
||||
24 | [34.103.34.0](https://vuldb.com/?ip.34.103.34.0) | 0.34.103.34.bc.googleusercontent.com | - | Medium
|
||||
25 | [37.0.216.0](https://vuldb.com/?ip.37.0.216.0) | m37-0-216-0.cust.tele2.lt | - | High
|
||||
26 | [37.0.224.0](https://vuldb.com/?ip.37.0.224.0) | m37-0-224-0.cust.tele2.lt | - | High
|
||||
27 | [37.156.216.0](https://vuldb.com/?ip.37.156.216.0) | - | - | High
|
||||
28 | [37.157.0.0](https://vuldb.com/?ip.37.157.0.0) | - | - | High
|
||||
29 | [37.157.144.0](https://vuldb.com/?ip.37.157.144.0) | client-37-157-144-0.cgates.lt | - | High
|
||||
30 | [37.230.180.0](https://vuldb.com/?ip.37.230.180.0) | - | - | High
|
||||
31 | [45.11.192.0](https://vuldb.com/?ip.45.11.192.0) | 45-11-192-0.netnamas.com | - | High
|
||||
32 | [45.13.52.0](https://vuldb.com/?ip.45.13.52.0) | - | - | High
|
||||
33 | [45.65.124.0](https://vuldb.com/?ip.45.65.124.0) | 45-65-124-0.kvantanetas.com | - | High
|
||||
34 | [45.66.196.0](https://vuldb.com/?ip.45.66.196.0) | 45.66.196.0.aji.lt | - | High
|
||||
35 | [45.80.216.0](https://vuldb.com/?ip.45.80.216.0) | - | - | High
|
||||
36 | [45.81.56.0](https://vuldb.com/?ip.45.81.56.0) | - | - | High
|
||||
37 | [45.81.252.0](https://vuldb.com/?ip.45.81.252.0) | - | - | High
|
||||
38 | [45.81.254.0](https://vuldb.com/?ip.45.81.254.0) | 0.i02.rfox.cloud | - | High
|
||||
39 | [45.82.32.0](https://vuldb.com/?ip.45.82.32.0) | - | - | High
|
||||
40 | [45.84.204.0](https://vuldb.com/?ip.45.84.204.0) | - | - | High
|
||||
41 | [45.84.244.0](https://vuldb.com/?ip.45.84.244.0) | cl-45-84-244-0.fastlink.lt.244.84.45.in-addr.arpa | - | High
|
||||
42 | [45.87.44.0](https://vuldb.com/?ip.45.87.44.0) | - | - | High
|
||||
43 | [45.87.106.0](https://vuldb.com/?ip.45.87.106.0) | - | - | High
|
||||
44 | [45.87.172.0](https://vuldb.com/?ip.45.87.172.0) | - | - | High
|
||||
45 | [45.88.196.0](https://vuldb.com/?ip.45.88.196.0) | - | - | High
|
||||
46 | [45.91.136.0](https://vuldb.com/?ip.45.91.136.0) | - | - | High
|
||||
47 | [45.92.188.0](https://vuldb.com/?ip.45.92.188.0) | - | - | High
|
||||
48 | [45.93.136.0](https://vuldb.com/?ip.45.93.136.0) | - | - | High
|
||||
49 | [45.123.190.0](https://vuldb.com/?ip.45.123.190.0) | - | - | High
|
||||
50 | [45.125.66.0](https://vuldb.com/?ip.45.125.66.0) | - | - | High
|
||||
51 | [45.128.160.0](https://vuldb.com/?ip.45.128.160.0) | - | - | High
|
||||
52 | [45.128.163.0](https://vuldb.com/?ip.45.128.163.0) | - | - | High
|
||||
53 | [45.130.76.0](https://vuldb.com/?ip.45.130.76.0) | network-addr | - | High
|
||||
54 | [45.134.72.0](https://vuldb.com/?ip.45.134.72.0) | - | - | High
|
||||
55 | [45.135.35.0](https://vuldb.com/?ip.45.135.35.0) | - | - | High
|
||||
56 | [45.145.32.0](https://vuldb.com/?ip.45.145.32.0) | - | - | High
|
||||
57 | [45.146.200.0](https://vuldb.com/?ip.45.146.200.0) | - | - | High
|
||||
58 | [45.147.132.0](https://vuldb.com/?ip.45.147.132.0) | - | - | High
|
||||
59 | [45.147.152.0](https://vuldb.com/?ip.45.147.152.0) | unknown | - | High
|
||||
60 | [45.152.240.0](https://vuldb.com/?ip.45.152.240.0) | - | - | High
|
||||
61 | [45.155.16.0](https://vuldb.com/?ip.45.155.16.0) | - | - | High
|
||||
62 | [46.17.174.0](https://vuldb.com/?ip.46.17.174.0) | - | - | High
|
||||
63 | [46.36.64.0](https://vuldb.com/?ip.46.36.64.0) | - | - | High
|
||||
64 | [46.166.160.0](https://vuldb.com/?ip.46.166.160.0) | - | - | High
|
||||
65 | [46.249.160.0](https://vuldb.com/?ip.46.249.160.0) | th-160-0.splius.lt | - | High
|
||||
66 | [46.251.32.0](https://vuldb.com/?ip.46.251.32.0) | data3-32-0.cgates.lt | - | High
|
||||
67 | [46.255.208.0](https://vuldb.com/?ip.46.255.208.0) | - | - | High
|
||||
68 | [57.86.164.0](https://vuldb.com/?ip.57.86.164.0) | - | - | High
|
||||
69 | [57.87.160.0](https://vuldb.com/?ip.57.87.160.0) | - | - | High
|
||||
70 | [62.77.152.0](https://vuldb.com/?ip.62.77.152.0) | 62-77.network.serveriai.lt | - | High
|
||||
71 | [62.80.224.0](https://vuldb.com/?ip.62.80.224.0) | - | - | High
|
||||
72 | [62.115.250.0](https://vuldb.com/?ip.62.115.250.0) | 62-115-64-0.teliacarrier-cust.com | - | High
|
||||
73 | [62.122.76.0](https://vuldb.com/?ip.62.122.76.0) | 62-122-76-0.static.zebra.lt | - | High
|
||||
74 | [62.192.180.0](https://vuldb.com/?ip.62.192.180.0) | - | - | High
|
||||
75 | [62.212.192.0](https://vuldb.com/?ip.62.212.192.0) | - | - | High
|
||||
76 | [64.64.111.0](https://vuldb.com/?ip.64.64.111.0) | - | - | High
|
||||
77 | [64.64.122.0](https://vuldb.com/?ip.64.64.122.0) | - | - | High
|
||||
78 | [64.64.125.0](https://vuldb.com/?ip.64.64.125.0) | - | - | High
|
||||
79 | [77.75.40.0](https://vuldb.com/?ip.77.75.40.0) | - | - | High
|
||||
80 | [77.79.0.0](https://vuldb.com/?ip.77.79.0.0) | hst-0-0.splius.lt | - | High
|
||||
81 | [77.86.253.0](https://vuldb.com/?ip.77.86.253.0) | - | - | High
|
||||
82 | [77.87.8.0](https://vuldb.com/?ip.77.87.8.0) | - | - | High
|
||||
83 | [77.90.64.0](https://vuldb.com/?ip.77.90.64.0) | - | - | High
|
||||
84 | [77.94.32.0](https://vuldb.com/?ip.77.94.32.0) | 77.94.32.0.satgate.net | - | High
|
||||
85 | [77.94.34.0](https://vuldb.com/?ip.77.94.34.0) | 77.94.34.0.satgate.net | - | High
|
||||
86 | [77.94.41.0](https://vuldb.com/?ip.77.94.41.0) | 77.94.41.0.satgate.net | - | High
|
||||
87 | [77.94.42.0](https://vuldb.com/?ip.77.94.42.0) | - | - | High
|
||||
88 | [77.94.48.0](https://vuldb.com/?ip.77.94.48.0) | 77.94.48.0.satgate.net | - | High
|
||||
89 | [77.94.51.0](https://vuldb.com/?ip.77.94.51.0) | - | - | High
|
||||
90 | [77.94.52.0](https://vuldb.com/?ip.77.94.52.0) | - | - | High
|
||||
91 | [77.221.64.0](https://vuldb.com/?ip.77.221.64.0) | data2-64-0.cgates.lt | - | High
|
||||
92 | [77.237.230.0](https://vuldb.com/?ip.77.237.230.0) | - | - | High
|
||||
93 | [77.240.248.0](https://vuldb.com/?ip.77.240.248.0) | - | - | High
|
||||
94 | [77.241.192.0](https://vuldb.com/?ip.77.241.192.0) | - | - | High
|
||||
95 | [78.31.184.0](https://vuldb.com/?ip.78.31.184.0) | ip-78-31-184-0.infiumhost.net | - | High
|
||||
96 | [78.31.188.0](https://vuldb.com/?ip.78.31.188.0) | ip-78-31-188-0.infiumhost.net | - | High
|
||||
97 | [78.31.190.0](https://vuldb.com/?ip.78.31.190.0) | ip-78-31-190-0.infiumhost.net | - | High
|
||||
98 | [78.31.224.0](https://vuldb.com/?ip.78.31.224.0) | - | - | High
|
||||
99 | [78.56.0.0](https://vuldb.com/?ip.78.56.0.0) | 78-56-0-0.static.zebra.lt | - | High
|
||||
100 | [78.138.1.0](https://vuldb.com/?ip.78.138.1.0) | - | - | High
|
||||
101 | [78.157.64.0](https://vuldb.com/?ip.78.157.64.0) | lan-78-157-64-0.vln.penki.lt | - | High
|
||||
102 | [78.158.0.0](https://vuldb.com/?ip.78.158.0.0) | cl-78-158-0-0.fastlink.lt | - | High
|
||||
103 | [79.98.24.0](https://vuldb.com/?ip.79.98.24.0) | 79-98.network.serveriai.lt | - | High
|
||||
104 | [79.132.160.0](https://vuldb.com/?ip.79.132.160.0) | - | - | High
|
||||
105 | [79.133.224.0](https://vuldb.com/?ip.79.133.224.0) | cable-224-0.cgates.lt | - | High
|
||||
106 | [79.142.112.0](https://vuldb.com/?ip.79.142.112.0) | - | - | High
|
||||
107 | [80.208.224.0](https://vuldb.com/?ip.80.208.224.0) | 80-208.network.serveriai.lt | - | High
|
||||
108 | [80.209.224.0](https://vuldb.com/?ip.80.209.224.0) | 80-209.network.serveriai.lt | - | High
|
||||
109 | [80.239.200.0](https://vuldb.com/?ip.80.239.200.0) | 80-239-200-0.teliacarrier-cust.com | - | High
|
||||
110 | [80.239.206.0](https://vuldb.com/?ip.80.239.206.0) | 80-239-206-0.teliacarrier-cust.com | - | High
|
||||
111 | [80.239.231.0](https://vuldb.com/?ip.80.239.231.0) | 80-239-231-0.teliacarrier-cust.com | - | High
|
||||
112 | [80.239.252.0](https://vuldb.com/?ip.80.239.252.0) | 80-239-252-0.teliacarrier-cust.com | - | High
|
||||
113 | [80.240.0.0](https://vuldb.com/?ip.80.240.0.0) | cable-0-0.cgates.lt | - | High
|
||||
114 | [80.243.16.0](https://vuldb.com/?ip.80.243.16.0) | data4-16-0.cgates.lt | - | High
|
||||
115 | [81.7.64.0](https://vuldb.com/?ip.81.7.64.0) | 81-7-64-0.static.zebra.lt | - | High
|
||||
116 | [81.16.224.0](https://vuldb.com/?ip.81.16.224.0) | - | - | High
|
||||
117 | [81.29.16.0](https://vuldb.com/?ip.81.29.16.0) | cable-16-0.cgates.lt | - | High
|
||||
118 | [82.135.128.0](https://vuldb.com/?ip.82.135.128.0) | 82-135-128-0.static.zebra.lt | - | High
|
||||
119 | [82.140.128.0](https://vuldb.com/?ip.82.140.128.0) | - | - | High
|
||||
120 | [82.198.0.0](https://vuldb.com/?ip.82.198.0.0) | 82.198.0.0.satgate.net | - | High
|
||||
121 | [82.198.3.0](https://vuldb.com/?ip.82.198.3.0) | 82.198.3.0.satgate.net | - | High
|
||||
122 | [82.198.6.0](https://vuldb.com/?ip.82.198.6.0) | - | - | High
|
||||
123 | [82.198.14.0](https://vuldb.com/?ip.82.198.14.0) | 82.198.14.0.satgate.net | - | High
|
||||
124 | [82.198.16.0](https://vuldb.com/?ip.82.198.16.0) | - | - | High
|
||||
125 | [82.198.18.0](https://vuldb.com/?ip.82.198.18.0) | 82.198.18.0.satgate.net | - | High
|
||||
126 | [82.198.24.0](https://vuldb.com/?ip.82.198.24.0) | 82.198.24.0.satgate.net | - | High
|
||||
127 | [82.198.27.0](https://vuldb.com/?ip.82.198.27.0) | - | - | High
|
||||
128 | [82.198.28.0](https://vuldb.com/?ip.82.198.28.0) | - | - | High
|
||||
129 | [82.198.31.0](https://vuldb.com/?ip.82.198.31.0) | 82.198.31.0.satgate.net | - | High
|
||||
130 | [83.171.0.0](https://vuldb.com/?ip.83.171.0.0) | - | - | High
|
||||
131 | [83.176.160.0](https://vuldb.com/?ip.83.176.160.0) | m83-176-160-0.cust.tele2.lt | - | High
|
||||
132 | [83.176.192.0](https://vuldb.com/?ip.83.176.192.0) | m83-176-192-0.cust.tele2.lt | - | High
|
||||
133 | [83.178.56.0](https://vuldb.com/?ip.83.178.56.0) | m83-178-56-0.cust.tele2.lt | - | High
|
||||
134 | [83.179.0.0](https://vuldb.com/?ip.83.179.0.0) | m83-179-0-0.cust.tele2.lt | - | High
|
||||
135 | [83.181.56.0](https://vuldb.com/?ip.83.181.56.0) | m83-181-56-0.cust.tele2.lt | - | High
|
||||
136 | [83.181.60.0](https://vuldb.com/?ip.83.181.60.0) | - | - | High
|
||||
137 | [83.181.64.0](https://vuldb.com/?ip.83.181.64.0) | m83-181-64-0.cust.tele2.lt | - | High
|
||||
138 | [83.181.160.0](https://vuldb.com/?ip.83.181.160.0) | m83-181-160-0.cust.tele2.lt | - | High
|
||||
139 | ... | ... | ... | ...
|
||||
|
||||
There are 552 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Lithuania Unknown_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Lithuania Unknown. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `/admin/api/admin/articles/` | High
|
||||
3 | File | `/admin/submit-articles` | High
|
||||
4 | File | `/admin/subnets/ripe-query.php` | High
|
||||
5 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
6 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
7 | File | `/apilog.php` | Medium
|
||||
8 | File | `/attachments` | Medium
|
||||
9 | File | `/bin/httpd` | Medium
|
||||
10 | File | `/bsms_ci/index.php/book` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
14 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
15 | File | `/etc/hosts` | Medium
|
||||
16 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
19 | File | `/fos/admin/index.php?page=menu` | High
|
||||
20 | File | `/goform/wizard_end` | High
|
||||
21 | File | `/home/masterConsole` | High
|
||||
22 | File | `/home/sendBroadcast` | High
|
||||
23 | File | `/hrm/employeeadd.php` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
25 | File | `/index.php` | Medium
|
||||
26 | File | `/items/view_item.php` | High
|
||||
27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
28 | File | `/lookin/info` | Medium
|
||||
29 | File | `/manager/index.php` | High
|
||||
30 | File | `/medical/inventories.php` | High
|
||||
31 | File | `/medicines/profile.php` | High
|
||||
32 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
33 | File | `/modules/profile/index.php` | High
|
||||
34 | File | `/modules/projects/vw_files.php` | High
|
||||
35 | File | `/modules/public/calendar.php` | High
|
||||
36 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
37 | File | `/newsDia.php` | Medium
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/php-opos/index.php` | High
|
||||
40 | File | `/proxy` | Low
|
||||
41 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
42 | File | `/reports/rwservlet` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
45 | File | `/staff/bookdetails.php` | High
|
||||
46 | File | `/tmp` | Low
|
||||
47 | File | `/uncpath/` | Medium
|
||||
48 | File | `/user/update_booking.php` | High
|
||||
49 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
50 | File | `/video-sharing-script/watch-video.php` | High
|
||||
51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
52 | File | `/wireless/security.asp` | High
|
||||
53 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
54 | File | `01article.php` | High
|
||||
55 | File | `AbstractScheduleJob.java` | High
|
||||
56 | File | `actionphp/download.File.php` | High
|
||||
57 | File | `ActivityRecord.java` | High
|
||||
58 | File | `adclick.php` | Medium
|
||||
59 | File | `addtocart.asp` | High
|
||||
60 | File | `admin.php` | Medium
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 529 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_lt.netset
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -67,7 +67,7 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `backend/Login/load/` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 142 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 150 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -63,39 +63,39 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/ctcprotocol/Protocol` | High
|
||||
18 | File | `/dashboard/menu-list.php` | High
|
||||
19 | File | `/data/remove` | Medium
|
||||
20 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
21 | File | `/filemanager/upload.php` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goforms/rlminfo` | High
|
||||
24 | File | `/Items/*/RemoteImages/Download` | High
|
||||
25 | File | `/login` | Low
|
||||
26 | File | `/menu.html` | Medium
|
||||
27 | File | `/navigate/navigate_download.php` | High
|
||||
28 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
29 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/owa/auth/logon.aspx` | High
|
||||
32 | File | `/password.html` | High
|
||||
33 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
34 | File | `/proc/ioports` | High
|
||||
35 | File | `/property-list/property_view.php` | High
|
||||
36 | File | `/ptms/classes/Users.php` | High
|
||||
37 | File | `/resources//../` | High
|
||||
38 | File | `/rest/api/2/search` | High
|
||||
39 | File | `/s/` | Low
|
||||
40 | File | `/scripts/cpan_config` | High
|
||||
41 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
42 | File | `/services/system/setup.json` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/sys/dict/queryTableData` | High
|
||||
45 | File | `/tmp` | Low
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/vloggers_merch/?p=view_product` | High
|
||||
48 | File | `/webconsole/APIController` | High
|
||||
49 | File | `/websocket/exec` | High
|
||||
20 | File | `/ebics-server/ebics.aspx` | High
|
||||
21 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
22 | File | `/filemanager/upload.php` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/goforms/rlminfo` | High
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/login` | Low
|
||||
27 | File | `/menu.html` | Medium
|
||||
28 | File | `/navigate/navigate_download.php` | High
|
||||
29 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
30 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/owa/auth/logon.aspx` | High
|
||||
33 | File | `/password.html` | High
|
||||
34 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
35 | File | `/proc/ioports` | High
|
||||
36 | File | `/property-list/property_view.php` | High
|
||||
37 | File | `/ptms/classes/Users.php` | High
|
||||
38 | File | `/resources//../` | High
|
||||
39 | File | `/rest/api/2/search` | High
|
||||
40 | File | `/s/` | Low
|
||||
41 | File | `/scripts/cpan_config` | High
|
||||
42 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
43 | File | `/services/system/setup.json` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/sys/dict/queryTableData` | High
|
||||
46 | File | `/tmp` | Low
|
||||
47 | File | `/uncpath/` | Medium
|
||||
48 | File | `/vloggers_merch/?p=view_product` | High
|
||||
49 | File | `/webconsole/APIController` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 434 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 431 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -64,53 +64,53 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/cgi-bin/wapopen` | High
|
||||
3 | File | `/etc/ajenti/config.yml` | High
|
||||
4 | File | `/goform/telnet` | High
|
||||
5 | File | `/modules/profile/index.php` | High
|
||||
6 | File | `/rom-0` | Low
|
||||
7 | File | `/tmp/phpglibccheck` | High
|
||||
8 | File | `/uncpath/` | Medium
|
||||
9 | File | `/var/tmp/sess_*` | High
|
||||
10 | File | `/vmi/manager/engine/management/commands/apns_worker.py` | High
|
||||
11 | File | `action.php` | Medium
|
||||
12 | File | `actionphp/download.File.php` | High
|
||||
13 | File | `add_comment.php` | High
|
||||
14 | File | `admin/admin.php` | High
|
||||
15 | File | `admin/content.php` | High
|
||||
16 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
17 | File | `admin/memberviewdetails.php` | High
|
||||
18 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
19 | File | `admin_gallery.php3` | High
|
||||
20 | File | `affich.php` | Medium
|
||||
21 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
22 | File | `akeyActivationLogin.do` | High
|
||||
23 | File | `album_portal.php` | High
|
||||
24 | File | `apache-auth.conf` | High
|
||||
25 | File | `askapache-firefox-adsense.php` | High
|
||||
26 | File | `attachment.cgi` | High
|
||||
27 | File | `basic_search_result.php` | High
|
||||
28 | File | `blueprints/sections/edit/1` | High
|
||||
29 | File | `books.php` | Medium
|
||||
30 | File | `cart_add.php` | Medium
|
||||
31 | File | `CFS.c` | Low
|
||||
32 | File | `cgi-bin/gnudip.cgi` | High
|
||||
33 | File | `checktransferstatus.php` | High
|
||||
34 | File | `checkuser.php` | High
|
||||
35 | File | `class.SystemAction.php` | High
|
||||
36 | File | `clientarea.php` | High
|
||||
37 | File | `cmdmon.c` | Medium
|
||||
38 | File | `collectivite.class.php` | High
|
||||
39 | File | `confirm.php` | Medium
|
||||
40 | File | `contact` | Low
|
||||
41 | File | `control.c` | Medium
|
||||
42 | File | `core-util.c` | Medium
|
||||
43 | File | `core/coreuserinputhandler.cpp` | High
|
||||
44 | File | `cve-bin/moreBlockInfo.cgi` | High
|
||||
45 | File | `d1_both.c` | Medium
|
||||
46 | File | `data/gbconfiguration.dat` | High
|
||||
47 | File | `Debug_command_page.asp` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/goform/telnet` | High
|
||||
6 | File | `/modules/profile/index.php` | High
|
||||
7 | File | `/rom-0` | Low
|
||||
8 | File | `/tmp/phpglibccheck` | High
|
||||
9 | File | `/uncpath/` | Medium
|
||||
10 | File | `/var/tmp/sess_*` | High
|
||||
11 | File | `/vmi/manager/engine/management/commands/apns_worker.py` | High
|
||||
12 | File | `action.php` | Medium
|
||||
13 | File | `actionphp/download.File.php` | High
|
||||
14 | File | `add_comment.php` | High
|
||||
15 | File | `admin/admin.php` | High
|
||||
16 | File | `admin/content.php` | High
|
||||
17 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
18 | File | `admin/memberviewdetails.php` | High
|
||||
19 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
20 | File | `admin_gallery.php3` | High
|
||||
21 | File | `affich.php` | Medium
|
||||
22 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
23 | File | `akeyActivationLogin.do` | High
|
||||
24 | File | `album_portal.php` | High
|
||||
25 | File | `apache-auth.conf` | High
|
||||
26 | File | `askapache-firefox-adsense.php` | High
|
||||
27 | File | `attachment.cgi` | High
|
||||
28 | File | `basic_search_result.php` | High
|
||||
29 | File | `blueprints/sections/edit/1` | High
|
||||
30 | File | `books.php` | Medium
|
||||
31 | File | `cart_add.php` | Medium
|
||||
32 | File | `CFS.c` | Low
|
||||
33 | File | `cgi-bin/gnudip.cgi` | High
|
||||
34 | File | `checktransferstatus.php` | High
|
||||
35 | File | `checkuser.php` | High
|
||||
36 | File | `class.SystemAction.php` | High
|
||||
37 | File | `clientarea.php` | High
|
||||
38 | File | `cmdmon.c` | Medium
|
||||
39 | File | `collectivite.class.php` | High
|
||||
40 | File | `confirm.php` | Medium
|
||||
41 | File | `contact` | Low
|
||||
42 | File | `control.c` | Medium
|
||||
43 | File | `core-util.c` | Medium
|
||||
44 | File | `core/coreuserinputhandler.cpp` | High
|
||||
45 | File | `cve-bin/moreBlockInfo.cgi` | High
|
||||
46 | File | `d1_both.c` | Medium
|
||||
47 | File | `data/gbconfiguration.dat` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 419 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 414 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -90,7 +90,7 @@ ID | Type | Indicator | Confidence
|
|||
22 | File | `cng.sys` | Low
|
||||
23 | ... | ... | ...
|
||||
|
||||
There are 191 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 194 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -109,7 +109,7 @@ ID | Type | Indicator | Confidence
|
|||
42 | File | `/var/log/messages` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 370 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -87,9 +87,10 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `/spip.php` | Medium
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/usr/www/ja/mnt_cmd.cgi` | High
|
||||
31 | ... | ... | ...
|
||||
31 | File | `/videotalk` | Medium
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 264 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 272 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
某些文件未显示,因为此 diff 中更改的文件太多 显示更多
正在加载...
在新工单中引用