Update March 2024
This commit is contained in:
parent
c788b868dd
commit
b8d825374e
|
@ -31,9 +31,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -26,7 +26,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1592 | CWE-200 | Configuration | High
|
||||
2 | T1592 | CWE-200 | Invocation of Process Using Visible Sensitive Information | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
1 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
The following _campaigns_ are known and can be associated with 8220 Gang:
|
||||
|
||||
* CVE-2019-2725
|
||||
* CVE-2022-26134
|
||||
|
||||
## Countries
|
||||
|
@ -19,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [SE](https://vuldb.com/?country.se)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -30,9 +31,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [5.42.67.29](https://vuldb.com/?ip.5.42.67.29) | - | - | High
|
||||
2 | [51.79.175.139](https://vuldb.com/?ip.51.79.175.139) | vps-dc8b0481.vps.ovh.ca | CVE-2022-26134 | High
|
||||
3 | [51.255.171.23](https://vuldb.com/?ip.51.255.171.23) | vps-fc1a1567.vps.ovh.net | CVE-2022-26134 | High
|
||||
4 | ... | ... | ... | ...
|
||||
4 | [79.110.62.23](https://vuldb.com/?ip.79.110.62.23) | - | CVE-2019-2725 | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
There are 15 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -44,9 +46,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
5 | T1068 | CWE-264, CWE-266, CWE-267, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -57,29 +60,34 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `%PROGRAMFILES%\MyQ\PHP\Sessions\` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/alphaware/summary.php` | High
|
||||
4 | File | `/cgi-bin/web_index.cgi?lang=en&src=AwSystem.html&ertqVvnKV4TjU9Vt` | High
|
||||
5 | File | `/common/info.cgi` | High
|
||||
6 | File | `/control/stream` | High
|
||||
7 | File | `/cupseasylive/countrymodify.php` | High
|
||||
8 | File | `/domains/list` | High
|
||||
9 | File | `/index.php/weblinks-categories` | High
|
||||
10 | File | `/LoginRegistration.php` | High
|
||||
11 | File | `/member/ad.php?action=ad` | High
|
||||
12 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||
13 | File | `/phppath/php` | Medium
|
||||
14 | File | `/product_list.php` | High
|
||||
15 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
|
||||
16 | File | `/spip.php` | Medium
|
||||
17 | File | `/tmp` | Low
|
||||
18 | File | `/ucms/chk.php` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
21 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
22 | File | `add-category.php` | High
|
||||
23 | File | `admin/bitrix.xscan_worker.php` | High
|
||||
24 | ... | ... | ...
|
||||
4 | File | `/brand.php` | Medium
|
||||
5 | File | `/cgi-bin/web_index.cgi?lang=en&src=AwSystem.html&ertqVvnKV4TjU9Vt` | High
|
||||
6 | File | `/common/info.cgi` | High
|
||||
7 | File | `/control/stream` | High
|
||||
8 | File | `/cupseasylive/countrymodify.php` | High
|
||||
9 | File | `/domains/list` | High
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/index.php/weblinks-categories` | High
|
||||
12 | File | `/LoginRegistration.php` | High
|
||||
13 | File | `/member/ad.php?action=ad` | High
|
||||
14 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||
15 | File | `/phppath/php` | Medium
|
||||
16 | File | `/product_list.php` | High
|
||||
17 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
|
||||
18 | File | `/spip.php` | Medium
|
||||
19 | File | `/src/admin/content_batchup_action.php` | High
|
||||
20 | File | `/tmp` | Low
|
||||
21 | File | `/ucms/chk.php` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
25 | File | `add-category.php` | High
|
||||
26 | File | `admin/bitrix.xscan_worker.php` | High
|
||||
27 | File | `admin/content/postcategory` | High
|
||||
28 | File | `admin/index.php` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 204 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 245 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -89,6 +97,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://asec.ahnlab.com/en/36820/
|
||||
* https://blog.checkpoint.com/2022/06/09/crypto-miners-leveraging-atlassian-zero-day-vulnerability/
|
||||
* https://github.com/uptycslabs/IOCs/blob/main/8220Gang
|
||||
* https://www.sentinelone.com/blog/8220-gang-cloud-botnet-targets-misconfigured-cloud-workloads/
|
||||
* https://www.sentinelone.com/blog/soc-team-essentials-how-to-investigate-and-track-the-8220-gang-cloud-threat/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -34,4 +34,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -28,4 +28,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,12 +21,13 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.42.65.55](https://vuldb.com/?ip.5.42.65.55) | - | - | High
|
||||
2 | [5.182.86.8](https://vuldb.com/?ip.5.182.86.8) | frequent-minute.aeza.network | - | High
|
||||
3 | [37.220.87.16](https://vuldb.com/?ip.37.220.87.16) | ipn-37-220-87-16.artem-catv.ru | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | [5.42.64.45](https://vuldb.com/?ip.5.42.64.45) | - | - | High
|
||||
2 | [5.42.65.55](https://vuldb.com/?ip.5.42.65.55) | - | - | High
|
||||
3 | [5.42.65.107](https://vuldb.com/?ip.5.42.65.107) | - | - | High
|
||||
4 | [5.42.65.108](https://vuldb.com/?ip.5.42.65.108) | - | - | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -34,12 +35,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -50,25 +51,34 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
2 | File | `/display/map` | Medium
|
||||
3 | File | `/forum/away.php` | High
|
||||
4 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
5 | File | `/qsr_server/device/reboot` | High
|
||||
6 | File | `about.php` | Medium
|
||||
7 | File | `auktion.cgi` | Medium
|
||||
8 | ... | ... | ...
|
||||
4 | File | `/importexport.php` | High
|
||||
5 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
6 | File | `/qsr_server/device/reboot` | High
|
||||
7 | File | `/spip.php` | Medium
|
||||
8 | File | `/userLogin.asp` | High
|
||||
9 | File | `about.php` | Medium
|
||||
10 | File | `auktion.cgi` | Medium
|
||||
11 | File | `bb_usage_stats.php` | High
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 58 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://search.censys.io/hosts/5.42.65.55
|
||||
* https://search.censys.io/hosts/79.137.198.170
|
||||
* https://search.censys.io/hosts/89.208.105.191
|
||||
* https://search.censys.io/hosts/185.172.128.31/
|
||||
* https://search.censys.io/hosts/185.172.128.163
|
||||
* https://search.censys.io/hosts/185.215.113.71/
|
||||
* https://threatfox.abuse.ch
|
||||
* https://tracker.viriback.com/index.php?q=5.182.86.8
|
||||
* https://tria.ge/240131-bq8nfsghb7/behavioral1
|
||||
* https://tria.ge/240204-mqbt9sfdg3
|
||||
* https://twitter.com/phd_phuc/status/1651002681798926337
|
||||
* https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
|
||||
|
||||
## Literature
|
||||
|
||||
|
@ -79,4 +89,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -30,8 +30,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -65,4 +65,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -4,17 +4,6 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.apt-c-01](https://vuldb.com/?actor.apt-c-01)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT-C-01:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of APT-C-01.
|
||||
|
@ -34,13 +23,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-24 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-22, CWE-24 | Path Traversal | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,83 +36,83 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/accounts_con/register_account` | High
|
||||
2 | File | `/addbill.php` | Medium
|
||||
3 | File | `/admin` | Low
|
||||
4 | File | `/admin/` | Low
|
||||
5 | File | `/admin/action/add_con.php` | High
|
||||
6 | File | `/admin/action/delete-vaccine.php` | High
|
||||
7 | File | `/admin/action/edit_chicken.php` | High
|
||||
8 | File | `/admin/action/new-father.php` | High
|
||||
9 | File | `/admin/action/new-feed.php` | High
|
||||
10 | File | `/admin/action/update-deworm.php` | High
|
||||
11 | File | `/admin/admin_login_process.php` | High
|
||||
12 | File | `/admin/admin_user.php` | High
|
||||
13 | File | `/admin/book_add.php` | High
|
||||
14 | File | `/admin/book_row.php` | High
|
||||
15 | File | `/admin/borrow_add.php` | High
|
||||
16 | File | `/admin/bwdates-report-details.php` | High
|
||||
17 | File | `/admin/category_row.php` | High
|
||||
18 | File | `/admin/clientview.php` | High
|
||||
19 | File | `/admin/course.php` | High
|
||||
20 | File | `/admin/edit_teacher.php` | High
|
||||
21 | File | `/admin/index.php?act=reset_admin_psw` | High
|
||||
22 | File | `/admin/ind_backstage.php` | High
|
||||
23 | File | `/admin/makehtml_freelist_action.php` | High
|
||||
24 | File | `/admin/manage-pages.php` | High
|
||||
25 | File | `/admin/manage-users.php` | High
|
||||
26 | File | `/Admin/News.php` | High
|
||||
27 | File | `/admin/options-theme.php` | High
|
||||
28 | File | `/admin/pages/edit_chicken.php` | High
|
||||
29 | File | `/admin/pages/student-print.php` | High
|
||||
30 | File | `/admin/pages/subjects.php` | High
|
||||
31 | File | `/admin/pages/update_go.php` | High
|
||||
32 | File | `/admin/pages/yearlevel.php` | High
|
||||
33 | File | `/admin/php/crud.php` | High
|
||||
34 | File | `/admin/regester.php` | High
|
||||
35 | File | `/admin/request-received-bydonar.php` | High
|
||||
36 | File | `/admin/return_add.php` | High
|
||||
37 | File | `/admin/singlelogin.php?submit=1` | High
|
||||
38 | File | `/admin/subject.php` | High
|
||||
39 | File | `/admin/update-clients.php` | High
|
||||
40 | File | `/admin/upload/img` | High
|
||||
41 | File | `/admin/uploads/` | High
|
||||
42 | File | `/admin_route/dec_service_credits.php` | High
|
||||
43 | File | `/admin_route/inc_service_credits.php` | High
|
||||
44 | File | `/adplanet/PlanetCommentList` | High
|
||||
45 | File | `/adplanet/PlanetUser` | High
|
||||
46 | File | `/ample/app/action/edit_product.php` | High
|
||||
47 | File | `/api.php` | Medium
|
||||
48 | File | `/api/log/killJob` | High
|
||||
49 | File | `/app/ajax/sell_return_data.php` | High
|
||||
50 | File | `/app/api/controller/caiji.php` | High
|
||||
51 | File | `/app/api/controller/collect.php` | High
|
||||
52 | File | `/app/api/controller/default/File.php` | High
|
||||
53 | File | `/app/api/controller/default/Sqlite.php` | High
|
||||
54 | File | `/application/pay/controller/Api.php` | High
|
||||
55 | File | `/apps/login_auth.php` | High
|
||||
56 | File | `/apps/reg_go.php` | High
|
||||
57 | File | `/article/DelectArticleById/` | High
|
||||
58 | File | `/assets/php/upload.php` | High
|
||||
59 | File | `/auth/auth.php?user=1` | High
|
||||
60 | File | `/auth/user/all.api` | High
|
||||
61 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
62 | File | `/bin/boa` | Medium
|
||||
63 | File | `/boaform/device_reset.cgi` | High
|
||||
64 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
65 | File | `/boafrm/formMapDelDevice` | High
|
||||
66 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
67 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
68 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
69 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
70 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
71 | File | `/classes/Users.php?f=save` | High
|
||||
72 | File | `/config,admin.jsp` | High
|
||||
73 | File | `/dashboard?controller=UserCollection::createUser` | High
|
||||
74 | File | `/devinfo` | Medium
|
||||
1 | File | `/admin` | Low
|
||||
2 | File | `/admin.php?p=/Area/index#tab=t2` | High
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/action/add_con.php` | High
|
||||
5 | File | `/admin/action/delete-vaccine.php` | High
|
||||
6 | File | `/admin/action/edit_chicken.php` | High
|
||||
7 | File | `/admin/action/new-father.php` | High
|
||||
8 | File | `/admin/action/new-feed.php` | High
|
||||
9 | File | `/admin/action/update-deworm.php` | High
|
||||
10 | File | `/admin/admin_login_process.php` | High
|
||||
11 | File | `/admin/admin_user.php` | High
|
||||
12 | File | `/admin/book_add.php` | High
|
||||
13 | File | `/admin/book_row.php` | High
|
||||
14 | File | `/admin/borrow_add.php` | High
|
||||
15 | File | `/admin/category_row.php` | High
|
||||
16 | File | `/admin/clientview.php` | High
|
||||
17 | File | `/admin/edit_teacher.php` | High
|
||||
18 | File | `/admin/index.php?act=reset_admin_psw` | High
|
||||
19 | File | `/Admin/login.php` | High
|
||||
20 | File | `/admin/makehtml_freelist_action.php` | High
|
||||
21 | File | `/Admin/News.php` | High
|
||||
22 | File | `/admin/pages/edit_chicken.php` | High
|
||||
23 | File | `/admin/pages/student-print.php` | High
|
||||
24 | File | `/admin/pages/subjects.php` | High
|
||||
25 | File | `/admin/pages/update_go.php` | High
|
||||
26 | File | `/admin/pages/yearlevel.php` | High
|
||||
27 | File | `/admin/regester.php` | High
|
||||
28 | File | `/admin/request-received-bydonar.php` | High
|
||||
29 | File | `/admin/return_add.php` | High
|
||||
30 | File | `/admin/update-clients.php` | High
|
||||
31 | File | `/admin/uploads/` | High
|
||||
32 | File | `/admin_ping.htm` | High
|
||||
33 | File | `/admin_route/dec_service_credits.php` | High
|
||||
34 | File | `/admin_route/inc_service_credits.php` | High
|
||||
35 | File | `/ample/app/action/edit_product.php` | High
|
||||
36 | File | `/api.php` | Medium
|
||||
37 | File | `/api/controllers/admin/app/AppController.php` | High
|
||||
38 | File | `/api/controllers/admin/app/ComboController.php` | High
|
||||
39 | File | `/api/controllers/common/UploadsController.php` | High
|
||||
40 | File | `/api/controllers/merchant/app/ComboController.php` | High
|
||||
41 | File | `/api/log/killJob` | High
|
||||
42 | File | `/app/ajax/sell_return_data.php` | High
|
||||
43 | File | `/app/api/controller/caiji.php` | High
|
||||
44 | File | `/app/api/controller/collect.php` | High
|
||||
45 | File | `/app/api/controller/default/File.php` | High
|
||||
46 | File | `/app/api/controller/default/Sqlite.php` | High
|
||||
47 | File | `/application/index/common.php` | High
|
||||
48 | File | `/application/index/controller/Databasesource.php` | High
|
||||
49 | File | `/application/index/controller/Datament.php` | High
|
||||
50 | File | `/application/index/controller/File.php` | High
|
||||
51 | File | `/application/index/controller/Icon.php` | High
|
||||
52 | File | `/application/index/controller/Pay.php` | High
|
||||
53 | File | `/application/index/controller/Screen.php` | High
|
||||
54 | File | `/application/index/controller/Service.php` | High
|
||||
55 | File | `/application/index/controller/Unity.php` | High
|
||||
56 | File | `/application/pay/controller/Api.php` | High
|
||||
57 | File | `/application/plugins/controller/Upload.php` | High
|
||||
58 | File | `/application/websocket/controller/Setting.php` | High
|
||||
59 | File | `/apply/index.php` | High
|
||||
60 | File | `/apps/login_auth.php` | High
|
||||
61 | File | `/apps/reg_go.php` | High
|
||||
62 | File | `/assets/php/upload.php` | High
|
||||
63 | File | `/att_add.php` | Medium
|
||||
64 | File | `/auth/user/all.api` | High
|
||||
65 | File | `/bin/boa` | Medium
|
||||
66 | File | `/boaform/device_reset.cgi` | High
|
||||
67 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
68 | File | `/boafrm/formMapDelDevice` | High
|
||||
69 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
70 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
71 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
72 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
73 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
74 | File | `/classes/Users.php?f=save` | High
|
||||
75 | ... | ... | ...
|
||||
|
||||
There are 655 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 659 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -47,4 +47,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [RO](https://vuldb.com/?country.ro)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
@ -107,7 +107,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-271, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -118,53 +119,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/act/ActDao.xml` | High
|
||||
2 | File | `/add_members.php` | High
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/action/new-father.php` | High
|
||||
5 | File | `/admin/clientview.php` | High
|
||||
6 | File | `/admin/edit_teacher.php` | High
|
||||
7 | File | `/admin/fields/manage_field.php` | High
|
||||
8 | File | `/admin/regester.php` | High
|
||||
9 | File | `/admin/update-clients.php` | High
|
||||
10 | File | `/admin_ping.htm` | High
|
||||
11 | File | `/admin_route/dec_service_credits.php` | High
|
||||
12 | File | `/admin_route/inc_service_credits.php` | High
|
||||
13 | File | `/api/cron/settings/setJob/` | High
|
||||
14 | File | `/api/sys/set_passwd` | High
|
||||
15 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
16 | File | `/app/api/controller/default/Sqlite.php` | High
|
||||
17 | File | `/application/index/controller/Databasesource.php` | High
|
||||
18 | File | `/application/index/controller/Icon.php` | High
|
||||
19 | File | `/application/index/controller/Screen.php` | High
|
||||
20 | File | `/application/plugins/controller/Upload.php` | High
|
||||
21 | File | `/apply.cgi` | Medium
|
||||
22 | File | `/arch/x86/mm/cpu_entry_area.c` | High
|
||||
23 | File | `/authenticationendpoint/login.do` | High
|
||||
24 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
8 | File | `/admin/orders/view_order.php` | High
|
||||
9 | File | `/admin/regester.php` | High
|
||||
10 | File | `/admin/update-clients.php` | High
|
||||
11 | File | `/admin_ping.htm` | High
|
||||
12 | File | `/admin_route/dec_service_credits.php` | High
|
||||
13 | File | `/admin_route/inc_service_credits.php` | High
|
||||
14 | File | `/api/cron/settings/setJob/` | High
|
||||
15 | File | `/api/sys/set_passwd` | High
|
||||
16 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
17 | File | `/app/api/controller/default/Sqlite.php` | High
|
||||
18 | File | `/application/index/controller/Databasesource.php` | High
|
||||
19 | File | `/application/index/controller/Icon.php` | High
|
||||
20 | File | `/application/index/controller/Screen.php` | High
|
||||
21 | File | `/application/plugins/controller/Upload.php` | High
|
||||
22 | File | `/apply.cgi` | Medium
|
||||
23 | File | `/arch/x86/mm/cpu_entry_area.c` | High
|
||||
24 | File | `/authenticationendpoint/login.do` | High
|
||||
25 | File | `/bin/boa` | Medium
|
||||
26 | File | `/boaform/device_reset.cgi` | High
|
||||
27 | File | `/boafrm/formMapDelDevice` | High
|
||||
28 | File | `/bsms_ci/index.php` | High
|
||||
29 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
30 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
31 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
32 | File | `/cgi-bin/kerbynet` | High
|
||||
33 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
34 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
35 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
|
||||
36 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
37 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
38 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
39 | File | `/config/getuser` | High
|
||||
40 | File | `/core/redirect` | High
|
||||
41 | File | `/dashboard/message` | High
|
||||
42 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
43 | File | `/debug/pprof` | Medium
|
||||
44 | File | `/DXR.axd` | Medium
|
||||
45 | File | `/ECT_Provider/` | High
|
||||
46 | ... | ... | ...
|
||||
28 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
29 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
30 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
31 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
32 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
33 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
|
||||
34 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
35 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
36 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
37 | File | `/config/getuser` | High
|
||||
38 | File | `/core/redirect` | High
|
||||
39 | File | `/dashboard/message` | High
|
||||
40 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
41 | File | `/debug/pprof` | Medium
|
||||
42 | File | `/DXR.axd` | Medium
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 371 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -73,7 +73,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -94,35 +94,33 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
8 | File | `/aux` | Low
|
||||
9 | File | `/book-services.php` | High
|
||||
10 | File | `/booking/show_bookings/` | High
|
||||
11 | File | `/changePassword` | High
|
||||
12 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
13 | File | `/dashboard/add-blog.php` | High
|
||||
14 | File | `/data/remove` | Medium
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/ecshop/admin/template.php` | High
|
||||
17 | File | `/en/blog-comment-4` | High
|
||||
18 | File | `/etc/passwd` | Medium
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/group1/uploa` | High
|
||||
21 | File | `/h/` | Low
|
||||
22 | File | `/index.php` | Medium
|
||||
23 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
24 | File | `/novel/bookSetting/list` | High
|
||||
25 | File | `/novel/userFeedback/list` | High
|
||||
26 | File | `/owa/auth/logon.aspx` | High
|
||||
27 | File | `/resources//../` | High
|
||||
28 | File | `/testConnection` | High
|
||||
29 | File | `/tmp/ppd.trace` | High
|
||||
30 | File | `/user/inc/workidajax.php` | High
|
||||
31 | File | `/userLogin.asp` | High
|
||||
32 | File | `/vm/admin/doctors.php` | High
|
||||
33 | File | `Access.app/Contents/Resources/kcproxy` | High
|
||||
34 | File | `acs.exe` | Low
|
||||
35 | File | `action-visitor.php` | High
|
||||
36 | ... | ... | ...
|
||||
10 | File | `/changePassword` | High
|
||||
11 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
12 | File | `/dashboard/add-blog.php` | High
|
||||
13 | File | `/data/remove` | Medium
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/ecshop/admin/template.php` | High
|
||||
16 | File | `/etc/passwd` | Medium
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/goform/net\_Web\_get_value` | High
|
||||
19 | File | `/group1/uploa` | High
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
22 | File | `/novel/bookSetting/list` | High
|
||||
23 | File | `/novel/userFeedback/list` | High
|
||||
24 | File | `/owa/auth/logon.aspx` | High
|
||||
25 | File | `/testConnection` | High
|
||||
26 | File | `/tmp/ppd.trace` | High
|
||||
27 | File | `/user/inc/workidajax.php` | High
|
||||
28 | File | `/userLogin.asp` | High
|
||||
29 | File | `/vm/admin/doctors.php` | High
|
||||
30 | File | `Access.app/Contents/Resources/kcproxy` | High
|
||||
31 | File | `acs.exe` | Low
|
||||
32 | File | `action-visitor.php` | High
|
||||
33 | File | `adclick.php` | Medium
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 306 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -67,16 +67,17 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/goform/RgDhcp` | High
|
||||
7 | File | `/goform/RGFirewallEL` | High
|
||||
8 | File | `/horde/util/go.php` | High
|
||||
9 | File | `/rapi/read_url` | High
|
||||
10 | File | `/scripts/unlock_tasks.php` | High
|
||||
11 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
12 | File | `/uncpath/` | Medium
|
||||
13 | File | `/usr/bin/pkexec` | High
|
||||
14 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
15 | File | `/wp-content/uploads/photo-gallery/` | High
|
||||
16 | ... | ... | ...
|
||||
9 | File | `/php/ping.php` | High
|
||||
10 | File | `/rapi/read_url` | High
|
||||
11 | File | `/scripts/unlock_tasks.php` | High
|
||||
12 | File | `/SysInfo1.htm` | High
|
||||
13 | File | `/sysinfo_json.cgi` | High
|
||||
14 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
15 | File | `/uncpath/` | Medium
|
||||
16 | File | `/usr/bin/pkexec` | High
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 128 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 137 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,8 +17,8 @@ The following _campaigns_ are known and can be associated with APT33:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
@ -61,7 +61,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -82,72 +82,74 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `/admin/article/article-edit-run.php` | High
|
||||
12 | File | `/admin/courses/view_course.php` | High
|
||||
13 | File | `/admin/del_category.php` | High
|
||||
14 | File | `/admin/edit_product.php` | High
|
||||
15 | File | `/admin/forgot-password.php` | High
|
||||
16 | File | `/admin/invoice.php` | High
|
||||
17 | File | `/admin/leancloud.php` | High
|
||||
18 | File | `/admin/maintenance/view_designation.php` | High
|
||||
19 | File | `/admin/modal_add_product.php` | High
|
||||
20 | File | `/admin/orders/update_status.php` | High
|
||||
21 | File | `/admin/settings/` | High
|
||||
22 | File | `/admin/students/manage_academic.php` | High
|
||||
23 | File | `/admin/sys_sql_query.php` | High
|
||||
24 | File | `/admin/theme-edit.php` | High
|
||||
25 | File | `/admin/update-clients.php` | High
|
||||
26 | File | `/admin/userprofile.php` | High
|
||||
27 | File | `/api/controllers/admin/app/ComboController.php` | High
|
||||
28 | File | `/api/log/killJob` | High
|
||||
29 | File | `/application/index/common.php` | High
|
||||
30 | File | `/application/index/controller/Pay.php` | High
|
||||
31 | File | `/application/index/controller/Screen.php` | High
|
||||
32 | File | `/application/index/controller/Unity.php` | High
|
||||
33 | File | `/apply/index.php` | High
|
||||
34 | File | `/author_posts.php` | High
|
||||
35 | File | `/blog` | Low
|
||||
36 | File | `/book-services.php` | High
|
||||
37 | File | `/booking/show_bookings/` | High
|
||||
38 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
39 | File | `/cas/logout` | Medium
|
||||
40 | File | `/category.php` | High
|
||||
41 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
42 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
43 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
44 | File | `/change-language/de_DE` | High
|
||||
45 | File | `/classes/Login.php` | High
|
||||
46 | File | `/classes/Master.php?f=delete_service` | High
|
||||
47 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
48 | File | `/classes/Master.php?f=save_item` | High
|
||||
49 | File | `/classes/Users.php?f=save` | High
|
||||
50 | File | `/cms/notify` | Medium
|
||||
51 | File | `/contact/store` | High
|
||||
52 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
|
||||
53 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
54 | File | `/Duty/AjaxHandle/Write/UploadFile.ashx` | High
|
||||
55 | File | `/ecommerce/support_ticket` | High
|
||||
56 | File | `/edit.php` | Medium
|
||||
57 | File | `/en/blog-comment-4` | High
|
||||
58 | File | `/endpoint/add-guest.php` | High
|
||||
59 | File | `/endpoint/add-user.php` | High
|
||||
60 | File | `/ext/collect/filter_text.do` | High
|
||||
61 | File | `/file_manager/admin/save_user.php` | High
|
||||
62 | File | `/forum/away.php` | High
|
||||
63 | File | `/general/email/outbox/delete.php` | High
|
||||
64 | File | `/general/ipanel/menu_code.php?MENU_TYPE=FAV` | High
|
||||
65 | File | `/get.php` | Medium
|
||||
66 | File | `/goform/RgUrlBlock.asp` | High
|
||||
67 | File | `/goform/setDeviceSettings` | High
|
||||
68 | File | `/goform/SetOnlineDevName` | High
|
||||
69 | File | `/goform/WifiBasicSet` | High
|
||||
70 | File | `/goform/wifiSSIDset` | High
|
||||
71 | File | `/h/` | Low
|
||||
72 | File | `/hedwig.cgi` | Medium
|
||||
73 | File | `/HNAP1/` | Low
|
||||
74 | File | `/home/courses` | High
|
||||
75 | File | `/home/filter_listings` | High
|
||||
76 | File | `/hss/?page=product_per_brand` | High
|
||||
77 | ... | ... | ...
|
||||
14 | File | `/admin/edit-admin.php` | High
|
||||
15 | File | `/admin/edit_product.php` | High
|
||||
16 | File | `/admin/edit_supplier.php` | High
|
||||
17 | File | `/admin/forgot-password.php` | High
|
||||
18 | File | `/admin/invoice.php` | High
|
||||
19 | File | `/admin/leancloud.php` | High
|
||||
20 | File | `/Admin/login.php` | High
|
||||
21 | File | `/admin/maintenance/view_designation.php` | High
|
||||
22 | File | `/admin/modal_add_product.php` | High
|
||||
23 | File | `/admin/orders/update_status.php` | High
|
||||
24 | File | `/admin/orders/view_order.php` | High
|
||||
25 | File | `/admin/settings/` | High
|
||||
26 | File | `/admin/students/manage_academic.php` | High
|
||||
27 | File | `/admin/sys_sql_query.php` | High
|
||||
28 | File | `/admin/theme-edit.php` | High
|
||||
29 | File | `/admin/update-clients.php` | High
|
||||
30 | File | `/admin/userprofile.php` | High
|
||||
31 | File | `/api/controllers/admin/app/ComboController.php` | High
|
||||
32 | File | `/api/controllers/common/UploadsController.php` | High
|
||||
33 | File | `/api/log/killJob` | High
|
||||
34 | File | `/application/index/common.php` | High
|
||||
35 | File | `/application/index/controller/Pay.php` | High
|
||||
36 | File | `/application/index/controller/Screen.php` | High
|
||||
37 | File | `/application/index/controller/Unity.php` | High
|
||||
38 | File | `/apply/index.php` | High
|
||||
39 | File | `/author_posts.php` | High
|
||||
40 | File | `/blog` | Low
|
||||
41 | File | `/book-services.php` | High
|
||||
42 | File | `/booking/show_bookings/` | High
|
||||
43 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
44 | File | `/cas/logout` | Medium
|
||||
45 | File | `/category.php` | High
|
||||
46 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
47 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
48 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
49 | File | `/change-language/de_DE` | High
|
||||
50 | File | `/classes/Login.php` | High
|
||||
51 | File | `/classes/Master.php?f=delete_service` | High
|
||||
52 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
53 | File | `/classes/Master.php?f=save_item` | High
|
||||
54 | File | `/classes/Users.php?f=save` | High
|
||||
55 | File | `/cms/notify` | Medium
|
||||
56 | File | `/contact/store` | High
|
||||
57 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
|
||||
58 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
59 | File | `/Duty/AjaxHandle/Write/UploadFile.ashx` | High
|
||||
60 | File | `/ecommerce/support_ticket` | High
|
||||
61 | File | `/edit.php` | Medium
|
||||
62 | File | `/Employer/ManageJob.php` | High
|
||||
63 | File | `/en/blog-comment-4` | High
|
||||
64 | File | `/endpoint/add-computer.php` | High
|
||||
65 | File | `/endpoint/add-guest.php` | High
|
||||
66 | File | `/endpoint/add-user.php` | High
|
||||
67 | File | `/ext/collect/filter_text.do` | High
|
||||
68 | File | `/file_manager/admin/save_user.php` | High
|
||||
69 | File | `/forum/away.php` | High
|
||||
70 | File | `/general/email/outbox/delete.php` | High
|
||||
71 | File | `/general/ipanel/menu_code.php?MENU_TYPE=FAV` | High
|
||||
72 | File | `/get.php` | Medium
|
||||
73 | File | `/goform/RgUrlBlock.asp` | High
|
||||
74 | File | `/goform/setDeviceSettings` | High
|
||||
75 | File | `/goform/SetOnlineDevName` | High
|
||||
76 | File | `/goform/WifiBasicSet` | High
|
||||
77 | File | `/goform/wifiSSIDset` | High
|
||||
78 | File | `/h/` | Low
|
||||
79 | ... | ... | ...
|
||||
|
||||
There are 680 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 692 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -61,7 +61,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -70,53 +70,61 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
2 | File | `/admin/about-us.php` | High
|
||||
3 | File | `/admin/addemployee.php` | High
|
||||
4 | File | `/admin/add_trainers.php` | High
|
||||
5 | File | `/admin/api/theme-edit/` | High
|
||||
6 | File | `/admin/countrymanagement.php` | High
|
||||
7 | File | `/admin/del_category.php` | High
|
||||
8 | File | `/admin/del_service.php` | High
|
||||
9 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
10 | File | `/admin/edit-services.php` | High
|
||||
11 | File | `/admin/edit_category.php` | High
|
||||
12 | File | `/admin/forgot-password.php` | High
|
||||
13 | File | `/admin/generalsettings.php` | High
|
||||
14 | File | `/admin/index.php` | High
|
||||
15 | File | `/admin/maintenance/view_designation.php` | High
|
||||
16 | File | `/admin/makehtml_freelist_action.php` | High
|
||||
17 | File | `/admin/newsletter1.php` | High
|
||||
18 | File | `/admin/payment.php` | High
|
||||
19 | File | `/admin/reg.php` | High
|
||||
20 | File | `/admin/search-appointment.php` | High
|
||||
21 | File | `/admin/students/update_status.php` | High
|
||||
22 | File | `/admin/subnets/ripe-query.php` | High
|
||||
23 | File | `/api/sys/login` | High
|
||||
24 | File | `/api/sys/set_passwd` | High
|
||||
25 | File | `/apply.cgi` | Medium
|
||||
26 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
27 | File | `/bin/boa` | Medium
|
||||
28 | File | `/boafrm/formMapDelDevice` | High
|
||||
29 | File | `/booking/show_bookings/` | High
|
||||
30 | File | `/cgi-bin/adm.cgi` | High
|
||||
31 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
32 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
33 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
34 | File | `/chaincity/user/ticket/create` | High
|
||||
35 | File | `/collection/all` | High
|
||||
36 | File | `/common/info.cgi` | High
|
||||
37 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
38 | File | `/core/config-revisions` | High
|
||||
39 | File | `/debug/pprof` | Medium
|
||||
40 | File | `/dipam/athlete-profile.php` | High
|
||||
41 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
42 | File | `/export` | Low
|
||||
43 | File | `/filemanager/upload/drop` | High
|
||||
44 | File | `/forum/away.php` | High
|
||||
45 | File | `/function/login.php` | High
|
||||
46 | ... | ... | ...
|
||||
2 | File | `/admin/` | Low
|
||||
3 | File | `/admin/about-us.php` | High
|
||||
4 | File | `/admin/addemployee.php` | High
|
||||
5 | File | `/admin/add_trainers.php` | High
|
||||
6 | File | `/admin/api/theme-edit/` | High
|
||||
7 | File | `/admin/app/login_crud.php` | High
|
||||
8 | File | `/admin/app/profile_crud.php` | High
|
||||
9 | File | `/admin/countrymanagement.php` | High
|
||||
10 | File | `/admin/del_category.php` | High
|
||||
11 | File | `/admin/del_service.php` | High
|
||||
12 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
13 | File | `/admin/edit-services.php` | High
|
||||
14 | File | `/admin/edit_category.php` | High
|
||||
15 | File | `/admin/edit_supplier.php` | High
|
||||
16 | File | `/admin/forgot-password.php` | High
|
||||
17 | File | `/admin/generalsettings.php` | High
|
||||
18 | File | `/admin/index.php` | High
|
||||
19 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
20 | File | `/admin/login.php` | High
|
||||
21 | File | `/Admin/login.php` | High
|
||||
22 | File | `/admin/maintenance/view_designation.php` | High
|
||||
23 | File | `/admin/makehtml_freelist_action.php` | High
|
||||
24 | File | `/admin/newsletter1.php` | High
|
||||
25 | File | `/admin/payment.php` | High
|
||||
26 | File | `/admin/reg.php` | High
|
||||
27 | File | `/admin/search-appointment.php` | High
|
||||
28 | File | `/admin/students/update_status.php` | High
|
||||
29 | File | `/admin/subnets/ripe-query.php` | High
|
||||
30 | File | `/ajax-api.php` | High
|
||||
31 | File | `/api/sys/login` | High
|
||||
32 | File | `/api/sys/set_passwd` | High
|
||||
33 | File | `/app/ajax/search_sales_report.php` | High
|
||||
34 | File | `/app/controller/Setup.php` | High
|
||||
35 | File | `/apply.cgi` | Medium
|
||||
36 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
37 | File | `/bin/boa` | Medium
|
||||
38 | File | `/boafrm/formMapDelDevice` | High
|
||||
39 | File | `/booking/show_bookings/` | High
|
||||
40 | File | `/cancel.php` | Medium
|
||||
41 | File | `/cgi-bin/adm.cgi` | High
|
||||
42 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
43 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
44 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
45 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
46 | File | `/chaincity/user/ticket/create` | High
|
||||
47 | File | `/collection/all` | High
|
||||
48 | File | `/common/info.cgi` | High
|
||||
49 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
50 | File | `/core/config-revisions` | High
|
||||
51 | File | `/debug/pprof` | Medium
|
||||
52 | File | `/dipam/athlete-profile.php` | High
|
||||
53 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 398 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 472 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
@ -50,10 +50,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -83,38 +83,38 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/admin/usermanagement.php` | High
|
||||
18 | File | `/aqpg/users/login.php` | High
|
||||
19 | File | `/artist-display.php` | High
|
||||
20 | File | `/backups/` | Medium
|
||||
21 | File | `/bcms/admin/?page=user/list` | High
|
||||
22 | File | `/cardo/api` | Medium
|
||||
23 | File | `/catcompany.php` | High
|
||||
24 | File | `/CCMAdmin/serverlist.asp` | High
|
||||
25 | File | `/cgi-bin/editBookmark` | High
|
||||
26 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
27 | File | `/cgi-bin/nightled.cgi` | High
|
||||
28 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
29 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
30 | File | `/ci_hms/search` | High
|
||||
31 | File | `/ci_spms/admin/category` | High
|
||||
32 | File | `/ci_spms/admin/search/searching/` | High
|
||||
33 | File | `/ci_ssms/index.php/orders/create` | High
|
||||
34 | File | `/classes/Users.php?f=save` | High
|
||||
35 | File | `/cwms/admin/?page=articles/view_article/` | High
|
||||
36 | File | `/cwms/classes/Master.php?f=save_contact` | High
|
||||
37 | File | `/editbrand.php` | High
|
||||
38 | File | `/film-rating.php` | High
|
||||
39 | File | `/front/roomtype-details.php` | High
|
||||
40 | File | `/goform/RgDdns` | High
|
||||
41 | File | `/goform/RgDhcp` | High
|
||||
42 | File | `/goform/RGFirewallEL` | High
|
||||
43 | File | `/goform/RgTime` | High
|
||||
44 | File | `/goform/RgUrlBlock.asp` | High
|
||||
45 | File | `/goform/wlanPrimaryNetwork` | High
|
||||
46 | File | `/horde/imp/search.php` | High
|
||||
47 | File | `/index.php` | Medium
|
||||
48 | File | `/librarian/bookdetails.php` | High
|
||||
20 | File | `/assets/php/upload.php` | High
|
||||
21 | File | `/backups/` | Medium
|
||||
22 | File | `/bcms/admin/?page=user/list` | High
|
||||
23 | File | `/cardo/api` | Medium
|
||||
24 | File | `/catcompany.php` | High
|
||||
25 | File | `/CCMAdmin/serverlist.asp` | High
|
||||
26 | File | `/cgi-bin/editBookmark` | High
|
||||
27 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
28 | File | `/cgi-bin/nightled.cgi` | High
|
||||
29 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
30 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
31 | File | `/ci_hms/search` | High
|
||||
32 | File | `/ci_spms/admin/category` | High
|
||||
33 | File | `/ci_spms/admin/search/searching/` | High
|
||||
34 | File | `/ci_ssms/index.php/orders/create` | High
|
||||
35 | File | `/classes/Users.php?f=save` | High
|
||||
36 | File | `/cwms/admin/?page=articles/view_article/` | High
|
||||
37 | File | `/cwms/classes/Master.php?f=save_contact` | High
|
||||
38 | File | `/editbrand.php` | High
|
||||
39 | File | `/film-rating.php` | High
|
||||
40 | File | `/front/roomtype-details.php` | High
|
||||
41 | File | `/goform/RgDdns` | High
|
||||
42 | File | `/goform/RgDhcp` | High
|
||||
43 | File | `/goform/RGFirewallEL` | High
|
||||
44 | File | `/goform/RgTime` | High
|
||||
45 | File | `/goform/RgUrlBlock.asp` | High
|
||||
46 | File | `/goform/wlanPrimaryNetwork` | High
|
||||
47 | File | `/horde/imp/search.php` | High
|
||||
48 | File | `/index.php` | Medium
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 421 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 425 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -135,4 +135,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
There are 29 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -71,7 +71,7 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/self.key` | Medium
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 132 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 133 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,9 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AV Tech Support Scam:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [UA](https://vuldb.com/?country.ua)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -31,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21 | Pathname Traversal | High
|
||||
2 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1592 | CWE-200 | Configuration | High
|
||||
1 | T1006 | CWE-21 | Path Traversal | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -45,8 +48,11 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/nova/bin/bfd` | High
|
||||
2 | File | `net/xfrm/xfrm_user.c` | High
|
||||
3 | Argument | `-q` | Low
|
||||
2 | File | `ehshell.exe` | Medium
|
||||
3 | File | `general/hr/manage/staff_reinstatement/delete.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -25,9 +25,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -31,8 +31,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -66,4 +66,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -28,4 +28,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AdWind:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -49,14 +49,15 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
26 | [45.147.231.41](https://vuldb.com/?ip.45.147.231.41) | - | - | High
|
||||
27 | [46.20.33.76](https://vuldb.com/?ip.46.20.33.76) | - | - | High
|
||||
28 | [46.183.220.114](https://vuldb.com/?ip.46.183.220.114) | ip-220-114.dataclub.info | - | High
|
||||
29 | [50.7.199.164](https://vuldb.com/?ip.50.7.199.164) | - | - | High
|
||||
30 | [51.254.21.25](https://vuldb.com/?ip.51.254.21.25) | ip25.ip-51-254-21.eu | - | High
|
||||
31 | [65.99.225.111](https://vuldb.com/?ip.65.99.225.111) | hv36svg168.neubox.net | - | High
|
||||
32 | [66.154.111.3](https://vuldb.com/?ip.66.154.111.3) | - | - | High
|
||||
33 | [67.215.4.74](https://vuldb.com/?ip.67.215.4.74) | - | - | High
|
||||
34 | ... | ... | ... | ...
|
||||
29 | [46.183.223.64](https://vuldb.com/?ip.46.183.223.64) | ip-223-64.dataclub.info | - | High
|
||||
30 | [50.7.199.164](https://vuldb.com/?ip.50.7.199.164) | - | - | High
|
||||
31 | [51.254.21.25](https://vuldb.com/?ip.51.254.21.25) | ip25.ip-51-254-21.eu | - | High
|
||||
32 | [65.99.225.111](https://vuldb.com/?ip.65.99.225.111) | hv36svg168.neubox.net | - | High
|
||||
33 | [66.154.111.3](https://vuldb.com/?ip.66.154.111.3) | - | - | High
|
||||
34 | [67.215.4.74](https://vuldb.com/?ip.67.215.4.74) | - | - | High
|
||||
35 | ... | ... | ... | ...
|
||||
|
||||
There are 133 more IOC items available. Please use our online service to access the data.
|
||||
There are 135 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -64,13 +65,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -78,27 +79,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin_giant/add_team_member.php` | High
|
||||
2 | File | `/common/info.cgi` | High
|
||||
3 | File | `/get_getnetworkconf.cgi` | High
|
||||
4 | File | `/goform/setmac` | High
|
||||
5 | File | `/integrations.json` | High
|
||||
6 | File | `/irj/portal/` | Medium
|
||||
7 | File | `/lists/admin/` | High
|
||||
8 | File | `/phppath/php` | Medium
|
||||
9 | File | `/services/details.asp` | High
|
||||
10 | File | `/spip.php` | Medium
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `acl.c` | Low
|
||||
13 | File | `Addmessage.php` | High
|
||||
14 | File | `admin.php` | Medium
|
||||
15 | File | `admin.php?mod=user&act=del` | High
|
||||
16 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
|
||||
17 | File | `admin/login.asp` | High
|
||||
18 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
19 | ... | ... | ...
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin_giant/add_team_member.php` | High
|
||||
3 | File | `/api/admin/system/store/order/list` | High
|
||||
4 | File | `/cgi-bin/wapopen` | High
|
||||
5 | File | `/common/info.cgi` | High
|
||||
6 | File | `/csms/?page=contact_us` | High
|
||||
7 | File | `/etc/ajenti/config.yml` | High
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/get_getnetworkconf.cgi` | High
|
||||
10 | File | `/goform/setmac` | High
|
||||
11 | File | `/goform/telnet` | High
|
||||
12 | File | `/index.php/signin` | High
|
||||
13 | File | `/integrations.json` | High
|
||||
14 | File | `/lists/admin/` | High
|
||||
15 | File | `/modules/profile/index.php` | High
|
||||
16 | File | `/phppath/php` | Medium
|
||||
17 | File | `/rom-0` | Low
|
||||
18 | File | `/services/details.asp` | High
|
||||
19 | File | `/spip.php` | Medium
|
||||
20 | File | `/tmp/phpglibccheck` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/upload` | Low
|
||||
23 | File | `/var/tmp/sess_*` | High
|
||||
24 | File | `acl.c` | Low
|
||||
25 | File | `action.php` | Medium
|
||||
26 | File | `actionphp/download.File.php` | High
|
||||
27 | File | `Addmessage.php` | High
|
||||
28 | File | `add_comment.php` | High
|
||||
29 | File | `admin.php` | Medium
|
||||
30 | File | `admin.php?mod=user&act=del` | High
|
||||
31 | File | `admin/admin.php` | High
|
||||
32 | File | `admin/content.php` | High
|
||||
33 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
34 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
|
||||
35 | File | `admin/login.asp` | High
|
||||
36 | File | `admin_gallery.php3` | High
|
||||
37 | File | `admin_safe.php` | High
|
||||
38 | File | `affich.php` | Medium
|
||||
39 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
40 | File | `ajax/telemetry.php` | High
|
||||
41 | File | `akeyActivationLogin.do` | High
|
||||
42 | File | `album_portal.php` | High
|
||||
43 | File | `apache-auth.conf` | High
|
||||
44 | File | `app\contacts\contact_addresses.php` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 152 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 393 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -27,4 +27,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -115,4 +115,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -25,8 +25,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
2 | T1202 | CWE-77 | Command Injection | High
|
||||
1 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
2 | T1202 | CWE-77 | Command Shell in Externally Accessible Directory | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# AhMyth - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AhMyth](https://vuldb.com/?actor.ahmyth). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ahmyth](https://vuldb.com/?actor.ahmyth)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AhMyth.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [87.119.220.245](https://vuldb.com/?ip.87.119.220.245) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://threatfox.abuse.ch
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -1,36 +1,29 @@
|
|||
# X-Files Stealer - Cyber Threat Intelligence
|
||||
# AhRAT - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ X-Files Stealer](https://vuldb.com/?actor._x-files_stealer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AhRAT](https://vuldb.com/?actor.ahrat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor._x-files_stealer](https://vuldb.com/?actor._x-files_stealer)
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ahrat](https://vuldb.com/?actor.ahrat)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with X-Files Stealer:
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AhRAT:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of X-Files Stealer.
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AhRAT.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [91.92.240.39](https://vuldb.com/?ip.91.92.240.39) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _ X-Files Stealer_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
1 | [13.228.247.118](https://vuldb.com/?ip.13.228.247.118) | ec2-13-228-247-118.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
2 | [34.87.78.222](https://vuldb.com/?ip.34.87.78.222) | 222.78.87.34.bc.googleusercontent.com | - | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://tria.ge/240119-wprzjabfb4
|
||||
* https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
|
||||
|
||||
## Literature
|
||||
|
|
@ -33,4 +33,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -27,4 +27,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -36,8 +36,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -71,4 +71,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -31,8 +31,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -67,4 +67,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -34,9 +34,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
@ -64,7 +64,7 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 123 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
|
|
@ -36,8 +36,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1202 | CWE-77 | Command Injection | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1202 | CWE-77 | Command Shell in Externally Accessible Directory | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -70,4 +70,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -34,9 +34,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
1 | T1059 | CWE-94 | Argument Injection | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
3 | T1592 | CWE-200 | Configuration | High
|
||||
3 | T1592 | CWE-200 | Invocation of Process Using Visible Sensitive Information | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -69,4 +69,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -48,10 +48,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -85,19 +85,20 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/goform/RGFirewallEL` | High
|
||||
22 | File | `/inc/parser/xhtml.php` | High
|
||||
23 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
24 | File | `/lists/index.php` | High
|
||||
25 | File | `/login.html` | Medium
|
||||
26 | File | `/medical/inventories.php` | High
|
||||
27 | File | `/mobilebroker/ServiceToBroker.svc/Json/Connect` | High
|
||||
28 | File | `/new` | Low
|
||||
29 | File | `/public/login.htm` | High
|
||||
30 | File | `/static/ueditor/php/controller.php` | High
|
||||
31 | File | `/system?action=ServiceAdmin` | High
|
||||
32 | File | `/timeline2.php` | High
|
||||
33 | ... | ... | ...
|
||||
23 | File | `/index.php?menu=asterisk_cli` | High
|
||||
24 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
25 | File | `/lists/index.php` | High
|
||||
26 | File | `/login.html` | Medium
|
||||
27 | File | `/medical/inventories.php` | High
|
||||
28 | File | `/mobilebroker/ServiceToBroker.svc/Json/Connect` | High
|
||||
29 | File | `/new` | Low
|
||||
30 | File | `/public/login.htm` | High
|
||||
31 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
32 | File | `/static/ueditor/php/controller.php` | High
|
||||
33 | File | `/system?action=ServiceAdmin` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 285 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 292 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -117,4 +118,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -42,10 +42,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -58,64 +58,64 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/?Page=Node/OBJ=/System/DeviceFolder/DeviceFolder/DateTime/Action=Submit` | High
|
||||
3 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
4 | File | `/admin/add-services.php` | High
|
||||
5 | File | `/admin/admin.php` | High
|
||||
6 | File | `/admin/ajax/avatar.php` | High
|
||||
7 | File | `/admin/edit-services.php` | High
|
||||
8 | File | `/admin/forgot-password.php` | High
|
||||
9 | File | `/admin/index.php` | High
|
||||
10 | File | `/admin/lab.php` | High
|
||||
11 | File | `/admin/login.php` | High
|
||||
12 | File | `/admin/payment.php` | High
|
||||
13 | File | `/admin/show.php` | High
|
||||
14 | File | `/bin/boa` | Medium
|
||||
15 | File | `/boat/login.php` | High
|
||||
16 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
17 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
18 | File | `/default.php?idx=17` | High
|
||||
19 | File | `/download` | Medium
|
||||
20 | File | `/env` | Low
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/index.php` | Medium
|
||||
23 | File | `/installer/test.php` | High
|
||||
24 | File | `/librarian/bookdetails.php` | High
|
||||
25 | File | `/opt/bin/cli` | Medium
|
||||
26 | File | `/p` | Low
|
||||
27 | File | `/patient/doctors.php` | High
|
||||
28 | File | `/phpinventory/editcategory.php` | High
|
||||
29 | File | `/product-list.php` | High
|
||||
30 | File | `/spip.php` | Medium
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/updown/upload.cgi` | High
|
||||
33 | File | `/user/del.php` | High
|
||||
34 | File | `/vicidial/admin.php` | High
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `/_next` | Low
|
||||
37 | File | `123flashchat.php` | High
|
||||
38 | File | `act.php` | Low
|
||||
39 | File | `admin.php/pay` | High
|
||||
40 | File | `admin/bad.php` | High
|
||||
41 | File | `admin/index.php` | High
|
||||
42 | File | `admin/index.php/user/del/1` | High
|
||||
43 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
44 | File | `admin/products/controller.php?action=add` | High
|
||||
45 | File | `administrator/index.php` | High
|
||||
46 | File | `advertiser/login_confirm.asp` | High
|
||||
47 | File | `agenda.php` | Medium
|
||||
48 | File | `ajax/render/widget_php` | High
|
||||
49 | File | `akocomments.php` | High
|
||||
50 | File | `album_portal.php` | High
|
||||
51 | File | `api.php` | Low
|
||||
52 | File | `app/membership_signup.php` | High
|
||||
53 | File | `application/home/controller/debug.php` | High
|
||||
54 | File | `articulo.php` | Medium
|
||||
55 | File | `artlinks.dispnew.php` | High
|
||||
56 | File | `author.control.php` | High
|
||||
2 | File | `.php.gif` | Medium
|
||||
3 | File | `/?Page=Node/OBJ=/System/DeviceFolder/DeviceFolder/DateTime/Action=Submit` | High
|
||||
4 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
5 | File | `/admin/add-services.php` | High
|
||||
6 | File | `/admin/admin.php` | High
|
||||
7 | File | `/admin/ajax/avatar.php` | High
|
||||
8 | File | `/admin/edit-services.php` | High
|
||||
9 | File | `/admin/forgot-password.php` | High
|
||||
10 | File | `/admin/index.php` | High
|
||||
11 | File | `/admin/lab.php` | High
|
||||
12 | File | `/admin/login.php` | High
|
||||
13 | File | `/admin/payment.php` | High
|
||||
14 | File | `/admin/show.php` | High
|
||||
15 | File | `/auth/register` | High
|
||||
16 | File | `/bin/boa` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
19 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
20 | File | `/default.php?idx=17` | High
|
||||
21 | File | `/download` | Medium
|
||||
22 | File | `/env` | Low
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/installer/test.php` | High
|
||||
26 | File | `/librarian/bookdetails.php` | High
|
||||
27 | File | `/opt/bin/cli` | Medium
|
||||
28 | File | `/p` | Low
|
||||
29 | File | `/patient/doctors.php` | High
|
||||
30 | File | `/phpinventory/editcategory.php` | High
|
||||
31 | File | `/product-list.php` | High
|
||||
32 | File | `/spip.php` | Medium
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/updown/upload.cgi` | High
|
||||
35 | File | `/user/del.php` | High
|
||||
36 | File | `/vicidial/admin.php` | High
|
||||
37 | File | `/wp-admin/admin-ajax.php` | High
|
||||
38 | File | `/_next` | Low
|
||||
39 | File | `123flashchat.php` | High
|
||||
40 | File | `act.php` | Low
|
||||
41 | File | `admin.php/pay` | High
|
||||
42 | File | `admin/bad.php` | High
|
||||
43 | File | `admin/index.php` | High
|
||||
44 | File | `admin/index.php/user/del/1` | High
|
||||
45 | File | `admin/index.php?id=themes&action=edit_chunk` | High
|
||||
46 | File | `admin/products/controller.php?action=add` | High
|
||||
47 | File | `administrator/index.php` | High
|
||||
48 | File | `advertiser/login_confirm.asp` | High
|
||||
49 | File | `agenda.php` | Medium
|
||||
50 | File | `ajax/render/widget_php` | High
|
||||
51 | File | `akocomments.php` | High
|
||||
52 | File | `album_portal.php` | High
|
||||
53 | File | `api.php` | Low
|
||||
54 | File | `app/membership_signup.php` | High
|
||||
55 | File | `application/home/controller/debug.php` | High
|
||||
56 | File | `articulo.php` | Medium
|
||||
57 | ... | ... | ...
|
||||
|
||||
There are 493 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 500 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -134,4 +134,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -31,7 +31,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-269, CWE-274 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
2 | T1068 | CWE-264, CWE-269, CWE-274 | Execution with Unnecessary Privileges | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -65,4 +65,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -41,12 +41,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -74,7 +74,7 @@ ID | Type | Indicator | Confidence
|
|||
18 | File | `admin/admin_users.php` | High
|
||||
19 | ... | ... | ...
|
||||
|
||||
There are 158 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 159 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -118,4 +118,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -100,4 +100,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -25,7 +25,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
1 | T1059 | CWE-94 | Argument Injection | High
|
||||
2 | T1204.001 | CWE-601 | Open Redirect | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Apnic Unknown:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [IO](https://vuldb.com/?country.io)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
|
@ -804,14 +804,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -819,45 +819,59 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/admin/add-category.php` | High
|
||||
3 | File | `/admin/index2.html` | High
|
||||
4 | File | `/admin/sales/view_details.php` | High
|
||||
5 | File | `/admin/theme-edit.php` | High
|
||||
6 | File | `/api/log/killJob` | High
|
||||
7 | File | `/api/snapshot and /api/get_log_file` | High
|
||||
8 | File | `/api/upload.php` | High
|
||||
9 | File | `/api/v1/alerts` | High
|
||||
10 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
11 | File | `/bin/login` | Medium
|
||||
12 | File | `/calendar/minimizer/index.php` | High
|
||||
13 | File | `/classes/Master.php?f=delete_category` | High
|
||||
14 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
15 | File | `/dashboard/add-blog.php` | High
|
||||
16 | File | `/data/remove` | Medium
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/DesignTools/CssEditor.aspx` | High
|
||||
19 | File | `/desktop_app/file.ajax.php?action=uploadfile` | High
|
||||
20 | File | `/DXR.axd` | Medium
|
||||
21 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/geoserver/gwc/rest.html` | High
|
||||
24 | File | `/goform/formSysCmd` | High
|
||||
25 | File | `/HNAP1/` | Low
|
||||
26 | File | `/home/courses` | High
|
||||
27 | File | `/hosts/firewall/ip` | High
|
||||
28 | File | `/index.php/ccm/system/file/upload` | High
|
||||
29 | File | `/issue` | Low
|
||||
30 | File | `/login` | Low
|
||||
31 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
32 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
33 | File | `/php/ping.php` | High
|
||||
34 | File | `/proxy` | Low
|
||||
35 | File | `/public/admin/profile/update.html` | High
|
||||
36 | File | `/search.php` | Medium
|
||||
37 | ... | ... | ...
|
||||
1 | File | `.alerts-security.alerts-{space_id}` | High
|
||||
2 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
|
||||
3 | File | `/Account/login.php` | High
|
||||
4 | File | `/admin.php/appcenter/local.html?type=addon` | High
|
||||
5 | File | `/admin.php?p=/Area/index#tab=t2` | High
|
||||
6 | File | `/admin/` | Low
|
||||
7 | File | `/admin/clientview.php` | High
|
||||
8 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
9 | File | `/admin/view_sendlist.php` | High
|
||||
10 | File | `/adminapi/system/crud` | High
|
||||
11 | File | `/adminapi/system/file/openfile` | High
|
||||
12 | File | `/admin_route/dec_service_credits.php` | High
|
||||
13 | File | `/api/controllers/admin/app/AppController.php` | High
|
||||
14 | File | `/api/controllers/common/UploadsController.php` | High
|
||||
15 | File | `/api/log/killJob` | High
|
||||
16 | File | `/api/snapshot and /api/get_log_file` | High
|
||||
17 | File | `/api/upload.php` | High
|
||||
18 | File | `/api/v4/teams//channels/deleted` | High
|
||||
19 | File | `/app/api/controller/caiji.php` | High
|
||||
20 | File | `/app/controller/Setup.php` | High
|
||||
21 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
22 | File | `/app/index/controller/Common.php` | High
|
||||
23 | File | `/application/index/common.php` | High
|
||||
24 | File | `/application/index/controller/Databasesource.php` | High
|
||||
25 | File | `/application/index/controller/Pay.php` | High
|
||||
26 | File | `/application/pay/controller/Api.php` | High
|
||||
27 | File | `/assets/php/upload.php` | High
|
||||
28 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
29 | File | `/calendar/minimizer/index.php` | High
|
||||
30 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
31 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
32 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
33 | File | `/change-language/de_DE` | High
|
||||
34 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
35 | File | `/classes/Master.php?f=delete_category` | High
|
||||
36 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
37 | File | `/core/tools/update_menu.php` | High
|
||||
38 | File | `/dayrui/My/Config/Install.txt` | High
|
||||
39 | File | `/debug/pprof` | Medium
|
||||
40 | File | `/DesignTools/CssEditor.aspx` | High
|
||||
41 | File | `/devinfo` | Medium
|
||||
42 | File | `/dist/index.js` | High
|
||||
43 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
44 | File | `/endpoint/add-user.php` | High
|
||||
45 | File | `/forum/away.php` | High
|
||||
46 | File | `/forums/editforum.php` | High
|
||||
47 | File | `/general/email/outbox/delete.php` | High
|
||||
48 | File | `/goform/` | Medium
|
||||
49 | File | `/goform/setAutoPing` | High
|
||||
50 | File | `/HNAP1/` | Low
|
||||
51 | ... | ... | ...
|
||||
|
||||
There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 444 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -874,4 +888,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -24,7 +24,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1592 | CWE-200 | Configuration | High
|
||||
1 | T1592 | CWE-200 | Invocation of Process Using Visible Sensitive Information | High
|
||||
|
||||
## References
|
||||
|
||||
|
@ -41,4 +41,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -32,4 +32,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Applejeus:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,9 +34,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-24 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-24 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
@ -56,15 +56,15 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/admin/book_add.php` | High
|
||||
7 | File | `/admin/book_row.php` | High
|
||||
8 | File | `/admin/borrow_add.php` | High
|
||||
9 | File | `/admin/category/save` | High
|
||||
10 | File | `/admin/category_row.php` | High
|
||||
11 | File | `/admin/clientview.php` | High
|
||||
12 | File | `/admin/course.php` | High
|
||||
13 | File | `/admin/courses/manage_course.php` | High
|
||||
14 | File | `/admin/courses/view_course.php` | High
|
||||
15 | File | `/admin/departments/manage_department.php` | High
|
||||
16 | File | `/admin/index.php` | High
|
||||
17 | File | `/admin/ind_backstage.php` | High
|
||||
9 | File | `/admin/category_row.php` | High
|
||||
10 | File | `/admin/clientview.php` | High
|
||||
11 | File | `/admin/course.php` | High
|
||||
12 | File | `/admin/courses/manage_course.php` | High
|
||||
13 | File | `/admin/courses/view_course.php` | High
|
||||
14 | File | `/admin/departments/manage_department.php` | High
|
||||
15 | File | `/admin/index.php` | High
|
||||
16 | File | `/admin/ind_backstage.php` | High
|
||||
17 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
18 | File | `/admin/makehtml_freelist_action.php` | High
|
||||
19 | File | `/admin/manage-users.php` | High
|
||||
20 | File | `/admin/options-theme.php` | High
|
||||
|
@ -76,42 +76,50 @@ ID | Type | Indicator | Confidence
|
|||
26 | File | `/admin/students/update_status.php` | High
|
||||
27 | File | `/admin/subject.php` | High
|
||||
28 | File | `/admin/update-clients.php` | High
|
||||
29 | File | `/adplanet/PlanetCommentList` | High
|
||||
30 | File | `/adplanet/PlanetUser` | High
|
||||
31 | File | `/ample/app/action/edit_product.php` | High
|
||||
32 | File | `/api.php` | Medium
|
||||
33 | File | `/api/baskets/{name}` | High
|
||||
34 | File | `/api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest` | High
|
||||
35 | File | `/api/log/killJob` | High
|
||||
36 | File | `/app/ajax/sell_return_data.php` | High
|
||||
37 | File | `/app/api/controller/caiji.php` | High
|
||||
38 | File | `/app/api/controller/collect.php` | High
|
||||
39 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
40 | File | `/application/pay/controller/Api.php` | High
|
||||
41 | File | `/article/DelectArticleById/` | High
|
||||
42 | File | `/assets/php/upload.php` | High
|
||||
43 | File | `/auth/auth.php?user=1` | High
|
||||
44 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
45 | File | `/bin/boa` | Medium
|
||||
46 | File | `/boaform/device_reset.cgi` | High
|
||||
47 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
48 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
49 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
50 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
51 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
52 | File | `/cgi/cpaddons_report.pl` | High
|
||||
53 | File | `/classes/Master.php` | High
|
||||
54 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
55 | File | `/config-manager/save` | High
|
||||
56 | File | `/dashboard/createblog` | High
|
||||
57 | File | `/dashboard?controller=UserCollection::createUser` | High
|
||||
58 | File | `/debug/pprof` | Medium
|
||||
59 | File | `/devinfo` | Medium
|
||||
60 | File | `/DXR.axd` | Medium
|
||||
61 | File | `/endpoint/add-guest.php` | High
|
||||
62 | ... | ... | ...
|
||||
29 | File | `/admin/view_sendlist.php` | High
|
||||
30 | File | `/adplanet/PlanetCommentList` | High
|
||||
31 | File | `/adplanet/PlanetUser` | High
|
||||
32 | File | `/ample/app/action/edit_product.php` | High
|
||||
33 | File | `/api.php` | Medium
|
||||
34 | File | `/api/baskets/{name}` | High
|
||||
35 | File | `/api/controllers/admin/app/AppController.php` | High
|
||||
36 | File | `/api/controllers/admin/app/ComboController.php` | High
|
||||
37 | File | `/api/controllers/common/UploadsController.php` | High
|
||||
38 | File | `/api/controllers/merchant/app/ComboController.php` | High
|
||||
39 | File | `/api/controllers/merchant/design/MaterialController.php` | High
|
||||
40 | File | `/api/controllers/merchant/shop/PosterController.php` | High
|
||||
41 | File | `/api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest` | High
|
||||
42 | File | `/api/log/killJob` | High
|
||||
43 | File | `/app/ajax/sell_return_data.php` | High
|
||||
44 | File | `/app/api/controller/caiji.php` | High
|
||||
45 | File | `/app/api/controller/collect.php` | High
|
||||
46 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
47 | File | `/application/index/controller/Datament.php` | High
|
||||
48 | File | `/application/pay/controller/Api.php` | High
|
||||
49 | File | `/article/DelectArticleById/` | High
|
||||
50 | File | `/assets/php/upload.php` | High
|
||||
51 | File | `/auth/auth.php?user=1` | High
|
||||
52 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
53 | File | `/bin/boa` | Medium
|
||||
54 | File | `/boaform/device_reset.cgi` | High
|
||||
55 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
56 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
57 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
58 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
59 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
60 | File | `/cgi/cpaddons_report.pl` | High
|
||||
61 | File | `/classes/Master.php` | High
|
||||
62 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
63 | File | `/common/dict/list` | High
|
||||
64 | File | `/config-manager/save` | High
|
||||
65 | File | `/core/config-revisions` | High
|
||||
66 | File | `/currentsetting.htm` | High
|
||||
67 | File | `/dashboard/createblog` | High
|
||||
68 | File | `/dashboard?controller=UserCollection::createUser` | High
|
||||
69 | File | `/debug/pprof` | Medium
|
||||
70 | ... | ... | ...
|
||||
|
||||
There are 540 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 619 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AresLoader:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
@ -24,7 +25,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1552 | CWE-640 | ASP.NET Misconfiguration: Password in Configuration File | High
|
||||
1 | T1505 | CWE-89 | SQL Injection | High
|
||||
2 | T1552 | CWE-640 | Credentials Management | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -49,4 +51,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [IL](https://vuldb.com/?country.il)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -629,15 +629,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -646,48 +645,54 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/admin/save.php` | High
|
||||
3 | File | `/admin/sys_sql_query.php` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/api/download` | High
|
||||
6 | File | `/api/runscript` | High
|
||||
7 | File | `/api/v1/alerts` | High
|
||||
8 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
9 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
10 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
11 | File | `/category.php` | High
|
||||
12 | File | `/categorypage.php` | High
|
||||
13 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
14 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
15 | File | `/company/store` | High
|
||||
16 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
17 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
18 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/etc/passwd` | Medium
|
||||
21 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/geoserver/gwc/rest.html` | High
|
||||
24 | File | `/goform/formSysCmd` | High
|
||||
25 | File | `/HNAP1` | Low
|
||||
26 | File | `/hosts/firewall/ip` | High
|
||||
27 | File | `/index.php/ccm/system/file/upload` | High
|
||||
28 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
29 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
30 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/php/ping.php` | High
|
||||
33 | File | `/proxy` | Low
|
||||
34 | File | `/recipe-result` | High
|
||||
35 | File | `/register.do` | Medium
|
||||
36 | File | `/RPS2019Service/status.html` | High
|
||||
37 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
38 | File | `/setting` | Medium
|
||||
39 | File | `/sicweb-ajax/tmproot/` | High
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | ... | ... | ...
|
||||
2 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
|
||||
3 | File | `/Account/login.php` | High
|
||||
4 | File | `/admin/` | Low
|
||||
5 | File | `/admin/pages/edit_chicken.php` | High
|
||||
6 | File | `/admin/pages/student-print.php` | High
|
||||
7 | File | `/admin/save.php` | High
|
||||
8 | File | `/adminapi/system/crud` | High
|
||||
9 | File | `/adminapi/system/file/openfile` | High
|
||||
10 | File | `/admin_route/dec_service_credits.php` | High
|
||||
11 | File | `/admin_route/inc_service_credits.php` | High
|
||||
12 | File | `/api/runscript` | High
|
||||
13 | File | `/api/v1/alerts` | High
|
||||
14 | File | `/api/v4/teams//channels/deleted` | High
|
||||
15 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
16 | File | `/application/index/controller/Icon.php` | High
|
||||
17 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
18 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
19 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
20 | File | `/change-language/de_DE` | High
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/devinfo` | Medium
|
||||
23 | File | `/dist/index.js` | High
|
||||
24 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/general/attendance/manage/ask_duty/delete.php` | High
|
||||
27 | File | `/geoserver/gwc/rest.html` | High
|
||||
28 | File | `/goform/formSysCmd` | High
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/hosts/firewall/ip` | High
|
||||
31 | File | `/index.jsp#settings` | High
|
||||
32 | File | `/index.php/ccm/system/file/upload` | High
|
||||
33 | File | `/Interface/DevManage/VM.php` | High
|
||||
34 | File | `/log/decodmail.php` | High
|
||||
35 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
36 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/php/ping.php` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/register.do` | Medium
|
||||
41 | File | `/RPS2019Service/status.html` | High
|
||||
42 | File | `/s/index.php?action=statistics` | High
|
||||
43 | File | `/setting` | Medium
|
||||
44 | File | `/sicweb-ajax/tmproot/` | High
|
||||
45 | File | `/signup.php` | Medium
|
||||
46 | File | `/spip.php` | Medium
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 353 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 411 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -707,4 +712,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -41,12 +41,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -58,10 +58,11 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `add_comment.php` | High
|
||||
3 | File | `admin/index.php` | High
|
||||
4 | File | `api_jsonrpc.php` | High
|
||||
5 | File | `data/gbconfiguration.dat` | High
|
||||
6 | ... | ... | ...
|
||||
5 | File | `cloud.php` | Medium
|
||||
6 | File | `data/gbconfiguration.dat` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 41 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 43 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -937,4 +937,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -88,13 +88,13 @@ ID | Type | Indicator | Confidence
|
|||
36 | File | `/getcfg.php` | Medium
|
||||
37 | File | `/goform/WifiBasicSet` | High
|
||||
38 | File | `/hrm/employeeview.php` | High
|
||||
39 | File | `/htdocs/cgibin` | High
|
||||
40 | File | `/inc/topBarNav.php` | High
|
||||
41 | File | `/index.php?case=table&act=add&table=archive&admin_dir=admin` | High
|
||||
42 | File | `/members/view_member.php` | High
|
||||
39 | File | `/inc/topBarNav.php` | High
|
||||
40 | File | `/index.php?case=table&act=add&table=archive&admin_dir=admin` | High
|
||||
41 | File | `/members/view_member.php` | High
|
||||
42 | File | `/mgm_dev_reboot.asp` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 372 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -114,4 +114,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -37,8 +37,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -52,15 +52,15 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/orders/update_status.php` | High
|
||||
2 | File | `/admin/sys_sql_query.php` | High
|
||||
3 | File | `/application/index/common.php` | High
|
||||
4 | File | `/getcfg.php` | Medium
|
||||
5 | File | `/paysystem/datatable.php` | High
|
||||
6 | File | `/settings/account` | High
|
||||
7 | File | `act.php` | Low
|
||||
8 | File | `admin.php` | Medium
|
||||
3 | File | `/app/controller/Setup.php` | High
|
||||
4 | File | `/application/index/common.php` | High
|
||||
5 | File | `/getcfg.php` | Medium
|
||||
6 | File | `/paysystem/datatable.php` | High
|
||||
7 | File | `/settings/account` | High
|
||||
8 | File | `act.php` | Low
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 64 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 66 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -30,8 +30,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -65,4 +65,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -99,7 +99,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Armor Piercer:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
|
@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -47,17 +47,19 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
2 | File | `/apply.cgi` | Medium
|
||||
3 | File | `/index.php/sysmanage/Login/login_auth/` | High
|
||||
4 | File | `/MIME/INBOX-MM-1/` | High
|
||||
5 | File | `/rapi/read_url` | High
|
||||
6 | File | `/scripts/unlock_tasks.php` | High
|
||||
7 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
8 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
9 | ... | ... | ...
|
||||
1 | File | `/admin.php?p=/Area/index#tab=t2` | High
|
||||
2 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
3 | File | `/apply.cgi` | Medium
|
||||
4 | File | `/index.php/sysmanage/Login/login_auth/` | High
|
||||
5 | File | `/MIME/INBOX-MM-1/` | High
|
||||
6 | File | `/php/ping.php` | High
|
||||
7 | File | `/rapi/read_url` | High
|
||||
8 | File | `/scripts/unlock_tasks.php` | High
|
||||
9 | File | `/SysInfo1.htm` | High
|
||||
10 | File | `/sysinfo_json.cgi` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 69 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -74,4 +76,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -44,9 +44,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
@ -87,43 +87,44 @@ ID | Type | Indicator | Confidence
|
|||
27 | File | `/recordings/index.php` | High
|
||||
28 | File | `/see_more_details.php` | High
|
||||
29 | File | `/show_news.php` | High
|
||||
30 | File | `/tmp/before` | Medium
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/updownload/t.report` | High
|
||||
33 | File | `/user.profile.php` | High
|
||||
34 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
35 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
36 | File | `/wp-admin` | Medium
|
||||
37 | File | `/wp-admin/admin-ajax.php` | High
|
||||
38 | File | `4.2.0.CP09` | Medium
|
||||
39 | File | `account.asp` | Medium
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `adm/systools.asp` | High
|
||||
42 | File | `admin.php` | Medium
|
||||
43 | File | `admin/admin.shtml` | High
|
||||
44 | File | `Admin/ADM_Pagina.php` | High
|
||||
45 | File | `admin/category.inc.php` | High
|
||||
46 | File | `admin/main.asp` | High
|
||||
47 | File | `admin/param/param_func.inc.php` | High
|
||||
48 | File | `admin/y_admin.asp` | High
|
||||
49 | File | `adminer.php` | Medium
|
||||
50 | File | `administration/admins.php` | High
|
||||
51 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
52 | File | `admin_ok.asp` | Medium
|
||||
53 | File | `album_portal.php` | High
|
||||
54 | File | `app/Core/Paginator.php` | High
|
||||
55 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
56 | File | `artlinks.dispnew.php` | High
|
||||
57 | File | `auth.php` | Medium
|
||||
58 | File | `awstats.pl` | Medium
|
||||
59 | File | `bin/named/query.c` | High
|
||||
60 | File | `blank.php` | Medium
|
||||
61 | File | `blocklayered-ajax.php` | High
|
||||
62 | File | `blogger-importer.php` | High
|
||||
63 | File | `bluegate_seo.inc.php` | High
|
||||
64 | ... | ... | ...
|
||||
30 | File | `/student/bookdetails.php` | High
|
||||
31 | File | `/tmp/before` | Medium
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/updownload/t.report` | High
|
||||
34 | File | `/user.profile.php` | High
|
||||
35 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
36 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
37 | File | `/wp-admin` | Medium
|
||||
38 | File | `/wp-admin/admin-ajax.php` | High
|
||||
39 | File | `4.2.0.CP09` | Medium
|
||||
40 | File | `account.asp` | Medium
|
||||
41 | File | `adclick.php` | Medium
|
||||
42 | File | `adm/systools.asp` | High
|
||||
43 | File | `admin.php` | Medium
|
||||
44 | File | `admin/admin.shtml` | High
|
||||
45 | File | `Admin/ADM_Pagina.php` | High
|
||||
46 | File | `admin/category.inc.php` | High
|
||||
47 | File | `admin/main.asp` | High
|
||||
48 | File | `admin/param/param_func.inc.php` | High
|
||||
49 | File | `admin/y_admin.asp` | High
|
||||
50 | File | `adminer.php` | Medium
|
||||
51 | File | `administration/admins.php` | High
|
||||
52 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
53 | File | `admin_ok.asp` | Medium
|
||||
54 | File | `album_portal.php` | High
|
||||
55 | File | `app/Core/Paginator.php` | High
|
||||
56 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
57 | File | `artlinks.dispnew.php` | High
|
||||
58 | File | `auth.php` | Medium
|
||||
59 | File | `awstats.pl` | Medium
|
||||
60 | File | `bin/named/query.c` | High
|
||||
61 | File | `blank.php` | Medium
|
||||
62 | File | `blocklayered-ajax.php` | High
|
||||
63 | File | `blogger-importer.php` | High
|
||||
64 | File | `bluegate_seo.inc.php` | High
|
||||
65 | ... | ... | ...
|
||||
|
||||
There are 559 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 567 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -34,9 +34,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -77,4 +77,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -29,4 +29,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -8,9 +8,9 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Asia Unknown:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
@ -24961,13 +24961,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -24975,51 +24975,40 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/admin_user.php` | High
|
||||
5 | File | `/admin/book_add.php` | High
|
||||
6 | File | `/admin/book_row.php` | High
|
||||
7 | File | `/admin/borrow_add.php` | High
|
||||
8 | File | `/admin/clientview.php` | High
|
||||
9 | File | `/admin/edit_teacher.php` | High
|
||||
10 | File | `/admin/index.php?act=reset_admin_psw` | High
|
||||
11 | File | `/admin/manage-users.php` | High
|
||||
12 | File | `/admin/regester.php` | High
|
||||
13 | File | `/admin/return_add.php` | High
|
||||
14 | File | `/admin/students.php` | High
|
||||
15 | File | `/admin/update-clients.php` | High
|
||||
16 | File | `/admin/uploads/` | High
|
||||
17 | File | `/admin/users` | Medium
|
||||
18 | File | `/api/cron/settings/setJob/` | High
|
||||
19 | File | `/api/v4/teams//channels/deleted` | High
|
||||
20 | File | `/api2/html/` | Medium
|
||||
21 | File | `/app/api/controller/caiji.php` | High
|
||||
22 | File | `/app/api/controller/default/Sqlite.php` | High
|
||||
23 | File | `/application/pay/controller/Api.php` | High
|
||||
24 | File | `/apply.cgi` | Medium
|
||||
25 | File | `/auth/user/all.api` | High
|
||||
26 | File | `/authenticationendpoint/login.do` | High
|
||||
27 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
28 | File | `/bin/boa` | Medium
|
||||
29 | File | `/bin/sh` | Low
|
||||
30 | File | `/boaform/device_reset.cgi` | High
|
||||
31 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
32 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
33 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||
34 | File | `/ccm/system/dialogs/file/delete/1/submit` | High
|
||||
35 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
36 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
37 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
38 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
39 | File | `/cgi-bin/login.cgi` | High
|
||||
40 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
|
||||
41 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
42 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
43 | ... | ... | ...
|
||||
1 | File | `/Account/login.php` | High
|
||||
2 | File | `/admin/` | Low
|
||||
3 | File | `/admin/app/product.php` | High
|
||||
4 | File | `/admin/app/profile_crud.php` | High
|
||||
5 | File | `/admin/app/service_crud.php` | High
|
||||
6 | File | `/admin/edit-admin.php` | High
|
||||
7 | File | `/admin/edit_categories.php` | High
|
||||
8 | File | `/admin/edit_supplier.php` | High
|
||||
9 | File | `/admin/index2.html` | High
|
||||
10 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
11 | File | `/admin/list_localuser.php` | High
|
||||
12 | File | `/admin/login.php` | High
|
||||
13 | File | `/Admin/login.php` | High
|
||||
14 | File | `/admin/operations/expense_category.php` | High
|
||||
15 | File | `/admin/orders/view_order.php` | High
|
||||
16 | File | `/adminapi/system/crud` | High
|
||||
17 | File | `/adminapi/system/file/openfile` | High
|
||||
18 | File | `/api /v3/auth` | High
|
||||
19 | File | `/app/ajax/search_sales_report.php` | High
|
||||
20 | File | `/app/controller/Setup.php` | High
|
||||
21 | File | `/application/index/controller/Databasesource.php` | High
|
||||
22 | File | `/application/index/controller/File.php` | High
|
||||
23 | File | `/application/index/controller/Icon.php` | High
|
||||
24 | File | `/application/index/controller/Screen.php` | High
|
||||
25 | File | `/application/index/controller/Unity.php` | High
|
||||
26 | File | `/application/websocket/controller/Setting.php` | High
|
||||
27 | File | `/cancel.php` | Medium
|
||||
28 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
29 | File | `/common/dict/list` | High
|
||||
30 | File | `/dashboard/Cinvoice/manage_invoice` | High
|
||||
31 | File | `/dashboard/message` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 367 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -56,4 +56,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,7 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -31,9 +34,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
1 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1078.001 | CWE-259 | Use of Hard-coded Password | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
3 | T1110.001 | CWE-798 | Hard-coded Credentials | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -49,7 +52,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `ajax_php_pecl.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 16 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 18 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -66,4 +69,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -44,7 +44,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `admin.php3` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 18 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 19 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,9 +24,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -47,9 +47,10 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/display/map` | Medium
|
||||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
4 | ... | ... | ...
|
||||
4 | File | `/qsr_server/device/reboot` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 27 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [IO](https://vuldb.com/?country.io)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -2984,15 +2984,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -3000,47 +2999,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/admin/` | Low
|
||||
3 | File | `/admin/?page=system_info` | High
|
||||
4 | File | `/admin/add-category.php` | High
|
||||
5 | File | `/admin/add-services.php` | High
|
||||
6 | File | `/admin/ajax.php` | High
|
||||
7 | File | `/admin/ajax.php?action=confirm_order` | High
|
||||
8 | File | `/admin/borrow_add.php` | High
|
||||
9 | File | `/admin/clientview.php` | High
|
||||
10 | File | `/admin/controller/JobLogController.java` | High
|
||||
11 | File | `/admin/edit_teacher.php` | High
|
||||
12 | File | `/admin/singlelogin.php?submit=1` | High
|
||||
13 | File | `/admin/theme-edit.php` | High
|
||||
14 | File | `/api/log/killJob` | High
|
||||
15 | File | `/api/snapshot and /api/get_log_file` | High
|
||||
16 | File | `/api/trackedEntityInstances` | High
|
||||
17 | File | `/api/upload.php` | High
|
||||
18 | File | `/app/api/controller/caiji.php` | High
|
||||
19 | File | `/application/pay/controller/Api.php` | High
|
||||
20 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
21 | File | `/boaform/device_reset.cgi` | High
|
||||
22 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
23 | File | `/change-language/de_DE` | High
|
||||
24 | File | `/classes/Master.php?f=delete_category` | High
|
||||
25 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
26 | File | `/dashboard/add-blog.php` | High
|
||||
27 | File | `/data/remove` | Medium
|
||||
28 | File | `/debug/pprof` | Medium
|
||||
29 | File | `/dist/index.js` | High
|
||||
30 | File | `/forum/away.php` | High
|
||||
31 | File | `/geoserver/gwc/rest.html` | High
|
||||
32 | File | `/goform/formSysCmd` | High
|
||||
33 | File | `/HNAP1/` | Low
|
||||
34 | File | `/hosts/firewall/ip` | High
|
||||
35 | File | `/index.php` | Medium
|
||||
36 | File | `/index.php/ccm/system/file/upload` | High
|
||||
37 | File | `/index.php?c=api` | High
|
||||
38 | File | `/issue` | Low
|
||||
39 | ... | ... | ...
|
||||
1 | File | `.alerts-security.alerts-{space_id}` | High
|
||||
2 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
|
||||
3 | File | `/Account/login.php` | High
|
||||
4 | File | `/admin.php/appcenter/local.html?type=addon` | High
|
||||
5 | File | `/admin.php?p=/Area/index#tab=t2` | High
|
||||
6 | File | `/admin/` | Low
|
||||
7 | File | `/admin/action/delete-vaccine.php` | High
|
||||
8 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
9 | File | `/admin/view_sendlist.php` | High
|
||||
10 | File | `/adminapi/system/crud` | High
|
||||
11 | File | `/adminapi/system/file/openfile` | High
|
||||
12 | File | `/admin_route/dec_service_credits.php` | High
|
||||
13 | File | `/api/blade-log/api/list` | High
|
||||
14 | File | `/api/controllers/admin/app/AppController.php` | High
|
||||
15 | File | `/api/controllers/common/UploadsController.php` | High
|
||||
16 | File | `/api/filemanager` | High
|
||||
17 | File | `/api/v4/teams//channels/deleted` | High
|
||||
18 | File | `/app/controller/Setup.php` | High
|
||||
19 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
20 | File | `/app/index/controller/Common.php` | High
|
||||
21 | File | `/application/index/common.php` | High
|
||||
22 | File | `/application/index/controller/Databasesource.php` | High
|
||||
23 | File | `/application/index/controller/Pay.php` | High
|
||||
24 | File | `/application/pay/controller/Api.php` | High
|
||||
25 | File | `/assets/php/upload.php` | High
|
||||
26 | File | `/aux` | Low
|
||||
27 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
28 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
29 | File | `/cupseasylive/stockissuancelinecreate.php` | High
|
||||
30 | File | `/debug/pprof` | Medium
|
||||
31 | File | `/devinfo` | Medium
|
||||
32 | File | `/DXR.axd` | Medium
|
||||
33 | File | `/etc/passwd` | Medium
|
||||
34 | File | `/forum/away.php` | High
|
||||
35 | File | `/general/email/outbox/delete.php` | High
|
||||
36 | File | `/goform/setAutoPing` | High
|
||||
37 | File | `/importexport.php` | High
|
||||
38 | File | `/include/file.php` | High
|
||||
39 | File | `/index.jsp#settings` | High
|
||||
40 | File | `/index.php` | Medium
|
||||
41 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
42 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
43 | File | `/pg_meta/default/query` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 334 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [IL](https://vuldb.com/?country.il)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -1150,14 +1150,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -1166,53 +1166,61 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin/add-category.php` | High
|
||||
4 | File | `/admin/add-services.php` | High
|
||||
5 | File | `/admin/borrow_add.php` | High
|
||||
6 | File | `/admin/edit_teacher.php` | High
|
||||
7 | File | `/admin/save.php` | High
|
||||
8 | File | `/api/download` | High
|
||||
9 | File | `/api/runscript` | High
|
||||
10 | File | `/api/v1/alerts` | High
|
||||
11 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
12 | File | `/api/v4/teams//channels/deleted` | High
|
||||
13 | File | `/appliance/users?action=edit` | High
|
||||
14 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
15 | File | `/category.php` | High
|
||||
16 | File | `/categorypage.php` | High
|
||||
17 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
18 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
19 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
20 | File | `/change-language/de_DE` | High
|
||||
21 | File | `/collection/all` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/dist/index.js` | High
|
||||
24 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/geoserver/gwc/rest.html` | High
|
||||
27 | File | `/goform/formSysCmd` | High
|
||||
28 | File | `/HNAP1` | Low
|
||||
29 | File | `/HNAP1/` | Low
|
||||
30 | File | `/hosts/firewall/ip` | High
|
||||
31 | File | `/index.php/ccm/system/file/upload` | High
|
||||
32 | File | `/log/decodmail.php` | High
|
||||
33 | File | `/login` | Low
|
||||
34 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
35 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
36 | File | `/out.php` | Medium
|
||||
37 | File | `/php/ping.php` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/register.do` | Medium
|
||||
40 | File | `/register.php` | High
|
||||
41 | File | `/RPS2019Service/status.html` | High
|
||||
42 | File | `/s/index.php?action=statistics` | High
|
||||
43 | File | `/setting` | Medium
|
||||
44 | File | `/sicweb-ajax/tmproot/` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | ... | ... | ...
|
||||
2 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
|
||||
3 | File | `/.env` | Low
|
||||
4 | File | `/Account/login.php` | High
|
||||
5 | File | `/admin/` | Low
|
||||
6 | File | `/admin/action/delete-vaccine.php` | High
|
||||
7 | File | `/admin/action/new-father.php` | High
|
||||
8 | File | `/admin/add-category.php` | High
|
||||
9 | File | `/admin/add-services.php` | High
|
||||
10 | File | `/admin/borrow_add.php` | High
|
||||
11 | File | `/admin/edit_teacher.php` | High
|
||||
12 | File | `/admin/pages/edit_chicken.php` | High
|
||||
13 | File | `/admin/pages/student-print.php` | High
|
||||
14 | File | `/adminapi/system/crud` | High
|
||||
15 | File | `/adminapi/system/file/openfile` | High
|
||||
16 | File | `/admin_route/dec_service_credits.php` | High
|
||||
17 | File | `/admin_route/inc_service_credits.php` | High
|
||||
18 | File | `/api/v4/teams//channels/deleted` | High
|
||||
19 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
20 | File | `/application/index/controller/Icon.php` | High
|
||||
21 | File | `/application/index/controller/Screen.php` | High
|
||||
22 | File | `/application/websocket/controller/Setting.php` | High
|
||||
23 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
24 | File | `/bin/boa` | Medium
|
||||
25 | File | `/boafrm/formMapDelDevice` | High
|
||||
26 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
27 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
28 | File | `/change-language/de_DE` | High
|
||||
29 | File | `/debug/pprof` | Medium
|
||||
30 | File | `/devinfo` | Medium
|
||||
31 | File | `/dist/index.js` | High
|
||||
32 | File | `/endpoint/delete-computer.php` | High
|
||||
33 | File | `/endpoint/update-tracker.php` | High
|
||||
34 | File | `/forum/away.php` | High
|
||||
35 | File | `/general/attendance/manage/ask_duty/delete.php` | High
|
||||
36 | File | `/geoserver/gwc/rest.html` | High
|
||||
37 | File | `/goform/formSysCmd` | High
|
||||
38 | File | `/hedwig.cgi` | Medium
|
||||
39 | File | `/HNAP1/` | Low
|
||||
40 | File | `/hosts/firewall/ip` | High
|
||||
41 | File | `/index.jsp#settings` | High
|
||||
42 | File | `/index.php/ccm/system/file/upload` | High
|
||||
43 | File | `/Interface/DevManage/VM.php` | High
|
||||
44 | File | `/log/decodmail.php` | High
|
||||
45 | File | `/login` | Low
|
||||
46 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
47 | File | `/php/ping.php` | High
|
||||
48 | File | `/register.do` | Medium
|
||||
49 | File | `/register.php` | High
|
||||
50 | File | `/s/index.php?action=statistics` | High
|
||||
51 | File | `/setting` | Medium
|
||||
52 | File | `/showfile.php` | High
|
||||
53 | File | `/signup.php` | Medium
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 467 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -39,10 +39,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -67,17 +67,17 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
12 | File | `/var/hnap/timestamp` | High
|
||||
13 | File | `Addons/file/mod.file.php` | High
|
||||
14 | File | `admin.color.php` | High
|
||||
15 | File | `admin.php` | Medium
|
||||
16 | File | `admin/admin_login.php` | High
|
||||
17 | File | `admin/index.php?page=manage_car` | High
|
||||
18 | File | `admin/media.php` | High
|
||||
19 | File | `admin_events.php` | High
|
||||
20 | File | `affich.php` | Medium
|
||||
21 | File | `Ap4StscAtom.cpp` | High
|
||||
14 | File | `admin-ajax.php` | High
|
||||
15 | File | `admin.color.php` | High
|
||||
16 | File | `admin.php` | Medium
|
||||
17 | File | `admin/admin_login.php` | High
|
||||
18 | File | `admin/index.php?page=manage_car` | High
|
||||
19 | File | `admin/media.php` | High
|
||||
20 | File | `admin_events.php` | High
|
||||
21 | File | `affich.php` | Medium
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 184 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 186 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [LA](https://vuldb.com/?country.la)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -27,227 +27,232 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
4 | [2.56.59.70](https://vuldb.com/?ip.2.56.59.70) | - | - | High
|
||||
5 | [2.56.59.131](https://vuldb.com/?ip.2.56.59.131) | - | - | High
|
||||
6 | [2.56.59.217](https://vuldb.com/?ip.2.56.59.217) | - | - | High
|
||||
7 | [2.58.47.203](https://vuldb.com/?ip.2.58.47.203) | - | - | High
|
||||
8 | [2.58.56.250](https://vuldb.com/?ip.2.58.56.250) | powered.by.rdp.sh | - | High
|
||||
9 | [3.91.29.212](https://vuldb.com/?ip.3.91.29.212) | ec2-3-91-29-212.compute-1.amazonaws.com | - | Medium
|
||||
10 | [3.92.200.97](https://vuldb.com/?ip.3.92.200.97) | ec2-3-92-200-97.compute-1.amazonaws.com | - | Medium
|
||||
11 | [3.126.224.214](https://vuldb.com/?ip.3.126.224.214) | ec2-3-126-224-214.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
12 | [5.2.68.67](https://vuldb.com/?ip.5.2.68.67) | - | - | High
|
||||
13 | [5.2.68.82](https://vuldb.com/?ip.5.2.68.82) | - | - | High
|
||||
14 | [5.2.68.90](https://vuldb.com/?ip.5.2.68.90) | - | - | High
|
||||
15 | [5.2.68.91](https://vuldb.com/?ip.5.2.68.91) | - | - | High
|
||||
16 | [5.75.169.94](https://vuldb.com/?ip.5.75.169.94) | static.94.169.75.5.clients.your-server.de | - | High
|
||||
17 | [5.161.139.79](https://vuldb.com/?ip.5.161.139.79) | static.79.139.161.5.clients.your-server.de | - | High
|
||||
18 | [5.161.206.28](https://vuldb.com/?ip.5.161.206.28) | static.28.206.161.5.clients.your-server.de | - | High
|
||||
19 | [5.181.80.131](https://vuldb.com/?ip.5.181.80.131) | chaines-chance.caliberbar.com | - | High
|
||||
20 | [5.199.143.127](https://vuldb.com/?ip.5.199.143.127) | three.tenuous.de.com | - | High
|
||||
21 | [5.206.224.164](https://vuldb.com/?ip.5.206.224.164) | sdfksdkjdfjksf.com | - | High
|
||||
22 | [5.206.224.194](https://vuldb.com/?ip.5.206.224.194) | test3002.com | - | High
|
||||
23 | [5.226.138.94](https://vuldb.com/?ip.5.226.138.94) | 94.138.226.5.baremetal.zare.com | - | High
|
||||
24 | [5.252.179.221](https://vuldb.com/?ip.5.252.179.221) | no-rdns.mivocloud.com | - | High
|
||||
25 | [8.212.151.157](https://vuldb.com/?ip.8.212.151.157) | - | - | High
|
||||
26 | [13.65.211.207](https://vuldb.com/?ip.13.65.211.207) | - | - | High
|
||||
27 | [13.77.222.77](https://vuldb.com/?ip.13.77.222.77) | - | - | High
|
||||
28 | [13.78.194.137](https://vuldb.com/?ip.13.78.194.137) | - | - | High
|
||||
29 | [13.82.24.228](https://vuldb.com/?ip.13.82.24.228) | - | - | High
|
||||
30 | [13.90.94.8](https://vuldb.com/?ip.13.90.94.8) | - | - | High
|
||||
31 | [18.221.80.225](https://vuldb.com/?ip.18.221.80.225) | ec2-18-221-80-225.us-east-2.compute.amazonaws.com | - | Medium
|
||||
32 | [20.38.45.196](https://vuldb.com/?ip.20.38.45.196) | - | - | High
|
||||
33 | [20.58.39.19](https://vuldb.com/?ip.20.58.39.19) | - | - | High
|
||||
34 | [20.69.158.38](https://vuldb.com/?ip.20.69.158.38) | - | - | High
|
||||
35 | [20.91.186.187](https://vuldb.com/?ip.20.91.186.187) | - | - | High
|
||||
36 | [20.91.187.223](https://vuldb.com/?ip.20.91.187.223) | - | - | High
|
||||
37 | [20.93.112.114](https://vuldb.com/?ip.20.93.112.114) | - | - | High
|
||||
38 | [20.94.63.195](https://vuldb.com/?ip.20.94.63.195) | - | - | High
|
||||
39 | [20.98.138.214](https://vuldb.com/?ip.20.98.138.214) | - | - | High
|
||||
40 | [20.106.217.83](https://vuldb.com/?ip.20.106.217.83) | - | - | High
|
||||
41 | [20.110.119.15](https://vuldb.com/?ip.20.110.119.15) | - | - | High
|
||||
42 | [20.112.127.113](https://vuldb.com/?ip.20.112.127.113) | - | - | High
|
||||
43 | [20.114.4.132](https://vuldb.com/?ip.20.114.4.132) | - | - | High
|
||||
44 | [20.114.22.8](https://vuldb.com/?ip.20.114.22.8) | - | - | High
|
||||
45 | [20.115.34.57](https://vuldb.com/?ip.20.115.34.57) | - | - | High
|
||||
46 | [20.126.95.155](https://vuldb.com/?ip.20.126.95.155) | - | - | High
|
||||
47 | [20.150.137.35](https://vuldb.com/?ip.20.150.137.35) | - | - | High
|
||||
48 | [20.168.33.220](https://vuldb.com/?ip.20.168.33.220) | - | - | High
|
||||
49 | [20.185.199.35](https://vuldb.com/?ip.20.185.199.35) | - | - | High
|
||||
50 | [20.190.63.69](https://vuldb.com/?ip.20.190.63.69) | - | - | High
|
||||
51 | [20.216.177.36](https://vuldb.com/?ip.20.216.177.36) | - | - | High
|
||||
52 | [20.230.7.174](https://vuldb.com/?ip.20.230.7.174) | - | - | High
|
||||
53 | [23.82.140.14](https://vuldb.com/?ip.23.82.140.14) | - | - | High
|
||||
54 | [23.83.133.186](https://vuldb.com/?ip.23.83.133.186) | - | - | High
|
||||
55 | [23.94.54.224](https://vuldb.com/?ip.23.94.54.224) | 23-94-54-224-host.colocrossing.com | - | High
|
||||
56 | [23.94.199.19](https://vuldb.com/?ip.23.94.199.19) | 23-94-199-19-host.colocrossing.com | - | High
|
||||
57 | [23.99.225.116](https://vuldb.com/?ip.23.99.225.116) | - | - | High
|
||||
58 | [23.105.131.153](https://vuldb.com/?ip.23.105.131.153) | mail153.nessfist.com | - | High
|
||||
59 | [23.105.131.156](https://vuldb.com/?ip.23.105.131.156) | mail156.nessfist.com | - | High
|
||||
60 | [23.105.131.193](https://vuldb.com/?ip.23.105.131.193) | mail193.nessfist.com | - | High
|
||||
61 | [23.105.131.207](https://vuldb.com/?ip.23.105.131.207) | mail207.nessfist.com | - | High
|
||||
62 | [23.105.131.243](https://vuldb.com/?ip.23.105.131.243) | mail243.nessfist.com | - | High
|
||||
63 | [23.106.121.172](https://vuldb.com/?ip.23.106.121.172) | - | - | High
|
||||
64 | [23.226.130.102](https://vuldb.com/?ip.23.226.130.102) | 23.226.130.102.static.greencloudvps.com | - | High
|
||||
65 | [23.227.199.39](https://vuldb.com/?ip.23.227.199.39) | autumn.blackcurrants.me | - | High
|
||||
66 | [23.227.199.106](https://vuldb.com/?ip.23.227.199.106) | 23-227-199-106.static.hvvc.us | - | High
|
||||
67 | [23.227.202.157](https://vuldb.com/?ip.23.227.202.157) | 23-227-202-157.static.hvvc.us | - | High
|
||||
68 | [23.227.203.214](https://vuldb.com/?ip.23.227.203.214) | 23-227-203-214.static.hvvc.us | - | High
|
||||
69 | [23.254.230.117](https://vuldb.com/?ip.23.254.230.117) | client-23-254-230-117.hostwindsdns.com | - | High
|
||||
70 | [24.152.37.45](https://vuldb.com/?ip.24.152.37.45) | 24-152-37-45.masterdaweb.com | - | High
|
||||
71 | [31.210.20.4](https://vuldb.com/?ip.31.210.20.4) | - | - | High
|
||||
72 | [31.210.20.155](https://vuldb.com/?ip.31.210.20.155) | - | - | High
|
||||
73 | [31.210.20.207](https://vuldb.com/?ip.31.210.20.207) | - | - | High
|
||||
74 | [31.210.20.231](https://vuldb.com/?ip.31.210.20.231) | - | - | High
|
||||
75 | [31.220.99.254](https://vuldb.com/?ip.31.220.99.254) | vmi1549599.contaboserver.net | - | High
|
||||
76 | [34.92.152.18](https://vuldb.com/?ip.34.92.152.18) | 18.152.92.34.bc.googleusercontent.com | - | Medium
|
||||
77 | [35.171.18.39](https://vuldb.com/?ip.35.171.18.39) | ec2-35-171-18-39.compute-1.amazonaws.com | - | Medium
|
||||
78 | [35.181.21.143](https://vuldb.com/?ip.35.181.21.143) | ec2-35-181-21-143.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
79 | [37.0.8.145](https://vuldb.com/?ip.37.0.8.145) | elliott.athinneru.com | - | High
|
||||
80 | [37.0.10.69](https://vuldb.com/?ip.37.0.10.69) | - | - | High
|
||||
81 | [37.0.10.141](https://vuldb.com/?ip.37.0.10.141) | - | - | High
|
||||
82 | [37.0.10.166](https://vuldb.com/?ip.37.0.10.166) | - | - | High
|
||||
83 | [37.0.11.205](https://vuldb.com/?ip.37.0.11.205) | - | - | High
|
||||
84 | [37.0.11.237](https://vuldb.com/?ip.37.0.11.237) | - | - | High
|
||||
85 | [37.0.14.195](https://vuldb.com/?ip.37.0.14.195) | - | - | High
|
||||
86 | [37.0.14.197](https://vuldb.com/?ip.37.0.14.197) | - | - | High
|
||||
87 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
88 | [37.0.14.201](https://vuldb.com/?ip.37.0.14.201) | - | - | High
|
||||
89 | [37.0.14.202](https://vuldb.com/?ip.37.0.14.202) | - | - | High
|
||||
90 | [37.0.14.204](https://vuldb.com/?ip.37.0.14.204) | - | - | High
|
||||
91 | [37.0.14.205](https://vuldb.com/?ip.37.0.14.205) | - | - | High
|
||||
92 | [37.0.14.206](https://vuldb.com/?ip.37.0.14.206) | - | - | High
|
||||
93 | [37.0.14.207](https://vuldb.com/?ip.37.0.14.207) | - | - | High
|
||||
94 | [37.0.14.208](https://vuldb.com/?ip.37.0.14.208) | - | - | High
|
||||
95 | [37.0.14.209](https://vuldb.com/?ip.37.0.14.209) | - | - | High
|
||||
96 | [37.0.14.210](https://vuldb.com/?ip.37.0.14.210) | host-37-0-14-210.static.deli-one.co.uk | - | High
|
||||
97 | [37.0.14.211](https://vuldb.com/?ip.37.0.14.211) | - | - | High
|
||||
98 | [37.0.14.212](https://vuldb.com/?ip.37.0.14.212) | - | - | High
|
||||
99 | [37.0.14.215](https://vuldb.com/?ip.37.0.14.215) | - | - | High
|
||||
100 | [37.0.14.216](https://vuldb.com/?ip.37.0.14.216) | - | - | High
|
||||
101 | [37.0.14.217](https://vuldb.com/?ip.37.0.14.217) | - | - | High
|
||||
102 | [37.19.193.217](https://vuldb.com/?ip.37.19.193.217) | unn-37-19-193-217.cdn77.com | - | High
|
||||
103 | [37.46.150.67](https://vuldb.com/?ip.37.46.150.67) | - | - | High
|
||||
104 | [37.46.150.86](https://vuldb.com/?ip.37.46.150.86) | - | - | High
|
||||
105 | [37.49.225.194](https://vuldb.com/?ip.37.49.225.194) | - | - | High
|
||||
106 | [37.49.230.168](https://vuldb.com/?ip.37.49.230.168) | - | - | High
|
||||
107 | [37.120.155.179](https://vuldb.com/?ip.37.120.155.179) | - | - | High
|
||||
108 | [37.120.206.69](https://vuldb.com/?ip.37.120.206.69) | - | - | High
|
||||
109 | [37.120.208.43](https://vuldb.com/?ip.37.120.208.43) | - | - | High
|
||||
110 | [37.120.210.211](https://vuldb.com/?ip.37.120.210.211) | - | - | High
|
||||
111 | [37.120.222.54](https://vuldb.com/?ip.37.120.222.54) | - | - | High
|
||||
112 | [37.120.247.13](https://vuldb.com/?ip.37.120.247.13) | - | - | High
|
||||
113 | [37.120.247.211](https://vuldb.com/?ip.37.120.247.211) | - | - | High
|
||||
114 | [37.139.34.62](https://vuldb.com/?ip.37.139.34.62) | 62.mcs.mail.ru | - | High
|
||||
115 | [37.139.129.47](https://vuldb.com/?ip.37.139.129.47) | - | - | High
|
||||
116 | [37.139.129.100](https://vuldb.com/?ip.37.139.129.100) | - | - | High
|
||||
117 | [37.187.186.28](https://vuldb.com/?ip.37.187.186.28) | ip28.ip-37-187-186.eu | - | High
|
||||
118 | [37.187.222.230](https://vuldb.com/?ip.37.187.222.230) | ip230.ip-37-187-222.eu | - | High
|
||||
119 | [37.220.87.3](https://vuldb.com/?ip.37.220.87.3) | ipn-37-220-87-3.artem-catv.ru | - | High
|
||||
120 | [37.221.113.65](https://vuldb.com/?ip.37.221.113.65) | - | - | High
|
||||
121 | [38.68.41.122](https://vuldb.com/?ip.38.68.41.122) | - | - | High
|
||||
122 | [38.117.65.122](https://vuldb.com/?ip.38.117.65.122) | 38-117-65-122.static-ip.ravand.ca | - | High
|
||||
123 | [38.132.114.178](https://vuldb.com/?ip.38.132.114.178) | - | - | High
|
||||
124 | [38.170.239.42](https://vuldb.com/?ip.38.170.239.42) | - | - | High
|
||||
125 | [38.170.239.48](https://vuldb.com/?ip.38.170.239.48) | - | - | High
|
||||
126 | [38.255.42.181](https://vuldb.com/?ip.38.255.42.181) | - | - | High
|
||||
127 | [38.255.42.252](https://vuldb.com/?ip.38.255.42.252) | - | - | High
|
||||
128 | [40.83.20.77](https://vuldb.com/?ip.40.83.20.77) | - | - | High
|
||||
129 | [40.83.220.150](https://vuldb.com/?ip.40.83.220.150) | - | - | High
|
||||
130 | [40.84.216.183](https://vuldb.com/?ip.40.84.216.183) | - | - | High
|
||||
131 | [41.185.97.216](https://vuldb.com/?ip.41.185.97.216) | - | - | High
|
||||
132 | [41.216.183.52](https://vuldb.com/?ip.41.216.183.52) | - | - | High
|
||||
133 | [41.216.188.29](https://vuldb.com/?ip.41.216.188.29) | - | - | High
|
||||
134 | [43.226.229.43](https://vuldb.com/?ip.43.226.229.43) | - | - | High
|
||||
135 | [45.8.146.20](https://vuldb.com/?ip.45.8.146.20) | vm1480953.stark-industries.solutions | - | High
|
||||
136 | [45.12.253.22](https://vuldb.com/?ip.45.12.253.22) | - | - | High
|
||||
137 | [45.12.253.146](https://vuldb.com/?ip.45.12.253.146) | - | - | High
|
||||
138 | [45.12.253.202](https://vuldb.com/?ip.45.12.253.202) | - | - | High
|
||||
139 | [45.15.143.216](https://vuldb.com/?ip.45.15.143.216) | - | - | High
|
||||
140 | [45.15.156.33](https://vuldb.com/?ip.45.15.156.33) | - | - | High
|
||||
141 | [45.42.45.245](https://vuldb.com/?ip.45.42.45.245) | - | - | High
|
||||
142 | [45.59.119.153](https://vuldb.com/?ip.45.59.119.153) | - | - | High
|
||||
143 | [45.59.119.212](https://vuldb.com/?ip.45.59.119.212) | - | - | High
|
||||
144 | [45.61.128.246](https://vuldb.com/?ip.45.61.128.246) | - | - | High
|
||||
145 | [45.61.136.88](https://vuldb.com/?ip.45.61.136.88) | - | - | High
|
||||
146 | [45.61.136.129](https://vuldb.com/?ip.45.61.136.129) | - | - | High
|
||||
147 | [45.61.171.47](https://vuldb.com/?ip.45.61.171.47) | - | - | High
|
||||
148 | [45.61.175.241](https://vuldb.com/?ip.45.61.175.241) | - | - | High
|
||||
149 | [45.66.230.22](https://vuldb.com/?ip.45.66.230.22) | - | - | High
|
||||
150 | [45.66.230.108](https://vuldb.com/?ip.45.66.230.108) | - | - | High
|
||||
151 | [45.72.96.199](https://vuldb.com/?ip.45.72.96.199) | - | - | High
|
||||
152 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
153 | [45.81.39.33](https://vuldb.com/?ip.45.81.39.33) | - | - | High
|
||||
154 | [45.81.39.55](https://vuldb.com/?ip.45.81.39.55) | - | - | High
|
||||
155 | [45.81.39.89](https://vuldb.com/?ip.45.81.39.89) | - | - | High
|
||||
156 | [45.81.150.32](https://vuldb.com/?ip.45.81.150.32) | - | - | High
|
||||
157 | [45.83.129.166](https://vuldb.com/?ip.45.83.129.166) | - | - | High
|
||||
158 | [45.87.61.105](https://vuldb.com/?ip.45.87.61.105) | - | - | High
|
||||
159 | [45.87.61.139](https://vuldb.com/?ip.45.87.61.139) | - | - | High
|
||||
160 | [45.87.61.156](https://vuldb.com/?ip.45.87.61.156) | - | - | High
|
||||
161 | [45.87.61.202](https://vuldb.com/?ip.45.87.61.202) | - | - | High
|
||||
162 | [45.87.62.181](https://vuldb.com/?ip.45.87.62.181) | - | - | High
|
||||
163 | [45.87.63.121](https://vuldb.com/?ip.45.87.63.121) | - | - | High
|
||||
164 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
165 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
|
||||
166 | [45.88.67.72](https://vuldb.com/?ip.45.88.67.72) | - | - | High
|
||||
167 | [45.88.67.103](https://vuldb.com/?ip.45.88.67.103) | - | - | High
|
||||
168 | [45.88.67.145](https://vuldb.com/?ip.45.88.67.145) | - | - | High
|
||||
169 | [45.88.79.162](https://vuldb.com/?ip.45.88.79.162) | free.example.com | - | High
|
||||
170 | [45.90.222.97](https://vuldb.com/?ip.45.90.222.97) | 45-90-222-97-hostedby.bcr.host | - | High
|
||||
171 | [45.95.168.83](https://vuldb.com/?ip.45.95.168.83) | - | - | High
|
||||
172 | [45.124.54.94](https://vuldb.com/?ip.45.124.54.94) | maccullohmelb | - | High
|
||||
173 | [45.127.101.18](https://vuldb.com/?ip.45.127.101.18) | - | - | High
|
||||
174 | [45.132.106.37](https://vuldb.com/?ip.45.132.106.37) | vm4440858.34ssd.had.wf | - | High
|
||||
175 | [45.133.1.34](https://vuldb.com/?ip.45.133.1.34) | - | - | High
|
||||
176 | [45.133.174.153](https://vuldb.com/?ip.45.133.174.153) | - | - | High
|
||||
177 | [45.133.235.148](https://vuldb.com/?ip.45.133.235.148) | - | - | High
|
||||
178 | [45.135.164.194](https://vuldb.com/?ip.45.135.164.194) | ibera.togeteheran.com | - | High
|
||||
179 | [45.137.22.35](https://vuldb.com/?ip.45.137.22.35) | hosted-by.rootlayer.net | - | High
|
||||
180 | [45.137.22.45](https://vuldb.com/?ip.45.137.22.45) | hosted-by.rootlayer.net | - | High
|
||||
181 | [45.137.22.62](https://vuldb.com/?ip.45.137.22.62) | hosted-by.rootlayer.net | - | High
|
||||
182 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
183 | [45.137.22.79](https://vuldb.com/?ip.45.137.22.79) | hosted-by.rootlayer.net | - | High
|
||||
184 | [45.137.22.89](https://vuldb.com/?ip.45.137.22.89) | hosted-by.rootlayer.net | - | High
|
||||
185 | [45.137.22.107](https://vuldb.com/?ip.45.137.22.107) | hosted-by.rootlayer.net | - | High
|
||||
186 | [45.137.22.117](https://vuldb.com/?ip.45.137.22.117) | hosted-by.rootlayer.net | - | High
|
||||
187 | [45.137.22.123](https://vuldb.com/?ip.45.137.22.123) | hosted-by.rootlayer.net | - | High
|
||||
188 | [45.137.22.131](https://vuldb.com/?ip.45.137.22.131) | hosted-by.rootlayer.net | - | High
|
||||
189 | [45.137.22.143](https://vuldb.com/?ip.45.137.22.143) | hosted-by.rootlayer.net | - | High
|
||||
190 | [45.137.65.132](https://vuldb.com/?ip.45.137.65.132) | vm4266462.34ssd.had.wf | - | High
|
||||
191 | [45.137.65.229](https://vuldb.com/?ip.45.137.65.229) | vm4437484.25ssd.had.wf | - | High
|
||||
192 | [45.137.116.170](https://vuldb.com/?ip.45.137.116.170) | vps-zap970417-5.zap-srv.com | - | High
|
||||
193 | [45.138.16.214](https://vuldb.com/?ip.45.138.16.214) | - | - | High
|
||||
194 | [45.138.172.34](https://vuldb.com/?ip.45.138.172.34) | - | - | High
|
||||
195 | [45.138.172.56](https://vuldb.com/?ip.45.138.172.56) | - | - | High
|
||||
196 | [45.139.105.7](https://vuldb.com/?ip.45.139.105.7) | - | - | High
|
||||
197 | [45.139.105.147](https://vuldb.com/?ip.45.139.105.147) | - | - | High
|
||||
198 | [45.139.105.174](https://vuldb.com/?ip.45.139.105.174) | - | - | High
|
||||
199 | [45.139.105.207](https://vuldb.com/?ip.45.139.105.207) | - | - | High
|
||||
200 | [45.139.105.231](https://vuldb.com/?ip.45.139.105.231) | - | - | High
|
||||
201 | [45.143.144.94](https://vuldb.com/?ip.45.143.144.94) | - | - | High
|
||||
202 | [45.143.146.56](https://vuldb.com/?ip.45.143.146.56) | - | - | High
|
||||
203 | [45.143.146.186](https://vuldb.com/?ip.45.143.146.186) | - | - | High
|
||||
204 | [45.143.147.163](https://vuldb.com/?ip.45.143.147.163) | - | - | High
|
||||
205 | [45.143.147.226](https://vuldb.com/?ip.45.143.147.226) | - | - | High
|
||||
206 | [45.144.225.22](https://vuldb.com/?ip.45.144.225.22) | - | - | High
|
||||
207 | [45.144.225.112](https://vuldb.com/?ip.45.144.225.112) | - | - | High
|
||||
208 | [45.145.185.52](https://vuldb.com/?ip.45.145.185.52) | - | - | High
|
||||
209 | [45.145.185.153](https://vuldb.com/?ip.45.145.185.153) | - | - | High
|
||||
210 | [45.147.230.113](https://vuldb.com/?ip.45.147.230.113) | - | - | High
|
||||
211 | [45.147.231.60](https://vuldb.com/?ip.45.147.231.60) | - | - | High
|
||||
212 | [45.150.65.8](https://vuldb.com/?ip.45.150.65.8) | vm1384194.stark-industries.solutions | - | High
|
||||
213 | [45.151.122.57](https://vuldb.com/?ip.45.151.122.57) | vmi1478658.contaboserver.net | - | High
|
||||
214 | [45.153.203.33](https://vuldb.com/?ip.45.153.203.33) | - | - | High
|
||||
215 | [45.153.241.55](https://vuldb.com/?ip.45.153.241.55) | - | - | High
|
||||
216 | [45.154.98.130](https://vuldb.com/?ip.45.154.98.130) | powered.by.rdp.sh | - | High
|
||||
217 | [45.155.37.81](https://vuldb.com/?ip.45.155.37.81) | - | - | High
|
||||
218 | [45.162.228.171](https://vuldb.com/?ip.45.162.228.171) | - | - | High
|
||||
219 | [46.3.197.239](https://vuldb.com/?ip.46.3.197.239) | - | - | High
|
||||
220 | [46.3.199.112](https://vuldb.com/?ip.46.3.199.112) | - | - | High
|
||||
221 | [46.21.147.99](https://vuldb.com/?ip.46.21.147.99) | 46-21-147-99.static.hvvc.us | - | High
|
||||
222 | [46.101.159.120](https://vuldb.com/?ip.46.101.159.120) | - | - | High
|
||||
223 | [46.183.216.163](https://vuldb.com/?ip.46.183.216.163) | tagoe.lstartanalystconcepts.org.uk | - | High
|
||||
224 | [46.183.220.113](https://vuldb.com/?ip.46.183.220.113) | ip-220-113.dataclub.info | - | High
|
||||
225 | ... | ... | ... | ...
|
||||
7 | [2.58.14.224](https://vuldb.com/?ip.2.58.14.224) | - | - | High
|
||||
8 | [2.58.47.203](https://vuldb.com/?ip.2.58.47.203) | - | - | High
|
||||
9 | [2.58.56.250](https://vuldb.com/?ip.2.58.56.250) | powered.by.rdp.sh | - | High
|
||||
10 | [3.91.29.212](https://vuldb.com/?ip.3.91.29.212) | ec2-3-91-29-212.compute-1.amazonaws.com | - | Medium
|
||||
11 | [3.92.200.97](https://vuldb.com/?ip.3.92.200.97) | ec2-3-92-200-97.compute-1.amazonaws.com | - | Medium
|
||||
12 | [3.126.224.214](https://vuldb.com/?ip.3.126.224.214) | ec2-3-126-224-214.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
13 | [5.2.68.67](https://vuldb.com/?ip.5.2.68.67) | - | - | High
|
||||
14 | [5.2.68.82](https://vuldb.com/?ip.5.2.68.82) | - | - | High
|
||||
15 | [5.2.68.90](https://vuldb.com/?ip.5.2.68.90) | - | - | High
|
||||
16 | [5.2.68.91](https://vuldb.com/?ip.5.2.68.91) | - | - | High
|
||||
17 | [5.75.169.94](https://vuldb.com/?ip.5.75.169.94) | static.94.169.75.5.clients.your-server.de | - | High
|
||||
18 | [5.161.139.79](https://vuldb.com/?ip.5.161.139.79) | static.79.139.161.5.clients.your-server.de | - | High
|
||||
19 | [5.161.206.28](https://vuldb.com/?ip.5.161.206.28) | static.28.206.161.5.clients.your-server.de | - | High
|
||||
20 | [5.181.80.131](https://vuldb.com/?ip.5.181.80.131) | chaines-chance.caliberbar.com | - | High
|
||||
21 | [5.199.143.127](https://vuldb.com/?ip.5.199.143.127) | three.tenuous.de.com | - | High
|
||||
22 | [5.206.224.164](https://vuldb.com/?ip.5.206.224.164) | sdfksdkjdfjksf.com | - | High
|
||||
23 | [5.206.224.194](https://vuldb.com/?ip.5.206.224.194) | test3002.com | - | High
|
||||
24 | [5.226.138.94](https://vuldb.com/?ip.5.226.138.94) | 94.138.226.5.baremetal.zare.com | - | High
|
||||
25 | [5.249.160.250](https://vuldb.com/?ip.5.249.160.250) | vps-zap1135961-1.zap-srv.com | - | High
|
||||
26 | [5.252.179.221](https://vuldb.com/?ip.5.252.179.221) | no-rdns.mivocloud.com | - | High
|
||||
27 | [8.212.151.157](https://vuldb.com/?ip.8.212.151.157) | - | - | High
|
||||
28 | [13.65.211.207](https://vuldb.com/?ip.13.65.211.207) | - | - | High
|
||||
29 | [13.77.222.77](https://vuldb.com/?ip.13.77.222.77) | - | - | High
|
||||
30 | [13.78.194.137](https://vuldb.com/?ip.13.78.194.137) | - | - | High
|
||||
31 | [13.82.24.228](https://vuldb.com/?ip.13.82.24.228) | - | - | High
|
||||
32 | [13.90.94.8](https://vuldb.com/?ip.13.90.94.8) | - | - | High
|
||||
33 | [18.221.80.225](https://vuldb.com/?ip.18.221.80.225) | ec2-18-221-80-225.us-east-2.compute.amazonaws.com | - | Medium
|
||||
34 | [20.38.45.196](https://vuldb.com/?ip.20.38.45.196) | - | - | High
|
||||
35 | [20.58.39.19](https://vuldb.com/?ip.20.58.39.19) | - | - | High
|
||||
36 | [20.69.158.38](https://vuldb.com/?ip.20.69.158.38) | - | - | High
|
||||
37 | [20.91.186.187](https://vuldb.com/?ip.20.91.186.187) | - | - | High
|
||||
38 | [20.91.187.223](https://vuldb.com/?ip.20.91.187.223) | - | - | High
|
||||
39 | [20.93.112.114](https://vuldb.com/?ip.20.93.112.114) | - | - | High
|
||||
40 | [20.94.63.195](https://vuldb.com/?ip.20.94.63.195) | - | - | High
|
||||
41 | [20.98.138.214](https://vuldb.com/?ip.20.98.138.214) | - | - | High
|
||||
42 | [20.106.217.83](https://vuldb.com/?ip.20.106.217.83) | - | - | High
|
||||
43 | [20.110.119.15](https://vuldb.com/?ip.20.110.119.15) | - | - | High
|
||||
44 | [20.112.127.113](https://vuldb.com/?ip.20.112.127.113) | - | - | High
|
||||
45 | [20.114.4.132](https://vuldb.com/?ip.20.114.4.132) | - | - | High
|
||||
46 | [20.114.22.8](https://vuldb.com/?ip.20.114.22.8) | - | - | High
|
||||
47 | [20.115.34.57](https://vuldb.com/?ip.20.115.34.57) | - | - | High
|
||||
48 | [20.126.95.155](https://vuldb.com/?ip.20.126.95.155) | - | - | High
|
||||
49 | [20.150.137.35](https://vuldb.com/?ip.20.150.137.35) | - | - | High
|
||||
50 | [20.168.33.220](https://vuldb.com/?ip.20.168.33.220) | - | - | High
|
||||
51 | [20.185.199.35](https://vuldb.com/?ip.20.185.199.35) | - | - | High
|
||||
52 | [20.190.63.69](https://vuldb.com/?ip.20.190.63.69) | - | - | High
|
||||
53 | [20.216.177.36](https://vuldb.com/?ip.20.216.177.36) | - | - | High
|
||||
54 | [20.230.7.174](https://vuldb.com/?ip.20.230.7.174) | - | - | High
|
||||
55 | [23.82.140.14](https://vuldb.com/?ip.23.82.140.14) | - | - | High
|
||||
56 | [23.83.133.186](https://vuldb.com/?ip.23.83.133.186) | - | - | High
|
||||
57 | [23.94.54.224](https://vuldb.com/?ip.23.94.54.224) | 23-94-54-224-host.colocrossing.com | - | High
|
||||
58 | [23.94.199.19](https://vuldb.com/?ip.23.94.199.19) | 23-94-199-19-host.colocrossing.com | - | High
|
||||
59 | [23.99.225.116](https://vuldb.com/?ip.23.99.225.116) | - | - | High
|
||||
60 | [23.105.131.153](https://vuldb.com/?ip.23.105.131.153) | mail153.nessfist.com | - | High
|
||||
61 | [23.105.131.156](https://vuldb.com/?ip.23.105.131.156) | mail156.nessfist.com | - | High
|
||||
62 | [23.105.131.193](https://vuldb.com/?ip.23.105.131.193) | mail193.nessfist.com | - | High
|
||||
63 | [23.105.131.207](https://vuldb.com/?ip.23.105.131.207) | mail207.nessfist.com | - | High
|
||||
64 | [23.105.131.243](https://vuldb.com/?ip.23.105.131.243) | mail243.nessfist.com | - | High
|
||||
65 | [23.106.121.172](https://vuldb.com/?ip.23.106.121.172) | - | - | High
|
||||
66 | [23.226.130.102](https://vuldb.com/?ip.23.226.130.102) | 23.226.130.102.static.greencloudvps.com | - | High
|
||||
67 | [23.227.199.39](https://vuldb.com/?ip.23.227.199.39) | autumn.blackcurrants.me | - | High
|
||||
68 | [23.227.199.106](https://vuldb.com/?ip.23.227.199.106) | 23-227-199-106.static.hvvc.us | - | High
|
||||
69 | [23.227.202.157](https://vuldb.com/?ip.23.227.202.157) | 23-227-202-157.static.hvvc.us | - | High
|
||||
70 | [23.227.203.214](https://vuldb.com/?ip.23.227.203.214) | 23-227-203-214.static.hvvc.us | - | High
|
||||
71 | [23.254.230.117](https://vuldb.com/?ip.23.254.230.117) | client-23-254-230-117.hostwindsdns.com | - | High
|
||||
72 | [24.152.37.45](https://vuldb.com/?ip.24.152.37.45) | 24-152-37-45.masterdaweb.com | - | High
|
||||
73 | [31.210.20.4](https://vuldb.com/?ip.31.210.20.4) | - | - | High
|
||||
74 | [31.210.20.155](https://vuldb.com/?ip.31.210.20.155) | - | - | High
|
||||
75 | [31.210.20.207](https://vuldb.com/?ip.31.210.20.207) | - | - | High
|
||||
76 | [31.210.20.231](https://vuldb.com/?ip.31.210.20.231) | - | - | High
|
||||
77 | [31.220.99.254](https://vuldb.com/?ip.31.220.99.254) | vmi1549599.contaboserver.net | - | High
|
||||
78 | [34.92.152.18](https://vuldb.com/?ip.34.92.152.18) | 18.152.92.34.bc.googleusercontent.com | - | Medium
|
||||
79 | [35.171.18.39](https://vuldb.com/?ip.35.171.18.39) | ec2-35-171-18-39.compute-1.amazonaws.com | - | Medium
|
||||
80 | [35.181.21.143](https://vuldb.com/?ip.35.181.21.143) | ec2-35-181-21-143.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
81 | [37.0.8.145](https://vuldb.com/?ip.37.0.8.145) | elliott.athinneru.com | - | High
|
||||
82 | [37.0.10.69](https://vuldb.com/?ip.37.0.10.69) | - | - | High
|
||||
83 | [37.0.10.141](https://vuldb.com/?ip.37.0.10.141) | - | - | High
|
||||
84 | [37.0.10.166](https://vuldb.com/?ip.37.0.10.166) | - | - | High
|
||||
85 | [37.0.11.205](https://vuldb.com/?ip.37.0.11.205) | - | - | High
|
||||
86 | [37.0.11.237](https://vuldb.com/?ip.37.0.11.237) | - | - | High
|
||||
87 | [37.0.14.195](https://vuldb.com/?ip.37.0.14.195) | - | - | High
|
||||
88 | [37.0.14.197](https://vuldb.com/?ip.37.0.14.197) | - | - | High
|
||||
89 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
90 | [37.0.14.201](https://vuldb.com/?ip.37.0.14.201) | - | - | High
|
||||
91 | [37.0.14.202](https://vuldb.com/?ip.37.0.14.202) | - | - | High
|
||||
92 | [37.0.14.204](https://vuldb.com/?ip.37.0.14.204) | - | - | High
|
||||
93 | [37.0.14.205](https://vuldb.com/?ip.37.0.14.205) | - | - | High
|
||||
94 | [37.0.14.206](https://vuldb.com/?ip.37.0.14.206) | - | - | High
|
||||
95 | [37.0.14.207](https://vuldb.com/?ip.37.0.14.207) | - | - | High
|
||||
96 | [37.0.14.208](https://vuldb.com/?ip.37.0.14.208) | - | - | High
|
||||
97 | [37.0.14.209](https://vuldb.com/?ip.37.0.14.209) | - | - | High
|
||||
98 | [37.0.14.210](https://vuldb.com/?ip.37.0.14.210) | host-37-0-14-210.static.deli-one.co.uk | - | High
|
||||
99 | [37.0.14.211](https://vuldb.com/?ip.37.0.14.211) | - | - | High
|
||||
100 | [37.0.14.212](https://vuldb.com/?ip.37.0.14.212) | - | - | High
|
||||
101 | [37.0.14.215](https://vuldb.com/?ip.37.0.14.215) | - | - | High
|
||||
102 | [37.0.14.216](https://vuldb.com/?ip.37.0.14.216) | - | - | High
|
||||
103 | [37.0.14.217](https://vuldb.com/?ip.37.0.14.217) | - | - | High
|
||||
104 | [37.19.193.217](https://vuldb.com/?ip.37.19.193.217) | unn-37-19-193-217.cdn77.com | - | High
|
||||
105 | [37.46.150.67](https://vuldb.com/?ip.37.46.150.67) | - | - | High
|
||||
106 | [37.46.150.86](https://vuldb.com/?ip.37.46.150.86) | - | - | High
|
||||
107 | [37.49.225.194](https://vuldb.com/?ip.37.49.225.194) | - | - | High
|
||||
108 | [37.49.230.168](https://vuldb.com/?ip.37.49.230.168) | - | - | High
|
||||
109 | [37.120.155.179](https://vuldb.com/?ip.37.120.155.179) | - | - | High
|
||||
110 | [37.120.206.69](https://vuldb.com/?ip.37.120.206.69) | - | - | High
|
||||
111 | [37.120.208.43](https://vuldb.com/?ip.37.120.208.43) | - | - | High
|
||||
112 | [37.120.210.211](https://vuldb.com/?ip.37.120.210.211) | - | - | High
|
||||
113 | [37.120.222.54](https://vuldb.com/?ip.37.120.222.54) | - | - | High
|
||||
114 | [37.120.247.13](https://vuldb.com/?ip.37.120.247.13) | - | - | High
|
||||
115 | [37.120.247.211](https://vuldb.com/?ip.37.120.247.211) | - | - | High
|
||||
116 | [37.139.34.62](https://vuldb.com/?ip.37.139.34.62) | 62.mcs.mail.ru | - | High
|
||||
117 | [37.139.129.47](https://vuldb.com/?ip.37.139.129.47) | - | - | High
|
||||
118 | [37.139.129.100](https://vuldb.com/?ip.37.139.129.100) | - | - | High
|
||||
119 | [37.187.186.28](https://vuldb.com/?ip.37.187.186.28) | ip28.ip-37-187-186.eu | - | High
|
||||
120 | [37.187.222.230](https://vuldb.com/?ip.37.187.222.230) | ip230.ip-37-187-222.eu | - | High
|
||||
121 | [37.220.87.3](https://vuldb.com/?ip.37.220.87.3) | ipn-37-220-87-3.artem-catv.ru | - | High
|
||||
122 | [37.221.113.65](https://vuldb.com/?ip.37.221.113.65) | - | - | High
|
||||
123 | [38.68.41.122](https://vuldb.com/?ip.38.68.41.122) | - | - | High
|
||||
124 | [38.117.65.122](https://vuldb.com/?ip.38.117.65.122) | 38-117-65-122.static-ip.ravand.ca | - | High
|
||||
125 | [38.132.114.178](https://vuldb.com/?ip.38.132.114.178) | - | - | High
|
||||
126 | [38.170.239.42](https://vuldb.com/?ip.38.170.239.42) | - | - | High
|
||||
127 | [38.170.239.48](https://vuldb.com/?ip.38.170.239.48) | - | - | High
|
||||
128 | [38.255.33.106](https://vuldb.com/?ip.38.255.33.106) | - | - | High
|
||||
129 | [38.255.40.137](https://vuldb.com/?ip.38.255.40.137) | - | - | High
|
||||
130 | [38.255.42.181](https://vuldb.com/?ip.38.255.42.181) | - | - | High
|
||||
131 | [38.255.42.252](https://vuldb.com/?ip.38.255.42.252) | - | - | High
|
||||
132 | [40.83.20.77](https://vuldb.com/?ip.40.83.20.77) | - | - | High
|
||||
133 | [40.83.220.150](https://vuldb.com/?ip.40.83.220.150) | - | - | High
|
||||
134 | [40.84.216.183](https://vuldb.com/?ip.40.84.216.183) | - | - | High
|
||||
135 | [41.185.97.216](https://vuldb.com/?ip.41.185.97.216) | - | - | High
|
||||
136 | [41.216.183.52](https://vuldb.com/?ip.41.216.183.52) | - | - | High
|
||||
137 | [41.216.188.29](https://vuldb.com/?ip.41.216.188.29) | - | - | High
|
||||
138 | [43.226.229.43](https://vuldb.com/?ip.43.226.229.43) | - | - | High
|
||||
139 | [43.230.202.77](https://vuldb.com/?ip.43.230.202.77) | - | - | High
|
||||
140 | [45.8.146.20](https://vuldb.com/?ip.45.8.146.20) | vm1480953.stark-industries.solutions | - | High
|
||||
141 | [45.12.253.22](https://vuldb.com/?ip.45.12.253.22) | - | - | High
|
||||
142 | [45.12.253.146](https://vuldb.com/?ip.45.12.253.146) | - | - | High
|
||||
143 | [45.12.253.202](https://vuldb.com/?ip.45.12.253.202) | - | - | High
|
||||
144 | [45.15.143.216](https://vuldb.com/?ip.45.15.143.216) | - | - | High
|
||||
145 | [45.15.156.33](https://vuldb.com/?ip.45.15.156.33) | - | - | High
|
||||
146 | [45.42.45.245](https://vuldb.com/?ip.45.42.45.245) | - | - | High
|
||||
147 | [45.59.119.153](https://vuldb.com/?ip.45.59.119.153) | - | - | High
|
||||
148 | [45.59.119.212](https://vuldb.com/?ip.45.59.119.212) | - | - | High
|
||||
149 | [45.61.128.246](https://vuldb.com/?ip.45.61.128.246) | - | - | High
|
||||
150 | [45.61.136.88](https://vuldb.com/?ip.45.61.136.88) | - | - | High
|
||||
151 | [45.61.136.129](https://vuldb.com/?ip.45.61.136.129) | - | - | High
|
||||
152 | [45.61.171.47](https://vuldb.com/?ip.45.61.171.47) | - | - | High
|
||||
153 | [45.61.175.241](https://vuldb.com/?ip.45.61.175.241) | - | - | High
|
||||
154 | [45.66.230.22](https://vuldb.com/?ip.45.66.230.22) | - | - | High
|
||||
155 | [45.66.230.108](https://vuldb.com/?ip.45.66.230.108) | - | - | High
|
||||
156 | [45.72.96.199](https://vuldb.com/?ip.45.72.96.199) | - | - | High
|
||||
157 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
158 | [45.81.39.33](https://vuldb.com/?ip.45.81.39.33) | - | - | High
|
||||
159 | [45.81.39.55](https://vuldb.com/?ip.45.81.39.55) | - | - | High
|
||||
160 | [45.81.39.89](https://vuldb.com/?ip.45.81.39.89) | - | - | High
|
||||
161 | [45.81.150.32](https://vuldb.com/?ip.45.81.150.32) | - | - | High
|
||||
162 | [45.83.129.166](https://vuldb.com/?ip.45.83.129.166) | - | - | High
|
||||
163 | [45.87.61.105](https://vuldb.com/?ip.45.87.61.105) | - | - | High
|
||||
164 | [45.87.61.139](https://vuldb.com/?ip.45.87.61.139) | - | - | High
|
||||
165 | [45.87.61.156](https://vuldb.com/?ip.45.87.61.156) | - | - | High
|
||||
166 | [45.87.61.202](https://vuldb.com/?ip.45.87.61.202) | - | - | High
|
||||
167 | [45.87.62.181](https://vuldb.com/?ip.45.87.62.181) | - | - | High
|
||||
168 | [45.87.63.121](https://vuldb.com/?ip.45.87.63.121) | - | - | High
|
||||
169 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
170 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
|
||||
171 | [45.88.67.72](https://vuldb.com/?ip.45.88.67.72) | - | - | High
|
||||
172 | [45.88.67.103](https://vuldb.com/?ip.45.88.67.103) | - | - | High
|
||||
173 | [45.88.67.145](https://vuldb.com/?ip.45.88.67.145) | - | - | High
|
||||
174 | [45.88.79.162](https://vuldb.com/?ip.45.88.79.162) | free.example.com | - | High
|
||||
175 | [45.90.222.97](https://vuldb.com/?ip.45.90.222.97) | 45-90-222-97-hostedby.bcr.host | - | High
|
||||
176 | [45.95.168.83](https://vuldb.com/?ip.45.95.168.83) | - | - | High
|
||||
177 | [45.124.54.94](https://vuldb.com/?ip.45.124.54.94) | maccullohmelb | - | High
|
||||
178 | [45.127.101.18](https://vuldb.com/?ip.45.127.101.18) | - | - | High
|
||||
179 | [45.132.106.37](https://vuldb.com/?ip.45.132.106.37) | vm4440858.34ssd.had.wf | - | High
|
||||
180 | [45.133.1.34](https://vuldb.com/?ip.45.133.1.34) | - | - | High
|
||||
181 | [45.133.174.153](https://vuldb.com/?ip.45.133.174.153) | - | - | High
|
||||
182 | [45.133.235.148](https://vuldb.com/?ip.45.133.235.148) | - | - | High
|
||||
183 | [45.135.164.194](https://vuldb.com/?ip.45.135.164.194) | ibera.togeteheran.com | - | High
|
||||
184 | [45.137.22.35](https://vuldb.com/?ip.45.137.22.35) | hosted-by.rootlayer.net | - | High
|
||||
185 | [45.137.22.45](https://vuldb.com/?ip.45.137.22.45) | hosted-by.rootlayer.net | - | High
|
||||
186 | [45.137.22.62](https://vuldb.com/?ip.45.137.22.62) | hosted-by.rootlayer.net | - | High
|
||||
187 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
188 | [45.137.22.79](https://vuldb.com/?ip.45.137.22.79) | hosted-by.rootlayer.net | - | High
|
||||
189 | [45.137.22.89](https://vuldb.com/?ip.45.137.22.89) | hosted-by.rootlayer.net | - | High
|
||||
190 | [45.137.22.107](https://vuldb.com/?ip.45.137.22.107) | hosted-by.rootlayer.net | - | High
|
||||
191 | [45.137.22.117](https://vuldb.com/?ip.45.137.22.117) | hosted-by.rootlayer.net | - | High
|
||||
192 | [45.137.22.123](https://vuldb.com/?ip.45.137.22.123) | hosted-by.rootlayer.net | - | High
|
||||
193 | [45.137.22.131](https://vuldb.com/?ip.45.137.22.131) | hosted-by.rootlayer.net | - | High
|
||||
194 | [45.137.22.143](https://vuldb.com/?ip.45.137.22.143) | hosted-by.rootlayer.net | - | High
|
||||
195 | [45.137.65.132](https://vuldb.com/?ip.45.137.65.132) | vm4266462.34ssd.had.wf | - | High
|
||||
196 | [45.137.65.229](https://vuldb.com/?ip.45.137.65.229) | vm4437484.25ssd.had.wf | - | High
|
||||
197 | [45.137.116.2](https://vuldb.com/?ip.45.137.116.2) | - | - | High
|
||||
198 | [45.137.116.170](https://vuldb.com/?ip.45.137.116.170) | vps-zap970417-5.zap-srv.com | - | High
|
||||
199 | [45.138.16.214](https://vuldb.com/?ip.45.138.16.214) | - | - | High
|
||||
200 | [45.138.172.34](https://vuldb.com/?ip.45.138.172.34) | - | - | High
|
||||
201 | [45.138.172.56](https://vuldb.com/?ip.45.138.172.56) | - | - | High
|
||||
202 | [45.139.105.7](https://vuldb.com/?ip.45.139.105.7) | - | - | High
|
||||
203 | [45.139.105.147](https://vuldb.com/?ip.45.139.105.147) | - | - | High
|
||||
204 | [45.139.105.174](https://vuldb.com/?ip.45.139.105.174) | - | - | High
|
||||
205 | [45.139.105.207](https://vuldb.com/?ip.45.139.105.207) | - | - | High
|
||||
206 | [45.139.105.231](https://vuldb.com/?ip.45.139.105.231) | - | - | High
|
||||
207 | [45.143.144.94](https://vuldb.com/?ip.45.143.144.94) | - | - | High
|
||||
208 | [45.143.146.56](https://vuldb.com/?ip.45.143.146.56) | - | - | High
|
||||
209 | [45.143.146.186](https://vuldb.com/?ip.45.143.146.186) | - | - | High
|
||||
210 | [45.143.147.163](https://vuldb.com/?ip.45.143.147.163) | - | - | High
|
||||
211 | [45.143.147.226](https://vuldb.com/?ip.45.143.147.226) | - | - | High
|
||||
212 | [45.144.225.22](https://vuldb.com/?ip.45.144.225.22) | - | - | High
|
||||
213 | [45.144.225.112](https://vuldb.com/?ip.45.144.225.112) | - | - | High
|
||||
214 | [45.145.185.52](https://vuldb.com/?ip.45.145.185.52) | - | - | High
|
||||
215 | [45.145.185.153](https://vuldb.com/?ip.45.145.185.153) | - | - | High
|
||||
216 | [45.147.230.113](https://vuldb.com/?ip.45.147.230.113) | - | - | High
|
||||
217 | [45.147.231.60](https://vuldb.com/?ip.45.147.231.60) | - | - | High
|
||||
218 | [45.150.65.8](https://vuldb.com/?ip.45.150.65.8) | vm1384194.stark-industries.solutions | - | High
|
||||
219 | [45.151.122.57](https://vuldb.com/?ip.45.151.122.57) | vmi1478658.contaboserver.net | - | High
|
||||
220 | [45.153.203.33](https://vuldb.com/?ip.45.153.203.33) | - | - | High
|
||||
221 | [45.153.241.55](https://vuldb.com/?ip.45.153.241.55) | - | - | High
|
||||
222 | [45.154.98.130](https://vuldb.com/?ip.45.154.98.130) | powered.by.rdp.sh | - | High
|
||||
223 | [45.155.37.81](https://vuldb.com/?ip.45.155.37.81) | - | - | High
|
||||
224 | [45.156.84.190](https://vuldb.com/?ip.45.156.84.190) | vps-zap1022895-1.zap-srv.com | - | High
|
||||
225 | [45.162.228.171](https://vuldb.com/?ip.45.162.228.171) | - | - | High
|
||||
226 | [46.3.197.239](https://vuldb.com/?ip.46.3.197.239) | - | - | High
|
||||
227 | [46.3.199.112](https://vuldb.com/?ip.46.3.199.112) | - | - | High
|
||||
228 | [46.21.147.99](https://vuldb.com/?ip.46.21.147.99) | 46-21-147-99.static.hvvc.us | - | High
|
||||
229 | [46.101.159.120](https://vuldb.com/?ip.46.101.159.120) | - | - | High
|
||||
230 | ... | ... | ... | ...
|
||||
|
||||
There are 898 more IOC items available. Please use our online service to access the data.
|
||||
There are 918 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -255,14 +260,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -270,47 +275,63 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.` | High
|
||||
2 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
3 | File | `//proc/kcore` | Medium
|
||||
4 | File | `/admin/action/delete-vaccine.php` | High
|
||||
5 | File | `/admin/general.cgi` | High
|
||||
6 | File | `/admin/index2.html` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/save.php` | High
|
||||
9 | File | `/admin/search-appointment.php` | High
|
||||
10 | File | `/api/admin/system/store/order/list` | High
|
||||
11 | File | `/api/v1/alerts` | High
|
||||
12 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
13 | File | `/api/v4/users/ids` | High
|
||||
14 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
15 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
16 | File | `/categorypage.php` | High
|
||||
17 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
18 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
19 | File | `/change-language/de_DE` | High
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/dist/index.js` | High
|
||||
22 | File | `/etc/shadow` | Medium
|
||||
23 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
24 | File | `/forms/doLogin` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/geoserver/gwc/rest.html` | High
|
||||
27 | File | `/goform/formSysCmd` | High
|
||||
28 | File | `/HNAP1` | Low
|
||||
29 | File | `/hosts/firewall/ip` | High
|
||||
30 | File | `/index.php/ccm/system/file/upload` | High
|
||||
31 | File | `/listplace/user/ticket/create` | High
|
||||
32 | File | `/log/decodmail.php` | High
|
||||
33 | File | `/mhds/clinic/view_details.php` | High
|
||||
34 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
35 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
36 | File | `/php/ping.php` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
39 | ... | ... | ...
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
|
||||
3 | File | `/.env` | Low
|
||||
4 | File | `//proc/kcore` | Medium
|
||||
5 | File | `/Account/login.php` | High
|
||||
6 | File | `/admin/` | Low
|
||||
7 | File | `/admin/action/delete-vaccine.php` | High
|
||||
8 | File | `/admin/action/new-father.php` | High
|
||||
9 | File | `/admin/app/service_crud.php` | High
|
||||
10 | File | `/admin/edit-admin.php` | High
|
||||
11 | File | `/admin/general.cgi` | High
|
||||
12 | File | `/admin/index2.html` | High
|
||||
13 | File | `/Admin/login.php` | High
|
||||
14 | File | `/adminapi/system/crud` | High
|
||||
15 | File | `/adminapi/system/file/openfile` | High
|
||||
16 | File | `/admin_ping.htm` | High
|
||||
17 | File | `/admin_route/dec_service_credits.php` | High
|
||||
18 | File | `/api/admin/system/store/order/list` | High
|
||||
19 | File | `/api/v4/teams//channels/deleted` | High
|
||||
20 | File | `/app/admin/controller/Upload.php` | High
|
||||
21 | File | `/app/ajax/search_sales_report.php` | High
|
||||
22 | File | `/app/controller/Setup.php` | High
|
||||
23 | File | `/app/index/controller/Common.php` | High
|
||||
24 | File | `/app/middleware/TokenVerify.php` | High
|
||||
25 | File | `/application/index/controller/Screen.php` | High
|
||||
26 | File | `/application/index/controller/Service.php` | High
|
||||
27 | File | `/application/websocket/controller/Setting.php` | High
|
||||
28 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
29 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
30 | File | `/bin/boa` | Medium
|
||||
31 | File | `/boafrm/formMapDelDevice` | High
|
||||
32 | File | `/category.php` | High
|
||||
33 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
34 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
35 | File | `/change-language/de_DE` | High
|
||||
36 | File | `/debug/pprof` | Medium
|
||||
37 | File | `/devinfo` | Medium
|
||||
38 | File | `/dist/index.js` | High
|
||||
39 | File | `/Employer/ManageWalkin.php` | High
|
||||
40 | File | `/endpoint/add-faq.php` | High
|
||||
41 | File | `/endpoint/delete-computer.php` | High
|
||||
42 | File | `/endpoint/update-resident.php` | High
|
||||
43 | File | `/endpoint/update-tracker.php` | High
|
||||
44 | File | `/forms/doLogin` | High
|
||||
45 | File | `/forum/away.php` | High
|
||||
46 | File | `/goform/formSysCmd` | High
|
||||
47 | File | `/hedwig.cgi` | Medium
|
||||
48 | File | `/HNAP1/` | Low
|
||||
49 | File | `/hosts/firewall/ip` | High
|
||||
50 | File | `/index.jsp#settings` | High
|
||||
51 | File | `/index.php/ccm/system/file/upload` | High
|
||||
52 | File | `/log/decodmail.php` | High
|
||||
53 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
54 | File | `/myprofile.php` | High
|
||||
55 | ... | ... | ...
|
||||
|
||||
There are 337 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 481 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -335,6 +356,18 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/cf4e53b7758ebb9a9470cb6fd3a2c69fcd96e045534ab80a44eac752c09e50f0/
|
||||
* https://bazaar.abuse.ch/sample/e98ad2d7da9c7fe8e1e3e399c5e32b3c5b698156d413605c3e62c518acfec697/
|
||||
* https://raw.githubusercontent.com/executemalware/Malware-IOCs/main/2022-08-23%20AveMaria%20IOCs
|
||||
* https://search.censys.io/hosts/2.58.14.224
|
||||
* https://search.censys.io/hosts/5.249.160.250
|
||||
* https://search.censys.io/hosts/45.137.116.2
|
||||
* https://search.censys.io/hosts/45.156.84.190
|
||||
* https://search.censys.io/hosts/85.209.11.168
|
||||
* https://search.censys.io/hosts/147.189.175.79
|
||||
* https://search.censys.io/hosts/152.89.198.197
|
||||
* https://search.censys.io/hosts/155.254.24.167
|
||||
* https://search.censys.io/hosts/185.161.248.231
|
||||
* https://search.censys.io/hosts/185.202.175.208
|
||||
* https://search.censys.io/hosts/185.236.203.102
|
||||
* https://search.censys.io/hosts/193.203.238.147
|
||||
* https://threatfox.abuse.ch
|
||||
* https://tria.ge/210825-3t78skvqca
|
||||
* https://tria.ge/210907-tkk93sgbcp
|
||||
|
|
|
@ -36,10 +36,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -64,46 +64,49 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `/admin/user/manage_user.php` | High
|
||||
12 | File | `/advance_push/public/login` | High
|
||||
13 | File | `/anony/mjpg.cgi` | High
|
||||
14 | File | `/assets/components/gallery/connector.php` | High
|
||||
15 | File | `/course/filterRecords/` | High
|
||||
16 | File | `/ctcprotocol/Protocol` | High
|
||||
17 | File | `/device/device=140/tab=wifi/view` | High
|
||||
18 | File | `/download/image` | High
|
||||
19 | File | `/etc/sudoers` | Medium
|
||||
20 | File | `/Forms/` | Low
|
||||
21 | File | `/framework/modules/users/models/user.php` | High
|
||||
22 | File | `/ghost/preview` | High
|
||||
23 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/mcategory.php` | High
|
||||
26 | File | `/member/picture/album` | High
|
||||
27 | File | `/mysql/api/diags.php` | High
|
||||
28 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
29 | File | `/phpcollab/users/edituser.php` | High
|
||||
30 | File | `/plain` | Low
|
||||
31 | File | `/products/details.asp` | High
|
||||
32 | File | `/product_list.php` | High
|
||||
33 | File | `/public/login.htm` | High
|
||||
34 | File | `/replication` | Medium
|
||||
35 | File | `/service/upload` | High
|
||||
36 | File | `/services/details.asp` | High
|
||||
37 | File | `/showfile.php` | High
|
||||
38 | File | `/trx_addons/v2/get/sc_layout` | High
|
||||
39 | File | `/uncpath/` | Medium
|
||||
40 | File | `/upload/catalog/controller/account/password.php` | High
|
||||
41 | File | `/usr/bin/pkexec` | High
|
||||
42 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
43 | File | `/wbms/classes/Master.php?f=delete_client` | High
|
||||
44 | File | `/web/api/app/Controller/HostController.php` | High
|
||||
45 | File | `/WebMstr7/servlet/mstrWeb` | High
|
||||
46 | File | `/wp-admin/admin-ajax.php` | High
|
||||
47 | File | `4.edu.php` | Medium
|
||||
48 | File | `5.2.9\syscrb.exe` | High
|
||||
49 | File | `123flashchat.php` | High
|
||||
50 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
51 | ... | ... | ...
|
||||
14 | File | `/application/index/controller/Databasesource.php` | High
|
||||
15 | File | `/application/index/controller/File.php` | High
|
||||
16 | File | `/application/plugins/controller/Upload.php` | High
|
||||
17 | File | `/assets/components/gallery/connector.php` | High
|
||||
18 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
19 | File | `/classes/master.php?f=delete_order` | High
|
||||
20 | File | `/course/filterRecords/` | High
|
||||
21 | File | `/ctcprotocol/Protocol` | High
|
||||
22 | File | `/device/device=140/tab=wifi/view` | High
|
||||
23 | File | `/download/image` | High
|
||||
24 | File | `/etc/sudoers` | Medium
|
||||
25 | File | `/ext/collect/find_text.do` | High
|
||||
26 | File | `/Forms/` | Low
|
||||
27 | File | `/framework/modules/users/models/user.php` | High
|
||||
28 | File | `/ghost/preview` | High
|
||||
29 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
30 | File | `/index.php` | Medium
|
||||
31 | File | `/mcategory.php` | High
|
||||
32 | File | `/member/picture/album` | High
|
||||
33 | File | `/mysql/api/diags.php` | High
|
||||
34 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
35 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
36 | File | `/phpcollab/users/edituser.php` | High
|
||||
37 | File | `/plain` | Low
|
||||
38 | File | `/products/details.asp` | High
|
||||
39 | File | `/product_list.php` | High
|
||||
40 | File | `/public/login.htm` | High
|
||||
41 | File | `/replication` | Medium
|
||||
42 | File | `/service/upload` | High
|
||||
43 | File | `/services/details.asp` | High
|
||||
44 | File | `/showfile.php` | High
|
||||
45 | File | `/trx_addons/v2/get/sc_layout` | High
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/upload/catalog/controller/account/password.php` | High
|
||||
48 | File | `/usr/bin/pkexec` | High
|
||||
49 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
50 | File | `/wbms/classes/Master.php?f=delete_client` | High
|
||||
51 | File | `/web/api/app/Controller/HostController.php` | High
|
||||
52 | File | `/WebMstr7/servlet/mstrWeb` | High
|
||||
53 | File | `/wp-admin/admin-ajax.php` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 439 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 472 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -30,9 +30,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -44,12 +44,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cwc/login` | Medium
|
||||
2 | File | `/iwguestbook/admin/badwords_edit.asp` | High
|
||||
3 | File | `/iwguestbook/admin/messages_edit.asp` | High
|
||||
4 | File | `admin/dashboard.php` | High
|
||||
2 | File | `/intern/controller.php` | High
|
||||
3 | File | `/iwguestbook/admin/badwords_edit.asp` | High
|
||||
4 | File | `/iwguestbook/admin/messages_edit.asp` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 27 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 30 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -30,9 +30,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -44,12 +44,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cwc/login` | Medium
|
||||
2 | File | `/iwguestbook/admin/badwords_edit.asp` | High
|
||||
3 | File | `/iwguestbook/admin/messages_edit.asp` | High
|
||||
4 | File | `admin/dashboard.php` | High
|
||||
2 | File | `/intern/controller.php` | High
|
||||
3 | File | `/iwguestbook/admin/badwords_edit.asp` | High
|
||||
4 | File | `/iwguestbook/admin/messages_edit.asp` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 27 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 30 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -74,7 +74,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
@ -94,7 +94,7 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/user/ticket/create` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 42 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 43 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -114,15 +114,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -131,56 +130,59 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/?page=user/list` | High
|
||||
3 | File | `/admin/action/new-father.php` | High
|
||||
2 | File | `/admin/action/new-father.php` | High
|
||||
3 | File | `/admin/app/service_crud.php` | High
|
||||
4 | File | `/admin/controller/JobLogController.java` | High
|
||||
5 | File | `/admin/manage-users.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/sys/login` | High
|
||||
8 | File | `/api/sys/set_passwd` | High
|
||||
9 | File | `/api/trackedEntityInstances` | High
|
||||
10 | File | `/api/v4/teams//channels/deleted` | High
|
||||
11 | File | `/appliance/users?action=edit` | High
|
||||
12 | File | `/application/index/controller/Screen.php` | High
|
||||
13 | File | `/application/websocket/controller/Setting.php` | High
|
||||
14 | File | `/aux` | Low
|
||||
15 | File | `/bin/boa` | Medium
|
||||
16 | File | `/boafrm/formMapDelDevice` | High
|
||||
17 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
18 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
19 | File | `/changePassword` | High
|
||||
20 | File | `/collection/all` | High
|
||||
21 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
22 | File | `/dashboard/add-blog.php` | High
|
||||
23 | File | `/data/remove` | Medium
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/ecshop/admin/template.php` | High
|
||||
26 | File | `/etc/passwd` | Medium
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/fusion/portal/action/Link` | High
|
||||
29 | File | `/group1/uploa` | High
|
||||
30 | File | `/hedwig.cgi` | Medium
|
||||
31 | File | `/HNAP1/` | Low
|
||||
32 | File | `/importexport.php` | High
|
||||
33 | File | `/index.php` | Medium
|
||||
34 | File | `/mhds/clinic/view_details.php` | High
|
||||
35 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
36 | File | `/novel/bookSetting/list` | High
|
||||
37 | File | `/novel/userFeedback/list` | High
|
||||
38 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
39 | File | `/showfile.php` | High
|
||||
40 | File | `/student/bookdetails.php` | High
|
||||
41 | File | `/SysManage/AddUpdateRole.aspx` | High
|
||||
42 | File | `/sysmanage/updateos.php` | High
|
||||
43 | File | `/testConnection` | High
|
||||
44 | File | `/tmp/ppd.trace` | High
|
||||
45 | File | `/trx_addons/v2/get/sc_layout` | High
|
||||
46 | File | `/upload/ueditorConfig?action=config` | High
|
||||
47 | File | `/uploads/tags.php` | High
|
||||
48 | File | `/user/inc/workidajax.php` | High
|
||||
49 | ... | ... | ...
|
||||
5 | File | `/admin/edit-admin.php` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/manage-users.php` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/sys/login` | High
|
||||
10 | File | `/api/sys/set_passwd` | High
|
||||
11 | File | `/api/trackedEntityInstances` | High
|
||||
12 | File | `/api/v4/teams//channels/deleted` | High
|
||||
13 | File | `/app/ajax/search_sales_report.php` | High
|
||||
14 | File | `/app/controller/Setup.php` | High
|
||||
15 | File | `/app/middleware/TokenVerify.php` | High
|
||||
16 | File | `/appliance/users?action=edit` | High
|
||||
17 | File | `/application/index/controller/Screen.php` | High
|
||||
18 | File | `/application/websocket/controller/Setting.php` | High
|
||||
19 | File | `/aux` | Low
|
||||
20 | File | `/bin/boa` | Medium
|
||||
21 | File | `/boafrm/formMapDelDevice` | High
|
||||
22 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
23 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
24 | File | `/changePassword` | High
|
||||
25 | File | `/collection/all` | High
|
||||
26 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
27 | File | `/dashboard/add-blog.php` | High
|
||||
28 | File | `/data/remove` | Medium
|
||||
29 | File | `/debug/pprof` | Medium
|
||||
30 | File | `/ecshop/admin/template.php` | High
|
||||
31 | File | `/Employer/ManageWalkin.php` | High
|
||||
32 | File | `/endpoint/add-faq.php` | High
|
||||
33 | File | `/endpoint/delete-computer.php` | High
|
||||
34 | File | `/endpoint/update-resident.php` | High
|
||||
35 | File | `/endpoint/update-tracker.php` | High
|
||||
36 | File | `/etc/passwd` | Medium
|
||||
37 | File | `/forum/away.php` | High
|
||||
38 | File | `/fusion/portal/action/Link` | High
|
||||
39 | File | `/goform/net\_Web\_get_value` | High
|
||||
40 | File | `/hedwig.cgi` | Medium
|
||||
41 | File | `/HNAP1/` | Low
|
||||
42 | File | `/importexport.php` | High
|
||||
43 | File | `/index.php` | Medium
|
||||
44 | File | `/mhds/clinic/view_details.php` | High
|
||||
45 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
46 | File | `/novel/bookSetting/list` | High
|
||||
47 | File | `/novel/userFeedback/list` | High
|
||||
48 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
49 | File | `/showfile.php` | High
|
||||
50 | File | `/student/bookdetails.php` | High
|
||||
51 | File | `/SysManage/AddUpdateRole.aspx` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 424 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -29,8 +29,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -47,9 +47,10 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/inc/HTTPClient.php` | High
|
||||
4 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
5 | File | `addentry.php` | Medium
|
||||
6 | ... | ... | ...
|
||||
6 | File | `add_edit_cat.asp` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 42 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 43 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -34,9 +34,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -31,12 +31,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -44,12 +44,15 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/mc-admin/page.php` | High
|
||||
2 | File | `ajax_url.php` | Medium
|
||||
3 | File | `byterun/bigarray.c` | High
|
||||
4 | ... | ... | ...
|
||||
1 | File | `/loginsave.php` | High
|
||||
2 | File | `/mc-admin/page.php` | High
|
||||
3 | File | `/servlet/webacc` | High
|
||||
4 | File | `/showfile.php` | High
|
||||
5 | File | `/Side.php` | Medium
|
||||
6 | File | `/textpattern/index.php` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 43 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -40,10 +40,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -47,12 +47,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `addentry.php` | Medium
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `dc_categorieslist.asp` | High
|
||||
1 | File | `/debug/pprof` | Medium
|
||||
2 | File | `addentry.php` | Medium
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 16 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -26,9 +26,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-425 | Pathname Traversal | High
|
||||
2 | T1592 | CWE-200 | Configuration | High
|
||||
3 | T1608.002 | CWE-434 | Unrestricted Upload | High
|
||||
1 | T1006 | CWE-22, CWE-425 | Path Traversal | High
|
||||
2 | T1592 | CWE-200 | Invocation of Process Using Visible Sensitive Information | High
|
||||
3 | T1608.002 | CWE-434 | Incomplete Identification of Uploaded File Variables | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Backbone:
|
||||
|
||||
* [IO](https://vuldb.com/?country.io)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [IO](https://vuldb.com/?country.io)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -3522,15 +3522,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-274, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -3538,62 +3537,58 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/action/delete-vaccine.php` | High
|
||||
3 | File | `/admin/action/new-father.php` | High
|
||||
4 | File | `/admin/add-category.php` | High
|
||||
5 | File | `/admin/add-services.php` | High
|
||||
6 | File | `/admin/borrow_add.php` | High
|
||||
7 | File | `/admin/clientview.php` | High
|
||||
8 | File | `/admin/controller/JobLogController.java` | High
|
||||
9 | File | `/admin/edit_teacher.php` | High
|
||||
10 | File | `/admin/theme-edit.php` | High
|
||||
11 | File | `/api/log/killJob` | High
|
||||
12 | File | `/api/runscript` | High
|
||||
13 | File | `/api/snapshot and /api/get_log_file` | High
|
||||
14 | File | `/api/sys/login` | High
|
||||
15 | File | `/api/sys/set_passwd` | High
|
||||
16 | File | `/api/trackedEntityInstances` | High
|
||||
17 | File | `/api/upload.php` | High
|
||||
18 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
19 | File | `/api/v4/teams//channels/deleted` | High
|
||||
20 | File | `/app/api/controller/caiji.php` | High
|
||||
21 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
22 | File | `/app/index/controller/Common.php` | High
|
||||
23 | File | `/appliance/users?action=edit` | High
|
||||
24 | File | `/application/pay/controller/Api.php` | High
|
||||
25 | File | `/assets/php/upload.php` | High
|
||||
26 | File | `/aux` | Low
|
||||
27 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
28 | File | `/bin/boa` | Medium
|
||||
29 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
30 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
31 | File | `/changePassword` | High
|
||||
32 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
33 | File | `/classes/Master.php?f=delete_category` | High
|
||||
34 | File | `/collection/all` | High
|
||||
35 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
36 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
37 | File | `/dashboard/add-blog.php` | High
|
||||
38 | File | `/data/remove` | Medium
|
||||
39 | File | `/debug/pprof` | Medium
|
||||
40 | File | `/ecshop/admin/template.php` | High
|
||||
41 | File | `/fusion/portal/action/Link` | High
|
||||
42 | File | `/group1/uploa` | High
|
||||
43 | File | `/HNAP1/` | Low
|
||||
44 | File | `/importexport.php` | High
|
||||
45 | File | `/index.php` | Medium
|
||||
46 | File | `/index.php?c=api` | High
|
||||
47 | File | `/iniFile/config.ini` | High
|
||||
48 | File | `/issue` | Low
|
||||
49 | File | `/jeecg-boot/jmreport/show` | High
|
||||
50 | File | `/jeecg-boot/jmreport/upload` | High
|
||||
51 | File | `/login` | Low
|
||||
52 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
53 | File | `/php/ping.php` | High
|
||||
54 | ... | ... | ...
|
||||
1 | File | `.alerts-security.alerts-{space_id}` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php/appcenter/local.html?type=addon` | High
|
||||
4 | File | `/admin.php?p=/Area/index#tab=t2` | High
|
||||
5 | File | `/admin/action/delete-vaccine.php` | High
|
||||
6 | File | `/admin/action/new-father.php` | High
|
||||
7 | File | `/admin/add-category.php` | High
|
||||
8 | File | `/admin/add-services.php` | High
|
||||
9 | File | `/admin/borrow_add.php` | High
|
||||
10 | File | `/admin/clientview.php` | High
|
||||
11 | File | `/admin/controller/JobLogController.java` | High
|
||||
12 | File | `/admin/edit_teacher.php` | High
|
||||
13 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
14 | File | `/admin/theme-edit.php` | High
|
||||
15 | File | `/admin/view_sendlist.php` | High
|
||||
16 | File | `/adminapi/system/crud` | High
|
||||
17 | File | `/api/controllers/admin/app/AppController.php` | High
|
||||
18 | File | `/api/controllers/common/UploadsController.php` | High
|
||||
19 | File | `/api/log/killJob` | High
|
||||
20 | File | `/api/snapshot and /api/get_log_file` | High
|
||||
21 | File | `/api/sys/set_passwd` | High
|
||||
22 | File | `/api/trackedEntityInstances` | High
|
||||
23 | File | `/api/upload.php` | High
|
||||
24 | File | `/api/v4/teams//channels/deleted` | High
|
||||
25 | File | `/app/api/controller/caiji.php` | High
|
||||
26 | File | `/app/controller/Setup.php` | High
|
||||
27 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
28 | File | `/app/index/controller/Common.php` | High
|
||||
29 | File | `/application/index/common.php` | High
|
||||
30 | File | `/application/index/controller/Databasesource.php` | High
|
||||
31 | File | `/application/index/controller/Pay.php` | High
|
||||
32 | File | `/application/index/controller/Screen.php` | High
|
||||
33 | File | `/application/pay/controller/Api.php` | High
|
||||
34 | File | `/application/websocket/controller/Setting.php` | High
|
||||
35 | File | `/assets/php/upload.php` | High
|
||||
36 | File | `/aux` | Low
|
||||
37 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
38 | File | `/bin/boa` | Medium
|
||||
39 | File | `/boafrm/formMapDelDevice` | High
|
||||
40 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
41 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
42 | File | `/churchcrm/WhyCameEditor.php` | High
|
||||
43 | File | `/classes/Master.php?f=delete_category` | High
|
||||
44 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
45 | File | `/dashboard/add-blog.php` | High
|
||||
46 | File | `/data/remove` | Medium
|
||||
47 | File | `/debug/pprof` | Medium
|
||||
48 | File | `/ecshop/admin/template.php` | High
|
||||
49 | File | `/endpoint/delete-computer.php` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 466 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 432 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -26,8 +26,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -34,9 +34,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -31,9 +31,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bahamas Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
@ -54,13 +54,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -76,35 +76,40 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/admin/index.php?mode=content&page=media&action=edit` | High
|
||||
7 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
8 | File | `/admin/maintenance/view_designation.php` | High
|
||||
9 | File | `/admin/report/index.php` | High
|
||||
10 | File | `/admin/users.php?source=edit_user&id=1` | High
|
||||
11 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
12 | File | `/administrator/templates/default/html/windows/right.php` | High
|
||||
13 | File | `/api/runscript` | High
|
||||
14 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
15 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
16 | File | `/classes/Master.php?f=delete_service` | High
|
||||
17 | File | `/classes/Master.php?f=save_course` | High
|
||||
18 | File | `/demo/module/?module=HERE` | High
|
||||
19 | File | `/download/set.cgi` | High
|
||||
20 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
21 | File | `/dvcset/sysset/set.cgi` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goform/SysToolReboot` | High
|
||||
24 | File | `/goform/WifiExtraSet` | High
|
||||
25 | File | `/inc/topBarNav.php` | High
|
||||
26 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
|
||||
27 | File | `/mkshop/Men/profile.php` | High
|
||||
28 | File | `/mngset/authset` | High
|
||||
29 | File | `/mobile/downloadfile.aspx` | High
|
||||
30 | File | `/net/nfc/netlink.c` | High
|
||||
31 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
32 | File | `/out.php` | Medium
|
||||
33 | File | `/outgoing.php` | High
|
||||
34 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
35 | ... | ... | ...
|
||||
9 | File | `/admin/pages/edit_chicken.php` | High
|
||||
10 | File | `/admin/pages/student-print.php` | High
|
||||
11 | File | `/admin/report/index.php` | High
|
||||
12 | File | `/admin/users.php?source=edit_user&id=1` | High
|
||||
13 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
14 | File | `/administrator/templates/default/html/windows/right.php` | High
|
||||
15 | File | `/admin_route/inc_service_credits.php` | High
|
||||
16 | File | `/api/runscript` | High
|
||||
17 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
18 | File | `/application/index/controller/Icon.php` | High
|
||||
19 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
20 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
21 | File | `/classes/Master.php?f=delete_service` | High
|
||||
22 | File | `/classes/Master.php?f=save_course` | High
|
||||
23 | File | `/demo/module/?module=HERE` | High
|
||||
24 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/general/attendance/manage/ask_duty/delete.php` | High
|
||||
27 | File | `/goform/SysToolReboot` | High
|
||||
28 | File | `/goform/WifiExtraSet` | High
|
||||
29 | File | `/inc/topBarNav.php` | High
|
||||
30 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
|
||||
31 | File | `/Interface/DevManage/VM.php` | High
|
||||
32 | File | `/mkshop/Men/profile.php` | High
|
||||
33 | File | `/mobile/downloadfile.aspx` | High
|
||||
34 | File | `/net/nfc/netlink.c` | High
|
||||
35 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
36 | File | `/out.php` | Medium
|
||||
37 | File | `/outgoing.php` | High
|
||||
38 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
39 | File | `/register.do` | Medium
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 346 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,6 +17,7 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [134.255.231.233](https://vuldb.com/?ip.134.255.231.233) | vps-zap930219-3.zap-srv.com | - | High
|
||||
2 | [134.255.252.185](https://vuldb.com/?ip.134.255.252.185) | vps-zap948630-2.zap-srv.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -24,13 +25,32 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1202 | CWE-77 | Command Injection | High
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1202 | CWE-77 | Command Shell in Externally Accessible Directory | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bahamut. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/see_more_details.php` | High
|
||||
2 | File | `calendar.php3` | High
|
||||
3 | File | `login_up.php3` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://search.censys.io/hosts/134.255.231.233
|
||||
* https://search.censys.io/hosts/134.255.252.185
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 29 more country items available. Please use our online service to access the data.
|
||||
There are 31 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -70,14 +70,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-25, CWE-36 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -85,67 +85,75 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/accounts_con/register_account` | High
|
||||
3 | File | `/addbill.php` | Medium
|
||||
4 | File | `/admin` | Low
|
||||
5 | File | `/admin/` | Low
|
||||
6 | File | `/admin/admin_user.php` | High
|
||||
7 | File | `/admin/book_add.php` | High
|
||||
8 | File | `/admin/book_row.php` | High
|
||||
9 | File | `/admin/borrow_add.php` | High
|
||||
10 | File | `/admin/bwdates-report-details.php` | High
|
||||
11 | File | `/admin/course.php` | High
|
||||
12 | File | `/admin/edit_teacher.php` | High
|
||||
13 | File | `/admin/index.php?act=reset_admin_psw` | High
|
||||
14 | File | `/admin/ind_backstage.php` | High
|
||||
15 | File | `/admin/manage-pages.php` | High
|
||||
16 | File | `/admin/manage-users.php` | High
|
||||
17 | File | `/admin/options-theme.php` | High
|
||||
18 | File | `/admin/pages/subjects.php` | High
|
||||
19 | File | `/admin/pages/yearlevel.php` | High
|
||||
20 | File | `/admin/php/crud.php` | High
|
||||
21 | File | `/admin/regester.php` | High
|
||||
22 | File | `/admin/return_add.php` | High
|
||||
23 | File | `/admin/students.php` | High
|
||||
24 | File | `/admin/subject.php` | High
|
||||
25 | File | `/admin/theme-edit.php` | High
|
||||
26 | File | `/admin/update-clients.php` | High
|
||||
27 | File | `/admin/upload/img` | High
|
||||
28 | File | `/admin/uploads/` | High
|
||||
29 | File | `/admin/users` | Medium
|
||||
30 | File | `/adplanet/PlanetUser` | High
|
||||
31 | File | `/ample/app/action/edit_product.php` | High
|
||||
32 | File | `/ample/app/ajax/member_data.php` | High
|
||||
33 | File | `/api/log/killJob` | High
|
||||
34 | File | `/article/DelectArticleById/` | High
|
||||
35 | File | `/auth/auth.php?user=1` | High
|
||||
36 | File | `/auth/user/all.api` | High
|
||||
37 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
38 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
39 | File | `/bin/boa` | Medium
|
||||
40 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
41 | File | `/ccm/system/dialogs/file/delete/1/submit` | High
|
||||
42 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
43 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
44 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
45 | File | `/change-language/de_DE` | High
|
||||
46 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
47 | File | `/config,admin.jsp` | High
|
||||
48 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
49 | File | `/debug/pprof` | Medium
|
||||
50 | File | `/dist/index.js` | High
|
||||
51 | File | `/endpoint/add-guest.php` | High
|
||||
52 | File | `/endpoint/add-user.php` | High
|
||||
53 | File | `/etc/hosts.deny` | High
|
||||
54 | File | `/file-manager/delete.php` | High
|
||||
55 | File | `/file-manager/upload.php` | High
|
||||
56 | File | `/forum/away.php` | High
|
||||
57 | File | `/goform/formSysCmd` | High
|
||||
58 | File | `/h/autoSaveDraft` | High
|
||||
59 | ... | ... | ...
|
||||
1 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
|
||||
2 | File | `/#ProductSerie/view/` | High
|
||||
3 | File | `/Account/login.php` | High
|
||||
4 | File | `/add_classes.php` | High
|
||||
5 | File | `/admin.php?p=/Area/index#tab=t2` | High
|
||||
6 | File | `/admin/` | Low
|
||||
7 | File | `/admin/action/edit_chicken.php` | High
|
||||
8 | File | `/admin/action/new-father.php` | High
|
||||
9 | File | `/admin/action/update-deworm.php` | High
|
||||
10 | File | `/admin/app/product.php` | High
|
||||
11 | File | `/admin/app/profile_crud.php` | High
|
||||
12 | File | `/admin/app/service_crud.php` | High
|
||||
13 | File | `/admin/article.php?action=write` | High
|
||||
14 | File | `/admin/edit-admin.php` | High
|
||||
15 | File | `/admin/edit_categories.php` | High
|
||||
16 | File | `/admin/edit_supplier.php` | High
|
||||
17 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
18 | File | `/admin/list_localuser.php` | High
|
||||
19 | File | `/admin/login.php` | High
|
||||
20 | File | `/Admin/login.php` | High
|
||||
21 | File | `/admin/makehtml_freelist_action.php` | High
|
||||
22 | File | `/admin/pages/student-print.php` | High
|
||||
23 | File | `/admin/pages/update_go.php` | High
|
||||
24 | File | `/admin/view_sendlist.php` | High
|
||||
25 | File | `/adminapi/system/crud` | High
|
||||
26 | File | `/adminapi/system/file/openfile` | High
|
||||
27 | File | `/admin_ping.htm` | High
|
||||
28 | File | `/admin_route/dec_service_credits.php` | High
|
||||
29 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
30 | File | `/api.php` | Medium
|
||||
31 | File | `/api/controllers/admin/app/AppController.php` | High
|
||||
32 | File | `/api/controllers/admin/app/ComboController.php` | High
|
||||
33 | File | `/api/controllers/common/UploadsController.php` | High
|
||||
34 | File | `/api/controllers/merchant/app/ComboController.php` | High
|
||||
35 | File | `/api/controllers/merchant/design/MaterialController.php` | High
|
||||
36 | File | `/api/controllers/merchant/shop/PosterController.php` | High
|
||||
37 | File | `/api/v4/teams//channels/deleted` | High
|
||||
38 | File | `/app/ajax/search_sales_report.php` | High
|
||||
39 | File | `/app/api/controller/default/Sqlite.php` | High
|
||||
40 | File | `/application/index/common.php` | High
|
||||
41 | File | `/application/index/controller/Databasesource.php` | High
|
||||
42 | File | `/application/index/controller/Datament.php` | High
|
||||
43 | File | `/application/index/controller/File.php` | High
|
||||
44 | File | `/application/index/controller/Icon.php` | High
|
||||
45 | File | `/application/index/controller/Pay.php` | High
|
||||
46 | File | `/application/index/controller/Screen.php` | High
|
||||
47 | File | `/application/index/controller/Unity.php` | High
|
||||
48 | File | `/application/plugins/controller/Upload.php` | High
|
||||
49 | File | `/application/websocket/controller/Setting.php` | High
|
||||
50 | File | `/apply/index.php` | High
|
||||
51 | File | `/apps/reg_go.php` | High
|
||||
52 | File | `/assets/php/upload.php` | High
|
||||
53 | File | `/att_add.php` | Medium
|
||||
54 | File | `/bin/boa` | Medium
|
||||
55 | File | `/bin/webs` | Medium
|
||||
56 | File | `/boafrm/formMapDelDevice` | High
|
||||
57 | File | `/boafrm/formSystemCheck` | High
|
||||
58 | File | `/cancel.php` | Medium
|
||||
59 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
60 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
61 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
62 | File | `/classes/Users.php?f=save` | High
|
||||
63 | File | `/core/config-revisions` | High
|
||||
64 | File | `/currentsetting.htm` | High
|
||||
65 | File | `/dashboard/message` | High
|
||||
66 | File | `/debuginfo.htm` | High
|
||||
67 | ... | ... | ...
|
||||
|
||||
There are 512 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 592 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -54,10 +54,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -0,0 +1,76 @@
|
|||
# Ballistic Bobcat - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ballistic Bobcat](https://vuldb.com/?actor.ballistic_bobcat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ballistic_bobcat](https://vuldb.com/?actor.ballistic_bobcat)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Ballistic Bobcat:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Ballistic Bobcat.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.255.97.172](https://vuldb.com/?ip.5.255.97.172) | - | - | High
|
||||
2 | [37.120.222.168](https://vuldb.com/?ip.37.120.222.168) | - | - | High
|
||||
3 | [162.55.137.20](https://vuldb.com/?ip.162.55.137.20) | static.20.137.55.162.clients.your-server.de | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Ballistic Bobcat_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Ballistic Bobcat. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php/pic/admin/pic/hy` | High
|
||||
2 | File | `/admin.php/user/level_del` | High
|
||||
3 | File | `/admin/borrow_add.php` | High
|
||||
4 | File | `/admin/general.cgi` | High
|
||||
5 | File | `/api/plugin/uninstall` | High
|
||||
6 | File | `/api/plugin/upload` | High
|
||||
7 | File | `/api/v2/cli/commands` | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 55 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.welivesecurity.com/en/eset-research/sponsor-batch-filed-whiskers-ballistic-bobcats-scan-strike-backdoor/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -39,11 +39,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -92,7 +92,7 @@ ID | Type | Indicator | Confidence
|
|||
36 | File | `/search` | Low
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -48,8 +48,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-88 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059 | CWE-88 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -48,9 +48,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [IO](https://vuldb.com/?country.io)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -185,9 +185,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
162 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
|
||||
163 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
|
||||
164 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
|
||||
165 | ... | ... | ... | ...
|
||||
165 | [45.148.10.76](https://vuldb.com/?ip.45.148.10.76) | - | - | High
|
||||
166 | ... | ... | ... | ...
|
||||
|
||||
There are 658 more IOC items available. Please use our online service to access the data.
|
||||
There are 659 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -202,7 +203,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -224,31 +225,31 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/aux` | Low
|
||||
13 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
14 | File | `/changePassword` | High
|
||||
15 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
16 | File | `/cupseasylive/companymodify.php` | High
|
||||
17 | File | `/cupseasylive/grnprint.php` | High
|
||||
18 | File | `/cupseasylive/stockissuancelinecreate.php` | High
|
||||
19 | File | `/dashboard/add-blog.php` | High
|
||||
20 | File | `/dashboard?controller=UserCollection::createUser` | High
|
||||
21 | File | `/data/remove` | Medium
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/ecshop/admin/template.php` | High
|
||||
24 | File | `/etc/passwd` | Medium
|
||||
25 | File | `/film-rating.php` | High
|
||||
26 | File | `/forms/doLogin` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/goform/net\_Web\_get_value` | High
|
||||
29 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
30 | File | `/group1/uploa` | High
|
||||
31 | File | `/hedwig.cgi` | Medium
|
||||
32 | File | `/home/cavesConsole` | High
|
||||
33 | File | `/inc/parser/xhtml.php` | High
|
||||
34 | File | `/index.php` | Medium
|
||||
35 | File | `/investigation/delete/` | High
|
||||
36 | File | `/listplace/user/ticket/create` | High
|
||||
37 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
38 | File | `/mhds/clinic/view_details.php` | High
|
||||
39 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
15 | File | `/cupseasylive/companymodify.php` | High
|
||||
16 | File | `/cupseasylive/grnprint.php` | High
|
||||
17 | File | `/cupseasylive/stockissuancelinecreate.php` | High
|
||||
18 | File | `/dashboard/add-blog.php` | High
|
||||
19 | File | `/dashboard?controller=UserCollection::createUser` | High
|
||||
20 | File | `/data/remove` | Medium
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/ecshop/admin/template.php` | High
|
||||
23 | File | `/etc/passwd` | Medium
|
||||
24 | File | `/film-rating.php` | High
|
||||
25 | File | `/forms/doLogin` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/goform/net\_Web\_get_value` | High
|
||||
28 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
29 | File | `/group1/uploa` | High
|
||||
30 | File | `/hedwig.cgi` | Medium
|
||||
31 | File | `/inc/parser/xhtml.php` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
33 | File | `/investigation/delete/` | High
|
||||
34 | File | `/listplace/user/ticket/create` | High
|
||||
35 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
36 | File | `/mhds/clinic/view_details.php` | High
|
||||
37 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
38 | File | `/novel/author/list` | High
|
||||
39 | File | `/php/ping.php` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 346 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -14,8 +14,8 @@ The following _campaigns_ are known and can be associated with BattleRoyal:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BattleRoyal:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [CE](https://vuldb.com/?country.ce)
|
||||
* ...
|
||||
|
||||
|
@ -37,12 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -53,15 +53,16 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
2 | File | `/apply.cgi` | Medium
|
||||
3 | File | `/brand.php` | Medium
|
||||
4 | File | `/rapi/read_url` | High
|
||||
5 | File | `/scripts/unlock_tasks.php` | High
|
||||
6 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
7 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
8 | File | `appserv/main.php` | High
|
||||
9 | File | `coders/png.c` | Medium
|
||||
10 | ... | ... | ...
|
||||
4 | File | `/php/ping.php` | High
|
||||
5 | File | `/rapi/read_url` | High
|
||||
6 | File | `/scripts/unlock_tasks.php` | High
|
||||
7 | File | `/SysInfo1.htm` | High
|
||||
8 | File | `/sysinfo_json.cgi` | High
|
||||
9 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
10 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 71 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -78,4 +79,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -9,8 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BazarBackdoor:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -171,14 +174,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-271, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -187,47 +190,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/accounts/password_change/` | High
|
||||
3 | File | `/act/ActDao.xml` | High
|
||||
2 | File | `/act/ActDao.xml` | High
|
||||
3 | File | `/admin/action/new-father.php` | High
|
||||
4 | File | `/admin/clientview.php` | High
|
||||
5 | File | `/admin/regester.php` | High
|
||||
6 | File | `/admin/update-clients.php` | High
|
||||
7 | File | `/api/addusers` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/cron/settings/setJob/` | High
|
||||
10 | File | `/api/sys/set_passwd` | High
|
||||
11 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
12 | File | `/apply.cgi` | Medium
|
||||
13 | File | `/authenticationendpoint/login.do` | High
|
||||
14 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
15 | File | `/blog/comment` | High
|
||||
16 | File | `/boaform/device_reset.cgi` | High
|
||||
17 | File | `/bsms_ci/index.php` | High
|
||||
18 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
19 | File | `/catalog/compare` | High
|
||||
20 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
21 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
22 | File | `/cgi-bin/downloadFile.cgi` | High
|
||||
23 | File | `/cgi-bin/kerbynet` | High
|
||||
24 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
|
||||
25 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
26 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
27 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
28 | File | `/config/getuser` | High
|
||||
29 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
30 | File | `/debug/pprof` | Medium
|
||||
31 | File | `/DXR.axd` | Medium
|
||||
32 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
33 | File | `/forum/away.php` | High
|
||||
34 | File | `/geoserver/gwc/rest.html` | High
|
||||
35 | File | `/importexport.php` | High
|
||||
36 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
37 | File | `/login` | Low
|
||||
38 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
39 | File | `/manager?action=getlogcat` | High
|
||||
40 | ... | ... | ...
|
||||
5 | File | `/admin/edit_teacher.php` | High
|
||||
6 | File | `/admin/fields/manage_field.php` | High
|
||||
7 | File | `/admin/orders/view_order.php` | High
|
||||
8 | File | `/admin/regester.php` | High
|
||||
9 | File | `/admin/update-clients.php` | High
|
||||
10 | File | `/admin_ping.htm` | High
|
||||
11 | File | `/admin_route/dec_service_credits.php` | High
|
||||
12 | File | `/admin_route/inc_service_credits.php` | High
|
||||
13 | File | `/api/cron/settings/setJob/` | High
|
||||
14 | File | `/api/sys/set_passwd` | High
|
||||
15 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
16 | File | `/app/api/controller/default/Sqlite.php` | High
|
||||
17 | File | `/application/index/controller/Databasesource.php` | High
|
||||
18 | File | `/application/index/controller/Icon.php` | High
|
||||
19 | File | `/application/index/controller/Screen.php` | High
|
||||
20 | File | `/application/plugins/controller/Upload.php` | High
|
||||
21 | File | `/apply.cgi` | Medium
|
||||
22 | File | `/arch/x86/mm/cpu_entry_area.c` | High
|
||||
23 | File | `/authenticationendpoint/login.do` | High
|
||||
24 | File | `/bin/boa` | Medium
|
||||
25 | File | `/boaform/device_reset.cgi` | High
|
||||
26 | File | `/boafrm/formMapDelDevice` | High
|
||||
27 | File | `/bsms_ci/index.php` | High
|
||||
28 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
29 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
30 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
31 | File | `/cgi-bin/kerbynet` | High
|
||||
32 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
33 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
34 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
|
||||
35 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
36 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
37 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
38 | File | `/config/getuser` | High
|
||||
39 | File | `/core/redirect` | High
|
||||
40 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
41 | File | `/debug/pprof` | Medium
|
||||
42 | File | `/DXR.axd` | Medium
|
||||
43 | File | `/ECT_Provider/` | High
|
||||
44 | File | `/fax/fax_send.php` | High
|
||||
45 | File | `/forum/away.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 347 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 396 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -70,9 +70,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
@ -96,10 +96,10 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
11 | File | `add.php` | Low
|
||||
12 | File | `admin/admin.shtml` | High
|
||||
13 | File | `album_add.php` | High
|
||||
13 | File | `AdminOrdercontroller.java` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 108 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 114 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -30,9 +30,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue