Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update

This commit is contained in:
Marc Ruef 2022-01-31 14:44:46 +01:00
parent 22f05d0892
commit b9e5acb9da
119 changed files with 2518 additions and 1538 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
APT15/README.md
View File

@ -1,6 +1,6 @@
# APT15 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT15](https://vuldb.com/?actor.apt15). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT15](https://vuldb.com/?actor.apt15). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt15](https://vuldb.com/?actor.apt15)
@ -29,9 +29,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

22
APT17/README.md
View File

@ -1,6 +1,6 @@
# APT17 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT17](https://vuldb.com/?actor.apt17). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT17](https://vuldb.com/?actor.apt17). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt17](https://vuldb.com/?actor.apt17)
@ -30,10 +30,9 @@ ID | IP address | Hostname | Confidence
1 | 1.234.52.111 | - | High
2 | 69.80.72.165 | - | High
3 | 103.250.72.39 | sv01growth.bulks.jp | High
4 | 103.250.72.254 | 103x250x72x254.bulks.jp | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 8 more IOC items available. Please use our online service to access the data.
There are 9 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -57,16 +56,9 @@ ID | Type | Indicator | Confidence
1 | File | `.htaccess` | Medium
2 | File | `/wbg/core/_includes/authorization.inc.php` | High
3 | File | `data/gbconfiguration.dat` | High
4 | File | `inc/config.php` | High
5 | File | `inc/filebrowser/browser.php` | High
6 | File | `register/check/username?username` | High
7 | File | `wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php` | High
8 | File | `wp-login.php` | Medium
9 | Argument | `basePath` | Medium
10 | Argument | `file` | Low
11 | ... | ... | ...
4 | ... | ... | ...
There are 2 more IOA items available. Please use our online service to access the data.
There are 10 more IOA items available. Please use our online service to access the data.
## References
@ -79,9 +71,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

53
APT28/README.md
View File

@ -19,12 +19,9 @@ There are 3 more campaign items available. Please use our online service to acce
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT28:
* NL
* RO
* US
* ...
There are 3 more country items available. Please use our online service to access the data.
* RU
* BG
## IOC - Indicator of Compromise
@ -90,10 +87,7 @@ ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 7 more TTP items available. Please use our online service to access the data.
3 | T1587.003 | Improper Certificate Validation | High
## IOA - Indicator of Attack
@ -101,43 +95,12 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.travis.yml` | Medium
2 | File | `/.env` | Low
3 | File | `/admin.php` | Medium
4 | File | `/admin/config.php?display=disa&view=form` | High
5 | File | `/category_view.php` | High
6 | File | `/dev/kmem` | Medium
7 | File | `/filemanager/upload.php` | High
8 | File | `/medical/inventories.php` | High
9 | File | `/monitoring` | Medium
10 | File | `/NAGErrors` | Medium
11 | File | `/plugins/servlet/audit/resource` | High
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
13 | File | `/proc/ioports` | High
14 | File | `/replication` | Medium
15 | File | `/reports/rwservlet` | High
16 | File | `/RestAPI` | Medium
17 | File | `/tmp` | Low
18 | File | `/tmp/speedtest_urls.xml` | High
19 | File | `/uncpath/` | Medium
20 | File | `/var/log/nginx` | High
21 | File | `/wp-admin/admin.php` | High
22 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
23 | File | `admin/app/mediamanager` | High
24 | File | `admin/index.php` | High
25 | File | `admin\model\catalog\download.php` | High
26 | File | `afr.php` | Low
27 | File | `apcupsd.pid` | Medium
28 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
29 | File | `api/sms/send-sms` | High
30 | File | `api/v1/alarms` | High
31 | File | `application/controller/InstallerController.php` | High
32 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
33 | File | `arformcontroller.php` | High
34 | File | `auth-gss2.c` | Medium
35 | ... | ... | ...
1 | File | `elFinder.class.php` | High
2 | File | `inc/config.php` | High
3 | File | `ot_coupon.php` | High
4 | ... | ... | ...
There are 300 more IOA items available. Please use our online service to access the data.
There are 8 more IOA items available. Please use our online service to access the data.
## References

41
APT29/README.md
View File

@ -1,6 +1,6 @@
# APT29 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT29](https://vuldb.com/?actor.apt29). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT29](https://vuldb.com/?actor.apt29). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt29](https://vuldb.com/?actor.apt29)
@ -21,7 +21,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* RU
* ...
There are 14 more country items available. Please use our online service to access the data.
There are 18 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -48,10 +48,9 @@ ID | IP address | Hostname | Confidence
17 | 66.70.247.215 | ip215.ip-66-70-247.net | High
18 | 69.59.28.57 | - | High
19 | 79.141.168.109 | - | High
20 | 81.17.17.213 | customer20.tamic.info | High
21 | ... | ... | ...
20 | ... | ... | ...
There are 77 more IOC items available. Please use our online service to access the data.
There are 78 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -64,7 +63,7 @@ ID | Technique | Description | Confidence
3 | T1211 | 7PK Security Features | High
4 | ... | ... | ...
There are 3 more TTP items available. Please use our online service to access the data.
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -80,11 +79,29 @@ ID | Type | Indicator | Confidence
6 | File | `/etc/shadow` | Medium
7 | File | `/etc/sudoers` | Medium
8 | File | `/firewall/policy/` | High
9 | File | `/includes/plugins/mobile/scripts/login.php` | High
10 | File | `/notice-edit.php` | High
11 | ... | ... | ...
9 | File | `/icingaweb2/navigation/add` | High
10 | File | `/includes/plugins/mobile/scripts/login.php` | High
11 | File | `/notice-edit.php` | High
12 | File | `/pages/systemcall.php?command={COMMAND}` | High
13 | File | `/phppath/php` | Medium
14 | File | `/plain` | Low
15 | File | `/rest/project-templates/1.0/createshared` | High
16 | File | `/rpc/setvmdrive.asp` | High
17 | File | `/s/` | Low
18 | File | `/secure/admin/ConfigureBatching!default.jspa` | High
19 | File | `/server-status` | High
20 | File | `/setSystemAdmin` | High
21 | File | `/setup.cgi` | Medium
22 | File | `/tmp/csman/0` | Medium
23 | File | `/uncpath/` | Medium
24 | File | `/usr/bin/pkexec` | High
25 | File | `/usr/local/psa/admin/sbin/wrapper` | High
26 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
27 | File | `/var/log/monkeyd/master.log` | High
28 | File | `/var/log/salt/minion` | High
29 | ... | ... | ...
There are 236 more IOA items available. Please use our online service to access the data.
There are 249 more IOA items available. Please use our online service to access the data.
## References
@ -102,9 +119,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

47
APT33/README.md
View File

@ -16,9 +16,9 @@ The following campaigns are known and can be associated with APT33:
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
* SV
* FR
* PL
* SV
* ...
There are 4 more country items available. Please use our online service to access the data.
@ -67,32 +67,33 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/upload.php` | High
2 | File | `/api/ZRMesh/set_ZRMesh` | High
3 | File | `/appliance/shiftmgn.php` | High
4 | File | `/damicms-master/admin.php?s=/Article/doedit` | High
5 | File | `/etc/quagga` | Medium
6 | File | `/fw/index2.do` | High
7 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
8 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
9 | File | `/jerry-core/jmem/jmem-heap.c` | High
10 | File | `/moddable/xs/sources/xsScript.c` | High
11 | File | `/parser/js/js-parser-expr.c` | High
12 | File | `/preferences/tags` | High
13 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
14 | File | `/thruk/#cgi-bin/status.cgi?style=combined` | High
1 | File | `/admin/admin.php?module=admin_access_group_edit&aagID` | High
2 | File | `/admin/customers.php?page=1&cID` | High
3 | File | `/api/ZRMesh/set_ZRMesh` | High
4 | File | `/appliance/shiftmgn.php` | High
5 | File | `/damicms-master/admin.php?s=/Article/doedit` | High
6 | File | `/etc/quagga` | Medium
7 | File | `/fw/index2.do` | High
8 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
9 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
10 | File | `/jerry-core/jmem/jmem-heap.c` | High
11 | File | `/moddable/xs/sources/xsScript.c` | High
12 | File | `/parser/js/js-parser-expr.c` | High
13 | File | `/preferences/tags` | High
14 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
15 | File | `/transmission/web/` | High
16 | File | `/uploads/exam_question/` | High
17 | File | `/usr/bin/pkexec` | High
18 | File | `AccessPoint.java` | High
19 | File | `acknow.php` | Medium
20 | File | `acropora/app/identity/ic.c` | High
21 | File | `acropora/app/identity/identity_support.c` | High
22 | File | `actions.php` | Medium
23 | File | `admin/bad.php` | High
24 | ... | ... | ...
18 | File | `/usr/local/bin/mjs` | High
19 | File | `AccessPoint.java` | High
20 | File | `account_sponsor_page.php` | High
21 | File | `acknow.php` | Medium
22 | File | `acropora/app/identity/ic.c` | High
23 | File | `acropora/app/identity/identity_support.c` | High
24 | File | `actions.php` | Medium
25 | ... | ... | ...
There are 199 more IOA items available. Please use our online service to access the data.
There are 207 more IOA items available. Please use our online service to access the data.
## References

2
APT34/README.md
View File

@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* CN
* ...
There are 18 more country items available. Please use our online service to access the data.
There are 17 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise

16
APT41/README.md
View File

@ -82,16 +82,16 @@ ID | Type | Indicator | Confidence
14 | File | `/start-stop` | Medium
15 | File | `/tmp/app/.env` | High
16 | File | `/uncpath/` | Medium
17 | File | `/WEB-INF/web.xml` | High
18 | File | `/wp-admin/admin-ajax.php` | High
19 | File | `/_next` | Low
20 | File | `adclick.php` | Medium
21 | File | `addentry.php` | Medium
22 | File | `addrating.php` | High
23 | File | `admin/conf_users_edit.php` | High
17 | File | `/usr/bin/pkexec` | High
18 | File | `/WEB-INF/web.xml` | High
19 | File | `/wp-admin/admin-ajax.php` | High
20 | File | `/_next` | Low
21 | File | `adclick.php` | Medium
22 | File | `addentry.php` | Medium
23 | File | `addrating.php` | High
24 | ... | ... | ...
There are 202 more IOA items available. Please use our online service to access the data.
There are 203 more IOA items available. Please use our online service to access the data.
## References

36
Agrius/README.md
View File

@ -1,6 +1,6 @@
# Agrius - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Agrius](https://vuldb.com/?actor.agrius). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Agrius](https://vuldb.com/?actor.agrius). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.agrius](https://vuldb.com/?actor.agrius)
@ -10,10 +10,10 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* US
* RU
* IR
* NL
* ...
There are 8 more country items available. Please use our online service to access the data.
There are 9 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -24,10 +24,9 @@ ID | IP address | Hostname | Confidence
1 | 5.2.67.85 | mail.astrilll.com | High
2 | 5.2.73.67 | - | High
3 | 37.59.236.232 | 37.59.236.232.rdns.hasaserver.com | High
4 | 37.120.238.15 | - | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 8 more IOC items available. Please use our online service to access the data.
There are 9 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -49,18 +48,17 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/cgi-bin/kerbynet` | High
2 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
3 | File | `/plugins/Dashboard/Controller.php` | High
4 | File | `/storage/app/media/evil.svg` | High
5 | File | `/uncpath/` | Medium
6 | File | `admin.asp` | Medium
7 | File | `admin.php` | Medium
8 | File | `admin/admin_users.php` | High
9 | File | `app/Controller/GalaxyElementsController.php` | High
10 | File | `Application/Common/Controller/BaseController.class.php` | High
11 | ... | ... | ...
2 | File | `/damicms-master/admin.php?s=/Article/doedit` | High
3 | File | `/etc/quagga` | Medium
4 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
5 | File | `/plugins/Dashboard/Controller.php` | High
6 | File | `/storage/app/media/evil.svg` | High
7 | File | `/uncpath/` | Medium
8 | File | `admin.asp` | Medium
9 | File | `admin.php` | Medium
10 | ... | ... | ...
There are 62 more IOA items available. Please use our online service to access the data.
There are 74 more IOA items available. Please use our online service to access the data.
## References
@ -72,9 +70,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

18
Allakore/README.md
View File

@ -1,6 +1,6 @@
# Allakore - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Allakore](https://vuldb.com/?actor.allakore). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Allakore](https://vuldb.com/?actor.allakore). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.allakore](https://vuldb.com/?actor.allakore)
@ -20,7 +20,7 @@ ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 144.91.65.100 | vmi652772.contaboserver.net | High
2 | 144.91.91.236 | vmi512038.contaboserver.net | High
3 | 161.97.142.96 | vmi661694.contaboserver.net | High
3 | 161.97.142.96 | vmi745943.contaboserver.net | High
4 | ... | ... | ...
There are 4 more IOC items available. Please use our online service to access the data.
@ -48,15 +48,9 @@ ID | Type | Indicator | Confidence
2 | File | `admin/index.php` | High
3 | File | `data/gbconfiguration.dat` | High
4 | File | `filter.php` | Medium
5 | File | `inc/config.php` | High
6 | File | `item_show.php` | High
7 | File | `lib/krb5/asn.1/asn1_encode.c` | High
8 | File | `login.php` | Medium
9 | File | `mdeploy.php` | Medium
10 | File | `multipart/form-data` | High
11 | ... | ... | ...
5 | ... | ... | ...
There are 20 more IOA items available. Please use our online service to access the data.
There are 26 more IOA items available. Please use our online service to access the data.
## References
@ -68,9 +62,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

13
Armor Piercer/README.md
View File

@ -18,7 +18,7 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 5.252.179.221 | 5-252-179-221.mivocloud.com | High
1 | 5.252.179.221 | no-rdns.mivocloud.com | High
2 | 45.79.81.88 | li1180-88.members.linode.com | High
3 | 64.188.13.46 | 64.188.13.46.static.quadranet.com | High
4 | ... | ... | ...
@ -43,12 +43,9 @@ ID | Type | Indicator | Confidence
1 | File | `app\admin\controller\sys\Uploads.php` | High
2 | File | `category.cfm` | Medium
3 | File | `itemlookup.asp` | High
4 | File | `mat5.c` | Low
5 | File | `phddns.lua` | Medium
6 | File | `register.php` | Medium
7 | Argument | `cat` | Low
8 | Argument | `new-interface` | High
9 | Argument | `PATH_INFO` | Medium
4 | ... | ... | ...
There are 6 more IOA items available. Please use our online service to access the data.
## References
@ -65,4 +62,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

32
Ashiyane/README.md Normal file
View File

@ -0,0 +1,32 @@
# Ashiyane - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ashiyane](https://vuldb.com/?actor.ashiyane). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.ashiyane](https://vuldb.com/?actor.ashiyane)
## IOC - Indicator of Compromise
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Ashiyane.
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 62.171.141.97 | vmi345419.contaboserver.net | High
2 | 104.21.2.112 | - | High
3 | 172.67.129.30 | - | High
## References
The following list contains external sources which discuss the actor and the associated activities:
* https://ddanchev.blogspot.com/2022/01/exposing-behrooz-kamalians-ashiyane-ict.html
## Literature
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

26
Autoit/README.md
View File

@ -1,6 +1,6 @@
# Autoit - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Autoit](https://vuldb.com/?actor.autoit). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Autoit](https://vuldb.com/?actor.autoit). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.autoit](https://vuldb.com/?actor.autoit)
@ -21,16 +21,12 @@ ID | IP address | Hostname | Confidence
1 | 8.248.165.254 | - | High
2 | 8.249.217.254 | - | High
3 | 8.253.131.121 | - | High
4 | 13.56.128.67 | ec2-13-56-128-67.us-west-1.compute.amazonaws.com | Medium
4 | 13.56.128.67 | screenconnect.medsphere.com | High
5 | 23.3.13.88 | a23-3-13-88.deploy.static.akamaitechnologies.com | High
6 | 23.3.13.154 | a23-3-13-154.deploy.static.akamaitechnologies.com | High
7 | 23.63.245.19 | a23-63-245-19.deploy.static.akamaitechnologies.com | High
8 | 23.63.245.50 | a23-63-245-50.deploy.static.akamaitechnologies.com | High
9 | 23.199.71.136 | a23-199-71-136.deploy.static.akamaitechnologies.com | High
10 | 35.205.61.67 | 67.61.205.35.bc.googleusercontent.com | Medium
11 | ... | ... | ...
7 | ... | ... | ...
There are 20 more IOC items available. Please use our online service to access the data.
There are 24 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -41,10 +37,9 @@ ID | Technique | Description | Confidence
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | T1222 | Permission Issues | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 6 more TTP items available. Please use our online service to access the data.
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -62,9 +57,10 @@ ID | Type | Indicator | Confidence
8 | File | `api/external.php?object=centreon_metric&action=listByService` | High
9 | File | `app\contacts\contact_edit.php` | High
10 | File | `audio_acdb.c` | Medium
11 | ... | ... | ...
11 | File | `auth.php` | Medium
12 | ... | ... | ...
There are 91 more IOA items available. Please use our online service to access the data.
There are 90 more IOA items available. Please use our online service to access the data.
## References
@ -78,9 +74,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

23
Babar/README.md
View File

@ -1,6 +1,6 @@
# Babar - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Babar](https://vuldb.com/?actor.babar). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Babar](https://vuldb.com/?actor.babar). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.babar](https://vuldb.com/?actor.babar)
@ -19,11 +19,9 @@ ID | IP address | Hostname | Confidence
1 | 64.20.43.107 | vps238561.trouble-free.net | High
2 | 69.25.212.153 | - | High
3 | 83.149.75.58 | reserved.ps-it.nl | High
4 | 104.153.45.38 | cpan6.webline-servers.com | High
5 | 184.172.143.188 | bc.8f.acb8.ip4.static.sl-reverse.com | High
6 | ... | ... | ...
4 | ... | ... | ...
There are 10 more IOC items available. Please use our online service to access the data.
There are 12 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -43,16 +41,9 @@ ID | Type | Indicator | Confidence
1 | File | `addentry.php` | Medium
2 | File | `data/gbconfiguration.dat` | High
3 | File | `dc_categorieslist.asp` | High
4 | File | `detected_potential_files.cgi` | High
5 | File | `guestbook.cgi` | High
6 | File | `inc/config.php` | High
7 | File | `phpinfo.php` | Medium
8 | File | `reports_mta_queue_status.html` | High
9 | File | `template.class.php` | High
10 | Argument | `basePath` | Medium
11 | ... | ... | ...
4 | ... | ... | ...
There are 4 more IOA items available. Please use our online service to access the data.
There are 11 more IOA items available. Please use our online service to access the data.
## References
@ -64,9 +55,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

62
Banjori/README.md
View File

@ -1,20 +1,9 @@
# Banjori - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Banjori](https://vuldb.com/?actor.banjori). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Banjori](https://vuldb.com/?actor.banjori). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.banjori](https://vuldb.com/?actor.banjori)
## Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Banjori:
* JP
* DE
* US
* ...
There are 10 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Banjori.
@ -41,43 +30,16 @@ ID | IP address | Hostname | Confidence
18 | 35.226.69.129 | 129.69.226.35.bc.googleusercontent.com | Medium
19 | 43.230.142.125 | - | High
20 | 43.241.196.105 | - | High
21 | ... | ... | ...
21 | 43.249.76.176 | - | High
22 | 47.91.170.222 | - | High
23 | 47.245.10.59 | - | High
24 | 50.117.86.130 | - | High
25 | 52.4.209.250 | ec2-52-4-209-250.compute-1.amazonaws.com | Medium
26 | 52.25.92.0 | ec2-52-25-92-0.us-west-2.compute.amazonaws.com | Medium
27 | 52.58.78.16 | ec2-52-58-78-16.eu-central-1.compute.amazonaws.com | Medium
28 | ... | ... | ...
There are 116 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Banjori. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | T1211 | 7PK Security Features | High
5 | ... | ... | ...
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Banjori. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `"/xml/system/setAttribute.xml` | High
2 | File | `#!/system` | Medium
3 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
4 | File | `%LOCALAPPDATA%\Zemana\ZALSDK\MyRules2.ini` | High
5 | File | `%ProgramData%\CTES` | High
6 | File | `%SYSTEMDRIVE%` | High
7 | File | `%TEMP%\par-%username%\cache-exiftool-8.32` | High
8 | File | `%windir%\Internet Logs\` | High
9 | File | `.../gogo/` | Medium
10 | File | `.asp` | Low
11 | ... | ... | ...
There are 5749 more IOA items available. Please use our online service to access the data.
There are 109 more IOC items available. Please use our online service to access the data.
## References
@ -89,9 +51,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

61
Black KingDom/README.md
View File

@ -1,6 +1,6 @@
# Black KingDom - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Black KingDom](https://vuldb.com/?actor.black_kingdom). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Black KingDom](https://vuldb.com/?actor.black_kingdom). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.black_kingdom](https://vuldb.com/?actor.black_kingdom)
@ -9,11 +9,11 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Black KingDom:
* US
* ES
* CN
* RU
* SV
* ...
There are 25 more country items available. Please use our online service to access the data.
There are 1 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -34,14 +34,12 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1008 | Algorithm Downgrade | High
2 | T1040 | Authentication Bypass by Capture-replay | High
3 | T1059.007 | Cross Site Scripting | High
4 | T1068 | Execution with Unnecessary Privileges | High
5 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
6 | ... | ... | ...
1 | T1040 | Authentication Bypass by Capture-replay | High
2 | T1059.007 | Cross Site Scripting | High
3 | T1068 | Execution with Unnecessary Privileges | High
4 | ... | ... | ...
There are 11 more TTP items available. Please use our online service to access the data.
There are 9 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -49,19 +47,32 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%LOCALAPPDATA%\SaferVPN\Log` | High
2 | File | `%PROGRAMDATA%\ASUS\GamingCenterLib` | High
3 | File | `%PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10` | High
4 | File | `%PROGRAMDATA%\Razer Chroma\SDK\Apps` | High
5 | File | `%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins` | High
6 | File | `%PROGRAMFILES(X86)%\Teradici\PCoIP.exe` | High
7 | File | `%SYSTEMDRIVE%\Course Software Material 18.0.1.9\cmd.exe` | High
8 | File | `.authlie` | Medium
9 | File | `.config/Yubico` | High
10 | File | `.htaccess` | Medium
11 | ... | ... | ...
1 | File | `/admin/index.php?lfj=friendlink&action=add` | High
2 | File | `/admin/login.php` | High
3 | File | `/ajax_crud` | Medium
4 | File | `/api/ZRMacClone/mac_addr_clone` | High
5 | File | `/application/common.php#action_log` | High
6 | File | `/base/ecma-helpers-string.c` | High
7 | File | `/cms/ajax.php` | High
8 | File | `/core/table/query` | High
9 | File | `/debug/pprof` | Medium
10 | File | `/dev/ion` | Medium
11 | File | `/ecma/operations/ecma-objects.c` | High
12 | File | `/GetCopiedFile` | High
13 | File | `/hdf5/src/H5Dchunk.c` | High
14 | File | `/hdf5/src/H5Fint.c` | High
15 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
16 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
17 | File | `/jerry-core/parser/js/js-parser-expr.c` | High
18 | File | `/leave_system/classes/Login.php` | High
19 | File | `/member/post.php?job=postnew&step=post` | High
20 | File | `/message-bus/_diagnostics` | High
21 | File | `/mobile/SelectUsers.jsp` | High
22 | File | `/music/ajax.php` | High
23 | File | `/orms/` | Low
24 | ... | ... | ...
There are 6388 more IOA items available. Please use our online service to access the data.
There are 197 more IOA items available. Please use our online service to access the data.
## References
@ -73,9 +84,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

20
BlackTech/README.md
View File

@ -1,6 +1,6 @@
# BlackTech - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [BlackTech](https://vuldb.com/?actor.blacktech). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BlackTech](https://vuldb.com/?actor.blacktech). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.blacktech](https://vuldb.com/?actor.blacktech)
@ -29,10 +29,9 @@ ID | IP address | Hostname | Confidence
1 | 10.0.0.211 | - | High
2 | 43.240.12.81 | mail.terascape.net | High
3 | 45.76.102.145 | 45.76.102.145.vultr.com | Medium
4 | 45.124.25.31 | hkhdc.laws.ms | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 6 more IOC items available. Please use our online service to access the data.
There are 7 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -53,12 +52,9 @@ ID | Type | Indicator | Confidence
1 | File | `/wp-json/oembed/1.0/embed?url` | High
2 | File | `base/ErrorHandler.php` | High
3 | File | `goto.php` | Medium
4 | File | `isc/get_sid_js.aspx` | High
5 | File | `item_show.php` | High
6 | Argument | `author_name` | Medium
7 | Argument | `code_no` | Low
8 | Argument | `dbg_buf` | Low
9 | Argument | `url` | Low
4 | ... | ... | ...
There are 8 more IOA items available. Please use our online service to access the data.
## References
@ -73,9 +69,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
C0d0so/README.md
View File

@ -1,6 +1,6 @@
# C0d0so - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [C0d0so](https://vuldb.com/?actor.c0d0so). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [C0d0so](https://vuldb.com/?actor.c0d0so). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.c0d0so](https://vuldb.com/?actor.c0d0so)
@ -40,9 +40,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

18
Careto/README.md
View File

@ -1,6 +1,6 @@
# Careto - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Careto](https://vuldb.com/?actor.careto). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Careto](https://vuldb.com/?actor.careto). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.careto](https://vuldb.com/?actor.careto)
@ -24,12 +24,9 @@ ID | IP address | Hostname | Confidence
1 | 8.28.16.254 | - | High
2 | 12.0.0.38 | - | High
3 | 23.20.44.92 | ec2-23-20-44-92.compute-1.amazonaws.com | Medium
4 | 37.235.63.127 | 127-63-235-37.static.edis.at | High
5 | 62.149.227.3 | host3-227-149-62.serverdedicati.aruba.it | High
6 | 72.52.91.30 | - | High
7 | ... | ... | ...
4 | ... | ... | ...
There are 10 more IOC items available. Please use our online service to access the data.
There are 13 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -60,9 +57,10 @@ ID | Type | Indicator | Confidence
8 | File | `app/admin/custom-fields/filter.php` | High
9 | File | `auth-gss2.c` | Medium
10 | File | `backoffice/login.asp` | High
11 | ... | ... | ...
11 | File | `cisco/services/PhonecDirectory.php` | High
12 | ... | ... | ...
There are 96 more IOA items available. Please use our online service to access the data.
There are 95 more IOA items available. Please use our online service to access the data.
## References
@ -74,9 +72,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

54
Cerber/README.md
View File

@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* DE
* ...
There are 6 more country items available. Please use our online service to access the data.
There are 1 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -32,18 +32,14 @@ ID | IP address | Hostname | Confidence
9 | 45.56.79.23 | li929-23.members.linode.com | High
10 | 45.56.117.118 | li935-118.members.linode.com | High
11 | 45.63.25.55 | 45.63.25.55.vultr.com | Medium
12 | 45.63.99.180 | 45.63.99.180.uk003.ys.com | High
12 | 45.63.99.180 | 45.63.99.180.vultr.com | Medium
13 | 52.2.101.52 | ec2-52-2-101-52.compute-1.amazonaws.com | Medium
14 | 52.21.132.24 | ec2-52-21-132-24.compute-1.amazonaws.com | Medium
15 | 54.84.252.139 | ec2-54-84-252-139.compute-1.amazonaws.com | Medium
16 | 54.87.5.88 | ec2-54-87-5-88.compute-1.amazonaws.com | Medium
17 | 54.88.175.149 | ec2-54-88-175-149.compute-1.amazonaws.com | Medium
18 | 54.152.181.87 | ec2-54-152-181-87.compute-1.amazonaws.com | Medium
19 | 78.128.92.96 | - | High
20 | 84.201.32.108 | - | High
21 | ... | ... | ...
17 | ... | ... | ...
There are 60 more IOC items available. Please use our online service to access the data.
There are 64 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -54,8 +50,7 @@ ID | Technique | Description | Confidence
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | T1211 | 7PK Security Features | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 6 more TTP items available. Please use our online service to access the data.
@ -65,19 +60,32 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `+CSCO` | Low
2 | File | `.htaccess` | Medium
3 | File | `/cgi-bin/login_action.cgi` | High
4 | File | `/cns/` | Low
5 | File | `/DbXmlInfo.xml` | High
6 | File | `/etc/auditlog-keeper.conf` | High
7 | File | `/forms/web_importTFTP` | High
8 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
9 | File | `/plugin/extended-choice-parameter/js/` | High
10 | File | `/rest/api/1.0/render` | High
11 | ... | ... | ...
1 | File | `/cgi-bin/login_action.cgi` | High
2 | File | `/DbXmlInfo.xml` | High
3 | File | `/forms/web_importTFTP` | High
4 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
5 | File | `/plugin/extended-choice-parameter/js/` | High
6 | File | `/rest/api/1.0/render` | High
7 | File | `/sap/public/bc/abap` | High
8 | File | `/search.php` | Medium
9 | File | `/shell?cmd` | Medium
10 | File | `/tmp` | Low
11 | File | `500page.jsp` | Medium
12 | File | `activateuser.aspx` | High
13 | File | `addentry.php` | Medium
14 | File | `admin/password_forgotten.php` | High
15 | File | `AndroidManifest.xml` | High
16 | File | `application/admin/controller/Admin.php` | High
17 | File | `asm/preproc.c` | High
18 | File | `auth-gss2.c` | Medium
19 | File | `authent.php4` | Medium
20 | File | `authpam.c` | Medium
21 | File | `bgp_packet.c` | Medium
22 | File | `catalog.asp` | Medium
23 | File | `Cgi/confirm.py` | High
24 | ... | ... | ...
There are 634 more IOA items available. Please use our online service to access the data.
There are 201 more IOA items available. Please use our online service to access the data.
## References
@ -102,4 +110,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

33
Chafer/README.md
View File

@ -1,6 +1,6 @@
# Chafer - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Chafer](https://vuldb.com/?actor.chafer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Chafer](https://vuldb.com/?actor.chafer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.chafer](https://vuldb.com/?actor.chafer)
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* GB
* ...
There are 15 more country items available. Please use our online service to access the data.
There are 18 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -22,12 +22,11 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 83.142.230.113 | - | High
2 | 89.38.97.112 | - | High
2 | 89.38.97.112 | 89-38-97-112.hosted-by-worldstream.net | High
3 | 89.38.97.115 | 89-38-97-115.hosted-by-worldstream.net | High
4 | 91.218.114.225 | - | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 6 more IOC items available. Please use our online service to access the data.
There are 7 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -49,18 +48,14 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `//etc/RT2870STA.dat` | High
2 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
3 | File | `/magnoliaPublic/travel/members/login.html` | High
4 | File | `/Main_AdmStatus_Content.asp` | High
5 | File | `/uncpath/` | Medium
6 | File | `/var/log/nginx` | High
7 | File | `advertiser.php` | High
8 | File | `akocomments.php` | High
9 | File | `al_initialize.php` | High
10 | File | `category.cfm` | Medium
11 | ... | ... | ...
2 | File | `/admin/index.php?id=themes&action=edit_template&filename=blog` | High
3 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
4 | File | `/magnoliaPublic/travel/members/login.html` | High
5 | File | `/Main_AdmStatus_Content.asp` | High
6 | File | `/uncpath/` | Medium
7 | ... | ... | ...
There are 42 more IOA items available. Please use our online service to access the data.
There are 49 more IOA items available. Please use our online service to access the data.
## References
@ -73,9 +68,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

27
Cleaver/README.md
View File

@ -1,6 +1,6 @@
# Cleaver - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Cleaver](https://vuldb.com/?actor.cleaver). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cleaver](https://vuldb.com/?actor.cleaver). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cleaver](https://vuldb.com/?actor.cleaver)
@ -35,15 +35,9 @@ ID | IP address | Hostname | Confidence
6 | 64.120.208.76 | - | High
7 | 64.120.208.78 | - | High
8 | 66.96.252.198 | host-66-96-252-198.myrepublic.co.id | High
9 | 78.109.194.96 | - | High
10 | 78.109.194.114 | - | High
11 | 80.243.182.149 | 149-182-243-80.rackcentre.redstation.net.uk | High
12 | 87.98.167.71 | - | High
13 | 87.98.167.85 | ip85.ip-87-98-167.eu | High
14 | 87.98.167.141 | - | High
15 | ... | ... | ...
9 | ... | ... | ...
There are 26 more IOC items available. Please use our online service to access the data.
There are 32 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -64,16 +58,9 @@ ID | Type | Indicator | Confidence
1 | File | `/forum/away.php` | High
2 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
3 | File | `adclick.php` | Medium
4 | File | `data/gbconfiguration.dat` | High
5 | File | `Default.aspx` | Medium
6 | File | `inc/config.php` | High
7 | File | `libraries/idna_convert/example.php` | High
8 | File | `mod_proxy_fcgi.c` | High
9 | File | `ogp_show.php` | Medium
10 | File | `redir.php` | Medium
11 | ... | ... | ...
4 | ... | ... | ...
There are 17 more IOA items available. Please use our online service to access the data.
There are 24 more IOA items available. Please use our online service to access the data.
## References
@ -86,9 +73,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

22
Comnie/README.md
View File

@ -1,6 +1,6 @@
# Comnie - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Comnie](https://vuldb.com/?actor.comnie). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Comnie](https://vuldb.com/?actor.comnie). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.comnie](https://vuldb.com/?actor.comnie)
@ -20,13 +20,27 @@ ID | IP address | Hostname | Confidence
1 | 113.196.70.11 | 113.196.70.11.ll.static.sparqnet.net | High
2 | 121.126.211.94 | - | High
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Comnie. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Comnie. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | Argument | `filename` | Medium
1 | File | `wp-includes/functions.php` | High
2 | Argument | `filename` | Medium
3 | Argument | `hotjar script` | High
4 | ... | ... | ...
There are 1 more IOA items available. Please use our online service to access the data.
## References
@ -38,9 +52,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

21
Confucius/README.md
View File

@ -1,6 +1,6 @@
# Confucius - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Confucius](https://vuldb.com/?actor.confucius). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Confucius](https://vuldb.com/?actor.confucius). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.confucius](https://vuldb.com/?actor.confucius)
@ -35,15 +35,9 @@ ID | IP address | Hostname | Confidence
6 | 46.165.207.109 | - | High
7 | 46.165.207.112 | - | High
8 | 46.165.207.113 | - | High
9 | 46.165.207.114 | - | High
10 | 46.165.207.116 | - | High
11 | 46.165.207.120 | v608.ce02.fra-10.de.leaseweb.net | High
12 | 46.165.207.132 | - | High
13 | 46.165.207.134 | - | High
14 | 46.165.207.138 | - | High
15 | ... | ... | ...
9 | ... | ... | ...
There are 27 more IOC items available. Please use our online service to access the data.
There are 33 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -74,9 +68,10 @@ ID | Type | Indicator | Confidence
8 | File | `admin-ajax.php` | High
9 | File | `admin/index.php` | High
10 | File | `administrator/components/com_media/helpers/media.php` | High
11 | ... | ... | ...
11 | File | `adv_pwd_cgi` | Medium
12 | ... | ... | ...
There are 89 more IOA items available. Please use our online service to access the data.
There are 88 more IOA items available. Please use our online service to access the data.
## References
@ -89,9 +84,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

221
CoolWebSearch/README.md Normal file
View File

@ -0,0 +1,221 @@
# CoolWebSearch - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CoolWebSearch](https://vuldb.com/?actor.coolwebsearch). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.coolwebsearch](https://vuldb.com/?actor.coolwebsearch)
## Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoolWebSearch:
* US
* VN
* CN
* ...
There are 21 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of CoolWebSearch.
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 38.113.3.122 | - | High
2 | 38.113.198.80 | - | High
3 | 38.113.198.81 | - | High
4 | 38.113.198.235 | - | High
5 | 38.113.198.243 | - | High
6 | 38.113.198.249 | - | High
7 | 38.113.198.252 | - | High
8 | 38.113.199.63 | - | High
9 | 38.113.204.40 | - | High
10 | 38.113.204.182 | - | High
11 | 38.117.144.30 | - | High
12 | 38.117.144.50 | - | High
13 | 38.117.144.51 | - | High
14 | 38.117.144.162 | - | High
15 | 61.152.242.111 | - | High
16 | 62.65.252.93 | 62.65.252.93.cable.starman.ee | High
17 | 62.65.252.226 | 62.65.252.226.cable.starman.ee | High
18 | 62.129.133.193 | HOSTED-BY.VIRTUALXS.COM | High
19 | 63.160.243.7 | - | High
20 | 63.208.158.126 | unknown.Level3.net | High
21 | 63.217.29.115 | - | High
22 | 63.219.176.203 | 63-219-176-203.static.pccwglobal.net | High
23 | 63.219.178.91 | 63-219-178-91.supercreate.net | High
24 | 63.219.181.7 | web-r2-h7.globecorp.net | High
25 | 63.219.181.10 | web-r2-h10.globecorp.net | High
26 | 63.219.181.64 | web-r2-h64.globecorp.net | High
27 | 63.246.42.13 | - | High
28 | 63.246.131.19 | - | High
29 | 63.246.146.142 | - | High
30 | 63.246.146.147 | - | High
31 | 63.251.83.54 | - | High
32 | 63.251.83.56 | - | High
33 | 64.7.197.6 | - | High
34 | 64.7.205.18 | - | High
35 | 64.7.207.118 | NET-allocation-0011058.ix.sitestream.net | High
36 | 64.7.209.58 | NET-allocation-00025837.ix.sitestream.net | High
37 | 64.7.212.98 | gxb.nastydollars.com | High
38 | 64.38.226.6 | maxcash.cavecreek.net | High
39 | 64.94.3.243 | - | High
40 | 64.124.210.76 | 64.124.210.76.t00517.above.net | High
41 | 64.124.210.98 | 64.124.210.98.t00517.above.net | High
42 | 64.124.210.111 | 64.124.210.111.t00517.above.net | High
43 | 64.124.222.167 | 64.124.222.167.T01708-02.above.net | High
44 | 64.124.222.236 | 64.124.222.236.T01708-02.above.net | High
45 | 64.125.84.23 | - | High
46 | 64.127.104.144 | - | High
47 | 64.154.5.9 | - | High
48 | 64.154.5.38 | - | High
49 | 64.157.143.86 | unknown.Level3.net | High
50 | 64.185.230.223 | 64-185-230-223.static.webnx.com | High
51 | 64.186.129.250 | - | High
52 | 64.186.129.252 | - | High
53 | 64.186.152.83 | - | High
54 | 64.200.25.75 | - | High
55 | 64.200.25.86 | - | High
56 | 64.202.105.82 | unknown.ord.scnet.net | High
57 | 64.202.167.129 | ip-64-202-167-129.ip.secureserver.net | High
58 | 64.202.167.192 | ip-64-202-167-192.ip.secureserver.net | High
59 | 64.237.37.152 | - | High
60 | 64.237.39.70 | - | High
61 | 64.237.39.76 | - | High
62 | 64.237.39.77 | - | High
63 | 64.237.39.80 | - | High
64 | 64.237.39.226 | 64-237-39-226.choopa.net | High
65 | 64.237.41.215 | 64-237-41-215.choopa.com | High
66 | 64.237.44.247 | 64-237-44-247.constant.com | High
67 | 64.237.45.18 | 64-237-45-18.constant.com | High
68 | 64.237.47.178 | 64-237-47-178.constant.com | High
69 | 64.237.47.210 | 64-237-47-210.choopa.net | High
70 | 64.237.53.3 | 64.237.53.3.choopa.net | High
71 | 64.237.53.4 | 64.237.53.4.choopa.net | High
72 | 64.237.56.64 | 64-237-56-64.choopa.net | High
73 | 64.237.57.37 | 64.237.57.37.choopa.com | High
74 | 64.237.57.92 | tsca-057092.toscaa.com | High
75 | 64.237.57.202 | 64.237.57.202.choopa.com | High
76 | 64.237.57.205 | 64.237.57.205.choopa.com | High
77 | 64.237.57.206 | 64.237.57.206.choopa.com | High
78 | 64.237.57.215 | 64-237-57-215.reliableservers.com | High
79 | 64.246.18.41 | ev1s-64-246-18-41.theplanet.com | High
80 | 64.246.33.179 | ev1s-64-246-33-179.theplanet.com | High
81 | 64.246.33.191 | bignaturalboobs.org | High
82 | 64.246.40.84 | ev1s-64-246-40-84.theplanet.com | High
83 | 64.250.235.140 | ip-64-250-235-140.lasvegas.net | High
84 | 64.255.161.101 | 64-255-161-101.jupiter.navisite.com | High
85 | 65.39.191.71 | - | High
86 | 65.75.143.119 | ip-65-75-143-119.local | High
87 | 65.75.161.13 | galt1.seowebhosting.net | High
88 | 65.75.175.64 | ip-65-75-175-64.local | High
89 | 65.75.187.94 | ip-65-75-187-94.local | High
90 | 65.77.129.178 | - | High
91 | 65.77.129.212 | - | High
92 | 65.110.40.789 | - | High
93 | 65.115.110.251 | - | High
94 | 66.28.176.79 | - | High
95 | 66.28.176.138 | - | High
96 | 66.28.176.154 | - | High
97 | 66.40.28.3 | host3.maxim.net | High
98 | 66.40.28.12 | host12.maxim.net | High
99 | 66.40.28.51 | host51.maxim.net | High
100 | 66.40.28.61 | host61.maxim.net | High
101 | 66.45.237.99 | athostech.website | High
102 | 66.55.128.76 | 66.55.128.76.choopa.com | High
103 | 66.55.134.98 | 66-55-134-98.choopa.net | High
104 | 66.55.136.82 | 66.55.136.82.choopa.com | High
105 | 66.55.136.84 | 66.55.136.84.choopa.com | High
106 | 66.55.136.87 | 66.55.136.87.choopa.com | High
107 | 66.55.136.93 | 66-55-136-93.constant.com | High
108 | 66.55.139.28 | 66-55-139-28.choopa.net | High
109 | 66.55.139.29 | 66-55-139-29.choopa.net | High
110 | 66.55.140.119 | - | High
111 | 66.55.141.3 | - | High
112 | 66.55.144.200 | 66.55.144.200.choopa.net | High
113 | 66.70.44.60 | tunders.com | High
114 | 66.70.68.147 | - | High
115 | 66.79.171.70 | - | High
116 | 66.79.171.75 | - | High
117 | 66.79.183.140 | - | High
118 | 66.79.189.120 | - | High
119 | 66.79.191.231 | - | High
120 | 66.90.65.252 | - | High
121 | 66.98.142.163 | ns106.ehostpros.com | High
122 | 66.98.176.62 | ev1s-66-98-176-62.theplanet.com | High
123 | 66.98.194.89 | ns1.mygreatwebsite.net | High
124 | ... | ... | ...
There are 494 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by CoolWebSearch. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by CoolWebSearch. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/.ssh/authorized_keys` | High
2 | File | `/car.php` | Medium
3 | File | `/context/%2e/WEB-INF/web.xml` | High
4 | File | `/dashboards/#` | High
5 | File | `/etc/controller-agent/agent.conf` | High
6 | File | `/etc/sudoers` | Medium
7 | File | `/filemanager/php/connector.php` | High
8 | File | `/forum/away.php` | High
9 | File | `/fudforum/adm/hlplist.php` | High
10 | File | `/GponForm/fsetup_Form` | High
11 | File | `/log_download.cgi` | High
12 | File | `/modules/profile/index.php` | High
13 | File | `/monitoring` | Medium
14 | File | `/new` | Low
15 | File | `/out.php` | Medium
16 | File | `/proc/<pid>/status` | High
17 | File | `/public/plugins/` | High
18 | File | `/s/` | Low
19 | File | `/secure/QueryComponent!Default.jspa` | High
20 | File | `/server-info` | Medium
21 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
22 | File | `/tmp` | Low
23 | File | `/tmp/kamailio_ctl` | High
24 | File | `/tmp/kamailio_fifo` | High
25 | File | `/uncpath/` | Medium
26 | File | `/updown/upload.cgi` | High
27 | File | `/usr/bin/pkexec` | High
28 | File | `/way4acs/enroll` | High
29 | File | `/WEB-INF/web.xml` | High
30 | File | `/wp-json/wc/v3/webhooks` | High
31 | File | `4.2.0.CP09` | Medium
32 | File | `actions/CompanyDetailsSave.php` | High
33 | ... | ... | ...
There are 283 more IOA items available. Please use our online service to access the data.
## References
The following list contains external sources which discuss the actor and the associated activities:
* https://ddanchev.blogspot.com/2022/01/exposing-currently-active-coolwebsearch.html
## Literature
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

18
Corkow/README.md
View File

@ -1,6 +1,6 @@
# Corkow - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Corkow](https://vuldb.com/?actor.corkow). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Corkow](https://vuldb.com/?actor.corkow). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.corkow](https://vuldb.com/?actor.corkow)
@ -21,17 +21,9 @@ ID | IP address | Hostname | Confidence
9 | 4.4.7.1 | lag-32-1065-99.ear3.Chicago2.Level3.net | High
10 | 4.4.7.2 | ANDERSEN-CO.ear3.Chicago2.Level3.net | High
11 | 4.4.7.7 | - | High
12 | 5.5.1.2 | dynamic-005-005-001-002.5.5.pool.telefonica.de | High
13 | 5.7.9.1 | dynamic-005-007-009-001.5.7.pool.telefonica.de | High
14 | 5.9.3.1 | static.1.3.9.5.clients.your-server.de | High
15 | 6.0.8.1 | - | High
16 | 6.0.8.2 | - | High
17 | 6.0.8.4 | - | High
18 | 6.2.0.1 | - | High
19 | 6.4.1.3 | - | High
20 | ... | ... | ...
12 | ... | ... | ...
There are 37 more IOC items available. Please use our online service to access the data.
There are 45 more IOC items available. Please use our online service to access the data.
## References
@ -43,9 +35,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
CozyDuke/README.md
View File

@ -1,6 +1,6 @@
# CozyDuke - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CozyDuke](https://vuldb.com/?actor.cozyduke). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CozyDuke](https://vuldb.com/?actor.cozyduke). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cozyduke](https://vuldb.com/?actor.cozyduke)
@ -57,9 +57,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

14
Cridex/README.md
View File

@ -1,6 +1,6 @@
# Cridex - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Cridex](https://vuldb.com/?actor.cridex). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cridex](https://vuldb.com/?actor.cridex). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cridex](https://vuldb.com/?actor.cridex)
@ -17,13 +17,11 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 5.135.28.118 | - | High
2 | 37.187.156.123 | connor.playragnarokzero.com | High
2 | 37.187.156.123 | ns323845.ip-37-187-156.eu | High
3 | 46.165.241.0 | - | High
4 | 50.56.200.226 | 50-56-200-226.static.cloud-ips.com | High
5 | 62.76.44.174 | 62-76-44-174.vm.clodoserver.ru | High
6 | ... | ... | ...
4 | ... | ... | ...
There are 8 more IOC items available. Please use our online service to access the data.
There are 10 more IOC items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -43,9 +41,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Crouching Yeti/README.md
View File

@ -1,6 +1,6 @@
# Crouching Yeti - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Crouching Yeti](https://vuldb.com/?actor.crouching_yeti). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Crouching Yeti](https://vuldb.com/?actor.crouching_yeti). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.crouching_yeti](https://vuldb.com/?actor.crouching_yeti)
@ -42,9 +42,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
CryptoWall 2.0/README.md
View File

@ -1,6 +1,6 @@
# CryptoWall 2.0 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CryptoWall 2.0](https://vuldb.com/?actor.cryptowall_2.0). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CryptoWall 2.0](https://vuldb.com/?actor.cryptowall_2.0). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cryptowall_2.0](https://vuldb.com/?actor.cryptowall_2.0)
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

56
DPRK/README.md
View File

@ -1,6 +1,6 @@
# DPRK - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DPRK](https://vuldb.com/?actor.dprk). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DPRK](https://vuldb.com/?actor.dprk). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dprk](https://vuldb.com/?actor.dprk)
@ -20,11 +20,6 @@ There are 1 more campaign items available. Please use our online service to acce
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DPRK:
* US
* ES
* DE
* ...
There are 26 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -32,14 +27,14 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 5.62.56.160 | r-160-56-62-5.ff.avast.com | High
1 | 5.62.56.160 | r-160-56-62-5.consumer-pool.prcdn.net | High
2 | 5.62.56.161 | r-161-56-62-5.consumer-pool.prcdn.net | High
3 | 5.62.56.162 | r-162-56-62-5.consumer-pool.prcdn.net | High
4 | 5.62.56.163 | r-163-56-62-5.consumer-pool.prcdn.net | High
5 | 5.62.61.64 | r-64-61-62-5.ff.avast.com | High
6 | 5.62.61.65 | r-65-61-62-5.ff.avast.com | High
7 | 5.62.61.66 | r-66-61-62-5.ff.avast.com | High
8 | 5.62.61.67 | r-67-61-62-5.ff.avast.com | High
5 | 5.62.61.64 | r-64-61-62-5.consumer-pool.prcdn.net | High
6 | 5.62.61.65 | r-65-61-62-5.consumer-pool.prcdn.net | High
7 | 5.62.61.66 | r-66-61-62-5.consumer-pool.prcdn.net | High
8 | 5.62.61.67 | r-67-61-62-5.consumer-pool.prcdn.net | High
9 | 21.252.107.198 | - | High
10 | 26.165.218.44 | - | High
11 | 45.33.2.79 | li956-79.members.linode.com | High
@ -52,22 +47,13 @@ ID | IP address | Hostname | Confidence
18 | 45.79.19.196 | li1118-196.members.linode.com | High
19 | 45.199.63.220 | - | High
20 | 47.206.4.145 | static-47-206-4-145.srst.fl.frontiernet.net | High
21 | ... | ... | ...
21 | 51.68.152.96 | ns3122934.ip-51-68-152.eu | High
22 | 54.241.91.49 | ec2-54-241-91-49.us-west-1.compute.amazonaws.com | Medium
23 | 70.224.36.194 | adsl-70-224-36-194.dsl.sbndin.ameritech.net | High
24 | 81.94.192.10 | 10-192-94-81.rackcentre.redstation.net.uk | High
25 | ... | ... | ...
There are 100 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by DPRK. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 5 more TTP items available. Please use our online service to access the data.
There are 96 more IOC items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -75,19 +61,7 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.htaccess` | Medium
2 | File | `/admin/config.php?display=backup` | High
3 | File | `/apilog.php` | Medium
4 | File | `/APP_Installation.asp` | High
5 | File | `/categorypage.php` | High
6 | File | `/drivers/media/media-device.c` | High
7 | File | `/filemanager/upload.php` | High
8 | File | `/forum/away.php` | High
9 | File | `/getcfg.php` | Medium
10 | File | `/home.php` | Medium
11 | ... | ... | ...
There are 465 more IOA items available. Please use our online service to access the data.
1 | File | `wp-includes/class-wp-query.php` | High
## References
@ -107,9 +81,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

8
DarkSide/README.md
View File

@ -1,6 +1,6 @@
# DarkSide - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DarkSide](https://vuldb.com/?actor.darkside). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DarkSide](https://vuldb.com/?actor.darkside). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.darkside](https://vuldb.com/?actor.darkside)
@ -12,7 +12,7 @@ ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 99.83.154.118 | a51062ecadbb5a26e.awsglobalaccelerator.com | High
2 | 176.103.62.217 | - | High
3 | 185.243.214.107 | no-reverse-yet.local | High
3 | 185.243.214.107 | - | High
## References
@ -25,9 +25,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

13
Deep Panda/README.md
View File

@ -1,6 +1,6 @@
# Deep Panda - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Deep Panda](https://vuldb.com/?actor.deep_panda). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Deep Panda](https://vuldb.com/?actor.deep_panda). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.deep_panda](https://vuldb.com/?actor.deep_panda)
@ -42,10 +42,9 @@ ID | Type | Indicator | Confidence
1 | File | `fs/aio.c` | Medium
2 | File | `index.php?mod=main&opt=personal` | High
3 | File | `pkg/tool/path.go` | High
4 | File | `receiver.c` | Medium
5 | File | `routes/api/v1/api.go` | High
6 | Argument | `avatar_file` | Medium
7 | Argument | `m1_idlist` | Medium
4 | ... | ... | ...
There are 4 more IOA items available. Please use our online service to access the data.
## References
@ -60,9 +59,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Dharma/README.md
View File

@ -1,6 +1,6 @@
# Dharma - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Dharma](https://vuldb.com/?actor.dharma). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dharma](https://vuldb.com/?actor.dharma). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dharma](https://vuldb.com/?actor.dharma)
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Dimnie/README.md
View File

@ -1,6 +1,6 @@
# Dimnie - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Dimnie](https://vuldb.com/?actor.dimnie). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dimnie](https://vuldb.com/?actor.dimnie). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dimnie](https://vuldb.com/?actor.dimnie)
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Docless/README.md
View File

@ -1,6 +1,6 @@
# Docless - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Docless](https://vuldb.com/?actor.docless). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Docless](https://vuldb.com/?actor.docless). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.docless](https://vuldb.com/?actor.docless)
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

22
Dyre/README.md
View File

@ -1,6 +1,6 @@
# Dyre - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Dyre](https://vuldb.com/?actor.dyre). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dyre](https://vuldb.com/?actor.dyre). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dyre](https://vuldb.com/?actor.dyre)
@ -10,7 +10,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* RU
* US
* NL
* DE
* ...
There are 5 more country items available. Please use our online service to access the data.
@ -27,13 +27,9 @@ ID | IP address | Hostname | Confidence
4 | 80.248.224.75 | - | High
5 | 85.25.134.53 | delta526.dedicatedpanel.com | High
6 | 85.25.138.12 | echo389.startdedicated.de | High
7 | 85.25.145.179 | austria184.startdedicated.de | High
8 | 93.190.139.178 | 93-190-139-178.hosted-by-worldstream.net | High
9 | 94.23.61.172 | xen.nkpa.co.uk | High
10 | 94.23.196.90 | ns3098925.ip-94-23-196.eu | High
11 | ... | ... | ...
7 | ... | ... | ...
There are 20 more IOC items available. Please use our online service to access the data.
There are 24 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -62,11 +58,9 @@ ID | Type | Indicator | Confidence
6 | File | `/private/var/mobile/Containers/Data/Application` | High
7 | File | `acp/core/files.browser.php` | High
8 | File | `addentry.php` | Medium
9 | File | `admin.jcomments.php` | High
10 | File | `admin/index.php` | High
11 | ... | ... | ...
9 | ... | ... | ...
There are 62 more IOA items available. Please use our online service to access the data.
There are 64 more IOA items available. Please use our online service to access the data.
## References
@ -79,9 +73,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Edwind/README.md
View File

@ -1,6 +1,6 @@
# Edwind - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Edwind](https://vuldb.com/?actor.edwind). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Edwind](https://vuldb.com/?actor.edwind). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.edwind](https://vuldb.com/?actor.edwind)
@ -39,9 +39,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
FIN12/README.md
View File

@ -61,7 +61,7 @@ ID | Type | Indicator | Confidence
15 | File | `AdvancedBluetoothDetailsHeaderController.java` | High
16 | ... | ... | ...
There are 124 more IOA items available. Please use our online service to access the data.
There are 125 more IOA items available. Please use our online service to access the data.
## References

74
FIN7/README.md
View File

@ -16,11 +16,6 @@ The following campaigns are known and can be associated with FIN7:
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FIN7:
* US
* CN
* FR
* ...
There are 28 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -75,75 +70,6 @@ ID | IP address | Hostname | Confidence
There are 172 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by FIN7. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 8 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by FIN7. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/?module=users&section=cpanel&page=list` | High
3 | File | `/admin/powerline` | High
4 | File | `/admin/syslog` | High
5 | File | `/api/upload` | Medium
6 | File | `/assets/ctx` | Medium
7 | File | `/concat?/%2557EB-INF/web.xml` | High
8 | File | `/context/%2e/WEB-INF/web.xml` | High
9 | File | `/get_getnetworkconf.cgi` | High
10 | File | `/HNAP1` | Low
11 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
12 | File | `/monitoring` | Medium
13 | File | `/new` | Low
14 | File | `/osm/REGISTER.cmd` | High
15 | File | `/proc/<pid>/status` | High
16 | File | `/public/plugins/` | High
17 | File | `/replication` | Medium
18 | File | `/secure/QueryComponent!Default.jspa` | High
19 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
20 | File | `/tmp` | Low
21 | File | `/type.php` | Medium
22 | File | `/uncpath/` | Medium
23 | File | `/usr/bin/pkexec` | High
24 | File | `/wp-json/wc/v3/webhooks` | High
25 | File | `4.2.0.CP09` | Medium
26 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
27 | File | `actions/CompanyDetailsSave.php` | High
28 | File | `ActiveServices.java` | High
29 | File | `admin.color.php` | High
30 | File | `admin.cropcanvas.php` | High
31 | File | `admin.joomlaradiov5.php` | High
32 | File | `admin.php` | Medium
33 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
34 | File | `admin/add-glossary.php` | High
35 | File | `admin/conf_users_edit.php` | High
36 | File | `admin/edit-comments.php` | High
37 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
38 | File | `admin/write-post.php` | High
39 | File | `administrator/components/com_media/helpers/media.php` | High
40 | File | `admin_events.php` | High
41 | File | `AjaxApplication.java` | High
42 | File | `akocomments.php` | High
43 | File | `allopass-error.php` | High
44 | File | `AllowBindAppWidgetActivity.java` | High
45 | File | `AndroidManifest.xml` | High
46 | File | `AnnotateActivity.java` | High
47 | ... | ... | ...
There are 406 more IOA items available. Please use our online service to access the data.
## References
The following list contains external sources which discuss the actor and the associated activities:

13
FamousSparrow/README.md
View File

@ -42,16 +42,9 @@ ID | Type | Indicator | Confidence
1 | File | `/login.html` | Medium
2 | File | `/new` | Low
3 | File | `/system?action=ServiceAdmin` | High
4 | File | `/var/log/nginx` | High
5 | File | `admin/index.php?m=database&c=del` | High
6 | File | `admin/ueditor/uploadFile` | High
7 | File | `api_jsonrpc.php` | High
8 | File | `entropy_decoder.cc` | High
9 | File | `FileDownload.jsp` | High
10 | File | `HttpAdvancedSensor.exe` | High
11 | ... | ... | ...
4 | ... | ... | ...
There are 16 more IOA items available. Please use our online service to access the data.
There are 25 more IOA items available. Please use our online service to access the data.
## References
@ -68,4 +61,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

38
Fareit/README.md
View File

@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* CA
* ...
There are 4 more country items available. Please use our online service to access the data.
There are 5 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -31,16 +31,9 @@ ID | IP address | Hostname | Confidence
8 | 68.171.208.119 | penandpixel.com | High
9 | 71.42.56.253 | rrcs-71-42-56-253.se.biz.rr.com | High
10 | 74.125.192.138 | qn-in-f138.1e100.net | High
11 | 75.98.175.114 | a2ss23.a2hosting.com | High
12 | 79.134.225.53 | - | High
13 | 81.17.18.194 | - | High
14 | 81.17.29.146 | - | High
15 | 81.169.145.70 | w06.rzone.de | High
16 | 81.169.145.164 | wa4.rzone.de | High
17 | 82.145.53.14 | table1555.cfd | High
18 | ... | ... | ...
11 | ... | ... | ...
There are 32 more IOC items available. Please use our online service to access the data.
There are 39 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -51,10 +44,9 @@ ID | Technique | Description | Confidence
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | T1211 | 7PK Security Features | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 6 more TTP items available. Please use our online service to access the data.
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -64,17 +56,15 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/download_frame.php` | High
2 | File | `/backups/` | Medium
3 | File | `/etc/sudoers` | Medium
4 | File | `/index.php?controller=system&action=admin_edit_act` | High
5 | File | `/uncpath/` | Medium
6 | File | `bits.c` | Low
7 | File | `cat.php` | Low
8 | File | `Cgi/admindb.py` | High
9 | File | `core/kernels/count_ops.cc` | High
10 | File | `data/gbconfiguration.dat` | High
11 | ... | ... | ...
3 | File | `/cms/ajax.php` | High
4 | File | `/etc/sudoers` | Medium
5 | File | `/index.php?controller=system&action=admin_edit_act` | High
6 | File | `/uncpath/` | Medium
7 | File | `bits.c` | Low
8 | File | `cat.php` | Low
9 | ... | ... | ...
There are 53 more IOA items available. Please use our online service to access the data.
There are 69 more IOA items available. Please use our online service to access the data.
## References
@ -94,4 +84,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

18
Gafgyt/README.md
View File

@ -1,6 +1,6 @@
# Gafgyt - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Gafgyt](https://vuldb.com/?actor.gafgyt). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gafgyt](https://vuldb.com/?actor.gafgyt). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gafgyt](https://vuldb.com/?actor.gafgyt)
@ -55,15 +55,11 @@ ID | Type | Indicator | Confidence
2 | File | `/api/content/posts/comments` | High
3 | File | `/Home/GetAttachment` | High
4 | File | `/modules/projects/vw_files.php` | High
5 | File | `AjaxFileUploadHandler.axd` | High
6 | File | `cgi-bin/ddns_enc.cgi` | High
7 | File | `common.c` | Medium
8 | File | `data/gbconfiguration.dat` | High
9 | File | `date/time` | Medium
10 | File | `eXcall_api.c` | Medium
11 | ... | ... | ...
5 | File | `admin/limits.php` | High
6 | File | `AjaxFileUploadHandler.axd` | High
7 | ... | ... | ...
There are 42 more IOA items available. Please use our online service to access the data.
There are 49 more IOA items available. Please use our online service to access the data.
## References
@ -76,9 +72,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

17
Gallmaker/README.md
View File

@ -1,6 +1,6 @@
# Gallmaker - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Gallmaker](https://vuldb.com/?actor.gallmaker). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gallmaker](https://vuldb.com/?actor.gallmaker). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gallmaker](https://vuldb.com/?actor.gallmaker)
@ -42,16 +42,9 @@ ID | Type | Indicator | Confidence
1 | File | `c4t64fx.c` | Medium
2 | File | `cgi-bin/webcm` | High
3 | File | `data/gbconfiguration.dat` | High
4 | File | `df.php` | Low
5 | File | `drivers/net/ethernet/qlogic/qla3xxx.c` | High
6 | File | `memcached.c` | Medium
7 | File | `PendingCommand.php` | High
8 | File | `phNxpExtns_MifareStd.cpp` | High
9 | File | `public/app/features/panel/panel_ctrl.ts` | High
10 | File | `sapi/apache2handler/sapi_apache2.c` | High
11 | ... | ... | ...
4 | ... | ... | ...
There are 7 more IOA items available. Please use our online service to access the data.
There are 14 more IOA items available. Please use our online service to access the data.
## References
@ -63,9 +56,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Gholee/README.md
View File

@ -1,6 +1,6 @@
# Gholee - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Gholee](https://vuldb.com/?actor.gholee). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gholee](https://vuldb.com/?actor.gholee). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gholee](https://vuldb.com/?actor.gholee)
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

16
Grabit/README.md
View File

@ -1,6 +1,6 @@
# Grabit - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Grabit](https://vuldb.com/?actor.grabit). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Grabit](https://vuldb.com/?actor.grabit). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.grabit](https://vuldb.com/?actor.grabit)
@ -51,15 +51,9 @@ ID | Type | Indicator | Confidence
2 | File | `/lists/admin/` | High
3 | File | `/tmp` | Low
4 | File | `api_poller.php` | High
5 | File | `auth-gss2.c` | Medium
6 | File | `convert.c` | Medium
7 | File | `crypto/af_alg.c` | High
8 | File | `download.rsp` | Medium
9 | File | `inc/autoload.function.php` | High
10 | File | `kernel/trace/ring_buffer.c` | High
11 | ... | ... | ...
5 | ... | ... | ...
There are 19 more IOA items available. Please use our online service to access the data.
There are 25 more IOA items available. Please use our online service to access the data.
## References
@ -71,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

35
GreyEnergy/README.md
View File

@ -1,6 +1,6 @@
# GreyEnergy - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [GreyEnergy](https://vuldb.com/?actor.greyenergy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GreyEnergy](https://vuldb.com/?actor.greyenergy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.greyenergy](https://vuldb.com/?actor.greyenergy)
@ -26,13 +26,9 @@ ID | IP address | Hostname | Confidence
3 | 37.59.14.94 | ns3317178.ip-37-59-14.eu | High
4 | 46.249.49.231 | - | High
5 | 62.210.77.169 | 62-210-77-169.rev.poneytelecom.eu | High
6 | 82.118.236.23 | - | High
7 | 85.25.211.10 | malta1466.dedicatedpanel.com | High
8 | 88.198.13.116 | static.88.198.13.116.clients.your-server.de | High
9 | 94.130.88.50 | static.50.88.130.94.clients.your-server.de | High
10 | ... | ... | ...
6 | ... | ... | ...
There are 17 more IOC items available. Please use our online service to access the data.
There are 21 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -45,7 +41,7 @@ ID | Technique | Description | Confidence
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 6 more TTP items available. Please use our online service to access the data.
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -63,9 +59,24 @@ ID | Type | Indicator | Confidence
8 | File | `/reports/temp` | High
9 | File | `/rom-0` | Low
10 | File | `/settings/avatar` | High
11 | ... | ... | ...
11 | File | `/uncpath/` | Medium
12 | File | `/webman/info.cgi` | High
13 | File | `/~user_handler` | High
14 | File | `ad.php` | Low
15 | File | `addentry.php` | Medium
16 | File | `admin.php` | Medium
17 | File | `admin/about.php` | High
18 | File | `admin/scripts/FileUploader/php.php` | High
19 | File | `admin/stats_products_viewed.php` | High
20 | File | `ajax/render/widget_php` | High
21 | File | `app/admin/controller/themecontroller.php` | High
22 | File | `arch/arm/kernel/process.c` | High
23 | File | `asm/parser.c` | Medium
24 | File | `backend/Login/load/` | High
25 | File | `bl-kernel/ajax/upload-images.php` | High
26 | ... | ... | ...
There are 223 more IOA items available. Please use our online service to access the data.
There are 214 more IOA items available. Please use our online service to access the data.
## References
@ -77,9 +88,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

68
Grizzly Steppe/README.md
View File

@ -8,12 +8,12 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grizzly Steppe:
* CN
* RU
* US
* ES
* DK
* ...
There are 18 more country items available. Please use our online service to access the data.
There are 7 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -168,36 +168,40 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/index.php?lfj=mysql&action=del` | High
2 | File | `/authen/start/` | High
3 | File | `/cgi-bin/luci/rc` | High
4 | File | `/cms/ajax.php` | High
5 | File | `/context/%2e/WEB-INF/web.xml` | High
6 | File | `/domain/service/.ewell-known/caldav` | High
7 | File | `/download` | Medium
8 | File | `/etc/hosts` | Medium
9 | File | `/formWlanSetup` | High
10 | File | `/include/chart_generator.php` | High
11 | File | `/modules/profile/index.php` | High
12 | File | `/monitoring` | Medium
13 | File | `/music/ajax.php` | High
14 | File | `/new` | Low
15 | File | `/pandora_console/ajax.php` | High
16 | File | `/plugins/servlet/audit/resource` | High
17 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
18 | File | `/proc/<pid>/status` | High
19 | File | `/public/plugins/` | High
20 | File | `/rest/api/1.0/render` | High
21 | File | `/RestAPI` | Medium
22 | File | `/secure/QueryComponent!Default.jspa` | High
23 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
24 | File | `/tmp` | Low
25 | File | `/uncpath/` | Medium
26 | File | `/var/log/nginx` | High
27 | File | `account.php` | Medium
28 | ... | ... | ...
1 | File | `/admin/app.php` | High
2 | File | `/admin/download_frame.php` | High
3 | File | `/admin/index.php?lfj=mysql&action=del` | High
4 | File | `/admin/maintenance/` | High
5 | File | `/admin/submit-articles` | High
6 | File | `/api/v2/labels/` | High
7 | File | `/authen/start/` | High
8 | File | `/cgi-bin/luci/rc` | High
9 | File | `/cms/ajax.php` | High
10 | File | `/dl/dl_sendsms.php` | High
11 | File | `/domain/service/.ewell-known/caldav` | High
12 | File | `/etc/passwd` | Medium
13 | File | `/exponent_constants.php` | High
14 | File | `/extensionsinstruction` | High
15 | File | `/forum/away.php` | High
16 | File | `/graphStatus/displayServiceStatus.php` | High
17 | File | `/ifs` | Low
18 | File | `/includes/upload.php` | High
19 | File | `/index.php?m=ucenter&a=index` | High
20 | File | `/info.xml` | Medium
21 | File | `/login.php?m=admin&c=Admin&a=admin_add&lang=cn` | High
22 | File | `/manage/loginusername` | High
23 | File | `/music/ajax.php` | High
24 | File | `/planprop` | Medium
25 | File | `/question/ask` | High
26 | File | `/tmp` | Low
27 | File | `/var/ipfire/backup/bin/backup.pl` | High
28 | File | `/woocommerce-stock-manager/trunk/admin/views/import-export.php` | High
29 | File | `/wp-json` | Medium
30 | File | `account.php` | Medium
31 | File | `adclick.php` | Medium
32 | ... | ... | ...
There are 240 more IOA items available. Please use our online service to access the data.
There are 268 more IOA items available. Please use our online service to access the data.
## References

6
Group 5/README.md
View File

@ -1,6 +1,6 @@
# Group 5 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Group 5](https://vuldb.com/?actor.group_5). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Group 5](https://vuldb.com/?actor.group_5). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.group_5](https://vuldb.com/?actor.group_5)
@ -24,9 +24,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

31
Inception/README.md
View File

@ -14,7 +14,7 @@ The following campaigns are known and can be associated with Inception:
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Inception:
* PL
* IT
* SV
* FR
* ...
@ -65,21 +65,22 @@ ID | Type | Indicator | Confidence
10 | File | `/master/article.php` | High
11 | File | `/mobile/SelectUsers.jsp` | High
12 | File | `/ProteinArraySignificanceTest.json` | High
13 | File | `/Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer` | High
14 | File | `/web` | Low
15 | File | `4.edu.php\conn\function.php` | High
16 | File | `abc.c` | Low
17 | File | `admin/bad.php` | High
18 | File | `admin/dl_sendmail.php` | High
19 | File | `admin/edit.php` | High
20 | File | `admin/pages/useredit.php` | High
21 | File | `AdminBaseController.class.php` | High
22 | File | `AlertReceiver.java` | High
23 | File | `AndroidManifest.xml` | High
24 | File | `apc.php` | Low
25 | ... | ... | ...
13 | File | `/usr/local/bin/mjs` | High
14 | File | `/Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer` | High
15 | File | `/web` | Low
16 | File | `4.edu.php\conn\function.php` | High
17 | File | `abc.c` | Low
18 | File | `admin/bad.php` | High
19 | File | `admin/dl_sendmail.php` | High
20 | File | `admin/edit.php` | High
21 | File | `admin/pages/useredit.php` | High
22 | File | `AdminBaseController.class.php` | High
23 | File | `AlertReceiver.java` | High
24 | File | `AndroidManifest.xml` | High
25 | File | `apc.php` | Low
26 | ... | ... | ...
There are 212 more IOA items available. Please use our online service to access the data.
There are 214 more IOA items available. Please use our online service to access the data.
## References

19
Iran Unknown/README.md
View File

@ -32,11 +32,11 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1211 | 7PK Security Features | High
3 | T1499 | Resource Consumption | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1211 | 7PK Security Features | High
4 | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
There are 2 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -47,16 +47,9 @@ ID | Type | Indicator | Confidence
1 | File | `/administration/theme.php` | High
2 | File | `/cgi-bin/webproc` | High
3 | File | `basic/unit-name.c` | High
4 | File | `fileman.php` | Medium
5 | File | `login_up.php3` | High
6 | File | `wp-admin/options-general.php` | High
7 | Argument | `babInstallPath` | High
8 | Argument | `edit` | Low
9 | Argument | `getpage` | Low
10 | Argument | `Manage Theme` | Medium
11 | ... | ... | ...
4 | ... | ... | ...
There are 1 more IOA items available. Please use our online service to access the data.
There are 16 more IOA items available. Please use our online service to access the data.
## References
@ -73,4 +66,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Ircbot/README.md
View File

@ -1,6 +1,6 @@
# Ircbot - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Ircbot](https://vuldb.com/?actor.ircbot). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ircbot](https://vuldb.com/?actor.ircbot). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.ircbot](https://vuldb.com/?actor.ircbot)
@ -41,9 +41,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

58
Iron/README.md
View File

@ -1,6 +1,6 @@
# Iron - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Iron](https://vuldb.com/?actor.iron). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Iron](https://vuldb.com/?actor.iron). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.iron](https://vuldb.com/?actor.iron)
@ -15,7 +15,6 @@ The following campaigns are known and can be associated with Iron:
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Iron:
* ES
* BR
## IOC - Indicator of Compromise
@ -24,7 +23,7 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 142.44.215.177 | ns554604.ip-142-44-215.net | High
2 | 144.217.61.147 | sha16.getawaypains.com | High
2 | 144.217.61.147 | ip147.ip-144-217-61.net | High
## TTP - Tactics, Techniques, Procedures
@ -35,11 +34,9 @@ ID | Technique | Description | Confidence
1 | T1008 | Algorithm Downgrade | High
2 | T1040 | Authentication Bypass by Capture-replay | High
3 | T1059.007 | Cross Site Scripting | High
4 | T1068 | Execution with Unnecessary Privileges | High
5 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
6 | ... | ... | ...
4 | ... | ... | ...
There are 10 more TTP items available. Please use our online service to access the data.
There are 11 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -48,18 +45,39 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%PROGRAMDATA%\ASUS\GamingCenterLib` | High
2 | File | `%PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\` | High
3 | File | `%PROGRAMDATA%\WrData\PKG` | High
4 | File | `/#/network?tab=network_node_list.html` | High
5 | File | `/.htpasswd` | Medium
6 | File | `/adherents/note.php?id=1` | High
7 | File | `/admin/ajax/upload-profile-picture` | High
8 | File | `/admin/gallery.php` | High
9 | File | `/admin/media?` | High
10 | File | `/admin/system_command.asp` | High
11 | ... | ... | ...
2 | File | `/account/login` | High
3 | File | `/adherents/note.php?id=1` | High
4 | File | `/admin/gallery.php` | High
5 | File | `/Api/ASF` | Medium
6 | File | `/bin/sh` | Low
7 | File | `/cgi-bin/cgiServer.exx` | High
8 | File | `/cgi?1&5` | Medium
9 | File | `/clients/editclient.php` | High
10 | File | `/device/device=140/tab=wifi/view` | High
11 | File | `/dl/dl_sendmail.php` | High
12 | File | `/downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language` | High
13 | File | `/formStaticDHCP` | High
14 | File | `/formVirtualApp` | High
15 | File | `/formVirtualServ` | High
16 | File | `/jsonrpc` | Medium
17 | File | `/magnoliaAuthor/.magnolia/` | High
18 | File | `/master/core/PostHandler.php` | High
19 | File | `/medianet/sgcontentset.aspx` | High
20 | File | `/Nodes-Traffic.php` | High
21 | File | `/proc` | Low
22 | File | `/proc/pid/syscall` | High
23 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
24 | File | `/rss.xml` | Medium
25 | File | `/send_join` | Medium
26 | File | `/settings/profile` | High
27 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c` | High
28 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
29 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c` | High
30 | File | `/sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c` | High
31 | File | `/sysworkflow/en/neoclassic/reportTables/reportTables_Ajax` | High
32 | ... | ... | ...
There are 941 more IOA items available. Please use our online service to access the data.
There are 277 more IOA items available. Please use our online service to access the data.
## References
@ -71,9 +89,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
IsSpace/README.md
View File

@ -1,6 +1,6 @@
# IsSpace - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [IsSpace](https://vuldb.com/?actor.isspace). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [IsSpace](https://vuldb.com/?actor.isspace). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.isspace](https://vuldb.com/?actor.isspace)
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

18
Kimsuky/README.md
View File

@ -1,6 +1,6 @@
# Kimsuky - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Kimsuky](https://vuldb.com/?actor.kimsuky). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Kimsuky](https://vuldb.com/?actor.kimsuky). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.kimsuky](https://vuldb.com/?actor.kimsuky)
@ -45,7 +45,7 @@ ID | Technique | Description | Confidence
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 4 more TTP items available. Please use our online service to access the data.
There are 5 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -58,14 +58,10 @@ ID | Type | Indicator | Confidence
3 | File | `/expert_wizard.php` | High
4 | File | `/mc` | Low
5 | File | `/tlogin.cgi` | Medium
6 | File | `ajax/render/widget_php` | High
7 | File | `android/webkit/SearchBoxImpl.java` | High
8 | File | `conf.c` | Low
9 | File | `etcd.conf` | Medium
10 | File | `form/formDeviceVerGet` | High
11 | ... | ... | ...
6 | File | `/upload` | Low
7 | ... | ... | ...
There are 40 more IOA items available. Please use our online service to access the data.
There are 50 more IOA items available. Please use our online service to access the data.
## References
@ -78,9 +74,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

83
Kovter/README.md
View File

@ -1,20 +1,9 @@
# Kovter - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Kovter](https://vuldb.com/?actor.kovter). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Kovter](https://vuldb.com/?actor.kovter). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.kovter](https://vuldb.com/?actor.kovter)
## Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kovter:
* US
* CO
* ES
* ...
There are 10 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Kovter.
@ -41,42 +30,38 @@ ID | IP address | Hostname | Confidence
18 | 15.20.52.109 | - | High
19 | 15.139.129.226 | - | High
20 | 16.6.63.101 | - | High
21 | ... | ... | ...
21 | 17.5.115.62 | - | High
22 | 18.129.149.91 | - | High
23 | 19.4.19.84 | - | High
24 | 20.133.243.96 | - | High
25 | 21.156.102.3 | - | High
26 | 21.250.19.72 | - | High
27 | 23.28.96.141 | d28-23-141-96.dim.wideopenwest.com | High
28 | 23.209.185.165 | a23-209-185-165.deploy.static.akamaitechnologies.com | High
29 | 23.218.142.25 | a23-218-142-25.deploy.static.akamaitechnologies.com | High
30 | 23.244.235.167 | d-23-244-235-167.paw.cpe.atlanticbb.net | High
31 | 24.70.206.40 | S01061033bff95647.ok.shawcable.net | High
32 | 25.126.223.94 | - | High
33 | 26.128.193.14 | - | High
34 | 31.182.109.21 | staticline-31-182-109-21.toya.net.pl | High
35 | 32.155.198.200 | - | High
36 | 32.202.176.158 | - | High
37 | 34.99.159.215 | 215.159.99.34.bc.googleusercontent.com | Medium
38 | 36.91.156.204 | - | High
39 | 36.105.72.159 | - | High
40 | 36.211.14.156 | - | High
41 | 37.34.87.162 | - | High
42 | 37.35.132.115 | 115.132.35.37.dynamic.jazztel.es | High
43 | 37.43.2.233 | - | High
44 | 37.67.195.64 | 64.195.67.37.rev.sfr.net | High
45 | 37.191.164.233 | 233.37-191-164.fiber.lynet.no | High
46 | 38.64.142.137 | - | High
47 | 38.110.242.41 | 38-110-242-41.ndemand.com | High
48 | 38.186.206.106 | - | High
49 | 39.41.74.205 | - | High
50 | ... | ... | ...
There are 225 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Kovter. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1211 | 7PK Security Features | High
4 | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Kovter. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `add_comment.php` | High
2 | File | `admin-ajax.php` | High
3 | File | `admin.php` | Medium
4 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
5 | File | `avrc_pars_tg.cc` | High
6 | File | `base_maintenance.php` | High
7 | File | `cgi-bin/webupg` | High
8 | File | `cgi-bin/write.cgi` | High
9 | File | `CMSPages/GetDocLink.ashx` | High
10 | File | `controllers/admin.js` | High
11 | ... | ... | ...
There are 43 more IOA items available. Please use our online service to access the data.
There are 196 more IOC items available. Please use our online service to access the data.
## References
@ -97,9 +82,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

20
LDMiner/README.md
View File

@ -1,9 +1,15 @@
# LDMiner - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [LDMiner](https://vuldb.com/?actor.ldminer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LDMiner](https://vuldb.com/?actor.ldminer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.ldminer](https://vuldb.com/?actor.ldminer)
## Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LDMiner:
* DE
## IOC - Indicator of Compromise
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of LDMiner.
@ -12,6 +18,14 @@ ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 167.71.87.85 | - | High
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by LDMiner. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `PARAM.SFO` | Medium
## References
The following list contains external sources which discuss the actor and the associated activities:
@ -22,9 +36,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

64
Lazarus/README.md
View File

@ -19,12 +19,8 @@ There are 5 more campaign items available. Please use our online service to acce
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lazarus:
* VN
* FR
* IN
* ...
There are 1 more country items available. Please use our online service to access the data.
* CL
* AE
## IOC - Indicator of Compromise
@ -119,7 +115,7 @@ ID | IP address | Hostname | Confidence
85 | 31.168.203.44 | bzq-203-168-31-44.red.bezeqint.net | High
86 | 36.71.90.4 | - | High
87 | 37.34.240.177 | - | High
88 | 37.48.106.69 | high-convey.blockother.com | High
88 | 37.48.106.69 | - | High
89 | 37.71.50.2 | 2.50.71.37.rev.sfr.net | High
90 | 37.75.0.98 | - | High
91 | 37.75.2.203 | - | High
@ -235,22 +231,46 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/login.php` | High
2 | File | `/ajax_crud` | Medium
3 | File | `/core/table/query` | High
4 | File | `/dev/ion` | Medium
5 | File | `/ecma/operations/ecma-objects.c` | High
6 | File | `/GetCopiedFile` | High
7 | File | `/hdf5/src/H5T.c` | High
8 | File | `/jerry-core/ecma/operations/ecma-get-put-value.c` | High
9 | File | `/jerry-core/ecma/operations/ecma-typedarray-object.c` | High
10 | File | `/leave_system/classes/Login.php` | High
11 | File | `/plugin` | Low
12 | File | `/rest/collectors/1.0/template/custom` | High
13 | File | `/risque/administration/referentiel/json/create/categorie` | High
14 | ... | ... | ...
1 | File | `/?/admin/snippet/add` | High
2 | File | `/?admin/user.html` | High
3 | File | `/admin.php/Foodcat/addsave` | High
4 | File | `/admin/users/update` | High
5 | File | `/api` | Low
6 | File | `/cgi-bin/api-get_line_status` | High
7 | File | `/cgi-bin/delete_CA` | High
8 | File | `/cgi-bin/New_GUI/Acl.asp` | High
9 | File | `/cgi?` | Low
10 | File | `/contentshare/image/data/user/0/com.sony.dtv.photosharingplus/files/_BRAVPSS.TMP/LJYT0010.JPG` | High
11 | File | `/EASYIO30P-123456789012345678901234567890123456789012345678/webuser.js` | High
12 | File | `/EASYIO30P-<session_token>/dev.htm` | High
13 | File | `/EXCU_SHELL` | Medium
14 | File | `/goform/systemlog?cmd=set` | High
15 | File | `/HNAP1/SetAccessPointMode` | High
16 | File | `/HNAP1/SetClientInfoDemo` | High
17 | File | `/images/browserslide.jpg` | High
18 | File | `/Kofax/KFS/ThinClient/document/upload/` | High
19 | File | `/manager?action=getlogcat` | High
20 | File | `/mc` | Low
21 | File | `/oauth/token/request` | High
22 | File | `/opencms/system/workplace/admin/accounts/user_new.jsp` | High
23 | File | `/PreviewHandler.ashx` | High
24 | File | `/priv_mgt.html` | High
25 | File | `/protected/vendor/codeception/codeception/tests/data/app/view/index.php` | High
26 | File | `/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf` | High
27 | File | `/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf` | High
28 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
29 | File | `/spap.htm` | Medium
30 | File | `/system-info/health` | High
31 | File | `/tmp/scfgdndf` | High
32 | File | `/ubus/controller.icc.update_nds_webroot_from_tmp` | High
33 | File | `/ubus/uci.apply` | High
34 | File | `/usr/syno/etc/mount.conf` | High
35 | File | `/var/log/groonga` | High
36 | File | `/var/run/jboss-eap/` | High
37 | File | `/vendors/neato/robots/[robot_serial]/messages` | High
38 | ... | ... | ...
There are 115 more IOA items available. Please use our online service to access the data.
There are 326 more IOA items available. Please use our online service to access the data.
## References

10
LazyScripter/README.md
View File

@ -1,6 +1,6 @@
# LazyScripter - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [LazyScripter](https://vuldb.com/?actor.lazyscripter). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LazyScripter](https://vuldb.com/?actor.lazyscripter). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.lazyscripter](https://vuldb.com/?actor.lazyscripter)
@ -37,7 +37,9 @@ ID | Type | Indicator | Confidence
1 | File | `item_show.php` | High
2 | Library | `eselleratecontrol365.dll` | High
3 | Argument | `code_no` | Low
4 | Argument | `first` | Low
4 | ... | ... | ...
There are 1 more IOA items available. Please use our online service to access the data.
## References
@ -49,9 +51,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

157
Liberty Front Press/README.md Normal file
View File

@ -0,0 +1,157 @@
# Liberty Front Press - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Liberty Front Press](https://vuldb.com/?actor.liberty_front_press). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.liberty_front_press](https://vuldb.com/?actor.liberty_front_press)
## Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Liberty Front Press:
* US
* VN
* CN
* ...
There are 24 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Liberty Front Press.
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 5.9.96.104 | static.104.96.9.5.clients.your-server.de | High
2 | 5.79.68.107 | - | High
3 | 5.79.68.109 | - | High
4 | 5.79.68.110 | - | High
5 | 5.220.32.26 | - | High
6 | 18.197.248.23 | eu-staticip.multiscreensite.com | High
7 | 34.98.99.30 | 30.99.98.34.bc.googleusercontent.com | Medium
8 | 34.102.136.180 | 180.136.102.34.bc.googleusercontent.com | Medium
9 | 34.208.93.148 | ec2-34-208-93-148.us-west-2.compute.amazonaws.com | Medium
10 | 34.211.118.203 | ec2-34-211-118-203.us-west-2.compute.amazonaws.com | Medium
11 | 34.211.213.227 | ec2-34-211-213-227.us-west-2.compute.amazonaws.com | Medium
12 | 34.214.135.41 | ec2-34-214-135-41.us-west-2.compute.amazonaws.com | Medium
13 | 34.224.160.149 | ec2-34-224-160-149.compute-1.amazonaws.com | Medium
14 | 37.48.65.148 | - | High
15 | 37.48.65.149 | - | High
16 | 37.48.65.150 | - | High
17 | 37.48.65.151 | - | High
18 | 37.48.65.152 | - | High
19 | 37.48.65.153 | - | High
20 | 37.48.65.154 | - | High
21 | 37.48.65.155 | - | High
22 | 44.229.223.74 | ec2-44-229-223-74.us-west-2.compute.amazonaws.com | Medium
23 | 46.4.6.184 | static.184.6.4.46.clients.your-server.de | High
24 | 46.166.182.52 | const-de.easywaypath.com | High
25 | 46.166.182.55 | - | High
26 | 46.166.182.56 | server.eversservices.com | High
27 | 46.166.184.102 | 102.http-proxy1.cloudns.net | High
28 | 46.166.184.104 | 104.http-proxy1.cloudns.net | High
29 | 47.91.170.222 | - | High
30 | 49.128.177.81 | ipv4-81-177-128.as55666.net | High
31 | 50.112.29.189 | ec2-50-112-29-189.us-west-2.compute.amazonaws.com | Medium
32 | 50.112.46.4 | ec2-50-112-46-4.us-west-2.compute.amazonaws.com | Medium
33 | 51.89.88.96 | cloud08.aztcotechnology.com | High
34 | 51.254.232.56 | ip56.ip-51-254-232.eu | High
35 | 52.8.174.68 | ec2-52-8-174-68.us-west-1.compute.amazonaws.com | Medium
36 | 52.11.10.90 | ec2-52-11-10-90.us-west-2.compute.amazonaws.com | Medium
37 | 52.40.118.225 | ec2-52-40-118-225.us-west-2.compute.amazonaws.com | Medium
38 | 52.43.21.0 | ec2-52-43-21-0.us-west-2.compute.amazonaws.com | Medium
39 | 52.59.120.70 | eu-staticip2.multiscreensite.com | High
40 | 52.128.23.153 | - | High
41 | 52.213.114.86 | ec2-52-213-114-86.eu-west-1.compute.amazonaws.com | Medium
42 | 54.37.218.50 | ip50.ip-54-37-218.eu | High
43 | 54.38.220.85 | ns1.emailverification.info | High
44 | 62.171.177.42 | vmi498625.contaboserver.net | High
45 | 63.143.32.94 | 94-32-143-63.static.reverse.lstn.net | High
46 | 66.152.163.75 | host104.cloud-hostdone.com | High
47 | 69.172.201.153 | - | High
48 | 69.172.201.208 | - | High
49 | 72.1.32.168 | usdreamers.net | High
50 | 78.46.102.123 | static.123.102.46.78.clients.your-server.de | High
51 | 78.47.230.139 | static.139.230.47.78.server1.uaehost.space | High
52 | 79.143.85.44 | - | High
53 | 81.169.145.149 | w95.rzone.de | High
54 | 85.159.233.35 | - | High
55 | 85.159.233.60 | . | High
56 | 88.198.13.86 | static.88.198.13.86.clients.your-server.de | High
57 | 88.198.48.179 | static.88.198.48.179.clients.your-server.de | High
58 | 88.198.56.139 | static.88-198-56-139.clients.your-server.de | High
59 | 91.195.240.117 | - | High
60 | ... | ... | ...
There are 238 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Liberty Front Press. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Liberty Front Press. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/.ssh/authorized_keys` | High
2 | File | `/car.php` | Medium
3 | File | `/context/%2e/WEB-INF/web.xml` | High
4 | File | `/dashboards/#` | High
5 | File | `/etc/controller-agent/agent.conf` | High
6 | File | `/etc/hosts` | Medium
7 | File | `/etc/sudoers` | Medium
8 | File | `/filemanager/php/connector.php` | High
9 | File | `/forum/away.php` | High
10 | File | `/fudforum/adm/hlplist.php` | High
11 | File | `/GponForm/fsetup_Form` | High
12 | File | `/log_download.cgi` | High
13 | File | `/modules/profile/index.php` | High
14 | File | `/monitoring` | Medium
15 | File | `/new` | Low
16 | File | `/out.php` | Medium
17 | File | `/proc/<pid>/status` | High
18 | File | `/public/plugins/` | High
19 | File | `/s/` | Low
20 | File | `/secure/QueryComponent!Default.jspa` | High
21 | File | `/server-info` | Medium
22 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
23 | File | `/tmp` | Low
24 | File | `/uncpath/` | Medium
25 | File | `/updown/upload.cgi` | High
26 | File | `/usr/bin/pkexec` | High
27 | File | `/way4acs/enroll` | High
28 | File | `/WEB-INF/web.xml` | High
29 | File | `/wp-json/wc/v3/webhooks` | High
30 | File | `4.2.0.CP09` | Medium
31 | File | `actions/CompanyDetailsSave.php` | High
32 | ... | ... | ...
There are 269 more IOA items available. Please use our online service to access the data.
## References
The following list contains external sources which discuss the actor and the associated activities:
* https://circleid.com/posts/20210708-liberty-front-press-network-an-ioc-enrichment-amp-threat-intel
* https://ddanchev.blogspot.com/2022/01/profiling-liberty-front-press-network.html
## Literature
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Lilith RAT/README.md
View File

@ -1,6 +1,6 @@
# Lilith RAT - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Lilith RAT](https://vuldb.com/?actor.lilith_rat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Lilith RAT](https://vuldb.com/?actor.lilith_rat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.lilith_rat](https://vuldb.com/?actor.lilith_rat)
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

49
LinuxMoose/README.md
View File

@ -1,6 +1,6 @@
# LinuxMoose - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [LinuxMoose](https://vuldb.com/?actor.linuxmoose). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LinuxMoose](https://vuldb.com/?actor.linuxmoose). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.linuxmoose](https://vuldb.com/?actor.linuxmoose)
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* SV
* ...
There are 14 more country items available. Please use our online service to access the data.
There are 17 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -33,17 +33,9 @@ ID | IP address | Hostname | Confidence
10 | 77.247.178.177 | - | High
11 | 79.176.26.142 | bzq-79-176-26-142.red.bezeqint.net | High
12 | 82.146.63.15 | ebay2.com | High
13 | 85.159.237.107 | www.lydiavanderbie.nl | High
14 | 85.159.237.108 | - | High
15 | 85.159.237.111 | path-enews-sum.firmtan.net | High
16 | 93.190.139.123 | customer.worldstream.nl | High
17 | 93.190.139.147 | customer.worldstream.nl | High
18 | 93.190.140.221 | customer.worldstream.nl | High
19 | 93.190.142.113 | transitput.com | High
20 | 93.190.143.60 | wsrtc.parejas.net | High
21 | ... | ... | ...
13 | ... | ... | ...
There are 40 more IOC items available. Please use our online service to access the data.
There are 48 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -74,9 +66,34 @@ ID | Type | Indicator | Confidence
8 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
9 | File | `/download` | Medium
10 | File | `/drivers/vhost/net.c` | High
11 | ... | ... | ...
11 | File | `/include/chart_generator.php` | High
12 | File | `/medical/inventories.php` | High
13 | File | `/NAGErrors` | Medium
14 | File | `/ndxzstudio/install.php?p=2` | High
15 | File | `/nova/bin/lcdstat` | High
16 | File | `/nova/bin/sniffer` | High
17 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
18 | File | `/pages.php` | Medium
19 | File | `/pages/doeditattachment.action` | High
20 | File | `/product_list.php` | High
21 | File | `/public/login.htm` | High
22 | File | `/rapi/read_url` | High
23 | File | `/rest/api/1.0/render` | High
24 | File | `/tmp/csman/0` | Medium
25 | File | `/tmp/phpglibccheck` | High
26 | File | `/tools_admin.asp` | High
27 | File | `/trx_addons/v2/get/sc_layout` | High
28 | File | `/uncpath/` | Medium
29 | File | `/usr/sbin/suexec` | High
30 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
31 | File | `abm.aspx` | Medium
32 | File | `abook_database.php` | High
33 | File | `adclick.php` | Medium
34 | File | `addresses_export.php` | High
35 | File | `add_comment.php` | High
36 | ... | ... | ...
There are 321 more IOA items available. Please use our online service to access the data.
There are 304 more IOA items available. Please use our online service to access the data.
## References
@ -89,9 +106,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
LockBit/README.md
View File

@ -1,6 +1,6 @@
# LockBit - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [LockBit](https://vuldb.com/?actor.lockbit). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LockBit](https://vuldb.com/?actor.lockbit). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.lockbit](https://vuldb.com/?actor.lockbit)
@ -29,9 +29,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

14
LockFile/README.md
View File

@ -1,6 +1,6 @@
# LockFile - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [LockFile](https://vuldb.com/?actor.lockfile). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LockFile](https://vuldb.com/?actor.lockfile). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.lockfile](https://vuldb.com/?actor.lockfile)
@ -48,13 +48,9 @@ ID | Type | Indicator | Confidence
4 | File | `/uncpath/` | Medium
5 | File | `/_next` | Low
6 | File | `add_edit_user.asp` | High
7 | File | `admin/category.inc.php` | High
8 | File | `cds-fpdf.php` | Medium
9 | File | `cgi-bin/MANGA/admin.cgi` | High
10 | File | `content.php` | Medium
11 | ... | ... | ...
7 | ... | ... | ...
There are 45 more IOA items available. Please use our online service to access the data.
There are 49 more IOA items available. Please use our online service to access the data.
## References
@ -66,9 +62,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

20
Locky/README.md
View File

@ -1,6 +1,6 @@
# Locky - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Locky](https://vuldb.com/?actor.locky). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Locky](https://vuldb.com/?actor.locky). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.locky](https://vuldb.com/?actor.locky)
@ -21,11 +21,9 @@ ID | IP address | Hostname | Confidence
1 | 5.173.164.205 | user-5-173-164-205.play-internet.pl | High
2 | 46.38.52.225 | free.tel.ru | High
3 | 46.101.8.169 | - | High
4 | 46.148.20.32 | sa3.net.ua | High
5 | 51.254.181.122 | mail2.asiaecampaign.com | High
6 | ... | ... | ...
4 | ... | ... | ...
There are 10 more IOC items available. Please use our online service to access the data.
There are 12 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -52,13 +50,9 @@ ID | Type | Indicator | Confidence
4 | File | `/ISAPI/Security/users/1` | High
5 | File | `addentry.php` | Medium
6 | File | `data/gbconfiguration.dat` | High
7 | File | `email.php` | Medium
8 | File | `flac.c` | Low
9 | File | `inc/config.php` | High
10 | File | `inc/filebrowser/browser.php` | High
11 | ... | ... | ...
7 | ... | ... | ...
There are 43 more IOA items available. Please use our online service to access the data.
There are 47 more IOA items available. Please use our online service to access the data.
## References
@ -71,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

17
Machete/README.md
View File

@ -1,6 +1,6 @@
# Machete - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Machete](https://vuldb.com/?actor.machete). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Machete](https://vuldb.com/?actor.machete). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.machete](https://vuldb.com/?actor.machete)
@ -50,16 +50,9 @@ ID | Type | Indicator | Confidence
1 | File | `/admin/config.php?display=backup` | High
2 | File | `/proc/self/cwd` | High
3 | File | `file_download.php` | High
4 | File | `includes/startup.php` | High
5 | File | `index.php` | Medium
6 | File | `index.php?pg=moderated` | High
7 | File | `products1h.php` | High
8 | File | `upload.php` | Medium
9 | File | `visitormessage.php` | High
10 | File | `wp-admin/user-new.php` | High
11 | ... | ... | ...
4 | ... | ... | ...
There are 6 more IOA items available. Please use our online service to access the data.
There are 13 more IOA items available. Please use our online service to access the data.
## References
@ -72,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

71
Magecart/README.md
View File

@ -1,6 +1,6 @@
# Magecart - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Magecart](https://vuldb.com/?actor.magecart). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Magecart](https://vuldb.com/?actor.magecart). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.magecart](https://vuldb.com/?actor.magecart)
@ -8,12 +8,12 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Magecart:
* SV
* PL
* ES
* DE
* IT
* ...
There are 9 more country items available. Please use our online service to access the data.
There are 5 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -28,14 +28,9 @@ ID | IP address | Hostname | Confidence
5 | 37.59.47.208 | ns3000975.ip-37-59-47.eu | High
6 | 47.254.175.211 | - | High
7 | 51.83.209.11 | ip11.ip-51-83-209.eu | High
8 | 54.38.49.244 | ip244.ip-54-38-49.eu | High
9 | 62.133.58.60 | - | High
10 | 74.119.239.234 | - | High
11 | 76.119.1.112 | c-76-119-1-112.hsd1.ct.comcast.net | High
12 | 88.99.66.31 | iplogger.com | High
13 | ... | ... | ...
8 | ... | ... | ...
There are 22 more IOC items available. Please use our online service to access the data.
There are 27 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -43,14 +38,12 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1008 | Algorithm Downgrade | High
2 | T1040 | Authentication Bypass by Capture-replay | High
3 | T1059.007 | Cross Site Scripting | High
4 | T1068 | Execution with Unnecessary Privileges | High
5 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
6 | ... | ... | ...
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 11 more TTP items available. Please use our online service to access the data.
There are 8 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -58,19 +51,33 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `$HOME/.cdrdao` | High
2 | File | `%LOCALAPPDATA%\Zemana\ZALSDK\MyRules2.ini` | High
3 | File | `%PROGRAMFILES(X86)%\Teradici\PCoIP.exe` | High
4 | File | `%SYSTEMDRIVE%\ProgramData\exclusions.dat` | High
5 | File | `.config/Yubico` | High
6 | File | `.git/hooks/post-update` | High
7 | File | `.htaccess` | Medium
8 | File | `/?q` | Low
9 | File | `/admin.php/Foodcat/addsave` | High
10 | File | `/admin.php?page=tags` | High
11 | ... | ... | ...
1 | File | `/admin.html?do=user&act=add` | High
2 | File | `/admin/login.php` | High
3 | File | `/ad_js.php` | Medium
4 | File | `/changePassword` | High
5 | File | `/check_availability.php` | High
6 | File | `/DataHandler/Handler_CFG.ashx` | High
7 | File | `/enginemanager/server/user/delete.htm` | High
8 | File | `/files.md5` | Medium
9 | File | `/home/user/dir` | High
10 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
11 | File | `/message-bus/_diagnostics` | High
12 | File | `/metrics` | Medium
13 | File | `/plesk-site-preview/` | High
14 | File | `/plugin/jcapture/applet.php` | High
15 | File | `/preferences/tags` | High
16 | File | `/secure/EditSubscription.jspa` | High
17 | File | `/Storage/Emulated/0/Telegram/Telegram` | High
18 | File | `/Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer` | High
19 | File | `/way4acs/enroll` | High
20 | File | `acl.c` | Low
21 | File | `ActivityManagerShellCommand.java` | High
22 | File | `admin/plugin.php` | High
23 | File | `applicationContext-spring-security.xml` | High
24 | File | `apprise/plugins/NotifyIFTTT.py` | High
25 | ... | ... | ...
There are 2350 more IOA items available. Please use our online service to access the data.
There are 206 more IOA items available. Please use our online service to access the data.
## References
@ -83,9 +90,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Matsnu/README.md
View File

@ -1,6 +1,6 @@
# Matsnu - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Matsnu](https://vuldb.com/?actor.matsnu). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Matsnu](https://vuldb.com/?actor.matsnu). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.matsnu](https://vuldb.com/?actor.matsnu)
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

33
Mofang/README.md
View File

@ -1,6 +1,6 @@
# Mofang - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Mofang](https://vuldb.com/?actor.mofang). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Mofang](https://vuldb.com/?actor.mofang). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.mofang](https://vuldb.com/?actor.mofang)
@ -26,13 +26,9 @@ ID | IP address | Hostname | Confidence
3 | 23.89.201.173 | - | High
4 | 38.109.190.55 | ftp2.accs.net | High
5 | 49.213.18.15 | - | High
6 | 50.117.47.66 | - | High
7 | 50.117.47.67 | - | High
8 | 61.250.92.79 | - | High
9 | 103.39.78.131 | - | High
10 | ... | ... | ...
6 | ... | ... | ...
There are 16 more IOC items available. Please use our online service to access the data.
There are 20 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -55,17 +51,16 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.htaccess` | Medium
2 | File | `/admin/index.php` | High
3 | File | `/message/ajax/send/` | High
4 | File | `/sitecore/client/Applications/List Manager/Taskpages/Contact list` | High
5 | File | `add_comment.php` | High
6 | File | `app/controllers/application_controller.rb` | High
7 | File | `application\api\controller\User.php` | High
8 | File | `blog.php` | Medium
9 | File | `classes/Visualizer/Gutenberg/Block.php` | High
10 | File | `content_timeline_class.php` | High
11 | ... | ... | ...
3 | File | `/cgi-mod/lookup.cgi` | High
4 | File | `/message/ajax/send/` | High
5 | File | `/sitecore/client/Applications/List Manager/Taskpages/Contact list` | High
6 | File | `add_comment.php` | High
7 | File | `app/controllers/application_controller.rb` | High
8 | File | `application\api\controller\User.php` | High
9 | File | `blog.php` | Medium
10 | ... | ... | ...
There are 71 more IOA items available. Please use our online service to access the data.
There are 75 more IOA items available. Please use our online service to access the data.
## References
@ -78,9 +73,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

20
Naikon/README.md
View File

@ -1,6 +1,6 @@
# Naikon - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Naikon](https://vuldb.com/?actor.naikon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Naikon](https://vuldb.com/?actor.naikon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.naikon](https://vuldb.com/?actor.naikon)
@ -26,13 +26,10 @@ ID | IP address | Hostname | Confidence
1 | 47.241.127.190 | - | High
2 | 50.117.115.89 | - | High
3 | 50.117.115.90 | - | High
4 | 65.19.141.203 | - | High
5 | 65.19.157.205 | gigabitethernet1-1-38.switch35.fmt2.he.net | High
6 | 116.52.84.70 | - | High
7 | 124.156.241.24 | - | High
8 | ... | ... | ...
4 | 65.19.141.203 | shibakov.org | High
5 | ... | ... | ...
There are 13 more IOC items available. Please use our online service to access the data.
There are 16 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -62,10 +59,9 @@ ID | Type | Indicator | Confidence
7 | File | `admin/user_activate_submit.php` | High
8 | File | `browse-scategory.php` | High
9 | File | `classes/Visualizer/Gutenberg/Block.php` | High
10 | File | `colors.py` | Medium
11 | ... | ... | ...
10 | ... | ... | ...
There are 77 more IOA items available. Please use our online service to access the data.
There are 78 more IOA items available. Please use our online service to access the data.
## References
@ -80,9 +76,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

54
Nymaim/README.md
View File

@ -1,6 +1,6 @@
# Nymaim - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Nymaim](https://vuldb.com/?actor.nymaim). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Nymaim](https://vuldb.com/?actor.nymaim). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.nymaim](https://vuldb.com/?actor.nymaim)
@ -27,13 +27,9 @@ ID | IP address | Hostname | Confidence
4 | 47.91.242.212 | - | High
5 | 51.218.181.145 | - | High
6 | 52.85.144.32 | server-52-85-144-32.iad89.r.cloudfront.net | High
7 | 52.114.128.43 | - | High
8 | 77.29.56.4 | - | High
9 | 78.28.210.44 | - | High
10 | 78.90.243.124 | - | High
11 | ... | ... | ...
7 | ... | ... | ...
There are 18 more IOC items available. Please use our online service to access the data.
There are 22 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -44,10 +40,9 @@ ID | Technique | Description | Confidence
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | T1211 | 7PK Security Features | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 7 more TTP items available. Please use our online service to access the data.
There are 8 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -56,18 +51,31 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/adfs/ls` | Medium
2 | File | `/IISADMPWD` | Medium
3 | File | `/monitor/s_headmodel.php` | High
4 | File | `/pro/repo-create.html` | High
5 | File | `/server-info` | Medium
6 | File | `/services` | Medium
7 | File | `/test/cookie/` | High
8 | File | `/uncpath/` | Medium
9 | File | `/usr/bin/at` | Medium
10 | File | `/WEB-INF/web.xml` | High
11 | ... | ... | ...
2 | File | `/appliance/users?action=edit` | High
3 | File | `/config/getuser` | High
4 | File | `/IISADMPWD` | Medium
5 | File | `/login` | Low
6 | File | `/monitor/s_headmodel.php` | High
7 | File | `/pro/repo-create.html` | High
8 | File | `/public/plugins/` | High
9 | File | `/rest/api/latest/projectvalidate/key` | High
10 | File | `/server-info` | Medium
11 | File | `/services` | Medium
12 | File | `/test/cookie/` | High
13 | File | `/uncpath/` | Medium
14 | File | `/usr/bin/at` | Medium
15 | File | `/usr/bin/pkexec` | High
16 | File | `/WEB-INF/web.xml` | High
17 | File | `admin-ajax.php` | High
18 | File | `AndroidManifest.xml` | High
19 | File | `app/View/Galaxies/view.ctp` | High
20 | File | `apply.cgi` | Medium
21 | File | `binder.c` | Medium
22 | File | `bl-kernel/security.class.php` | High
23 | File | `C:/evil.bat"` | Medium
24 | ... | ... | ...
There are 172 more IOA items available. Please use our online service to access the data.
There are 200 more IOA items available. Please use our online service to access the data.
## References
@ -81,9 +89,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
OMIGOD/README.md
View File

@ -27,4 +27,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

21
Palevo/README.md
View File

@ -1,6 +1,6 @@
# Palevo - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Palevo](https://vuldb.com/?actor.palevo). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Palevo](https://vuldb.com/?actor.palevo). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.palevo](https://vuldb.com/?actor.palevo)
@ -24,10 +24,9 @@ ID | IP address | Hostname | Confidence
1 | 42.120.158.78 | - | High
2 | 67.210.170.169 | 67-210-170.169.static.tel-ott.com | High
3 | 76.74.255.138 | loom.com | High
4 | 82.196.6.164 | - | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 8 more IOC items available. Please use our online service to access the data.
There are 9 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -52,15 +51,9 @@ ID | Type | Indicator | Confidence
2 | File | `epan/dissectors/packet-ldss.c` | High
3 | File | `epan/dissectors/packet-rtmpt.c` | High
4 | File | `epan/dissectors/packet-wsp.c` | High
5 | File | `gd_gif_in.c` | Medium
6 | File | `httpd.conf` | Medium
7 | File | `includes/upload.php` | High
8 | File | `index.php` | Medium
9 | File | `ipc/shm.c` | Medium
10 | File | `libass/ass_shaper.c` | High
11 | ... | ... | ...
5 | ... | ... | ...
There are 23 more IOA items available. Please use our online service to access the data.
There are 29 more IOA items available. Please use our online service to access the data.
## References
@ -72,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

24
Phorpiex/README.md
View File

@ -1,6 +1,6 @@
# Phorpiex - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Phorpiex](https://vuldb.com/?actor.phorpiex). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Phorpiex](https://vuldb.com/?actor.phorpiex). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.phorpiex](https://vuldb.com/?actor.phorpiex)
@ -15,12 +15,9 @@ ID | IP address | Hostname | Confidence
3 | 74.125.155.40 | iad23s82-in-f8.1e100.net | High
4 | 74.125.155.102 | iad23s88-in-f6.1e100.net | High
5 | 74.125.192.94 | qn-in-f94.1e100.net | High
6 | 92.63.197.48 | - | High
7 | 92.63.197.60 | - | High
8 | 92.63.197.153 | - | High
9 | ... | ... | ...
6 | ... | ... | ...
There are 15 more IOC items available. Please use our online service to access the data.
There are 18 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -40,16 +37,9 @@ ID | Type | Indicator | Confidence
1 | File | `ajax/api/hook/decodeArguments` | High
2 | File | `breadcrumbs_create.php` | High
3 | File | `forumrunner/includes/moderation.php` | High
4 | File | `includes/startup.php` | High
5 | File | `includes/ucp/ucp_pm_options.php` | High
6 | File | `install.php` | Medium
7 | File | `links.php` | Medium
8 | File | `modcp.php` | Medium
9 | File | `moderate.php` | Medium
10 | File | `profile.php` | Medium
11 | ... | ... | ...
4 | ... | ... | ...
There are 15 more IOA items available. Please use our online service to access the data.
There are 22 more IOA items available. Please use our online service to access the data.
## References
@ -64,9 +54,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

17
Poisoned Handover/README.md
View File

@ -1,6 +1,6 @@
# Poisoned Handover - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Poisoned Handover](https://vuldb.com/?actor.poisoned_handover). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Poisoned Handover](https://vuldb.com/?actor.poisoned_handover). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.poisoned_handover](https://vuldb.com/?actor.poisoned_handover)
@ -52,16 +52,9 @@ ID | Type | Indicator | Confidence
1 | File | `.htaccess` | Medium
2 | File | `/cgi-bin/` | Medium
3 | File | `cci_dir` | Low
4 | File | `com.ibm.wsspi.wssecurity.core` | High
5 | File | `content.php` | Medium
6 | File | `libqpdf/QPDFWriter.cc` | High
7 | File | `manual/search.texi` | High
8 | File | `plugins\U3DBrowser.fpi` | High
9 | File | `PulseSecureService.exe` | High
10 | File | `rwcgi60` | Low
11 | ... | ... | ...
4 | ... | ... | ...
There are 11 more IOA items available. Please use our online service to access the data.
There are 18 more IOA items available. Please use our online service to access the data.
## References
@ -73,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

26
Potao/README.md
View File

@ -1,6 +1,6 @@
# Potao - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Potao](https://vuldb.com/?actor.potao). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Potao](https://vuldb.com/?actor.potao). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.potao](https://vuldb.com/?actor.potao)
@ -36,14 +36,9 @@ ID | IP address | Hostname | Confidence
6 | 62.76.184.245 | 62-76-184-245.vm.clodoserver.ru | High
7 | 62.76.189.181 | srv.planetaexcel.ru | High
8 | 64.40.101.43 | - | High
9 | 67.18.208.92 | - | High
10 | 67.103.159.141 | h-67-103-159-141.atln.ga.globalcapacity.com | High
11 | 69.64.72.206 | toonarific.com | High
12 | 74.54.206.162 | a2.ce.364a.static.theplanet.com | High
13 | 74.208.68.243 | s15242899.onlinehome-server.com | High
14 | ... | ... | ...
9 | ... | ... | ...
There are 25 more IOC items available. Please use our online service to access the data.
There are 30 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -69,14 +64,11 @@ ID | Type | Indicator | Confidence
3 | File | `/iwguestbook/admin/badwords_edit.asp` | High
4 | File | `/setSystemAdmin` | High
5 | File | `/uncpath/` | Medium
6 | File | `/webpages/data` | High
7 | File | `/zm/index.php` | High
8 | File | `adclick.php` | Medium
9 | File | `afd.sys` | Low
10 | File | `ajax/api/hook/getHookList` | High
11 | ... | ... | ...
6 | File | `/usr/bin/pkexec` | High
7 | File | `/webpages/data` | High
8 | ... | ... | ...
There are 53 more IOA items available. Please use our online service to access the data.
There are 60 more IOA items available. Please use our online service to access the data.
## References
@ -89,9 +81,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

36
PowerTrick/README.md
View File

@ -1,6 +1,6 @@
# PowerTrick - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [PowerTrick](https://vuldb.com/?actor.powertrick). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PowerTrick](https://vuldb.com/?actor.powertrick). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.powertrick](https://vuldb.com/?actor.powertrick)
@ -28,10 +28,9 @@ ID | Technique | Description | Confidence
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | T1211 | 7PK Security Features | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 6 more TTP items available. Please use our online service to access the data.
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -49,9 +48,30 @@ ID | Type | Indicator | Confidence
8 | File | `/category.php` | High
9 | File | `/connectors/index.php` | High
10 | File | `/data/system/users/0/settings_secure.xml` | High
11 | ... | ... | ...
11 | File | `/etc/waipass` | Medium
12 | File | `/ext/phar/phar_object.c` | High
13 | File | `/forum/away.php` | High
14 | File | `/inc/lists/csvexport.php` | High
15 | File | `/index.php` | Medium
16 | File | `/search.php` | Medium
17 | File | `/services/getFile.cmd` | High
18 | File | `/tools/required/files/importers/imageeditor` | High
19 | File | `/Upload.ashx` | Medium
20 | File | `/usr/local/contego/scripts/mgrconfig.pl` | High
21 | File | `/var/log/messages` | High
22 | File | `/web/jquery/uploader/multi_uploadify.php` | High
23 | File | `/webconsole/Controller` | High
24 | File | `/wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC` | High
25 | File | `/zm/index.php` | High
26 | File | `acl/save_user.cgi` | High
27 | File | `adaptive-images-script.php` | High
28 | File | `admin/auth.php` | High
29 | File | `admin/blogs.php` | High
30 | File | `admin/convertutf8/index.php` | High
31 | File | `admin/inc/template_functions.php` | High
32 | ... | ... | ...
There are 289 more IOA items available. Please use our online service to access the data.
There are 268 more IOA items available. Please use our online service to access the data.
## References
@ -63,9 +83,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

24
Pykspa/README.md
View File

@ -1,6 +1,6 @@
# Pykspa - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Pykspa](https://vuldb.com/?actor.pykspa). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Pykspa](https://vuldb.com/?actor.pykspa). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.pykspa](https://vuldb.com/?actor.pykspa)
@ -10,6 +10,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* ES
* US
* CN
## IOC - Indicator of Compromise
@ -45,17 +46,14 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `//etc/RT2870STA.dat` | High
2 | File | `/cgi-bin/wapopen` | High
3 | File | `/setSystemAdmin` | High
4 | File | `/updown/upload.cgi` | High
5 | File | `acl.c` | Low
6 | File | `AESNI.c` | Low
7 | File | `app/Controller/UsersController.php` | High
8 | File | `auth-gss2.c` | Medium
9 | File | `auth.php` | Medium
10 | File | `block_templace.c` | High
11 | ... | ... | ...
3 | File | `/HNAP1` | Low
4 | File | `/setSystemAdmin` | High
5 | File | `/updown/upload.cgi` | High
6 | File | `/usr/bin/pkexec` | High
7 | File | `acl.c` | Low
8 | ... | ... | ...
There are 43 more IOA items available. Please use our online service to access the data.
There are 54 more IOA items available. Please use our online service to access the data.
## References
@ -67,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

27
Python/README.md
View File

@ -1,9 +1,15 @@
# Python - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Python](https://vuldb.com/?actor.python). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Python](https://vuldb.com/?actor.python). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.python](https://vuldb.com/?actor.python)
## Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Python:
* US
## IOC - Indicator of Compromise
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Python.
@ -13,12 +19,17 @@ ID | IP address | Hostname | Confidence
1 | 23.21.126.66 | ec2-23-21-126-66.compute-1.amazonaws.com | Medium
2 | 54.221.253.252 | ec2-54-221-253-252.compute-1.amazonaws.com | Medium
3 | 54.225.66.103 | ec2-54-225-66-103.compute-1.amazonaws.com | Medium
4 | 54.225.220.115 | ec2-54-225-220-115.compute-1.amazonaws.com | Medium
5 | 54.225.242.59 | ec2-54-225-242-59.compute-1.amazonaws.com | Medium
6 | 54.235.83.248 | ec2-54-235-83-248.compute-1.amazonaws.com | Medium
7 | ... | ... | ...
4 | ... | ... | ...
There are 11 more IOC items available. Please use our online service to access the data.
There are 14 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Python. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1552 | Unprotected Storage of Credentials | High
## References
@ -30,9 +41,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

81
Qakbot/README.md
View File

@ -1,6 +1,6 @@
# Qakbot - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Qakbot](https://vuldb.com/?actor.qakbot). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Qakbot](https://vuldb.com/?actor.qakbot). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.qakbot](https://vuldb.com/?actor.qakbot)
@ -8,12 +8,7 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Qakbot:
* AE
* US
* FR
* ...
There are 14 more country items available. Please use our online service to access the data.
* AU
## IOC - Indicator of Compromise
@ -41,24 +36,43 @@ ID | IP address | Hostname | Confidence
18 | 24.226.156.153 | 24-226-156-153.resi.cgocable.ca | High
19 | 24.229.150.54 | 24.229.150.54.cmts-static.sm.ptd.net | High
20 | 24.234.86.201 | wsip-24-234-86-201.lv.lv.cox.net | High
21 | ... | ... | ...
21 | 27.223.92.142 | - | High
22 | 35.142.12.163 | 035-142-012-163.dhcp.bhn.net | High
23 | 41.34.91.90 | host-41.34.91.90.tedata.net | High
24 | 41.97.138.74 | - | High
25 | 45.32.211.207 | 45.32.211.207.vultr.com | Medium
26 | 45.46.53.140 | cpe-45-46-53-140.maine.res.rr.com | High
27 | 45.63.107.192 | 45.63.107.192.vultr.com | Medium
28 | 45.67.231.247 | vm272927.pq.hosting | High
29 | 45.77.115.208 | 45.77.115.208.vultr.com | Medium
30 | 45.77.117.108 | 45.77.117.108.vultr.com | Medium
31 | 45.77.215.141 | 45.77.215.141.vultr.com | Medium
32 | 46.214.62.199 | 46-214-62-199.next-gen.ro | High
33 | 47.22.148.6 | ool-2f169406.static.optonline.net | High
34 | 47.24.47.218 | 047-024-047-218.res.spectrum.com | High
35 | 47.153.115.154 | - | High
36 | 47.196.192.184 | - | High
37 | 49.207.105.25 | broadband.actcorp.in | High
38 | 50.29.166.232 | 50.29.166.232.res-cmts.sth3.ptd.net | High
39 | 50.104.68.223 | 50-104-68-223.prtg.in.frontiernet.net | High
40 | 50.244.112.106 | 50-244-112-106-static.hfc.comcastbusiness.net | High
41 | 59.90.246.200 | static.bb.chn.59.90.246.200.bsnl.in | High
42 | 64.19.74.29 | primhall.com | High
43 | 64.121.114.87 | 64-121-114-87.s597.c3-0.smt-ubr1.atw-smt.pa.cable.rcncustomer.com | High
44 | 65.100.174.]105 | - | High
45 | 65.100.174.]106 | - | High
46 | 65.100.174.]107 | - | High
47 | 65.100.174.]108 | - | High
48 | 65.100.174.]109 | - | High
49 | 65.100.174.]111 | - | High
50 | 66.26.160.37 | 066-026-160-037.inf.spectrum.com | High
51 | 66.57.216.53 | rrcs-66-57-216-53.midsouth.biz.rr.com | High
52 | 66.208.105.6 | 66-208-105-6.centex.net | High
53 | 67.6.12.4 | 67-6-12-4.clma.centurylink.net | High
54 | 67.8.103.21 | 67-8-103-21.res.bhn.net | High
55 | ... | ... | ...
There are 238 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Qakbot. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1040 | Authentication Bypass by Capture-replay | High
2 | T1059.007 | Cross Site Scripting | High
3 | T1068 | Execution with Unnecessary Privileges | High
4 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
5 | T1211 | 7PK Security Features | High
6 | ... | ... | ...
There are 9 more TTP items available. Please use our online service to access the data.
There are 214 more IOC items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -67,18 +81,8 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/` | Low
2 | File | `/admin/custom/blog-plugin/add` | High
3 | File | `/admin/setup.php` | High
4 | File | `/admin/submit-articles` | High
5 | File | `/ad_js.php` | Medium
6 | File | `/ajax/networking/get_netcfg.php` | High
7 | File | `/anony/mjpg.cgi` | High
8 | File | `/auth/v1/sso/config/` | High
9 | File | `/auth/v1/user/` | High
10 | File | `/auth/v1/user/{user-guid}/` | High
11 | ... | ... | ...
There are 448 more IOA items available. Please use our online service to access the data.
2 | Argument | `username/password` | High
3 | Input Value | `'or''='` | Low
## References
@ -87,14 +91,15 @@ The following list contains external sources which discuss the actor and the ass
* https://github.com/firehol/blocklist-ipsets/blob/master/bambenek_qakbot.ipset
* https://pastebin.com/u/MalwareQuinn
* https://tria.ge/210511-kvcz7vyfkx
* https://twitter.com/Malwar3Ninja/status/1483514897266737154
## Literature
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Qjwmonkey/README.md
View File

@ -1,6 +1,6 @@
# Qjwmonkey - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Qjwmonkey](https://vuldb.com/?actor.qjwmonkey). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Qjwmonkey](https://vuldb.com/?actor.qjwmonkey). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.qjwmonkey](https://vuldb.com/?actor.qjwmonkey)
@ -27,9 +27,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

25
Rancor/README.md
View File

@ -1,6 +1,6 @@
# Rancor - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Rancor](https://vuldb.com/?actor.rancor). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Rancor](https://vuldb.com/?actor.rancor). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.rancor](https://vuldb.com/?actor.rancor)
@ -63,9 +63,24 @@ ID | Type | Indicator | Confidence
8 | File | `/goform/login` | High
9 | File | `/horde/util/go.php` | High
10 | File | `/mib.db` | Low
11 | ... | ... | ...
11 | File | `/modules/profile/index.php` | High
12 | File | `/out.php` | Medium
13 | File | `/system/site.php` | High
14 | File | `adb/adb_client.c` | High
15 | File | `adclick.php` | Medium
16 | File | `add_comment.php` | High
17 | File | `adelogs.adobe.com` | High
18 | File | `admin.php` | Medium
19 | File | `admin/google_search_console/class-gsc-table.php` | High
20 | File | `administrator/components/com_media/helpers/media.php` | High
21 | File | `android/webkit/SearchBoxImpl.java` | High
22 | File | `app-layer-ssh.c` | High
23 | File | `arch_init.c` | Medium
24 | File | `authenticate.c` | High
25 | File | `BKCLogSvr.exe` | High
26 | ... | ... | ...
There are 229 more IOA items available. Please use our online service to access the data.
There are 214 more IOA items available. Please use our online service to access the data.
## References
@ -77,9 +92,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

41
Remcos/README.md
View File

@ -9,11 +9,7 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Remcos:
* US
* KE
* SE
* ...
There are 19 more country items available. Please use our online service to access the data.
* FR
## IOC - Indicator of Compromise
@ -41,9 +37,14 @@ ID | IP address | Hostname | Confidence
18 | 23.21.205.229 | ec2-23-21-205-229.compute-1.amazonaws.com | Medium
19 | 23.38.131.139 | a23-38-131-139.deploy.static.akamaitechnologies.com | High
20 | 23.78.173.83 | a23-78-173-83.deploy.static.akamaitechnologies.com | High
21 | ... | ... | ...
21 | 23.227.38.74 | - | High
22 | 34.96.116.138 | 138.116.96.34.bc.googleusercontent.com | Medium
23 | 34.102.136.180 | 180.136.102.34.bc.googleusercontent.com | Medium
24 | 34.202.33.33 | ec2-34-202-33-33.compute-1.amazonaws.com | Medium
25 | 35.214.144.124 | 124.144.214.35.bc.googleusercontent.com | Medium
26 | ... | ... | ...
There are 103 more IOC items available. Please use our online service to access the data.
There are 102 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -52,12 +53,6 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | T1211 | 7PK Security Features | High
5 | ... | ... | ...
There are 6 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -65,19 +60,12 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.htaccess` | Medium
2 | File | `/accounts/password_change/` | High
3 | File | `/admin/submit-articles` | High
4 | File | `/admin/syslog` | High
5 | File | `/category_view.php` | High
6 | File | `/cgi-bin/hi3510/param.cgi` | High
7 | File | `/cgi-bin/wapopen` | High
8 | File | `/config/getuser` | High
9 | File | `/etc/gsissh/sshd_config` | High
10 | File | `/etc/passwd` | Medium
11 | ... | ... | ...
1 | File | `avrc_pars_tg.cc` | High
2 | File | `tmUnblock.cgi` | High
3 | Argument | `ttcp_ip` | Low
4 | ... | ... | ...
There are 304 more IOA items available. Please use our online service to access the data.
There are 1 more IOA items available. Please use our online service to access the data.
## References
@ -96,6 +84,7 @@ The following list contains external sources which discuss the actor and the ass
* https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
* https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html
* https://blog.talosintelligence.com/2021/11/threat-roundup-1112-1119.html
* https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
## Literature
@ -106,4 +95,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

18
Retefe/README.md
View File

@ -24,11 +24,9 @@ ID | IP address | Hostname | Confidence
1 | 5.45.68.98 | - | High
2 | 5.45.70.63 | - | High
3 | 5.196.200.228 | a228.porelune.com | High
4 | 5.196.200.238 | e238.ducorali.com | High
5 | 50.7.143.68 | desk68.sibtown.com | High
6 | ... | ... | ...
4 | ... | ... | ...
There are 10 more IOC items available. Please use our online service to access the data.
There are 12 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -49,15 +47,9 @@ ID | Type | Indicator | Confidence
2 | File | `/uncpath/` | Medium
3 | File | `adclick.php` | Medium
4 | File | `admin/modules/master_file/rda_cmc.php?keywords` | High
5 | File | `clsowa.cls` | Medium
6 | File | `data/gbconfiguration.dat` | High
7 | File | `db.php` | Low
8 | File | `drivers/media/platform/vivid` | High
9 | File | `emumail.cgi` | Medium
10 | File | `goto.php` | Medium
11 | ... | ... | ...
5 | ... | ... | ...
There are 24 more IOA items available. Please use our online service to access the data.
There are 30 more IOA items available. Please use our online service to access the data.
## References
@ -74,4 +66,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

16
STTEAM/README.md
View File

@ -1,6 +1,6 @@
# STTEAM - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [STTEAM](https://vuldb.com/?actor.stteam). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [STTEAM](https://vuldb.com/?actor.stteam). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.stteam](https://vuldb.com/?actor.stteam)
@ -46,15 +46,9 @@ ID | Type | Indicator | Confidence
2 | File | `/ajax-files/followBoard.php` | High
3 | File | `/etc/gsissh/sshd_config` | High
4 | File | `/getcfg.php` | Medium
5 | File | `clock_menu.php` | High
6 | File | `index.php` | Medium
7 | File | `Redmine.pm` | Medium
8 | File | `showqanswer.asp` | High
9 | File | `synophoto_csPhotoDB.php` | High
10 | File | `userRpmNatDebugRpm26525557/start_art.html` | High
11 | ... | ... | ...
5 | ... | ... | ...
There are 23 more IOA items available. Please use our online service to access the data.
There are 29 more IOA items available. Please use our online service to access the data.
## References
@ -66,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Sakula/README.md
View File

@ -1,6 +1,6 @@
# Sakula - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Sakula](https://vuldb.com/?actor.sakula). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Sakula](https://vuldb.com/?actor.sakula). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.sakula](https://vuldb.com/?actor.sakula)
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
Sarwent/README.md
View File

@ -35,4 +35,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

17
Satori/README.md
View File

@ -1,6 +1,6 @@
# Satori - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Satori](https://vuldb.com/?actor.satori). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Satori](https://vuldb.com/?actor.satori). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.satori](https://vuldb.com/?actor.satori)
@ -52,16 +52,9 @@ ID | Type | Indicator | Confidence
1 | File | `/plain` | Low
2 | File | `libclamav/message.c` | High
3 | File | `PdfName.cpp` | Medium
4 | File | `phpinfo.php` | Medium
5 | File | `tmUnblock.cgi` | High
6 | Library | `/lib/echor/backplane.rb` | High
7 | Library | `See.sys` | Low
8 | Argument | `Password` | Medium
9 | Argument | `ttcp_ip` | Low
10 | Argument | `username/password` | High
11 | ... | ... | ...
4 | ... | ... | ...
There are 1 more IOA items available. Please use our online service to access the data.
There are 8 more IOA items available. Please use our online service to access the data.
## References
@ -73,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

21
Sauron/README.md
View File

@ -1,6 +1,6 @@
# Sauron - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Sauron](https://vuldb.com/?actor.sauron). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Sauron](https://vuldb.com/?actor.sauron). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.sauron](https://vuldb.com/?actor.sauron)
@ -24,10 +24,9 @@ ID | IP address | Hostname | Confidence
1 | 37.252.125.88 | - | High
2 | 66.228.52.133 | li294-133.members.linode.com | High
3 | 74.125.148.11 | rate-limited-proxy-74-125-148-11.google.com | High
4 | 83.125.22.161 | - | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 6 more IOC items available. Please use our online service to access the data.
There are 7 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -49,11 +48,11 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.procmailrc` | Medium
2 | File | `index.php` | Medium
3 | File | `modules/mappers/mod_rewrite.c` | High
4 | Library | `C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_4592475aca2acf83\Amd64\printconfig.dll` | High
5 | Library | `lib/user/sfBasicSecurityUser.class.php` | High
6 | Argument | `filter_order_Dir` | High
2 | File | `article.php` | Medium
3 | File | `include.php` | Medium
4 | ... | ... | ...
There are 12 more IOA items available. Please use our online service to access the data.
## References
@ -66,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

22
ScanBox/README.md
View File

@ -1,6 +1,6 @@
# ScanBox - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [ScanBox](https://vuldb.com/?actor.scanbox). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ScanBox](https://vuldb.com/?actor.scanbox). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.scanbox](https://vuldb.com/?actor.scanbox)
@ -22,13 +22,9 @@ ID | IP address | Hostname | Confidence
2 | 50.2.24.211 | - | High
3 | 66.197.231.62 | - | High
4 | 69.197.146.80 | - | High
5 | 69.197.183.142 | us-mci1-16.renders.prerender.io | High
6 | 69.197.183.152 | - | High
7 | 69.197.183.159 | - | High
8 | 69.197.183.189 | us-mci1-20.renders.prerender.io | High
9 | ... | ... | ...
5 | ... | ... | ...
There are 14 more IOC items available. Please use our online service to access the data.
There are 18 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -45,8 +41,12 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `vstc.vscam.client` | High
2 | Library | `vstc.vscam` | Medium
1 | File | `functions.inc.php` | High
2 | File | `vstc.vscam.client` | High
3 | Library | `vstc.vscam` | Medium
4 | ... | ... | ...
There are 1 more IOA items available. Please use our online service to access the data.
## References
@ -59,9 +59,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

26
Scar/README.md
View File

@ -1,6 +1,6 @@
# Scar - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Scar](https://vuldb.com/?actor.scar). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Scar](https://vuldb.com/?actor.scar). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.scar](https://vuldb.com/?actor.scar)
@ -30,7 +30,25 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1499 | Resource Consumption | High
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1211 | 7PK Security Features | High
4 | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Scar. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `basic/unit-name.c` | High
2 | File | `components/bitrix/mobileapp.list/ajax.php/` | High
3 | File | `kernel/ptrace.c` | High
4 | ... | ... | ...
There are 2 more IOA items available. Please use our online service to access the data.
## References
@ -42,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

781
Shadowcrew/README.md Normal file
View File

@ -0,0 +1,781 @@
# Shadowcrew - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Shadowcrew](https://vuldb.com/?actor.shadowcrew). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.shadowcrew](https://vuldb.com/?actor.shadowcrew)
## Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Shadowcrew:
* US
* CN
* PL
## IOC - Indicator of Compromise
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Shadowcrew.
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 1.2.3.4 | - | High
2 | 1.3.1.5 | - | High
3 | 1.3.5.112 | - | High
4 | 1.195.193.192 | - | High
5 | 2.59.47.155 | - | High
6 | 2.195.193.192 | - | High
7 | 3.195.193.192 | - | High
8 | 4.5.11.26 | - | High
9 | 4.8.1.2 | - | High
10 | 4.19.76.27 | - | High
11 | 4.33.21.74 | - | High
12 | 4.33.91.154 | - | High
13 | 4.33.121.58 | - | High
14 | 4.33.253.94 | - | High
15 | 4.35.2.165 | - | High
16 | 4.35.84.98 | - | High
17 | 4.42.141.33 | - | High
18 | 4.46.144.142 | - | High
19 | 4.46.174.197 | - | High
20 | 4.46.235.64 | - | High
21 | 4.62.95.76 | - | High
22 | 4.62.241.142 | - | High
23 | 4.63.225.129 | - | High
24 | 4.64.46.158 | - | High
25 | 4.64.249.14 | - | High
26 | 4.64.249.144 | - | High
27 | 4.65.31.111 | - | High
28 | 4.65.222.76 | - | High
29 | 4.195.193.192 | - | High
30 | 5.3.2.34 | 5x3x2x34.static-business.spb.ertelecom.ru | High
31 | 5.5.9.14 | dynamic-005-005-009-014.5.5.pool.telefonica.de | High
32 | 11.38.193.192 | - | High
33 | 12.1.88.3 | - | High
34 | 12.1.88.5 | - | High
35 | 12.1.88.75 | h5.occompt.com | High
36 | 12.1.88.89 | - | High
37 | 12.5.2.132 | - | High
38 | 12.6.57.2 | - | High
39 | 12.8.36.142 | - | High
40 | 12.9.131.69 | - | High
41 | 12.14.84.67 | - | High
42 | 12.14.232.23 | - | High
43 | 12.14.232.24 | - | High
44 | 12.15.32.199 | - | High
45 | 12.15.46.21 | - | High
46 | 12.17.161.21 | - | High
47 | 12.18.185.141 | - | High
48 | 12.21.44.3 | mail.thalesesec.com | High
49 | 12.21.167.52 | - | High
50 | 12.26.131.63 | - | High
51 | 12.27.138.2 | - | High
52 | 12.29.35.146 | - | High
53 | 12.31.195.91 | - | High
54 | 12.32.38.11 | - | High
55 | 12.32.148.34 | - | High
56 | 12.34.177.246 | - | High
57 | 12.36.193.114 | - | High
58 | 12.38.193.192 | - | High
59 | 12.39.133.114 | - | High
60 | 12.42.56.194 | - | High
61 | 12.42.149.116 | - | High
62 | 12.43.92.195 | - | High
63 | 12.44.87.173 | - | High
64 | 12.47.12.6 | - | High
65 | 12.47.193.16 | - | High
66 | 12.77.95.69 | 69.norcross-12rh16rt.ga.dial-access.att.net | High
67 | 12.78.17.42 | 42.west-palm-beach-10rh15rt.fl.dial-access.att.net | High
68 | 12.78.18.252 | 252.west-palm-beach-10rh16rt-11rh15rt.fl.dial-access.att.net | High
69 | 12.81.98.199 | - | High
70 | 12.81.99.35 | - | High
71 | 12.87.95.22 | - | High
72 | 12.87.96.32 | - | High
73 | 12.91.49.163 | - | High
74 | 12.91.112.32 | - | High
75 | 12.91.131.39 | - | High
76 | 12.91.146.22 | - | High
77 | 12.96.56.3 | - | High
78 | 12.96.243.166 | - | High
79 | 12.98.38.69 | 69.muca.dnvr.aurrcobu.dsl.att.net | High
80 | 12.98.213.23 | 23.muab.hstn.dlbtx01r1.dsl.att.net | High
81 | 12.99.167.178 | 178.mubh.dnvr.aurco01r1.dsl.att.net | High
82 | 12.111.45.163 | - | High
83 | 12.122.11.9 | cr1.n54ny.ip.att.net | High
84 | 12.122.11.214 | - | High
85 | 12.124.179.81 | - | High
86 | 12.144.83.2 | - | High
87 | 12.145.52.7 | - | High
88 | 12.146.236.34 | - | High
89 | 12.147.161.229 | - | High
90 | 12.151.51.3 | - | High
91 | 12.152.196.4 | - | High
92 | 12.152.236.71 | - | High
93 | 12.153.68.13 | - | High
94 | 12.153.68.131 | - | High
95 | 12.153.99.98 | - | High
96 | 12.155.7.16 | - | High
97 | 12.158.13.242 | - | High
98 | 12.159.42.194 | - | High
99 | 12.162.2.193 | - | High
100 | 12.162.118.253 | - | High
101 | 12.163.7.33 | - | High
102 | 12.164.77.1 | - | High
103 | 12.164.77.2 | - | High
104 | 12.164.77.3 | - | High
105 | 12.164.77.4 | - | High
106 | 12.164.77.5 | - | High
107 | 12.164.77.6 | - | High
108 | 12.164.77.9 | - | High
109 | 12.164.77.13 | - | High
110 | 12.164.77.16 | - | High
111 | 12.164.77.21 | - | High
112 | 12.164.77.22 | - | High
113 | 12.164.77.32 | - | High
114 | 12.164.77.33 | - | High
115 | 12.164.77.34 | - | High
116 | 12.164.77.35 | - | High
117 | 12.164.77.36 | - | High
118 | 12.164.77.37 | - | High
119 | 12.164.77.38 | - | High
120 | 12.164.77.39 | - | High
121 | 12.164.77.41 | - | High
122 | 12.164.77.42 | - | High
123 | 12.164.77.43 | - | High
124 | 12.164.77.44 | - | High
125 | 12.164.77.45 | - | High
126 | 12.164.77.46 | - | High
127 | 12.164.77.47 | - | High
128 | 12.164.77.48 | - | High
129 | 12.164.77.49 | - | High
130 | 12.164.77.51 | - | High
131 | 12.164.77.52 | - | High
132 | 12.164.77.53 | - | High
133 | 12.164.77.54 | - | High
134 | 12.164.77.55 | - | High
135 | 12.164.77.56 | - | High
136 | 12.164.77.57 | - | High
137 | 12.164.77.58 | - | High
138 | 12.164.77.59 | - | High
139 | 12.164.77.61 | - | High
140 | 12.164.77.62 | - | High
141 | 12.164.77.63 | - | High
142 | 12.164.77.64 | - | High
143 | 12.164.77.65 | - | High
144 | 12.164.77.66 | - | High
145 | 12.164.77.67 | - | High
146 | 12.164.77.68 | - | High
147 | 12.164.77.71 | - | High
148 | 12.164.77.72 | - | High
149 | 12.164.77.74 | - | High
150 | 12.164.77.75 | - | High
151 | 12.164.77.77 | - | High
152 | 12.164.77.78 | - | High
153 | 12.164.77.82 | - | High
154 | 12.164.77.85 | - | High
155 | 12.164.77.86 | - | High
156 | 12.164.77.88 | - | High
157 | 12.164.77.91 | - | High
158 | 12.164.77.93 | - | High
159 | 12.164.77.94 | - | High
160 | 12.164.77.97 | - | High
161 | 12.164.77.111 | - | High
162 | 12.164.77.113 | - | High
163 | 12.164.77.114 | - | High
164 | 12.164.77.117 | - | High
165 | 12.164.77.121 | - | High
166 | 12.164.77.125 | - | High
167 | 12.164.77.129 | - | High
168 | 12.164.77.131 | - | High
169 | 12.164.77.132 | - | High
170 | 12.164.77.133 | - | High
171 | 12.164.77.134 | - | High
172 | 12.164.77.136 | - | High
173 | 12.164.77.145 | - | High
174 | 12.164.77.148 | - | High
175 | 12.164.77.149 | - | High
176 | 12.164.77.151 | - | High
177 | 12.164.77.152 | - | High
178 | 12.164.77.153 | - | High
179 | 12.164.77.154 | - | High
180 | 12.164.77.155 | - | High
181 | 12.164.77.156 | - | High
182 | 12.164.77.157 | - | High
183 | 12.164.77.158 | - | High
184 | 12.164.77.159 | - | High
185 | 12.164.77.161 | - | High
186 | 12.164.77.162 | - | High
187 | 12.164.77.163 | - | High
188 | 12.164.77.164 | - | High
189 | 12.164.77.165 | - | High
190 | 12.164.77.166 | - | High
191 | 12.164.77.167 | - | High
192 | 12.164.77.168 | - | High
193 | 12.164.77.169 | - | High
194 | 12.164.77.171 | - | High
195 | 12.164.77.172 | - | High
196 | 12.164.77.173 | - | High
197 | 12.164.77.174 | - | High
198 | 12.164.77.175 | - | High
199 | 12.164.77.176 | - | High
200 | 12.164.77.177 | - | High
201 | 12.164.77.178 | - | High
202 | 12.164.77.179 | - | High
203 | 12.164.77.181 | - | High
204 | 12.164.77.182 | - | High
205 | 12.164.77.183 | - | High
206 | 12.164.77.184 | - | High
207 | 12.164.77.185 | - | High
208 | 12.164.77.187 | - | High
209 | 12.164.77.189 | - | High
210 | 12.164.77.191 | - | High
211 | 12.164.77.193 | - | High
212 | 12.164.77.194 | - | High
213 | 12.164.77.197 | - | High
214 | 12.164.77.198 | - | High
215 | 12.164.77.214 | - | High
216 | 12.164.77.215 | - | High
217 | 12.164.77.217 | - | High
218 | 12.164.77.218 | - | High
219 | 12.164.77.219 | - | High
220 | 12.164.77.224 | - | High
221 | 12.164.77.225 | - | High
222 | 12.164.77.229 | - | High
223 | 12.164.77.237 | - | High
224 | 12.164.77.239 | - | High
225 | 12.164.77.243 | - | High
226 | 12.164.77.244 | - | High
227 | 12.164.77.245 | - | High
228 | 12.164.77.247 | - | High
229 | 12.164.77.248 | - | High
230 | 12.164.77.251 | - | High
231 | 12.164.77.254 | - | High
232 | 12.213.129.134 | - | High
233 | 12.217.141.134 | - | High
234 | 12.219.1.184 | - | High
235 | 12.219.244.212 | - | High
236 | 12.221.44.99 | - | High
237 | 12.221.193.243 | - | High
238 | 12.224.118.253 | - | High
239 | 12.225.225.222 | - | High
240 | 12.228.98.152 | - | High
241 | 12.229.146.148 | - | High
242 | 12.231.17.12 | - | High
243 | 12.231.38.81 | - | High
244 | 12.231.52.129 | - | High
245 | 12.232.24.18 | - | High
246 | 12.234.116.178 | - | High
247 | 12.234.221.161 | - | High
248 | 12.236.11.245 | - | High
249 | 12.238.85.82 | - | High
250 | 12.238.96.59 | - | High
251 | 12.238.141.134 | - | High
252 | 12.239.46.249 | - | High
253 | 12.239.75.65 | - | High
254 | 12.239.85.213 | - | High
255 | 12.242.154.169 | - | High
256 | 12.243.182.219 | - | High
257 | 12.245.94.26 | - | High
258 | 12.246.5.52 | - | High
259 | 12.246.138.149 | - | High
260 | 12.246.173.194 | - | High
261 | 12.246.192.185 | - | High
262 | 12.246.252.231 | - | High
263 | 12.247.39.145 | - | High
264 | 12.247.152.91 | - | High
265 | 12.248.143.97 | - | High
266 | 12.251.87.37 | - | High
267 | 12.252.68.65 | - | High
268 | 12.252.178.136 | - | High
269 | 12.253.46.153 | - | High
270 | 12.253.74.34 | - | High
271 | 12.254.45.133 | - | High
272 | 24.25.234.147 | - | High
273 | 24.26.69.47 | - | High
274 | 24.28.245.229 | cpe-024-028-245-229.triad.res.rr.com | High
275 | 24.29.82.155 | cpe-24-29-82-155.nycap.res.rr.com | High
276 | 24.41.27.57 | h57.27.41.24.static.ip.windstream.net | High
277 | 24.42.18.57 | - | High
278 | 24.42.195.236 | - | High
279 | 24.43.27.22 | rrcs-24-43-27-22.west.biz.rr.com | High
280 | 24.43.137.78 | rrcs-24-43-137-78.west.biz.rr.com | High
281 | 24.43.147.33 | rrcs-24-43-147-33.west.biz.rr.com | High
282 | 24.48.85.177 | modemcable177.85-48-24.mc.videotron.ca | High
283 | 24.49.45.158 | dyn-24-49-45-158.myactv.net | High
284 | 24.51.69.74 | - | High
285 | 24.51.227.19 | d24-51-227-19.static-datacom.cgocable.net | High
286 | 24.52.225.197 | 24-52-225-197.cable.teksavvy.com | High
287 | 24.53.72.244 | - | High
288 | 24.53.216.236 | 24.53.216.236.user.e-catv.ne.jp | High
289 | 24.54.189.83 | h24-54-189-83.hbbsnm.dedicated.static.tds.net | High
290 | 24.55.195.15 | d24-55-195-15.home4.cgocable.net | High
291 | 24.61.219.159 | - | High
292 | 24.62.33.18 | c-24-62-33-18.hsd1.ma.comcast.net | High
293 | 24.62.33.173 | c-24-62-33-173.hsd1.ma.comcast.net | High
294 | 24.62.41.115 | c-24-62-41-115.hsd1.ma.comcast.net | High
295 | 24.62.43.57 | c-24-62-43-57.hsd1.ma.comcast.net | High
296 | 24.65.66.165 | S0106105611bdfe79.ed.shawcable.net | High
297 | 24.66.116.249 | S01069050ca2eb553.cg.shawcable.net | High
298 | 24.66.224.236 | - | High
299 | 24.67.71.179 | - | High
300 | 24.67.168.214 | S01061056119cab7a.wk.shawcable.net | High
301 | 24.71.67.179 | - | High
302 | 24.71.115.43 | S0106001b115d1ee4.ok.shawcable.net | High
303 | 24.72.6.197 | static24-72-6-197.r.rev.accesscomm.ca | High
304 | 24.72.8.95 | static24-72-8-95.hu.rev.accesscomm.ca | High
305 | 24.73.131.9 | rrcs-24-73-131-9.se.biz.rr.com | High
306 | 24.73.138.191 | rrcs-24-73-138-191.se.biz.rr.com | High
307 | 24.73.193.38 | rrcs-24-73-193-38.se.biz.rr.com | High
308 | 24.76.13.214 | - | High
309 | 24.76.88.254 | S0106f81d0f5a82f3.wp.shawcable.net | High
310 | 24.78.8.254 | S0106e4bffa332591.wp.shawcable.net | High
311 | 24.78.12.253 | S0106ac202e2835a3.wp.shawcable.net | High
312 | 24.78.12.254 | S0106bcd16568600f.wp.shawcable.net | High
313 | 24.78.94.127 | S0106bc9b680c0cdf.tb.shawcable.net | High
314 | 24.82.196.186 | - | High
315 | 24.84.116.149 | S010600fc8dad4403.vc.shawcable.net | High
316 | 24.86.199.2 | - | High
317 | 24.87.173.222 | - | High
318 | 24.88.32.52 | 24-88-32-52.res.spectrum.com | High
319 | 24.88.84.79 | cpe-24-88-84-79.sc.res.rr.com | High
320 | 24.91.61.15 | - | High
321 | 24.91.83.15 | c-24-91-83-15.hsd1.ma.comcast.net | High
322 | 24.93.29.251 | cpe-24-93-29-251.rochester.res.rr.com | High
323 | 24.93.161.84 | cpe-24-93-161-84.neo.res.rr.com | High
324 | 24.93.215.163 | cpe-24-93-215-163.neo.res.rr.com | High
325 | 24.93.234.67 | cpe-24-93-234-67.neo.res.rr.com | High
326 | 24.93.242.168 | cpe-24-93-242-168.neo.res.rr.com | High
327 | 24.94.5.241 | cpe-24-94-5-241.san.res.rr.com | High
328 | 24.94.6.77 | cpe-24-94-6-77.san.res.rr.com | High
329 | 24.94.147.214 | 072-094-147-214.biz.spectrum.com | High
330 | 24.94.188.18 | cpe-24-94-188-18.kc.res.rr.com | High
331 | 24.95.178.19 | cpe-24-95-178-19.natcky.res.rr.com | High
332 | 24.95.186.211 | cpe-24-95-186-211.natcky.res.rr.com | High
333 | 24.95.245.131 | TAMQFLPM2CW.chtrse.com | High
334 | 24.95.252.144 | - | High
335 | 24.96.19.8 | static-24-96-19-8.knology.net | High
336 | 24.96.23.36 | static-24-96-23-36.knology.net | High
337 | 24.97.19.28 | rrcs-24-97-19-28.nys.biz.rr.com | High
338 | 24.97.22.2 | mail.vmjrcompanies.com | High
339 | 24.97.31.94 | rrcs-24-97-31-94.nys.biz.rr.com | High
340 | 24.97.65.186 | mail.corninghospital.org | High
341 | 24.97.82.82 | rrcs-24-97-82-82.nys.biz.rr.com | High
342 | 24.97.82.149 | rrcs-24-97-82-149.nys.biz.rr.com | High
343 | 24.97.99.98 | www.dragon-benware.com | High
344 | 24.98.145.87 | c-24-98-145-87.hsd1.ga.comcast.net | High
345 | 24.112.57.22 | host-24-112-57-22.vyvebroadband.net | High
346 | 24.114.5.213 | - | High
347 | 24.116.183.248 | 24-116-183-248.cpe.sparklight.net | High
348 | 24.116.227.221 | 24-116-227-221.cpe.sparklight.net | High
349 | 24.116.253.171 | 24-116-253-171.cpe.sparklight.net | High
350 | 24.118.164.79 | c-24-118-164-79.hsd1.mn.comcast.net | High
351 | 24.122.8.181 | 24-122-8-181.resi.cgocable.ca | High
352 | 24.123.1.214 | rrcs-24-123-1-214.central.biz.rr.com | High
353 | 24.123.12.42 | rrcs-24-123-12-42.central.biz.rr.com | High
354 | 24.123.37.13 | rrcs-24-123-37-13.central.biz.rr.com | High
355 | 24.123.54.58 | rrcs-24-123-54-58.central.biz.rr.com | High
356 | 24.123.66.131 | rrcs-24-123-66-131.central.biz.rr.com | High
357 | 24.123.66.132 | rrcs-24-123-66-132.central.biz.rr.com | High
358 | 24.123.71.146 | rrcs-24-123-71-146.central.biz.rr.com | High
359 | 24.123.91.18 | rrcs-24-123-91-18.central.biz.rr.com | High
360 | 24.123.91.194 | remote.fvuuf.org | High
361 | 24.123.112.158 | mail.foreman-cpa.com | High
362 | 24.123.241.58 | rrcs-24-123-241-58.central.biz.rr.com | High
363 | 24.126.236.79 | c-24-126-236-79.hsd1.ga.comcast.net | High
364 | 24.127.8.212 | c-24-127-8-212.hsd1.mi.comcast.net | High
365 | 24.128.66.233 | c-24-128-66-233.hsd1.co.comcast.net | High
366 | 24.132.13.59 | j13059.upc-j.chello.nl | High
367 | 24.132.16.186 | j16186.upc-j.chello.nl | High
368 | 24.132.34.247 | j34247.upc-j.chello.nl | High
369 | 24.132.88.34 | j88034.upc-j.chello.nl | High
370 | 24.132.91.34 | j91034.upc-j.chello.nl | High
371 | 24.132.184.74 | j184074.upc-j.chello.nl | High
372 | 24.132.197.199 | j197199.upc-j.chello.nl | High
373 | 24.132.217.59 | j217059.upc-j.chello.nl | High
374 | 24.132.241.111 | j241111.upc-j.chello.nl | High
375 | 24.136.167.182 | h182.167.136.24.static.ip.windstream.net | High
376 | 24.138.36.185 | host-24-138-36-185.public.eastlink.ca | High
377 | 24.138.41.236 | host-24-138-41-236.public.eastlink.ca | High
378 | 24.141.13.213 | d24-141-13-213.home.cgocable.net | High
379 | 24.141.132.195 | d24-141-132-195.home.cgocable.net | High
380 | 24.141.152.24 | d24-141-152-24.home.cgocable.net | High
381 | 24.147.4.182 | c-24-147-4-182.hsd1.nh.comcast.net | High
382 | 24.147.178.252 | c-24-147-178-252.hsd1.vt.comcast.net | High
383 | 24.147.222.25 | c-24-147-222-25.hsd1.ct.comcast.net | High
384 | 24.148.64.19 | 24-148-64-19.s6673.c3-0.mct-cbr1.chi-mct.il.cable.rcncustomer.com | High
385 | 24.151.4.172 | 024-151-004-172.res.spectrum.com | High
386 | 24.153.54.7 | d-24-153-54-7.md.cpe.atlanticbb.net | High
387 | 24.153.142.2 | rrcs-24-153-142-2.sw.biz.rr.com | High
388 | 24.153.149.2 | rrcs-24-153-149-2.sw.biz.rr.com | High
389 | 24.154.25.44 | static-acs-24-154-25-44.zoominternet.net | High
390 | 24.154.85.19 | dynamic-acs-24-154-85-19.zoominternet.net | High
391 | 24.154.94.64 | static-acs-24-154-94-64.zoominternet.net | High
392 | 24.154.132.157 | static-acs-24-154-132-157.zoominternet.net | High
393 | 24.154.133.55 | dynamic-acs-24-154-133-55.zoominternet.net | High
394 | 24.158.19.6 | mail.nahc-nstar.com | High
395 | 24.158.87.25 | 024-158-087-025.res.spectrum.com | High
396 | 24.158.148.88 | 024-158-148-088.res.spectrum.com | High
397 | 24.158.162.16 | 024-158-162-016.res.spectrum.com | High
398 | 24.158.222.195 | 024-158-222-195.res.spectrum.com | High
399 | 24.159.55.245 | 024-159-055-245.res.spectrum.com | High
400 | 24.159.154.26 | 024-159-154-026.res.spectrum.com | High
401 | 24.159.241.216 | 024-159-241-216.res.spectrum.com | High
402 | 24.161.169.36 | mta-24-161-169-36.insight.rr.com | High
403 | 24.161.233.6 | - | High
404 | 24.161.242.195 | - | High
405 | 24.162.58.18 | mta-24-162-58-18.stx.rr.com | High
406 | 24.162.226.249 | cpe-24-162-226-249.nc.res.rr.com | High
407 | 24.163.31.86 | cpe-24-163-31-86.triad.res.rr.com | High
408 | 24.163.59.45 | cpe-24-163-59-45.nc.res.rr.com | High
409 | 24.164.82.47 | cpe-24-164-82-47.cinci.res.rr.com | High
410 | 24.164.86.227 | cpe-24-164-86-227.cinci.res.rr.com | High
411 | 24.165.99.137 | cpe-24-165-99-137.cinci.res.rr.com | High
412 | 24.165.158.175 | cpe-24-165-158-175.neo.res.rr.com | High
413 | 24.166.33.93 | cpe-24-166-33-93.neo.res.rr.com | High
414 | 24.166.49.249 | cpe-24-166-49-249.neo.res.rr.com | High
415 | 24.166.124.253 | cpe-24-166-124-253.neo.res.rr.com | High
416 | 24.166.197.147 | - | High
417 | 24.169.96.246 | 024-169-096-246.biz.spectrum.com | High
418 | 24.169.168.122 | - | High
419 | 24.174.94.234 | - | High
420 | 24.188.211.217 | ool-18bcd3d9.dyn.optonline.net | High
421 | 24.189.162.17 | ool-18bda211.dyn.optonline.net | High
422 | 24.194.61.21 | - | High
423 | 24.194.182.22 | cpe-24-194-182-22.nycap.res.rr.com | High
424 | 24.195.178.83 | - | High
425 | 24.196.63.132 | 024-196-063-132.biz.spectrum.com | High
426 | 24.196.72.68 | 024-196-072-068.biz.spectrum.com | High
427 | 24.196.179.61 | 024-196-179-061.res.spectrum.com | High
428 | 24.196.232.162 | 024-196-232-162.res.spectrum.com | High
429 | 24.196.233.18 | 024-196-233-018.res.spectrum.com | High
430 | 24.197.36.74 | 024-197-036-074.biz.spectrum.com | High
431 | 24.197.38.129 | 024-197-038-129.biz.spectrum.com | High
432 | 24.197.83.32 | 024-197-083-032.biz.spectrum.com | High
433 | 24.199.2.82 | heathergabriel.com | High
434 | 24.199.129.78 | rrcs-24-199-129-78.midsouth.biz.rr.com | High
435 | 24.199.132.178 | rrcs-24-199-132-178.midsouth.biz.rr.com | High
436 | 24.199.174.172 | national-wholesale.com | High
437 | 24.199.186.194 | rrcs-24-199-186-194.midsouth.biz.rr.com | High
438 | 24.199.187.158 | rrcs-24-199-187-158.midsouth.biz.rr.com | High
439 | 24.211.26.169 | cpe-24-211-26-169.wi.res.rr.com | High
440 | 24.213.59.178 | bmgr.mqtcty.org | High
441 | 24.213.61.2 | 024-213-061-002.biz.spectrum.com | High
442 | 24.214.16.225 | user-24-214-16-225.knology.net | High
443 | 24.214.65.85 | user-24-214-65-85.knology.net | High
444 | 24.214.81.112 | user-24-214-81-112.knology.net | High
445 | 24.214.126.252 | user-24-214-126-252.knology.net | High
446 | 24.214.139.237 | static-24-214-139-237.knology.net | High
447 | 24.216.128.154 | 024-216-128-154.biz.spectrum.com | High
448 | 24.218.154.144 | c-24-218-154-144.hsd1.ma.comcast.net | High
449 | 24.219.163.133 | - | High
450 | 24.221.11.138 | ip-24-221-11-138.atlnga.spcsdns.net | High
451 | 24.221.42.81 | ip-24-221-42-81.brbnca.spcsdns.net | High
452 | 24.221.85.7 | ip-24-221-85-7.chcgil.spcsdns.net | High
453 | 24.221.85.15 | ip-24-221-85-15.chcgil.spcsdns.net | High
454 | 24.221.127.64 | ip-24-221-127-64.chcgil.spcsdns.net | High
455 | 24.221.179.96 | ip-24-221-179-96.atlnga.spcsdns.net | High
456 | 24.221.212.136 | ip-24-221-212-136.brbnca.spcsdns.net | High
457 | 24.222.142.79 | host-24-222-142-79.public.eastlink.ca | High
458 | 24.222.162.119 | host-24-222-162-119.public.eastlink.ca | High
459 | 24.223.1.146 | 24-223-1-146.intertech.net | High
460 | 24.223.7.65 | 24-223-7-65.intertech.net | High
461 | 24.223.12.129 | 24-223-12-129.intertech.net | High
462 | 24.223.14.1 | 24-223-14-1.intertech.net | High
463 | 24.223.14.129 | 24-223-14-129.intertech.net | High
464 | 24.225.3.61 | p61n3.ruraltel.net | High
465 | 24.226.63.54 | d226-63-54.home.cgocable.net | High
466 | 24.226.89.211 | - | High
467 | 24.226.132.3 | 24-226-132-3.static.cgocable.ca | High
468 | 24.226.188.182 | 24-226-188-182.resi.cgocable.ca | High
469 | 24.228.56.51 | ool-18e43833.dyn.optonline.net | High
470 | 24.229.26.84 | 24.229.26.84.res-cmts.sm.ptd.net | High
471 | 24.229.89.3 | www.jblong.com | High
472 | 24.229.89.5 | www.fleetwoodpa.org | High
473 | 24.232.65.73 | OL73-65.fibertel.com.ar | High
474 | 24.232.72.41 | mail.estudiocomunicacion.com.ar | High
475 | 24.232.76.9 | mail.cosud.com.ar | High
476 | 24.232.76.24 | OL24-76.fibertel.com.ar | High
477 | 24.232.85.13 | OL13-85.fibertel.com.ar | High
478 | 24.232.87.29 | OL29-87.fibertel.com.ar | High
479 | 24.232.134.21 | OL21-134.fibertel.com.ar | High
480 | 24.232.142.23 | OL23-142.fibertel.com.ar | High
481 | 24.232.147.47 | mail.silicon.com.ar | High
482 | 24.232.148.17 | OL17-148.fibertel.com.ar | High
483 | 24.232.159.74 | OL74-159.fibertel.com.ar | High
484 | 24.232.174.18 | OL18-174.fibertel.com.ar | High
485 | 24.232.226.3 | OL3-226.fibertel.com.ar | High
486 | 24.232.231.26 | OL26-231.fibertel.com.ar | High
487 | 24.234.33.122 | wsip-24-234-33-122.lv.lv.cox.net | High
488 | 24.234.57.6 | backup.vegasnetworks.com | High
489 | 24.234.94.9 | wsip-24-234-94-9.lv.lv.cox.net | High
490 | 24.235.18.178 | - | High
491 | 24.237.3.48 | 48-3-237-24.gci.net | High
492 | 24.237.4.48 | 48-4-237-24.gci.net | High
493 | 24.237.6.195 | 195-6-237-24.gci.net | High
494 | 24.237.239.3 | 3-239-237-24.gci.net | High
495 | 24.242.153.18 | cpe-24-242-153-18.hot.res.rr.com | High
496 | 24.242.154.98 | cpe-24-242-154-98.hot.res.rr.com | High
497 | 24.242.176.154 | mail.baemmons.com | High
498 | 24.243.74.242 | mta-24-243-74-242.stx.rr.com | High
499 | 24.244.4.167 | - | High
500 | 24.247.22.14 | 024-247-022-014.biz.spectrum.com | High
501 | 24.247.22.234 | mail.ascomnorth.com | High
502 | 24.247.135.42 | 024-247-135-042.biz.spectrum.com | High
503 | 24.247.135.43 | 024-247-135-043.biz.spectrum.com | High
504 | 32.44.6.18 | mail.naroy.kommune.no | High
505 | 32.44.6.19 | - | High
506 | 38.161.171.4 | - | High
507 | 38.161.171.5 | - | High
508 | 38.161.171.6 | - | High
509 | 38.161.171.7 | - | High
510 | 38.161.171.9 | - | High
511 | 38.161.171.11 | - | High
512 | 38.161.171.15 | - | High
513 | 38.161.171.25 | - | High
514 | 38.161.171.39 | - | High
515 | 53.73.193.192 | - | High
516 | 61.8.7.41 | - | High
517 | 61.8.23.19 | - | High
518 | 61.8.24.137 | - | High
519 | 61.8.238.252 | 61.8.238-252.unknown.starhub.net.sg | High
520 | 61.8.251.92 | 61.8.251-92.unknown.starhub.net.sg | High
521 | 61.9.8.225 | - | High
522 | 61.9.26.2 | - | High
523 | 61.9.121.251 | - | High
524 | 61.9.121.253 | - | High
525 | 61.11.6.129 | 61.11.6.129.static.vsnl.net.in | High
526 | 61.11.11.137 | 61.11.11.137.static.vsnl.net.in | High
527 | 61.11.12.69 | 61.11.12.69.static.vsnl.net.in | High
528 | 61.11.15.1 | 61.11.15.1.static.vsnl.net.in | High
529 | 61.11.15.251 | 61.11.15.251.static.vsnl.net.in | High
530 | 61.11.16.24 | 61.11.16.24.bb-static.vsnl.net.in | High
531 | 61.11.18.178 | 61.11.18.178.bb-static.vsnl.net.in | High
532 | 61.11.21.27 | 61.11.21.27.static.vsnl.net.in | High
533 | 61.11.23.1 | 61.11.23.1.static.vsnl.net.in | High
534 | 61.11.23.65 | 61.11.23.65.static.vsnl.net.in | High
535 | 61.11.26.142 | 61.11.26.142.static.vsnl.net.in | High
536 | 61.11.32.53 | 61.11.32.53.static.vsnl.net.in | High
537 | 61.11.33.35 | 61.11.33.35-bb.static.vsnl.net.in | High
538 | 61.11.33.56 | 61.11.33.56-bb.static.vsnl.net.in | High
539 | 61.11.33.87 | 61.11.33.87-bb.static.vsnl.net.in | High
540 | 61.11.46.14 | 61.11.46.14.static.vsnl.net.in | High
541 | 61.11.48.65 | 61.11.48.65.static.vsnl.net.in | High
542 | 61.11.48.89 | 61.11.48.89.static.vsnl.net.in | High
543 | 61.11.48.143 | 61.11.48.143.static.vsnl.net.in | High
544 | 61.11.48.152 | 61.11.48.152.static.vsnl.net.in | High
545 | 61.11.52.82 | 61.11.52.82.static.vsnl.net.in | High
546 | 61.11.57.181 | 61.11.57.181.static.vsnl.net.in | High
547 | 61.11.73.128 | 61.11.73.128.static.vsnl.net.in | High
548 | 61.11.74.25 | 61.11.74.25.static.vsnl.net.in | High
549 | 61.11.74.31 | 61.11.74.31.static.vsnl.net.in | High
550 | 61.11.75.2 | 61.11.75.2.static.vsnl.net.in | High
551 | 61.11.75.128 | 61.11.75.128.static.vsnl.net.in | High
552 | 61.11.75.131 | 61.11.75.131.static.vsnl.net.in | High
553 | 61.11.75.176 | 61.11.75.176.static.vsnl.net.in | High
554 | 61.11.77.172 | 61.11.77.172.static.vsnl.net.in | High
555 | 61.11.78.188 | 61.11.78.188.static.vsnl.net.in | High
556 | 61.11.81.216 | 61.11.81.216.static.vsnl.net.in | High
557 | 61.11.82.97 | 61.11.82.97.static.vsnl.net.in | High
558 | 61.11.231.9 | - | High
559 | 61.11.244.26 | - | High
560 | 61.13.35.196 | - | High
561 | 61.13.68.152 | - | High
562 | 61.13.136.34 | - | High
563 | 61.13.136.75 | - | High
564 | 61.13.161.25 | - | High
565 | 61.13.161.252 | - | High
566 | 61.14.66.66 | - | High
567 | 61.15.14.187 | cm61-15-14-187.hkcable.com.hk | High
568 | 61.15.42.149 | cm61-15-42-149.hkcable.com.hk | High
569 | 61.15.45.46 | cm61-15-45-46.hkcable.com.hk | High
570 | 61.15.49.243 | cm61-15-49-243.hkcable.com.hk | High
571 | 61.15.135.85 | cm61-15-135-85.hkcable.com.hk | High
572 | 61.16.7.133 | - | High
573 | 61.16.14.4 | - | High
574 | 61.16.36.162 | - | High
575 | 61.16.51.219 | - | High
576 | 61.18.129.244 | cm61-18-129-244.hkcable.com.hk | High
577 | 61.22.86.173 | 61-22-86-173.rev.home.ne.jp | High
578 | 61.24.242.19 | 61-24-242-19.rev.home.ne.jp | High
579 | 61.24.251.12 | 61-24-251-12.rev.home.ne.jp | High
580 | 61.25.118.148 | 61-25-118-148.rev.home.ne.jp | High
581 | 61.26.211.212 | 61-26-211-212.rev.home.ne.jp | High
582 | 61.36.219.141 | mail.bujeon.com | High
583 | 61.36.219.143 | smf.bujeon.com | High
584 | 61.39.251.227 | - | High
585 | 61.56.136.14 | 61-56-136-14.static.so-net.net.tw | High
586 | 61.59.34.1 | h1-61-59-34.aceway.com.tw | High
587 | 61.59.45.159 | h159-61-59-45.seed.net.tw | High
588 | 61.74.49.3 | - | High
589 | 61.74.49.4 | - | High
590 | 61.74.65.97 | - | High
591 | 61.74.65.98 | - | High
592 | 61.74.67.133 | - | High
593 | 61.74.69.28 | - | High
594 | 61.74.69.32 | - | High
595 | 61.75.194.1 | - | High
596 | 61.84.224.251 | - | High
597 | 61.88.8.11 | mail.mbav.com.au | High
598 | 61.95.33.6 | bris1.wafreight.com.au | High
599 | 61.96.55.2 | - | High
600 | 61.113.15.131 | - | High
601 | 61.113.176.225 | proxy1.drugeleven.com | High
602 | 61.115.88.243 | g243.61-115-88.ppp.wakwak.ne.jp | High
603 | 61.115.89.124 | g124.61-115-89.ppp.wakwak.ne.jp | High
604 | 61.115.89.254 | g254.61-115-89.ppp.wakwak.ne.jp | High
605 | 61.117.45.51 | M045051.ppp.dion.ne.jp | High
606 | 61.117.134.34 | - | High
607 | 61.119.44.98 | - | High
608 | 61.122.176.132 | - | High
609 | 61.125.112.119 | zaq3d7d7077.rev.zaq.ne.jp | High
610 | 61.127.239.244 | - | High
611 | 61.129.72.219 | - | High
612 | 61.129.121.25 | - | High
613 | 61.129.121.27 | - | High
614 | 61.131.47.2 | - | High
615 | 61.131.48.219 | - | High
616 | 61.132.4.116 | - | High
617 | 61.132.12.51 | - | High
618 | 61.132.52.19 | - | High
619 | 61.133.63.129 | - | High
620 | 61.133.87.19 | - | High
621 | 61.133.117.68 | - | High
622 | 61.133.229.162 | - | High
623 | 61.135.131.4 | - | High
624 | 61.135.131.5 | - | High
625 | 61.135.134.4 | - | High
626 | 61.136.16.228 | - | High
627 | 61.136.152.56 | - | High
628 | 61.136.226.78 | - | High
629 | 61.137.78.147 | - | High
630 | 61.137.91.59 | - | High
631 | 61.142.15.15 | - | High
632 | 61.142.15.163 | - | High
633 | 61.142.169.98 | - | High
634 | 61.142.242.52 | - | High
635 | 61.143.54.4 | - | High
636 | 61.143.54.123 | - | High
637 | 61.144.61.18 | - | High
638 | 61.145.75.178 | - | High
639 | 61.145.223.226 | - | High
640 | 61.146.34.138 | - | High
641 | 61.151.251.199 | - | High
642 | 61.153.117.243 | - | High
643 | 61.153.192.242 | - | High
644 | 61.153.197.78 | - | High
645 | 61.153.225.66 | - | High
646 | 61.153.225.253 | - | High
647 | 61.153.228.154 | - | High
648 | 61.156.17.164 | - | High
649 | 61.156.24.137 | - | High
650 | 61.156.35.53 | - | High
651 | 61.157.184.28 | 28.184.157.61.dial.dy.sc.dynamic.163data.com.cn | High
652 | 61.158.185.39 | 39.185.158.61.ha.cnc | High
653 | 61.159.174.31 | - | High
654 | 61.159.174.82 | - | High
655 | 61.159.224.3 | - | High
656 | 61.159.224.11 | - | High
657 | 61.159.235.36 | - | High
658 | 61.163.229.38 | hn.ly.kd.adsl | High
659 | 61.166.55.178 | - | High
660 | 61.167.93.232 | - | High
661 | 61.167.241.54 | - | High
662 | 61.172.195.167 | - | High
663 | 61.172.247.85 | - | High
664 | 61.175.132.115 | - | High
665 | 61.175.152.37 | - | High
666 | 61.175.211.198 | - | High
667 | 61.175.235.112 | - | High
668 | 61.175.243.61 | - | High
669 | 61.177.116.175 | - | High
670 | 61.177.173.8 | - | High
671 | 61.178.31.2 | - | High
672 | 61.178.31.14 | - | High
673 | 61.179.117.184 | - | High
674 | 61.179.124.116 | - | High
675 | 61.182.238.7 | hebei.182.61.in-addr.arpa | High
676 | 61.182.248.38 | hebei.182.61.in-addr.arpa | High
677 | 61.184.246.153 | - | High
678 | 61.185.92.125 | - | High
679 | 61.185.212.54 | - | High
680 | 61.185.255.4 | - | High
681 | 61.187.55.67 | - | High
682 | 61.188.177.11 | 11.177.188.61.broad.nj.sc.dynamic.163data.com.cn | High
683 | 61.188.216.53 | 53.216.188.61.broad.nj.sc.dynamic.163data.com.cn | High
684 | 61.191.74.149 | - | High
685 | 61.193.113.37 | FL1-61-193-113-37.okn.mesh.ad.jp | High
686 | 61.214.231.227 | p1003-ipadfx01kamokounan.kagoshima.ocn.ne.jp | High
687 | 61.218.227.34 | 61-218-227-34.hinet-ip.hinet.net | High
688 | 61.221.55.129 | 61-221-55-129.hinet-ip.hinet.net | High
689 | 61.242.153.194 | - | High
690 | 62.1.92.29 | 62.1.92.29.dsl.dyn.forthnet.gr | High
691 | 62.2.157.242 | 62-2-157-242.static.cablecom.ch | High
692 | 62.2.186.238 | 62-2-186-238.static.cablecom.ch | High
693 | 62.3.6.18 | - | High
694 | 62.3.7.2 | - | High
695 | 62.3.34.227 | - | High
696 | 62.3.38.34 | host-62-3-38-34.mik24.pl | High
697 | 62.3.44.179 | - | High
698 | 62.3.45.196 | - | High
699 | 62.4.7.172 | - | High
700 | 62.4.22.39 | ns1.cordoweb.net | High
701 | 62.5.151.18 | - | High
702 | 62.5.154.194 | 62.5.154.194.in-addr.mtu.ru | High
703 | 62.5.157.66 | - | High
704 | 62.5.178.194 | - | High
705 | 62.5.254.66 | - | High
706 | 62.6.148.234 | gateway.constantiapack.co.uk | High
707 | 62.6.251.122 | - | High
708 | 62.7.227.98 | mail.louvolite.com | High
709 | 62.8.198.34 | ft1200.symposion.de | High
710 | 62.8.239.178 | mail.lisardo.de | High
711 | 62.12.32.74 | - | High
712 | 62.13.18.68 | - | High
713 | 62.13.193.16 | web01.comcenter.at | High
714 | 62.17.129.196 | mail.italliancegroup.com | High
715 | 62.22.144.169 | mail.mmedios.com | High
716 | 62.23.49.17 | host.17.49.23.62.rev.coltfrance.com | High
717 | 62.23.87.51 | host.51.87.23.62.rev.coltfrance.com | High
718 | 62.24.87.84 | ip-62-24-87-84.net.upcbroadband.cz | High
719 | 62.24.87.138 | ip-62-24-87-138.net.upcbroadband.cz | High
720 | ... | ... | ...
There are 2877 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Shadowcrew. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1068 | Execution with Unnecessary Privileges | High
2 | T1222 | Permission Issues | High
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Shadowcrew. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/cgi-bin/kerbynet` | High
2 | File | `data/gbconfiguration.dat` | High
3 | Library | `slogin_lib.inc.php` | High
4 | ... | ... | ...
There are 2 more IOA items available. Please use our online service to access the data.
## References
The following list contains external sources which discuss the actor and the associated activities:
* https://ddanchev.blogspot.com/2022/01/exposing-portfolio-of-shadow-crew.html
## Literature
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

16
SideCopy/README.md
View File

@ -24,11 +24,9 @@ ID | IP address | Hostname | Confidence
1 | 109.236.85.152 | customer.worldstream.nl | High
2 | 144.91.65.100 | vmi652772.contaboserver.net | High
3 | 144.91.91.236 | vmi512038.contaboserver.net | High
4 | 144.126.141.41 | vmi627176.contaboserver.net | High
5 | 149.248.52.61 | 149.248.52.61.vultr.com | Medium
6 | ... | ... | ...
4 | ... | ... | ...
There are 9 more IOC items available. Please use our online service to access the data.
There are 11 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -55,13 +53,9 @@ ID | Type | Indicator | Confidence
4 | File | `books.php` | Medium
5 | File | `data/gbconfiguration.dat` | High
6 | File | `exit.php` | Medium
7 | File | `filter.php` | Medium
8 | File | `goto.php` | Medium
9 | File | `guestbook.cgi` | High
10 | File | `inc/config.php` | High
11 | ... | ... | ...
7 | ... | ... | ...
There are 39 more IOA items available. Please use our online service to access the data.
There are 43 more IOA items available. Please use our online service to access the data.
## References
@ -79,4 +73,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

55
SilverFish/README.md
View File

@ -1,6 +1,6 @@
# SilverFish - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [SilverFish](https://vuldb.com/?actor.silverfish). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [SilverFish](https://vuldb.com/?actor.silverfish). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.silverfish](https://vuldb.com/?actor.silverfish)
@ -36,15 +36,9 @@ ID | IP address | Hostname | Confidence
7 | 79.110.52.139 | - | High
8 | 79.110.52.140 | - | High
9 | 81.4.122.101 | comet.v1sor.com | High
10 | 84.38.183.45 | spb-1.podivilov.ru | High
11 | 91.219.239.43 | no-hostname.serverastra.com | High
12 | 91.219.239.54 | no-hostname.serverastra.com | High
13 | 104.128.228.76 | - | High
14 | 130.0.232.194 | - | High
15 | 130.0.233.91 | - | High
16 | ... | ... | ...
10 | ... | ... | ...
There are 29 more IOC items available. Please use our online service to access the data.
There are 35 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -55,10 +49,9 @@ ID | Technique | Description | Confidence
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | T1211 | 7PK Security Features | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 6 more TTP items available. Please use our online service to access the data.
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -76,9 +69,39 @@ ID | Type | Indicator | Confidence
8 | File | `/error` | Low
9 | File | `/etc/config/rpcd` | High
10 | File | `/frontend/x3/cpanelpro/filelist-thumbs.html` | High
11 | ... | ... | ...
11 | File | `/goform/saveParentControlInfo` | High
12 | File | `/htdocs/admin/dict.php?id=3` | High
13 | File | `/includes/rrdtool.inc.php` | High
14 | File | `/index.php/weblinks-categories` | High
15 | File | `/module/module_frame/index.php` | High
16 | File | `/nidp/app/login` | High
17 | File | `/proc` | Low
18 | File | `/redpass.cgi` | Medium
19 | File | `/rom-0` | Low
20 | File | `/sbin/conf.d/SuSEconfig.javarunt` | High
21 | File | `/setSystemAdmin` | High
22 | File | `/sgms/mainPage` | High
23 | File | `/tmp` | Low
24 | File | `/uncpath/` | Medium
25 | File | `/user-utils/users/md5.json` | High
26 | File | `/usr/lib/utmp_update` | High
27 | File | `/usr/local/psa/admin/sbin/wrapper` | High
28 | File | `/wp-admin` | Medium
29 | File | `1.9.5\controllers\member\ContentController.php` | High
30 | File | `2020\Messages\SDNotify.exe` | High
31 | File | `admin/admin_disallow.php` | High
32 | File | `admin/Login.php` | High
33 | File | `admin/plugin-index.php` | High
34 | File | `administration` | High
35 | File | `administrative` | High
36 | File | `Alias.asmx` | Medium
37 | File | `android/webkit/SearchBoxImpl.java` | High
38 | File | `aolfix.exe` | Medium
39 | File | `AudioService.java` | High
40 | File | `awhost32.exe` | Medium
41 | ... | ... | ...
There are 381 more IOA items available. Please use our online service to access the data.
There are 356 more IOA items available. Please use our online service to access the data.
## References
@ -91,9 +114,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

20
Snatch/README.md
View File

@ -1,6 +1,6 @@
# Snatch - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Snatch](https://vuldb.com/?actor.snatch). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Snatch](https://vuldb.com/?actor.snatch). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.snatch](https://vuldb.com/?actor.snatch)
@ -9,8 +9,8 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Snatch:
* US
* BE
* RU
* BE
* ...
There are 4 more country items available. Please use our online service to access the data.
@ -23,7 +23,7 @@ ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 37.59.146.180 | ip180.ip-37-59-146.eu | High
2 | 45.147.228.91 | - | High
3 | 67.211.209.151 | vps457349.trouble-free.net | High
3 | 67.211.209.151 | vps2367725.trouble-free.net | High
4 | ... | ... | ...
There are 5 more IOC items available. Please use our online service to access the data.
@ -48,15 +48,9 @@ ID | Type | Indicator | Confidence
2 | File | `/export` | Low
3 | File | `/tmp` | Low
4 | File | `backupmgt/pre_connect_check.php` | High
5 | File | `breadcrumbs_create.php` | High
6 | File | `drivers/tty/n_tty.c` | High
7 | File | `http/impl/client/HttpClientBuilder.java` | High
8 | File | `member/Orderinfo.asp` | High
9 | File | `mod_login.asp` | High
10 | File | `protocol.csp?function=set&fname=security&opt=mac_table` | High
11 | ... | ... | ...
5 | ... | ... | ...
There are 20 more IOA items available. Please use our online service to access the data.
There are 31 more IOA items available. Please use our online service to access the data.
## References
@ -68,9 +62,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

22
Sofacy/README.md
View File

@ -1,6 +1,6 @@
# Sofacy - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Sofacy](https://vuldb.com/?actor.sofacy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Sofacy](https://vuldb.com/?actor.sofacy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.sofacy](https://vuldb.com/?actor.sofacy)
@ -20,7 +20,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* AR
* ...
There are 3 more country items available. Please use our online service to access the data.
There are 4 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -31,11 +31,9 @@ ID | IP address | Hostname | Confidence
1 | 1.6.3.8 | - | High
2 | 23.0.0.185 | a23-0-0-185.deploy.static.akamaitechnologies.com | High
3 | 40.112.210.240 | - | High
4 | 86.106.131.177 | - | High
5 | 89.45.67.20 | - | High
6 | ... | ... | ...
4 | ... | ... | ...
There are 9 more IOC items available. Please use our online service to access the data.
There are 11 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -62,13 +60,9 @@ ID | Type | Indicator | Confidence
4 | File | `/uncpath/` | Medium
5 | File | `actions/doreport.php` | High
6 | File | `actions/main.php` | High
7 | File | `actions/nominatemedal.php` | High
8 | File | `agent/Core/Controller/SendRequest.cpp` | High
9 | File | `at/create_job.cgi` | High
10 | File | `base/ErrorHandler.php` | High
11 | ... | ... | ...
7 | ... | ... | ...
There are 41 more IOA items available. Please use our online service to access the data.
There are 46 more IOA items available. Please use our online service to access the data.
## References
@ -84,9 +78,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
SoreFang/README.md
View File

@ -1,6 +1,6 @@
# SoreFang - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [SoreFang](https://vuldb.com/?actor.sorefang). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [SoreFang](https://vuldb.com/?actor.sorefang). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.sorefang](https://vuldb.com/?actor.sorefang)
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

30
Spalax/README.md
View File

@ -1,6 +1,6 @@
# Spalax - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Spalax](https://vuldb.com/?actor.spalax). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Spalax](https://vuldb.com/?actor.spalax). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.spalax](https://vuldb.com/?actor.spalax)
@ -40,16 +40,9 @@ ID | IP address | Hostname | Confidence
11 | 181.52.102.87 | static-ip-cr18152010287.cable.net.co | High
12 | 181.52.103.140 | static-ip-cr181520103140.cable.net.co | High
13 | 181.52.104.2 | static-ip-cr1815201042.cable.net.co | High
14 | 181.52.107.55 | static-ip-cr18152010755.cable.net.co | High
15 | 181.52.108.50 | static-ip-cr18152010850.cable.net.co | High
16 | 181.52.110.207 | static-ip-cr181520110207.cable.net.co | High
17 | 181.52.113.57 | static-ip-18152011357.cable.net.co | High
18 | 181.52.113.83 | static-ip-18152011383.cable.net.co | High
19 | 181.52.113.142 | static-ip-181520113142.cable.net.co | High
20 | 181.52.113.157 | static-ip-181520113157.cable.net.co | High
21 | ... | ... | ...
14 | ... | ... | ...
There are 45 more IOC items available. Please use our online service to access the data.
There are 52 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -62,7 +55,7 @@ ID | Technique | Description | Confidence
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 2 more TTP items available. Please use our online service to access the data.
There are 3 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -73,16 +66,9 @@ ID | Type | Indicator | Confidence
1 | File | `/.ssh/authorized_keys` | High
2 | File | `/uncpath/` | Medium
3 | File | `add_edit_user.asp` | High
4 | File | `shop.pl` | Low
5 | File | `viewtopic.asp` | High
6 | File | `wp-includes/class-wp-query.php` | High
7 | Argument | `command` | Low
8 | Argument | `forumid` | Low
9 | Argument | `Name` | Low
10 | Argument | `page` | Low
11 | ... | ... | ...
4 | ... | ... | ...
There are 5 more IOA items available. Please use our online service to access the data.
There are 12 more IOA items available. Please use our online service to access the data.
## References
@ -94,9 +80,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

40
SpyEye/README.md
View File

@ -1,6 +1,6 @@
# SpyEye - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [SpyEye](https://vuldb.com/?actor.spyeye). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [SpyEye](https://vuldb.com/?actor.spyeye). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.spyeye](https://vuldb.com/?actor.spyeye)
@ -38,12 +38,9 @@ ID | IP address | Hostname | Confidence
15 | 76.76.107.74 | - | High
16 | 77.79.4.200 | - | High
17 | 77.79.10.93 | - | High
18 | 77.232.82.24 | - | High
19 | 77.235.60.79 | - | High
20 | 77.235.60.159 | - | High
21 | ... | ... | ...
18 | ... | ... | ...
There are 63 more IOC items available. Please use our online service to access the data.
There are 66 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -64,19 +61,22 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/forum/away.php` | High
2 | File | `/modules/registration_admission/patient_register.php` | High
3 | File | `/Tools/tools_admin.htm` | High
4 | File | `adm/krgourl.php` | High
5 | File | `admin.php` | Medium
6 | File | `administers` | Medium
7 | File | `catchsegv` | Medium
8 | File | `classes/SystemSettings.php` | High
9 | File | `classified.php` | High
10 | File | `coders/mat.c` | Medium
11 | ... | ... | ...
1 | File | `/forgetpassword.php` | High
2 | File | `/forum/away.php` | High
3 | File | `/modules/registration_admission/patient_register.php` | High
4 | File | `/Tools/tools_admin.htm` | High
5 | File | `adm/krgourl.php` | High
6 | File | `admin.php` | Medium
7 | File | `admin/conf_users_edit.php` | High
8 | File | `administers` | Medium
9 | File | `btif_hd.cc` | Medium
10 | File | `catchsegv` | Medium
11 | File | `classes/SystemSettings.php` | High
12 | File | `classified.php` | High
13 | File | `coders/mat.c` | Medium
14 | ... | ... | ...
There are 107 more IOA items available. Please use our online service to access the data.
There are 112 more IOA items available. Please use our online service to access the data.
## References
@ -88,9 +88,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

21
Stolen Pencil/README.md
View File

@ -1,6 +1,6 @@
# Stolen Pencil - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Stolen Pencil](https://vuldb.com/?actor.stolen_pencil). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Stolen Pencil](https://vuldb.com/?actor.stolen_pencil). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.stolen_pencil](https://vuldb.com/?actor.stolen_pencil)
@ -49,17 +49,12 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/forum/away.php` | High
2 | File | `/horde/util/go.php` | High
3 | File | `/systemrw/` | Medium
4 | File | `/tmp/supp_log` | High
5 | File | `ActivityStarter.java` | High
6 | File | `admin/index.php` | High
7 | File | `comment_add.asp` | High
8 | File | `csv.h` | Low
9 | File | `data/gbconfiguration.dat` | High
10 | File | `inc/config.php` | High
11 | ... | ... | ...
3 | File | `/secure/EditSubscription.jspa` | High
4 | File | `/systemrw/` | Medium
5 | File | `/tmp/supp_log` | High
6 | ... | ... | ...
There are 28 more IOA items available. Please use our online service to access the data.
There are 36 more IOA items available. Please use our online service to access the data.
## References
@ -71,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

15
Subaat/README.md
View File

@ -1,6 +1,6 @@
# Subaat - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Subaat](https://vuldb.com/?actor.subaat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Subaat](https://vuldb.com/?actor.subaat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.subaat](https://vuldb.com/?actor.subaat)
@ -40,12 +40,9 @@ ID | Type | Indicator | Confidence
1 | File | `/uncpath/` | Medium
2 | File | `app/controllers/frontend/PostController.php` | High
3 | File | `inc/config.php` | High
4 | File | `www/soap/application/MCSoap/Logs.php` | High
5 | Argument | `basePath` | Medium
6 | Argument | `score` | Low
7 | Input Value | `%00` | Low
8 | Input Value | `::$Index_Allocation` | High
9 | Network Port | `Web Server Port` | High
4 | ... | ... | ...
There are 6 more IOA items available. Please use our online service to access the data.
## References
@ -57,9 +54,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

Some files were not shown because too many files have changed in this diff Show More