Update
This commit is contained in:
parent
22f05d0892
commit
b9e5acb9da
|
@ -1,6 +1,6 @@
|
|||
# APT15 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT15](https://vuldb.com/?actor.apt15). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT15](https://vuldb.com/?actor.apt15). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt15](https://vuldb.com/?actor.apt15)
|
||||
|
||||
|
@ -29,9 +29,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT17 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT17](https://vuldb.com/?actor.apt17). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT17](https://vuldb.com/?actor.apt17). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt17](https://vuldb.com/?actor.apt17)
|
||||
|
||||
|
@ -30,10 +30,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 1.234.52.111 | - | High
|
||||
2 | 69.80.72.165 | - | High
|
||||
3 | 103.250.72.39 | sv01growth.bulks.jp | High
|
||||
4 | 103.250.72.254 | 103x250x72x254.bulks.jp | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -57,16 +56,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/wbg/core/_includes/authorization.inc.php` | High
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | File | `inc/config.php` | High
|
||||
5 | File | `inc/filebrowser/browser.php` | High
|
||||
6 | File | `register/check/username?username` | High
|
||||
7 | File | `wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php` | High
|
||||
8 | File | `wp-login.php` | Medium
|
||||
9 | Argument | `basePath` | Medium
|
||||
10 | Argument | `file` | Low
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available. Please use our online service to access the data.
|
||||
There are 10 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -79,9 +71,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -19,12 +19,9 @@ There are 3 more campaign items available. Please use our online service to acce
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT28:
|
||||
|
||||
* NL
|
||||
* RO
|
||||
* US
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
* RU
|
||||
* BG
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -90,10 +87,7 @@ ID | Technique | Description | Confidence
|
|||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
3 | T1587.003 | Improper Certificate Validation | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -101,43 +95,12 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/admin/config.php?display=disa&view=form` | High
|
||||
5 | File | `/category_view.php` | High
|
||||
6 | File | `/dev/kmem` | Medium
|
||||
7 | File | `/filemanager/upload.php` | High
|
||||
8 | File | `/medical/inventories.php` | High
|
||||
9 | File | `/monitoring` | Medium
|
||||
10 | File | `/NAGErrors` | Medium
|
||||
11 | File | `/plugins/servlet/audit/resource` | High
|
||||
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
13 | File | `/proc/ioports` | High
|
||||
14 | File | `/replication` | Medium
|
||||
15 | File | `/reports/rwservlet` | High
|
||||
16 | File | `/RestAPI` | Medium
|
||||
17 | File | `/tmp` | Low
|
||||
18 | File | `/tmp/speedtest_urls.xml` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/var/log/nginx` | High
|
||||
21 | File | `/wp-admin/admin.php` | High
|
||||
22 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
23 | File | `admin/app/mediamanager` | High
|
||||
24 | File | `admin/index.php` | High
|
||||
25 | File | `admin\model\catalog\download.php` | High
|
||||
26 | File | `afr.php` | Low
|
||||
27 | File | `apcupsd.pid` | Medium
|
||||
28 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
|
||||
29 | File | `api/sms/send-sms` | High
|
||||
30 | File | `api/v1/alarms` | High
|
||||
31 | File | `application/controller/InstallerController.php` | High
|
||||
32 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
|
||||
33 | File | `arformcontroller.php` | High
|
||||
34 | File | `auth-gss2.c` | Medium
|
||||
35 | ... | ... | ...
|
||||
1 | File | `elFinder.class.php` | High
|
||||
2 | File | `inc/config.php` | High
|
||||
3 | File | `ot_coupon.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 300 more IOA items available. Please use our online service to access the data.
|
||||
There are 8 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT29 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT29](https://vuldb.com/?actor.apt29). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT29](https://vuldb.com/?actor.apt29). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt29](https://vuldb.com/?actor.apt29)
|
||||
|
||||
|
@ -21,7 +21,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* RU
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -48,10 +48,9 @@ ID | IP address | Hostname | Confidence
|
|||
17 | 66.70.247.215 | ip215.ip-66-70-247.net | High
|
||||
18 | 69.59.28.57 | - | High
|
||||
19 | 79.141.168.109 | - | High
|
||||
20 | 81.17.17.213 | customer20.tamic.info | High
|
||||
21 | ... | ... | ...
|
||||
20 | ... | ... | ...
|
||||
|
||||
There are 77 more IOC items available. Please use our online service to access the data.
|
||||
There are 78 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -64,7 +63,7 @@ ID | Technique | Description | Confidence
|
|||
3 | T1211 | 7PK Security Features | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -80,11 +79,29 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/etc/shadow` | Medium
|
||||
7 | File | `/etc/sudoers` | Medium
|
||||
8 | File | `/firewall/policy/` | High
|
||||
9 | File | `/includes/plugins/mobile/scripts/login.php` | High
|
||||
10 | File | `/notice-edit.php` | High
|
||||
11 | ... | ... | ...
|
||||
9 | File | `/icingaweb2/navigation/add` | High
|
||||
10 | File | `/includes/plugins/mobile/scripts/login.php` | High
|
||||
11 | File | `/notice-edit.php` | High
|
||||
12 | File | `/pages/systemcall.php?command={COMMAND}` | High
|
||||
13 | File | `/phppath/php` | Medium
|
||||
14 | File | `/plain` | Low
|
||||
15 | File | `/rest/project-templates/1.0/createshared` | High
|
||||
16 | File | `/rpc/setvmdrive.asp` | High
|
||||
17 | File | `/s/` | Low
|
||||
18 | File | `/secure/admin/ConfigureBatching!default.jspa` | High
|
||||
19 | File | `/server-status` | High
|
||||
20 | File | `/setSystemAdmin` | High
|
||||
21 | File | `/setup.cgi` | Medium
|
||||
22 | File | `/tmp/csman/0` | Medium
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/usr/bin/pkexec` | High
|
||||
25 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
26 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
27 | File | `/var/log/monkeyd/master.log` | High
|
||||
28 | File | `/var/log/salt/minion` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 236 more IOA items available. Please use our online service to access the data.
|
||||
There are 249 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -102,9 +119,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -16,9 +16,9 @@ The following campaigns are known and can be associated with APT33:
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
|
||||
|
||||
* SV
|
||||
* FR
|
||||
* PL
|
||||
* SV
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
@ -67,32 +67,33 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/upload.php` | High
|
||||
2 | File | `/api/ZRMesh/set_ZRMesh` | High
|
||||
3 | File | `/appliance/shiftmgn.php` | High
|
||||
4 | File | `/damicms-master/admin.php?s=/Article/doedit` | High
|
||||
5 | File | `/etc/quagga` | Medium
|
||||
6 | File | `/fw/index2.do` | High
|
||||
7 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
|
||||
8 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
|
||||
9 | File | `/jerry-core/jmem/jmem-heap.c` | High
|
||||
10 | File | `/moddable/xs/sources/xsScript.c` | High
|
||||
11 | File | `/parser/js/js-parser-expr.c` | High
|
||||
12 | File | `/preferences/tags` | High
|
||||
13 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
14 | File | `/thruk/#cgi-bin/status.cgi?style=combined` | High
|
||||
1 | File | `/admin/admin.php?module=admin_access_group_edit&aagID` | High
|
||||
2 | File | `/admin/customers.php?page=1&cID` | High
|
||||
3 | File | `/api/ZRMesh/set_ZRMesh` | High
|
||||
4 | File | `/appliance/shiftmgn.php` | High
|
||||
5 | File | `/damicms-master/admin.php?s=/Article/doedit` | High
|
||||
6 | File | `/etc/quagga` | Medium
|
||||
7 | File | `/fw/index2.do` | High
|
||||
8 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
|
||||
9 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
|
||||
10 | File | `/jerry-core/jmem/jmem-heap.c` | High
|
||||
11 | File | `/moddable/xs/sources/xsScript.c` | High
|
||||
12 | File | `/parser/js/js-parser-expr.c` | High
|
||||
13 | File | `/preferences/tags` | High
|
||||
14 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
15 | File | `/transmission/web/` | High
|
||||
16 | File | `/uploads/exam_question/` | High
|
||||
17 | File | `/usr/bin/pkexec` | High
|
||||
18 | File | `AccessPoint.java` | High
|
||||
19 | File | `acknow.php` | Medium
|
||||
20 | File | `acropora/app/identity/ic.c` | High
|
||||
21 | File | `acropora/app/identity/identity_support.c` | High
|
||||
22 | File | `actions.php` | Medium
|
||||
23 | File | `admin/bad.php` | High
|
||||
24 | ... | ... | ...
|
||||
18 | File | `/usr/local/bin/mjs` | High
|
||||
19 | File | `AccessPoint.java` | High
|
||||
20 | File | `account_sponsor_page.php` | High
|
||||
21 | File | `acknow.php` | Medium
|
||||
22 | File | `acropora/app/identity/ic.c` | High
|
||||
23 | File | `acropora/app/identity/identity_support.c` | High
|
||||
24 | File | `actions.php` | Medium
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 199 more IOA items available. Please use our online service to access the data.
|
||||
There are 207 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* CN
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -82,16 +82,16 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/start-stop` | Medium
|
||||
15 | File | `/tmp/app/.env` | High
|
||||
16 | File | `/uncpath/` | Medium
|
||||
17 | File | `/WEB-INF/web.xml` | High
|
||||
18 | File | `/wp-admin/admin-ajax.php` | High
|
||||
19 | File | `/_next` | Low
|
||||
20 | File | `adclick.php` | Medium
|
||||
21 | File | `addentry.php` | Medium
|
||||
22 | File | `addrating.php` | High
|
||||
23 | File | `admin/conf_users_edit.php` | High
|
||||
17 | File | `/usr/bin/pkexec` | High
|
||||
18 | File | `/WEB-INF/web.xml` | High
|
||||
19 | File | `/wp-admin/admin-ajax.php` | High
|
||||
20 | File | `/_next` | Low
|
||||
21 | File | `adclick.php` | Medium
|
||||
22 | File | `addentry.php` | Medium
|
||||
23 | File | `addrating.php` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 202 more IOA items available. Please use our online service to access the data.
|
||||
There are 203 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Agrius - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Agrius](https://vuldb.com/?actor.agrius). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Agrius](https://vuldb.com/?actor.agrius). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.agrius](https://vuldb.com/?actor.agrius)
|
||||
|
||||
|
@ -10,10 +10,10 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
|
||||
* US
|
||||
* RU
|
||||
* IR
|
||||
* NL
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -24,10 +24,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 5.2.67.85 | mail.astrilll.com | High
|
||||
2 | 5.2.73.67 | - | High
|
||||
3 | 37.59.236.232 | 37.59.236.232.rdns.hasaserver.com | High
|
||||
4 | 37.120.238.15 | - | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -49,18 +48,17 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/kerbynet` | High
|
||||
2 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
|
||||
3 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
4 | File | `/storage/app/media/evil.svg` | High
|
||||
5 | File | `/uncpath/` | Medium
|
||||
6 | File | `admin.asp` | Medium
|
||||
7 | File | `admin.php` | Medium
|
||||
8 | File | `admin/admin_users.php` | High
|
||||
9 | File | `app/Controller/GalaxyElementsController.php` | High
|
||||
10 | File | `Application/Common/Controller/BaseController.class.php` | High
|
||||
11 | ... | ... | ...
|
||||
2 | File | `/damicms-master/admin.php?s=/Article/doedit` | High
|
||||
3 | File | `/etc/quagga` | Medium
|
||||
4 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
|
||||
5 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
6 | File | `/storage/app/media/evil.svg` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | File | `admin.asp` | Medium
|
||||
9 | File | `admin.php` | Medium
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 62 more IOA items available. Please use our online service to access the data.
|
||||
There are 74 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -72,9 +70,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Allakore - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Allakore](https://vuldb.com/?actor.allakore). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Allakore](https://vuldb.com/?actor.allakore). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.allakore](https://vuldb.com/?actor.allakore)
|
||||
|
||||
|
@ -20,7 +20,7 @@ ID | IP address | Hostname | Confidence
|
|||
-- | ---------- | -------- | ----------
|
||||
1 | 144.91.65.100 | vmi652772.contaboserver.net | High
|
||||
2 | 144.91.91.236 | vmi512038.contaboserver.net | High
|
||||
3 | 161.97.142.96 | vmi661694.contaboserver.net | High
|
||||
3 | 161.97.142.96 | vmi745943.contaboserver.net | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
@ -48,15 +48,9 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `admin/index.php` | High
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | File | `filter.php` | Medium
|
||||
5 | File | `inc/config.php` | High
|
||||
6 | File | `item_show.php` | High
|
||||
7 | File | `lib/krb5/asn.1/asn1_encode.c` | High
|
||||
8 | File | `login.php` | Medium
|
||||
9 | File | `mdeploy.php` | Medium
|
||||
10 | File | `multipart/form-data` | High
|
||||
11 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 20 more IOA items available. Please use our online service to access the data.
|
||||
There are 26 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -68,9 +62,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -18,7 +18,7 @@ These indicators of compromise indicate associated network ressources which are
|
|||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 5.252.179.221 | 5-252-179-221.mivocloud.com | High
|
||||
1 | 5.252.179.221 | no-rdns.mivocloud.com | High
|
||||
2 | 45.79.81.88 | li1180-88.members.linode.com | High
|
||||
3 | 64.188.13.46 | 64.188.13.46.static.quadranet.com | High
|
||||
4 | ... | ... | ...
|
||||
|
@ -43,12 +43,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `app\admin\controller\sys\Uploads.php` | High
|
||||
2 | File | `category.cfm` | Medium
|
||||
3 | File | `itemlookup.asp` | High
|
||||
4 | File | `mat5.c` | Low
|
||||
5 | File | `phddns.lua` | Medium
|
||||
6 | File | `register.php` | Medium
|
||||
7 | Argument | `cat` | Low
|
||||
8 | Argument | `new-interface` | High
|
||||
9 | Argument | `PATH_INFO` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -65,4 +62,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
# Ashiyane - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ashiyane](https://vuldb.com/?actor.ashiyane). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.ashiyane](https://vuldb.com/?actor.ashiyane)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Ashiyane.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 62.171.141.97 | vmi345419.contaboserver.net | High
|
||||
2 | 104.21.2.112 | - | High
|
||||
3 | 172.67.129.30 | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
|
||||
* https://ddanchev.blogspot.com/2022/01/exposing-behrooz-kamalians-ashiyane-ict.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -1,6 +1,6 @@
|
|||
# Autoit - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Autoit](https://vuldb.com/?actor.autoit). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Autoit](https://vuldb.com/?actor.autoit). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.autoit](https://vuldb.com/?actor.autoit)
|
||||
|
||||
|
@ -21,16 +21,12 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 8.248.165.254 | - | High
|
||||
2 | 8.249.217.254 | - | High
|
||||
3 | 8.253.131.121 | - | High
|
||||
4 | 13.56.128.67 | ec2-13-56-128-67.us-west-1.compute.amazonaws.com | Medium
|
||||
4 | 13.56.128.67 | screenconnect.medsphere.com | High
|
||||
5 | 23.3.13.88 | a23-3-13-88.deploy.static.akamaitechnologies.com | High
|
||||
6 | 23.3.13.154 | a23-3-13-154.deploy.static.akamaitechnologies.com | High
|
||||
7 | 23.63.245.19 | a23-63-245-19.deploy.static.akamaitechnologies.com | High
|
||||
8 | 23.63.245.50 | a23-63-245-50.deploy.static.akamaitechnologies.com | High
|
||||
9 | 23.199.71.136 | a23-199-71-136.deploy.static.akamaitechnologies.com | High
|
||||
10 | 35.205.61.67 | 67.61.205.35.bc.googleusercontent.com | Medium
|
||||
11 | ... | ... | ...
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 20 more IOC items available. Please use our online service to access the data.
|
||||
There are 24 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -41,10 +37,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1222 | Permission Issues | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -62,9 +57,10 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `api/external.php?object=centreon_metric&action=listByService` | High
|
||||
9 | File | `app\contacts\contact_edit.php` | High
|
||||
10 | File | `audio_acdb.c` | Medium
|
||||
11 | ... | ... | ...
|
||||
11 | File | `auth.php` | Medium
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 91 more IOA items available. Please use our online service to access the data.
|
||||
There are 90 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -78,9 +74,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Babar - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Babar](https://vuldb.com/?actor.babar). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Babar](https://vuldb.com/?actor.babar). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.babar](https://vuldb.com/?actor.babar)
|
||||
|
||||
|
@ -19,11 +19,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 64.20.43.107 | vps238561.trouble-free.net | High
|
||||
2 | 69.25.212.153 | - | High
|
||||
3 | 83.149.75.58 | reserved.ps-it.nl | High
|
||||
4 | 104.153.45.38 | cpan6.webline-servers.com | High
|
||||
5 | 184.172.143.188 | bc.8f.acb8.ip4.static.sl-reverse.com | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -43,16 +41,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `addentry.php` | Medium
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `dc_categorieslist.asp` | High
|
||||
4 | File | `detected_potential_files.cgi` | High
|
||||
5 | File | `guestbook.cgi` | High
|
||||
6 | File | `inc/config.php` | High
|
||||
7 | File | `phpinfo.php` | Medium
|
||||
8 | File | `reports_mta_queue_status.html` | High
|
||||
9 | File | `template.class.php` | High
|
||||
10 | Argument | `basePath` | Medium
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available. Please use our online service to access the data.
|
||||
There are 11 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -64,9 +55,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,20 +1,9 @@
|
|||
# Banjori - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Banjori](https://vuldb.com/?actor.banjori). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Banjori](https://vuldb.com/?actor.banjori). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.banjori](https://vuldb.com/?actor.banjori)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Banjori:
|
||||
|
||||
* JP
|
||||
* DE
|
||||
* US
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Banjori.
|
||||
|
@ -41,43 +30,16 @@ ID | IP address | Hostname | Confidence
|
|||
18 | 35.226.69.129 | 129.69.226.35.bc.googleusercontent.com | Medium
|
||||
19 | 43.230.142.125 | - | High
|
||||
20 | 43.241.196.105 | - | High
|
||||
21 | ... | ... | ...
|
||||
21 | 43.249.76.176 | - | High
|
||||
22 | 47.91.170.222 | - | High
|
||||
23 | 47.245.10.59 | - | High
|
||||
24 | 50.117.86.130 | - | High
|
||||
25 | 52.4.209.250 | ec2-52-4-209-250.compute-1.amazonaws.com | Medium
|
||||
26 | 52.25.92.0 | ec2-52-25-92-0.us-west-2.compute.amazonaws.com | Medium
|
||||
27 | 52.58.78.16 | ec2-52-58-78-16.eu-central-1.compute.amazonaws.com | Medium
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 116 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Banjori. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Banjori. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `"/xml/system/setAttribute.xml` | High
|
||||
2 | File | `#!/system` | Medium
|
||||
3 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
|
||||
4 | File | `%LOCALAPPDATA%\Zemana\ZALSDK\MyRules2.ini` | High
|
||||
5 | File | `%ProgramData%\CTES` | High
|
||||
6 | File | `%SYSTEMDRIVE%` | High
|
||||
7 | File | `%TEMP%\par-%username%\cache-exiftool-8.32` | High
|
||||
8 | File | `%windir%\Internet Logs\` | High
|
||||
9 | File | `.../gogo/` | Medium
|
||||
10 | File | `.asp` | Low
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 5749 more IOA items available. Please use our online service to access the data.
|
||||
There are 109 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -89,9 +51,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Black KingDom - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Black KingDom](https://vuldb.com/?actor.black_kingdom). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Black KingDom](https://vuldb.com/?actor.black_kingdom). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.black_kingdom](https://vuldb.com/?actor.black_kingdom)
|
||||
|
||||
|
@ -9,11 +9,11 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Black KingDom:
|
||||
|
||||
* US
|
||||
* ES
|
||||
* CN
|
||||
* RU
|
||||
* SV
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,14 +34,12 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
|
|||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1008 | Algorithm Downgrade | High
|
||||
2 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | Cross Site Scripting | High
|
||||
4 | T1068 | Execution with Unnecessary Privileges | High
|
||||
5 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
6 | ... | ... | ...
|
||||
1 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | Cross Site Scripting | High
|
||||
3 | T1068 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -49,19 +47,32 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%LOCALAPPDATA%\SaferVPN\Log` | High
|
||||
2 | File | `%PROGRAMDATA%\ASUS\GamingCenterLib` | High
|
||||
3 | File | `%PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10` | High
|
||||
4 | File | `%PROGRAMDATA%\Razer Chroma\SDK\Apps` | High
|
||||
5 | File | `%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins` | High
|
||||
6 | File | `%PROGRAMFILES(X86)%\Teradici\PCoIP.exe` | High
|
||||
7 | File | `%SYSTEMDRIVE%\Course Software Material 18.0.1.9\cmd.exe` | High
|
||||
8 | File | `.authlie` | Medium
|
||||
9 | File | `.config/Yubico` | High
|
||||
10 | File | `.htaccess` | Medium
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/admin/index.php?lfj=friendlink&action=add` | High
|
||||
2 | File | `/admin/login.php` | High
|
||||
3 | File | `/ajax_crud` | Medium
|
||||
4 | File | `/api/ZRMacClone/mac_addr_clone` | High
|
||||
5 | File | `/application/common.php#action_log` | High
|
||||
6 | File | `/base/ecma-helpers-string.c` | High
|
||||
7 | File | `/cms/ajax.php` | High
|
||||
8 | File | `/core/table/query` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/dev/ion` | Medium
|
||||
11 | File | `/ecma/operations/ecma-objects.c` | High
|
||||
12 | File | `/GetCopiedFile` | High
|
||||
13 | File | `/hdf5/src/H5Dchunk.c` | High
|
||||
14 | File | `/hdf5/src/H5Fint.c` | High
|
||||
15 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
|
||||
16 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
|
||||
17 | File | `/jerry-core/parser/js/js-parser-expr.c` | High
|
||||
18 | File | `/leave_system/classes/Login.php` | High
|
||||
19 | File | `/member/post.php?job=postnew&step=post` | High
|
||||
20 | File | `/message-bus/_diagnostics` | High
|
||||
21 | File | `/mobile/SelectUsers.jsp` | High
|
||||
22 | File | `/music/ajax.php` | High
|
||||
23 | File | `/orms/` | Low
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 6388 more IOA items available. Please use our online service to access the data.
|
||||
There are 197 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -73,9 +84,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# BlackTech - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [BlackTech](https://vuldb.com/?actor.blacktech). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BlackTech](https://vuldb.com/?actor.blacktech). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.blacktech](https://vuldb.com/?actor.blacktech)
|
||||
|
||||
|
@ -29,10 +29,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 10.0.0.211 | - | High
|
||||
2 | 43.240.12.81 | mail.terascape.net | High
|
||||
3 | 45.76.102.145 | 45.76.102.145.vultr.com | Medium
|
||||
4 | 45.124.25.31 | hkhdc.laws.ms | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -53,12 +52,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
2 | File | `base/ErrorHandler.php` | High
|
||||
3 | File | `goto.php` | Medium
|
||||
4 | File | `isc/get_sid_js.aspx` | High
|
||||
5 | File | `item_show.php` | High
|
||||
6 | Argument | `author_name` | Medium
|
||||
7 | Argument | `code_no` | Low
|
||||
8 | Argument | `dbg_buf` | Low
|
||||
9 | Argument | `url` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -73,9 +69,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# C0d0so - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [C0d0so](https://vuldb.com/?actor.c0d0so). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [C0d0so](https://vuldb.com/?actor.c0d0so). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.c0d0so](https://vuldb.com/?actor.c0d0so)
|
||||
|
||||
|
@ -40,9 +40,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Careto - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Careto](https://vuldb.com/?actor.careto). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Careto](https://vuldb.com/?actor.careto). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.careto](https://vuldb.com/?actor.careto)
|
||||
|
||||
|
@ -24,12 +24,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 8.28.16.254 | - | High
|
||||
2 | 12.0.0.38 | - | High
|
||||
3 | 23.20.44.92 | ec2-23-20-44-92.compute-1.amazonaws.com | Medium
|
||||
4 | 37.235.63.127 | 127-63-235-37.static.edis.at | High
|
||||
5 | 62.149.227.3 | host3-227-149-62.serverdedicati.aruba.it | High
|
||||
6 | 72.52.91.30 | - | High
|
||||
7 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
There are 13 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -60,9 +57,10 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `app/admin/custom-fields/filter.php` | High
|
||||
9 | File | `auth-gss2.c` | Medium
|
||||
10 | File | `backoffice/login.asp` | High
|
||||
11 | ... | ... | ...
|
||||
11 | File | `cisco/services/PhonecDirectory.php` | High
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 96 more IOA items available. Please use our online service to access the data.
|
||||
There are 95 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -74,9 +72,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* DE
|
||||
* ...
|
||||
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -32,18 +32,14 @@ ID | IP address | Hostname | Confidence
|
|||
9 | 45.56.79.23 | li929-23.members.linode.com | High
|
||||
10 | 45.56.117.118 | li935-118.members.linode.com | High
|
||||
11 | 45.63.25.55 | 45.63.25.55.vultr.com | Medium
|
||||
12 | 45.63.99.180 | 45.63.99.180.uk003.ys.com | High
|
||||
12 | 45.63.99.180 | 45.63.99.180.vultr.com | Medium
|
||||
13 | 52.2.101.52 | ec2-52-2-101-52.compute-1.amazonaws.com | Medium
|
||||
14 | 52.21.132.24 | ec2-52-21-132-24.compute-1.amazonaws.com | Medium
|
||||
15 | 54.84.252.139 | ec2-54-84-252-139.compute-1.amazonaws.com | Medium
|
||||
16 | 54.87.5.88 | ec2-54-87-5-88.compute-1.amazonaws.com | Medium
|
||||
17 | 54.88.175.149 | ec2-54-88-175-149.compute-1.amazonaws.com | Medium
|
||||
18 | 54.152.181.87 | ec2-54-152-181-87.compute-1.amazonaws.com | Medium
|
||||
19 | 78.128.92.96 | - | High
|
||||
20 | 84.201.32.108 | - | High
|
||||
21 | ... | ... | ...
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 60 more IOC items available. Please use our online service to access the data.
|
||||
There are 64 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -54,8 +50,7 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -65,19 +60,32 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `+CSCO` | Low
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/cgi-bin/login_action.cgi` | High
|
||||
4 | File | `/cns/` | Low
|
||||
5 | File | `/DbXmlInfo.xml` | High
|
||||
6 | File | `/etc/auditlog-keeper.conf` | High
|
||||
7 | File | `/forms/web_importTFTP` | High
|
||||
8 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
9 | File | `/plugin/extended-choice-parameter/js/` | High
|
||||
10 | File | `/rest/api/1.0/render` | High
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/cgi-bin/login_action.cgi` | High
|
||||
2 | File | `/DbXmlInfo.xml` | High
|
||||
3 | File | `/forms/web_importTFTP` | High
|
||||
4 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
5 | File | `/plugin/extended-choice-parameter/js/` | High
|
||||
6 | File | `/rest/api/1.0/render` | High
|
||||
7 | File | `/sap/public/bc/abap` | High
|
||||
8 | File | `/search.php` | Medium
|
||||
9 | File | `/shell?cmd` | Medium
|
||||
10 | File | `/tmp` | Low
|
||||
11 | File | `500page.jsp` | Medium
|
||||
12 | File | `activateuser.aspx` | High
|
||||
13 | File | `addentry.php` | Medium
|
||||
14 | File | `admin/password_forgotten.php` | High
|
||||
15 | File | `AndroidManifest.xml` | High
|
||||
16 | File | `application/admin/controller/Admin.php` | High
|
||||
17 | File | `asm/preproc.c` | High
|
||||
18 | File | `auth-gss2.c` | Medium
|
||||
19 | File | `authent.php4` | Medium
|
||||
20 | File | `authpam.c` | Medium
|
||||
21 | File | `bgp_packet.c` | Medium
|
||||
22 | File | `catalog.asp` | Medium
|
||||
23 | File | `Cgi/confirm.py` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 634 more IOA items available. Please use our online service to access the data.
|
||||
There are 201 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -102,4 +110,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Chafer - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Chafer](https://vuldb.com/?actor.chafer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Chafer](https://vuldb.com/?actor.chafer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.chafer](https://vuldb.com/?actor.chafer)
|
||||
|
||||
|
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* GB
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -22,12 +22,11 @@ These indicators of compromise indicate associated network ressources which are
|
|||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 83.142.230.113 | - | High
|
||||
2 | 89.38.97.112 | - | High
|
||||
2 | 89.38.97.112 | 89-38-97-112.hosted-by-worldstream.net | High
|
||||
3 | 89.38.97.115 | 89-38-97-115.hosted-by-worldstream.net | High
|
||||
4 | 91.218.114.225 | - | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -49,18 +48,14 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//etc/RT2870STA.dat` | High
|
||||
2 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
|
||||
3 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
4 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
5 | File | `/uncpath/` | Medium
|
||||
6 | File | `/var/log/nginx` | High
|
||||
7 | File | `advertiser.php` | High
|
||||
8 | File | `akocomments.php` | High
|
||||
9 | File | `al_initialize.php` | High
|
||||
10 | File | `category.cfm` | Medium
|
||||
11 | ... | ... | ...
|
||||
2 | File | `/admin/index.php?id=themes&action=edit_template&filename=blog` | High
|
||||
3 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
|
||||
4 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
5 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
6 | File | `/uncpath/` | Medium
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 42 more IOA items available. Please use our online service to access the data.
|
||||
There are 49 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -73,9 +68,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Cleaver - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Cleaver](https://vuldb.com/?actor.cleaver). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cleaver](https://vuldb.com/?actor.cleaver). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cleaver](https://vuldb.com/?actor.cleaver)
|
||||
|
||||
|
@ -35,15 +35,9 @@ ID | IP address | Hostname | Confidence
|
|||
6 | 64.120.208.76 | - | High
|
||||
7 | 64.120.208.78 | - | High
|
||||
8 | 66.96.252.198 | host-66-96-252-198.myrepublic.co.id | High
|
||||
9 | 78.109.194.96 | - | High
|
||||
10 | 78.109.194.114 | - | High
|
||||
11 | 80.243.182.149 | 149-182-243-80.rackcentre.redstation.net.uk | High
|
||||
12 | 87.98.167.71 | - | High
|
||||
13 | 87.98.167.85 | ip85.ip-87-98-167.eu | High
|
||||
14 | 87.98.167.141 | - | High
|
||||
15 | ... | ... | ...
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 26 more IOC items available. Please use our online service to access the data.
|
||||
There are 32 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -64,16 +58,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/forum/away.php` | High
|
||||
2 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
3 | File | `adclick.php` | Medium
|
||||
4 | File | `data/gbconfiguration.dat` | High
|
||||
5 | File | `Default.aspx` | Medium
|
||||
6 | File | `inc/config.php` | High
|
||||
7 | File | `libraries/idna_convert/example.php` | High
|
||||
8 | File | `mod_proxy_fcgi.c` | High
|
||||
9 | File | `ogp_show.php` | Medium
|
||||
10 | File | `redir.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 17 more IOA items available. Please use our online service to access the data.
|
||||
There are 24 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -86,9 +73,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Comnie - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Comnie](https://vuldb.com/?actor.comnie). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Comnie](https://vuldb.com/?actor.comnie). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.comnie](https://vuldb.com/?actor.comnie)
|
||||
|
||||
|
@ -20,13 +20,27 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 113.196.70.11 | 113.196.70.11.ll.static.sparqnet.net | High
|
||||
2 | 121.126.211.94 | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Comnie. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Comnie. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | Argument | `filename` | Medium
|
||||
1 | File | `wp-includes/functions.php` | High
|
||||
2 | Argument | `filename` | Medium
|
||||
3 | Argument | `hotjar script` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -38,9 +52,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Confucius - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Confucius](https://vuldb.com/?actor.confucius). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Confucius](https://vuldb.com/?actor.confucius). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.confucius](https://vuldb.com/?actor.confucius)
|
||||
|
||||
|
@ -35,15 +35,9 @@ ID | IP address | Hostname | Confidence
|
|||
6 | 46.165.207.109 | - | High
|
||||
7 | 46.165.207.112 | - | High
|
||||
8 | 46.165.207.113 | - | High
|
||||
9 | 46.165.207.114 | - | High
|
||||
10 | 46.165.207.116 | - | High
|
||||
11 | 46.165.207.120 | v608.ce02.fra-10.de.leaseweb.net | High
|
||||
12 | 46.165.207.132 | - | High
|
||||
13 | 46.165.207.134 | - | High
|
||||
14 | 46.165.207.138 | - | High
|
||||
15 | ... | ... | ...
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 27 more IOC items available. Please use our online service to access the data.
|
||||
There are 33 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -74,9 +68,10 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `admin-ajax.php` | High
|
||||
9 | File | `admin/index.php` | High
|
||||
10 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
11 | ... | ... | ...
|
||||
11 | File | `adv_pwd_cgi` | Medium
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 89 more IOA items available. Please use our online service to access the data.
|
||||
There are 88 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -89,9 +84,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -0,0 +1,221 @@
|
|||
# CoolWebSearch - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CoolWebSearch](https://vuldb.com/?actor.coolwebsearch). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.coolwebsearch](https://vuldb.com/?actor.coolwebsearch)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoolWebSearch:
|
||||
|
||||
* US
|
||||
* VN
|
||||
* CN
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of CoolWebSearch.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 38.113.3.122 | - | High
|
||||
2 | 38.113.198.80 | - | High
|
||||
3 | 38.113.198.81 | - | High
|
||||
4 | 38.113.198.235 | - | High
|
||||
5 | 38.113.198.243 | - | High
|
||||
6 | 38.113.198.249 | - | High
|
||||
7 | 38.113.198.252 | - | High
|
||||
8 | 38.113.199.63 | - | High
|
||||
9 | 38.113.204.40 | - | High
|
||||
10 | 38.113.204.182 | - | High
|
||||
11 | 38.117.144.30 | - | High
|
||||
12 | 38.117.144.50 | - | High
|
||||
13 | 38.117.144.51 | - | High
|
||||
14 | 38.117.144.162 | - | High
|
||||
15 | 61.152.242.111 | - | High
|
||||
16 | 62.65.252.93 | 62.65.252.93.cable.starman.ee | High
|
||||
17 | 62.65.252.226 | 62.65.252.226.cable.starman.ee | High
|
||||
18 | 62.129.133.193 | HOSTED-BY.VIRTUALXS.COM | High
|
||||
19 | 63.160.243.7 | - | High
|
||||
20 | 63.208.158.126 | unknown.Level3.net | High
|
||||
21 | 63.217.29.115 | - | High
|
||||
22 | 63.219.176.203 | 63-219-176-203.static.pccwglobal.net | High
|
||||
23 | 63.219.178.91 | 63-219-178-91.supercreate.net | High
|
||||
24 | 63.219.181.7 | web-r2-h7.globecorp.net | High
|
||||
25 | 63.219.181.10 | web-r2-h10.globecorp.net | High
|
||||
26 | 63.219.181.64 | web-r2-h64.globecorp.net | High
|
||||
27 | 63.246.42.13 | - | High
|
||||
28 | 63.246.131.19 | - | High
|
||||
29 | 63.246.146.142 | - | High
|
||||
30 | 63.246.146.147 | - | High
|
||||
31 | 63.251.83.54 | - | High
|
||||
32 | 63.251.83.56 | - | High
|
||||
33 | 64.7.197.6 | - | High
|
||||
34 | 64.7.205.18 | - | High
|
||||
35 | 64.7.207.118 | NET-allocation-0011058.ix.sitestream.net | High
|
||||
36 | 64.7.209.58 | NET-allocation-00025837.ix.sitestream.net | High
|
||||
37 | 64.7.212.98 | gxb.nastydollars.com | High
|
||||
38 | 64.38.226.6 | maxcash.cavecreek.net | High
|
||||
39 | 64.94.3.243 | - | High
|
||||
40 | 64.124.210.76 | 64.124.210.76.t00517.above.net | High
|
||||
41 | 64.124.210.98 | 64.124.210.98.t00517.above.net | High
|
||||
42 | 64.124.210.111 | 64.124.210.111.t00517.above.net | High
|
||||
43 | 64.124.222.167 | 64.124.222.167.T01708-02.above.net | High
|
||||
44 | 64.124.222.236 | 64.124.222.236.T01708-02.above.net | High
|
||||
45 | 64.125.84.23 | - | High
|
||||
46 | 64.127.104.144 | - | High
|
||||
47 | 64.154.5.9 | - | High
|
||||
48 | 64.154.5.38 | - | High
|
||||
49 | 64.157.143.86 | unknown.Level3.net | High
|
||||
50 | 64.185.230.223 | 64-185-230-223.static.webnx.com | High
|
||||
51 | 64.186.129.250 | - | High
|
||||
52 | 64.186.129.252 | - | High
|
||||
53 | 64.186.152.83 | - | High
|
||||
54 | 64.200.25.75 | - | High
|
||||
55 | 64.200.25.86 | - | High
|
||||
56 | 64.202.105.82 | unknown.ord.scnet.net | High
|
||||
57 | 64.202.167.129 | ip-64-202-167-129.ip.secureserver.net | High
|
||||
58 | 64.202.167.192 | ip-64-202-167-192.ip.secureserver.net | High
|
||||
59 | 64.237.37.152 | - | High
|
||||
60 | 64.237.39.70 | - | High
|
||||
61 | 64.237.39.76 | - | High
|
||||
62 | 64.237.39.77 | - | High
|
||||
63 | 64.237.39.80 | - | High
|
||||
64 | 64.237.39.226 | 64-237-39-226.choopa.net | High
|
||||
65 | 64.237.41.215 | 64-237-41-215.choopa.com | High
|
||||
66 | 64.237.44.247 | 64-237-44-247.constant.com | High
|
||||
67 | 64.237.45.18 | 64-237-45-18.constant.com | High
|
||||
68 | 64.237.47.178 | 64-237-47-178.constant.com | High
|
||||
69 | 64.237.47.210 | 64-237-47-210.choopa.net | High
|
||||
70 | 64.237.53.3 | 64.237.53.3.choopa.net | High
|
||||
71 | 64.237.53.4 | 64.237.53.4.choopa.net | High
|
||||
72 | 64.237.56.64 | 64-237-56-64.choopa.net | High
|
||||
73 | 64.237.57.37 | 64.237.57.37.choopa.com | High
|
||||
74 | 64.237.57.92 | tsca-057092.toscaa.com | High
|
||||
75 | 64.237.57.202 | 64.237.57.202.choopa.com | High
|
||||
76 | 64.237.57.205 | 64.237.57.205.choopa.com | High
|
||||
77 | 64.237.57.206 | 64.237.57.206.choopa.com | High
|
||||
78 | 64.237.57.215 | 64-237-57-215.reliableservers.com | High
|
||||
79 | 64.246.18.41 | ev1s-64-246-18-41.theplanet.com | High
|
||||
80 | 64.246.33.179 | ev1s-64-246-33-179.theplanet.com | High
|
||||
81 | 64.246.33.191 | bignaturalboobs.org | High
|
||||
82 | 64.246.40.84 | ev1s-64-246-40-84.theplanet.com | High
|
||||
83 | 64.250.235.140 | ip-64-250-235-140.lasvegas.net | High
|
||||
84 | 64.255.161.101 | 64-255-161-101.jupiter.navisite.com | High
|
||||
85 | 65.39.191.71 | - | High
|
||||
86 | 65.75.143.119 | ip-65-75-143-119.local | High
|
||||
87 | 65.75.161.13 | galt1.seowebhosting.net | High
|
||||
88 | 65.75.175.64 | ip-65-75-175-64.local | High
|
||||
89 | 65.75.187.94 | ip-65-75-187-94.local | High
|
||||
90 | 65.77.129.178 | - | High
|
||||
91 | 65.77.129.212 | - | High
|
||||
92 | 65.110.40.789 | - | High
|
||||
93 | 65.115.110.251 | - | High
|
||||
94 | 66.28.176.79 | - | High
|
||||
95 | 66.28.176.138 | - | High
|
||||
96 | 66.28.176.154 | - | High
|
||||
97 | 66.40.28.3 | host3.maxim.net | High
|
||||
98 | 66.40.28.12 | host12.maxim.net | High
|
||||
99 | 66.40.28.51 | host51.maxim.net | High
|
||||
100 | 66.40.28.61 | host61.maxim.net | High
|
||||
101 | 66.45.237.99 | athostech.website | High
|
||||
102 | 66.55.128.76 | 66.55.128.76.choopa.com | High
|
||||
103 | 66.55.134.98 | 66-55-134-98.choopa.net | High
|
||||
104 | 66.55.136.82 | 66.55.136.82.choopa.com | High
|
||||
105 | 66.55.136.84 | 66.55.136.84.choopa.com | High
|
||||
106 | 66.55.136.87 | 66.55.136.87.choopa.com | High
|
||||
107 | 66.55.136.93 | 66-55-136-93.constant.com | High
|
||||
108 | 66.55.139.28 | 66-55-139-28.choopa.net | High
|
||||
109 | 66.55.139.29 | 66-55-139-29.choopa.net | High
|
||||
110 | 66.55.140.119 | - | High
|
||||
111 | 66.55.141.3 | - | High
|
||||
112 | 66.55.144.200 | 66.55.144.200.choopa.net | High
|
||||
113 | 66.70.44.60 | tunders.com | High
|
||||
114 | 66.70.68.147 | - | High
|
||||
115 | 66.79.171.70 | - | High
|
||||
116 | 66.79.171.75 | - | High
|
||||
117 | 66.79.183.140 | - | High
|
||||
118 | 66.79.189.120 | - | High
|
||||
119 | 66.79.191.231 | - | High
|
||||
120 | 66.90.65.252 | - | High
|
||||
121 | 66.98.142.163 | ns106.ehostpros.com | High
|
||||
122 | 66.98.176.62 | ev1s-66-98-176-62.theplanet.com | High
|
||||
123 | 66.98.194.89 | ns1.mygreatwebsite.net | High
|
||||
124 | ... | ... | ...
|
||||
|
||||
There are 494 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by CoolWebSearch. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by CoolWebSearch. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.ssh/authorized_keys` | High
|
||||
2 | File | `/car.php` | Medium
|
||||
3 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
4 | File | `/dashboards/#` | High
|
||||
5 | File | `/etc/controller-agent/agent.conf` | High
|
||||
6 | File | `/etc/sudoers` | Medium
|
||||
7 | File | `/filemanager/php/connector.php` | High
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/fudforum/adm/hlplist.php` | High
|
||||
10 | File | `/GponForm/fsetup_Form` | High
|
||||
11 | File | `/log_download.cgi` | High
|
||||
12 | File | `/modules/profile/index.php` | High
|
||||
13 | File | `/monitoring` | Medium
|
||||
14 | File | `/new` | Low
|
||||
15 | File | `/out.php` | Medium
|
||||
16 | File | `/proc/<pid>/status` | High
|
||||
17 | File | `/public/plugins/` | High
|
||||
18 | File | `/s/` | Low
|
||||
19 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
20 | File | `/server-info` | Medium
|
||||
21 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
22 | File | `/tmp` | Low
|
||||
23 | File | `/tmp/kamailio_ctl` | High
|
||||
24 | File | `/tmp/kamailio_fifo` | High
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/updown/upload.cgi` | High
|
||||
27 | File | `/usr/bin/pkexec` | High
|
||||
28 | File | `/way4acs/enroll` | High
|
||||
29 | File | `/WEB-INF/web.xml` | High
|
||||
30 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
31 | File | `4.2.0.CP09` | Medium
|
||||
32 | File | `actions/CompanyDetailsSave.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 283 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
|
||||
* https://ddanchev.blogspot.com/2022/01/exposing-currently-active-coolwebsearch.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -1,6 +1,6 @@
|
|||
# Corkow - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Corkow](https://vuldb.com/?actor.corkow). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Corkow](https://vuldb.com/?actor.corkow). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.corkow](https://vuldb.com/?actor.corkow)
|
||||
|
||||
|
@ -21,17 +21,9 @@ ID | IP address | Hostname | Confidence
|
|||
9 | 4.4.7.1 | lag-32-1065-99.ear3.Chicago2.Level3.net | High
|
||||
10 | 4.4.7.2 | ANDERSEN-CO.ear3.Chicago2.Level3.net | High
|
||||
11 | 4.4.7.7 | - | High
|
||||
12 | 5.5.1.2 | dynamic-005-005-001-002.5.5.pool.telefonica.de | High
|
||||
13 | 5.7.9.1 | dynamic-005-007-009-001.5.7.pool.telefonica.de | High
|
||||
14 | 5.9.3.1 | static.1.3.9.5.clients.your-server.de | High
|
||||
15 | 6.0.8.1 | - | High
|
||||
16 | 6.0.8.2 | - | High
|
||||
17 | 6.0.8.4 | - | High
|
||||
18 | 6.2.0.1 | - | High
|
||||
19 | 6.4.1.3 | - | High
|
||||
20 | ... | ... | ...
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 37 more IOC items available. Please use our online service to access the data.
|
||||
There are 45 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -43,9 +35,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# CozyDuke - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CozyDuke](https://vuldb.com/?actor.cozyduke). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CozyDuke](https://vuldb.com/?actor.cozyduke). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cozyduke](https://vuldb.com/?actor.cozyduke)
|
||||
|
||||
|
@ -57,9 +57,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Cridex - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Cridex](https://vuldb.com/?actor.cridex). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cridex](https://vuldb.com/?actor.cridex). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cridex](https://vuldb.com/?actor.cridex)
|
||||
|
||||
|
@ -17,13 +17,11 @@ These indicators of compromise indicate associated network ressources which are
|
|||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 5.135.28.118 | - | High
|
||||
2 | 37.187.156.123 | connor.playragnarokzero.com | High
|
||||
2 | 37.187.156.123 | ns323845.ip-37-187-156.eu | High
|
||||
3 | 46.165.241.0 | - | High
|
||||
4 | 50.56.200.226 | 50-56-200-226.static.cloud-ips.com | High
|
||||
5 | 62.76.44.174 | 62-76-44-174.vm.clodoserver.ru | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -43,9 +41,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Crouching Yeti - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Crouching Yeti](https://vuldb.com/?actor.crouching_yeti). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Crouching Yeti](https://vuldb.com/?actor.crouching_yeti). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.crouching_yeti](https://vuldb.com/?actor.crouching_yeti)
|
||||
|
||||
|
@ -42,9 +42,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# CryptoWall 2.0 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CryptoWall 2.0](https://vuldb.com/?actor.cryptowall_2.0). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CryptoWall 2.0](https://vuldb.com/?actor.cryptowall_2.0). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cryptowall_2.0](https://vuldb.com/?actor.cryptowall_2.0)
|
||||
|
||||
|
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# DPRK - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DPRK](https://vuldb.com/?actor.dprk). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DPRK](https://vuldb.com/?actor.dprk). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dprk](https://vuldb.com/?actor.dprk)
|
||||
|
||||
|
@ -20,11 +20,6 @@ There are 1 more campaign items available. Please use our online service to acce
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DPRK:
|
||||
|
||||
* US
|
||||
* ES
|
||||
* DE
|
||||
* ...
|
||||
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -32,14 +27,14 @@ These indicators of compromise indicate associated network ressources which are
|
|||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 5.62.56.160 | r-160-56-62-5.ff.avast.com | High
|
||||
1 | 5.62.56.160 | r-160-56-62-5.consumer-pool.prcdn.net | High
|
||||
2 | 5.62.56.161 | r-161-56-62-5.consumer-pool.prcdn.net | High
|
||||
3 | 5.62.56.162 | r-162-56-62-5.consumer-pool.prcdn.net | High
|
||||
4 | 5.62.56.163 | r-163-56-62-5.consumer-pool.prcdn.net | High
|
||||
5 | 5.62.61.64 | r-64-61-62-5.ff.avast.com | High
|
||||
6 | 5.62.61.65 | r-65-61-62-5.ff.avast.com | High
|
||||
7 | 5.62.61.66 | r-66-61-62-5.ff.avast.com | High
|
||||
8 | 5.62.61.67 | r-67-61-62-5.ff.avast.com | High
|
||||
5 | 5.62.61.64 | r-64-61-62-5.consumer-pool.prcdn.net | High
|
||||
6 | 5.62.61.65 | r-65-61-62-5.consumer-pool.prcdn.net | High
|
||||
7 | 5.62.61.66 | r-66-61-62-5.consumer-pool.prcdn.net | High
|
||||
8 | 5.62.61.67 | r-67-61-62-5.consumer-pool.prcdn.net | High
|
||||
9 | 21.252.107.198 | - | High
|
||||
10 | 26.165.218.44 | - | High
|
||||
11 | 45.33.2.79 | li956-79.members.linode.com | High
|
||||
|
@ -52,22 +47,13 @@ ID | IP address | Hostname | Confidence
|
|||
18 | 45.79.19.196 | li1118-196.members.linode.com | High
|
||||
19 | 45.199.63.220 | - | High
|
||||
20 | 47.206.4.145 | static-47-206-4-145.srst.fl.frontiernet.net | High
|
||||
21 | ... | ... | ...
|
||||
21 | 51.68.152.96 | ns3122934.ip-51-68-152.eu | High
|
||||
22 | 54.241.91.49 | ec2-54-241-91-49.us-west-1.compute.amazonaws.com | Medium
|
||||
23 | 70.224.36.194 | adsl-70-224-36-194.dsl.sbndin.ameritech.net | High
|
||||
24 | 81.94.192.10 | 10-192-94-81.rackcentre.redstation.net.uk | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 100 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by DPRK. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 96 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -75,19 +61,7 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/admin/config.php?display=backup` | High
|
||||
3 | File | `/apilog.php` | Medium
|
||||
4 | File | `/APP_Installation.asp` | High
|
||||
5 | File | `/categorypage.php` | High
|
||||
6 | File | `/drivers/media/media-device.c` | High
|
||||
7 | File | `/filemanager/upload.php` | High
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/getcfg.php` | Medium
|
||||
10 | File | `/home.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 465 more IOA items available. Please use our online service to access the data.
|
||||
1 | File | `wp-includes/class-wp-query.php` | High
|
||||
|
||||
## References
|
||||
|
||||
|
@ -107,9 +81,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# DarkSide - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DarkSide](https://vuldb.com/?actor.darkside). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DarkSide](https://vuldb.com/?actor.darkside). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.darkside](https://vuldb.com/?actor.darkside)
|
||||
|
||||
|
@ -12,7 +12,7 @@ ID | IP address | Hostname | Confidence
|
|||
-- | ---------- | -------- | ----------
|
||||
1 | 99.83.154.118 | a51062ecadbb5a26e.awsglobalaccelerator.com | High
|
||||
2 | 176.103.62.217 | - | High
|
||||
3 | 185.243.214.107 | no-reverse-yet.local | High
|
||||
3 | 185.243.214.107 | - | High
|
||||
|
||||
## References
|
||||
|
||||
|
@ -25,9 +25,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Deep Panda - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Deep Panda](https://vuldb.com/?actor.deep_panda). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Deep Panda](https://vuldb.com/?actor.deep_panda). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.deep_panda](https://vuldb.com/?actor.deep_panda)
|
||||
|
||||
|
@ -42,10 +42,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `fs/aio.c` | Medium
|
||||
2 | File | `index.php?mod=main&opt=personal` | High
|
||||
3 | File | `pkg/tool/path.go` | High
|
||||
4 | File | `receiver.c` | Medium
|
||||
5 | File | `routes/api/v1/api.go` | High
|
||||
6 | Argument | `avatar_file` | Medium
|
||||
7 | Argument | `m1_idlist` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -60,9 +59,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Dharma - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Dharma](https://vuldb.com/?actor.dharma). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dharma](https://vuldb.com/?actor.dharma). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dharma](https://vuldb.com/?actor.dharma)
|
||||
|
||||
|
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Dimnie - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Dimnie](https://vuldb.com/?actor.dimnie). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dimnie](https://vuldb.com/?actor.dimnie). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dimnie](https://vuldb.com/?actor.dimnie)
|
||||
|
||||
|
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Docless - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Docless](https://vuldb.com/?actor.docless). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Docless](https://vuldb.com/?actor.docless). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.docless](https://vuldb.com/?actor.docless)
|
||||
|
||||
|
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Dyre - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Dyre](https://vuldb.com/?actor.dyre). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dyre](https://vuldb.com/?actor.dyre). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dyre](https://vuldb.com/?actor.dyre)
|
||||
|
||||
|
@ -10,7 +10,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
|
||||
* RU
|
||||
* US
|
||||
* NL
|
||||
* DE
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
@ -27,13 +27,9 @@ ID | IP address | Hostname | Confidence
|
|||
4 | 80.248.224.75 | - | High
|
||||
5 | 85.25.134.53 | delta526.dedicatedpanel.com | High
|
||||
6 | 85.25.138.12 | echo389.startdedicated.de | High
|
||||
7 | 85.25.145.179 | austria184.startdedicated.de | High
|
||||
8 | 93.190.139.178 | 93-190-139-178.hosted-by-worldstream.net | High
|
||||
9 | 94.23.61.172 | xen.nkpa.co.uk | High
|
||||
10 | 94.23.196.90 | ns3098925.ip-94-23-196.eu | High
|
||||
11 | ... | ... | ...
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 20 more IOC items available. Please use our online service to access the data.
|
||||
There are 24 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -62,11 +58,9 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/private/var/mobile/Containers/Data/Application` | High
|
||||
7 | File | `acp/core/files.browser.php` | High
|
||||
8 | File | `addentry.php` | Medium
|
||||
9 | File | `admin.jcomments.php` | High
|
||||
10 | File | `admin/index.php` | High
|
||||
11 | ... | ... | ...
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 62 more IOA items available. Please use our online service to access the data.
|
||||
There are 64 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -79,9 +73,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Edwind - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Edwind](https://vuldb.com/?actor.edwind). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Edwind](https://vuldb.com/?actor.edwind). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.edwind](https://vuldb.com/?actor.edwind)
|
||||
|
||||
|
@ -39,9 +39,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -61,7 +61,7 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `AdvancedBluetoothDetailsHeaderController.java` | High
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 124 more IOA items available. Please use our online service to access the data.
|
||||
There are 125 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -16,11 +16,6 @@ The following campaigns are known and can be associated with FIN7:
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FIN7:
|
||||
|
||||
* US
|
||||
* CN
|
||||
* FR
|
||||
* ...
|
||||
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -75,75 +70,6 @@ ID | IP address | Hostname | Confidence
|
|||
|
||||
There are 172 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by FIN7. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by FIN7. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
3 | File | `/admin/powerline` | High
|
||||
4 | File | `/admin/syslog` | High
|
||||
5 | File | `/api/upload` | Medium
|
||||
6 | File | `/assets/ctx` | Medium
|
||||
7 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
8 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
9 | File | `/get_getnetworkconf.cgi` | High
|
||||
10 | File | `/HNAP1` | Low
|
||||
11 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
12 | File | `/monitoring` | Medium
|
||||
13 | File | `/new` | Low
|
||||
14 | File | `/osm/REGISTER.cmd` | High
|
||||
15 | File | `/proc/<pid>/status` | High
|
||||
16 | File | `/public/plugins/` | High
|
||||
17 | File | `/replication` | Medium
|
||||
18 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
19 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
20 | File | `/tmp` | Low
|
||||
21 | File | `/type.php` | Medium
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/usr/bin/pkexec` | High
|
||||
24 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
25 | File | `4.2.0.CP09` | Medium
|
||||
26 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
27 | File | `actions/CompanyDetailsSave.php` | High
|
||||
28 | File | `ActiveServices.java` | High
|
||||
29 | File | `admin.color.php` | High
|
||||
30 | File | `admin.cropcanvas.php` | High
|
||||
31 | File | `admin.joomlaradiov5.php` | High
|
||||
32 | File | `admin.php` | Medium
|
||||
33 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
34 | File | `admin/add-glossary.php` | High
|
||||
35 | File | `admin/conf_users_edit.php` | High
|
||||
36 | File | `admin/edit-comments.php` | High
|
||||
37 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
38 | File | `admin/write-post.php` | High
|
||||
39 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
40 | File | `admin_events.php` | High
|
||||
41 | File | `AjaxApplication.java` | High
|
||||
42 | File | `akocomments.php` | High
|
||||
43 | File | `allopass-error.php` | High
|
||||
44 | File | `AllowBindAppWidgetActivity.java` | High
|
||||
45 | File | `AndroidManifest.xml` | High
|
||||
46 | File | `AnnotateActivity.java` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 406 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
|
|
|
@ -42,16 +42,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/login.html` | Medium
|
||||
2 | File | `/new` | Low
|
||||
3 | File | `/system?action=ServiceAdmin` | High
|
||||
4 | File | `/var/log/nginx` | High
|
||||
5 | File | `admin/index.php?m=database&c=del` | High
|
||||
6 | File | `admin/ueditor/uploadFile` | High
|
||||
7 | File | `api_jsonrpc.php` | High
|
||||
8 | File | `entropy_decoder.cc` | High
|
||||
9 | File | `FileDownload.jsp` | High
|
||||
10 | File | `HttpAdvancedSensor.exe` | High
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 16 more IOA items available. Please use our online service to access the data.
|
||||
There are 25 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -68,4 +61,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* CA
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -31,16 +31,9 @@ ID | IP address | Hostname | Confidence
|
|||
8 | 68.171.208.119 | penandpixel.com | High
|
||||
9 | 71.42.56.253 | rrcs-71-42-56-253.se.biz.rr.com | High
|
||||
10 | 74.125.192.138 | qn-in-f138.1e100.net | High
|
||||
11 | 75.98.175.114 | a2ss23.a2hosting.com | High
|
||||
12 | 79.134.225.53 | - | High
|
||||
13 | 81.17.18.194 | - | High
|
||||
14 | 81.17.29.146 | - | High
|
||||
15 | 81.169.145.70 | w06.rzone.de | High
|
||||
16 | 81.169.145.164 | wa4.rzone.de | High
|
||||
17 | 82.145.53.14 | table1555.cfd | High
|
||||
18 | ... | ... | ...
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 32 more IOC items available. Please use our online service to access the data.
|
||||
There are 39 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -51,10 +44,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -64,17 +56,15 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/download_frame.php` | High
|
||||
2 | File | `/backups/` | Medium
|
||||
3 | File | `/etc/sudoers` | Medium
|
||||
4 | File | `/index.php?controller=system&action=admin_edit_act` | High
|
||||
5 | File | `/uncpath/` | Medium
|
||||
6 | File | `bits.c` | Low
|
||||
7 | File | `cat.php` | Low
|
||||
8 | File | `Cgi/admindb.py` | High
|
||||
9 | File | `core/kernels/count_ops.cc` | High
|
||||
10 | File | `data/gbconfiguration.dat` | High
|
||||
11 | ... | ... | ...
|
||||
3 | File | `/cms/ajax.php` | High
|
||||
4 | File | `/etc/sudoers` | Medium
|
||||
5 | File | `/index.php?controller=system&action=admin_edit_act` | High
|
||||
6 | File | `/uncpath/` | Medium
|
||||
7 | File | `bits.c` | Low
|
||||
8 | File | `cat.php` | Low
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 53 more IOA items available. Please use our online service to access the data.
|
||||
There are 69 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -94,4 +84,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Gafgyt - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Gafgyt](https://vuldb.com/?actor.gafgyt). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gafgyt](https://vuldb.com/?actor.gafgyt). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gafgyt](https://vuldb.com/?actor.gafgyt)
|
||||
|
||||
|
@ -55,15 +55,11 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/api/content/posts/comments` | High
|
||||
3 | File | `/Home/GetAttachment` | High
|
||||
4 | File | `/modules/projects/vw_files.php` | High
|
||||
5 | File | `AjaxFileUploadHandler.axd` | High
|
||||
6 | File | `cgi-bin/ddns_enc.cgi` | High
|
||||
7 | File | `common.c` | Medium
|
||||
8 | File | `data/gbconfiguration.dat` | High
|
||||
9 | File | `date/time` | Medium
|
||||
10 | File | `eXcall_api.c` | Medium
|
||||
11 | ... | ... | ...
|
||||
5 | File | `admin/limits.php` | High
|
||||
6 | File | `AjaxFileUploadHandler.axd` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 42 more IOA items available. Please use our online service to access the data.
|
||||
There are 49 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -76,9 +72,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Gallmaker - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Gallmaker](https://vuldb.com/?actor.gallmaker). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gallmaker](https://vuldb.com/?actor.gallmaker). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gallmaker](https://vuldb.com/?actor.gallmaker)
|
||||
|
||||
|
@ -42,16 +42,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `c4t64fx.c` | Medium
|
||||
2 | File | `cgi-bin/webcm` | High
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | File | `df.php` | Low
|
||||
5 | File | `drivers/net/ethernet/qlogic/qla3xxx.c` | High
|
||||
6 | File | `memcached.c` | Medium
|
||||
7 | File | `PendingCommand.php` | High
|
||||
8 | File | `phNxpExtns_MifareStd.cpp` | High
|
||||
9 | File | `public/app/features/panel/panel_ctrl.ts` | High
|
||||
10 | File | `sapi/apache2handler/sapi_apache2.c` | High
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more IOA items available. Please use our online service to access the data.
|
||||
There are 14 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -63,9 +56,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Gholee - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Gholee](https://vuldb.com/?actor.gholee). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gholee](https://vuldb.com/?actor.gholee). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gholee](https://vuldb.com/?actor.gholee)
|
||||
|
||||
|
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Grabit - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Grabit](https://vuldb.com/?actor.grabit). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Grabit](https://vuldb.com/?actor.grabit). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.grabit](https://vuldb.com/?actor.grabit)
|
||||
|
||||
|
@ -51,15 +51,9 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/lists/admin/` | High
|
||||
3 | File | `/tmp` | Low
|
||||
4 | File | `api_poller.php` | High
|
||||
5 | File | `auth-gss2.c` | Medium
|
||||
6 | File | `convert.c` | Medium
|
||||
7 | File | `crypto/af_alg.c` | High
|
||||
8 | File | `download.rsp` | Medium
|
||||
9 | File | `inc/autoload.function.php` | High
|
||||
10 | File | `kernel/trace/ring_buffer.c` | High
|
||||
11 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 19 more IOA items available. Please use our online service to access the data.
|
||||
There are 25 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -71,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# GreyEnergy - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [GreyEnergy](https://vuldb.com/?actor.greyenergy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GreyEnergy](https://vuldb.com/?actor.greyenergy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.greyenergy](https://vuldb.com/?actor.greyenergy)
|
||||
|
||||
|
@ -26,13 +26,9 @@ ID | IP address | Hostname | Confidence
|
|||
3 | 37.59.14.94 | ns3317178.ip-37-59-14.eu | High
|
||||
4 | 46.249.49.231 | - | High
|
||||
5 | 62.210.77.169 | 62-210-77-169.rev.poneytelecom.eu | High
|
||||
6 | 82.118.236.23 | - | High
|
||||
7 | 85.25.211.10 | malta1466.dedicatedpanel.com | High
|
||||
8 | 88.198.13.116 | static.88.198.13.116.clients.your-server.de | High
|
||||
9 | 94.130.88.50 | static.50.88.130.94.clients.your-server.de | High
|
||||
10 | ... | ... | ...
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 17 more IOC items available. Please use our online service to access the data.
|
||||
There are 21 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -45,7 +41,7 @@ ID | Technique | Description | Confidence
|
|||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -63,9 +59,24 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/reports/temp` | High
|
||||
9 | File | `/rom-0` | Low
|
||||
10 | File | `/settings/avatar` | High
|
||||
11 | ... | ... | ...
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `/webman/info.cgi` | High
|
||||
13 | File | `/~user_handler` | High
|
||||
14 | File | `ad.php` | Low
|
||||
15 | File | `addentry.php` | Medium
|
||||
16 | File | `admin.php` | Medium
|
||||
17 | File | `admin/about.php` | High
|
||||
18 | File | `admin/scripts/FileUploader/php.php` | High
|
||||
19 | File | `admin/stats_products_viewed.php` | High
|
||||
20 | File | `ajax/render/widget_php` | High
|
||||
21 | File | `app/admin/controller/themecontroller.php` | High
|
||||
22 | File | `arch/arm/kernel/process.c` | High
|
||||
23 | File | `asm/parser.c` | Medium
|
||||
24 | File | `backend/Login/load/` | High
|
||||
25 | File | `bl-kernel/ajax/upload-images.php` | High
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 223 more IOA items available. Please use our online service to access the data.
|
||||
There are 214 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -77,9 +88,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -8,12 +8,12 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grizzly Steppe:
|
||||
|
||||
* CN
|
||||
* RU
|
||||
* US
|
||||
* ES
|
||||
* DK
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -168,36 +168,40 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/index.php?lfj=mysql&action=del` | High
|
||||
2 | File | `/authen/start/` | High
|
||||
3 | File | `/cgi-bin/luci/rc` | High
|
||||
4 | File | `/cms/ajax.php` | High
|
||||
5 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
6 | File | `/domain/service/.ewell-known/caldav` | High
|
||||
7 | File | `/download` | Medium
|
||||
8 | File | `/etc/hosts` | Medium
|
||||
9 | File | `/formWlanSetup` | High
|
||||
10 | File | `/include/chart_generator.php` | High
|
||||
11 | File | `/modules/profile/index.php` | High
|
||||
12 | File | `/monitoring` | Medium
|
||||
13 | File | `/music/ajax.php` | High
|
||||
14 | File | `/new` | Low
|
||||
15 | File | `/pandora_console/ajax.php` | High
|
||||
16 | File | `/plugins/servlet/audit/resource` | High
|
||||
17 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
18 | File | `/proc/<pid>/status` | High
|
||||
19 | File | `/public/plugins/` | High
|
||||
20 | File | `/rest/api/1.0/render` | High
|
||||
21 | File | `/RestAPI` | Medium
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
24 | File | `/tmp` | Low
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/var/log/nginx` | High
|
||||
27 | File | `account.php` | Medium
|
||||
28 | ... | ... | ...
|
||||
1 | File | `/admin/app.php` | High
|
||||
2 | File | `/admin/download_frame.php` | High
|
||||
3 | File | `/admin/index.php?lfj=mysql&action=del` | High
|
||||
4 | File | `/admin/maintenance/` | High
|
||||
5 | File | `/admin/submit-articles` | High
|
||||
6 | File | `/api/v2/labels/` | High
|
||||
7 | File | `/authen/start/` | High
|
||||
8 | File | `/cgi-bin/luci/rc` | High
|
||||
9 | File | `/cms/ajax.php` | High
|
||||
10 | File | `/dl/dl_sendsms.php` | High
|
||||
11 | File | `/domain/service/.ewell-known/caldav` | High
|
||||
12 | File | `/etc/passwd` | Medium
|
||||
13 | File | `/exponent_constants.php` | High
|
||||
14 | File | `/extensionsinstruction` | High
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/graphStatus/displayServiceStatus.php` | High
|
||||
17 | File | `/ifs` | Low
|
||||
18 | File | `/includes/upload.php` | High
|
||||
19 | File | `/index.php?m=ucenter&a=index` | High
|
||||
20 | File | `/info.xml` | Medium
|
||||
21 | File | `/login.php?m=admin&c=Admin&a=admin_add&lang=cn` | High
|
||||
22 | File | `/manage/loginusername` | High
|
||||
23 | File | `/music/ajax.php` | High
|
||||
24 | File | `/planprop` | Medium
|
||||
25 | File | `/question/ask` | High
|
||||
26 | File | `/tmp` | Low
|
||||
27 | File | `/var/ipfire/backup/bin/backup.pl` | High
|
||||
28 | File | `/woocommerce-stock-manager/trunk/admin/views/import-export.php` | High
|
||||
29 | File | `/wp-json` | Medium
|
||||
30 | File | `account.php` | Medium
|
||||
31 | File | `adclick.php` | Medium
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 240 more IOA items available. Please use our online service to access the data.
|
||||
There are 268 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Group 5 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Group 5](https://vuldb.com/?actor.group_5). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Group 5](https://vuldb.com/?actor.group_5). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.group_5](https://vuldb.com/?actor.group_5)
|
||||
|
||||
|
@ -24,9 +24,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -14,7 +14,7 @@ The following campaigns are known and can be associated with Inception:
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Inception:
|
||||
|
||||
* PL
|
||||
* IT
|
||||
* SV
|
||||
* FR
|
||||
* ...
|
||||
|
@ -65,21 +65,22 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/master/article.php` | High
|
||||
11 | File | `/mobile/SelectUsers.jsp` | High
|
||||
12 | File | `/ProteinArraySignificanceTest.json` | High
|
||||
13 | File | `/Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer` | High
|
||||
14 | File | `/web` | Low
|
||||
15 | File | `4.edu.php\conn\function.php` | High
|
||||
16 | File | `abc.c` | Low
|
||||
17 | File | `admin/bad.php` | High
|
||||
18 | File | `admin/dl_sendmail.php` | High
|
||||
19 | File | `admin/edit.php` | High
|
||||
20 | File | `admin/pages/useredit.php` | High
|
||||
21 | File | `AdminBaseController.class.php` | High
|
||||
22 | File | `AlertReceiver.java` | High
|
||||
23 | File | `AndroidManifest.xml` | High
|
||||
24 | File | `apc.php` | Low
|
||||
25 | ... | ... | ...
|
||||
13 | File | `/usr/local/bin/mjs` | High
|
||||
14 | File | `/Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer` | High
|
||||
15 | File | `/web` | Low
|
||||
16 | File | `4.edu.php\conn\function.php` | High
|
||||
17 | File | `abc.c` | Low
|
||||
18 | File | `admin/bad.php` | High
|
||||
19 | File | `admin/dl_sendmail.php` | High
|
||||
20 | File | `admin/edit.php` | High
|
||||
21 | File | `admin/pages/useredit.php` | High
|
||||
22 | File | `AdminBaseController.class.php` | High
|
||||
23 | File | `AlertReceiver.java` | High
|
||||
24 | File | `AndroidManifest.xml` | High
|
||||
25 | File | `apc.php` | Low
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 212 more IOA items available. Please use our online service to access the data.
|
||||
There are 214 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -32,11 +32,11 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
|
|||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1211 | 7PK Security Features | High
|
||||
3 | T1499 | Resource Consumption | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | 7PK Security Features | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -47,16 +47,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/administration/theme.php` | High
|
||||
2 | File | `/cgi-bin/webproc` | High
|
||||
3 | File | `basic/unit-name.c` | High
|
||||
4 | File | `fileman.php` | Medium
|
||||
5 | File | `login_up.php3` | High
|
||||
6 | File | `wp-admin/options-general.php` | High
|
||||
7 | Argument | `babInstallPath` | High
|
||||
8 | Argument | `edit` | Low
|
||||
9 | Argument | `getpage` | Low
|
||||
10 | Argument | `Manage Theme` | Medium
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available. Please use our online service to access the data.
|
||||
There are 16 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -73,4 +66,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Ircbot - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Ircbot](https://vuldb.com/?actor.ircbot). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ircbot](https://vuldb.com/?actor.ircbot). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.ircbot](https://vuldb.com/?actor.ircbot)
|
||||
|
||||
|
@ -41,9 +41,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Iron - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Iron](https://vuldb.com/?actor.iron). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Iron](https://vuldb.com/?actor.iron). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.iron](https://vuldb.com/?actor.iron)
|
||||
|
||||
|
@ -15,7 +15,6 @@ The following campaigns are known and can be associated with Iron:
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Iron:
|
||||
|
||||
* ES
|
||||
* BR
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -24,7 +23,7 @@ These indicators of compromise indicate associated network ressources which are
|
|||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 142.44.215.177 | ns554604.ip-142-44-215.net | High
|
||||
2 | 144.217.61.147 | sha16.getawaypains.com | High
|
||||
2 | 144.217.61.147 | ip147.ip-144-217-61.net | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -35,11 +34,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1008 | Algorithm Downgrade | High
|
||||
2 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | Cross Site Scripting | High
|
||||
4 | T1068 | Execution with Unnecessary Privileges | High
|
||||
5 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,18 +45,39 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\ASUS\GamingCenterLib` | High
|
||||
2 | File | `%PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\` | High
|
||||
3 | File | `%PROGRAMDATA%\WrData\PKG` | High
|
||||
4 | File | `/#/network?tab=network_node_list.html` | High
|
||||
5 | File | `/.htpasswd` | Medium
|
||||
6 | File | `/adherents/note.php?id=1` | High
|
||||
7 | File | `/admin/ajax/upload-profile-picture` | High
|
||||
8 | File | `/admin/gallery.php` | High
|
||||
9 | File | `/admin/media?` | High
|
||||
10 | File | `/admin/system_command.asp` | High
|
||||
11 | ... | ... | ...
|
||||
2 | File | `/account/login` | High
|
||||
3 | File | `/adherents/note.php?id=1` | High
|
||||
4 | File | `/admin/gallery.php` | High
|
||||
5 | File | `/Api/ASF` | Medium
|
||||
6 | File | `/bin/sh` | Low
|
||||
7 | File | `/cgi-bin/cgiServer.exx` | High
|
||||
8 | File | `/cgi?1&5` | Medium
|
||||
9 | File | `/clients/editclient.php` | High
|
||||
10 | File | `/device/device=140/tab=wifi/view` | High
|
||||
11 | File | `/dl/dl_sendmail.php` | High
|
||||
12 | File | `/downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language` | High
|
||||
13 | File | `/formStaticDHCP` | High
|
||||
14 | File | `/formVirtualApp` | High
|
||||
15 | File | `/formVirtualServ` | High
|
||||
16 | File | `/jsonrpc` | Medium
|
||||
17 | File | `/magnoliaAuthor/.magnolia/` | High
|
||||
18 | File | `/master/core/PostHandler.php` | High
|
||||
19 | File | `/medianet/sgcontentset.aspx` | High
|
||||
20 | File | `/Nodes-Traffic.php` | High
|
||||
21 | File | `/proc` | Low
|
||||
22 | File | `/proc/pid/syscall` | High
|
||||
23 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
|
||||
24 | File | `/rss.xml` | Medium
|
||||
25 | File | `/send_join` | Medium
|
||||
26 | File | `/settings/profile` | High
|
||||
27 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c` | High
|
||||
28 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
|
||||
29 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c` | High
|
||||
30 | File | `/sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c` | High
|
||||
31 | File | `/sysworkflow/en/neoclassic/reportTables/reportTables_Ajax` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 941 more IOA items available. Please use our online service to access the data.
|
||||
There are 277 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -71,9 +89,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# IsSpace - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [IsSpace](https://vuldb.com/?actor.isspace). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [IsSpace](https://vuldb.com/?actor.isspace). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.isspace](https://vuldb.com/?actor.isspace)
|
||||
|
||||
|
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Kimsuky - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Kimsuky](https://vuldb.com/?actor.kimsuky). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Kimsuky](https://vuldb.com/?actor.kimsuky). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.kimsuky](https://vuldb.com/?actor.kimsuky)
|
||||
|
||||
|
@ -45,7 +45,7 @@ ID | Technique | Description | Confidence
|
|||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -58,14 +58,10 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/expert_wizard.php` | High
|
||||
4 | File | `/mc` | Low
|
||||
5 | File | `/tlogin.cgi` | Medium
|
||||
6 | File | `ajax/render/widget_php` | High
|
||||
7 | File | `android/webkit/SearchBoxImpl.java` | High
|
||||
8 | File | `conf.c` | Low
|
||||
9 | File | `etcd.conf` | Medium
|
||||
10 | File | `form/formDeviceVerGet` | High
|
||||
11 | ... | ... | ...
|
||||
6 | File | `/upload` | Low
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 40 more IOA items available. Please use our online service to access the data.
|
||||
There are 50 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -78,9 +74,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,20 +1,9 @@
|
|||
# Kovter - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Kovter](https://vuldb.com/?actor.kovter). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Kovter](https://vuldb.com/?actor.kovter). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.kovter](https://vuldb.com/?actor.kovter)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kovter:
|
||||
|
||||
* US
|
||||
* CO
|
||||
* ES
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Kovter.
|
||||
|
@ -41,42 +30,38 @@ ID | IP address | Hostname | Confidence
|
|||
18 | 15.20.52.109 | - | High
|
||||
19 | 15.139.129.226 | - | High
|
||||
20 | 16.6.63.101 | - | High
|
||||
21 | ... | ... | ...
|
||||
21 | 17.5.115.62 | - | High
|
||||
22 | 18.129.149.91 | - | High
|
||||
23 | 19.4.19.84 | - | High
|
||||
24 | 20.133.243.96 | - | High
|
||||
25 | 21.156.102.3 | - | High
|
||||
26 | 21.250.19.72 | - | High
|
||||
27 | 23.28.96.141 | d28-23-141-96.dim.wideopenwest.com | High
|
||||
28 | 23.209.185.165 | a23-209-185-165.deploy.static.akamaitechnologies.com | High
|
||||
29 | 23.218.142.25 | a23-218-142-25.deploy.static.akamaitechnologies.com | High
|
||||
30 | 23.244.235.167 | d-23-244-235-167.paw.cpe.atlanticbb.net | High
|
||||
31 | 24.70.206.40 | S01061033bff95647.ok.shawcable.net | High
|
||||
32 | 25.126.223.94 | - | High
|
||||
33 | 26.128.193.14 | - | High
|
||||
34 | 31.182.109.21 | staticline-31-182-109-21.toya.net.pl | High
|
||||
35 | 32.155.198.200 | - | High
|
||||
36 | 32.202.176.158 | - | High
|
||||
37 | 34.99.159.215 | 215.159.99.34.bc.googleusercontent.com | Medium
|
||||
38 | 36.91.156.204 | - | High
|
||||
39 | 36.105.72.159 | - | High
|
||||
40 | 36.211.14.156 | - | High
|
||||
41 | 37.34.87.162 | - | High
|
||||
42 | 37.35.132.115 | 115.132.35.37.dynamic.jazztel.es | High
|
||||
43 | 37.43.2.233 | - | High
|
||||
44 | 37.67.195.64 | 64.195.67.37.rev.sfr.net | High
|
||||
45 | 37.191.164.233 | 233.37-191-164.fiber.lynet.no | High
|
||||
46 | 38.64.142.137 | - | High
|
||||
47 | 38.110.242.41 | 38-110-242-41.ndemand.com | High
|
||||
48 | 38.186.206.106 | - | High
|
||||
49 | 39.41.74.205 | - | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 225 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Kovter. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | 7PK Security Features | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Kovter. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `add_comment.php` | High
|
||||
2 | File | `admin-ajax.php` | High
|
||||
3 | File | `admin.php` | Medium
|
||||
4 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
|
||||
5 | File | `avrc_pars_tg.cc` | High
|
||||
6 | File | `base_maintenance.php` | High
|
||||
7 | File | `cgi-bin/webupg` | High
|
||||
8 | File | `cgi-bin/write.cgi` | High
|
||||
9 | File | `CMSPages/GetDocLink.ashx` | High
|
||||
10 | File | `controllers/admin.js` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 43 more IOA items available. Please use our online service to access the data.
|
||||
There are 196 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -97,9 +82,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
# LDMiner - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [LDMiner](https://vuldb.com/?actor.ldminer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LDMiner](https://vuldb.com/?actor.ldminer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.ldminer](https://vuldb.com/?actor.ldminer)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LDMiner:
|
||||
|
||||
* DE
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of LDMiner.
|
||||
|
@ -12,6 +18,14 @@ ID | IP address | Hostname | Confidence
|
|||
-- | ---------- | -------- | ----------
|
||||
1 | 167.71.87.85 | - | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by LDMiner. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `PARAM.SFO` | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
|
@ -22,9 +36,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -19,12 +19,8 @@ There are 5 more campaign items available. Please use our online service to acce
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lazarus:
|
||||
|
||||
* VN
|
||||
* FR
|
||||
* IN
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
* CL
|
||||
* AE
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -119,7 +115,7 @@ ID | IP address | Hostname | Confidence
|
|||
85 | 31.168.203.44 | bzq-203-168-31-44.red.bezeqint.net | High
|
||||
86 | 36.71.90.4 | - | High
|
||||
87 | 37.34.240.177 | - | High
|
||||
88 | 37.48.106.69 | high-convey.blockother.com | High
|
||||
88 | 37.48.106.69 | - | High
|
||||
89 | 37.71.50.2 | 2.50.71.37.rev.sfr.net | High
|
||||
90 | 37.75.0.98 | - | High
|
||||
91 | 37.75.2.203 | - | High
|
||||
|
@ -235,22 +231,46 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/login.php` | High
|
||||
2 | File | `/ajax_crud` | Medium
|
||||
3 | File | `/core/table/query` | High
|
||||
4 | File | `/dev/ion` | Medium
|
||||
5 | File | `/ecma/operations/ecma-objects.c` | High
|
||||
6 | File | `/GetCopiedFile` | High
|
||||
7 | File | `/hdf5/src/H5T.c` | High
|
||||
8 | File | `/jerry-core/ecma/operations/ecma-get-put-value.c` | High
|
||||
9 | File | `/jerry-core/ecma/operations/ecma-typedarray-object.c` | High
|
||||
10 | File | `/leave_system/classes/Login.php` | High
|
||||
11 | File | `/plugin` | Low
|
||||
12 | File | `/rest/collectors/1.0/template/custom` | High
|
||||
13 | File | `/risque/administration/referentiel/json/create/categorie` | High
|
||||
14 | ... | ... | ...
|
||||
1 | File | `/?/admin/snippet/add` | High
|
||||
2 | File | `/?admin/user.html` | High
|
||||
3 | File | `/admin.php/Foodcat/addsave` | High
|
||||
4 | File | `/admin/users/update` | High
|
||||
5 | File | `/api` | Low
|
||||
6 | File | `/cgi-bin/api-get_line_status` | High
|
||||
7 | File | `/cgi-bin/delete_CA` | High
|
||||
8 | File | `/cgi-bin/New_GUI/Acl.asp` | High
|
||||
9 | File | `/cgi?` | Low
|
||||
10 | File | `/contentshare/image/data/user/0/com.sony.dtv.photosharingplus/files/_BRAVPSS.TMP/LJYT0010.JPG` | High
|
||||
11 | File | `/EASYIO30P-123456789012345678901234567890123456789012345678/webuser.js` | High
|
||||
12 | File | `/EASYIO30P-<session_token>/dev.htm` | High
|
||||
13 | File | `/EXCU_SHELL` | Medium
|
||||
14 | File | `/goform/systemlog?cmd=set` | High
|
||||
15 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
16 | File | `/HNAP1/SetClientInfoDemo` | High
|
||||
17 | File | `/images/browserslide.jpg` | High
|
||||
18 | File | `/Kofax/KFS/ThinClient/document/upload/` | High
|
||||
19 | File | `/manager?action=getlogcat` | High
|
||||
20 | File | `/mc` | Low
|
||||
21 | File | `/oauth/token/request` | High
|
||||
22 | File | `/opencms/system/workplace/admin/accounts/user_new.jsp` | High
|
||||
23 | File | `/PreviewHandler.ashx` | High
|
||||
24 | File | `/priv_mgt.html` | High
|
||||
25 | File | `/protected/vendor/codeception/codeception/tests/data/app/view/index.php` | High
|
||||
26 | File | `/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf` | High
|
||||
27 | File | `/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf` | High
|
||||
28 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
29 | File | `/spap.htm` | Medium
|
||||
30 | File | `/system-info/health` | High
|
||||
31 | File | `/tmp/scfgdndf` | High
|
||||
32 | File | `/ubus/controller.icc.update_nds_webroot_from_tmp` | High
|
||||
33 | File | `/ubus/uci.apply` | High
|
||||
34 | File | `/usr/syno/etc/mount.conf` | High
|
||||
35 | File | `/var/log/groonga` | High
|
||||
36 | File | `/var/run/jboss-eap/` | High
|
||||
37 | File | `/vendors/neato/robots/[robot_serial]/messages` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 115 more IOA items available. Please use our online service to access the data.
|
||||
There are 326 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# LazyScripter - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [LazyScripter](https://vuldb.com/?actor.lazyscripter). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LazyScripter](https://vuldb.com/?actor.lazyscripter). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.lazyscripter](https://vuldb.com/?actor.lazyscripter)
|
||||
|
||||
|
@ -37,7 +37,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `item_show.php` | High
|
||||
2 | Library | `eselleratecontrol365.dll` | High
|
||||
3 | Argument | `code_no` | Low
|
||||
4 | Argument | `first` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -49,9 +51,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -0,0 +1,157 @@
|
|||
# Liberty Front Press - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Liberty Front Press](https://vuldb.com/?actor.liberty_front_press). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.liberty_front_press](https://vuldb.com/?actor.liberty_front_press)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Liberty Front Press:
|
||||
|
||||
* US
|
||||
* VN
|
||||
* CN
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Liberty Front Press.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 5.9.96.104 | static.104.96.9.5.clients.your-server.de | High
|
||||
2 | 5.79.68.107 | - | High
|
||||
3 | 5.79.68.109 | - | High
|
||||
4 | 5.79.68.110 | - | High
|
||||
5 | 5.220.32.26 | - | High
|
||||
6 | 18.197.248.23 | eu-staticip.multiscreensite.com | High
|
||||
7 | 34.98.99.30 | 30.99.98.34.bc.googleusercontent.com | Medium
|
||||
8 | 34.102.136.180 | 180.136.102.34.bc.googleusercontent.com | Medium
|
||||
9 | 34.208.93.148 | ec2-34-208-93-148.us-west-2.compute.amazonaws.com | Medium
|
||||
10 | 34.211.118.203 | ec2-34-211-118-203.us-west-2.compute.amazonaws.com | Medium
|
||||
11 | 34.211.213.227 | ec2-34-211-213-227.us-west-2.compute.amazonaws.com | Medium
|
||||
12 | 34.214.135.41 | ec2-34-214-135-41.us-west-2.compute.amazonaws.com | Medium
|
||||
13 | 34.224.160.149 | ec2-34-224-160-149.compute-1.amazonaws.com | Medium
|
||||
14 | 37.48.65.148 | - | High
|
||||
15 | 37.48.65.149 | - | High
|
||||
16 | 37.48.65.150 | - | High
|
||||
17 | 37.48.65.151 | - | High
|
||||
18 | 37.48.65.152 | - | High
|
||||
19 | 37.48.65.153 | - | High
|
||||
20 | 37.48.65.154 | - | High
|
||||
21 | 37.48.65.155 | - | High
|
||||
22 | 44.229.223.74 | ec2-44-229-223-74.us-west-2.compute.amazonaws.com | Medium
|
||||
23 | 46.4.6.184 | static.184.6.4.46.clients.your-server.de | High
|
||||
24 | 46.166.182.52 | const-de.easywaypath.com | High
|
||||
25 | 46.166.182.55 | - | High
|
||||
26 | 46.166.182.56 | server.eversservices.com | High
|
||||
27 | 46.166.184.102 | 102.http-proxy1.cloudns.net | High
|
||||
28 | 46.166.184.104 | 104.http-proxy1.cloudns.net | High
|
||||
29 | 47.91.170.222 | - | High
|
||||
30 | 49.128.177.81 | ipv4-81-177-128.as55666.net | High
|
||||
31 | 50.112.29.189 | ec2-50-112-29-189.us-west-2.compute.amazonaws.com | Medium
|
||||
32 | 50.112.46.4 | ec2-50-112-46-4.us-west-2.compute.amazonaws.com | Medium
|
||||
33 | 51.89.88.96 | cloud08.aztcotechnology.com | High
|
||||
34 | 51.254.232.56 | ip56.ip-51-254-232.eu | High
|
||||
35 | 52.8.174.68 | ec2-52-8-174-68.us-west-1.compute.amazonaws.com | Medium
|
||||
36 | 52.11.10.90 | ec2-52-11-10-90.us-west-2.compute.amazonaws.com | Medium
|
||||
37 | 52.40.118.225 | ec2-52-40-118-225.us-west-2.compute.amazonaws.com | Medium
|
||||
38 | 52.43.21.0 | ec2-52-43-21-0.us-west-2.compute.amazonaws.com | Medium
|
||||
39 | 52.59.120.70 | eu-staticip2.multiscreensite.com | High
|
||||
40 | 52.128.23.153 | - | High
|
||||
41 | 52.213.114.86 | ec2-52-213-114-86.eu-west-1.compute.amazonaws.com | Medium
|
||||
42 | 54.37.218.50 | ip50.ip-54-37-218.eu | High
|
||||
43 | 54.38.220.85 | ns1.emailverification.info | High
|
||||
44 | 62.171.177.42 | vmi498625.contaboserver.net | High
|
||||
45 | 63.143.32.94 | 94-32-143-63.static.reverse.lstn.net | High
|
||||
46 | 66.152.163.75 | host104.cloud-hostdone.com | High
|
||||
47 | 69.172.201.153 | - | High
|
||||
48 | 69.172.201.208 | - | High
|
||||
49 | 72.1.32.168 | usdreamers.net | High
|
||||
50 | 78.46.102.123 | static.123.102.46.78.clients.your-server.de | High
|
||||
51 | 78.47.230.139 | static.139.230.47.78.server1.uaehost.space | High
|
||||
52 | 79.143.85.44 | - | High
|
||||
53 | 81.169.145.149 | w95.rzone.de | High
|
||||
54 | 85.159.233.35 | - | High
|
||||
55 | 85.159.233.60 | . | High
|
||||
56 | 88.198.13.86 | static.88.198.13.86.clients.your-server.de | High
|
||||
57 | 88.198.48.179 | static.88.198.48.179.clients.your-server.de | High
|
||||
58 | 88.198.56.139 | static.88-198-56-139.clients.your-server.de | High
|
||||
59 | 91.195.240.117 | - | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 238 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Liberty Front Press. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Liberty Front Press. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.ssh/authorized_keys` | High
|
||||
2 | File | `/car.php` | Medium
|
||||
3 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
4 | File | `/dashboards/#` | High
|
||||
5 | File | `/etc/controller-agent/agent.conf` | High
|
||||
6 | File | `/etc/hosts` | Medium
|
||||
7 | File | `/etc/sudoers` | Medium
|
||||
8 | File | `/filemanager/php/connector.php` | High
|
||||
9 | File | `/forum/away.php` | High
|
||||
10 | File | `/fudforum/adm/hlplist.php` | High
|
||||
11 | File | `/GponForm/fsetup_Form` | High
|
||||
12 | File | `/log_download.cgi` | High
|
||||
13 | File | `/modules/profile/index.php` | High
|
||||
14 | File | `/monitoring` | Medium
|
||||
15 | File | `/new` | Low
|
||||
16 | File | `/out.php` | Medium
|
||||
17 | File | `/proc/<pid>/status` | High
|
||||
18 | File | `/public/plugins/` | High
|
||||
19 | File | `/s/` | Low
|
||||
20 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
21 | File | `/server-info` | Medium
|
||||
22 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
23 | File | `/tmp` | Low
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/updown/upload.cgi` | High
|
||||
26 | File | `/usr/bin/pkexec` | High
|
||||
27 | File | `/way4acs/enroll` | High
|
||||
28 | File | `/WEB-INF/web.xml` | High
|
||||
29 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
30 | File | `4.2.0.CP09` | Medium
|
||||
31 | File | `actions/CompanyDetailsSave.php` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 269 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
|
||||
* https://circleid.com/posts/20210708-liberty-front-press-network-an-ioc-enrichment-amp-threat-intel
|
||||
* https://ddanchev.blogspot.com/2022/01/profiling-liberty-front-press-network.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -1,6 +1,6 @@
|
|||
# Lilith RAT - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Lilith RAT](https://vuldb.com/?actor.lilith_rat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Lilith RAT](https://vuldb.com/?actor.lilith_rat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.lilith_rat](https://vuldb.com/?actor.lilith_rat)
|
||||
|
||||
|
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# LinuxMoose - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [LinuxMoose](https://vuldb.com/?actor.linuxmoose). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LinuxMoose](https://vuldb.com/?actor.linuxmoose). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.linuxmoose](https://vuldb.com/?actor.linuxmoose)
|
||||
|
||||
|
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* SV
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -33,17 +33,9 @@ ID | IP address | Hostname | Confidence
|
|||
10 | 77.247.178.177 | - | High
|
||||
11 | 79.176.26.142 | bzq-79-176-26-142.red.bezeqint.net | High
|
||||
12 | 82.146.63.15 | ebay2.com | High
|
||||
13 | 85.159.237.107 | www.lydiavanderbie.nl | High
|
||||
14 | 85.159.237.108 | - | High
|
||||
15 | 85.159.237.111 | path-enews-sum.firmtan.net | High
|
||||
16 | 93.190.139.123 | customer.worldstream.nl | High
|
||||
17 | 93.190.139.147 | customer.worldstream.nl | High
|
||||
18 | 93.190.140.221 | customer.worldstream.nl | High
|
||||
19 | 93.190.142.113 | transitput.com | High
|
||||
20 | 93.190.143.60 | wsrtc.parejas.net | High
|
||||
21 | ... | ... | ...
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 40 more IOC items available. Please use our online service to access the data.
|
||||
There are 48 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -74,9 +66,34 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
9 | File | `/download` | Medium
|
||||
10 | File | `/drivers/vhost/net.c` | High
|
||||
11 | ... | ... | ...
|
||||
11 | File | `/include/chart_generator.php` | High
|
||||
12 | File | `/medical/inventories.php` | High
|
||||
13 | File | `/NAGErrors` | Medium
|
||||
14 | File | `/ndxzstudio/install.php?p=2` | High
|
||||
15 | File | `/nova/bin/lcdstat` | High
|
||||
16 | File | `/nova/bin/sniffer` | High
|
||||
17 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
|
||||
18 | File | `/pages.php` | Medium
|
||||
19 | File | `/pages/doeditattachment.action` | High
|
||||
20 | File | `/product_list.php` | High
|
||||
21 | File | `/public/login.htm` | High
|
||||
22 | File | `/rapi/read_url` | High
|
||||
23 | File | `/rest/api/1.0/render` | High
|
||||
24 | File | `/tmp/csman/0` | Medium
|
||||
25 | File | `/tmp/phpglibccheck` | High
|
||||
26 | File | `/tools_admin.asp` | High
|
||||
27 | File | `/trx_addons/v2/get/sc_layout` | High
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/usr/sbin/suexec` | High
|
||||
30 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
31 | File | `abm.aspx` | Medium
|
||||
32 | File | `abook_database.php` | High
|
||||
33 | File | `adclick.php` | Medium
|
||||
34 | File | `addresses_export.php` | High
|
||||
35 | File | `add_comment.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 321 more IOA items available. Please use our online service to access the data.
|
||||
There are 304 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -89,9 +106,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# LockBit - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [LockBit](https://vuldb.com/?actor.lockbit). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LockBit](https://vuldb.com/?actor.lockbit). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.lockbit](https://vuldb.com/?actor.lockbit)
|
||||
|
||||
|
@ -29,9 +29,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# LockFile - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [LockFile](https://vuldb.com/?actor.lockfile). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LockFile](https://vuldb.com/?actor.lockfile). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.lockfile](https://vuldb.com/?actor.lockfile)
|
||||
|
||||
|
@ -48,13 +48,9 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/uncpath/` | Medium
|
||||
5 | File | `/_next` | Low
|
||||
6 | File | `add_edit_user.asp` | High
|
||||
7 | File | `admin/category.inc.php` | High
|
||||
8 | File | `cds-fpdf.php` | Medium
|
||||
9 | File | `cgi-bin/MANGA/admin.cgi` | High
|
||||
10 | File | `content.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 45 more IOA items available. Please use our online service to access the data.
|
||||
There are 49 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -66,9 +62,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Locky - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Locky](https://vuldb.com/?actor.locky). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Locky](https://vuldb.com/?actor.locky). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.locky](https://vuldb.com/?actor.locky)
|
||||
|
||||
|
@ -21,11 +21,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 5.173.164.205 | user-5-173-164-205.play-internet.pl | High
|
||||
2 | 46.38.52.225 | free.tel.ru | High
|
||||
3 | 46.101.8.169 | - | High
|
||||
4 | 46.148.20.32 | sa3.net.ua | High
|
||||
5 | 51.254.181.122 | mail2.asiaecampaign.com | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -52,13 +50,9 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/ISAPI/Security/users/1` | High
|
||||
5 | File | `addentry.php` | Medium
|
||||
6 | File | `data/gbconfiguration.dat` | High
|
||||
7 | File | `email.php` | Medium
|
||||
8 | File | `flac.c` | Low
|
||||
9 | File | `inc/config.php` | High
|
||||
10 | File | `inc/filebrowser/browser.php` | High
|
||||
11 | ... | ... | ...
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 43 more IOA items available. Please use our online service to access the data.
|
||||
There are 47 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -71,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Machete - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Machete](https://vuldb.com/?actor.machete). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Machete](https://vuldb.com/?actor.machete). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.machete](https://vuldb.com/?actor.machete)
|
||||
|
||||
|
@ -50,16 +50,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/admin/config.php?display=backup` | High
|
||||
2 | File | `/proc/self/cwd` | High
|
||||
3 | File | `file_download.php` | High
|
||||
4 | File | `includes/startup.php` | High
|
||||
5 | File | `index.php` | Medium
|
||||
6 | File | `index.php?pg=moderated` | High
|
||||
7 | File | `products1h.php` | High
|
||||
8 | File | `upload.php` | Medium
|
||||
9 | File | `visitormessage.php` | High
|
||||
10 | File | `wp-admin/user-new.php` | High
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available. Please use our online service to access the data.
|
||||
There are 13 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -72,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Magecart - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Magecart](https://vuldb.com/?actor.magecart). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Magecart](https://vuldb.com/?actor.magecart). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.magecart](https://vuldb.com/?actor.magecart)
|
||||
|
||||
|
@ -8,12 +8,12 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Magecart:
|
||||
|
||||
* SV
|
||||
* PL
|
||||
* ES
|
||||
* DE
|
||||
* IT
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -28,14 +28,9 @@ ID | IP address | Hostname | Confidence
|
|||
5 | 37.59.47.208 | ns3000975.ip-37-59-47.eu | High
|
||||
6 | 47.254.175.211 | - | High
|
||||
7 | 51.83.209.11 | ip11.ip-51-83-209.eu | High
|
||||
8 | 54.38.49.244 | ip244.ip-54-38-49.eu | High
|
||||
9 | 62.133.58.60 | - | High
|
||||
10 | 74.119.239.234 | - | High
|
||||
11 | 76.119.1.112 | c-76-119-1-112.hsd1.ct.comcast.net | High
|
||||
12 | 88.99.66.31 | iplogger.com | High
|
||||
13 | ... | ... | ...
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
There are 27 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -43,14 +38,12 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
|
|||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1008 | Algorithm Downgrade | High
|
||||
2 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | Cross Site Scripting | High
|
||||
4 | T1068 | Execution with Unnecessary Privileges | High
|
||||
5 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
6 | ... | ... | ...
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -58,19 +51,33 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$HOME/.cdrdao` | High
|
||||
2 | File | `%LOCALAPPDATA%\Zemana\ZALSDK\MyRules2.ini` | High
|
||||
3 | File | `%PROGRAMFILES(X86)%\Teradici\PCoIP.exe` | High
|
||||
4 | File | `%SYSTEMDRIVE%\ProgramData\exclusions.dat` | High
|
||||
5 | File | `.config/Yubico` | High
|
||||
6 | File | `.git/hooks/post-update` | High
|
||||
7 | File | `.htaccess` | Medium
|
||||
8 | File | `/?q` | Low
|
||||
9 | File | `/admin.php/Foodcat/addsave` | High
|
||||
10 | File | `/admin.php?page=tags` | High
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/admin.html?do=user&act=add` | High
|
||||
2 | File | `/admin/login.php` | High
|
||||
3 | File | `/ad_js.php` | Medium
|
||||
4 | File | `/changePassword` | High
|
||||
5 | File | `/check_availability.php` | High
|
||||
6 | File | `/DataHandler/Handler_CFG.ashx` | High
|
||||
7 | File | `/enginemanager/server/user/delete.htm` | High
|
||||
8 | File | `/files.md5` | Medium
|
||||
9 | File | `/home/user/dir` | High
|
||||
10 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
|
||||
11 | File | `/message-bus/_diagnostics` | High
|
||||
12 | File | `/metrics` | Medium
|
||||
13 | File | `/plesk-site-preview/` | High
|
||||
14 | File | `/plugin/jcapture/applet.php` | High
|
||||
15 | File | `/preferences/tags` | High
|
||||
16 | File | `/secure/EditSubscription.jspa` | High
|
||||
17 | File | `/Storage/Emulated/0/Telegram/Telegram` | High
|
||||
18 | File | `/Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer` | High
|
||||
19 | File | `/way4acs/enroll` | High
|
||||
20 | File | `acl.c` | Low
|
||||
21 | File | `ActivityManagerShellCommand.java` | High
|
||||
22 | File | `admin/plugin.php` | High
|
||||
23 | File | `applicationContext-spring-security.xml` | High
|
||||
24 | File | `apprise/plugins/NotifyIFTTT.py` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 2350 more IOA items available. Please use our online service to access the data.
|
||||
There are 206 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -83,9 +90,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Matsnu - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Matsnu](https://vuldb.com/?actor.matsnu). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Matsnu](https://vuldb.com/?actor.matsnu). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.matsnu](https://vuldb.com/?actor.matsnu)
|
||||
|
||||
|
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Mofang - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Mofang](https://vuldb.com/?actor.mofang). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Mofang](https://vuldb.com/?actor.mofang). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.mofang](https://vuldb.com/?actor.mofang)
|
||||
|
||||
|
@ -26,13 +26,9 @@ ID | IP address | Hostname | Confidence
|
|||
3 | 23.89.201.173 | - | High
|
||||
4 | 38.109.190.55 | ftp2.accs.net | High
|
||||
5 | 49.213.18.15 | - | High
|
||||
6 | 50.117.47.66 | - | High
|
||||
7 | 50.117.47.67 | - | High
|
||||
8 | 61.250.92.79 | - | High
|
||||
9 | 103.39.78.131 | - | High
|
||||
10 | ... | ... | ...
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 16 more IOC items available. Please use our online service to access the data.
|
||||
There are 20 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -55,17 +51,16 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/admin/index.php` | High
|
||||
3 | File | `/message/ajax/send/` | High
|
||||
4 | File | `/sitecore/client/Applications/List Manager/Taskpages/Contact list` | High
|
||||
5 | File | `add_comment.php` | High
|
||||
6 | File | `app/controllers/application_controller.rb` | High
|
||||
7 | File | `application\api\controller\User.php` | High
|
||||
8 | File | `blog.php` | Medium
|
||||
9 | File | `classes/Visualizer/Gutenberg/Block.php` | High
|
||||
10 | File | `content_timeline_class.php` | High
|
||||
11 | ... | ... | ...
|
||||
3 | File | `/cgi-mod/lookup.cgi` | High
|
||||
4 | File | `/message/ajax/send/` | High
|
||||
5 | File | `/sitecore/client/Applications/List Manager/Taskpages/Contact list` | High
|
||||
6 | File | `add_comment.php` | High
|
||||
7 | File | `app/controllers/application_controller.rb` | High
|
||||
8 | File | `application\api\controller\User.php` | High
|
||||
9 | File | `blog.php` | Medium
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 71 more IOA items available. Please use our online service to access the data.
|
||||
There are 75 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -78,9 +73,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Naikon - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Naikon](https://vuldb.com/?actor.naikon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Naikon](https://vuldb.com/?actor.naikon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.naikon](https://vuldb.com/?actor.naikon)
|
||||
|
||||
|
@ -26,13 +26,10 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 47.241.127.190 | - | High
|
||||
2 | 50.117.115.89 | - | High
|
||||
3 | 50.117.115.90 | - | High
|
||||
4 | 65.19.141.203 | - | High
|
||||
5 | 65.19.157.205 | gigabitethernet1-1-38.switch35.fmt2.he.net | High
|
||||
6 | 116.52.84.70 | - | High
|
||||
7 | 124.156.241.24 | - | High
|
||||
8 | ... | ... | ...
|
||||
4 | 65.19.141.203 | shibakov.org | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 13 more IOC items available. Please use our online service to access the data.
|
||||
There are 16 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -62,10 +59,9 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `admin/user_activate_submit.php` | High
|
||||
8 | File | `browse-scategory.php` | High
|
||||
9 | File | `classes/Visualizer/Gutenberg/Block.php` | High
|
||||
10 | File | `colors.py` | Medium
|
||||
11 | ... | ... | ...
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 77 more IOA items available. Please use our online service to access the data.
|
||||
There are 78 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -80,9 +76,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Nymaim - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Nymaim](https://vuldb.com/?actor.nymaim). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Nymaim](https://vuldb.com/?actor.nymaim). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.nymaim](https://vuldb.com/?actor.nymaim)
|
||||
|
||||
|
@ -27,13 +27,9 @@ ID | IP address | Hostname | Confidence
|
|||
4 | 47.91.242.212 | - | High
|
||||
5 | 51.218.181.145 | - | High
|
||||
6 | 52.85.144.32 | server-52-85-144-32.iad89.r.cloudfront.net | High
|
||||
7 | 52.114.128.43 | - | High
|
||||
8 | 77.29.56.4 | - | High
|
||||
9 | 78.28.210.44 | - | High
|
||||
10 | 78.90.243.124 | - | High
|
||||
11 | ... | ... | ...
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 18 more IOC items available. Please use our online service to access the data.
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -44,10 +40,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -56,18 +51,31 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/adfs/ls` | Medium
|
||||
2 | File | `/IISADMPWD` | Medium
|
||||
3 | File | `/monitor/s_headmodel.php` | High
|
||||
4 | File | `/pro/repo-create.html` | High
|
||||
5 | File | `/server-info` | Medium
|
||||
6 | File | `/services` | Medium
|
||||
7 | File | `/test/cookie/` | High
|
||||
8 | File | `/uncpath/` | Medium
|
||||
9 | File | `/usr/bin/at` | Medium
|
||||
10 | File | `/WEB-INF/web.xml` | High
|
||||
11 | ... | ... | ...
|
||||
2 | File | `/appliance/users?action=edit` | High
|
||||
3 | File | `/config/getuser` | High
|
||||
4 | File | `/IISADMPWD` | Medium
|
||||
5 | File | `/login` | Low
|
||||
6 | File | `/monitor/s_headmodel.php` | High
|
||||
7 | File | `/pro/repo-create.html` | High
|
||||
8 | File | `/public/plugins/` | High
|
||||
9 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
10 | File | `/server-info` | Medium
|
||||
11 | File | `/services` | Medium
|
||||
12 | File | `/test/cookie/` | High
|
||||
13 | File | `/uncpath/` | Medium
|
||||
14 | File | `/usr/bin/at` | Medium
|
||||
15 | File | `/usr/bin/pkexec` | High
|
||||
16 | File | `/WEB-INF/web.xml` | High
|
||||
17 | File | `admin-ajax.php` | High
|
||||
18 | File | `AndroidManifest.xml` | High
|
||||
19 | File | `app/View/Galaxies/view.ctp` | High
|
||||
20 | File | `apply.cgi` | Medium
|
||||
21 | File | `binder.c` | Medium
|
||||
22 | File | `bl-kernel/security.class.php` | High
|
||||
23 | File | `C:/evil.bat"` | Medium
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 172 more IOA items available. Please use our online service to access the data.
|
||||
There are 200 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -81,9 +89,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -27,4 +27,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Palevo - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Palevo](https://vuldb.com/?actor.palevo). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Palevo](https://vuldb.com/?actor.palevo). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.palevo](https://vuldb.com/?actor.palevo)
|
||||
|
||||
|
@ -24,10 +24,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 42.120.158.78 | - | High
|
||||
2 | 67.210.170.169 | 67-210-170.169.static.tel-ott.com | High
|
||||
3 | 76.74.255.138 | loom.com | High
|
||||
4 | 82.196.6.164 | - | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -52,15 +51,9 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `epan/dissectors/packet-ldss.c` | High
|
||||
3 | File | `epan/dissectors/packet-rtmpt.c` | High
|
||||
4 | File | `epan/dissectors/packet-wsp.c` | High
|
||||
5 | File | `gd_gif_in.c` | Medium
|
||||
6 | File | `httpd.conf` | Medium
|
||||
7 | File | `includes/upload.php` | High
|
||||
8 | File | `index.php` | Medium
|
||||
9 | File | `ipc/shm.c` | Medium
|
||||
10 | File | `libass/ass_shaper.c` | High
|
||||
11 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 23 more IOA items available. Please use our online service to access the data.
|
||||
There are 29 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -72,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Phorpiex - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Phorpiex](https://vuldb.com/?actor.phorpiex). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Phorpiex](https://vuldb.com/?actor.phorpiex). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.phorpiex](https://vuldb.com/?actor.phorpiex)
|
||||
|
||||
|
@ -15,12 +15,9 @@ ID | IP address | Hostname | Confidence
|
|||
3 | 74.125.155.40 | iad23s82-in-f8.1e100.net | High
|
||||
4 | 74.125.155.102 | iad23s88-in-f6.1e100.net | High
|
||||
5 | 74.125.192.94 | qn-in-f94.1e100.net | High
|
||||
6 | 92.63.197.48 | - | High
|
||||
7 | 92.63.197.60 | - | High
|
||||
8 | 92.63.197.153 | - | High
|
||||
9 | ... | ... | ...
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 15 more IOC items available. Please use our online service to access the data.
|
||||
There are 18 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -40,16 +37,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `ajax/api/hook/decodeArguments` | High
|
||||
2 | File | `breadcrumbs_create.php` | High
|
||||
3 | File | `forumrunner/includes/moderation.php` | High
|
||||
4 | File | `includes/startup.php` | High
|
||||
5 | File | `includes/ucp/ucp_pm_options.php` | High
|
||||
6 | File | `install.php` | Medium
|
||||
7 | File | `links.php` | Medium
|
||||
8 | File | `modcp.php` | Medium
|
||||
9 | File | `moderate.php` | Medium
|
||||
10 | File | `profile.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 15 more IOA items available. Please use our online service to access the data.
|
||||
There are 22 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -64,9 +54,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Poisoned Handover - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Poisoned Handover](https://vuldb.com/?actor.poisoned_handover). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Poisoned Handover](https://vuldb.com/?actor.poisoned_handover). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.poisoned_handover](https://vuldb.com/?actor.poisoned_handover)
|
||||
|
||||
|
@ -52,16 +52,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/cgi-bin/` | Medium
|
||||
3 | File | `cci_dir` | Low
|
||||
4 | File | `com.ibm.wsspi.wssecurity.core` | High
|
||||
5 | File | `content.php` | Medium
|
||||
6 | File | `libqpdf/QPDFWriter.cc` | High
|
||||
7 | File | `manual/search.texi` | High
|
||||
8 | File | `plugins\U3DBrowser.fpi` | High
|
||||
9 | File | `PulseSecureService.exe` | High
|
||||
10 | File | `rwcgi60` | Low
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOA items available. Please use our online service to access the data.
|
||||
There are 18 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -73,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Potao - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Potao](https://vuldb.com/?actor.potao). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Potao](https://vuldb.com/?actor.potao). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.potao](https://vuldb.com/?actor.potao)
|
||||
|
||||
|
@ -36,14 +36,9 @@ ID | IP address | Hostname | Confidence
|
|||
6 | 62.76.184.245 | 62-76-184-245.vm.clodoserver.ru | High
|
||||
7 | 62.76.189.181 | srv.planetaexcel.ru | High
|
||||
8 | 64.40.101.43 | - | High
|
||||
9 | 67.18.208.92 | - | High
|
||||
10 | 67.103.159.141 | h-67-103-159-141.atln.ga.globalcapacity.com | High
|
||||
11 | 69.64.72.206 | toonarific.com | High
|
||||
12 | 74.54.206.162 | a2.ce.364a.static.theplanet.com | High
|
||||
13 | 74.208.68.243 | s15242899.onlinehome-server.com | High
|
||||
14 | ... | ... | ...
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 25 more IOC items available. Please use our online service to access the data.
|
||||
There are 30 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -69,14 +64,11 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/iwguestbook/admin/badwords_edit.asp` | High
|
||||
4 | File | `/setSystemAdmin` | High
|
||||
5 | File | `/uncpath/` | Medium
|
||||
6 | File | `/webpages/data` | High
|
||||
7 | File | `/zm/index.php` | High
|
||||
8 | File | `adclick.php` | Medium
|
||||
9 | File | `afd.sys` | Low
|
||||
10 | File | `ajax/api/hook/getHookList` | High
|
||||
11 | ... | ... | ...
|
||||
6 | File | `/usr/bin/pkexec` | High
|
||||
7 | File | `/webpages/data` | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 53 more IOA items available. Please use our online service to access the data.
|
||||
There are 60 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -89,9 +81,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# PowerTrick - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [PowerTrick](https://vuldb.com/?actor.powertrick). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PowerTrick](https://vuldb.com/?actor.powertrick). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.powertrick](https://vuldb.com/?actor.powertrick)
|
||||
|
||||
|
@ -28,10 +28,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -49,9 +48,30 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/category.php` | High
|
||||
9 | File | `/connectors/index.php` | High
|
||||
10 | File | `/data/system/users/0/settings_secure.xml` | High
|
||||
11 | ... | ... | ...
|
||||
11 | File | `/etc/waipass` | Medium
|
||||
12 | File | `/ext/phar/phar_object.c` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/inc/lists/csvexport.php` | High
|
||||
15 | File | `/index.php` | Medium
|
||||
16 | File | `/search.php` | Medium
|
||||
17 | File | `/services/getFile.cmd` | High
|
||||
18 | File | `/tools/required/files/importers/imageeditor` | High
|
||||
19 | File | `/Upload.ashx` | Medium
|
||||
20 | File | `/usr/local/contego/scripts/mgrconfig.pl` | High
|
||||
21 | File | `/var/log/messages` | High
|
||||
22 | File | `/web/jquery/uploader/multi_uploadify.php` | High
|
||||
23 | File | `/webconsole/Controller` | High
|
||||
24 | File | `/wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC` | High
|
||||
25 | File | `/zm/index.php` | High
|
||||
26 | File | `acl/save_user.cgi` | High
|
||||
27 | File | `adaptive-images-script.php` | High
|
||||
28 | File | `admin/auth.php` | High
|
||||
29 | File | `admin/blogs.php` | High
|
||||
30 | File | `admin/convertutf8/index.php` | High
|
||||
31 | File | `admin/inc/template_functions.php` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 289 more IOA items available. Please use our online service to access the data.
|
||||
There are 268 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -63,9 +83,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Pykspa - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Pykspa](https://vuldb.com/?actor.pykspa). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Pykspa](https://vuldb.com/?actor.pykspa). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.pykspa](https://vuldb.com/?actor.pykspa)
|
||||
|
||||
|
@ -10,6 +10,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
|
||||
* ES
|
||||
* US
|
||||
* CN
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -45,17 +46,14 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `//etc/RT2870STA.dat` | High
|
||||
2 | File | `/cgi-bin/wapopen` | High
|
||||
3 | File | `/setSystemAdmin` | High
|
||||
4 | File | `/updown/upload.cgi` | High
|
||||
5 | File | `acl.c` | Low
|
||||
6 | File | `AESNI.c` | Low
|
||||
7 | File | `app/Controller/UsersController.php` | High
|
||||
8 | File | `auth-gss2.c` | Medium
|
||||
9 | File | `auth.php` | Medium
|
||||
10 | File | `block_templace.c` | High
|
||||
11 | ... | ... | ...
|
||||
3 | File | `/HNAP1` | Low
|
||||
4 | File | `/setSystemAdmin` | High
|
||||
5 | File | `/updown/upload.cgi` | High
|
||||
6 | File | `/usr/bin/pkexec` | High
|
||||
7 | File | `acl.c` | Low
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 43 more IOA items available. Please use our online service to access the data.
|
||||
There are 54 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -67,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
# Python - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Python](https://vuldb.com/?actor.python). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Python](https://vuldb.com/?actor.python). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.python](https://vuldb.com/?actor.python)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Python:
|
||||
|
||||
* US
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Python.
|
||||
|
@ -13,12 +19,17 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 23.21.126.66 | ec2-23-21-126-66.compute-1.amazonaws.com | Medium
|
||||
2 | 54.221.253.252 | ec2-54-221-253-252.compute-1.amazonaws.com | Medium
|
||||
3 | 54.225.66.103 | ec2-54-225-66-103.compute-1.amazonaws.com | Medium
|
||||
4 | 54.225.220.115 | ec2-54-225-220-115.compute-1.amazonaws.com | Medium
|
||||
5 | 54.225.242.59 | ec2-54-225-242-59.compute-1.amazonaws.com | Medium
|
||||
6 | 54.235.83.248 | ec2-54-235-83-248.compute-1.amazonaws.com | Medium
|
||||
7 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Python. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1552 | Unprotected Storage of Credentials | High
|
||||
|
||||
## References
|
||||
|
||||
|
@ -30,9 +41,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Qakbot - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Qakbot](https://vuldb.com/?actor.qakbot). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Qakbot](https://vuldb.com/?actor.qakbot). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.qakbot](https://vuldb.com/?actor.qakbot)
|
||||
|
||||
|
@ -8,12 +8,7 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Qakbot:
|
||||
|
||||
* AE
|
||||
* US
|
||||
* FR
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
* AU
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -41,24 +36,43 @@ ID | IP address | Hostname | Confidence
|
|||
18 | 24.226.156.153 | 24-226-156-153.resi.cgocable.ca | High
|
||||
19 | 24.229.150.54 | 24.229.150.54.cmts-static.sm.ptd.net | High
|
||||
20 | 24.234.86.201 | wsip-24-234-86-201.lv.lv.cox.net | High
|
||||
21 | ... | ... | ...
|
||||
21 | 27.223.92.142 | - | High
|
||||
22 | 35.142.12.163 | 035-142-012-163.dhcp.bhn.net | High
|
||||
23 | 41.34.91.90 | host-41.34.91.90.tedata.net | High
|
||||
24 | 41.97.138.74 | - | High
|
||||
25 | 45.32.211.207 | 45.32.211.207.vultr.com | Medium
|
||||
26 | 45.46.53.140 | cpe-45-46-53-140.maine.res.rr.com | High
|
||||
27 | 45.63.107.192 | 45.63.107.192.vultr.com | Medium
|
||||
28 | 45.67.231.247 | vm272927.pq.hosting | High
|
||||
29 | 45.77.115.208 | 45.77.115.208.vultr.com | Medium
|
||||
30 | 45.77.117.108 | 45.77.117.108.vultr.com | Medium
|
||||
31 | 45.77.215.141 | 45.77.215.141.vultr.com | Medium
|
||||
32 | 46.214.62.199 | 46-214-62-199.next-gen.ro | High
|
||||
33 | 47.22.148.6 | ool-2f169406.static.optonline.net | High
|
||||
34 | 47.24.47.218 | 047-024-047-218.res.spectrum.com | High
|
||||
35 | 47.153.115.154 | - | High
|
||||
36 | 47.196.192.184 | - | High
|
||||
37 | 49.207.105.25 | broadband.actcorp.in | High
|
||||
38 | 50.29.166.232 | 50.29.166.232.res-cmts.sth3.ptd.net | High
|
||||
39 | 50.104.68.223 | 50-104-68-223.prtg.in.frontiernet.net | High
|
||||
40 | 50.244.112.106 | 50-244-112-106-static.hfc.comcastbusiness.net | High
|
||||
41 | 59.90.246.200 | static.bb.chn.59.90.246.200.bsnl.in | High
|
||||
42 | 64.19.74.29 | primhall.com | High
|
||||
43 | 64.121.114.87 | 64-121-114-87.s597.c3-0.smt-ubr1.atw-smt.pa.cable.rcncustomer.com | High
|
||||
44 | 65.100.174.]105 | - | High
|
||||
45 | 65.100.174.]106 | - | High
|
||||
46 | 65.100.174.]107 | - | High
|
||||
47 | 65.100.174.]108 | - | High
|
||||
48 | 65.100.174.]109 | - | High
|
||||
49 | 65.100.174.]111 | - | High
|
||||
50 | 66.26.160.37 | 066-026-160-037.inf.spectrum.com | High
|
||||
51 | 66.57.216.53 | rrcs-66-57-216-53.midsouth.biz.rr.com | High
|
||||
52 | 66.208.105.6 | 66-208-105-6.centex.net | High
|
||||
53 | 67.6.12.4 | 67-6-12-4.clma.centurylink.net | High
|
||||
54 | 67.8.103.21 | 67-8-103-21.res.bhn.net | High
|
||||
55 | ... | ... | ...
|
||||
|
||||
There are 238 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Qakbot. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | Cross Site Scripting | High
|
||||
3 | T1068 | Execution with Unnecessary Privileges | High
|
||||
4 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
5 | T1211 | 7PK Security Features | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 214 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -67,18 +81,8 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/` | Low
|
||||
2 | File | `/admin/custom/blog-plugin/add` | High
|
||||
3 | File | `/admin/setup.php` | High
|
||||
4 | File | `/admin/submit-articles` | High
|
||||
5 | File | `/ad_js.php` | Medium
|
||||
6 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
7 | File | `/anony/mjpg.cgi` | High
|
||||
8 | File | `/auth/v1/sso/config/` | High
|
||||
9 | File | `/auth/v1/user/` | High
|
||||
10 | File | `/auth/v1/user/{user-guid}/` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 448 more IOA items available. Please use our online service to access the data.
|
||||
2 | Argument | `username/password` | High
|
||||
3 | Input Value | `'or''='` | Low
|
||||
|
||||
## References
|
||||
|
||||
|
@ -87,14 +91,15 @@ The following list contains external sources which discuss the actor and the ass
|
|||
* https://github.com/firehol/blocklist-ipsets/blob/master/bambenek_qakbot.ipset
|
||||
* https://pastebin.com/u/MalwareQuinn
|
||||
* https://tria.ge/210511-kvcz7vyfkx
|
||||
* https://twitter.com/Malwar3Ninja/status/1483514897266737154
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Qjwmonkey - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Qjwmonkey](https://vuldb.com/?actor.qjwmonkey). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Qjwmonkey](https://vuldb.com/?actor.qjwmonkey). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.qjwmonkey](https://vuldb.com/?actor.qjwmonkey)
|
||||
|
||||
|
@ -27,9 +27,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Rancor - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Rancor](https://vuldb.com/?actor.rancor). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Rancor](https://vuldb.com/?actor.rancor). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.rancor](https://vuldb.com/?actor.rancor)
|
||||
|
||||
|
@ -63,9 +63,24 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/goform/login` | High
|
||||
9 | File | `/horde/util/go.php` | High
|
||||
10 | File | `/mib.db` | Low
|
||||
11 | ... | ... | ...
|
||||
11 | File | `/modules/profile/index.php` | High
|
||||
12 | File | `/out.php` | Medium
|
||||
13 | File | `/system/site.php` | High
|
||||
14 | File | `adb/adb_client.c` | High
|
||||
15 | File | `adclick.php` | Medium
|
||||
16 | File | `add_comment.php` | High
|
||||
17 | File | `adelogs.adobe.com` | High
|
||||
18 | File | `admin.php` | Medium
|
||||
19 | File | `admin/google_search_console/class-gsc-table.php` | High
|
||||
20 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
21 | File | `android/webkit/SearchBoxImpl.java` | High
|
||||
22 | File | `app-layer-ssh.c` | High
|
||||
23 | File | `arch_init.c` | Medium
|
||||
24 | File | `authenticate.c` | High
|
||||
25 | File | `BKCLogSvr.exe` | High
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 229 more IOA items available. Please use our online service to access the data.
|
||||
There are 214 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -77,9 +92,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -9,11 +9,7 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Remcos:
|
||||
|
||||
* US
|
||||
* KE
|
||||
* SE
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
* FR
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -41,9 +37,14 @@ ID | IP address | Hostname | Confidence
|
|||
18 | 23.21.205.229 | ec2-23-21-205-229.compute-1.amazonaws.com | Medium
|
||||
19 | 23.38.131.139 | a23-38-131-139.deploy.static.akamaitechnologies.com | High
|
||||
20 | 23.78.173.83 | a23-78-173-83.deploy.static.akamaitechnologies.com | High
|
||||
21 | ... | ... | ...
|
||||
21 | 23.227.38.74 | - | High
|
||||
22 | 34.96.116.138 | 138.116.96.34.bc.googleusercontent.com | Medium
|
||||
23 | 34.102.136.180 | 180.136.102.34.bc.googleusercontent.com | Medium
|
||||
24 | 34.202.33.33 | ec2-34-202-33-33.compute-1.amazonaws.com | Medium
|
||||
25 | 35.214.144.124 | 124.144.214.35.bc.googleusercontent.com | Medium
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 103 more IOC items available. Please use our online service to access the data.
|
||||
There are 102 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -52,12 +53,6 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
|
|||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -65,19 +60,12 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/accounts/password_change/` | High
|
||||
3 | File | `/admin/submit-articles` | High
|
||||
4 | File | `/admin/syslog` | High
|
||||
5 | File | `/category_view.php` | High
|
||||
6 | File | `/cgi-bin/hi3510/param.cgi` | High
|
||||
7 | File | `/cgi-bin/wapopen` | High
|
||||
8 | File | `/config/getuser` | High
|
||||
9 | File | `/etc/gsissh/sshd_config` | High
|
||||
10 | File | `/etc/passwd` | Medium
|
||||
11 | ... | ... | ...
|
||||
1 | File | `avrc_pars_tg.cc` | High
|
||||
2 | File | `tmUnblock.cgi` | High
|
||||
3 | Argument | `ttcp_ip` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 304 more IOA items available. Please use our online service to access the data.
|
||||
There are 1 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -96,6 +84,7 @@ The following list contains external sources which discuss the actor and the ass
|
|||
* https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
|
||||
* https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html
|
||||
* https://blog.talosintelligence.com/2021/11/threat-roundup-1112-1119.html
|
||||
* https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
@ -106,4 +95,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -24,11 +24,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 5.45.68.98 | - | High
|
||||
2 | 5.45.70.63 | - | High
|
||||
3 | 5.196.200.228 | a228.porelune.com | High
|
||||
4 | 5.196.200.238 | e238.ducorali.com | High
|
||||
5 | 50.7.143.68 | desk68.sibtown.com | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -49,15 +47,9 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/uncpath/` | Medium
|
||||
3 | File | `adclick.php` | Medium
|
||||
4 | File | `admin/modules/master_file/rda_cmc.php?keywords` | High
|
||||
5 | File | `clsowa.cls` | Medium
|
||||
6 | File | `data/gbconfiguration.dat` | High
|
||||
7 | File | `db.php` | Low
|
||||
8 | File | `drivers/media/platform/vivid` | High
|
||||
9 | File | `emumail.cgi` | Medium
|
||||
10 | File | `goto.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 24 more IOA items available. Please use our online service to access the data.
|
||||
There are 30 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -74,4 +66,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# STTEAM - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [STTEAM](https://vuldb.com/?actor.stteam). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [STTEAM](https://vuldb.com/?actor.stteam). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.stteam](https://vuldb.com/?actor.stteam)
|
||||
|
||||
|
@ -46,15 +46,9 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/ajax-files/followBoard.php` | High
|
||||
3 | File | `/etc/gsissh/sshd_config` | High
|
||||
4 | File | `/getcfg.php` | Medium
|
||||
5 | File | `clock_menu.php` | High
|
||||
6 | File | `index.php` | Medium
|
||||
7 | File | `Redmine.pm` | Medium
|
||||
8 | File | `showqanswer.asp` | High
|
||||
9 | File | `synophoto_csPhotoDB.php` | High
|
||||
10 | File | `userRpmNatDebugRpm26525557/start_art.html` | High
|
||||
11 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 23 more IOA items available. Please use our online service to access the data.
|
||||
There are 29 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -66,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Sakula - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Sakula](https://vuldb.com/?actor.sakula). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Sakula](https://vuldb.com/?actor.sakula). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.sakula](https://vuldb.com/?actor.sakula)
|
||||
|
||||
|
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -35,4 +35,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Satori - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Satori](https://vuldb.com/?actor.satori). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Satori](https://vuldb.com/?actor.satori). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.satori](https://vuldb.com/?actor.satori)
|
||||
|
||||
|
@ -52,16 +52,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/plain` | Low
|
||||
2 | File | `libclamav/message.c` | High
|
||||
3 | File | `PdfName.cpp` | Medium
|
||||
4 | File | `phpinfo.php` | Medium
|
||||
5 | File | `tmUnblock.cgi` | High
|
||||
6 | Library | `/lib/echor/backplane.rb` | High
|
||||
7 | Library | `See.sys` | Low
|
||||
8 | Argument | `Password` | Medium
|
||||
9 | Argument | `ttcp_ip` | Low
|
||||
10 | Argument | `username/password` | High
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available. Please use our online service to access the data.
|
||||
There are 8 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -73,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Sauron - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Sauron](https://vuldb.com/?actor.sauron). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Sauron](https://vuldb.com/?actor.sauron). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.sauron](https://vuldb.com/?actor.sauron)
|
||||
|
||||
|
@ -24,10 +24,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 37.252.125.88 | - | High
|
||||
2 | 66.228.52.133 | li294-133.members.linode.com | High
|
||||
3 | 74.125.148.11 | rate-limited-proxy-74-125-148-11.google.com | High
|
||||
4 | 83.125.22.161 | - | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -49,11 +48,11 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.procmailrc` | Medium
|
||||
2 | File | `index.php` | Medium
|
||||
3 | File | `modules/mappers/mod_rewrite.c` | High
|
||||
4 | Library | `C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_4592475aca2acf83\Amd64\printconfig.dll` | High
|
||||
5 | Library | `lib/user/sfBasicSecurityUser.class.php` | High
|
||||
6 | Argument | `filter_order_Dir` | High
|
||||
2 | File | `article.php` | Medium
|
||||
3 | File | `include.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 12 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -66,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# ScanBox - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [ScanBox](https://vuldb.com/?actor.scanbox). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ScanBox](https://vuldb.com/?actor.scanbox). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.scanbox](https://vuldb.com/?actor.scanbox)
|
||||
|
||||
|
@ -22,13 +22,9 @@ ID | IP address | Hostname | Confidence
|
|||
2 | 50.2.24.211 | - | High
|
||||
3 | 66.197.231.62 | - | High
|
||||
4 | 69.197.146.80 | - | High
|
||||
5 | 69.197.183.142 | us-mci1-16.renders.prerender.io | High
|
||||
6 | 69.197.183.152 | - | High
|
||||
7 | 69.197.183.159 | - | High
|
||||
8 | 69.197.183.189 | us-mci1-20.renders.prerender.io | High
|
||||
9 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
There are 18 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -45,8 +41,12 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `vstc.vscam.client` | High
|
||||
2 | Library | `vstc.vscam` | Medium
|
||||
1 | File | `functions.inc.php` | High
|
||||
2 | File | `vstc.vscam.client` | High
|
||||
3 | Library | `vstc.vscam` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -59,9 +59,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Scar - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Scar](https://vuldb.com/?actor.scar). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Scar](https://vuldb.com/?actor.scar). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.scar](https://vuldb.com/?actor.scar)
|
||||
|
||||
|
@ -30,7 +30,25 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
|
|||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1499 | Resource Consumption | High
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | 7PK Security Features | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Scar. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `basic/unit-name.c` | High
|
||||
2 | File | `components/bitrix/mobileapp.list/ajax.php/` | High
|
||||
3 | File | `kernel/ptrace.c` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -42,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -0,0 +1,781 @@
|
|||
# Shadowcrew - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Shadowcrew](https://vuldb.com/?actor.shadowcrew). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.shadowcrew](https://vuldb.com/?actor.shadowcrew)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Shadowcrew:
|
||||
|
||||
* US
|
||||
* CN
|
||||
* PL
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Shadowcrew.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 1.2.3.4 | - | High
|
||||
2 | 1.3.1.5 | - | High
|
||||
3 | 1.3.5.112 | - | High
|
||||
4 | 1.195.193.192 | - | High
|
||||
5 | 2.59.47.155 | - | High
|
||||
6 | 2.195.193.192 | - | High
|
||||
7 | 3.195.193.192 | - | High
|
||||
8 | 4.5.11.26 | - | High
|
||||
9 | 4.8.1.2 | - | High
|
||||
10 | 4.19.76.27 | - | High
|
||||
11 | 4.33.21.74 | - | High
|
||||
12 | 4.33.91.154 | - | High
|
||||
13 | 4.33.121.58 | - | High
|
||||
14 | 4.33.253.94 | - | High
|
||||
15 | 4.35.2.165 | - | High
|
||||
16 | 4.35.84.98 | - | High
|
||||
17 | 4.42.141.33 | - | High
|
||||
18 | 4.46.144.142 | - | High
|
||||
19 | 4.46.174.197 | - | High
|
||||
20 | 4.46.235.64 | - | High
|
||||
21 | 4.62.95.76 | - | High
|
||||
22 | 4.62.241.142 | - | High
|
||||
23 | 4.63.225.129 | - | High
|
||||
24 | 4.64.46.158 | - | High
|
||||
25 | 4.64.249.14 | - | High
|
||||
26 | 4.64.249.144 | - | High
|
||||
27 | 4.65.31.111 | - | High
|
||||
28 | 4.65.222.76 | - | High
|
||||
29 | 4.195.193.192 | - | High
|
||||
30 | 5.3.2.34 | 5x3x2x34.static-business.spb.ertelecom.ru | High
|
||||
31 | 5.5.9.14 | dynamic-005-005-009-014.5.5.pool.telefonica.de | High
|
||||
32 | 11.38.193.192 | - | High
|
||||
33 | 12.1.88.3 | - | High
|
||||
34 | 12.1.88.5 | - | High
|
||||
35 | 12.1.88.75 | h5.occompt.com | High
|
||||
36 | 12.1.88.89 | - | High
|
||||
37 | 12.5.2.132 | - | High
|
||||
38 | 12.6.57.2 | - | High
|
||||
39 | 12.8.36.142 | - | High
|
||||
40 | 12.9.131.69 | - | High
|
||||
41 | 12.14.84.67 | - | High
|
||||
42 | 12.14.232.23 | - | High
|
||||
43 | 12.14.232.24 | - | High
|
||||
44 | 12.15.32.199 | - | High
|
||||
45 | 12.15.46.21 | - | High
|
||||
46 | 12.17.161.21 | - | High
|
||||
47 | 12.18.185.141 | - | High
|
||||
48 | 12.21.44.3 | mail.thalesesec.com | High
|
||||
49 | 12.21.167.52 | - | High
|
||||
50 | 12.26.131.63 | - | High
|
||||
51 | 12.27.138.2 | - | High
|
||||
52 | 12.29.35.146 | - | High
|
||||
53 | 12.31.195.91 | - | High
|
||||
54 | 12.32.38.11 | - | High
|
||||
55 | 12.32.148.34 | - | High
|
||||
56 | 12.34.177.246 | - | High
|
||||
57 | 12.36.193.114 | - | High
|
||||
58 | 12.38.193.192 | - | High
|
||||
59 | 12.39.133.114 | - | High
|
||||
60 | 12.42.56.194 | - | High
|
||||
61 | 12.42.149.116 | - | High
|
||||
62 | 12.43.92.195 | - | High
|
||||
63 | 12.44.87.173 | - | High
|
||||
64 | 12.47.12.6 | - | High
|
||||
65 | 12.47.193.16 | - | High
|
||||
66 | 12.77.95.69 | 69.norcross-12rh16rt.ga.dial-access.att.net | High
|
||||
67 | 12.78.17.42 | 42.west-palm-beach-10rh15rt.fl.dial-access.att.net | High
|
||||
68 | 12.78.18.252 | 252.west-palm-beach-10rh16rt-11rh15rt.fl.dial-access.att.net | High
|
||||
69 | 12.81.98.199 | - | High
|
||||
70 | 12.81.99.35 | - | High
|
||||
71 | 12.87.95.22 | - | High
|
||||
72 | 12.87.96.32 | - | High
|
||||
73 | 12.91.49.163 | - | High
|
||||
74 | 12.91.112.32 | - | High
|
||||
75 | 12.91.131.39 | - | High
|
||||
76 | 12.91.146.22 | - | High
|
||||
77 | 12.96.56.3 | - | High
|
||||
78 | 12.96.243.166 | - | High
|
||||
79 | 12.98.38.69 | 69.muca.dnvr.aurrcobu.dsl.att.net | High
|
||||
80 | 12.98.213.23 | 23.muab.hstn.dlbtx01r1.dsl.att.net | High
|
||||
81 | 12.99.167.178 | 178.mubh.dnvr.aurco01r1.dsl.att.net | High
|
||||
82 | 12.111.45.163 | - | High
|
||||
83 | 12.122.11.9 | cr1.n54ny.ip.att.net | High
|
||||
84 | 12.122.11.214 | - | High
|
||||
85 | 12.124.179.81 | - | High
|
||||
86 | 12.144.83.2 | - | High
|
||||
87 | 12.145.52.7 | - | High
|
||||
88 | 12.146.236.34 | - | High
|
||||
89 | 12.147.161.229 | - | High
|
||||
90 | 12.151.51.3 | - | High
|
||||
91 | 12.152.196.4 | - | High
|
||||
92 | 12.152.236.71 | - | High
|
||||
93 | 12.153.68.13 | - | High
|
||||
94 | 12.153.68.131 | - | High
|
||||
95 | 12.153.99.98 | - | High
|
||||
96 | 12.155.7.16 | - | High
|
||||
97 | 12.158.13.242 | - | High
|
||||
98 | 12.159.42.194 | - | High
|
||||
99 | 12.162.2.193 | - | High
|
||||
100 | 12.162.118.253 | - | High
|
||||
101 | 12.163.7.33 | - | High
|
||||
102 | 12.164.77.1 | - | High
|
||||
103 | 12.164.77.2 | - | High
|
||||
104 | 12.164.77.3 | - | High
|
||||
105 | 12.164.77.4 | - | High
|
||||
106 | 12.164.77.5 | - | High
|
||||
107 | 12.164.77.6 | - | High
|
||||
108 | 12.164.77.9 | - | High
|
||||
109 | 12.164.77.13 | - | High
|
||||
110 | 12.164.77.16 | - | High
|
||||
111 | 12.164.77.21 | - | High
|
||||
112 | 12.164.77.22 | - | High
|
||||
113 | 12.164.77.32 | - | High
|
||||
114 | 12.164.77.33 | - | High
|
||||
115 | 12.164.77.34 | - | High
|
||||
116 | 12.164.77.35 | - | High
|
||||
117 | 12.164.77.36 | - | High
|
||||
118 | 12.164.77.37 | - | High
|
||||
119 | 12.164.77.38 | - | High
|
||||
120 | 12.164.77.39 | - | High
|
||||
121 | 12.164.77.41 | - | High
|
||||
122 | 12.164.77.42 | - | High
|
||||
123 | 12.164.77.43 | - | High
|
||||
124 | 12.164.77.44 | - | High
|
||||
125 | 12.164.77.45 | - | High
|
||||
126 | 12.164.77.46 | - | High
|
||||
127 | 12.164.77.47 | - | High
|
||||
128 | 12.164.77.48 | - | High
|
||||
129 | 12.164.77.49 | - | High
|
||||
130 | 12.164.77.51 | - | High
|
||||
131 | 12.164.77.52 | - | High
|
||||
132 | 12.164.77.53 | - | High
|
||||
133 | 12.164.77.54 | - | High
|
||||
134 | 12.164.77.55 | - | High
|
||||
135 | 12.164.77.56 | - | High
|
||||
136 | 12.164.77.57 | - | High
|
||||
137 | 12.164.77.58 | - | High
|
||||
138 | 12.164.77.59 | - | High
|
||||
139 | 12.164.77.61 | - | High
|
||||
140 | 12.164.77.62 | - | High
|
||||
141 | 12.164.77.63 | - | High
|
||||
142 | 12.164.77.64 | - | High
|
||||
143 | 12.164.77.65 | - | High
|
||||
144 | 12.164.77.66 | - | High
|
||||
145 | 12.164.77.67 | - | High
|
||||
146 | 12.164.77.68 | - | High
|
||||
147 | 12.164.77.71 | - | High
|
||||
148 | 12.164.77.72 | - | High
|
||||
149 | 12.164.77.74 | - | High
|
||||
150 | 12.164.77.75 | - | High
|
||||
151 | 12.164.77.77 | - | High
|
||||
152 | 12.164.77.78 | - | High
|
||||
153 | 12.164.77.82 | - | High
|
||||
154 | 12.164.77.85 | - | High
|
||||
155 | 12.164.77.86 | - | High
|
||||
156 | 12.164.77.88 | - | High
|
||||
157 | 12.164.77.91 | - | High
|
||||
158 | 12.164.77.93 | - | High
|
||||
159 | 12.164.77.94 | - | High
|
||||
160 | 12.164.77.97 | - | High
|
||||
161 | 12.164.77.111 | - | High
|
||||
162 | 12.164.77.113 | - | High
|
||||
163 | 12.164.77.114 | - | High
|
||||
164 | 12.164.77.117 | - | High
|
||||
165 | 12.164.77.121 | - | High
|
||||
166 | 12.164.77.125 | - | High
|
||||
167 | 12.164.77.129 | - | High
|
||||
168 | 12.164.77.131 | - | High
|
||||
169 | 12.164.77.132 | - | High
|
||||
170 | 12.164.77.133 | - | High
|
||||
171 | 12.164.77.134 | - | High
|
||||
172 | 12.164.77.136 | - | High
|
||||
173 | 12.164.77.145 | - | High
|
||||
174 | 12.164.77.148 | - | High
|
||||
175 | 12.164.77.149 | - | High
|
||||
176 | 12.164.77.151 | - | High
|
||||
177 | 12.164.77.152 | - | High
|
||||
178 | 12.164.77.153 | - | High
|
||||
179 | 12.164.77.154 | - | High
|
||||
180 | 12.164.77.155 | - | High
|
||||
181 | 12.164.77.156 | - | High
|
||||
182 | 12.164.77.157 | - | High
|
||||
183 | 12.164.77.158 | - | High
|
||||
184 | 12.164.77.159 | - | High
|
||||
185 | 12.164.77.161 | - | High
|
||||
186 | 12.164.77.162 | - | High
|
||||
187 | 12.164.77.163 | - | High
|
||||
188 | 12.164.77.164 | - | High
|
||||
189 | 12.164.77.165 | - | High
|
||||
190 | 12.164.77.166 | - | High
|
||||
191 | 12.164.77.167 | - | High
|
||||
192 | 12.164.77.168 | - | High
|
||||
193 | 12.164.77.169 | - | High
|
||||
194 | 12.164.77.171 | - | High
|
||||
195 | 12.164.77.172 | - | High
|
||||
196 | 12.164.77.173 | - | High
|
||||
197 | 12.164.77.174 | - | High
|
||||
198 | 12.164.77.175 | - | High
|
||||
199 | 12.164.77.176 | - | High
|
||||
200 | 12.164.77.177 | - | High
|
||||
201 | 12.164.77.178 | - | High
|
||||
202 | 12.164.77.179 | - | High
|
||||
203 | 12.164.77.181 | - | High
|
||||
204 | 12.164.77.182 | - | High
|
||||
205 | 12.164.77.183 | - | High
|
||||
206 | 12.164.77.184 | - | High
|
||||
207 | 12.164.77.185 | - | High
|
||||
208 | 12.164.77.187 | - | High
|
||||
209 | 12.164.77.189 | - | High
|
||||
210 | 12.164.77.191 | - | High
|
||||
211 | 12.164.77.193 | - | High
|
||||
212 | 12.164.77.194 | - | High
|
||||
213 | 12.164.77.197 | - | High
|
||||
214 | 12.164.77.198 | - | High
|
||||
215 | 12.164.77.214 | - | High
|
||||
216 | 12.164.77.215 | - | High
|
||||
217 | 12.164.77.217 | - | High
|
||||
218 | 12.164.77.218 | - | High
|
||||
219 | 12.164.77.219 | - | High
|
||||
220 | 12.164.77.224 | - | High
|
||||
221 | 12.164.77.225 | - | High
|
||||
222 | 12.164.77.229 | - | High
|
||||
223 | 12.164.77.237 | - | High
|
||||
224 | 12.164.77.239 | - | High
|
||||
225 | 12.164.77.243 | - | High
|
||||
226 | 12.164.77.244 | - | High
|
||||
227 | 12.164.77.245 | - | High
|
||||
228 | 12.164.77.247 | - | High
|
||||
229 | 12.164.77.248 | - | High
|
||||
230 | 12.164.77.251 | - | High
|
||||
231 | 12.164.77.254 | - | High
|
||||
232 | 12.213.129.134 | - | High
|
||||
233 | 12.217.141.134 | - | High
|
||||
234 | 12.219.1.184 | - | High
|
||||
235 | 12.219.244.212 | - | High
|
||||
236 | 12.221.44.99 | - | High
|
||||
237 | 12.221.193.243 | - | High
|
||||
238 | 12.224.118.253 | - | High
|
||||
239 | 12.225.225.222 | - | High
|
||||
240 | 12.228.98.152 | - | High
|
||||
241 | 12.229.146.148 | - | High
|
||||
242 | 12.231.17.12 | - | High
|
||||
243 | 12.231.38.81 | - | High
|
||||
244 | 12.231.52.129 | - | High
|
||||
245 | 12.232.24.18 | - | High
|
||||
246 | 12.234.116.178 | - | High
|
||||
247 | 12.234.221.161 | - | High
|
||||
248 | 12.236.11.245 | - | High
|
||||
249 | 12.238.85.82 | - | High
|
||||
250 | 12.238.96.59 | - | High
|
||||
251 | 12.238.141.134 | - | High
|
||||
252 | 12.239.46.249 | - | High
|
||||
253 | 12.239.75.65 | - | High
|
||||
254 | 12.239.85.213 | - | High
|
||||
255 | 12.242.154.169 | - | High
|
||||
256 | 12.243.182.219 | - | High
|
||||
257 | 12.245.94.26 | - | High
|
||||
258 | 12.246.5.52 | - | High
|
||||
259 | 12.246.138.149 | - | High
|
||||
260 | 12.246.173.194 | - | High
|
||||
261 | 12.246.192.185 | - | High
|
||||
262 | 12.246.252.231 | - | High
|
||||
263 | 12.247.39.145 | - | High
|
||||
264 | 12.247.152.91 | - | High
|
||||
265 | 12.248.143.97 | - | High
|
||||
266 | 12.251.87.37 | - | High
|
||||
267 | 12.252.68.65 | - | High
|
||||
268 | 12.252.178.136 | - | High
|
||||
269 | 12.253.46.153 | - | High
|
||||
270 | 12.253.74.34 | - | High
|
||||
271 | 12.254.45.133 | - | High
|
||||
272 | 24.25.234.147 | - | High
|
||||
273 | 24.26.69.47 | - | High
|
||||
274 | 24.28.245.229 | cpe-024-028-245-229.triad.res.rr.com | High
|
||||
275 | 24.29.82.155 | cpe-24-29-82-155.nycap.res.rr.com | High
|
||||
276 | 24.41.27.57 | h57.27.41.24.static.ip.windstream.net | High
|
||||
277 | 24.42.18.57 | - | High
|
||||
278 | 24.42.195.236 | - | High
|
||||
279 | 24.43.27.22 | rrcs-24-43-27-22.west.biz.rr.com | High
|
||||
280 | 24.43.137.78 | rrcs-24-43-137-78.west.biz.rr.com | High
|
||||
281 | 24.43.147.33 | rrcs-24-43-147-33.west.biz.rr.com | High
|
||||
282 | 24.48.85.177 | modemcable177.85-48-24.mc.videotron.ca | High
|
||||
283 | 24.49.45.158 | dyn-24-49-45-158.myactv.net | High
|
||||
284 | 24.51.69.74 | - | High
|
||||
285 | 24.51.227.19 | d24-51-227-19.static-datacom.cgocable.net | High
|
||||
286 | 24.52.225.197 | 24-52-225-197.cable.teksavvy.com | High
|
||||
287 | 24.53.72.244 | - | High
|
||||
288 | 24.53.216.236 | 24.53.216.236.user.e-catv.ne.jp | High
|
||||
289 | 24.54.189.83 | h24-54-189-83.hbbsnm.dedicated.static.tds.net | High
|
||||
290 | 24.55.195.15 | d24-55-195-15.home4.cgocable.net | High
|
||||
291 | 24.61.219.159 | - | High
|
||||
292 | 24.62.33.18 | c-24-62-33-18.hsd1.ma.comcast.net | High
|
||||
293 | 24.62.33.173 | c-24-62-33-173.hsd1.ma.comcast.net | High
|
||||
294 | 24.62.41.115 | c-24-62-41-115.hsd1.ma.comcast.net | High
|
||||
295 | 24.62.43.57 | c-24-62-43-57.hsd1.ma.comcast.net | High
|
||||
296 | 24.65.66.165 | S0106105611bdfe79.ed.shawcable.net | High
|
||||
297 | 24.66.116.249 | S01069050ca2eb553.cg.shawcable.net | High
|
||||
298 | 24.66.224.236 | - | High
|
||||
299 | 24.67.71.179 | - | High
|
||||
300 | 24.67.168.214 | S01061056119cab7a.wk.shawcable.net | High
|
||||
301 | 24.71.67.179 | - | High
|
||||
302 | 24.71.115.43 | S0106001b115d1ee4.ok.shawcable.net | High
|
||||
303 | 24.72.6.197 | static24-72-6-197.r.rev.accesscomm.ca | High
|
||||
304 | 24.72.8.95 | static24-72-8-95.hu.rev.accesscomm.ca | High
|
||||
305 | 24.73.131.9 | rrcs-24-73-131-9.se.biz.rr.com | High
|
||||
306 | 24.73.138.191 | rrcs-24-73-138-191.se.biz.rr.com | High
|
||||
307 | 24.73.193.38 | rrcs-24-73-193-38.se.biz.rr.com | High
|
||||
308 | 24.76.13.214 | - | High
|
||||
309 | 24.76.88.254 | S0106f81d0f5a82f3.wp.shawcable.net | High
|
||||
310 | 24.78.8.254 | S0106e4bffa332591.wp.shawcable.net | High
|
||||
311 | 24.78.12.253 | S0106ac202e2835a3.wp.shawcable.net | High
|
||||
312 | 24.78.12.254 | S0106bcd16568600f.wp.shawcable.net | High
|
||||
313 | 24.78.94.127 | S0106bc9b680c0cdf.tb.shawcable.net | High
|
||||
314 | 24.82.196.186 | - | High
|
||||
315 | 24.84.116.149 | S010600fc8dad4403.vc.shawcable.net | High
|
||||
316 | 24.86.199.2 | - | High
|
||||
317 | 24.87.173.222 | - | High
|
||||
318 | 24.88.32.52 | 24-88-32-52.res.spectrum.com | High
|
||||
319 | 24.88.84.79 | cpe-24-88-84-79.sc.res.rr.com | High
|
||||
320 | 24.91.61.15 | - | High
|
||||
321 | 24.91.83.15 | c-24-91-83-15.hsd1.ma.comcast.net | High
|
||||
322 | 24.93.29.251 | cpe-24-93-29-251.rochester.res.rr.com | High
|
||||
323 | 24.93.161.84 | cpe-24-93-161-84.neo.res.rr.com | High
|
||||
324 | 24.93.215.163 | cpe-24-93-215-163.neo.res.rr.com | High
|
||||
325 | 24.93.234.67 | cpe-24-93-234-67.neo.res.rr.com | High
|
||||
326 | 24.93.242.168 | cpe-24-93-242-168.neo.res.rr.com | High
|
||||
327 | 24.94.5.241 | cpe-24-94-5-241.san.res.rr.com | High
|
||||
328 | 24.94.6.77 | cpe-24-94-6-77.san.res.rr.com | High
|
||||
329 | 24.94.147.214 | 072-094-147-214.biz.spectrum.com | High
|
||||
330 | 24.94.188.18 | cpe-24-94-188-18.kc.res.rr.com | High
|
||||
331 | 24.95.178.19 | cpe-24-95-178-19.natcky.res.rr.com | High
|
||||
332 | 24.95.186.211 | cpe-24-95-186-211.natcky.res.rr.com | High
|
||||
333 | 24.95.245.131 | TAMQFLPM2CW.chtrse.com | High
|
||||
334 | 24.95.252.144 | - | High
|
||||
335 | 24.96.19.8 | static-24-96-19-8.knology.net | High
|
||||
336 | 24.96.23.36 | static-24-96-23-36.knology.net | High
|
||||
337 | 24.97.19.28 | rrcs-24-97-19-28.nys.biz.rr.com | High
|
||||
338 | 24.97.22.2 | mail.vmjrcompanies.com | High
|
||||
339 | 24.97.31.94 | rrcs-24-97-31-94.nys.biz.rr.com | High
|
||||
340 | 24.97.65.186 | mail.corninghospital.org | High
|
||||
341 | 24.97.82.82 | rrcs-24-97-82-82.nys.biz.rr.com | High
|
||||
342 | 24.97.82.149 | rrcs-24-97-82-149.nys.biz.rr.com | High
|
||||
343 | 24.97.99.98 | www.dragon-benware.com | High
|
||||
344 | 24.98.145.87 | c-24-98-145-87.hsd1.ga.comcast.net | High
|
||||
345 | 24.112.57.22 | host-24-112-57-22.vyvebroadband.net | High
|
||||
346 | 24.114.5.213 | - | High
|
||||
347 | 24.116.183.248 | 24-116-183-248.cpe.sparklight.net | High
|
||||
348 | 24.116.227.221 | 24-116-227-221.cpe.sparklight.net | High
|
||||
349 | 24.116.253.171 | 24-116-253-171.cpe.sparklight.net | High
|
||||
350 | 24.118.164.79 | c-24-118-164-79.hsd1.mn.comcast.net | High
|
||||
351 | 24.122.8.181 | 24-122-8-181.resi.cgocable.ca | High
|
||||
352 | 24.123.1.214 | rrcs-24-123-1-214.central.biz.rr.com | High
|
||||
353 | 24.123.12.42 | rrcs-24-123-12-42.central.biz.rr.com | High
|
||||
354 | 24.123.37.13 | rrcs-24-123-37-13.central.biz.rr.com | High
|
||||
355 | 24.123.54.58 | rrcs-24-123-54-58.central.biz.rr.com | High
|
||||
356 | 24.123.66.131 | rrcs-24-123-66-131.central.biz.rr.com | High
|
||||
357 | 24.123.66.132 | rrcs-24-123-66-132.central.biz.rr.com | High
|
||||
358 | 24.123.71.146 | rrcs-24-123-71-146.central.biz.rr.com | High
|
||||
359 | 24.123.91.18 | rrcs-24-123-91-18.central.biz.rr.com | High
|
||||
360 | 24.123.91.194 | remote.fvuuf.org | High
|
||||
361 | 24.123.112.158 | mail.foreman-cpa.com | High
|
||||
362 | 24.123.241.58 | rrcs-24-123-241-58.central.biz.rr.com | High
|
||||
363 | 24.126.236.79 | c-24-126-236-79.hsd1.ga.comcast.net | High
|
||||
364 | 24.127.8.212 | c-24-127-8-212.hsd1.mi.comcast.net | High
|
||||
365 | 24.128.66.233 | c-24-128-66-233.hsd1.co.comcast.net | High
|
||||
366 | 24.132.13.59 | j13059.upc-j.chello.nl | High
|
||||
367 | 24.132.16.186 | j16186.upc-j.chello.nl | High
|
||||
368 | 24.132.34.247 | j34247.upc-j.chello.nl | High
|
||||
369 | 24.132.88.34 | j88034.upc-j.chello.nl | High
|
||||
370 | 24.132.91.34 | j91034.upc-j.chello.nl | High
|
||||
371 | 24.132.184.74 | j184074.upc-j.chello.nl | High
|
||||
372 | 24.132.197.199 | j197199.upc-j.chello.nl | High
|
||||
373 | 24.132.217.59 | j217059.upc-j.chello.nl | High
|
||||
374 | 24.132.241.111 | j241111.upc-j.chello.nl | High
|
||||
375 | 24.136.167.182 | h182.167.136.24.static.ip.windstream.net | High
|
||||
376 | 24.138.36.185 | host-24-138-36-185.public.eastlink.ca | High
|
||||
377 | 24.138.41.236 | host-24-138-41-236.public.eastlink.ca | High
|
||||
378 | 24.141.13.213 | d24-141-13-213.home.cgocable.net | High
|
||||
379 | 24.141.132.195 | d24-141-132-195.home.cgocable.net | High
|
||||
380 | 24.141.152.24 | d24-141-152-24.home.cgocable.net | High
|
||||
381 | 24.147.4.182 | c-24-147-4-182.hsd1.nh.comcast.net | High
|
||||
382 | 24.147.178.252 | c-24-147-178-252.hsd1.vt.comcast.net | High
|
||||
383 | 24.147.222.25 | c-24-147-222-25.hsd1.ct.comcast.net | High
|
||||
384 | 24.148.64.19 | 24-148-64-19.s6673.c3-0.mct-cbr1.chi-mct.il.cable.rcncustomer.com | High
|
||||
385 | 24.151.4.172 | 024-151-004-172.res.spectrum.com | High
|
||||
386 | 24.153.54.7 | d-24-153-54-7.md.cpe.atlanticbb.net | High
|
||||
387 | 24.153.142.2 | rrcs-24-153-142-2.sw.biz.rr.com | High
|
||||
388 | 24.153.149.2 | rrcs-24-153-149-2.sw.biz.rr.com | High
|
||||
389 | 24.154.25.44 | static-acs-24-154-25-44.zoominternet.net | High
|
||||
390 | 24.154.85.19 | dynamic-acs-24-154-85-19.zoominternet.net | High
|
||||
391 | 24.154.94.64 | static-acs-24-154-94-64.zoominternet.net | High
|
||||
392 | 24.154.132.157 | static-acs-24-154-132-157.zoominternet.net | High
|
||||
393 | 24.154.133.55 | dynamic-acs-24-154-133-55.zoominternet.net | High
|
||||
394 | 24.158.19.6 | mail.nahc-nstar.com | High
|
||||
395 | 24.158.87.25 | 024-158-087-025.res.spectrum.com | High
|
||||
396 | 24.158.148.88 | 024-158-148-088.res.spectrum.com | High
|
||||
397 | 24.158.162.16 | 024-158-162-016.res.spectrum.com | High
|
||||
398 | 24.158.222.195 | 024-158-222-195.res.spectrum.com | High
|
||||
399 | 24.159.55.245 | 024-159-055-245.res.spectrum.com | High
|
||||
400 | 24.159.154.26 | 024-159-154-026.res.spectrum.com | High
|
||||
401 | 24.159.241.216 | 024-159-241-216.res.spectrum.com | High
|
||||
402 | 24.161.169.36 | mta-24-161-169-36.insight.rr.com | High
|
||||
403 | 24.161.233.6 | - | High
|
||||
404 | 24.161.242.195 | - | High
|
||||
405 | 24.162.58.18 | mta-24-162-58-18.stx.rr.com | High
|
||||
406 | 24.162.226.249 | cpe-24-162-226-249.nc.res.rr.com | High
|
||||
407 | 24.163.31.86 | cpe-24-163-31-86.triad.res.rr.com | High
|
||||
408 | 24.163.59.45 | cpe-24-163-59-45.nc.res.rr.com | High
|
||||
409 | 24.164.82.47 | cpe-24-164-82-47.cinci.res.rr.com | High
|
||||
410 | 24.164.86.227 | cpe-24-164-86-227.cinci.res.rr.com | High
|
||||
411 | 24.165.99.137 | cpe-24-165-99-137.cinci.res.rr.com | High
|
||||
412 | 24.165.158.175 | cpe-24-165-158-175.neo.res.rr.com | High
|
||||
413 | 24.166.33.93 | cpe-24-166-33-93.neo.res.rr.com | High
|
||||
414 | 24.166.49.249 | cpe-24-166-49-249.neo.res.rr.com | High
|
||||
415 | 24.166.124.253 | cpe-24-166-124-253.neo.res.rr.com | High
|
||||
416 | 24.166.197.147 | - | High
|
||||
417 | 24.169.96.246 | 024-169-096-246.biz.spectrum.com | High
|
||||
418 | 24.169.168.122 | - | High
|
||||
419 | 24.174.94.234 | - | High
|
||||
420 | 24.188.211.217 | ool-18bcd3d9.dyn.optonline.net | High
|
||||
421 | 24.189.162.17 | ool-18bda211.dyn.optonline.net | High
|
||||
422 | 24.194.61.21 | - | High
|
||||
423 | 24.194.182.22 | cpe-24-194-182-22.nycap.res.rr.com | High
|
||||
424 | 24.195.178.83 | - | High
|
||||
425 | 24.196.63.132 | 024-196-063-132.biz.spectrum.com | High
|
||||
426 | 24.196.72.68 | 024-196-072-068.biz.spectrum.com | High
|
||||
427 | 24.196.179.61 | 024-196-179-061.res.spectrum.com | High
|
||||
428 | 24.196.232.162 | 024-196-232-162.res.spectrum.com | High
|
||||
429 | 24.196.233.18 | 024-196-233-018.res.spectrum.com | High
|
||||
430 | 24.197.36.74 | 024-197-036-074.biz.spectrum.com | High
|
||||
431 | 24.197.38.129 | 024-197-038-129.biz.spectrum.com | High
|
||||
432 | 24.197.83.32 | 024-197-083-032.biz.spectrum.com | High
|
||||
433 | 24.199.2.82 | heathergabriel.com | High
|
||||
434 | 24.199.129.78 | rrcs-24-199-129-78.midsouth.biz.rr.com | High
|
||||
435 | 24.199.132.178 | rrcs-24-199-132-178.midsouth.biz.rr.com | High
|
||||
436 | 24.199.174.172 | national-wholesale.com | High
|
||||
437 | 24.199.186.194 | rrcs-24-199-186-194.midsouth.biz.rr.com | High
|
||||
438 | 24.199.187.158 | rrcs-24-199-187-158.midsouth.biz.rr.com | High
|
||||
439 | 24.211.26.169 | cpe-24-211-26-169.wi.res.rr.com | High
|
||||
440 | 24.213.59.178 | bmgr.mqtcty.org | High
|
||||
441 | 24.213.61.2 | 024-213-061-002.biz.spectrum.com | High
|
||||
442 | 24.214.16.225 | user-24-214-16-225.knology.net | High
|
||||
443 | 24.214.65.85 | user-24-214-65-85.knology.net | High
|
||||
444 | 24.214.81.112 | user-24-214-81-112.knology.net | High
|
||||
445 | 24.214.126.252 | user-24-214-126-252.knology.net | High
|
||||
446 | 24.214.139.237 | static-24-214-139-237.knology.net | High
|
||||
447 | 24.216.128.154 | 024-216-128-154.biz.spectrum.com | High
|
||||
448 | 24.218.154.144 | c-24-218-154-144.hsd1.ma.comcast.net | High
|
||||
449 | 24.219.163.133 | - | High
|
||||
450 | 24.221.11.138 | ip-24-221-11-138.atlnga.spcsdns.net | High
|
||||
451 | 24.221.42.81 | ip-24-221-42-81.brbnca.spcsdns.net | High
|
||||
452 | 24.221.85.7 | ip-24-221-85-7.chcgil.spcsdns.net | High
|
||||
453 | 24.221.85.15 | ip-24-221-85-15.chcgil.spcsdns.net | High
|
||||
454 | 24.221.127.64 | ip-24-221-127-64.chcgil.spcsdns.net | High
|
||||
455 | 24.221.179.96 | ip-24-221-179-96.atlnga.spcsdns.net | High
|
||||
456 | 24.221.212.136 | ip-24-221-212-136.brbnca.spcsdns.net | High
|
||||
457 | 24.222.142.79 | host-24-222-142-79.public.eastlink.ca | High
|
||||
458 | 24.222.162.119 | host-24-222-162-119.public.eastlink.ca | High
|
||||
459 | 24.223.1.146 | 24-223-1-146.intertech.net | High
|
||||
460 | 24.223.7.65 | 24-223-7-65.intertech.net | High
|
||||
461 | 24.223.12.129 | 24-223-12-129.intertech.net | High
|
||||
462 | 24.223.14.1 | 24-223-14-1.intertech.net | High
|
||||
463 | 24.223.14.129 | 24-223-14-129.intertech.net | High
|
||||
464 | 24.225.3.61 | p61n3.ruraltel.net | High
|
||||
465 | 24.226.63.54 | d226-63-54.home.cgocable.net | High
|
||||
466 | 24.226.89.211 | - | High
|
||||
467 | 24.226.132.3 | 24-226-132-3.static.cgocable.ca | High
|
||||
468 | 24.226.188.182 | 24-226-188-182.resi.cgocable.ca | High
|
||||
469 | 24.228.56.51 | ool-18e43833.dyn.optonline.net | High
|
||||
470 | 24.229.26.84 | 24.229.26.84.res-cmts.sm.ptd.net | High
|
||||
471 | 24.229.89.3 | www.jblong.com | High
|
||||
472 | 24.229.89.5 | www.fleetwoodpa.org | High
|
||||
473 | 24.232.65.73 | OL73-65.fibertel.com.ar | High
|
||||
474 | 24.232.72.41 | mail.estudiocomunicacion.com.ar | High
|
||||
475 | 24.232.76.9 | mail.cosud.com.ar | High
|
||||
476 | 24.232.76.24 | OL24-76.fibertel.com.ar | High
|
||||
477 | 24.232.85.13 | OL13-85.fibertel.com.ar | High
|
||||
478 | 24.232.87.29 | OL29-87.fibertel.com.ar | High
|
||||
479 | 24.232.134.21 | OL21-134.fibertel.com.ar | High
|
||||
480 | 24.232.142.23 | OL23-142.fibertel.com.ar | High
|
||||
481 | 24.232.147.47 | mail.silicon.com.ar | High
|
||||
482 | 24.232.148.17 | OL17-148.fibertel.com.ar | High
|
||||
483 | 24.232.159.74 | OL74-159.fibertel.com.ar | High
|
||||
484 | 24.232.174.18 | OL18-174.fibertel.com.ar | High
|
||||
485 | 24.232.226.3 | OL3-226.fibertel.com.ar | High
|
||||
486 | 24.232.231.26 | OL26-231.fibertel.com.ar | High
|
||||
487 | 24.234.33.122 | wsip-24-234-33-122.lv.lv.cox.net | High
|
||||
488 | 24.234.57.6 | backup.vegasnetworks.com | High
|
||||
489 | 24.234.94.9 | wsip-24-234-94-9.lv.lv.cox.net | High
|
||||
490 | 24.235.18.178 | - | High
|
||||
491 | 24.237.3.48 | 48-3-237-24.gci.net | High
|
||||
492 | 24.237.4.48 | 48-4-237-24.gci.net | High
|
||||
493 | 24.237.6.195 | 195-6-237-24.gci.net | High
|
||||
494 | 24.237.239.3 | 3-239-237-24.gci.net | High
|
||||
495 | 24.242.153.18 | cpe-24-242-153-18.hot.res.rr.com | High
|
||||
496 | 24.242.154.98 | cpe-24-242-154-98.hot.res.rr.com | High
|
||||
497 | 24.242.176.154 | mail.baemmons.com | High
|
||||
498 | 24.243.74.242 | mta-24-243-74-242.stx.rr.com | High
|
||||
499 | 24.244.4.167 | - | High
|
||||
500 | 24.247.22.14 | 024-247-022-014.biz.spectrum.com | High
|
||||
501 | 24.247.22.234 | mail.ascomnorth.com | High
|
||||
502 | 24.247.135.42 | 024-247-135-042.biz.spectrum.com | High
|
||||
503 | 24.247.135.43 | 024-247-135-043.biz.spectrum.com | High
|
||||
504 | 32.44.6.18 | mail.naroy.kommune.no | High
|
||||
505 | 32.44.6.19 | - | High
|
||||
506 | 38.161.171.4 | - | High
|
||||
507 | 38.161.171.5 | - | High
|
||||
508 | 38.161.171.6 | - | High
|
||||
509 | 38.161.171.7 | - | High
|
||||
510 | 38.161.171.9 | - | High
|
||||
511 | 38.161.171.11 | - | High
|
||||
512 | 38.161.171.15 | - | High
|
||||
513 | 38.161.171.25 | - | High
|
||||
514 | 38.161.171.39 | - | High
|
||||
515 | 53.73.193.192 | - | High
|
||||
516 | 61.8.7.41 | - | High
|
||||
517 | 61.8.23.19 | - | High
|
||||
518 | 61.8.24.137 | - | High
|
||||
519 | 61.8.238.252 | 61.8.238-252.unknown.starhub.net.sg | High
|
||||
520 | 61.8.251.92 | 61.8.251-92.unknown.starhub.net.sg | High
|
||||
521 | 61.9.8.225 | - | High
|
||||
522 | 61.9.26.2 | - | High
|
||||
523 | 61.9.121.251 | - | High
|
||||
524 | 61.9.121.253 | - | High
|
||||
525 | 61.11.6.129 | 61.11.6.129.static.vsnl.net.in | High
|
||||
526 | 61.11.11.137 | 61.11.11.137.static.vsnl.net.in | High
|
||||
527 | 61.11.12.69 | 61.11.12.69.static.vsnl.net.in | High
|
||||
528 | 61.11.15.1 | 61.11.15.1.static.vsnl.net.in | High
|
||||
529 | 61.11.15.251 | 61.11.15.251.static.vsnl.net.in | High
|
||||
530 | 61.11.16.24 | 61.11.16.24.bb-static.vsnl.net.in | High
|
||||
531 | 61.11.18.178 | 61.11.18.178.bb-static.vsnl.net.in | High
|
||||
532 | 61.11.21.27 | 61.11.21.27.static.vsnl.net.in | High
|
||||
533 | 61.11.23.1 | 61.11.23.1.static.vsnl.net.in | High
|
||||
534 | 61.11.23.65 | 61.11.23.65.static.vsnl.net.in | High
|
||||
535 | 61.11.26.142 | 61.11.26.142.static.vsnl.net.in | High
|
||||
536 | 61.11.32.53 | 61.11.32.53.static.vsnl.net.in | High
|
||||
537 | 61.11.33.35 | 61.11.33.35-bb.static.vsnl.net.in | High
|
||||
538 | 61.11.33.56 | 61.11.33.56-bb.static.vsnl.net.in | High
|
||||
539 | 61.11.33.87 | 61.11.33.87-bb.static.vsnl.net.in | High
|
||||
540 | 61.11.46.14 | 61.11.46.14.static.vsnl.net.in | High
|
||||
541 | 61.11.48.65 | 61.11.48.65.static.vsnl.net.in | High
|
||||
542 | 61.11.48.89 | 61.11.48.89.static.vsnl.net.in | High
|
||||
543 | 61.11.48.143 | 61.11.48.143.static.vsnl.net.in | High
|
||||
544 | 61.11.48.152 | 61.11.48.152.static.vsnl.net.in | High
|
||||
545 | 61.11.52.82 | 61.11.52.82.static.vsnl.net.in | High
|
||||
546 | 61.11.57.181 | 61.11.57.181.static.vsnl.net.in | High
|
||||
547 | 61.11.73.128 | 61.11.73.128.static.vsnl.net.in | High
|
||||
548 | 61.11.74.25 | 61.11.74.25.static.vsnl.net.in | High
|
||||
549 | 61.11.74.31 | 61.11.74.31.static.vsnl.net.in | High
|
||||
550 | 61.11.75.2 | 61.11.75.2.static.vsnl.net.in | High
|
||||
551 | 61.11.75.128 | 61.11.75.128.static.vsnl.net.in | High
|
||||
552 | 61.11.75.131 | 61.11.75.131.static.vsnl.net.in | High
|
||||
553 | 61.11.75.176 | 61.11.75.176.static.vsnl.net.in | High
|
||||
554 | 61.11.77.172 | 61.11.77.172.static.vsnl.net.in | High
|
||||
555 | 61.11.78.188 | 61.11.78.188.static.vsnl.net.in | High
|
||||
556 | 61.11.81.216 | 61.11.81.216.static.vsnl.net.in | High
|
||||
557 | 61.11.82.97 | 61.11.82.97.static.vsnl.net.in | High
|
||||
558 | 61.11.231.9 | - | High
|
||||
559 | 61.11.244.26 | - | High
|
||||
560 | 61.13.35.196 | - | High
|
||||
561 | 61.13.68.152 | - | High
|
||||
562 | 61.13.136.34 | - | High
|
||||
563 | 61.13.136.75 | - | High
|
||||
564 | 61.13.161.25 | - | High
|
||||
565 | 61.13.161.252 | - | High
|
||||
566 | 61.14.66.66 | - | High
|
||||
567 | 61.15.14.187 | cm61-15-14-187.hkcable.com.hk | High
|
||||
568 | 61.15.42.149 | cm61-15-42-149.hkcable.com.hk | High
|
||||
569 | 61.15.45.46 | cm61-15-45-46.hkcable.com.hk | High
|
||||
570 | 61.15.49.243 | cm61-15-49-243.hkcable.com.hk | High
|
||||
571 | 61.15.135.85 | cm61-15-135-85.hkcable.com.hk | High
|
||||
572 | 61.16.7.133 | - | High
|
||||
573 | 61.16.14.4 | - | High
|
||||
574 | 61.16.36.162 | - | High
|
||||
575 | 61.16.51.219 | - | High
|
||||
576 | 61.18.129.244 | cm61-18-129-244.hkcable.com.hk | High
|
||||
577 | 61.22.86.173 | 61-22-86-173.rev.home.ne.jp | High
|
||||
578 | 61.24.242.19 | 61-24-242-19.rev.home.ne.jp | High
|
||||
579 | 61.24.251.12 | 61-24-251-12.rev.home.ne.jp | High
|
||||
580 | 61.25.118.148 | 61-25-118-148.rev.home.ne.jp | High
|
||||
581 | 61.26.211.212 | 61-26-211-212.rev.home.ne.jp | High
|
||||
582 | 61.36.219.141 | mail.bujeon.com | High
|
||||
583 | 61.36.219.143 | smf.bujeon.com | High
|
||||
584 | 61.39.251.227 | - | High
|
||||
585 | 61.56.136.14 | 61-56-136-14.static.so-net.net.tw | High
|
||||
586 | 61.59.34.1 | h1-61-59-34.aceway.com.tw | High
|
||||
587 | 61.59.45.159 | h159-61-59-45.seed.net.tw | High
|
||||
588 | 61.74.49.3 | - | High
|
||||
589 | 61.74.49.4 | - | High
|
||||
590 | 61.74.65.97 | - | High
|
||||
591 | 61.74.65.98 | - | High
|
||||
592 | 61.74.67.133 | - | High
|
||||
593 | 61.74.69.28 | - | High
|
||||
594 | 61.74.69.32 | - | High
|
||||
595 | 61.75.194.1 | - | High
|
||||
596 | 61.84.224.251 | - | High
|
||||
597 | 61.88.8.11 | mail.mbav.com.au | High
|
||||
598 | 61.95.33.6 | bris1.wafreight.com.au | High
|
||||
599 | 61.96.55.2 | - | High
|
||||
600 | 61.113.15.131 | - | High
|
||||
601 | 61.113.176.225 | proxy1.drugeleven.com | High
|
||||
602 | 61.115.88.243 | g243.61-115-88.ppp.wakwak.ne.jp | High
|
||||
603 | 61.115.89.124 | g124.61-115-89.ppp.wakwak.ne.jp | High
|
||||
604 | 61.115.89.254 | g254.61-115-89.ppp.wakwak.ne.jp | High
|
||||
605 | 61.117.45.51 | M045051.ppp.dion.ne.jp | High
|
||||
606 | 61.117.134.34 | - | High
|
||||
607 | 61.119.44.98 | - | High
|
||||
608 | 61.122.176.132 | - | High
|
||||
609 | 61.125.112.119 | zaq3d7d7077.rev.zaq.ne.jp | High
|
||||
610 | 61.127.239.244 | - | High
|
||||
611 | 61.129.72.219 | - | High
|
||||
612 | 61.129.121.25 | - | High
|
||||
613 | 61.129.121.27 | - | High
|
||||
614 | 61.131.47.2 | - | High
|
||||
615 | 61.131.48.219 | - | High
|
||||
616 | 61.132.4.116 | - | High
|
||||
617 | 61.132.12.51 | - | High
|
||||
618 | 61.132.52.19 | - | High
|
||||
619 | 61.133.63.129 | - | High
|
||||
620 | 61.133.87.19 | - | High
|
||||
621 | 61.133.117.68 | - | High
|
||||
622 | 61.133.229.162 | - | High
|
||||
623 | 61.135.131.4 | - | High
|
||||
624 | 61.135.131.5 | - | High
|
||||
625 | 61.135.134.4 | - | High
|
||||
626 | 61.136.16.228 | - | High
|
||||
627 | 61.136.152.56 | - | High
|
||||
628 | 61.136.226.78 | - | High
|
||||
629 | 61.137.78.147 | - | High
|
||||
630 | 61.137.91.59 | - | High
|
||||
631 | 61.142.15.15 | - | High
|
||||
632 | 61.142.15.163 | - | High
|
||||
633 | 61.142.169.98 | - | High
|
||||
634 | 61.142.242.52 | - | High
|
||||
635 | 61.143.54.4 | - | High
|
||||
636 | 61.143.54.123 | - | High
|
||||
637 | 61.144.61.18 | - | High
|
||||
638 | 61.145.75.178 | - | High
|
||||
639 | 61.145.223.226 | - | High
|
||||
640 | 61.146.34.138 | - | High
|
||||
641 | 61.151.251.199 | - | High
|
||||
642 | 61.153.117.243 | - | High
|
||||
643 | 61.153.192.242 | - | High
|
||||
644 | 61.153.197.78 | - | High
|
||||
645 | 61.153.225.66 | - | High
|
||||
646 | 61.153.225.253 | - | High
|
||||
647 | 61.153.228.154 | - | High
|
||||
648 | 61.156.17.164 | - | High
|
||||
649 | 61.156.24.137 | - | High
|
||||
650 | 61.156.35.53 | - | High
|
||||
651 | 61.157.184.28 | 28.184.157.61.dial.dy.sc.dynamic.163data.com.cn | High
|
||||
652 | 61.158.185.39 | 39.185.158.61.ha.cnc | High
|
||||
653 | 61.159.174.31 | - | High
|
||||
654 | 61.159.174.82 | - | High
|
||||
655 | 61.159.224.3 | - | High
|
||||
656 | 61.159.224.11 | - | High
|
||||
657 | 61.159.235.36 | - | High
|
||||
658 | 61.163.229.38 | hn.ly.kd.adsl | High
|
||||
659 | 61.166.55.178 | - | High
|
||||
660 | 61.167.93.232 | - | High
|
||||
661 | 61.167.241.54 | - | High
|
||||
662 | 61.172.195.167 | - | High
|
||||
663 | 61.172.247.85 | - | High
|
||||
664 | 61.175.132.115 | - | High
|
||||
665 | 61.175.152.37 | - | High
|
||||
666 | 61.175.211.198 | - | High
|
||||
667 | 61.175.235.112 | - | High
|
||||
668 | 61.175.243.61 | - | High
|
||||
669 | 61.177.116.175 | - | High
|
||||
670 | 61.177.173.8 | - | High
|
||||
671 | 61.178.31.2 | - | High
|
||||
672 | 61.178.31.14 | - | High
|
||||
673 | 61.179.117.184 | - | High
|
||||
674 | 61.179.124.116 | - | High
|
||||
675 | 61.182.238.7 | hebei.182.61.in-addr.arpa | High
|
||||
676 | 61.182.248.38 | hebei.182.61.in-addr.arpa | High
|
||||
677 | 61.184.246.153 | - | High
|
||||
678 | 61.185.92.125 | - | High
|
||||
679 | 61.185.212.54 | - | High
|
||||
680 | 61.185.255.4 | - | High
|
||||
681 | 61.187.55.67 | - | High
|
||||
682 | 61.188.177.11 | 11.177.188.61.broad.nj.sc.dynamic.163data.com.cn | High
|
||||
683 | 61.188.216.53 | 53.216.188.61.broad.nj.sc.dynamic.163data.com.cn | High
|
||||
684 | 61.191.74.149 | - | High
|
||||
685 | 61.193.113.37 | FL1-61-193-113-37.okn.mesh.ad.jp | High
|
||||
686 | 61.214.231.227 | p1003-ipadfx01kamokounan.kagoshima.ocn.ne.jp | High
|
||||
687 | 61.218.227.34 | 61-218-227-34.hinet-ip.hinet.net | High
|
||||
688 | 61.221.55.129 | 61-221-55-129.hinet-ip.hinet.net | High
|
||||
689 | 61.242.153.194 | - | High
|
||||
690 | 62.1.92.29 | 62.1.92.29.dsl.dyn.forthnet.gr | High
|
||||
691 | 62.2.157.242 | 62-2-157-242.static.cablecom.ch | High
|
||||
692 | 62.2.186.238 | 62-2-186-238.static.cablecom.ch | High
|
||||
693 | 62.3.6.18 | - | High
|
||||
694 | 62.3.7.2 | - | High
|
||||
695 | 62.3.34.227 | - | High
|
||||
696 | 62.3.38.34 | host-62-3-38-34.mik24.pl | High
|
||||
697 | 62.3.44.179 | - | High
|
||||
698 | 62.3.45.196 | - | High
|
||||
699 | 62.4.7.172 | - | High
|
||||
700 | 62.4.22.39 | ns1.cordoweb.net | High
|
||||
701 | 62.5.151.18 | - | High
|
||||
702 | 62.5.154.194 | 62.5.154.194.in-addr.mtu.ru | High
|
||||
703 | 62.5.157.66 | - | High
|
||||
704 | 62.5.178.194 | - | High
|
||||
705 | 62.5.254.66 | - | High
|
||||
706 | 62.6.148.234 | gateway.constantiapack.co.uk | High
|
||||
707 | 62.6.251.122 | - | High
|
||||
708 | 62.7.227.98 | mail.louvolite.com | High
|
||||
709 | 62.8.198.34 | ft1200.symposion.de | High
|
||||
710 | 62.8.239.178 | mail.lisardo.de | High
|
||||
711 | 62.12.32.74 | - | High
|
||||
712 | 62.13.18.68 | - | High
|
||||
713 | 62.13.193.16 | web01.comcenter.at | High
|
||||
714 | 62.17.129.196 | mail.italliancegroup.com | High
|
||||
715 | 62.22.144.169 | mail.mmedios.com | High
|
||||
716 | 62.23.49.17 | host.17.49.23.62.rev.coltfrance.com | High
|
||||
717 | 62.23.87.51 | host.51.87.23.62.rev.coltfrance.com | High
|
||||
718 | 62.24.87.84 | ip-62-24-87-84.net.upcbroadband.cz | High
|
||||
719 | 62.24.87.138 | ip-62-24-87-138.net.upcbroadband.cz | High
|
||||
720 | ... | ... | ...
|
||||
|
||||
There are 2877 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Shadowcrew. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1068 | Execution with Unnecessary Privileges | High
|
||||
2 | T1222 | Permission Issues | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Shadowcrew. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/kerbynet` | High
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | Library | `slogin_lib.inc.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
|
||||
* https://ddanchev.blogspot.com/2022/01/exposing-portfolio-of-shadow-crew.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -24,11 +24,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 109.236.85.152 | customer.worldstream.nl | High
|
||||
2 | 144.91.65.100 | vmi652772.contaboserver.net | High
|
||||
3 | 144.91.91.236 | vmi512038.contaboserver.net | High
|
||||
4 | 144.126.141.41 | vmi627176.contaboserver.net | High
|
||||
5 | 149.248.52.61 | 149.248.52.61.vultr.com | Medium
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -55,13 +53,9 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `books.php` | Medium
|
||||
5 | File | `data/gbconfiguration.dat` | High
|
||||
6 | File | `exit.php` | Medium
|
||||
7 | File | `filter.php` | Medium
|
||||
8 | File | `goto.php` | Medium
|
||||
9 | File | `guestbook.cgi` | High
|
||||
10 | File | `inc/config.php` | High
|
||||
11 | ... | ... | ...
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 39 more IOA items available. Please use our online service to access the data.
|
||||
There are 43 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -79,4 +73,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# SilverFish - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [SilverFish](https://vuldb.com/?actor.silverfish). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [SilverFish](https://vuldb.com/?actor.silverfish). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.silverfish](https://vuldb.com/?actor.silverfish)
|
||||
|
||||
|
@ -36,15 +36,9 @@ ID | IP address | Hostname | Confidence
|
|||
7 | 79.110.52.139 | - | High
|
||||
8 | 79.110.52.140 | - | High
|
||||
9 | 81.4.122.101 | comet.v1sor.com | High
|
||||
10 | 84.38.183.45 | spb-1.podivilov.ru | High
|
||||
11 | 91.219.239.43 | no-hostname.serverastra.com | High
|
||||
12 | 91.219.239.54 | no-hostname.serverastra.com | High
|
||||
13 | 104.128.228.76 | - | High
|
||||
14 | 130.0.232.194 | - | High
|
||||
15 | 130.0.233.91 | - | High
|
||||
16 | ... | ... | ...
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 29 more IOC items available. Please use our online service to access the data.
|
||||
There are 35 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -55,10 +49,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -76,9 +69,39 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/error` | Low
|
||||
9 | File | `/etc/config/rpcd` | High
|
||||
10 | File | `/frontend/x3/cpanelpro/filelist-thumbs.html` | High
|
||||
11 | ... | ... | ...
|
||||
11 | File | `/goform/saveParentControlInfo` | High
|
||||
12 | File | `/htdocs/admin/dict.php?id=3` | High
|
||||
13 | File | `/includes/rrdtool.inc.php` | High
|
||||
14 | File | `/index.php/weblinks-categories` | High
|
||||
15 | File | `/module/module_frame/index.php` | High
|
||||
16 | File | `/nidp/app/login` | High
|
||||
17 | File | `/proc` | Low
|
||||
18 | File | `/redpass.cgi` | Medium
|
||||
19 | File | `/rom-0` | Low
|
||||
20 | File | `/sbin/conf.d/SuSEconfig.javarunt` | High
|
||||
21 | File | `/setSystemAdmin` | High
|
||||
22 | File | `/sgms/mainPage` | High
|
||||
23 | File | `/tmp` | Low
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/user-utils/users/md5.json` | High
|
||||
26 | File | `/usr/lib/utmp_update` | High
|
||||
27 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
28 | File | `/wp-admin` | Medium
|
||||
29 | File | `1.9.5\controllers\member\ContentController.php` | High
|
||||
30 | File | `2020\Messages\SDNotify.exe` | High
|
||||
31 | File | `admin/admin_disallow.php` | High
|
||||
32 | File | `admin/Login.php` | High
|
||||
33 | File | `admin/plugin-index.php` | High
|
||||
34 | File | `administration` | High
|
||||
35 | File | `administrative` | High
|
||||
36 | File | `Alias.asmx` | Medium
|
||||
37 | File | `android/webkit/SearchBoxImpl.java` | High
|
||||
38 | File | `aolfix.exe` | Medium
|
||||
39 | File | `AudioService.java` | High
|
||||
40 | File | `awhost32.exe` | Medium
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 381 more IOA items available. Please use our online service to access the data.
|
||||
There are 356 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -91,9 +114,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Snatch - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Snatch](https://vuldb.com/?actor.snatch). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Snatch](https://vuldb.com/?actor.snatch). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.snatch](https://vuldb.com/?actor.snatch)
|
||||
|
||||
|
@ -9,8 +9,8 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Snatch:
|
||||
|
||||
* US
|
||||
* BE
|
||||
* RU
|
||||
* BE
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
@ -23,7 +23,7 @@ ID | IP address | Hostname | Confidence
|
|||
-- | ---------- | -------- | ----------
|
||||
1 | 37.59.146.180 | ip180.ip-37-59-146.eu | High
|
||||
2 | 45.147.228.91 | - | High
|
||||
3 | 67.211.209.151 | vps457349.trouble-free.net | High
|
||||
3 | 67.211.209.151 | vps2367725.trouble-free.net | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 5 more IOC items available. Please use our online service to access the data.
|
||||
|
@ -48,15 +48,9 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/export` | Low
|
||||
3 | File | `/tmp` | Low
|
||||
4 | File | `backupmgt/pre_connect_check.php` | High
|
||||
5 | File | `breadcrumbs_create.php` | High
|
||||
6 | File | `drivers/tty/n_tty.c` | High
|
||||
7 | File | `http/impl/client/HttpClientBuilder.java` | High
|
||||
8 | File | `member/Orderinfo.asp` | High
|
||||
9 | File | `mod_login.asp` | High
|
||||
10 | File | `protocol.csp?function=set&fname=security&opt=mac_table` | High
|
||||
11 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 20 more IOA items available. Please use our online service to access the data.
|
||||
There are 31 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -68,9 +62,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Sofacy - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Sofacy](https://vuldb.com/?actor.sofacy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Sofacy](https://vuldb.com/?actor.sofacy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.sofacy](https://vuldb.com/?actor.sofacy)
|
||||
|
||||
|
@ -20,7 +20,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* AR
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -31,11 +31,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 1.6.3.8 | - | High
|
||||
2 | 23.0.0.185 | a23-0-0-185.deploy.static.akamaitechnologies.com | High
|
||||
3 | 40.112.210.240 | - | High
|
||||
4 | 86.106.131.177 | - | High
|
||||
5 | 89.45.67.20 | - | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -62,13 +60,9 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/uncpath/` | Medium
|
||||
5 | File | `actions/doreport.php` | High
|
||||
6 | File | `actions/main.php` | High
|
||||
7 | File | `actions/nominatemedal.php` | High
|
||||
8 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
9 | File | `at/create_job.cgi` | High
|
||||
10 | File | `base/ErrorHandler.php` | High
|
||||
11 | ... | ... | ...
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 41 more IOA items available. Please use our online service to access the data.
|
||||
There are 46 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -84,9 +78,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# SoreFang - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [SoreFang](https://vuldb.com/?actor.sorefang). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [SoreFang](https://vuldb.com/?actor.sorefang). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.sorefang](https://vuldb.com/?actor.sorefang)
|
||||
|
||||
|
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Spalax - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Spalax](https://vuldb.com/?actor.spalax). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Spalax](https://vuldb.com/?actor.spalax). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.spalax](https://vuldb.com/?actor.spalax)
|
||||
|
||||
|
@ -40,16 +40,9 @@ ID | IP address | Hostname | Confidence
|
|||
11 | 181.52.102.87 | static-ip-cr18152010287.cable.net.co | High
|
||||
12 | 181.52.103.140 | static-ip-cr181520103140.cable.net.co | High
|
||||
13 | 181.52.104.2 | static-ip-cr1815201042.cable.net.co | High
|
||||
14 | 181.52.107.55 | static-ip-cr18152010755.cable.net.co | High
|
||||
15 | 181.52.108.50 | static-ip-cr18152010850.cable.net.co | High
|
||||
16 | 181.52.110.207 | static-ip-cr181520110207.cable.net.co | High
|
||||
17 | 181.52.113.57 | static-ip-18152011357.cable.net.co | High
|
||||
18 | 181.52.113.83 | static-ip-18152011383.cable.net.co | High
|
||||
19 | 181.52.113.142 | static-ip-181520113142.cable.net.co | High
|
||||
20 | 181.52.113.157 | static-ip-181520113157.cable.net.co | High
|
||||
21 | ... | ... | ...
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 45 more IOC items available. Please use our online service to access the data.
|
||||
There are 52 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -62,7 +55,7 @@ ID | Technique | Description | Confidence
|
|||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -73,16 +66,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/.ssh/authorized_keys` | High
|
||||
2 | File | `/uncpath/` | Medium
|
||||
3 | File | `add_edit_user.asp` | High
|
||||
4 | File | `shop.pl` | Low
|
||||
5 | File | `viewtopic.asp` | High
|
||||
6 | File | `wp-includes/class-wp-query.php` | High
|
||||
7 | Argument | `command` | Low
|
||||
8 | Argument | `forumid` | Low
|
||||
9 | Argument | `Name` | Low
|
||||
10 | Argument | `page` | Low
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 5 more IOA items available. Please use our online service to access the data.
|
||||
There are 12 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -94,9 +80,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# SpyEye - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [SpyEye](https://vuldb.com/?actor.spyeye). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [SpyEye](https://vuldb.com/?actor.spyeye). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.spyeye](https://vuldb.com/?actor.spyeye)
|
||||
|
||||
|
@ -38,12 +38,9 @@ ID | IP address | Hostname | Confidence
|
|||
15 | 76.76.107.74 | - | High
|
||||
16 | 77.79.4.200 | - | High
|
||||
17 | 77.79.10.93 | - | High
|
||||
18 | 77.232.82.24 | - | High
|
||||
19 | 77.235.60.79 | - | High
|
||||
20 | 77.235.60.159 | - | High
|
||||
21 | ... | ... | ...
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 63 more IOC items available. Please use our online service to access the data.
|
||||
There are 66 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -64,19 +61,22 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/forum/away.php` | High
|
||||
2 | File | `/modules/registration_admission/patient_register.php` | High
|
||||
3 | File | `/Tools/tools_admin.htm` | High
|
||||
4 | File | `adm/krgourl.php` | High
|
||||
5 | File | `admin.php` | Medium
|
||||
6 | File | `administers` | Medium
|
||||
7 | File | `catchsegv` | Medium
|
||||
8 | File | `classes/SystemSettings.php` | High
|
||||
9 | File | `classified.php` | High
|
||||
10 | File | `coders/mat.c` | Medium
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/forgetpassword.php` | High
|
||||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `/modules/registration_admission/patient_register.php` | High
|
||||
4 | File | `/Tools/tools_admin.htm` | High
|
||||
5 | File | `adm/krgourl.php` | High
|
||||
6 | File | `admin.php` | Medium
|
||||
7 | File | `admin/conf_users_edit.php` | High
|
||||
8 | File | `administers` | Medium
|
||||
9 | File | `btif_hd.cc` | Medium
|
||||
10 | File | `catchsegv` | Medium
|
||||
11 | File | `classes/SystemSettings.php` | High
|
||||
12 | File | `classified.php` | High
|
||||
13 | File | `coders/mat.c` | Medium
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 107 more IOA items available. Please use our online service to access the data.
|
||||
There are 112 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -88,9 +88,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Stolen Pencil - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Stolen Pencil](https://vuldb.com/?actor.stolen_pencil). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Stolen Pencil](https://vuldb.com/?actor.stolen_pencil). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.stolen_pencil](https://vuldb.com/?actor.stolen_pencil)
|
||||
|
||||
|
@ -49,17 +49,12 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/forum/away.php` | High
|
||||
2 | File | `/horde/util/go.php` | High
|
||||
3 | File | `/systemrw/` | Medium
|
||||
4 | File | `/tmp/supp_log` | High
|
||||
5 | File | `ActivityStarter.java` | High
|
||||
6 | File | `admin/index.php` | High
|
||||
7 | File | `comment_add.asp` | High
|
||||
8 | File | `csv.h` | Low
|
||||
9 | File | `data/gbconfiguration.dat` | High
|
||||
10 | File | `inc/config.php` | High
|
||||
11 | ... | ... | ...
|
||||
3 | File | `/secure/EditSubscription.jspa` | High
|
||||
4 | File | `/systemrw/` | Medium
|
||||
5 | File | `/tmp/supp_log` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 28 more IOA items available. Please use our online service to access the data.
|
||||
There are 36 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -71,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Subaat - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Subaat](https://vuldb.com/?actor.subaat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Subaat](https://vuldb.com/?actor.subaat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.subaat](https://vuldb.com/?actor.subaat)
|
||||
|
||||
|
@ -40,12 +40,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/uncpath/` | Medium
|
||||
2 | File | `app/controllers/frontend/PostController.php` | High
|
||||
3 | File | `inc/config.php` | High
|
||||
4 | File | `www/soap/application/MCSoap/Logs.php` | High
|
||||
5 | Argument | `basePath` | Medium
|
||||
6 | Argument | `score` | Low
|
||||
7 | Input Value | `%00` | Low
|
||||
8 | Input Value | `::$Index_Allocation` | High
|
||||
9 | Network Port | `Web Server Port` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -57,9 +54,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue