Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update April 2024

This commit is contained in:
Marc Ruef 2024-04-03 08:35:18 +02:00
parent b8d825374e
commit d5bedf2ef2
775 changed files with 99927 additions and 93681 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
actors/ X-Files Stealer/README.md Normal file
View File

@ -0,0 +1,44 @@
# X-Files Stealer - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ X-Files Stealer](https://vuldb.com/?actor._x-files_stealer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor._x-files_stealer](https://vuldb.com/?actor._x-files_stealer)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with X-Files Stealer:
* [US](https://vuldb.com/?country.us)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of X-Files Stealer.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [91.92.240.39](https://vuldb.com/?ip.91.92.240.39) | - | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _ X-Files Stealer_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1055 | CWE-74 | Injection | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://tria.ge/240119-wprzjabfb4
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

64
actors/.IMG Files/README.md Normal file
View File

@ -0,0 +1,64 @@
# .IMG Files - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [.IMG Files](https://vuldb.com/?actor..img_files). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor..img_files](https://vuldb.com/?actor..img_files)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with .IMG Files:
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [DE](https://vuldb.com/?country.de)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of .IMG Files.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [185.101.94.172](https://vuldb.com/?ip.185.101.94.172) | kruxaw.de | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _.IMG Files_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
2 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
3 | T1505 | CWE-89 | SQL Injection | High
4 | ... | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by .IMG Files. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/uncpath/` | Medium
2 | File | `PARAM.SFO` | Medium
3 | File | `prod.php` | Medium
4 | ... | ... | ...
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://blogs.cisco.com/security/disk-image-deception-incident-response
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
actors/00536d/README.md
View File

@ -32,7 +32,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | ... | ... | ... | ...

14
actors/0ktapus/README.md
View File

@ -43,7 +43,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-24 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
@ -101,14 +101,14 @@ ID | Type | Indicator | Confidence
43 | File | `/donor-wall` | Medium
44 | File | `/ebics-server/ebics.aspx` | High
45 | File | `/esbus/servlet/GetSQLData` | High
46 | File | `/film-rating.php` | High
47 | File | `/forum/away.php` | High
48 | File | `/friends/ajax_invite` | High
49 | File | `/goform/aspForm` | High
50 | File | `/goform/formLogin` | High
46 | File | `/EXCU_SHELL` | Medium
47 | File | `/film-rating.php` | High
48 | File | `/forum/away.php` | High
49 | File | `/friends/ajax_invite` | High
50 | File | `/goform/aspForm` | High
51 | ... | ... | ...
There are 444 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 446 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

96
actors/8220 Gang/README.md
View File

@ -17,10 +17,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [RU](https://vuldb.com/?country.ru)
* [SE](https://vuldb.com/?country.se)
* [TR](https://vuldb.com/?country.tr)
* ...
There are 11 more country items available. Please use our online service to access the data.
There are 13 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -31,10 +31,11 @@ ID | IP address | Hostname | Campaign | Confidence
1 | [5.42.67.29](https://vuldb.com/?ip.5.42.67.29) | - | - | High
2 | [51.79.175.139](https://vuldb.com/?ip.51.79.175.139) | vps-dc8b0481.vps.ovh.ca | CVE-2022-26134 | High
3 | [51.255.171.23](https://vuldb.com/?ip.51.255.171.23) | vps-fc1a1567.vps.ovh.net | CVE-2022-26134 | High
4 | [79.110.62.23](https://vuldb.com/?ip.79.110.62.23) | - | CVE-2019-2725 | High
5 | ... | ... | ... | ...
4 | [77.91.84.42](https://vuldb.com/?ip.77.91.84.42) | goodvpn.aeza.network | - | High
5 | [79.110.62.23](https://vuldb.com/?ip.79.110.62.23) | - | CVE-2019-2725 | High
6 | ... | ... | ... | ...
There are 15 more IOC items available. Please use our online service to access the data.
There are 18 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -42,14 +43,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-264, CWE-266, CWE-267, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 19 more TTP items available. Please use our online service to access the data.
There are 21 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -59,35 +60,51 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%PROGRAMFILES%\MyQ\PHP\Sessions\` | High
2 | File | `.htaccess` | Medium
3 | File | `/alphaware/summary.php` | High
4 | File | `/brand.php` | Medium
5 | File | `/cgi-bin/web_index.cgi?lang=en&src=AwSystem.html&ertqVvnKV4TjU9Vt` | High
6 | File | `/common/info.cgi` | High
7 | File | `/control/stream` | High
8 | File | `/cupseasylive/countrymodify.php` | High
9 | File | `/domains/list` | High
10 | File | `/forum/away.php` | High
11 | File | `/index.php/weblinks-categories` | High
12 | File | `/LoginRegistration.php` | High
13 | File | `/member/ad.php?action=ad` | High
14 | File | `/MicroStrategyWS/happyaxis.jsp` | High
15 | File | `/phppath/php` | Medium
16 | File | `/product_list.php` | High
17 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
18 | File | `/spip.php` | Medium
19 | File | `/src/admin/content_batchup_action.php` | High
20 | File | `/tmp` | Low
21 | File | `/ucms/chk.php` | High
22 | File | `/uncpath/` | Medium
23 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
25 | File | `add-category.php` | High
26 | File | `admin/bitrix.xscan_worker.php` | High
27 | File | `admin/content/postcategory` | High
28 | File | `admin/index.php` | High
29 | ... | ... | ...
3 | File | `//proc/kcore` | Medium
4 | File | `/admin.php/Admin/adminadd.html` | High
5 | File | `/admin/about-us.php` | High
6 | File | `/admin/action/delete-vaccine.php` | High
7 | File | `/Admin/add-student.php` | High
8 | File | `/admin/index2.html` | High
9 | File | `/admin/settings/save.php` | High
10 | File | `/admin/userprofile.php` | High
11 | File | `/alphaware/summary.php` | High
12 | File | `/api/baskets/{name}` | High
13 | File | `/app/index/controller/Common.php` | High
14 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
15 | File | `/apply.cgi` | Medium
16 | File | `/bitrix/admin/ldap_server_edit.php` | High
17 | File | `/brand.php` | Medium
18 | File | `/cgi-bin/wlogin.cgi` | High
19 | File | `/College/admin/teacher.php` | High
20 | File | `/common/info.cgi` | High
21 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
22 | File | `/cupseasylive/countrymodify.php` | High
23 | File | `/dcim/rack-roles/` | High
24 | File | `/domains/list` | High
25 | File | `/forms/doLogin` | High
26 | File | `/forum/away.php` | High
27 | File | `/goform/addUserName` | High
28 | File | `/goform/aspForm` | High
29 | File | `/goform/delAd` | High
30 | File | `/goform/wifiSSIDset` | High
31 | File | `/gpac/src/bifs/unquantize.c` | High
32 | File | `/inc/topBarNav.php` | High
33 | File | `/index.asp` | Medium
34 | File | `/index.php` | Medium
35 | File | `/index.php/weblinks-categories` | High
36 | File | `/index.php?app=main&func=passport&action=login` | High
37 | File | `/kelas/data` | Medium
38 | File | `/listplace/user/ticket/create` | High
39 | File | `/LoginRegistration.php` | High
40 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
41 | File | `/member/ad.php?action=ad` | High
42 | File | `/Moosikay/order.php` | High
43 | File | `/novel/author/list` | High
44 | File | `/oauth/idp/.well-known/openid-configuration` | High
45 | ... | ... | ...
There are 245 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -95,6 +112,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://1275.ru/ioc/503/8220-botnet-iocs/
* https://asec.ahnlab.com/en/36820/
* https://asec.ahnlab.com/en/51568/
* https://blog.checkpoint.com/2022/06/09/crypto-miners-leveraging-atlassian-zero-day-vulnerability/
* https://github.com/uptycslabs/IOCs/blob/main/8220Gang
* https://www.sentinelone.com/blog/8220-gang-cloud-botnet-targets-misconfigured-cloud-workloads/

4
actors/ACBackdoor/README.md
View File

@ -28,8 +28,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
2 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
3 | T1202 | CWE-77 | Command Injection | High
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
3 | T1202 | CWE-77 | Command Shell in Externally Accessible Directory | High
4 | ... | ... | ... | ...
There are 4 more TTP items available. Please use our online service to access the data.

5
actors/AMOS/README.md
View File

@ -27,7 +27,7 @@ ID | IP address | Hostname | Campaign | Confidence
4 | [5.42.65.108](https://vuldb.com/?ip.5.42.65.108) | - | - | High
5 | ... | ... | ... | ...
There are 14 more IOC items available. Please use our online service to access the data.
There are 15 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -61,7 +61,7 @@ ID | Type | Indicator | Confidence
11 | File | `bb_usage_stats.php` | High
12 | ... | ... | ...
There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 92 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -77,6 +77,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://tracker.viriback.com/index.php?q=5.182.86.8
* https://tria.ge/240131-bq8nfsghb7/behavioral1
* https://tria.ge/240204-mqbt9sfdg3
* https://tria.ge/240310-nyz3hacd2y/behavioral1
* https://twitter.com/phd_phuc/status/1651002681798926337
* https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version

102
actors/APT-C-36/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [GB](https://vuldb.com/?country.gb)
* ...
There are 19 more country items available. Please use our online service to access the data.
There are 20 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -34,14 +34,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-425 | Path Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-36, CWE-425 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
There are 21 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -51,53 +51,55 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
2 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
3 | File | `/admin/save.php` | High
4 | File | `/admin/sys_sql_query.php` | High
5 | File | `/admin_route/dec_service_credits.php` | High
6 | File | `/api/baskets/{name}` | High
7 | File | `/api/download` | High
8 | File | `/api/v1/alerts` | High
9 | File | `/api/v1/terminal/sessions/?limit=1` | High
10 | File | `/api/v4/teams//channels/deleted` | High
11 | File | `/b2b-supermarket/shopping-cart` | High
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
13 | File | `/category.php` | High
14 | File | `/categorypage.php` | High
15 | File | `/cgi-bin/luci/api/wireless` | High
16 | File | `/cgi-bin/vitogate.cgi` | High
17 | File | `/change-language/de_DE` | High
18 | File | `/company/store` | High
19 | File | `/Content/Template/root/reverse-shell.aspx` | High
20 | File | `/Controller/Ajaxfileupload.ashx` | High
21 | File | `/core/conditions/AbstractWrapper.java` | High
22 | File | `/debug/pprof` | Medium
23 | File | `/devinfo` | Medium
24 | File | `/dist/index.js` | High
25 | File | `/etc/passwd` | Medium
26 | File | `/fcgi/scrut_fcgi.fcgi` | High
27 | File | `/forum/away.php` | High
28 | File | `/geoserver/gwc/rest.html` | High
29 | File | `/goform/formSysCmd` | High
30 | File | `/HNAP1` | Low
31 | File | `/hosts/firewall/ip` | High
32 | File | `/index.php/ccm/system/file/upload` | High
33 | File | `/jeecg-boot/sys/common/upload` | High
34 | File | `/log/decodmail.php` | High
35 | File | `/oauth/idp/.well-known/openid-configuration` | High
36 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
37 | File | `/php/ping.php` | High
38 | File | `/proxy` | Low
39 | File | `/recipe-result` | High
40 | File | `/register.do` | Medium
41 | File | `/RPS2019Service/status.html` | High
42 | File | `/s/index.php?action=statistics` | High
43 | File | `/Service/ImageStationDataService.asmx` | High
44 | File | `/setting` | Medium
45 | File | `/sicweb-ajax/tmproot/` | High
46 | File | `/spip.php` | Medium
47 | ... | ... | ...
3 | File | `/Account/login.php` | High
4 | File | `/admin/` | Low
5 | File | `/admin/save.php` | High
6 | File | `/adminapi/system/crud` | High
7 | File | `/adminapi/system/file/openfile` | High
8 | File | `/admin_route/dec_service_credits.php` | High
9 | File | `/api/baskets/{name}` | High
10 | File | `/api/download` | High
11 | File | `/api/v1/alerts` | High
12 | File | `/api/v1/terminal/sessions/?limit=1` | High
13 | File | `/api/v4/teams//channels/deleted` | High
14 | File | `/b2b-supermarket/shopping-cart` | High
15 | File | `/cancel.php` | Medium
16 | File | `/category.php` | High
17 | File | `/categorypage.php` | High
18 | File | `/cgi-bin/cstecgi.cgi` | High
19 | File | `/cgi-bin/luci/api/wireless` | High
20 | File | `/cgi-bin/vitogate.cgi` | High
21 | File | `/change-language/de_DE` | High
22 | File | `/Content/Template/root/reverse-shell.aspx` | High
23 | File | `/core/conditions/AbstractWrapper.java` | High
24 | File | `/debug/pprof` | Medium
25 | File | `/devinfo` | Medium
26 | File | `/dist/index.js` | High
27 | File | `/download` | Medium
28 | File | `/fcgi/scrut_fcgi.fcgi` | High
29 | File | `/forum/away.php` | High
30 | File | `/geoserver/gwc/rest.html` | High
31 | File | `/goform/formSysCmd` | High
32 | File | `/HNAP1` | Low
33 | File | `/hosts/firewall/ip` | High
34 | File | `/index.jsp#settings` | High
35 | File | `/index.php/ccm/system/file/upload` | High
36 | File | `/jeecg-boot/sys/common/upload` | High
37 | File | `/log/decodmail.php` | High
38 | File | `/oauth/idp/.well-known/openid-configuration` | High
39 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
40 | File | `/php/ping.php` | High
41 | File | `/proxy` | Low
42 | File | `/register.do` | Medium
43 | File | `/RPS2019Service/status.html` | High
44 | File | `/s/index.php?action=statistics` | High
45 | File | `/setting` | Medium
46 | File | `/Setting/change_password_save` | High
47 | File | `/sicweb-ajax/tmproot/` | High
48 | File | `/signup.php` | Medium
49 | ... | ... | ...
There are 406 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 421 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/APT10/README.md
View File

@ -72,7 +72,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
5 | ... | ... | ... | ...

2
actors/APT17/README.md
View File

@ -43,7 +43,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | ... | ... | ... | ...

4
actors/APT2/README.md
View File

@ -61,10 +61,10 @@ ID | Type | Indicator | Confidence
1 | File | `/admin/blog/blogcategory/add/?_to_field=id&_popup=1` | High
2 | File | `/bin/boa` | Medium
3 | File | `/DOWN/FIRMWAREUPDATE/ROM1` | High
4 | File | `admin/admin/adminsave.html` | High
4 | File | `/env` | Low
5 | ... | ... | ...
There are 29 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 30 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/APT27/README.md
View File

@ -48,7 +48,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...

204
actors/APT28/README.md
View File

@ -9,19 +9,19 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
The following _campaigns_ are known and can be associated with APT28:
* Carberp
* CVE-2020-35730 / CVE-2021-44026 / CVE-2020-12641
* CVE-2022-30190
* CVE-2023-23397
* ...
There are 6 more campaign items available. Please use our online service to access the data.
There are 7 more campaign items available. Please use our online service to access the data.
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT28:
* [VN](https://vuldb.com/?country.vn)
* [GB](https://vuldb.com/?country.gb)
* [RO](https://vuldb.com/?country.ro)
* [US](https://vuldb.com/?country.us)
* ...
There are 2 more country items available. Please use our online service to access the data.
@ -40,62 +40,64 @@ ID | IP address | Hostname | Campaign | Confidence
6 | [5.199.171.58](https://vuldb.com/?ip.5.199.171.58) | - | - | High
7 | [12.94.8.230](https://vuldb.com/?ip.12.94.8.230) | - | - | High
8 | [12.171.204.129](https://vuldb.com/?ip.12.171.204.129) | - | - | High
9 | [14.198.168.140](https://vuldb.com/?ip.14.198.168.140) | 014198168140.ctinets.com | CVE-2023-23397 | High
10 | [18.130.154.13](https://vuldb.com/?ip.18.130.154.13) | ec2-18-130-154-13.eu-west-2.compute.amazonaws.com | - | Medium
11 | [18.133.205.135](https://vuldb.com/?ip.18.133.205.135) | ec2-18-133-205-135.eu-west-2.compute.amazonaws.com | - | Medium
12 | [18.133.249.238](https://vuldb.com/?ip.18.133.249.238) | ec2-18-133-249-238.eu-west-2.compute.amazonaws.com | - | Medium
13 | [23.24.68.109](https://vuldb.com/?ip.23.24.68.109) | 23-24-68-109-static.hfc.comcastbusiness.net | - | High
14 | [23.88.228.248](https://vuldb.com/?ip.23.88.228.248) | - | - | High
15 | [23.163.0.59](https://vuldb.com/?ip.23.163.0.59) | naomi.rem2d.com | - | High
16 | [23.227.196.21](https://vuldb.com/?ip.23.227.196.21) | 23-227-196-21.static.hvvc.us | - | High
17 | [23.227.196.215](https://vuldb.com/?ip.23.227.196.215) | 23-227-196-215.static.hvvc.us | - | High
18 | [23.227.196.217](https://vuldb.com/?ip.23.227.196.217) | 23-227-196-217.static.hvvc.us | - | High
19 | [24.11.70.85](https://vuldb.com/?ip.24.11.70.85) | c-24-11-70-85.hsd1.ut.comcast.net | - | High
20 | [24.142.165.2](https://vuldb.com/?ip.24.142.165.2) | 024-142-165-002.biz.spectrum.com | CVE-2023-23397 | High
21 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | - | High
22 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | - | High
23 | [31.220.43.99](https://vuldb.com/?ip.31.220.43.99) | - | Sednit | High
24 | [31.220.61.251](https://vuldb.com/?ip.31.220.61.251) | - | - | High
25 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | - | High
26 | [42.98.5.225](https://vuldb.com/?ip.42.98.5.225) | 42-98-5-225.static.netvigator.com | CVE-2023-23397 | High
27 | [45.32.129.185](https://vuldb.com/?ip.45.32.129.185) | 45.32.129.185.vultr.com | - | Medium
28 | [45.32.227.21](https://vuldb.com/?ip.45.32.227.21) | 45.32.227.21.mobiltel.mx | - | High
29 | [45.64.105.23](https://vuldb.com/?ip.45.64.105.23) | - | - | High
30 | [45.83.90.11](https://vuldb.com/?ip.45.83.90.11) | - | CVE-2023-23397 | High
31 | [45.91.95.181](https://vuldb.com/?ip.45.91.95.181) | sks3.simoxap.xyz | CVE-2023-23397 | High
32 | [45.124.132.127](https://vuldb.com/?ip.45.124.132.127) | - | - | High
33 | [46.19.138.66](https://vuldb.com/?ip.46.19.138.66) | ab2.alchibasystems.in.net | - | High
34 | [46.21.147.55](https://vuldb.com/?ip.46.21.147.55) | 46-21-147-55.static.hvvc.us | - | High
35 | [46.21.147.71](https://vuldb.com/?ip.46.21.147.71) | 46-21-147-71.static.hvvc.us | - | High
36 | [46.21.147.76](https://vuldb.com/?ip.46.21.147.76) | 46-21-147-76.static.hvvc.us | - | High
37 | [46.148.17.227](https://vuldb.com/?ip.46.148.17.227) | - | - | High
38 | [46.166.162.90](https://vuldb.com/?ip.46.166.162.90) | - | Pawn Storm | High
39 | [46.183.217.74](https://vuldb.com/?ip.46.183.217.74) | ip-217-74.dataclub.info | Pawn Storm | High
40 | [50.173.136.70](https://vuldb.com/?ip.50.173.136.70) | c-50-173-136-70.unallocated.comcastbusiness.net | CVE-2023-23397 | High
41 | [51.38.128.110](https://vuldb.com/?ip.51.38.128.110) | vps-0a3489af.vps.ovh.net | - | High
42 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
43 | [51.254.158.57](https://vuldb.com/?ip.51.254.158.57) | - | - | High
44 | [54.37.104.106](https://vuldb.com/?ip.54.37.104.106) | piber.connectedlists.com | - | High
45 | [58.49.58.58](https://vuldb.com/?ip.58.49.58.58) | - | - | High
46 | [61.14.68.33](https://vuldb.com/?ip.61.14.68.33) | - | CVE-2023-23397 | High
47 | [61.68.76.111](https://vuldb.com/?ip.61.68.76.111) | 61-68-76-111.tpgi.com.au | - | High
48 | [62.4.36.126](https://vuldb.com/?ip.62.4.36.126) | - | CVE-2023-23397 | High
49 | [62.113.232.197](https://vuldb.com/?ip.62.113.232.197) | - | - | High
50 | [66.172.11.207](https://vuldb.com/?ip.66.172.11.207) | ip-66-172-11-207.chunkhost.com | Carberp | High
51 | [66.172.12.133](https://vuldb.com/?ip.66.172.12.133) | - | - | High
52 | [68.76.150.97](https://vuldb.com/?ip.68.76.150.97) | 68-76-150-97.lightspeed.hstntx.sbcglobal.net | - | High
53 | [69.12.73.174](https://vuldb.com/?ip.69.12.73.174) | 69.12.73.174.static.quadranet.com | Sednit | High
54 | [69.16.243.33](https://vuldb.com/?ip.69.16.243.33) | host.tecnode.com | - | High
55 | [69.28.64.137](https://vuldb.com/?ip.69.28.64.137) | - | - | High
56 | [69.51.2.106](https://vuldb.com/?ip.69.51.2.106) | - | CVE-2023-23397 | High
57 | [69.162.253.21](https://vuldb.com/?ip.69.162.253.21) | 69-162-253-21.utopiafiber.com | CVE-2023-23397 | High
58 | [70.85.221.10](https://vuldb.com/?ip.70.85.221.10) | server002.nilsson-it.dk | - | High
59 | [70.85.221.20](https://vuldb.com/?ip.70.85.221.20) | 14.dd.5546.static.theplanet.com | Pawn Storm | High
60 | [73.80.9.137](https://vuldb.com/?ip.73.80.9.137) | c-73-80-9-137.hsd1.nj.comcast.net | CVE-2023-23397 | High
61 | [74.208.228.186](https://vuldb.com/?ip.74.208.228.186) | u17669945.onlinehome-server.com | CVE-2023-23397 | High
62 | ... | ... | ... | ...
9 | [13.40.77.34](https://vuldb.com/?ip.13.40.77.34) | ec2-13-40-77-34.eu-west-2.compute.amazonaws.com | - | Medium
10 | [14.198.168.140](https://vuldb.com/?ip.14.198.168.140) | 014198168140.ctinets.com | CVE-2023-23397 | High
11 | [18.130.154.13](https://vuldb.com/?ip.18.130.154.13) | ec2-18-130-154-13.eu-west-2.compute.amazonaws.com | - | Medium
12 | [18.133.205.135](https://vuldb.com/?ip.18.133.205.135) | ec2-18-133-205-135.eu-west-2.compute.amazonaws.com | - | Medium
13 | [18.133.249.238](https://vuldb.com/?ip.18.133.249.238) | ec2-18-133-249-238.eu-west-2.compute.amazonaws.com | - | Medium
14 | [23.24.68.109](https://vuldb.com/?ip.23.24.68.109) | 23-24-68-109-static.hfc.comcastbusiness.net | - | High
15 | [23.88.228.248](https://vuldb.com/?ip.23.88.228.248) | - | - | High
16 | [23.163.0.59](https://vuldb.com/?ip.23.163.0.59) | naomi.rem2d.com | - | High
17 | [23.227.196.21](https://vuldb.com/?ip.23.227.196.21) | 23-227-196-21.static.hvvc.us | - | High
18 | [23.227.196.215](https://vuldb.com/?ip.23.227.196.215) | 23-227-196-215.static.hvvc.us | - | High
19 | [23.227.196.217](https://vuldb.com/?ip.23.227.196.217) | 23-227-196-217.static.hvvc.us | - | High
20 | [24.11.70.85](https://vuldb.com/?ip.24.11.70.85) | c-24-11-70-85.hsd1.ut.comcast.net | - | High
21 | [24.142.165.2](https://vuldb.com/?ip.24.142.165.2) | 024-142-165-002.biz.spectrum.com | CVE-2023-23397 | High
22 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | - | High
23 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | - | High
24 | [31.220.43.99](https://vuldb.com/?ip.31.220.43.99) | - | Sednit | High
25 | [31.220.61.251](https://vuldb.com/?ip.31.220.61.251) | - | - | High
26 | [37.191.122.186](https://vuldb.com/?ip.37.191.122.186) | no-reverse-dns.metronet-uk.com | - | High
27 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | - | High
28 | [42.98.5.225](https://vuldb.com/?ip.42.98.5.225) | 42-98-5-225.static.netvigator.com | CVE-2023-23397 | High
29 | [45.32.129.185](https://vuldb.com/?ip.45.32.129.185) | 45.32.129.185.vultr.com | - | Medium
30 | [45.32.227.21](https://vuldb.com/?ip.45.32.227.21) | 45.32.227.21.mobiltel.mx | - | High
31 | [45.64.105.23](https://vuldb.com/?ip.45.64.105.23) | - | - | High
32 | [45.83.90.11](https://vuldb.com/?ip.45.83.90.11) | - | CVE-2023-23397 | High
33 | [45.91.95.181](https://vuldb.com/?ip.45.91.95.181) | sks3.simoxap.xyz | CVE-2023-23397 | High
34 | [45.124.132.127](https://vuldb.com/?ip.45.124.132.127) | - | - | High
35 | [46.19.138.66](https://vuldb.com/?ip.46.19.138.66) | ab2.alchibasystems.in.net | - | High
36 | [46.21.147.55](https://vuldb.com/?ip.46.21.147.55) | 46-21-147-55.static.hvvc.us | - | High
37 | [46.21.147.71](https://vuldb.com/?ip.46.21.147.71) | 46-21-147-71.static.hvvc.us | - | High
38 | [46.21.147.76](https://vuldb.com/?ip.46.21.147.76) | 46-21-147-76.static.hvvc.us | - | High
39 | [46.148.17.227](https://vuldb.com/?ip.46.148.17.227) | - | - | High
40 | [46.166.162.90](https://vuldb.com/?ip.46.166.162.90) | - | Pawn Storm | High
41 | [46.183.217.74](https://vuldb.com/?ip.46.183.217.74) | ip-217-74.dataclub.info | Pawn Storm | High
42 | [50.173.136.70](https://vuldb.com/?ip.50.173.136.70) | c-50-173-136-70.unallocated.comcastbusiness.net | CVE-2023-23397 | High
43 | [51.38.128.110](https://vuldb.com/?ip.51.38.128.110) | vps-0a3489af.vps.ovh.net | - | High
44 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
45 | [51.254.158.57](https://vuldb.com/?ip.51.254.158.57) | - | - | High
46 | [54.37.104.106](https://vuldb.com/?ip.54.37.104.106) | piber.connectedlists.com | - | High
47 | [58.49.58.58](https://vuldb.com/?ip.58.49.58.58) | - | - | High
48 | [61.14.68.33](https://vuldb.com/?ip.61.14.68.33) | - | CVE-2023-23397 | High
49 | [61.68.76.111](https://vuldb.com/?ip.61.68.76.111) | 61-68-76-111.tpgi.com.au | - | High
50 | [62.4.36.126](https://vuldb.com/?ip.62.4.36.126) | - | CVE-2023-23397 | High
51 | [62.113.232.197](https://vuldb.com/?ip.62.113.232.197) | - | - | High
52 | [66.172.11.207](https://vuldb.com/?ip.66.172.11.207) | ip-66-172-11-207.chunkhost.com | Carberp | High
53 | [66.172.12.133](https://vuldb.com/?ip.66.172.12.133) | - | - | High
54 | [68.76.150.97](https://vuldb.com/?ip.68.76.150.97) | 68-76-150-97.lightspeed.hstntx.sbcglobal.net | - | High
55 | [69.12.73.174](https://vuldb.com/?ip.69.12.73.174) | 69.12.73.174.static.quadranet.com | Sednit | High
56 | [69.16.243.33](https://vuldb.com/?ip.69.16.243.33) | host.tecnode.com | - | High
57 | [69.28.64.137](https://vuldb.com/?ip.69.28.64.137) | - | - | High
58 | [69.51.2.106](https://vuldb.com/?ip.69.51.2.106) | - | CVE-2023-23397 | High
59 | [69.162.253.21](https://vuldb.com/?ip.69.162.253.21) | 69-162-253-21.utopiafiber.com | CVE-2023-23397 | High
60 | [70.85.221.10](https://vuldb.com/?ip.70.85.221.10) | server002.nilsson-it.dk | - | High
61 | [70.85.221.20](https://vuldb.com/?ip.70.85.221.20) | 14.dd.5546.static.theplanet.com | Pawn Storm | High
62 | [73.80.9.137](https://vuldb.com/?ip.73.80.9.137) | c-73-80-9-137.hsd1.nj.comcast.net | CVE-2023-23397 | High
63 | [74.124.219.71](https://vuldb.com/?ip.74.124.219.71) | biz242.inmotionhosting.com | - | High
64 | ... | ... | ... | ...
There are 243 more IOC items available. Please use our online service to access the data.
There are 250 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -103,8 +105,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-29 | Path Traversal | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-271, CWE-284 | Execution with Unnecessary Privileges | High
@ -125,44 +127,48 @@ ID | Type | Indicator | Confidence
5 | File | `/admin/clientview.php` | High
6 | File | `/admin/edit_teacher.php` | High
7 | File | `/admin/fields/manage_field.php` | High
8 | File | `/admin/orders/view_order.php` | High
9 | File | `/admin/regester.php` | High
10 | File | `/admin/update-clients.php` | High
11 | File | `/admin_ping.htm` | High
12 | File | `/admin_route/dec_service_credits.php` | High
13 | File | `/admin_route/inc_service_credits.php` | High
14 | File | `/api/cron/settings/setJob/` | High
15 | File | `/api/sys/set_passwd` | High
16 | File | `/api/v1/terminal/sessions/?limit=1` | High
17 | File | `/app/api/controller/default/Sqlite.php` | High
18 | File | `/application/index/controller/Databasesource.php` | High
19 | File | `/application/index/controller/Icon.php` | High
20 | File | `/application/index/controller/Screen.php` | High
21 | File | `/application/plugins/controller/Upload.php` | High
22 | File | `/apply.cgi` | Medium
23 | File | `/arch/x86/mm/cpu_entry_area.c` | High
24 | File | `/authenticationendpoint/login.do` | High
25 | File | `/bin/boa` | Medium
26 | File | `/boaform/device_reset.cgi` | High
27 | File | `/boafrm/formMapDelDevice` | High
28 | File | `/bsms_ci/index.php/user/edit_user/` | High
29 | File | `/cgi-bin/cstecgi.cgi` | High
30 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
31 | File | `/cgi-bin/koha/catalogue/search.pl` | High
32 | File | `/cgi-bin/mainfunction.cgi` | High
33 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
34 | File | `/cgi-bin/R14.2/easy1350.pl` | High
35 | File | `/cgi-bin/wlogin.cgi` | High
36 | File | `/clinic/disease_symptoms_view.php` | High
37 | File | `/config/getuser` | High
38 | File | `/core/redirect` | High
39 | File | `/dashboard/message` | High
40 | File | `/dashboard/snapshot/*?orgId=0` | High
41 | File | `/debug/pprof` | Medium
42 | File | `/DXR.axd` | Medium
43 | ... | ... | ...
8 | File | `/admin/index.php` | High
9 | File | `/admin/orders/view_order.php` | High
10 | File | `/admin/regester.php` | High
11 | File | `/admin/update-clients.php` | High
12 | File | `/admin/user/controller.php` | High
13 | File | `/admin_ping.htm` | High
14 | File | `/admin_route/dec_service_credits.php` | High
15 | File | `/admin_route/inc_service_credits.php` | High
16 | File | `/api/cron/settings/setJob/` | High
17 | File | `/api/sys/set_passwd` | High
18 | File | `/api/v1/terminal/sessions/?limit=1` | High
19 | File | `/app/api/controller/default/Sqlite.php` | High
20 | File | `/application/index/controller/Databasesource.php` | High
21 | File | `/application/index/controller/Icon.php` | High
22 | File | `/application/index/controller/Screen.php` | High
23 | File | `/application/plugins/controller/Upload.php` | High
24 | File | `/apply.cgi` | Medium
25 | File | `/apps/reg_go.php` | High
26 | File | `/arch/x86/mm/cpu_entry_area.c` | High
27 | File | `/authenticationendpoint/login.do` | High
28 | File | `/billing/bill/edit/` | High
29 | File | `/bin/boa` | Medium
30 | File | `/boaform/device_reset.cgi` | High
31 | File | `/boafrm/formMapDelDevice` | High
32 | File | `/bsms_ci/index.php/user/edit_user/` | High
33 | File | `/cgi-bin/cstecgi.cgi` | High
34 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
35 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
36 | File | `/cgi-bin/koha/catalogue/search.pl` | High
37 | File | `/cgi-bin/mainfunction.cgi` | High
38 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
39 | File | `/cgi-bin/R14.2/easy1350.pl` | High
40 | File | `/cgi-bin/system_mgr.cgi` | High
41 | File | `/cgi-bin/wlogin.cgi` | High
42 | File | `/classes/Login.php` | High
43 | File | `/classes/Users.php` | High
44 | File | `/config/getuser` | High
45 | File | `/core/redirect` | High
46 | File | `/dashboard/message` | High
47 | ... | ... | ...
There are 371 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 407 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -173,7 +179,11 @@ The following list contains _external sources_ which discuss the actor and the a
* https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/
* https://blog.sekoia.io/apt28-leverages-multiple-phishing-techniques-to-target-ukrainian-civil-society/
* https://cert.gov.ua/article/40102
* https://cert.gov.ua/article/4492467
* https://cert.gov.ua/article/4905829
* https://cert.gov.ua/article/5105791
* https://cert.gov.ua/article/5702579
* https://cert.gov.ua/article/6276894
* https://community.blueliv.com/#!/s/5f6b482482df413eb5350d3b
* https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf
* https://github.com/blackorbird/APT_REPORT/blob/master/APT28/IOC/2019-04-05-ioc-mark.txt

58
actors/APT29/README.md
View File

@ -70,14 +70,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 20 more TTP items available. Please use our online service to access the data.
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -95,32 +95,34 @@ ID | Type | Indicator | Confidence
8 | File | `/aux` | Low
9 | File | `/book-services.php` | High
10 | File | `/changePassword` | High
11 | File | `/Content/Template/root/reverse-shell.aspx` | High
12 | File | `/dashboard/add-blog.php` | High
13 | File | `/data/remove` | Medium
14 | File | `/debug/pprof` | Medium
15 | File | `/ecshop/admin/template.php` | High
16 | File | `/etc/passwd` | Medium
17 | File | `/forum/away.php` | High
18 | File | `/goform/net\_Web\_get_value` | High
19 | File | `/group1/uploa` | High
20 | File | `/index.php` | Medium
21 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
22 | File | `/novel/bookSetting/list` | High
23 | File | `/novel/userFeedback/list` | High
24 | File | `/owa/auth/logon.aspx` | High
25 | File | `/testConnection` | High
26 | File | `/tmp/ppd.trace` | High
27 | File | `/user/inc/workidajax.php` | High
28 | File | `/userLogin.asp` | High
29 | File | `/vm/admin/doctors.php` | High
30 | File | `Access.app/Contents/Resources/kcproxy` | High
31 | File | `acs.exe` | Low
32 | File | `action-visitor.php` | High
33 | File | `adclick.php` | Medium
34 | ... | ... | ...
11 | File | `/data/remove` | Medium
12 | File | `/debug/pprof` | Medium
13 | File | `/ecshop/admin/template.php` | High
14 | File | `/etc/passwd` | Medium
15 | File | `/forum/away.php` | High
16 | File | `/goform/net\_Web\_get_value` | High
17 | File | `/index.php` | Medium
18 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
19 | File | `/novel/bookSetting/list` | High
20 | File | `/novel/userFeedback/list` | High
21 | File | `/owa/auth/logon.aspx` | High
22 | File | `/product/savenewproduct.php?flag=1` | High
23 | File | `/testConnection` | High
24 | File | `/tmp/ppd.trace` | High
25 | File | `/user/inc/workidajax.php` | High
26 | File | `/userLogin.asp` | High
27 | File | `/vm/admin/doctors.php` | High
28 | File | `Access.app/Contents/Resources/kcproxy` | High
29 | File | `adclick.php` | Medium
30 | File | `addressbook.update.php` | High
31 | File | `admin.php` | Medium
32 | File | `admin/booking_report.php` | High
33 | File | `admin/index.php` | High
34 | File | `admin/page-login.php` | High
35 | File | `admin/partials/wp-splashing-admin-main.php` | High
36 | ... | ... | ...
There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

54
actors/APT3/README.md
View File

@ -43,7 +43,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
@ -75,32 +75,32 @@ ID | Type | Indicator | Confidence
17 | File | `/ctcprotocol/Protocol` | High
18 | File | `/dashboard/menu-list.php` | High
19 | File | `/data/remove` | Medium
20 | File | `/ebics-server/ebics.aspx` | High
21 | File | `/ffos/classes/Master.php?f=save_category` | High
22 | File | `/forum/away.php` | High
23 | File | `/goform/net\_Web\_get_value` | High
24 | File | `/goforms/rlminfo` | High
25 | File | `/GponForm/usb_restore_Form?script/` | High
26 | File | `/group1/uploa` | High
27 | File | `/hedwig.cgi` | Medium
28 | File | `/HNAP1` | Low
29 | File | `/HNAP1/SetClientInfo` | High
30 | File | `/Items/*/RemoteImages/Download` | High
31 | File | `/menu.html` | Medium
32 | File | `/modules/profile/index.php` | High
33 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
34 | File | `/navigate/navigate_download.php` | High
35 | File | `/ocwbs/admin/?page=user/manage_user` | High
36 | File | `/ofrs/admin/?page=user/manage_user` | High
37 | File | `/out.php` | Medium
38 | File | `/password.html` | High
39 | File | `/php_action/fetchSelectedUser.php` | High
40 | File | `/plugin` | Low
41 | File | `/property-list/property_view.php` | High
42 | File | `/ptms/classes/Users.php` | High
43 | File | `/resources//../` | High
44 | File | `/rest/api/2/search` | High
45 | File | `/s/` | Low
20 | File | `/debug/pprof` | Medium
21 | File | `/ebics-server/ebics.aspx` | High
22 | File | `/ffos/classes/Master.php?f=save_category` | High
23 | File | `/forum/away.php` | High
24 | File | `/goform/net\_Web\_get_value` | High
25 | File | `/goforms/rlminfo` | High
26 | File | `/GponForm/usb_restore_Form?script/` | High
27 | File | `/group1/uploa` | High
28 | File | `/hedwig.cgi` | Medium
29 | File | `/HNAP1` | Low
30 | File | `/HNAP1/SetClientInfo` | High
31 | File | `/Items/*/RemoteImages/Download` | High
32 | File | `/menu.html` | Medium
33 | File | `/modules/profile/index.php` | High
34 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
35 | File | `/navigate/navigate_download.php` | High
36 | File | `/ocwbs/admin/?page=user/manage_user` | High
37 | File | `/ofrs/admin/?page=user/manage_user` | High
38 | File | `/out.php` | Medium
39 | File | `/password.html` | High
40 | File | `/patient/appointment.php` | High
41 | File | `/php_action/fetchSelectedUser.php` | High
42 | File | `/plugin` | Low
43 | File | `/prescription/prescription/delete/` | High
44 | File | `/pro/common/download` | High
45 | File | `/property-list/property_view.php` | High
46 | ... | ... | ...
There are 395 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

4
actors/APT31/README.md
View File

@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23, CWE-29 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
@ -77,7 +77,7 @@ ID | Type | Indicator | Confidence
16 | File | `/usr/bin/pkexec` | High
17 | ... | ... | ...
There are 137 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 138 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/APT32/README.md
View File

@ -52,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...

4
actors/APT33/README.md
View File

@ -55,7 +55,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
@ -149,7 +149,7 @@ ID | Type | Indicator | Confidence
78 | File | `/h/` | Low
79 | ... | ... | ...
There are 692 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 691 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

18
actors/APT34/README.md
View File

@ -55,7 +55,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Path Traversal | High
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
@ -115,16 +115,16 @@ ID | Type | Indicator | Confidence
44 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
45 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
46 | File | `/chaincity/user/ticket/create` | High
47 | File | `/collection/all` | High
48 | File | `/common/info.cgi` | High
49 | File | `/core/conditions/AbstractWrapper.java` | High
50 | File | `/core/config-revisions` | High
51 | File | `/debug/pprof` | Medium
52 | File | `/dipam/athlete-profile.php` | High
53 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
47 | File | `/check_availability.php` | High
48 | File | `/collection/all` | High
49 | File | `/common/info.cgi` | High
50 | File | `/core/conditions/AbstractWrapper.java` | High
51 | File | `/core/config-revisions` | High
52 | File | `/debug/pprof` | Medium
53 | File | `/dipam/athlete-profile.php` | High
54 | ... | ... | ...
There are 472 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 474 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

4
actors/APT36/README.md
View File

@ -52,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | ... | ... | ... | ...
@ -114,7 +114,7 @@ ID | Type | Indicator | Confidence
48 | File | `/index.php` | Medium
49 | ... | ... | ...
There are 425 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 427 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/APT38/README.md
View File

@ -34,7 +34,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1055 | CWE-74 | Injection | High
1 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
2 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
3 | T1505 | CWE-89 | SQL Injection | High
4 | ... | ... | ... | ...

2
actors/APT39/README.md
View File

@ -42,7 +42,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | ... | ... | ... | ...

2
actors/APT41/README.md
View File

@ -64,7 +64,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
4 | ... | ... | ... | ...

44
actors/AcidPour/README.md Normal file
View File

@ -0,0 +1,44 @@
# AcidPour - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AcidPour](https://vuldb.com/?actor.acidpour). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.acidpour](https://vuldb.com/?actor.acidpour)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AcidPour:
* [IO](https://vuldb.com/?country.io)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AcidPour.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [185.61.137.155](https://vuldb.com/?ip.185.61.137.155) | non-2189.jadenook.com | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AcidPour_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1608.002 | CWE-434 | Incomplete Identification of Uploaded File Variables | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
actors/ActionRAT/README.md
View File

@ -32,7 +32,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | ... | ... | ... | ...

47
actors/AdvisorsBot/README.md
View File

@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
@ -69,32 +69,31 @@ ID | Type | Indicator | Confidence
18 | File | `/bin/ate` | Medium
19 | File | `/boat/login.php` | High
20 | File | `/booking/show_bookings/` | High
21 | File | `/bsms_ci/index.php/book` | High
22 | File | `/cgi-bin` | Medium
23 | File | `/cgi-bin/wlogin.cgi` | High
24 | File | `/changePassword` | High
25 | File | `/Content/Template/root/reverse-shell.aspx` | High
26 | File | `/dashboard/add-blog.php` | High
27 | File | `/data/remove` | Medium
28 | File | `/debug/pprof` | Medium
29 | File | `/ecshop/admin/template.php` | High
30 | File | `/env` | Low
31 | File | `/etc/passwd` | Medium
32 | File | `/forum/away.php` | High
21 | File | `/cgi-bin` | Medium
22 | File | `/cgi-bin/wlogin.cgi` | High
23 | File | `/changePassword` | High
24 | File | `/Content/Template/root/reverse-shell.aspx` | High
25 | File | `/dashboard/add-blog.php` | High
26 | File | `/data/remove` | Medium
27 | File | `/debug/pprof` | Medium
28 | File | `/ecshop/admin/template.php` | High
29 | File | `/env` | Low
30 | File | `/etc/passwd` | Medium
31 | File | `/forum/away.php` | High
32 | File | `/goform/net\_Web\_get_value` | High
33 | File | `/group1/uploa` | High
34 | File | `/index.php` | Medium
35 | File | `/medicines/profile.php` | High
36 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
37 | File | `/php-sms/admin/?page=user/manage_user` | High
38 | File | `/reservation/add_message.php` | High
39 | File | `/resources//../` | High
40 | File | `/spip.php` | Medium
41 | File | `/testConnection` | High
42 | File | `/tmp/ppd.trace` | High
43 | File | `/user/inc/workidajax.php` | High
44 | ... | ... | ...
35 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
36 | File | `/php-sms/admin/?page=user/manage_user` | High
37 | File | `/reservation/add_message.php` | High
38 | File | `/resources//../` | High
39 | File | `/testConnection` | High
40 | File | `/tmp/ppd.trace` | High
41 | File | `/user/inc/workidajax.php` | High
42 | File | `/user/updatePwd` | High
43 | ... | ... | ...
There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

18
actors/Adwind/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [RU](https://vuldb.com/?country.ru)
* ...
There are 21 more country items available. Please use our online service to access the data.
There are 22 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -49,15 +49,15 @@ ID | IP address | Hostname | Campaign | Confidence
26 | [45.147.231.41](https://vuldb.com/?ip.45.147.231.41) | - | - | High
27 | [46.20.33.76](https://vuldb.com/?ip.46.20.33.76) | - | - | High
28 | [46.183.220.114](https://vuldb.com/?ip.46.183.220.114) | ip-220-114.dataclub.info | - | High
29 | [46.183.223.64](https://vuldb.com/?ip.46.183.223.64) | ip-223-64.dataclub.info | - | High
30 | [50.7.199.164](https://vuldb.com/?ip.50.7.199.164) | - | - | High
31 | [51.254.21.25](https://vuldb.com/?ip.51.254.21.25) | ip25.ip-51-254-21.eu | - | High
32 | [65.99.225.111](https://vuldb.com/?ip.65.99.225.111) | hv36svg168.neubox.net | - | High
33 | [66.154.111.3](https://vuldb.com/?ip.66.154.111.3) | - | - | High
34 | [67.215.4.74](https://vuldb.com/?ip.67.215.4.74) | - | - | High
29 | [46.183.222.88](https://vuldb.com/?ip.46.183.222.88) | ip-222-88.dataclub.info | - | High
30 | [46.183.223.64](https://vuldb.com/?ip.46.183.223.64) | ip-223-64.dataclub.info | - | High
31 | [50.7.199.164](https://vuldb.com/?ip.50.7.199.164) | - | - | High
32 | [51.254.21.25](https://vuldb.com/?ip.51.254.21.25) | ip25.ip-51-254-21.eu | - | High
33 | [65.99.225.111](https://vuldb.com/?ip.65.99.225.111) | hv36svg168.neubox.net | - | High
34 | [66.154.111.3](https://vuldb.com/?ip.66.154.111.3) | - | - | High
35 | ... | ... | ... | ...
There are 135 more IOC items available. Please use our online service to access the data.
There are 136 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -66,7 +66,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-88, CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...

110
actors/Africa Unknown/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [GB](https://vuldb.com/?country.gb)
* [IL](https://vuldb.com/?country.il)
* ...
There are 13 more country items available. Please use our online service to access the data.
There are 17 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -3976,14 +3976,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-25 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
6 | ... | ... | ... | ...
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
5 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -3991,57 +3990,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/?setting-base.htm` | High
2 | File | `/admin/action/delete-vaccine.php` | High
3 | File | `/admin/borrow_add.php` | High
4 | File | `/admin/controller/JobLogController.java` | High
5 | File | `/admin/edit_teacher.php` | High
6 | File | `/admin/index2.html` | High
1 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
2 | File | `/Account/login.php` | High
3 | File | `/admin/` | Low
4 | File | `/admin/?setting-base.htm` | High
5 | File | `/admin/action/delete-vaccine.php` | High
6 | File | `/admin/list_resource_icon.php?action=delete` | High
7 | File | `/admin/pages/edit_chicken.php` | High
8 | File | `/admin/pages/student-print.php` | High
9 | File | `/admin/read.php?mudi=announContent` | High
10 | File | `/admin_route/inc_service_credits.php` | High
11 | File | `/api/trackedEntityInstances` | High
12 | File | `/api /v3/auth` | High
13 | File | `/api/v4/teams//channels/deleted` | High
14 | File | `/app/Http/Controllers/ImageController.php` | High
15 | File | `/aux` | Low
16 | File | `/b2b-supermarket/shopping-cart` | High
17 | File | `/bin/rc4_crypt` | High
18 | File | `/cgi-bin/cstecgi.cgi` | High
19 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
20 | File | `/cgi-bin/login.cgi` | High
21 | File | `/cgi-bin/luci/api/switch` | High
22 | File | `/cgi-bin/qcmap_auth` | High
23 | File | `/change-language/de_DE` | High
24 | File | `/config/getuser` | High
25 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
26 | File | `/core/admin/categories.php` | High
27 | File | `/cupseasylive/taxstructuredisplay.php` | High
28 | File | `/data/remove` | Medium
29 | File | `/debug/pprof` | Medium
30 | File | `/dede/sys_sql_query.php` | High
31 | File | `/devinfo` | Medium
32 | File | `/dist/index.js` | High
33 | File | `/etc/passwd` | Medium
34 | File | `/forum/away.php` | High
35 | File | `/goform/goform_get_cmd_process` | High
36 | File | `/hosts/firewall/ip` | High
37 | File | `/index.php` | Medium
38 | File | `/index.php/ccm/system/file/upload` | High
39 | File | `/Interface/DevManage/VM.php` | High
40 | File | `/log/decodmail.php` | High
41 | File | `/login` | Low
42 | File | `/logout` | Low
43 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
44 | File | `/oauth/idp/.well-known/openid-configuration` | High
45 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
46 | File | `/php/ping.php` | High
47 | File | `/register.do` | Medium
48 | File | `/register.php` | High
49 | ... | ... | ...
10 | File | `/adminapi/system/crud` | High
11 | File | `/adminapi/system/file/openfile` | High
12 | File | `/admin_route/dec_service_credits.php` | High
13 | File | `/admin_route/inc_service_credits.php` | High
14 | File | `/api/v4/teams//channels/deleted` | High
15 | File | `/app/Http/Controllers/ImageController.php` | High
16 | File | `/application/index/controller/Icon.php` | High
17 | File | `/assets/php/upload.php` | High
18 | File | `/cancel.php` | Medium
19 | File | `/category.php` | High
20 | File | `/cgi-bin/cstecgi.cgi` | High
21 | File | `/cgi-bin/login.cgi` | High
22 | File | `/cupseasylive/taxstructuredisplay.php` | High
23 | File | `/debug/pprof` | Medium
24 | File | `/dede/sys_sql_query.php` | High
25 | File | `/devinfo` | Medium
26 | File | `/download` | Medium
27 | File | `/edit.php` | Medium
28 | File | `/etc/passwd` | Medium
29 | File | `/forum/away.php` | High
30 | File | `/general/attendance/manage/ask_duty/delete.php` | High
31 | File | `/goform/net\_Web\_get_value` | High
32 | File | `/index.jsp#settings` | High
33 | File | `/index.php?pluginApp/to/yzOffice/getFile` | High
34 | File | `/Interface/DevManage/VM.php` | High
35 | File | `/logout` | Low
36 | File | `/myprofile.php` | High
37 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
38 | File | `/protocol/index.php` | High
39 | File | `/public/admin/profile/update.html` | High
40 | File | `/Setting/change_password_save` | High
41 | File | `/signup.php` | Medium
42 | File | `/st_reg.php` | Medium
43 | File | `/supplier.php` | High
44 | File | `/system/role/list` | High
45 | File | `/system/traceLog/page` | High
46 | File | `/uploads/` | Medium
47 | File | `/uploads/tags.php` | High
48 | ... | ... | ...
There are 427 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 421 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

132
actors/Agent Tesla/README.md
View File

@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [RU](https://vuldb.com/?country.ru)
* ...
There are 23 more country items available. Please use our online service to access the data.
There are 25 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -40,16 +40,17 @@ ID | IP address | Hostname | Campaign | Confidence
10 | [34.154.74.85](https://vuldb.com/?ip.34.154.74.85) | 85.74.154.34.bc.googleusercontent.com | - | Medium
11 | [34.200.207.31](https://vuldb.com/?ip.34.200.207.31) | ec2-34-200-207-31.compute-1.amazonaws.com | - | Medium
12 | [37.19.196.108](https://vuldb.com/?ip.37.19.196.108) | unn-37-19-196-108.datapacket.com | - | High
13 | [43.230.131.138](https://vuldb.com/?ip.43.230.131.138) | srv1.nusadatacenter.com | - | High
14 | [45.33.8.30](https://vuldb.com/?ip.45.33.8.30) | 45-33-8-30.ip.linodeusercontent.com | - | High
15 | [45.142.215.180](https://vuldb.com/?ip.45.142.215.180) | connectoms.host | - | High
16 | [45.156.25.78](https://vuldb.com/?ip.45.156.25.78) | - | - | High
17 | [46.166.133.164](https://vuldb.com/?ip.46.166.133.164) | cybersubtitles.com | - | High
18 | [47.87.211.157](https://vuldb.com/?ip.47.87.211.157) | - | - | High
19 | [50.17.5.224](https://vuldb.com/?ip.50.17.5.224) | ec2-50-17-5-224.compute-1.amazonaws.com | - | Medium
20 | ... | ... | ... | ...
13 | [37.49.228.234](https://vuldb.com/?ip.37.49.228.234) | - | - | High
14 | [43.230.131.138](https://vuldb.com/?ip.43.230.131.138) | srv1.nusadatacenter.com | - | High
15 | [45.33.8.30](https://vuldb.com/?ip.45.33.8.30) | 45-33-8-30.ip.linodeusercontent.com | - | High
16 | [45.142.215.180](https://vuldb.com/?ip.45.142.215.180) | connectoms.host | - | High
17 | [45.156.25.78](https://vuldb.com/?ip.45.156.25.78) | - | - | High
18 | [46.166.133.164](https://vuldb.com/?ip.46.166.133.164) | cybersubtitles.com | - | High
19 | [47.87.211.157](https://vuldb.com/?ip.47.87.211.157) | - | - | High
20 | [50.17.5.224](https://vuldb.com/?ip.50.17.5.224) | ec2-50-17-5-224.compute-1.amazonaws.com | - | Medium
21 | ... | ... | ... | ...
There are 75 more IOC items available. Please use our online service to access the data.
There are 80 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -59,7 +60,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
@ -90,62 +91,59 @@ ID | Type | Indicator | Confidence
16 | File | `/apply.cgi` | Medium
17 | File | `/artist-display.php` | High
18 | File | `/be/erpc.php` | Medium
19 | File | `/bitrix/admin/ldap_server_edit.php` | High
20 | File | `/booking/show_bookings/` | High
21 | File | `/cgi-bin/ping.cgi` | High
22 | File | `/config/list` | Medium
23 | File | `/Controller/Ajaxfileupload.ashx` | High
24 | File | `/controller/Index.php` | High
25 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
26 | File | `/coreframe/app/order/admin/card.php` | High
27 | File | `/csms/?page=contact_us` | High
28 | File | `/dashboard/add-portfolio.php` | High
29 | File | `/dashboard/add-service.php` | High
30 | File | `/data/app` | Medium
31 | File | `/dede/group_store.php` | High
32 | File | `/dipam/athlete-profile.php` | High
33 | File | `/ecommerce/admin/category/controller.php` | High
34 | File | `/edit-db.php` | Medium
35 | File | `/etc/gsissh/sshd_config` | High
36 | File | `/etc/sudoers` | Medium
37 | File | `/forum/away.php` | High
38 | File | `/forum/PostPrivateMessage` | High
39 | File | `/forums.php?action=post` | High
40 | File | `/general/attendance/manage/ask_duty/delete.php` | High
41 | File | `/general/email/outbox/delete.php` | High
42 | File | `/goform/WifiBasicSet` | High
43 | File | `/include/chart_generator.php` | High
44 | File | `/index1.html` | Medium
45 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
46 | File | `/items/view_item.php` | High
47 | File | `/LEPTON_stable_2.2.2/upload/admins/media/index.php` | High
48 | File | `/lilac/main.php` | High
49 | File | `/list.php` | Medium
50 | File | `/login.php` | Medium
51 | File | `/login/index.php` | High
52 | File | `/mc` | Low
53 | File | `/mims/login.php` | High
54 | File | `/mkshop/Men/profile.php` | High
55 | File | `/module/admin_bp/add_application.php` | High
56 | File | `/module/report_event/index.php` | High
57 | File | `/modules/profile/index.php` | High
58 | File | `/Moosikay/order.php` | High
59 | File | `/news-portal-script/information.php` | High
60 | File | `/out.php` | Medium
61 | File | `/php-opos/index.php` | High
62 | File | `/preview.php` | Medium
63 | File | `/public/launchNewWindow.jsp` | High
64 | File | `/QueryView.php` | High
65 | File | `/RestAPI` | Medium
66 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
67 | File | `/royal_event/companyprofile.php` | High
68 | File | `/search.php` | Medium
69 | File | `/secure/QueryComponent!Default.jspa` | High
70 | File | `/see_more_details.php` | High
71 | File | `/server-status` | High
72 | ... | ... | ...
19 | File | `/bin/ate` | Medium
20 | File | `/bitrix/admin/ldap_server_edit.php` | High
21 | File | `/booking/show_bookings/` | High
22 | File | `/cgi-bin/ping.cgi` | High
23 | File | `/config/list` | Medium
24 | File | `/Controller/Ajaxfileupload.ashx` | High
25 | File | `/controller/Index.php` | High
26 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
27 | File | `/coreframe/app/order/admin/card.php` | High
28 | File | `/csms/?page=contact_us` | High
29 | File | `/dashboard/add-portfolio.php` | High
30 | File | `/dashboard/add-service.php` | High
31 | File | `/data/app` | Medium
32 | File | `/dede/group_store.php` | High
33 | File | `/dipam/athlete-profile.php` | High
34 | File | `/ecommerce/admin/category/controller.php` | High
35 | File | `/edit-db.php` | Medium
36 | File | `/etc/gsissh/sshd_config` | High
37 | File | `/etc/sudoers` | Medium
38 | File | `/forum/away.php` | High
39 | File | `/forum/PostPrivateMessage` | High
40 | File | `/forums.php?action=post` | High
41 | File | `/general/attendance/manage/ask_duty/delete.php` | High
42 | File | `/general/email/outbox/delete.php` | High
43 | File | `/goform/WifiBasicSet` | High
44 | File | `/include/chart_generator.php` | High
45 | File | `/index1.html` | Medium
46 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
47 | File | `/items/view_item.php` | High
48 | File | `/LEPTON_stable_2.2.2/upload/admins/media/index.php` | High
49 | File | `/lilac/main.php` | High
50 | File | `/list.php` | Medium
51 | File | `/login.php` | Medium
52 | File | `/login/index.php` | High
53 | File | `/mc` | Low
54 | File | `/mims/login.php` | High
55 | File | `/mkshop/Men/profile.php` | High
56 | File | `/module/admin_bp/add_application.php` | High
57 | File | `/module/report_event/index.php` | High
58 | File | `/modules/profile/index.php` | High
59 | File | `/Moosikay/order.php` | High
60 | File | `/news-portal-script/information.php` | High
61 | File | `/out.php` | Medium
62 | File | `/php-opos/index.php` | High
63 | File | `/preview.php` | Medium
64 | File | `/public/launchNewWindow.jsp` | High
65 | File | `/QueryView.php` | High
66 | File | `/RestAPI` | Medium
67 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
68 | File | `/royal_event/companyprofile.php` | High
69 | ... | ... | ...
There are 631 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 605 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -154,6 +152,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://1275.ru/ioc/254/gs-002-agent-tesla-spyware-iocs/
* https://1275.ru/ioc/310/gs-032-agent-tesla-spyware-iocs/
* https://app.any.run/tasks/5f20b5d1-d039-48cb-8481-f3c451d8bcf0/#
* https://app.any.run/tasks/7a81253d-98e4-45d4-a009-098b7c19b992
* https://app.any.run/tasks/91b72945-2a21-4e9e-98c5-132ed8d15714/
* https://app.any.run/tasks/126973bd-0df8-408d-85ae-913ba5c53612/#
* https://asec.ahnlab.com/en/31083/
@ -191,6 +190,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://twitter.com/Tac_Mangusta/status/1659190159789916160
* https://www.cyber45.com
* https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant
* https://www.virustotal.com/gui/file/6ade497b4a45a2c4688ac69fe2ae146c721db3cf8d82df9b5ca40b4614ad62b7/relations
* https://www.zscaler.com/blogs/security-research/agent-tesla-rat-delivered-quantum-builder-new-ttps
* https://www.zscaler.com/blogs/security-research/threat-actors-exploit-cve-2017-11882-deliver-agent-tesla

8
actors/Agent.BTZ/README.md
View File

@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [FR](https://vuldb.com/?country.fr)
* [UA](https://vuldb.com/?country.ua)
* [ZW](https://vuldb.com/?country.zw)
* [SN](https://vuldb.com/?country.sn)
* ...
There are 2 more country items available. Please use our online service to access the data.
@ -34,9 +34,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1059 | CWE-94 | Cross Site Scripting | High
3 | T1068 | CWE-264, CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1059 | CWE-94 | Argument Injection | High
3 | T1068 | CWE-264, CWE-269 | Execution with Unnecessary Privileges | High
4 | ... | ... | ... | ...
There are 3 more TTP items available. Please use our online service to access the data.

6
actors/AgentTesla/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [CN](https://vuldb.com/?country.cn)
* ...
There are 1 more country items available. Please use our online service to access the data.
There are 3 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | ... | ... | ... | ...
@ -65,7 +65,7 @@ ID | Type | Indicator | Confidence
15 | File | `checklogin.php` | High
16 | ... | ... | ...
There are 125 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 127 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Alfonso Stealer/README.md
View File

@ -35,7 +35,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...

67
actors/Alien/README.md
View File

@ -161,13 +161,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-88, CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 16 more TTP items available. Please use our online service to access the data.
There are 17 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -175,40 +175,33 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin_ping.htm` | High
2 | File | `/app/index/controller/Common.php` | High
3 | File | `/application/index/controller/Databasesource.php` | High
4 | File | `/application/index/controller/Icon.php` | High
5 | File | `/application/index/controller/Screen.php` | High
6 | File | `/application/plugins/controller/Upload.php` | High
7 | File | `/boafrm/formMapDelDevice` | High
8 | File | `/cgi-bin/cstecgi.cgi` | High
9 | File | `/core/redirect` | High
10 | File | `/forum/away.php` | High
11 | File | `/goform/WifiMacFilterGet` | High
12 | File | `/goform/wifiSSIDset` | High
13 | File | `/index.php?app=main&func=passport&action=login` | High
14 | File | `/login` | Low
15 | File | `/obj/utilisateur.class.php` | High
16 | File | `/opt/fs/redisraft/deps/hiredis/alloc.c` | High
17 | File | `/public/login.htm` | High
18 | File | `/resources//../` | High
19 | File | `/SysInfo1.htm` | High
20 | File | `/travel-journal/write-journal.php` | High
21 | File | `/v1/sql-runner` | High
22 | File | `admin-ajax.php` | High
23 | File | `admin.php` | Medium
24 | File | `admin/inc/auth.inc.php` | High
25 | File | `admin/index.php` | High
26 | File | `afd.sys` | Low
27 | File | `ajax/telemetry.php` | High
28 | File | `app/plug/controller/giftcontroller.php` | High
29 | File | `apply.cgi` | Medium
30 | File | `articlesdetails.php` | High
31 | File | `AscoServer.exe` | High
32 | ... | ... | ...
1 | File | `/admin.php` | Medium
2 | File | `/admin/index.php` | High
3 | File | `/admin/list_ipAddressPolicy.php` | High
4 | File | `/admin/orders/view_order.php` | High
5 | File | `/api /v3/auth` | High
6 | File | `/apps/reg_go.php` | High
7 | File | `/billing/bill/edit/` | High
8 | File | `/bin/sh` | Low
9 | File | `/cgi-bin/cstecgi.cgi` | High
10 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
11 | File | `/cgi-bin/system_mgr.cgi` | High
12 | File | `/cgi-bin/wlogin.cgi` | High
13 | File | `/classes/Login.php` | High
14 | File | `/classes/Users.php` | High
15 | File | `/data/remove` | Medium
16 | File | `/Employer/EditProfile.php` | High
17 | File | `/goform/` | Medium
18 | File | `/goform/SetStaticRouteCfg` | High
19 | File | `/h/autoSaveDraft` | High
20 | File | `/home.php` | Medium
21 | File | `/Home/Index` | Medium
22 | File | `/index.php` | Medium
23 | File | `/member/chat.php` | High
24 | File | `/member/member_edit.php` | High
25 | ... | ... | ...
There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 213 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Allakore/README.md
View File

@ -32,7 +32,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | ... | ... | ... | ...

47
actors/Almaq/README.md Normal file
View File

@ -0,0 +1,47 @@
# Almaq - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Almaq](https://vuldb.com/?actor.almaq). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.almaq](https://vuldb.com/?actor.almaq)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Almaq:
* [US](https://vuldb.com/?country.us)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Almaq.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [41.44.220.146](https://vuldb.com/?ip.41.44.220.146) | host-41.44.220.146.tedata.net | - | High
2 | [150.200.11.101](https://vuldb.com/?ip.150.200.11.101) | - | - | High
3 | [156.196.225.40](https://vuldb.com/?ip.156.196.225.40) | host-156.196.40.225-static.tedata.net | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Almaq_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1505 | CWE-89 | SQL Injection | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://decoded.avast.io/romanalinkeova/whats-new-in-this-years-almanaq/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

113
actors/Amadey/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [GB](https://vuldb.com/?country.gb)
* [IL](https://vuldb.com/?country.il)
* ...
There are 20 more country items available. Please use our online service to access the data.
There are 18 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -69,9 +69,11 @@ ID | IP address | Hostname | Campaign | Confidence
46 | [49.12.117.51](https://vuldb.com/?ip.49.12.117.51) | static.51.117.12.49.clients.your-server.de | - | High
47 | [49.13.60.242](https://vuldb.com/?ip.49.13.60.242) | static.242.60.13.49.clients.your-server.de | - | High
48 | [51.15.226.0](https://vuldb.com/?ip.51.15.226.0) | 0-226-15-51.instances.scw.cloud | - | High
49 | ... | ... | ... | ...
49 | [51.81.69.127](https://vuldb.com/?ip.51.81.69.127) | ip127.ip-51-81-69.us | - | High
50 | [62.182.156.152](https://vuldb.com/?ip.62.182.156.152) | - | - | High
51 | ... | ... | ... | ...
There are 194 more IOC items available. Please use our online service to access the data.
There are 200 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -79,15 +81,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-425 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-36, CWE-425 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
7 | ... | ... | ... | ...
6 | ... | ... | ... | ...
There are 23 more TTP items available. Please use our online service to access the data.
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -95,52 +96,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
2 | File | `//proc/kcore` | Medium
3 | File | `/admin/action/delete-vaccine.php` | High
4 | File | `/admin/controller/JobLogController.java` | High
5 | File | `/admin/index2.html` | High
6 | File | `/admin_route/dec_service_credits.php` | High
7 | File | `/api/admin/system/store/order/list` | High
1 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
2 | File | `/Account/login.php` | High
3 | File | `/admin/` | Low
4 | File | `/admin/action/delete-vaccine.php` | High
5 | File | `/adminapi/system/crud` | High
6 | File | `/adminapi/system/file/openfile` | High
7 | File | `/admin_route/dec_service_credits.php` | High
8 | File | `/api/trackedEntityInstances` | High
9 | File | `/api/v4/teams//channels/deleted` | High
10 | File | `/app/index/controller/Common.php` | High
11 | File | `/aux` | Low
12 | File | `/b2b-supermarket/shopping-cart` | High
13 | File | `/change-language/de_DE` | High
14 | File | `/data/remove` | Medium
15 | File | `/debug/pprof` | Medium
16 | File | `/devinfo` | Medium
17 | File | `/dist/index.js` | High
18 | File | `/etc/passwd` | Medium
19 | File | `/forms/doLogin` | High
20 | File | `/forum/away.php` | High
21 | File | `/geoserver/gwc/rest.html` | High
22 | File | `/goform/formSysCmd` | High
23 | File | `/hosts/firewall/ip` | High
24 | File | `/index.php` | Medium
25 | File | `/index.php/ccm/system/file/upload` | High
26 | File | `/listplace/user/ticket/create` | High
27 | File | `/log/decodmail.php` | High
28 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
29 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
30 | File | `/novel/author/list` | High
31 | File | `/oauth/idp/.well-known/openid-configuration` | High
32 | File | `/php/ping.php` | High
33 | File | `/qsr_server/device/reboot` | High
34 | File | `/s/index.php?action=statistics` | High
35 | File | `/setting` | Medium
36 | File | `/spip.php` | Medium
37 | File | `/st_reg.php` | Medium
38 | File | `/supplier.php` | High
39 | File | `/system/role/list` | High
40 | File | `/testConnection` | High
41 | File | `/tmp/ppd.trace` | High
42 | File | `/TMS/admin/setting/mail/createorupdate` | High
43 | File | `/upload/ueditorConfig?action=config` | High
44 | ... | ... | ...
11 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
12 | File | `/aux` | Low
13 | File | `/b2b-supermarket/shopping-cart` | High
14 | File | `/cancel.php` | Medium
15 | File | `/category.php` | High
16 | File | `/cgi-bin/cstecgi.cgi` | High
17 | File | `/change-language/de_DE` | High
18 | File | `/data/remove` | Medium
19 | File | `/debug/pprof` | Medium
20 | File | `/devinfo` | Medium
21 | File | `/dist/index.js` | High
22 | File | `/download` | Medium
23 | File | `/etc/passwd` | Medium
24 | File | `/forms/doLogin` | High
25 | File | `/forum/away.php` | High
26 | File | `/goform/net\_Web\_get_value` | High
27 | File | `/hosts/firewall/ip` | High
28 | File | `/index.jsp#settings` | High
29 | File | `/index.php` | Medium
30 | File | `/index.php/ccm/system/file/upload` | High
31 | File | `/log/decodmail.php` | High
32 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
33 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
34 | File | `/novel/author/list` | High
35 | File | `/oauth/idp/.well-known/openid-configuration` | High
36 | File | `/php/ping.php` | High
37 | File | `/protocol/log/listloginfo.php` | High
38 | File | `/qsr_server/device/reboot` | High
39 | File | `/s/index.php?action=statistics` | High
40 | File | `/Setting/change_password_save` | High
41 | File | `/signup.php` | Medium
42 | File | `/src/dede/vote_edit.php` | High
43 | File | `/st_reg.php` | Medium
44 | File | `/supplier.php` | High
45 | ... | ... | ...
There are 377 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -161,6 +163,8 @@ The following list contains _external sources_ which discuss the actor and the a
* https://app.any.run/tasks/db77c945-c2ff-4e5f-9d37-b105606ed03b
* https://app.any.run/tasks/dd17daee-32a4-494b-b8d9-c5e6d5b03cae
* https://app.any.run/tasks/fe542fd3-fec4-468e-b9bf-48639f5e1d4a
* https://asec.ahnlab.com/en/47925/
* https://asec.ahnlab.com/en/50952/
* https://cofense.com/new-phishing-campaign-targets-u-s-taxpayers-dropping-amadey-botnet/
* https://exchange.xforce.ibmcloud.com/report/details/guid:ee0b820692aebf95a376e6deb70d0fa9
* https://ioc.exchange/@GustyDusty@infosec.exchange/110978626602393961
@ -240,10 +244,12 @@ The following list contains _external sources_ which discuss the actor and the a
* https://tracker.viriback.com/index.php?q=87.121.47.63
* https://tracker.viriback.com/index.php?q=88.218.60.230
* https://tracker.viriback.com/index.php?q=91.92.247.16
* https://tracker.viriback.com/index.php?q=91.92.251.16
* https://tracker.viriback.com/index.php?q=91.215.85.194
* https://tracker.viriback.com/index.php?q=94.142.138.182
* https://tracker.viriback.com/index.php?q=95.141.41.12
* https://tracker.viriback.com/index.php?q=95.214.26.53
* https://tracker.viriback.com/index.php?q=147.45.47.35
* https://tracker.viriback.com/index.php?q=167.235.20.126
* https://tracker.viriback.com/index.php?q=176.113.115.253
* https://tracker.viriback.com/index.php?q=179.43.154.148
@ -267,11 +273,14 @@ The following list contains _external sources_ which discuss the actor and the a
* https://tracker.viriback.com/index.php?q=193.233.20.29
* https://tracker.viriback.com/index.php?q=193.233.20.36
* https://tracker.viriback.com/index.php?q=193.233.132.73
* https://tracker.viriback.com/index.php?q=194.87.71.43
* https://tracker.viriback.com/index.php?q=212.113.119.255
* https://tracker.viriback.com/index.php?q=212.118.43.106
* https://tracker.viriback.com/index.php?q=213.226.123.14
* https://tracker.viriback.com/index.php?q=213.226.123.16
* https://tria.ge/230730-23lybsbf53/behavioral2
* https://tria.ge/240324-x2sx2aac3w/behavioral1
* https://twitter.com/banthisguy9349/status/1769999255228367090
* https://urlhaus.abuse.ch/url/2739361/
## Literature

2
actors/Andorra Unknown/README.md
View File

@ -44,7 +44,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...

79
actors/Anguilla Unknown/README.md
View File

@ -38,9 +38,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
@ -83,42 +83,43 @@ ID | Type | Indicator | Confidence
29 | File | `/recordings/index.php` | High
30 | File | `/see_more_details.php` | High
31 | File | `/show_news.php` | High
32 | File | `/tmp/before` | Medium
33 | File | `/uncpath/` | Medium
34 | File | `/updownload/t.report` | High
35 | File | `/user.profile.php` | High
36 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
37 | File | `/wordpress/wp-admin/options-general.php` | High
38 | File | `/wp-admin` | Medium
39 | File | `/wp-admin/admin-ajax.php` | High
40 | File | `4.2.0.CP09` | Medium
41 | File | `account.asp` | Medium
42 | File | `adclick.php` | Medium
43 | File | `adm/systools.asp` | High
44 | File | `admin.php` | Medium
45 | File | `admin/admin.shtml` | High
46 | File | `Admin/ADM_Pagina.php` | High
47 | File | `admin/category.inc.php` | High
48 | File | `admin/main.asp` | High
49 | File | `admin/param/param_func.inc.php` | High
50 | File | `admin/y_admin.asp` | High
51 | File | `adminer.php` | Medium
52 | File | `administration/admins.php` | High
53 | File | `administrator/components/com_media/helpers/media.php` | High
54 | File | `admin_ok.asp` | Medium
55 | File | `album_portal.php` | High
56 | File | `app/Core/Paginator.php` | High
57 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
58 | File | `artlinks.dispnew.php` | High
59 | File | `auth.php` | Medium
60 | File | `awstats.pl` | Medium
61 | File | `bin/named/query.c` | High
62 | File | `blank.php` | Medium
63 | File | `blocklayered-ajax.php` | High
64 | File | `blogger-importer.php` | High
65 | ... | ... | ...
32 | File | `/student/bookdetails.php` | High
33 | File | `/tmp/before` | Medium
34 | File | `/uncpath/` | Medium
35 | File | `/updownload/t.report` | High
36 | File | `/user.profile.php` | High
37 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
38 | File | `/wordpress/wp-admin/options-general.php` | High
39 | File | `/wp-admin` | Medium
40 | File | `/wp-admin/admin-ajax.php` | High
41 | File | `4.2.0.CP09` | Medium
42 | File | `account.asp` | Medium
43 | File | `adclick.php` | Medium
44 | File | `adm/systools.asp` | High
45 | File | `admin.php` | Medium
46 | File | `admin/admin.shtml` | High
47 | File | `Admin/ADM_Pagina.php` | High
48 | File | `admin/category.inc.php` | High
49 | File | `admin/main.asp` | High
50 | File | `admin/param/param_func.inc.php` | High
51 | File | `admin/y_admin.asp` | High
52 | File | `adminer.php` | Medium
53 | File | `administration/admins.php` | High
54 | File | `administrator/components/com_media/helpers/media.php` | High
55 | File | `admin_ok.asp` | Medium
56 | File | `album_portal.php` | High
57 | File | `app/Core/Paginator.php` | High
58 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
59 | File | `artlinks.dispnew.php` | High
60 | File | `auth.php` | Medium
61 | File | `awstats.pl` | Medium
62 | File | `bin/named/query.c` | High
63 | File | `blank.php` | Medium
64 | File | `blocklayered-ajax.php` | High
65 | File | `blogger-importer.php` | High
66 | ... | ... | ...
There are 567 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 577 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -138,4 +139,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

104
actors/Antarctica Unknown/README.md
View File

@ -44,14 +44,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-36, CWE-425 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
There are 21 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -60,52 +60,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
2 | File | `/admin/save.php` | High
3 | File | `/admin/sys_sql_query.php` | High
4 | File | `/api/baskets/{name}` | High
5 | File | `/api/download` | High
6 | File | `/api/v1/alerts` | High
7 | File | `/api/v1/terminal/sessions/?limit=1` | High
8 | File | `/b2b-supermarket/shopping-cart` | High
9 | File | `/bitrix/admin/ldap_server_edit.php` | High
10 | File | `/category.php` | High
11 | File | `/categorypage.php` | High
12 | File | `/category_view.php` | High
13 | File | `/cgi-bin/luci/api/wireless` | High
14 | File | `/cgi-bin/vitogate.cgi` | High
15 | File | `/company/store` | High
16 | File | `/Content/Template/root/reverse-shell.aspx` | High
17 | File | `/Controller/Ajaxfileupload.ashx` | High
18 | File | `/core/conditions/AbstractWrapper.java` | High
19 | File | `/debug/pprof` | Medium
20 | File | `/etc/passwd` | Medium
21 | File | `/fcgi/scrut_fcgi.fcgi` | High
22 | File | `/forum/away.php` | High
23 | File | `/geoserver/gwc/rest.html` | High
24 | File | `/goform/formSysCmd` | High
25 | File | `/h/` | Low
26 | File | `/HNAP1` | Low
27 | File | `/hosts/firewall/ip` | High
28 | File | `/inc/jquery/uploadify/uploadify.php` | High
29 | File | `/index.php/ccm/system/file/upload` | High
30 | File | `/index.php?app=main&func=passport&action=login` | High
31 | File | `/index.php?page=category_list` | High
32 | File | `/jeecg-boot/sys/common/upload` | High
33 | File | `/jobinfo/` | Medium
34 | File | `/oauth/idp/.well-known/openid-configuration` | High
35 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
36 | File | `/php/ping.php` | High
37 | File | `/PreviewHandler.ashx` | High
38 | File | `/proxy` | Low
39 | File | `/recipe-result` | High
40 | File | `/register.do` | Medium
41 | File | `/RPS2019Service/status.html` | High
42 | File | `/Service/ImageStationDataService.asmx` | High
43 | File | `/setting` | Medium
44 | File | `/sicweb-ajax/tmproot/` | High
45 | ... | ... | ...
2 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
3 | File | `/Account/login.php` | High
4 | File | `/admin/` | Low
5 | File | `/admin/save.php` | High
6 | File | `/adminapi/system/crud` | High
7 | File | `/adminapi/system/file/openfile` | High
8 | File | `/admin_route/dec_service_credits.php` | High
9 | File | `/api/baskets/{name}` | High
10 | File | `/api/download` | High
11 | File | `/api/v1/alerts` | High
12 | File | `/api/v1/terminal/sessions/?limit=1` | High
13 | File | `/api/v4/teams//channels/deleted` | High
14 | File | `/b2b-supermarket/shopping-cart` | High
15 | File | `/cancel.php` | Medium
16 | File | `/category.php` | High
17 | File | `/categorypage.php` | High
18 | File | `/category_view.php` | High
19 | File | `/cgi-bin/cstecgi.cgi` | High
20 | File | `/cgi-bin/luci/api/wireless` | High
21 | File | `/cgi-bin/vitogate.cgi` | High
22 | File | `/change-language/de_DE` | High
23 | File | `/Content/Template/root/reverse-shell.aspx` | High
24 | File | `/core/conditions/AbstractWrapper.java` | High
25 | File | `/debug/pprof` | Medium
26 | File | `/devinfo` | Medium
27 | File | `/dist/index.js` | High
28 | File | `/download` | Medium
29 | File | `/fcgi/scrut_fcgi.fcgi` | High
30 | File | `/forum/away.php` | High
31 | File | `/geoserver/gwc/rest.html` | High
32 | File | `/goform/formSysCmd` | High
33 | File | `/HNAP1` | Low
34 | File | `/hosts/firewall/ip` | High
35 | File | `/index.jsp#settings` | High
36 | File | `/index.php/ccm/system/file/upload` | High
37 | File | `/jeecg-boot/sys/common/upload` | High
38 | File | `/log/decodmail.php` | High
39 | File | `/oauth/idp/.well-known/openid-configuration` | High
40 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
41 | File | `/php/ping.php` | High
42 | File | `/proxy` | Low
43 | File | `/register.do` | Medium
44 | File | `/RPS2019Service/status.html` | High
45 | File | `/s/index.php?action=statistics` | High
46 | File | `/setting` | Medium
47 | File | `/Setting/change_password_save` | High
48 | File | `/sicweb-ajax/tmproot/` | High
49 | ... | ... | ...
There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 425 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -123,4 +127,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

4
actors/Antibot.pw/README.md
View File

@ -32,7 +32,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1055 | CWE-74 | Injection | High
2 | T1059 | CWE-94 | Cross Site Scripting | High
2 | T1059 | CWE-94 | Argument Injection | High
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
4 | ... | ... | ... | ...
@ -67,4 +67,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

68
actors/AnyDesk/README.md Normal file
View File

@ -0,0 +1,68 @@
# AnyDesk - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AnyDesk](https://vuldb.com/?actor.anydesk). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.anydesk](https://vuldb.com/?actor.anydesk)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AnyDesk:
* [RU](https://vuldb.com/?country.ru)
* [US](https://vuldb.com/?country.us)
* [TK](https://vuldb.com/?country.tk)
* ...
There are 1 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AnyDesk.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [52.89.196.49](https://vuldb.com/?ip.52.89.196.49) | ec2-52-89-196-49.us-west-2.compute.amazonaws.com | - | Medium
2 | [185.29.9.162](https://vuldb.com/?ip.185.29.9.162) | se1.encryptedconnection.info | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AnyDesk_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
3 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
4 | ... | ... | ... | ...
There are 8 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AnyDesk. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/goform/SetNetControlList` | High
2 | File | `/index.php/newsletter/subscriber/new/` | High
3 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
4 | ... | ... | ...
There are 19 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
actors/Aoqin Dragon/README.md
View File

@ -36,9 +36,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...

2
actors/Ares/README.md
View File

@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
5 | ... | ... | ... | ...

5
actors/AresLoader/README.md
View File

@ -17,7 +17,9 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [193.233.134.57](https://vuldb.com/?ip.193.233.134.57) | instance25143.waicore.network | - | High
1 | [45.80.69.193](https://vuldb.com/?ip.45.80.69.193) | - | - | High
2 | [193.168.49.8](https://vuldb.com/?ip.193.168.49.8) | - | - | High
3 | [193.233.134.57](https://vuldb.com/?ip.193.233.134.57) | instance25143.waicore.network | - | High
## TTP - Tactics, Techniques, Procedures
@ -41,6 +43,7 @@ ID | Type | Indicator | Confidence
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://app.any.run/tasks/8533cc82-138a-4971-8bcf-a36656a14278
* https://cyble.com/blog/citrix-users-at-risk-aresloader-spreading-through-disguised-gitlab-repo/
## Literature

14
actors/Arid Viper/README.md
View File

@ -54,15 +54,15 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `addguest.cgi` | Medium
2 | File | `add_comment.php` | High
3 | File | `admin/index.php` | High
4 | File | `api_jsonrpc.php` | High
5 | File | `cloud.php` | Medium
6 | File | `data/gbconfiguration.dat` | High
1 | File | `/forum/away.php` | High
2 | File | `addguest.cgi` | Medium
3 | File | `add_comment.php` | High
4 | File | `admin/index.php` | High
5 | File | `api_jsonrpc.php` | High
6 | File | `cloud.php` | Medium
7 | ... | ... | ...
There are 43 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 45 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Arkei Stealer/README.md
View File

@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-24 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High

2
actors/Arkei/README.md
View File

@ -60,7 +60,7 @@ ID | Type | Indicator | Confidence
8 | File | `act.php` | Low
9 | ... | ... | ...
There are 66 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 67 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

8
actors/Armor Piercer/README.md
View File

@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Armor Piercer:
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [RU](https://vuldb.com/?country.ru)
* ...
There are 3 more country items available. Please use our online service to access the data.
There are 4 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -35,7 +35,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | ... | ... | ... | ...
@ -59,7 +59,7 @@ ID | Type | Indicator | Confidence
10 | File | `/sysinfo_json.cgi` | High
11 | ... | ... | ...
There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 81 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Aruba Unknown/README.md
View File

@ -45,7 +45,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...

125
actors/Asia Unknown/README.md
View File

@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Asia Unknown:
* [VN](https://vuldb.com/?country.vn)
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [VN](https://vuldb.com/?country.vn)
* ...
There are 23 more country items available. Please use our online service to access the data.
There are 19 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -24961,13 +24961,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | ... | ... | ... | ...
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29 | Path Traversal | High
2 | T1055 | CWE-74, CWE-643 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
6 | ... | ... | ... | ...
There are 17 more TTP items available. Please use our online service to access the data.
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -24975,40 +24976,82 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/Account/login.php` | High
2 | File | `/admin/` | Low
3 | File | `/admin/app/product.php` | High
4 | File | `/admin/app/profile_crud.php` | High
5 | File | `/admin/app/service_crud.php` | High
6 | File | `/admin/edit-admin.php` | High
7 | File | `/admin/edit_categories.php` | High
8 | File | `/admin/edit_supplier.php` | High
9 | File | `/admin/index2.html` | High
10 | File | `/admin/list_ipAddressPolicy.php` | High
11 | File | `/admin/list_localuser.php` | High
12 | File | `/admin/login.php` | High
13 | File | `/Admin/login.php` | High
14 | File | `/admin/operations/expense_category.php` | High
15 | File | `/admin/orders/view_order.php` | High
16 | File | `/adminapi/system/crud` | High
17 | File | `/adminapi/system/file/openfile` | High
18 | File | `/api /v3/auth` | High
19 | File | `/app/ajax/search_sales_report.php` | High
20 | File | `/app/controller/Setup.php` | High
21 | File | `/application/index/controller/Databasesource.php` | High
22 | File | `/application/index/controller/File.php` | High
23 | File | `/application/index/controller/Icon.php` | High
24 | File | `/application/index/controller/Screen.php` | High
25 | File | `/application/index/controller/Unity.php` | High
26 | File | `/application/websocket/controller/Setting.php` | High
27 | File | `/cancel.php` | Medium
28 | File | `/cgi-bin/cstecgi.cgi` | High
29 | File | `/common/dict/list` | High
30 | File | `/dashboard/Cinvoice/manage_invoice` | High
31 | File | `/dashboard/message` | High
32 | ... | ... | ...
1 | File | `/add_classes.php` | High
2 | File | `/add_members.php` | High
3 | File | `/admin.php` | Medium
4 | File | `/admin/aboutus.php` | High
5 | File | `/admin/action/add_con.php` | High
6 | File | `/admin/action/delete-vaccine.php` | High
7 | File | `/admin/action/update-deworm.php` | High
8 | File | `/Admin/add-admin.php` | High
9 | File | `/admin/admin-profile.php` | High
10 | File | `/admin/admin.php` | High
11 | File | `/admin/applicants/controller.php` | High
12 | File | `/admin/applicants/index.php` | High
13 | File | `/admin/application-bwdates-reports-details.php` | High
14 | File | `/admin/bookdate.php` | High
15 | File | `/admin/booking-bwdates-reports-details.php` | High
16 | File | `/admin/booking-search.php` | High
17 | File | `/admin/booktime.php` | High
18 | File | `/admin/category/controller.php` | High
19 | File | `/admin/category/index.php` | High
20 | File | `/admin/communitymanagement.php` | High
21 | File | `/admin/company/controller.php` | High
22 | File | `/admin/company/index.php` | High
23 | File | `/admin/contact-us.php` | High
24 | File | `/admin/contactus.php` | High
25 | File | `/admin/employee/controller.php` | High
26 | File | `/admin/employee/index.php` | High
27 | File | `/admin/forgot-password.php` | High
28 | File | `/admin/index.php` | High
29 | File | `/admin/list_resource_icon.php?action=delete` | High
30 | File | `/admin/login.php` | High
31 | File | `/admin/maintenance/manage_category.php` | High
32 | File | `/admin/manage-students.php` | High
33 | File | `/admin/menu/toEdit` | High
34 | File | `/admin/operations/expense_category.php` | High
35 | File | `/admin/pages/edit_chicken.php` | High
36 | File | `/admin/pages/student-print.php` | High
37 | File | `/admin/pages/update_go.php` | High
38 | File | `/admin/search.php` | High
39 | File | `/admin/singlelogin.php` | High
40 | File | `/admin/success_story.php` | High
41 | File | `/admin/user-search.php` | High
42 | File | `/admin/user/controller.php` | High
43 | File | `/admin/user/index.php` | High
44 | File | `/admin/users.php` | High
45 | File | `/admin/vacancy/controller.php` | High
46 | File | `/admin/vacancy/index.php` | High
47 | File | `/adminpanel/admin/facebox_modal/updateCourse.php` | High
48 | File | `/adminpanel/admin/facebox_modal/updateExaminee.php` | High
49 | File | `/admin_route/dec_service_credits.php` | High
50 | File | `/admin_route/inc_service_credits.php` | High
51 | File | `/api.php` | Medium
52 | File | `/api/client/editemedia.php` | High
53 | File | `/api/sys/login` | High
54 | File | `/api/sys/set_passwd` | High
55 | File | `/api/v1/toolbox/device/update/swap` | High
56 | File | `/app/admin/controller/Upload.php` | High
57 | File | `/app/Http/Controllers/ImageController.php` | High
58 | File | `/app/index/controller/Common.php` | High
59 | File | `/application/index/common.php` | High
60 | File | `/application/index/controller/Databasesource.php` | High
61 | File | `/application/index/controller/Datament.php` | High
62 | File | `/application/index/controller/File.php` | High
63 | File | `/application/index/controller/Icon.php` | High
64 | File | `/application/index/controller/Screen.php` | High
65 | File | `/application/index/controller/Service.php` | High
66 | File | `/application/index/controller/Unity.php` | High
67 | File | `/application/pay/controller/Api.php` | High
68 | File | `/application/plugins/controller/Upload.php` | High
69 | File | `/application/websocket/controller/Setting.php` | High
70 | File | `/apply/index.php` | High
71 | File | `/apps/login_auth.php` | High
72 | File | `/apps/system/router/upload.go` | High
73 | File | `/billing/bill/edit/` | High
74 | ... | ... | ...
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 649 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/AsynRAT/README.md
View File

@ -25,7 +25,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | ... | ... | ... | ...

1263
actors/AsyncRAT/README.md
View File

File diff suppressed because it is too large Load Diff

13
actors/Atomic Stealer/README.md
View File

@ -44,13 +44,14 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/display/map` | Medium
2 | File | `/forum/away.php` | High
3 | File | `/oauth/idp/.well-known/openid-configuration` | High
4 | File | `/qsr_server/device/reboot` | High
5 | ... | ... | ...
1 | File | `/admin/manage-ambulance.php` | High
2 | File | `/display/map` | Medium
3 | File | `/forum/away.php` | High
4 | File | `/oauth/idp/.well-known/openid-configuration` | High
5 | File | `/protocol/log/listloginfo.php` | High
6 | ... | ... | ...
There are 27 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 35 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

4
actors/Aurora Stealer/README.md
View File

@ -92,7 +92,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-88, CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
@ -154,7 +154,7 @@ ID | Type | Indicator | Confidence
47 | File | `bl-kernel/ajax/upload-images.php` | High
48 | ... | ... | ...
There are 414 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 417 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

100
actors/Austria Unknown/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [IL](https://vuldb.com/?country.il)
* ...
There are 26 more country items available. Please use our online service to access the data.
There are 27 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -1150,9 +1150,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36, CWE-425 | Path Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
@ -1173,54 +1173,56 @@ ID | Type | Indicator | Confidence
6 | File | `/admin/action/delete-vaccine.php` | High
7 | File | `/admin/action/new-father.php` | High
8 | File | `/admin/add-category.php` | High
9 | File | `/admin/add-services.php` | High
9 | File | `/admin/app/service_crud.php` | High
10 | File | `/admin/borrow_add.php` | High
11 | File | `/admin/edit_teacher.php` | High
12 | File | `/admin/pages/edit_chicken.php` | High
13 | File | `/admin/pages/student-print.php` | High
14 | File | `/adminapi/system/crud` | High
15 | File | `/adminapi/system/file/openfile` | High
16 | File | `/admin_route/dec_service_credits.php` | High
17 | File | `/admin_route/inc_service_credits.php` | High
18 | File | `/api/v4/teams//channels/deleted` | High
19 | File | `/app/Http/Controllers/ImageController.php` | High
20 | File | `/application/index/controller/Icon.php` | High
21 | File | `/application/index/controller/Screen.php` | High
22 | File | `/application/websocket/controller/Setting.php` | High
23 | File | `/b2b-supermarket/shopping-cart` | High
24 | File | `/bin/boa` | Medium
25 | File | `/boafrm/formMapDelDevice` | High
26 | File | `/cgi-bin/cstecgi.cgi` | High
27 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
28 | File | `/change-language/de_DE` | High
29 | File | `/debug/pprof` | Medium
30 | File | `/devinfo` | Medium
31 | File | `/dist/index.js` | High
32 | File | `/endpoint/delete-computer.php` | High
33 | File | `/endpoint/update-tracker.php` | High
34 | File | `/forum/away.php` | High
35 | File | `/general/attendance/manage/ask_duty/delete.php` | High
36 | File | `/geoserver/gwc/rest.html` | High
37 | File | `/goform/formSysCmd` | High
38 | File | `/hedwig.cgi` | Medium
39 | File | `/HNAP1/` | Low
40 | File | `/hosts/firewall/ip` | High
41 | File | `/index.jsp#settings` | High
42 | File | `/index.php/ccm/system/file/upload` | High
43 | File | `/Interface/DevManage/VM.php` | High
44 | File | `/log/decodmail.php` | High
45 | File | `/login` | Low
46 | File | `/oauth/idp/.well-known/openid-configuration` | High
47 | File | `/php/ping.php` | High
48 | File | `/register.do` | Medium
49 | File | `/register.php` | High
50 | File | `/s/index.php?action=statistics` | High
51 | File | `/setting` | Medium
52 | File | `/showfile.php` | High
53 | File | `/signup.php` | Medium
54 | ... | ... | ...
11 | File | `/admin/edit-admin.php` | High
12 | File | `/admin/edit_teacher.php` | High
13 | File | `/Admin/login.php` | High
14 | File | `/admin/pages/edit_chicken.php` | High
15 | File | `/admin/pages/student-print.php` | High
16 | File | `/adminapi/system/crud` | High
17 | File | `/adminapi/system/file/openfile` | High
18 | File | `/admin_route/dec_service_credits.php` | High
19 | File | `/admin_route/inc_service_credits.php` | High
20 | File | `/api/v4/teams//channels/deleted` | High
21 | File | `/app/admin/controller/Upload.php` | High
22 | File | `/app/ajax/search_sales_report.php` | High
23 | File | `/app/controller/Setup.php` | High
24 | File | `/app/Http/Controllers/ImageController.php` | High
25 | File | `/app/middleware/TokenVerify.php` | High
26 | File | `/application/index/controller/Icon.php` | High
27 | File | `/application/index/controller/Screen.php` | High
28 | File | `/application/websocket/controller/Setting.php` | High
29 | File | `/b2b-supermarket/shopping-cart` | High
30 | File | `/bin/boa` | Medium
31 | File | `/boafrm/formMapDelDevice` | High
32 | File | `/cancel.php` | Medium
33 | File | `/category.php` | High
34 | File | `/cgi-bin/cstecgi.cgi` | High
35 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
36 | File | `/change-language/de_DE` | High
37 | File | `/debug/pprof` | Medium
38 | File | `/devinfo` | Medium
39 | File | `/dist/index.js` | High
40 | File | `/download` | Medium
41 | File | `/Employer/EditProfile.php` | High
42 | File | `/Employer/ManageWalkin.php` | High
43 | File | `/endpoint/add-faq.php` | High
44 | File | `/endpoint/delete-computer.php` | High
45 | File | `/endpoint/update-resident.php` | High
46 | File | `/endpoint/update-tracker.php` | High
47 | File | `/forum/away.php` | High
48 | File | `/general/attendance/manage/ask_duty/delete.php` | High
49 | File | `/goform/formSysCmd` | High
50 | File | `/hedwig.cgi` | Medium
51 | File | `/HNAP1/` | Low
52 | File | `/hosts/firewall/ip` | High
53 | File | `/index.jsp#settings` | High
54 | File | `/index.php/ccm/system/file/upload` | High
55 | File | `/Interface/DevManage/VM.php` | High
56 | ... | ... | ...
There are 467 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 489 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Autoit/README.md
View File

@ -41,7 +41,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...

103
actors/Ave Maria/README.md
View File

@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [GB](https://vuldb.com/?country.gb)
* [LA](https://vuldb.com/?country.la)
* ...
There are 22 more country items available. Please use our online service to access the data.
@ -250,9 +250,10 @@ ID | IP address | Hostname | Campaign | Confidence
227 | [46.3.199.112](https://vuldb.com/?ip.46.3.199.112) | - | - | High
228 | [46.21.147.99](https://vuldb.com/?ip.46.21.147.99) | 46-21-147-99.static.hvvc.us | - | High
229 | [46.101.159.120](https://vuldb.com/?ip.46.101.159.120) | - | - | High
230 | ... | ... | ... | ...
230 | [46.183.216.163](https://vuldb.com/?ip.46.183.216.163) | tagoe.lstartanalystconcepts.org.uk | - | High
231 | ... | ... | ... | ...
There are 918 more IOC items available. Please use our online service to access the data.
There are 920 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -262,12 +263,12 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36, CWE-425 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 20 more TTP items available. Please use our online service to access the data.
There are 19 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -277,35 +278,35 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
2 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
3 | File | `/.env` | Low
4 | File | `//proc/kcore` | Medium
5 | File | `/Account/login.php` | High
6 | File | `/admin/` | Low
7 | File | `/admin/action/delete-vaccine.php` | High
8 | File | `/admin/action/new-father.php` | High
9 | File | `/admin/app/service_crud.php` | High
10 | File | `/admin/edit-admin.php` | High
11 | File | `/admin/general.cgi` | High
12 | File | `/admin/index2.html` | High
13 | File | `/Admin/login.php` | High
14 | File | `/adminapi/system/crud` | High
15 | File | `/adminapi/system/file/openfile` | High
16 | File | `/admin_ping.htm` | High
17 | File | `/admin_route/dec_service_credits.php` | High
18 | File | `/api/admin/system/store/order/list` | High
19 | File | `/api/v4/teams//channels/deleted` | High
20 | File | `/app/admin/controller/Upload.php` | High
21 | File | `/app/ajax/search_sales_report.php` | High
22 | File | `/app/controller/Setup.php` | High
23 | File | `/app/index/controller/Common.php` | High
24 | File | `/app/middleware/TokenVerify.php` | High
25 | File | `/application/index/controller/Screen.php` | High
26 | File | `/application/index/controller/Service.php` | High
27 | File | `/application/websocket/controller/Setting.php` | High
28 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
29 | File | `/b2b-supermarket/shopping-cart` | High
30 | File | `/bin/boa` | Medium
31 | File | `/boafrm/formMapDelDevice` | High
3 | File | `//proc/kcore` | Medium
4 | File | `/Account/login.php` | High
5 | File | `/admin/` | Low
6 | File | `/admin/action/delete-vaccine.php` | High
7 | File | `/admin/action/new-father.php` | High
8 | File | `/admin/app/service_crud.php` | High
9 | File | `/admin/edit-admin.php` | High
10 | File | `/admin/general.cgi` | High
11 | File | `/admin/index2.html` | High
12 | File | `/Admin/login.php` | High
13 | File | `/adminapi/system/crud` | High
14 | File | `/adminapi/system/file/openfile` | High
15 | File | `/admin_ping.htm` | High
16 | File | `/admin_route/dec_service_credits.php` | High
17 | File | `/api/admin/system/store/order/list` | High
18 | File | `/api/v4/teams//channels/deleted` | High
19 | File | `/app/admin/controller/Upload.php` | High
20 | File | `/app/ajax/search_sales_report.php` | High
21 | File | `/app/controller/Setup.php` | High
22 | File | `/app/index/controller/Common.php` | High
23 | File | `/app/middleware/TokenVerify.php` | High
24 | File | `/application/index/controller/Screen.php` | High
25 | File | `/application/index/controller/Service.php` | High
26 | File | `/application/websocket/controller/Setting.php` | High
27 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
28 | File | `/b2b-supermarket/shopping-cart` | High
29 | File | `/bin/boa` | Medium
30 | File | `/boafrm/formMapDelDevice` | High
31 | File | `/cancel.php` | Medium
32 | File | `/category.php` | High
33 | File | `/cgi-bin/cstecgi.cgi` | High
34 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
@ -313,25 +314,25 @@ ID | Type | Indicator | Confidence
36 | File | `/debug/pprof` | Medium
37 | File | `/devinfo` | Medium
38 | File | `/dist/index.js` | High
39 | File | `/Employer/ManageWalkin.php` | High
40 | File | `/endpoint/add-faq.php` | High
41 | File | `/endpoint/delete-computer.php` | High
42 | File | `/endpoint/update-resident.php` | High
43 | File | `/endpoint/update-tracker.php` | High
44 | File | `/forms/doLogin` | High
45 | File | `/forum/away.php` | High
46 | File | `/goform/formSysCmd` | High
47 | File | `/hedwig.cgi` | Medium
48 | File | `/HNAP1/` | Low
49 | File | `/hosts/firewall/ip` | High
50 | File | `/index.jsp#settings` | High
51 | File | `/index.php/ccm/system/file/upload` | High
52 | File | `/log/decodmail.php` | High
53 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
54 | File | `/myprofile.php` | High
39 | File | `/download` | Medium
40 | File | `/Employer/ManageWalkin.php` | High
41 | File | `/endpoint/add-faq.php` | High
42 | File | `/endpoint/delete-computer.php` | High
43 | File | `/endpoint/update-resident.php` | High
44 | File | `/endpoint/update-tracker.php` | High
45 | File | `/forms/doLogin` | High
46 | File | `/forum/away.php` | High
47 | File | `/goform/formSysCmd` | High
48 | File | `/hedwig.cgi` | Medium
49 | File | `/HNAP1/` | Low
50 | File | `/hosts/firewall/ip` | High
51 | File | `/index.jsp#settings` | High
52 | File | `/index.php/ccm/system/file/upload` | High
53 | File | `/log/decodmail.php` | High
54 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
55 | ... | ... | ...
There are 481 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 480 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

74
actors/AveMaria/README.md
View File

@ -38,7 +38,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
@ -69,44 +69,44 @@ ID | Type | Indicator | Confidence
16 | File | `/application/plugins/controller/Upload.php` | High
17 | File | `/assets/components/gallery/connector.php` | High
18 | File | `/cgi-bin/cstecgi.cgi` | High
19 | File | `/classes/master.php?f=delete_order` | High
20 | File | `/course/filterRecords/` | High
21 | File | `/ctcprotocol/Protocol` | High
22 | File | `/device/device=140/tab=wifi/view` | High
23 | File | `/download/image` | High
24 | File | `/etc/sudoers` | Medium
25 | File | `/ext/collect/find_text.do` | High
26 | File | `/Forms/` | Low
27 | File | `/framework/modules/users/models/user.php` | High
28 | File | `/ghost/preview` | High
29 | File | `/HNAP1/SetAccessPointMode` | High
30 | File | `/index.php` | Medium
31 | File | `/mcategory.php` | High
32 | File | `/member/picture/album` | High
33 | File | `/mysql/api/diags.php` | High
34 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
35 | File | `/oauth/idp/.well-known/openid-configuration` | High
36 | File | `/phpcollab/users/edituser.php` | High
37 | File | `/plain` | Low
38 | File | `/products/details.asp` | High
39 | File | `/product_list.php` | High
40 | File | `/public/login.htm` | High
41 | File | `/replication` | Medium
42 | File | `/service/upload` | High
43 | File | `/services/details.asp` | High
44 | File | `/showfile.php` | High
45 | File | `/trx_addons/v2/get/sc_layout` | High
46 | File | `/uncpath/` | Medium
47 | File | `/upload/catalog/controller/account/password.php` | High
48 | File | `/usr/bin/pkexec` | High
49 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
50 | File | `/wbms/classes/Master.php?f=delete_client` | High
51 | File | `/web/api/app/Controller/HostController.php` | High
52 | File | `/WebMstr7/servlet/mstrWeb` | High
53 | File | `/wp-admin/admin-ajax.php` | High
19 | File | `/cgi-bin/wlogin.cgi` | High
20 | File | `/classes/master.php?f=delete_order` | High
21 | File | `/course/filterRecords/` | High
22 | File | `/ctcprotocol/Protocol` | High
23 | File | `/device/device=140/tab=wifi/view` | High
24 | File | `/download/image` | High
25 | File | `/etc/sudoers` | Medium
26 | File | `/ext/collect/find_text.do` | High
27 | File | `/Forms/` | Low
28 | File | `/framework/modules/users/models/user.php` | High
29 | File | `/ghost/preview` | High
30 | File | `/HNAP1/SetAccessPointMode` | High
31 | File | `/index.php` | Medium
32 | File | `/mcategory.php` | High
33 | File | `/member/picture/album` | High
34 | File | `/mysql/api/diags.php` | High
35 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
36 | File | `/oauth/idp/.well-known/openid-configuration` | High
37 | File | `/phpcollab/users/edituser.php` | High
38 | File | `/plain` | Low
39 | File | `/products/details.asp` | High
40 | File | `/product_list.php` | High
41 | File | `/public/login.htm` | High
42 | File | `/replication` | Medium
43 | File | `/service/upload` | High
44 | File | `/services/details.asp` | High
45 | File | `/showfile.php` | High
46 | File | `/trx_addons/v2/get/sc_layout` | High
47 | File | `/uncpath/` | Medium
48 | File | `/upload/catalog/controller/account/password.php` | High
49 | File | `/usr/bin/pkexec` | High
50 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
51 | File | `/wbms/classes/Master.php?f=delete_client` | High
52 | File | `/web/api/app/Controller/HostController.php` | High
53 | File | `/WebMstr7/servlet/mstrWeb` | High
54 | ... | ... | ...
There are 472 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 474 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

256
actors/Azorult/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [LA](https://vuldb.com/?country.la)
* ...
There are 15 more country items available. Please use our online service to access the data.
There are 16 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -21,92 +21,92 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [3.104.54.134](https://vuldb.com/?ip.3.104.54.134) | ec2-3-104-54-134.ap-southeast-2.compute.amazonaws.com | - | Medium
2 | [3.122.247.28](https://vuldb.com/?ip.3.122.247.28) | ec2-3-122-247-28.eu-central-1.compute.amazonaws.com | - | Medium
3 | [3.123.254.92](https://vuldb.com/?ip.3.123.254.92) | ec2-3-123-254-92.eu-central-1.compute.amazonaws.com | - | Medium
4 | [3.126.249.36](https://vuldb.com/?ip.3.126.249.36) | ec2-3-126-249-36.eu-central-1.compute.amazonaws.com | - | Medium
5 | [5.8.88.26](https://vuldb.com/?ip.5.8.88.26) | - | - | High
6 | [5.8.88.74](https://vuldb.com/?ip.5.8.88.74) | - | - | High
7 | [5.8.88.90](https://vuldb.com/?ip.5.8.88.90) | - | - | High
8 | [5.8.88.107](https://vuldb.com/?ip.5.8.88.107) | - | - | High
9 | [5.8.88.144](https://vuldb.com/?ip.5.8.88.144) | - | - | High
10 | [5.23.55.170](https://vuldb.com/?ip.5.23.55.170) | 112152-garant222.tmweb.ru | - | High
11 | [5.34.177.120](https://vuldb.com/?ip.5.34.177.120) | unallocated.layer6.net | - | High
12 | [5.39.218.162](https://vuldb.com/?ip.5.39.218.162) | - | - | High
13 | [5.45.77.6](https://vuldb.com/?ip.5.45.77.6) | - | - | High
14 | [5.56.134.65](https://vuldb.com/?ip.5.56.134.65) | - | - | High
15 | [5.152.206.196](https://vuldb.com/?ip.5.152.206.196) | h5-152-206-196.host.redstation.co.uk | - | High
16 | [5.188.60.41](https://vuldb.com/?ip.5.188.60.41) | - | - | High
17 | [5.188.231.68](https://vuldb.com/?ip.5.188.231.68) | lax.4729 | - | High
18 | [5.188.231.156](https://vuldb.com/?ip.5.188.231.156) | free.ds | - | High
19 | [5.188.231.247](https://vuldb.com/?ip.5.188.231.247) | - | - | High
20 | [5.188.231.253](https://vuldb.com/?ip.5.188.231.253) | - | - | High
21 | [5.200.47.181](https://vuldb.com/?ip.5.200.47.181) | - | - | High
22 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
23 | [13.229.153.16](https://vuldb.com/?ip.13.229.153.16) | ec2-13-229-153-16.ap-southeast-1.compute.amazonaws.com | - | Medium
24 | [15.236.142.224](https://vuldb.com/?ip.15.236.142.224) | ec2-15-236-142-224.eu-west-3.compute.amazonaws.com | - | Medium
25 | [18.159.53.170](https://vuldb.com/?ip.18.159.53.170) | ec2-18-159-53-170.eu-central-1.compute.amazonaws.com | - | Medium
26 | [18.185.149.145](https://vuldb.com/?ip.18.185.149.145) | ec2-18-185-149-145.eu-central-1.compute.amazonaws.com | - | Medium
27 | [18.192.122.2](https://vuldb.com/?ip.18.192.122.2) | ec2-18-192-122-2.eu-central-1.compute.amazonaws.com | - | Medium
28 | [18.216.84.23](https://vuldb.com/?ip.18.216.84.23) | ec2-18-216-84-23.us-east-2.compute.amazonaws.com | - | Medium
29 | [18.218.130.236](https://vuldb.com/?ip.18.218.130.236) | ec2-18-218-130-236.us-east-2.compute.amazonaws.com | - | Medium
30 | [18.220.44.88](https://vuldb.com/?ip.18.220.44.88) | ec2-18-220-44-88.us-east-2.compute.amazonaws.com | - | Medium
31 | [20.36.46.115](https://vuldb.com/?ip.20.36.46.115) | - | - | High
32 | [23.94.253.124](https://vuldb.com/?ip.23.94.253.124) | cbs.propause.bar | - | High
33 | [23.95.88.121](https://vuldb.com/?ip.23.95.88.121) | aguug.fkjr121.glerlium.cfd | - | High
34 | [23.106.122.215](https://vuldb.com/?ip.23.106.122.215) | - | - | High
35 | [23.106.124.148](https://vuldb.com/?ip.23.106.124.148) | - | - | High
36 | [23.106.160.1](https://vuldb.com/?ip.23.106.160.1) | v2013.er01.dal.ubiquity.io | - | High
37 | [23.221.227.176](https://vuldb.com/?ip.23.221.227.176) | a23-221-227-176.deploy.static.akamaitechnologies.com | - | High
38 | [23.247.102.18](https://vuldb.com/?ip.23.247.102.18) | pyprak.munisten.com | - | High
39 | [23.249.162.26](https://vuldb.com/?ip.23.249.162.26) | - | - | High
40 | [23.249.162.163](https://vuldb.com/?ip.23.249.162.163) | - | - | High
41 | [31.148.220.50](https://vuldb.com/?ip.31.148.220.50) | - | - | High
42 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
43 | [35.228.218.42](https://vuldb.com/?ip.35.228.218.42) | 42.218.228.35.bc.googleusercontent.com | - | Medium
44 | [37.0.10.51](https://vuldb.com/?ip.37.0.10.51) | - | - | High
45 | [37.44.212.156](https://vuldb.com/?ip.37.44.212.156) | - | - | High
46 | [37.46.150.14](https://vuldb.com/?ip.37.46.150.14) | - | - | High
47 | [37.49.225.167](https://vuldb.com/?ip.37.49.225.167) | - | - | High
48 | [37.49.225.178](https://vuldb.com/?ip.37.49.225.178) | - | - | High
49 | [37.49.225.194](https://vuldb.com/?ip.37.49.225.194) | - | - | High
50 | [37.72.175.157](https://vuldb.com/?ip.37.72.175.157) | 37-72-175-157.static.hvvc.us | - | High
51 | [37.97.190.174](https://vuldb.com/?ip.37.97.190.174) | 37-97-190-174.colo.transip.net | - | High
52 | [37.140.192.153](https://vuldb.com/?ip.37.140.192.153) | scp59.hosting.reg.ru | - | High
53 | [37.140.192.166](https://vuldb.com/?ip.37.140.192.166) | scp46.hosting.reg.ru | - | High
54 | [38.68.39.209](https://vuldb.com/?ip.38.68.39.209) | - | - | High
55 | [45.14.50.207](https://vuldb.com/?ip.45.14.50.207) | - | - | High
56 | [45.56.89.165](https://vuldb.com/?ip.45.56.89.165) | 45-56-89-165.ip.linodeusercontent.com | - | High
57 | [45.56.100.248](https://vuldb.com/?ip.45.56.100.248) | 45-56-100-248.ip.linodeusercontent.com | - | High
58 | [45.56.106.128](https://vuldb.com/?ip.45.56.106.128) | 45-56-106-128.ip.linodeusercontent.com | - | High
59 | [45.67.14.179](https://vuldb.com/?ip.45.67.14.179) | - | - | High
60 | [45.67.14.181](https://vuldb.com/?ip.45.67.14.181) | - | - | High
61 | [45.76.18.39](https://vuldb.com/?ip.45.76.18.39) | 45.76.18.39.vultrusercontent.com | - | High
62 | [45.80.149.68](https://vuldb.com/?ip.45.80.149.68) | - | - | High
63 | [45.81.226.17](https://vuldb.com/?ip.45.81.226.17) | vm4511296.34ssd.had.wf | - | High
64 | [45.95.147.64](https://vuldb.com/?ip.45.95.147.64) | - | - | High
65 | [45.95.168.162](https://vuldb.com/?ip.45.95.168.162) | server2.allianttgroup.com | - | High
66 | [45.137.22.58](https://vuldb.com/?ip.45.137.22.58) | hosted-by.rootlayer.net | - | High
67 | [45.139.236.14](https://vuldb.com/?ip.45.139.236.14) | - | - | High
68 | [45.140.146.18](https://vuldb.com/?ip.45.140.146.18) | node.28 | - | High
69 | [45.140.147.214](https://vuldb.com/?ip.45.140.147.214) | vm1329418.stark-industries.solutions | - | High
70 | [45.145.185.26](https://vuldb.com/?ip.45.145.185.26) | - | - | High
71 | [45.145.185.73](https://vuldb.com/?ip.45.145.185.73) | - | - | High
72 | [45.145.185.111](https://vuldb.com/?ip.45.145.185.111) | - | - | High
73 | [45.145.185.253](https://vuldb.com/?ip.45.145.185.253) | - | - | High
74 | [45.147.228.74](https://vuldb.com/?ip.45.147.228.74) | - | - | High
75 | [45.147.230.200](https://vuldb.com/?ip.45.147.230.200) | - | - | High
76 | [45.153.203.81](https://vuldb.com/?ip.45.153.203.81) | - | - | High
77 | [45.156.22.167](https://vuldb.com/?ip.45.156.22.167) | - | - | High
78 | [46.17.43.102](https://vuldb.com/?ip.46.17.43.102) | - | - | High
79 | [46.183.220.70](https://vuldb.com/?ip.46.183.220.70) | - | - | High
80 | [46.183.221.76](https://vuldb.com/?ip.46.183.221.76) | ip-221-76.dataclub.info | - | High
81 | [46.183.222.66](https://vuldb.com/?ip.46.183.222.66) | ip-222-66.dataclub.info | - | High
82 | [46.183.223.7](https://vuldb.com/?ip.46.183.223.7) | ip-223-7.dataclub.info | - | High
83 | [46.249.38.134](https://vuldb.com/?ip.46.249.38.134) | - | - | High
1 | [2.56.215.211](https://vuldb.com/?ip.2.56.215.211) | no-reverse-yet.local | - | High
2 | [3.104.54.134](https://vuldb.com/?ip.3.104.54.134) | ec2-3-104-54-134.ap-southeast-2.compute.amazonaws.com | - | Medium
3 | [3.122.247.28](https://vuldb.com/?ip.3.122.247.28) | ec2-3-122-247-28.eu-central-1.compute.amazonaws.com | - | Medium
4 | [3.123.254.92](https://vuldb.com/?ip.3.123.254.92) | ec2-3-123-254-92.eu-central-1.compute.amazonaws.com | - | Medium
5 | [3.126.249.36](https://vuldb.com/?ip.3.126.249.36) | ec2-3-126-249-36.eu-central-1.compute.amazonaws.com | - | Medium
6 | [5.8.88.26](https://vuldb.com/?ip.5.8.88.26) | - | - | High
7 | [5.8.88.74](https://vuldb.com/?ip.5.8.88.74) | - | - | High
8 | [5.8.88.90](https://vuldb.com/?ip.5.8.88.90) | - | - | High
9 | [5.8.88.107](https://vuldb.com/?ip.5.8.88.107) | - | - | High
10 | [5.8.88.144](https://vuldb.com/?ip.5.8.88.144) | - | - | High
11 | [5.23.55.170](https://vuldb.com/?ip.5.23.55.170) | 112152-garant222.tmweb.ru | - | High
12 | [5.34.177.120](https://vuldb.com/?ip.5.34.177.120) | unallocated.layer6.net | - | High
13 | [5.39.218.162](https://vuldb.com/?ip.5.39.218.162) | - | - | High
14 | [5.45.77.6](https://vuldb.com/?ip.5.45.77.6) | - | - | High
15 | [5.56.134.65](https://vuldb.com/?ip.5.56.134.65) | - | - | High
16 | [5.152.206.196](https://vuldb.com/?ip.5.152.206.196) | h5-152-206-196.host.redstation.co.uk | - | High
17 | [5.188.60.41](https://vuldb.com/?ip.5.188.60.41) | - | - | High
18 | [5.188.231.68](https://vuldb.com/?ip.5.188.231.68) | lax.4729 | - | High
19 | [5.188.231.156](https://vuldb.com/?ip.5.188.231.156) | free.ds | - | High
20 | [5.188.231.247](https://vuldb.com/?ip.5.188.231.247) | - | - | High
21 | [5.188.231.253](https://vuldb.com/?ip.5.188.231.253) | - | - | High
22 | [5.200.47.181](https://vuldb.com/?ip.5.200.47.181) | - | - | High
23 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
24 | [13.229.153.16](https://vuldb.com/?ip.13.229.153.16) | ec2-13-229-153-16.ap-southeast-1.compute.amazonaws.com | - | Medium
25 | [15.236.142.224](https://vuldb.com/?ip.15.236.142.224) | ec2-15-236-142-224.eu-west-3.compute.amazonaws.com | - | Medium
26 | [18.159.53.170](https://vuldb.com/?ip.18.159.53.170) | ec2-18-159-53-170.eu-central-1.compute.amazonaws.com | - | Medium
27 | [18.185.149.145](https://vuldb.com/?ip.18.185.149.145) | ec2-18-185-149-145.eu-central-1.compute.amazonaws.com | - | Medium
28 | [18.192.122.2](https://vuldb.com/?ip.18.192.122.2) | ec2-18-192-122-2.eu-central-1.compute.amazonaws.com | - | Medium
29 | [18.216.84.23](https://vuldb.com/?ip.18.216.84.23) | ec2-18-216-84-23.us-east-2.compute.amazonaws.com | - | Medium
30 | [18.218.130.236](https://vuldb.com/?ip.18.218.130.236) | ec2-18-218-130-236.us-east-2.compute.amazonaws.com | - | Medium
31 | [18.220.44.88](https://vuldb.com/?ip.18.220.44.88) | ec2-18-220-44-88.us-east-2.compute.amazonaws.com | - | Medium
32 | [20.36.46.115](https://vuldb.com/?ip.20.36.46.115) | - | - | High
33 | [23.94.253.124](https://vuldb.com/?ip.23.94.253.124) | cbs.propause.bar | - | High
34 | [23.95.88.121](https://vuldb.com/?ip.23.95.88.121) | aguug.fkjr121.glerlium.cfd | - | High
35 | [23.106.122.215](https://vuldb.com/?ip.23.106.122.215) | - | - | High
36 | [23.106.124.148](https://vuldb.com/?ip.23.106.124.148) | - | - | High
37 | [23.106.160.1](https://vuldb.com/?ip.23.106.160.1) | v2013.er01.dal.ubiquity.io | - | High
38 | [23.221.227.176](https://vuldb.com/?ip.23.221.227.176) | a23-221-227-176.deploy.static.akamaitechnologies.com | - | High
39 | [23.247.102.18](https://vuldb.com/?ip.23.247.102.18) | pyprak.munisten.com | - | High
40 | [23.249.162.26](https://vuldb.com/?ip.23.249.162.26) | - | - | High
41 | [23.249.162.163](https://vuldb.com/?ip.23.249.162.163) | - | - | High
42 | [31.148.220.50](https://vuldb.com/?ip.31.148.220.50) | - | - | High
43 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
44 | [35.228.218.42](https://vuldb.com/?ip.35.228.218.42) | 42.218.228.35.bc.googleusercontent.com | - | Medium
45 | [37.0.10.51](https://vuldb.com/?ip.37.0.10.51) | - | - | High
46 | [37.44.212.156](https://vuldb.com/?ip.37.44.212.156) | - | - | High
47 | [37.46.150.14](https://vuldb.com/?ip.37.46.150.14) | - | - | High
48 | [37.49.225.167](https://vuldb.com/?ip.37.49.225.167) | - | - | High
49 | [37.49.225.178](https://vuldb.com/?ip.37.49.225.178) | - | - | High
50 | [37.49.225.194](https://vuldb.com/?ip.37.49.225.194) | - | - | High
51 | [37.72.175.157](https://vuldb.com/?ip.37.72.175.157) | 37-72-175-157.static.hvvc.us | - | High
52 | [37.97.190.174](https://vuldb.com/?ip.37.97.190.174) | 37-97-190-174.colo.transip.net | - | High
53 | [37.140.192.153](https://vuldb.com/?ip.37.140.192.153) | scp59.hosting.reg.ru | - | High
54 | [37.140.192.166](https://vuldb.com/?ip.37.140.192.166) | scp46.hosting.reg.ru | - | High
55 | [38.68.39.209](https://vuldb.com/?ip.38.68.39.209) | - | - | High
56 | [45.14.50.207](https://vuldb.com/?ip.45.14.50.207) | - | - | High
57 | [45.56.89.165](https://vuldb.com/?ip.45.56.89.165) | 45-56-89-165.ip.linodeusercontent.com | - | High
58 | [45.56.100.248](https://vuldb.com/?ip.45.56.100.248) | 45-56-100-248.ip.linodeusercontent.com | - | High
59 | [45.56.106.128](https://vuldb.com/?ip.45.56.106.128) | 45-56-106-128.ip.linodeusercontent.com | - | High
60 | [45.67.14.179](https://vuldb.com/?ip.45.67.14.179) | - | - | High
61 | [45.67.14.181](https://vuldb.com/?ip.45.67.14.181) | - | - | High
62 | [45.76.18.39](https://vuldb.com/?ip.45.76.18.39) | 45.76.18.39.vultrusercontent.com | - | High
63 | [45.80.149.68](https://vuldb.com/?ip.45.80.149.68) | - | - | High
64 | [45.81.226.17](https://vuldb.com/?ip.45.81.226.17) | vm4511296.34ssd.had.wf | - | High
65 | [45.95.147.64](https://vuldb.com/?ip.45.95.147.64) | - | - | High
66 | [45.95.168.162](https://vuldb.com/?ip.45.95.168.162) | server2.allianttgroup.com | - | High
67 | [45.137.22.58](https://vuldb.com/?ip.45.137.22.58) | hosted-by.rootlayer.net | - | High
68 | [45.139.236.14](https://vuldb.com/?ip.45.139.236.14) | - | - | High
69 | [45.140.146.18](https://vuldb.com/?ip.45.140.146.18) | node.28 | - | High
70 | [45.140.147.214](https://vuldb.com/?ip.45.140.147.214) | vm1329418.stark-industries.solutions | - | High
71 | [45.145.185.26](https://vuldb.com/?ip.45.145.185.26) | - | - | High
72 | [45.145.185.73](https://vuldb.com/?ip.45.145.185.73) | - | - | High
73 | [45.145.185.111](https://vuldb.com/?ip.45.145.185.111) | - | - | High
74 | [45.145.185.253](https://vuldb.com/?ip.45.145.185.253) | - | - | High
75 | [45.147.228.74](https://vuldb.com/?ip.45.147.228.74) | - | - | High
76 | [45.147.230.200](https://vuldb.com/?ip.45.147.230.200) | - | - | High
77 | [45.153.203.81](https://vuldb.com/?ip.45.153.203.81) | - | - | High
78 | [45.156.22.167](https://vuldb.com/?ip.45.156.22.167) | - | - | High
79 | [46.17.43.102](https://vuldb.com/?ip.46.17.43.102) | - | - | High
80 | [46.183.220.70](https://vuldb.com/?ip.46.183.220.70) | - | - | High
81 | [46.183.221.76](https://vuldb.com/?ip.46.183.221.76) | ip-221-76.dataclub.info | - | High
82 | [46.183.222.66](https://vuldb.com/?ip.46.183.222.66) | ip-222-66.dataclub.info | - | High
83 | [46.183.223.7](https://vuldb.com/?ip.46.183.223.7) | ip-223-7.dataclub.info | - | High
84 | ... | ... | ... | ...
There are 332 more IOC items available. Please use our online service to access the data.
There are 333 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -114,14 +114,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 21 more TTP items available. Please use our online service to access the data.
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -141,48 +141,46 @@ ID | Type | Indicator | Confidence
10 | File | `/api/sys/set_passwd` | High
11 | File | `/api/trackedEntityInstances` | High
12 | File | `/api/v4/teams//channels/deleted` | High
13 | File | `/app/ajax/search_sales_report.php` | High
14 | File | `/app/controller/Setup.php` | High
15 | File | `/app/middleware/TokenVerify.php` | High
16 | File | `/appliance/users?action=edit` | High
17 | File | `/application/index/controller/Screen.php` | High
18 | File | `/application/websocket/controller/Setting.php` | High
19 | File | `/aux` | Low
20 | File | `/bin/boa` | Medium
21 | File | `/boafrm/formMapDelDevice` | High
22 | File | `/cgi-bin/cstecgi.cgi` | High
23 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
24 | File | `/changePassword` | High
25 | File | `/collection/all` | High
26 | File | `/Content/Template/root/reverse-shell.aspx` | High
27 | File | `/dashboard/add-blog.php` | High
28 | File | `/data/remove` | Medium
29 | File | `/debug/pprof` | Medium
30 | File | `/ecshop/admin/template.php` | High
31 | File | `/Employer/ManageWalkin.php` | High
32 | File | `/endpoint/add-faq.php` | High
33 | File | `/endpoint/delete-computer.php` | High
34 | File | `/endpoint/update-resident.php` | High
35 | File | `/endpoint/update-tracker.php` | High
36 | File | `/etc/passwd` | Medium
37 | File | `/forum/away.php` | High
38 | File | `/fusion/portal/action/Link` | High
39 | File | `/goform/net\_Web\_get_value` | High
40 | File | `/hedwig.cgi` | Medium
41 | File | `/HNAP1/` | Low
42 | File | `/importexport.php` | High
43 | File | `/index.php` | Medium
44 | File | `/mhds/clinic/view_details.php` | High
45 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
46 | File | `/novel/bookSetting/list` | High
47 | File | `/novel/userFeedback/list` | High
48 | File | `/rest/api/latest/projectvalidate/key` | High
49 | File | `/showfile.php` | High
50 | File | `/student/bookdetails.php` | High
51 | File | `/SysManage/AddUpdateRole.aspx` | High
52 | ... | ... | ...
13 | File | `/app/admin/controller/Upload.php` | High
14 | File | `/app/ajax/search_sales_report.php` | High
15 | File | `/app/controller/Setup.php` | High
16 | File | `/app/middleware/TokenVerify.php` | High
17 | File | `/appliance/users?action=edit` | High
18 | File | `/application/index/controller/Screen.php` | High
19 | File | `/application/websocket/controller/Setting.php` | High
20 | File | `/aux` | Low
21 | File | `/bin/boa` | Medium
22 | File | `/boafrm/formMapDelDevice` | High
23 | File | `/cgi-bin/cstecgi.cgi` | High
24 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
25 | File | `/changePassword` | High
26 | File | `/collection/all` | High
27 | File | `/data/remove` | Medium
28 | File | `/debug/pprof` | Medium
29 | File | `/ecshop/admin/template.php` | High
30 | File | `/Employer/ManageWalkin.php` | High
31 | File | `/endpoint/add-faq.php` | High
32 | File | `/endpoint/delete-computer.php` | High
33 | File | `/endpoint/update-resident.php` | High
34 | File | `/endpoint/update-tracker.php` | High
35 | File | `/etc/passwd` | Medium
36 | File | `/forum/away.php` | High
37 | File | `/goform/net\_Web\_get_value` | High
38 | File | `/hedwig.cgi` | Medium
39 | File | `/HNAP1/` | Low
40 | File | `/importexport.php` | High
41 | File | `/index.php` | Medium
42 | File | `/mhds/clinic/view_details.php` | High
43 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
44 | File | `/novel/bookSetting/list` | High
45 | File | `/novel/userFeedback/list` | High
46 | File | `/rest/api/latest/projectvalidate/key` | High
47 | File | `/showfile.php` | High
48 | File | `/student/bookdetails.php` | High
49 | File | `/testConnection` | High
50 | ... | ... | ...
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 436 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

141
actors/B1txor20/README.md
View File

@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [FR](https://vuldb.com/?country.fr)
* [LU](https://vuldb.com/?country.lu)
* ...
There are 9 more country items available. Please use our online service to access the data.
@ -41,10 +41,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
3 | T1055 | CWE-74, CWE-643 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
@ -56,79 +56,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/#ProductSerie/view/` | High
2 | File | `/admin/` | Low
3 | File | `/admin/action/add_con.php` | High
4 | File | `/admin/action/new-father.php` | High
5 | File | `/admin/action/new-feed.php` | High
6 | File | `/admin/book_add.php` | High
7 | File | `/admin/book_row.php` | High
8 | File | `/admin/borrow_add.php` | High
9 | File | `/admin/bwdates-report-details.php` | High
10 | File | `/admin/category_row.php` | High
11 | File | `/admin/edit_teacher.php` | High
12 | File | `/Admin/login.php` | High
13 | File | `/admin/makehtml_freelist_action.php` | High
14 | File | `/Admin/News.php` | High
15 | File | `/admin/pages/edit_chicken.php` | High
16 | File | `/admin/pages/update_go.php` | High
17 | File | `/admin/pages/yearlevel.php` | High
18 | File | `/admin/php/crud.php` | High
19 | File | `/admin/regester.php` | High
20 | File | `/admin/return_add.php` | High
21 | File | `/admin/students.php` | High
22 | File | `/admin/users` | Medium
23 | File | `/admin_ping.htm` | High
24 | File | `/admin_route/dec_service_credits.php` | High
25 | File | `/adplanet/PlanetUser` | High
26 | File | `/ample/app/action/edit_product.php` | High
27 | File | `/api.php` | Medium
28 | File | `/api/controllers/admin/app/AppController.php` | High
29 | File | `/api/controllers/common/UploadsController.php` | High
30 | File | `/api/controllers/merchant/design/MaterialController.php` | High
31 | File | `/api/controllers/merchant/shop/PosterController.php` | High
32 | File | `/api/log/killJob` | High
33 | File | `/api/trackedEntityInstances` | High
34 | File | `/app/api/controller/default/File.php` | High
35 | File | `/app/index/controller/Common.php` | High
36 | File | `/application/index/controller/Datament.php` | High
37 | File | `/application/index/controller/Pay.php` | High
38 | File | `/application/index/controller/Screen.php` | High
39 | File | `/application/pay/controller/Api.php` | High
40 | File | `/apply/index.php` | High
41 | File | `/apps/login_auth.php` | High
42 | File | `/apps/reg_go.php` | High
43 | File | `/att_add.php` | Medium
44 | File | `/aux` | Low
45 | File | `/bin/boa` | Medium
46 | File | `/boaform/device_reset.cgi` | High
47 | File | `/boaform/wlan_basic_set.cgi` | High
48 | File | `/boafrm/formMapDelDevice` | High
49 | File | `/build` | Low
50 | File | `/ccm/system/dialogs/file/delete/1/submit` | High
51 | File | `/cgi-bin/cstecgi.cgi` | High
52 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
53 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
54 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
55 | File | `/cgi-bin/R19.9/easy1350.pl` | High
56 | File | `/Cinema-Reservation/booking.php` | High
57 | File | `/classes/Users.php?f=save` | High
58 | File | `/clientLogin` | Medium
59 | File | `/config,admin.jsp` | High
60 | File | `/core/config-revisions` | High
61 | File | `/cupseasylive/stockissuancedisplay.php` | High
62 | File | `/cupseasylive/taxcodelist.php` | High
63 | File | `/currentsetting.htm` | High
64 | File | `/data/remove` | Medium
65 | File | `/debug/pprof` | Medium
66 | File | `/debuginfo.htm` | High
67 | File | `/download.php?file=author.png` | High
68 | File | `/etc/init.d/update_notifications.sh` | High
69 | File | `/etc/passwd` | Medium
70 | File | `/ext/collect/filter_text.do` | High
71 | ... | ... | ...
1 | File | `/Account/login.php` | High
2 | File | `/add_members.php` | High
3 | File | `/admin-manage-user.php` | High
4 | File | `/admin/` | Low
5 | File | `/admin/admin-profile.php` | High
6 | File | `/admin/app/product.php` | High
7 | File | `/admin/app/profile_crud.php` | High
8 | File | `/admin/app/service_crud.php` | High
9 | File | `/admin/applicants/controller.php` | High
10 | File | `/admin/applicants/index.php` | High
11 | File | `/admin/bookdate.php` | High
12 | File | `/admin/booking-bwdates-reports-details.php` | High
13 | File | `/admin/booktime.php` | High
14 | File | `/admin/category/controller.php` | High
15 | File | `/admin/company/controller.php` | High
16 | File | `/admin/company/index.php` | High
17 | File | `/admin/div_data/delete?divId=9` | High
18 | File | `/admin/edit-admin.php` | High
19 | File | `/admin/edit_supplier.php` | High
20 | File | `/admin/employee/controller.php` | High
21 | File | `/admin/employee/index.php` | High
22 | File | `/admin/list_resource_icon.php?action=delete` | High
23 | File | `/admin/login.php` | High
24 | File | `/admin/maintenance/manage_category.php` | High
25 | File | `/admin/menu/toEdit` | High
26 | File | `/admin/operations/expense_category.php` | High
27 | File | `/admin/orders/view_order.php` | High
28 | File | `/admin/product/manage_product.php` | High
29 | File | `/admin/rooms.php` | High
30 | File | `/admin/search.php` | High
31 | File | `/admin/update-rooms.php` | High
32 | File | `/admin/update-users.php` | High
33 | File | `/admin/user-search.php` | High
34 | File | `/admin/user/controller.php` | High
35 | File | `/admin/users.php` | High
36 | File | `/adminapi/system/crud` | High
37 | File | `/adminapi/system/file/openfile` | High
38 | File | `/adminpanel/admin/facebox_modal/updateExaminee.php` | High
39 | File | `/adminpanel/admin/query/deleteExamExe.php` | High
40 | File | `/adminpanel/admin/query/loginExe.php` | High
41 | File | `/api/client/editemedia.php` | High
42 | File | `/api/controllers/admin/app/AppController.php` | High
43 | File | `/api/v1` | Low
44 | File | `/api/v1/policies/validation/condition/` | High
45 | File | `/api/v1/toolbox/device/update/swap` | High
46 | File | `/api/v1/vdeskintegration/todo/createorupdate` | High
47 | File | `/app/controller/Setup.php` | High
48 | File | `/app/middleware/TokenVerify.php` | High
49 | File | `/apps/system/api/user.go` | High
50 | File | `/apps/system/router/upload.go` | High
51 | File | `/apps/system/services/role_menu.go` | High
52 | File | `/att_add.php` | Medium
53 | File | `/billing/bill/edit/` | High
54 | File | `/bishe/register` | High
55 | File | `/bsenordering/index.php` | High
56 | File | `/cancel.php` | Medium
57 | File | `/cgi-bin/cstecgi.cgi` | High
58 | File | `/change-password.php` | High
59 | File | `/Cinema-Reservation/booking.php` | High
60 | ... | ... | ...
There are 626 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 527 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

11
actors/BackSwap/README.md
View File

@ -9,8 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BackSwap:
* [US](https://vuldb.com/?country.us)
* [ZW](https://vuldb.com/?country.zw)
* [ES](https://vuldb.com/?country.es)
* [IR](https://vuldb.com/?country.ir)
* ...
There are 1 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -37,11 +40,11 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/cgi-bin/` | Medium
2 | File | `s04.php` | Low
3 | File | `tinyfilemanager.php` | High
2 | File | `php_variables.c` | High
3 | File | `s04.php` | Low
4 | ... | ... | ...
There are 3 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 4 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

59
actors/BackdoorDiplomacy/README.md
View File

@ -44,12 +44,12 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
There are 21 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -76,34 +76,35 @@ ID | Type | Indicator | Confidence
17 | File | `/ctcprotocol/Protocol` | High
18 | File | `/dashboard/menu-list.php` | High
19 | File | `/data/remove` | Medium
20 | File | `/ebics-server/ebics.aspx` | High
21 | File | `/ffos/classes/Master.php?f=save_category` | High
22 | File | `/filemanager/upload/drop` | High
23 | File | `/forum/away.php` | High
24 | File | `/goform/net\_Web\_get_value` | High
25 | File | `/goforms/rlminfo` | High
26 | File | `/GponForm/usb_restore_Form?script/` | High
27 | File | `/group1/uploa` | High
28 | File | `/hedwig.cgi` | Medium
29 | File | `/HNAP1` | Low
30 | File | `/HNAP1/SetClientInfo` | High
31 | File | `/index.php/newsletter/subscriber/new/` | High
32 | File | `/Items/*/RemoteImages/Download` | High
33 | File | `/menu.html` | Medium
34 | File | `/mkshop/Men/profile.php` | High
35 | File | `/modules/profile/index.php` | High
36 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
37 | File | `/navigate/navigate_download.php` | High
38 | File | `/novel/bookSetting/list` | High
39 | File | `/ocwbs/admin/?page=user/manage_user` | High
40 | File | `/ofrs/admin/?page=user/manage_user` | High
41 | File | `/out.php` | Medium
42 | File | `/password.html` | High
43 | File | `/php_action/fetchSelectedUser.php` | High
44 | File | `/plugin` | Low
45 | ... | ... | ...
20 | File | `/debug/pprof` | Medium
21 | File | `/ebics-server/ebics.aspx` | High
22 | File | `/ffos/classes/Master.php?f=save_category` | High
23 | File | `/filemanager/upload/drop` | High
24 | File | `/forum/away.php` | High
25 | File | `/goform/net\_Web\_get_value` | High
26 | File | `/goforms/rlminfo` | High
27 | File | `/GponForm/usb_restore_Form?script/` | High
28 | File | `/group1/uploa` | High
29 | File | `/hedwig.cgi` | Medium
30 | File | `/HNAP1` | Low
31 | File | `/HNAP1/SetClientInfo` | High
32 | File | `/index.php/newsletter/subscriber/new/` | High
33 | File | `/Items/*/RemoteImages/Download` | High
34 | File | `/menu.html` | Medium
35 | File | `/mkshop/Men/profile.php` | High
36 | File | `/modules/profile/index.php` | High
37 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
38 | File | `/navigate/navigate_download.php` | High
39 | File | `/novel/bookSetting/list` | High
40 | File | `/ocwbs/admin/?page=user/manage_user` | High
41 | File | `/ofrs/admin/?page=user/manage_user` | High
42 | File | `/out.php` | Medium
43 | File | `/password.html` | High
44 | File | `/patient/appointment.php` | High
45 | File | `/php_action/fetchSelectedUser.php` | High
46 | ... | ... | ...
There are 393 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 402 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

9
actors/Bahamut/README.md
View File

@ -16,8 +16,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [134.255.231.233](https://vuldb.com/?ip.134.255.231.233) | vps-zap930219-3.zap-srv.com | - | High
2 | [134.255.252.185](https://vuldb.com/?ip.134.255.252.185) | vps-zap948630-2.zap-srv.com | - | High
1 | [104.21.10.79](https://vuldb.com/?ip.104.21.10.79) | - | - | High
2 | [134.255.231.233](https://vuldb.com/?ip.134.255.231.233) | vps-zap930219-3.zap-srv.com | - | High
3 | [134.255.252.185](https://vuldb.com/?ip.134.255.252.185) | vps-zap948630-2.zap-srv.com | - | High
4 | ... | ... | ... | ...
There are 1 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -51,6 +55,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/hosts/134.255.231.233
* https://search.censys.io/hosts/134.255.252.185
* https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/
## Literature

2
actors/Baldr/README.md
View File

@ -56,7 +56,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | ... | ... | ... | ...

110
actors/Bandit Stealer/README.md
View File

@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bandit Stealer:
* [US](https://vuldb.com/?country.us)
* [SH](https://vuldb.com/?country.sh)
* [US](https://vuldb.com/?country.us)
* [RU](https://vuldb.com/?country.ru)
* ...
There are 7 more country items available. Please use our online service to access the data.
There are 8 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -38,14 +38,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-35, CWE-36 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-36 | Path Traversal | High
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 20 more TTP items available. Please use our online service to access the data.
There are 21 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -54,59 +54,57 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.vscode/cody.json` | High
2 | File | `/?r=email/api/mark&op=delFromSend` | High
2 | File | `/3g/index.php` | High
3 | File | `/accounts/login` | High
4 | File | `/accounts_con/register_account` | High
5 | File | `/admin.php` | Medium
6 | File | `/admin/` | Low
7 | File | `/admin/action/new-feed.php` | High
8 | File | `/admin/book_add.php` | High
9 | File | `/admin/content/data` | High
10 | File | `/admin/courses/view_course.php` | High
11 | File | `/admin/database/backup` | High
12 | File | `/admin/file/edit.do` | High
13 | File | `/admin/index.php?act=reset_admin_psw` | High
14 | File | `/admin/list_onlineuser.php` | High
15 | File | `/admin/sales/view_details.php` | High
16 | File | `/admin/students/view_details.php` | High
17 | File | `/adminapi/system/crud` | High
18 | File | `/ajax/ajax_login.ashx` | High
19 | File | `/api.php` | Medium
20 | File | `/api/email/update` | High
21 | File | `/application/index/controller/File.php` | High
22 | File | `/application/index/controller/Icon.php` | High
23 | File | `/Attachment/fromImageUrl` | High
24 | File | `/b2b-supermarket/catalog/all-products` | High
25 | File | `/b2b-supermarket/shopping-cart` | High
26 | File | `/bin/boa` | Medium
27 | File | `/catalog/compare` | High
28 | File | `/cgi-bin/cstecgi.cgi` | High
29 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
30 | File | `/cgi-bin/wlogin.cgi` | High
31 | File | `/classes/Master.php? f=save_medicine` | High
32 | File | `/classes/Users.php?f=save` | High
33 | File | `/clinic/disease_symptoms_view.php` | High
34 | File | `/common/log/list` | High
35 | File | `/content/list.do` | High
36 | File | `/cupseasylive/costcentermodify.php` | High
37 | File | `/cupseasylive/itemmodify.php` | High
38 | File | `/cupseasylive/statelist.php` | High
39 | File | `/cupseasylive/stockissuancecreate.php` | High
40 | File | `/cupseasylive/taxstructurelinecreate.php` | High
41 | File | `/dataset/new` | Medium
42 | File | `/devinfo` | Medium
43 | File | `/edit_branch.php` | High
44 | File | `/endpoint/add-user.php` | High
45 | File | `/fcgi/scrut_fcgi.fcgi` | High
46 | File | `/file` | Low
47 | File | `/front/admin/tenancyDetail.php` | High
48 | File | `/goform/setAutoPing` | High
49 | File | `/goform/SetNetControlList` | High
50 | File | `/goform/SetOnlineDevName` | High
51 | File | `/index.php?c=install&m=index&step=2&is_install_db=0` | High
52 | ... | ... | ...
5 | File | `/add_members.php` | High
6 | File | `/admin.php` | Medium
7 | File | `/admin/` | Low
8 | File | `/admin/action/new-feed.php` | High
9 | File | `/admin/adminHome.php` | High
10 | File | `/admin/book_add.php` | High
11 | File | `/admin/content/data` | High
12 | File | `/admin/courses/view_course.php` | High
13 | File | `/admin/database/backup` | High
14 | File | `/admin/file/edit.do` | High
15 | File | `/admin/index.php?act=reset_admin_psw` | High
16 | File | `/admin/list_onlineuser.php` | High
17 | File | `/admin/reports/index.php` | High
18 | File | `/admin/users.php` | High
19 | File | `/admin/users_photo.php` | High
20 | File | `/adminapi/system/crud` | High
21 | File | `/adminpanel/admin/facebox_modal/updateExaminee.php` | High
22 | File | `/api.php` | Medium
23 | File | `/api/blade-user/export-user` | High
24 | File | `/api/email/update` | High
25 | File | `/application/index/controller/File.php` | High
26 | File | `/application/index/controller/Icon.php` | High
27 | File | `/apps/system/router/upload.go` | High
28 | File | `/Attachment/fromImageUrl` | High
29 | File | `/b2b-supermarket/catalog/all-products` | High
30 | File | `/b2b-supermarket/shopping-cart` | High
31 | File | `/bin/boa` | Medium
32 | File | `/catalog/compare` | High
33 | File | `/cgi-bin/cstecgi.cgi` | High
34 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
35 | File | `/cgi-bin/wlogin.cgi` | High
36 | File | `/classes/Master.php? f=save_medicine` | High
37 | File | `/classes/Users.php?f=save` | High
38 | File | `/clinic/disease_symptoms_view.php` | High
39 | File | `/common/log/list` | High
40 | File | `/content/list.do` | High
41 | File | `/controller/company/Index.php#sendCompanyLogo` | High
42 | File | `/cupseasylive/costcentermodify.php` | High
43 | File | `/cupseasylive/itemmodify.php` | High
44 | File | `/cupseasylive/statelist.php` | High
45 | File | `/cupseasylive/stockissuancecreate.php` | High
46 | File | `/cupseasylive/taxstructurelinecreate.php` | High
47 | File | `/dataset/new` | Medium
48 | File | `/dede/catalog_del.php` | High
49 | File | `/devinfo` | Medium
50 | ... | ... | ...
There are 456 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 434 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Bandook/README.md
View File

@ -40,7 +40,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High

216
actors/Bashlite/README.md
View File

@ -125,70 +125,76 @@ ID | IP address | Hostname | Campaign | Confidence
102 | [41.216.182.144](https://vuldb.com/?ip.41.216.182.144) | - | - | High
103 | [41.216.182.203](https://vuldb.com/?ip.41.216.182.203) | - | - | High
104 | [41.216.182.214](https://vuldb.com/?ip.41.216.182.214) | - | - | High
105 | [43.153.37.45](https://vuldb.com/?ip.43.153.37.45) | - | - | High
106 | [43.204.217.160](https://vuldb.com/?ip.43.204.217.160) | ec2-43-204-217-160.ap-south-1.compute.amazonaws.com | - | Medium
107 | [45.9.168.102](https://vuldb.com/?ip.45.9.168.102) | - | - | High
108 | [45.11.181.37](https://vuldb.com/?ip.45.11.181.37) | - | - | High
109 | [45.12.253.38](https://vuldb.com/?ip.45.12.253.38) | - | - | High
110 | [45.14.226.72](https://vuldb.com/?ip.45.14.226.72) | hml03.pugginesl.info | - | High
111 | [45.32.202.111](https://vuldb.com/?ip.45.32.202.111) | 45.32.202.111.vultrusercontent.com | - | High
112 | [45.33.63.122](https://vuldb.com/?ip.45.33.63.122) | 45-33-63-122.ip.linodeusercontent.com | - | High
113 | [45.56.96.91](https://vuldb.com/?ip.45.56.96.91) | 45-56-96-91.ip.linodeusercontent.com | - | High
114 | [45.61.144.146](https://vuldb.com/?ip.45.61.144.146) | - | - | High
115 | [45.61.184.126](https://vuldb.com/?ip.45.61.184.126) | - | - | High
116 | [45.61.186.4](https://vuldb.com/?ip.45.61.186.4) | - | - | High
117 | [45.61.187.108](https://vuldb.com/?ip.45.61.187.108) | sayonara.hp | - | High
118 | [45.61.188.118](https://vuldb.com/?ip.45.61.188.118) | ms2.hostwithlove.com | - | High
119 | [45.61.188.150](https://vuldb.com/?ip.45.61.188.150) | - | - | High
120 | [45.61.188.220](https://vuldb.com/?ip.45.61.188.220) | - | - | High
121 | [45.66.230.89](https://vuldb.com/?ip.45.66.230.89) | - | - | High
122 | [45.66.230.173](https://vuldb.com/?ip.45.66.230.173) | - | - | High
123 | [45.76.253.113](https://vuldb.com/?ip.45.76.253.113) | 45.76.253.113.vultrusercontent.com | - | High
124 | [45.77.46.118](https://vuldb.com/?ip.45.77.46.118) | 8.8.8.8.google.com | - | High
125 | [45.79.127.90](https://vuldb.com/?ip.45.79.127.90) | 45-79-127-90.ip.linodeusercontent.com | - | High
126 | [45.79.207.123](https://vuldb.com/?ip.45.79.207.123) | se1.izlae.com | - | High
127 | [45.81.39.172](https://vuldb.com/?ip.45.81.39.172) | - | - | High
128 | [45.81.234.229](https://vuldb.com/?ip.45.81.234.229) | 45.81.234.229.mc-host24.de | - | High
129 | [45.85.90.172](https://vuldb.com/?ip.45.85.90.172) | lanenap.sa.com | - | High
130 | [45.88.66.177](https://vuldb.com/?ip.45.88.66.177) | - | - | High
131 | [45.90.12.75](https://vuldb.com/?ip.45.90.12.75) | hosted-by.royalehosting.net | - | High
132 | [45.90.14.172](https://vuldb.com/?ip.45.90.14.172) | chivalrous.acquiretm.com | - | High
133 | [45.90.160.173](https://vuldb.com/?ip.45.90.160.173) | - | - | High
134 | [45.90.161.73](https://vuldb.com/?ip.45.90.161.73) | - | - | High
135 | [45.90.161.92](https://vuldb.com/?ip.45.90.161.92) | - | - | High
136 | [45.90.162.184](https://vuldb.com/?ip.45.90.162.184) | - | - | High
137 | [45.90.217.165](https://vuldb.com/?ip.45.90.217.165) | vm2572743.firstbyte.club | - | High
138 | [45.95.55.54](https://vuldb.com/?ip.45.95.55.54) | flyhosting.de | - | High
139 | [45.95.55.232](https://vuldb.com/?ip.45.95.55.232) | flyhosting.de | - | High
140 | [45.95.146.38](https://vuldb.com/?ip.45.95.146.38) | host0.aceblackjack.site | - | High
141 | [45.95.147.204](https://vuldb.com/?ip.45.95.147.204) | twne.wesubmityours.com | - | High
142 | [45.95.169.102](https://vuldb.com/?ip.45.95.169.102) | - | - | High
143 | [45.95.169.103](https://vuldb.com/?ip.45.95.169.103) | - | - | High
144 | [45.95.169.115](https://vuldb.com/?ip.45.95.169.115) | - | - | High
145 | [45.95.169.119](https://vuldb.com/?ip.45.95.169.119) | 0mrn.hitoritabifans.com | - | High
146 | [45.95.169.133](https://vuldb.com/?ip.45.95.169.133) | - | - | High
147 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
148 | [45.128.153.154](https://vuldb.com/?ip.45.128.153.154) | - | - | High
149 | [45.128.232.144](https://vuldb.com/?ip.45.128.232.144) | 144.232.128.45.pfcloud.io | - | High
150 | [45.128.232.180](https://vuldb.com/?ip.45.128.232.180) | - | - | High
151 | [45.128.232.240](https://vuldb.com/?ip.45.128.232.240) | 240.232.128.45.pfcloud.io | - | High
152 | [45.128.234.72](https://vuldb.com/?ip.45.128.234.72) | - | - | High
153 | [45.132.88.184](https://vuldb.com/?ip.45.132.88.184) | 45.132.88.184.mc-host24.de | - | High
154 | [45.134.10.88](https://vuldb.com/?ip.45.134.10.88) | hosted-by.infraly.co | - | High
155 | [45.134.11.110](https://vuldb.com/?ip.45.134.11.110) | mail.knowallthings.com | - | High
156 | [45.137.206.188](https://vuldb.com/?ip.45.137.206.188) | hosted-by.varixx.org | - | High
157 | [45.140.188.33](https://vuldb.com/?ip.45.140.188.33) | hosted-by.royalehosting.net | - | High
158 | [45.140.188.40](https://vuldb.com/?ip.45.140.188.40) | minrow.populatively.com | - | High
159 | [45.140.188.109](https://vuldb.com/?ip.45.140.188.109) | hosted-by.royalehosting.net | - | High
160 | [45.141.239.114](https://vuldb.com/?ip.45.141.239.114) | - | - | High
161 | [45.142.107.167](https://vuldb.com/?ip.45.142.107.167) | tube-hosting.com | - | High
162 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
163 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
164 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
165 | [45.148.10.76](https://vuldb.com/?ip.45.148.10.76) | - | - | High
166 | ... | ... | ... | ...
105 | [41.216.182.215](https://vuldb.com/?ip.41.216.182.215) | - | - | High
106 | [43.153.37.45](https://vuldb.com/?ip.43.153.37.45) | - | - | High
107 | [43.204.217.160](https://vuldb.com/?ip.43.204.217.160) | ec2-43-204-217-160.ap-south-1.compute.amazonaws.com | - | Medium
108 | [45.9.168.102](https://vuldb.com/?ip.45.9.168.102) | - | - | High
109 | [45.11.181.37](https://vuldb.com/?ip.45.11.181.37) | - | - | High
110 | [45.12.253.38](https://vuldb.com/?ip.45.12.253.38) | - | - | High
111 | [45.14.226.72](https://vuldb.com/?ip.45.14.226.72) | hml03.pugginesl.info | - | High
112 | [45.32.202.111](https://vuldb.com/?ip.45.32.202.111) | 45.32.202.111.vultrusercontent.com | - | High
113 | [45.33.63.122](https://vuldb.com/?ip.45.33.63.122) | 45-33-63-122.ip.linodeusercontent.com | - | High
114 | [45.56.96.91](https://vuldb.com/?ip.45.56.96.91) | 45-56-96-91.ip.linodeusercontent.com | - | High
115 | [45.61.144.146](https://vuldb.com/?ip.45.61.144.146) | - | - | High
116 | [45.61.184.126](https://vuldb.com/?ip.45.61.184.126) | - | - | High
117 | [45.61.186.4](https://vuldb.com/?ip.45.61.186.4) | - | - | High
118 | [45.61.187.108](https://vuldb.com/?ip.45.61.187.108) | sayonara.hp | - | High
119 | [45.61.188.118](https://vuldb.com/?ip.45.61.188.118) | ms2.hostwithlove.com | - | High
120 | [45.61.188.150](https://vuldb.com/?ip.45.61.188.150) | - | - | High
121 | [45.61.188.220](https://vuldb.com/?ip.45.61.188.220) | - | - | High
122 | [45.66.230.89](https://vuldb.com/?ip.45.66.230.89) | - | - | High
123 | [45.66.230.173](https://vuldb.com/?ip.45.66.230.173) | - | - | High
124 | [45.76.253.113](https://vuldb.com/?ip.45.76.253.113) | 45.76.253.113.vultrusercontent.com | - | High
125 | [45.77.46.118](https://vuldb.com/?ip.45.77.46.118) | 8.8.8.8.google.com | - | High
126 | [45.79.127.90](https://vuldb.com/?ip.45.79.127.90) | 45-79-127-90.ip.linodeusercontent.com | - | High
127 | [45.79.207.123](https://vuldb.com/?ip.45.79.207.123) | se1.izlae.com | - | High
128 | [45.81.39.172](https://vuldb.com/?ip.45.81.39.172) | - | - | High
129 | [45.81.234.229](https://vuldb.com/?ip.45.81.234.229) | 45.81.234.229.mc-host24.de | - | High
130 | [45.85.90.172](https://vuldb.com/?ip.45.85.90.172) | lanenap.sa.com | - | High
131 | [45.86.86.217](https://vuldb.com/?ip.45.86.86.217) | ruby.9.com | - | High
132 | [45.88.66.177](https://vuldb.com/?ip.45.88.66.177) | - | - | High
133 | [45.90.12.75](https://vuldb.com/?ip.45.90.12.75) | hosted-by.royalehosting.net | - | High
134 | [45.90.14.172](https://vuldb.com/?ip.45.90.14.172) | chivalrous.acquiretm.com | - | High
135 | [45.90.160.173](https://vuldb.com/?ip.45.90.160.173) | - | - | High
136 | [45.90.161.73](https://vuldb.com/?ip.45.90.161.73) | - | - | High
137 | [45.90.161.92](https://vuldb.com/?ip.45.90.161.92) | - | - | High
138 | [45.90.162.184](https://vuldb.com/?ip.45.90.162.184) | - | - | High
139 | [45.90.217.165](https://vuldb.com/?ip.45.90.217.165) | vm2572743.firstbyte.club | - | High
140 | [45.95.55.54](https://vuldb.com/?ip.45.95.55.54) | flyhosting.de | - | High
141 | [45.95.55.232](https://vuldb.com/?ip.45.95.55.232) | flyhosting.de | - | High
142 | [45.95.146.38](https://vuldb.com/?ip.45.95.146.38) | host0.aceblackjack.site | - | High
143 | [45.95.147.204](https://vuldb.com/?ip.45.95.147.204) | twne.wesubmityours.com | - | High
144 | [45.95.169.102](https://vuldb.com/?ip.45.95.169.102) | - | - | High
145 | [45.95.169.103](https://vuldb.com/?ip.45.95.169.103) | - | - | High
146 | [45.95.169.115](https://vuldb.com/?ip.45.95.169.115) | - | - | High
147 | [45.95.169.119](https://vuldb.com/?ip.45.95.169.119) | 0mrn.hitoritabifans.com | - | High
148 | [45.95.169.133](https://vuldb.com/?ip.45.95.169.133) | - | - | High
149 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
150 | [45.128.153.154](https://vuldb.com/?ip.45.128.153.154) | - | - | High
151 | [45.128.232.144](https://vuldb.com/?ip.45.128.232.144) | 144.232.128.45.pfcloud.io | - | High
152 | [45.128.232.180](https://vuldb.com/?ip.45.128.232.180) | - | - | High
153 | [45.128.232.240](https://vuldb.com/?ip.45.128.232.240) | 240.232.128.45.pfcloud.io | - | High
154 | [45.128.232.250](https://vuldb.com/?ip.45.128.232.250) | - | - | High
155 | [45.128.234.72](https://vuldb.com/?ip.45.128.234.72) | - | - | High
156 | [45.131.108.174](https://vuldb.com/?ip.45.131.108.174) | tube-hosting.com | - | High
157 | [45.131.111.159](https://vuldb.com/?ip.45.131.111.159) | tube-hosting.com | - | High
158 | [45.132.88.184](https://vuldb.com/?ip.45.132.88.184) | 45.132.88.184.mc-host24.de | - | High
159 | [45.134.10.88](https://vuldb.com/?ip.45.134.10.88) | hosted-by.infraly.co | - | High
160 | [45.134.11.110](https://vuldb.com/?ip.45.134.11.110) | mail.knowallthings.com | - | High
161 | [45.137.206.188](https://vuldb.com/?ip.45.137.206.188) | hosted-by.varixx.org | - | High
162 | [45.140.188.33](https://vuldb.com/?ip.45.140.188.33) | hosted-by.royalehosting.net | - | High
163 | [45.140.188.40](https://vuldb.com/?ip.45.140.188.40) | minrow.populatively.com | - | High
164 | [45.140.188.109](https://vuldb.com/?ip.45.140.188.109) | hosted-by.royalehosting.net | - | High
165 | [45.140.188.133](https://vuldb.com/?ip.45.140.188.133) | hosted-by.royalehosting.net | - | High
166 | [45.141.239.114](https://vuldb.com/?ip.45.141.239.114) | - | - | High
167 | [45.142.107.167](https://vuldb.com/?ip.45.142.107.167) | tube-hosting.com | - | High
168 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
169 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
170 | [45.145.42.90](https://vuldb.com/?ip.45.145.42.90) | - | - | High
171 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
172 | ... | ... | ... | ...
There are 659 more IOC items available. Please use our online service to access the data.
There are 683 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -198,12 +204,13 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
7 | ... | ... | ... | ...
There are 21 more TTP items available. Please use our online service to access the data.
There are 22 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -213,22 +220,22 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `//proc/kcore` | Medium
2 | File | `/admin/action/delete-vaccine.php` | High
3 | File | `/admin/controller/JobLogController.java` | High
4 | File | `/admin/index2.html` | High
5 | File | `/api/clusters/local/topics/{topic}/messages` | High
6 | File | `/api/stl/actions/search` | High
7 | File | `/api/sys/login` | High
8 | File | `/api/sys/set_passwd` | High
9 | File | `/api/trackedEntityInstances` | High
10 | File | `/app/index/controller/Common.php` | High
11 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
12 | File | `/aux` | Low
13 | File | `/bitrix/admin/ldap_server_edit.php` | High
14 | File | `/changePassword` | High
15 | File | `/cupseasylive/companymodify.php` | High
16 | File | `/cupseasylive/grnprint.php` | High
17 | File | `/cupseasylive/stockissuancelinecreate.php` | High
18 | File | `/dashboard/add-blog.php` | High
3 | File | `/admin/application-bwdates-reports-details.php` | High
4 | File | `/admin/controller/JobLogController.java` | High
5 | File | `/admin/index2.html` | High
6 | File | `/api/clusters/local/topics/{topic}/messages` | High
7 | File | `/api/stl/actions/search` | High
8 | File | `/api/sys/login` | High
9 | File | `/api/sys/set_passwd` | High
10 | File | `/api/trackedEntityInstances` | High
11 | File | `/app/index/controller/Common.php` | High
12 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
13 | File | `/aux` | Low
14 | File | `/bitrix/admin/ldap_server_edit.php` | High
15 | File | `/changePassword` | High
16 | File | `/cupseasylive/companymodify.php` | High
17 | File | `/cupseasylive/grnprint.php` | High
18 | File | `/cupseasylive/stockissuancelinecreate.php` | High
19 | File | `/dashboard?controller=UserCollection::createUser` | High
20 | File | `/data/remove` | Medium
21 | File | `/debug/pprof` | Medium
@ -238,21 +245,22 @@ ID | Type | Indicator | Confidence
25 | File | `/forms/doLogin` | High
26 | File | `/forum/away.php` | High
27 | File | `/goform/net\_Web\_get_value` | High
28 | File | `/GponForm/usb_restore_Form?script/` | High
29 | File | `/group1/uploa` | High
30 | File | `/hedwig.cgi` | Medium
31 | File | `/inc/parser/xhtml.php` | High
32 | File | `/index.php` | Medium
33 | File | `/investigation/delete/` | High
34 | File | `/listplace/user/ticket/create` | High
35 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
36 | File | `/mhds/clinic/view_details.php` | High
37 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
38 | File | `/novel/author/list` | High
39 | File | `/php/ping.php` | High
40 | ... | ... | ...
28 | File | `/hedwig.cgi` | Medium
29 | File | `/index.php` | Medium
30 | File | `/investigation/delete/` | High
31 | File | `/listplace/user/ticket/create` | High
32 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
33 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
34 | File | `/novel/author/list` | High
35 | File | `/offersmail.php` | High
36 | File | `/patient/appointment.php` | High
37 | File | `/php/ping.php` | High
38 | File | `/plugin` | Low
39 | File | `/prescription/prescription/delete/` | High
40 | File | `/pro/common/download` | High
41 | ... | ... | ...
There are 346 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 350 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -306,13 +314,16 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/1f2636846e62666db1b2248e4afa0ef36de166ba6a86675747ce542411787c23/
* https://bazaar.abuse.ch/sample/2a147a66c31446d534bf3579392beb39686b4cf367855f26fb1579aadaa61c32/
* https://bazaar.abuse.ch/sample/2abf6060c8a61d7379adfb8218b56003765c1a1e701b346556ca5d53068892a5/
* https://bazaar.abuse.ch/sample/2af71062bcf8204058ae416e2ebea7076de537e96be172a987ec03d1193aaa17/
* https://bazaar.abuse.ch/sample/2b318c6894e66a3e8f3abe92eaf92b181fbc4b41998ce6a2081b72582bf8b773/
* https://bazaar.abuse.ch/sample/2c123b50067d4cd49a46dfe25792ebe94fa4e3369b7c18c16671fe956969e94e/
* https://bazaar.abuse.ch/sample/2c13615067dbb9fb33ad8db11641b976216643cb7d281e669c66c26fb87f9b61/
* https://bazaar.abuse.ch/sample/2ce5eb2235aaf5476213a6dcdc7627524fd9a134b81dfda3e857b24f300ccc6d/
* https://bazaar.abuse.ch/sample/2d03db6f0385daa22cfad822ea28628e9aeebdbacf8d7705a3bbdfcec722b6f6/
* https://bazaar.abuse.ch/sample/2d6256195e69211ca127ab2cc2ac840b7f2f5a00f1426c59e80defa3d9d26ccc/
* https://bazaar.abuse.ch/sample/2dac6fba3257f49de83c60c8f5bfe22d1ee69499195c10e48473ebb5913fc44c/
* https://bazaar.abuse.ch/sample/2dbf49d7e7f4af3771586c567c979e99031f15517e79535a803b35bab3ced081/
* https://bazaar.abuse.ch/sample/2e62d5939a9ebb27a43725afd830c6ce949ae19d254dc71f64cb3ac8debbf9b2/
* https://bazaar.abuse.ch/sample/2e65d809310b06f59bf024064e38422f87f24d155ef138fead9331b933523985/
* https://bazaar.abuse.ch/sample/2fefbe620c48fb6a7f0c9ad1ef7ef611c04e2313541bdcbbb99331d8eb6d94b1/
* https://bazaar.abuse.ch/sample/3a6b41be1b98631a69f546861b057512ec0c3752cdd2a359eeee845125dd953f/
@ -327,6 +338,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/3cfda97c1dcfc6d16378eabf2cf841058e1785cc3b4aec0a0715dd0c0f6f0bfd/
* https://bazaar.abuse.ch/sample/3d6bb8ca5062565c1dc4673966dad0630f3d1843af4561290966b0c6459ca42e/
* https://bazaar.abuse.ch/sample/3d84abd3a6772c24ccaa6e31d079651bfae5e9c732457f5ac4a9277f10bc0759/
* https://bazaar.abuse.ch/sample/3d7665a09dee80849c12cb8f9b91e77c233393e359c37a8902608ede6103fb81/
* https://bazaar.abuse.ch/sample/3dcb0c6b7e992ae1e620e14b369c97e4f244be55eb2370fc22cc29b0da5573a7/
* https://bazaar.abuse.ch/sample/3e3b992d11ec46fa3b662b06ca69cb89db2ed72f10a4993b17193e189fc8ab00/
* https://bazaar.abuse.ch/sample/3ee4cf5e3095dcaff4f2cbb218b8e1f99d295fa3c45054ada052ef17d3f51ff0/
@ -386,6 +398,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/8c55851ca920533baf36b529bc0dde320630234f9e2f10395be7c4262e03d3b6/
* https://bazaar.abuse.ch/sample/8ce82806ab6b604dca17051bf30d96f6ddd8c09067ad0dcb3abf0b4587566584/
* https://bazaar.abuse.ch/sample/8d11aac643d27f90e7e53b84fdad477d6514c039cde8a00ef08a5e709576630b/
* https://bazaar.abuse.ch/sample/8d553ff62bd1be7ecebba6056aea5d11b9ebf15b98ae0ec1959ab427789e8c77/
* https://bazaar.abuse.ch/sample/8eeb01b0963485edba1736a7a03f41b88c11ee9c5a70a2c761156e7f1381b9cd/
* https://bazaar.abuse.ch/sample/8f6a2c5d17f924af5435f1d6c42d7af0cbf208fc0296184f1e95e79125cd6e17/
* https://bazaar.abuse.ch/sample/8f24d9c22274b4ecfc02d537ba92f4337d94661586177b8222570e081beb3725/
@ -426,6 +439,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/34c1646e2d0c27eaecb515e7b3d880a8eb0d548286d99e8460a37959b43ec7aa/
* https://bazaar.abuse.ch/sample/37af44d4dbb8656c9669513a11df3069a29049af90335526c228823e0037fe0c/
* https://bazaar.abuse.ch/sample/38ad5d96d0131e80d496614a56ed5e1969b35a43b96f539d4426103ee75e8b0f/
* https://bazaar.abuse.ch/sample/38d5ebcba2cd118391cd3644f80228999407f5934c82fecd5d595bace4d5e4f6/
* https://bazaar.abuse.ch/sample/39f11f89c1654b2002937576a85768490311dc219540a36d93eefd6f6843e054/
* https://bazaar.abuse.ch/sample/40b36c5eedcc4b2172079c924ed8b63b7a8f8cf7dc9e4cabb2ae391a62ef18d6/
* https://bazaar.abuse.ch/sample/42cf396d7f01e7e2e0f7dc7935b752042903f7eb8ba5bd104252555933411a3b/
@ -470,6 +484,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/87b3cf10688d27102a17368c7c97138f630ad13fdb6de21e4d10b12ed53ca532/
* https://bazaar.abuse.ch/sample/87c2f50b4415ec22c5e13f5ea96e794fc66c66abf9752f0b85299dc49b2b032b/
* https://bazaar.abuse.ch/sample/87ef4750e85c5d9e14ab78db941f502f849ef85ee901caa029edd63921d2b879/
* https://bazaar.abuse.ch/sample/88dcd2298706561f57f652a37d1d4466d29ca7c6f516c62173798560b3a855fa/
* https://bazaar.abuse.ch/sample/91a16c3faa57d4cf04e693e2e194277a061f799d6e7d3a226bd92c37b2184c6e/
* https://bazaar.abuse.ch/sample/92d80764c80bf0c2ecedb1c7dbf0295c130434a8910180f94681482f8b7ec572/
* https://bazaar.abuse.ch/sample/93b2fb60ef28f0d556de3d3f47789e641877c389cbd8b1cfae5ceff2db3646c9/
@ -558,6 +573,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/46294fe4ddda7ca07d864c09b283c8af8a7cb8b110fafb60777b6ddbe13c2e72/
* https://bazaar.abuse.ch/sample/50381f61ef742cf02fae1e58bfcfeb74d8607b532e995db6d006133fdd49c951/
* https://bazaar.abuse.ch/sample/54650b8f4f3b28f4a2f8a75cfa4818a165a310663754acf76b82091f7617cd58/
* https://bazaar.abuse.ch/sample/65876a34cb0c65677f519a348f22516e51f2d39ebe69017e48649d361192d8bb/
* https://bazaar.abuse.ch/sample/66632e6d199007078cea7202c53f018eb2910dad4b642fc9af1ca3791ad2bb9b/
* https://bazaar.abuse.ch/sample/70666b157f62fb87ff8f4da5bb6e16d462ad80b3bdf708579778cf1efba57ce1/
* https://bazaar.abuse.ch/sample/77318d8306ef6856ed333833622ed55f4560fb0e945432d64dd8bf3a8d05d4b5/
@ -610,6 +626,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/a128a62d2290a71183bcb46e10cf300c1ce2182ed74be355bb270145012cd163/
* https://bazaar.abuse.ch/sample/a280f0feec3658eb9438564ea791ceb7bfccf134133cfcd1f8386fcd371848db/
* https://bazaar.abuse.ch/sample/a322ebbb0d7ce281198df18d5a79eb638fc29c18e15c700d5bbc21c86dfd0cfc/
* https://bazaar.abuse.ch/sample/a364a3aa26a9f1ec756006c3aec6bf871efeefc3799f24a32317ee358a107c5a/
* https://bazaar.abuse.ch/sample/a411b1b76cc788135969ec141e5e0d7c29870234fda6b66802d5a62cf1cc8454/
* https://bazaar.abuse.ch/sample/a809ffcdf246527ce3c76173fb4f11ff82c01f2b90b936a41ce1f209430a8a1c/
* https://bazaar.abuse.ch/sample/a3920a9315258284fe20bbb5525527f1d0ff1e4c656c72703a3a566f8eb42d93/
@ -650,6 +667,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/b430758efac32310030daa8a459369826753cb65367489e35a7bfc978511c2b8/
* https://bazaar.abuse.ch/sample/b834031099391abd42f95f8015f800844d6ea957031e8119bf6d01a186d2b4d3/
* https://bazaar.abuse.ch/sample/ba79cf9aec445aad98d9ba7ad8f85f5a8f8617c8482ed8913f725f10b2942b42/
* https://bazaar.abuse.ch/sample/ba8261ade04d4cc5f9181b90d7db845c64258d3164cdda7d88004afb3ac86dd4/
* https://bazaar.abuse.ch/sample/bb7ac2ba0dea3b0ac95a9f76a8c52df6dac96dbb2c8506e0708524f1b57ac88c/
* https://bazaar.abuse.ch/sample/bb8ad39a7dbd454077bd7c920ea621ca42ddfdcc13b2330cb4d912572a45c320/
* https://bazaar.abuse.ch/sample/bbd0f0b8c5440c362fb7cf52086a9f9e01b1eed018b5d5b9d7eb75f1eedb2b28/
@ -721,6 +739,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/dad61a731ad2f7c1e58408e0a0d33dc88eb974b226dbd2468b7369bfe097aa71/
* https://bazaar.abuse.ch/sample/db2d1011aec87e11064993e763623a4f420974b36920bde96d23deea4cbc5c0c/
* https://bazaar.abuse.ch/sample/db4ce9d1f6911a5f90c7272b2a90b6e3c7d7b5af75ee3a53395b0591e39c94af/
* https://bazaar.abuse.ch/sample/db61ec9bd79ea5b28c34181e27a7ffdf9015804be65ac18d898a99b87f8df782/
* https://bazaar.abuse.ch/sample/db6207e5859614ee43cd64bd528b0c3ef61be4a8224b0eca48eedb2304c530d4/
* https://bazaar.abuse.ch/sample/dbd864147c9adf7522c49647d962cd8532383651f14d5e729a7754d7e6ccf517/
* https://bazaar.abuse.ch/sample/dc30e6500ebcf937a237d027acdd40c2dd68741b4f40a9523196ee82eb13e3c3/
@ -755,14 +774,19 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/eafb8b10d4cf9d73403317cb0589635bdf368c9b82296584d8d7540932dcbbce/
* https://bazaar.abuse.ch/sample/eb622685954a909562a88de7c871008acb80ca86d160b9f664d69d640ce2a2e6/
* https://bazaar.abuse.ch/sample/ece244bb690c63c0224f9725083a80ae2ca3620bcd3e3fcceab3eb2e115f0cb2/
* https://bazaar.abuse.ch/sample/ecf1fab2bccfe8fee997fe363a75b09f2924516bd0e58d12af6663b6d0578728/
* https://bazaar.abuse.ch/sample/ecf26f7ce7d13fada8e0cc2d7eabb81735f014635cd935954f8dd0fe35a4c26c/
* https://bazaar.abuse.ch/sample/ed6f9f27804d4690271012bcf4b5e79db40dced6502811440d47881733d2d093/
* https://bazaar.abuse.ch/sample/ed33c8c9ed0f40b53dffcd84d8c0df5dccd2db9953661c16f743c2f9d595591f/
* https://bazaar.abuse.ch/sample/ee52c16d53e08af2aba541cab956748b9c0d185a33256ef4bf95a2268f40f209/
* https://bazaar.abuse.ch/sample/ef54ddea14ac1d94c225f5873d19f8fcea27bdb14f5173018d544b4adb41026e/
* https://bazaar.abuse.ch/sample/efece9b29e3eda87a2b39ebcc4cd7b0a1813f727d47394477ff99f579e76d36f/
* https://bazaar.abuse.ch/sample/f0215ec4ae290d9b263054e4b36ae3d92b127f76a2afa7d793623835943c1d6f/
* https://bazaar.abuse.ch/sample/f0479dda24538651043306bfdc8dfb0e016ad457944d54d8952a69cabb261cb0/
* https://bazaar.abuse.ch/sample/f2ae4034297bc8e03be9387b1815522b7cf07076b4be1a06f0d3039e45e96f60/
* https://bazaar.abuse.ch/sample/f4c9bff4713ab599f795c5da87e9b681a627c60dd196ca5e32ff28afc7381915/
* https://bazaar.abuse.ch/sample/f4dab2988f0e2d3b84f1b9ec7467eed650d42f5300d24eb37b8d6ed09a25c35f/
* https://bazaar.abuse.ch/sample/f6c1d0a2f5a8c67a949c6be2fc5a41a9ead3378c119ea9d5f87c8845e30396e0/
* https://bazaar.abuse.ch/sample/f7a2abbfd146528c5de8cd1986581d0e163a802820d76b927d22cbb8e9f492c9/
* https://bazaar.abuse.ch/sample/f9b4d0aa926b74ddd408433a30f19376b5d8844d011eb832ef8abb4fde8d1015/
* https://bazaar.abuse.ch/sample/f10edcdb6065a39ba6190227fce7cf6f5349e41e9e4f73fe07312e763ca58067/

28
actors/BazarLoader/README.md
View File

@ -84,22 +84,22 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/api` | Low
2 | File | `/api/sys_username_passwd.cmd` | High
3 | File | `/forum/away.php` | High
4 | File | `/home/cavesConsole` | High
5 | File | `/inc/parser/xhtml.php` | High
6 | File | `/include/makecvs.php` | High
7 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
8 | File | `/requests.php` | High
9 | File | `/usr/local/psa/admin/sbin/wrapper` | High
10 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
11 | File | `add.php` | Low
12 | File | `admin/admin.shtml` | High
13 | File | `AdminOrdercontroller.java` | High
1 | File | `//proc/kcore` | Medium
2 | File | `/api` | Low
3 | File | `/api/sys_username_passwd.cmd` | High
4 | File | `/forum/away.php` | High
5 | File | `/home/cavesConsole` | High
6 | File | `/inc/parser/xhtml.php` | High
7 | File | `/include/makecvs.php` | High
8 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
9 | File | `/requests.php` | High
10 | File | `/usr/local/psa/admin/sbin/wrapper` | High
11 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
12 | File | `add.php` | Low
13 | File | `admin/admin.shtml` | High
14 | ... | ... | ...
There are 114 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

221
actors/BeamWinHTTP/README.md
View File

@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BeamWinHTTP:
* [US](https://vuldb.com/?country.us)
* [AR](https://vuldb.com/?country.ar)
* [PT](https://vuldb.com/?country.pt)
* [IT](https://vuldb.com/?country.it)
* ...
There are 1 more country items available. Please use our online service to access the data.
There are 5 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -21,8 +21,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [37.0.8.39](https://vuldb.com/?ip.37.0.8.39) | - | - | High
2 | [212.192.246.217](https://vuldb.com/?ip.212.192.246.217) | - | - | High
1 | [2.56.59.42](https://vuldb.com/?ip.2.56.59.42) | - | - | High
2 | [31.210.20.251](https://vuldb.com/?ip.31.210.20.251) | - | - | High
3 | [37.0.8.39](https://vuldb.com/?ip.37.0.8.39) | - | - | High
4 | ... | ... | ... | ...
There are 14 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -31,12 +35,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 14 more TTP items available. Please use our online service to access the data.
There are 19 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -44,109 +49,117 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/about.php` | Medium
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/admin.php` | Medium
3 | File | `/admin/doctors/view_doctor.php` | High
4 | File | `/admin/modules/bibliography/index.php` | High
5 | File | `/admin/students/manage.php` | High
6 | File | `/adminlogin.asp` | High
7 | File | `/app/controller/Books.php` | High
8 | File | `/aqpg/users/login.php` | High
9 | File | `/controller/Index.php` | High
10 | File | `/coreframe/app/content/admin/content.php` | High
11 | File | `/dev/audio` | Medium
12 | File | `/dl/dl_print.php` | High
13 | File | `/etc/crash` | Medium
14 | File | `/etc/master.passwd` | High
15 | File | `/etc/passwd` | Medium
16 | File | `/goform/AddSysLogRule` | High
17 | File | `/goform/WifiBasicSet` | High
18 | File | `/Hospital-Management-System-master/contact.php` | High
19 | File | `/include/friends.inc.php` | High
20 | File | `/index.php?module=configuration/application` | High
21 | File | `/kruxton/receipt.php` | High
22 | File | `/members/view_member.php` | High
23 | File | `/services/view_service.php` | High
24 | File | `/servlet/webacc` | High
25 | File | `/sitemagic/upgrade.php` | High
26 | File | `/userui/ticket_list.php` | High
27 | File | `/usr/5bin/su` | Medium
28 | File | `/wp-admin/options-general.php` | High
29 | File | `/zm/index.php` | High
30 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
31 | File | `abook_database.php` | High
32 | File | `accounts/inc/include.php` | High
33 | File | `adaptive-images-script.php` | High
34 | File | `additem.asp` | Medium
35 | File | `adherents/subscription/info.php` | High
36 | File | `admin.asp` | Medium
37 | File | `admin.php` | Medium
38 | File | `admin/admin.php` | High
39 | File | `admin/admin_users.php` | High
40 | File | `admin/article_save.php` | High
41 | File | `admin/general.php` | High
42 | File | `admin/header.php` | High
43 | File | `admin/inc/change_action.php` | High
44 | File | `admin/index.php` | High
45 | File | `admin/info.php` | High
46 | File | `admin/login.asp` | High
47 | File | `admin/manage-comments.php` | High
48 | File | `admin/manage-news.php` | High
49 | File | `admin/plugin-settings.php` | High
50 | File | `admin/specials.php` | High
51 | File | `admin:de` | Medium
52 | File | `admincp/auth/checklogin.php` | High
53 | File | `admincp/auth/secure.php` | High
54 | File | `administrator/components/com_media/helpers/media.php` | High
55 | File | `administrator/index.php` | High
56 | File | `admin_login.asp` | High
57 | File | `ajax_url.php` | Medium
58 | File | `album_portal.php` | High
59 | File | `al_initialize.php` | High
60 | File | `anjel.index.php` | High
61 | File | `annonces-p-f.php` | High
62 | File | `announce.php` | Medium
63 | File | `announcement.php` | High
64 | File | `announcements.php` | High
65 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
66 | File | `application/config/config.php` | High
67 | File | `application/controllers/basedata/inventory.php` | High
68 | File | `apply.cgi` | Medium
69 | File | `apps/app_article/controller/rating.php` | High
70 | File | `article.php` | Medium
71 | File | `articles.php` | Medium
72 | File | `artikel_anzeige.php` | High
73 | File | `AudioFlinger.cpp` | High
74 | File | `auktion.cgi` | Medium
75 | File | `auth.php` | Medium
76 | File | `authfiles/login.asp` | High
77 | File | `basket.php` | Medium
78 | File | `books.php` | Medium
79 | File | `browse-category.php` | High
80 | File | `browse.php` | Medium
81 | File | `browse_videos.php` | High
82 | File | `BrudaNews/BrudaGB` | High
83 | File | `bwlist_inc.html` | High
84 | File | `calendar.php` | Medium
85 | File | `callme_page.php` | High
86 | File | `cart.php` | Medium
87 | File | `cart_add.php` | Medium
88 | File | `case.filemanager.php` | High
89 | File | `catalog.php` | Medium
90 | File | `catalogshop.php` | High
91 | File | `catalogue.asp` | High
92 | File | `category.cfm` | Medium
93 | File | `category.php` | Medium
94 | File | `category_list.php` | High
95 | ... | ... | ...
3 | File | `/admin/contenttemp` | High
4 | File | `/admin/delete.php` | High
5 | File | `/admin/doctors/view_doctor.php` | High
6 | File | `/admin/modules/bibliography/index.php` | High
7 | File | `/admin/sales/view_details.php` | High
8 | File | `/admin/students/manage.php` | High
9 | File | `/admin/view_order.php` | High
10 | File | `/adminlogin.asp` | High
11 | File | `/app/controller/Books.php` | High
12 | File | `/bl-plugins/backup/plugin.php` | High
13 | File | `/cgi-bin/nightled.cgi` | High
14 | File | `/cgi/get_param.cgi` | High
15 | File | `/common/download_agent_installer.php` | High
16 | File | `/common/run_cross_report.php` | High
17 | File | `/controller/Index.php` | High
18 | File | `/coreframe/app/content/admin/content.php` | High
19 | File | `/dev/audio` | Medium
20 | File | `/etc/crash` | Medium
21 | File | `/etc/master.passwd` | High
22 | File | `/etc/passwd` | Medium
23 | File | `/EXCU_SHELL` | Medium
24 | File | `/goform/addressNat` | High
25 | File | `/goform/AddSysLogRule` | High
26 | File | `/goform/NatStaticSetting` | High
27 | File | `/goform/WifiBasicSet` | High
28 | File | `/include/friends.inc.php` | High
29 | File | `/index.php?module=configuration/application` | High
30 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
31 | File | `/iwgallery/pictures/details.asp` | High
32 | File | `/kruxton/receipt.php` | High
33 | File | `/medianet/mail.aspx` | High
34 | File | `/members/view_member.php` | High
35 | File | `/php-sms/admin/?page=services/manage_service` | High
36 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
37 | File | `/secure/admin/RestoreDefaults.jspa` | High
38 | File | `/services/view_service.php` | High
39 | File | `/servlet/webacc` | High
40 | File | `/sitemagic/upgrade.php` | High
41 | File | `/userui/ticket_list.php` | High
42 | File | `/usr/5bin/su` | Medium
43 | File | `/wmiwizard.jsp` | High
44 | File | `/wp-admin/options-general.php` | High
45 | File | `/zm/index.php` | High
46 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
47 | File | `abook_database.php` | High
48 | File | `accounts/inc/include.php` | High
49 | File | `acrotxt.php` | Medium
50 | File | `ad.cgi` | Low
51 | File | `adaptive-images-script.php` | High
52 | File | `additem.asp` | Medium
53 | File | `addpost_newpoll.php` | High
54 | File | `adherents/subscription/info.php` | High
55 | File | `admin.asp` | Medium
56 | File | `admin.php` | Medium
57 | File | `admin/admin.php` | High
58 | File | `admin/admin_users.php` | High
59 | File | `admin/article_save.php` | High
60 | File | `admin/handlers.php` | High
61 | File | `admin/header.php` | High
62 | File | `admin/index.php` | High
63 | File | `admin/login.asp` | High
64 | File | `admin/manage-comments.php` | High
65 | File | `admin/manage-news.php` | High
66 | File | `admin/page.php` | High
67 | File | `admin/plugin-settings.php` | High
68 | File | `adminBoards.php` | High
69 | File | `administrator/components/com_media/helpers/media.php` | High
70 | File | `administrator/index.php` | High
71 | File | `adminSmileys.php` | High
72 | File | `admin_login.asp` | High
73 | File | `AJAXPreview.jsp` | High
74 | File | `akocomments.php` | High
75 | File | `allmanageup.pl` | High
76 | File | `al_initialize.php` | High
77 | File | `amadmin.pl` | Medium
78 | File | `ampie.swf` | Medium
79 | File | `annonces-p-f.php` | High
80 | File | `announcements.php` | High
81 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
82 | File | `application/config/config.php` | High
83 | File | `application/controllers/basedata/inventory.php` | High
84 | File | `apply.cgi` | Medium
85 | File | `apps/app_article/controller/rating.php` | High
86 | File | `article.php` | Medium
87 | File | `articles.php` | Medium
88 | File | `artlinks.dispnew.php` | High
89 | File | `AsusSoftwareManager.exe` | High
90 | File | `auctionweaver.pl` | High
91 | File | `AudioFlinger.cpp` | High
92 | ... | ... | ...
There are 842 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 817 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://asec.ahnlab.com/en/34876/
* https://asec.ahnlab.com/en/40056/
* https://asec.ahnlab.com/en/41139/
* https://asec.ahnlab.com/en/42757/
* https://asec.ahnlab.com/en/45023/
* https://asec.ahnlab.com/en/45636/
* https://asec.ahnlab.com/en/46169/
* https://asec.ahnlab.com/en/46464/
* https://asec.ahnlab.com/en/47011/
* https://asec.ahnlab.com/en/47925/
* https://asec.ahnlab.com/en/48640/
* https://asec.ahnlab.com/en/50667/
## Literature

401
actors/BianLian/README.md
View File

@ -21,152 +21,157 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [2.58.14.41](https://vuldb.com/?ip.2.58.14.41) | mta0.zampa.space | - | High
2 | [2.58.15.111](https://vuldb.com/?ip.2.58.15.111) | - | - | High
3 | [2.58.15.126](https://vuldb.com/?ip.2.58.15.126) | - | - | High
4 | [2.59.254.29](https://vuldb.com/?ip.2.59.254.29) | - | - | High
5 | [3.25.93.101](https://vuldb.com/?ip.3.25.93.101) | ec2-3-25-93-101.ap-southeast-2.compute.amazonaws.com | - | Medium
6 | [3.72.105.50](https://vuldb.com/?ip.3.72.105.50) | ec2-3-72-105-50.eu-central-1.compute.amazonaws.com | - | Medium
7 | [3.76.100.131](https://vuldb.com/?ip.3.76.100.131) | ec2-3-76-100-131.eu-central-1.compute.amazonaws.com | - | Medium
8 | [3.81.68.30](https://vuldb.com/?ip.3.81.68.30) | ec2-3-81-68-30.compute-1.amazonaws.com | - | Medium
9 | [3.82.108.57](https://vuldb.com/?ip.3.82.108.57) | ec2-3-82-108-57.compute-1.amazonaws.com | - | Medium
10 | [3.106.130.174](https://vuldb.com/?ip.3.106.130.174) | ec2-3-106-130-174.ap-southeast-2.compute.amazonaws.com | - | Medium
11 | [3.109.108.143](https://vuldb.com/?ip.3.109.108.143) | ec2-3-109-108-143.ap-south-1.compute.amazonaws.com | - | Medium
12 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
13 | [3.236.161.7](https://vuldb.com/?ip.3.236.161.7) | ec2-3-236-161-7.compute-1.amazonaws.com | - | Medium
14 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
15 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
16 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
17 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
18 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
19 | [5.161.223.88](https://vuldb.com/?ip.5.161.223.88) | static.88.223.161.5.clients.your-server.de | - | High
20 | [5.181.20.110](https://vuldb.com/?ip.5.181.20.110) | - | - | High
21 | [5.182.39.10](https://vuldb.com/?ip.5.182.39.10) | vps.hostry.com | - | High
22 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
23 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
24 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
25 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
26 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
27 | [5.230.44.53](https://vuldb.com/?ip.5.230.44.53) | - | - | High
28 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
29 | [5.230.67.144](https://vuldb.com/?ip.5.230.67.144) | placeholder.noezserver.de | - | High
30 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
31 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
32 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
33 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
34 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
35 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
36 | [5.255.97.126](https://vuldb.com/?ip.5.255.97.126) | - | - | High
37 | [5.255.117.32](https://vuldb.com/?ip.5.255.117.32) | - | - | High
38 | [5.255.123.19](https://vuldb.com/?ip.5.255.123.19) | - | - | High
39 | [13.36.137.110](https://vuldb.com/?ip.13.36.137.110) | ec2-13-36-137-110.eu-west-3.compute.amazonaws.com | - | Medium
40 | [13.37.127.130](https://vuldb.com/?ip.13.37.127.130) | ec2-13-37-127-130.eu-west-3.compute.amazonaws.com | - | Medium
41 | [13.38.36.123](https://vuldb.com/?ip.13.38.36.123) | ec2-13-38-36-123.eu-west-3.compute.amazonaws.com | - | Medium
42 | [13.38.37.128](https://vuldb.com/?ip.13.38.37.128) | ec2-13-38-37-128.eu-west-3.compute.amazonaws.com | - | Medium
43 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
44 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
45 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
46 | [13.212.116.128](https://vuldb.com/?ip.13.212.116.128) | ec2-13-212-116-128.ap-southeast-1.compute.amazonaws.com | - | Medium
47 | [13.215.227.78](https://vuldb.com/?ip.13.215.227.78) | ec2-13-215-227-78.ap-southeast-1.compute.amazonaws.com | - | Medium
48 | [13.215.228.73](https://vuldb.com/?ip.13.215.228.73) | ec2-13-215-228-73.ap-southeast-1.compute.amazonaws.com | - | Medium
49 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
50 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
51 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
52 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
53 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
54 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
55 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
56 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
57 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
58 | [20.68.243.107](https://vuldb.com/?ip.20.68.243.107) | - | - | High
59 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
60 | [23.106.215.47](https://vuldb.com/?ip.23.106.215.47) | - | - | High
61 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
62 | [23.152.0.64](https://vuldb.com/?ip.23.152.0.64) | - | - | High
63 | [23.163.0.32](https://vuldb.com/?ip.23.163.0.32) | gods-cible.hotelalder.com | - | High
64 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
65 | [23.163.0.50](https://vuldb.com/?ip.23.163.0.50) | nordns.crowncloud.net | - | High
66 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
67 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
68 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
69 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
70 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
71 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
72 | [23.227.203.245](https://vuldb.com/?ip.23.227.203.245) | 23-227-203-245.static.hvvc.us | - | High
73 | [23.229.31.21](https://vuldb.com/?ip.23.229.31.21) | - | - | High
74 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
75 | [31.13.195.125](https://vuldb.com/?ip.31.13.195.125) | - | - | High
76 | [31.220.80.82](https://vuldb.com/?ip.31.220.80.82) | vmi1217242.contaboserver.net | - | High
77 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
78 | [34.207.174.202](https://vuldb.com/?ip.34.207.174.202) | ec2-34-207-174-202.compute-1.amazonaws.com | - | Medium
79 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
80 | [34.245.119.31](https://vuldb.com/?ip.34.245.119.31) | ec2-34-245-119-31.eu-west-1.compute.amazonaws.com | - | Medium
81 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
82 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
83 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
84 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
85 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
86 | [37.1.220.35](https://vuldb.com/?ip.37.1.220.35) | - | - | High
87 | [37.120.239.146](https://vuldb.com/?ip.37.120.239.146) | - | - | High
88 | [37.128.207.56](https://vuldb.com/?ip.37.128.207.56) | - | - | High
89 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
90 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
91 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
92 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
93 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
94 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
95 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
96 | [38.62.230.181](https://vuldb.com/?ip.38.62.230.181) | - | - | High
97 | [38.62.236.152](https://vuldb.com/?ip.38.62.236.152) | - | - | High
98 | [38.62.236.182](https://vuldb.com/?ip.38.62.236.182) | - | - | High
99 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
100 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
101 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
102 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
103 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
104 | [44.203.127.31](https://vuldb.com/?ip.44.203.127.31) | ec2-44-203-127-31.compute-1.amazonaws.com | - | Medium
105 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
106 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
107 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
108 | [45.12.2.230](https://vuldb.com/?ip.45.12.2.230) | iNfAcTor.disneybaby.com | - | High
109 | [45.12.2.242](https://vuldb.com/?ip.45.12.2.242) | chuchu.tigateworld.com | - | High
110 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
111 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
112 | [45.45.219.118](https://vuldb.com/?ip.45.45.219.118) | - | - | High
113 | [45.45.219.141](https://vuldb.com/?ip.45.45.219.141) | - | - | High
114 | [45.55.128.82](https://vuldb.com/?ip.45.55.128.82) | - | - | High
115 | [45.55.132.52](https://vuldb.com/?ip.45.55.132.52) | astrology.com | - | High
116 | [45.56.162.16](https://vuldb.com/?ip.45.56.162.16) | sand-162016.sandartery.com | - | High
117 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
118 | [45.56.165.27](https://vuldb.com/?ip.45.56.165.27) | server.jascoconsultingllc.com | - | High
119 | [45.56.165.30](https://vuldb.com/?ip.45.56.165.30) | nordns.crowncloud.net | - | High
120 | [45.58.52.17](https://vuldb.com/?ip.45.58.52.17) | server.asiatldes.com | - | High
121 | [45.58.52.123](https://vuldb.com/?ip.45.58.52.123) | - | - | High
122 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
123 | [45.61.138.43](https://vuldb.com/?ip.45.61.138.43) | - | - | High
124 | [45.61.139.234](https://vuldb.com/?ip.45.61.139.234) | - | - | High
125 | [45.64.186.135](https://vuldb.com/?ip.45.64.186.135) | hml02.murrowirrime.info | - | High
126 | [45.66.248.84](https://vuldb.com/?ip.45.66.248.84) | - | - | High
127 | [45.66.248.135](https://vuldb.com/?ip.45.66.248.135) | mta0.chasemake.com | - | High
128 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
129 | [45.76.80.199](https://vuldb.com/?ip.45.76.80.199) | 45.76.80.199.vultrusercontent.com | - | High
130 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
131 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
132 | [45.80.151.49](https://vuldb.com/?ip.45.80.151.49) | - | - | High
133 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
134 | [45.82.153.168](https://vuldb.com/?ip.45.82.153.168) | - | - | High
135 | [45.86.163.188](https://vuldb.com/?ip.45.86.163.188) | - | - | High
136 | [45.86.163.224](https://vuldb.com/?ip.45.86.163.224) | - | - | High
137 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
138 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
139 | [45.87.155.88](https://vuldb.com/?ip.45.87.155.88) | yarom.com | - | High
140 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
141 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
142 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
143 | [45.128.133.21](https://vuldb.com/?ip.45.128.133.21) | - | - | High
144 | ... | ... | ... | ...
1 | [1.117.72.174](https://vuldb.com/?ip.1.117.72.174) | - | - | High
2 | [2.58.14.41](https://vuldb.com/?ip.2.58.14.41) | mta0.zampa.space | - | High
3 | [2.58.15.111](https://vuldb.com/?ip.2.58.15.111) | - | - | High
4 | [2.58.15.126](https://vuldb.com/?ip.2.58.15.126) | - | - | High
5 | [2.59.254.29](https://vuldb.com/?ip.2.59.254.29) | - | - | High
6 | [3.25.93.101](https://vuldb.com/?ip.3.25.93.101) | ec2-3-25-93-101.ap-southeast-2.compute.amazonaws.com | - | Medium
7 | [3.72.105.50](https://vuldb.com/?ip.3.72.105.50) | ec2-3-72-105-50.eu-central-1.compute.amazonaws.com | - | Medium
8 | [3.76.100.131](https://vuldb.com/?ip.3.76.100.131) | ec2-3-76-100-131.eu-central-1.compute.amazonaws.com | - | Medium
9 | [3.81.68.30](https://vuldb.com/?ip.3.81.68.30) | ec2-3-81-68-30.compute-1.amazonaws.com | - | Medium
10 | [3.82.108.57](https://vuldb.com/?ip.3.82.108.57) | ec2-3-82-108-57.compute-1.amazonaws.com | - | Medium
11 | [3.106.130.174](https://vuldb.com/?ip.3.106.130.174) | ec2-3-106-130-174.ap-southeast-2.compute.amazonaws.com | - | Medium
12 | [3.109.108.143](https://vuldb.com/?ip.3.109.108.143) | ec2-3-109-108-143.ap-south-1.compute.amazonaws.com | - | Medium
13 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
14 | [3.236.161.7](https://vuldb.com/?ip.3.236.161.7) | ec2-3-236-161-7.compute-1.amazonaws.com | - | Medium
15 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
16 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
17 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
18 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
19 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
20 | [5.161.223.88](https://vuldb.com/?ip.5.161.223.88) | static.88.223.161.5.clients.your-server.de | - | High
21 | [5.181.20.110](https://vuldb.com/?ip.5.181.20.110) | - | - | High
22 | [5.182.39.10](https://vuldb.com/?ip.5.182.39.10) | vps.hostry.com | - | High
23 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
24 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
25 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
26 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
27 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
28 | [5.230.44.53](https://vuldb.com/?ip.5.230.44.53) | - | - | High
29 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
30 | [5.230.67.144](https://vuldb.com/?ip.5.230.67.144) | placeholder.noezserver.de | - | High
31 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
32 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
33 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
34 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
35 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
36 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
37 | [5.255.97.126](https://vuldb.com/?ip.5.255.97.126) | - | - | High
38 | [5.255.117.32](https://vuldb.com/?ip.5.255.117.32) | - | - | High
39 | [5.255.123.19](https://vuldb.com/?ip.5.255.123.19) | - | - | High
40 | [13.36.137.110](https://vuldb.com/?ip.13.36.137.110) | ec2-13-36-137-110.eu-west-3.compute.amazonaws.com | - | Medium
41 | [13.37.127.130](https://vuldb.com/?ip.13.37.127.130) | ec2-13-37-127-130.eu-west-3.compute.amazonaws.com | - | Medium
42 | [13.38.36.123](https://vuldb.com/?ip.13.38.36.123) | ec2-13-38-36-123.eu-west-3.compute.amazonaws.com | - | Medium
43 | [13.38.37.128](https://vuldb.com/?ip.13.38.37.128) | ec2-13-38-37-128.eu-west-3.compute.amazonaws.com | - | Medium
44 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
45 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
46 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
47 | [13.212.116.128](https://vuldb.com/?ip.13.212.116.128) | ec2-13-212-116-128.ap-southeast-1.compute.amazonaws.com | - | Medium
48 | [13.215.227.78](https://vuldb.com/?ip.13.215.227.78) | ec2-13-215-227-78.ap-southeast-1.compute.amazonaws.com | - | Medium
49 | [13.215.228.73](https://vuldb.com/?ip.13.215.228.73) | ec2-13-215-228-73.ap-southeast-1.compute.amazonaws.com | - | Medium
50 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
51 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
52 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
53 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
54 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
55 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
56 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
57 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
58 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
59 | [20.68.243.107](https://vuldb.com/?ip.20.68.243.107) | - | - | High
60 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
61 | [23.94.120.119](https://vuldb.com/?ip.23.94.120.119) | 23-94-120-119-host.colocrossing.com | - | High
62 | [23.106.215.47](https://vuldb.com/?ip.23.106.215.47) | - | - | High
63 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
64 | [23.152.0.64](https://vuldb.com/?ip.23.152.0.64) | - | - | High
65 | [23.163.0.32](https://vuldb.com/?ip.23.163.0.32) | gods-cible.hotelalder.com | - | High
66 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
67 | [23.163.0.50](https://vuldb.com/?ip.23.163.0.50) | nordns.crowncloud.net | - | High
68 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
69 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
70 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
71 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
72 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
73 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
74 | [23.227.202.28](https://vuldb.com/?ip.23.227.202.28) | 23-227-202-28.static.hvvc.us | - | High
75 | [23.227.202.153](https://vuldb.com/?ip.23.227.202.153) | 23-227-202-153.static.hvvc.us | - | High
76 | [23.227.203.245](https://vuldb.com/?ip.23.227.203.245) | 23-227-203-245.static.hvvc.us | - | High
77 | [23.229.31.21](https://vuldb.com/?ip.23.229.31.21) | - | - | High
78 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
79 | [31.13.195.125](https://vuldb.com/?ip.31.13.195.125) | - | - | High
80 | [31.42.186.231](https://vuldb.com/?ip.31.42.186.231) | Iuh3829fu32.circuitostartup.com | - | High
81 | [31.220.80.82](https://vuldb.com/?ip.31.220.80.82) | vmi1217242.contaboserver.net | - | High
82 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
83 | [34.207.174.202](https://vuldb.com/?ip.34.207.174.202) | ec2-34-207-174-202.compute-1.amazonaws.com | - | Medium
84 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
85 | [34.245.119.31](https://vuldb.com/?ip.34.245.119.31) | ec2-34-245-119-31.eu-west-1.compute.amazonaws.com | - | Medium
86 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
87 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
88 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
89 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
90 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
91 | [37.1.220.35](https://vuldb.com/?ip.37.1.220.35) | - | - | High
92 | [37.120.239.146](https://vuldb.com/?ip.37.120.239.146) | - | - | High
93 | [37.128.207.56](https://vuldb.com/?ip.37.128.207.56) | - | - | High
94 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
95 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
96 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
97 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
98 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
99 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
100 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
101 | [38.62.230.181](https://vuldb.com/?ip.38.62.230.181) | - | - | High
102 | [38.62.236.152](https://vuldb.com/?ip.38.62.236.152) | - | - | High
103 | [38.62.236.182](https://vuldb.com/?ip.38.62.236.182) | - | - | High
104 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
105 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
106 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
107 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
108 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
109 | [44.203.127.31](https://vuldb.com/?ip.44.203.127.31) | ec2-44-203-127-31.compute-1.amazonaws.com | - | Medium
110 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
111 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
112 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
113 | [45.12.2.230](https://vuldb.com/?ip.45.12.2.230) | iNfAcTor.disneybaby.com | - | High
114 | [45.12.2.242](https://vuldb.com/?ip.45.12.2.242) | chuchu.tigateworld.com | - | High
115 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
116 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
117 | [45.45.219.118](https://vuldb.com/?ip.45.45.219.118) | - | - | High
118 | [45.45.219.141](https://vuldb.com/?ip.45.45.219.141) | - | - | High
119 | [45.55.128.82](https://vuldb.com/?ip.45.55.128.82) | - | - | High
120 | [45.55.132.52](https://vuldb.com/?ip.45.55.132.52) | astrology.com | - | High
121 | [45.56.162.16](https://vuldb.com/?ip.45.56.162.16) | sand-162016.sandartery.com | - | High
122 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
123 | [45.56.165.27](https://vuldb.com/?ip.45.56.165.27) | server.jascoconsultingllc.com | - | High
124 | [45.56.165.30](https://vuldb.com/?ip.45.56.165.30) | nordns.crowncloud.net | - | High
125 | [45.58.52.17](https://vuldb.com/?ip.45.58.52.17) | server.asiatldes.com | - | High
126 | [45.58.52.123](https://vuldb.com/?ip.45.58.52.123) | - | - | High
127 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
128 | [45.61.138.43](https://vuldb.com/?ip.45.61.138.43) | - | - | High
129 | [45.61.139.234](https://vuldb.com/?ip.45.61.139.234) | - | - | High
130 | [45.64.186.135](https://vuldb.com/?ip.45.64.186.135) | hml02.murrowirrime.info | - | High
131 | [45.66.248.84](https://vuldb.com/?ip.45.66.248.84) | - | - | High
132 | [45.66.248.135](https://vuldb.com/?ip.45.66.248.135) | mta0.chasemake.com | - | High
133 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
134 | [45.76.80.199](https://vuldb.com/?ip.45.76.80.199) | 45.76.80.199.vultrusercontent.com | - | High
135 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
136 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
137 | [45.80.151.49](https://vuldb.com/?ip.45.80.151.49) | - | - | High
138 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
139 | [45.82.153.168](https://vuldb.com/?ip.45.82.153.168) | - | - | High
140 | [45.86.163.188](https://vuldb.com/?ip.45.86.163.188) | - | - | High
141 | [45.86.163.224](https://vuldb.com/?ip.45.86.163.224) | - | - | High
142 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
143 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
144 | [45.87.155.88](https://vuldb.com/?ip.45.87.155.88) | yarom.com | - | High
145 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
146 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
147 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
148 | [45.128.133.21](https://vuldb.com/?ip.45.128.133.21) | - | - | High
149 | ... | ... | ... | ...
There are 570 more IOC items available. Please use our online service to access the data.
There are 590 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -174,13 +179,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-24 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
1 | T1006 | CWE-22, CWE-24, CWE-29 | Path Traversal | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
There are 19 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -188,45 +194,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.` | High
2 | File | `/admin/` | Low
3 | File | `/admin/admin_user.php` | High
4 | File | `/admin/category/save` | High
5 | File | `/admin/list_ipAddressPolicy.php` | High
6 | File | `/admin/maintenance/view_designation.php` | High
7 | File | `/admin/search-appointment.php` | High
8 | File | `/admin/subject.php` | High
9 | File | `/app/options.py` | High
10 | File | `/auth/auth.php?user=1` | High
11 | File | `/boaform/device_reset.cgi` | High
12 | File | `/cgi-bin/cstecgi.cgi` | High
13 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
14 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
15 | File | `/cgi-bin/wlogin.cgi` | High
16 | File | `/cgi/cpaddons_report.pl` | High
17 | File | `/common/dict/list` | High
18 | File | `/debug/pprof` | Medium
1 | File | `/admin/` | Low
2 | File | `/admin/admin_user.php` | High
3 | File | `/admin/category/save` | High
4 | File | `/admin/list_ipAddressPolicy.php` | High
5 | File | `/admin/search-appointment.php` | High
6 | File | `/admin/subject.php` | High
7 | File | `/app/controller/Setup.php` | High
8 | File | `/app/options.py` | High
9 | File | `/auth/auth.php?user=1` | High
10 | File | `/boaform/device_reset.cgi` | High
11 | File | `/cgi-bin/cstecgi.cgi` | High
12 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
13 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
14 | File | `/cgi-bin/wlogin.cgi` | High
15 | File | `/cgi/cpaddons_report.pl` | High
16 | File | `/common/dict/list` | High
17 | File | `/debug/pprof` | Medium
18 | File | `/debuginfo.htm` | High
19 | File | `/DXR.axd` | Medium
20 | File | `/forum/away.php` | High
21 | File | `/goform/goform_get_cmd_process` | High
22 | File | `/HNAP1/` | Low
23 | File | `/importexport.php` | High
24 | File | `/main/doctype.php` | High
25 | File | `/main/webservices/additional_webservices.php` | High
26 | File | `/mc` | Low
27 | File | `/myprofile.php` | High
28 | File | `/net/bluetooth/rfcomm/core.C` | High
29 | File | `/oauth/idp/.well-known/openid-configuration` | High
30 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
31 | File | `/register.php` | High
32 | File | `/setting/NTPSyncWithHost` | High
33 | File | `/spip.php` | Medium
34 | File | `/terminal/handle-command.php` | High
35 | File | `/uncpath/` | Medium
36 | File | `/update-resource-data/` | High
37 | ... | ... | ...
22 | File | `/goform/SetSpeedWan` | High
23 | File | `/HNAP1/` | Low
24 | File | `/importexport.php` | High
25 | File | `/Interface/DevManage/VM.php` | High
26 | File | `/main/doctype.php` | High
27 | File | `/main/webservices/additional_webservices.php` | High
28 | File | `/mc` | Low
29 | File | `/myprofile.php` | High
30 | File | `/net/bluetooth/rfcomm/core.C` | High
31 | File | `/oauth/idp/.well-known/openid-configuration` | High
32 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
33 | File | `/pdf` | Low
34 | File | `/register.php` | High
35 | File | `/remote/put_file` | High
36 | File | `/setting/NTPSyncWithHost` | High
37 | File | `/spip.php` | Medium
38 | File | `/squashfs-root/etc_ro/custom.conf` | High
39 | ... | ... | ...
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 336 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -310,6 +318,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22b79d78b5f597cc5cfcab400f6b1abcf095fc275b8dc9640ea193f2138f53c9d5%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22b385dd84605f8ad953d537c1a42eb9be8677034889453f319d28f942360b65f0%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22b537f351722ffca1abe6efbe355a6162e727a13727c626292f4d14146679d7b5%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bae0bfdb05119e4177995c3f1bbad53d28434e5262d1c6575f8c1fab045a7df2%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bb05049bfe26b30bcb6c0842a1dc6d8c3b71f0b41dd778ac6c76eaf74a620483%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bb921bead10997e8c682a7acacb062d5107159c9378c81a4615372de5d8ece0f%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bba2e2f6a311fe3c985a856a2097eb0195059fba544e7acd172a38369e1d4cbe%22
@ -328,6 +337,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c7b44aeaaa1c88d4579d37705661b9c2821a6c65a586205e1eef92b0dca7bf92%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c9c617394a1c0af7dec708d6644863d98f43427e5f9f8d5a9d586b04538219d9%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c9cb3353676114a2dd6f4336677a34d369604ac9be7038ce76e0a189e1f4983e%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c18f4ce8537b47865535da753f3683259a3d35e82216fde6bfd641252e0e0b59%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c22d0427dbb178fc6cfcb87cecdc5bc7641f26fa13fdb08e84364397489cdb9b%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c37cae2ad2e1f96cc5f86bfe8369418d4b7551818f755057996c8e8e8c57e1ed%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c59b369acbf7c7bf5b87684bd1ab2e73bd1d91a7d9bf34a502ab6379221605ee%22
@ -365,6 +375,9 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d62e30b1ad3e4a5e6af1f3e0451ee6432c7949b73751d3a456be5b40c13a447e%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d80e4f06365b6a189965218bb618c4aaeb424c2d0c7a1581ff8f947614f37332%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d360ecb50280e8747808acda5f0e2bc9f7e29f4b60576af14284ec6aa87f676b%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d4864de46b2bb19678ba292621635944ec507ea9f3e66f8de37bdc30283773e1%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d7444672b3c87107dfec98e981d623fe33941afd1aabd4618d73c1b4f8444dda%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22da10ce10e7f5b2c730754f0b3e529694bdc41cdaed2a3acdb7ac16b67ba4058a%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22db12a43510d9c013dd32fd4c5f3d3e8b882f2b3541139a45742c8ddecad999cd%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dbddfe3e7c9f992b12a776387ec36baef4689c90e76e70c32f5742fca707cf07%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dc8dec49562c502d5929f89a163adc46ad398ce6767271fbc9cc8ef40561d094%22
@ -396,6 +409,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ebcbd208dfc442cdfb1be34d6cc99cac2d35f87bfe4fd6d7b1b87c1e212bbfa2%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ec7292eb3e9757445c8533dc830f38bc0690c8f91d8d684f0ffb8faa1db74000%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ecc06ccade3b4dac6f4558476d742b7e88df4375c6ab11b186d217433244afd1%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ece05cda9bc53eb709a2e49f3b0d785ab4e88bd27a852db771bbefd24f15c2d2%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ed252ea59e5753951c807090cb7df07e9deebcdb97835f51c148c4169f15a3f9%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ef39fdbc59a559df2462ce0956458a80e6338d58d04f366d90cdb7965f5edcb2%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22efadcf13721f669472945371a57fa40a4bdbed063fde1b851a311ead7c66c3ef%22
@ -422,6 +436,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb3e3847d4f2a20cd56b2e3ac03d24aa126e05115822d15bd7e72fb9a564be6d%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb660ff81aba8f455b7920366ffea607055f49973d326f10a0118a5b29b3ce10%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb6815abaf3d9260cd76d0b9119c88e69ae4b66804c8d357c1662b4b6f11f439%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fbc85f759ab40d6ddeb2466ac9d8125945ba67395a0debbd92400d4a91b84534%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fcdd83167b92e1c7bdec56fc9d7f46ab044bca777ef3901d84debb12b60c8d43%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fdbfb2e037b1276e0a70cae3fb21ff4f8052df57117967e0af038d5999f8ae9a%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fdffacdd96db3eb4c84ea257e4ecdfd2c18ccf184804e78315545be0026314b7%22
@ -435,6 +450,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220e7705888a9000b0a2c8ca2a4846d890920d19bd6af9c50fb34668b4673f54c7%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220ebaabf79ecaccb878e0ecc68b6c868ef047ac8735a3347ff892c3420b47803f%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220edd2d75fcf4c8b0840516d473cfc5d8af8606fa301ebac23fc210cf79d1dd0d%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220f506ba03ecdcc13184689a985a2af22e16bcf8c3bcb7f58749e3741fe8b6122%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220f44657bc73691af07715812236ab162bb75df18a28f317fd77f077ff22c5ad0%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221af6ae62dca201286d4b11ee20fd1e8dcf343d2e8500de51f9175bcf3d12e06f%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221b00dfd6a492dcb9e9f22913ed64a36da34672a59cd5610d8e9438976ded4dc9%22
@ -445,6 +461,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221ebe4f6c1b7578cfae6d609d2dc69913cb0ca7fade5c6ae3d4f116e145f50f4d%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221edc93cfb7498f3bd6827783eb2c464c0d58dfab47964f3d9412f9baf828f68f%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221efe88adbb16d17952851e961e3a1937735bd63faf208fe7fa1efcfaa0180222%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221f21d518cfa3598c042afa32679c86095310946defd96d816778fee4f1b9b6d4%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221f45a7a12cc9bdd9712584e317a3d1f765f87af196682600728350bf86898f8e%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221f168a4d8532e3222ce7b947eb6acb66f1ca41917e95bf19a1e6086896c43c46%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221fb6ef077373326b3b9811df7834025a7ec1d213aa94c41f1ac812fe9ece7a42%22
@ -454,10 +471,13 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222c48a71463075ecf6aac326807b2be06a966b5d53bdd99b61284fd1b3ca57ddd%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222cab3e1cfa4040d815155cb9fe9b259135424e2ca245765ddd12324075623dfe%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d02e5aa8065bca63541458fc190780583486548b3f1beae1c623ac915efc5a0%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d1b33fd22de8ca01cbb80135a83ef8901ec2c477587bf928ab751b271de3e73%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d2f08e2a84aa19e48a6ae61e0b8dad491e5d0ec5a86c27c582927026061178a%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d8ee9ae4a111e33063aee6eeab4aeb2a277c7b98c836c5edce93fa4158a1517%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222dc0f99bf9fdef615d53ba11e4520c286bd775ce3603df84607aaef3d2f14a8d%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222dd5a1160936b4f4bb9a7c2229f7f1d716d96840131c770174f050265f725cea%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222e7dc8f56986ecb7375304c20c0645ec2c8c88bce4c3350d77102b6e17bbb531%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222e656b3e0df56edfd300ee08413fdc731c77b56c86f832b1f6821bbab8a4c3fa%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223b60ecf79082052bf2e2efb45b502a936426c2472ea853bfef36e3d2c01a4b79%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223b88aac57230a7bf62660854852ee7167f13c02ab261825216ff7c3a58d09711%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223b41807b1368cefedf5c70842a73166497bc95121dad4b3ff2a93555420cc656%22
@ -477,16 +497,19 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225b36c58791e18728d53b05f27abc88b93724c4ce08c3f62c749c5e563da82a14%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225bd3dde5e2ad26fbf78d1136c8e337c07b5fc55d1b4ac461a08c3f749003d794%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c4b8f572f297bb98b1d2e47075aec68b3b9da1fb76606e07d8176edbe1338c8%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c95f8728cba884fde11753c3ec7b4ce8ef0f871e98dd06f9464f82b69d653f4%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c538f273807d92a8626eacacce355c414210f29293c2ba2b8a7ec16bf31303f%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c8474878a2a3e529486a7674026f8eb3a5b4d37e1af966646f3a1d3f22b979d%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d3eb0b9bc00549d4f12f12f8eaf9a9a024258e648841b20bddf0cfe45d792dd%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d5ff125ad48581ab86d75669d2ca79c1e02de1be746508c5cdcf767fd6b1eb0%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d26e1378fe730a0dee7100cf441d502e016ef0198c2a9ab2a5e77d93bfd3727%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d715e500b841e38eff4acc909a619276d6f18705166dd23cfb072c742e9c85b%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225e72f7c4dacbb13e0a87be3d0133fd1ef9782d4d5cd60287c692ad6008a9fbc6%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225e279697fbda136046542fc6db82a4bc3def212b9e15bd9e4f967c8a03e8dca7%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225ea2161f353b71cc360d245cfdeaafa1cac41d672d0035780aa42cac6da6c5dd%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225eb8ad1c658feb35f33ca16ec02391f23dc44c0f7be5fcd424b1f8eeef424b5a%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225f18f724111eb6c8aa4ec01984556ecc7357dbc5f030746a3b3f2ec3bc2b343e%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225f2516875bd9ef6990a50faf8adf542805069048b028be26df9d155efbe3cf69%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a80cb5adacc61a445d3b1962a79ed40adb62e4eaddebea7131ddbc2bfebf108%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a93688d69aeab73fb28239f0b7ccb8b15ef876d6b134c379ae36a2526d29d83%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a165551d34f38fd44b9fb1949685d14cc36220c99e0e6b05db8907229f7182d%22
@ -524,6 +547,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ab554fbdeb9bbe3197369987ce496590ffdce906ce33c65660a385e42c9f11b%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229abc86f1304f41b1a2281e113afa695ee9e6661a3766a5862f460548ff6980ad%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ae1a707bdb87aa40ec1139533ee543b5bcdf6ce89f7b9c560520d5868e5353e%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229bf79356f4ee94507999adcc7faeedd65aa75600f7bdcc24c8c792c2ab3e1d69%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229c71fdb3c7ac17591c355ba028b6a86f243246fac32eb07af552199037c2faf2%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229c191ae9892430a18e2d466c5b3c0b230450ea178ffa2553a6babc31f6d4348c%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ccaaf6ad700e922565d1947ac46839e4a8c8a18af7a94605f4ebfcbb916b4f4%22
@ -545,9 +569,11 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2217ccb41be152e06d81028fa8db241befbedc1f6abe2859381764efa1572eb756%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2218f3618dfd6257ef264e2b046d2acededb423e7558b0f3b405b9366953b74f8d%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220cb8ebe1f1cc16e7650f45c75b3ca0e9d6308998bb58ac3f3fbb1c501f1a0dc%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220eaf8372afe6dbe61a2ac806800d82c6b7a0db32a599fe89a665ad629cf4311%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2222da2cc9ccc8081684a05a5df66f426a684016f9db961d768b3b651b78f6d1a2%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2222e86fc171d87ccc9c172c719af38245ef9bf8161b54f60ca274e01891a94c08%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2223a8001e1dc233a132e3521e62fb7632ffe6c4879531ebd9506111a0071289cf%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2223b2939879b50f12babf00a8e147b0308b1847b20b73815ad83bad2951f7bbae%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2225a93a9eb67dc035524601ba232f535ab67d776433458deaddc04304398bc901%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2225abb180e92da37e426fc8f49970596a5fb1d989a4475a2c8c95d95edcbed5e4%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2226cdf8d6d2d8f260ad5c38f449f98c0a161b3c194ab6edba0ebdef0d63feea51%22
@ -560,6 +586,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2233b6af004f0cd8ab4a9976dba81ca09d682d3531eda5b889a4c6f5debaeaf8f8%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2235cde68303f6694d9b3947bd945ee98dd088c98199381fd5b52778513dd283b8%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2235faa39b648c6e8cefd9b1ba970b280340d27e91f8f084f85f2984e5c87a6733%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2240a5e3954cb4f99a278748eef1e222a05e082ecd5b304970dd246312227d4b36%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2244a3036e7c31d65c0a9445772e3b28d2c13065483c08f0126e1d53139bc16f7d%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2247df3abc74ad31a300a6af92f38b5462e063fc5ca64d97c0d7bb5e91c4076943%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2250a7b7651fcc014777c44f01211632d1ea8de82690ca193201c62a32dc2e00ad%22
@ -618,9 +645,11 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22236f6df4a662b67e33ae79a25e2f0044c43e594bbdae0a97c3aeb486e5ee11ca%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22310cab4e01c406897c12781920da092d1ccb3aef6bdad1c819ebf24f6e8b4dde%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22354c6d8d9033668867406be1bb6238647e207cb5f2de6a776ae3d461637efa8e%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22370bdcd632f48a293b0bf6c8a397187e1c7345611e106dbf1518816a4239a4cd%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22408cb806e82f22fbf8cf96dc7f7c187acaa3cf53c611ca6dd37c925273ba1726%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22409e50ae1c3f70cf81350be6f3cd218b0c9ef15eb03439c15d53a6012bddae2f%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22420a63db1bdd2f74731d1001e49ac2c1443b4d3ba810b67cb324a665ffe84382%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22431ac40196f0417e86d1be9eed414d40076404efaf5ba09d5a1c88855ac37c97%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22432ed1ee42746631cefc6d8a69c3ff06ce34c5540437c228a49a4c1c0eb3928a%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22451acafcf7fbfdfa0c79d0fba2e749a795e2fb0dff66e2a70ace01cd242ff4d4%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22461bd92732e4fcd9a11594a550ff844af1dc8686cf5e69520f058c3c7d217bd5%22
@ -630,6 +659,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22520a6d8fe1e6a0b2ff9755e5058d981c7b6f80e5f3faafbd7e636e263eb748f4%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22520e684445f6257e1aeb5f74ceee23789d75517270876b92dd2860705aec037c%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22532a3c38c20c60a3c64f548ad9bd3807e0585f70c78db495c0983fae44da056e%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22562d57dc02f41df59ddf4c4b83747782593ac7f0f33e6436628d1ea6e807f2e1%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22674a2fef172685c51fda91aba205c20fb95e0c63fa4f0ecb598fb6213775ede5%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22690d07f864220db5078dd937da7104993d3e7820732f8502b7c3c68cc9c22ae8%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22723c18cc60cbfd6430123a2c5326ac021826f9b750f43159628fe4a0df882537%22
@ -644,6 +674,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22875e3cfb1f6b9757aada57db20493a60717a4114b69931f8a7aabc56404ef42b%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22890b0d66b3437ab8477a04d338024b8729d2732030abbfd134052e50e7bad0ab%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22891a64e34efebd507494a0b411ab067e085fc4ac7ae44171b1bbc6d78d493a60%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22919c6a5dffca3a9a630ca5c509909bfed1f16c3d21ba373ebb70cc57529c64fa%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22951e8ff2808a5bd4f4e5b181be38cb429383d10b782708b484c16bc11bd6b77d%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22953cc2d06cefe778ca24a6096ebec12743d4d130d0dd3e11f65bce20bdaa9f4c%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220031daf0487b995130c142c52ca4b28a4cb7789ff9c0861554d7a36b1d54f73f%22
@ -679,6 +710,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229280bdf16dde768c7e0ab2015ea987ac7c8e853c6df18f39eeec502812c476b6%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229425b43e08e75e51143e88d0ef8fe248467fccdf233c4fb5fe6514143b0d4303%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2201031e2c5206b868aef93bfc97e7f336daaf90f54518e95bcc5c81806a53a536%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2202011ab5bd4a9b893b3922b47552f618b7f30f5dd926df54f41b627b2b1b4b51%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2203266e3ea0158c62f652064b0b78824d03b4aa26b15509036c40a281a6f42cb4%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2212414ffbbb9d89905eccbb3529cbeec829e492e21f7f8ccce902eebb05061e59%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220743d0b9dbb07cafe875ba9ed1642b630c421c4956b20f3fb7a127b39350b9f%22
@ -692,6 +724,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2276149e95ec0d8218b1d5aa4630174991eecc19935c58f7f29a5fb7050ccd56f5%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2277271b9d29d9e91f0d72006953fadd7aa37256396ea5e30bb54f16645155af08%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2278724ff0250bf9ac2d098033e6bbc20e26f5cf0f0f71f54883565fd607f633b9%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2293288c33d1a6bac0a3a43ca835c5741ceca50bc7e247ec549edd6d4dc92f8788%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2298385a3548d87a841124069aa32398cca8a3175b75eb00e2da3973e6f3888503%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22005886c7f475614044a55712d5c059435c2871ef7ebbc6d3bcec8238cffea263%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22132044ee6a1b025a47fce929ce779c3dc657ee313e84741b69de8006bc428b05%22

2
actors/BillGates/README.md
View File

@ -35,7 +35,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-88, CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...

156
actors/BitRAT/README.md
View File

@ -76,47 +76,51 @@ ID | IP address | Hostname | Campaign | Confidence
53 | [23.105.131.186](https://vuldb.com/?ip.23.105.131.186) | mail186.nessfist.com | - | High
54 | [23.105.131.195](https://vuldb.com/?ip.23.105.131.195) | mail195.nessfist.com | - | High
55 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | mail209.nessfist.com | - | High
56 | [23.105.171.80](https://vuldb.com/?ip.23.105.171.80) | desiignplaza.world | - | High
57 | [23.146.242.85](https://vuldb.com/?ip.23.146.242.85) | - | - | High
58 | [23.239.28.245](https://vuldb.com/?ip.23.239.28.245) | 23-239-28-245.ip.linodeusercontent.com | - | High
59 | [31.7.63.14](https://vuldb.com/?ip.31.7.63.14) | rack223ch.idfnv.ne | - | High
60 | [31.210.20.187](https://vuldb.com/?ip.31.210.20.187) | - | - | High
61 | [31.210.20.236](https://vuldb.com/?ip.31.210.20.236) | - | - | High
62 | [31.210.21.21](https://vuldb.com/?ip.31.210.21.21) | lilut.top | - | High
63 | [31.210.21.114](https://vuldb.com/?ip.31.210.21.114) | larul.top | - | High
64 | [31.220.4.216](https://vuldb.com/?ip.31.220.4.216) | haa02.sctio.com | - | High
65 | [31.220.44.253](https://vuldb.com/?ip.31.220.44.253) | - | - | High
66 | [34.121.150.14](https://vuldb.com/?ip.34.121.150.14) | 14.150.121.34.bc.googleusercontent.com | - | Medium
67 | [37.0.8.108](https://vuldb.com/?ip.37.0.8.108) | lloydfox.capitolreservations.com | - | High
68 | [37.0.10.6](https://vuldb.com/?ip.37.0.10.6) | - | - | High
69 | [37.0.10.19](https://vuldb.com/?ip.37.0.10.19) | - | - | High
70 | [37.0.10.62](https://vuldb.com/?ip.37.0.10.62) | - | - | High
71 | [37.0.10.63](https://vuldb.com/?ip.37.0.10.63) | - | - | High
72 | [37.0.10.252](https://vuldb.com/?ip.37.0.10.252) | - | - | High
73 | [37.0.11.99](https://vuldb.com/?ip.37.0.11.99) | - | - | High
74 | [37.0.11.155](https://vuldb.com/?ip.37.0.11.155) | - | - | High
75 | [37.0.11.164](https://vuldb.com/?ip.37.0.11.164) | - | - | High
76 | [37.0.11.177](https://vuldb.com/?ip.37.0.11.177) | - | - | High
77 | [37.0.11.183](https://vuldb.com/?ip.37.0.11.183) | - | - | High
78 | [37.0.11.212](https://vuldb.com/?ip.37.0.11.212) | - | - | High
79 | [37.0.11.221](https://vuldb.com/?ip.37.0.11.221) | - | - | High
80 | [37.0.14.212](https://vuldb.com/?ip.37.0.14.212) | - | - | High
81 | [37.46.150.134](https://vuldb.com/?ip.37.46.150.134) | - | - | High
82 | [37.120.152.157](https://vuldb.com/?ip.37.120.152.157) | - | - | High
83 | [37.120.208.46](https://vuldb.com/?ip.37.120.208.46) | - | - | High
84 | [37.120.212.229](https://vuldb.com/?ip.37.120.212.229) | - | - | High
85 | [37.120.234.40](https://vuldb.com/?ip.37.120.234.40) | no-rdns.m247.com | - | High
86 | [37.139.128.233](https://vuldb.com/?ip.37.139.128.233) | - | - | High
87 | [40.82.152.253](https://vuldb.com/?ip.40.82.152.253) | - | - | High
88 | [40.88.44.226](https://vuldb.com/?ip.40.88.44.226) | - | - | High
89 | [41.36.83.211](https://vuldb.com/?ip.41.36.83.211) | host-41.36.83.211.tedata.net | - | High
90 | [41.102.8.156](https://vuldb.com/?ip.41.102.8.156) | - | - | High
91 | [41.102.33.8](https://vuldb.com/?ip.41.102.33.8) | - | - | High
92 | [41.102.231.123](https://vuldb.com/?ip.41.102.231.123) | - | - | High
93 | [41.216.183.61](https://vuldb.com/?ip.41.216.183.61) | - | - | High
94 | ... | ... | ... | ...
56 | [23.105.131.237](https://vuldb.com/?ip.23.105.131.237) | - | - | High
57 | [23.105.171.80](https://vuldb.com/?ip.23.105.171.80) | desiignplaza.world | - | High
58 | [23.146.242.85](https://vuldb.com/?ip.23.146.242.85) | - | - | High
59 | [23.239.28.245](https://vuldb.com/?ip.23.239.28.245) | 23-239-28-245.ip.linodeusercontent.com | - | High
60 | [27.124.20.145](https://vuldb.com/?ip.27.124.20.145) | - | - | High
61 | [31.7.63.14](https://vuldb.com/?ip.31.7.63.14) | rack223ch.idfnv.ne | - | High
62 | [31.210.20.187](https://vuldb.com/?ip.31.210.20.187) | - | - | High
63 | [31.210.20.236](https://vuldb.com/?ip.31.210.20.236) | - | - | High
64 | [31.210.21.21](https://vuldb.com/?ip.31.210.21.21) | lilut.top | - | High
65 | [31.210.21.114](https://vuldb.com/?ip.31.210.21.114) | larul.top | - | High
66 | [31.220.4.216](https://vuldb.com/?ip.31.220.4.216) | haa02.sctio.com | - | High
67 | [31.220.44.253](https://vuldb.com/?ip.31.220.44.253) | - | - | High
68 | [34.121.150.14](https://vuldb.com/?ip.34.121.150.14) | 14.150.121.34.bc.googleusercontent.com | - | Medium
69 | [37.0.8.108](https://vuldb.com/?ip.37.0.8.108) | lloydfox.capitolreservations.com | - | High
70 | [37.0.10.6](https://vuldb.com/?ip.37.0.10.6) | - | - | High
71 | [37.0.10.19](https://vuldb.com/?ip.37.0.10.19) | - | - | High
72 | [37.0.10.62](https://vuldb.com/?ip.37.0.10.62) | - | - | High
73 | [37.0.10.63](https://vuldb.com/?ip.37.0.10.63) | - | - | High
74 | [37.0.10.252](https://vuldb.com/?ip.37.0.10.252) | - | - | High
75 | [37.0.11.99](https://vuldb.com/?ip.37.0.11.99) | - | - | High
76 | [37.0.11.155](https://vuldb.com/?ip.37.0.11.155) | - | - | High
77 | [37.0.11.164](https://vuldb.com/?ip.37.0.11.164) | - | - | High
78 | [37.0.11.177](https://vuldb.com/?ip.37.0.11.177) | - | - | High
79 | [37.0.11.183](https://vuldb.com/?ip.37.0.11.183) | - | - | High
80 | [37.0.11.212](https://vuldb.com/?ip.37.0.11.212) | - | - | High
81 | [37.0.11.221](https://vuldb.com/?ip.37.0.11.221) | - | - | High
82 | [37.0.14.212](https://vuldb.com/?ip.37.0.14.212) | - | - | High
83 | [37.46.150.134](https://vuldb.com/?ip.37.46.150.134) | - | - | High
84 | [37.120.152.157](https://vuldb.com/?ip.37.120.152.157) | - | - | High
85 | [37.120.208.46](https://vuldb.com/?ip.37.120.208.46) | - | - | High
86 | [37.120.212.229](https://vuldb.com/?ip.37.120.212.229) | - | - | High
87 | [37.120.234.40](https://vuldb.com/?ip.37.120.234.40) | no-rdns.m247.com | - | High
88 | [37.139.128.233](https://vuldb.com/?ip.37.139.128.233) | - | - | High
89 | [40.82.152.253](https://vuldb.com/?ip.40.82.152.253) | - | - | High
90 | [40.88.44.226](https://vuldb.com/?ip.40.88.44.226) | - | - | High
91 | [41.36.83.211](https://vuldb.com/?ip.41.36.83.211) | host-41.36.83.211.tedata.net | - | High
92 | [41.102.8.156](https://vuldb.com/?ip.41.102.8.156) | - | - | High
93 | [41.102.33.8](https://vuldb.com/?ip.41.102.33.8) | - | - | High
94 | [41.102.231.123](https://vuldb.com/?ip.41.102.231.123) | - | - | High
95 | [41.216.183.61](https://vuldb.com/?ip.41.216.183.61) | - | - | High
96 | [41.225.46.176](https://vuldb.com/?ip.41.225.46.176) | - | - | High
97 | [41.225.216.176](https://vuldb.com/?ip.41.225.216.176) | - | - | High
98 | ... | ... | ... | ...
There are 371 more IOC items available. Please use our online service to access the data.
There are 389 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -126,12 +130,12 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-36, CWE-425 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
There are 21 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -146,47 +150,47 @@ ID | Type | Indicator | Confidence
5 | File | `/admin/` | Low
6 | File | `/admin/action/delete-vaccine.php` | High
7 | File | `/admin/index2.html` | High
8 | File | `/admin/save.php` | High
9 | File | `/adminapi/system/crud` | High
10 | File | `/adminapi/system/file/openfile` | High
11 | File | `/admin_route/dec_service_credits.php` | High
12 | File | `/api/v1/alerts` | High
13 | File | `/api/v4/teams//channels/deleted` | High
14 | File | `/api/v4/users/ids` | High
15 | File | `/app/index/controller/Common.php` | High
16 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
17 | File | `/b2b-supermarket/shopping-cart` | High
18 | File | `/bitrix/admin/ldap_server_edit.php` | High
19 | File | `/cgi-bin/cstecgi.cgi` | High
20 | File | `/cgi-bin/vitogate.cgi` | High
8 | File | `/adminapi/system/crud` | High
9 | File | `/adminapi/system/file/openfile` | High
10 | File | `/admin_route/dec_service_credits.php` | High
11 | File | `/api/v1/alerts` | High
12 | File | `/api/v4/teams//channels/deleted` | High
13 | File | `/api/v4/users/ids` | High
14 | File | `/app/index/controller/Common.php` | High
15 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
16 | File | `/b2b-supermarket/shopping-cart` | High
17 | File | `/bitrix/admin/ldap_server_edit.php` | High
18 | File | `/cancel.php` | Medium
19 | File | `/category.php` | High
20 | File | `/cgi-bin/cstecgi.cgi` | High
21 | File | `/change-language/de_DE` | High
22 | File | `/debug/pprof` | Medium
23 | File | `/devinfo` | Medium
24 | File | `/dist/index.js` | High
25 | File | `/etc/shadow` | Medium
26 | File | `/fcgi/scrut_fcgi.fcgi` | High
27 | File | `/forms/doLogin` | High
28 | File | `/forum/away.php` | High
29 | File | `/geoserver/gwc/rest.html` | High
30 | File | `/goform/formSysCmd` | High
31 | File | `/h/autoSaveDraft` | High
32 | File | `/HNAP1` | Low
33 | File | `/hosts/firewall/ip` | High
34 | File | `/index.jsp#settings` | High
35 | File | `/index.php/ccm/system/file/upload` | High
36 | File | `/listplace/user/ticket/create` | High
37 | File | `/log/decodmail.php` | High
38 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
39 | File | `/novel/author/list` | High
40 | File | `/novel/bookSetting/list` | High
41 | File | `/novel/userFeedback/list` | High
42 | File | `/oauth/idp/.well-known/openid-configuration` | High
43 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
44 | File | `/php/ping.php` | High
25 | File | `/download` | Medium
26 | File | `/etc/shadow` | Medium
27 | File | `/fcgi/scrut_fcgi.fcgi` | High
28 | File | `/forms/doLogin` | High
29 | File | `/forum/away.php` | High
30 | File | `/geoserver/gwc/rest.html` | High
31 | File | `/goform/formSysCmd` | High
32 | File | `/hosts/firewall/ip` | High
33 | File | `/index.jsp#settings` | High
34 | File | `/index.php/ccm/system/file/upload` | High
35 | File | `/listplace/user/ticket/create` | High
36 | File | `/log/decodmail.php` | High
37 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
38 | File | `/novel/author/list` | High
39 | File | `/novel/bookSetting/list` | High
40 | File | `/novel/userFeedback/list` | High
41 | File | `/oauth/idp/.well-known/openid-configuration` | High
42 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
43 | File | `/php/ping.php` | High
44 | File | `/project/tasks/list` | High
45 | File | `/protocol/iscgwtunnel/uploadiscgwrouteconf.php` | High
46 | ... | ... | ...
There are 398 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

34
actors/Bl00dy/README.md
View File

@ -41,8 +41,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
@ -88,23 +88,23 @@ ID | Type | Indicator | Confidence
31 | File | `/hedwig.cgi` | Medium
32 | File | `/HNAP1` | Low
33 | File | `/HNAP1/SetClientInfo` | High
34 | File | `/Items/*/RemoteImages/Download` | High
35 | File | `/menu.html` | Medium
36 | File | `/modules/profile/index.php` | High
37 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
38 | File | `/navigate/navigate_download.php` | High
39 | File | `/ocwbs/admin/?page=user/manage_user` | High
40 | File | `/ofrs/admin/?page=user/manage_user` | High
41 | File | `/out.php` | Medium
42 | File | `/password.html` | High
43 | File | `/PC/WebService.asmx` | High
44 | File | `/php/exportrecord.php` | High
45 | File | `/php/ping.php` | High
46 | File | `/php_action/fetchSelectedUser.php` | High
47 | File | `/plugin` | Low
34 | File | `/importexport.php` | High
35 | File | `/Items/*/RemoteImages/Download` | High
36 | File | `/menu.html` | Medium
37 | File | `/modules/profile/index.php` | High
38 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
39 | File | `/navigate/navigate_download.php` | High
40 | File | `/ocwbs/admin/?page=user/manage_user` | High
41 | File | `/ofrs/admin/?page=user/manage_user` | High
42 | File | `/out.php` | Medium
43 | File | `/password.html` | High
44 | File | `/patient/appointment.php` | High
45 | File | `/PC/WebService.asmx` | High
46 | File | `/php/exportrecord.php` | High
47 | File | `/php/ping.php` | High
48 | ... | ... | ...
There are 419 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 416 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

214
actors/Black KingDom/README.md
View File

@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [FR](https://vuldb.com/?country.fr)
* [RU](https://vuldb.com/?country.ru)
* [GB](https://vuldb.com/?country.gb)
* ...
There are 2 more country items available. Please use our online service to access the data.
@ -36,12 +36,12 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-36, CWE-425 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 19 more TTP items available. Please use our online service to access the data.
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -54,115 +54,119 @@ ID | Type | Indicator | Confidence
3 | File | `/?r=recruit/resume/edit&op=status` | High
4 | File | `/academy/home/courses` | High
5 | File | `/Account/login.php` | High
6 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
6 | File | `/admin-manage-user.php` | High
7 | File | `/admin/` | Low
8 | File | `/admin/?page=user/list` | High
9 | File | `/admin/?page=user/manage_user&id=3` | High
10 | File | `/admin/action/add_con.php` | High
11 | File | `/admin/action/new-father.php` | High
12 | File | `/admin/action/new-feed.php` | High
13 | File | `/admin/addproduct.php` | High
14 | File | `/admin/ajax.php?action=confirm_order` | High
15 | File | `/admin/app/product.php` | High
16 | File | `/admin/app/service_crud.php` | High
17 | File | `/admin/article/article-edit-run.php` | High
18 | File | `/admin/book_add.php` | High
19 | File | `/admin/book_row.php` | High
20 | File | `/admin/borrow_add.php` | High
21 | File | `/admin/bwdates-report-details.php` | High
22 | File | `/admin/category_row.php` | High
23 | File | `/admin/cms_admin.php` | High
24 | File | `/admin/contacts/organizations/edit/2` | High
25 | File | `/admin/course.php` | High
26 | File | `/admin/courses/manage_course.php` | High
27 | File | `/admin/edit-admin.php` | High
28 | File | `/admin/edit_product.php` | High
29 | File | `/admin/edit_supplier.php` | High
30 | File | `/admin/edit_teacher.php` | High
31 | File | `/admin/index.php` | High
32 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
33 | File | `/admin/leancloud.php` | High
34 | File | `/Admin/login.php` | High
35 | File | `/admin/makehtml_freelist_action.php` | High
36 | File | `/admin/manage-pages.php` | High
37 | File | `/admin/modal_add_product.php` | High
38 | File | `/Admin/News.php` | High
39 | File | `/admin/orders/view_order.php` | High
40 | File | `/admin/pages/edit_chicken.php` | High
41 | File | `/admin/pages/update_go.php` | High
42 | File | `/admin/pages/yearlevel.php` | High
43 | File | `/admin/php/crud.php` | High
44 | File | `/admin/product/manage_product.php` | High
45 | File | `/admin/project/update/2` | High
46 | File | `/admin/read.php?mudi=getSignal` | High
47 | File | `/admin/reg.php` | High
48 | File | `/admin/settings/` | High
49 | File | `/admin/students/manage_academic.php` | High
50 | File | `/admin/students/update_status.php` | High
51 | File | `/admin/subject.php` | High
52 | File | `/admin/sys_sql_query.php` | High
53 | File | `/admin/test_status.php` | High
54 | File | `/admin/theme-edit.php` | High
55 | File | `/admin/upload.php` | High
56 | File | `/admin/userprofile.php` | High
57 | File | `/admin/vote_edit.php` | High
58 | File | `/adminapi/system/crud` | High
59 | File | `/adminapi/system/file/openfile` | High
60 | File | `/admin_route/dec_service_credits.php` | High
61 | File | `/adplanet/PlanetUser` | High
62 | File | `/ample/app/action/edit_product.php` | High
63 | File | `/ample/app/ajax/member_data.php` | High
64 | File | `/api.php` | Medium
65 | File | `/api/authentication/login` | High
66 | File | `/api/controllers/admin/app/AppController.php` | High
67 | File | `/api/controllers/common/UploadsController.php` | High
68 | File | `/api/DataDictionary/GetItemList` | High
69 | File | `/api/stl/actions/search` | High
70 | File | `/api/sys/login` | High
71 | File | `/application/index/controller/Datament.php` | High
72 | File | `/application/index/controller/Pay.php` | High
73 | File | `/application/index/controller/Screen.php` | High
74 | File | `/application/pay/controller/Api.php` | High
75 | File | `/apply/index.php` | High
76 | File | `/apps/reg_go.php` | High
77 | File | `/App_Resource/UEditor/server/upload.aspx` | High
78 | File | `/att_add.php` | Medium
79 | File | `/autheditpwd.php` | High
80 | File | `/author_posts.php` | High
81 | File | `/b2b-supermarket/catalog/all-products` | High
82 | File | `/bin/boa` | Medium
83 | File | `/blog` | Low
84 | File | `/blog-single.php` | High
85 | File | `/boaform/device_reset.cgi` | High
86 | File | `/boaform/wlan_basic_set.cgi` | High
87 | File | `/boafrm/formMapDelDevice` | High
88 | File | `/booking/show_bookings/` | High
89 | File | `/browse` | Low
90 | File | `/category.php` | High
91 | File | `/cgi-bin/` | Medium
92 | File | `/cgi-bin/cstecgi.cgi` | High
93 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
94 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
95 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
96 | File | `/chaincity/user/ticket/create` | High
97 | File | `/changeimage.php` | High
98 | File | `/classes/Master.php` | High
99 | File | `/classes/Master.php?f=delete_category` | High
100 | File | `/classes/Master.php?f=delete_inquiry` | High
101 | File | `/classes/Master.php?f=save_inquiry` | High
102 | File | `/classes/Master.php?f=save_item` | High
103 | File | `/classes/Users.php?f=save` | High
104 | File | `/collection/all` | High
105 | File | `/company/store` | High
106 | File | `/config` | Low
107 | File | `/config,admin.jsp` | High
108 | File | `/contact.php` | Medium
109 | File | `/Controller/Ajaxfileupload.ashx` | High
110 | File | `/course/filterRecords/` | High
111 | File | `/currentsetting.htm` | High
112 | ... | ... | ...
13 | File | `/admin/add-ambulance.php` | High
14 | File | `/admin/admin-profile.php` | High
15 | File | `/admin/ajax.php?action=confirm_order` | High
16 | File | `/admin/app/product.php` | High
17 | File | `/admin/app/service_crud.php` | High
18 | File | `/admin/applicants/controller.php` | High
19 | File | `/admin/article/article-edit-run.php` | High
20 | File | `/admin/bookdate.php` | High
21 | File | `/admin/booktime.php` | High
22 | File | `/admin/book_add.php` | High
23 | File | `/admin/book_row.php` | High
24 | File | `/admin/borrow_add.php` | High
25 | File | `/admin/bwdates-report-details.php` | High
26 | File | `/admin/category/controller.php` | High
27 | File | `/admin/category_row.php` | High
28 | File | `/admin/cms_admin.php` | High
29 | File | `/admin/company/controller.php` | High
30 | File | `/admin/company/index.php` | High
31 | File | `/admin/course.php` | High
32 | File | `/admin/courses/manage_course.php` | High
33 | File | `/admin/div_data/delete?divId=9` | High
34 | File | `/admin/edit-admin.php` | High
35 | File | `/admin/edit_product.php` | High
36 | File | `/admin/edit_supplier.php` | High
37 | File | `/admin/edit_teacher.php` | High
38 | File | `/admin/employee/controller.php` | High
39 | File | `/admin/employee/index.php` | High
40 | File | `/admin/forgot-password.php` | High
41 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
42 | File | `/admin/leancloud.php` | High
43 | File | `/admin/list_resource_icon.php?action=delete` | High
44 | File | `/Admin/login.php` | High
45 | File | `/admin/login.php` | High
46 | File | `/admin/maintenance/manage_category.php` | High
47 | File | `/admin/makehtml_freelist_action.php` | High
48 | File | `/admin/manage-pages.php` | High
49 | File | `/admin/menu/toEdit` | High
50 | File | `/Admin/News.php` | High
51 | File | `/admin/operations/expense_category.php` | High
52 | File | `/admin/orders/view_order.php` | High
53 | File | `/admin/pages/edit_chicken.php` | High
54 | File | `/admin/pages/update_go.php` | High
55 | File | `/admin/pages/yearlevel.php` | High
56 | File | `/admin/php/crud.php` | High
57 | File | `/admin/product/manage_product.php` | High
58 | File | `/admin/rooms.php` | High
59 | File | `/admin/search.php` | High
60 | File | `/admin/settings/` | High
61 | File | `/admin/students/manage_academic.php` | High
62 | File | `/admin/students/update_status.php` | High
63 | File | `/admin/subject.php` | High
64 | File | `/admin/sys_sql_query.php` | High
65 | File | `/admin/theme-edit.php` | High
66 | File | `/admin/update-rooms.php` | High
67 | File | `/admin/update-users.php` | High
68 | File | `/admin/upload.php` | High
69 | File | `/admin/user-search.php` | High
70 | File | `/admin/userprofile.php` | High
71 | File | `/admin/users.php` | High
72 | File | `/admin/vote_edit.php` | High
73 | File | `/adminapi/system/crud` | High
74 | File | `/adminapi/system/file/openfile` | High
75 | File | `/adminpanel/admin/query/deleteExamExe.php` | High
76 | File | `/adminpanel/admin/query/loginExe.php` | High
77 | File | `/admin_route/dec_service_credits.php` | High
78 | File | `/adplanet/PlanetUser` | High
79 | File | `/ample/app/action/edit_product.php` | High
80 | File | `/ample/app/ajax/member_data.php` | High
81 | File | `/api.php` | Medium
82 | File | `/api/authentication/login` | High
83 | File | `/api/controllers/admin/app/AppController.php` | High
84 | File | `/api/controllers/common/UploadsController.php` | High
85 | File | `/api/DataDictionary/GetItemList` | High
86 | File | `/api/sys/login` | High
87 | File | `/api/v1/toolbox/device/update/swap` | High
88 | File | `/application/index/controller/Datament.php` | High
89 | File | `/application/index/controller/Pay.php` | High
90 | File | `/application/index/controller/Screen.php` | High
91 | File | `/application/pay/controller/Api.php` | High
92 | File | `/apply/index.php` | High
93 | File | `/apps/reg_go.php` | High
94 | File | `/apps/system/api/user.go` | High
95 | File | `/apps/system/router/upload.go` | High
96 | File | `/apps/system/services/role_menu.go` | High
97 | File | `/App_Resource/UEditor/server/upload.aspx` | High
98 | File | `/att_add.php` | Medium
99 | File | `/autheditpwd.php` | High
100 | File | `/b2b-supermarket/catalog/all-products` | High
101 | File | `/billing/bill/edit/` | High
102 | File | `/bin/boa` | Medium
103 | File | `/bishe/register` | High
104 | File | `/blog` | Low
105 | File | `/blog-single.php` | High
106 | File | `/boaform/device_reset.cgi` | High
107 | File | `/boaform/wlan_basic_set.cgi` | High
108 | File | `/boafrm/formMapDelDevice` | High
109 | File | `/browse` | Low
110 | File | `/bsenordering/index.php` | High
111 | File | `/cancel.php` | Medium
112 | File | `/category.php` | High
113 | File | `/cgi-bin/` | Medium
114 | File | `/cgi-bin/cstecgi.cgi` | High
115 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
116 | ... | ... | ...
There are 994 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 1029 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

92
actors/BlackCat/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [SV](https://vuldb.com/?country.sv)
* [RU](https://vuldb.com/?country.ru)
* [CN](https://vuldb.com/?country.cn)
* ...
There are 11 more country items available. Please use our online service to access the data.
There are 14 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -21,13 +21,14 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [20.46.245.56](https://vuldb.com/?ip.20.46.245.56) | - | - | High
2 | [23.106.223.97](https://vuldb.com/?ip.23.106.223.97) | - | - | High
3 | [37.120.238.58](https://vuldb.com/?ip.37.120.238.58) | - | - | High
4 | [45.134.20.66](https://vuldb.com/?ip.45.134.20.66) | - | - | High
5 | ... | ... | ... | ...
1 | [5.199.168.24](https://vuldb.com/?ip.5.199.168.24) | - | - | High
2 | [5.199.168.233](https://vuldb.com/?ip.5.199.168.233) | - | - | High
3 | [20.46.245.56](https://vuldb.com/?ip.20.46.245.56) | - | - | High
4 | [23.106.223.97](https://vuldb.com/?ip.23.106.223.97) | - | - | High
5 | [37.120.238.58](https://vuldb.com/?ip.37.120.238.58) | - | - | High
6 | ... | ... | ... | ...
There are 15 more IOC items available. Please use our online service to access the data.
There are 22 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -37,8 +38,8 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-29 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94 | Argument Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80, CWE-85 | Cross Site Scripting | High
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
7 | ... | ... | ... | ...
@ -78,44 +79,46 @@ ID | Type | Indicator | Confidence
25 | File | `/ample/app/ajax/member_data.php` | High
26 | File | `/app/index/controller/Common.php` | High
27 | File | `/article/DelectArticleById/` | High
28 | File | `/asms/classes/Master.php?f=delete_service` | High
29 | File | `/auth/auth.php?user=1` | High
30 | File | `/b2b-supermarket/shopping-cart` | High
31 | File | `/blog` | Low
32 | File | `/bsms_ci/index.php/user/edit_user/` | High
28 | File | `/auth/auth.php?user=1` | High
29 | File | `/b2b-supermarket/shopping-cart` | High
30 | File | `/blog` | Low
31 | File | `/bsms_ci/index.php/user/edit_user/` | High
32 | File | `/category.php` | High
33 | File | `/cgi-bin/cstecgi.cgi` | High
34 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
35 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
36 | File | `/classes/Master.php?f=delete_category` | High
37 | File | `/classes/Master.php?f=delete_inquiry` | High
38 | File | `/classes/Master.php?f=save_reminder` | High
39 | File | `/clients/listclients.php` | High
40 | File | `/cms/category/list` | High
41 | File | `/collection/all` | High
42 | File | `/company/store` | High
43 | File | `/contacts/listcontacts.php` | High
44 | File | `/Default/Bd` | Medium
45 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
46 | File | `/ext/phar/phar_object.c` | High
47 | File | `/file-manager/upload.php` | High
48 | File | `/forum/away.php` | High
49 | File | `/fos/admin/index.php?page=menu` | High
50 | File | `/friends` | Medium
51 | File | `/goform/AddSysLogRule` | High
52 | File | `/goform/SafeEmailFilter` | High
53 | File | `/goform/SetIpMacBind` | High
54 | File | `/goform/setSnmpInfo` | High
55 | File | `/goform/setUplinkInfo` | High
56 | File | `/goform/SysToolReboot` | High
57 | File | `/goform/WifiBasicSet` | High
58 | File | `/graphql` | Medium
59 | File | `/home/get_tasks_list` | High
60 | File | `/hrm/employeeview.php` | High
61 | File | `/hss/?page=categories` | High
62 | File | `/hss/admin/brands/manage_brand.php` | High
63 | ... | ... | ...
36 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
37 | File | `/classes/Master.php?f=delete_category` | High
38 | File | `/classes/Master.php?f=delete_inquiry` | High
39 | File | `/classes/Master.php?f=save_reminder` | High
40 | File | `/clients/listclients.php` | High
41 | File | `/cms/category/list` | High
42 | File | `/collection/all` | High
43 | File | `/company/store` | High
44 | File | `/contacts/listcontacts.php` | High
45 | File | `/Default/Bd` | Medium
46 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
47 | File | `/ext/phar/phar_object.c` | High
48 | File | `/file-manager/upload.php` | High
49 | File | `/foms/place-order.php` | High
50 | File | `/forum/away.php` | High
51 | File | `/fos/admin/index.php?page=menu` | High
52 | File | `/friends` | Medium
53 | File | `/goform/AddSysLogRule` | High
54 | File | `/goform/SafeEmailFilter` | High
55 | File | `/goform/SetIpMacBind` | High
56 | File | `/goform/setSnmpInfo` | High
57 | File | `/goform/setUplinkInfo` | High
58 | File | `/goform/SysToolReboot` | High
59 | File | `/goform/WifiBasicSet` | High
60 | File | `/graphql` | Medium
61 | File | `/home/get_tasks_list` | High
62 | File | `/hrm/employeeview.php` | High
63 | File | `/hss/?page=categories` | High
64 | File | `/hss/admin/brands/manage_brand.php` | High
65 | ... | ... | ...
There are 550 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 574 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -123,6 +126,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html
* https://threatfox.abuse.ch
* https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
* https://www.huntress.com/blog/blackcat-ransomware-affiliate-ttps
* https://www.ic3.gov/Media/News/2022/220420.pdf

98
actors/BlackEnergy/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [LA](https://vuldb.com/?country.la)
* ...
There are 11 more country items available. Please use our online service to access the data.
There are 9 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -37,14 +37,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 21 more TTP items available. Please use our online service to access the data.
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -53,54 +53,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/?p=products` | Medium
2 | File | `/admin.php/accessory/filesdel.html` | High
3 | File | `/admin/?page=user/manage` | High
4 | File | `/admin/add-new.php` | High
5 | File | `/admin/controller/JobLogController.java` | High
6 | File | `/admin/doctors.php` | High
7 | File | `/alphaware/summary.php` | High
8 | File | `/api/` | Low
9 | File | `/api/admin/store/product/list` | High
10 | File | `/api/baskets/{name}` | High
11 | File | `/api/stl/actions/search` | High
12 | File | `/api/sys/login` | High
13 | File | `/api/sys/set_passwd` | High
14 | File | `/api/trackedEntityInstances` | High
15 | File | `/api/v2/cli/commands` | High
16 | File | `/aux` | Low
17 | File | `/bin/ate` | Medium
18 | File | `/bitrix/admin/ldap_server_edit.php` | High
19 | File | `/boat/login.php` | High
20 | File | `/booking/show_bookings/` | High
21 | File | `/bsms_ci/index.php/book` | High
22 | File | `/cgi-bin` | Medium
23 | File | `/cgi-bin/wlogin.cgi` | High
24 | File | `/changePassword` | High
25 | File | `/Content/Template/root/reverse-shell.aspx` | High
26 | File | `/dashboard/add-blog.php` | High
27 | File | `/data/remove` | Medium
28 | File | `/debug/pprof` | Medium
29 | File | `/DXR.axd` | Medium
30 | File | `/ecshop/admin/template.php` | High
31 | File | `/env` | Low
32 | File | `/etc/passwd` | Medium
33 | File | `/forum/away.php` | High
34 | File | `/group1/uploa` | High
35 | File | `/index.php` | Medium
36 | File | `/medicines/profile.php` | High
37 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
38 | File | `/novel/bookSetting/list` | High
39 | File | `/out.php` | Medium
40 | File | `/owa/auth/logon.aspx` | High
41 | File | `/php-sms/admin/?page=user/manage_user` | High
42 | File | `/reservation/add_message.php` | High
43 | File | `/resources//../` | High
44 | File | `/spip.php` | Medium
45 | File | `/testConnection` | High
46 | File | `/tmp/ppd.trace` | High
47 | ... | ... | ...
2 | File | `/admin/controller/JobLogController.java` | High
3 | File | `/api/baskets/{name}` | High
4 | File | `/api/stl/actions/search` | High
5 | File | `/api/sys/login` | High
6 | File | `/api/sys/set_passwd` | High
7 | File | `/api/trackedEntityInstances` | High
8 | File | `/api/v2/cli/commands` | High
9 | File | `/aux` | Low
10 | File | `/bin/ate` | Medium
11 | File | `/bitrix/admin/ldap_server_edit.php` | High
12 | File | `/booking/show_bookings/` | High
13 | File | `/cgi-bin` | Medium
14 | File | `/cgi-bin/wlogin.cgi` | High
15 | File | `/changePassword` | High
16 | File | `/Content/Template/root/reverse-shell.aspx` | High
17 | File | `/dashboard/add-blog.php` | High
18 | File | `/data/remove` | Medium
19 | File | `/debug/pprof` | Medium
20 | File | `/DXR.axd` | Medium
21 | File | `/ecshop/admin/template.php` | High
22 | File | `/env` | Low
23 | File | `/etc/passwd` | Medium
24 | File | `/forum/away.php` | High
25 | File | `/goform/net\_Web\_get_value` | High
26 | File | `/group1/uploa` | High
27 | File | `/index.php` | Medium
28 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
29 | File | `/novel/bookSetting/list` | High
30 | File | `/novel/userFeedback/list` | High
31 | File | `/php-sms/admin/?page=user/manage_user` | High
32 | File | `/resources//../` | High
33 | File | `/testConnection` | High
34 | File | `/tmp/ppd.trace` | High
35 | File | `/user/inc/workidajax.php` | High
36 | File | `/user/updatePwd` | High
37 | File | `/userLogin.asp` | High
38 | File | `/vm/admin/doctors.php` | High
39 | ... | ... | ...
There are 410 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 333 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/BlackTech/README.md
View File

@ -46,7 +46,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...

6
actors/BlackTechq/README.md
View File

@ -34,10 +34,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94 | Cross Site Scripting | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | ... | ... | ... | ...
There are 14 more TTP items available. Please use our online service to access the data.

51
actors/Blackwater/README.md
View File

@ -35,12 +35,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-36 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 15 more TTP items available. Please use our online service to access the data.
There are 16 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -50,27 +50,34 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%PROGRAMFILES%\MyQ\PHP\Sessions\` | High
2 | File | `/.flatpak-info` | High
3 | File | `/admin/edit.php` | High
4 | File | `/admin/googleads.php` | High
5 | File | `/admin/pages/update_go.php` | High
6 | File | `/admin/reg.php` | High
7 | File | `/admin/renewaldue.php` | High
8 | File | `/ajax` | Low
9 | File | `/analysisProject/pagingQueryData` | High
10 | File | `/api/sys/login` | High
11 | File | `/application/index/controller/Databasesource.php` | High
12 | File | `/application/index/controller/Screen.php` | High
13 | File | `/bin/boa` | Medium
14 | File | `/booking/show_bookings/` | High
15 | File | `/cgi-bin/adm.cgi` | High
16 | File | `/cgi-bin/cstecgi.cgi` | High
17 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
18 | File | `/collection/all` | High
19 | File | `/dashboard/add-portfolio.php` | High
20 | File | `/devinfo` | Medium
21 | ... | ... | ...
3 | File | `/Account/login.php` | High
4 | File | `/admin/` | Low
5 | File | `/admin/app/login_crud.php` | High
6 | File | `/admin/app/product.php` | High
7 | File | `/admin/app/service_crud.php` | High
8 | File | `/admin/edit.php` | High
9 | File | `/admin/googleads.php` | High
10 | File | `/admin/list_ipAddressPolicy.php` | High
11 | File | `/admin/login.php` | High
12 | File | `/Admin/login.php` | High
13 | File | `/admin/pages/update_go.php` | High
14 | File | `/admin/reg.php` | High
15 | File | `/admin/renewaldue.php` | High
16 | File | `/admin/search.php` | High
17 | File | `/ajax` | Low
18 | File | `/analysisProject/pagingQueryData` | High
19 | File | `/api/sys/login` | High
20 | File | `/app/ajax/search_sales_report.php` | High
21 | File | `/app/middleware/TokenVerify.php` | High
22 | File | `/application/index/controller/Databasesource.php` | High
23 | File | `/application/index/controller/Screen.php` | High
24 | File | `/bin/boa` | Medium
25 | File | `/booking/show_bookings/` | High
26 | File | `/cancel.php` | Medium
27 | File | `/cgi-bin/adm.cgi` | High
28 | ... | ... | ...
There are 178 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 238 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

4
actors/Blackwood/README.md
View File

@ -25,8 +25,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1059 | CWE-94 | Cross Site Scripting | High
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1059 | CWE-94 | Argument Injection | High
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
4 | ... | ... | ... | ...

2
actors/BlueNoroff/README.md
View File

@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | ... | ... | ... | ...
There are 8 more TTP items available. Please use our online service to access the data.

41
actors/BlueShell/README.md
View File

@ -10,19 +10,58 @@ The following _campaigns_ are known and can be associated with BlueShell:
* Korea / Thailand
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BlueShell:
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BlueShell.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [20.214.201.166](https://vuldb.com/?ip.20.214.201.166) | - | Korea / Thailand | High
1 | [20.200.213.72](https://vuldb.com/?ip.20.200.213.72) | - | - | High
2 | [20.214.201.166](https://vuldb.com/?ip.20.214.201.166) | - | Korea / Thailand | High
3 | [121.127.241.117](https://vuldb.com/?ip.121.127.241.117) | - | - | High
4 | ... | ... | ... | ...
There are 1 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _BlueShell_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
3 | T1505 | CWE-89 | SQL Injection | High
4 | ... | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BlueShell. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `assets/download.aspx` | High
2 | File | `join.c` | Low
3 | File | `njs_module.c` | Medium
4 | ... | ... | ...
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://asec.ahnlab.com/en/56941/
* https://asec.ahnlab.com/en/61549/
## Literature

4
actors/BoatBotnet/README.md
View File

@ -29,8 +29,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1059 | CWE-94 | Cross Site Scripting | High
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1059 | CWE-94 | Argument Injection | High
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
4 | ... | ... | ... | ...

73
actors/Bobik/README.md Normal file
View File

@ -0,0 +1,73 @@
# Bobik - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bobik](https://vuldb.com/?actor.bobik). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bobik](https://vuldb.com/?actor.bobik)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bobik:
* [DE](https://vuldb.com/?country.de)
* [US](https://vuldb.com/?country.us)
* [PT](https://vuldb.com/?country.pt)
* ...
There are 1 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bobik.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [2.57.122.82](https://vuldb.com/?ip.2.57.122.82) | - | - | High
2 | [77.232.41.206](https://vuldb.com/?ip.77.232.41.206) | host-77-232-41-206.macloud.host | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Bobik_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 15 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bobik. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/ajax.php?action=confirm_order` | High
2 | File | `/admin/book_add.php` | High
3 | File | `/admin/borrow_add.php` | High
4 | File | `/admin/manage-pages.php` | High
5 | File | `/admin/sys_sql_query.php` | High
6 | File | `/api/snapshot and /api/get_log_file` | High
7 | File | `/b2b-supermarket/catalog/all-products` | High
8 | ... | ... | ...
There are 54 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://github.com/avast/ioc/tree/master/Bobik
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

56
actors/Bonanza/README.md
View File

@ -31,11 +31,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | ... | ... | ... | ...
There are 10 more TTP items available. Please use our online service to access the data.
There are 11 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -48,34 +48,34 @@ ID | Type | Indicator | Confidence
3 | File | `/advanced-tools/nova/bin/netwatch` | High
4 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
5 | File | `/film-rating.php` | High
6 | File | `/index.php` | Medium
7 | File | `/librarian/bookdetails.php` | High
8 | File | `/pages/faculty_sched.php` | High
9 | File | `/php_action/createUser.php` | High
10 | File | `/spip.php` | Medium
11 | File | `/student/bookdetails.php` | High
12 | File | `account.asp` | Medium
13 | File | `add_comment.php` | High
14 | File | `admin.php` | Medium
15 | File | `admin/admin_users.php` | High
16 | File | `admin/conf_users_edit.php` | High
17 | File | `Admin/edit-admin.php` | High
18 | File | `admin/establishment/manage.php` | High
19 | File | `admin/inquiries/view_details.php` | High
20 | File | `admin/skins.php` | High
21 | File | `admin/versions.html` | High
22 | File | `admindocumentworker.jsp` | High
23 | File | `admin_feature.php` | High
24 | File | `album_portal.php` | High
25 | File | `announce.php` | Medium
26 | File | `apply.cgi` | Medium
27 | File | `ardguest.php` | Medium
28 | File | `bb_usage_stats.php` | High
29 | File | `category.cfm` | Medium
30 | File | `category_list.php` | High
6 | File | `/forum/away.php` | High
7 | File | `/index.php` | Medium
8 | File | `/librarian/bookdetails.php` | High
9 | File | `/pages/faculty_sched.php` | High
10 | File | `/php_action/createUser.php` | High
11 | File | `/spip.php` | Medium
12 | File | `/student/bookdetails.php` | High
13 | File | `account.asp` | Medium
14 | File | `add_comment.php` | High
15 | File | `admin.php` | Medium
16 | File | `admin/admin_users.php` | High
17 | File | `admin/conf_users_edit.php` | High
18 | File | `Admin/edit-admin.php` | High
19 | File | `admin/establishment/manage.php` | High
20 | File | `admin/inquiries/view_details.php` | High
21 | File | `admin/skins.php` | High
22 | File | `admin/versions.html` | High
23 | File | `admindocumentworker.jsp` | High
24 | File | `admin_feature.php` | High
25 | File | `album_portal.php` | High
26 | File | `announce.php` | Medium
27 | File | `apply.cgi` | Medium
28 | File | `ardguest.php` | Medium
29 | File | `bb_usage_stats.php` | High
30 | File | `bwdates-report-result.php` | High
31 | ... | ... | ...
There are 265 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 267 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

79
actors/Bosnia and Herzegovina Unknown/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [GB](https://vuldb.com/?country.gb)
* [TR](https://vuldb.com/?country.tr)
* ...
There are 21 more country items available. Please use our online service to access the data.
There are 22 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -81,7 +81,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-36, CWE-425 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
@ -102,47 +102,46 @@ ID | Type | Indicator | Confidence
6 | File | `/adminapi/system/crud` | High
7 | File | `/adminapi/system/file/openfile` | High
8 | File | `/admin_route/dec_service_credits.php` | High
9 | File | `/api/baskets/{name}` | High
10 | File | `/api/download` | High
11 | File | `/api/v1/alerts` | High
12 | File | `/api/v1/terminal/sessions/?limit=1` | High
13 | File | `/api/v4/teams//channels/deleted` | High
14 | File | `/b2b-supermarket/shopping-cart` | High
9 | File | `/api/download` | High
10 | File | `/api/v1/alerts` | High
11 | File | `/api/v1/terminal/sessions/?limit=1` | High
12 | File | `/api/v4/teams//channels/deleted` | High
13 | File | `/b2b-supermarket/shopping-cart` | High
14 | File | `/cancel.php` | Medium
15 | File | `/category.php` | High
16 | File | `/categorypage.php` | High
17 | File | `/cgi-bin/cstecgi.cgi` | High
18 | File | `/cgi-bin/luci/api/wireless` | High
19 | File | `/cgi-bin/vitogate.cgi` | High
20 | File | `/change-language/de_DE` | High
21 | File | `/Content/Template/root/reverse-shell.aspx` | High
22 | File | `/core/conditions/AbstractWrapper.java` | High
23 | File | `/debug/pprof` | Medium
24 | File | `/devinfo` | Medium
25 | File | `/dist/index.js` | High
26 | File | `/fcgi/scrut_fcgi.fcgi` | High
27 | File | `/forum/away.php` | High
28 | File | `/geoserver/gwc/rest.html` | High
29 | File | `/goform/formSysCmd` | High
30 | File | `/HNAP1` | Low
31 | File | `/hosts/firewall/ip` | High
32 | File | `/index.jsp#settings` | High
33 | File | `/index.php/ccm/system/file/upload` | High
34 | File | `/jeecg-boot/sys/common/upload` | High
35 | File | `/log/decodmail.php` | High
36 | File | `/oauth/idp/.well-known/openid-configuration` | High
37 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
38 | File | `/php/ping.php` | High
39 | File | `/proxy` | Low
40 | File | `/register.do` | Medium
41 | File | `/RPS2019Service/status.html` | High
42 | File | `/s/index.php?action=statistics` | High
43 | File | `/setting` | Medium
44 | File | `/sicweb-ajax/tmproot/` | High
45 | File | `/signup.php` | Medium
46 | File | `/spip.php` | Medium
47 | ... | ... | ...
18 | File | `/cgi-bin/vitogate.cgi` | High
19 | File | `/change-language/de_DE` | High
20 | File | `/debug/pprof` | Medium
21 | File | `/devinfo` | Medium
22 | File | `/dist/index.js` | High
23 | File | `/download` | Medium
24 | File | `/fcgi/scrut_fcgi.fcgi` | High
25 | File | `/forum/away.php` | High
26 | File | `/geoserver/gwc/rest.html` | High
27 | File | `/goform/formSysCmd` | High
28 | File | `/HNAP1` | Low
29 | File | `/hosts/firewall/ip` | High
30 | File | `/index.jsp#settings` | High
31 | File | `/index.php/ccm/system/file/upload` | High
32 | File | `/jeecg-boot/sys/common/upload` | High
33 | File | `/log/decodmail.php` | High
34 | File | `/oauth/idp/.well-known/openid-configuration` | High
35 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
36 | File | `/php/ping.php` | High
37 | File | `/proxy` | Low
38 | File | `/RPS2019Service/status.html` | High
39 | File | `/s/index.php?action=statistics` | High
40 | File | `/setting` | Medium
41 | File | `/Setting/change_password_save` | High
42 | File | `/sicweb-ajax/tmproot/` | High
43 | File | `/signup.php` | Medium
44 | File | `/spip.php` | Medium
45 | File | `/st_reg.php` | Medium
46 | ... | ... | ...
There are 403 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Brunei Darussalam Unknown/README.md
View File

@ -41,7 +41,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...

78
actors/Brunei Unknown/README.md
View File

@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Brunei Unknown:
* [US](https://vuldb.com/?country.us)
* [JP](https://vuldb.com/?country.jp)
* [CN](https://vuldb.com/?country.cn)
* [JP](https://vuldb.com/?country.jp)
* ...
There are 24 more country items available. Please use our online service to access the data.
@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
@ -76,45 +76,45 @@ ID | Type | Indicator | Confidence
14 | File | `/admin/show.php` | High
15 | File | `/api/file_uploader.php` | High
16 | File | `/api/RecordingList/DownloadRecord?file=` | High
17 | File | `/api/v1/terminal/sessions/?limit=1` | High
18 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
19 | File | `/bin/boa` | Medium
20 | File | `/boat/login.php` | High
21 | File | `/cimom` | Low
22 | File | `/clinic/disease_symptoms_view.php` | High
23 | File | `/default.php?idx=17` | High
24 | File | `/dev/shm` | Medium
25 | File | `/download` | Medium
26 | File | `/env` | Low
27 | File | `/forum/away.php` | High
28 | File | `/GponForm/device_Form?script/` | High
29 | File | `/login/index.php` | High
30 | File | `/mgmt/tm/util/bash` | High
31 | File | `/net` | Low
32 | File | `/opt/bin/cli` | Medium
33 | File | `/p` | Low
34 | File | `/patient/doctors.php` | High
35 | File | `/phpinventory/editcategory.php` | High
36 | File | `/SASWebReportStudio/logonAndRender.do` | High
37 | File | `/service/upload` | High
38 | File | `/setup/finish` | High
39 | File | `/spip.php` | Medium
40 | File | `/sysmanage/edit_manageadmin.php` | High
41 | File | `/uncpath/` | Medium
42 | File | `/updown/upload.cgi` | High
43 | File | `/user/del.php` | High
44 | File | `/viewer/krpano.html` | High
45 | File | `/wp-admin/admin-ajax.php` | High
46 | File | `/_next` | Low
47 | File | `/_vti_pvt/access.cnf` | High
48 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
49 | File | `act.php` | Low
50 | File | `ActionServlet.java` | High
51 | File | `adclick.php` | Medium
52 | File | `admin.php` | Medium
17 | File | `/api/sys/login` | High
18 | File | `/api/v1/terminal/sessions/?limit=1` | High
19 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
20 | File | `/bin/boa` | Medium
21 | File | `/boat/login.php` | High
22 | File | `/cimom` | Low
23 | File | `/clinic/disease_symptoms_view.php` | High
24 | File | `/default.php?idx=17` | High
25 | File | `/dev/shm` | Medium
26 | File | `/download` | Medium
27 | File | `/env` | Low
28 | File | `/forum/away.php` | High
29 | File | `/GponForm/device_Form?script/` | High
30 | File | `/login/index.php` | High
31 | File | `/mgmt/tm/util/bash` | High
32 | File | `/net` | Low
33 | File | `/opt/bin/cli` | Medium
34 | File | `/p` | Low
35 | File | `/patient/doctors.php` | High
36 | File | `/phpinventory/editcategory.php` | High
37 | File | `/SASWebReportStudio/logonAndRender.do` | High
38 | File | `/service/upload` | High
39 | File | `/setup/finish` | High
40 | File | `/spip.php` | Medium
41 | File | `/sysmanage/edit_manageadmin.php` | High
42 | File | `/uncpath/` | Medium
43 | File | `/updown/upload.cgi` | High
44 | File | `/user/del.php` | High
45 | File | `/viewer/krpano.html` | High
46 | File | `/wp-admin/admin-ajax.php` | High
47 | File | `/_next` | Low
48 | File | `/_vti_pvt/access.cnf` | High
49 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
50 | File | `act.php` | Low
51 | File | `ActionServlet.java` | High
52 | File | `adclick.php` | Medium
53 | ... | ... | ...
There are 465 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 466 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

162
actors/Brute Ratel C4/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [GB](https://vuldb.com/?country.gb)
* [TR](https://vuldb.com/?country.tr)
* ...
There are 18 more country items available. Please use our online service to access the data.
There are 20 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -24,66 +24,67 @@ ID | IP address | Hostname | Campaign | Confidence
1 | [2.34.147.152](https://vuldb.com/?ip.2.34.147.152) | net-2-34-147-152.cust.vodafonedsl.it | - | High
2 | [3.19.120.166](https://vuldb.com/?ip.3.19.120.166) | ec2-3-19-120-166.us-east-2.compute.amazonaws.com | - | Medium
3 | [3.28.39.6](https://vuldb.com/?ip.3.28.39.6) | ec2-3-28-39-6.me-central-1.compute.amazonaws.com | - | Medium
4 | [3.99.59.202](https://vuldb.com/?ip.3.99.59.202) | ec2-3-99-59-202.ca-central-1.compute.amazonaws.com | - | Medium
5 | [3.110.56.219](https://vuldb.com/?ip.3.110.56.219) | ec2-3-110-56-219.ap-south-1.compute.amazonaws.com | - | Medium
6 | [3.112.78.101](https://vuldb.com/?ip.3.112.78.101) | ec2-3-112-78-101.ap-northeast-1.compute.amazonaws.com | - | Medium
7 | [3.112.185.142](https://vuldb.com/?ip.3.112.185.142) | ec2-3-112-185-142.ap-northeast-1.compute.amazonaws.com | - | Medium
8 | [3.115.144.47](https://vuldb.com/?ip.3.115.144.47) | ec2-3-115-144-47.ap-northeast-1.compute.amazonaws.com | - | Medium
9 | [3.133.7.69](https://vuldb.com/?ip.3.133.7.69) | ec2-3-133-7-69.us-east-2.compute.amazonaws.com | - | Medium
10 | [3.221.126.84](https://vuldb.com/?ip.3.221.126.84) | ec2-3-221-126-84.compute-1.amazonaws.com | - | Medium
11 | [5.42.65.45](https://vuldb.com/?ip.5.42.65.45) | - | - | High
12 | [5.188.87.50](https://vuldb.com/?ip.5.188.87.50) | - | - | High
13 | [8.212.128.240](https://vuldb.com/?ip.8.212.128.240) | - | - | High
14 | [8.219.217.130](https://vuldb.com/?ip.8.219.217.130) | - | - | High
15 | [8.222.133.105](https://vuldb.com/?ip.8.222.133.105) | - | - | High
16 | [13.82.141.216](https://vuldb.com/?ip.13.82.141.216) | - | - | High
17 | [13.112.86.223](https://vuldb.com/?ip.13.112.86.223) | ec2-13-112-86-223.ap-northeast-1.compute.amazonaws.com | - | Medium
18 | [13.112.226.27](https://vuldb.com/?ip.13.112.226.27) | ec2-13-112-226-27.ap-northeast-1.compute.amazonaws.com | - | Medium
19 | [13.113.45.138](https://vuldb.com/?ip.13.113.45.138) | ec2-13-113-45-138.ap-northeast-1.compute.amazonaws.com | - | Medium
20 | [13.113.86.16](https://vuldb.com/?ip.13.113.86.16) | ec2-13-113-86-16.ap-northeast-1.compute.amazonaws.com | - | Medium
21 | [13.113.204.244](https://vuldb.com/?ip.13.113.204.244) | ec2-13-113-204-244.ap-northeast-1.compute.amazonaws.com | - | Medium
22 | [13.114.48.174](https://vuldb.com/?ip.13.114.48.174) | ec2-13-114-48-174.ap-northeast-1.compute.amazonaws.com | - | Medium
23 | [13.114.78.162](https://vuldb.com/?ip.13.114.78.162) | ec2-13-114-78-162.ap-northeast-1.compute.amazonaws.com | - | Medium
24 | [13.114.110.144](https://vuldb.com/?ip.13.114.110.144) | ec2-13-114-110-144.ap-northeast-1.compute.amazonaws.com | - | Medium
25 | [13.114.224.91](https://vuldb.com/?ip.13.114.224.91) | ec2-13-114-224-91.ap-northeast-1.compute.amazonaws.com | - | Medium
26 | [13.115.223.29](https://vuldb.com/?ip.13.115.223.29) | ec2-13-115-223-29.ap-northeast-1.compute.amazonaws.com | - | Medium
27 | [13.230.94.200](https://vuldb.com/?ip.13.230.94.200) | ec2-13-230-94-200.ap-northeast-1.compute.amazonaws.com | - | Medium
28 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
29 | [13.231.24.246](https://vuldb.com/?ip.13.231.24.246) | ec2-13-231-24-246.ap-northeast-1.compute.amazonaws.com | - | Medium
30 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
31 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
32 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
33 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
34 | [18.66.112.58](https://vuldb.com/?ip.18.66.112.58) | server-18-66-112-58.fra56.r.cloudfront.net | - | High
35 | [18.66.112.89](https://vuldb.com/?ip.18.66.112.89) | server-18-66-112-89.fra56.r.cloudfront.net | - | High
36 | [18.66.112.114](https://vuldb.com/?ip.18.66.112.114) | server-18-66-112-114.fra56.r.cloudfront.net | - | High
37 | [18.66.112.122](https://vuldb.com/?ip.18.66.112.122) | server-18-66-112-122.fra56.r.cloudfront.net | - | High
38 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
39 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
40 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
41 | [18.154.185.36](https://vuldb.com/?ip.18.154.185.36) | server-18-154-185-36.ord58.r.cloudfront.net | - | High
42 | [18.154.185.115](https://vuldb.com/?ip.18.154.185.115) | server-18-154-185-115.ord58.r.cloudfront.net | - | High
43 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
44 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
45 | [18.176.27.91](https://vuldb.com/?ip.18.176.27.91) | ec2-18-176-27-91.ap-northeast-1.compute.amazonaws.com | - | Medium
46 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
47 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
48 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
49 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
50 | [18.180.64.43](https://vuldb.com/?ip.18.180.64.43) | ec2-18-180-64-43.ap-northeast-1.compute.amazonaws.com | - | Medium
51 | [18.181.114.13](https://vuldb.com/?ip.18.181.114.13) | ec2-18-181-114-13.ap-northeast-1.compute.amazonaws.com | - | Medium
52 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
53 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
54 | [18.193.106.166](https://vuldb.com/?ip.18.193.106.166) | ec2-18-193-106-166.eu-central-1.compute.amazonaws.com | - | Medium
55 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
56 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
57 | [18.219.153.204](https://vuldb.com/?ip.18.219.153.204) | ec2-18-219-153-204.us-east-2.compute.amazonaws.com | - | Medium
58 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
59 | [18.238.132.5](https://vuldb.com/?ip.18.238.132.5) | server-18-238-132-5.dfw57.r.cloudfront.net | - | High
60 | [18.238.132.55](https://vuldb.com/?ip.18.238.132.55) | server-18-238-132-55.dfw57.r.cloudfront.net | - | High
61 | ... | ... | ... | ...
4 | [3.36.144.103](https://vuldb.com/?ip.3.36.144.103) | ec2-3-36-144-103.ap-northeast-2.compute.amazonaws.com | - | Medium
5 | [3.99.59.202](https://vuldb.com/?ip.3.99.59.202) | ec2-3-99-59-202.ca-central-1.compute.amazonaws.com | - | Medium
6 | [3.110.56.219](https://vuldb.com/?ip.3.110.56.219) | ec2-3-110-56-219.ap-south-1.compute.amazonaws.com | - | Medium
7 | [3.112.78.101](https://vuldb.com/?ip.3.112.78.101) | ec2-3-112-78-101.ap-northeast-1.compute.amazonaws.com | - | Medium
8 | [3.112.185.142](https://vuldb.com/?ip.3.112.185.142) | ec2-3-112-185-142.ap-northeast-1.compute.amazonaws.com | - | Medium
9 | [3.115.144.47](https://vuldb.com/?ip.3.115.144.47) | ec2-3-115-144-47.ap-northeast-1.compute.amazonaws.com | - | Medium
10 | [3.133.7.69](https://vuldb.com/?ip.3.133.7.69) | ec2-3-133-7-69.us-east-2.compute.amazonaws.com | - | Medium
11 | [3.221.126.84](https://vuldb.com/?ip.3.221.126.84) | ec2-3-221-126-84.compute-1.amazonaws.com | - | Medium
12 | [5.42.65.45](https://vuldb.com/?ip.5.42.65.45) | - | - | High
13 | [5.188.87.50](https://vuldb.com/?ip.5.188.87.50) | - | - | High
14 | [8.212.128.240](https://vuldb.com/?ip.8.212.128.240) | - | - | High
15 | [8.219.217.130](https://vuldb.com/?ip.8.219.217.130) | - | - | High
16 | [8.222.133.105](https://vuldb.com/?ip.8.222.133.105) | - | - | High
17 | [13.82.141.216](https://vuldb.com/?ip.13.82.141.216) | - | - | High
18 | [13.112.86.223](https://vuldb.com/?ip.13.112.86.223) | ec2-13-112-86-223.ap-northeast-1.compute.amazonaws.com | - | Medium
19 | [13.112.226.27](https://vuldb.com/?ip.13.112.226.27) | ec2-13-112-226-27.ap-northeast-1.compute.amazonaws.com | - | Medium
20 | [13.113.45.138](https://vuldb.com/?ip.13.113.45.138) | ec2-13-113-45-138.ap-northeast-1.compute.amazonaws.com | - | Medium
21 | [13.113.86.16](https://vuldb.com/?ip.13.113.86.16) | ec2-13-113-86-16.ap-northeast-1.compute.amazonaws.com | - | Medium
22 | [13.113.189.83](https://vuldb.com/?ip.13.113.189.83) | ec2-13-113-189-83.ap-northeast-1.compute.amazonaws.com | - | Medium
23 | [13.113.204.244](https://vuldb.com/?ip.13.113.204.244) | ec2-13-113-204-244.ap-northeast-1.compute.amazonaws.com | - | Medium
24 | [13.114.48.174](https://vuldb.com/?ip.13.114.48.174) | ec2-13-114-48-174.ap-northeast-1.compute.amazonaws.com | - | Medium
25 | [13.114.78.162](https://vuldb.com/?ip.13.114.78.162) | ec2-13-114-78-162.ap-northeast-1.compute.amazonaws.com | - | Medium
26 | [13.114.110.144](https://vuldb.com/?ip.13.114.110.144) | ec2-13-114-110-144.ap-northeast-1.compute.amazonaws.com | - | Medium
27 | [13.114.224.91](https://vuldb.com/?ip.13.114.224.91) | ec2-13-114-224-91.ap-northeast-1.compute.amazonaws.com | - | Medium
28 | [13.115.223.29](https://vuldb.com/?ip.13.115.223.29) | ec2-13-115-223-29.ap-northeast-1.compute.amazonaws.com | - | Medium
29 | [13.230.94.200](https://vuldb.com/?ip.13.230.94.200) | ec2-13-230-94-200.ap-northeast-1.compute.amazonaws.com | - | Medium
30 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
31 | [13.231.24.246](https://vuldb.com/?ip.13.231.24.246) | ec2-13-231-24-246.ap-northeast-1.compute.amazonaws.com | - | Medium
32 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
33 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
34 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
35 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
36 | [18.66.112.58](https://vuldb.com/?ip.18.66.112.58) | server-18-66-112-58.fra56.r.cloudfront.net | - | High
37 | [18.66.112.89](https://vuldb.com/?ip.18.66.112.89) | server-18-66-112-89.fra56.r.cloudfront.net | - | High
38 | [18.66.112.114](https://vuldb.com/?ip.18.66.112.114) | server-18-66-112-114.fra56.r.cloudfront.net | - | High
39 | [18.66.112.122](https://vuldb.com/?ip.18.66.112.122) | server-18-66-112-122.fra56.r.cloudfront.net | - | High
40 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
41 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
42 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
43 | [18.154.185.36](https://vuldb.com/?ip.18.154.185.36) | server-18-154-185-36.ord58.r.cloudfront.net | - | High
44 | [18.154.185.115](https://vuldb.com/?ip.18.154.185.115) | server-18-154-185-115.ord58.r.cloudfront.net | - | High
45 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
46 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
47 | [18.176.27.91](https://vuldb.com/?ip.18.176.27.91) | ec2-18-176-27-91.ap-northeast-1.compute.amazonaws.com | - | Medium
48 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
49 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
50 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
51 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
52 | [18.180.64.43](https://vuldb.com/?ip.18.180.64.43) | ec2-18-180-64-43.ap-northeast-1.compute.amazonaws.com | - | Medium
53 | [18.181.114.13](https://vuldb.com/?ip.18.181.114.13) | ec2-18-181-114-13.ap-northeast-1.compute.amazonaws.com | - | Medium
54 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
55 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
56 | [18.193.106.166](https://vuldb.com/?ip.18.193.106.166) | ec2-18-193-106-166.eu-central-1.compute.amazonaws.com | - | Medium
57 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
58 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
59 | [18.219.153.204](https://vuldb.com/?ip.18.219.153.204) | ec2-18-219-153-204.us-east-2.compute.amazonaws.com | - | Medium
60 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
61 | [18.238.132.5](https://vuldb.com/?ip.18.238.132.5) | server-18-238-132-5.dfw57.r.cloudfront.net | - | High
62 | ... | ... | ... | ...
There are 240 more IOC items available. Please use our online service to access the data.
There are 245 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -93,7 +94,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-36, CWE-425 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
@ -117,12 +118,12 @@ ID | Type | Indicator | Confidence
9 | File | `/adminapi/system/crud` | High
10 | File | `/adminapi/system/file/openfile` | High
11 | File | `/admin_route/dec_service_credits.php` | High
12 | File | `/api/baskets/{name}` | High
13 | File | `/api/download` | High
14 | File | `/api/v1/alerts` | High
15 | File | `/api/v1/terminal/sessions/?limit=1` | High
16 | File | `/api/v4/teams//channels/deleted` | High
17 | File | `/b2b-supermarket/shopping-cart` | High
12 | File | `/api/download` | High
13 | File | `/api/v1/alerts` | High
14 | File | `/api/v1/terminal/sessions/?limit=1` | High
15 | File | `/api/v4/teams//channels/deleted` | High
16 | File | `/b2b-supermarket/shopping-cart` | High
17 | File | `/cancel.php` | Medium
18 | File | `/category.php` | High
19 | File | `/categorypage.php` | High
20 | File | `/cgi-bin/cstecgi.cgi` | High
@ -131,10 +132,10 @@ ID | Type | Indicator | Confidence
23 | File | `/change-language/de_DE` | High
24 | File | `/config/php.ini` | High
25 | File | `/Content/Template/root/reverse-shell.aspx` | High
26 | File | `/core/conditions/AbstractWrapper.java` | High
27 | File | `/debug/pprof` | Medium
28 | File | `/devinfo` | Medium
29 | File | `/dist/index.js` | High
26 | File | `/debug/pprof` | Medium
27 | File | `/devinfo` | Medium
28 | File | `/dist/index.js` | High
29 | File | `/download` | Medium
30 | File | `/fcgi/scrut_fcgi.fcgi` | High
31 | File | `/forum/away.php` | High
32 | File | `/geoserver/gwc/rest.html` | High
@ -150,12 +151,13 @@ ID | Type | Indicator | Confidence
42 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
43 | File | `/php/ping.php` | High
44 | File | `/proxy` | Low
45 | File | `/register.do` | Medium
46 | File | `/RPS2019Service/status.html` | High
47 | File | `/s/index.php?action=statistics` | High
48 | ... | ... | ...
45 | File | `/RPS2019Service/status.html` | High
46 | File | `/s/index.php?action=statistics` | High
47 | File | `/setting` | Medium
48 | File | `/Setting/change_password_save` | High
49 | ... | ... | ...
There are 421 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 424 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -165,6 +167,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://cybergeeks.tech/a-deep-dive-into-brute-ratel-c4-payloads/
* https://search.censys.io/hosts/2.34.147.152
* https://search.censys.io/hosts/3.28.39.6
* https://search.censys.io/hosts/3.36.144.103
* https://search.censys.io/hosts/3.112.78.101
* https://search.censys.io/hosts/3.112.185.142
* https://search.censys.io/hosts/3.115.144.47
@ -178,6 +181,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/hosts/13.112.226.27
* https://search.censys.io/hosts/13.113.45.138
* https://search.censys.io/hosts/13.113.86.16
* https://search.censys.io/hosts/13.113.189.83
* https://search.censys.io/hosts/13.113.204.244
* https://search.censys.io/hosts/13.114.48.174
* https://search.censys.io/hosts/13.114.78.162
@ -301,12 +305,15 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/hosts/82.84.39.65
* https://search.censys.io/hosts/83.97.73.90
* https://search.censys.io/hosts/84.32.131.78
* https://search.censys.io/hosts/84.246.85.147
* https://search.censys.io/hosts/87.121.221.22
* https://search.censys.io/hosts/88.151.192.114
* https://search.censys.io/hosts/88.218.61.244
* https://search.censys.io/hosts/91.92.247.69
* https://search.censys.io/hosts/91.92.254.156
* https://search.censys.io/hosts/91.103.253.43
* https://search.censys.io/hosts/91.223.208.155
* https://search.censys.io/hosts/92.118.112.155
* https://search.censys.io/hosts/94.102.49.64
* https://search.censys.io/hosts/94.198.97.58
* https://search.censys.io/hosts/103.25.188.178
@ -344,6 +351,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/hosts/149.28.251.203
* https://search.censys.io/hosts/154.26.154.154
* https://search.censys.io/hosts/154.202.59.96
* https://search.censys.io/hosts/157.230.247.198
* https://search.censys.io/hosts/157.254.195.201
* https://search.censys.io/hosts/161.35.170.123
* https://search.censys.io/hosts/164.92.145.128

6
actors/Buer/README.md
View File

@ -35,11 +35,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | ... | ... | ... | ...
There are 13 more TTP items available. Please use our online service to access the data.
There are 14 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -57,7 +57,7 @@ ID | Type | Indicator | Confidence
8 | File | `/goform/RgTime` | High
9 | ... | ... | ...
There are 67 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 68 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Buhtrap/README.md
View File

@ -35,7 +35,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | ... | ... | ... | ...

90
actors/Bumblebee/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* ...
There are 4 more country items available. Please use our online service to access the data.
There are 3 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -392,14 +392,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23, CWE-36 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
5 | ... | ... | ... | ...
There are 20 more TTP items available. Please use our online service to access the data.
There are 17 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -407,46 +406,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin_ping.htm` | High
2 | File | `/app/index/controller/Common.php` | High
3 | File | `/application/index/controller/Databasesource.php` | High
4 | File | `/application/index/controller/Icon.php` | High
5 | File | `/application/index/controller/Screen.php` | High
6 | File | `/application/plugins/controller/Upload.php` | High
7 | File | `/application/websocket/controller/Setting.php` | High
8 | File | `/belegungsplan/wochenuebersicht.inc.php` | High
9 | File | `/calendar/minimizer/index.php` | High
10 | File | `/cgi-bin/mainfunction.cgi` | High
11 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
12 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
13 | File | `/cgi-bin/wlogin.cgi` | High
14 | File | `/cgi.cgi` | Medium
15 | File | `/core/tools/update_menu.php` | High
16 | File | `/counter/index2.php` | High
17 | File | `/DXR.axd` | Medium
18 | File | `/forum/away.php` | High
19 | File | `/general/attendance/manage/ask_duty/delete.php` | High
20 | File | `/highlight/index.html` | High
21 | File | `/iisadmin` | Medium
22 | File | `/iissamples` | Medium
23 | File | `/include/dialog/select_templets_post.php` | High
24 | File | `/includes/js/admin.php` | High
25 | File | `/index.php?menu=asterisk_cli` | High
26 | File | `/install/` | Medium
27 | File | `/modx/manager/index.php` | High
28 | File | `/php-opos/index.php` | High
29 | File | `/search-result/` | High
30 | File | `/search.php` | Medium
31 | File | `/server-status` | High
32 | File | `/sgms/reports/scheduledreports/configure/scheduleProps.jsp` | High
33 | File | `/SysInfo1.htm` | High
34 | File | `/templates/header.inc.php` | High
35 | File | `/useratte/userattestation.php` | High
36 | File | `/webmail/` | Medium
37 | File | `/webmail/server/webmail.php` | High
38 | ... | ... | ...
1 | File | `//proc/kcore` | Medium
2 | File | `/admin.php` | Medium
3 | File | `/admin/app/service_crud.php` | High
4 | File | `/admin/edit-admin.php` | High
5 | File | `/admin/index.php` | High
6 | File | `/admin/list_ipAddressPolicy.php` | High
7 | File | `/admin/list_resource_icon.php?action=delete` | High
8 | File | `/Admin/login.php` | High
9 | File | `/admin/orders/view_order.php` | High
10 | File | `/admin/singlelogin.php` | High
11 | File | `/app/admin/controller/Upload.php` | High
12 | File | `/app/ajax/search_sales_report.php` | High
13 | File | `/app/controller/Setup.php` | High
14 | File | `/app/middleware/TokenVerify.php` | High
15 | File | `/apps/reg_go.php` | High
16 | File | `/billing/bill/edit/` | High
17 | File | `/bin/sh` | Low
18 | File | `/cgi-bin/cstecgi.cgi` | High
19 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
20 | File | `/cgi-bin/system_mgr.cgi` | High
21 | File | `/cgi-bin/wlogin.cgi` | High
22 | File | `/classes/Login.php` | High
23 | File | `/classes/Users.php` | High
24 | File | `/DXR.axd` | Medium
25 | File | `/Employer/EditProfile.php` | High
26 | File | `/Employer/ManageWalkin.php` | High
27 | File | `/endpoint/add-faq.php` | High
28 | File | `/endpoint/delete-computer.php` | High
29 | File | `/endpoint/update-resident.php` | High
30 | File | `/endpoint/update-tracker.php` | High
31 | File | `/forum/away.php` | High
32 | File | `/goform/net\_Web\_get_value` | High
33 | File | `/goform/SetStaticRouteCfg` | High
34 | File | `/home.php` | Medium
35 | File | `/Home/Index` | Medium
36 | File | `/inc/modules_install.php` | High
37 | ... | ... | ...
There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Burundi Unknown/README.md
View File

@ -40,7 +40,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...

2
actors/Butter/README.md
View File

@ -31,7 +31,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1055 | CWE-74 | Injection | High
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
3 | T1059 | CWE-94 | Argument Injection | High
4 | ... | ... | ... | ...

2
actors/Butterfly/README.md
View File

@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | ... | ... | ... | ...

6
actors/Candiru/README.md
View File

@ -43,9 +43,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-425 | Path Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-35, CWE-425 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
@ -95,7 +95,7 @@ ID | Type | Indicator | Confidence
34 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
35 | ... | ... | ...
There are 301 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

14
actors/CapraRAT/README.md
View File

@ -31,12 +31,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
3 | T1202 | CWE-78 | Command Shell in Externally Accessible Directory | High
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
3 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
4 | ... | ... | ... | ...
There are 2 more TTP items available. Please use our online service to access the data.
There are 3 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -45,11 +45,11 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/edit-db.php` | Medium
2 | File | `admin/ueditor/uploadFile` | High
3 | Argument | `href` | Low
2 | File | `/spip.php` | Medium
3 | File | `admin/ueditor/uploadFile` | High
4 | ... | ... | ...
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 7 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Carbanak/README.md
View File

@ -75,7 +75,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...

2
actors/Careto/README.md
View File

@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059 | CWE-94 | Argument Injection | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...

2
actors/Center-2/README.md
View File

@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Path Traversal | High
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...

Some files were not shown because too many files have changed in this diff Show More