Update April 2024
This commit is contained in:
parent
b8d825374e
commit
d5bedf2ef2
|
@ -0,0 +1,44 @@
|
|||
# X-Files Stealer - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ X-Files Stealer](https://vuldb.com/?actor._x-files_stealer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor._x-files_stealer](https://vuldb.com/?actor._x-files_stealer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with X-Files Stealer:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of X-Files Stealer.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [91.92.240.39](https://vuldb.com/?ip.91.92.240.39) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _ X-Files Stealer_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://tria.ge/240119-wprzjabfb4
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,64 @@
|
|||
# .IMG Files - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [.IMG Files](https://vuldb.com/?actor..img_files). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor..img_files](https://vuldb.com/?actor..img_files)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with .IMG Files:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of .IMG Files.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.101.94.172](https://vuldb.com/?ip.185.101.94.172) | kruxaw.de | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _.IMG Files_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by .IMG Files. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/uncpath/` | Medium
|
||||
2 | File | `PARAM.SFO` | Medium
|
||||
3 | File | `prod.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blogs.cisco.com/security/disk-image-deception-incident-response
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -32,7 +32,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-24 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
@ -101,14 +101,14 @@ ID | Type | Indicator | Confidence
|
|||
43 | File | `/donor-wall` | Medium
|
||||
44 | File | `/ebics-server/ebics.aspx` | High
|
||||
45 | File | `/esbus/servlet/GetSQLData` | High
|
||||
46 | File | `/film-rating.php` | High
|
||||
47 | File | `/forum/away.php` | High
|
||||
48 | File | `/friends/ajax_invite` | High
|
||||
49 | File | `/goform/aspForm` | High
|
||||
50 | File | `/goform/formLogin` | High
|
||||
46 | File | `/EXCU_SHELL` | Medium
|
||||
47 | File | `/film-rating.php` | High
|
||||
48 | File | `/forum/away.php` | High
|
||||
49 | File | `/friends/ajax_invite` | High
|
||||
50 | File | `/goform/aspForm` | High
|
||||
51 | ... | ... | ...
|
||||
|
||||
There are 444 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 446 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,10 +17,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [SE](https://vuldb.com/?country.se)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -31,10 +31,11 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [5.42.67.29](https://vuldb.com/?ip.5.42.67.29) | - | - | High
|
||||
2 | [51.79.175.139](https://vuldb.com/?ip.51.79.175.139) | vps-dc8b0481.vps.ovh.ca | CVE-2022-26134 | High
|
||||
3 | [51.255.171.23](https://vuldb.com/?ip.51.255.171.23) | vps-fc1a1567.vps.ovh.net | CVE-2022-26134 | High
|
||||
4 | [79.110.62.23](https://vuldb.com/?ip.79.110.62.23) | - | CVE-2019-2725 | High
|
||||
5 | ... | ... | ... | ...
|
||||
4 | [77.91.84.42](https://vuldb.com/?ip.77.91.84.42) | goodvpn.aeza.network | - | High
|
||||
5 | [79.110.62.23](https://vuldb.com/?ip.79.110.62.23) | - | CVE-2019-2725 | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more IOC items available. Please use our online service to access the data.
|
||||
There are 18 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -42,14 +43,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-266, CWE-267, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -59,35 +60,51 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMFILES%\MyQ\PHP\Sessions\` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/alphaware/summary.php` | High
|
||||
4 | File | `/brand.php` | Medium
|
||||
5 | File | `/cgi-bin/web_index.cgi?lang=en&src=AwSystem.html&ertqVvnKV4TjU9Vt` | High
|
||||
6 | File | `/common/info.cgi` | High
|
||||
7 | File | `/control/stream` | High
|
||||
8 | File | `/cupseasylive/countrymodify.php` | High
|
||||
9 | File | `/domains/list` | High
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/index.php/weblinks-categories` | High
|
||||
12 | File | `/LoginRegistration.php` | High
|
||||
13 | File | `/member/ad.php?action=ad` | High
|
||||
14 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||
15 | File | `/phppath/php` | Medium
|
||||
16 | File | `/product_list.php` | High
|
||||
17 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
|
||||
18 | File | `/spip.php` | Medium
|
||||
19 | File | `/src/admin/content_batchup_action.php` | High
|
||||
20 | File | `/tmp` | Low
|
||||
21 | File | `/ucms/chk.php` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
25 | File | `add-category.php` | High
|
||||
26 | File | `admin/bitrix.xscan_worker.php` | High
|
||||
27 | File | `admin/content/postcategory` | High
|
||||
28 | File | `admin/index.php` | High
|
||||
29 | ... | ... | ...
|
||||
3 | File | `//proc/kcore` | Medium
|
||||
4 | File | `/admin.php/Admin/adminadd.html` | High
|
||||
5 | File | `/admin/about-us.php` | High
|
||||
6 | File | `/admin/action/delete-vaccine.php` | High
|
||||
7 | File | `/Admin/add-student.php` | High
|
||||
8 | File | `/admin/index2.html` | High
|
||||
9 | File | `/admin/settings/save.php` | High
|
||||
10 | File | `/admin/userprofile.php` | High
|
||||
11 | File | `/alphaware/summary.php` | High
|
||||
12 | File | `/api/baskets/{name}` | High
|
||||
13 | File | `/app/index/controller/Common.php` | High
|
||||
14 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
15 | File | `/apply.cgi` | Medium
|
||||
16 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
17 | File | `/brand.php` | Medium
|
||||
18 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
19 | File | `/College/admin/teacher.php` | High
|
||||
20 | File | `/common/info.cgi` | High
|
||||
21 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
22 | File | `/cupseasylive/countrymodify.php` | High
|
||||
23 | File | `/dcim/rack-roles/` | High
|
||||
24 | File | `/domains/list` | High
|
||||
25 | File | `/forms/doLogin` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/goform/addUserName` | High
|
||||
28 | File | `/goform/aspForm` | High
|
||||
29 | File | `/goform/delAd` | High
|
||||
30 | File | `/goform/wifiSSIDset` | High
|
||||
31 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
32 | File | `/inc/topBarNav.php` | High
|
||||
33 | File | `/index.asp` | Medium
|
||||
34 | File | `/index.php` | Medium
|
||||
35 | File | `/index.php/weblinks-categories` | High
|
||||
36 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
37 | File | `/kelas/data` | Medium
|
||||
38 | File | `/listplace/user/ticket/create` | High
|
||||
39 | File | `/LoginRegistration.php` | High
|
||||
40 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
41 | File | `/member/ad.php?action=ad` | High
|
||||
42 | File | `/Moosikay/order.php` | High
|
||||
43 | File | `/novel/author/list` | High
|
||||
44 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 245 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -95,6 +112,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://1275.ru/ioc/503/8220-botnet-iocs/
|
||||
* https://asec.ahnlab.com/en/36820/
|
||||
* https://asec.ahnlab.com/en/51568/
|
||||
* https://blog.checkpoint.com/2022/06/09/crypto-miners-leveraging-atlassian-zero-day-vulnerability/
|
||||
* https://github.com/uptycslabs/IOCs/blob/main/8220Gang
|
||||
* https://www.sentinelone.com/blog/8220-gang-cloud-botnet-targets-misconfigured-cloud-workloads/
|
||||
|
|
|
@ -28,8 +28,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1202 | CWE-77 | Command Injection | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1202 | CWE-77 | Command Shell in Externally Accessible Directory | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -27,7 +27,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
4 | [5.42.65.108](https://vuldb.com/?ip.5.42.65.108) | - | - | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
There are 15 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -61,7 +61,7 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `bb_usage_stats.php` | High
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 92 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -77,6 +77,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://tracker.viriback.com/index.php?q=5.182.86.8
|
||||
* https://tria.ge/240131-bq8nfsghb7/behavioral1
|
||||
* https://tria.ge/240204-mqbt9sfdg3
|
||||
* https://tria.ge/240310-nyz3hacd2y/behavioral1
|
||||
* https://twitter.com/phd_phuc/status/1651002681798926337
|
||||
* https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,14 +34,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-425 | Path Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-36, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -51,53 +51,55 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
|
||||
3 | File | `/admin/save.php` | High
|
||||
4 | File | `/admin/sys_sql_query.php` | High
|
||||
5 | File | `/admin_route/dec_service_credits.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/download` | High
|
||||
8 | File | `/api/v1/alerts` | High
|
||||
9 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
10 | File | `/api/v4/teams//channels/deleted` | High
|
||||
11 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/category.php` | High
|
||||
14 | File | `/categorypage.php` | High
|
||||
15 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
16 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
17 | File | `/change-language/de_DE` | High
|
||||
18 | File | `/company/store` | High
|
||||
19 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
20 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
21 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/devinfo` | Medium
|
||||
24 | File | `/dist/index.js` | High
|
||||
25 | File | `/etc/passwd` | Medium
|
||||
26 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/geoserver/gwc/rest.html` | High
|
||||
29 | File | `/goform/formSysCmd` | High
|
||||
30 | File | `/HNAP1` | Low
|
||||
31 | File | `/hosts/firewall/ip` | High
|
||||
32 | File | `/index.php/ccm/system/file/upload` | High
|
||||
33 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
34 | File | `/log/decodmail.php` | High
|
||||
35 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
36 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
37 | File | `/php/ping.php` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/recipe-result` | High
|
||||
40 | File | `/register.do` | Medium
|
||||
41 | File | `/RPS2019Service/status.html` | High
|
||||
42 | File | `/s/index.php?action=statistics` | High
|
||||
43 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
44 | File | `/setting` | Medium
|
||||
45 | File | `/sicweb-ajax/tmproot/` | High
|
||||
46 | File | `/spip.php` | Medium
|
||||
47 | ... | ... | ...
|
||||
3 | File | `/Account/login.php` | High
|
||||
4 | File | `/admin/` | Low
|
||||
5 | File | `/admin/save.php` | High
|
||||
6 | File | `/adminapi/system/crud` | High
|
||||
7 | File | `/adminapi/system/file/openfile` | High
|
||||
8 | File | `/admin_route/dec_service_credits.php` | High
|
||||
9 | File | `/api/baskets/{name}` | High
|
||||
10 | File | `/api/download` | High
|
||||
11 | File | `/api/v1/alerts` | High
|
||||
12 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
13 | File | `/api/v4/teams//channels/deleted` | High
|
||||
14 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
15 | File | `/cancel.php` | Medium
|
||||
16 | File | `/category.php` | High
|
||||
17 | File | `/categorypage.php` | High
|
||||
18 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
19 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
20 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
21 | File | `/change-language/de_DE` | High
|
||||
22 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
23 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/devinfo` | Medium
|
||||
26 | File | `/dist/index.js` | High
|
||||
27 | File | `/download` | Medium
|
||||
28 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/geoserver/gwc/rest.html` | High
|
||||
31 | File | `/goform/formSysCmd` | High
|
||||
32 | File | `/HNAP1` | Low
|
||||
33 | File | `/hosts/firewall/ip` | High
|
||||
34 | File | `/index.jsp#settings` | High
|
||||
35 | File | `/index.php/ccm/system/file/upload` | High
|
||||
36 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
37 | File | `/log/decodmail.php` | High
|
||||
38 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
39 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
40 | File | `/php/ping.php` | High
|
||||
41 | File | `/proxy` | Low
|
||||
42 | File | `/register.do` | Medium
|
||||
43 | File | `/RPS2019Service/status.html` | High
|
||||
44 | File | `/s/index.php?action=statistics` | High
|
||||
45 | File | `/setting` | Medium
|
||||
46 | File | `/Setting/change_password_save` | High
|
||||
47 | File | `/sicweb-ajax/tmproot/` | High
|
||||
48 | File | `/signup.php` | Medium
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 406 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 421 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -72,7 +72,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -61,10 +61,10 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/admin/blog/blogcategory/add/?_to_field=id&_popup=1` | High
|
||||
2 | File | `/bin/boa` | Medium
|
||||
3 | File | `/DOWN/FIRMWAREUPDATE/ROM1` | High
|
||||
4 | File | `admin/admin/adminsave.html` | High
|
||||
4 | File | `/env` | Low
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 29 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 30 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -48,7 +48,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
|
|
@ -9,19 +9,19 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
The following _campaigns_ are known and can be associated with APT28:
|
||||
|
||||
* Carberp
|
||||
* CVE-2020-35730 / CVE-2021-44026 / CVE-2020-12641
|
||||
* CVE-2022-30190
|
||||
* CVE-2023-23397
|
||||
* ...
|
||||
|
||||
There are 6 more campaign items available. Please use our online service to access the data.
|
||||
There are 7 more campaign items available. Please use our online service to access the data.
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT28:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [RO](https://vuldb.com/?country.ro)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
@ -40,62 +40,64 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
6 | [5.199.171.58](https://vuldb.com/?ip.5.199.171.58) | - | - | High
|
||||
7 | [12.94.8.230](https://vuldb.com/?ip.12.94.8.230) | - | - | High
|
||||
8 | [12.171.204.129](https://vuldb.com/?ip.12.171.204.129) | - | - | High
|
||||
9 | [14.198.168.140](https://vuldb.com/?ip.14.198.168.140) | 014198168140.ctinets.com | CVE-2023-23397 | High
|
||||
10 | [18.130.154.13](https://vuldb.com/?ip.18.130.154.13) | ec2-18-130-154-13.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
11 | [18.133.205.135](https://vuldb.com/?ip.18.133.205.135) | ec2-18-133-205-135.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
12 | [18.133.249.238](https://vuldb.com/?ip.18.133.249.238) | ec2-18-133-249-238.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
13 | [23.24.68.109](https://vuldb.com/?ip.23.24.68.109) | 23-24-68-109-static.hfc.comcastbusiness.net | - | High
|
||||
14 | [23.88.228.248](https://vuldb.com/?ip.23.88.228.248) | - | - | High
|
||||
15 | [23.163.0.59](https://vuldb.com/?ip.23.163.0.59) | naomi.rem2d.com | - | High
|
||||
16 | [23.227.196.21](https://vuldb.com/?ip.23.227.196.21) | 23-227-196-21.static.hvvc.us | - | High
|
||||
17 | [23.227.196.215](https://vuldb.com/?ip.23.227.196.215) | 23-227-196-215.static.hvvc.us | - | High
|
||||
18 | [23.227.196.217](https://vuldb.com/?ip.23.227.196.217) | 23-227-196-217.static.hvvc.us | - | High
|
||||
19 | [24.11.70.85](https://vuldb.com/?ip.24.11.70.85) | c-24-11-70-85.hsd1.ut.comcast.net | - | High
|
||||
20 | [24.142.165.2](https://vuldb.com/?ip.24.142.165.2) | 024-142-165-002.biz.spectrum.com | CVE-2023-23397 | High
|
||||
21 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | - | High
|
||||
22 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | - | High
|
||||
23 | [31.220.43.99](https://vuldb.com/?ip.31.220.43.99) | - | Sednit | High
|
||||
24 | [31.220.61.251](https://vuldb.com/?ip.31.220.61.251) | - | - | High
|
||||
25 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | - | High
|
||||
26 | [42.98.5.225](https://vuldb.com/?ip.42.98.5.225) | 42-98-5-225.static.netvigator.com | CVE-2023-23397 | High
|
||||
27 | [45.32.129.185](https://vuldb.com/?ip.45.32.129.185) | 45.32.129.185.vultr.com | - | Medium
|
||||
28 | [45.32.227.21](https://vuldb.com/?ip.45.32.227.21) | 45.32.227.21.mobiltel.mx | - | High
|
||||
29 | [45.64.105.23](https://vuldb.com/?ip.45.64.105.23) | - | - | High
|
||||
30 | [45.83.90.11](https://vuldb.com/?ip.45.83.90.11) | - | CVE-2023-23397 | High
|
||||
31 | [45.91.95.181](https://vuldb.com/?ip.45.91.95.181) | sks3.simoxap.xyz | CVE-2023-23397 | High
|
||||
32 | [45.124.132.127](https://vuldb.com/?ip.45.124.132.127) | - | - | High
|
||||
33 | [46.19.138.66](https://vuldb.com/?ip.46.19.138.66) | ab2.alchibasystems.in.net | - | High
|
||||
34 | [46.21.147.55](https://vuldb.com/?ip.46.21.147.55) | 46-21-147-55.static.hvvc.us | - | High
|
||||
35 | [46.21.147.71](https://vuldb.com/?ip.46.21.147.71) | 46-21-147-71.static.hvvc.us | - | High
|
||||
36 | [46.21.147.76](https://vuldb.com/?ip.46.21.147.76) | 46-21-147-76.static.hvvc.us | - | High
|
||||
37 | [46.148.17.227](https://vuldb.com/?ip.46.148.17.227) | - | - | High
|
||||
38 | [46.166.162.90](https://vuldb.com/?ip.46.166.162.90) | - | Pawn Storm | High
|
||||
39 | [46.183.217.74](https://vuldb.com/?ip.46.183.217.74) | ip-217-74.dataclub.info | Pawn Storm | High
|
||||
40 | [50.173.136.70](https://vuldb.com/?ip.50.173.136.70) | c-50-173-136-70.unallocated.comcastbusiness.net | CVE-2023-23397 | High
|
||||
41 | [51.38.128.110](https://vuldb.com/?ip.51.38.128.110) | vps-0a3489af.vps.ovh.net | - | High
|
||||
42 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
|
||||
43 | [51.254.158.57](https://vuldb.com/?ip.51.254.158.57) | - | - | High
|
||||
44 | [54.37.104.106](https://vuldb.com/?ip.54.37.104.106) | piber.connectedlists.com | - | High
|
||||
45 | [58.49.58.58](https://vuldb.com/?ip.58.49.58.58) | - | - | High
|
||||
46 | [61.14.68.33](https://vuldb.com/?ip.61.14.68.33) | - | CVE-2023-23397 | High
|
||||
47 | [61.68.76.111](https://vuldb.com/?ip.61.68.76.111) | 61-68-76-111.tpgi.com.au | - | High
|
||||
48 | [62.4.36.126](https://vuldb.com/?ip.62.4.36.126) | - | CVE-2023-23397 | High
|
||||
49 | [62.113.232.197](https://vuldb.com/?ip.62.113.232.197) | - | - | High
|
||||
50 | [66.172.11.207](https://vuldb.com/?ip.66.172.11.207) | ip-66-172-11-207.chunkhost.com | Carberp | High
|
||||
51 | [66.172.12.133](https://vuldb.com/?ip.66.172.12.133) | - | - | High
|
||||
52 | [68.76.150.97](https://vuldb.com/?ip.68.76.150.97) | 68-76-150-97.lightspeed.hstntx.sbcglobal.net | - | High
|
||||
53 | [69.12.73.174](https://vuldb.com/?ip.69.12.73.174) | 69.12.73.174.static.quadranet.com | Sednit | High
|
||||
54 | [69.16.243.33](https://vuldb.com/?ip.69.16.243.33) | host.tecnode.com | - | High
|
||||
55 | [69.28.64.137](https://vuldb.com/?ip.69.28.64.137) | - | - | High
|
||||
56 | [69.51.2.106](https://vuldb.com/?ip.69.51.2.106) | - | CVE-2023-23397 | High
|
||||
57 | [69.162.253.21](https://vuldb.com/?ip.69.162.253.21) | 69-162-253-21.utopiafiber.com | CVE-2023-23397 | High
|
||||
58 | [70.85.221.10](https://vuldb.com/?ip.70.85.221.10) | server002.nilsson-it.dk | - | High
|
||||
59 | [70.85.221.20](https://vuldb.com/?ip.70.85.221.20) | 14.dd.5546.static.theplanet.com | Pawn Storm | High
|
||||
60 | [73.80.9.137](https://vuldb.com/?ip.73.80.9.137) | c-73-80-9-137.hsd1.nj.comcast.net | CVE-2023-23397 | High
|
||||
61 | [74.208.228.186](https://vuldb.com/?ip.74.208.228.186) | u17669945.onlinehome-server.com | CVE-2023-23397 | High
|
||||
62 | ... | ... | ... | ...
|
||||
9 | [13.40.77.34](https://vuldb.com/?ip.13.40.77.34) | ec2-13-40-77-34.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
10 | [14.198.168.140](https://vuldb.com/?ip.14.198.168.140) | 014198168140.ctinets.com | CVE-2023-23397 | High
|
||||
11 | [18.130.154.13](https://vuldb.com/?ip.18.130.154.13) | ec2-18-130-154-13.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
12 | [18.133.205.135](https://vuldb.com/?ip.18.133.205.135) | ec2-18-133-205-135.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
13 | [18.133.249.238](https://vuldb.com/?ip.18.133.249.238) | ec2-18-133-249-238.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
14 | [23.24.68.109](https://vuldb.com/?ip.23.24.68.109) | 23-24-68-109-static.hfc.comcastbusiness.net | - | High
|
||||
15 | [23.88.228.248](https://vuldb.com/?ip.23.88.228.248) | - | - | High
|
||||
16 | [23.163.0.59](https://vuldb.com/?ip.23.163.0.59) | naomi.rem2d.com | - | High
|
||||
17 | [23.227.196.21](https://vuldb.com/?ip.23.227.196.21) | 23-227-196-21.static.hvvc.us | - | High
|
||||
18 | [23.227.196.215](https://vuldb.com/?ip.23.227.196.215) | 23-227-196-215.static.hvvc.us | - | High
|
||||
19 | [23.227.196.217](https://vuldb.com/?ip.23.227.196.217) | 23-227-196-217.static.hvvc.us | - | High
|
||||
20 | [24.11.70.85](https://vuldb.com/?ip.24.11.70.85) | c-24-11-70-85.hsd1.ut.comcast.net | - | High
|
||||
21 | [24.142.165.2](https://vuldb.com/?ip.24.142.165.2) | 024-142-165-002.biz.spectrum.com | CVE-2023-23397 | High
|
||||
22 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | - | High
|
||||
23 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | - | High
|
||||
24 | [31.220.43.99](https://vuldb.com/?ip.31.220.43.99) | - | Sednit | High
|
||||
25 | [31.220.61.251](https://vuldb.com/?ip.31.220.61.251) | - | - | High
|
||||
26 | [37.191.122.186](https://vuldb.com/?ip.37.191.122.186) | no-reverse-dns.metronet-uk.com | - | High
|
||||
27 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | - | High
|
||||
28 | [42.98.5.225](https://vuldb.com/?ip.42.98.5.225) | 42-98-5-225.static.netvigator.com | CVE-2023-23397 | High
|
||||
29 | [45.32.129.185](https://vuldb.com/?ip.45.32.129.185) | 45.32.129.185.vultr.com | - | Medium
|
||||
30 | [45.32.227.21](https://vuldb.com/?ip.45.32.227.21) | 45.32.227.21.mobiltel.mx | - | High
|
||||
31 | [45.64.105.23](https://vuldb.com/?ip.45.64.105.23) | - | - | High
|
||||
32 | [45.83.90.11](https://vuldb.com/?ip.45.83.90.11) | - | CVE-2023-23397 | High
|
||||
33 | [45.91.95.181](https://vuldb.com/?ip.45.91.95.181) | sks3.simoxap.xyz | CVE-2023-23397 | High
|
||||
34 | [45.124.132.127](https://vuldb.com/?ip.45.124.132.127) | - | - | High
|
||||
35 | [46.19.138.66](https://vuldb.com/?ip.46.19.138.66) | ab2.alchibasystems.in.net | - | High
|
||||
36 | [46.21.147.55](https://vuldb.com/?ip.46.21.147.55) | 46-21-147-55.static.hvvc.us | - | High
|
||||
37 | [46.21.147.71](https://vuldb.com/?ip.46.21.147.71) | 46-21-147-71.static.hvvc.us | - | High
|
||||
38 | [46.21.147.76](https://vuldb.com/?ip.46.21.147.76) | 46-21-147-76.static.hvvc.us | - | High
|
||||
39 | [46.148.17.227](https://vuldb.com/?ip.46.148.17.227) | - | - | High
|
||||
40 | [46.166.162.90](https://vuldb.com/?ip.46.166.162.90) | - | Pawn Storm | High
|
||||
41 | [46.183.217.74](https://vuldb.com/?ip.46.183.217.74) | ip-217-74.dataclub.info | Pawn Storm | High
|
||||
42 | [50.173.136.70](https://vuldb.com/?ip.50.173.136.70) | c-50-173-136-70.unallocated.comcastbusiness.net | CVE-2023-23397 | High
|
||||
43 | [51.38.128.110](https://vuldb.com/?ip.51.38.128.110) | vps-0a3489af.vps.ovh.net | - | High
|
||||
44 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
|
||||
45 | [51.254.158.57](https://vuldb.com/?ip.51.254.158.57) | - | - | High
|
||||
46 | [54.37.104.106](https://vuldb.com/?ip.54.37.104.106) | piber.connectedlists.com | - | High
|
||||
47 | [58.49.58.58](https://vuldb.com/?ip.58.49.58.58) | - | - | High
|
||||
48 | [61.14.68.33](https://vuldb.com/?ip.61.14.68.33) | - | CVE-2023-23397 | High
|
||||
49 | [61.68.76.111](https://vuldb.com/?ip.61.68.76.111) | 61-68-76-111.tpgi.com.au | - | High
|
||||
50 | [62.4.36.126](https://vuldb.com/?ip.62.4.36.126) | - | CVE-2023-23397 | High
|
||||
51 | [62.113.232.197](https://vuldb.com/?ip.62.113.232.197) | - | - | High
|
||||
52 | [66.172.11.207](https://vuldb.com/?ip.66.172.11.207) | ip-66-172-11-207.chunkhost.com | Carberp | High
|
||||
53 | [66.172.12.133](https://vuldb.com/?ip.66.172.12.133) | - | - | High
|
||||
54 | [68.76.150.97](https://vuldb.com/?ip.68.76.150.97) | 68-76-150-97.lightspeed.hstntx.sbcglobal.net | - | High
|
||||
55 | [69.12.73.174](https://vuldb.com/?ip.69.12.73.174) | 69.12.73.174.static.quadranet.com | Sednit | High
|
||||
56 | [69.16.243.33](https://vuldb.com/?ip.69.16.243.33) | host.tecnode.com | - | High
|
||||
57 | [69.28.64.137](https://vuldb.com/?ip.69.28.64.137) | - | - | High
|
||||
58 | [69.51.2.106](https://vuldb.com/?ip.69.51.2.106) | - | CVE-2023-23397 | High
|
||||
59 | [69.162.253.21](https://vuldb.com/?ip.69.162.253.21) | 69-162-253-21.utopiafiber.com | CVE-2023-23397 | High
|
||||
60 | [70.85.221.10](https://vuldb.com/?ip.70.85.221.10) | server002.nilsson-it.dk | - | High
|
||||
61 | [70.85.221.20](https://vuldb.com/?ip.70.85.221.20) | 14.dd.5546.static.theplanet.com | Pawn Storm | High
|
||||
62 | [73.80.9.137](https://vuldb.com/?ip.73.80.9.137) | c-73-80-9-137.hsd1.nj.comcast.net | CVE-2023-23397 | High
|
||||
63 | [74.124.219.71](https://vuldb.com/?ip.74.124.219.71) | biz242.inmotionhosting.com | - | High
|
||||
64 | ... | ... | ... | ...
|
||||
|
||||
There are 243 more IOC items available. Please use our online service to access the data.
|
||||
There are 250 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -103,8 +105,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-29 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-271, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
|
@ -125,44 +127,48 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/admin/clientview.php` | High
|
||||
6 | File | `/admin/edit_teacher.php` | High
|
||||
7 | File | `/admin/fields/manage_field.php` | High
|
||||
8 | File | `/admin/orders/view_order.php` | High
|
||||
9 | File | `/admin/regester.php` | High
|
||||
10 | File | `/admin/update-clients.php` | High
|
||||
11 | File | `/admin_ping.htm` | High
|
||||
12 | File | `/admin_route/dec_service_credits.php` | High
|
||||
13 | File | `/admin_route/inc_service_credits.php` | High
|
||||
14 | File | `/api/cron/settings/setJob/` | High
|
||||
15 | File | `/api/sys/set_passwd` | High
|
||||
16 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
17 | File | `/app/api/controller/default/Sqlite.php` | High
|
||||
18 | File | `/application/index/controller/Databasesource.php` | High
|
||||
19 | File | `/application/index/controller/Icon.php` | High
|
||||
20 | File | `/application/index/controller/Screen.php` | High
|
||||
21 | File | `/application/plugins/controller/Upload.php` | High
|
||||
22 | File | `/apply.cgi` | Medium
|
||||
23 | File | `/arch/x86/mm/cpu_entry_area.c` | High
|
||||
24 | File | `/authenticationendpoint/login.do` | High
|
||||
25 | File | `/bin/boa` | Medium
|
||||
26 | File | `/boaform/device_reset.cgi` | High
|
||||
27 | File | `/boafrm/formMapDelDevice` | High
|
||||
28 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
29 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
30 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
31 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
32 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
33 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
|
||||
34 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
35 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
36 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
37 | File | `/config/getuser` | High
|
||||
38 | File | `/core/redirect` | High
|
||||
39 | File | `/dashboard/message` | High
|
||||
40 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
41 | File | `/debug/pprof` | Medium
|
||||
42 | File | `/DXR.axd` | Medium
|
||||
43 | ... | ... | ...
|
||||
8 | File | `/admin/index.php` | High
|
||||
9 | File | `/admin/orders/view_order.php` | High
|
||||
10 | File | `/admin/regester.php` | High
|
||||
11 | File | `/admin/update-clients.php` | High
|
||||
12 | File | `/admin/user/controller.php` | High
|
||||
13 | File | `/admin_ping.htm` | High
|
||||
14 | File | `/admin_route/dec_service_credits.php` | High
|
||||
15 | File | `/admin_route/inc_service_credits.php` | High
|
||||
16 | File | `/api/cron/settings/setJob/` | High
|
||||
17 | File | `/api/sys/set_passwd` | High
|
||||
18 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
19 | File | `/app/api/controller/default/Sqlite.php` | High
|
||||
20 | File | `/application/index/controller/Databasesource.php` | High
|
||||
21 | File | `/application/index/controller/Icon.php` | High
|
||||
22 | File | `/application/index/controller/Screen.php` | High
|
||||
23 | File | `/application/plugins/controller/Upload.php` | High
|
||||
24 | File | `/apply.cgi` | Medium
|
||||
25 | File | `/apps/reg_go.php` | High
|
||||
26 | File | `/arch/x86/mm/cpu_entry_area.c` | High
|
||||
27 | File | `/authenticationendpoint/login.do` | High
|
||||
28 | File | `/billing/bill/edit/` | High
|
||||
29 | File | `/bin/boa` | Medium
|
||||
30 | File | `/boaform/device_reset.cgi` | High
|
||||
31 | File | `/boafrm/formMapDelDevice` | High
|
||||
32 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
33 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
34 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
35 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
36 | File | `/cgi-bin/koha/catalogue/search.pl` | High
|
||||
37 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
38 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
|
||||
39 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
40 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
41 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
42 | File | `/classes/Login.php` | High
|
||||
43 | File | `/classes/Users.php` | High
|
||||
44 | File | `/config/getuser` | High
|
||||
45 | File | `/core/redirect` | High
|
||||
46 | File | `/dashboard/message` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 371 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 407 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -173,7 +179,11 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/
|
||||
* https://blog.sekoia.io/apt28-leverages-multiple-phishing-techniques-to-target-ukrainian-civil-society/
|
||||
* https://cert.gov.ua/article/40102
|
||||
* https://cert.gov.ua/article/4492467
|
||||
* https://cert.gov.ua/article/4905829
|
||||
* https://cert.gov.ua/article/5105791
|
||||
* https://cert.gov.ua/article/5702579
|
||||
* https://cert.gov.ua/article/6276894
|
||||
* https://community.blueliv.com/#!/s/5f6b482482df413eb5350d3b
|
||||
* https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf
|
||||
* https://github.com/blackorbird/APT_REPORT/blob/master/APT28/IOC/2019-04-05-ioc-mark.txt
|
||||
|
|
|
@ -70,14 +70,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -95,32 +95,34 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/aux` | Low
|
||||
9 | File | `/book-services.php` | High
|
||||
10 | File | `/changePassword` | High
|
||||
11 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
12 | File | `/dashboard/add-blog.php` | High
|
||||
13 | File | `/data/remove` | Medium
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/ecshop/admin/template.php` | High
|
||||
16 | File | `/etc/passwd` | Medium
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/goform/net\_Web\_get_value` | High
|
||||
19 | File | `/group1/uploa` | High
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
22 | File | `/novel/bookSetting/list` | High
|
||||
23 | File | `/novel/userFeedback/list` | High
|
||||
24 | File | `/owa/auth/logon.aspx` | High
|
||||
25 | File | `/testConnection` | High
|
||||
26 | File | `/tmp/ppd.trace` | High
|
||||
27 | File | `/user/inc/workidajax.php` | High
|
||||
28 | File | `/userLogin.asp` | High
|
||||
29 | File | `/vm/admin/doctors.php` | High
|
||||
30 | File | `Access.app/Contents/Resources/kcproxy` | High
|
||||
31 | File | `acs.exe` | Low
|
||||
32 | File | `action-visitor.php` | High
|
||||
33 | File | `adclick.php` | Medium
|
||||
34 | ... | ... | ...
|
||||
11 | File | `/data/remove` | Medium
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/ecshop/admin/template.php` | High
|
||||
14 | File | `/etc/passwd` | Medium
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/goform/net\_Web\_get_value` | High
|
||||
17 | File | `/index.php` | Medium
|
||||
18 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
19 | File | `/novel/bookSetting/list` | High
|
||||
20 | File | `/novel/userFeedback/list` | High
|
||||
21 | File | `/owa/auth/logon.aspx` | High
|
||||
22 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
23 | File | `/testConnection` | High
|
||||
24 | File | `/tmp/ppd.trace` | High
|
||||
25 | File | `/user/inc/workidajax.php` | High
|
||||
26 | File | `/userLogin.asp` | High
|
||||
27 | File | `/vm/admin/doctors.php` | High
|
||||
28 | File | `Access.app/Contents/Resources/kcproxy` | High
|
||||
29 | File | `adclick.php` | Medium
|
||||
30 | File | `addressbook.update.php` | High
|
||||
31 | File | `admin.php` | Medium
|
||||
32 | File | `admin/booking_report.php` | High
|
||||
33 | File | `admin/index.php` | High
|
||||
34 | File | `admin/page-login.php` | High
|
||||
35 | File | `admin/partials/wp-splashing-admin-main.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
@ -75,32 +75,32 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/ctcprotocol/Protocol` | High
|
||||
18 | File | `/dashboard/menu-list.php` | High
|
||||
19 | File | `/data/remove` | Medium
|
||||
20 | File | `/ebics-server/ebics.aspx` | High
|
||||
21 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goform/net\_Web\_get_value` | High
|
||||
24 | File | `/goforms/rlminfo` | High
|
||||
25 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
26 | File | `/group1/uploa` | High
|
||||
27 | File | `/hedwig.cgi` | Medium
|
||||
28 | File | `/HNAP1` | Low
|
||||
29 | File | `/HNAP1/SetClientInfo` | High
|
||||
30 | File | `/Items/*/RemoteImages/Download` | High
|
||||
31 | File | `/menu.html` | Medium
|
||||
32 | File | `/modules/profile/index.php` | High
|
||||
33 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
34 | File | `/navigate/navigate_download.php` | High
|
||||
35 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
36 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/password.html` | High
|
||||
39 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
40 | File | `/plugin` | Low
|
||||
41 | File | `/property-list/property_view.php` | High
|
||||
42 | File | `/ptms/classes/Users.php` | High
|
||||
43 | File | `/resources//../` | High
|
||||
44 | File | `/rest/api/2/search` | High
|
||||
45 | File | `/s/` | Low
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/ebics-server/ebics.aspx` | High
|
||||
22 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/goform/net\_Web\_get_value` | High
|
||||
25 | File | `/goforms/rlminfo` | High
|
||||
26 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
27 | File | `/group1/uploa` | High
|
||||
28 | File | `/hedwig.cgi` | Medium
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/HNAP1/SetClientInfo` | High
|
||||
31 | File | `/Items/*/RemoteImages/Download` | High
|
||||
32 | File | `/menu.html` | Medium
|
||||
33 | File | `/modules/profile/index.php` | High
|
||||
34 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
35 | File | `/navigate/navigate_download.php` | High
|
||||
36 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
37 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/password.html` | High
|
||||
40 | File | `/patient/appointment.php` | High
|
||||
41 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
42 | File | `/plugin` | Low
|
||||
43 | File | `/prescription/prescription/delete/` | High
|
||||
44 | File | `/pro/common/download` | High
|
||||
45 | File | `/property-list/property_view.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 395 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-29 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
@ -77,7 +77,7 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `/usr/bin/pkexec` | High
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 137 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 138 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
|
|
@ -55,7 +55,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
|
@ -149,7 +149,7 @@ ID | Type | Indicator | Confidence
|
|||
78 | File | `/h/` | Low
|
||||
79 | ... | ... | ...
|
||||
|
||||
There are 692 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 691 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -55,7 +55,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
|
@ -115,16 +115,16 @@ ID | Type | Indicator | Confidence
|
|||
44 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
45 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
46 | File | `/chaincity/user/ticket/create` | High
|
||||
47 | File | `/collection/all` | High
|
||||
48 | File | `/common/info.cgi` | High
|
||||
49 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
50 | File | `/core/config-revisions` | High
|
||||
51 | File | `/debug/pprof` | Medium
|
||||
52 | File | `/dipam/athlete-profile.php` | High
|
||||
53 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
47 | File | `/check_availability.php` | High
|
||||
48 | File | `/collection/all` | High
|
||||
49 | File | `/common/info.cgi` | High
|
||||
50 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
51 | File | `/core/config-revisions` | High
|
||||
52 | File | `/debug/pprof` | Medium
|
||||
53 | File | `/dipam/athlete-profile.php` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 472 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 474 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
@ -114,7 +114,7 @@ ID | Type | Indicator | Confidence
|
|||
48 | File | `/index.php` | Medium
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 425 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 427 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
1 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
2 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
|
|
@ -42,7 +42,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
# AcidPour - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AcidPour](https://vuldb.com/?actor.acidpour). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.acidpour](https://vuldb.com/?actor.acidpour)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AcidPour:
|
||||
|
||||
* [IO](https://vuldb.com/?country.io)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AcidPour.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.61.137.155](https://vuldb.com/?ip.185.61.137.155) | non-2189.jadenook.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AcidPour_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1608.002 | CWE-434 | Incomplete Identification of Uploaded File Variables | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -32,7 +32,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
@ -69,32 +69,31 @@ ID | Type | Indicator | Confidence
|
|||
18 | File | `/bin/ate` | Medium
|
||||
19 | File | `/boat/login.php` | High
|
||||
20 | File | `/booking/show_bookings/` | High
|
||||
21 | File | `/bsms_ci/index.php/book` | High
|
||||
22 | File | `/cgi-bin` | Medium
|
||||
23 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
24 | File | `/changePassword` | High
|
||||
25 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
26 | File | `/dashboard/add-blog.php` | High
|
||||
27 | File | `/data/remove` | Medium
|
||||
28 | File | `/debug/pprof` | Medium
|
||||
29 | File | `/ecshop/admin/template.php` | High
|
||||
30 | File | `/env` | Low
|
||||
31 | File | `/etc/passwd` | Medium
|
||||
32 | File | `/forum/away.php` | High
|
||||
21 | File | `/cgi-bin` | Medium
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/changePassword` | High
|
||||
24 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
25 | File | `/dashboard/add-blog.php` | High
|
||||
26 | File | `/data/remove` | Medium
|
||||
27 | File | `/debug/pprof` | Medium
|
||||
28 | File | `/ecshop/admin/template.php` | High
|
||||
29 | File | `/env` | Low
|
||||
30 | File | `/etc/passwd` | Medium
|
||||
31 | File | `/forum/away.php` | High
|
||||
32 | File | `/goform/net\_Web\_get_value` | High
|
||||
33 | File | `/group1/uploa` | High
|
||||
34 | File | `/index.php` | Medium
|
||||
35 | File | `/medicines/profile.php` | High
|
||||
36 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
37 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
38 | File | `/reservation/add_message.php` | High
|
||||
39 | File | `/resources//../` | High
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | File | `/testConnection` | High
|
||||
42 | File | `/tmp/ppd.trace` | High
|
||||
43 | File | `/user/inc/workidajax.php` | High
|
||||
44 | ... | ... | ...
|
||||
35 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
36 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
37 | File | `/reservation/add_message.php` | High
|
||||
38 | File | `/resources//../` | High
|
||||
39 | File | `/testConnection` | High
|
||||
40 | File | `/tmp/ppd.trace` | High
|
||||
41 | File | `/user/inc/workidajax.php` | High
|
||||
42 | File | `/user/updatePwd` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -49,15 +49,15 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
26 | [45.147.231.41](https://vuldb.com/?ip.45.147.231.41) | - | - | High
|
||||
27 | [46.20.33.76](https://vuldb.com/?ip.46.20.33.76) | - | - | High
|
||||
28 | [46.183.220.114](https://vuldb.com/?ip.46.183.220.114) | ip-220-114.dataclub.info | - | High
|
||||
29 | [46.183.223.64](https://vuldb.com/?ip.46.183.223.64) | ip-223-64.dataclub.info | - | High
|
||||
30 | [50.7.199.164](https://vuldb.com/?ip.50.7.199.164) | - | - | High
|
||||
31 | [51.254.21.25](https://vuldb.com/?ip.51.254.21.25) | ip25.ip-51-254-21.eu | - | High
|
||||
32 | [65.99.225.111](https://vuldb.com/?ip.65.99.225.111) | hv36svg168.neubox.net | - | High
|
||||
33 | [66.154.111.3](https://vuldb.com/?ip.66.154.111.3) | - | - | High
|
||||
34 | [67.215.4.74](https://vuldb.com/?ip.67.215.4.74) | - | - | High
|
||||
29 | [46.183.222.88](https://vuldb.com/?ip.46.183.222.88) | ip-222-88.dataclub.info | - | High
|
||||
30 | [46.183.223.64](https://vuldb.com/?ip.46.183.223.64) | ip-223-64.dataclub.info | - | High
|
||||
31 | [50.7.199.164](https://vuldb.com/?ip.50.7.199.164) | - | - | High
|
||||
32 | [51.254.21.25](https://vuldb.com/?ip.51.254.21.25) | ip25.ip-51-254-21.eu | - | High
|
||||
33 | [65.99.225.111](https://vuldb.com/?ip.65.99.225.111) | hv36svg168.neubox.net | - | High
|
||||
34 | [66.154.111.3](https://vuldb.com/?ip.66.154.111.3) | - | - | High
|
||||
35 | ... | ... | ... | ...
|
||||
|
||||
There are 135 more IOC items available. Please use our online service to access the data.
|
||||
There are 136 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -66,7 +66,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [IL](https://vuldb.com/?country.il)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -3976,14 +3976,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-25 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -3991,57 +3990,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/?setting-base.htm` | High
|
||||
2 | File | `/admin/action/delete-vaccine.php` | High
|
||||
3 | File | `/admin/borrow_add.php` | High
|
||||
4 | File | `/admin/controller/JobLogController.java` | High
|
||||
5 | File | `/admin/edit_teacher.php` | High
|
||||
6 | File | `/admin/index2.html` | High
|
||||
1 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
|
||||
2 | File | `/Account/login.php` | High
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/?setting-base.htm` | High
|
||||
5 | File | `/admin/action/delete-vaccine.php` | High
|
||||
6 | File | `/admin/list_resource_icon.php?action=delete` | High
|
||||
7 | File | `/admin/pages/edit_chicken.php` | High
|
||||
8 | File | `/admin/pages/student-print.php` | High
|
||||
9 | File | `/admin/read.php?mudi=announContent` | High
|
||||
10 | File | `/admin_route/inc_service_credits.php` | High
|
||||
11 | File | `/api/trackedEntityInstances` | High
|
||||
12 | File | `/api /v3/auth` | High
|
||||
13 | File | `/api/v4/teams//channels/deleted` | High
|
||||
14 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
15 | File | `/aux` | Low
|
||||
16 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
17 | File | `/bin/rc4_crypt` | High
|
||||
18 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
19 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
20 | File | `/cgi-bin/login.cgi` | High
|
||||
21 | File | `/cgi-bin/luci/api/switch` | High
|
||||
22 | File | `/cgi-bin/qcmap_auth` | High
|
||||
23 | File | `/change-language/de_DE` | High
|
||||
24 | File | `/config/getuser` | High
|
||||
25 | File | `/Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent` | High
|
||||
26 | File | `/core/admin/categories.php` | High
|
||||
27 | File | `/cupseasylive/taxstructuredisplay.php` | High
|
||||
28 | File | `/data/remove` | Medium
|
||||
29 | File | `/debug/pprof` | Medium
|
||||
30 | File | `/dede/sys_sql_query.php` | High
|
||||
31 | File | `/devinfo` | Medium
|
||||
32 | File | `/dist/index.js` | High
|
||||
33 | File | `/etc/passwd` | Medium
|
||||
34 | File | `/forum/away.php` | High
|
||||
35 | File | `/goform/goform_get_cmd_process` | High
|
||||
36 | File | `/hosts/firewall/ip` | High
|
||||
37 | File | `/index.php` | Medium
|
||||
38 | File | `/index.php/ccm/system/file/upload` | High
|
||||
39 | File | `/Interface/DevManage/VM.php` | High
|
||||
40 | File | `/log/decodmail.php` | High
|
||||
41 | File | `/login` | Low
|
||||
42 | File | `/logout` | Low
|
||||
43 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
44 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
45 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
||||
46 | File | `/php/ping.php` | High
|
||||
47 | File | `/register.do` | Medium
|
||||
48 | File | `/register.php` | High
|
||||
49 | ... | ... | ...
|
||||
10 | File | `/adminapi/system/crud` | High
|
||||
11 | File | `/adminapi/system/file/openfile` | High
|
||||
12 | File | `/admin_route/dec_service_credits.php` | High
|
||||
13 | File | `/admin_route/inc_service_credits.php` | High
|
||||
14 | File | `/api/v4/teams//channels/deleted` | High
|
||||
15 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
16 | File | `/application/index/controller/Icon.php` | High
|
||||
17 | File | `/assets/php/upload.php` | High
|
||||
18 | File | `/cancel.php` | Medium
|
||||
19 | File | `/category.php` | High
|
||||
20 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
21 | File | `/cgi-bin/login.cgi` | High
|
||||
22 | File | `/cupseasylive/taxstructuredisplay.php` | High
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/dede/sys_sql_query.php` | High
|
||||
25 | File | `/devinfo` | Medium
|
||||
26 | File | `/download` | Medium
|
||||
27 | File | `/edit.php` | Medium
|
||||
28 | File | `/etc/passwd` | Medium
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/general/attendance/manage/ask_duty/delete.php` | High
|
||||
31 | File | `/goform/net\_Web\_get_value` | High
|
||||
32 | File | `/index.jsp#settings` | High
|
||||
33 | File | `/index.php?pluginApp/to/yzOffice/getFile` | High
|
||||
34 | File | `/Interface/DevManage/VM.php` | High
|
||||
35 | File | `/logout` | Low
|
||||
36 | File | `/myprofile.php` | High
|
||||
37 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
||||
38 | File | `/protocol/index.php` | High
|
||||
39 | File | `/public/admin/profile/update.html` | High
|
||||
40 | File | `/Setting/change_password_save` | High
|
||||
41 | File | `/signup.php` | Medium
|
||||
42 | File | `/st_reg.php` | Medium
|
||||
43 | File | `/supplier.php` | High
|
||||
44 | File | `/system/role/list` | High
|
||||
45 | File | `/system/traceLog/page` | High
|
||||
46 | File | `/uploads/` | Medium
|
||||
47 | File | `/uploads/tags.php` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 427 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 421 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -40,16 +40,17 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
10 | [34.154.74.85](https://vuldb.com/?ip.34.154.74.85) | 85.74.154.34.bc.googleusercontent.com | - | Medium
|
||||
11 | [34.200.207.31](https://vuldb.com/?ip.34.200.207.31) | ec2-34-200-207-31.compute-1.amazonaws.com | - | Medium
|
||||
12 | [37.19.196.108](https://vuldb.com/?ip.37.19.196.108) | unn-37-19-196-108.datapacket.com | - | High
|
||||
13 | [43.230.131.138](https://vuldb.com/?ip.43.230.131.138) | srv1.nusadatacenter.com | - | High
|
||||
14 | [45.33.8.30](https://vuldb.com/?ip.45.33.8.30) | 45-33-8-30.ip.linodeusercontent.com | - | High
|
||||
15 | [45.142.215.180](https://vuldb.com/?ip.45.142.215.180) | connectoms.host | - | High
|
||||
16 | [45.156.25.78](https://vuldb.com/?ip.45.156.25.78) | - | - | High
|
||||
17 | [46.166.133.164](https://vuldb.com/?ip.46.166.133.164) | cybersubtitles.com | - | High
|
||||
18 | [47.87.211.157](https://vuldb.com/?ip.47.87.211.157) | - | - | High
|
||||
19 | [50.17.5.224](https://vuldb.com/?ip.50.17.5.224) | ec2-50-17-5-224.compute-1.amazonaws.com | - | Medium
|
||||
20 | ... | ... | ... | ...
|
||||
13 | [37.49.228.234](https://vuldb.com/?ip.37.49.228.234) | - | - | High
|
||||
14 | [43.230.131.138](https://vuldb.com/?ip.43.230.131.138) | srv1.nusadatacenter.com | - | High
|
||||
15 | [45.33.8.30](https://vuldb.com/?ip.45.33.8.30) | 45-33-8-30.ip.linodeusercontent.com | - | High
|
||||
16 | [45.142.215.180](https://vuldb.com/?ip.45.142.215.180) | connectoms.host | - | High
|
||||
17 | [45.156.25.78](https://vuldb.com/?ip.45.156.25.78) | - | - | High
|
||||
18 | [46.166.133.164](https://vuldb.com/?ip.46.166.133.164) | cybersubtitles.com | - | High
|
||||
19 | [47.87.211.157](https://vuldb.com/?ip.47.87.211.157) | - | - | High
|
||||
20 | [50.17.5.224](https://vuldb.com/?ip.50.17.5.224) | ec2-50-17-5-224.compute-1.amazonaws.com | - | Medium
|
||||
21 | ... | ... | ... | ...
|
||||
|
||||
There are 75 more IOC items available. Please use our online service to access the data.
|
||||
There are 80 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -59,7 +60,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
@ -90,62 +91,59 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `/apply.cgi` | Medium
|
||||
17 | File | `/artist-display.php` | High
|
||||
18 | File | `/be/erpc.php` | Medium
|
||||
19 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
20 | File | `/booking/show_bookings/` | High
|
||||
21 | File | `/cgi-bin/ping.cgi` | High
|
||||
22 | File | `/config/list` | Medium
|
||||
23 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
24 | File | `/controller/Index.php` | High
|
||||
25 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
26 | File | `/coreframe/app/order/admin/card.php` | High
|
||||
27 | File | `/csms/?page=contact_us` | High
|
||||
28 | File | `/dashboard/add-portfolio.php` | High
|
||||
29 | File | `/dashboard/add-service.php` | High
|
||||
30 | File | `/data/app` | Medium
|
||||
31 | File | `/dede/group_store.php` | High
|
||||
32 | File | `/dipam/athlete-profile.php` | High
|
||||
33 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
34 | File | `/edit-db.php` | Medium
|
||||
35 | File | `/etc/gsissh/sshd_config` | High
|
||||
36 | File | `/etc/sudoers` | Medium
|
||||
37 | File | `/forum/away.php` | High
|
||||
38 | File | `/forum/PostPrivateMessage` | High
|
||||
39 | File | `/forums.php?action=post` | High
|
||||
40 | File | `/general/attendance/manage/ask_duty/delete.php` | High
|
||||
41 | File | `/general/email/outbox/delete.php` | High
|
||||
42 | File | `/goform/WifiBasicSet` | High
|
||||
43 | File | `/include/chart_generator.php` | High
|
||||
44 | File | `/index1.html` | Medium
|
||||
45 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
|
||||
46 | File | `/items/view_item.php` | High
|
||||
47 | File | `/LEPTON_stable_2.2.2/upload/admins/media/index.php` | High
|
||||
48 | File | `/lilac/main.php` | High
|
||||
49 | File | `/list.php` | Medium
|
||||
50 | File | `/login.php` | Medium
|
||||
51 | File | `/login/index.php` | High
|
||||
52 | File | `/mc` | Low
|
||||
53 | File | `/mims/login.php` | High
|
||||
54 | File | `/mkshop/Men/profile.php` | High
|
||||
55 | File | `/module/admin_bp/add_application.php` | High
|
||||
56 | File | `/module/report_event/index.php` | High
|
||||
57 | File | `/modules/profile/index.php` | High
|
||||
58 | File | `/Moosikay/order.php` | High
|
||||
59 | File | `/news-portal-script/information.php` | High
|
||||
60 | File | `/out.php` | Medium
|
||||
61 | File | `/php-opos/index.php` | High
|
||||
62 | File | `/preview.php` | Medium
|
||||
63 | File | `/public/launchNewWindow.jsp` | High
|
||||
64 | File | `/QueryView.php` | High
|
||||
65 | File | `/RestAPI` | Medium
|
||||
66 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
67 | File | `/royal_event/companyprofile.php` | High
|
||||
68 | File | `/search.php` | Medium
|
||||
69 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
70 | File | `/see_more_details.php` | High
|
||||
71 | File | `/server-status` | High
|
||||
72 | ... | ... | ...
|
||||
19 | File | `/bin/ate` | Medium
|
||||
20 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
21 | File | `/booking/show_bookings/` | High
|
||||
22 | File | `/cgi-bin/ping.cgi` | High
|
||||
23 | File | `/config/list` | Medium
|
||||
24 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
25 | File | `/controller/Index.php` | High
|
||||
26 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
27 | File | `/coreframe/app/order/admin/card.php` | High
|
||||
28 | File | `/csms/?page=contact_us` | High
|
||||
29 | File | `/dashboard/add-portfolio.php` | High
|
||||
30 | File | `/dashboard/add-service.php` | High
|
||||
31 | File | `/data/app` | Medium
|
||||
32 | File | `/dede/group_store.php` | High
|
||||
33 | File | `/dipam/athlete-profile.php` | High
|
||||
34 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
35 | File | `/edit-db.php` | Medium
|
||||
36 | File | `/etc/gsissh/sshd_config` | High
|
||||
37 | File | `/etc/sudoers` | Medium
|
||||
38 | File | `/forum/away.php` | High
|
||||
39 | File | `/forum/PostPrivateMessage` | High
|
||||
40 | File | `/forums.php?action=post` | High
|
||||
41 | File | `/general/attendance/manage/ask_duty/delete.php` | High
|
||||
42 | File | `/general/email/outbox/delete.php` | High
|
||||
43 | File | `/goform/WifiBasicSet` | High
|
||||
44 | File | `/include/chart_generator.php` | High
|
||||
45 | File | `/index1.html` | Medium
|
||||
46 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
|
||||
47 | File | `/items/view_item.php` | High
|
||||
48 | File | `/LEPTON_stable_2.2.2/upload/admins/media/index.php` | High
|
||||
49 | File | `/lilac/main.php` | High
|
||||
50 | File | `/list.php` | Medium
|
||||
51 | File | `/login.php` | Medium
|
||||
52 | File | `/login/index.php` | High
|
||||
53 | File | `/mc` | Low
|
||||
54 | File | `/mims/login.php` | High
|
||||
55 | File | `/mkshop/Men/profile.php` | High
|
||||
56 | File | `/module/admin_bp/add_application.php` | High
|
||||
57 | File | `/module/report_event/index.php` | High
|
||||
58 | File | `/modules/profile/index.php` | High
|
||||
59 | File | `/Moosikay/order.php` | High
|
||||
60 | File | `/news-portal-script/information.php` | High
|
||||
61 | File | `/out.php` | Medium
|
||||
62 | File | `/php-opos/index.php` | High
|
||||
63 | File | `/preview.php` | Medium
|
||||
64 | File | `/public/launchNewWindow.jsp` | High
|
||||
65 | File | `/QueryView.php` | High
|
||||
66 | File | `/RestAPI` | Medium
|
||||
67 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
68 | File | `/royal_event/companyprofile.php` | High
|
||||
69 | ... | ... | ...
|
||||
|
||||
There are 631 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 605 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -154,6 +152,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://1275.ru/ioc/254/gs-002-agent-tesla-spyware-iocs/
|
||||
* https://1275.ru/ioc/310/gs-032-agent-tesla-spyware-iocs/
|
||||
* https://app.any.run/tasks/5f20b5d1-d039-48cb-8481-f3c451d8bcf0/#
|
||||
* https://app.any.run/tasks/7a81253d-98e4-45d4-a009-098b7c19b992
|
||||
* https://app.any.run/tasks/91b72945-2a21-4e9e-98c5-132ed8d15714/
|
||||
* https://app.any.run/tasks/126973bd-0df8-408d-85ae-913ba5c53612/#
|
||||
* https://asec.ahnlab.com/en/31083/
|
||||
|
@ -191,6 +190,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://twitter.com/Tac_Mangusta/status/1659190159789916160
|
||||
* https://www.cyber45.com
|
||||
* https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant
|
||||
* https://www.virustotal.com/gui/file/6ade497b4a45a2c4688ac69fe2ae146c721db3cf8d82df9b5ca40b4614ad62b7/relations
|
||||
* https://www.zscaler.com/blogs/security-research/agent-tesla-rat-delivered-quantum-builder-new-ttps
|
||||
* https://www.zscaler.com/blogs/security-research/threat-actors-exploit-cve-2017-11882-deliver-agent-tesla
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [UA](https://vuldb.com/?country.ua)
|
||||
* [ZW](https://vuldb.com/?country.zw)
|
||||
* [SN](https://vuldb.com/?country.sn)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
@ -34,9 +34,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1068 | CWE-264, CWE-269 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
@ -65,7 +65,7 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `checklogin.php` | High
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 125 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 127 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
|
|
@ -161,13 +161,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -175,40 +175,33 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin_ping.htm` | High
|
||||
2 | File | `/app/index/controller/Common.php` | High
|
||||
3 | File | `/application/index/controller/Databasesource.php` | High
|
||||
4 | File | `/application/index/controller/Icon.php` | High
|
||||
5 | File | `/application/index/controller/Screen.php` | High
|
||||
6 | File | `/application/plugins/controller/Upload.php` | High
|
||||
7 | File | `/boafrm/formMapDelDevice` | High
|
||||
8 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
9 | File | `/core/redirect` | High
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/goform/WifiMacFilterGet` | High
|
||||
12 | File | `/goform/wifiSSIDset` | High
|
||||
13 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
14 | File | `/login` | Low
|
||||
15 | File | `/obj/utilisateur.class.php` | High
|
||||
16 | File | `/opt/fs/redisraft/deps/hiredis/alloc.c` | High
|
||||
17 | File | `/public/login.htm` | High
|
||||
18 | File | `/resources//../` | High
|
||||
19 | File | `/SysInfo1.htm` | High
|
||||
20 | File | `/travel-journal/write-journal.php` | High
|
||||
21 | File | `/v1/sql-runner` | High
|
||||
22 | File | `admin-ajax.php` | High
|
||||
23 | File | `admin.php` | Medium
|
||||
24 | File | `admin/inc/auth.inc.php` | High
|
||||
25 | File | `admin/index.php` | High
|
||||
26 | File | `afd.sys` | Low
|
||||
27 | File | `ajax/telemetry.php` | High
|
||||
28 | File | `app/plug/controller/giftcontroller.php` | High
|
||||
29 | File | `apply.cgi` | Medium
|
||||
30 | File | `articlesdetails.php` | High
|
||||
31 | File | `AscoServer.exe` | High
|
||||
32 | ... | ... | ...
|
||||
1 | File | `/admin.php` | Medium
|
||||
2 | File | `/admin/index.php` | High
|
||||
3 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
4 | File | `/admin/orders/view_order.php` | High
|
||||
5 | File | `/api /v3/auth` | High
|
||||
6 | File | `/apps/reg_go.php` | High
|
||||
7 | File | `/billing/bill/edit/` | High
|
||||
8 | File | `/bin/sh` | Low
|
||||
9 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
10 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
11 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/classes/Login.php` | High
|
||||
14 | File | `/classes/Users.php` | High
|
||||
15 | File | `/data/remove` | Medium
|
||||
16 | File | `/Employer/EditProfile.php` | High
|
||||
17 | File | `/goform/` | Medium
|
||||
18 | File | `/goform/SetStaticRouteCfg` | High
|
||||
19 | File | `/h/autoSaveDraft` | High
|
||||
20 | File | `/home.php` | Medium
|
||||
21 | File | `/Home/Index` | Medium
|
||||
22 | File | `/index.php` | Medium
|
||||
23 | File | `/member/chat.php` | High
|
||||
24 | File | `/member/member_edit.php` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 213 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
# Almaq - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Almaq](https://vuldb.com/?actor.almaq). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.almaq](https://vuldb.com/?actor.almaq)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Almaq:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Almaq.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [41.44.220.146](https://vuldb.com/?ip.41.44.220.146) | host-41.44.220.146.tedata.net | - | High
|
||||
2 | [150.200.11.101](https://vuldb.com/?ip.150.200.11.101) | - | - | High
|
||||
3 | [156.196.225.40](https://vuldb.com/?ip.156.196.225.40) | host-156.196.40.225-static.tedata.net | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Almaq_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://decoded.avast.io/romanalinkeova/whats-new-in-this-years-almanaq/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [IL](https://vuldb.com/?country.il)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -69,9 +69,11 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
46 | [49.12.117.51](https://vuldb.com/?ip.49.12.117.51) | static.51.117.12.49.clients.your-server.de | - | High
|
||||
47 | [49.13.60.242](https://vuldb.com/?ip.49.13.60.242) | static.242.60.13.49.clients.your-server.de | - | High
|
||||
48 | [51.15.226.0](https://vuldb.com/?ip.51.15.226.0) | 0-226-15-51.instances.scw.cloud | - | High
|
||||
49 | ... | ... | ... | ...
|
||||
49 | [51.81.69.127](https://vuldb.com/?ip.51.81.69.127) | ip127.ip-51-81-69.us | - | High
|
||||
50 | [62.182.156.152](https://vuldb.com/?ip.62.182.156.152) | - | - | High
|
||||
51 | ... | ... | ... | ...
|
||||
|
||||
There are 194 more IOC items available. Please use our online service to access the data.
|
||||
There are 200 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -79,15 +81,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-36, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -95,52 +96,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/admin/action/delete-vaccine.php` | High
|
||||
4 | File | `/admin/controller/JobLogController.java` | High
|
||||
5 | File | `/admin/index2.html` | High
|
||||
6 | File | `/admin_route/dec_service_credits.php` | High
|
||||
7 | File | `/api/admin/system/store/order/list` | High
|
||||
1 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
|
||||
2 | File | `/Account/login.php` | High
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/action/delete-vaccine.php` | High
|
||||
5 | File | `/adminapi/system/crud` | High
|
||||
6 | File | `/adminapi/system/file/openfile` | High
|
||||
7 | File | `/admin_route/dec_service_credits.php` | High
|
||||
8 | File | `/api/trackedEntityInstances` | High
|
||||
9 | File | `/api/v4/teams//channels/deleted` | High
|
||||
10 | File | `/app/index/controller/Common.php` | High
|
||||
11 | File | `/aux` | Low
|
||||
12 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
13 | File | `/change-language/de_DE` | High
|
||||
14 | File | `/data/remove` | Medium
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/devinfo` | Medium
|
||||
17 | File | `/dist/index.js` | High
|
||||
18 | File | `/etc/passwd` | Medium
|
||||
19 | File | `/forms/doLogin` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/geoserver/gwc/rest.html` | High
|
||||
22 | File | `/goform/formSysCmd` | High
|
||||
23 | File | `/hosts/firewall/ip` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/index.php/ccm/system/file/upload` | High
|
||||
26 | File | `/listplace/user/ticket/create` | High
|
||||
27 | File | `/log/decodmail.php` | High
|
||||
28 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
29 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
30 | File | `/novel/author/list` | High
|
||||
31 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
32 | File | `/php/ping.php` | High
|
||||
33 | File | `/qsr_server/device/reboot` | High
|
||||
34 | File | `/s/index.php?action=statistics` | High
|
||||
35 | File | `/setting` | Medium
|
||||
36 | File | `/spip.php` | Medium
|
||||
37 | File | `/st_reg.php` | Medium
|
||||
38 | File | `/supplier.php` | High
|
||||
39 | File | `/system/role/list` | High
|
||||
40 | File | `/testConnection` | High
|
||||
41 | File | `/tmp/ppd.trace` | High
|
||||
42 | File | `/TMS/admin/setting/mail/createorupdate` | High
|
||||
43 | File | `/upload/ueditorConfig?action=config` | High
|
||||
44 | ... | ... | ...
|
||||
11 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
12 | File | `/aux` | Low
|
||||
13 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
14 | File | `/cancel.php` | Medium
|
||||
15 | File | `/category.php` | High
|
||||
16 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
17 | File | `/change-language/de_DE` | High
|
||||
18 | File | `/data/remove` | Medium
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/devinfo` | Medium
|
||||
21 | File | `/dist/index.js` | High
|
||||
22 | File | `/download` | Medium
|
||||
23 | File | `/etc/passwd` | Medium
|
||||
24 | File | `/forms/doLogin` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/goform/net\_Web\_get_value` | High
|
||||
27 | File | `/hosts/firewall/ip` | High
|
||||
28 | File | `/index.jsp#settings` | High
|
||||
29 | File | `/index.php` | Medium
|
||||
30 | File | `/index.php/ccm/system/file/upload` | High
|
||||
31 | File | `/log/decodmail.php` | High
|
||||
32 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
33 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
34 | File | `/novel/author/list` | High
|
||||
35 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
36 | File | `/php/ping.php` | High
|
||||
37 | File | `/protocol/log/listloginfo.php` | High
|
||||
38 | File | `/qsr_server/device/reboot` | High
|
||||
39 | File | `/s/index.php?action=statistics` | High
|
||||
40 | File | `/Setting/change_password_save` | High
|
||||
41 | File | `/signup.php` | Medium
|
||||
42 | File | `/src/dede/vote_edit.php` | High
|
||||
43 | File | `/st_reg.php` | Medium
|
||||
44 | File | `/supplier.php` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 377 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -161,6 +163,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://app.any.run/tasks/db77c945-c2ff-4e5f-9d37-b105606ed03b
|
||||
* https://app.any.run/tasks/dd17daee-32a4-494b-b8d9-c5e6d5b03cae
|
||||
* https://app.any.run/tasks/fe542fd3-fec4-468e-b9bf-48639f5e1d4a
|
||||
* https://asec.ahnlab.com/en/47925/
|
||||
* https://asec.ahnlab.com/en/50952/
|
||||
* https://cofense.com/new-phishing-campaign-targets-u-s-taxpayers-dropping-amadey-botnet/
|
||||
* https://exchange.xforce.ibmcloud.com/report/details/guid:ee0b820692aebf95a376e6deb70d0fa9
|
||||
* https://ioc.exchange/@GustyDusty@infosec.exchange/110978626602393961
|
||||
|
@ -240,10 +244,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://tracker.viriback.com/index.php?q=87.121.47.63
|
||||
* https://tracker.viriback.com/index.php?q=88.218.60.230
|
||||
* https://tracker.viriback.com/index.php?q=91.92.247.16
|
||||
* https://tracker.viriback.com/index.php?q=91.92.251.16
|
||||
* https://tracker.viriback.com/index.php?q=91.215.85.194
|
||||
* https://tracker.viriback.com/index.php?q=94.142.138.182
|
||||
* https://tracker.viriback.com/index.php?q=95.141.41.12
|
||||
* https://tracker.viriback.com/index.php?q=95.214.26.53
|
||||
* https://tracker.viriback.com/index.php?q=147.45.47.35
|
||||
* https://tracker.viriback.com/index.php?q=167.235.20.126
|
||||
* https://tracker.viriback.com/index.php?q=176.113.115.253
|
||||
* https://tracker.viriback.com/index.php?q=179.43.154.148
|
||||
|
@ -267,11 +273,14 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://tracker.viriback.com/index.php?q=193.233.20.29
|
||||
* https://tracker.viriback.com/index.php?q=193.233.20.36
|
||||
* https://tracker.viriback.com/index.php?q=193.233.132.73
|
||||
* https://tracker.viriback.com/index.php?q=194.87.71.43
|
||||
* https://tracker.viriback.com/index.php?q=212.113.119.255
|
||||
* https://tracker.viriback.com/index.php?q=212.118.43.106
|
||||
* https://tracker.viriback.com/index.php?q=213.226.123.14
|
||||
* https://tracker.viriback.com/index.php?q=213.226.123.16
|
||||
* https://tria.ge/230730-23lybsbf53/behavioral2
|
||||
* https://tria.ge/240324-x2sx2aac3w/behavioral1
|
||||
* https://twitter.com/banthisguy9349/status/1769999255228367090
|
||||
* https://urlhaus.abuse.ch/url/2739361/
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -44,7 +44,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
|
|
@ -38,9 +38,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
@ -83,42 +83,43 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `/recordings/index.php` | High
|
||||
30 | File | `/see_more_details.php` | High
|
||||
31 | File | `/show_news.php` | High
|
||||
32 | File | `/tmp/before` | Medium
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/updownload/t.report` | High
|
||||
35 | File | `/user.profile.php` | High
|
||||
36 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
37 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
38 | File | `/wp-admin` | Medium
|
||||
39 | File | `/wp-admin/admin-ajax.php` | High
|
||||
40 | File | `4.2.0.CP09` | Medium
|
||||
41 | File | `account.asp` | Medium
|
||||
42 | File | `adclick.php` | Medium
|
||||
43 | File | `adm/systools.asp` | High
|
||||
44 | File | `admin.php` | Medium
|
||||
45 | File | `admin/admin.shtml` | High
|
||||
46 | File | `Admin/ADM_Pagina.php` | High
|
||||
47 | File | `admin/category.inc.php` | High
|
||||
48 | File | `admin/main.asp` | High
|
||||
49 | File | `admin/param/param_func.inc.php` | High
|
||||
50 | File | `admin/y_admin.asp` | High
|
||||
51 | File | `adminer.php` | Medium
|
||||
52 | File | `administration/admins.php` | High
|
||||
53 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
54 | File | `admin_ok.asp` | Medium
|
||||
55 | File | `album_portal.php` | High
|
||||
56 | File | `app/Core/Paginator.php` | High
|
||||
57 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
58 | File | `artlinks.dispnew.php` | High
|
||||
59 | File | `auth.php` | Medium
|
||||
60 | File | `awstats.pl` | Medium
|
||||
61 | File | `bin/named/query.c` | High
|
||||
62 | File | `blank.php` | Medium
|
||||
63 | File | `blocklayered-ajax.php` | High
|
||||
64 | File | `blogger-importer.php` | High
|
||||
65 | ... | ... | ...
|
||||
32 | File | `/student/bookdetails.php` | High
|
||||
33 | File | `/tmp/before` | Medium
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/updownload/t.report` | High
|
||||
36 | File | `/user.profile.php` | High
|
||||
37 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
38 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
39 | File | `/wp-admin` | Medium
|
||||
40 | File | `/wp-admin/admin-ajax.php` | High
|
||||
41 | File | `4.2.0.CP09` | Medium
|
||||
42 | File | `account.asp` | Medium
|
||||
43 | File | `adclick.php` | Medium
|
||||
44 | File | `adm/systools.asp` | High
|
||||
45 | File | `admin.php` | Medium
|
||||
46 | File | `admin/admin.shtml` | High
|
||||
47 | File | `Admin/ADM_Pagina.php` | High
|
||||
48 | File | `admin/category.inc.php` | High
|
||||
49 | File | `admin/main.asp` | High
|
||||
50 | File | `admin/param/param_func.inc.php` | High
|
||||
51 | File | `admin/y_admin.asp` | High
|
||||
52 | File | `adminer.php` | Medium
|
||||
53 | File | `administration/admins.php` | High
|
||||
54 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
55 | File | `admin_ok.asp` | Medium
|
||||
56 | File | `album_portal.php` | High
|
||||
57 | File | `app/Core/Paginator.php` | High
|
||||
58 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
59 | File | `artlinks.dispnew.php` | High
|
||||
60 | File | `auth.php` | Medium
|
||||
61 | File | `awstats.pl` | Medium
|
||||
62 | File | `bin/named/query.c` | High
|
||||
63 | File | `blank.php` | Medium
|
||||
64 | File | `blocklayered-ajax.php` | High
|
||||
65 | File | `blogger-importer.php` | High
|
||||
66 | ... | ... | ...
|
||||
|
||||
There are 567 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 577 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -138,4 +139,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -44,14 +44,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-36, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -60,52 +60,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/admin/save.php` | High
|
||||
3 | File | `/admin/sys_sql_query.php` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/api/download` | High
|
||||
6 | File | `/api/v1/alerts` | High
|
||||
7 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
8 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
9 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
10 | File | `/category.php` | High
|
||||
11 | File | `/categorypage.php` | High
|
||||
12 | File | `/category_view.php` | High
|
||||
13 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
14 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
15 | File | `/company/store` | High
|
||||
16 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
17 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
18 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/etc/passwd` | Medium
|
||||
21 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/geoserver/gwc/rest.html` | High
|
||||
24 | File | `/goform/formSysCmd` | High
|
||||
25 | File | `/h/` | Low
|
||||
26 | File | `/HNAP1` | Low
|
||||
27 | File | `/hosts/firewall/ip` | High
|
||||
28 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
29 | File | `/index.php/ccm/system/file/upload` | High
|
||||
30 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
31 | File | `/index.php?page=category_list` | High
|
||||
32 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
33 | File | `/jobinfo/` | Medium
|
||||
34 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
35 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
36 | File | `/php/ping.php` | High
|
||||
37 | File | `/PreviewHandler.ashx` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/recipe-result` | High
|
||||
40 | File | `/register.do` | Medium
|
||||
41 | File | `/RPS2019Service/status.html` | High
|
||||
42 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
43 | File | `/setting` | Medium
|
||||
44 | File | `/sicweb-ajax/tmproot/` | High
|
||||
45 | ... | ... | ...
|
||||
2 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
|
||||
3 | File | `/Account/login.php` | High
|
||||
4 | File | `/admin/` | Low
|
||||
5 | File | `/admin/save.php` | High
|
||||
6 | File | `/adminapi/system/crud` | High
|
||||
7 | File | `/adminapi/system/file/openfile` | High
|
||||
8 | File | `/admin_route/dec_service_credits.php` | High
|
||||
9 | File | `/api/baskets/{name}` | High
|
||||
10 | File | `/api/download` | High
|
||||
11 | File | `/api/v1/alerts` | High
|
||||
12 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
13 | File | `/api/v4/teams//channels/deleted` | High
|
||||
14 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
15 | File | `/cancel.php` | Medium
|
||||
16 | File | `/category.php` | High
|
||||
17 | File | `/categorypage.php` | High
|
||||
18 | File | `/category_view.php` | High
|
||||
19 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
20 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
21 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
22 | File | `/change-language/de_DE` | High
|
||||
23 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
24 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/devinfo` | Medium
|
||||
27 | File | `/dist/index.js` | High
|
||||
28 | File | `/download` | Medium
|
||||
29 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
30 | File | `/forum/away.php` | High
|
||||
31 | File | `/geoserver/gwc/rest.html` | High
|
||||
32 | File | `/goform/formSysCmd` | High
|
||||
33 | File | `/HNAP1` | Low
|
||||
34 | File | `/hosts/firewall/ip` | High
|
||||
35 | File | `/index.jsp#settings` | High
|
||||
36 | File | `/index.php/ccm/system/file/upload` | High
|
||||
37 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
38 | File | `/log/decodmail.php` | High
|
||||
39 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
40 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
41 | File | `/php/ping.php` | High
|
||||
42 | File | `/proxy` | Low
|
||||
43 | File | `/register.do` | Medium
|
||||
44 | File | `/RPS2019Service/status.html` | High
|
||||
45 | File | `/s/index.php?action=statistics` | High
|
||||
46 | File | `/setting` | Medium
|
||||
47 | File | `/Setting/change_password_save` | High
|
||||
48 | File | `/sicweb-ajax/tmproot/` | High
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 425 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -123,4 +127,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -32,7 +32,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -67,4 +67,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
# AnyDesk - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AnyDesk](https://vuldb.com/?actor.anydesk). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.anydesk](https://vuldb.com/?actor.anydesk)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AnyDesk:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [TK](https://vuldb.com/?country.tk)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AnyDesk.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [52.89.196.49](https://vuldb.com/?ip.52.89.196.49) | ec2-52-89-196-49.us-west-2.compute.amazonaws.com | - | Medium
|
||||
2 | [185.29.9.162](https://vuldb.com/?ip.185.29.9.162) | se1.encryptedconnection.info | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AnyDesk_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AnyDesk. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/goform/SetNetControlList` | High
|
||||
2 | File | `/index.php/newsletter/subscriber/new/` | High
|
||||
3 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 19 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -36,9 +36,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -17,7 +17,9 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [193.233.134.57](https://vuldb.com/?ip.193.233.134.57) | instance25143.waicore.network | - | High
|
||||
1 | [45.80.69.193](https://vuldb.com/?ip.45.80.69.193) | - | - | High
|
||||
2 | [193.168.49.8](https://vuldb.com/?ip.193.168.49.8) | - | - | High
|
||||
3 | [193.233.134.57](https://vuldb.com/?ip.193.233.134.57) | instance25143.waicore.network | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -41,6 +43,7 @@ ID | Type | Indicator | Confidence
|
|||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://app.any.run/tasks/8533cc82-138a-4971-8bcf-a36656a14278
|
||||
* https://cyble.com/blog/citrix-users-at-risk-aresloader-spreading-through-disguised-gitlab-repo/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -54,15 +54,15 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `addguest.cgi` | Medium
|
||||
2 | File | `add_comment.php` | High
|
||||
3 | File | `admin/index.php` | High
|
||||
4 | File | `api_jsonrpc.php` | High
|
||||
5 | File | `cloud.php` | Medium
|
||||
6 | File | `data/gbconfiguration.dat` | High
|
||||
1 | File | `/forum/away.php` | High
|
||||
2 | File | `addguest.cgi` | Medium
|
||||
3 | File | `add_comment.php` | High
|
||||
4 | File | `admin/index.php` | High
|
||||
5 | File | `api_jsonrpc.php` | High
|
||||
6 | File | `cloud.php` | Medium
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 43 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 45 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
|
|
|
@ -60,7 +60,7 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `act.php` | Low
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 66 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 67 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Armor Piercer:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -35,7 +35,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -59,7 +59,7 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/sysinfo_json.cgi` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 81 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Asia Unknown:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -24961,13 +24961,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29 | Path Traversal | High
|
||||
2 | T1055 | CWE-74, CWE-643 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -24975,40 +24976,82 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/Account/login.php` | High
|
||||
2 | File | `/admin/` | Low
|
||||
3 | File | `/admin/app/product.php` | High
|
||||
4 | File | `/admin/app/profile_crud.php` | High
|
||||
5 | File | `/admin/app/service_crud.php` | High
|
||||
6 | File | `/admin/edit-admin.php` | High
|
||||
7 | File | `/admin/edit_categories.php` | High
|
||||
8 | File | `/admin/edit_supplier.php` | High
|
||||
9 | File | `/admin/index2.html` | High
|
||||
10 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
11 | File | `/admin/list_localuser.php` | High
|
||||
12 | File | `/admin/login.php` | High
|
||||
13 | File | `/Admin/login.php` | High
|
||||
14 | File | `/admin/operations/expense_category.php` | High
|
||||
15 | File | `/admin/orders/view_order.php` | High
|
||||
16 | File | `/adminapi/system/crud` | High
|
||||
17 | File | `/adminapi/system/file/openfile` | High
|
||||
18 | File | `/api /v3/auth` | High
|
||||
19 | File | `/app/ajax/search_sales_report.php` | High
|
||||
20 | File | `/app/controller/Setup.php` | High
|
||||
21 | File | `/application/index/controller/Databasesource.php` | High
|
||||
22 | File | `/application/index/controller/File.php` | High
|
||||
23 | File | `/application/index/controller/Icon.php` | High
|
||||
24 | File | `/application/index/controller/Screen.php` | High
|
||||
25 | File | `/application/index/controller/Unity.php` | High
|
||||
26 | File | `/application/websocket/controller/Setting.php` | High
|
||||
27 | File | `/cancel.php` | Medium
|
||||
28 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
29 | File | `/common/dict/list` | High
|
||||
30 | File | `/dashboard/Cinvoice/manage_invoice` | High
|
||||
31 | File | `/dashboard/message` | High
|
||||
32 | ... | ... | ...
|
||||
1 | File | `/add_classes.php` | High
|
||||
2 | File | `/add_members.php` | High
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/admin/aboutus.php` | High
|
||||
5 | File | `/admin/action/add_con.php` | High
|
||||
6 | File | `/admin/action/delete-vaccine.php` | High
|
||||
7 | File | `/admin/action/update-deworm.php` | High
|
||||
8 | File | `/Admin/add-admin.php` | High
|
||||
9 | File | `/admin/admin-profile.php` | High
|
||||
10 | File | `/admin/admin.php` | High
|
||||
11 | File | `/admin/applicants/controller.php` | High
|
||||
12 | File | `/admin/applicants/index.php` | High
|
||||
13 | File | `/admin/application-bwdates-reports-details.php` | High
|
||||
14 | File | `/admin/bookdate.php` | High
|
||||
15 | File | `/admin/booking-bwdates-reports-details.php` | High
|
||||
16 | File | `/admin/booking-search.php` | High
|
||||
17 | File | `/admin/booktime.php` | High
|
||||
18 | File | `/admin/category/controller.php` | High
|
||||
19 | File | `/admin/category/index.php` | High
|
||||
20 | File | `/admin/communitymanagement.php` | High
|
||||
21 | File | `/admin/company/controller.php` | High
|
||||
22 | File | `/admin/company/index.php` | High
|
||||
23 | File | `/admin/contact-us.php` | High
|
||||
24 | File | `/admin/contactus.php` | High
|
||||
25 | File | `/admin/employee/controller.php` | High
|
||||
26 | File | `/admin/employee/index.php` | High
|
||||
27 | File | `/admin/forgot-password.php` | High
|
||||
28 | File | `/admin/index.php` | High
|
||||
29 | File | `/admin/list_resource_icon.php?action=delete` | High
|
||||
30 | File | `/admin/login.php` | High
|
||||
31 | File | `/admin/maintenance/manage_category.php` | High
|
||||
32 | File | `/admin/manage-students.php` | High
|
||||
33 | File | `/admin/menu/toEdit` | High
|
||||
34 | File | `/admin/operations/expense_category.php` | High
|
||||
35 | File | `/admin/pages/edit_chicken.php` | High
|
||||
36 | File | `/admin/pages/student-print.php` | High
|
||||
37 | File | `/admin/pages/update_go.php` | High
|
||||
38 | File | `/admin/search.php` | High
|
||||
39 | File | `/admin/singlelogin.php` | High
|
||||
40 | File | `/admin/success_story.php` | High
|
||||
41 | File | `/admin/user-search.php` | High
|
||||
42 | File | `/admin/user/controller.php` | High
|
||||
43 | File | `/admin/user/index.php` | High
|
||||
44 | File | `/admin/users.php` | High
|
||||
45 | File | `/admin/vacancy/controller.php` | High
|
||||
46 | File | `/admin/vacancy/index.php` | High
|
||||
47 | File | `/adminpanel/admin/facebox_modal/updateCourse.php` | High
|
||||
48 | File | `/adminpanel/admin/facebox_modal/updateExaminee.php` | High
|
||||
49 | File | `/admin_route/dec_service_credits.php` | High
|
||||
50 | File | `/admin_route/inc_service_credits.php` | High
|
||||
51 | File | `/api.php` | Medium
|
||||
52 | File | `/api/client/editemedia.php` | High
|
||||
53 | File | `/api/sys/login` | High
|
||||
54 | File | `/api/sys/set_passwd` | High
|
||||
55 | File | `/api/v1/toolbox/device/update/swap` | High
|
||||
56 | File | `/app/admin/controller/Upload.php` | High
|
||||
57 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
58 | File | `/app/index/controller/Common.php` | High
|
||||
59 | File | `/application/index/common.php` | High
|
||||
60 | File | `/application/index/controller/Databasesource.php` | High
|
||||
61 | File | `/application/index/controller/Datament.php` | High
|
||||
62 | File | `/application/index/controller/File.php` | High
|
||||
63 | File | `/application/index/controller/Icon.php` | High
|
||||
64 | File | `/application/index/controller/Screen.php` | High
|
||||
65 | File | `/application/index/controller/Service.php` | High
|
||||
66 | File | `/application/index/controller/Unity.php` | High
|
||||
67 | File | `/application/pay/controller/Api.php` | High
|
||||
68 | File | `/application/plugins/controller/Upload.php` | High
|
||||
69 | File | `/application/websocket/controller/Setting.php` | High
|
||||
70 | File | `/apply/index.php` | High
|
||||
71 | File | `/apps/login_auth.php` | High
|
||||
72 | File | `/apps/system/router/upload.go` | High
|
||||
73 | File | `/billing/bill/edit/` | High
|
||||
74 | ... | ... | ...
|
||||
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 649 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -44,13 +44,14 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/display/map` | Medium
|
||||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
4 | File | `/qsr_server/device/reboot` | High
|
||||
5 | ... | ... | ...
|
||||
1 | File | `/admin/manage-ambulance.php` | High
|
||||
2 | File | `/display/map` | Medium
|
||||
3 | File | `/forum/away.php` | High
|
||||
4 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
5 | File | `/protocol/log/listloginfo.php` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 27 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 35 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -92,7 +92,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
@ -154,7 +154,7 @@ ID | Type | Indicator | Confidence
|
|||
47 | File | `bl-kernel/ajax/upload-images.php` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 414 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 417 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [IL](https://vuldb.com/?country.il)
|
||||
* ...
|
||||
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -1150,9 +1150,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36, CWE-425 | Path Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
@ -1173,54 +1173,56 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/admin/action/delete-vaccine.php` | High
|
||||
7 | File | `/admin/action/new-father.php` | High
|
||||
8 | File | `/admin/add-category.php` | High
|
||||
9 | File | `/admin/add-services.php` | High
|
||||
9 | File | `/admin/app/service_crud.php` | High
|
||||
10 | File | `/admin/borrow_add.php` | High
|
||||
11 | File | `/admin/edit_teacher.php` | High
|
||||
12 | File | `/admin/pages/edit_chicken.php` | High
|
||||
13 | File | `/admin/pages/student-print.php` | High
|
||||
14 | File | `/adminapi/system/crud` | High
|
||||
15 | File | `/adminapi/system/file/openfile` | High
|
||||
16 | File | `/admin_route/dec_service_credits.php` | High
|
||||
17 | File | `/admin_route/inc_service_credits.php` | High
|
||||
18 | File | `/api/v4/teams//channels/deleted` | High
|
||||
19 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
20 | File | `/application/index/controller/Icon.php` | High
|
||||
21 | File | `/application/index/controller/Screen.php` | High
|
||||
22 | File | `/application/websocket/controller/Setting.php` | High
|
||||
23 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
24 | File | `/bin/boa` | Medium
|
||||
25 | File | `/boafrm/formMapDelDevice` | High
|
||||
26 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
27 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
28 | File | `/change-language/de_DE` | High
|
||||
29 | File | `/debug/pprof` | Medium
|
||||
30 | File | `/devinfo` | Medium
|
||||
31 | File | `/dist/index.js` | High
|
||||
32 | File | `/endpoint/delete-computer.php` | High
|
||||
33 | File | `/endpoint/update-tracker.php` | High
|
||||
34 | File | `/forum/away.php` | High
|
||||
35 | File | `/general/attendance/manage/ask_duty/delete.php` | High
|
||||
36 | File | `/geoserver/gwc/rest.html` | High
|
||||
37 | File | `/goform/formSysCmd` | High
|
||||
38 | File | `/hedwig.cgi` | Medium
|
||||
39 | File | `/HNAP1/` | Low
|
||||
40 | File | `/hosts/firewall/ip` | High
|
||||
41 | File | `/index.jsp#settings` | High
|
||||
42 | File | `/index.php/ccm/system/file/upload` | High
|
||||
43 | File | `/Interface/DevManage/VM.php` | High
|
||||
44 | File | `/log/decodmail.php` | High
|
||||
45 | File | `/login` | Low
|
||||
46 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
47 | File | `/php/ping.php` | High
|
||||
48 | File | `/register.do` | Medium
|
||||
49 | File | `/register.php` | High
|
||||
50 | File | `/s/index.php?action=statistics` | High
|
||||
51 | File | `/setting` | Medium
|
||||
52 | File | `/showfile.php` | High
|
||||
53 | File | `/signup.php` | Medium
|
||||
54 | ... | ... | ...
|
||||
11 | File | `/admin/edit-admin.php` | High
|
||||
12 | File | `/admin/edit_teacher.php` | High
|
||||
13 | File | `/Admin/login.php` | High
|
||||
14 | File | `/admin/pages/edit_chicken.php` | High
|
||||
15 | File | `/admin/pages/student-print.php` | High
|
||||
16 | File | `/adminapi/system/crud` | High
|
||||
17 | File | `/adminapi/system/file/openfile` | High
|
||||
18 | File | `/admin_route/dec_service_credits.php` | High
|
||||
19 | File | `/admin_route/inc_service_credits.php` | High
|
||||
20 | File | `/api/v4/teams//channels/deleted` | High
|
||||
21 | File | `/app/admin/controller/Upload.php` | High
|
||||
22 | File | `/app/ajax/search_sales_report.php` | High
|
||||
23 | File | `/app/controller/Setup.php` | High
|
||||
24 | File | `/app/Http/Controllers/ImageController.php` | High
|
||||
25 | File | `/app/middleware/TokenVerify.php` | High
|
||||
26 | File | `/application/index/controller/Icon.php` | High
|
||||
27 | File | `/application/index/controller/Screen.php` | High
|
||||
28 | File | `/application/websocket/controller/Setting.php` | High
|
||||
29 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
30 | File | `/bin/boa` | Medium
|
||||
31 | File | `/boafrm/formMapDelDevice` | High
|
||||
32 | File | `/cancel.php` | Medium
|
||||
33 | File | `/category.php` | High
|
||||
34 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
35 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
36 | File | `/change-language/de_DE` | High
|
||||
37 | File | `/debug/pprof` | Medium
|
||||
38 | File | `/devinfo` | Medium
|
||||
39 | File | `/dist/index.js` | High
|
||||
40 | File | `/download` | Medium
|
||||
41 | File | `/Employer/EditProfile.php` | High
|
||||
42 | File | `/Employer/ManageWalkin.php` | High
|
||||
43 | File | `/endpoint/add-faq.php` | High
|
||||
44 | File | `/endpoint/delete-computer.php` | High
|
||||
45 | File | `/endpoint/update-resident.php` | High
|
||||
46 | File | `/endpoint/update-tracker.php` | High
|
||||
47 | File | `/forum/away.php` | High
|
||||
48 | File | `/general/attendance/manage/ask_duty/delete.php` | High
|
||||
49 | File | `/goform/formSysCmd` | High
|
||||
50 | File | `/hedwig.cgi` | Medium
|
||||
51 | File | `/HNAP1/` | Low
|
||||
52 | File | `/hosts/firewall/ip` | High
|
||||
53 | File | `/index.jsp#settings` | High
|
||||
54 | File | `/index.php/ccm/system/file/upload` | High
|
||||
55 | File | `/Interface/DevManage/VM.php` | High
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 467 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 489 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
@ -250,9 +250,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
227 | [46.3.199.112](https://vuldb.com/?ip.46.3.199.112) | - | - | High
|
||||
228 | [46.21.147.99](https://vuldb.com/?ip.46.21.147.99) | 46-21-147-99.static.hvvc.us | - | High
|
||||
229 | [46.101.159.120](https://vuldb.com/?ip.46.101.159.120) | - | - | High
|
||||
230 | ... | ... | ... | ...
|
||||
230 | [46.183.216.163](https://vuldb.com/?ip.46.183.216.163) | tagoe.lstartanalystconcepts.org.uk | - | High
|
||||
231 | ... | ... | ... | ...
|
||||
|
||||
There are 918 more IOC items available. Please use our online service to access the data.
|
||||
There are 920 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -262,12 +263,12 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-36, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -277,35 +278,35 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
||||
2 | File | `/#ilang=DE&b=c_smartenergy_swgroups` | High
|
||||
3 | File | `/.env` | Low
|
||||
4 | File | `//proc/kcore` | Medium
|
||||
5 | File | `/Account/login.php` | High
|
||||
6 | File | `/admin/` | Low
|
||||
7 | File | `/admin/action/delete-vaccine.php` | High
|
||||
8 | File | `/admin/action/new-father.php` | High
|
||||
9 | File | `/admin/app/service_crud.php` | High
|
||||
10 | File | `/admin/edit-admin.php` | High
|
||||
11 | File | `/admin/general.cgi` | High
|
||||
12 | File | `/admin/index2.html` | High
|
||||
13 | File | `/Admin/login.php` | High
|
||||
14 | File | `/adminapi/system/crud` | High
|
||||
15 | File | `/adminapi/system/file/openfile` | High
|
||||
16 | File | `/admin_ping.htm` | High
|
||||
17 | File | `/admin_route/dec_service_credits.php` | High
|
||||
18 | File | `/api/admin/system/store/order/list` | High
|
||||
19 | File | `/api/v4/teams//channels/deleted` | High
|
||||
20 | File | `/app/admin/controller/Upload.php` | High
|
||||
21 | File | `/app/ajax/search_sales_report.php` | High
|
||||
22 | File | `/app/controller/Setup.php` | High
|
||||
23 | File | `/app/index/controller/Common.php` | High
|
||||
24 | File | `/app/middleware/TokenVerify.php` | High
|
||||
25 | File | `/application/index/controller/Screen.php` | High
|
||||
26 | File | `/application/index/controller/Service.php` | High
|
||||
27 | File | `/application/websocket/controller/Setting.php` | High
|
||||
28 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
29 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
30 | File | `/bin/boa` | Medium
|
||||
31 | File | `/boafrm/formMapDelDevice` | High
|
||||
3 | File | `//proc/kcore` | Medium
|
||||
4 | File | `/Account/login.php` | High
|
||||
5 | File | `/admin/` | Low
|
||||
6 | File | `/admin/action/delete-vaccine.php` | High
|
||||
7 | File | `/admin/action/new-father.php` | High
|
||||
8 | File | `/admin/app/service_crud.php` | High
|
||||
9 | File | `/admin/edit-admin.php` | High
|
||||
10 | File | `/admin/general.cgi` | High
|
||||
11 | File | `/admin/index2.html` | High
|
||||
12 | File | `/Admin/login.php` | High
|
||||
13 | File | `/adminapi/system/crud` | High
|
||||
14 | File | `/adminapi/system/file/openfile` | High
|
||||
15 | File | `/admin_ping.htm` | High
|
||||
16 | File | `/admin_route/dec_service_credits.php` | High
|
||||
17 | File | `/api/admin/system/store/order/list` | High
|
||||
18 | File | `/api/v4/teams//channels/deleted` | High
|
||||
19 | File | `/app/admin/controller/Upload.php` | High
|
||||
20 | File | `/app/ajax/search_sales_report.php` | High
|
||||
21 | File | `/app/controller/Setup.php` | High
|
||||
22 | File | `/app/index/controller/Common.php` | High
|
||||
23 | File | `/app/middleware/TokenVerify.php` | High
|
||||
24 | File | `/application/index/controller/Screen.php` | High
|
||||
25 | File | `/application/index/controller/Service.php` | High
|
||||
26 | File | `/application/websocket/controller/Setting.php` | High
|
||||
27 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
28 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
29 | File | `/bin/boa` | Medium
|
||||
30 | File | `/boafrm/formMapDelDevice` | High
|
||||
31 | File | `/cancel.php` | Medium
|
||||
32 | File | `/category.php` | High
|
||||
33 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
34 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
|
@ -313,25 +314,25 @@ ID | Type | Indicator | Confidence
|
|||
36 | File | `/debug/pprof` | Medium
|
||||
37 | File | `/devinfo` | Medium
|
||||
38 | File | `/dist/index.js` | High
|
||||
39 | File | `/Employer/ManageWalkin.php` | High
|
||||
40 | File | `/endpoint/add-faq.php` | High
|
||||
41 | File | `/endpoint/delete-computer.php` | High
|
||||
42 | File | `/endpoint/update-resident.php` | High
|
||||
43 | File | `/endpoint/update-tracker.php` | High
|
||||
44 | File | `/forms/doLogin` | High
|
||||
45 | File | `/forum/away.php` | High
|
||||
46 | File | `/goform/formSysCmd` | High
|
||||
47 | File | `/hedwig.cgi` | Medium
|
||||
48 | File | `/HNAP1/` | Low
|
||||
49 | File | `/hosts/firewall/ip` | High
|
||||
50 | File | `/index.jsp#settings` | High
|
||||
51 | File | `/index.php/ccm/system/file/upload` | High
|
||||
52 | File | `/log/decodmail.php` | High
|
||||
53 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
54 | File | `/myprofile.php` | High
|
||||
39 | File | `/download` | Medium
|
||||
40 | File | `/Employer/ManageWalkin.php` | High
|
||||
41 | File | `/endpoint/add-faq.php` | High
|
||||
42 | File | `/endpoint/delete-computer.php` | High
|
||||
43 | File | `/endpoint/update-resident.php` | High
|
||||
44 | File | `/endpoint/update-tracker.php` | High
|
||||
45 | File | `/forms/doLogin` | High
|
||||
46 | File | `/forum/away.php` | High
|
||||
47 | File | `/goform/formSysCmd` | High
|
||||
48 | File | `/hedwig.cgi` | Medium
|
||||
49 | File | `/HNAP1/` | Low
|
||||
50 | File | `/hosts/firewall/ip` | High
|
||||
51 | File | `/index.jsp#settings` | High
|
||||
52 | File | `/index.php/ccm/system/file/upload` | High
|
||||
53 | File | `/log/decodmail.php` | High
|
||||
54 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
55 | ... | ... | ...
|
||||
|
||||
There are 481 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 480 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -38,7 +38,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
@ -69,44 +69,44 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `/application/plugins/controller/Upload.php` | High
|
||||
17 | File | `/assets/components/gallery/connector.php` | High
|
||||
18 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
19 | File | `/classes/master.php?f=delete_order` | High
|
||||
20 | File | `/course/filterRecords/` | High
|
||||
21 | File | `/ctcprotocol/Protocol` | High
|
||||
22 | File | `/device/device=140/tab=wifi/view` | High
|
||||
23 | File | `/download/image` | High
|
||||
24 | File | `/etc/sudoers` | Medium
|
||||
25 | File | `/ext/collect/find_text.do` | High
|
||||
26 | File | `/Forms/` | Low
|
||||
27 | File | `/framework/modules/users/models/user.php` | High
|
||||
28 | File | `/ghost/preview` | High
|
||||
29 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
30 | File | `/index.php` | Medium
|
||||
31 | File | `/mcategory.php` | High
|
||||
32 | File | `/member/picture/album` | High
|
||||
33 | File | `/mysql/api/diags.php` | High
|
||||
34 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
35 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
36 | File | `/phpcollab/users/edituser.php` | High
|
||||
37 | File | `/plain` | Low
|
||||
38 | File | `/products/details.asp` | High
|
||||
39 | File | `/product_list.php` | High
|
||||
40 | File | `/public/login.htm` | High
|
||||
41 | File | `/replication` | Medium
|
||||
42 | File | `/service/upload` | High
|
||||
43 | File | `/services/details.asp` | High
|
||||
44 | File | `/showfile.php` | High
|
||||
45 | File | `/trx_addons/v2/get/sc_layout` | High
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/upload/catalog/controller/account/password.php` | High
|
||||
48 | File | `/usr/bin/pkexec` | High
|
||||
49 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
50 | File | `/wbms/classes/Master.php?f=delete_client` | High
|
||||
51 | File | `/web/api/app/Controller/HostController.php` | High
|
||||
52 | File | `/WebMstr7/servlet/mstrWeb` | High
|
||||
53 | File | `/wp-admin/admin-ajax.php` | High
|
||||
19 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
20 | File | `/classes/master.php?f=delete_order` | High
|
||||
21 | File | `/course/filterRecords/` | High
|
||||
22 | File | `/ctcprotocol/Protocol` | High
|
||||
23 | File | `/device/device=140/tab=wifi/view` | High
|
||||
24 | File | `/download/image` | High
|
||||
25 | File | `/etc/sudoers` | Medium
|
||||
26 | File | `/ext/collect/find_text.do` | High
|
||||
27 | File | `/Forms/` | Low
|
||||
28 | File | `/framework/modules/users/models/user.php` | High
|
||||
29 | File | `/ghost/preview` | High
|
||||
30 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
31 | File | `/index.php` | Medium
|
||||
32 | File | `/mcategory.php` | High
|
||||
33 | File | `/member/picture/album` | High
|
||||
34 | File | `/mysql/api/diags.php` | High
|
||||
35 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
36 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
37 | File | `/phpcollab/users/edituser.php` | High
|
||||
38 | File | `/plain` | Low
|
||||
39 | File | `/products/details.asp` | High
|
||||
40 | File | `/product_list.php` | High
|
||||
41 | File | `/public/login.htm` | High
|
||||
42 | File | `/replication` | Medium
|
||||
43 | File | `/service/upload` | High
|
||||
44 | File | `/services/details.asp` | High
|
||||
45 | File | `/showfile.php` | High
|
||||
46 | File | `/trx_addons/v2/get/sc_layout` | High
|
||||
47 | File | `/uncpath/` | Medium
|
||||
48 | File | `/upload/catalog/controller/account/password.php` | High
|
||||
49 | File | `/usr/bin/pkexec` | High
|
||||
50 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
51 | File | `/wbms/classes/Master.php?f=delete_client` | High
|
||||
52 | File | `/web/api/app/Controller/HostController.php` | High
|
||||
53 | File | `/WebMstr7/servlet/mstrWeb` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 472 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 474 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,92 +21,92 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.104.54.134](https://vuldb.com/?ip.3.104.54.134) | ec2-3-104-54-134.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
2 | [3.122.247.28](https://vuldb.com/?ip.3.122.247.28) | ec2-3-122-247-28.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
3 | [3.123.254.92](https://vuldb.com/?ip.3.123.254.92) | ec2-3-123-254-92.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
4 | [3.126.249.36](https://vuldb.com/?ip.3.126.249.36) | ec2-3-126-249-36.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
5 | [5.8.88.26](https://vuldb.com/?ip.5.8.88.26) | - | - | High
|
||||
6 | [5.8.88.74](https://vuldb.com/?ip.5.8.88.74) | - | - | High
|
||||
7 | [5.8.88.90](https://vuldb.com/?ip.5.8.88.90) | - | - | High
|
||||
8 | [5.8.88.107](https://vuldb.com/?ip.5.8.88.107) | - | - | High
|
||||
9 | [5.8.88.144](https://vuldb.com/?ip.5.8.88.144) | - | - | High
|
||||
10 | [5.23.55.170](https://vuldb.com/?ip.5.23.55.170) | 112152-garant222.tmweb.ru | - | High
|
||||
11 | [5.34.177.120](https://vuldb.com/?ip.5.34.177.120) | unallocated.layer6.net | - | High
|
||||
12 | [5.39.218.162](https://vuldb.com/?ip.5.39.218.162) | - | - | High
|
||||
13 | [5.45.77.6](https://vuldb.com/?ip.5.45.77.6) | - | - | High
|
||||
14 | [5.56.134.65](https://vuldb.com/?ip.5.56.134.65) | - | - | High
|
||||
15 | [5.152.206.196](https://vuldb.com/?ip.5.152.206.196) | h5-152-206-196.host.redstation.co.uk | - | High
|
||||
16 | [5.188.60.41](https://vuldb.com/?ip.5.188.60.41) | - | - | High
|
||||
17 | [5.188.231.68](https://vuldb.com/?ip.5.188.231.68) | lax.4729 | - | High
|
||||
18 | [5.188.231.156](https://vuldb.com/?ip.5.188.231.156) | free.ds | - | High
|
||||
19 | [5.188.231.247](https://vuldb.com/?ip.5.188.231.247) | - | - | High
|
||||
20 | [5.188.231.253](https://vuldb.com/?ip.5.188.231.253) | - | - | High
|
||||
21 | [5.200.47.181](https://vuldb.com/?ip.5.200.47.181) | - | - | High
|
||||
22 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
23 | [13.229.153.16](https://vuldb.com/?ip.13.229.153.16) | ec2-13-229-153-16.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
24 | [15.236.142.224](https://vuldb.com/?ip.15.236.142.224) | ec2-15-236-142-224.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
25 | [18.159.53.170](https://vuldb.com/?ip.18.159.53.170) | ec2-18-159-53-170.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
26 | [18.185.149.145](https://vuldb.com/?ip.18.185.149.145) | ec2-18-185-149-145.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
27 | [18.192.122.2](https://vuldb.com/?ip.18.192.122.2) | ec2-18-192-122-2.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
28 | [18.216.84.23](https://vuldb.com/?ip.18.216.84.23) | ec2-18-216-84-23.us-east-2.compute.amazonaws.com | - | Medium
|
||||
29 | [18.218.130.236](https://vuldb.com/?ip.18.218.130.236) | ec2-18-218-130-236.us-east-2.compute.amazonaws.com | - | Medium
|
||||
30 | [18.220.44.88](https://vuldb.com/?ip.18.220.44.88) | ec2-18-220-44-88.us-east-2.compute.amazonaws.com | - | Medium
|
||||
31 | [20.36.46.115](https://vuldb.com/?ip.20.36.46.115) | - | - | High
|
||||
32 | [23.94.253.124](https://vuldb.com/?ip.23.94.253.124) | cbs.propause.bar | - | High
|
||||
33 | [23.95.88.121](https://vuldb.com/?ip.23.95.88.121) | aguug.fkjr121.glerlium.cfd | - | High
|
||||
34 | [23.106.122.215](https://vuldb.com/?ip.23.106.122.215) | - | - | High
|
||||
35 | [23.106.124.148](https://vuldb.com/?ip.23.106.124.148) | - | - | High
|
||||
36 | [23.106.160.1](https://vuldb.com/?ip.23.106.160.1) | v2013.er01.dal.ubiquity.io | - | High
|
||||
37 | [23.221.227.176](https://vuldb.com/?ip.23.221.227.176) | a23-221-227-176.deploy.static.akamaitechnologies.com | - | High
|
||||
38 | [23.247.102.18](https://vuldb.com/?ip.23.247.102.18) | pyprak.munisten.com | - | High
|
||||
39 | [23.249.162.26](https://vuldb.com/?ip.23.249.162.26) | - | - | High
|
||||
40 | [23.249.162.163](https://vuldb.com/?ip.23.249.162.163) | - | - | High
|
||||
41 | [31.148.220.50](https://vuldb.com/?ip.31.148.220.50) | - | - | High
|
||||
42 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
|
||||
43 | [35.228.218.42](https://vuldb.com/?ip.35.228.218.42) | 42.218.228.35.bc.googleusercontent.com | - | Medium
|
||||
44 | [37.0.10.51](https://vuldb.com/?ip.37.0.10.51) | - | - | High
|
||||
45 | [37.44.212.156](https://vuldb.com/?ip.37.44.212.156) | - | - | High
|
||||
46 | [37.46.150.14](https://vuldb.com/?ip.37.46.150.14) | - | - | High
|
||||
47 | [37.49.225.167](https://vuldb.com/?ip.37.49.225.167) | - | - | High
|
||||
48 | [37.49.225.178](https://vuldb.com/?ip.37.49.225.178) | - | - | High
|
||||
49 | [37.49.225.194](https://vuldb.com/?ip.37.49.225.194) | - | - | High
|
||||
50 | [37.72.175.157](https://vuldb.com/?ip.37.72.175.157) | 37-72-175-157.static.hvvc.us | - | High
|
||||
51 | [37.97.190.174](https://vuldb.com/?ip.37.97.190.174) | 37-97-190-174.colo.transip.net | - | High
|
||||
52 | [37.140.192.153](https://vuldb.com/?ip.37.140.192.153) | scp59.hosting.reg.ru | - | High
|
||||
53 | [37.140.192.166](https://vuldb.com/?ip.37.140.192.166) | scp46.hosting.reg.ru | - | High
|
||||
54 | [38.68.39.209](https://vuldb.com/?ip.38.68.39.209) | - | - | High
|
||||
55 | [45.14.50.207](https://vuldb.com/?ip.45.14.50.207) | - | - | High
|
||||
56 | [45.56.89.165](https://vuldb.com/?ip.45.56.89.165) | 45-56-89-165.ip.linodeusercontent.com | - | High
|
||||
57 | [45.56.100.248](https://vuldb.com/?ip.45.56.100.248) | 45-56-100-248.ip.linodeusercontent.com | - | High
|
||||
58 | [45.56.106.128](https://vuldb.com/?ip.45.56.106.128) | 45-56-106-128.ip.linodeusercontent.com | - | High
|
||||
59 | [45.67.14.179](https://vuldb.com/?ip.45.67.14.179) | - | - | High
|
||||
60 | [45.67.14.181](https://vuldb.com/?ip.45.67.14.181) | - | - | High
|
||||
61 | [45.76.18.39](https://vuldb.com/?ip.45.76.18.39) | 45.76.18.39.vultrusercontent.com | - | High
|
||||
62 | [45.80.149.68](https://vuldb.com/?ip.45.80.149.68) | - | - | High
|
||||
63 | [45.81.226.17](https://vuldb.com/?ip.45.81.226.17) | vm4511296.34ssd.had.wf | - | High
|
||||
64 | [45.95.147.64](https://vuldb.com/?ip.45.95.147.64) | - | - | High
|
||||
65 | [45.95.168.162](https://vuldb.com/?ip.45.95.168.162) | server2.allianttgroup.com | - | High
|
||||
66 | [45.137.22.58](https://vuldb.com/?ip.45.137.22.58) | hosted-by.rootlayer.net | - | High
|
||||
67 | [45.139.236.14](https://vuldb.com/?ip.45.139.236.14) | - | - | High
|
||||
68 | [45.140.146.18](https://vuldb.com/?ip.45.140.146.18) | node.28 | - | High
|
||||
69 | [45.140.147.214](https://vuldb.com/?ip.45.140.147.214) | vm1329418.stark-industries.solutions | - | High
|
||||
70 | [45.145.185.26](https://vuldb.com/?ip.45.145.185.26) | - | - | High
|
||||
71 | [45.145.185.73](https://vuldb.com/?ip.45.145.185.73) | - | - | High
|
||||
72 | [45.145.185.111](https://vuldb.com/?ip.45.145.185.111) | - | - | High
|
||||
73 | [45.145.185.253](https://vuldb.com/?ip.45.145.185.253) | - | - | High
|
||||
74 | [45.147.228.74](https://vuldb.com/?ip.45.147.228.74) | - | - | High
|
||||
75 | [45.147.230.200](https://vuldb.com/?ip.45.147.230.200) | - | - | High
|
||||
76 | [45.153.203.81](https://vuldb.com/?ip.45.153.203.81) | - | - | High
|
||||
77 | [45.156.22.167](https://vuldb.com/?ip.45.156.22.167) | - | - | High
|
||||
78 | [46.17.43.102](https://vuldb.com/?ip.46.17.43.102) | - | - | High
|
||||
79 | [46.183.220.70](https://vuldb.com/?ip.46.183.220.70) | - | - | High
|
||||
80 | [46.183.221.76](https://vuldb.com/?ip.46.183.221.76) | ip-221-76.dataclub.info | - | High
|
||||
81 | [46.183.222.66](https://vuldb.com/?ip.46.183.222.66) | ip-222-66.dataclub.info | - | High
|
||||
82 | [46.183.223.7](https://vuldb.com/?ip.46.183.223.7) | ip-223-7.dataclub.info | - | High
|
||||
83 | [46.249.38.134](https://vuldb.com/?ip.46.249.38.134) | - | - | High
|
||||
1 | [2.56.215.211](https://vuldb.com/?ip.2.56.215.211) | no-reverse-yet.local | - | High
|
||||
2 | [3.104.54.134](https://vuldb.com/?ip.3.104.54.134) | ec2-3-104-54-134.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
3 | [3.122.247.28](https://vuldb.com/?ip.3.122.247.28) | ec2-3-122-247-28.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
4 | [3.123.254.92](https://vuldb.com/?ip.3.123.254.92) | ec2-3-123-254-92.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
5 | [3.126.249.36](https://vuldb.com/?ip.3.126.249.36) | ec2-3-126-249-36.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
6 | [5.8.88.26](https://vuldb.com/?ip.5.8.88.26) | - | - | High
|
||||
7 | [5.8.88.74](https://vuldb.com/?ip.5.8.88.74) | - | - | High
|
||||
8 | [5.8.88.90](https://vuldb.com/?ip.5.8.88.90) | - | - | High
|
||||
9 | [5.8.88.107](https://vuldb.com/?ip.5.8.88.107) | - | - | High
|
||||
10 | [5.8.88.144](https://vuldb.com/?ip.5.8.88.144) | - | - | High
|
||||
11 | [5.23.55.170](https://vuldb.com/?ip.5.23.55.170) | 112152-garant222.tmweb.ru | - | High
|
||||
12 | [5.34.177.120](https://vuldb.com/?ip.5.34.177.120) | unallocated.layer6.net | - | High
|
||||
13 | [5.39.218.162](https://vuldb.com/?ip.5.39.218.162) | - | - | High
|
||||
14 | [5.45.77.6](https://vuldb.com/?ip.5.45.77.6) | - | - | High
|
||||
15 | [5.56.134.65](https://vuldb.com/?ip.5.56.134.65) | - | - | High
|
||||
16 | [5.152.206.196](https://vuldb.com/?ip.5.152.206.196) | h5-152-206-196.host.redstation.co.uk | - | High
|
||||
17 | [5.188.60.41](https://vuldb.com/?ip.5.188.60.41) | - | - | High
|
||||
18 | [5.188.231.68](https://vuldb.com/?ip.5.188.231.68) | lax.4729 | - | High
|
||||
19 | [5.188.231.156](https://vuldb.com/?ip.5.188.231.156) | free.ds | - | High
|
||||
20 | [5.188.231.247](https://vuldb.com/?ip.5.188.231.247) | - | - | High
|
||||
21 | [5.188.231.253](https://vuldb.com/?ip.5.188.231.253) | - | - | High
|
||||
22 | [5.200.47.181](https://vuldb.com/?ip.5.200.47.181) | - | - | High
|
||||
23 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
24 | [13.229.153.16](https://vuldb.com/?ip.13.229.153.16) | ec2-13-229-153-16.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
25 | [15.236.142.224](https://vuldb.com/?ip.15.236.142.224) | ec2-15-236-142-224.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
26 | [18.159.53.170](https://vuldb.com/?ip.18.159.53.170) | ec2-18-159-53-170.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
27 | [18.185.149.145](https://vuldb.com/?ip.18.185.149.145) | ec2-18-185-149-145.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
28 | [18.192.122.2](https://vuldb.com/?ip.18.192.122.2) | ec2-18-192-122-2.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
29 | [18.216.84.23](https://vuldb.com/?ip.18.216.84.23) | ec2-18-216-84-23.us-east-2.compute.amazonaws.com | - | Medium
|
||||
30 | [18.218.130.236](https://vuldb.com/?ip.18.218.130.236) | ec2-18-218-130-236.us-east-2.compute.amazonaws.com | - | Medium
|
||||
31 | [18.220.44.88](https://vuldb.com/?ip.18.220.44.88) | ec2-18-220-44-88.us-east-2.compute.amazonaws.com | - | Medium
|
||||
32 | [20.36.46.115](https://vuldb.com/?ip.20.36.46.115) | - | - | High
|
||||
33 | [23.94.253.124](https://vuldb.com/?ip.23.94.253.124) | cbs.propause.bar | - | High
|
||||
34 | [23.95.88.121](https://vuldb.com/?ip.23.95.88.121) | aguug.fkjr121.glerlium.cfd | - | High
|
||||
35 | [23.106.122.215](https://vuldb.com/?ip.23.106.122.215) | - | - | High
|
||||
36 | [23.106.124.148](https://vuldb.com/?ip.23.106.124.148) | - | - | High
|
||||
37 | [23.106.160.1](https://vuldb.com/?ip.23.106.160.1) | v2013.er01.dal.ubiquity.io | - | High
|
||||
38 | [23.221.227.176](https://vuldb.com/?ip.23.221.227.176) | a23-221-227-176.deploy.static.akamaitechnologies.com | - | High
|
||||
39 | [23.247.102.18](https://vuldb.com/?ip.23.247.102.18) | pyprak.munisten.com | - | High
|
||||
40 | [23.249.162.26](https://vuldb.com/?ip.23.249.162.26) | - | - | High
|
||||
41 | [23.249.162.163](https://vuldb.com/?ip.23.249.162.163) | - | - | High
|
||||
42 | [31.148.220.50](https://vuldb.com/?ip.31.148.220.50) | - | - | High
|
||||
43 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
|
||||
44 | [35.228.218.42](https://vuldb.com/?ip.35.228.218.42) | 42.218.228.35.bc.googleusercontent.com | - | Medium
|
||||
45 | [37.0.10.51](https://vuldb.com/?ip.37.0.10.51) | - | - | High
|
||||
46 | [37.44.212.156](https://vuldb.com/?ip.37.44.212.156) | - | - | High
|
||||
47 | [37.46.150.14](https://vuldb.com/?ip.37.46.150.14) | - | - | High
|
||||
48 | [37.49.225.167](https://vuldb.com/?ip.37.49.225.167) | - | - | High
|
||||
49 | [37.49.225.178](https://vuldb.com/?ip.37.49.225.178) | - | - | High
|
||||
50 | [37.49.225.194](https://vuldb.com/?ip.37.49.225.194) | - | - | High
|
||||
51 | [37.72.175.157](https://vuldb.com/?ip.37.72.175.157) | 37-72-175-157.static.hvvc.us | - | High
|
||||
52 | [37.97.190.174](https://vuldb.com/?ip.37.97.190.174) | 37-97-190-174.colo.transip.net | - | High
|
||||
53 | [37.140.192.153](https://vuldb.com/?ip.37.140.192.153) | scp59.hosting.reg.ru | - | High
|
||||
54 | [37.140.192.166](https://vuldb.com/?ip.37.140.192.166) | scp46.hosting.reg.ru | - | High
|
||||
55 | [38.68.39.209](https://vuldb.com/?ip.38.68.39.209) | - | - | High
|
||||
56 | [45.14.50.207](https://vuldb.com/?ip.45.14.50.207) | - | - | High
|
||||
57 | [45.56.89.165](https://vuldb.com/?ip.45.56.89.165) | 45-56-89-165.ip.linodeusercontent.com | - | High
|
||||
58 | [45.56.100.248](https://vuldb.com/?ip.45.56.100.248) | 45-56-100-248.ip.linodeusercontent.com | - | High
|
||||
59 | [45.56.106.128](https://vuldb.com/?ip.45.56.106.128) | 45-56-106-128.ip.linodeusercontent.com | - | High
|
||||
60 | [45.67.14.179](https://vuldb.com/?ip.45.67.14.179) | - | - | High
|
||||
61 | [45.67.14.181](https://vuldb.com/?ip.45.67.14.181) | - | - | High
|
||||
62 | [45.76.18.39](https://vuldb.com/?ip.45.76.18.39) | 45.76.18.39.vultrusercontent.com | - | High
|
||||
63 | [45.80.149.68](https://vuldb.com/?ip.45.80.149.68) | - | - | High
|
||||
64 | [45.81.226.17](https://vuldb.com/?ip.45.81.226.17) | vm4511296.34ssd.had.wf | - | High
|
||||
65 | [45.95.147.64](https://vuldb.com/?ip.45.95.147.64) | - | - | High
|
||||
66 | [45.95.168.162](https://vuldb.com/?ip.45.95.168.162) | server2.allianttgroup.com | - | High
|
||||
67 | [45.137.22.58](https://vuldb.com/?ip.45.137.22.58) | hosted-by.rootlayer.net | - | High
|
||||
68 | [45.139.236.14](https://vuldb.com/?ip.45.139.236.14) | - | - | High
|
||||
69 | [45.140.146.18](https://vuldb.com/?ip.45.140.146.18) | node.28 | - | High
|
||||
70 | [45.140.147.214](https://vuldb.com/?ip.45.140.147.214) | vm1329418.stark-industries.solutions | - | High
|
||||
71 | [45.145.185.26](https://vuldb.com/?ip.45.145.185.26) | - | - | High
|
||||
72 | [45.145.185.73](https://vuldb.com/?ip.45.145.185.73) | - | - | High
|
||||
73 | [45.145.185.111](https://vuldb.com/?ip.45.145.185.111) | - | - | High
|
||||
74 | [45.145.185.253](https://vuldb.com/?ip.45.145.185.253) | - | - | High
|
||||
75 | [45.147.228.74](https://vuldb.com/?ip.45.147.228.74) | - | - | High
|
||||
76 | [45.147.230.200](https://vuldb.com/?ip.45.147.230.200) | - | - | High
|
||||
77 | [45.153.203.81](https://vuldb.com/?ip.45.153.203.81) | - | - | High
|
||||
78 | [45.156.22.167](https://vuldb.com/?ip.45.156.22.167) | - | - | High
|
||||
79 | [46.17.43.102](https://vuldb.com/?ip.46.17.43.102) | - | - | High
|
||||
80 | [46.183.220.70](https://vuldb.com/?ip.46.183.220.70) | - | - | High
|
||||
81 | [46.183.221.76](https://vuldb.com/?ip.46.183.221.76) | ip-221-76.dataclub.info | - | High
|
||||
82 | [46.183.222.66](https://vuldb.com/?ip.46.183.222.66) | ip-222-66.dataclub.info | - | High
|
||||
83 | [46.183.223.7](https://vuldb.com/?ip.46.183.223.7) | ip-223-7.dataclub.info | - | High
|
||||
84 | ... | ... | ... | ...
|
||||
|
||||
There are 332 more IOC items available. Please use our online service to access the data.
|
||||
There are 333 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -114,14 +114,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -141,48 +141,46 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/api/sys/set_passwd` | High
|
||||
11 | File | `/api/trackedEntityInstances` | High
|
||||
12 | File | `/api/v4/teams//channels/deleted` | High
|
||||
13 | File | `/app/ajax/search_sales_report.php` | High
|
||||
14 | File | `/app/controller/Setup.php` | High
|
||||
15 | File | `/app/middleware/TokenVerify.php` | High
|
||||
16 | File | `/appliance/users?action=edit` | High
|
||||
17 | File | `/application/index/controller/Screen.php` | High
|
||||
18 | File | `/application/websocket/controller/Setting.php` | High
|
||||
19 | File | `/aux` | Low
|
||||
20 | File | `/bin/boa` | Medium
|
||||
21 | File | `/boafrm/formMapDelDevice` | High
|
||||
22 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
23 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
24 | File | `/changePassword` | High
|
||||
25 | File | `/collection/all` | High
|
||||
26 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
27 | File | `/dashboard/add-blog.php` | High
|
||||
28 | File | `/data/remove` | Medium
|
||||
29 | File | `/debug/pprof` | Medium
|
||||
30 | File | `/ecshop/admin/template.php` | High
|
||||
31 | File | `/Employer/ManageWalkin.php` | High
|
||||
32 | File | `/endpoint/add-faq.php` | High
|
||||
33 | File | `/endpoint/delete-computer.php` | High
|
||||
34 | File | `/endpoint/update-resident.php` | High
|
||||
35 | File | `/endpoint/update-tracker.php` | High
|
||||
36 | File | `/etc/passwd` | Medium
|
||||
37 | File | `/forum/away.php` | High
|
||||
38 | File | `/fusion/portal/action/Link` | High
|
||||
39 | File | `/goform/net\_Web\_get_value` | High
|
||||
40 | File | `/hedwig.cgi` | Medium
|
||||
41 | File | `/HNAP1/` | Low
|
||||
42 | File | `/importexport.php` | High
|
||||
43 | File | `/index.php` | Medium
|
||||
44 | File | `/mhds/clinic/view_details.php` | High
|
||||
45 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
46 | File | `/novel/bookSetting/list` | High
|
||||
47 | File | `/novel/userFeedback/list` | High
|
||||
48 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
49 | File | `/showfile.php` | High
|
||||
50 | File | `/student/bookdetails.php` | High
|
||||
51 | File | `/SysManage/AddUpdateRole.aspx` | High
|
||||
52 | ... | ... | ...
|
||||
13 | File | `/app/admin/controller/Upload.php` | High
|
||||
14 | File | `/app/ajax/search_sales_report.php` | High
|
||||
15 | File | `/app/controller/Setup.php` | High
|
||||
16 | File | `/app/middleware/TokenVerify.php` | High
|
||||
17 | File | `/appliance/users?action=edit` | High
|
||||
18 | File | `/application/index/controller/Screen.php` | High
|
||||
19 | File | `/application/websocket/controller/Setting.php` | High
|
||||
20 | File | `/aux` | Low
|
||||
21 | File | `/bin/boa` | Medium
|
||||
22 | File | `/boafrm/formMapDelDevice` | High
|
||||
23 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
24 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
25 | File | `/changePassword` | High
|
||||
26 | File | `/collection/all` | High
|
||||
27 | File | `/data/remove` | Medium
|
||||
28 | File | `/debug/pprof` | Medium
|
||||
29 | File | `/ecshop/admin/template.php` | High
|
||||
30 | File | `/Employer/ManageWalkin.php` | High
|
||||
31 | File | `/endpoint/add-faq.php` | High
|
||||
32 | File | `/endpoint/delete-computer.php` | High
|
||||
33 | File | `/endpoint/update-resident.php` | High
|
||||
34 | File | `/endpoint/update-tracker.php` | High
|
||||
35 | File | `/etc/passwd` | Medium
|
||||
36 | File | `/forum/away.php` | High
|
||||
37 | File | `/goform/net\_Web\_get_value` | High
|
||||
38 | File | `/hedwig.cgi` | Medium
|
||||
39 | File | `/HNAP1/` | Low
|
||||
40 | File | `/importexport.php` | High
|
||||
41 | File | `/index.php` | Medium
|
||||
42 | File | `/mhds/clinic/view_details.php` | High
|
||||
43 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
44 | File | `/novel/bookSetting/list` | High
|
||||
45 | File | `/novel/userFeedback/list` | High
|
||||
46 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
47 | File | `/showfile.php` | High
|
||||
48 | File | `/student/bookdetails.php` | High
|
||||
49 | File | `/testConnection` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 436 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [LU](https://vuldb.com/?country.lu)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
@ -41,10 +41,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
3 | T1055 | CWE-74, CWE-643 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -56,79 +56,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/#ProductSerie/view/` | High
|
||||
2 | File | `/admin/` | Low
|
||||
3 | File | `/admin/action/add_con.php` | High
|
||||
4 | File | `/admin/action/new-father.php` | High
|
||||
5 | File | `/admin/action/new-feed.php` | High
|
||||
6 | File | `/admin/book_add.php` | High
|
||||
7 | File | `/admin/book_row.php` | High
|
||||
8 | File | `/admin/borrow_add.php` | High
|
||||
9 | File | `/admin/bwdates-report-details.php` | High
|
||||
10 | File | `/admin/category_row.php` | High
|
||||
11 | File | `/admin/edit_teacher.php` | High
|
||||
12 | File | `/Admin/login.php` | High
|
||||
13 | File | `/admin/makehtml_freelist_action.php` | High
|
||||
14 | File | `/Admin/News.php` | High
|
||||
15 | File | `/admin/pages/edit_chicken.php` | High
|
||||
16 | File | `/admin/pages/update_go.php` | High
|
||||
17 | File | `/admin/pages/yearlevel.php` | High
|
||||
18 | File | `/admin/php/crud.php` | High
|
||||
19 | File | `/admin/regester.php` | High
|
||||
20 | File | `/admin/return_add.php` | High
|
||||
21 | File | `/admin/students.php` | High
|
||||
22 | File | `/admin/users` | Medium
|
||||
23 | File | `/admin_ping.htm` | High
|
||||
24 | File | `/admin_route/dec_service_credits.php` | High
|
||||
25 | File | `/adplanet/PlanetUser` | High
|
||||
26 | File | `/ample/app/action/edit_product.php` | High
|
||||
27 | File | `/api.php` | Medium
|
||||
28 | File | `/api/controllers/admin/app/AppController.php` | High
|
||||
29 | File | `/api/controllers/common/UploadsController.php` | High
|
||||
30 | File | `/api/controllers/merchant/design/MaterialController.php` | High
|
||||
31 | File | `/api/controllers/merchant/shop/PosterController.php` | High
|
||||
32 | File | `/api/log/killJob` | High
|
||||
33 | File | `/api/trackedEntityInstances` | High
|
||||
34 | File | `/app/api/controller/default/File.php` | High
|
||||
35 | File | `/app/index/controller/Common.php` | High
|
||||
36 | File | `/application/index/controller/Datament.php` | High
|
||||
37 | File | `/application/index/controller/Pay.php` | High
|
||||
38 | File | `/application/index/controller/Screen.php` | High
|
||||
39 | File | `/application/pay/controller/Api.php` | High
|
||||
40 | File | `/apply/index.php` | High
|
||||
41 | File | `/apps/login_auth.php` | High
|
||||
42 | File | `/apps/reg_go.php` | High
|
||||
43 | File | `/att_add.php` | Medium
|
||||
44 | File | `/aux` | Low
|
||||
45 | File | `/bin/boa` | Medium
|
||||
46 | File | `/boaform/device_reset.cgi` | High
|
||||
47 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
48 | File | `/boafrm/formMapDelDevice` | High
|
||||
49 | File | `/build` | Low
|
||||
50 | File | `/ccm/system/dialogs/file/delete/1/submit` | High
|
||||
51 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
52 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
53 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
54 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
55 | File | `/cgi-bin/R19.9/easy1350.pl` | High
|
||||
56 | File | `/Cinema-Reservation/booking.php` | High
|
||||
57 | File | `/classes/Users.php?f=save` | High
|
||||
58 | File | `/clientLogin` | Medium
|
||||
59 | File | `/config,admin.jsp` | High
|
||||
60 | File | `/core/config-revisions` | High
|
||||
61 | File | `/cupseasylive/stockissuancedisplay.php` | High
|
||||
62 | File | `/cupseasylive/taxcodelist.php` | High
|
||||
63 | File | `/currentsetting.htm` | High
|
||||
64 | File | `/data/remove` | Medium
|
||||
65 | File | `/debug/pprof` | Medium
|
||||
66 | File | `/debuginfo.htm` | High
|
||||
67 | File | `/download.php?file=author.png` | High
|
||||
68 | File | `/etc/init.d/update_notifications.sh` | High
|
||||
69 | File | `/etc/passwd` | Medium
|
||||
70 | File | `/ext/collect/filter_text.do` | High
|
||||
71 | ... | ... | ...
|
||||
1 | File | `/Account/login.php` | High
|
||||
2 | File | `/add_members.php` | High
|
||||
3 | File | `/admin-manage-user.php` | High
|
||||
4 | File | `/admin/` | Low
|
||||
5 | File | `/admin/admin-profile.php` | High
|
||||
6 | File | `/admin/app/product.php` | High
|
||||
7 | File | `/admin/app/profile_crud.php` | High
|
||||
8 | File | `/admin/app/service_crud.php` | High
|
||||
9 | File | `/admin/applicants/controller.php` | High
|
||||
10 | File | `/admin/applicants/index.php` | High
|
||||
11 | File | `/admin/bookdate.php` | High
|
||||
12 | File | `/admin/booking-bwdates-reports-details.php` | High
|
||||
13 | File | `/admin/booktime.php` | High
|
||||
14 | File | `/admin/category/controller.php` | High
|
||||
15 | File | `/admin/company/controller.php` | High
|
||||
16 | File | `/admin/company/index.php` | High
|
||||
17 | File | `/admin/div_data/delete?divId=9` | High
|
||||
18 | File | `/admin/edit-admin.php` | High
|
||||
19 | File | `/admin/edit_supplier.php` | High
|
||||
20 | File | `/admin/employee/controller.php` | High
|
||||
21 | File | `/admin/employee/index.php` | High
|
||||
22 | File | `/admin/list_resource_icon.php?action=delete` | High
|
||||
23 | File | `/admin/login.php` | High
|
||||
24 | File | `/admin/maintenance/manage_category.php` | High
|
||||
25 | File | `/admin/menu/toEdit` | High
|
||||
26 | File | `/admin/operations/expense_category.php` | High
|
||||
27 | File | `/admin/orders/view_order.php` | High
|
||||
28 | File | `/admin/product/manage_product.php` | High
|
||||
29 | File | `/admin/rooms.php` | High
|
||||
30 | File | `/admin/search.php` | High
|
||||
31 | File | `/admin/update-rooms.php` | High
|
||||
32 | File | `/admin/update-users.php` | High
|
||||
33 | File | `/admin/user-search.php` | High
|
||||
34 | File | `/admin/user/controller.php` | High
|
||||
35 | File | `/admin/users.php` | High
|
||||
36 | File | `/adminapi/system/crud` | High
|
||||
37 | File | `/adminapi/system/file/openfile` | High
|
||||
38 | File | `/adminpanel/admin/facebox_modal/updateExaminee.php` | High
|
||||
39 | File | `/adminpanel/admin/query/deleteExamExe.php` | High
|
||||
40 | File | `/adminpanel/admin/query/loginExe.php` | High
|
||||
41 | File | `/api/client/editemedia.php` | High
|
||||
42 | File | `/api/controllers/admin/app/AppController.php` | High
|
||||
43 | File | `/api/v1` | Low
|
||||
44 | File | `/api/v1/policies/validation/condition/` | High
|
||||
45 | File | `/api/v1/toolbox/device/update/swap` | High
|
||||
46 | File | `/api/v1/vdeskintegration/todo/createorupdate` | High
|
||||
47 | File | `/app/controller/Setup.php` | High
|
||||
48 | File | `/app/middleware/TokenVerify.php` | High
|
||||
49 | File | `/apps/system/api/user.go` | High
|
||||
50 | File | `/apps/system/router/upload.go` | High
|
||||
51 | File | `/apps/system/services/role_menu.go` | High
|
||||
52 | File | `/att_add.php` | Medium
|
||||
53 | File | `/billing/bill/edit/` | High
|
||||
54 | File | `/bishe/register` | High
|
||||
55 | File | `/bsenordering/index.php` | High
|
||||
56 | File | `/cancel.php` | Medium
|
||||
57 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
58 | File | `/change-password.php` | High
|
||||
59 | File | `/Cinema-Reservation/booking.php` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 626 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 527 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,8 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BackSwap:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ZW](https://vuldb.com/?country.zw)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -37,11 +40,11 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/` | Medium
|
||||
2 | File | `s04.php` | Low
|
||||
3 | File | `tinyfilemanager.php` | High
|
||||
2 | File | `php_variables.c` | High
|
||||
3 | File | `s04.php` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 3 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 4 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -44,12 +44,12 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -76,34 +76,35 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/ctcprotocol/Protocol` | High
|
||||
18 | File | `/dashboard/menu-list.php` | High
|
||||
19 | File | `/data/remove` | Medium
|
||||
20 | File | `/ebics-server/ebics.aspx` | High
|
||||
21 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
22 | File | `/filemanager/upload/drop` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/goform/net\_Web\_get_value` | High
|
||||
25 | File | `/goforms/rlminfo` | High
|
||||
26 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
27 | File | `/group1/uploa` | High
|
||||
28 | File | `/hedwig.cgi` | Medium
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/HNAP1/SetClientInfo` | High
|
||||
31 | File | `/index.php/newsletter/subscriber/new/` | High
|
||||
32 | File | `/Items/*/RemoteImages/Download` | High
|
||||
33 | File | `/menu.html` | Medium
|
||||
34 | File | `/mkshop/Men/profile.php` | High
|
||||
35 | File | `/modules/profile/index.php` | High
|
||||
36 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
37 | File | `/navigate/navigate_download.php` | High
|
||||
38 | File | `/novel/bookSetting/list` | High
|
||||
39 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
40 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
41 | File | `/out.php` | Medium
|
||||
42 | File | `/password.html` | High
|
||||
43 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
44 | File | `/plugin` | Low
|
||||
45 | ... | ... | ...
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/ebics-server/ebics.aspx` | High
|
||||
22 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
23 | File | `/filemanager/upload/drop` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/goform/net\_Web\_get_value` | High
|
||||
26 | File | `/goforms/rlminfo` | High
|
||||
27 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
28 | File | `/group1/uploa` | High
|
||||
29 | File | `/hedwig.cgi` | Medium
|
||||
30 | File | `/HNAP1` | Low
|
||||
31 | File | `/HNAP1/SetClientInfo` | High
|
||||
32 | File | `/index.php/newsletter/subscriber/new/` | High
|
||||
33 | File | `/Items/*/RemoteImages/Download` | High
|
||||
34 | File | `/menu.html` | Medium
|
||||
35 | File | `/mkshop/Men/profile.php` | High
|
||||
36 | File | `/modules/profile/index.php` | High
|
||||
37 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
38 | File | `/navigate/navigate_download.php` | High
|
||||
39 | File | `/novel/bookSetting/list` | High
|
||||
40 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
41 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
42 | File | `/out.php` | Medium
|
||||
43 | File | `/password.html` | High
|
||||
44 | File | `/patient/appointment.php` | High
|
||||
45 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 393 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 402 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -16,8 +16,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [134.255.231.233](https://vuldb.com/?ip.134.255.231.233) | vps-zap930219-3.zap-srv.com | - | High
|
||||
2 | [134.255.252.185](https://vuldb.com/?ip.134.255.252.185) | vps-zap948630-2.zap-srv.com | - | High
|
||||
1 | [104.21.10.79](https://vuldb.com/?ip.104.21.10.79) | - | - | High
|
||||
2 | [134.255.231.233](https://vuldb.com/?ip.134.255.231.233) | vps-zap930219-3.zap-srv.com | - | High
|
||||
3 | [134.255.252.185](https://vuldb.com/?ip.134.255.252.185) | vps-zap948630-2.zap-srv.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -51,6 +55,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://search.censys.io/hosts/134.255.231.233
|
||||
* https://search.censys.io/hosts/134.255.252.185
|
||||
* https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bandit Stealer:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [SH](https://vuldb.com/?country.sh)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -38,14 +38,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-35, CWE-36 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-36 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -54,59 +54,57 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.vscode/cody.json` | High
|
||||
2 | File | `/?r=email/api/mark&op=delFromSend` | High
|
||||
2 | File | `/3g/index.php` | High
|
||||
3 | File | `/accounts/login` | High
|
||||
4 | File | `/accounts_con/register_account` | High
|
||||
5 | File | `/admin.php` | Medium
|
||||
6 | File | `/admin/` | Low
|
||||
7 | File | `/admin/action/new-feed.php` | High
|
||||
8 | File | `/admin/book_add.php` | High
|
||||
9 | File | `/admin/content/data` | High
|
||||
10 | File | `/admin/courses/view_course.php` | High
|
||||
11 | File | `/admin/database/backup` | High
|
||||
12 | File | `/admin/file/edit.do` | High
|
||||
13 | File | `/admin/index.php?act=reset_admin_psw` | High
|
||||
14 | File | `/admin/list_onlineuser.php` | High
|
||||
15 | File | `/admin/sales/view_details.php` | High
|
||||
16 | File | `/admin/students/view_details.php` | High
|
||||
17 | File | `/adminapi/system/crud` | High
|
||||
18 | File | `/ajax/ajax_login.ashx` | High
|
||||
19 | File | `/api.php` | Medium
|
||||
20 | File | `/api/email/update` | High
|
||||
21 | File | `/application/index/controller/File.php` | High
|
||||
22 | File | `/application/index/controller/Icon.php` | High
|
||||
23 | File | `/Attachment/fromImageUrl` | High
|
||||
24 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
25 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
26 | File | `/bin/boa` | Medium
|
||||
27 | File | `/catalog/compare` | High
|
||||
28 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
29 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
30 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
31 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
32 | File | `/classes/Users.php?f=save` | High
|
||||
33 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
34 | File | `/common/log/list` | High
|
||||
35 | File | `/content/list.do` | High
|
||||
36 | File | `/cupseasylive/costcentermodify.php` | High
|
||||
37 | File | `/cupseasylive/itemmodify.php` | High
|
||||
38 | File | `/cupseasylive/statelist.php` | High
|
||||
39 | File | `/cupseasylive/stockissuancecreate.php` | High
|
||||
40 | File | `/cupseasylive/taxstructurelinecreate.php` | High
|
||||
41 | File | `/dataset/new` | Medium
|
||||
42 | File | `/devinfo` | Medium
|
||||
43 | File | `/edit_branch.php` | High
|
||||
44 | File | `/endpoint/add-user.php` | High
|
||||
45 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
46 | File | `/file` | Low
|
||||
47 | File | `/front/admin/tenancyDetail.php` | High
|
||||
48 | File | `/goform/setAutoPing` | High
|
||||
49 | File | `/goform/SetNetControlList` | High
|
||||
50 | File | `/goform/SetOnlineDevName` | High
|
||||
51 | File | `/index.php?c=install&m=index&step=2&is_install_db=0` | High
|
||||
52 | ... | ... | ...
|
||||
5 | File | `/add_members.php` | High
|
||||
6 | File | `/admin.php` | Medium
|
||||
7 | File | `/admin/` | Low
|
||||
8 | File | `/admin/action/new-feed.php` | High
|
||||
9 | File | `/admin/adminHome.php` | High
|
||||
10 | File | `/admin/book_add.php` | High
|
||||
11 | File | `/admin/content/data` | High
|
||||
12 | File | `/admin/courses/view_course.php` | High
|
||||
13 | File | `/admin/database/backup` | High
|
||||
14 | File | `/admin/file/edit.do` | High
|
||||
15 | File | `/admin/index.php?act=reset_admin_psw` | High
|
||||
16 | File | `/admin/list_onlineuser.php` | High
|
||||
17 | File | `/admin/reports/index.php` | High
|
||||
18 | File | `/admin/users.php` | High
|
||||
19 | File | `/admin/users_photo.php` | High
|
||||
20 | File | `/adminapi/system/crud` | High
|
||||
21 | File | `/adminpanel/admin/facebox_modal/updateExaminee.php` | High
|
||||
22 | File | `/api.php` | Medium
|
||||
23 | File | `/api/blade-user/export-user` | High
|
||||
24 | File | `/api/email/update` | High
|
||||
25 | File | `/application/index/controller/File.php` | High
|
||||
26 | File | `/application/index/controller/Icon.php` | High
|
||||
27 | File | `/apps/system/router/upload.go` | High
|
||||
28 | File | `/Attachment/fromImageUrl` | High
|
||||
29 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
30 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
31 | File | `/bin/boa` | Medium
|
||||
32 | File | `/catalog/compare` | High
|
||||
33 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
34 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
35 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
36 | File | `/classes/Master.php? f=save_medicine` | High
|
||||
37 | File | `/classes/Users.php?f=save` | High
|
||||
38 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
39 | File | `/common/log/list` | High
|
||||
40 | File | `/content/list.do` | High
|
||||
41 | File | `/controller/company/Index.php#sendCompanyLogo` | High
|
||||
42 | File | `/cupseasylive/costcentermodify.php` | High
|
||||
43 | File | `/cupseasylive/itemmodify.php` | High
|
||||
44 | File | `/cupseasylive/statelist.php` | High
|
||||
45 | File | `/cupseasylive/stockissuancecreate.php` | High
|
||||
46 | File | `/cupseasylive/taxstructurelinecreate.php` | High
|
||||
47 | File | `/dataset/new` | Medium
|
||||
48 | File | `/dede/catalog_del.php` | High
|
||||
49 | File | `/devinfo` | Medium
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 456 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 434 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
|
|
|
@ -125,70 +125,76 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
102 | [41.216.182.144](https://vuldb.com/?ip.41.216.182.144) | - | - | High
|
||||
103 | [41.216.182.203](https://vuldb.com/?ip.41.216.182.203) | - | - | High
|
||||
104 | [41.216.182.214](https://vuldb.com/?ip.41.216.182.214) | - | - | High
|
||||
105 | [43.153.37.45](https://vuldb.com/?ip.43.153.37.45) | - | - | High
|
||||
106 | [43.204.217.160](https://vuldb.com/?ip.43.204.217.160) | ec2-43-204-217-160.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
107 | [45.9.168.102](https://vuldb.com/?ip.45.9.168.102) | - | - | High
|
||||
108 | [45.11.181.37](https://vuldb.com/?ip.45.11.181.37) | - | - | High
|
||||
109 | [45.12.253.38](https://vuldb.com/?ip.45.12.253.38) | - | - | High
|
||||
110 | [45.14.226.72](https://vuldb.com/?ip.45.14.226.72) | hml03.pugginesl.info | - | High
|
||||
111 | [45.32.202.111](https://vuldb.com/?ip.45.32.202.111) | 45.32.202.111.vultrusercontent.com | - | High
|
||||
112 | [45.33.63.122](https://vuldb.com/?ip.45.33.63.122) | 45-33-63-122.ip.linodeusercontent.com | - | High
|
||||
113 | [45.56.96.91](https://vuldb.com/?ip.45.56.96.91) | 45-56-96-91.ip.linodeusercontent.com | - | High
|
||||
114 | [45.61.144.146](https://vuldb.com/?ip.45.61.144.146) | - | - | High
|
||||
115 | [45.61.184.126](https://vuldb.com/?ip.45.61.184.126) | - | - | High
|
||||
116 | [45.61.186.4](https://vuldb.com/?ip.45.61.186.4) | - | - | High
|
||||
117 | [45.61.187.108](https://vuldb.com/?ip.45.61.187.108) | sayonara.hp | - | High
|
||||
118 | [45.61.188.118](https://vuldb.com/?ip.45.61.188.118) | ms2.hostwithlove.com | - | High
|
||||
119 | [45.61.188.150](https://vuldb.com/?ip.45.61.188.150) | - | - | High
|
||||
120 | [45.61.188.220](https://vuldb.com/?ip.45.61.188.220) | - | - | High
|
||||
121 | [45.66.230.89](https://vuldb.com/?ip.45.66.230.89) | - | - | High
|
||||
122 | [45.66.230.173](https://vuldb.com/?ip.45.66.230.173) | - | - | High
|
||||
123 | [45.76.253.113](https://vuldb.com/?ip.45.76.253.113) | 45.76.253.113.vultrusercontent.com | - | High
|
||||
124 | [45.77.46.118](https://vuldb.com/?ip.45.77.46.118) | 8.8.8.8.google.com | - | High
|
||||
125 | [45.79.127.90](https://vuldb.com/?ip.45.79.127.90) | 45-79-127-90.ip.linodeusercontent.com | - | High
|
||||
126 | [45.79.207.123](https://vuldb.com/?ip.45.79.207.123) | se1.izlae.com | - | High
|
||||
127 | [45.81.39.172](https://vuldb.com/?ip.45.81.39.172) | - | - | High
|
||||
128 | [45.81.234.229](https://vuldb.com/?ip.45.81.234.229) | 45.81.234.229.mc-host24.de | - | High
|
||||
129 | [45.85.90.172](https://vuldb.com/?ip.45.85.90.172) | lanenap.sa.com | - | High
|
||||
130 | [45.88.66.177](https://vuldb.com/?ip.45.88.66.177) | - | - | High
|
||||
131 | [45.90.12.75](https://vuldb.com/?ip.45.90.12.75) | hosted-by.royalehosting.net | - | High
|
||||
132 | [45.90.14.172](https://vuldb.com/?ip.45.90.14.172) | chivalrous.acquiretm.com | - | High
|
||||
133 | [45.90.160.173](https://vuldb.com/?ip.45.90.160.173) | - | - | High
|
||||
134 | [45.90.161.73](https://vuldb.com/?ip.45.90.161.73) | - | - | High
|
||||
135 | [45.90.161.92](https://vuldb.com/?ip.45.90.161.92) | - | - | High
|
||||
136 | [45.90.162.184](https://vuldb.com/?ip.45.90.162.184) | - | - | High
|
||||
137 | [45.90.217.165](https://vuldb.com/?ip.45.90.217.165) | vm2572743.firstbyte.club | - | High
|
||||
138 | [45.95.55.54](https://vuldb.com/?ip.45.95.55.54) | flyhosting.de | - | High
|
||||
139 | [45.95.55.232](https://vuldb.com/?ip.45.95.55.232) | flyhosting.de | - | High
|
||||
140 | [45.95.146.38](https://vuldb.com/?ip.45.95.146.38) | host0.aceblackjack.site | - | High
|
||||
141 | [45.95.147.204](https://vuldb.com/?ip.45.95.147.204) | twne.wesubmityours.com | - | High
|
||||
142 | [45.95.169.102](https://vuldb.com/?ip.45.95.169.102) | - | - | High
|
||||
143 | [45.95.169.103](https://vuldb.com/?ip.45.95.169.103) | - | - | High
|
||||
144 | [45.95.169.115](https://vuldb.com/?ip.45.95.169.115) | - | - | High
|
||||
145 | [45.95.169.119](https://vuldb.com/?ip.45.95.169.119) | 0mrn.hitoritabifans.com | - | High
|
||||
146 | [45.95.169.133](https://vuldb.com/?ip.45.95.169.133) | - | - | High
|
||||
147 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
|
||||
148 | [45.128.153.154](https://vuldb.com/?ip.45.128.153.154) | - | - | High
|
||||
149 | [45.128.232.144](https://vuldb.com/?ip.45.128.232.144) | 144.232.128.45.pfcloud.io | - | High
|
||||
150 | [45.128.232.180](https://vuldb.com/?ip.45.128.232.180) | - | - | High
|
||||
151 | [45.128.232.240](https://vuldb.com/?ip.45.128.232.240) | 240.232.128.45.pfcloud.io | - | High
|
||||
152 | [45.128.234.72](https://vuldb.com/?ip.45.128.234.72) | - | - | High
|
||||
153 | [45.132.88.184](https://vuldb.com/?ip.45.132.88.184) | 45.132.88.184.mc-host24.de | - | High
|
||||
154 | [45.134.10.88](https://vuldb.com/?ip.45.134.10.88) | hosted-by.infraly.co | - | High
|
||||
155 | [45.134.11.110](https://vuldb.com/?ip.45.134.11.110) | mail.knowallthings.com | - | High
|
||||
156 | [45.137.206.188](https://vuldb.com/?ip.45.137.206.188) | hosted-by.varixx.org | - | High
|
||||
157 | [45.140.188.33](https://vuldb.com/?ip.45.140.188.33) | hosted-by.royalehosting.net | - | High
|
||||
158 | [45.140.188.40](https://vuldb.com/?ip.45.140.188.40) | minrow.populatively.com | - | High
|
||||
159 | [45.140.188.109](https://vuldb.com/?ip.45.140.188.109) | hosted-by.royalehosting.net | - | High
|
||||
160 | [45.141.239.114](https://vuldb.com/?ip.45.141.239.114) | - | - | High
|
||||
161 | [45.142.107.167](https://vuldb.com/?ip.45.142.107.167) | tube-hosting.com | - | High
|
||||
162 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
|
||||
163 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
|
||||
164 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
|
||||
165 | [45.148.10.76](https://vuldb.com/?ip.45.148.10.76) | - | - | High
|
||||
166 | ... | ... | ... | ...
|
||||
105 | [41.216.182.215](https://vuldb.com/?ip.41.216.182.215) | - | - | High
|
||||
106 | [43.153.37.45](https://vuldb.com/?ip.43.153.37.45) | - | - | High
|
||||
107 | [43.204.217.160](https://vuldb.com/?ip.43.204.217.160) | ec2-43-204-217-160.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
108 | [45.9.168.102](https://vuldb.com/?ip.45.9.168.102) | - | - | High
|
||||
109 | [45.11.181.37](https://vuldb.com/?ip.45.11.181.37) | - | - | High
|
||||
110 | [45.12.253.38](https://vuldb.com/?ip.45.12.253.38) | - | - | High
|
||||
111 | [45.14.226.72](https://vuldb.com/?ip.45.14.226.72) | hml03.pugginesl.info | - | High
|
||||
112 | [45.32.202.111](https://vuldb.com/?ip.45.32.202.111) | 45.32.202.111.vultrusercontent.com | - | High
|
||||
113 | [45.33.63.122](https://vuldb.com/?ip.45.33.63.122) | 45-33-63-122.ip.linodeusercontent.com | - | High
|
||||
114 | [45.56.96.91](https://vuldb.com/?ip.45.56.96.91) | 45-56-96-91.ip.linodeusercontent.com | - | High
|
||||
115 | [45.61.144.146](https://vuldb.com/?ip.45.61.144.146) | - | - | High
|
||||
116 | [45.61.184.126](https://vuldb.com/?ip.45.61.184.126) | - | - | High
|
||||
117 | [45.61.186.4](https://vuldb.com/?ip.45.61.186.4) | - | - | High
|
||||
118 | [45.61.187.108](https://vuldb.com/?ip.45.61.187.108) | sayonara.hp | - | High
|
||||
119 | [45.61.188.118](https://vuldb.com/?ip.45.61.188.118) | ms2.hostwithlove.com | - | High
|
||||
120 | [45.61.188.150](https://vuldb.com/?ip.45.61.188.150) | - | - | High
|
||||
121 | [45.61.188.220](https://vuldb.com/?ip.45.61.188.220) | - | - | High
|
||||
122 | [45.66.230.89](https://vuldb.com/?ip.45.66.230.89) | - | - | High
|
||||
123 | [45.66.230.173](https://vuldb.com/?ip.45.66.230.173) | - | - | High
|
||||
124 | [45.76.253.113](https://vuldb.com/?ip.45.76.253.113) | 45.76.253.113.vultrusercontent.com | - | High
|
||||
125 | [45.77.46.118](https://vuldb.com/?ip.45.77.46.118) | 8.8.8.8.google.com | - | High
|
||||
126 | [45.79.127.90](https://vuldb.com/?ip.45.79.127.90) | 45-79-127-90.ip.linodeusercontent.com | - | High
|
||||
127 | [45.79.207.123](https://vuldb.com/?ip.45.79.207.123) | se1.izlae.com | - | High
|
||||
128 | [45.81.39.172](https://vuldb.com/?ip.45.81.39.172) | - | - | High
|
||||
129 | [45.81.234.229](https://vuldb.com/?ip.45.81.234.229) | 45.81.234.229.mc-host24.de | - | High
|
||||
130 | [45.85.90.172](https://vuldb.com/?ip.45.85.90.172) | lanenap.sa.com | - | High
|
||||
131 | [45.86.86.217](https://vuldb.com/?ip.45.86.86.217) | ruby.9.com | - | High
|
||||
132 | [45.88.66.177](https://vuldb.com/?ip.45.88.66.177) | - | - | High
|
||||
133 | [45.90.12.75](https://vuldb.com/?ip.45.90.12.75) | hosted-by.royalehosting.net | - | High
|
||||
134 | [45.90.14.172](https://vuldb.com/?ip.45.90.14.172) | chivalrous.acquiretm.com | - | High
|
||||
135 | [45.90.160.173](https://vuldb.com/?ip.45.90.160.173) | - | - | High
|
||||
136 | [45.90.161.73](https://vuldb.com/?ip.45.90.161.73) | - | - | High
|
||||
137 | [45.90.161.92](https://vuldb.com/?ip.45.90.161.92) | - | - | High
|
||||
138 | [45.90.162.184](https://vuldb.com/?ip.45.90.162.184) | - | - | High
|
||||
139 | [45.90.217.165](https://vuldb.com/?ip.45.90.217.165) | vm2572743.firstbyte.club | - | High
|
||||
140 | [45.95.55.54](https://vuldb.com/?ip.45.95.55.54) | flyhosting.de | - | High
|
||||
141 | [45.95.55.232](https://vuldb.com/?ip.45.95.55.232) | flyhosting.de | - | High
|
||||
142 | [45.95.146.38](https://vuldb.com/?ip.45.95.146.38) | host0.aceblackjack.site | - | High
|
||||
143 | [45.95.147.204](https://vuldb.com/?ip.45.95.147.204) | twne.wesubmityours.com | - | High
|
||||
144 | [45.95.169.102](https://vuldb.com/?ip.45.95.169.102) | - | - | High
|
||||
145 | [45.95.169.103](https://vuldb.com/?ip.45.95.169.103) | - | - | High
|
||||
146 | [45.95.169.115](https://vuldb.com/?ip.45.95.169.115) | - | - | High
|
||||
147 | [45.95.169.119](https://vuldb.com/?ip.45.95.169.119) | 0mrn.hitoritabifans.com | - | High
|
||||
148 | [45.95.169.133](https://vuldb.com/?ip.45.95.169.133) | - | - | High
|
||||
149 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
|
||||
150 | [45.128.153.154](https://vuldb.com/?ip.45.128.153.154) | - | - | High
|
||||
151 | [45.128.232.144](https://vuldb.com/?ip.45.128.232.144) | 144.232.128.45.pfcloud.io | - | High
|
||||
152 | [45.128.232.180](https://vuldb.com/?ip.45.128.232.180) | - | - | High
|
||||
153 | [45.128.232.240](https://vuldb.com/?ip.45.128.232.240) | 240.232.128.45.pfcloud.io | - | High
|
||||
154 | [45.128.232.250](https://vuldb.com/?ip.45.128.232.250) | - | - | High
|
||||
155 | [45.128.234.72](https://vuldb.com/?ip.45.128.234.72) | - | - | High
|
||||
156 | [45.131.108.174](https://vuldb.com/?ip.45.131.108.174) | tube-hosting.com | - | High
|
||||
157 | [45.131.111.159](https://vuldb.com/?ip.45.131.111.159) | tube-hosting.com | - | High
|
||||
158 | [45.132.88.184](https://vuldb.com/?ip.45.132.88.184) | 45.132.88.184.mc-host24.de | - | High
|
||||
159 | [45.134.10.88](https://vuldb.com/?ip.45.134.10.88) | hosted-by.infraly.co | - | High
|
||||
160 | [45.134.11.110](https://vuldb.com/?ip.45.134.11.110) | mail.knowallthings.com | - | High
|
||||
161 | [45.137.206.188](https://vuldb.com/?ip.45.137.206.188) | hosted-by.varixx.org | - | High
|
||||
162 | [45.140.188.33](https://vuldb.com/?ip.45.140.188.33) | hosted-by.royalehosting.net | - | High
|
||||
163 | [45.140.188.40](https://vuldb.com/?ip.45.140.188.40) | minrow.populatively.com | - | High
|
||||
164 | [45.140.188.109](https://vuldb.com/?ip.45.140.188.109) | hosted-by.royalehosting.net | - | High
|
||||
165 | [45.140.188.133](https://vuldb.com/?ip.45.140.188.133) | hosted-by.royalehosting.net | - | High
|
||||
166 | [45.141.239.114](https://vuldb.com/?ip.45.141.239.114) | - | - | High
|
||||
167 | [45.142.107.167](https://vuldb.com/?ip.45.142.107.167) | tube-hosting.com | - | High
|
||||
168 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
|
||||
169 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
|
||||
170 | [45.145.42.90](https://vuldb.com/?ip.45.145.42.90) | - | - | High
|
||||
171 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
|
||||
172 | ... | ... | ... | ...
|
||||
|
||||
There are 659 more IOC items available. Please use our online service to access the data.
|
||||
There are 683 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -198,12 +204,13 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -213,22 +220,22 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin/action/delete-vaccine.php` | High
|
||||
3 | File | `/admin/controller/JobLogController.java` | High
|
||||
4 | File | `/admin/index2.html` | High
|
||||
5 | File | `/api/clusters/local/topics/{topic}/messages` | High
|
||||
6 | File | `/api/stl/actions/search` | High
|
||||
7 | File | `/api/sys/login` | High
|
||||
8 | File | `/api/sys/set_passwd` | High
|
||||
9 | File | `/api/trackedEntityInstances` | High
|
||||
10 | File | `/app/index/controller/Common.php` | High
|
||||
11 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
12 | File | `/aux` | Low
|
||||
13 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
14 | File | `/changePassword` | High
|
||||
15 | File | `/cupseasylive/companymodify.php` | High
|
||||
16 | File | `/cupseasylive/grnprint.php` | High
|
||||
17 | File | `/cupseasylive/stockissuancelinecreate.php` | High
|
||||
18 | File | `/dashboard/add-blog.php` | High
|
||||
3 | File | `/admin/application-bwdates-reports-details.php` | High
|
||||
4 | File | `/admin/controller/JobLogController.java` | High
|
||||
5 | File | `/admin/index2.html` | High
|
||||
6 | File | `/api/clusters/local/topics/{topic}/messages` | High
|
||||
7 | File | `/api/stl/actions/search` | High
|
||||
8 | File | `/api/sys/login` | High
|
||||
9 | File | `/api/sys/set_passwd` | High
|
||||
10 | File | `/api/trackedEntityInstances` | High
|
||||
11 | File | `/app/index/controller/Common.php` | High
|
||||
12 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
13 | File | `/aux` | Low
|
||||
14 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
15 | File | `/changePassword` | High
|
||||
16 | File | `/cupseasylive/companymodify.php` | High
|
||||
17 | File | `/cupseasylive/grnprint.php` | High
|
||||
18 | File | `/cupseasylive/stockissuancelinecreate.php` | High
|
||||
19 | File | `/dashboard?controller=UserCollection::createUser` | High
|
||||
20 | File | `/data/remove` | Medium
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
|
@ -238,21 +245,22 @@ ID | Type | Indicator | Confidence
|
|||
25 | File | `/forms/doLogin` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/goform/net\_Web\_get_value` | High
|
||||
28 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
29 | File | `/group1/uploa` | High
|
||||
30 | File | `/hedwig.cgi` | Medium
|
||||
31 | File | `/inc/parser/xhtml.php` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
33 | File | `/investigation/delete/` | High
|
||||
34 | File | `/listplace/user/ticket/create` | High
|
||||
35 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
36 | File | `/mhds/clinic/view_details.php` | High
|
||||
37 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
38 | File | `/novel/author/list` | High
|
||||
39 | File | `/php/ping.php` | High
|
||||
40 | ... | ... | ...
|
||||
28 | File | `/hedwig.cgi` | Medium
|
||||
29 | File | `/index.php` | Medium
|
||||
30 | File | `/investigation/delete/` | High
|
||||
31 | File | `/listplace/user/ticket/create` | High
|
||||
32 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
33 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
34 | File | `/novel/author/list` | High
|
||||
35 | File | `/offersmail.php` | High
|
||||
36 | File | `/patient/appointment.php` | High
|
||||
37 | File | `/php/ping.php` | High
|
||||
38 | File | `/plugin` | Low
|
||||
39 | File | `/prescription/prescription/delete/` | High
|
||||
40 | File | `/pro/common/download` | High
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 346 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 350 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -306,13 +314,16 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/1f2636846e62666db1b2248e4afa0ef36de166ba6a86675747ce542411787c23/
|
||||
* https://bazaar.abuse.ch/sample/2a147a66c31446d534bf3579392beb39686b4cf367855f26fb1579aadaa61c32/
|
||||
* https://bazaar.abuse.ch/sample/2abf6060c8a61d7379adfb8218b56003765c1a1e701b346556ca5d53068892a5/
|
||||
* https://bazaar.abuse.ch/sample/2af71062bcf8204058ae416e2ebea7076de537e96be172a987ec03d1193aaa17/
|
||||
* https://bazaar.abuse.ch/sample/2b318c6894e66a3e8f3abe92eaf92b181fbc4b41998ce6a2081b72582bf8b773/
|
||||
* https://bazaar.abuse.ch/sample/2c123b50067d4cd49a46dfe25792ebe94fa4e3369b7c18c16671fe956969e94e/
|
||||
* https://bazaar.abuse.ch/sample/2c13615067dbb9fb33ad8db11641b976216643cb7d281e669c66c26fb87f9b61/
|
||||
* https://bazaar.abuse.ch/sample/2ce5eb2235aaf5476213a6dcdc7627524fd9a134b81dfda3e857b24f300ccc6d/
|
||||
* https://bazaar.abuse.ch/sample/2d03db6f0385daa22cfad822ea28628e9aeebdbacf8d7705a3bbdfcec722b6f6/
|
||||
* https://bazaar.abuse.ch/sample/2d6256195e69211ca127ab2cc2ac840b7f2f5a00f1426c59e80defa3d9d26ccc/
|
||||
* https://bazaar.abuse.ch/sample/2dac6fba3257f49de83c60c8f5bfe22d1ee69499195c10e48473ebb5913fc44c/
|
||||
* https://bazaar.abuse.ch/sample/2dbf49d7e7f4af3771586c567c979e99031f15517e79535a803b35bab3ced081/
|
||||
* https://bazaar.abuse.ch/sample/2e62d5939a9ebb27a43725afd830c6ce949ae19d254dc71f64cb3ac8debbf9b2/
|
||||
* https://bazaar.abuse.ch/sample/2e65d809310b06f59bf024064e38422f87f24d155ef138fead9331b933523985/
|
||||
* https://bazaar.abuse.ch/sample/2fefbe620c48fb6a7f0c9ad1ef7ef611c04e2313541bdcbbb99331d8eb6d94b1/
|
||||
* https://bazaar.abuse.ch/sample/3a6b41be1b98631a69f546861b057512ec0c3752cdd2a359eeee845125dd953f/
|
||||
|
@ -327,6 +338,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/3cfda97c1dcfc6d16378eabf2cf841058e1785cc3b4aec0a0715dd0c0f6f0bfd/
|
||||
* https://bazaar.abuse.ch/sample/3d6bb8ca5062565c1dc4673966dad0630f3d1843af4561290966b0c6459ca42e/
|
||||
* https://bazaar.abuse.ch/sample/3d84abd3a6772c24ccaa6e31d079651bfae5e9c732457f5ac4a9277f10bc0759/
|
||||
* https://bazaar.abuse.ch/sample/3d7665a09dee80849c12cb8f9b91e77c233393e359c37a8902608ede6103fb81/
|
||||
* https://bazaar.abuse.ch/sample/3dcb0c6b7e992ae1e620e14b369c97e4f244be55eb2370fc22cc29b0da5573a7/
|
||||
* https://bazaar.abuse.ch/sample/3e3b992d11ec46fa3b662b06ca69cb89db2ed72f10a4993b17193e189fc8ab00/
|
||||
* https://bazaar.abuse.ch/sample/3ee4cf5e3095dcaff4f2cbb218b8e1f99d295fa3c45054ada052ef17d3f51ff0/
|
||||
|
@ -386,6 +398,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/8c55851ca920533baf36b529bc0dde320630234f9e2f10395be7c4262e03d3b6/
|
||||
* https://bazaar.abuse.ch/sample/8ce82806ab6b604dca17051bf30d96f6ddd8c09067ad0dcb3abf0b4587566584/
|
||||
* https://bazaar.abuse.ch/sample/8d11aac643d27f90e7e53b84fdad477d6514c039cde8a00ef08a5e709576630b/
|
||||
* https://bazaar.abuse.ch/sample/8d553ff62bd1be7ecebba6056aea5d11b9ebf15b98ae0ec1959ab427789e8c77/
|
||||
* https://bazaar.abuse.ch/sample/8eeb01b0963485edba1736a7a03f41b88c11ee9c5a70a2c761156e7f1381b9cd/
|
||||
* https://bazaar.abuse.ch/sample/8f6a2c5d17f924af5435f1d6c42d7af0cbf208fc0296184f1e95e79125cd6e17/
|
||||
* https://bazaar.abuse.ch/sample/8f24d9c22274b4ecfc02d537ba92f4337d94661586177b8222570e081beb3725/
|
||||
|
@ -426,6 +439,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/34c1646e2d0c27eaecb515e7b3d880a8eb0d548286d99e8460a37959b43ec7aa/
|
||||
* https://bazaar.abuse.ch/sample/37af44d4dbb8656c9669513a11df3069a29049af90335526c228823e0037fe0c/
|
||||
* https://bazaar.abuse.ch/sample/38ad5d96d0131e80d496614a56ed5e1969b35a43b96f539d4426103ee75e8b0f/
|
||||
* https://bazaar.abuse.ch/sample/38d5ebcba2cd118391cd3644f80228999407f5934c82fecd5d595bace4d5e4f6/
|
||||
* https://bazaar.abuse.ch/sample/39f11f89c1654b2002937576a85768490311dc219540a36d93eefd6f6843e054/
|
||||
* https://bazaar.abuse.ch/sample/40b36c5eedcc4b2172079c924ed8b63b7a8f8cf7dc9e4cabb2ae391a62ef18d6/
|
||||
* https://bazaar.abuse.ch/sample/42cf396d7f01e7e2e0f7dc7935b752042903f7eb8ba5bd104252555933411a3b/
|
||||
|
@ -470,6 +484,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/87b3cf10688d27102a17368c7c97138f630ad13fdb6de21e4d10b12ed53ca532/
|
||||
* https://bazaar.abuse.ch/sample/87c2f50b4415ec22c5e13f5ea96e794fc66c66abf9752f0b85299dc49b2b032b/
|
||||
* https://bazaar.abuse.ch/sample/87ef4750e85c5d9e14ab78db941f502f849ef85ee901caa029edd63921d2b879/
|
||||
* https://bazaar.abuse.ch/sample/88dcd2298706561f57f652a37d1d4466d29ca7c6f516c62173798560b3a855fa/
|
||||
* https://bazaar.abuse.ch/sample/91a16c3faa57d4cf04e693e2e194277a061f799d6e7d3a226bd92c37b2184c6e/
|
||||
* https://bazaar.abuse.ch/sample/92d80764c80bf0c2ecedb1c7dbf0295c130434a8910180f94681482f8b7ec572/
|
||||
* https://bazaar.abuse.ch/sample/93b2fb60ef28f0d556de3d3f47789e641877c389cbd8b1cfae5ceff2db3646c9/
|
||||
|
@ -558,6 +573,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/46294fe4ddda7ca07d864c09b283c8af8a7cb8b110fafb60777b6ddbe13c2e72/
|
||||
* https://bazaar.abuse.ch/sample/50381f61ef742cf02fae1e58bfcfeb74d8607b532e995db6d006133fdd49c951/
|
||||
* https://bazaar.abuse.ch/sample/54650b8f4f3b28f4a2f8a75cfa4818a165a310663754acf76b82091f7617cd58/
|
||||
* https://bazaar.abuse.ch/sample/65876a34cb0c65677f519a348f22516e51f2d39ebe69017e48649d361192d8bb/
|
||||
* https://bazaar.abuse.ch/sample/66632e6d199007078cea7202c53f018eb2910dad4b642fc9af1ca3791ad2bb9b/
|
||||
* https://bazaar.abuse.ch/sample/70666b157f62fb87ff8f4da5bb6e16d462ad80b3bdf708579778cf1efba57ce1/
|
||||
* https://bazaar.abuse.ch/sample/77318d8306ef6856ed333833622ed55f4560fb0e945432d64dd8bf3a8d05d4b5/
|
||||
|
@ -610,6 +626,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/a128a62d2290a71183bcb46e10cf300c1ce2182ed74be355bb270145012cd163/
|
||||
* https://bazaar.abuse.ch/sample/a280f0feec3658eb9438564ea791ceb7bfccf134133cfcd1f8386fcd371848db/
|
||||
* https://bazaar.abuse.ch/sample/a322ebbb0d7ce281198df18d5a79eb638fc29c18e15c700d5bbc21c86dfd0cfc/
|
||||
* https://bazaar.abuse.ch/sample/a364a3aa26a9f1ec756006c3aec6bf871efeefc3799f24a32317ee358a107c5a/
|
||||
* https://bazaar.abuse.ch/sample/a411b1b76cc788135969ec141e5e0d7c29870234fda6b66802d5a62cf1cc8454/
|
||||
* https://bazaar.abuse.ch/sample/a809ffcdf246527ce3c76173fb4f11ff82c01f2b90b936a41ce1f209430a8a1c/
|
||||
* https://bazaar.abuse.ch/sample/a3920a9315258284fe20bbb5525527f1d0ff1e4c656c72703a3a566f8eb42d93/
|
||||
|
@ -650,6 +667,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/b430758efac32310030daa8a459369826753cb65367489e35a7bfc978511c2b8/
|
||||
* https://bazaar.abuse.ch/sample/b834031099391abd42f95f8015f800844d6ea957031e8119bf6d01a186d2b4d3/
|
||||
* https://bazaar.abuse.ch/sample/ba79cf9aec445aad98d9ba7ad8f85f5a8f8617c8482ed8913f725f10b2942b42/
|
||||
* https://bazaar.abuse.ch/sample/ba8261ade04d4cc5f9181b90d7db845c64258d3164cdda7d88004afb3ac86dd4/
|
||||
* https://bazaar.abuse.ch/sample/bb7ac2ba0dea3b0ac95a9f76a8c52df6dac96dbb2c8506e0708524f1b57ac88c/
|
||||
* https://bazaar.abuse.ch/sample/bb8ad39a7dbd454077bd7c920ea621ca42ddfdcc13b2330cb4d912572a45c320/
|
||||
* https://bazaar.abuse.ch/sample/bbd0f0b8c5440c362fb7cf52086a9f9e01b1eed018b5d5b9d7eb75f1eedb2b28/
|
||||
|
@ -721,6 +739,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/dad61a731ad2f7c1e58408e0a0d33dc88eb974b226dbd2468b7369bfe097aa71/
|
||||
* https://bazaar.abuse.ch/sample/db2d1011aec87e11064993e763623a4f420974b36920bde96d23deea4cbc5c0c/
|
||||
* https://bazaar.abuse.ch/sample/db4ce9d1f6911a5f90c7272b2a90b6e3c7d7b5af75ee3a53395b0591e39c94af/
|
||||
* https://bazaar.abuse.ch/sample/db61ec9bd79ea5b28c34181e27a7ffdf9015804be65ac18d898a99b87f8df782/
|
||||
* https://bazaar.abuse.ch/sample/db6207e5859614ee43cd64bd528b0c3ef61be4a8224b0eca48eedb2304c530d4/
|
||||
* https://bazaar.abuse.ch/sample/dbd864147c9adf7522c49647d962cd8532383651f14d5e729a7754d7e6ccf517/
|
||||
* https://bazaar.abuse.ch/sample/dc30e6500ebcf937a237d027acdd40c2dd68741b4f40a9523196ee82eb13e3c3/
|
||||
|
@ -755,14 +774,19 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/eafb8b10d4cf9d73403317cb0589635bdf368c9b82296584d8d7540932dcbbce/
|
||||
* https://bazaar.abuse.ch/sample/eb622685954a909562a88de7c871008acb80ca86d160b9f664d69d640ce2a2e6/
|
||||
* https://bazaar.abuse.ch/sample/ece244bb690c63c0224f9725083a80ae2ca3620bcd3e3fcceab3eb2e115f0cb2/
|
||||
* https://bazaar.abuse.ch/sample/ecf1fab2bccfe8fee997fe363a75b09f2924516bd0e58d12af6663b6d0578728/
|
||||
* https://bazaar.abuse.ch/sample/ecf26f7ce7d13fada8e0cc2d7eabb81735f014635cd935954f8dd0fe35a4c26c/
|
||||
* https://bazaar.abuse.ch/sample/ed6f9f27804d4690271012bcf4b5e79db40dced6502811440d47881733d2d093/
|
||||
* https://bazaar.abuse.ch/sample/ed33c8c9ed0f40b53dffcd84d8c0df5dccd2db9953661c16f743c2f9d595591f/
|
||||
* https://bazaar.abuse.ch/sample/ee52c16d53e08af2aba541cab956748b9c0d185a33256ef4bf95a2268f40f209/
|
||||
* https://bazaar.abuse.ch/sample/ef54ddea14ac1d94c225f5873d19f8fcea27bdb14f5173018d544b4adb41026e/
|
||||
* https://bazaar.abuse.ch/sample/efece9b29e3eda87a2b39ebcc4cd7b0a1813f727d47394477ff99f579e76d36f/
|
||||
* https://bazaar.abuse.ch/sample/f0215ec4ae290d9b263054e4b36ae3d92b127f76a2afa7d793623835943c1d6f/
|
||||
* https://bazaar.abuse.ch/sample/f0479dda24538651043306bfdc8dfb0e016ad457944d54d8952a69cabb261cb0/
|
||||
* https://bazaar.abuse.ch/sample/f2ae4034297bc8e03be9387b1815522b7cf07076b4be1a06f0d3039e45e96f60/
|
||||
* https://bazaar.abuse.ch/sample/f4c9bff4713ab599f795c5da87e9b681a627c60dd196ca5e32ff28afc7381915/
|
||||
* https://bazaar.abuse.ch/sample/f4dab2988f0e2d3b84f1b9ec7467eed650d42f5300d24eb37b8d6ed09a25c35f/
|
||||
* https://bazaar.abuse.ch/sample/f6c1d0a2f5a8c67a949c6be2fc5a41a9ead3378c119ea9d5f87c8845e30396e0/
|
||||
* https://bazaar.abuse.ch/sample/f7a2abbfd146528c5de8cd1986581d0e163a802820d76b927d22cbb8e9f492c9/
|
||||
* https://bazaar.abuse.ch/sample/f9b4d0aa926b74ddd408433a30f19376b5d8844d011eb832ef8abb4fde8d1015/
|
||||
* https://bazaar.abuse.ch/sample/f10edcdb6065a39ba6190227fce7cf6f5349e41e9e4f73fe07312e763ca58067/
|
||||
|
|
|
@ -84,22 +84,22 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/api` | Low
|
||||
2 | File | `/api/sys_username_passwd.cmd` | High
|
||||
3 | File | `/forum/away.php` | High
|
||||
4 | File | `/home/cavesConsole` | High
|
||||
5 | File | `/inc/parser/xhtml.php` | High
|
||||
6 | File | `/include/makecvs.php` | High
|
||||
7 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||
8 | File | `/requests.php` | High
|
||||
9 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
10 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
11 | File | `add.php` | Low
|
||||
12 | File | `admin/admin.shtml` | High
|
||||
13 | File | `AdminOrdercontroller.java` | High
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/api` | Low
|
||||
3 | File | `/api/sys_username_passwd.cmd` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/home/cavesConsole` | High
|
||||
6 | File | `/inc/parser/xhtml.php` | High
|
||||
7 | File | `/include/makecvs.php` | High
|
||||
8 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||
9 | File | `/requests.php` | High
|
||||
10 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
11 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
12 | File | `add.php` | Low
|
||||
13 | File | `admin/admin.shtml` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 114 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BeamWinHTTP:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,8 +21,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [37.0.8.39](https://vuldb.com/?ip.37.0.8.39) | - | - | High
|
||||
2 | [212.192.246.217](https://vuldb.com/?ip.212.192.246.217) | - | - | High
|
||||
1 | [2.56.59.42](https://vuldb.com/?ip.2.56.59.42) | - | - | High
|
||||
2 | [31.210.20.251](https://vuldb.com/?ip.31.210.20.251) | - | - | High
|
||||
3 | [37.0.8.39](https://vuldb.com/?ip.37.0.8.39) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -31,12 +35,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -44,109 +49,117 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/about.php` | Medium
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin.php` | Medium
|
||||
3 | File | `/admin/doctors/view_doctor.php` | High
|
||||
4 | File | `/admin/modules/bibliography/index.php` | High
|
||||
5 | File | `/admin/students/manage.php` | High
|
||||
6 | File | `/adminlogin.asp` | High
|
||||
7 | File | `/app/controller/Books.php` | High
|
||||
8 | File | `/aqpg/users/login.php` | High
|
||||
9 | File | `/controller/Index.php` | High
|
||||
10 | File | `/coreframe/app/content/admin/content.php` | High
|
||||
11 | File | `/dev/audio` | Medium
|
||||
12 | File | `/dl/dl_print.php` | High
|
||||
13 | File | `/etc/crash` | Medium
|
||||
14 | File | `/etc/master.passwd` | High
|
||||
15 | File | `/etc/passwd` | Medium
|
||||
16 | File | `/goform/AddSysLogRule` | High
|
||||
17 | File | `/goform/WifiBasicSet` | High
|
||||
18 | File | `/Hospital-Management-System-master/contact.php` | High
|
||||
19 | File | `/include/friends.inc.php` | High
|
||||
20 | File | `/index.php?module=configuration/application` | High
|
||||
21 | File | `/kruxton/receipt.php` | High
|
||||
22 | File | `/members/view_member.php` | High
|
||||
23 | File | `/services/view_service.php` | High
|
||||
24 | File | `/servlet/webacc` | High
|
||||
25 | File | `/sitemagic/upgrade.php` | High
|
||||
26 | File | `/userui/ticket_list.php` | High
|
||||
27 | File | `/usr/5bin/su` | Medium
|
||||
28 | File | `/wp-admin/options-general.php` | High
|
||||
29 | File | `/zm/index.php` | High
|
||||
30 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
|
||||
31 | File | `abook_database.php` | High
|
||||
32 | File | `accounts/inc/include.php` | High
|
||||
33 | File | `adaptive-images-script.php` | High
|
||||
34 | File | `additem.asp` | Medium
|
||||
35 | File | `adherents/subscription/info.php` | High
|
||||
36 | File | `admin.asp` | Medium
|
||||
37 | File | `admin.php` | Medium
|
||||
38 | File | `admin/admin.php` | High
|
||||
39 | File | `admin/admin_users.php` | High
|
||||
40 | File | `admin/article_save.php` | High
|
||||
41 | File | `admin/general.php` | High
|
||||
42 | File | `admin/header.php` | High
|
||||
43 | File | `admin/inc/change_action.php` | High
|
||||
44 | File | `admin/index.php` | High
|
||||
45 | File | `admin/info.php` | High
|
||||
46 | File | `admin/login.asp` | High
|
||||
47 | File | `admin/manage-comments.php` | High
|
||||
48 | File | `admin/manage-news.php` | High
|
||||
49 | File | `admin/plugin-settings.php` | High
|
||||
50 | File | `admin/specials.php` | High
|
||||
51 | File | `admin:de` | Medium
|
||||
52 | File | `admincp/auth/checklogin.php` | High
|
||||
53 | File | `admincp/auth/secure.php` | High
|
||||
54 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
55 | File | `administrator/index.php` | High
|
||||
56 | File | `admin_login.asp` | High
|
||||
57 | File | `ajax_url.php` | Medium
|
||||
58 | File | `album_portal.php` | High
|
||||
59 | File | `al_initialize.php` | High
|
||||
60 | File | `anjel.index.php` | High
|
||||
61 | File | `annonces-p-f.php` | High
|
||||
62 | File | `announce.php` | Medium
|
||||
63 | File | `announcement.php` | High
|
||||
64 | File | `announcements.php` | High
|
||||
65 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
|
||||
66 | File | `application/config/config.php` | High
|
||||
67 | File | `application/controllers/basedata/inventory.php` | High
|
||||
68 | File | `apply.cgi` | Medium
|
||||
69 | File | `apps/app_article/controller/rating.php` | High
|
||||
70 | File | `article.php` | Medium
|
||||
71 | File | `articles.php` | Medium
|
||||
72 | File | `artikel_anzeige.php` | High
|
||||
73 | File | `AudioFlinger.cpp` | High
|
||||
74 | File | `auktion.cgi` | Medium
|
||||
75 | File | `auth.php` | Medium
|
||||
76 | File | `authfiles/login.asp` | High
|
||||
77 | File | `basket.php` | Medium
|
||||
78 | File | `books.php` | Medium
|
||||
79 | File | `browse-category.php` | High
|
||||
80 | File | `browse.php` | Medium
|
||||
81 | File | `browse_videos.php` | High
|
||||
82 | File | `BrudaNews/BrudaGB` | High
|
||||
83 | File | `bwlist_inc.html` | High
|
||||
84 | File | `calendar.php` | Medium
|
||||
85 | File | `callme_page.php` | High
|
||||
86 | File | `cart.php` | Medium
|
||||
87 | File | `cart_add.php` | Medium
|
||||
88 | File | `case.filemanager.php` | High
|
||||
89 | File | `catalog.php` | Medium
|
||||
90 | File | `catalogshop.php` | High
|
||||
91 | File | `catalogue.asp` | High
|
||||
92 | File | `category.cfm` | Medium
|
||||
93 | File | `category.php` | Medium
|
||||
94 | File | `category_list.php` | High
|
||||
95 | ... | ... | ...
|
||||
3 | File | `/admin/contenttemp` | High
|
||||
4 | File | `/admin/delete.php` | High
|
||||
5 | File | `/admin/doctors/view_doctor.php` | High
|
||||
6 | File | `/admin/modules/bibliography/index.php` | High
|
||||
7 | File | `/admin/sales/view_details.php` | High
|
||||
8 | File | `/admin/students/manage.php` | High
|
||||
9 | File | `/admin/view_order.php` | High
|
||||
10 | File | `/adminlogin.asp` | High
|
||||
11 | File | `/app/controller/Books.php` | High
|
||||
12 | File | `/bl-plugins/backup/plugin.php` | High
|
||||
13 | File | `/cgi-bin/nightled.cgi` | High
|
||||
14 | File | `/cgi/get_param.cgi` | High
|
||||
15 | File | `/common/download_agent_installer.php` | High
|
||||
16 | File | `/common/run_cross_report.php` | High
|
||||
17 | File | `/controller/Index.php` | High
|
||||
18 | File | `/coreframe/app/content/admin/content.php` | High
|
||||
19 | File | `/dev/audio` | Medium
|
||||
20 | File | `/etc/crash` | Medium
|
||||
21 | File | `/etc/master.passwd` | High
|
||||
22 | File | `/etc/passwd` | Medium
|
||||
23 | File | `/EXCU_SHELL` | Medium
|
||||
24 | File | `/goform/addressNat` | High
|
||||
25 | File | `/goform/AddSysLogRule` | High
|
||||
26 | File | `/goform/NatStaticSetting` | High
|
||||
27 | File | `/goform/WifiBasicSet` | High
|
||||
28 | File | `/include/friends.inc.php` | High
|
||||
29 | File | `/index.php?module=configuration/application` | High
|
||||
30 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
|
||||
31 | File | `/iwgallery/pictures/details.asp` | High
|
||||
32 | File | `/kruxton/receipt.php` | High
|
||||
33 | File | `/medianet/mail.aspx` | High
|
||||
34 | File | `/members/view_member.php` | High
|
||||
35 | File | `/php-sms/admin/?page=services/manage_service` | High
|
||||
36 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
37 | File | `/secure/admin/RestoreDefaults.jspa` | High
|
||||
38 | File | `/services/view_service.php` | High
|
||||
39 | File | `/servlet/webacc` | High
|
||||
40 | File | `/sitemagic/upgrade.php` | High
|
||||
41 | File | `/userui/ticket_list.php` | High
|
||||
42 | File | `/usr/5bin/su` | Medium
|
||||
43 | File | `/wmiwizard.jsp` | High
|
||||
44 | File | `/wp-admin/options-general.php` | High
|
||||
45 | File | `/zm/index.php` | High
|
||||
46 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
|
||||
47 | File | `abook_database.php` | High
|
||||
48 | File | `accounts/inc/include.php` | High
|
||||
49 | File | `acrotxt.php` | Medium
|
||||
50 | File | `ad.cgi` | Low
|
||||
51 | File | `adaptive-images-script.php` | High
|
||||
52 | File | `additem.asp` | Medium
|
||||
53 | File | `addpost_newpoll.php` | High
|
||||
54 | File | `adherents/subscription/info.php` | High
|
||||
55 | File | `admin.asp` | Medium
|
||||
56 | File | `admin.php` | Medium
|
||||
57 | File | `admin/admin.php` | High
|
||||
58 | File | `admin/admin_users.php` | High
|
||||
59 | File | `admin/article_save.php` | High
|
||||
60 | File | `admin/handlers.php` | High
|
||||
61 | File | `admin/header.php` | High
|
||||
62 | File | `admin/index.php` | High
|
||||
63 | File | `admin/login.asp` | High
|
||||
64 | File | `admin/manage-comments.php` | High
|
||||
65 | File | `admin/manage-news.php` | High
|
||||
66 | File | `admin/page.php` | High
|
||||
67 | File | `admin/plugin-settings.php` | High
|
||||
68 | File | `adminBoards.php` | High
|
||||
69 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
70 | File | `administrator/index.php` | High
|
||||
71 | File | `adminSmileys.php` | High
|
||||
72 | File | `admin_login.asp` | High
|
||||
73 | File | `AJAXPreview.jsp` | High
|
||||
74 | File | `akocomments.php` | High
|
||||
75 | File | `allmanageup.pl` | High
|
||||
76 | File | `al_initialize.php` | High
|
||||
77 | File | `amadmin.pl` | Medium
|
||||
78 | File | `ampie.swf` | Medium
|
||||
79 | File | `annonces-p-f.php` | High
|
||||
80 | File | `announcements.php` | High
|
||||
81 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
|
||||
82 | File | `application/config/config.php` | High
|
||||
83 | File | `application/controllers/basedata/inventory.php` | High
|
||||
84 | File | `apply.cgi` | Medium
|
||||
85 | File | `apps/app_article/controller/rating.php` | High
|
||||
86 | File | `article.php` | Medium
|
||||
87 | File | `articles.php` | Medium
|
||||
88 | File | `artlinks.dispnew.php` | High
|
||||
89 | File | `AsusSoftwareManager.exe` | High
|
||||
90 | File | `auctionweaver.pl` | High
|
||||
91 | File | `AudioFlinger.cpp` | High
|
||||
92 | ... | ... | ...
|
||||
|
||||
There are 842 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 817 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://asec.ahnlab.com/en/34876/
|
||||
* https://asec.ahnlab.com/en/40056/
|
||||
* https://asec.ahnlab.com/en/41139/
|
||||
* https://asec.ahnlab.com/en/42757/
|
||||
* https://asec.ahnlab.com/en/45023/
|
||||
* https://asec.ahnlab.com/en/45636/
|
||||
* https://asec.ahnlab.com/en/46169/
|
||||
* https://asec.ahnlab.com/en/46464/
|
||||
* https://asec.ahnlab.com/en/47011/
|
||||
* https://asec.ahnlab.com/en/47925/
|
||||
* https://asec.ahnlab.com/en/48640/
|
||||
* https://asec.ahnlab.com/en/50667/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -21,152 +21,157 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.58.14.41](https://vuldb.com/?ip.2.58.14.41) | mta0.zampa.space | - | High
|
||||
2 | [2.58.15.111](https://vuldb.com/?ip.2.58.15.111) | - | - | High
|
||||
3 | [2.58.15.126](https://vuldb.com/?ip.2.58.15.126) | - | - | High
|
||||
4 | [2.59.254.29](https://vuldb.com/?ip.2.59.254.29) | - | - | High
|
||||
5 | [3.25.93.101](https://vuldb.com/?ip.3.25.93.101) | ec2-3-25-93-101.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
6 | [3.72.105.50](https://vuldb.com/?ip.3.72.105.50) | ec2-3-72-105-50.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
7 | [3.76.100.131](https://vuldb.com/?ip.3.76.100.131) | ec2-3-76-100-131.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
8 | [3.81.68.30](https://vuldb.com/?ip.3.81.68.30) | ec2-3-81-68-30.compute-1.amazonaws.com | - | Medium
|
||||
9 | [3.82.108.57](https://vuldb.com/?ip.3.82.108.57) | ec2-3-82-108-57.compute-1.amazonaws.com | - | Medium
|
||||
10 | [3.106.130.174](https://vuldb.com/?ip.3.106.130.174) | ec2-3-106-130-174.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
11 | [3.109.108.143](https://vuldb.com/?ip.3.109.108.143) | ec2-3-109-108-143.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
12 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
13 | [3.236.161.7](https://vuldb.com/?ip.3.236.161.7) | ec2-3-236-161-7.compute-1.amazonaws.com | - | Medium
|
||||
14 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
15 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
|
||||
16 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
|
||||
17 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
|
||||
18 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
|
||||
19 | [5.161.223.88](https://vuldb.com/?ip.5.161.223.88) | static.88.223.161.5.clients.your-server.de | - | High
|
||||
20 | [5.181.20.110](https://vuldb.com/?ip.5.181.20.110) | - | - | High
|
||||
21 | [5.182.39.10](https://vuldb.com/?ip.5.182.39.10) | vps.hostry.com | - | High
|
||||
22 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
|
||||
23 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
|
||||
24 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
|
||||
25 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
|
||||
26 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
|
||||
27 | [5.230.44.53](https://vuldb.com/?ip.5.230.44.53) | - | - | High
|
||||
28 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
|
||||
29 | [5.230.67.144](https://vuldb.com/?ip.5.230.67.144) | placeholder.noezserver.de | - | High
|
||||
30 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
|
||||
31 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
|
||||
32 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
|
||||
33 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
|
||||
34 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
|
||||
35 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
|
||||
36 | [5.255.97.126](https://vuldb.com/?ip.5.255.97.126) | - | - | High
|
||||
37 | [5.255.117.32](https://vuldb.com/?ip.5.255.117.32) | - | - | High
|
||||
38 | [5.255.123.19](https://vuldb.com/?ip.5.255.123.19) | - | - | High
|
||||
39 | [13.36.137.110](https://vuldb.com/?ip.13.36.137.110) | ec2-13-36-137-110.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
40 | [13.37.127.130](https://vuldb.com/?ip.13.37.127.130) | ec2-13-37-127-130.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
41 | [13.38.36.123](https://vuldb.com/?ip.13.38.36.123) | ec2-13-38-36-123.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
42 | [13.38.37.128](https://vuldb.com/?ip.13.38.37.128) | ec2-13-38-37-128.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
43 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
44 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
45 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
46 | [13.212.116.128](https://vuldb.com/?ip.13.212.116.128) | ec2-13-212-116-128.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
47 | [13.215.227.78](https://vuldb.com/?ip.13.215.227.78) | ec2-13-215-227-78.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
48 | [13.215.228.73](https://vuldb.com/?ip.13.215.228.73) | ec2-13-215-228-73.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
49 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
50 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
51 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
52 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
|
||||
53 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
54 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
55 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
|
||||
56 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
|
||||
57 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
|
||||
58 | [20.68.243.107](https://vuldb.com/?ip.20.68.243.107) | - | - | High
|
||||
59 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
|
||||
60 | [23.106.215.47](https://vuldb.com/?ip.23.106.215.47) | - | - | High
|
||||
61 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
|
||||
62 | [23.152.0.64](https://vuldb.com/?ip.23.152.0.64) | - | - | High
|
||||
63 | [23.163.0.32](https://vuldb.com/?ip.23.163.0.32) | gods-cible.hotelalder.com | - | High
|
||||
64 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
|
||||
65 | [23.163.0.50](https://vuldb.com/?ip.23.163.0.50) | nordns.crowncloud.net | - | High
|
||||
66 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
|
||||
67 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
|
||||
68 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
|
||||
69 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
|
||||
70 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
|
||||
71 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
|
||||
72 | [23.227.203.245](https://vuldb.com/?ip.23.227.203.245) | 23-227-203-245.static.hvvc.us | - | High
|
||||
73 | [23.229.31.21](https://vuldb.com/?ip.23.229.31.21) | - | - | High
|
||||
74 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
|
||||
75 | [31.13.195.125](https://vuldb.com/?ip.31.13.195.125) | - | - | High
|
||||
76 | [31.220.80.82](https://vuldb.com/?ip.31.220.80.82) | vmi1217242.contaboserver.net | - | High
|
||||
77 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
|
||||
78 | [34.207.174.202](https://vuldb.com/?ip.34.207.174.202) | ec2-34-207-174-202.compute-1.amazonaws.com | - | Medium
|
||||
79 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
|
||||
80 | [34.245.119.31](https://vuldb.com/?ip.34.245.119.31) | ec2-34-245-119-31.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
81 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
82 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
83 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
84 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
85 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
86 | [37.1.220.35](https://vuldb.com/?ip.37.1.220.35) | - | - | High
|
||||
87 | [37.120.239.146](https://vuldb.com/?ip.37.120.239.146) | - | - | High
|
||||
88 | [37.128.207.56](https://vuldb.com/?ip.37.128.207.56) | - | - | High
|
||||
89 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
|
||||
90 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
|
||||
91 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
|
||||
92 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
|
||||
93 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
|
||||
94 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
|
||||
95 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
|
||||
96 | [38.62.230.181](https://vuldb.com/?ip.38.62.230.181) | - | - | High
|
||||
97 | [38.62.236.152](https://vuldb.com/?ip.38.62.236.152) | - | - | High
|
||||
98 | [38.62.236.182](https://vuldb.com/?ip.38.62.236.182) | - | - | High
|
||||
99 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
|
||||
100 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
|
||||
101 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
|
||||
102 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
|
||||
103 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
|
||||
104 | [44.203.127.31](https://vuldb.com/?ip.44.203.127.31) | ec2-44-203-127-31.compute-1.amazonaws.com | - | Medium
|
||||
105 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
|
||||
106 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
|
||||
107 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
108 | [45.12.2.230](https://vuldb.com/?ip.45.12.2.230) | iNfAcTor.disneybaby.com | - | High
|
||||
109 | [45.12.2.242](https://vuldb.com/?ip.45.12.2.242) | chuchu.tigateworld.com | - | High
|
||||
110 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
|
||||
111 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
|
||||
112 | [45.45.219.118](https://vuldb.com/?ip.45.45.219.118) | - | - | High
|
||||
113 | [45.45.219.141](https://vuldb.com/?ip.45.45.219.141) | - | - | High
|
||||
114 | [45.55.128.82](https://vuldb.com/?ip.45.55.128.82) | - | - | High
|
||||
115 | [45.55.132.52](https://vuldb.com/?ip.45.55.132.52) | astrology.com | - | High
|
||||
116 | [45.56.162.16](https://vuldb.com/?ip.45.56.162.16) | sand-162016.sandartery.com | - | High
|
||||
117 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
|
||||
118 | [45.56.165.27](https://vuldb.com/?ip.45.56.165.27) | server.jascoconsultingllc.com | - | High
|
||||
119 | [45.56.165.30](https://vuldb.com/?ip.45.56.165.30) | nordns.crowncloud.net | - | High
|
||||
120 | [45.58.52.17](https://vuldb.com/?ip.45.58.52.17) | server.asiatldes.com | - | High
|
||||
121 | [45.58.52.123](https://vuldb.com/?ip.45.58.52.123) | - | - | High
|
||||
122 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
|
||||
123 | [45.61.138.43](https://vuldb.com/?ip.45.61.138.43) | - | - | High
|
||||
124 | [45.61.139.234](https://vuldb.com/?ip.45.61.139.234) | - | - | High
|
||||
125 | [45.64.186.135](https://vuldb.com/?ip.45.64.186.135) | hml02.murrowirrime.info | - | High
|
||||
126 | [45.66.248.84](https://vuldb.com/?ip.45.66.248.84) | - | - | High
|
||||
127 | [45.66.248.135](https://vuldb.com/?ip.45.66.248.135) | mta0.chasemake.com | - | High
|
||||
128 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
|
||||
129 | [45.76.80.199](https://vuldb.com/?ip.45.76.80.199) | 45.76.80.199.vultrusercontent.com | - | High
|
||||
130 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
|
||||
131 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
|
||||
132 | [45.80.151.49](https://vuldb.com/?ip.45.80.151.49) | - | - | High
|
||||
133 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
|
||||
134 | [45.82.153.168](https://vuldb.com/?ip.45.82.153.168) | - | - | High
|
||||
135 | [45.86.163.188](https://vuldb.com/?ip.45.86.163.188) | - | - | High
|
||||
136 | [45.86.163.224](https://vuldb.com/?ip.45.86.163.224) | - | - | High
|
||||
137 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
|
||||
138 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
|
||||
139 | [45.87.155.88](https://vuldb.com/?ip.45.87.155.88) | yarom.com | - | High
|
||||
140 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
|
||||
141 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
|
||||
142 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
|
||||
143 | [45.128.133.21](https://vuldb.com/?ip.45.128.133.21) | - | - | High
|
||||
144 | ... | ... | ... | ...
|
||||
1 | [1.117.72.174](https://vuldb.com/?ip.1.117.72.174) | - | - | High
|
||||
2 | [2.58.14.41](https://vuldb.com/?ip.2.58.14.41) | mta0.zampa.space | - | High
|
||||
3 | [2.58.15.111](https://vuldb.com/?ip.2.58.15.111) | - | - | High
|
||||
4 | [2.58.15.126](https://vuldb.com/?ip.2.58.15.126) | - | - | High
|
||||
5 | [2.59.254.29](https://vuldb.com/?ip.2.59.254.29) | - | - | High
|
||||
6 | [3.25.93.101](https://vuldb.com/?ip.3.25.93.101) | ec2-3-25-93-101.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
7 | [3.72.105.50](https://vuldb.com/?ip.3.72.105.50) | ec2-3-72-105-50.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
8 | [3.76.100.131](https://vuldb.com/?ip.3.76.100.131) | ec2-3-76-100-131.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
9 | [3.81.68.30](https://vuldb.com/?ip.3.81.68.30) | ec2-3-81-68-30.compute-1.amazonaws.com | - | Medium
|
||||
10 | [3.82.108.57](https://vuldb.com/?ip.3.82.108.57) | ec2-3-82-108-57.compute-1.amazonaws.com | - | Medium
|
||||
11 | [3.106.130.174](https://vuldb.com/?ip.3.106.130.174) | ec2-3-106-130-174.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
12 | [3.109.108.143](https://vuldb.com/?ip.3.109.108.143) | ec2-3-109-108-143.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
13 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
14 | [3.236.161.7](https://vuldb.com/?ip.3.236.161.7) | ec2-3-236-161-7.compute-1.amazonaws.com | - | Medium
|
||||
15 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
16 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
|
||||
17 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
|
||||
18 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
|
||||
19 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
|
||||
20 | [5.161.223.88](https://vuldb.com/?ip.5.161.223.88) | static.88.223.161.5.clients.your-server.de | - | High
|
||||
21 | [5.181.20.110](https://vuldb.com/?ip.5.181.20.110) | - | - | High
|
||||
22 | [5.182.39.10](https://vuldb.com/?ip.5.182.39.10) | vps.hostry.com | - | High
|
||||
23 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
|
||||
24 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
|
||||
25 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
|
||||
26 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
|
||||
27 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
|
||||
28 | [5.230.44.53](https://vuldb.com/?ip.5.230.44.53) | - | - | High
|
||||
29 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
|
||||
30 | [5.230.67.144](https://vuldb.com/?ip.5.230.67.144) | placeholder.noezserver.de | - | High
|
||||
31 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
|
||||
32 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
|
||||
33 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
|
||||
34 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
|
||||
35 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
|
||||
36 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
|
||||
37 | [5.255.97.126](https://vuldb.com/?ip.5.255.97.126) | - | - | High
|
||||
38 | [5.255.117.32](https://vuldb.com/?ip.5.255.117.32) | - | - | High
|
||||
39 | [5.255.123.19](https://vuldb.com/?ip.5.255.123.19) | - | - | High
|
||||
40 | [13.36.137.110](https://vuldb.com/?ip.13.36.137.110) | ec2-13-36-137-110.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
41 | [13.37.127.130](https://vuldb.com/?ip.13.37.127.130) | ec2-13-37-127-130.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
42 | [13.38.36.123](https://vuldb.com/?ip.13.38.36.123) | ec2-13-38-36-123.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
43 | [13.38.37.128](https://vuldb.com/?ip.13.38.37.128) | ec2-13-38-37-128.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
44 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
45 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
46 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
47 | [13.212.116.128](https://vuldb.com/?ip.13.212.116.128) | ec2-13-212-116-128.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
48 | [13.215.227.78](https://vuldb.com/?ip.13.215.227.78) | ec2-13-215-227-78.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
49 | [13.215.228.73](https://vuldb.com/?ip.13.215.228.73) | ec2-13-215-228-73.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
50 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
51 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
52 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
53 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
|
||||
54 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
55 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
56 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
|
||||
57 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
|
||||
58 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
|
||||
59 | [20.68.243.107](https://vuldb.com/?ip.20.68.243.107) | - | - | High
|
||||
60 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
|
||||
61 | [23.94.120.119](https://vuldb.com/?ip.23.94.120.119) | 23-94-120-119-host.colocrossing.com | - | High
|
||||
62 | [23.106.215.47](https://vuldb.com/?ip.23.106.215.47) | - | - | High
|
||||
63 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
|
||||
64 | [23.152.0.64](https://vuldb.com/?ip.23.152.0.64) | - | - | High
|
||||
65 | [23.163.0.32](https://vuldb.com/?ip.23.163.0.32) | gods-cible.hotelalder.com | - | High
|
||||
66 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
|
||||
67 | [23.163.0.50](https://vuldb.com/?ip.23.163.0.50) | nordns.crowncloud.net | - | High
|
||||
68 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
|
||||
69 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
|
||||
70 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
|
||||
71 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
|
||||
72 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
|
||||
73 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
|
||||
74 | [23.227.202.28](https://vuldb.com/?ip.23.227.202.28) | 23-227-202-28.static.hvvc.us | - | High
|
||||
75 | [23.227.202.153](https://vuldb.com/?ip.23.227.202.153) | 23-227-202-153.static.hvvc.us | - | High
|
||||
76 | [23.227.203.245](https://vuldb.com/?ip.23.227.203.245) | 23-227-203-245.static.hvvc.us | - | High
|
||||
77 | [23.229.31.21](https://vuldb.com/?ip.23.229.31.21) | - | - | High
|
||||
78 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
|
||||
79 | [31.13.195.125](https://vuldb.com/?ip.31.13.195.125) | - | - | High
|
||||
80 | [31.42.186.231](https://vuldb.com/?ip.31.42.186.231) | Iuh3829fu32.circuitostartup.com | - | High
|
||||
81 | [31.220.80.82](https://vuldb.com/?ip.31.220.80.82) | vmi1217242.contaboserver.net | - | High
|
||||
82 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
|
||||
83 | [34.207.174.202](https://vuldb.com/?ip.34.207.174.202) | ec2-34-207-174-202.compute-1.amazonaws.com | - | Medium
|
||||
84 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
|
||||
85 | [34.245.119.31](https://vuldb.com/?ip.34.245.119.31) | ec2-34-245-119-31.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
86 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
87 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
88 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
89 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
90 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
91 | [37.1.220.35](https://vuldb.com/?ip.37.1.220.35) | - | - | High
|
||||
92 | [37.120.239.146](https://vuldb.com/?ip.37.120.239.146) | - | - | High
|
||||
93 | [37.128.207.56](https://vuldb.com/?ip.37.128.207.56) | - | - | High
|
||||
94 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
|
||||
95 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
|
||||
96 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
|
||||
97 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
|
||||
98 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
|
||||
99 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
|
||||
100 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
|
||||
101 | [38.62.230.181](https://vuldb.com/?ip.38.62.230.181) | - | - | High
|
||||
102 | [38.62.236.152](https://vuldb.com/?ip.38.62.236.152) | - | - | High
|
||||
103 | [38.62.236.182](https://vuldb.com/?ip.38.62.236.182) | - | - | High
|
||||
104 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
|
||||
105 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
|
||||
106 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
|
||||
107 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
|
||||
108 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
|
||||
109 | [44.203.127.31](https://vuldb.com/?ip.44.203.127.31) | ec2-44-203-127-31.compute-1.amazonaws.com | - | Medium
|
||||
110 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
|
||||
111 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
|
||||
112 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
113 | [45.12.2.230](https://vuldb.com/?ip.45.12.2.230) | iNfAcTor.disneybaby.com | - | High
|
||||
114 | [45.12.2.242](https://vuldb.com/?ip.45.12.2.242) | chuchu.tigateworld.com | - | High
|
||||
115 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
|
||||
116 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
|
||||
117 | [45.45.219.118](https://vuldb.com/?ip.45.45.219.118) | - | - | High
|
||||
118 | [45.45.219.141](https://vuldb.com/?ip.45.45.219.141) | - | - | High
|
||||
119 | [45.55.128.82](https://vuldb.com/?ip.45.55.128.82) | - | - | High
|
||||
120 | [45.55.132.52](https://vuldb.com/?ip.45.55.132.52) | astrology.com | - | High
|
||||
121 | [45.56.162.16](https://vuldb.com/?ip.45.56.162.16) | sand-162016.sandartery.com | - | High
|
||||
122 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
|
||||
123 | [45.56.165.27](https://vuldb.com/?ip.45.56.165.27) | server.jascoconsultingllc.com | - | High
|
||||
124 | [45.56.165.30](https://vuldb.com/?ip.45.56.165.30) | nordns.crowncloud.net | - | High
|
||||
125 | [45.58.52.17](https://vuldb.com/?ip.45.58.52.17) | server.asiatldes.com | - | High
|
||||
126 | [45.58.52.123](https://vuldb.com/?ip.45.58.52.123) | - | - | High
|
||||
127 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
|
||||
128 | [45.61.138.43](https://vuldb.com/?ip.45.61.138.43) | - | - | High
|
||||
129 | [45.61.139.234](https://vuldb.com/?ip.45.61.139.234) | - | - | High
|
||||
130 | [45.64.186.135](https://vuldb.com/?ip.45.64.186.135) | hml02.murrowirrime.info | - | High
|
||||
131 | [45.66.248.84](https://vuldb.com/?ip.45.66.248.84) | - | - | High
|
||||
132 | [45.66.248.135](https://vuldb.com/?ip.45.66.248.135) | mta0.chasemake.com | - | High
|
||||
133 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
|
||||
134 | [45.76.80.199](https://vuldb.com/?ip.45.76.80.199) | 45.76.80.199.vultrusercontent.com | - | High
|
||||
135 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
|
||||
136 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
|
||||
137 | [45.80.151.49](https://vuldb.com/?ip.45.80.151.49) | - | - | High
|
||||
138 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
|
||||
139 | [45.82.153.168](https://vuldb.com/?ip.45.82.153.168) | - | - | High
|
||||
140 | [45.86.163.188](https://vuldb.com/?ip.45.86.163.188) | - | - | High
|
||||
141 | [45.86.163.224](https://vuldb.com/?ip.45.86.163.224) | - | - | High
|
||||
142 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
|
||||
143 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
|
||||
144 | [45.87.155.88](https://vuldb.com/?ip.45.87.155.88) | yarom.com | - | High
|
||||
145 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
|
||||
146 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
|
||||
147 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
|
||||
148 | [45.128.133.21](https://vuldb.com/?ip.45.128.133.21) | - | - | High
|
||||
149 | ... | ... | ... | ...
|
||||
|
||||
There are 570 more IOC items available. Please use our online service to access the data.
|
||||
There are 590 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -174,13 +179,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-24 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
1 | T1006 | CWE-22, CWE-24, CWE-29 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -188,45 +194,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.` | High
|
||||
2 | File | `/admin/` | Low
|
||||
3 | File | `/admin/admin_user.php` | High
|
||||
4 | File | `/admin/category/save` | High
|
||||
5 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/admin/search-appointment.php` | High
|
||||
8 | File | `/admin/subject.php` | High
|
||||
9 | File | `/app/options.py` | High
|
||||
10 | File | `/auth/auth.php?user=1` | High
|
||||
11 | File | `/boaform/device_reset.cgi` | High
|
||||
12 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
13 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
14 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/cgi/cpaddons_report.pl` | High
|
||||
17 | File | `/common/dict/list` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
1 | File | `/admin/` | Low
|
||||
2 | File | `/admin/admin_user.php` | High
|
||||
3 | File | `/admin/category/save` | High
|
||||
4 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
5 | File | `/admin/search-appointment.php` | High
|
||||
6 | File | `/admin/subject.php` | High
|
||||
7 | File | `/app/controller/Setup.php` | High
|
||||
8 | File | `/app/options.py` | High
|
||||
9 | File | `/auth/auth.php?user=1` | High
|
||||
10 | File | `/boaform/device_reset.cgi` | High
|
||||
11 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
12 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
13 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/cgi/cpaddons_report.pl` | High
|
||||
16 | File | `/common/dict/list` | High
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/debuginfo.htm` | High
|
||||
19 | File | `/DXR.axd` | Medium
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/goform/goform_get_cmd_process` | High
|
||||
22 | File | `/HNAP1/` | Low
|
||||
23 | File | `/importexport.php` | High
|
||||
24 | File | `/main/doctype.php` | High
|
||||
25 | File | `/main/webservices/additional_webservices.php` | High
|
||||
26 | File | `/mc` | Low
|
||||
27 | File | `/myprofile.php` | High
|
||||
28 | File | `/net/bluetooth/rfcomm/core.C` | High
|
||||
29 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
30 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
31 | File | `/register.php` | High
|
||||
32 | File | `/setting/NTPSyncWithHost` | High
|
||||
33 | File | `/spip.php` | Medium
|
||||
34 | File | `/terminal/handle-command.php` | High
|
||||
35 | File | `/uncpath/` | Medium
|
||||
36 | File | `/update-resource-data/` | High
|
||||
37 | ... | ... | ...
|
||||
22 | File | `/goform/SetSpeedWan` | High
|
||||
23 | File | `/HNAP1/` | Low
|
||||
24 | File | `/importexport.php` | High
|
||||
25 | File | `/Interface/DevManage/VM.php` | High
|
||||
26 | File | `/main/doctype.php` | High
|
||||
27 | File | `/main/webservices/additional_webservices.php` | High
|
||||
28 | File | `/mc` | Low
|
||||
29 | File | `/myprofile.php` | High
|
||||
30 | File | `/net/bluetooth/rfcomm/core.C` | High
|
||||
31 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
32 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
33 | File | `/pdf` | Low
|
||||
34 | File | `/register.php` | High
|
||||
35 | File | `/remote/put_file` | High
|
||||
36 | File | `/setting/NTPSyncWithHost` | High
|
||||
37 | File | `/spip.php` | Medium
|
||||
38 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 336 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -310,6 +318,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22b79d78b5f597cc5cfcab400f6b1abcf095fc275b8dc9640ea193f2138f53c9d5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22b385dd84605f8ad953d537c1a42eb9be8677034889453f319d28f942360b65f0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22b537f351722ffca1abe6efbe355a6162e727a13727c626292f4d14146679d7b5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bae0bfdb05119e4177995c3f1bbad53d28434e5262d1c6575f8c1fab045a7df2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bb05049bfe26b30bcb6c0842a1dc6d8c3b71f0b41dd778ac6c76eaf74a620483%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bb921bead10997e8c682a7acacb062d5107159c9378c81a4615372de5d8ece0f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bba2e2f6a311fe3c985a856a2097eb0195059fba544e7acd172a38369e1d4cbe%22
|
||||
|
@ -328,6 +337,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c7b44aeaaa1c88d4579d37705661b9c2821a6c65a586205e1eef92b0dca7bf92%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c9c617394a1c0af7dec708d6644863d98f43427e5f9f8d5a9d586b04538219d9%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c9cb3353676114a2dd6f4336677a34d369604ac9be7038ce76e0a189e1f4983e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c18f4ce8537b47865535da753f3683259a3d35e82216fde6bfd641252e0e0b59%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c22d0427dbb178fc6cfcb87cecdc5bc7641f26fa13fdb08e84364397489cdb9b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c37cae2ad2e1f96cc5f86bfe8369418d4b7551818f755057996c8e8e8c57e1ed%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c59b369acbf7c7bf5b87684bd1ab2e73bd1d91a7d9bf34a502ab6379221605ee%22
|
||||
|
@ -365,6 +375,9 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d62e30b1ad3e4a5e6af1f3e0451ee6432c7949b73751d3a456be5b40c13a447e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d80e4f06365b6a189965218bb618c4aaeb424c2d0c7a1581ff8f947614f37332%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d360ecb50280e8747808acda5f0e2bc9f7e29f4b60576af14284ec6aa87f676b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d4864de46b2bb19678ba292621635944ec507ea9f3e66f8de37bdc30283773e1%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d7444672b3c87107dfec98e981d623fe33941afd1aabd4618d73c1b4f8444dda%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22da10ce10e7f5b2c730754f0b3e529694bdc41cdaed2a3acdb7ac16b67ba4058a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22db12a43510d9c013dd32fd4c5f3d3e8b882f2b3541139a45742c8ddecad999cd%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dbddfe3e7c9f992b12a776387ec36baef4689c90e76e70c32f5742fca707cf07%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dc8dec49562c502d5929f89a163adc46ad398ce6767271fbc9cc8ef40561d094%22
|
||||
|
@ -396,6 +409,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ebcbd208dfc442cdfb1be34d6cc99cac2d35f87bfe4fd6d7b1b87c1e212bbfa2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ec7292eb3e9757445c8533dc830f38bc0690c8f91d8d684f0ffb8faa1db74000%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ecc06ccade3b4dac6f4558476d742b7e88df4375c6ab11b186d217433244afd1%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ece05cda9bc53eb709a2e49f3b0d785ab4e88bd27a852db771bbefd24f15c2d2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ed252ea59e5753951c807090cb7df07e9deebcdb97835f51c148c4169f15a3f9%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22ef39fdbc59a559df2462ce0956458a80e6338d58d04f366d90cdb7965f5edcb2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22efadcf13721f669472945371a57fa40a4bdbed063fde1b851a311ead7c66c3ef%22
|
||||
|
@ -422,6 +436,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb3e3847d4f2a20cd56b2e3ac03d24aa126e05115822d15bd7e72fb9a564be6d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb660ff81aba8f455b7920366ffea607055f49973d326f10a0118a5b29b3ce10%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fb6815abaf3d9260cd76d0b9119c88e69ae4b66804c8d357c1662b4b6f11f439%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fbc85f759ab40d6ddeb2466ac9d8125945ba67395a0debbd92400d4a91b84534%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fcdd83167b92e1c7bdec56fc9d7f46ab044bca777ef3901d84debb12b60c8d43%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fdbfb2e037b1276e0a70cae3fb21ff4f8052df57117967e0af038d5999f8ae9a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fdffacdd96db3eb4c84ea257e4ecdfd2c18ccf184804e78315545be0026314b7%22
|
||||
|
@ -435,6 +450,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220e7705888a9000b0a2c8ca2a4846d890920d19bd6af9c50fb34668b4673f54c7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220ebaabf79ecaccb878e0ecc68b6c868ef047ac8735a3347ff892c3420b47803f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220edd2d75fcf4c8b0840516d473cfc5d8af8606fa301ebac23fc210cf79d1dd0d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220f506ba03ecdcc13184689a985a2af22e16bcf8c3bcb7f58749e3741fe8b6122%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220f44657bc73691af07715812236ab162bb75df18a28f317fd77f077ff22c5ad0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221af6ae62dca201286d4b11ee20fd1e8dcf343d2e8500de51f9175bcf3d12e06f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221b00dfd6a492dcb9e9f22913ed64a36da34672a59cd5610d8e9438976ded4dc9%22
|
||||
|
@ -445,6 +461,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221ebe4f6c1b7578cfae6d609d2dc69913cb0ca7fade5c6ae3d4f116e145f50f4d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221edc93cfb7498f3bd6827783eb2c464c0d58dfab47964f3d9412f9baf828f68f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221efe88adbb16d17952851e961e3a1937735bd63faf208fe7fa1efcfaa0180222%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221f21d518cfa3598c042afa32679c86095310946defd96d816778fee4f1b9b6d4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221f45a7a12cc9bdd9712584e317a3d1f765f87af196682600728350bf86898f8e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221f168a4d8532e3222ce7b947eb6acb66f1ca41917e95bf19a1e6086896c43c46%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221fb6ef077373326b3b9811df7834025a7ec1d213aa94c41f1ac812fe9ece7a42%22
|
||||
|
@ -454,10 +471,13 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222c48a71463075ecf6aac326807b2be06a966b5d53bdd99b61284fd1b3ca57ddd%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222cab3e1cfa4040d815155cb9fe9b259135424e2ca245765ddd12324075623dfe%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d02e5aa8065bca63541458fc190780583486548b3f1beae1c623ac915efc5a0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d1b33fd22de8ca01cbb80135a83ef8901ec2c477587bf928ab751b271de3e73%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d2f08e2a84aa19e48a6ae61e0b8dad491e5d0ec5a86c27c582927026061178a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222d8ee9ae4a111e33063aee6eeab4aeb2a277c7b98c836c5edce93fa4158a1517%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222dc0f99bf9fdef615d53ba11e4520c286bd775ce3603df84607aaef3d2f14a8d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222dd5a1160936b4f4bb9a7c2229f7f1d716d96840131c770174f050265f725cea%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222e7dc8f56986ecb7375304c20c0645ec2c8c88bce4c3350d77102b6e17bbb531%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222e656b3e0df56edfd300ee08413fdc731c77b56c86f832b1f6821bbab8a4c3fa%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223b60ecf79082052bf2e2efb45b502a936426c2472ea853bfef36e3d2c01a4b79%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223b88aac57230a7bf62660854852ee7167f13c02ab261825216ff7c3a58d09711%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%223b41807b1368cefedf5c70842a73166497bc95121dad4b3ff2a93555420cc656%22
|
||||
|
@ -477,16 +497,19 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225b36c58791e18728d53b05f27abc88b93724c4ce08c3f62c749c5e563da82a14%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225bd3dde5e2ad26fbf78d1136c8e337c07b5fc55d1b4ac461a08c3f749003d794%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c4b8f572f297bb98b1d2e47075aec68b3b9da1fb76606e07d8176edbe1338c8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c95f8728cba884fde11753c3ec7b4ce8ef0f871e98dd06f9464f82b69d653f4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c538f273807d92a8626eacacce355c414210f29293c2ba2b8a7ec16bf31303f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c8474878a2a3e529486a7674026f8eb3a5b4d37e1af966646f3a1d3f22b979d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d3eb0b9bc00549d4f12f12f8eaf9a9a024258e648841b20bddf0cfe45d792dd%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d5ff125ad48581ab86d75669d2ca79c1e02de1be746508c5cdcf767fd6b1eb0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d26e1378fe730a0dee7100cf441d502e016ef0198c2a9ab2a5e77d93bfd3727%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d715e500b841e38eff4acc909a619276d6f18705166dd23cfb072c742e9c85b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225e72f7c4dacbb13e0a87be3d0133fd1ef9782d4d5cd60287c692ad6008a9fbc6%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225e279697fbda136046542fc6db82a4bc3def212b9e15bd9e4f967c8a03e8dca7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225ea2161f353b71cc360d245cfdeaafa1cac41d672d0035780aa42cac6da6c5dd%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225eb8ad1c658feb35f33ca16ec02391f23dc44c0f7be5fcd424b1f8eeef424b5a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225f18f724111eb6c8aa4ec01984556ecc7357dbc5f030746a3b3f2ec3bc2b343e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225f2516875bd9ef6990a50faf8adf542805069048b028be26df9d155efbe3cf69%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a80cb5adacc61a445d3b1962a79ed40adb62e4eaddebea7131ddbc2bfebf108%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a93688d69aeab73fb28239f0b7ccb8b15ef876d6b134c379ae36a2526d29d83%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a165551d34f38fd44b9fb1949685d14cc36220c99e0e6b05db8907229f7182d%22
|
||||
|
@ -524,6 +547,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ab554fbdeb9bbe3197369987ce496590ffdce906ce33c65660a385e42c9f11b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229abc86f1304f41b1a2281e113afa695ee9e6661a3766a5862f460548ff6980ad%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ae1a707bdb87aa40ec1139533ee543b5bcdf6ce89f7b9c560520d5868e5353e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229bf79356f4ee94507999adcc7faeedd65aa75600f7bdcc24c8c792c2ab3e1d69%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229c71fdb3c7ac17591c355ba028b6a86f243246fac32eb07af552199037c2faf2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229c191ae9892430a18e2d466c5b3c0b230450ea178ffa2553a6babc31f6d4348c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ccaaf6ad700e922565d1947ac46839e4a8c8a18af7a94605f4ebfcbb916b4f4%22
|
||||
|
@ -545,9 +569,11 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2217ccb41be152e06d81028fa8db241befbedc1f6abe2859381764efa1572eb756%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2218f3618dfd6257ef264e2b046d2acededb423e7558b0f3b405b9366953b74f8d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220cb8ebe1f1cc16e7650f45c75b3ca0e9d6308998bb58ac3f3fbb1c501f1a0dc%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220eaf8372afe6dbe61a2ac806800d82c6b7a0db32a599fe89a665ad629cf4311%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2222da2cc9ccc8081684a05a5df66f426a684016f9db961d768b3b651b78f6d1a2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2222e86fc171d87ccc9c172c719af38245ef9bf8161b54f60ca274e01891a94c08%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2223a8001e1dc233a132e3521e62fb7632ffe6c4879531ebd9506111a0071289cf%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2223b2939879b50f12babf00a8e147b0308b1847b20b73815ad83bad2951f7bbae%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2225a93a9eb67dc035524601ba232f535ab67d776433458deaddc04304398bc901%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2225abb180e92da37e426fc8f49970596a5fb1d989a4475a2c8c95d95edcbed5e4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2226cdf8d6d2d8f260ad5c38f449f98c0a161b3c194ab6edba0ebdef0d63feea51%22
|
||||
|
@ -560,6 +586,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2233b6af004f0cd8ab4a9976dba81ca09d682d3531eda5b889a4c6f5debaeaf8f8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2235cde68303f6694d9b3947bd945ee98dd088c98199381fd5b52778513dd283b8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2235faa39b648c6e8cefd9b1ba970b280340d27e91f8f084f85f2984e5c87a6733%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2240a5e3954cb4f99a278748eef1e222a05e082ecd5b304970dd246312227d4b36%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2244a3036e7c31d65c0a9445772e3b28d2c13065483c08f0126e1d53139bc16f7d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2247df3abc74ad31a300a6af92f38b5462e063fc5ca64d97c0d7bb5e91c4076943%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2250a7b7651fcc014777c44f01211632d1ea8de82690ca193201c62a32dc2e00ad%22
|
||||
|
@ -618,9 +645,11 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22236f6df4a662b67e33ae79a25e2f0044c43e594bbdae0a97c3aeb486e5ee11ca%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22310cab4e01c406897c12781920da092d1ccb3aef6bdad1c819ebf24f6e8b4dde%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22354c6d8d9033668867406be1bb6238647e207cb5f2de6a776ae3d461637efa8e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22370bdcd632f48a293b0bf6c8a397187e1c7345611e106dbf1518816a4239a4cd%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22408cb806e82f22fbf8cf96dc7f7c187acaa3cf53c611ca6dd37c925273ba1726%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22409e50ae1c3f70cf81350be6f3cd218b0c9ef15eb03439c15d53a6012bddae2f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22420a63db1bdd2f74731d1001e49ac2c1443b4d3ba810b67cb324a665ffe84382%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22431ac40196f0417e86d1be9eed414d40076404efaf5ba09d5a1c88855ac37c97%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22432ed1ee42746631cefc6d8a69c3ff06ce34c5540437c228a49a4c1c0eb3928a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22451acafcf7fbfdfa0c79d0fba2e749a795e2fb0dff66e2a70ace01cd242ff4d4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22461bd92732e4fcd9a11594a550ff844af1dc8686cf5e69520f058c3c7d217bd5%22
|
||||
|
@ -630,6 +659,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22520a6d8fe1e6a0b2ff9755e5058d981c7b6f80e5f3faafbd7e636e263eb748f4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22520e684445f6257e1aeb5f74ceee23789d75517270876b92dd2860705aec037c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22532a3c38c20c60a3c64f548ad9bd3807e0585f70c78db495c0983fae44da056e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22562d57dc02f41df59ddf4c4b83747782593ac7f0f33e6436628d1ea6e807f2e1%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22674a2fef172685c51fda91aba205c20fb95e0c63fa4f0ecb598fb6213775ede5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22690d07f864220db5078dd937da7104993d3e7820732f8502b7c3c68cc9c22ae8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22723c18cc60cbfd6430123a2c5326ac021826f9b750f43159628fe4a0df882537%22
|
||||
|
@ -644,6 +674,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22875e3cfb1f6b9757aada57db20493a60717a4114b69931f8a7aabc56404ef42b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22890b0d66b3437ab8477a04d338024b8729d2732030abbfd134052e50e7bad0ab%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22891a64e34efebd507494a0b411ab067e085fc4ac7ae44171b1bbc6d78d493a60%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22919c6a5dffca3a9a630ca5c509909bfed1f16c3d21ba373ebb70cc57529c64fa%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22951e8ff2808a5bd4f4e5b181be38cb429383d10b782708b484c16bc11bd6b77d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22953cc2d06cefe778ca24a6096ebec12743d4d130d0dd3e11f65bce20bdaa9f4c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220031daf0487b995130c142c52ca4b28a4cb7789ff9c0861554d7a36b1d54f73f%22
|
||||
|
@ -679,6 +710,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229280bdf16dde768c7e0ab2015ea987ac7c8e853c6df18f39eeec502812c476b6%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229425b43e08e75e51143e88d0ef8fe248467fccdf233c4fb5fe6514143b0d4303%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2201031e2c5206b868aef93bfc97e7f336daaf90f54518e95bcc5c81806a53a536%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2202011ab5bd4a9b893b3922b47552f618b7f30f5dd926df54f41b627b2b1b4b51%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2203266e3ea0158c62f652064b0b78824d03b4aa26b15509036c40a281a6f42cb4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2212414ffbbb9d89905eccbb3529cbeec829e492e21f7f8ccce902eebb05061e59%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220743d0b9dbb07cafe875ba9ed1642b630c421c4956b20f3fb7a127b39350b9f%22
|
||||
|
@ -692,6 +724,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2276149e95ec0d8218b1d5aa4630174991eecc19935c58f7f29a5fb7050ccd56f5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2277271b9d29d9e91f0d72006953fadd7aa37256396ea5e30bb54f16645155af08%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2278724ff0250bf9ac2d098033e6bbc20e26f5cf0f0f71f54883565fd607f633b9%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2293288c33d1a6bac0a3a43ca835c5741ceca50bc7e247ec549edd6d4dc92f8788%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2298385a3548d87a841124069aa32398cca8a3175b75eb00e2da3973e6f3888503%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22005886c7f475614044a55712d5c059435c2871ef7ebbc6d3bcec8238cffea263%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22132044ee6a1b025a47fce929ce779c3dc657ee313e84741b69de8006bc428b05%22
|
||||
|
|
|
@ -35,7 +35,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
|
|
@ -76,47 +76,51 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
53 | [23.105.131.186](https://vuldb.com/?ip.23.105.131.186) | mail186.nessfist.com | - | High
|
||||
54 | [23.105.131.195](https://vuldb.com/?ip.23.105.131.195) | mail195.nessfist.com | - | High
|
||||
55 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | mail209.nessfist.com | - | High
|
||||
56 | [23.105.171.80](https://vuldb.com/?ip.23.105.171.80) | desiignplaza.world | - | High
|
||||
57 | [23.146.242.85](https://vuldb.com/?ip.23.146.242.85) | - | - | High
|
||||
58 | [23.239.28.245](https://vuldb.com/?ip.23.239.28.245) | 23-239-28-245.ip.linodeusercontent.com | - | High
|
||||
59 | [31.7.63.14](https://vuldb.com/?ip.31.7.63.14) | rack223ch.idfnv.ne | - | High
|
||||
60 | [31.210.20.187](https://vuldb.com/?ip.31.210.20.187) | - | - | High
|
||||
61 | [31.210.20.236](https://vuldb.com/?ip.31.210.20.236) | - | - | High
|
||||
62 | [31.210.21.21](https://vuldb.com/?ip.31.210.21.21) | lilut.top | - | High
|
||||
63 | [31.210.21.114](https://vuldb.com/?ip.31.210.21.114) | larul.top | - | High
|
||||
64 | [31.220.4.216](https://vuldb.com/?ip.31.220.4.216) | haa02.sctio.com | - | High
|
||||
65 | [31.220.44.253](https://vuldb.com/?ip.31.220.44.253) | - | - | High
|
||||
66 | [34.121.150.14](https://vuldb.com/?ip.34.121.150.14) | 14.150.121.34.bc.googleusercontent.com | - | Medium
|
||||
67 | [37.0.8.108](https://vuldb.com/?ip.37.0.8.108) | lloydfox.capitolreservations.com | - | High
|
||||
68 | [37.0.10.6](https://vuldb.com/?ip.37.0.10.6) | - | - | High
|
||||
69 | [37.0.10.19](https://vuldb.com/?ip.37.0.10.19) | - | - | High
|
||||
70 | [37.0.10.62](https://vuldb.com/?ip.37.0.10.62) | - | - | High
|
||||
71 | [37.0.10.63](https://vuldb.com/?ip.37.0.10.63) | - | - | High
|
||||
72 | [37.0.10.252](https://vuldb.com/?ip.37.0.10.252) | - | - | High
|
||||
73 | [37.0.11.99](https://vuldb.com/?ip.37.0.11.99) | - | - | High
|
||||
74 | [37.0.11.155](https://vuldb.com/?ip.37.0.11.155) | - | - | High
|
||||
75 | [37.0.11.164](https://vuldb.com/?ip.37.0.11.164) | - | - | High
|
||||
76 | [37.0.11.177](https://vuldb.com/?ip.37.0.11.177) | - | - | High
|
||||
77 | [37.0.11.183](https://vuldb.com/?ip.37.0.11.183) | - | - | High
|
||||
78 | [37.0.11.212](https://vuldb.com/?ip.37.0.11.212) | - | - | High
|
||||
79 | [37.0.11.221](https://vuldb.com/?ip.37.0.11.221) | - | - | High
|
||||
80 | [37.0.14.212](https://vuldb.com/?ip.37.0.14.212) | - | - | High
|
||||
81 | [37.46.150.134](https://vuldb.com/?ip.37.46.150.134) | - | - | High
|
||||
82 | [37.120.152.157](https://vuldb.com/?ip.37.120.152.157) | - | - | High
|
||||
83 | [37.120.208.46](https://vuldb.com/?ip.37.120.208.46) | - | - | High
|
||||
84 | [37.120.212.229](https://vuldb.com/?ip.37.120.212.229) | - | - | High
|
||||
85 | [37.120.234.40](https://vuldb.com/?ip.37.120.234.40) | no-rdns.m247.com | - | High
|
||||
86 | [37.139.128.233](https://vuldb.com/?ip.37.139.128.233) | - | - | High
|
||||
87 | [40.82.152.253](https://vuldb.com/?ip.40.82.152.253) | - | - | High
|
||||
88 | [40.88.44.226](https://vuldb.com/?ip.40.88.44.226) | - | - | High
|
||||
89 | [41.36.83.211](https://vuldb.com/?ip.41.36.83.211) | host-41.36.83.211.tedata.net | - | High
|
||||
90 | [41.102.8.156](https://vuldb.com/?ip.41.102.8.156) | - | - | High
|
||||
91 | [41.102.33.8](https://vuldb.com/?ip.41.102.33.8) | - | - | High
|
||||
92 | [41.102.231.123](https://vuldb.com/?ip.41.102.231.123) | - | - | High
|
||||
93 | [41.216.183.61](https://vuldb.com/?ip.41.216.183.61) | - | - | High
|
||||
94 | ... | ... | ... | ...
|
||||
56 | [23.105.131.237](https://vuldb.com/?ip.23.105.131.237) | - | - | High
|
||||
57 | [23.105.171.80](https://vuldb.com/?ip.23.105.171.80) | desiignplaza.world | - | High
|
||||
58 | [23.146.242.85](https://vuldb.com/?ip.23.146.242.85) | - | - | High
|
||||
59 | [23.239.28.245](https://vuldb.com/?ip.23.239.28.245) | 23-239-28-245.ip.linodeusercontent.com | - | High
|
||||
60 | [27.124.20.145](https://vuldb.com/?ip.27.124.20.145) | - | - | High
|
||||
61 | [31.7.63.14](https://vuldb.com/?ip.31.7.63.14) | rack223ch.idfnv.ne | - | High
|
||||
62 | [31.210.20.187](https://vuldb.com/?ip.31.210.20.187) | - | - | High
|
||||
63 | [31.210.20.236](https://vuldb.com/?ip.31.210.20.236) | - | - | High
|
||||
64 | [31.210.21.21](https://vuldb.com/?ip.31.210.21.21) | lilut.top | - | High
|
||||
65 | [31.210.21.114](https://vuldb.com/?ip.31.210.21.114) | larul.top | - | High
|
||||
66 | [31.220.4.216](https://vuldb.com/?ip.31.220.4.216) | haa02.sctio.com | - | High
|
||||
67 | [31.220.44.253](https://vuldb.com/?ip.31.220.44.253) | - | - | High
|
||||
68 | [34.121.150.14](https://vuldb.com/?ip.34.121.150.14) | 14.150.121.34.bc.googleusercontent.com | - | Medium
|
||||
69 | [37.0.8.108](https://vuldb.com/?ip.37.0.8.108) | lloydfox.capitolreservations.com | - | High
|
||||
70 | [37.0.10.6](https://vuldb.com/?ip.37.0.10.6) | - | - | High
|
||||
71 | [37.0.10.19](https://vuldb.com/?ip.37.0.10.19) | - | - | High
|
||||
72 | [37.0.10.62](https://vuldb.com/?ip.37.0.10.62) | - | - | High
|
||||
73 | [37.0.10.63](https://vuldb.com/?ip.37.0.10.63) | - | - | High
|
||||
74 | [37.0.10.252](https://vuldb.com/?ip.37.0.10.252) | - | - | High
|
||||
75 | [37.0.11.99](https://vuldb.com/?ip.37.0.11.99) | - | - | High
|
||||
76 | [37.0.11.155](https://vuldb.com/?ip.37.0.11.155) | - | - | High
|
||||
77 | [37.0.11.164](https://vuldb.com/?ip.37.0.11.164) | - | - | High
|
||||
78 | [37.0.11.177](https://vuldb.com/?ip.37.0.11.177) | - | - | High
|
||||
79 | [37.0.11.183](https://vuldb.com/?ip.37.0.11.183) | - | - | High
|
||||
80 | [37.0.11.212](https://vuldb.com/?ip.37.0.11.212) | - | - | High
|
||||
81 | [37.0.11.221](https://vuldb.com/?ip.37.0.11.221) | - | - | High
|
||||
82 | [37.0.14.212](https://vuldb.com/?ip.37.0.14.212) | - | - | High
|
||||
83 | [37.46.150.134](https://vuldb.com/?ip.37.46.150.134) | - | - | High
|
||||
84 | [37.120.152.157](https://vuldb.com/?ip.37.120.152.157) | - | - | High
|
||||
85 | [37.120.208.46](https://vuldb.com/?ip.37.120.208.46) | - | - | High
|
||||
86 | [37.120.212.229](https://vuldb.com/?ip.37.120.212.229) | - | - | High
|
||||
87 | [37.120.234.40](https://vuldb.com/?ip.37.120.234.40) | no-rdns.m247.com | - | High
|
||||
88 | [37.139.128.233](https://vuldb.com/?ip.37.139.128.233) | - | - | High
|
||||
89 | [40.82.152.253](https://vuldb.com/?ip.40.82.152.253) | - | - | High
|
||||
90 | [40.88.44.226](https://vuldb.com/?ip.40.88.44.226) | - | - | High
|
||||
91 | [41.36.83.211](https://vuldb.com/?ip.41.36.83.211) | host-41.36.83.211.tedata.net | - | High
|
||||
92 | [41.102.8.156](https://vuldb.com/?ip.41.102.8.156) | - | - | High
|
||||
93 | [41.102.33.8](https://vuldb.com/?ip.41.102.33.8) | - | - | High
|
||||
94 | [41.102.231.123](https://vuldb.com/?ip.41.102.231.123) | - | - | High
|
||||
95 | [41.216.183.61](https://vuldb.com/?ip.41.216.183.61) | - | - | High
|
||||
96 | [41.225.46.176](https://vuldb.com/?ip.41.225.46.176) | - | - | High
|
||||
97 | [41.225.216.176](https://vuldb.com/?ip.41.225.216.176) | - | - | High
|
||||
98 | ... | ... | ... | ...
|
||||
|
||||
There are 371 more IOC items available. Please use our online service to access the data.
|
||||
There are 389 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -126,12 +130,12 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-36, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -146,47 +150,47 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/admin/` | Low
|
||||
6 | File | `/admin/action/delete-vaccine.php` | High
|
||||
7 | File | `/admin/index2.html` | High
|
||||
8 | File | `/admin/save.php` | High
|
||||
9 | File | `/adminapi/system/crud` | High
|
||||
10 | File | `/adminapi/system/file/openfile` | High
|
||||
11 | File | `/admin_route/dec_service_credits.php` | High
|
||||
12 | File | `/api/v1/alerts` | High
|
||||
13 | File | `/api/v4/teams//channels/deleted` | High
|
||||
14 | File | `/api/v4/users/ids` | High
|
||||
15 | File | `/app/index/controller/Common.php` | High
|
||||
16 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
17 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
18 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
19 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
20 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
8 | File | `/adminapi/system/crud` | High
|
||||
9 | File | `/adminapi/system/file/openfile` | High
|
||||
10 | File | `/admin_route/dec_service_credits.php` | High
|
||||
11 | File | `/api/v1/alerts` | High
|
||||
12 | File | `/api/v4/teams//channels/deleted` | High
|
||||
13 | File | `/api/v4/users/ids` | High
|
||||
14 | File | `/app/index/controller/Common.php` | High
|
||||
15 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
16 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
17 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
18 | File | `/cancel.php` | Medium
|
||||
19 | File | `/category.php` | High
|
||||
20 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
21 | File | `/change-language/de_DE` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/devinfo` | Medium
|
||||
24 | File | `/dist/index.js` | High
|
||||
25 | File | `/etc/shadow` | Medium
|
||||
26 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
27 | File | `/forms/doLogin` | High
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/geoserver/gwc/rest.html` | High
|
||||
30 | File | `/goform/formSysCmd` | High
|
||||
31 | File | `/h/autoSaveDraft` | High
|
||||
32 | File | `/HNAP1` | Low
|
||||
33 | File | `/hosts/firewall/ip` | High
|
||||
34 | File | `/index.jsp#settings` | High
|
||||
35 | File | `/index.php/ccm/system/file/upload` | High
|
||||
36 | File | `/listplace/user/ticket/create` | High
|
||||
37 | File | `/log/decodmail.php` | High
|
||||
38 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
39 | File | `/novel/author/list` | High
|
||||
40 | File | `/novel/bookSetting/list` | High
|
||||
41 | File | `/novel/userFeedback/list` | High
|
||||
42 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
43 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
44 | File | `/php/ping.php` | High
|
||||
25 | File | `/download` | Medium
|
||||
26 | File | `/etc/shadow` | Medium
|
||||
27 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
28 | File | `/forms/doLogin` | High
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/geoserver/gwc/rest.html` | High
|
||||
31 | File | `/goform/formSysCmd` | High
|
||||
32 | File | `/hosts/firewall/ip` | High
|
||||
33 | File | `/index.jsp#settings` | High
|
||||
34 | File | `/index.php/ccm/system/file/upload` | High
|
||||
35 | File | `/listplace/user/ticket/create` | High
|
||||
36 | File | `/log/decodmail.php` | High
|
||||
37 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
38 | File | `/novel/author/list` | High
|
||||
39 | File | `/novel/bookSetting/list` | High
|
||||
40 | File | `/novel/userFeedback/list` | High
|
||||
41 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
42 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
43 | File | `/php/ping.php` | High
|
||||
44 | File | `/project/tasks/list` | High
|
||||
45 | File | `/protocol/iscgwtunnel/uploadiscgwrouteconf.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 398 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -41,8 +41,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
@ -88,23 +88,23 @@ ID | Type | Indicator | Confidence
|
|||
31 | File | `/hedwig.cgi` | Medium
|
||||
32 | File | `/HNAP1` | Low
|
||||
33 | File | `/HNAP1/SetClientInfo` | High
|
||||
34 | File | `/Items/*/RemoteImages/Download` | High
|
||||
35 | File | `/menu.html` | Medium
|
||||
36 | File | `/modules/profile/index.php` | High
|
||||
37 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
38 | File | `/navigate/navigate_download.php` | High
|
||||
39 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
40 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
41 | File | `/out.php` | Medium
|
||||
42 | File | `/password.html` | High
|
||||
43 | File | `/PC/WebService.asmx` | High
|
||||
44 | File | `/php/exportrecord.php` | High
|
||||
45 | File | `/php/ping.php` | High
|
||||
46 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
47 | File | `/plugin` | Low
|
||||
34 | File | `/importexport.php` | High
|
||||
35 | File | `/Items/*/RemoteImages/Download` | High
|
||||
36 | File | `/menu.html` | Medium
|
||||
37 | File | `/modules/profile/index.php` | High
|
||||
38 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
39 | File | `/navigate/navigate_download.php` | High
|
||||
40 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
41 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
42 | File | `/out.php` | Medium
|
||||
43 | File | `/password.html` | High
|
||||
44 | File | `/patient/appointment.php` | High
|
||||
45 | File | `/PC/WebService.asmx` | High
|
||||
46 | File | `/php/exportrecord.php` | High
|
||||
47 | File | `/php/ping.php` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 419 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 416 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
@ -36,12 +36,12 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-36, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -54,115 +54,119 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
4 | File | `/academy/home/courses` | High
|
||||
5 | File | `/Account/login.php` | High
|
||||
6 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
6 | File | `/admin-manage-user.php` | High
|
||||
7 | File | `/admin/` | Low
|
||||
8 | File | `/admin/?page=user/list` | High
|
||||
9 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
10 | File | `/admin/action/add_con.php` | High
|
||||
11 | File | `/admin/action/new-father.php` | High
|
||||
12 | File | `/admin/action/new-feed.php` | High
|
||||
13 | File | `/admin/addproduct.php` | High
|
||||
14 | File | `/admin/ajax.php?action=confirm_order` | High
|
||||
15 | File | `/admin/app/product.php` | High
|
||||
16 | File | `/admin/app/service_crud.php` | High
|
||||
17 | File | `/admin/article/article-edit-run.php` | High
|
||||
18 | File | `/admin/book_add.php` | High
|
||||
19 | File | `/admin/book_row.php` | High
|
||||
20 | File | `/admin/borrow_add.php` | High
|
||||
21 | File | `/admin/bwdates-report-details.php` | High
|
||||
22 | File | `/admin/category_row.php` | High
|
||||
23 | File | `/admin/cms_admin.php` | High
|
||||
24 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
25 | File | `/admin/course.php` | High
|
||||
26 | File | `/admin/courses/manage_course.php` | High
|
||||
27 | File | `/admin/edit-admin.php` | High
|
||||
28 | File | `/admin/edit_product.php` | High
|
||||
29 | File | `/admin/edit_supplier.php` | High
|
||||
30 | File | `/admin/edit_teacher.php` | High
|
||||
31 | File | `/admin/index.php` | High
|
||||
32 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
33 | File | `/admin/leancloud.php` | High
|
||||
34 | File | `/Admin/login.php` | High
|
||||
35 | File | `/admin/makehtml_freelist_action.php` | High
|
||||
36 | File | `/admin/manage-pages.php` | High
|
||||
37 | File | `/admin/modal_add_product.php` | High
|
||||
38 | File | `/Admin/News.php` | High
|
||||
39 | File | `/admin/orders/view_order.php` | High
|
||||
40 | File | `/admin/pages/edit_chicken.php` | High
|
||||
41 | File | `/admin/pages/update_go.php` | High
|
||||
42 | File | `/admin/pages/yearlevel.php` | High
|
||||
43 | File | `/admin/php/crud.php` | High
|
||||
44 | File | `/admin/product/manage_product.php` | High
|
||||
45 | File | `/admin/project/update/2` | High
|
||||
46 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
47 | File | `/admin/reg.php` | High
|
||||
48 | File | `/admin/settings/` | High
|
||||
49 | File | `/admin/students/manage_academic.php` | High
|
||||
50 | File | `/admin/students/update_status.php` | High
|
||||
51 | File | `/admin/subject.php` | High
|
||||
52 | File | `/admin/sys_sql_query.php` | High
|
||||
53 | File | `/admin/test_status.php` | High
|
||||
54 | File | `/admin/theme-edit.php` | High
|
||||
55 | File | `/admin/upload.php` | High
|
||||
56 | File | `/admin/userprofile.php` | High
|
||||
57 | File | `/admin/vote_edit.php` | High
|
||||
58 | File | `/adminapi/system/crud` | High
|
||||
59 | File | `/adminapi/system/file/openfile` | High
|
||||
60 | File | `/admin_route/dec_service_credits.php` | High
|
||||
61 | File | `/adplanet/PlanetUser` | High
|
||||
62 | File | `/ample/app/action/edit_product.php` | High
|
||||
63 | File | `/ample/app/ajax/member_data.php` | High
|
||||
64 | File | `/api.php` | Medium
|
||||
65 | File | `/api/authentication/login` | High
|
||||
66 | File | `/api/controllers/admin/app/AppController.php` | High
|
||||
67 | File | `/api/controllers/common/UploadsController.php` | High
|
||||
68 | File | `/api/DataDictionary/GetItemList` | High
|
||||
69 | File | `/api/stl/actions/search` | High
|
||||
70 | File | `/api/sys/login` | High
|
||||
71 | File | `/application/index/controller/Datament.php` | High
|
||||
72 | File | `/application/index/controller/Pay.php` | High
|
||||
73 | File | `/application/index/controller/Screen.php` | High
|
||||
74 | File | `/application/pay/controller/Api.php` | High
|
||||
75 | File | `/apply/index.php` | High
|
||||
76 | File | `/apps/reg_go.php` | High
|
||||
77 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
78 | File | `/att_add.php` | Medium
|
||||
79 | File | `/autheditpwd.php` | High
|
||||
80 | File | `/author_posts.php` | High
|
||||
81 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
82 | File | `/bin/boa` | Medium
|
||||
83 | File | `/blog` | Low
|
||||
84 | File | `/blog-single.php` | High
|
||||
85 | File | `/boaform/device_reset.cgi` | High
|
||||
86 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
87 | File | `/boafrm/formMapDelDevice` | High
|
||||
88 | File | `/booking/show_bookings/` | High
|
||||
89 | File | `/browse` | Low
|
||||
90 | File | `/category.php` | High
|
||||
91 | File | `/cgi-bin/` | Medium
|
||||
92 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
93 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
94 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
95 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
96 | File | `/chaincity/user/ticket/create` | High
|
||||
97 | File | `/changeimage.php` | High
|
||||
98 | File | `/classes/Master.php` | High
|
||||
99 | File | `/classes/Master.php?f=delete_category` | High
|
||||
100 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
101 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
102 | File | `/classes/Master.php?f=save_item` | High
|
||||
103 | File | `/classes/Users.php?f=save` | High
|
||||
104 | File | `/collection/all` | High
|
||||
105 | File | `/company/store` | High
|
||||
106 | File | `/config` | Low
|
||||
107 | File | `/config,admin.jsp` | High
|
||||
108 | File | `/contact.php` | Medium
|
||||
109 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
110 | File | `/course/filterRecords/` | High
|
||||
111 | File | `/currentsetting.htm` | High
|
||||
112 | ... | ... | ...
|
||||
13 | File | `/admin/add-ambulance.php` | High
|
||||
14 | File | `/admin/admin-profile.php` | High
|
||||
15 | File | `/admin/ajax.php?action=confirm_order` | High
|
||||
16 | File | `/admin/app/product.php` | High
|
||||
17 | File | `/admin/app/service_crud.php` | High
|
||||
18 | File | `/admin/applicants/controller.php` | High
|
||||
19 | File | `/admin/article/article-edit-run.php` | High
|
||||
20 | File | `/admin/bookdate.php` | High
|
||||
21 | File | `/admin/booktime.php` | High
|
||||
22 | File | `/admin/book_add.php` | High
|
||||
23 | File | `/admin/book_row.php` | High
|
||||
24 | File | `/admin/borrow_add.php` | High
|
||||
25 | File | `/admin/bwdates-report-details.php` | High
|
||||
26 | File | `/admin/category/controller.php` | High
|
||||
27 | File | `/admin/category_row.php` | High
|
||||
28 | File | `/admin/cms_admin.php` | High
|
||||
29 | File | `/admin/company/controller.php` | High
|
||||
30 | File | `/admin/company/index.php` | High
|
||||
31 | File | `/admin/course.php` | High
|
||||
32 | File | `/admin/courses/manage_course.php` | High
|
||||
33 | File | `/admin/div_data/delete?divId=9` | High
|
||||
34 | File | `/admin/edit-admin.php` | High
|
||||
35 | File | `/admin/edit_product.php` | High
|
||||
36 | File | `/admin/edit_supplier.php` | High
|
||||
37 | File | `/admin/edit_teacher.php` | High
|
||||
38 | File | `/admin/employee/controller.php` | High
|
||||
39 | File | `/admin/employee/index.php` | High
|
||||
40 | File | `/admin/forgot-password.php` | High
|
||||
41 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
42 | File | `/admin/leancloud.php` | High
|
||||
43 | File | `/admin/list_resource_icon.php?action=delete` | High
|
||||
44 | File | `/Admin/login.php` | High
|
||||
45 | File | `/admin/login.php` | High
|
||||
46 | File | `/admin/maintenance/manage_category.php` | High
|
||||
47 | File | `/admin/makehtml_freelist_action.php` | High
|
||||
48 | File | `/admin/manage-pages.php` | High
|
||||
49 | File | `/admin/menu/toEdit` | High
|
||||
50 | File | `/Admin/News.php` | High
|
||||
51 | File | `/admin/operations/expense_category.php` | High
|
||||
52 | File | `/admin/orders/view_order.php` | High
|
||||
53 | File | `/admin/pages/edit_chicken.php` | High
|
||||
54 | File | `/admin/pages/update_go.php` | High
|
||||
55 | File | `/admin/pages/yearlevel.php` | High
|
||||
56 | File | `/admin/php/crud.php` | High
|
||||
57 | File | `/admin/product/manage_product.php` | High
|
||||
58 | File | `/admin/rooms.php` | High
|
||||
59 | File | `/admin/search.php` | High
|
||||
60 | File | `/admin/settings/` | High
|
||||
61 | File | `/admin/students/manage_academic.php` | High
|
||||
62 | File | `/admin/students/update_status.php` | High
|
||||
63 | File | `/admin/subject.php` | High
|
||||
64 | File | `/admin/sys_sql_query.php` | High
|
||||
65 | File | `/admin/theme-edit.php` | High
|
||||
66 | File | `/admin/update-rooms.php` | High
|
||||
67 | File | `/admin/update-users.php` | High
|
||||
68 | File | `/admin/upload.php` | High
|
||||
69 | File | `/admin/user-search.php` | High
|
||||
70 | File | `/admin/userprofile.php` | High
|
||||
71 | File | `/admin/users.php` | High
|
||||
72 | File | `/admin/vote_edit.php` | High
|
||||
73 | File | `/adminapi/system/crud` | High
|
||||
74 | File | `/adminapi/system/file/openfile` | High
|
||||
75 | File | `/adminpanel/admin/query/deleteExamExe.php` | High
|
||||
76 | File | `/adminpanel/admin/query/loginExe.php` | High
|
||||
77 | File | `/admin_route/dec_service_credits.php` | High
|
||||
78 | File | `/adplanet/PlanetUser` | High
|
||||
79 | File | `/ample/app/action/edit_product.php` | High
|
||||
80 | File | `/ample/app/ajax/member_data.php` | High
|
||||
81 | File | `/api.php` | Medium
|
||||
82 | File | `/api/authentication/login` | High
|
||||
83 | File | `/api/controllers/admin/app/AppController.php` | High
|
||||
84 | File | `/api/controllers/common/UploadsController.php` | High
|
||||
85 | File | `/api/DataDictionary/GetItemList` | High
|
||||
86 | File | `/api/sys/login` | High
|
||||
87 | File | `/api/v1/toolbox/device/update/swap` | High
|
||||
88 | File | `/application/index/controller/Datament.php` | High
|
||||
89 | File | `/application/index/controller/Pay.php` | High
|
||||
90 | File | `/application/index/controller/Screen.php` | High
|
||||
91 | File | `/application/pay/controller/Api.php` | High
|
||||
92 | File | `/apply/index.php` | High
|
||||
93 | File | `/apps/reg_go.php` | High
|
||||
94 | File | `/apps/system/api/user.go` | High
|
||||
95 | File | `/apps/system/router/upload.go` | High
|
||||
96 | File | `/apps/system/services/role_menu.go` | High
|
||||
97 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
98 | File | `/att_add.php` | Medium
|
||||
99 | File | `/autheditpwd.php` | High
|
||||
100 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
101 | File | `/billing/bill/edit/` | High
|
||||
102 | File | `/bin/boa` | Medium
|
||||
103 | File | `/bishe/register` | High
|
||||
104 | File | `/blog` | Low
|
||||
105 | File | `/blog-single.php` | High
|
||||
106 | File | `/boaform/device_reset.cgi` | High
|
||||
107 | File | `/boaform/wlan_basic_set.cgi` | High
|
||||
108 | File | `/boafrm/formMapDelDevice` | High
|
||||
109 | File | `/browse` | Low
|
||||
110 | File | `/bsenordering/index.php` | High
|
||||
111 | File | `/cancel.php` | Medium
|
||||
112 | File | `/category.php` | High
|
||||
113 | File | `/cgi-bin/` | Medium
|
||||
114 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
115 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
116 | ... | ... | ...
|
||||
|
||||
There are 994 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 1029 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,13 +21,14 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [20.46.245.56](https://vuldb.com/?ip.20.46.245.56) | - | - | High
|
||||
2 | [23.106.223.97](https://vuldb.com/?ip.23.106.223.97) | - | - | High
|
||||
3 | [37.120.238.58](https://vuldb.com/?ip.37.120.238.58) | - | - | High
|
||||
4 | [45.134.20.66](https://vuldb.com/?ip.45.134.20.66) | - | - | High
|
||||
5 | ... | ... | ... | ...
|
||||
1 | [5.199.168.24](https://vuldb.com/?ip.5.199.168.24) | - | - | High
|
||||
2 | [5.199.168.233](https://vuldb.com/?ip.5.199.168.233) | - | - | High
|
||||
3 | [20.46.245.56](https://vuldb.com/?ip.20.46.245.56) | - | - | High
|
||||
4 | [23.106.223.97](https://vuldb.com/?ip.23.106.223.97) | - | - | High
|
||||
5 | [37.120.238.58](https://vuldb.com/?ip.37.120.238.58) | - | - | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more IOC items available. Please use our online service to access the data.
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -37,8 +38,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-29 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80, CWE-85 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
@ -78,44 +79,46 @@ ID | Type | Indicator | Confidence
|
|||
25 | File | `/ample/app/ajax/member_data.php` | High
|
||||
26 | File | `/app/index/controller/Common.php` | High
|
||||
27 | File | `/article/DelectArticleById/` | High
|
||||
28 | File | `/asms/classes/Master.php?f=delete_service` | High
|
||||
29 | File | `/auth/auth.php?user=1` | High
|
||||
30 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
31 | File | `/blog` | Low
|
||||
32 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
28 | File | `/auth/auth.php?user=1` | High
|
||||
29 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
30 | File | `/blog` | Low
|
||||
31 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
32 | File | `/category.php` | High
|
||||
33 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
34 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
35 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=ie8` | High
|
||||
36 | File | `/classes/Master.php?f=delete_category` | High
|
||||
37 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
38 | File | `/classes/Master.php?f=save_reminder` | High
|
||||
39 | File | `/clients/listclients.php` | High
|
||||
40 | File | `/cms/category/list` | High
|
||||
41 | File | `/collection/all` | High
|
||||
42 | File | `/company/store` | High
|
||||
43 | File | `/contacts/listcontacts.php` | High
|
||||
44 | File | `/Default/Bd` | Medium
|
||||
45 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
46 | File | `/ext/phar/phar_object.c` | High
|
||||
47 | File | `/file-manager/upload.php` | High
|
||||
48 | File | `/forum/away.php` | High
|
||||
49 | File | `/fos/admin/index.php?page=menu` | High
|
||||
50 | File | `/friends` | Medium
|
||||
51 | File | `/goform/AddSysLogRule` | High
|
||||
52 | File | `/goform/SafeEmailFilter` | High
|
||||
53 | File | `/goform/SetIpMacBind` | High
|
||||
54 | File | `/goform/setSnmpInfo` | High
|
||||
55 | File | `/goform/setUplinkInfo` | High
|
||||
56 | File | `/goform/SysToolReboot` | High
|
||||
57 | File | `/goform/WifiBasicSet` | High
|
||||
58 | File | `/graphql` | Medium
|
||||
59 | File | `/home/get_tasks_list` | High
|
||||
60 | File | `/hrm/employeeview.php` | High
|
||||
61 | File | `/hss/?page=categories` | High
|
||||
62 | File | `/hss/admin/brands/manage_brand.php` | High
|
||||
63 | ... | ... | ...
|
||||
36 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
37 | File | `/classes/Master.php?f=delete_category` | High
|
||||
38 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
39 | File | `/classes/Master.php?f=save_reminder` | High
|
||||
40 | File | `/clients/listclients.php` | High
|
||||
41 | File | `/cms/category/list` | High
|
||||
42 | File | `/collection/all` | High
|
||||
43 | File | `/company/store` | High
|
||||
44 | File | `/contacts/listcontacts.php` | High
|
||||
45 | File | `/Default/Bd` | Medium
|
||||
46 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
47 | File | `/ext/phar/phar_object.c` | High
|
||||
48 | File | `/file-manager/upload.php` | High
|
||||
49 | File | `/foms/place-order.php` | High
|
||||
50 | File | `/forum/away.php` | High
|
||||
51 | File | `/fos/admin/index.php?page=menu` | High
|
||||
52 | File | `/friends` | Medium
|
||||
53 | File | `/goform/AddSysLogRule` | High
|
||||
54 | File | `/goform/SafeEmailFilter` | High
|
||||
55 | File | `/goform/SetIpMacBind` | High
|
||||
56 | File | `/goform/setSnmpInfo` | High
|
||||
57 | File | `/goform/setUplinkInfo` | High
|
||||
58 | File | `/goform/SysToolReboot` | High
|
||||
59 | File | `/goform/WifiBasicSet` | High
|
||||
60 | File | `/graphql` | Medium
|
||||
61 | File | `/home/get_tasks_list` | High
|
||||
62 | File | `/hrm/employeeview.php` | High
|
||||
63 | File | `/hss/?page=categories` | High
|
||||
64 | File | `/hss/admin/brands/manage_brand.php` | High
|
||||
65 | ... | ... | ...
|
||||
|
||||
There are 550 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 574 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -123,6 +126,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html
|
||||
* https://threatfox.abuse.ch
|
||||
* https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
|
||||
* https://www.huntress.com/blog/blackcat-ransomware-affiliate-ttps
|
||||
* https://www.ic3.gov/Media/News/2022/220420.pdf
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -37,14 +37,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -53,54 +53,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/controller/JobLogController.java` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/alphaware/summary.php` | High
|
||||
8 | File | `/api/` | Low
|
||||
9 | File | `/api/admin/store/product/list` | High
|
||||
10 | File | `/api/baskets/{name}` | High
|
||||
11 | File | `/api/stl/actions/search` | High
|
||||
12 | File | `/api/sys/login` | High
|
||||
13 | File | `/api/sys/set_passwd` | High
|
||||
14 | File | `/api/trackedEntityInstances` | High
|
||||
15 | File | `/api/v2/cli/commands` | High
|
||||
16 | File | `/aux` | Low
|
||||
17 | File | `/bin/ate` | Medium
|
||||
18 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
19 | File | `/boat/login.php` | High
|
||||
20 | File | `/booking/show_bookings/` | High
|
||||
21 | File | `/bsms_ci/index.php/book` | High
|
||||
22 | File | `/cgi-bin` | Medium
|
||||
23 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
24 | File | `/changePassword` | High
|
||||
25 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
26 | File | `/dashboard/add-blog.php` | High
|
||||
27 | File | `/data/remove` | Medium
|
||||
28 | File | `/debug/pprof` | Medium
|
||||
29 | File | `/DXR.axd` | Medium
|
||||
30 | File | `/ecshop/admin/template.php` | High
|
||||
31 | File | `/env` | Low
|
||||
32 | File | `/etc/passwd` | Medium
|
||||
33 | File | `/forum/away.php` | High
|
||||
34 | File | `/group1/uploa` | High
|
||||
35 | File | `/index.php` | Medium
|
||||
36 | File | `/medicines/profile.php` | High
|
||||
37 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
38 | File | `/novel/bookSetting/list` | High
|
||||
39 | File | `/out.php` | Medium
|
||||
40 | File | `/owa/auth/logon.aspx` | High
|
||||
41 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/resources//../` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/testConnection` | High
|
||||
46 | File | `/tmp/ppd.trace` | High
|
||||
47 | ... | ... | ...
|
||||
2 | File | `/admin/controller/JobLogController.java` | High
|
||||
3 | File | `/api/baskets/{name}` | High
|
||||
4 | File | `/api/stl/actions/search` | High
|
||||
5 | File | `/api/sys/login` | High
|
||||
6 | File | `/api/sys/set_passwd` | High
|
||||
7 | File | `/api/trackedEntityInstances` | High
|
||||
8 | File | `/api/v2/cli/commands` | High
|
||||
9 | File | `/aux` | Low
|
||||
10 | File | `/bin/ate` | Medium
|
||||
11 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
12 | File | `/booking/show_bookings/` | High
|
||||
13 | File | `/cgi-bin` | Medium
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/changePassword` | High
|
||||
16 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
17 | File | `/dashboard/add-blog.php` | High
|
||||
18 | File | `/data/remove` | Medium
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/DXR.axd` | Medium
|
||||
21 | File | `/ecshop/admin/template.php` | High
|
||||
22 | File | `/env` | Low
|
||||
23 | File | `/etc/passwd` | Medium
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/goform/net\_Web\_get_value` | High
|
||||
26 | File | `/group1/uploa` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
29 | File | `/novel/bookSetting/list` | High
|
||||
30 | File | `/novel/userFeedback/list` | High
|
||||
31 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
32 | File | `/resources//../` | High
|
||||
33 | File | `/testConnection` | High
|
||||
34 | File | `/tmp/ppd.trace` | High
|
||||
35 | File | `/user/inc/workidajax.php` | High
|
||||
36 | File | `/user/updatePwd` | High
|
||||
37 | File | `/userLogin.asp` | High
|
||||
38 | File | `/vm/admin/doctors.php` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 410 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 333 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
|
|
@ -34,10 +34,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -35,12 +35,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-36 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -50,27 +50,34 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMFILES%\MyQ\PHP\Sessions\` | High
|
||||
2 | File | `/.flatpak-info` | High
|
||||
3 | File | `/admin/edit.php` | High
|
||||
4 | File | `/admin/googleads.php` | High
|
||||
5 | File | `/admin/pages/update_go.php` | High
|
||||
6 | File | `/admin/reg.php` | High
|
||||
7 | File | `/admin/renewaldue.php` | High
|
||||
8 | File | `/ajax` | Low
|
||||
9 | File | `/analysisProject/pagingQueryData` | High
|
||||
10 | File | `/api/sys/login` | High
|
||||
11 | File | `/application/index/controller/Databasesource.php` | High
|
||||
12 | File | `/application/index/controller/Screen.php` | High
|
||||
13 | File | `/bin/boa` | Medium
|
||||
14 | File | `/booking/show_bookings/` | High
|
||||
15 | File | `/cgi-bin/adm.cgi` | High
|
||||
16 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
17 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
||||
18 | File | `/collection/all` | High
|
||||
19 | File | `/dashboard/add-portfolio.php` | High
|
||||
20 | File | `/devinfo` | Medium
|
||||
21 | ... | ... | ...
|
||||
3 | File | `/Account/login.php` | High
|
||||
4 | File | `/admin/` | Low
|
||||
5 | File | `/admin/app/login_crud.php` | High
|
||||
6 | File | `/admin/app/product.php` | High
|
||||
7 | File | `/admin/app/service_crud.php` | High
|
||||
8 | File | `/admin/edit.php` | High
|
||||
9 | File | `/admin/googleads.php` | High
|
||||
10 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
11 | File | `/admin/login.php` | High
|
||||
12 | File | `/Admin/login.php` | High
|
||||
13 | File | `/admin/pages/update_go.php` | High
|
||||
14 | File | `/admin/reg.php` | High
|
||||
15 | File | `/admin/renewaldue.php` | High
|
||||
16 | File | `/admin/search.php` | High
|
||||
17 | File | `/ajax` | Low
|
||||
18 | File | `/analysisProject/pagingQueryData` | High
|
||||
19 | File | `/api/sys/login` | High
|
||||
20 | File | `/app/ajax/search_sales_report.php` | High
|
||||
21 | File | `/app/middleware/TokenVerify.php` | High
|
||||
22 | File | `/application/index/controller/Databasesource.php` | High
|
||||
23 | File | `/application/index/controller/Screen.php` | High
|
||||
24 | File | `/bin/boa` | Medium
|
||||
25 | File | `/booking/show_bookings/` | High
|
||||
26 | File | `/cancel.php` | Medium
|
||||
27 | File | `/cgi-bin/adm.cgi` | High
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 178 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 238 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -25,8 +25,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
|
|
@ -10,19 +10,58 @@ The following _campaigns_ are known and can be associated with BlueShell:
|
|||
|
||||
* Korea / Thailand
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BlueShell:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BlueShell.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [20.214.201.166](https://vuldb.com/?ip.20.214.201.166) | - | Korea / Thailand | High
|
||||
1 | [20.200.213.72](https://vuldb.com/?ip.20.200.213.72) | - | - | High
|
||||
2 | [20.214.201.166](https://vuldb.com/?ip.20.214.201.166) | - | Korea / Thailand | High
|
||||
3 | [121.127.241.117](https://vuldb.com/?ip.121.127.241.117) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _BlueShell_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BlueShell. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `assets/download.aspx` | High
|
||||
2 | File | `join.c` | Low
|
||||
3 | File | `njs_module.c` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://asec.ahnlab.com/en/56941/
|
||||
* https://asec.ahnlab.com/en/61549/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -29,8 +29,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059 | CWE-94 | Argument Injection | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -0,0 +1,73 @@
|
|||
# Bobik - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bobik](https://vuldb.com/?actor.bobik). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bobik](https://vuldb.com/?actor.bobik)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bobik:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bobik.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.57.122.82](https://vuldb.com/?ip.2.57.122.82) | - | - | High
|
||||
2 | [77.232.41.206](https://vuldb.com/?ip.77.232.41.206) | host-77-232-41-206.macloud.host | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Bobik_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bobik. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/ajax.php?action=confirm_order` | High
|
||||
2 | File | `/admin/book_add.php` | High
|
||||
3 | File | `/admin/borrow_add.php` | High
|
||||
4 | File | `/admin/manage-pages.php` | High
|
||||
5 | File | `/admin/sys_sql_query.php` | High
|
||||
6 | File | `/api/snapshot and /api/get_log_file` | High
|
||||
7 | File | `/b2b-supermarket/catalog/all-products` | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 54 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/avast/ioc/tree/master/Bobik
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -31,11 +31,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,34 +48,34 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
4 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
5 | File | `/film-rating.php` | High
|
||||
6 | File | `/index.php` | Medium
|
||||
7 | File | `/librarian/bookdetails.php` | High
|
||||
8 | File | `/pages/faculty_sched.php` | High
|
||||
9 | File | `/php_action/createUser.php` | High
|
||||
10 | File | `/spip.php` | Medium
|
||||
11 | File | `/student/bookdetails.php` | High
|
||||
12 | File | `account.asp` | Medium
|
||||
13 | File | `add_comment.php` | High
|
||||
14 | File | `admin.php` | Medium
|
||||
15 | File | `admin/admin_users.php` | High
|
||||
16 | File | `admin/conf_users_edit.php` | High
|
||||
17 | File | `Admin/edit-admin.php` | High
|
||||
18 | File | `admin/establishment/manage.php` | High
|
||||
19 | File | `admin/inquiries/view_details.php` | High
|
||||
20 | File | `admin/skins.php` | High
|
||||
21 | File | `admin/versions.html` | High
|
||||
22 | File | `admindocumentworker.jsp` | High
|
||||
23 | File | `admin_feature.php` | High
|
||||
24 | File | `album_portal.php` | High
|
||||
25 | File | `announce.php` | Medium
|
||||
26 | File | `apply.cgi` | Medium
|
||||
27 | File | `ardguest.php` | Medium
|
||||
28 | File | `bb_usage_stats.php` | High
|
||||
29 | File | `category.cfm` | Medium
|
||||
30 | File | `category_list.php` | High
|
||||
6 | File | `/forum/away.php` | High
|
||||
7 | File | `/index.php` | Medium
|
||||
8 | File | `/librarian/bookdetails.php` | High
|
||||
9 | File | `/pages/faculty_sched.php` | High
|
||||
10 | File | `/php_action/createUser.php` | High
|
||||
11 | File | `/spip.php` | Medium
|
||||
12 | File | `/student/bookdetails.php` | High
|
||||
13 | File | `account.asp` | Medium
|
||||
14 | File | `add_comment.php` | High
|
||||
15 | File | `admin.php` | Medium
|
||||
16 | File | `admin/admin_users.php` | High
|
||||
17 | File | `admin/conf_users_edit.php` | High
|
||||
18 | File | `Admin/edit-admin.php` | High
|
||||
19 | File | `admin/establishment/manage.php` | High
|
||||
20 | File | `admin/inquiries/view_details.php` | High
|
||||
21 | File | `admin/skins.php` | High
|
||||
22 | File | `admin/versions.html` | High
|
||||
23 | File | `admindocumentworker.jsp` | High
|
||||
24 | File | `admin_feature.php` | High
|
||||
25 | File | `album_portal.php` | High
|
||||
26 | File | `announce.php` | Medium
|
||||
27 | File | `apply.cgi` | Medium
|
||||
28 | File | `ardguest.php` | Medium
|
||||
29 | File | `bb_usage_stats.php` | High
|
||||
30 | File | `bwdates-report-result.php` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 265 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 267 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -81,7 +81,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-36, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
@ -102,47 +102,46 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/adminapi/system/crud` | High
|
||||
7 | File | `/adminapi/system/file/openfile` | High
|
||||
8 | File | `/admin_route/dec_service_credits.php` | High
|
||||
9 | File | `/api/baskets/{name}` | High
|
||||
10 | File | `/api/download` | High
|
||||
11 | File | `/api/v1/alerts` | High
|
||||
12 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
13 | File | `/api/v4/teams//channels/deleted` | High
|
||||
14 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
9 | File | `/api/download` | High
|
||||
10 | File | `/api/v1/alerts` | High
|
||||
11 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
12 | File | `/api/v4/teams//channels/deleted` | High
|
||||
13 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
14 | File | `/cancel.php` | Medium
|
||||
15 | File | `/category.php` | High
|
||||
16 | File | `/categorypage.php` | High
|
||||
17 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
18 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
19 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
20 | File | `/change-language/de_DE` | High
|
||||
21 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
22 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/devinfo` | Medium
|
||||
25 | File | `/dist/index.js` | High
|
||||
26 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/geoserver/gwc/rest.html` | High
|
||||
29 | File | `/goform/formSysCmd` | High
|
||||
30 | File | `/HNAP1` | Low
|
||||
31 | File | `/hosts/firewall/ip` | High
|
||||
32 | File | `/index.jsp#settings` | High
|
||||
33 | File | `/index.php/ccm/system/file/upload` | High
|
||||
34 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
35 | File | `/log/decodmail.php` | High
|
||||
36 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
37 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
38 | File | `/php/ping.php` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/register.do` | Medium
|
||||
41 | File | `/RPS2019Service/status.html` | High
|
||||
42 | File | `/s/index.php?action=statistics` | High
|
||||
43 | File | `/setting` | Medium
|
||||
44 | File | `/sicweb-ajax/tmproot/` | High
|
||||
45 | File | `/signup.php` | Medium
|
||||
46 | File | `/spip.php` | Medium
|
||||
47 | ... | ... | ...
|
||||
18 | File | `/cgi-bin/vitogate.cgi` | High
|
||||
19 | File | `/change-language/de_DE` | High
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/devinfo` | Medium
|
||||
22 | File | `/dist/index.js` | High
|
||||
23 | File | `/download` | Medium
|
||||
24 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/geoserver/gwc/rest.html` | High
|
||||
27 | File | `/goform/formSysCmd` | High
|
||||
28 | File | `/HNAP1` | Low
|
||||
29 | File | `/hosts/firewall/ip` | High
|
||||
30 | File | `/index.jsp#settings` | High
|
||||
31 | File | `/index.php/ccm/system/file/upload` | High
|
||||
32 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
33 | File | `/log/decodmail.php` | High
|
||||
34 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
||||
35 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
36 | File | `/php/ping.php` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/RPS2019Service/status.html` | High
|
||||
39 | File | `/s/index.php?action=statistics` | High
|
||||
40 | File | `/setting` | Medium
|
||||
41 | File | `/Setting/change_password_save` | High
|
||||
42 | File | `/sicweb-ajax/tmproot/` | High
|
||||
43 | File | `/signup.php` | Medium
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/st_reg.php` | Medium
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 403 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Brunei Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
|
@ -76,45 +76,45 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/admin/show.php` | High
|
||||
15 | File | `/api/file_uploader.php` | High
|
||||
16 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
17 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
18 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
|
||||
19 | File | `/bin/boa` | Medium
|
||||
20 | File | `/boat/login.php` | High
|
||||
21 | File | `/cimom` | Low
|
||||
22 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
23 | File | `/default.php?idx=17` | High
|
||||
24 | File | `/dev/shm` | Medium
|
||||
25 | File | `/download` | Medium
|
||||
26 | File | `/env` | Low
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/GponForm/device_Form?script/` | High
|
||||
29 | File | `/login/index.php` | High
|
||||
30 | File | `/mgmt/tm/util/bash` | High
|
||||
31 | File | `/net` | Low
|
||||
32 | File | `/opt/bin/cli` | Medium
|
||||
33 | File | `/p` | Low
|
||||
34 | File | `/patient/doctors.php` | High
|
||||
35 | File | `/phpinventory/editcategory.php` | High
|
||||
36 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
37 | File | `/service/upload` | High
|
||||
38 | File | `/setup/finish` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | File | `/sysmanage/edit_manageadmin.php` | High
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | File | `/updown/upload.cgi` | High
|
||||
43 | File | `/user/del.php` | High
|
||||
44 | File | `/viewer/krpano.html` | High
|
||||
45 | File | `/wp-admin/admin-ajax.php` | High
|
||||
46 | File | `/_next` | Low
|
||||
47 | File | `/_vti_pvt/access.cnf` | High
|
||||
48 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
49 | File | `act.php` | Low
|
||||
50 | File | `ActionServlet.java` | High
|
||||
51 | File | `adclick.php` | Medium
|
||||
52 | File | `admin.php` | Medium
|
||||
17 | File | `/api/sys/login` | High
|
||||
18 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
19 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
|
||||
20 | File | `/bin/boa` | Medium
|
||||
21 | File | `/boat/login.php` | High
|
||||
22 | File | `/cimom` | Low
|
||||
23 | File | `/clinic/disease_symptoms_view.php` | High
|
||||
24 | File | `/default.php?idx=17` | High
|
||||
25 | File | `/dev/shm` | Medium
|
||||
26 | File | `/download` | Medium
|
||||
27 | File | `/env` | Low
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/GponForm/device_Form?script/` | High
|
||||
30 | File | `/login/index.php` | High
|
||||
31 | File | `/mgmt/tm/util/bash` | High
|
||||
32 | File | `/net` | Low
|
||||
33 | File | `/opt/bin/cli` | Medium
|
||||
34 | File | `/p` | Low
|
||||
35 | File | `/patient/doctors.php` | High
|
||||
36 | File | `/phpinventory/editcategory.php` | High
|
||||
37 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
38 | File | `/service/upload` | High
|
||||
39 | File | `/setup/finish` | High
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | File | `/sysmanage/edit_manageadmin.php` | High
|
||||
42 | File | `/uncpath/` | Medium
|
||||
43 | File | `/updown/upload.cgi` | High
|
||||
44 | File | `/user/del.php` | High
|
||||
45 | File | `/viewer/krpano.html` | High
|
||||
46 | File | `/wp-admin/admin-ajax.php` | High
|
||||
47 | File | `/_next` | Low
|
||||
48 | File | `/_vti_pvt/access.cnf` | High
|
||||
49 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
50 | File | `act.php` | Low
|
||||
51 | File | `ActionServlet.java` | High
|
||||
52 | File | `adclick.php` | Medium
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 465 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 466 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -24,66 +24,67 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [2.34.147.152](https://vuldb.com/?ip.2.34.147.152) | net-2-34-147-152.cust.vodafonedsl.it | - | High
|
||||
2 | [3.19.120.166](https://vuldb.com/?ip.3.19.120.166) | ec2-3-19-120-166.us-east-2.compute.amazonaws.com | - | Medium
|
||||
3 | [3.28.39.6](https://vuldb.com/?ip.3.28.39.6) | ec2-3-28-39-6.me-central-1.compute.amazonaws.com | - | Medium
|
||||
4 | [3.99.59.202](https://vuldb.com/?ip.3.99.59.202) | ec2-3-99-59-202.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
5 | [3.110.56.219](https://vuldb.com/?ip.3.110.56.219) | ec2-3-110-56-219.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
6 | [3.112.78.101](https://vuldb.com/?ip.3.112.78.101) | ec2-3-112-78-101.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
7 | [3.112.185.142](https://vuldb.com/?ip.3.112.185.142) | ec2-3-112-185-142.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
8 | [3.115.144.47](https://vuldb.com/?ip.3.115.144.47) | ec2-3-115-144-47.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
9 | [3.133.7.69](https://vuldb.com/?ip.3.133.7.69) | ec2-3-133-7-69.us-east-2.compute.amazonaws.com | - | Medium
|
||||
10 | [3.221.126.84](https://vuldb.com/?ip.3.221.126.84) | ec2-3-221-126-84.compute-1.amazonaws.com | - | Medium
|
||||
11 | [5.42.65.45](https://vuldb.com/?ip.5.42.65.45) | - | - | High
|
||||
12 | [5.188.87.50](https://vuldb.com/?ip.5.188.87.50) | - | - | High
|
||||
13 | [8.212.128.240](https://vuldb.com/?ip.8.212.128.240) | - | - | High
|
||||
14 | [8.219.217.130](https://vuldb.com/?ip.8.219.217.130) | - | - | High
|
||||
15 | [8.222.133.105](https://vuldb.com/?ip.8.222.133.105) | - | - | High
|
||||
16 | [13.82.141.216](https://vuldb.com/?ip.13.82.141.216) | - | - | High
|
||||
17 | [13.112.86.223](https://vuldb.com/?ip.13.112.86.223) | ec2-13-112-86-223.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
18 | [13.112.226.27](https://vuldb.com/?ip.13.112.226.27) | ec2-13-112-226-27.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
19 | [13.113.45.138](https://vuldb.com/?ip.13.113.45.138) | ec2-13-113-45-138.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
20 | [13.113.86.16](https://vuldb.com/?ip.13.113.86.16) | ec2-13-113-86-16.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
21 | [13.113.204.244](https://vuldb.com/?ip.13.113.204.244) | ec2-13-113-204-244.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
22 | [13.114.48.174](https://vuldb.com/?ip.13.114.48.174) | ec2-13-114-48-174.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
23 | [13.114.78.162](https://vuldb.com/?ip.13.114.78.162) | ec2-13-114-78-162.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
24 | [13.114.110.144](https://vuldb.com/?ip.13.114.110.144) | ec2-13-114-110-144.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
25 | [13.114.224.91](https://vuldb.com/?ip.13.114.224.91) | ec2-13-114-224-91.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
26 | [13.115.223.29](https://vuldb.com/?ip.13.115.223.29) | ec2-13-115-223-29.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
27 | [13.230.94.200](https://vuldb.com/?ip.13.230.94.200) | ec2-13-230-94-200.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
28 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
29 | [13.231.24.246](https://vuldb.com/?ip.13.231.24.246) | ec2-13-231-24-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
30 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
31 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
32 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
33 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
34 | [18.66.112.58](https://vuldb.com/?ip.18.66.112.58) | server-18-66-112-58.fra56.r.cloudfront.net | - | High
|
||||
35 | [18.66.112.89](https://vuldb.com/?ip.18.66.112.89) | server-18-66-112-89.fra56.r.cloudfront.net | - | High
|
||||
36 | [18.66.112.114](https://vuldb.com/?ip.18.66.112.114) | server-18-66-112-114.fra56.r.cloudfront.net | - | High
|
||||
37 | [18.66.112.122](https://vuldb.com/?ip.18.66.112.122) | server-18-66-112-122.fra56.r.cloudfront.net | - | High
|
||||
38 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
39 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
40 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
41 | [18.154.185.36](https://vuldb.com/?ip.18.154.185.36) | server-18-154-185-36.ord58.r.cloudfront.net | - | High
|
||||
42 | [18.154.185.115](https://vuldb.com/?ip.18.154.185.115) | server-18-154-185-115.ord58.r.cloudfront.net | - | High
|
||||
43 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
44 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
45 | [18.176.27.91](https://vuldb.com/?ip.18.176.27.91) | ec2-18-176-27-91.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
46 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
47 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
48 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
49 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
50 | [18.180.64.43](https://vuldb.com/?ip.18.180.64.43) | ec2-18-180-64-43.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
51 | [18.181.114.13](https://vuldb.com/?ip.18.181.114.13) | ec2-18-181-114-13.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
52 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
53 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
54 | [18.193.106.166](https://vuldb.com/?ip.18.193.106.166) | ec2-18-193-106-166.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
55 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
56 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
57 | [18.219.153.204](https://vuldb.com/?ip.18.219.153.204) | ec2-18-219-153-204.us-east-2.compute.amazonaws.com | - | Medium
|
||||
58 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
59 | [18.238.132.5](https://vuldb.com/?ip.18.238.132.5) | server-18-238-132-5.dfw57.r.cloudfront.net | - | High
|
||||
60 | [18.238.132.55](https://vuldb.com/?ip.18.238.132.55) | server-18-238-132-55.dfw57.r.cloudfront.net | - | High
|
||||
61 | ... | ... | ... | ...
|
||||
4 | [3.36.144.103](https://vuldb.com/?ip.3.36.144.103) | ec2-3-36-144-103.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
5 | [3.99.59.202](https://vuldb.com/?ip.3.99.59.202) | ec2-3-99-59-202.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
6 | [3.110.56.219](https://vuldb.com/?ip.3.110.56.219) | ec2-3-110-56-219.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
7 | [3.112.78.101](https://vuldb.com/?ip.3.112.78.101) | ec2-3-112-78-101.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
8 | [3.112.185.142](https://vuldb.com/?ip.3.112.185.142) | ec2-3-112-185-142.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
9 | [3.115.144.47](https://vuldb.com/?ip.3.115.144.47) | ec2-3-115-144-47.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
10 | [3.133.7.69](https://vuldb.com/?ip.3.133.7.69) | ec2-3-133-7-69.us-east-2.compute.amazonaws.com | - | Medium
|
||||
11 | [3.221.126.84](https://vuldb.com/?ip.3.221.126.84) | ec2-3-221-126-84.compute-1.amazonaws.com | - | Medium
|
||||
12 | [5.42.65.45](https://vuldb.com/?ip.5.42.65.45) | - | - | High
|
||||
13 | [5.188.87.50](https://vuldb.com/?ip.5.188.87.50) | - | - | High
|
||||
14 | [8.212.128.240](https://vuldb.com/?ip.8.212.128.240) | - | - | High
|
||||
15 | [8.219.217.130](https://vuldb.com/?ip.8.219.217.130) | - | - | High
|
||||
16 | [8.222.133.105](https://vuldb.com/?ip.8.222.133.105) | - | - | High
|
||||
17 | [13.82.141.216](https://vuldb.com/?ip.13.82.141.216) | - | - | High
|
||||
18 | [13.112.86.223](https://vuldb.com/?ip.13.112.86.223) | ec2-13-112-86-223.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
19 | [13.112.226.27](https://vuldb.com/?ip.13.112.226.27) | ec2-13-112-226-27.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
20 | [13.113.45.138](https://vuldb.com/?ip.13.113.45.138) | ec2-13-113-45-138.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
21 | [13.113.86.16](https://vuldb.com/?ip.13.113.86.16) | ec2-13-113-86-16.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
22 | [13.113.189.83](https://vuldb.com/?ip.13.113.189.83) | ec2-13-113-189-83.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
23 | [13.113.204.244](https://vuldb.com/?ip.13.113.204.244) | ec2-13-113-204-244.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
24 | [13.114.48.174](https://vuldb.com/?ip.13.114.48.174) | ec2-13-114-48-174.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
25 | [13.114.78.162](https://vuldb.com/?ip.13.114.78.162) | ec2-13-114-78-162.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
26 | [13.114.110.144](https://vuldb.com/?ip.13.114.110.144) | ec2-13-114-110-144.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
27 | [13.114.224.91](https://vuldb.com/?ip.13.114.224.91) | ec2-13-114-224-91.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
28 | [13.115.223.29](https://vuldb.com/?ip.13.115.223.29) | ec2-13-115-223-29.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
29 | [13.230.94.200](https://vuldb.com/?ip.13.230.94.200) | ec2-13-230-94-200.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
30 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
31 | [13.231.24.246](https://vuldb.com/?ip.13.231.24.246) | ec2-13-231-24-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
32 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
33 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
34 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
35 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
36 | [18.66.112.58](https://vuldb.com/?ip.18.66.112.58) | server-18-66-112-58.fra56.r.cloudfront.net | - | High
|
||||
37 | [18.66.112.89](https://vuldb.com/?ip.18.66.112.89) | server-18-66-112-89.fra56.r.cloudfront.net | - | High
|
||||
38 | [18.66.112.114](https://vuldb.com/?ip.18.66.112.114) | server-18-66-112-114.fra56.r.cloudfront.net | - | High
|
||||
39 | [18.66.112.122](https://vuldb.com/?ip.18.66.112.122) | server-18-66-112-122.fra56.r.cloudfront.net | - | High
|
||||
40 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
41 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
42 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
43 | [18.154.185.36](https://vuldb.com/?ip.18.154.185.36) | server-18-154-185-36.ord58.r.cloudfront.net | - | High
|
||||
44 | [18.154.185.115](https://vuldb.com/?ip.18.154.185.115) | server-18-154-185-115.ord58.r.cloudfront.net | - | High
|
||||
45 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
46 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
47 | [18.176.27.91](https://vuldb.com/?ip.18.176.27.91) | ec2-18-176-27-91.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
48 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
49 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
50 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
51 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
52 | [18.180.64.43](https://vuldb.com/?ip.18.180.64.43) | ec2-18-180-64-43.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
53 | [18.181.114.13](https://vuldb.com/?ip.18.181.114.13) | ec2-18-181-114-13.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
54 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
55 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
56 | [18.193.106.166](https://vuldb.com/?ip.18.193.106.166) | ec2-18-193-106-166.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
57 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
58 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
59 | [18.219.153.204](https://vuldb.com/?ip.18.219.153.204) | ec2-18-219-153-204.us-east-2.compute.amazonaws.com | - | Medium
|
||||
60 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
61 | [18.238.132.5](https://vuldb.com/?ip.18.238.132.5) | server-18-238-132-5.dfw57.r.cloudfront.net | - | High
|
||||
62 | ... | ... | ... | ...
|
||||
|
||||
There are 240 more IOC items available. Please use our online service to access the data.
|
||||
There are 245 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -93,7 +94,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-36, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
@ -117,12 +118,12 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/adminapi/system/crud` | High
|
||||
10 | File | `/adminapi/system/file/openfile` | High
|
||||
11 | File | `/admin_route/dec_service_credits.php` | High
|
||||
12 | File | `/api/baskets/{name}` | High
|
||||
13 | File | `/api/download` | High
|
||||
14 | File | `/api/v1/alerts` | High
|
||||
15 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
16 | File | `/api/v4/teams//channels/deleted` | High
|
||||
17 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
12 | File | `/api/download` | High
|
||||
13 | File | `/api/v1/alerts` | High
|
||||
14 | File | `/api/v1/terminal/sessions/?limit=1` | High
|
||||
15 | File | `/api/v4/teams//channels/deleted` | High
|
||||
16 | File | `/b2b-supermarket/shopping-cart` | High
|
||||
17 | File | `/cancel.php` | Medium
|
||||
18 | File | `/category.php` | High
|
||||
19 | File | `/categorypage.php` | High
|
||||
20 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
|
@ -131,10 +132,10 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `/change-language/de_DE` | High
|
||||
24 | File | `/config/php.ini` | High
|
||||
25 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
26 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
27 | File | `/debug/pprof` | Medium
|
||||
28 | File | `/devinfo` | Medium
|
||||
29 | File | `/dist/index.js` | High
|
||||
26 | File | `/debug/pprof` | Medium
|
||||
27 | File | `/devinfo` | Medium
|
||||
28 | File | `/dist/index.js` | High
|
||||
29 | File | `/download` | Medium
|
||||
30 | File | `/fcgi/scrut_fcgi.fcgi` | High
|
||||
31 | File | `/forum/away.php` | High
|
||||
32 | File | `/geoserver/gwc/rest.html` | High
|
||||
|
@ -150,12 +151,13 @@ ID | Type | Indicator | Confidence
|
|||
42 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
43 | File | `/php/ping.php` | High
|
||||
44 | File | `/proxy` | Low
|
||||
45 | File | `/register.do` | Medium
|
||||
46 | File | `/RPS2019Service/status.html` | High
|
||||
47 | File | `/s/index.php?action=statistics` | High
|
||||
48 | ... | ... | ...
|
||||
45 | File | `/RPS2019Service/status.html` | High
|
||||
46 | File | `/s/index.php?action=statistics` | High
|
||||
47 | File | `/setting` | Medium
|
||||
48 | File | `/Setting/change_password_save` | High
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 421 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 424 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -165,6 +167,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://cybergeeks.tech/a-deep-dive-into-brute-ratel-c4-payloads/
|
||||
* https://search.censys.io/hosts/2.34.147.152
|
||||
* https://search.censys.io/hosts/3.28.39.6
|
||||
* https://search.censys.io/hosts/3.36.144.103
|
||||
* https://search.censys.io/hosts/3.112.78.101
|
||||
* https://search.censys.io/hosts/3.112.185.142
|
||||
* https://search.censys.io/hosts/3.115.144.47
|
||||
|
@ -178,6 +181,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/13.112.226.27
|
||||
* https://search.censys.io/hosts/13.113.45.138
|
||||
* https://search.censys.io/hosts/13.113.86.16
|
||||
* https://search.censys.io/hosts/13.113.189.83
|
||||
* https://search.censys.io/hosts/13.113.204.244
|
||||
* https://search.censys.io/hosts/13.114.48.174
|
||||
* https://search.censys.io/hosts/13.114.78.162
|
||||
|
@ -301,12 +305,15 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/82.84.39.65
|
||||
* https://search.censys.io/hosts/83.97.73.90
|
||||
* https://search.censys.io/hosts/84.32.131.78
|
||||
* https://search.censys.io/hosts/84.246.85.147
|
||||
* https://search.censys.io/hosts/87.121.221.22
|
||||
* https://search.censys.io/hosts/88.151.192.114
|
||||
* https://search.censys.io/hosts/88.218.61.244
|
||||
* https://search.censys.io/hosts/91.92.247.69
|
||||
* https://search.censys.io/hosts/91.92.254.156
|
||||
* https://search.censys.io/hosts/91.103.253.43
|
||||
* https://search.censys.io/hosts/91.223.208.155
|
||||
* https://search.censys.io/hosts/92.118.112.155
|
||||
* https://search.censys.io/hosts/94.102.49.64
|
||||
* https://search.censys.io/hosts/94.198.97.58
|
||||
* https://search.censys.io/hosts/103.25.188.178
|
||||
|
@ -344,6 +351,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/149.28.251.203
|
||||
* https://search.censys.io/hosts/154.26.154.154
|
||||
* https://search.censys.io/hosts/154.202.59.96
|
||||
* https://search.censys.io/hosts/157.230.247.198
|
||||
* https://search.censys.io/hosts/157.254.195.201
|
||||
* https://search.censys.io/hosts/161.35.170.123
|
||||
* https://search.censys.io/hosts/164.92.145.128
|
||||
|
|
|
@ -35,11 +35,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -57,7 +57,7 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/goform/RgTime` | High
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 67 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 68 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -392,14 +392,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-36 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -407,46 +406,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin_ping.htm` | High
|
||||
2 | File | `/app/index/controller/Common.php` | High
|
||||
3 | File | `/application/index/controller/Databasesource.php` | High
|
||||
4 | File | `/application/index/controller/Icon.php` | High
|
||||
5 | File | `/application/index/controller/Screen.php` | High
|
||||
6 | File | `/application/plugins/controller/Upload.php` | High
|
||||
7 | File | `/application/websocket/controller/Setting.php` | High
|
||||
8 | File | `/belegungsplan/wochenuebersicht.inc.php` | High
|
||||
9 | File | `/calendar/minimizer/index.php` | High
|
||||
10 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
11 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
12 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/cgi.cgi` | Medium
|
||||
15 | File | `/core/tools/update_menu.php` | High
|
||||
16 | File | `/counter/index2.php` | High
|
||||
17 | File | `/DXR.axd` | Medium
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/general/attendance/manage/ask_duty/delete.php` | High
|
||||
20 | File | `/highlight/index.html` | High
|
||||
21 | File | `/iisadmin` | Medium
|
||||
22 | File | `/iissamples` | Medium
|
||||
23 | File | `/include/dialog/select_templets_post.php` | High
|
||||
24 | File | `/includes/js/admin.php` | High
|
||||
25 | File | `/index.php?menu=asterisk_cli` | High
|
||||
26 | File | `/install/` | Medium
|
||||
27 | File | `/modx/manager/index.php` | High
|
||||
28 | File | `/php-opos/index.php` | High
|
||||
29 | File | `/search-result/` | High
|
||||
30 | File | `/search.php` | Medium
|
||||
31 | File | `/server-status` | High
|
||||
32 | File | `/sgms/reports/scheduledreports/configure/scheduleProps.jsp` | High
|
||||
33 | File | `/SysInfo1.htm` | High
|
||||
34 | File | `/templates/header.inc.php` | High
|
||||
35 | File | `/useratte/userattestation.php` | High
|
||||
36 | File | `/webmail/` | Medium
|
||||
37 | File | `/webmail/server/webmail.php` | High
|
||||
38 | ... | ... | ...
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin.php` | Medium
|
||||
3 | File | `/admin/app/service_crud.php` | High
|
||||
4 | File | `/admin/edit-admin.php` | High
|
||||
5 | File | `/admin/index.php` | High
|
||||
6 | File | `/admin/list_ipAddressPolicy.php` | High
|
||||
7 | File | `/admin/list_resource_icon.php?action=delete` | High
|
||||
8 | File | `/Admin/login.php` | High
|
||||
9 | File | `/admin/orders/view_order.php` | High
|
||||
10 | File | `/admin/singlelogin.php` | High
|
||||
11 | File | `/app/admin/controller/Upload.php` | High
|
||||
12 | File | `/app/ajax/search_sales_report.php` | High
|
||||
13 | File | `/app/controller/Setup.php` | High
|
||||
14 | File | `/app/middleware/TokenVerify.php` | High
|
||||
15 | File | `/apps/reg_go.php` | High
|
||||
16 | File | `/billing/bill/edit/` | High
|
||||
17 | File | `/bin/sh` | Low
|
||||
18 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
19 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
||||
20 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/classes/Login.php` | High
|
||||
23 | File | `/classes/Users.php` | High
|
||||
24 | File | `/DXR.axd` | Medium
|
||||
25 | File | `/Employer/EditProfile.php` | High
|
||||
26 | File | `/Employer/ManageWalkin.php` | High
|
||||
27 | File | `/endpoint/add-faq.php` | High
|
||||
28 | File | `/endpoint/delete-computer.php` | High
|
||||
29 | File | `/endpoint/update-resident.php` | High
|
||||
30 | File | `/endpoint/update-tracker.php` | High
|
||||
31 | File | `/forum/away.php` | High
|
||||
32 | File | `/goform/net\_Web\_get_value` | High
|
||||
33 | File | `/goform/SetStaticRouteCfg` | High
|
||||
34 | File | `/home.php` | Medium
|
||||
35 | File | `/Home/Index` | Medium
|
||||
36 | File | `/inc/modules_install.php` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
|
|
@ -31,7 +31,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
3 | T1059 | CWE-94 | Argument Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
|
|
@ -43,9 +43,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-425 | Path Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-35, CWE-425 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
|
@ -95,7 +95,7 @@ ID | Type | Indicator | Confidence
|
|||
34 | File | `/nagiosxi/admin/banner_message-ajaxhelper.php` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 301 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -31,12 +31,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1202 | CWE-78 | Command Shell in Externally Accessible Directory | High
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -45,11 +45,11 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/edit-db.php` | Medium
|
||||
2 | File | `admin/ueditor/uploadFile` | High
|
||||
3 | Argument | `href` | Low
|
||||
2 | File | `/spip.php` | Medium
|
||||
3 | File | `admin/ueditor/uploadFile` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 7 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -75,7 +75,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
|
|
@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059 | CWE-94 | Argument Injection | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
|
|
@ -36,7 +36,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Path Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1055 | CWE-74 | Improper Neutralization of Data within XPath Expressions | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue