Update
This commit is contained in:
parent
6e04b1ea5a
commit
ddc7826ca2
|
@ -69,7 +69,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -100,7 +100,7 @@ ID | Type | Indicator | Confidence
|
|||
37 | File | `album_portal.php` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 330 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -133,7 +133,7 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `/viewer/krpano.html` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 241 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 243 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -78,41 +78,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin/?page=system_info/contact_info` | High
|
||||
3 | File | `/admin/dl_sendmail.php` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/ad_js.php` | Medium
|
||||
6 | File | `/Ap4RtpAtom.cpp` | High
|
||||
7 | File | `/app/options.py` | High
|
||||
8 | File | `/bcms/admin/?page=user/list` | High
|
||||
9 | File | `/bsms/?page=manage_account` | High
|
||||
10 | File | `/cgi-bin/login.cgi` | High
|
||||
11 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
12 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
13 | File | `/dashboard/reports/logs/view` | High
|
||||
14 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/etc/hosts` | Medium
|
||||
17 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
18 | File | `/fuel/sitevariables/delete/4` | High
|
||||
19 | File | `/goform/aspForm` | High
|
||||
20 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
21 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
22 | File | `/index/jobfairol/show/` | High
|
||||
23 | File | `/librarian/bookdetails.php` | High
|
||||
24 | File | `/manage-apartment.php` | High
|
||||
25 | File | `/mgmt/tm/util/bash` | High
|
||||
26 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
27 | File | `/ms/cms/content/list.do` | High
|
||||
28 | File | `/orms/` | Low
|
||||
29 | File | `/pages/apply_vacancy.php` | High
|
||||
30 | File | `/plesk-site-preview/` | High
|
||||
31 | File | `/proc/<PID>/mem` | High
|
||||
32 | File | `/public/plugins/` | High
|
||||
33 | File | `/school/model/get_admin_profile.php` | High
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin/?page=system_info/contact_info` | High
|
||||
4 | File | `/admin/dl_sendmail.php` | High
|
||||
5 | File | `/admin/login.php` | High
|
||||
6 | File | `/ad_js.php` | Medium
|
||||
7 | File | `/Ap4RtpAtom.cpp` | High
|
||||
8 | File | `/app/options.py` | High
|
||||
9 | File | `/bcms/admin/?page=user/list` | High
|
||||
10 | File | `/bsms/?page=manage_account` | High
|
||||
11 | File | `/cgi-bin/login.cgi` | High
|
||||
12 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
13 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
14 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
15 | File | `/dashboard/reports/logs/view` | High
|
||||
16 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/etc/hosts` | Medium
|
||||
19 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
20 | File | `/fuel/sitevariables/delete/4` | High
|
||||
21 | File | `/goform/aspForm` | High
|
||||
22 | File | `/goform/setmac` | High
|
||||
23 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
24 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
25 | File | `/index/jobfairol/show/` | High
|
||||
26 | File | `/librarian/bookdetails.php` | High
|
||||
27 | File | `/manage-apartment.php` | High
|
||||
28 | File | `/mgmt/tm/util/bash` | High
|
||||
29 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
30 | File | `/ms/cms/content/list.do` | High
|
||||
31 | File | `/orms/` | Low
|
||||
32 | File | `/pages/apply_vacancy.php` | High
|
||||
33 | File | `/plesk-site-preview/` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 290 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -89,7 +89,7 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `agent.cfg` | Medium
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 203 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 204 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -16,12 +16,12 @@ The following _campaigns_ are known and can be associated with APT33:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
|
||||
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -61,7 +61,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -69,57 +69,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/?page=user/manage_user` | High
|
||||
2 | File | `/admin/del.php` | High
|
||||
3 | File | `/admin/delstu.php` | High
|
||||
4 | File | `/admin/lab.php` | High
|
||||
5 | File | `/asan/asan_interceptors_memintrinsics.cpp` | High
|
||||
6 | File | `/asan/asan_new_delete.cpp` | High
|
||||
7 | File | `/blog/blogpublish.php` | High
|
||||
8 | File | `/categories/view_category.php` | High
|
||||
9 | File | `/classes/Master.php?f=delete_category` | High
|
||||
10 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
11 | File | `/classes/Users.php?f=save_client` | High
|
||||
12 | File | `/dashboard/contact` | High
|
||||
13 | File | `/dede/co_do.php` | High
|
||||
14 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
15 | File | `/etc/shadow.sample` | High
|
||||
16 | File | `/frm/` | Low
|
||||
17 | File | `/goform/saveParentControlInfo` | High
|
||||
18 | File | `/goform/setAutoPing` | High
|
||||
19 | File | `/goform/SetIpMacBind` | High
|
||||
20 | File | `/goform/wifiSSIDset` | High
|
||||
21 | File | `/includes/db_utils.php` | High
|
||||
22 | File | `/includes/utils.php` | High
|
||||
23 | File | `/index.php` | Medium
|
||||
24 | File | `/ip/admin/` | Medium
|
||||
25 | File | `/master/index.php` | High
|
||||
26 | File | `/menu.htm` | Medium
|
||||
27 | File | `/mkshope/login.php` | High
|
||||
28 | File | `/mygym/admin/login.php` | High
|
||||
29 | File | `/Noxen-master/users.php` | High
|
||||
30 | File | `/patient/settings.php` | High
|
||||
31 | File | `/php_action/createUser.php` | High
|
||||
32 | File | `/pms/update_patient.php` | High
|
||||
33 | File | `/ptippage.cgi` | High
|
||||
34 | File | `/qr/I/` | Low
|
||||
35 | File | `/registration.php` | High
|
||||
36 | File | `/release-x64/otfccdump` | High
|
||||
37 | File | `/sanitizer_common/sanitizer_common_interceptors.inc` | High
|
||||
38 | File | `/schedules/view_schedule.php` | High
|
||||
39 | File | `/server-status` | High
|
||||
40 | File | `/src/jfif.c` | Medium
|
||||
41 | File | `/stdio-common/vfprintf.c` | High
|
||||
42 | File | `/stocks/manage_stockin.php` | High
|
||||
43 | File | `/templates/stylesheets.php` | High
|
||||
44 | File | `/users` | Low
|
||||
45 | File | `/usr/bin/tddp` | High
|
||||
46 | File | `/var/backup/tower` | High
|
||||
47 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
||||
48 | File | `/viewReport.php` | High
|
||||
49 | ... | ... | ...
|
||||
1 | File | `.rediscli_history` | High
|
||||
2 | File | `/activity/admin/modules/event/index.php?view=edit` | High
|
||||
3 | File | `/activity/admin/modules/modstudent/index.php?view=view` | High
|
||||
4 | File | `/admin/?page=user/manage_user` | High
|
||||
5 | File | `/admin/comment/list` | High
|
||||
6 | File | `/admin/del.php` | High
|
||||
7 | File | `/admin/delstu.php` | High
|
||||
8 | File | `/admin/edit_event.php` | High
|
||||
9 | File | `/admin/edit_user.php` | High
|
||||
10 | File | `/admin/lab.php` | High
|
||||
11 | File | `/admin/video/list` | High
|
||||
12 | File | `/admin/videoalbum/list` | High
|
||||
13 | File | `/api/upload-resource` | High
|
||||
14 | File | `/bibliography/marcsru.php` | High
|
||||
15 | File | `/bin/httpd` | Medium
|
||||
16 | File | `/bits/stl_vector.h` | High
|
||||
17 | File | `/categories/view_category.php` | High
|
||||
18 | File | `/classes/Master.php?f=delete_category` | High
|
||||
19 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
20 | File | `/classes/Users.php?f=save_client` | High
|
||||
21 | File | `/dashboard/settings` | High
|
||||
22 | File | `/dede/co_do.php` | High
|
||||
23 | File | `/etc/shadow.sample` | High
|
||||
24 | File | `/fax/fax_send.php` | High
|
||||
25 | File | `/garage/editcategory.php` | High
|
||||
26 | File | `/gfxpoly/stroke.c` | High
|
||||
27 | File | `/goform/saveParentControlInfo` | High
|
||||
28 | File | `/goform/SetIpMacBind` | High
|
||||
29 | File | `/guestmanagement/front.php` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 428 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 256 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -63,35 +63,35 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/admin/countrymanagement.php` | High
|
||||
5 | File | `/admin/generalsettings.php` | High
|
||||
6 | File | `/admin/newsletter1.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
9 | File | `/file?action=download&file` | High
|
||||
10 | File | `/filemanager/upload/drop` | High
|
||||
11 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
12 | File | `/login.php` | Medium
|
||||
13 | File | `/medical/inventories.php` | High
|
||||
14 | File | `/mgmt/tm/util/bash` | High
|
||||
15 | File | `/monitoring` | Medium
|
||||
16 | File | `/pages/apply_vacancy.php` | High
|
||||
17 | File | `/php_action/createUser.php` | High
|
||||
18 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
19 | File | `/plugins/servlet/audit/resource` | High
|
||||
20 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
21 | File | `/replication` | Medium
|
||||
22 | File | `/RestAPI` | Medium
|
||||
23 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
24 | File | `/scas/admin/` | Medium
|
||||
25 | File | `/tmp/zarafa-vacation-*` | High
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/upload` | Low
|
||||
28 | File | `/Uploads` | Medium
|
||||
29 | File | `/var/log/nginx` | High
|
||||
4 | File | `/admin/addemployee.php` | High
|
||||
5 | File | `/admin/add_trainers.php` | High
|
||||
6 | File | `/admin/countrymanagement.php` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/admin/newsletter1.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
11 | File | `/file?action=download&file` | High
|
||||
12 | File | `/filemanager/upload/drop` | High
|
||||
13 | File | `/index.php` | Medium
|
||||
14 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
15 | File | `/login.php` | Medium
|
||||
16 | File | `/medical/inventories.php` | High
|
||||
17 | File | `/mgmt/tm/util/bash` | High
|
||||
18 | File | `/mkshop/Men/profile.php` | High
|
||||
19 | File | `/monitoring` | Medium
|
||||
20 | File | `/pages/apply_vacancy.php` | High
|
||||
21 | File | `/php_action/createUser.php` | High
|
||||
22 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
23 | File | `/plugins/servlet/audit/resource` | High
|
||||
24 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
25 | File | `/replication` | Medium
|
||||
26 | File | `/RestAPI` | Medium
|
||||
27 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
28 | File | `/scas/admin/` | Medium
|
||||
29 | File | `/tmp/zarafa-vacation-*` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 253 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -65,7 +65,7 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/server-status` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 75 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 77 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -121,7 +121,7 @@ ID | Type | Indicator | Confidence
|
|||
43 | File | `addentry.php` | Medium
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 377 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 378 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Africa Unknown:
|
||||
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
@ -70,40 +70,34 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
6 | File | `/file?action=download&file` | High
|
||||
7 | File | `/html/Solar_Ftp.php` | High
|
||||
8 | File | `/layout/class.xblogcomment.php` | High
|
||||
9 | File | `/manager/jsp/test.jsp` | High
|
||||
10 | File | `/medical/inventories.php` | High
|
||||
11 | File | `/monitoring` | Medium
|
||||
12 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
13 | File | `/plugins/servlet/audit/resource` | High
|
||||
14 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
15 | File | `/public/login.htm` | High
|
||||
16 | File | `/replication` | Medium
|
||||
17 | File | `/RestAPI` | Medium
|
||||
18 | File | `/tmp/speedtest_urls.xml` | High
|
||||
19 | File | `/tmp/zarafa-vacation-*` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/upload` | Low
|
||||
22 | File | `/usr/bin/at` | Medium
|
||||
23 | File | `/var/log/nginx` | High
|
||||
24 | File | `/var/run/watchman.pid` | High
|
||||
8 | File | `/medical/inventories.php` | High
|
||||
9 | File | `/monitoring` | Medium
|
||||
10 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
11 | File | `/plugins/servlet/audit/resource` | High
|
||||
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
13 | File | `/public/login.htm` | High
|
||||
14 | File | `/replication` | Medium
|
||||
15 | File | `/RestAPI` | Medium
|
||||
16 | File | `/tmp/speedtest_urls.xml` | High
|
||||
17 | File | `/tmp/zarafa-vacation-*` | High
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/upload` | Low
|
||||
20 | File | `/usr/bin/at` | Medium
|
||||
21 | File | `/var/log/nginx` | High
|
||||
22 | File | `/var/run/watchman.pid` | High
|
||||
23 | File | `/viewer/krpano.html` | High
|
||||
24 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
25 | File | `/_vti_pvt/access.cnf` | High
|
||||
26 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
27 | File | `admin/e_mesaj_yaz.asp` | High
|
||||
28 | File | `admin/profile.php` | High
|
||||
29 | File | `admin/salesadmin.php` | High
|
||||
30 | File | `admin/systemWebAdminConfig.do` | High
|
||||
31 | File | `admin11.cgi` | Medium
|
||||
32 | File | `admincp/auth/checklogin.php` | High
|
||||
33 | File | `AdxDSrv.exe` | Medium
|
||||
34 | File | `agenda2.php3` | Medium
|
||||
35 | File | `ajax-actions.php` | High
|
||||
36 | File | `ajax/deletePage.php` | High
|
||||
37 | File | `ajouter_tva.php` | High
|
||||
38 | File | `apcupsd.pid` | Medium
|
||||
39 | ... | ... | ...
|
||||
27 | File | `admin11.cgi` | Medium
|
||||
28 | File | `AdxDSrv.exe` | Medium
|
||||
29 | File | `ajax-actions.php` | High
|
||||
30 | File | `apcupsd.pid` | Medium
|
||||
31 | File | `api/sms/send-sms` | High
|
||||
32 | File | `api/v1/alarms` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 278 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -27,18 +27,19 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.95.85.181](https://vuldb.com/?ip.23.95.85.181) | 23-95-85-181-host.colocrossing.com | - | High
|
||||
2 | [31.3.251.197](https://vuldb.com/?ip.31.3.251.197) | h31-3-251-197.host.redstation.co.uk | - | High
|
||||
3 | [31.209.137.12](https://vuldb.com/?ip.31.209.137.12) | smtp.vivaldi.net | - | High
|
||||
4 | [37.19.196.108](https://vuldb.com/?ip.37.19.196.108) | unn-37-19-196-108.datapacket.com | - | High
|
||||
5 | [45.142.215.180](https://vuldb.com/?ip.45.142.215.180) | connectoms.host | - | High
|
||||
6 | [45.156.25.78](https://vuldb.com/?ip.45.156.25.78) | - | - | High
|
||||
7 | [50.17.5.224](https://vuldb.com/?ip.50.17.5.224) | ec2-50-17-5-224.compute-1.amazonaws.com | - | Medium
|
||||
8 | [51.68.128.171](https://vuldb.com/?ip.51.68.128.171) | ip171.ip-51-68-128.eu | - | High
|
||||
9 | [51.89.183.99](https://vuldb.com/?ip.51.89.183.99) | 90.eri1.ovh.abcd.network | - | High
|
||||
10 | ... | ... | ... | ...
|
||||
1 | [3.93.18.244](https://vuldb.com/?ip.3.93.18.244) | ec2-3-93-18-244.compute-1.amazonaws.com | - | Medium
|
||||
2 | [3.217.248.28](https://vuldb.com/?ip.3.217.248.28) | ec2-3-217-248-28.compute-1.amazonaws.com | - | Medium
|
||||
3 | [23.95.85.181](https://vuldb.com/?ip.23.95.85.181) | 23-95-85-181-host.colocrossing.com | - | High
|
||||
4 | [31.3.251.197](https://vuldb.com/?ip.31.3.251.197) | h31-3-251-197.host.redstation.co.uk | - | High
|
||||
5 | [31.209.137.12](https://vuldb.com/?ip.31.209.137.12) | smtp.vivaldi.net | - | High
|
||||
6 | [34.200.207.31](https://vuldb.com/?ip.34.200.207.31) | ec2-34-200-207-31.compute-1.amazonaws.com | - | Medium
|
||||
7 | [37.19.196.108](https://vuldb.com/?ip.37.19.196.108) | unn-37-19-196-108.datapacket.com | - | High
|
||||
8 | [45.142.215.180](https://vuldb.com/?ip.45.142.215.180) | connectoms.host | - | High
|
||||
9 | [45.156.25.78](https://vuldb.com/?ip.45.156.25.78) | - | - | High
|
||||
10 | [50.17.5.224](https://vuldb.com/?ip.50.17.5.224) | ec2-50-17-5-224.compute-1.amazonaws.com | - | Medium
|
||||
11 | ... | ... | ... | ...
|
||||
|
||||
There are 37 more IOC items available. Please use our online service to access the data.
|
||||
There are 39 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -105,7 +106,7 @@ ID | Type | Indicator | Confidence
|
|||
43 | File | `cart_add.php` | Medium
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 377 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 378 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -115,6 +116,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://1275.ru/ioc/310/gs-032-agent-tesla-spyware-iocs/
|
||||
* https://asec.ahnlab.com/en/31083/
|
||||
* https://blog.talosintelligence.com/2020/07/threat-roundup-0724-0731.html
|
||||
* https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.html
|
||||
* https://blogs.blackberry.com/en/2020/04/threat-spotlight-secret-agent-tesla
|
||||
* https://community.blueliv.com/#!/s/5f7de53d82df413eb5350fba
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-20%20Agent%20Tesla%20IOCs
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [SC](https://vuldb.com/?country.sc)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
@ -45,15 +45,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,40 +60,36 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/?page=reports/stockin` | High
|
||||
2 | File | `/admin/?page=reports/stockout` | High
|
||||
3 | File | `/admin/?page=reports/waste` | High
|
||||
4 | File | `/admin/?page=user/manage_user` | High
|
||||
5 | File | `/admin/addemployee.php` | High
|
||||
6 | File | `/admin/article/list` | High
|
||||
7 | File | `/admin/article/list_approve` | High
|
||||
8 | File | `/admin/contact/list` | High
|
||||
9 | File | `/admin/del.php` | High
|
||||
10 | File | `/admin/delete.php` | High
|
||||
11 | File | `/admin/delstu.php` | High
|
||||
12 | File | `/admin/foldernotice/list` | High
|
||||
13 | File | `/admin/folderrollpicture/list` | High
|
||||
14 | File | `/admin/image/list` | High
|
||||
15 | File | `/admin/imagealbum/list` | High
|
||||
16 | File | `/admin/login.php` | High
|
||||
17 | File | `/admin/products/controller.php?action=add` | High
|
||||
18 | File | `/admin/site/list` | High
|
||||
19 | File | `/admin/videoalbum/list` | High
|
||||
20 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
21 | File | `/api/upload-resource` | High
|
||||
22 | File | `/appConfig/userDB.json` | High
|
||||
23 | File | `/bd_genie_create_account.cgi` | High
|
||||
24 | File | `/bin/boa` | Medium
|
||||
25 | File | `/blog/edit` | Medium
|
||||
26 | File | `/blogengine/api/posts` | High
|
||||
27 | File | `/brand.php` | Medium
|
||||
28 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||
29 | File | `/cgi-bin/DownloadFlash` | High
|
||||
30 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
31 | File | `/classes/Master.php?f=delete_account` | High
|
||||
32 | ... | ... | ...
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin/addemployee.php` | High
|
||||
3 | File | `/admin/article/list` | High
|
||||
4 | File | `/admin/article/list_approve` | High
|
||||
5 | File | `/admin/contact/list` | High
|
||||
6 | File | `/admin/foldernotice/list` | High
|
||||
7 | File | `/admin/folderrollpicture/list` | High
|
||||
8 | File | `/admin/friendlylink/list` | High
|
||||
9 | File | `/admin/image/list` | High
|
||||
10 | File | `/admin/imagealbum/list` | High
|
||||
11 | File | `/admin/site/list` | High
|
||||
12 | File | `/admin/video/list` | High
|
||||
13 | File | `/admin/videoalbum/list` | High
|
||||
14 | File | `/admin_book.php` | High
|
||||
15 | File | `/api/upload-resource` | High
|
||||
16 | File | `/appConfig/userDB.json` | High
|
||||
17 | File | `/bd_genie_create_account.cgi` | High
|
||||
18 | File | `/bin/boa` | Medium
|
||||
19 | File | `/bin/httpd` | Medium
|
||||
20 | File | `/blog/edit` | Medium
|
||||
21 | File | `/blogengine/api/posts` | High
|
||||
22 | File | `/brand.php` | Medium
|
||||
23 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||
24 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||
25 | File | `/card/in-card.php` | High
|
||||
26 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
27 | File | `/client.php` | Medium
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 273 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 235 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -53,10 +53,10 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/.env` | Low
|
||||
3 | File | `/.ssh/authorized_keys` | High
|
||||
4 | File | `/admin/default.asp` | High
|
||||
5 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
6 | File | `/app/options.py` | High
|
||||
7 | File | `/assets/ctx` | Medium
|
||||
8 | File | `/checkLogin.cgi` | High
|
||||
5 | File | `/administrator/components/table_manager/` | High
|
||||
6 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
7 | File | `/app/options.py` | High
|
||||
8 | File | `/assets/ctx` | Medium
|
||||
9 | File | `/ci_spms/admin/category` | High
|
||||
10 | File | `/ci_spms/admin/search/searching/` | High
|
||||
11 | File | `/classes/Master.php?f=delete_train` | High
|
||||
|
@ -68,35 +68,35 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/etc/passwd` | Medium
|
||||
18 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
19 | File | `/goforms/rlminfo` | High
|
||||
20 | File | `/Items/*/RemoteImages/Download` | High
|
||||
21 | File | `/login` | Low
|
||||
22 | File | `/navigate/navigate_download.php` | High
|
||||
23 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
24 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
25 | File | `/oputilsServlet` | High
|
||||
26 | File | `/owa/auth/logon.aspx` | High
|
||||
27 | File | `/p` | Low
|
||||
28 | File | `/password.html` | High
|
||||
29 | File | `/proc/ioports` | High
|
||||
30 | File | `/property-list/property_view.php` | High
|
||||
31 | File | `/ptms/classes/Users.php` | High
|
||||
32 | File | `/rest` | Low
|
||||
33 | File | `/rest/api/2/search` | High
|
||||
34 | File | `/s/` | Low
|
||||
35 | File | `/scripts/cpan_config` | High
|
||||
36 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
37 | File | `/services/system/setup.json` | High
|
||||
38 | File | `/spip.php` | Medium
|
||||
39 | File | `/uncpath/` | Medium
|
||||
40 | File | `/vloggers_merch/?p=view_product` | High
|
||||
41 | File | `/webconsole/APIController` | High
|
||||
42 | File | `/websocket/exec` | High
|
||||
43 | File | `/wp-admin/admin-ajax.php` | High
|
||||
44 | File | `/wp-json` | Medium
|
||||
45 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
46 | File | `/_next` | Low
|
||||
47 | File | `4.edu.php\conn\function.php` | High
|
||||
48 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
20 | File | `/index.php/newsletter/subscriber/new/` | High
|
||||
21 | File | `/Items/*/RemoteImages/Download` | High
|
||||
22 | File | `/login` | Low
|
||||
23 | File | `/navigate/navigate_download.php` | High
|
||||
24 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
25 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
26 | File | `/oputilsServlet` | High
|
||||
27 | File | `/owa/auth/logon.aspx` | High
|
||||
28 | File | `/p` | Low
|
||||
29 | File | `/password.html` | High
|
||||
30 | File | `/proc/ioports` | High
|
||||
31 | File | `/property-list/property_view.php` | High
|
||||
32 | File | `/ptms/classes/Users.php` | High
|
||||
33 | File | `/rest` | Low
|
||||
34 | File | `/rest/api/2/search` | High
|
||||
35 | File | `/s/` | Low
|
||||
36 | File | `/scripts/cpan_config` | High
|
||||
37 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
38 | File | `/services/system/setup.json` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | File | `/uncpath/` | Medium
|
||||
41 | File | `/vloggers_merch/?p=view_product` | High
|
||||
42 | File | `/webconsole/APIController` | High
|
||||
43 | File | `/websocket/exec` | High
|
||||
44 | File | `/whbs/?page=my_bookings` | High
|
||||
45 | File | `/wp-admin/admin-ajax.php` | High
|
||||
46 | File | `/wp-json` | Medium
|
||||
47 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
48 | File | `/_next` | Low
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 425 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -9,11 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Black KingDom:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,11 +31,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -53,32 +50,37 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin/?page=reports/waste` | High
|
||||
3 | File | `/admin/?page=user/manage_user` | High
|
||||
4 | File | `/admin/addemployee.php` | High
|
||||
5 | File | `/admin/del.php` | High
|
||||
6 | File | `/admin/delete.php` | High
|
||||
7 | File | `/admin/delstu.php` | High
|
||||
8 | File | `/admin/history.php` | High
|
||||
9 | File | `/admin/login.php` | High
|
||||
10 | File | `/admin/modify.php` | High
|
||||
11 | File | `/admin/modify1.php` | High
|
||||
12 | File | `/admin/products/controller.php?action=add` | High
|
||||
13 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
14 | File | `/api/v1/user` | Medium
|
||||
15 | File | `/appConfig/userDB.json` | High
|
||||
16 | File | `/assets` | Low
|
||||
17 | File | `/bin/boa` | Medium
|
||||
18 | File | `/blog/edit` | Medium
|
||||
19 | File | `/blogengine/api/posts` | High
|
||||
20 | File | `/blotter/blotter.php` | High
|
||||
21 | File | `/brand.php` | Medium
|
||||
22 | File | `/cgi-bin/DownloadFlash` | High
|
||||
23 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
24 | File | `/classes/Master.php?f=delete_account` | High
|
||||
25 | File | `/classes/Master.php?f=delete_category` | High
|
||||
26 | File | `/classes/Master.php?f=delete_img` | High
|
||||
27 | File | `/classes/Master.php?f=delete_payment` | High
|
||||
28 | ... | ... | ...
|
||||
5 | File | `/admin/article/list_approve` | High
|
||||
6 | File | `/admin/contact/list` | High
|
||||
7 | File | `/admin/del.php` | High
|
||||
8 | File | `/admin/delete.php` | High
|
||||
9 | File | `/admin/delstu.php` | High
|
||||
10 | File | `/admin/foldernotice/list` | High
|
||||
11 | File | `/admin/history.php` | High
|
||||
12 | File | `/admin/image/list` | High
|
||||
13 | File | `/admin/imagealbum/list` | High
|
||||
14 | File | `/admin/login.php` | High
|
||||
15 | File | `/admin/modify.php` | High
|
||||
16 | File | `/admin/modify1.php` | High
|
||||
17 | File | `/admin/products/controller.php?action=add` | High
|
||||
18 | File | `/admin/sendmailto.php?tomail=&groupid=` | High
|
||||
19 | File | `/admin/site/list` | High
|
||||
20 | File | `/admin/video/list` | High
|
||||
21 | File | `/admin_book.php` | High
|
||||
22 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
23 | File | `/api/upload-resource` | High
|
||||
24 | File | `/api/v1/user` | Medium
|
||||
25 | File | `/appConfig/userDB.json` | High
|
||||
26 | File | `/bin/boa` | Medium
|
||||
27 | File | `/bin/httpd` | Medium
|
||||
28 | File | `/blog/edit` | Medium
|
||||
29 | File | `/blogengine/api/posts` | High
|
||||
30 | File | `/brand.php` | Medium
|
||||
31 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||
32 | File | `/card/in-card.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 279 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -42,7 +42,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -55,22 +55,22 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin.php/user/zu_del` | High
|
||||
4 | File | `/admin/delstu.php` | High
|
||||
5 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
6 | File | `/admin/new-content` | High
|
||||
7 | File | `/ajax/set_sys_time/` | High
|
||||
8 | File | `/api/programs/orgUnits?programs` | High
|
||||
9 | File | `/api/v1/user` | Medium
|
||||
10 | File | `/application/controllers/Users.php` | High
|
||||
11 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
12 | File | `/bcms/admin/?page=service_transactions/manage_service_transaction` | High
|
||||
13 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
|
||||
14 | File | `/cgi/get_param.cgi` | High
|
||||
15 | File | `/checklogin.jsp` | High
|
||||
16 | File | `/ci_hms/search` | High
|
||||
17 | File | `/ci_spms/admin/search/searching/` | High
|
||||
18 | File | `/classes/Master.php?f=delete_category` | High
|
||||
19 | File | `/classes/Master.php?f=delete_payment` | High
|
||||
20 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
21 | File | `/cms/classes/Master.php?f=delete_service` | High
|
||||
6 | File | `/admin/foldernotice/list` | High
|
||||
7 | File | `/admin/image/list` | High
|
||||
8 | File | `/ajax/set_sys_time/` | High
|
||||
9 | File | `/api/programs/orgUnits?programs` | High
|
||||
10 | File | `/api/v1/user` | Medium
|
||||
11 | File | `/application/controllers/Users.php` | High
|
||||
12 | File | `/bcms/admin/?page=reports/daily_court_rental_report` | High
|
||||
13 | File | `/bcms/admin/?page=service_transactions/manage_service_transaction` | High
|
||||
14 | File | `/bcms/classes/Master.php?f=delete_court_rental` | High
|
||||
15 | File | `/cgi/get_param.cgi` | High
|
||||
16 | File | `/checklogin.jsp` | High
|
||||
17 | File | `/ci_hms/search` | High
|
||||
18 | File | `/ci_spms/admin/search/searching/` | High
|
||||
19 | File | `/classes/Master.php?f=delete_category` | High
|
||||
20 | File | `/classes/Master.php?f=delete_payment` | High
|
||||
21 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
22 | File | `/company/account/safety/trade` | High
|
||||
23 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
24 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
|
@ -81,10 +81,9 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `/fuel/sitevariables/delete/4` | High
|
||||
30 | File | `/goform/AdvSetLanIp` | High
|
||||
31 | File | `/goform/aspForm` | High
|
||||
32 | File | `/goform/WifiExtraSet` | High
|
||||
33 | ... | ... | ...
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 275 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [SE](https://vuldb.com/?country.se)
|
||||
* ...
|
||||
|
||||
There are 30 more country items available. Please use our online service to access the data.
|
||||
There are 31 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -80,7 +80,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -124,9 +124,10 @@ ID | Type | Indicator | Confidence
|
|||
34 | File | `add_vhost.php` | High
|
||||
35 | File | `admin.php` | Medium
|
||||
36 | File | `admin/conf_users_edit.php` | High
|
||||
37 | ... | ... | ...
|
||||
37 | File | `admin/default.asp` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 323 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -63,28 +63,29 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/forum/away.php` | High
|
||||
10 | File | `/get_getnetworkconf.cgi` | High
|
||||
11 | File | `/horde/util/go.php` | High
|
||||
12 | File | `/nova/bin/detnet` | High
|
||||
13 | File | `/opensis/modules/users/Staff.php` | High
|
||||
14 | File | `/php_action/createUser.php` | High
|
||||
15 | File | `/plugins/servlet/gadgets/makeRequest` | High
|
||||
16 | File | `/REBOOTSYSTEM` | High
|
||||
17 | File | `/req_password_user.php` | High
|
||||
18 | File | `/show_news.php` | High
|
||||
19 | File | `/tmp` | Low
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/Uploads` | Medium
|
||||
22 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
|
||||
23 | File | `/WEB-INF/web.xml` | High
|
||||
24 | File | `/webconsole/APIController` | High
|
||||
25 | File | `/wp-admin/admin-ajax.php` | High
|
||||
26 | File | `AccountStatus.jsp` | High
|
||||
27 | File | `add.php` | Low
|
||||
28 | File | `addentry.php` | Medium
|
||||
29 | File | `admin.htm` | Medium
|
||||
30 | File | `admin.php` | Medium
|
||||
31 | ... | ... | ...
|
||||
12 | File | `/index.php` | Medium
|
||||
13 | File | `/nova/bin/detnet` | High
|
||||
14 | File | `/opensis/modules/users/Staff.php` | High
|
||||
15 | File | `/php_action/createUser.php` | High
|
||||
16 | File | `/plugins/servlet/gadgets/makeRequest` | High
|
||||
17 | File | `/REBOOTSYSTEM` | High
|
||||
18 | File | `/req_password_user.php` | High
|
||||
19 | File | `/services` | Medium
|
||||
20 | File | `/show_news.php` | High
|
||||
21 | File | `/tmp` | Low
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/Uploads` | Medium
|
||||
24 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
|
||||
25 | File | `/WEB-INF/web.xml` | High
|
||||
26 | File | `/webconsole/APIController` | High
|
||||
27 | File | `/wp-admin/admin-ajax.php` | High
|
||||
28 | File | `AccountStatus.jsp` | High
|
||||
29 | File | `add.php` | Low
|
||||
30 | File | `addentry.php` | Medium
|
||||
31 | File | `admin.htm` | Medium
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 265 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -61,9 +61,10 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/librarian/bookdetails.php` | High
|
||||
7 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
8 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
9 | ... | ... | ...
|
||||
9 | File | `/uncpath/` | Medium
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 68 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 71 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -77,37 +77,36 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/ad_js.php` | Medium
|
||||
3 | File | `/Ap4RtpAtom.cpp` | High
|
||||
4 | File | `/app/options.py` | High
|
||||
5 | File | `/bcms/admin/?page=user/list` | High
|
||||
6 | File | `/bsms/?page=manage_account` | High
|
||||
7 | File | `/cgi-bin/login.cgi` | High
|
||||
8 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
9 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
10 | File | `/dashboard/reports/logs/view` | High
|
||||
11 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/etc/hosts` | Medium
|
||||
14 | File | `/file?action=download&file` | High
|
||||
15 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
16 | File | `/fuel/sitevariables/delete/4` | High
|
||||
17 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
18 | File | `/index/jobfairol/show/` | High
|
||||
19 | File | `/librarian/bookdetails.php` | High
|
||||
20 | File | `/manage-apartment.php` | High
|
||||
21 | File | `/mgmt/tm/util/bash` | High
|
||||
22 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
23 | File | `/pages/apply_vacancy.php` | High
|
||||
24 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
25 | File | `/proc/<PID>/mem` | High
|
||||
26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
27 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
28 | File | `/tmp/zarafa-vacation-*` | High
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | ... | ... | ...
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/ad_js.php` | Medium
|
||||
4 | File | `/Ap4RtpAtom.cpp` | High
|
||||
5 | File | `/app/options.py` | High
|
||||
6 | File | `/bcms/admin/?page=user/list` | High
|
||||
7 | File | `/bsms/?page=manage_account` | High
|
||||
8 | File | `/cgi-bin/login.cgi` | High
|
||||
9 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
10 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
11 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
12 | File | `/dashboard/reports/logs/view` | High
|
||||
13 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/etc/hosts` | Medium
|
||||
16 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
17 | File | `/fuel/sitevariables/delete/4` | High
|
||||
18 | File | `/goform/setmac` | High
|
||||
19 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
20 | File | `/index/jobfairol/show/` | High
|
||||
21 | File | `/librarian/bookdetails.php` | High
|
||||
22 | File | `/manage-apartment.php` | High
|
||||
23 | File | `/mgmt/tm/util/bash` | High
|
||||
24 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
25 | File | `/pages/apply_vacancy.php` | High
|
||||
26 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
27 | File | `/proc/<PID>/mem` | High
|
||||
28 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 251 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 249 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -39,9 +39,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -50,58 +51,57 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/inc/include.php` | High
|
||||
2 | File | `/admin/service/stop/` | High
|
||||
3 | File | `/api/v1/user` | Medium
|
||||
4 | File | `/app/options.py` | High
|
||||
5 | File | `/blogengine/api/posts` | High
|
||||
6 | File | `/categories/view_category.php` | High
|
||||
7 | File | `/category.php` | High
|
||||
8 | File | `/ci_spms/admin/search/searching/` | High
|
||||
9 | File | `/classes/Master.php?f=delete_category` | High
|
||||
10 | File | `/classes/Master.php?f=delete_stockin` | High
|
||||
11 | File | `/classes/Master.php?f=delete_student` | High
|
||||
12 | File | `/conf/users` | Medium
|
||||
13 | File | `/domains/index.fts` | High
|
||||
14 | File | `/etc/shadow.sample` | High
|
||||
15 | File | `/guestmanagement/front.php` | High
|
||||
16 | File | `/Home/debit_credit_p` | High
|
||||
17 | File | `/htdocs/upnpinc/gena.php` | High
|
||||
18 | File | `/include/comm_post.inc.php` | High
|
||||
19 | File | `/include/header_admin.inc.php` | High
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/ip/admin/` | Medium
|
||||
22 | File | `/login.php` | Medium
|
||||
23 | File | `/management/api/rcx_management/global_config_query` | High
|
||||
24 | File | `/master/index.php` | High
|
||||
25 | File | `/mkshop/Men/profile.php` | High
|
||||
26 | File | `/modules/mindmap/index.php` | High
|
||||
2 | File | `/api/v1/user` | Medium
|
||||
3 | File | `/app/options.py` | High
|
||||
4 | File | `/blogengine/api/posts` | High
|
||||
5 | File | `/categories/view_category.php` | High
|
||||
6 | File | `/ci_spms/admin/search/searching/` | High
|
||||
7 | File | `/classes/Master.php?f=delete_category` | High
|
||||
8 | File | `/classes/Master.php?f=delete_stockin` | High
|
||||
9 | File | `/classes/Master.php?f=delete_student` | High
|
||||
10 | File | `/conf/users` | Medium
|
||||
11 | File | `/domains/index.fts` | High
|
||||
12 | File | `/etc/shadow.sample` | High
|
||||
13 | File | `/garage/editcategory.php` | High
|
||||
14 | File | `/guestmanagement/front.php` | High
|
||||
15 | File | `/Home/debit_credit_p` | High
|
||||
16 | File | `/htdocs/upnpinc/gena.php` | High
|
||||
17 | File | `/include/comm_post.inc.php` | High
|
||||
18 | File | `/include/header_admin.inc.php` | High
|
||||
19 | File | `/index.php` | Medium
|
||||
20 | File | `/interview/delete.php?action=questiondelete` | High
|
||||
21 | File | `/interview/editQuestion.php` | High
|
||||
22 | File | `/ip/admin/` | Medium
|
||||
23 | File | `/login.php` | Medium
|
||||
24 | File | `/management/api/rcx_management/global_config_query` | High
|
||||
25 | File | `/master/index.php` | High
|
||||
26 | File | `/mkshop/Men/profile.php` | High
|
||||
27 | File | `/modules/tasks/gantt.php` | High
|
||||
28 | File | `/multiarch/memset-vec-unaligned-erms.S` | High
|
||||
29 | File | `/oa/setup/checkPool?database` | High
|
||||
30 | File | `/officials/officials.php` | High
|
||||
31 | File | `/pages/faculty_sched.php` | High
|
||||
32 | File | `/pages/processlogin.php` | High
|
||||
33 | File | `/patient/settings.php` | High
|
||||
34 | File | `/php_action/createUser.php` | High
|
||||
35 | File | `/pms/index.php` | High
|
||||
36 | File | `/psrs/classes/Master.php?f=delete_product` | High
|
||||
37 | File | `/readers/swf.c` | High
|
||||
38 | File | `/registration.php` | High
|
||||
39 | File | `/release-x64/otfccdump` | High
|
||||
40 | File | `/schedules/manage_schedule.php` | High
|
||||
41 | File | `/services/v4/invoiceImg` | High
|
||||
42 | File | `/src/inffast.c` | High
|
||||
43 | File | `/staff/delete.php` | High
|
||||
44 | File | `/templates/header.inc.php` | High
|
||||
45 | File | `/tmp/tardiff-$` | High
|
||||
46 | File | `/whbs/?page=contact_us` | High
|
||||
47 | File | `/xpdf/Lexer.cc` | High
|
||||
48 | File | `/xpdf/Stream.cc` | High
|
||||
49 | File | `addlyricsform.php` | High
|
||||
50 | File | `adm.cgi` | Low
|
||||
51 | ... | ... | ...
|
||||
30 | File | `/obs/book.php` | High
|
||||
31 | File | `/officials/officials.php` | High
|
||||
32 | File | `/pages/faculty_sched.php` | High
|
||||
33 | File | `/pages/processlogin.php` | High
|
||||
34 | File | `/patient/settings.php` | High
|
||||
35 | File | `/php_action/createUser.php` | High
|
||||
36 | File | `/pms/index.php` | High
|
||||
37 | File | `/psrs/classes/Master.php?f=delete_product` | High
|
||||
38 | File | `/readers/swf.c` | High
|
||||
39 | File | `/registration.php` | High
|
||||
40 | File | `/release-x64/otfccdump` | High
|
||||
41 | File | `/schedules/manage_schedule.php` | High
|
||||
42 | File | `/services/v4/invoiceImg` | High
|
||||
43 | File | `/src/inffast.c` | High
|
||||
44 | File | `/staff/delete.php` | High
|
||||
45 | File | `/system/department/list` | High
|
||||
46 | File | `/templates/header.inc.php` | High
|
||||
47 | File | `/tmp/tardiff-$` | High
|
||||
48 | File | `/whbs/?page=contact_us` | High
|
||||
49 | File | `/xpdf/Lexer.cc` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 441 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 434 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -68,10 +68,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 25 more TTP items available. Please use our online service to access the data.
|
||||
There are 26 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -81,41 +81,42 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/addQuestion.php` | High
|
||||
2 | File | `/admin/?page=reports/waste` | High
|
||||
3 | File | `/admin/add_trainers.php` | High
|
||||
4 | File | `/admin/curltest.cgi` | High
|
||||
5 | File | `/admin/lab.php` | High
|
||||
6 | File | `/admin/modify.php` | High
|
||||
7 | File | `/admin/showbad.php` | High
|
||||
8 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
9 | File | `/api/v1/user` | Medium
|
||||
10 | File | `/bd_genie_create_account.cgi` | High
|
||||
11 | File | `/card_scan.php` | High
|
||||
12 | File | `/categories/view_category.php` | High
|
||||
13 | File | `/category/controller.php?action=edit` | High
|
||||
14 | File | `/cgi-bin-sdb/ExportSettings.sh` | High
|
||||
15 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||
16 | File | `/claire_blake` | High
|
||||
17 | File | `/classes/Master.php?f=delete_account` | High
|
||||
18 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
19 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||
20 | File | `/dashboard/add-service.php` | High
|
||||
21 | File | `/dashboard/settings` | High
|
||||
22 | File | `/edituser.php` | High
|
||||
23 | File | `/etc/shadow.sample` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/fw.login.php` | High
|
||||
26 | File | `/goform/aspForm` | High
|
||||
27 | File | `/goform/NTPSyncWithHost` | High
|
||||
28 | File | `/goform/saveParentControlInfo` | High
|
||||
29 | File | `/goform/SetLEDCfg` | High
|
||||
30 | File | `/goform/SetVirtualServerCfg` | High
|
||||
31 | File | `/index.php` | Medium
|
||||
32 | File | `/index.php/?p=report` | High
|
||||
33 | File | `/Items/*/RemoteImages/Download` | High
|
||||
34 | File | `/master/index.php` | High
|
||||
35 | ... | ... | ...
|
||||
3 | File | `/admin/addemployee.php` | High
|
||||
4 | File | `/admin/add_trainers.php` | High
|
||||
5 | File | `/admin/article/list_approve` | High
|
||||
6 | File | `/admin/budget.php` | High
|
||||
7 | File | `/admin/friendlylink/list` | High
|
||||
8 | File | `/admin/image/list` | High
|
||||
9 | File | `/admin/imagealbum/list` | High
|
||||
10 | File | `/admin/modify.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
12 | File | `/admin/video/list` | High
|
||||
13 | File | `/admin/videoalbum/list` | High
|
||||
14 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
15 | File | `/api/v1/user` | Medium
|
||||
16 | File | `/bd_genie_create_account.cgi` | High
|
||||
17 | File | `/bin/httpd` | Medium
|
||||
18 | File | `/card_scan.php` | High
|
||||
19 | File | `/categories/view_category.php` | High
|
||||
20 | File | `/category/controller.php?action=edit` | High
|
||||
21 | File | `/cgi-bin-sdb/ExportSettings.sh` | High
|
||||
22 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||
23 | File | `/cgi-bin/wapopen` | High
|
||||
24 | File | `/claire_blake` | High
|
||||
25 | File | `/classes/Master.php?f=delete_account` | High
|
||||
26 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
27 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||
28 | File | `/dashboard/add-service.php` | High
|
||||
29 | File | `/dashboard/settings` | High
|
||||
30 | File | `/edituser.php` | High
|
||||
31 | File | `/etc/shadow.sample` | High
|
||||
32 | File | `/forum/away.php` | High
|
||||
33 | File | `/fw.login.php` | High
|
||||
34 | File | `/garage/editcategory.php` | High
|
||||
35 | File | `/goform/NTPSyncWithHost` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 299 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoinMiner:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [LU](https://vuldb.com/?country.lu)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -36,7 +36,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
13 | [50.19.252.36](https://vuldb.com/?ip.50.19.252.36) | ec2-50-19-252-36.compute-1.amazonaws.com | - | Medium
|
||||
14 | ... | ... | ... | ...
|
||||
|
||||
There are 52 more IOC items available. Please use our online service to access the data.
|
||||
There are 54 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -44,12 +44,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -58,52 +59,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `.jpilot` | Low
|
||||
2 | File | `.imwheelrc` | Medium
|
||||
3 | File | `.plan` | Low
|
||||
4 | File | `.tin` | Low
|
||||
5 | File | `/aux` | Low
|
||||
6 | File | `/coreframe/app/guestbook/myissue.php` | High
|
||||
7 | File | `/icingaweb2/navigation/add` | High
|
||||
6 | File | `/configs/application.ini` | High
|
||||
7 | File | `/goform/setPicListItem` | High
|
||||
8 | File | `/root/.keeper/` | High
|
||||
9 | File | `/sbin/conf.d/SuSEconfig.javarunt` | High
|
||||
10 | File | `/search-result/` | High
|
||||
11 | File | `/usr/bin/sonia` | High
|
||||
12 | File | `/var/log/nginx` | High
|
||||
13 | File | `/var/spool/fax/outgoing/.last_run` | High
|
||||
14 | File | `95.php` | Low
|
||||
15 | File | `123flashchat.php` | High
|
||||
16 | File | `action.php` | Medium
|
||||
17 | File | `Active Browser Profile` | High
|
||||
18 | File | `addons/mod_media/body.php` | High
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | File | `admin/profile_settings_net.html` | High
|
||||
21 | File | `af.cgi/alienform.cgi` | High
|
||||
22 | File | `af_netlink.c` | Medium
|
||||
23 | File | `aide.php3` | Medium
|
||||
24 | File | `aim/icq` | Low
|
||||
25 | File | `ajax.php` | Medium
|
||||
26 | File | `akocomment.php` | High
|
||||
27 | File | `album.php` | Medium
|
||||
28 | File | `allmanageup.pl` | High
|
||||
29 | File | `apache2/modsecurity.c` | High
|
||||
30 | File | `arm/lithium-codegen-arm.cc` | High
|
||||
31 | File | `attachment_send.php` | High
|
||||
32 | File | `b2edit.showposts.php` | High
|
||||
33 | File | `bar.phtml` | Medium
|
||||
34 | File | `bitmap/bdfread.c` | High
|
||||
35 | File | `cadastro_usuario.php` | High
|
||||
36 | File | `cartman.php` | Medium
|
||||
37 | File | `cdf.c` | Low
|
||||
38 | File | `cgi-bin/module/sysmanager/admin/SYSAdminUserDialog` | High
|
||||
39 | File | `cgi/actions.py` | High
|
||||
40 | File | `cgiproc` | Low
|
||||
41 | File | `classifieds.cgi` | High
|
||||
42 | File | `cmd.php` | Low
|
||||
43 | File | `colors.py` | Medium
|
||||
44 | File | `com.evernote_preferences.xml` | High
|
||||
10 | File | `/spacecom/login.php` | High
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `/usr/bin/sonia` | High
|
||||
13 | File | `/var/log/nginx` | High
|
||||
14 | File | `/xampp/guestbook-en.pl` | High
|
||||
15 | File | `/zm/index.php` | High
|
||||
16 | File | `95.php` | Low
|
||||
17 | File | `123flashchat.php` | High
|
||||
18 | File | `abook_database.php` | High
|
||||
19 | File | `action.php` | Medium
|
||||
20 | File | `Active Browser Profile` | High
|
||||
21 | File | `admin.php` | Medium
|
||||
22 | File | `admin/profile_settings_net.html` | High
|
||||
23 | File | `af.cgi/alienform.cgi` | High
|
||||
24 | File | `aide.php3` | Medium
|
||||
25 | File | `aim/icq` | Low
|
||||
26 | File | `ajax.php` | Medium
|
||||
27 | File | `akocomment.php` | High
|
||||
28 | File | `article.php` | Medium
|
||||
29 | File | `aviso.php` | Medium
|
||||
30 | File | `bar.phtml` | Medium
|
||||
31 | File | `bitmap/bdfread.c` | High
|
||||
32 | File | `blog.cgi` | Medium
|
||||
33 | File | `browse.php` | Medium
|
||||
34 | File | `cartman.php` | Medium
|
||||
35 | File | `cdf.c` | Low
|
||||
36 | File | `cgi-bin/module/sysmanager/admin/SYSAdminUserDialog` | High
|
||||
37 | File | `chetcpasswd.cgi` | High
|
||||
38 | File | `classifieds.cgi` | High
|
||||
39 | File | `cmd.php` | Low
|
||||
40 | File | `com.evernote_preferences.xml` | High
|
||||
41 | File | `command/user.cgi` | High
|
||||
42 | File | `comments.php` | Medium
|
||||
43 | File | `common.php` | Medium
|
||||
44 | File | `content.php` | Medium
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -118,6 +119,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
|
||||
* https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
|
||||
* https://blog.talosintelligence.com/2021/06/threat-roundup-0617-0624.html
|
||||
* https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
|
||||
* https://isc.sans.edu/forums/diary/CoinMiners+searching+for+hosts/24364/
|
||||
* https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/ https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/
|
||||
* https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/
|
||||
|
|
|
@ -16,11 +16,11 @@ The following _campaigns_ are known and can be associated with Conti:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Conti:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -524,14 +524,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -540,7 +540,7 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.procmailrc` | Medium
|
||||
2 | File | `/admin/` | Low
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin/communitymanagement.php` | High
|
||||
4 | File | `/admin/extended` | High
|
||||
5 | File | `/admin/featured.php` | High
|
||||
|
@ -555,27 +555,28 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/api/addusers` | High
|
||||
15 | File | `/app/options.py` | High
|
||||
16 | File | `/application/common.php#action_log` | High
|
||||
17 | File | `/bsms/?page=manage_account` | High
|
||||
18 | File | `/cgi-bin/login.cgi` | High
|
||||
17 | File | `/cgi-bin/login.cgi` | High
|
||||
18 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
19 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
20 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
21 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
22 | File | `/dashboard/reports/logs/view` | High
|
||||
23 | File | `/dashboard/updatelogo.php` | High
|
||||
24 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/designer/add/layout` | High
|
||||
27 | File | `/etc/hosts` | Medium
|
||||
28 | File | `/filemanager/upload/drop` | High
|
||||
29 | File | `/gasmark/assets/myimages/oneWord.php` | High
|
||||
30 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
31 | File | `/index.php` | Medium
|
||||
32 | File | `/index/jobfairol/show/` | High
|
||||
33 | File | `/librarian/bookdetails.php` | High
|
||||
34 | File | `/loginVaLidation.php` | High
|
||||
35 | ... | ... | ...
|
||||
22 | File | `/cwc/login` | Medium
|
||||
23 | File | `/dashboard/reports/logs/view` | High
|
||||
24 | File | `/dashboard/updatelogo.php` | High
|
||||
25 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
26 | File | `/debug/pprof` | Medium
|
||||
27 | File | `/designer/add/layout` | High
|
||||
28 | File | `/etc/hosts` | Medium
|
||||
29 | File | `/filemanager/upload/drop` | High
|
||||
30 | File | `/gasmark/assets/myimages/oneWord.php` | High
|
||||
31 | File | `/goform/setmac` | High
|
||||
32 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
33 | File | `/index.php` | Medium
|
||||
34 | File | `/index/jobfairol/show/` | High
|
||||
35 | File | `/loginVaLidation.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 308 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [SV](https://vuldb.com/?country.sv)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -54,13 +54,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -73,55 +72,55 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/admin/addemployee.php` | High
|
||||
2 | File | `/admin/add_trainers.php` | High
|
||||
3 | File | `/admin/header.inc.php` | High
|
||||
4 | File | `/admin/vca/license/license_tok.cgi` | High
|
||||
4 | File | `/admin/index.PHP` | High
|
||||
5 | File | `/admin/video/list` | High
|
||||
6 | File | `/AJAX/ajaxget` | High
|
||||
7 | File | `/api/plugin/uninstall` | High
|
||||
8 | File | `/api/upload-resource` | High
|
||||
9 | File | `/api/v2/config` | High
|
||||
10 | File | `/belegungsplan/wochenuebersicht.inc.php` | High
|
||||
11 | File | `/cgi-bin/readfile.tcl` | High
|
||||
12 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
13 | File | `/classes/Users.php?f=save_client` | High
|
||||
14 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||
15 | File | `/dishes.php` | Medium
|
||||
16 | File | `/etc/quagga` | Medium
|
||||
17 | File | `/etc/shadow.sample` | High
|
||||
18 | File | `/fax/fax_send.php` | High
|
||||
19 | File | `/gfxpoly/stroke.c` | High
|
||||
20 | File | `/goform/addRouting` | High
|
||||
21 | File | `/goform/form2Wan.cgi` | High
|
||||
22 | File | `/htdocs/utils/Files.php` | High
|
||||
23 | File | `/include/menu_u.inc.php` | High
|
||||
24 | File | `/includes/db_connect.php` | High
|
||||
25 | File | `/includes/images.php` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/ip/admin/` | Medium
|
||||
28 | File | `/isms/admin/stocks/view_stock.php` | High
|
||||
29 | File | `/login.php` | Medium
|
||||
30 | File | `/oa/setup/checkPool?database` | High
|
||||
31 | File | `/pages/class_sched.php` | High
|
||||
32 | File | `/pages/faculty_sched.php` | High
|
||||
33 | File | `/pages/permit/permit.php` | High
|
||||
34 | File | `/patient/booking.php` | High
|
||||
35 | File | `/pms/update_medicine.php` | High
|
||||
36 | File | `/pms/update_user.php` | High
|
||||
37 | File | `/qr/I/` | Low
|
||||
38 | File | `/release-x64/otfccdump` | High
|
||||
39 | File | `/session/sendmail` | High
|
||||
40 | File | `/sistema/flash/reboot` | High
|
||||
41 | File | `/sys/ui/extend/varkind/custom.jsp` | High
|
||||
42 | File | `/templates/default/html/windows/right.php` | High
|
||||
43 | File | `/vicidial/user_stats.php` | High
|
||||
44 | File | `/web/api/v1/upload/UploadHandler.php` | High
|
||||
45 | File | `/WebApp/SettingsFileMonitor/GetFileMonitorProfiles` | High
|
||||
46 | File | `/webmail/server/webmail.php` | High
|
||||
47 | File | `/whbs/?page=my_bookings` | High
|
||||
48 | File | `/www/cgi-bin/popen.cgi` | High
|
||||
49 | File | `/xpdf/Stream.cc` | High
|
||||
6 | File | `/api/plugin/uninstall` | High
|
||||
7 | File | `/api/upload-resource` | High
|
||||
8 | File | `/api/v2/config` | High
|
||||
9 | File | `/belegungsplan/wochenuebersicht.inc.php` | High
|
||||
10 | File | `/bin/httpd` | Medium
|
||||
11 | File | `/bits/stl_vector.h` | High
|
||||
12 | File | `/card/in-card.php` | High
|
||||
13 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
|
||||
14 | File | `/classes/Users.php?f=save_client` | High
|
||||
15 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||
16 | File | `/dishes.php` | Medium
|
||||
17 | File | `/etc/quagga` | Medium
|
||||
18 | File | `/etc/shadow.sample` | High
|
||||
19 | File | `/fax/fax_send.php` | High
|
||||
20 | File | `/garage/editclient.php` | High
|
||||
21 | File | `/get_missing_events` | High
|
||||
22 | File | `/gfxpoly/stroke.c` | High
|
||||
23 | File | `/goform/addRouting` | High
|
||||
24 | File | `/goform/form2Wan.cgi` | High
|
||||
25 | File | `/home/bupt/Desktop/swftools/src/gif2swf` | High
|
||||
26 | File | `/htdocs/utils/Files.php` | High
|
||||
27 | File | `/include/menu_u.inc.php` | High
|
||||
28 | File | `/includes/db_connect.php` | High
|
||||
29 | File | `/includes/images.php` | High
|
||||
30 | File | `/index.php` | Medium
|
||||
31 | File | `/ip/admin/` | Medium
|
||||
32 | File | `/login.php` | Medium
|
||||
33 | File | `/multiarch/memset-vec-unaligned-erms.S` | High
|
||||
34 | File | `/oa/setup/checkPool?database` | High
|
||||
35 | File | `/pages/class_sched.php` | High
|
||||
36 | File | `/pages/faculty_sched.php` | High
|
||||
37 | File | `/pages/permit/permit.php` | High
|
||||
38 | File | `/patient/booking.php` | High
|
||||
39 | File | `/pms/update_medicine.php` | High
|
||||
40 | File | `/pms/update_user.php` | High
|
||||
41 | File | `/qr/I/` | Low
|
||||
42 | File | `/release-x64/otfccdump` | High
|
||||
43 | File | `/release-x64/otfccdump+0x6badae` | High
|
||||
44 | File | `/release-x64/otfccdump+0x5266a8` | High
|
||||
45 | File | `/sanitizer_common/sanitizer_common_interceptors.inc` | High
|
||||
46 | File | `/session/sendmail` | High
|
||||
47 | File | `/sistema/flash/reboot` | High
|
||||
48 | File | `/sys/ui/extend/varkind/custom.jsp` | High
|
||||
49 | File | `/templates/default/html/windows/right.php` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 437 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 434 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -36,6 +36,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
2 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -52,7 +52,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/probe?target` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 20 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 22 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -92,30 +92,28 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/config/config.php` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
13 | File | `/customers/index.php` | High
|
||||
14 | File | `/DataHandler/AM/AM_Handler.ashx` | High
|
||||
15 | File | `/DataHandler/HandlerAlarmGroup.ashx` | High
|
||||
16 | File | `/DataHandler/HandlerEnergyType.ashx` | High
|
||||
17 | File | `/DataHandler/Handler_CFG.ashx` | High
|
||||
18 | File | `/ECT_Provider/` | High
|
||||
19 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
20 | File | `/fuel/index.php/fuel/pages/items` | High
|
||||
21 | File | `/goform/openSchedWifi` | High
|
||||
22 | File | `/goform/SetNetControlList` | High
|
||||
23 | File | `/image_zoom.php` | High
|
||||
24 | File | `/include/config.cache.php` | High
|
||||
25 | File | `/json/profile/removeStarAjax.do` | High
|
||||
13 | File | `/DataHandler/AM/AM_Handler.ashx` | High
|
||||
14 | File | `/DataHandler/HandlerAlarmGroup.ashx` | High
|
||||
15 | File | `/DataHandler/HandlerEnergyType.ashx` | High
|
||||
16 | File | `/DataHandler/Handler_CFG.ashx` | High
|
||||
17 | File | `/ECT_Provider/` | High
|
||||
18 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
19 | File | `/fuel/index.php/fuel/pages/items` | High
|
||||
20 | File | `/goform/openSchedWifi` | High
|
||||
21 | File | `/goform/SetNetControlList` | High
|
||||
22 | File | `/image_zoom.php` | High
|
||||
23 | File | `/include/config.cache.php` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/mkshop/Men/profile.php` | High
|
||||
26 | File | `/plugin/ajax.php` | High
|
||||
27 | File | `/plugins/servlet/branchreview` | High
|
||||
28 | File | `/proc/ioports` | High
|
||||
29 | File | `/proxy/` | Low
|
||||
30 | File | `/public/plugins/` | High
|
||||
31 | File | `/rest/api/2/search` | High
|
||||
32 | File | `/rest/api/latest/groupuserpicker` | High
|
||||
33 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
34 | ... | ... | ...
|
||||
27 | File | `/proc/ioports` | High
|
||||
28 | File | `/proxy/` | Low
|
||||
29 | File | `/public/plugins/` | High
|
||||
30 | File | `/rest/api/2/search` | High
|
||||
31 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -22,11 +22,13 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [12.167.151.119](https://vuldb.com/?ip.12.167.151.119) | - | - | High
|
||||
2 | [41.58.102.142](https://vuldb.com/?ip.41.58.102.142) | - | - | High
|
||||
3 | [41.58.104.23](https://vuldb.com/?ip.41.58.104.23) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
2 | [20.72.235.82](https://vuldb.com/?ip.20.72.235.82) | - | - | High
|
||||
3 | [20.81.111.85](https://vuldb.com/?ip.20.81.111.85) | - | - | High
|
||||
4 | [23.221.227.172](https://vuldb.com/?ip.23.221.227.172) | a23-221-227-172.deploy.static.akamaitechnologies.com | - | High
|
||||
5 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
There are 21 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -47,13 +49,13 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/SCRIPTPATH/index.php` | High
|
||||
2 | File | `auth-gss2.c` | Medium
|
||||
3 | File | `category.cfm` | Medium
|
||||
4 | File | `cgi-bin/MANGA/admin.cgi` | High
|
||||
1 | File | `/pages/processlogin.php` | High
|
||||
2 | File | `/SCRIPTPATH/index.php` | High
|
||||
3 | File | `admin/index.php` | High
|
||||
4 | File | `auth-gss2.c` | Medium
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 27 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 31 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -63,6 +65,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
|
||||
* https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
|
||||
* https://blog.talosintelligence.com/2021/12/threat-roundup-1126-1203.html
|
||||
* https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.html
|
||||
* https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -4,6 +4,13 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dharma](https://vuldb.com/?actor.dharma)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dharma:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [BG](https://vuldb.com/?country.bg)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dharma.
|
||||
|
@ -20,12 +27,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -33,33 +41,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/deluser.php` | High
|
||||
2 | File | `/admin/dl_sendmail.php` | High
|
||||
3 | File | `/admin/operations/tax.php` | High
|
||||
4 | File | `/admin/showbad.php` | High
|
||||
5 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
6 | File | `/api/v2/config` | High
|
||||
7 | File | `/appinfo/save` | High
|
||||
8 | File | `/ATL/VQ23` | Medium
|
||||
9 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||
10 | File | `/coreframe/app/pay/admin/index.php` | High
|
||||
11 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
12 | File | `/dl/dl_sendmail.php` | High
|
||||
13 | File | `/dl/dl_sendsms.php` | High
|
||||
14 | File | `/ffos/admin/categories/manage_category.php` | High
|
||||
15 | File | `/ffos/admin/categories/view_category.php` | High
|
||||
16 | File | `/ffos/admin/menus/manage_menu.php` | High
|
||||
17 | File | `/ffos/admin/sales/receipt.php` | High
|
||||
18 | File | `/ffos/classes/Master.php?f=delete_category` | High
|
||||
19 | File | `/ffos/classes/Master.php?f=delete_img` | High
|
||||
20 | File | `/ffos/classes/Master.php?f=delete_menu` | High
|
||||
21 | File | `/hprms/admin/?page=patients/view_patient` | High
|
||||
22 | File | `/hprms/admin/?page=user/manage_user` | High
|
||||
23 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
24 | File | `/hprms/admin/doctors/view_doctor.php` | High
|
||||
25 | ... | ... | ...
|
||||
1 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
2 | File | `/admin/inquiries/view_details.php` | High
|
||||
3 | File | `/alarm_pi/alarmService.php` | High
|
||||
4 | File | `/api/admin/attachments/upload` | High
|
||||
5 | File | `/application/controllers/Users.php` | High
|
||||
6 | File | `/classes/Master.php?f=delete_message` | High
|
||||
7 | File | `/classes/Master.php?f=delete_reservation` | High
|
||||
8 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
9 | File | `/classes/Master.php?f=delete_service` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 210 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 73 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -40,7 +40,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -57,30 +57,29 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/hub/api/user` | High
|
||||
8 | File | `/medical/inventories.php` | High
|
||||
9 | File | `/monitoring` | Medium
|
||||
10 | File | `/NAGErrors` | Medium
|
||||
11 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
12 | File | `/plugins/servlet/audit/resource` | High
|
||||
13 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
14 | File | `/replication` | Medium
|
||||
15 | File | `/RestAPI` | Medium
|
||||
16 | File | `/tmp` | Low
|
||||
17 | File | `/tmp/speedtest_urls.xml` | High
|
||||
18 | File | `/tmp/zarafa-vacation-*` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/upload` | Low
|
||||
21 | File | `/var/log/nginx` | High
|
||||
22 | File | `/var/run/watchman.pid` | High
|
||||
23 | File | `/WEB-INF/web.xml` | High
|
||||
10 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
11 | File | `/plugins/servlet/audit/resource` | High
|
||||
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
13 | File | `/replication` | Medium
|
||||
14 | File | `/RestAPI` | Medium
|
||||
15 | File | `/tmp/speedtest_urls.xml` | High
|
||||
16 | File | `/tmp/zarafa-vacation-*` | High
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `/upload` | Low
|
||||
19 | File | `/var/log/nginx` | High
|
||||
20 | File | `/var/run/watchman.pid` | High
|
||||
21 | File | `/viewer/krpano.html` | High
|
||||
22 | File | `/WEB-INF/web.xml` | High
|
||||
23 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
24 | File | `account.asp` | Medium
|
||||
25 | File | `addentry.php` | Medium
|
||||
26 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
27 | File | `admins.js` | Medium
|
||||
28 | File | `admin\model\catalog\download.php` | High
|
||||
29 | File | `AdxDSrv.exe` | Medium
|
||||
30 | File | `apcupsd.pid` | Medium
|
||||
31 | ... | ... | ...
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 264 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -41,7 +41,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -49,17 +49,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/proc/self/environ` | High
|
||||
2 | File | `/rest/project-templates/1.0/createshared` | High
|
||||
3 | File | `/server-status` | High
|
||||
4 | File | `act.php` | Low
|
||||
5 | File | `adclick.php` | Medium
|
||||
6 | File | `admin.php` | Medium
|
||||
7 | File | `administrator/mail/download.cfm` | High
|
||||
8 | File | `ashnews.php/ashheadlines.php` | High
|
||||
9 | ... | ... | ...
|
||||
1 | File | `/forum/away.php` | High
|
||||
2 | File | `/proc/self/environ` | High
|
||||
3 | File | `/rest/project-templates/1.0/createshared` | High
|
||||
4 | File | `/server-status` | High
|
||||
5 | File | `act.php` | Low
|
||||
6 | File | `adclick.php` | Medium
|
||||
7 | File | `admin.php` | Medium
|
||||
8 | File | `administrator/mail/download.cfm` | High
|
||||
9 | File | `ashnews.php/ashheadlines.php` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 71 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -463,11 +463,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -475,33 +474,33 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/addemployee.php` | High
|
||||
2 | File | `/admin/del.php` | High
|
||||
3 | File | `/admin/delete.php` | High
|
||||
4 | File | `/admin/delstu.php` | High
|
||||
5 | File | `/admin/login.php` | High
|
||||
6 | File | `/admin/products/controller.php?action=add` | High
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin/index.PHP` | High
|
||||
3 | File | `/admin/lab.php` | High
|
||||
4 | File | `/admin/sendmailto.php?tomail=&groupid=` | High
|
||||
5 | File | `/api/index.php` | High
|
||||
6 | File | `/appConfig/userDB.json` | High
|
||||
7 | File | `/bd_genie_create_account.cgi` | High
|
||||
8 | File | `/categories/view_category.php` | High
|
||||
9 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/classes/Master.php?f=delete_img` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/defaultui/player/modern.html` | High
|
||||
14 | File | `/etc/ciel.cfg` | High
|
||||
15 | File | `/etc/srapi/config/system.conf` | High
|
||||
16 | File | `/filemanager/ajax_calls.php` | High
|
||||
17 | File | `/goform/addRouting` | High
|
||||
18 | File | `/goform/Diagnosis` | High
|
||||
19 | File | `/goform/form2userconfig.cgi` | High
|
||||
20 | File | `/goform/NTPSyncWithHost` | High
|
||||
21 | File | `/goform/SetIpMacBind` | High
|
||||
22 | File | `/goform/setMAC` | High
|
||||
23 | File | `/goform/setPptpUserList` | High
|
||||
24 | File | `/goform/SystemCommand` | High
|
||||
8 | File | `/bibliography/marcsru.php` | High
|
||||
9 | File | `/c/macho_reader.c` | High
|
||||
10 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||
11 | File | `/card/in-card.php` | High
|
||||
12 | File | `/cgi-bin/kerbynet` | High
|
||||
13 | File | `/cgi-bin/koha/members/paycollect.pl` | High
|
||||
14 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
15 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/etc/networkd-dispatcher` | High
|
||||
18 | File | `/EXCU_SHELL` | Medium
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/goform/SetIpMacBind` | High
|
||||
21 | File | `/goform/setmac` | High
|
||||
22 | File | `/goform/wifiSSIDset` | High
|
||||
23 | File | `/home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf` | High
|
||||
24 | File | `/modules/modstudent/index.php?view=edit` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 213 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 206 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -35,12 +35,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1555 | CWE-312 | Cleartext Storage of Sensitive Information | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -52,10 +52,11 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/error` | Low
|
||||
3 | File | `/etc/passwd` | Medium
|
||||
4 | File | `/getcfg.php` | Medium
|
||||
5 | File | `forumrunner/includes/moderation.php` | High
|
||||
6 | ... | ... | ...
|
||||
5 | File | `awredir.pl` | Medium
|
||||
6 | File | `bta_hf_client_at.cc` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 38 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 44 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -32,6 +32,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -53,18 +53,19 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/modules/projects/vw_files.php` | High
|
||||
7 | File | `/modules/public/calendar.php` | High
|
||||
8 | File | `/ofrs/admin/?page=requests/view_request` | High
|
||||
9 | File | `/services/details.asp` | High
|
||||
10 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
11 | File | `/user/dls_download.php` | High
|
||||
12 | File | `/_core/profile/` | High
|
||||
13 | File | `adclick.php` | Medium
|
||||
14 | File | `additem.asp` | Medium
|
||||
15 | File | `addsite.php` | Medium
|
||||
16 | File | `admin/review.php` | High
|
||||
17 | File | `AdvancedBluetoothDetailsHeaderController.java` | High
|
||||
18 | ... | ... | ...
|
||||
9 | File | `/pet_shop/classes/Master.php?f=delete_sub_category` | High
|
||||
10 | File | `/services/details.asp` | High
|
||||
11 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
12 | File | `/user/dls_download.php` | High
|
||||
13 | File | `/_core/profile/` | High
|
||||
14 | File | `adclick.php` | Medium
|
||||
15 | File | `additem.asp` | Medium
|
||||
16 | File | `addsite.php` | Medium
|
||||
17 | File | `admin/review.php` | High
|
||||
18 | File | `AdvancedBluetoothDetailsHeaderController.java` | High
|
||||
19 | ... | ... | ...
|
||||
|
||||
There are 150 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 151 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -88,41 +88,41 @@ ID | Type | Indicator | Confidence
|
|||
19 | File | `/etc/config/rpcd` | High
|
||||
20 | File | `/etc/hosts` | Medium
|
||||
21 | File | `/forum/` | Low
|
||||
22 | File | `/goform/net\_Web\_get_value` | High
|
||||
23 | File | `/index.php` | Medium
|
||||
24 | File | `/index.php/weblinks-categories` | High
|
||||
25 | File | `/j_security_check` | High
|
||||
26 | File | `/login.html` | Medium
|
||||
27 | File | `/menu.html` | Medium
|
||||
28 | File | `/mics/j_spring_security_check` | High
|
||||
29 | File | `/mnt/sdcard/$PRO_NAME/upgrade.sh` | High
|
||||
30 | File | `/mnt/skyeye/mode_switch.sh` | High
|
||||
31 | File | `/mybb_1806/Upload/admin/index.php` | High
|
||||
32 | File | `/oauth/token` | Medium
|
||||
33 | File | `/plain` | Low
|
||||
34 | File | `/public/login.htm` | High
|
||||
35 | File | `/romfile.cfg` | Medium
|
||||
36 | File | `/scp/directory.php` | High
|
||||
37 | File | `/setSystemAdmin` | High
|
||||
38 | File | `/system/WCore/WHelper.php` | High
|
||||
39 | File | `/tmp/connlicj.bin` | High
|
||||
40 | File | `/uncpath/` | Medium
|
||||
41 | File | `/upload` | Low
|
||||
42 | File | `/userfs/bin/tcapi` | High
|
||||
43 | File | `/var/www/xms/application/config/config.php` | High
|
||||
44 | File | `/var/www/xms/application/controllers/gatherLogs.php` | High
|
||||
45 | File | `/var/www/xms/application/controllers/verifyLogin.php` | High
|
||||
46 | File | `/var/www/xms/cleanzip.sh` | High
|
||||
47 | File | `/vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php` | High
|
||||
48 | File | `/websocket/exec` | High
|
||||
49 | File | `/workspaceCleanup` | High
|
||||
50 | File | `/wp-admin/admin-ajax.php?action=get_wdtable&table_id=1` | High
|
||||
51 | File | `account/gallery.php` | High
|
||||
52 | File | `add_edit_cat.asp` | High
|
||||
53 | File | `admin.htm` | Medium
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goform/net\_Web\_get_value` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/index.php/weblinks-categories` | High
|
||||
26 | File | `/j_security_check` | High
|
||||
27 | File | `/login.html` | Medium
|
||||
28 | File | `/menu.html` | Medium
|
||||
29 | File | `/mics/j_spring_security_check` | High
|
||||
30 | File | `/mnt/sdcard/$PRO_NAME/upgrade.sh` | High
|
||||
31 | File | `/mnt/skyeye/mode_switch.sh` | High
|
||||
32 | File | `/mybb_1806/Upload/admin/index.php` | High
|
||||
33 | File | `/oauth/token` | Medium
|
||||
34 | File | `/plain` | Low
|
||||
35 | File | `/public/login.htm` | High
|
||||
36 | File | `/romfile.cfg` | Medium
|
||||
37 | File | `/scp/directory.php` | High
|
||||
38 | File | `/setSystemAdmin` | High
|
||||
39 | File | `/system/WCore/WHelper.php` | High
|
||||
40 | File | `/tmp/connlicj.bin` | High
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | File | `/upload` | Low
|
||||
43 | File | `/userfs/bin/tcapi` | High
|
||||
44 | File | `/var/www/xms/application/config/config.php` | High
|
||||
45 | File | `/var/www/xms/application/controllers/gatherLogs.php` | High
|
||||
46 | File | `/var/www/xms/application/controllers/verifyLogin.php` | High
|
||||
47 | File | `/var/www/xms/cleanzip.sh` | High
|
||||
48 | File | `/vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php` | High
|
||||
49 | File | `/websocket/exec` | High
|
||||
50 | File | `/workspaceCleanup` | High
|
||||
51 | File | `/wp-admin/admin-ajax.php?action=get_wdtable&table_id=1` | High
|
||||
52 | File | `account/gallery.php` | High
|
||||
53 | File | `add_edit_cat.asp` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 470 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 473 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -129,7 +129,7 @@ ID | Type | Indicator | Confidence
|
|||
32 | File | `/pages/apply_vacancy.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 280 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -55,37 +55,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/Ap4RtpAtom.cpp` | High
|
||||
3 | File | `/app/options.py` | High
|
||||
4 | File | `/bcms/admin/?page=user/list` | High
|
||||
5 | File | `/bsms/?page=manage_account` | High
|
||||
6 | File | `/cgi-bin/login.cgi` | High
|
||||
7 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
8 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
9 | File | `/dashboard/reports/logs/view` | High
|
||||
10 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/etc/hosts` | Medium
|
||||
13 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
14 | File | `/fuel/sitevariables/delete/4` | High
|
||||
15 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
16 | File | `/index/jobfairol/show/` | High
|
||||
17 | File | `/librarian/bookdetails.php` | High
|
||||
18 | File | `/mgmt/tm/util/bash` | High
|
||||
19 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
20 | File | `/monitoring` | Medium
|
||||
21 | File | `/new` | Low
|
||||
22 | File | `/proc/<PID>/mem` | High
|
||||
23 | File | `/proc/<pid>/status` | High
|
||||
24 | File | `/public/plugins/` | High
|
||||
25 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
26 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
27 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
28 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
29 | File | `/tmp` | Low
|
||||
30 | ... | ... | ...
|
||||
2 | File | `/ad_js.php` | Medium
|
||||
3 | File | `/Ap4RtpAtom.cpp` | High
|
||||
4 | File | `/app/options.py` | High
|
||||
5 | File | `/bcms/admin/?page=user/list` | High
|
||||
6 | File | `/bsms/?page=manage_account` | High
|
||||
7 | File | `/cgi-bin/login.cgi` | High
|
||||
8 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
9 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
10 | File | `/dashboard/reports/logs/view` | High
|
||||
11 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/etc/hosts` | Medium
|
||||
14 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
15 | File | `/fuel/sitevariables/delete/4` | High
|
||||
16 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
17 | File | `/index/jobfairol/show/` | High
|
||||
18 | File | `/librarian/bookdetails.php` | High
|
||||
19 | File | `/manage-apartment.php` | High
|
||||
20 | File | `/mgmt/tm/util/bash` | High
|
||||
21 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
22 | File | `/new` | Low
|
||||
23 | File | `/pages/apply_vacancy.php` | High
|
||||
24 | File | `/proc/<PID>/mem` | High
|
||||
25 | File | `/proc/<pid>/status` | High
|
||||
26 | File | `/public/plugins/` | High
|
||||
27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
28 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
29 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
30 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 266 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -94,7 +94,7 @@ ID | Type | Indicator | Confidence
|
|||
41 | File | `attachment.php` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 360 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 361 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -46,9 +46,10 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `base/ErrorHandler.php` | High
|
||||
5 | File | `blog.php` | Medium
|
||||
6 | File | `c4t64fx.c` | Medium
|
||||
7 | ... | ... | ...
|
||||
7 | File | `cgi-bin/webcm` | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 50 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 52 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
The following _campaigns_ are known and can be associated with Gamaredon:
|
||||
|
||||
* Ukraine
|
||||
* Ukraine Government
|
||||
|
||||
## Countries
|
||||
|
||||
|
@ -43,43 +44,43 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
19 | [37.140.199.20](https://vuldb.com/?ip.37.140.199.20) | 37-140-199-20.cloudvps.regruhosting.ru | - | High
|
||||
20 | [37.140.199.224](https://vuldb.com/?ip.37.140.199.224) | nedvizhimostdoma.ru | - | High
|
||||
21 | [45.32.149.8](https://vuldb.com/?ip.45.32.149.8) | 45.32.149.8.vultr.com | - | Medium
|
||||
22 | [45.134.255.131](https://vuldb.com/?ip.45.134.255.131) | - | - | High
|
||||
23 | [45.135.134.139](https://vuldb.com/?ip.45.135.134.139) | ckus.site | - | High
|
||||
24 | [70.34.194.31](https://vuldb.com/?ip.70.34.194.31) | 70.34.194.31.vultr.com | - | Medium
|
||||
25 | [70.34.194.123](https://vuldb.com/?ip.70.34.194.123) | 70.34.194.123.vultr.com | - | Medium
|
||||
26 | [70.34.195.75](https://vuldb.com/?ip.70.34.195.75) | 70.34.195.75.vultr.com | - | Medium
|
||||
27 | [70.34.197.185](https://vuldb.com/?ip.70.34.197.185) | 70.34.197.185.vultr.com | - | Medium
|
||||
28 | [70.34.198.226](https://vuldb.com/?ip.70.34.198.226) | 70.34.198.226.vultr.com | - | Medium
|
||||
29 | [70.34.199.214](https://vuldb.com/?ip.70.34.199.214) | 70.34.199.214.vultr.com | - | Medium
|
||||
30 | [70.34.202.55](https://vuldb.com/?ip.70.34.202.55) | 70.34.202.55.vultr.com | - | Medium
|
||||
31 | [70.34.204.74](https://vuldb.com/?ip.70.34.204.74) | 70.34.204.74.vultr.com | - | Medium
|
||||
32 | [70.34.204.141](https://vuldb.com/?ip.70.34.204.141) | 70.34.204.141.vultr.com | - | Medium
|
||||
33 | [70.34.208.32](https://vuldb.com/?ip.70.34.208.32) | 70.34.208.32.vultr.com | - | Medium
|
||||
34 | [78.40.219.12](https://vuldb.com/?ip.78.40.219.12) | 628153-cn06191.tmweb.ru | Ukraine | High
|
||||
35 | [80.78.240.210](https://vuldb.com/?ip.80.78.240.210) | 80-78-240-210.cloudvps.regruhosting.ru | - | High
|
||||
36 | [80.78.241.88](https://vuldb.com/?ip.80.78.241.88) | 80-78-241-88.cloudvps.regruhosting.ru | - | High
|
||||
37 | [80.78.241.253](https://vuldb.com/?ip.80.78.241.253) | 80-78-241-253.cloudvps.regruhosting.ru | - | High
|
||||
38 | [80.78.244.124](https://vuldb.com/?ip.80.78.244.124) | 80-78-244-124.cloudvps.regruhosting.ru | - | High
|
||||
39 | [80.78.244.199](https://vuldb.com/?ip.80.78.244.199) | 80-78-244-199.cloudvps.regruhosting.ru | - | High
|
||||
40 | [80.78.245.89](https://vuldb.com/?ip.80.78.245.89) | mail-open-3.nascom.nasa.gov | - | High
|
||||
41 | [80.78.245.223](https://vuldb.com/?ip.80.78.245.223) | 80-78-245-223.cloudvps.regruhosting.ru | - | High
|
||||
42 | [80.78.245.254](https://vuldb.com/?ip.80.78.245.254) | scraper.betty.network | - | High
|
||||
43 | [80.78.248.22](https://vuldb.com/?ip.80.78.248.22) | - | - | High
|
||||
44 | [80.78.248.167](https://vuldb.com/?ip.80.78.248.167) | hadassah.moscow | - | High
|
||||
45 | [80.78.248.222](https://vuldb.com/?ip.80.78.248.222) | 80-78-248-222.cloudvps.regruhosting.ru | - | High
|
||||
46 | [80.78.251.4](https://vuldb.com/?ip.80.78.251.4) | 80-78-251-4.cloudvps.regruhosting.ru | - | High
|
||||
47 | [80.78.251.191](https://vuldb.com/?ip.80.78.251.191) | 80-78-251-191.cloudvps.regruhosting.ru | - | High
|
||||
48 | [80.78.251.231](https://vuldb.com/?ip.80.78.251.231) | 80-78-251-231.cloudvps.regruhosting.ru | - | High
|
||||
49 | [80.78.253.26](https://vuldb.com/?ip.80.78.253.26) | 80-78-253-26.cloudvps.regruhosting.ru | - | High
|
||||
50 | [80.78.253.86](https://vuldb.com/?ip.80.78.253.86) | 80-78-253-86.cloudvps.regruhosting.ru | - | High
|
||||
51 | [80.78.253.196](https://vuldb.com/?ip.80.78.253.196) | 80-78-253-196.cloudvps.regruhosting.ru | - | High
|
||||
52 | [80.78.254.238](https://vuldb.com/?ip.80.78.254.238) | 80-78-254-238.cloudvps.regruhosting.ru | - | High
|
||||
53 | [83.166.242.108](https://vuldb.com/?ip.83.166.242.108) | - | - | High
|
||||
54 | [83.166.247.110](https://vuldb.com/?ip.83.166.247.110) | - | - | High
|
||||
55 | [83.166.247.185](https://vuldb.com/?ip.83.166.247.185) | - | - | High
|
||||
22 | [45.77.237.252](https://vuldb.com/?ip.45.77.237.252) | 45.77.237.252.vultrusercontent.com | Ukraine Government | High
|
||||
23 | [45.134.255.131](https://vuldb.com/?ip.45.134.255.131) | - | - | High
|
||||
24 | [45.135.134.139](https://vuldb.com/?ip.45.135.134.139) | ckus.site | - | High
|
||||
25 | [70.34.194.31](https://vuldb.com/?ip.70.34.194.31) | 70.34.194.31.vultr.com | - | Medium
|
||||
26 | [70.34.194.123](https://vuldb.com/?ip.70.34.194.123) | 70.34.194.123.vultr.com | - | Medium
|
||||
27 | [70.34.195.75](https://vuldb.com/?ip.70.34.195.75) | 70.34.195.75.vultr.com | - | Medium
|
||||
28 | [70.34.197.185](https://vuldb.com/?ip.70.34.197.185) | 70.34.197.185.vultr.com | - | Medium
|
||||
29 | [70.34.198.226](https://vuldb.com/?ip.70.34.198.226) | 70.34.198.226.vultr.com | - | Medium
|
||||
30 | [70.34.199.214](https://vuldb.com/?ip.70.34.199.214) | 70.34.199.214.vultr.com | - | Medium
|
||||
31 | [70.34.202.55](https://vuldb.com/?ip.70.34.202.55) | 70.34.202.55.vultr.com | - | Medium
|
||||
32 | [70.34.204.74](https://vuldb.com/?ip.70.34.204.74) | 70.34.204.74.vultr.com | - | Medium
|
||||
33 | [70.34.204.141](https://vuldb.com/?ip.70.34.204.141) | 70.34.204.141.vultr.com | - | Medium
|
||||
34 | [70.34.208.32](https://vuldb.com/?ip.70.34.208.32) | 70.34.208.32.vultr.com | - | Medium
|
||||
35 | [78.40.219.12](https://vuldb.com/?ip.78.40.219.12) | 628153-cn06191.tmweb.ru | Ukraine | High
|
||||
36 | [80.78.240.210](https://vuldb.com/?ip.80.78.240.210) | 80-78-240-210.cloudvps.regruhosting.ru | - | High
|
||||
37 | [80.78.241.88](https://vuldb.com/?ip.80.78.241.88) | 80-78-241-88.cloudvps.regruhosting.ru | - | High
|
||||
38 | [80.78.241.253](https://vuldb.com/?ip.80.78.241.253) | 80-78-241-253.cloudvps.regruhosting.ru | - | High
|
||||
39 | [80.78.244.124](https://vuldb.com/?ip.80.78.244.124) | 80-78-244-124.cloudvps.regruhosting.ru | - | High
|
||||
40 | [80.78.244.199](https://vuldb.com/?ip.80.78.244.199) | 80-78-244-199.cloudvps.regruhosting.ru | - | High
|
||||
41 | [80.78.245.89](https://vuldb.com/?ip.80.78.245.89) | mail-open-3.nascom.nasa.gov | - | High
|
||||
42 | [80.78.245.223](https://vuldb.com/?ip.80.78.245.223) | 80-78-245-223.cloudvps.regruhosting.ru | - | High
|
||||
43 | [80.78.245.254](https://vuldb.com/?ip.80.78.245.254) | scraper.betty.network | - | High
|
||||
44 | [80.78.248.22](https://vuldb.com/?ip.80.78.248.22) | - | - | High
|
||||
45 | [80.78.248.167](https://vuldb.com/?ip.80.78.248.167) | hadassah.moscow | - | High
|
||||
46 | [80.78.248.222](https://vuldb.com/?ip.80.78.248.222) | 80-78-248-222.cloudvps.regruhosting.ru | - | High
|
||||
47 | [80.78.251.4](https://vuldb.com/?ip.80.78.251.4) | 80-78-251-4.cloudvps.regruhosting.ru | - | High
|
||||
48 | [80.78.251.191](https://vuldb.com/?ip.80.78.251.191) | 80-78-251-191.cloudvps.regruhosting.ru | - | High
|
||||
49 | [80.78.251.231](https://vuldb.com/?ip.80.78.251.231) | 80-78-251-231.cloudvps.regruhosting.ru | - | High
|
||||
50 | [80.78.253.26](https://vuldb.com/?ip.80.78.253.26) | 80-78-253-26.cloudvps.regruhosting.ru | - | High
|
||||
51 | [80.78.253.86](https://vuldb.com/?ip.80.78.253.86) | 80-78-253-86.cloudvps.regruhosting.ru | - | High
|
||||
52 | [80.78.253.196](https://vuldb.com/?ip.80.78.253.196) | 80-78-253-196.cloudvps.regruhosting.ru | - | High
|
||||
53 | [80.78.254.238](https://vuldb.com/?ip.80.78.254.238) | 80-78-254-238.cloudvps.regruhosting.ru | - | High
|
||||
54 | [83.166.242.108](https://vuldb.com/?ip.83.166.242.108) | - | - | High
|
||||
55 | [83.166.247.110](https://vuldb.com/?ip.83.166.247.110) | - | - | High
|
||||
56 | ... | ... | ... | ...
|
||||
|
||||
There are 219 more IOC items available. Please use our online service to access the data.
|
||||
There are 222 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -116,6 +117,7 @@ There are 53 more IOA items available (file, library, argument, input value, pat
|
|||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://1275.ru/ioc/215/gamaredon-apt-iocs/
|
||||
* https://blog.talosintelligence.com/2022/09/gamaredon-apt-targets-ukrainian-agencies.html
|
||||
* https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/
|
||||
* https://cert.gov.ua/article/10702
|
||||
* https://github.com/blackorbird/APT_REPORT/blob/master/Gamaredon/Gamaredon202102_ioc1000%2B.csv
|
||||
|
|
|
@ -96,7 +96,7 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 254 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 253 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -104,7 +104,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -112,45 +112,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin/lab.php` | High
|
||||
3 | File | `/admin/students/view_student.php` | High
|
||||
4 | File | `/app/options.py` | High
|
||||
5 | File | `/bd_genie_create_account.cgi` | High
|
||||
6 | File | `/ci_spms/admin/category` | High
|
||||
7 | File | `/ci_spms/admin/search/searching/` | High
|
||||
8 | File | `/claire_blake` | High
|
||||
9 | File | `/classes/Master.php?f=delete_train` | High
|
||||
10 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||
11 | File | `/dashboard/menu-list.php` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/defaultui/player/modern.html` | High
|
||||
14 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
15 | File | `/etc/shadow.sample` | High
|
||||
16 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
17 | File | `/gaia-job-admin/user/add` | High
|
||||
18 | File | `/ghost/preview` | High
|
||||
19 | File | `/goform/SetIpMacBind` | High
|
||||
20 | File | `/goform/setmac` | High
|
||||
21 | File | `/htdocs/utils/Files.php` | High
|
||||
22 | File | `/Items/*/RemoteImages/Download` | High
|
||||
23 | File | `/jfinal_cms/system/role/list` | High
|
||||
24 | File | `/librarian/edit_book_details.php` | High
|
||||
25 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
26 | File | `/management/api/rcx_management/global_config_query` | High
|
||||
27 | File | `/master/index.php` | High
|
||||
28 | File | `/mkshop/Men/profile.php` | High
|
||||
29 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
30 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
31 | File | `/p1/p2/:name` | Medium
|
||||
32 | File | `/pages/faculty_sched.php` | High
|
||||
33 | File | `/pages/processlogin.php` | High
|
||||
34 | File | `/php_action/createUser.php` | High
|
||||
35 | File | `/rdms/admin/?page=user/manage_user` | High
|
||||
36 | File | `/redbin/rpwebutilities.exe/text` | High
|
||||
3 | File | `/admin/login.php` | High
|
||||
4 | File | `/admin/students/view_student.php` | High
|
||||
5 | File | `/app/options.py` | High
|
||||
6 | File | `/appConfig/userDB.json` | High
|
||||
7 | File | `/bd_genie_create_account.cgi` | High
|
||||
8 | File | `/bin/httpd` | Medium
|
||||
9 | File | `/c/macho_reader.c` | High
|
||||
10 | File | `/cgi-bin/wapopen` | High
|
||||
11 | File | `/ci_spms/admin/category` | High
|
||||
12 | File | `/ci_spms/admin/search/searching/` | High
|
||||
13 | File | `/claire_blake` | High
|
||||
14 | File | `/classes/Master.php?f=delete_train` | High
|
||||
15 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||
16 | File | `/dashboard/menu-list.php` | High
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/defaultui/player/modern.html` | High
|
||||
19 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
20 | File | `/etc/shadow.sample` | High
|
||||
21 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/ghost/preview` | High
|
||||
24 | File | `/goform/SetIpMacBind` | High
|
||||
25 | File | `/goform/setmac` | High
|
||||
26 | File | `/htdocs/utils/Files.php` | High
|
||||
27 | File | `/Items/*/RemoteImages/Download` | High
|
||||
28 | File | `/jfinal_cms/system/role/list` | High
|
||||
29 | File | `/librarian/edit_book_details.php` | High
|
||||
30 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
31 | File | `/management/api/rcx_management/global_config_query` | High
|
||||
32 | File | `/master/index.php` | High
|
||||
33 | File | `/mkshop/Men/profile.php` | High
|
||||
34 | File | `/p1/p2/:name` | Medium
|
||||
35 | File | `/pages/faculty_sched.php` | High
|
||||
36 | File | `/pages/processlogin.php` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 315 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Glupteba:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -49,6 +50,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -56,8 +58,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | Library | `tandberg/web/lib/secure.php` | High
|
||||
2 | Argument | `tandberg_login=` | High
|
||||
1 | File | `/pages/processlogin.php` | High
|
||||
2 | Library | `tandberg/web/lib/secure.php` | High
|
||||
3 | Argument | `tandberg_login=` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -155,7 +155,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
@ -163,7 +163,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -173,41 +173,41 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `.forward` | Medium
|
||||
2 | File | `/#/network?tab=network_node_list.html` | High
|
||||
3 | File | `/admin/addemployee.php` | High
|
||||
4 | File | `/admin/del.php` | High
|
||||
5 | File | `/admin/lab.php` | High
|
||||
6 | File | `/admin/login.php` | High
|
||||
7 | File | `/admin/searchview.php` | High
|
||||
8 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
9 | File | `/ad_js.php` | Medium
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/plugin/uninstall` | High
|
||||
12 | File | `/app/options.py` | High
|
||||
13 | File | `/blog/edit` | Medium
|
||||
14 | File | `/catcompany.php` | High
|
||||
15 | File | `/category/controller.php?action=edit` | High
|
||||
16 | File | `/cgi/get_param.cgi` | High
|
||||
17 | File | `/chart` | Low
|
||||
18 | File | `/ci_spms/admin/category` | High
|
||||
19 | File | `/ci_spms/admin/search/searching/` | High
|
||||
20 | File | `/classes/Master.php?f=delete_account` | High
|
||||
21 | File | `/dashboard/reports/logs/view` | High
|
||||
22 | File | `/dashboard/updatelogo.php` | High
|
||||
23 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/dede/co_do.php` | High
|
||||
26 | File | `/etc/hosts` | Medium
|
||||
27 | File | `/etc/init.d/sshd_service` | High
|
||||
28 | File | `/goform/addRouting` | High
|
||||
29 | File | `/goform/saveParentControlInfo` | High
|
||||
30 | File | `/goform/SystemCommand` | High
|
||||
31 | File | `/index.php` | Medium
|
||||
32 | File | `/interview/editQuestion.php` | High
|
||||
33 | File | `/librarian/lab.php` | High
|
||||
34 | File | `/login.php` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin/addemployee.php` | High
|
||||
5 | File | `/admin/contact/list` | High
|
||||
6 | File | `/admin/del.php` | High
|
||||
7 | File | `/admin/folderrollpicture/list` | High
|
||||
8 | File | `/admin/imagealbum/list` | High
|
||||
9 | File | `/admin/lab.php` | High
|
||||
10 | File | `/admin/login.php` | High
|
||||
11 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
12 | File | `/ad_js.php` | Medium
|
||||
13 | File | `/api/` | Low
|
||||
14 | File | `/api/plugin/uninstall` | High
|
||||
15 | File | `/bin/httpd` | Medium
|
||||
16 | File | `/blog/edit` | Medium
|
||||
17 | File | `/catcompany.php` | High
|
||||
18 | File | `/category/controller.php?action=edit` | High
|
||||
19 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
20 | File | `/cgi/get_param.cgi` | High
|
||||
21 | File | `/chart` | Low
|
||||
22 | File | `/classes/Master.php?f=delete_account` | High
|
||||
23 | File | `/dashboard/reports/logs/view` | High
|
||||
24 | File | `/dashboard/updatelogo.php` | High
|
||||
25 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
26 | File | `/debug/pprof` | Medium
|
||||
27 | File | `/dede/co_do.php` | High
|
||||
28 | File | `/etc/hosts` | Medium
|
||||
29 | File | `/etc/init.d/sshd_service` | High
|
||||
30 | File | `/goform/addRouting` | High
|
||||
31 | File | `/goform/saveParentControlInfo` | High
|
||||
32 | File | `/goform/setmac` | High
|
||||
33 | File | `/goform/SystemCommand` | High
|
||||
34 | File | `/index.php` | Medium
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 300 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -14,8 +14,8 @@ The following _campaigns_ are known and can be associated with Inception:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Inception:
|
||||
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
|
@ -46,7 +46,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -54,60 +54,59 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/header.inc.php` | High
|
||||
2 | File | `/admin/login.php` | High
|
||||
3 | File | `/admin/plugins/NP_Referrer.php` | High
|
||||
4 | File | `/admin/products/controller.php?action=add` | High
|
||||
5 | File | `/AJAX/ajaxget` | High
|
||||
6 | File | `/ajax/clear_tools_log/` | High
|
||||
7 | File | `/api/` | Low
|
||||
8 | File | `/api/v2/labels/` | High
|
||||
9 | File | `/bin/posix/src/ports/POSIX/OpENer` | High
|
||||
10 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||
11 | File | `/claire_blake` | High
|
||||
12 | File | `/classes/Master.php?f=delete_train` | High
|
||||
13 | File | `/common/bbox.cpp` | High
|
||||
14 | File | `/dotrace.asp` | Medium
|
||||
15 | File | `/etc/fstab` | Medium
|
||||
16 | File | `/etc/origin/master/master-config.yaml` | High
|
||||
17 | File | `/etc/shadow.sample` | High
|
||||
18 | File | `/footer.inc.php` | High
|
||||
19 | File | `/gasmark/assets/myimages/oneWord.php` | High
|
||||
20 | File | `/goform/formWifiBasicSet` | High
|
||||
21 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
22 | File | `/htdocs/utils/Files.php` | High
|
||||
23 | File | `/include/notify.inc.php` | High
|
||||
24 | File | `/index.php?route=extension/module/so_filter_shop_by/filter_data` | High
|
||||
25 | File | `/list` | Low
|
||||
26 | File | `/master/index.php` | High
|
||||
27 | File | `/mcategory.php` | High
|
||||
28 | File | `/mdiy/model/delete` | High
|
||||
29 | File | `/modules/tasks/gantt.php` | High
|
||||
30 | File | `/net/nfc/netlink.c` | High
|
||||
31 | File | `/pages/permit/permit.php` | High
|
||||
32 | File | `/patient/settings.php` | High
|
||||
33 | File | `/pms/update_user.php?user_id=1` | High
|
||||
34 | File | `/ptipupgrade.cgi` | High
|
||||
35 | File | `/release-x64/otfccdump` | High
|
||||
36 | File | `/staff/lab.php` | High
|
||||
37 | File | `/student/dele.php` | High
|
||||
38 | File | `/superguestconfig` | High
|
||||
39 | File | `/tmp` | Low
|
||||
40 | File | `/upload/admin.php?/deal/` | High
|
||||
41 | File | `/usr/sbin/sendmail` | High
|
||||
42 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
||||
43 | File | `/var/run/watchman.pid` | High
|
||||
44 | File | `/www/cgi-bin/popen.cgi` | High
|
||||
45 | File | `/xpdf/AcroForm.cc` | High
|
||||
46 | File | `/xpdf/Stream.cc` | High
|
||||
47 | File | `add.php` | Low
|
||||
48 | File | `addlinksform.php` | High
|
||||
49 | File | `addlyricsform.php` | High
|
||||
50 | File | `addons/sidebar.php` | High
|
||||
51 | File | `addreviewsform.php` | High
|
||||
52 | ... | ... | ...
|
||||
1 | File | `/admin/comment/list` | High
|
||||
2 | File | `/admin/header.inc.php` | High
|
||||
3 | File | `/admin/index.PHP` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/admin/plugins/NP_Referrer.php` | High
|
||||
6 | File | `/admin/products/controller.php?action=add` | High
|
||||
7 | File | `/admin/profile.php` | High
|
||||
8 | File | `/admin/sendmailto.php?tomail=&groupid=` | High
|
||||
9 | File | `/admin/site/list` | High
|
||||
10 | File | `/AJAX/ajaxget` | High
|
||||
11 | File | `/api/` | Low
|
||||
12 | File | `/api/v2/labels/` | High
|
||||
13 | File | `/asan/asan_interceptors_memintrinsics.cpp` | High
|
||||
14 | File | `/bin/posix/src/ports/POSIX/OpENer` | High
|
||||
15 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||
16 | File | `/cgi-bin/R14.2/cgi-bin/R14.2/host.pl` | High
|
||||
17 | File | `/claire_blake` | High
|
||||
18 | File | `/common/bbox.cpp` | High
|
||||
19 | File | `/dotrace.asp` | Medium
|
||||
20 | File | `/etc/origin/master/master-config.yaml` | High
|
||||
21 | File | `/etc/shadow.sample` | High
|
||||
22 | File | `/footer.inc.php` | High
|
||||
23 | File | `/gasmark/assets/myimages/oneWord.php` | High
|
||||
24 | File | `/goform/formWifiBasicSet` | High
|
||||
25 | File | `/goform/NatStaticSetting` | High
|
||||
26 | File | `/goform/saveParentControlInfo` | High
|
||||
27 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
28 | File | `/htdocs/utils/Files.php` | High
|
||||
29 | File | `/include/notify.inc.php` | High
|
||||
30 | File | `/master/index.php` | High
|
||||
31 | File | `/mdiy/model/delete` | High
|
||||
32 | File | `/modules/tasks/gantt.php` | High
|
||||
33 | File | `/net-banking/customer_transactions.php` | High
|
||||
34 | File | `/net/nfc/netlink.c` | High
|
||||
35 | File | `/pages/permit/permit.php` | High
|
||||
36 | File | `/patient/settings.php` | High
|
||||
37 | File | `/ptipupgrade.cgi` | High
|
||||
38 | File | `/release-x64/otfccdump` | High
|
||||
39 | File | `/release-x64/otfccdump+0x6e7e3d` | High
|
||||
40 | File | `/release-x64/otfccdump+0x6e20a0` | High
|
||||
41 | File | `/staff/lab.php` | High
|
||||
42 | File | `/student/dele.php` | High
|
||||
43 | File | `/superguestconfig` | High
|
||||
44 | File | `/SVFE2/pages/audit/voiceaudit.jsf` | High
|
||||
45 | File | `/tmp` | Low
|
||||
46 | File | `/upload/admin.php?/deal/` | High
|
||||
47 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
||||
48 | File | `/WebInterface/UserManager/` | High
|
||||
49 | File | `/www/cgi-bin/popen.cgi` | High
|
||||
50 | File | `/xpdf/AcroForm.cc` | High
|
||||
51 | ... | ... | ...
|
||||
|
||||
There are 453 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 445 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [HK](https://vuldb.com/?country.hk)
|
||||
* [NZ](https://vuldb.com/?country.nz)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -287,14 +287,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -302,31 +301,33 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%ProgramData%\GOG.com` | High
|
||||
2 | File | `/admin/index.php` | High
|
||||
3 | File | `/admin/list_key.html` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/asan/asan_interceptors_memintrinsics.cpp` | High
|
||||
6 | File | `/asan/asan_new_delete.cpp` | High
|
||||
7 | File | `/bin/png2swf` | Medium
|
||||
8 | File | `/bits/stl_vector.h` | High
|
||||
9 | File | `/blog/blogpublish.php` | High
|
||||
10 | File | `/blotter/blotter.php` | High
|
||||
11 | File | `/claire_blake` | High
|
||||
12 | File | `/common/bbox.cpp` | High
|
||||
13 | File | `/controller/OnlinePreviewController.java` | High
|
||||
14 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
15 | File | `/Exago/WrImageResource.adx` | High
|
||||
16 | File | `/fax/fax_send.php` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/gfxpoly/stroke.c` | High
|
||||
19 | File | `/guestmanagement/front.php` | High
|
||||
20 | File | `/htdocs/upnpinc/gena.php` | High
|
||||
21 | File | `/htmldoc/htmldoc/html.cxx` | High
|
||||
22 | File | `/index.php` | Medium
|
||||
23 | ... | ... | ...
|
||||
1 | File | `/admin/addemployee.php` | High
|
||||
2 | File | `/admin_book.php` | High
|
||||
3 | File | `/api/` | Low
|
||||
4 | File | `/bd_genie_create_account.cgi` | High
|
||||
5 | File | `/bibliography/marcsru.php` | High
|
||||
6 | File | `/c/macho_reader.c` | High
|
||||
7 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||
8 | File | `/card/in-card.php` | High
|
||||
9 | File | `/cgi-bin/kerbynet` | High
|
||||
10 | File | `/cgi-bin/koha/members/paycollect.pl` | High
|
||||
11 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/defaultui/player/modern.html` | High
|
||||
14 | File | `/EXCU_SHELL` | Medium
|
||||
15 | File | `/filemanager/ajax_calls.php` | High
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/goform/addRouting` | High
|
||||
18 | File | `/goform/Diagnosis` | High
|
||||
19 | File | `/goform/form2userconfig.cgi` | High
|
||||
20 | File | `/goform/NTPSyncWithHost` | High
|
||||
21 | File | `/goform/SetIpMacBind` | High
|
||||
22 | File | `/goform/SetLEDCfg` | High
|
||||
23 | File | `/goform/setMAC` | High
|
||||
24 | File | `/goform/setMacFilterCfg` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 188 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 211 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -55,16 +55,16 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/administration/theme.php` | High
|
||||
2 | File | `/cgi-bin/webproc` | High
|
||||
3 | File | `/index.php` | Medium
|
||||
4 | File | `/ofrs/admin/?page=requests/manage_request` | High
|
||||
5 | File | `/spip.php` | Medium
|
||||
6 | File | `/wp-admin/admin-ajax.php` | High
|
||||
7 | File | `announcement.php` | High
|
||||
8 | File | `attachment.php` | High
|
||||
9 | File | `auth-gss2.c` | Medium
|
||||
3 | File | `/forum/away.php` | High
|
||||
4 | File | `/index.php` | Medium
|
||||
5 | File | `/ofrs/admin/?page=requests/manage_request` | High
|
||||
6 | File | `/spip.php` | Medium
|
||||
7 | File | `/wp-admin/admin-ajax.php` | High
|
||||
8 | File | `announcement.php` | High
|
||||
9 | File | `attachment.php` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 71 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 74 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kovter:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
@ -204,13 +204,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -218,30 +220,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.python-version` | High
|
||||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/admin/curltest.cgi` | High
|
||||
4 | File | `/admin/js` | Medium
|
||||
5 | File | `/admin/vca/bia/addacph.cgi` | High
|
||||
6 | File | `/api/plugin/uninstall` | High
|
||||
7 | File | `/api/plugin/upload` | High
|
||||
8 | File | `/api/sys_username_passwd.cmd` | High
|
||||
9 | File | `/app/controller/Books.php` | High
|
||||
10 | File | `/app/options.py` | High
|
||||
11 | File | `/bin/posix/src/ports/POSIX/OpENer` | High
|
||||
12 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||
13 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
14 | File | `/cgi-bin/nightled.cgi` | High
|
||||
15 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
16 | File | `/conf/` | Low
|
||||
17 | File | `/dashboard/menu-list.php` | High
|
||||
18 | File | `/dashboard/profile.php` | High
|
||||
19 | File | `/dashboard/table-list.php` | High
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin/addemployee.php` | High
|
||||
3 | File | `/admin/del.php` | High
|
||||
4 | File | `/admin/delete.php` | High
|
||||
5 | File | `/admin/delstu.php` | High
|
||||
6 | File | `/admin/index.PHP` | High
|
||||
7 | File | `/admin/login.php` | High
|
||||
8 | File | `/admin/products/controller.php?action=add` | High
|
||||
9 | File | `/admin/sendmailto.php?tomail=&groupid=` | High
|
||||
10 | File | `/admin_book.php` | High
|
||||
11 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
12 | File | `/blog/post/edit` | High
|
||||
13 | File | `/c/macho_reader.c` | High
|
||||
14 | File | `/categories/view_category.php` | High
|
||||
15 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||
16 | File | `/cgi-bin/kerbynet` | High
|
||||
17 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
18 | File | `/classes/Master.php?f=delete_img` | High
|
||||
19 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/donor-wall` | Medium
|
||||
22 | ... | ... | ...
|
||||
21 | File | `/etc/ciel.cfg` | High
|
||||
22 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
23 | File | `/etc/shadow` | Medium
|
||||
24 | File | `/etc/shadow.sample` | High
|
||||
25 | File | `/EXCU_SHELL` | Medium
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/framework/mod/db/DBMapper.xml` | High
|
||||
28 | File | `/goform/addRouting` | High
|
||||
29 | File | `/goform/Diagnosis` | High
|
||||
30 | File | `/goform/form2userconfig.cgi` | High
|
||||
31 | File | `/goform/NTPSyncWithHost` | High
|
||||
32 | File | `/goform/SetIpMacBind` | High
|
||||
33 | File | `/goform/SetLEDCfg` | High
|
||||
34 | File | `/goform/setMAC` | High
|
||||
35 | File | `/goform/setMacFilterCfg` | High
|
||||
36 | File | `/goform/setPptpUserList` | High
|
||||
37 | File | `/goform/SystemCommand` | High
|
||||
38 | File | `/goform/WanParameterSetting` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 186 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 339 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LDMiner:
|
||||
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
@ -18,6 +19,15 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [167.71.87.85](https://vuldb.com/?ip.167.71.87.85) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _LDMiner_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
|
||||
2 | T1204.001 | CWE-601 | Open Redirect | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by LDMiner. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
|
|
@ -26,7 +26,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -267,11 +267,11 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -279,30 +279,30 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/?page=reports/stockin` | High
|
||||
2 | File | `/admin/?page=reports/stockout` | High
|
||||
3 | File | `/admin/?page=reports/waste` | High
|
||||
4 | File | `/admin/?page=user/manage_user` | High
|
||||
5 | File | `/admin/addemployee.php` | High
|
||||
6 | File | `/admin/del.php` | High
|
||||
7 | File | `/admin/delete.php` | High
|
||||
8 | File | `/admin/delstu.php` | High
|
||||
9 | File | `/admin/login.php` | High
|
||||
10 | File | `/admin/products/controller.php?action=add` | High
|
||||
11 | File | `/bd_genie_create_account.cgi` | High
|
||||
12 | File | `/categories/view_category.php` | High
|
||||
13 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||
14 | File | `/classes/Master.php?f=delete_img` | High
|
||||
15 | File | `/defaultui/player/modern.html` | High
|
||||
16 | File | `/etc/ciel.cfg` | High
|
||||
17 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
18 | File | `/etc/srapi/config/system.conf` | High
|
||||
19 | File | `/goform/addRouting` | High
|
||||
20 | File | `/goform/Diagnosis` | High
|
||||
21 | File | `/goform/form2userconfig.cgi` | High
|
||||
1 | File | `/admin/addemployee.php` | High
|
||||
2 | File | `/admin/login.php` | High
|
||||
3 | File | `/admin/products/controller.php?action=add` | High
|
||||
4 | File | `/bd_genie_create_account.cgi` | High
|
||||
5 | File | `/bibliography/marcsru.php` | High
|
||||
6 | File | `/bin/httpd` | Medium
|
||||
7 | File | `/c/macho_reader.c` | High
|
||||
8 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||
9 | File | `/card/in-card.php` | High
|
||||
10 | File | `/categories/view_category.php` | High
|
||||
11 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||
12 | File | `/cgi-bin/wapopen` | High
|
||||
13 | File | `/defaultui/player/modern.html` | High
|
||||
14 | File | `/etc/ciel.cfg` | High
|
||||
15 | File | `/etc/srapi/config/system.conf` | High
|
||||
16 | File | `/goform/addRouting` | High
|
||||
17 | File | `/goform/Diagnosis` | High
|
||||
18 | File | `/goform/form2userconfig.cgi` | High
|
||||
19 | File | `/goform/NTPSyncWithHost` | High
|
||||
20 | File | `/goform/SetIpMacBind` | High
|
||||
21 | File | `/goform/setMAC` | High
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 183 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 184 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -69,43 +69,42 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.python-version` | High
|
||||
2 | File | `/admin/inc/include.php` | High
|
||||
3 | File | `/admin/index.php` | High
|
||||
4 | File | `/advance_push/public/login` | High
|
||||
5 | File | `/alarm_pi/alarmService.php` | High
|
||||
6 | File | `/app/controller/Books.php` | High
|
||||
7 | File | `/appliance/users?action=edit` | High
|
||||
8 | File | `/ATL/VQ23` | Medium
|
||||
9 | File | `/bin/login` | Medium
|
||||
10 | File | `/catcompany.php` | High
|
||||
11 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
12 | File | `/cgi-bin/kerbynet` | High
|
||||
13 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
14 | File | `/coreframe/app/pay/admin/index.php` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/etc/hosts` | Medium
|
||||
17 | File | `/etc/quagga` | Medium
|
||||
4 | File | `/alarm_pi/alarmService.php` | High
|
||||
5 | File | `/app/controller/Books.php` | High
|
||||
6 | File | `/appliance/users?action=edit` | High
|
||||
7 | File | `/bin/login` | Medium
|
||||
8 | File | `/catcompany.php` | High
|
||||
9 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
10 | File | `/cgi-bin/kerbynet` | High
|
||||
11 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/coreframe/app/pay/admin/index.php` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/etc/hosts` | Medium
|
||||
16 | File | `/etc/shadow` | Medium
|
||||
17 | File | `/EXCU_SHELL` | Medium
|
||||
18 | File | `/filemanager/php/connector.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/h/search?action` | High
|
||||
21 | File | `/index.php?action=seomatic/file/seo-file-link` | High
|
||||
22 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
23 | File | `/language/lang` | High
|
||||
24 | File | `/loginsave.php` | High
|
||||
25 | File | `/menu.html` | Medium
|
||||
26 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||
27 | File | `/modules/projects/vw_files.php` | High
|
||||
28 | File | `/owa/auth/logon.aspx` | High
|
||||
29 | File | `/ows-bin` | Medium
|
||||
30 | File | `/public/plugins/` | High
|
||||
31 | File | `/recreate.php` | High
|
||||
32 | File | `/rest/collectors/1.0/template/custom` | High
|
||||
33 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
34 | File | `/sql/sql_string.h` | High
|
||||
35 | File | `/sql/sql_type.cc` | High
|
||||
36 | File | `/strings/ctype-latin1.c` | High
|
||||
37 | File | `/strings/ctype-simple.c` | High
|
||||
38 | ... | ... | ...
|
||||
21 | File | `/home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf` | High
|
||||
22 | File | `/index.php?action=seomatic/file/seo-file-link` | High
|
||||
23 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
24 | File | `/language/lang` | High
|
||||
25 | File | `/loginsave.php` | High
|
||||
26 | File | `/loginVaLidation.php` | High
|
||||
27 | File | `/menu.html` | Medium
|
||||
28 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||
29 | File | `/modules/projects/vw_files.php` | High
|
||||
30 | File | `/owa/auth/logon.aspx` | High
|
||||
31 | File | `/ows-bin` | Medium
|
||||
32 | File | `/recreate.php` | High
|
||||
33 | File | `/rest/collectors/1.0/template/custom` | High
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/way4acs/enroll` | High
|
||||
36 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LinuxMoose:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
@ -50,7 +50,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -59,35 +59,36 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/Ap4RtpAtom.cpp` | High
|
||||
3 | File | `/app/options.py` | High
|
||||
4 | File | `/bcms/admin/?page=user/list` | High
|
||||
5 | File | `/bsms/?page=manage_account` | High
|
||||
6 | File | `/cgi-bin/login.cgi` | High
|
||||
7 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
8 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
2 | File | `/ad_js.php` | Medium
|
||||
3 | File | `/Ap4RtpAtom.cpp` | High
|
||||
4 | File | `/app/options.py` | High
|
||||
5 | File | `/bcms/admin/?page=user/list` | High
|
||||
6 | File | `/bsms/?page=manage_account` | High
|
||||
7 | File | `/cgi-bin/login.cgi` | High
|
||||
8 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
9 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
10 | File | `/dashboard/reports/logs/view` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/etc/hosts` | Medium
|
||||
13 | File | `/file?action=download&file` | High
|
||||
11 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/etc/hosts` | Medium
|
||||
14 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
15 | File | `/fuel/sitevariables/delete/4` | High
|
||||
16 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
17 | File | `/index/jobfairol/show/` | High
|
||||
18 | File | `/librarian/bookdetails.php` | High
|
||||
19 | File | `/mgmt/tm/util/bash` | High
|
||||
20 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
21 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
22 | File | `/proc/<PID>/mem` | High
|
||||
23 | File | `/public/plugins/` | High
|
||||
24 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
25 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
26 | File | `/tmp` | Low
|
||||
19 | File | `/manage-apartment.php` | High
|
||||
20 | File | `/mgmt/tm/util/bash` | High
|
||||
21 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
22 | File | `/pages/apply_vacancy.php` | High
|
||||
23 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
24 | File | `/proc/<PID>/mem` | High
|
||||
25 | File | `/recordings/index.php` | High
|
||||
26 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
27 | File | `/tmp/zarafa-vacation-*` | High
|
||||
28 | ... | ... | ...
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 236 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 244 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
@ -63,7 +63,7 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `attachmentlibrary.php` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 107 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 108 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 30 more country items available. Please use our online service to access the data.
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -98,10 +98,9 @@ ID | Type | Indicator | Confidence
|
|||
41 | File | `/whbs/?page=my_bookings` | High
|
||||
42 | File | `/wp-admin/admin-ajax.php` | High
|
||||
43 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
44 | File | `/wp-json` | Medium
|
||||
45 | ... | ... | ...
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Magecart:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -51,11 +51,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-272, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -65,53 +64,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/image.php` | High
|
||||
2 | File | `/admin/js` | Medium
|
||||
3 | File | `/ad_js.php` | Medium
|
||||
4 | File | `/app/options.py` | High
|
||||
5 | File | `/bin/png2swf` | Medium
|
||||
6 | File | `/bin/posix/src/ports/POSIX/OpENer` | High
|
||||
7 | File | `/conf/` | Low
|
||||
8 | File | `/dashboard/reports/logs/view` | High
|
||||
9 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
10 | File | `/etc/hosts` | Medium
|
||||
11 | File | `/frm/` | Low
|
||||
12 | File | `/goform/WifiMacFilterSet` | High
|
||||
13 | File | `/home/www/cgi-bin/diagnostics.cgi` | High
|
||||
14 | File | `/htmldoc/htmldoc/html.cxx` | High
|
||||
15 | File | `/include/comm_post.inc.php` | High
|
||||
16 | File | `/index.php` | Medium
|
||||
17 | File | `/jpeg-quantsmooth/jpegqs` | High
|
||||
18 | File | `/linux/main.cpp` | High
|
||||
19 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
20 | File | `/pages/class_sched.php` | High
|
||||
21 | File | `/php_action/createUser.php` | High
|
||||
22 | File | `/pkg/util` | Medium
|
||||
23 | File | `/pms/index.php` | High
|
||||
24 | File | `/proc/<PID>/mem` | High
|
||||
25 | File | `/release-x64/otfccdump` | High
|
||||
26 | File | `/secure/ViewCollectors` | High
|
||||
27 | File | `/services/v4/invoiceImg` | High
|
||||
28 | File | `/stdio-common/vfprintf.c` | High
|
||||
29 | File | `/tmp/tardiff-$` | High
|
||||
30 | File | `/upload` | Low
|
||||
31 | File | `/usr/local/sbin/webproject/set_param.cgi` | High
|
||||
32 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
||||
33 | File | `/vendor/views/add_product.php` | High
|
||||
34 | File | `/wabt/bin/poc.wasm` | High
|
||||
35 | File | `/xpdf/Stream.cc` | High
|
||||
36 | File | `addinterviewsform.php` | High
|
||||
37 | File | `addmembioform.php` | High
|
||||
38 | File | `adm.cgi` | Low
|
||||
39 | File | `admin.php` | Medium
|
||||
40 | File | `admin.php3` | Medium
|
||||
41 | File | `admin/detay_yorum.asp` | High
|
||||
42 | File | `admin/header.php` | High
|
||||
43 | File | `admin/manufacturers.php` | High
|
||||
44 | File | `Admin/Staff` | Medium
|
||||
45 | ... | ... | ...
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin/changestock.php` | High
|
||||
3 | File | `/admin/contact/list` | High
|
||||
4 | File | `/admin/delete.php` | High
|
||||
5 | File | `/admin/edit_visitor.php` | High
|
||||
6 | File | `/admin/image.php` | High
|
||||
7 | File | `/admin/modify.php` | High
|
||||
8 | File | `/admin/settings/fields` | High
|
||||
9 | File | `/ad_js.php` | Medium
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/plugin/uninstall` | High
|
||||
12 | File | `/bin/httpd` | Medium
|
||||
13 | File | `/bin/png2swf` | Medium
|
||||
14 | File | `/blogengine/api/posts` | High
|
||||
15 | File | `/brand.php` | Medium
|
||||
16 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
17 | File | `/classes/Master.php?f=delete_item` | High
|
||||
18 | File | `/classes/Master.php?f=delete_stockin` | High
|
||||
19 | File | `/classes/Master.php?f=delete_student` | High
|
||||
20 | File | `/conf/users` | Medium
|
||||
21 | File | `/controller/OnlinePreviewController.java` | High
|
||||
22 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||
23 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/etc/ciel.cfg` | High
|
||||
26 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
27 | File | `/etc/shadow.sample` | High
|
||||
28 | File | `/frm/` | Low
|
||||
29 | File | `/goform/setmac` | High
|
||||
30 | File | `/goform/WifiMacFilterSet` | High
|
||||
31 | File | `/home/www/cgi-bin/diagnostics.cgi` | High
|
||||
32 | File | `/htmldoc/htmldoc/html.cxx` | High
|
||||
33 | File | `/include/comm_post.inc.php` | High
|
||||
34 | File | `/index.php` | Medium
|
||||
35 | File | `/jpeg-quantsmooth/jpegqs` | High
|
||||
36 | File | `/linux/main.cpp` | High
|
||||
37 | File | `/manage-apartment.php` | High
|
||||
38 | File | `/pages/apply_vacancy.php` | High
|
||||
39 | File | `/pages/class_sched.php` | High
|
||||
40 | File | `/pages/processlogin.php` | High
|
||||
41 | File | `/publiccms/admin/ueditor` | High
|
||||
42 | File | `/release-x64/otfccdump` | High
|
||||
43 | File | `/release-x64/otfccdump+0x6e420d` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 392 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 379 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -99,7 +99,7 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `/wordpress-gallery-transformation/gallery.php` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 205 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 206 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -38,12 +38,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -62,10 +62,10 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/members/view_member.php` | High
|
||||
10 | File | `/mgmt/tm/util/bash` | High
|
||||
11 | File | `/modules/projects/vw_files.php` | High
|
||||
12 | File | `/spip.php` | Medium
|
||||
12 | File | `/see_more_details.php` | High
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 97 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 100 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,11 +17,11 @@ The following _campaigns_ are known and can be associated with Mirai:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mirai:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -213,10 +213,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -228,33 +228,33 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/addemployee.php` | High
|
||||
2 | File | `/admin/lab.php` | High
|
||||
3 | File | `/admin/login.php` | High
|
||||
4 | File | `/admin/products/controller.php?action=add` | High
|
||||
5 | File | `/admin/videoalbum/list` | High
|
||||
6 | File | `/bd_genie_create_account.cgi` | High
|
||||
7 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||
8 | File | `/categories/view_category.php` | High
|
||||
9 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/defaultui/player/modern.html` | High
|
||||
13 | File | `/etc/ciel.cfg` | High
|
||||
14 | File | `/etc/srapi/config/system.conf` | High
|
||||
15 | File | `/goform/addRouting` | High
|
||||
16 | File | `/goform/Diagnosis` | High
|
||||
17 | File | `/goform/form2userconfig.cgi` | High
|
||||
18 | File | `/goform/NTPSyncWithHost` | High
|
||||
19 | File | `/goform/saveParentControlInfo` | High
|
||||
20 | File | `/goform/SetIpMacBind` | High
|
||||
21 | File | `/goform/SetLEDCfg` | High
|
||||
22 | File | `/goform/setMAC` | High
|
||||
23 | File | `/goform/setPptpUserList` | High
|
||||
24 | File | `/goform/SetVirtualServerCfg` | High
|
||||
25 | File | `/goform/SystemCommand` | High
|
||||
26 | File | `/goform/WanParameterSetting` | High
|
||||
27 | File | `/goform/wizard_end` | High
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin/addemployee.php` | High
|
||||
3 | File | `/admin/article/list_approve` | High
|
||||
4 | File | `/admin/budget.php` | High
|
||||
5 | File | `/admin/friendlylink/list` | High
|
||||
6 | File | `/admin/image/list` | High
|
||||
7 | File | `/admin/imagealbum/list` | High
|
||||
8 | File | `/admin/lab.php` | High
|
||||
9 | File | `/admin/login.php` | High
|
||||
10 | File | `/admin/video/list` | High
|
||||
11 | File | `/admin/videoalbum/list` | High
|
||||
12 | File | `/bd_genie_create_account.cgi` | High
|
||||
13 | File | `/bibliography/marcsru.php` | High
|
||||
14 | File | `/bin/httpd` | Medium
|
||||
15 | File | `/c/macho_reader.c` | High
|
||||
16 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||
17 | File | `/card/in-card.php` | High
|
||||
18 | File | `/cgi-bin/kerbynet` | High
|
||||
19 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
20 | File | `/cgi-bin/wapopen` | High
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/cwc/login` | Medium
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/EXCU_SHELL` | Medium
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/garage/editcategory.php` | High
|
||||
27 | File | `/goform/saveParentControlInfo` | High
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 239 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -35,7 +35,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -64,35 +64,35 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.encfs6.xml` | Medium
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/admin/admin_manage/delete` | High
|
||||
4 | File | `/adminlogin.asp` | High
|
||||
5 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
6 | File | `/dl/dl_sendmail.php` | High
|
||||
7 | File | `/drivers/net/ethernet/broadcom/tg3.c` | High
|
||||
8 | File | `/etc/qci/answers` | High
|
||||
9 | File | `/forms/nslookupHandler` | High
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/function/booksave.php` | High
|
||||
12 | File | `/goform/form2userconfig.cgi` | High
|
||||
13 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
14 | File | `/inc/campaign/campaign-delete.php` | High
|
||||
15 | File | `/sgmi/` | Low
|
||||
16 | File | `/tmp` | Low
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `/usr/lib/print/conv_fix` | High
|
||||
19 | File | `adclick.php` | Medium
|
||||
20 | File | `add_comment.php` | High
|
||||
21 | File | `admin.php` | Medium
|
||||
22 | File | `admin.php?page=languages` | High
|
||||
23 | File | `admin/controllers/Albumsgalleries.php` | High
|
||||
24 | File | `admin/plugin.php` | High
|
||||
25 | File | `admin\addgroup.php` | High
|
||||
26 | File | `agents.php` | Medium
|
||||
27 | File | `api_poller.php` | High
|
||||
28 | File | `app/View/Helper/CommandHelper.php` | High
|
||||
29 | File | `apport/hookutils.py` | High
|
||||
4 | File | `/admin/video/list` | High
|
||||
5 | File | `/adminlogin.asp` | High
|
||||
6 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
7 | File | `/dl/dl_sendmail.php` | High
|
||||
8 | File | `/drivers/net/ethernet/broadcom/tg3.c` | High
|
||||
9 | File | `/etc/qci/answers` | High
|
||||
10 | File | `/forms/nslookupHandler` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/function/booksave.php` | High
|
||||
13 | File | `/goform/form2userconfig.cgi` | High
|
||||
14 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
15 | File | `/inc/campaign/campaign-delete.php` | High
|
||||
16 | File | `/sgmi/` | Low
|
||||
17 | File | `/tmp` | Low
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/usr/lib/print/conv_fix` | High
|
||||
20 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
21 | File | `adclick.php` | Medium
|
||||
22 | File | `add_comment.php` | High
|
||||
23 | File | `admin.php` | Medium
|
||||
24 | File | `admin.php?page=languages` | High
|
||||
25 | File | `admin/controllers/Albumsgalleries.php` | High
|
||||
26 | File | `admin/plugin.php` | High
|
||||
27 | File | `admin\addgroup.php` | High
|
||||
28 | File | `agents.php` | Medium
|
||||
29 | File | `api_poller.php` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 254 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 256 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -66,7 +66,7 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/home/www/cgi-bin/diagnostics.cgi` | High
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 123 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 124 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -51,7 +51,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -63,36 +63,38 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin.php/pic/admin/pic/del` | High
|
||||
3 | File | `/admin.php/singer/admin/lists/zhuan` | High
|
||||
4 | File | `/admin.php/User/level_sort` | High
|
||||
5 | File | `/admin/cloud.php` | High
|
||||
6 | File | `/admin/communitymanagement.php` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/admin/payment.php` | High
|
||||
9 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
10 | File | `/aqpg/users/login.php` | High
|
||||
5 | File | `/admin/communitymanagement.php` | High
|
||||
6 | File | `/admin/generalsettings.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
9 | File | `/aqpg/users/login.php` | High
|
||||
10 | File | `/blog/edit` | Medium
|
||||
11 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
12 | File | `/core/admin/categories.php` | High
|
||||
13 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
14 | File | `/DsaDataTest` | Medium
|
||||
15 | File | `/etc/config/cameo` | High
|
||||
12 | File | `/classes/Master.php?f=delete_category` | High
|
||||
13 | File | `/core/admin/categories.php` | High
|
||||
14 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
15 | File | `/DsaDataTest` | Medium
|
||||
16 | File | `/etc/networkd-dispatcher` | High
|
||||
17 | File | `/filemanager/upload/drop` | High
|
||||
18 | File | `/food/admin/all_users.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/goform/SetClientState` | High
|
||||
21 | File | `/goform/SetFirewallCfg` | High
|
||||
22 | File | `/goform/setWorkmode` | High
|
||||
23 | File | `/isms/classes/Users.php` | High
|
||||
24 | File | `/mgmt/tm/util/bash` | High
|
||||
25 | File | `/music/ajax.php` | High
|
||||
26 | File | `/ofrs/admin/?page=teams/view_team` | High
|
||||
27 | File | `/ordering/index.php?q=category` | High
|
||||
28 | File | `/orms/` | Low
|
||||
29 | File | `/owa/auth/logon.aspx` | High
|
||||
30 | File | `/public_html/animals` | High
|
||||
31 | File | `/public_html/apply_vacancy` | High
|
||||
32 | ... | ... | ...
|
||||
20 | File | `/getcfg.php` | Medium
|
||||
21 | File | `/goform/PowerSaveSet` | High
|
||||
22 | File | `/goform/SetClientState` | High
|
||||
23 | File | `/goform/SetFirewallCfg` | High
|
||||
24 | File | `/goform/setWorkmode` | High
|
||||
25 | File | `/goform/wizard_end` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/isms/classes/Users.php` | High
|
||||
28 | File | `/lists/index.php` | High
|
||||
29 | File | `/members/view_member.php` | High
|
||||
30 | File | `/mgmt/tm/util/bash` | High
|
||||
31 | File | `/music/ajax.php` | High
|
||||
32 | File | `/ofrs/admin/?page=teams/view_team` | High
|
||||
33 | File | `/ordering/index.php?q=category` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 275 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 294 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,21 +10,21 @@ The following _campaigns_ are known and can be associated with MuddyWater:
|
|||
|
||||
* BlackWater
|
||||
* Ligolo
|
||||
* Seedworm
|
||||
* Log4j
|
||||
* ...
|
||||
|
||||
There are 1 more campaign items available. Please use our online service to access the data.
|
||||
There are 2 more campaign items available. Please use our online service to access the data.
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MuddyWater:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -48,7 +48,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
14 | [78.129.139.147](https://vuldb.com/?ip.78.129.139.147) | - | - | High
|
||||
15 | ... | ... | ... | ...
|
||||
|
||||
There are 54 more IOC items available. Please use our online service to access the data.
|
||||
There are 56 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -56,7 +56,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
|
@ -71,57 +71,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//` | Low
|
||||
2 | File | `/addQuestion.php` | High
|
||||
3 | File | `/adm/setmain.php` | High
|
||||
4 | File | `/admin` | Low
|
||||
5 | File | `/admin/` | Low
|
||||
6 | File | `/admin/add_exercises.php` | High
|
||||
7 | File | `/admin/add_trainers.php` | High
|
||||
8 | File | `/admin/cms.php` | High
|
||||
9 | File | `/admin/conferences/get-all-status/` | High
|
||||
10 | File | `/admin/conferences/list/` | High
|
||||
11 | File | `/admin/countrymanagement.php` | High
|
||||
12 | File | `/admin/edit.php` | High
|
||||
13 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
14 | File | `/admin/featured.php` | High
|
||||
15 | File | `/admin/general.cgi` | High
|
||||
16 | File | `/admin/general/change-lang` | High
|
||||
17 | File | `/admin/googleads.php` | High
|
||||
18 | File | `/admin/group/list/` | High
|
||||
19 | File | `/admin/lab.php` | High
|
||||
20 | File | `/admin/newsletter1.php` | High
|
||||
21 | File | `/admin/photo.php` | High
|
||||
22 | File | `/admin/renewaldue.php` | High
|
||||
23 | File | `/admin/scheprofile.cgi` | High
|
||||
24 | File | `/admin/searchview.php` | High
|
||||
25 | File | `/admin/service/stop/` | High
|
||||
26 | File | `/admin/students/view_student.php` | High
|
||||
27 | File | `/admin/usermanagement.php` | High
|
||||
28 | File | `/api/` | Low
|
||||
29 | File | `/api/user/userData?userCode=admin` | High
|
||||
30 | File | `/artist-display.php` | High
|
||||
31 | File | `/catcompany.php` | High
|
||||
32 | File | `/category.php` | High
|
||||
33 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||
34 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
35 | File | `/cgi-bin/nightled.cgi` | High
|
||||
36 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
37 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
38 | File | `/ci_hms/search` | High
|
||||
39 | File | `/ci_spms/admin/category` | High
|
||||
40 | File | `/ci_spms/admin/search/searching/` | High
|
||||
41 | File | `/claire_blake` | High
|
||||
42 | File | `/config/getuser` | High
|
||||
43 | File | `/dashboard/add-portfolio.php` | High
|
||||
44 | File | `/dashboard/add-service.php` | High
|
||||
45 | File | `/dashboard/settings` | High
|
||||
46 | File | `/dashboard/updatelogo.php` | High
|
||||
47 | File | `/ecrire` | Low
|
||||
48 | File | `/editbrand.php` | High
|
||||
49 | ... | ... | ...
|
||||
1 | File | `/addQuestion.php` | High
|
||||
2 | File | `/admin/add_exercises.php` | High
|
||||
3 | File | `/admin/add_trainers.php` | High
|
||||
4 | File | `/admin/edit.php` | High
|
||||
5 | File | `/admin/lab.php` | High
|
||||
6 | File | `/admin/students/view_student.php` | High
|
||||
7 | File | `/api/` | Low
|
||||
8 | File | `/api/v1/user` | Medium
|
||||
9 | File | `/bd_genie_create_account.cgi` | High
|
||||
10 | File | `/bin/boa` | Medium
|
||||
11 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||
12 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||
13 | File | `/cgi-bin/DownloadFlash` | High
|
||||
14 | File | `/claire_blake` | High
|
||||
15 | File | `/dashboard/add-portfolio.php` | High
|
||||
16 | File | `/dashboard/add-service.php` | High
|
||||
17 | File | `/dashboard/settings` | High
|
||||
18 | File | `/dashboard/updatelogo.php` | High
|
||||
19 | File | `/edituser.php` | High
|
||||
20 | File | `/etc/networkd-dispatcher` | High
|
||||
21 | File | `/etc/shadow.sample` | High
|
||||
22 | File | `/fw.login.php` | High
|
||||
23 | File | `/gasmark/assets/myimages/oneWord.php` | High
|
||||
24 | File | `/git-prereceive-callback` | High
|
||||
25 | File | `/goform/addRouting` | High
|
||||
26 | File | `/goform/Diagnosis` | High
|
||||
27 | File | `/goform/form2userconfig.cgi` | High
|
||||
28 | File | `/goform/NTPSyncWithHost` | High
|
||||
29 | File | `/goform/saveParentControlInfo` | High
|
||||
30 | File | `/goform/SetIpMacBind` | High
|
||||
31 | File | `/goform/SetLEDCfg` | High
|
||||
32 | File | `/goform/setMAC` | High
|
||||
33 | File | `/goform/setMacFilterCfg` | High
|
||||
34 | File | `/goform/SetStaticRouteCfg` | High
|
||||
35 | File | `/goform/SetVirtualServerCfg` | High
|
||||
36 | File | `/goform/SystemCommand` | High
|
||||
37 | File | `/goform/wizard_end` | High
|
||||
38 | File | `/htmldoc/htmldoc/html.cxx` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 428 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 334 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -138,6 +128,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://www.cisa.gov/uscert/ncas/alerts/aa22-055a
|
||||
* https://www.clearskysec.com/wp-content/uploads/2019/06/Clearsky-Iranian-APT-group-%E2%80%98MuddyWater%E2%80%99-Adds-Exploits-to-Their-Arsenal.pdf
|
||||
* https://www.mandiant.com/resources/telegram-malware-iranian-espionage
|
||||
* https://www.microsoft.com/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations/
|
||||
* https://www.threatminer.org/_reports/2019/TheMuddyWatersofAPTAttacks-CheckPointResearch.pdf#viewer.action=download
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
There are 29 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -50,51 +50,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.procmailrc` | Medium
|
||||
2 | File | `/../conf/config.properties` | High
|
||||
3 | File | `/addnews.html` | High
|
||||
4 | File | `/admin/` | Low
|
||||
5 | File | `/admin/inquiries/view_details.php` | High
|
||||
6 | File | `/api/2.0/rest/aggregator/xml` | High
|
||||
7 | File | `/api/blade-log/api/list` | High
|
||||
8 | File | `/cgi-bin/webviewer_login_page` | High
|
||||
9 | File | `/Config/SaveUploadedHotspotLogoFile` | High
|
||||
10 | File | `/core/vendor/meenie/javascript-packer/example-inline.php` | High
|
||||
11 | File | `/etc/config/rpcd` | High
|
||||
12 | File | `/exponent_constants.php` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/goform/formLogin` | High
|
||||
15 | File | `/hub/api/user` | High
|
||||
16 | File | `/mfaslmf/nolicense` | High
|
||||
17 | File | `/mhds/clinic/view_details.php` | High
|
||||
18 | File | `/opt/bin/cli` | Medium
|
||||
19 | File | `/plain` | Low
|
||||
20 | File | `/proc` | Low
|
||||
21 | File | `/proc/ioports` | High
|
||||
22 | File | `/products/details.asp` | High
|
||||
23 | File | `/public/plugins/` | High
|
||||
24 | File | `/RestAPI` | Medium
|
||||
25 | File | `/tmp` | Low
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/User/saveUser` | High
|
||||
28 | File | `/ViewUserHover.jspa` | High
|
||||
29 | File | `/WEB-INF/web.xml` | High
|
||||
30 | File | `/wp-admin/admin-ajax.php` | High
|
||||
31 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
32 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
33 | File | `abc-pcie.c` | Medium
|
||||
34 | File | `accountmanagement.php` | High
|
||||
35 | File | `addentry.php` | Medium
|
||||
36 | File | `adherents/subscription/info.php` | High
|
||||
37 | File | `admin.joomlaflashfun.php` | High
|
||||
38 | File | `admin.joomlaradiov5.php` | High
|
||||
39 | File | `admin.panoramic.php` | High
|
||||
40 | File | `admin.php` | Medium
|
||||
41 | File | `admin/change-password.php` | High
|
||||
42 | File | `admin/index.php` | High
|
||||
43 | ... | ... | ...
|
||||
1 | File | `/../conf/config.properties` | High
|
||||
2 | File | `/addnews.html` | High
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/inquiries/view_details.php` | High
|
||||
5 | File | `/api/2.0/rest/aggregator/xml` | High
|
||||
6 | File | `/api/blade-log/api/list` | High
|
||||
7 | File | `/cgi-bin/webviewer_login_page` | High
|
||||
8 | File | `/Config/SaveUploadedHotspotLogoFile` | High
|
||||
9 | File | `/core/vendor/meenie/javascript-packer/example-inline.php` | High
|
||||
10 | File | `/etc/config/rpcd` | High
|
||||
11 | File | `/exponent_constants.php` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/goform/formLogin` | High
|
||||
14 | File | `/hub/api/user` | High
|
||||
15 | File | `/include/commrecc.inc.php` | High
|
||||
16 | File | `/include/comm_post.inc.php` | High
|
||||
17 | File | `/include/friends.inc.php` | High
|
||||
18 | File | `/include/menu_v.inc.php` | High
|
||||
19 | File | `/include/notify.inc.php` | High
|
||||
20 | File | `/mfaslmf/nolicense` | High
|
||||
21 | File | `/mhds/clinic/view_details.php` | High
|
||||
22 | File | `/opt/bin/cli` | Medium
|
||||
23 | File | `/plain` | Low
|
||||
24 | File | `/proc` | Low
|
||||
25 | File | `/proc/ioports` | High
|
||||
26 | File | `/products/details.asp` | High
|
||||
27 | File | `/public/plugins/` | High
|
||||
28 | File | `/RestAPI` | Medium
|
||||
29 | File | `/tmp` | Low
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/User/saveUser` | High
|
||||
32 | File | `/viewer/krpano.html` | High
|
||||
33 | File | `/ViewUserHover.jspa` | High
|
||||
34 | File | `/WEB-INF/web.xml` | High
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
37 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
38 | File | `abc-pcie.c` | Medium
|
||||
39 | File | `accountmanagement.php` | High
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `addentry.php` | Medium
|
||||
42 | File | `adherents/subscription/info.php` | High
|
||||
43 | File | `admin.joomlaflashfun.php` | High
|
||||
44 | File | `admin.joomlaradiov5.php` | High
|
||||
45 | File | `admin.panoramic.php` | High
|
||||
46 | File | `admin.php` | Medium
|
||||
47 | File | `admin/addons/archive/archive.php` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 374 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 418 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -48,7 +48,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -56,52 +56,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/addQuestion.php` | High
|
||||
2 | File | `/admin/addemployee.php` | High
|
||||
3 | File | `/admin/add_exercises.php` | High
|
||||
1 | File | `.dbshell` | Medium
|
||||
2 | File | `/addQuestion.php` | High
|
||||
3 | File | `/admin/addemployee.php` | High
|
||||
4 | File | `/admin/add_trainers.php` | High
|
||||
5 | File | `/admin/edit.php` | High
|
||||
6 | File | `/admin/students/view_student.php` | High
|
||||
7 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
8 | File | `/bd_genie_create_account.cgi` | High
|
||||
9 | File | `/categories/view_category.php` | High
|
||||
10 | File | `/category_view.php` | High
|
||||
11 | File | `/cgi-bin/editBookmark` | High
|
||||
12 | File | `/claire_blake` | High
|
||||
13 | File | `/classes/Master.php?f=delete_category` | High
|
||||
14 | File | `/dashboard/add-blog.php` | High
|
||||
15 | File | `/dashboard/add-portfolio.php` | High
|
||||
16 | File | `/dashboard/add-service.php` | High
|
||||
17 | File | `/dashboard/contact` | High
|
||||
18 | File | `/dashboard/settings` | High
|
||||
19 | File | `/dashboard/updatelogo.php` | High
|
||||
20 | File | `/etc/shadow.sample` | High
|
||||
21 | File | `/etc/srapi/config/system.conf` | High
|
||||
22 | File | `/fax/fax_send.php` | High
|
||||
23 | File | `/framework/mod/db/DBMapper.xml` | High
|
||||
24 | File | `/gasmark/assets/myimages/oneWord.php` | High
|
||||
25 | File | `/goform/aspForm` | High
|
||||
26 | File | `/goform/form2userconfig.cgi` | High
|
||||
27 | File | `/goform/formWifiBasicSet` | High
|
||||
28 | File | `/goform/setAutoPing` | High
|
||||
29 | File | `/guestmanagement/front.php` | High
|
||||
30 | File | `/Home/debit_credit_p` | High
|
||||
31 | File | `/home/www/cgi-bin/diagnostics.cgi` | High
|
||||
32 | File | `/htdocs/utils/Files.php` | High
|
||||
33 | File | `/htmldoc/htmldoc/html.cxx` | High
|
||||
34 | File | `/includes/utils.php` | High
|
||||
35 | File | `/index.php` | Medium
|
||||
36 | File | `/items/manage_item.php` | High
|
||||
37 | File | `/librarian/lab.php` | High
|
||||
38 | File | `/login.php` | Medium
|
||||
39 | File | `/loginVaLidation.php` | High
|
||||
40 | File | `/manage-apartment.php` | High
|
||||
41 | File | `/management/api/rcx_management/global_config_query` | High
|
||||
42 | File | `/mdiy/page/verify` | High
|
||||
43 | File | `/mkshop/Men/profile.php` | High
|
||||
44 | ... | ... | ...
|
||||
5 | File | `/admin/budget.php` | High
|
||||
6 | File | `/admin/contact/list` | High
|
||||
7 | File | `/admin/edit.php` | High
|
||||
8 | File | `/admin/students/view_student.php` | High
|
||||
9 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
10 | File | `/bd_genie_create_account.cgi` | High
|
||||
11 | File | `/bits/stl_vector.h` | High
|
||||
12 | File | `/categories/view_category.php` | High
|
||||
13 | File | `/category_view.php` | High
|
||||
14 | File | `/cgi-bin/editBookmark` | High
|
||||
15 | File | `/claire_blake` | High
|
||||
16 | File | `/classes/Master.php?f=delete_category` | High
|
||||
17 | File | `/dashboard/add-portfolio.php` | High
|
||||
18 | File | `/dashboard/add-service.php` | High
|
||||
19 | File | `/dashboard/contact` | High
|
||||
20 | File | `/dashboard/updatelogo.php` | High
|
||||
21 | File | `/employees/manage_leave_type.php` | High
|
||||
22 | File | `/etc/shadow.sample` | High
|
||||
23 | File | `/etc/srapi/config/system.conf` | High
|
||||
24 | File | `/fax/fax_send.php` | High
|
||||
25 | File | `/framework/mod/db/DBMapper.xml` | High
|
||||
26 | File | `/goform/aspForm` | High
|
||||
27 | File | `/goform/form2userconfig.cgi` | High
|
||||
28 | File | `/goform/formWifiBasicSet` | High
|
||||
29 | File | `/goform/NatStaticSetting` | High
|
||||
30 | File | `/goform/wifiSSIDget` | High
|
||||
31 | File | `/goform/wifiSSIDset` | High
|
||||
32 | File | `/guestmanagement/front.php` | High
|
||||
33 | File | `/Home/debit_credit_p` | High
|
||||
34 | File | `/htdocs/utils/Files.php` | High
|
||||
35 | File | `/htmldoc/htmldoc/html.cxx` | High
|
||||
36 | File | `/include/makecvs.php` | High
|
||||
37 | File | `/index.php` | Medium
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 325 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -33,9 +33,13 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
4 | [45.133.174.131](https://vuldb.com/?ip.45.133.174.131) | - | - | High
|
||||
5 | [74.139.80.187](https://vuldb.com/?ip.74.139.80.187) | cpe-74-139-80-187.kya.res.rr.com | - | High
|
||||
6 | [79.134.225.101](https://vuldb.com/?ip.79.134.225.101) | - | - | High
|
||||
7 | ... | ... | ... | ...
|
||||
7 | [79.172.242.25](https://vuldb.com/?ip.79.172.242.25) | hosted.realcapitol.com | - | High
|
||||
8 | [87.120.37.96](https://vuldb.com/?ip.87.120.37.96) | - | - | High
|
||||
9 | [95.140.125.64](https://vuldb.com/?ip.95.140.125.64) | free-125-64.mediaworksit.net | - | High
|
||||
10 | [95.140.125.73](https://vuldb.com/?ip.95.140.125.73) | free-125-73.mediaworksit.net | - | High
|
||||
11 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
There are 38 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -46,9 +50,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -56,17 +61,32 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/etc/sudoers` | Medium
|
||||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `/secure/admin/RestoreDefaults.jspa` | High
|
||||
4 | File | `/services/details.asp` | High
|
||||
5 | File | `/uncpath/` | Medium
|
||||
6 | File | `/webapps/blogs-journals/execute/editBlogEntry` | High
|
||||
7 | File | `addentry.php` | Medium
|
||||
8 | File | `additem.asp` | Medium
|
||||
9 | ... | ... | ...
|
||||
1 | File | `/cgi-bin/kerbynet` | High
|
||||
2 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
3 | File | `/domain/add` | Medium
|
||||
4 | File | `/etc/sudoers` | Medium
|
||||
5 | File | `/forum/away.php` | High
|
||||
6 | File | `/index.php/weblinks-categories` | High
|
||||
7 | File | `/php_action/createUser.php` | High
|
||||
8 | File | `/plain` | Low
|
||||
9 | File | `/secure/admin/RestoreDefaults.jspa` | High
|
||||
10 | File | `/services/details.asp` | High
|
||||
11 | File | `/show_group_members.php` | High
|
||||
12 | File | `/uncpath/` | Medium
|
||||
13 | File | `/web/google_analytics.php` | High
|
||||
14 | File | `/webapps/blogs-journals/execute/editBlogEntry` | High
|
||||
15 | File | `adclick.php` | Medium
|
||||
16 | File | `addentry.php` | Medium
|
||||
17 | File | `additem.asp` | Medium
|
||||
18 | File | `admin/password_forgotten.php` | High
|
||||
19 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
20 | File | `archive_endian.h` | High
|
||||
21 | File | `bmp.c` | Low
|
||||
22 | File | `browser.php` | Medium
|
||||
23 | File | `browser/liferay/browser.html?Type` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 68 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 201 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -77,6 +97,9 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/12/threat-roundup-1126-1203.html
|
||||
* https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
|
||||
* https://blog.talosintelligence.com/2022/07/threat-roundup-0715-0722.html
|
||||
* https://blog.talosintelligence.com/2022/08/threat-roundup-0812-0819.html
|
||||
* https://blog.talosintelligence.com/2022/09/threat-roundup-0826-0902.html
|
||||
* https://blog.talosintelligence.com/2022/09/threat-roundup-0909-0916.html
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-12%20Remcos%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-15%20Nanocore%20IOCs
|
||||
* https://isc.sans.edu/forums/diary/Malspam+delivers+NanoCore+RAT/21615/
|
||||
|
|
|
@ -30,12 +30,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1587.003 | CWE-295 | Improper Certificate Validation | High
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -60,23 +60,22 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/config/getuser` | High
|
||||
5 | File | `/data-service/users/` | High
|
||||
6 | File | `/IISADMPWD` | Medium
|
||||
7 | File | `/js/app.js` | Medium
|
||||
8 | File | `/login` | Low
|
||||
9 | File | `/mgmt/tm/util/bash` | High
|
||||
10 | File | `/pro/repo-create.html` | High
|
||||
7 | File | `/index.php` | Medium
|
||||
8 | File | `/js/app.js` | Medium
|
||||
9 | File | `/login` | Low
|
||||
10 | File | `/mgmt/tm/util/bash` | High
|
||||
11 | File | `/public/plugins/` | High
|
||||
12 | File | `/rest/api/1.0/issues/{id}/ActionsAndOperations` | High
|
||||
13 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
14 | File | `/rest/collectors/1.0/template/custom` | High
|
||||
15 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
16 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
17 | File | `/services` | Medium
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/usr/bin/at` | Medium
|
||||
20 | File | `/usr/bin/pkexec` | High
|
||||
21 | ... | ... | ...
|
||||
12 | File | `/registration.php` | High
|
||||
13 | File | `/rest/api/1.0/issues/{id}/ActionsAndOperations` | High
|
||||
14 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
15 | File | `/rest/collectors/1.0/template/custom` | High
|
||||
16 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
17 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
18 | File | `/services` | Medium
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | ... | ... | ...
|
||||
|
||||
There are 170 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 166 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,6 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Oski:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -18,6 +20,19 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.56.57.108](https://vuldb.com/?ip.2.56.57.108) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Oski_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1202 | CWE-77 | Command Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Oski. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* [CZ](https://vuldb.com/?country.cz)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
3 | T1222 | CWE-275 | Permission Issues | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -153,23 +153,21 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `/s/` | Low
|
||||
30 | File | `/scripts/cpan_config` | High
|
||||
31 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
32 | File | `/services/system/setup.json` | High
|
||||
33 | File | `/spip.php` | Medium
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/vloggers_merch/?p=view_product` | High
|
||||
36 | File | `/web/MCmsAction.java` | High
|
||||
37 | File | `/webconsole/APIController` | High
|
||||
38 | File | `/websocket/exec` | High
|
||||
39 | File | `/whbs/?page=my_bookings` | High
|
||||
40 | File | `/wp-admin/admin-ajax.php` | High
|
||||
41 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
42 | File | `/wp-json` | Medium
|
||||
43 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
44 | File | `/_next` | Low
|
||||
45 | File | `4.edu.php\conn\function.php` | High
|
||||
46 | ... | ... | ...
|
||||
32 | File | `/spip.php` | Medium
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/vloggers_merch/?p=view_product` | High
|
||||
35 | File | `/web/MCmsAction.java` | High
|
||||
36 | File | `/webconsole/APIController` | High
|
||||
37 | File | `/websocket/exec` | High
|
||||
38 | File | `/whbs/?page=my_bookings` | High
|
||||
39 | File | `/wp-admin/admin-ajax.php` | High
|
||||
40 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
41 | File | `/wp-json` | Medium
|
||||
42 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
43 | File | `/_next` | Low
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 396 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -92,7 +92,7 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `admin/conf_users_edit.php` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 78 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -65,48 +65,49 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin/` | Low
|
||||
4 | File | `/admin/index.php` | High
|
||||
5 | File | `/admin/uploads.php` | High
|
||||
6 | File | `/api/trackedEntityInstances` | High
|
||||
7 | File | `/apply_noauth.cgi` | High
|
||||
8 | File | `/cgi-bin/portal` | High
|
||||
9 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
10 | File | `/domains/index.fts` | High
|
||||
11 | File | `/download` | Medium
|
||||
12 | File | `/etc/passwd` | Medium
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/foundry/modules/news/newscolumns.php` | High
|
||||
15 | File | `/ghost/preview` | High
|
||||
16 | File | `/GponForm/device_Form?script/` | High
|
||||
17 | File | `/include/config.cache.php` | High
|
||||
18 | File | `/LDMS/frm_splitfrm.aspx` | High
|
||||
19 | File | `/modules/profile/index.php` | High
|
||||
20 | File | `/Mum.Geo.Services/DataAccessService.svc` | High
|
||||
21 | File | `/NAGErrors` | Medium
|
||||
22 | File | `/RestAPI` | Medium
|
||||
23 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
24 | File | `/service-list` | High
|
||||
25 | File | `/service/upload` | High
|
||||
26 | File | `/smstest.html` | High
|
||||
27 | File | `/start-stop` | Medium
|
||||
28 | File | `/subscribe/subscribe` | High
|
||||
29 | File | `/tmp` | Low
|
||||
30 | File | `/tmp/kamailio_fifo` | High
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/view/friend_profile.php` | High
|
||||
33 | File | `/WEB-INF/web.xml` | High
|
||||
34 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
35 | File | `/_error` | Low
|
||||
36 | File | `actions/authenticate.php` | High
|
||||
37 | File | `actions/doreport.php` | High
|
||||
38 | File | `addlyricsform.php` | High
|
||||
39 | File | `addmerchpicform.php` | High
|
||||
40 | File | `addresses_export.php` | High
|
||||
41 | File | `admin.php` | Medium
|
||||
42 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
||||
43 | File | `admin/admin.php` | High
|
||||
44 | File | `admin/AJAX_lookup_handler.php` | High
|
||||
45 | ... | ... | ...
|
||||
6 | File | `/api/` | Low
|
||||
7 | File | `/api/trackedEntityInstances` | High
|
||||
8 | File | `/apply_noauth.cgi` | High
|
||||
9 | File | `/cgi-bin/portal` | High
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/domains/index.fts` | High
|
||||
12 | File | `/download` | Medium
|
||||
13 | File | `/etc/passwd` | Medium
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/foundry/modules/news/newscolumns.php` | High
|
||||
16 | File | `/ghost/preview` | High
|
||||
17 | File | `/GponForm/device_Form?script/` | High
|
||||
18 | File | `/include/config.cache.php` | High
|
||||
19 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
20 | File | `/LDMS/frm_splitfrm.aspx` | High
|
||||
21 | File | `/modules/profile/index.php` | High
|
||||
22 | File | `/Mum.Geo.Services/DataAccessService.svc` | High
|
||||
23 | File | `/NAGErrors` | Medium
|
||||
24 | File | `/replication` | Medium
|
||||
25 | File | `/RestAPI` | Medium
|
||||
26 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
27 | File | `/service-list` | High
|
||||
28 | File | `/service/upload` | High
|
||||
29 | File | `/smstest.html` | High
|
||||
30 | File | `/start-stop` | Medium
|
||||
31 | File | `/subscribe/subscribe` | High
|
||||
32 | File | `/tmp` | Low
|
||||
33 | File | `/tmp/kamailio_fifo` | High
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/view/friend_profile.php` | High
|
||||
36 | File | `/WEB-INF/web.xml` | High
|
||||
37 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
38 | File | `/_error` | Low
|
||||
39 | File | `actions/authenticate.php` | High
|
||||
40 | File | `actions/doreport.php` | High
|
||||
41 | File | `adclick.php` | Medium
|
||||
42 | File | `addlyricsform.php` | High
|
||||
43 | File | `addmerchpicform.php` | High
|
||||
44 | File | `addresses_export.php` | High
|
||||
45 | File | `admin.php` | Medium
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 391 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -40,8 +40,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -16,10 +16,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [SC](https://vuldb.com/?country.sc)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -46,10 +46,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -62,39 +62,34 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/?page=reports/stockin` | High
|
||||
2 | File | `/admin/?page=reports/waste` | High
|
||||
3 | File | `/admin/?page=user/manage_user` | High
|
||||
4 | File | `/admin/addemployee.php` | High
|
||||
5 | File | `/admin/del.php` | High
|
||||
6 | File | `/admin/delete.php` | High
|
||||
7 | File | `/admin/delstu.php` | High
|
||||
8 | File | `/admin/history.php` | High
|
||||
9 | File | `/admin/login.php` | High
|
||||
10 | File | `/admin/modify.php` | High
|
||||
11 | File | `/admin/modify1.php` | High
|
||||
12 | File | `/admin/products/controller.php?action=add` | High
|
||||
13 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
14 | File | `/api/v1/user` | Medium
|
||||
15 | File | `/appConfig/userDB.json` | High
|
||||
16 | File | `/bd_genie_create_account.cgi` | High
|
||||
17 | File | `/bin/boa` | Medium
|
||||
18 | File | `/blog/edit` | Medium
|
||||
19 | File | `/blogengine/api/posts` | High
|
||||
20 | File | `/brand.php` | Medium
|
||||
21 | File | `/cgi-bin/DownloadFlash` | High
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/classes/Master.php?f=delete_account` | High
|
||||
24 | File | `/classes/Master.php?f=delete_category` | High
|
||||
25 | File | `/classes/Master.php?f=delete_img` | High
|
||||
26 | File | `/classes/Master.php?f=delete_payment` | High
|
||||
27 | File | `/classes/Master.php?f=delete_schedule` | High
|
||||
28 | File | `/classes/Master.php?f=delete_student` | High
|
||||
29 | File | `/classes/Master.php?f=delete_waste` | High
|
||||
30 | File | `/classes/Users.php?f=save_client` | High
|
||||
31 | File | `/client.php` | Medium
|
||||
32 | ... | ... | ...
|
||||
2 | File | `/admin/addemployee.php` | High
|
||||
3 | File | `/admin/article/list` | High
|
||||
4 | File | `/admin/article/list_approve` | High
|
||||
5 | File | `/admin/contact/list` | High
|
||||
6 | File | `/admin/foldernotice/list` | High
|
||||
7 | File | `/admin/friendlylink/list` | High
|
||||
8 | File | `/admin/image/list` | High
|
||||
9 | File | `/admin/imagealbum/list` | High
|
||||
10 | File | `/admin/sendmailto.php?tomail=&groupid=` | High
|
||||
11 | File | `/admin/site/list` | High
|
||||
12 | File | `/admin/video/list` | High
|
||||
13 | File | `/admin/videoalbum/list` | High
|
||||
14 | File | `/admin_book.php` | High
|
||||
15 | File | `/api/upload-resource` | High
|
||||
16 | File | `/appConfig/userDB.json` | High
|
||||
17 | File | `/bd_genie_create_account.cgi` | High
|
||||
18 | File | `/bin/boa` | Medium
|
||||
19 | File | `/bin/httpd` | Medium
|
||||
20 | File | `/blog/edit` | Medium
|
||||
21 | File | `/blogengine/api/posts` | High
|
||||
22 | File | `/brand.php` | Medium
|
||||
23 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||
24 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||
25 | File | `/card/in-card.php` | High
|
||||
26 | File | `/client.php` | Medium
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 272 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 227 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Purple Fox:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -439,11 +439,11 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -451,49 +451,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/index.php` | High
|
||||
2 | File | `/admin/login.php` | High
|
||||
3 | File | `/admin/students/view_student.php` | High
|
||||
4 | File | `/ad_js.php` | Medium
|
||||
5 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
6 | File | `/appliance/users?action=edit` | High
|
||||
7 | File | `/bd_genie_create_account.cgi` | High
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin/index.php` | High
|
||||
3 | File | `/admin/lab.php` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/appConfig/userDB.json` | High
|
||||
6 | File | `/bd_genie_create_account.cgi` | High
|
||||
7 | File | `/c/macho_reader.c` | High
|
||||
8 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
9 | File | `/cgi-bin/kerbynet` | High
|
||||
10 | File | `/cgi-bin/nightled.cgi` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/claire_blake` | High
|
||||
13 | File | `/configs/application.ini` | High
|
||||
14 | File | `/controller/OnlinePreviewController.java` | High
|
||||
15 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||
16 | File | `/coreframe/app/pay/admin/index.php` | High
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/defaultui/player/modern.html` | High
|
||||
19 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
20 | File | `/etc/shadow` | Medium
|
||||
21 | File | `/etc/shadow.sample` | High
|
||||
22 | File | `/filemanager/ajax_calls.php` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/goform/SetIpMacBind` | High
|
||||
25 | File | `/goform/setmac` | High
|
||||
26 | File | `/h/search?action` | High
|
||||
27 | File | `/home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf` | High
|
||||
28 | File | `/htdocs/utils/Files.php` | High
|
||||
29 | File | `/index.php?action=seomatic/file/seo-file-link` | High
|
||||
30 | File | `/jfinal_cms/system/role/list` | High
|
||||
31 | File | `/librarian/edit_book_details.php` | High
|
||||
32 | File | `/loginVaLidation.php` | High
|
||||
33 | File | `/manage-apartment.php` | High
|
||||
34 | File | `/master/index.php` | High
|
||||
35 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||
36 | File | `/mkshop/Men/profile.php` | High
|
||||
37 | File | `/ows-bin` | Medium
|
||||
38 | File | `/pages/apply_vacancy.php` | High
|
||||
39 | File | `/pages/processlogin.php` | High
|
||||
40 | File | `/redbin/rpwebutilities.exe/text` | High
|
||||
41 | ... | ... | ...
|
||||
10 | File | `/cgi-bin/koha/members/paycollect.pl` | High
|
||||
11 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
12 | File | `/cgi-bin/nightled.cgi` | High
|
||||
13 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/claire_blake` | High
|
||||
16 | File | `/controller/OnlinePreviewController.java` | High
|
||||
17 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/defaultui/player/modern.html` | High
|
||||
20 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
21 | File | `/etc/shadow` | Medium
|
||||
22 | File | `/etc/shadow.sample` | High
|
||||
23 | File | `/EXCU_SHELL` | Medium
|
||||
24 | File | `/filemanager/ajax_calls.php` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/goform/SetIpMacBind` | High
|
||||
27 | File | `/goform/setmac` | High
|
||||
28 | File | `/h/search?action` | High
|
||||
29 | File | `/home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf` | High
|
||||
30 | File | `/htdocs/utils/Files.php` | High
|
||||
31 | File | `/index.php` | Medium
|
||||
32 | File | `/index.php?action=seomatic/file/seo-file-link` | High
|
||||
33 | File | `/jfinal_cms/system/role/list` | High
|
||||
34 | File | `/librarian/edit_book_details.php` | High
|
||||
35 | File | `/loginVaLidation.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 354 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 311 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -53,36 +53,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/ajax-files/followBoard.php` | High
|
||||
2 | File | `/ajax-files/postComment.php` | High
|
||||
3 | File | `/categorypage.php` | High
|
||||
4 | File | `/cgi-bin/kerbynet` | High
|
||||
5 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
6 | File | `/domain/add` | Medium
|
||||
7 | File | `/etc/sudoers` | Medium
|
||||
8 | File | `/home.php` | Medium
|
||||
9 | File | `/index.php/weblinks-categories` | High
|
||||
10 | File | `/plain` | Low
|
||||
11 | File | `/rapi/read_url` | High
|
||||
12 | File | `/searchpin.php` | High
|
||||
13 | File | `/show_group_members.php` | High
|
||||
14 | File | `/soap/server_sa` | High
|
||||
15 | File | `/TemplateManager/indexExternalLocation.jsp` | High
|
||||
16 | File | `/usr/local/etc/config/addons/mh/loopupd.sh` | High
|
||||
17 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||
18 | File | `/web/google_analytics.php` | High
|
||||
19 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
20 | File | `addentry.php` | Medium
|
||||
21 | File | `AdminByRequest.exe` | High
|
||||
22 | File | `admincp.php?app=prop&do=add` | High
|
||||
23 | File | `advsearch.php` | High
|
||||
24 | File | `append/override_content_security_policy_directives` | High
|
||||
25 | File | `archive_endian.h` | High
|
||||
26 | File | `assets/add/dns.php` | High
|
||||
27 | File | `bits.c` | Low
|
||||
28 | ... | ... | ...
|
||||
1 | File | `/admin/searchview.php` | High
|
||||
2 | File | `/ajax-files/followBoard.php` | High
|
||||
3 | File | `/ajax-files/postComment.php` | High
|
||||
4 | File | `/categorypage.php` | High
|
||||
5 | File | `/cgi-bin/kerbynet` | High
|
||||
6 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
7 | File | `/domain/add` | Medium
|
||||
8 | File | `/etc/sudoers` | Medium
|
||||
9 | File | `/home.php` | Medium
|
||||
10 | File | `/index.php/weblinks-categories` | High
|
||||
11 | File | `/plain` | Low
|
||||
12 | File | `/rapi/read_url` | High
|
||||
13 | File | `/searchpin.php` | High
|
||||
14 | File | `/show_group_members.php` | High
|
||||
15 | File | `/soap/server_sa` | High
|
||||
16 | File | `/TemplateManager/indexExternalLocation.jsp` | High
|
||||
17 | File | `/usr/local/etc/config/addons/mh/loopupd.sh` | High
|
||||
18 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||
19 | File | `/web/google_analytics.php` | High
|
||||
20 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
21 | File | `addentry.php` | Medium
|
||||
22 | File | `AdminByRequest.exe` | High
|
||||
23 | File | `admincp.php?app=prop&do=add` | High
|
||||
24 | File | `advsearch.php` | High
|
||||
25 | File | `append/override_content_security_policy_directives` | High
|
||||
26 | File | `archive_endian.h` | High
|
||||
27 | File | `assets/add/dns.php` | High
|
||||
28 | File | `bits.c` | Low
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 240 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 242 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -73,7 +73,7 @@ ID | Type | Indicator | Confidence
|
|||
21 | File | `admin_feature.php` | High
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 178 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 180 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -65,7 +65,8 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
42 | [45.153.184.61](https://vuldb.com/?ip.45.153.184.61) | no-reverse-yet.local | - | High
|
||||
43 | [45.156.24.97](https://vuldb.com/?ip.45.156.24.97) | palmaresk.co.uk | - | High
|
||||
44 | [45.156.25.78](https://vuldb.com/?ip.45.156.25.78) | - | - | High
|
||||
45 | ... | ... | ... | ...
|
||||
45 | [46.8.52.48](https://vuldb.com/?ip.46.8.52.48) | coparotiv1.example.com | - | High
|
||||
46 | ... | ... | ... | ...
|
||||
|
||||
There are 178 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -81,7 +82,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -105,17 +106,17 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/includes/rrdtool.inc.php` | High
|
||||
15 | File | `/index.php` | Medium
|
||||
16 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
17 | File | `/NAGErrors` | Medium
|
||||
18 | File | `/owa/auth/logon.aspx` | High
|
||||
19 | File | `/public` | Low
|
||||
20 | File | `/sgms/TreeControl` | High
|
||||
21 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
22 | File | `/tmp` | Low
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/updown/upload.cgi` | High
|
||||
17 | File | `/members/view_member.php` | High
|
||||
18 | File | `/NAGErrors` | Medium
|
||||
19 | File | `/owa/auth/logon.aspx` | High
|
||||
20 | File | `/public` | Low
|
||||
21 | File | `/sgms/TreeControl` | High
|
||||
22 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
23 | File | `/tmp` | Low
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 205 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 210 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -158,6 +159,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-21%20Redline%20IOCs
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2022-05-09%20Redline%20IOCs
|
||||
* https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/
|
||||
* https://www.malwarebytes.com/blog/news/2022/09/2k-games-helpdesk-abused-to-spread-redline-malware
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -134,7 +134,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -143,31 +143,31 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/inquiries/view_details.php` | High
|
||||
2 | File | `/anony/mjpg.cgi` | High
|
||||
2 | File | `/api/index.php` | High
|
||||
3 | File | `/blog/blog.php` | High
|
||||
4 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
5 | File | `/common/info.cgi` | High
|
||||
6 | File | `/etc/hosts` | Medium
|
||||
7 | File | `/etc/password` | High
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/hy-cgi/devices.cgi` | High
|
||||
10 | File | `/IISADMPWD` | Medium
|
||||
11 | File | `/index.php` | Medium
|
||||
12 | File | `/mgmt/tm/util/bash` | High
|
||||
13 | File | `/php_action/createUser.php` | High
|
||||
14 | File | `/plugin/jcapture/applet.php` | High
|
||||
15 | File | `/proc/stat` | Medium
|
||||
16 | File | `/ram/pckg/security/nova/bin/ipsec` | High
|
||||
17 | File | `/rss.xml` | Medium
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/usr/bin/pkexec` | High
|
||||
20 | File | `/webservices/api/v2.php` | High
|
||||
21 | File | `/wp-admin/admin-ajax.php` | High
|
||||
22 | File | `/_internal` | Medium
|
||||
23 | File | `4.edu.php` | Medium
|
||||
7 | File | `/etc/networkd-dispatcher` | High
|
||||
8 | File | `/etc/password` | High
|
||||
9 | File | `/forum/away.php` | High
|
||||
10 | File | `/goform/wifiSSIDset` | High
|
||||
11 | File | `/hy-cgi/devices.cgi` | High
|
||||
12 | File | `/IISADMPWD` | Medium
|
||||
13 | File | `/index.php` | Medium
|
||||
14 | File | `/net/nfc/netlink.c` | High
|
||||
15 | File | `/obs/bookPerPub.php` | High
|
||||
16 | File | `/php_action/createUser.php` | High
|
||||
17 | File | `/plugin/jcapture/applet.php` | High
|
||||
18 | File | `/proc/stat` | Medium
|
||||
19 | File | `/ram/pckg/security/nova/bin/ipsec` | High
|
||||
20 | File | `/rss.xml` | Medium
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/usr/bin/pkexec` | High
|
||||
23 | File | `/webservices/api/v2.php` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 204 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 198 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -52,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,38 +61,39 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin/dl_sendmail.php` | High
|
||||
3 | File | `/ad_js.php` | Medium
|
||||
4 | File | `/Ap4RtpAtom.cpp` | High
|
||||
5 | File | `/app/options.py` | High
|
||||
6 | File | `/bcms/admin/?page=user/list` | High
|
||||
7 | File | `/bsms/?page=manage_account` | High
|
||||
8 | File | `/cgi-bin/login.cgi` | High
|
||||
9 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/dashboard/reports/logs/view` | High
|
||||
12 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/etc/hosts` | Medium
|
||||
15 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
16 | File | `/fuel/sitevariables/delete/4` | High
|
||||
17 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
18 | File | `/index/jobfairol/show/` | High
|
||||
19 | File | `/librarian/bookdetails.php` | High
|
||||
20 | File | `/manage-apartment.php` | High
|
||||
21 | File | `/mgmt/tm/util/bash` | High
|
||||
22 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
23 | File | `/odfs/classes/Master.php?f=save_category` | High
|
||||
24 | File | `/pages/apply_vacancy.php` | High
|
||||
25 | File | `/print.php` | Medium
|
||||
26 | File | `/proc/<PID>/mem` | High
|
||||
27 | File | `/public/plugins/` | High
|
||||
28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
29 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
30 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
|
||||
31 | ... | ... | ...
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin/dl_sendmail.php` | High
|
||||
4 | File | `/ad_js.php` | Medium
|
||||
5 | File | `/Ap4RtpAtom.cpp` | High
|
||||
6 | File | `/app/options.py` | High
|
||||
7 | File | `/bcms/admin/?page=user/list` | High
|
||||
8 | File | `/bsms/?page=manage_account` | High
|
||||
9 | File | `/cgi-bin/login.cgi` | High
|
||||
10 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
11 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
12 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
13 | File | `/dashboard/reports/logs/view` | High
|
||||
14 | File | `/dcim/sites/add/` | High
|
||||
15 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
16 | File | `/debug/pprof` | Medium
|
||||
17 | File | `/etc/hosts` | Medium
|
||||
18 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
19 | File | `/fuel/sitevariables/delete/4` | High
|
||||
20 | File | `/goform/setmac` | High
|
||||
21 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
22 | File | `/index/jobfairol/show/` | High
|
||||
23 | File | `/librarian/bookdetails.php` | High
|
||||
24 | File | `/manage-apartment.php` | High
|
||||
25 | File | `/mgmt/tm/util/bash` | High
|
||||
26 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
27 | File | `/odfs/classes/Master.php?f=save_category` | High
|
||||
28 | File | `/pages/apply_vacancy.php` | High
|
||||
29 | File | `/print.php` | Medium
|
||||
30 | File | `/proc/<PID>/mem` | High
|
||||
31 | File | `/public/plugins/` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.scarlet_mimic](https://vuldb.com/?actor.scarlet_mimic)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with Scarlet Mimic:
|
||||
|
||||
* Uyghurs
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Scarlet Mimic:
|
||||
|
@ -11,6 +17,9 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -19,11 +28,11 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.54.19.17](https://vuldb.com/?ip.5.54.19.17) | ppp005054019017.access.hol.gr | - | High
|
||||
2 | [59.188.239.117](https://vuldb.com/?ip.59.188.239.117) | - | - | High
|
||||
3 | [68.71.35.135](https://vuldb.com/?ip.68.71.35.135) | - | - | High
|
||||
2 | [45.32.112.182](https://vuldb.com/?ip.45.32.112.182) | 45.32.112.182.vultrusercontent.com | Uyghurs | High
|
||||
3 | [59.188.239.117](https://vuldb.com/?ip.59.188.239.117) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -36,7 +45,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -45,16 +54,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/cgi-bin/wapopen` | High
|
||||
3 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
4 | ... | ... | ...
|
||||
2 | File | `/ajax-files/postComment.php` | High
|
||||
3 | File | `/cgi-bin/pass` | High
|
||||
4 | File | `/cgi-bin/wapopen` | High
|
||||
5 | File | `/passwordrecovered.cgi` | High
|
||||
6 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 51 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://research.checkpoint.com/2022/never-truly-left-7-years-of-scarlet-mimics-mobile-surveillance-campaign-targeting-uyghurs/
|
||||
* https://unit42.paloaltonetworks.com/scarlet-mimic-years-long-espionage-targets-minority-activists/
|
||||
* https://www.threatminer.org/report.php?q=scarlet-mimic-full-report_PaloAltoNetworks.pdf&y=2018
|
||||
* https://www.threatminer.org/report.php?q=ShiftingTactics_Trackingchangesinyears-longespionagecampaignagainstTibetans-TheCitizenLab.pdf&y=2016
|
||||
|
|
|
@ -1,37 +0,0 @@
|
|||
# Separ - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Separ](https://vuldb.com/?actor.separ). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.separ](https://vuldb.com/?actor.separ)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Separ:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Separ.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [198.23.57.8](https://vuldb.com/?ip.198.23.57.8) | hosted.by.liquidnetlimited.com | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/07/threat-roundup-0629-0706.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -71,39 +71,39 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/conf/` | Low
|
||||
9 | File | `/dev/snd/seq` | Medium
|
||||
10 | File | `/error` | Low
|
||||
11 | File | `/etc/config/rpcd` | High
|
||||
12 | File | `/goform/saveParentControlInfo` | High
|
||||
13 | File | `/goform/SetFirewallCfg` | High
|
||||
14 | File | `/htdocs/admin/dict.php?id=3` | High
|
||||
15 | File | `/module/module_frame/index.php` | High
|
||||
16 | File | `/nidp/app/login` | High
|
||||
17 | File | `/proc` | Low
|
||||
18 | File | `/rapi/read_url` | High
|
||||
19 | File | `/redpass.cgi` | Medium
|
||||
20 | File | `/release-x64/otfccdump` | High
|
||||
21 | File | `/rom-0` | Low
|
||||
22 | File | `/sbin/conf.d/SuSEconfig.javarunt` | High
|
||||
23 | File | `/setSystemAdmin` | High
|
||||
24 | File | `/tmp` | Low
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/user-utils/users/md5.json` | High
|
||||
27 | File | `/usr/lib/utmp_update` | High
|
||||
28 | File | `/usr/local` | Medium
|
||||
29 | File | `/wp-admin` | Medium
|
||||
30 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
31 | File | `2020\Messages\SDNotify.exe` | High
|
||||
32 | File | `admin/Login.php` | High
|
||||
33 | File | `admin/plugin-index.php` | High
|
||||
34 | File | `administration` | High
|
||||
35 | File | `administrative` | High
|
||||
36 | File | `ag_server_service.exe` | High
|
||||
37 | File | `Alias.asmx` | Medium
|
||||
38 | File | `aolfix.exe` | Medium
|
||||
39 | File | `app/models/user.rb` | High
|
||||
40 | File | `apply.cgi` | Medium
|
||||
11 | File | `/goform/saveParentControlInfo` | High
|
||||
12 | File | `/goform/SetFirewallCfg` | High
|
||||
13 | File | `/htdocs/admin/dict.php?id=3` | High
|
||||
14 | File | `/module/module_frame/index.php` | High
|
||||
15 | File | `/nidp/app/login` | High
|
||||
16 | File | `/proc` | Low
|
||||
17 | File | `/rapi/read_url` | High
|
||||
18 | File | `/redpass.cgi` | Medium
|
||||
19 | File | `/release-x64/otfccdump` | High
|
||||
20 | File | `/rom-0` | Low
|
||||
21 | File | `/sbin/conf.d/SuSEconfig.javarunt` | High
|
||||
22 | File | `/setSystemAdmin` | High
|
||||
23 | File | `/tmp` | Low
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/user-utils/users/md5.json` | High
|
||||
26 | File | `/usr/lib/utmp_update` | High
|
||||
27 | File | `/usr/local` | Medium
|
||||
28 | File | `/wp-admin` | Medium
|
||||
29 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
30 | File | `2020\Messages\SDNotify.exe` | High
|
||||
31 | File | `admin/Login.php` | High
|
||||
32 | File | `admin/plugin-index.php` | High
|
||||
33 | File | `administration` | High
|
||||
34 | File | `administrative` | High
|
||||
35 | File | `ag_server_service.exe` | High
|
||||
36 | File | `Alias.asmx` | Medium
|
||||
37 | File | `aolfix.exe` | Medium
|
||||
38 | File | `app/models/user.rb` | High
|
||||
39 | File | `apply.cgi` | Medium
|
||||
40 | File | `Array.prototype.concat` | High
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 353 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -50,29 +50,30 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\WrData\PKG` | High
|
||||
2 | File | `/.ssh/authorized_keys` | High
|
||||
3 | File | `/assets/components/gallery/connector.php` | High
|
||||
4 | File | `/College/admin/teacher.php` | High
|
||||
5 | File | `/editbrand.php` | High
|
||||
6 | File | `/etc/target` | Medium
|
||||
7 | File | `/export` | Low
|
||||
8 | File | `/getcfg.php` | Medium
|
||||
9 | File | `/goform/WriteFacMac` | High
|
||||
10 | File | `/index.php` | Medium
|
||||
11 | File | `/lists/admin/user.php` | High
|
||||
12 | File | `/movie.php` | Medium
|
||||
13 | File | `/news-portal-script/information.php` | High
|
||||
14 | File | `/tmp` | Low
|
||||
15 | File | `/uncpath/` | Medium
|
||||
16 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
17 | File | `/_vti_pvt/access.cnf` | High
|
||||
18 | File | `admin.php3` | Medium
|
||||
19 | File | `admin/mobile.php` | High
|
||||
20 | File | `admin/themes` | Medium
|
||||
21 | File | `administration/comments.php` | High
|
||||
22 | File | `admin_hacks_list.php` | High
|
||||
23 | ... | ... | ...
|
||||
3 | File | `/admin/lab.php` | High
|
||||
4 | File | `/assets/components/gallery/connector.php` | High
|
||||
5 | File | `/College/admin/teacher.php` | High
|
||||
6 | File | `/editbrand.php` | High
|
||||
7 | File | `/etc/target` | Medium
|
||||
8 | File | `/export` | Low
|
||||
9 | File | `/getcfg.php` | Medium
|
||||
10 | File | `/goform/WriteFacMac` | High
|
||||
11 | File | `/index.php` | Medium
|
||||
12 | File | `/lists/admin/user.php` | High
|
||||
13 | File | `/mkshop/Men/profile.php` | High
|
||||
14 | File | `/movie.php` | Medium
|
||||
15 | File | `/news-portal-script/information.php` | High
|
||||
16 | File | `/pages/apply_vacancy.php` | High
|
||||
17 | File | `/tmp` | Low
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
20 | File | `/_vti_pvt/access.cnf` | High
|
||||
21 | File | `adclick.php` | Medium
|
||||
22 | File | `admin.php3` | Medium
|
||||
23 | File | `admin/mobile.php` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 194 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 203 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -95,9 +95,10 @@ ID | Type | Indicator | Confidence
|
|||
31 | File | `admin/user_import.php` | High
|
||||
32 | File | `admin/wenjian.php?wj=../templets/pc` | High
|
||||
33 | File | `administrative` | High
|
||||
34 | ... | ... | ...
|
||||
34 | File | `Administrative` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 297 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -23,6 +23,16 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [95.215.44.37](https://vuldb.com/?ip.95.215.44.37) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Stealth Falcon_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1202 | CWE-78 | Command Injection | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
3 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Stealth Falcon. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
|
|
@ -49,63 +49,63 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.user` | Low
|
||||
2 | File | `/.perf` | Low
|
||||
3 | File | `/admin/` | Low
|
||||
4 | File | `/cgi-bin/readfile.tcl` | High
|
||||
5 | File | `/etc/password` | High
|
||||
6 | File | `/php/` | Low
|
||||
7 | File | `/Pwrchute` | Medium
|
||||
8 | File | `/status` | Low
|
||||
9 | File | `/var/yp` | Low
|
||||
10 | File | `/_vti_pvt/access.cnf` | High
|
||||
11 | File | `1.TEXT` | Low
|
||||
12 | File | `14all.cgi` | Medium
|
||||
13 | File | `500error.jsp` | Medium
|
||||
14 | File | `ab.c` | Low
|
||||
15 | File | `account_update.php` | High
|
||||
16 | File | `add.php` | Low
|
||||
17 | File | `addentry.cgi` | Medium
|
||||
18 | File | `addressbook.php/options.php/search.php/help.php` | High
|
||||
19 | File | `admin.html` | Medium
|
||||
20 | File | `admin.php` | Medium
|
||||
21 | File | `admin/auth/checksession.php` | High
|
||||
22 | File | `administrator/phpinfo.php` | High
|
||||
23 | File | `AdminViewError/AdminAddadmin` | High
|
||||
24 | File | `admin_ug_auth.php` | High
|
||||
25 | File | `admin_user.db` | High
|
||||
26 | File | `advserver.exe` | High
|
||||
27 | File | `ad_member.php` | High
|
||||
28 | File | `agentadmin.php` | High
|
||||
29 | File | `aolsecurityprivate.class` | High
|
||||
30 | File | `article.php` | Medium
|
||||
31 | File | `artlist.php` | Medium
|
||||
32 | File | `astrocam.cgi` | Medium
|
||||
33 | File | `as_web.exe/as_web4.exe` | High
|
||||
34 | File | `athcgi.exe` | Medium
|
||||
35 | File | `auction.cgi` | Medium
|
||||
36 | File | `auth.inc.php` | Medium
|
||||
37 | File | `axspawn.c` | Medium
|
||||
38 | File | `backend.php/screen.php/comment.php` | High
|
||||
39 | File | `badmin.c` | Medium
|
||||
40 | File | `books.php` | Medium
|
||||
41 | File | `bttv-driver.c` | High
|
||||
42 | File | `bugzilla_email_append.pl` | High
|
||||
43 | File | `bug_update_advanced_page.php/bug_update_page.php/view_bug_advanced_page.php/view_bug_page.php` | High
|
||||
44 | File | `calendar.php` | Medium
|
||||
45 | File | `category.cfm` | Medium
|
||||
46 | File | `cgi-bin` | Low
|
||||
47 | File | `cgi-bin/` | Medium
|
||||
48 | File | `cgicso.c` | Medium
|
||||
49 | File | `cgitest.exe` | Medium
|
||||
50 | File | `charities.cron` | High
|
||||
51 | File | `check_me.mod.php` | High
|
||||
52 | File | `chetcpasswd.cgi` | High
|
||||
53 | File | `cio_main.c` | Medium
|
||||
54 | File | `clear_cookies.php` | High
|
||||
55 | File | `CodeBrws.asp` | Medium
|
||||
56 | File | `colegal.htm` | Medium
|
||||
57 | File | `com.ms.vm.loader.cabcracker` | High
|
||||
4 | File | `/etc/password` | High
|
||||
5 | File | `/php/` | Low
|
||||
6 | File | `/Pwrchute` | Medium
|
||||
7 | File | `/status` | Low
|
||||
8 | File | `/var/yp` | Low
|
||||
9 | File | `/_vti_pvt/access.cnf` | High
|
||||
10 | File | `1.TEXT` | Low
|
||||
11 | File | `14all.cgi` | Medium
|
||||
12 | File | `500error.jsp` | Medium
|
||||
13 | File | `ab.c` | Low
|
||||
14 | File | `account_update.php` | High
|
||||
15 | File | `add.php` | Low
|
||||
16 | File | `addentry.cgi` | Medium
|
||||
17 | File | `addressbook.php/options.php/search.php/help.php` | High
|
||||
18 | File | `admin.html` | Medium
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | File | `admin/auth/checksession.php` | High
|
||||
21 | File | `administrator/phpinfo.php` | High
|
||||
22 | File | `AdminViewError/AdminAddadmin` | High
|
||||
23 | File | `admin_ug_auth.php` | High
|
||||
24 | File | `admin_user.db` | High
|
||||
25 | File | `advserver.exe` | High
|
||||
26 | File | `ad_member.php` | High
|
||||
27 | File | `agentadmin.php` | High
|
||||
28 | File | `aolsecurityprivate.class` | High
|
||||
29 | File | `article.php` | Medium
|
||||
30 | File | `artlist.php` | Medium
|
||||
31 | File | `astrocam.cgi` | Medium
|
||||
32 | File | `as_web.exe/as_web4.exe` | High
|
||||
33 | File | `athcgi.exe` | Medium
|
||||
34 | File | `auction.cgi` | Medium
|
||||
35 | File | `auth.inc.php` | Medium
|
||||
36 | File | `axspawn.c` | Medium
|
||||
37 | File | `backend.php/screen.php/comment.php` | High
|
||||
38 | File | `badmin.c` | Medium
|
||||
39 | File | `books.php` | Medium
|
||||
40 | File | `bttv-driver.c` | High
|
||||
41 | File | `bugzilla_email_append.pl` | High
|
||||
42 | File | `bug_update_advanced_page.php/bug_update_page.php/view_bug_advanced_page.php/view_bug_page.php` | High
|
||||
43 | File | `calendar.php` | Medium
|
||||
44 | File | `category.cfm` | Medium
|
||||
45 | File | `cgi-bin` | Low
|
||||
46 | File | `cgi-bin/` | Medium
|
||||
47 | File | `cgicso.c` | Medium
|
||||
48 | File | `cgitest.exe` | Medium
|
||||
49 | File | `charities.cron` | High
|
||||
50 | File | `check_me.mod.php` | High
|
||||
51 | File | `chetcpasswd.cgi` | High
|
||||
52 | File | `cio_main.c` | Medium
|
||||
53 | File | `clear_cookies.php` | High
|
||||
54 | File | `CodeBrws.asp` | Medium
|
||||
55 | File | `colegal.htm` | Medium
|
||||
56 | File | `com.ms.vm.loader.cabcracker` | High
|
||||
57 | File | `compose.php` | Medium
|
||||
58 | ... | ... | ...
|
||||
|
||||
There are 506 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 505 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -77,7 +77,7 @@ ID | Type | Indicator | Confidence
|
|||
19 | File | `/htdocs/utils/Files.php` | High
|
||||
20 | ... | ... | ...
|
||||
|
||||
There are 161 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 167 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -19,9 +19,9 @@ There are 1 more campaign items available. Please use our online service to acce
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TA551:
|
||||
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
@ -57,9 +57,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -71,37 +71,33 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/?page=reports/stockin` | High
|
||||
2 | File | `/admin/?page=reports/stockout` | High
|
||||
3 | File | `/admin/addemployee.php` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/admin/modify1.php` | High
|
||||
6 | File | `/admin/search.php` | High
|
||||
7 | File | `/api/v1/user` | Medium
|
||||
8 | File | `/appConfig/userDB.json` | High
|
||||
9 | File | `/bin/boa` | Medium
|
||||
10 | File | `/blog/edit` | Medium
|
||||
11 | File | `/categories/view_category.php` | High
|
||||
12 | File | `/cgi-bin/ExportAllSettings.sh` | High
|
||||
13 | File | `/classes/Master.php?f=delete_category` | High
|
||||
14 | File | `/classes/Master.php?f=delete_img` | High
|
||||
15 | File | `/classes/Master.php?f=delete_stockin` | High
|
||||
16 | File | `/classes/Master.php?f=delete_stockout` | High
|
||||
17 | File | `/classes/Master.php?f=delete_waste` | High
|
||||
18 | File | `/client.php` | Medium
|
||||
19 | File | `/coreframe/app/attachment/admin/index.php` | High
|
||||
20 | File | `/dede/co_do.php` | High
|
||||
21 | File | `/dishes.php` | Medium
|
||||
22 | File | `/edituser.php` | High
|
||||
23 | File | `/etc/ciel.cfg` | High
|
||||
24 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
25 | File | `/etc/passwd` | Medium
|
||||
26 | File | `/etc/shadow.sample` | High
|
||||
27 | File | `/goform/form2userconfig.cgi` | High
|
||||
28 | File | `/goform/SetLEDCfg` | High
|
||||
29 | ... | ... | ...
|
||||
1 | File | `.rediscli_history` | High
|
||||
2 | File | `/activity/admin/modules/department/index.php?view=edit` | High
|
||||
3 | File | `/admin/budget.php` | High
|
||||
4 | File | `/admin/edit_user.php` | High
|
||||
5 | File | `/admin/edit_visitor.php` | High
|
||||
6 | File | `/admin/settings/fields` | High
|
||||
7 | File | `/api/index.php` | High
|
||||
8 | File | `/application/documents/display.aspx` | High
|
||||
9 | File | `/asan/asan_interceptors_memintrinsics.cpp` | High
|
||||
10 | File | `/bemarket/shop/index.php'` | High
|
||||
11 | File | `/bin/httpd` | Medium
|
||||
12 | File | `/bits/stl_vector.h` | High
|
||||
13 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
14 | File | `/controller/OnlinePreviewController.java` | High
|
||||
15 | File | `/etc/qci/answers` | High
|
||||
16 | File | `/goform/NatStaticSetting` | High
|
||||
17 | File | `/home/bupt/Desktop/swftools/src/gif2swf` | High
|
||||
18 | File | `/home/bupt/Desktop/swftools/src/src/gif2swf.c` | High
|
||||
19 | File | `/index.php` | Medium
|
||||
20 | File | `/jpeg-quantsmooth/jpegqs` | High
|
||||
21 | File | `/Login` | Low
|
||||
22 | File | `/MachO/SegmentCommand.cpp` | High
|
||||
23 | File | `/maintenance/manage_department.php` | High
|
||||
24 | File | `/opt/onedev/lib` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 241 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 210 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -98,7 +98,8 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `affich.php` | Medium
|
||||
34 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
35 | File | `album_portal.php` | High
|
||||
36 | ... | ... | ...
|
||||
36 | File | `apache-auth.conf` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 313 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -65,7 +65,7 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `Adminstrator/Users/Edit/` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 47 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 48 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GR](https://vuldb.com/?country.gr)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -44,9 +44,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
21 | [34.195.145.145](https://vuldb.com/?ip.34.195.145.145) | ec2-34-195-145-145.compute-1.amazonaws.com | - | Medium
|
||||
22 | [35.195.98.220](https://vuldb.com/?ip.35.195.98.220) | 220.98.195.35.bc.googleusercontent.com | - | Medium
|
||||
23 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
||||
24 | ... | ... | ... | ...
|
||||
24 | [35.209.43.160](https://vuldb.com/?ip.35.209.43.160) | 160.43.209.35.bc.googleusercontent.com | - | Medium
|
||||
25 | ... | ... | ... | ...
|
||||
|
||||
There are 92 more IOC items available. Please use our online service to access the data.
|
||||
There are 94 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -54,12 +55,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -68,37 +70,40 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.procmailrc` | Medium
|
||||
2 | File | `/admin-ajax.php?action=eps_redirect_save` | High
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/auth` | Low
|
||||
5 | File | `/dashboard/view-chair-list.php` | High
|
||||
6 | File | `/etc/hosts` | Medium
|
||||
7 | File | `/GponForm/device_Form?script/` | High
|
||||
8 | File | `/GponForm/fsetup_Form` | High
|
||||
9 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
10 | File | `/includes/decorators/global-translations.jsp` | High
|
||||
11 | File | `/index.php` | Medium
|
||||
12 | File | `/product_list.php` | High
|
||||
13 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
14 | File | `/see_more_details.php` | High
|
||||
15 | File | `/server-status` | High
|
||||
16 | File | `/setSystemAdmin` | High
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
19 | File | `/WEB-INF/web.xml` | High
|
||||
20 | File | `addentry.php` | Medium
|
||||
21 | File | `admin.php` | Medium
|
||||
22 | File | `admin/executar_login.php` | High
|
||||
23 | File | `admin/mcart_xls_import.php` | High
|
||||
24 | File | `admin/setting.php` | High
|
||||
25 | File | `admin_ranks.php` | High
|
||||
26 | File | `ajax-actions.php` | High
|
||||
27 | File | `alipay/alipayapi.php` | High
|
||||
28 | File | `apcupsd.exe` | Medium
|
||||
29 | File | `auth.inc.php` | Medium
|
||||
30 | ... | ... | ...
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin-ajax.php?action=eps_redirect_save` | High
|
||||
4 | File | `/admin.php` | Medium
|
||||
5 | File | `/admin/` | Low
|
||||
6 | File | `/admin/photo.php` | High
|
||||
7 | File | `/auth` | Low
|
||||
8 | File | `/catcompany.php` | High
|
||||
9 | File | `/dashboard/view-chair-list.php` | High
|
||||
10 | File | `/etc/hosts` | Medium
|
||||
11 | File | `/GponForm/device_Form?script/` | High
|
||||
12 | File | `/GponForm/fsetup_Form` | High
|
||||
13 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
14 | File | `/includes/decorators/global-translations.jsp` | High
|
||||
15 | File | `/index.php` | Medium
|
||||
16 | File | `/product_list.php` | High
|
||||
17 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
18 | File | `/see_more_details.php` | High
|
||||
19 | File | `/server-status` | High
|
||||
20 | File | `/setSystemAdmin` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
23 | File | `/WEB-INF/web.xml` | High
|
||||
24 | File | `addentry.php` | Medium
|
||||
25 | File | `admin.php` | Medium
|
||||
26 | File | `admin/executar_login.php` | High
|
||||
27 | File | `admin/mcart_xls_import.php` | High
|
||||
28 | File | `admin/setting.php` | High
|
||||
29 | File | `admin_ranks.php` | High
|
||||
30 | File | `ajax-actions.php` | High
|
||||
31 | File | `alipay/alipayapi.php` | High
|
||||
32 | File | `apcupsd.exe` | Medium
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 258 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 279 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -118,6 +123,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0128-0204.html
|
||||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0218-0225.html
|
||||
* https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
|
||||
* https://blog.talosintelligence.com/2022/07/threat-roundup-0715-0722.html
|
||||
* https://blog.talosintelligence.com/2022/08/threat-roundup-0805-0812.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -230,14 +230,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-273, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -245,38 +246,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%ProgramData%\GOG.com` | High
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin/addemployee.php` | High
|
||||
3 | File | `/admin/del.php` | High
|
||||
4 | File | `/admin/delete.php` | High
|
||||
5 | File | `/admin/delstu.php` | High
|
||||
6 | File | `/admin/login.php` | High
|
||||
7 | File | `/admin/products/controller.php?action=add` | High
|
||||
8 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
9 | File | `/assets` | Low
|
||||
10 | File | `/blog/post/edit` | High
|
||||
11 | File | `/categories/view_category.php` | High
|
||||
12 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/classes/Master.php?f=delete_img` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/etc/ciel.cfg` | High
|
||||
17 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
18 | File | `/etc/shadow.sample` | High
|
||||
19 | File | `/fax/fax_send.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/framework/mod/db/DBMapper.xml` | High
|
||||
22 | File | `/goform/addRouting` | High
|
||||
23 | File | `/goform/Diagnosis` | High
|
||||
24 | File | `/goform/doReboot` | High
|
||||
25 | File | `/goform/form2userconfig.cgi` | High
|
||||
26 | File | `/goform/form2Wan.cgi` | High
|
||||
27 | File | `/goform/formWifiBasicSet` | High
|
||||
28 | File | `/goform/NTPSyncWithHost` | High
|
||||
29 | File | `/goform/SetIpMacBind` | High
|
||||
30 | ... | ... | ...
|
||||
8 | File | `/admin_book.php` | High
|
||||
9 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
10 | File | `/assets` | Low
|
||||
11 | File | `/blog/post/edit` | High
|
||||
12 | File | `/c/macho_reader.c` | High
|
||||
13 | File | `/categories/view_category.php` | High
|
||||
14 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||
15 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/classes/Master.php?f=delete_img` | High
|
||||
18 | File | `/cwc/login` | Medium
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/etc/ciel.cfg` | High
|
||||
21 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
22 | File | `/etc/shadow.sample` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/framework/mod/db/DBMapper.xml` | High
|
||||
25 | File | `/goform/addRouting` | High
|
||||
26 | File | `/goform/Diagnosis` | High
|
||||
27 | File | `/goform/doReboot` | High
|
||||
28 | File | `/goform/form2userconfig.cgi` | High
|
||||
29 | File | `/goform/form2Wan.cgi` | High
|
||||
30 | File | `/goform/formWifiBasicSet` | High
|
||||
31 | File | `/goform/NTPSyncWithHost` | High
|
||||
32 | File | `/goform/SetIpMacBind` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 279 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -81,9 +81,10 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
13 | File | `/uncpath/` | Medium
|
||||
14 | File | `ActiveMediaServer.exe` | High
|
||||
15 | ... | ... | ...
|
||||
15 | File | `addentry.php` | Medium
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 123 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 124 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -36,12 +36,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -54,7 +54,7 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/public/plugins/` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 39 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 40 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue