Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update July 2023

This commit is contained in:
Marc Ruef 2023-07-01 08:50:45 +02:00
parent 0955ba53e2
commit e41f13e7d4
180 changed files with 22385 additions and 16557 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
actors/0ktapus/README.md
View File

@ -63,37 +63,38 @@ ID | Type | Indicator | Confidence
6 | File | `/admin/employee_row.php` | High
7 | File | `/Admin/login.php` | High
8 | File | `/admin/products/manage_product.php` | High
9 | File | `/admin/user/manage_user.php` | High
10 | File | `/ajax.php?action=read_msg` | High
11 | File | `/api/upload` | Medium
12 | File | `/classes/Master.php?f=delete_sub_category` | High
13 | File | `/cms/category/list` | High
14 | File | `/debug/pprof` | Medium
15 | File | `/Default/Bd` | Medium
16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
17 | File | `/domain/add` | Medium
18 | File | `/donor-wall` | Medium
19 | File | `/ebics-server/ebics.aspx` | High
20 | File | `/esbus/servlet/GetSQLData` | High
21 | File | `/film-rating.php` | High
22 | File | `/forum/away.php` | High
23 | File | `/goform/formLogin` | High
24 | File | `/HNAP1` | Low
25 | File | `/horde/util/go.php` | High
26 | File | `/index.php?app=main&func=passport&action=login` | High
27 | File | `/ishttpd/localweb/java/` | High
28 | File | `/KK_LS9ReportingPortal/GetData` | High
29 | File | `/mcategory.php` | High
30 | File | `/out.php` | Medium
31 | File | `/p` | Low
32 | File | `/pages/processlogin.php` | High
33 | File | `/product/savenewproduct.php?flag=1` | High
34 | File | `/services/Card/findUser` | High
35 | File | `/template/edit` | High
36 | File | `/uncpath/` | Medium
37 | ... | ... | ...
9 | File | `/admin/read.php?mudi=announContent` | High
10 | File | `/admin/user/manage_user.php` | High
11 | File | `/ajax.php?action=read_msg` | High
12 | File | `/api/upload` | Medium
13 | File | `/api/wechat/app_auth` | High
14 | File | `/changeimage.php` | High
15 | File | `/classes/Master.php?f=delete_sub_category` | High
16 | File | `/cms/category/list` | High
17 | File | `/debug/pprof` | Medium
18 | File | `/Default/Bd` | Medium
19 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
20 | File | `/domain/add` | Medium
21 | File | `/donor-wall` | Medium
22 | File | `/ebics-server/ebics.aspx` | High
23 | File | `/esbus/servlet/GetSQLData` | High
24 | File | `/film-rating.php` | High
25 | File | `/forum/away.php` | High
26 | File | `/goform/formLogin` | High
27 | File | `/HNAP1` | Low
28 | File | `/horde/util/go.php` | High
29 | File | `/index.php?app=main&func=passport&action=login` | High
30 | File | `/ishttpd/localweb/java/` | High
31 | File | `/KK_LS9ReportingPortal/GetData` | High
32 | File | `/mcategory.php` | High
33 | File | `/out.php` | Medium
34 | File | `/p` | Low
35 | File | `/pages/processlogin.php` | High
36 | File | `/product/savenewproduct.php?flag=1` | High
37 | File | `/services/Card/findUser` | High
38 | ... | ... | ...
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 325 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

80
actors/APT28/README.md
View File

@ -45,45 +45,46 @@ ID | IP address | Hostname | Campaign | Confidence
11 | [23.227.196.21](https://vuldb.com/?ip.23.227.196.21) | 23-227-196-21.static.hvvc.us | - | High
12 | [23.227.196.215](https://vuldb.com/?ip.23.227.196.215) | 23-227-196-215.static.hvvc.us | - | High
13 | [23.227.196.217](https://vuldb.com/?ip.23.227.196.217) | 23-227-196-217.static.hvvc.us | - | High
14 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | - | High
15 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | - | High
16 | [31.220.43.99](https://vuldb.com/?ip.31.220.43.99) | - | Sednit | High
17 | [31.220.61.251](https://vuldb.com/?ip.31.220.61.251) | - | - | High
18 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | - | High
19 | [45.32.129.185](https://vuldb.com/?ip.45.32.129.185) | 45.32.129.185.vultr.com | - | Medium
20 | [45.32.227.21](https://vuldb.com/?ip.45.32.227.21) | 45.32.227.21.mobiltel.mx | - | High
21 | [45.64.105.23](https://vuldb.com/?ip.45.64.105.23) | - | - | High
22 | [45.124.132.127](https://vuldb.com/?ip.45.124.132.127) | - | - | High
23 | [46.19.138.66](https://vuldb.com/?ip.46.19.138.66) | ab2.alchibasystems.in.net | - | High
24 | [46.21.147.55](https://vuldb.com/?ip.46.21.147.55) | 46-21-147-55.static.hvvc.us | - | High
25 | [46.21.147.71](https://vuldb.com/?ip.46.21.147.71) | 46-21-147-71.static.hvvc.us | - | High
26 | [46.21.147.76](https://vuldb.com/?ip.46.21.147.76) | 46-21-147-76.static.hvvc.us | - | High
27 | [46.148.17.227](https://vuldb.com/?ip.46.148.17.227) | - | - | High
28 | [46.166.162.90](https://vuldb.com/?ip.46.166.162.90) | - | Pawn Storm | High
29 | [46.183.217.74](https://vuldb.com/?ip.46.183.217.74) | ip-217-74.dataclub.info | Pawn Storm | High
30 | [51.38.128.110](https://vuldb.com/?ip.51.38.128.110) | vps-0a3489af.vps.ovh.net | - | High
31 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
32 | [51.254.158.57](https://vuldb.com/?ip.51.254.158.57) | - | - | High
33 | [54.37.104.106](https://vuldb.com/?ip.54.37.104.106) | piber.connectedlists.com | - | High
34 | [58.49.58.58](https://vuldb.com/?ip.58.49.58.58) | - | - | High
35 | [62.113.232.197](https://vuldb.com/?ip.62.113.232.197) | - | - | High
36 | [66.172.11.207](https://vuldb.com/?ip.66.172.11.207) | ip-66-172-11-207.chunkhost.com | Carberp | High
37 | [66.172.12.133](https://vuldb.com/?ip.66.172.12.133) | - | - | High
38 | [68.76.150.97](https://vuldb.com/?ip.68.76.150.97) | 68-76-150-97.lightspeed.hstntx.sbcglobal.net | - | High
39 | [69.12.73.174](https://vuldb.com/?ip.69.12.73.174) | 69.12.73.174.static.quadranet.com | Sednit | High
40 | [69.16.243.33](https://vuldb.com/?ip.69.16.243.33) | host.tecnode.com | - | High
41 | [70.85.221.10](https://vuldb.com/?ip.70.85.221.10) | server002.nilsson-it.dk | - | High
42 | [70.85.221.20](https://vuldb.com/?ip.70.85.221.20) | 14.dd.5546.static.theplanet.com | Pawn Storm | High
43 | [76.74.177.251](https://vuldb.com/?ip.76.74.177.251) | ip-76-74-177-251.chunkhost.com | - | High
44 | [77.81.98.122](https://vuldb.com/?ip.77.81.98.122) | no-rdns.clues.ro | - | High
45 | [77.83.247.81](https://vuldb.com/?ip.77.83.247.81) | - | Global Brute Force | High
46 | [78.153.151.222](https://vuldb.com/?ip.78.153.151.222) | smtp33.pristavka-fr.ru | - | High
47 | [80.83.115.187](https://vuldb.com/?ip.80.83.115.187) | host3.smtpnoida.biz | - | High
48 | [80.255.3.93](https://vuldb.com/?ip.80.255.3.93) | - | - | High
49 | [80.255.3.94](https://vuldb.com/?ip.80.255.3.94) | set121.com | - | High
50 | ... | ... | ... | ...
14 | [24.11.70.85](https://vuldb.com/?ip.24.11.70.85) | c-24-11-70-85.hsd1.ut.comcast.net | - | High
15 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | - | High
16 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | - | High
17 | [31.220.43.99](https://vuldb.com/?ip.31.220.43.99) | - | Sednit | High
18 | [31.220.61.251](https://vuldb.com/?ip.31.220.61.251) | - | - | High
19 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | - | High
20 | [45.32.129.185](https://vuldb.com/?ip.45.32.129.185) | 45.32.129.185.vultr.com | - | Medium
21 | [45.32.227.21](https://vuldb.com/?ip.45.32.227.21) | 45.32.227.21.mobiltel.mx | - | High
22 | [45.64.105.23](https://vuldb.com/?ip.45.64.105.23) | - | - | High
23 | [45.124.132.127](https://vuldb.com/?ip.45.124.132.127) | - | - | High
24 | [46.19.138.66](https://vuldb.com/?ip.46.19.138.66) | ab2.alchibasystems.in.net | - | High
25 | [46.21.147.55](https://vuldb.com/?ip.46.21.147.55) | 46-21-147-55.static.hvvc.us | - | High
26 | [46.21.147.71](https://vuldb.com/?ip.46.21.147.71) | 46-21-147-71.static.hvvc.us | - | High
27 | [46.21.147.76](https://vuldb.com/?ip.46.21.147.76) | 46-21-147-76.static.hvvc.us | - | High
28 | [46.148.17.227](https://vuldb.com/?ip.46.148.17.227) | - | - | High
29 | [46.166.162.90](https://vuldb.com/?ip.46.166.162.90) | - | Pawn Storm | High
30 | [46.183.217.74](https://vuldb.com/?ip.46.183.217.74) | ip-217-74.dataclub.info | Pawn Storm | High
31 | [51.38.128.110](https://vuldb.com/?ip.51.38.128.110) | vps-0a3489af.vps.ovh.net | - | High
32 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
33 | [51.254.158.57](https://vuldb.com/?ip.51.254.158.57) | - | - | High
34 | [54.37.104.106](https://vuldb.com/?ip.54.37.104.106) | piber.connectedlists.com | - | High
35 | [58.49.58.58](https://vuldb.com/?ip.58.49.58.58) | - | - | High
36 | [62.113.232.197](https://vuldb.com/?ip.62.113.232.197) | - | - | High
37 | [66.172.11.207](https://vuldb.com/?ip.66.172.11.207) | ip-66-172-11-207.chunkhost.com | Carberp | High
38 | [66.172.12.133](https://vuldb.com/?ip.66.172.12.133) | - | - | High
39 | [68.76.150.97](https://vuldb.com/?ip.68.76.150.97) | 68-76-150-97.lightspeed.hstntx.sbcglobal.net | - | High
40 | [69.12.73.174](https://vuldb.com/?ip.69.12.73.174) | 69.12.73.174.static.quadranet.com | Sednit | High
41 | [69.16.243.33](https://vuldb.com/?ip.69.16.243.33) | host.tecnode.com | - | High
42 | [69.28.64.137](https://vuldb.com/?ip.69.28.64.137) | - | - | High
43 | [70.85.221.10](https://vuldb.com/?ip.70.85.221.10) | server002.nilsson-it.dk | - | High
44 | [70.85.221.20](https://vuldb.com/?ip.70.85.221.20) | 14.dd.5546.static.theplanet.com | Pawn Storm | High
45 | [76.74.177.251](https://vuldb.com/?ip.76.74.177.251) | ip-76-74-177-251.chunkhost.com | - | High
46 | [77.81.98.122](https://vuldb.com/?ip.77.81.98.122) | no-rdns.clues.ro | - | High
47 | [77.83.247.81](https://vuldb.com/?ip.77.83.247.81) | - | Global Brute Force | High
48 | [78.153.151.222](https://vuldb.com/?ip.78.153.151.222) | smtp33.pristavka-fr.ru | - | High
49 | [80.83.115.187](https://vuldb.com/?ip.80.83.115.187) | host3.smtpnoida.biz | - | High
50 | [80.255.3.93](https://vuldb.com/?ip.80.255.3.93) | - | - | High
51 | ... | ... | ... | ...
There are 195 more IOC items available. Please use our online service to access the data.
There are 198 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -156,7 +157,7 @@ ID | Type | Indicator | Confidence
49 | File | `AdxDSrv.exe` | Medium
50 | ... | ... | ...
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 431 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -164,6 +165,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/
* https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/
* https://blog.sekoia.io/apt28-leverages-multiple-phishing-techniques-to-target-ukrainian-civil-society/
* https://cert.gov.ua/article/40102
* https://community.blueliv.com/#!/s/5f6b482482df413eb5350d3b
* https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf

2
actors/APT32/README.md
View File

@ -91,7 +91,7 @@ ID | Type | Indicator | Confidence
24 | File | `agent.cfg` | Medium
25 | ... | ... | ...
There are 211 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 213 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

7
actors/APT34/README.md
View File

@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
@ -95,10 +95,9 @@ ID | Type | Indicator | Confidence
32 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
33 | File | `/PROD_ar/twbkwbis.P_FirstMenu` | High
34 | File | `/replication` | Medium
35 | File | `/RestAPI` | Medium
36 | ... | ... | ...
35 | ... | ... | ...
There are 305 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

90
actors/AdvisorsBot/README.md
View File

@ -21,7 +21,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [185.180.198.56](https://vuldb.com/?ip.185.180.198.56) | . | - | High
1 | [162.244.32.148](https://vuldb.com/?ip.162.244.32.148) | arthurherrera.clientshostname.com | - | High
2 | [162.244.32.185](https://vuldb.com/?ip.162.244.32.185) | . | - | High
3 | [185.180.198.56](https://vuldb.com/?ip.185.180.198.56) | . | - | High
4 | ... | ... | ... | ...
There are 1 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -36,7 +41,7 @@ ID | Technique | Weakness | Description | Confidence
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
There are 19 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -44,47 +49,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/?p=products` | Medium
2 | File | `/about.php` | Medium
3 | File | `/admin.php/accessory/filesdel.html` | High
4 | File | `/admin/?page=user/manage` | High
5 | File | `/admin/add-new.php` | High
6 | File | `/admin/doctors.php` | High
7 | File | `/admin/submit-articles` | High
8 | File | `/ad_js.php` | Medium
9 | File | `/alphaware/summary.php` | High
10 | File | `/api/` | Low
11 | File | `/api/admin/store/product/list` | High
12 | File | `/api/stl/actions/search` | High
13 | File | `/api/v2/cli/commands` | High
14 | File | `/app/options.py` | High
15 | File | `/attachments` | Medium
16 | File | `/boat/login.php` | High
17 | File | `/bsms_ci/index.php/book` | High
18 | File | `/cgi-bin` | Medium
19 | File | `/cgi-bin/luci/api/wireless` | High
20 | File | `/cgi-bin/wlogin.cgi` | High
21 | File | `/context/%2e/WEB-INF/web.xml` | High
22 | File | `/dashboard/reports/logs/view` | High
23 | File | `/debian/patches/load_ppp_generic_if_needed` | High
24 | File | `/debug/pprof` | Medium
25 | File | `/etc/hosts` | Medium
26 | File | `/forum/away.php` | High
27 | File | `/goform/setmac` | High
28 | File | `/goform/wizard_end` | High
29 | File | `/manage-apartment.php` | High
30 | File | `/medicines/profile.php` | High
31 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
32 | File | `/pages/apply_vacancy.php` | High
33 | File | `/proc/<PID>/mem` | High
34 | File | `/proxy` | Low
35 | File | `/reservation/add_message.php` | High
36 | File | `/spip.php` | Medium
37 | File | `/tmp` | Low
38 | File | `/uncpath/` | Medium
39 | ... | ... | ...
1 | File | `$HOME/.printers` | High
2 | File | `/?p=products` | Medium
3 | File | `/about.php` | Medium
4 | File | `/admin.php/accessory/filesdel.html` | High
5 | File | `/admin/?page=user/manage` | High
6 | File | `/admin/add-new.php` | High
7 | File | `/admin/doctors.php` | High
8 | File | `/admin/submit-articles` | High
9 | File | `/ad_js.php` | Medium
10 | File | `/alphaware/summary.php` | High
11 | File | `/api/` | Low
12 | File | `/api/admin/store/product/list` | High
13 | File | `/api/stl/actions/search` | High
14 | File | `/api/v2/cli/commands` | High
15 | File | `/app/options.py` | High
16 | File | `/attachments` | Medium
17 | File | `/bin/ate` | Medium
18 | File | `/boat/login.php` | High
19 | File | `/bsms_ci/index.php/book` | High
20 | File | `/cgi-bin` | Medium
21 | File | `/cgi-bin/luci/api/wireless` | High
22 | File | `/cgi-bin/wlogin.cgi` | High
23 | File | `/context/%2e/WEB-INF/web.xml` | High
24 | File | `/dashboard/reports/logs/view` | High
25 | File | `/debian/patches/load_ppp_generic_if_needed` | High
26 | File | `/debug/pprof` | Medium
27 | File | `/env` | Low
28 | File | `/etc/hosts` | Medium
29 | File | `/forum/away.php` | High
30 | File | `/goform/setmac` | High
31 | File | `/goform/wizard_end` | High
32 | File | `/manage-apartment.php` | High
33 | File | `/medicines/profile.php` | High
34 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
35 | File | `/pages/apply_vacancy.php` | High
36 | File | `/php-sms/admin/?page=user/manage_user` | High
37 | File | `/proc/<PID>/mem` | High
38 | File | `/proxy` | Low
39 | File | `/reservation/add_message.php` | High
40 | ... | ... | ...
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

9
actors/Alfonso Stealer/README.md
View File

@ -21,8 +21,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [95.142.46.35](https://vuldb.com/?ip.95.142.46.35) | v798635.hosted-by-vdsina.ru | - | High
2 | [194.87.248.102](https://vuldb.com/?ip.194.87.248.102) | ptr.ruvds.com | - | High
1 | [89.23.101.20](https://vuldb.com/?ip.89.23.101.20) | - | - | High
2 | [95.142.46.35](https://vuldb.com/?ip.95.142.46.35) | v798635.hosted-by-vdsina.ru | - | High
3 | [109.172.45.229](https://vuldb.com/?ip.109.172.45.229) | necessary-pet.aeza.network | - | High
4 | ... | ... | ... | ...
There are 1 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -67,6 +71,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://app.any.run/tasks/95fa13b9-fe54-4e3b-9352-b5533dcf5b77/
* https://app.any.run/tasks/907c994b-46eb-4722-85f9-2350ebda039a
* https://twitter.com/crep1x/status/1670881170567954432
## Literature

43
actors/Alien/README.md
View File

@ -8,6 +8,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Alien:
* [DE](https://vuldb.com/?country.de)
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
@ -17,9 +18,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.199.173.52](https://vuldb.com/?ip.5.199.173.52) | - | - | High
2 | [20.127.122.139](https://vuldb.com/?ip.20.127.122.139) | - | - | High
3 | [57.128.54.210](https://vuldb.com/?ip.57.128.54.210) | ip210.ip-57-128-54.eu | - | High
1 | [5.78.74.58](https://vuldb.com/?ip.5.78.74.58) | static.58.74.78.5.clients.your-server.de | - | High
2 | [5.78.105.58](https://vuldb.com/?ip.5.78.105.58) | static.58.105.78.5.clients.your-server.de | - | High
3 | [5.161.178.107](https://vuldb.com/?ip.5.161.178.107) | static.107.178.161.5.clients.your-server.de | - | High
4 | ... | ... | ... | ...
There are 9 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -27,12 +31,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
2 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
3 | T1505 | CWE-89 | SQL Injection | High
4 | ... | ... | ... | ...
1 | T1006 | CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 2 more TTP items available. Please use our online service to access the data.
There are 14 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -40,12 +45,24 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/cgi-bin/wlogin.cgi` | High
2 | File | `browse.php` | Medium
3 | File | `com\mingsoft\basic\action\web\FileAction.java` | High
4 | ... | ... | ...
1 | File | `/admin.php?controller=admin_commonuser` | High
2 | File | `/admin/content/index` | High
3 | File | `/admin/convert/export_z3950_new.php` | High
4 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
5 | File | `/ajax/update_certificate` | High
6 | File | `/api/admin/system/store/order/list` | High
7 | File | `/api/jmeter/download/files` | High
8 | File | `/cgi-bin/wlogin.cgi` | High
9 | File | `/customs/loan_by_class.php?reportView` | High
10 | File | `/ecommerce/admin/settings/setDiscount.php` | High
11 | File | `/editor/index.php` | High
12 | File | `/forum/away.php` | High
13 | File | `/fos/admin/ajax.php` | High
14 | File | `/goform/WifiBasicSet` | High
15 | File | `/intern/controller.php` | High
16 | ... | ... | ...
There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 124 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

5
actors/Allakore/README.md
View File

@ -48,9 +48,10 @@ ID | Type | Indicator | Confidence
2 | File | `/wordpress/wp-admin/admin.php` | High
3 | File | `admin/index.php` | High
4 | File | `data/gbconfiguration.dat` | High
5 | ... | ... | ...
5 | File | `filter.php` | Medium
6 | ... | ... | ...
There are 33 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 34 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

11
actors/Anatsa/README.md
View File

@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Anatsa:
* [US](https://vuldb.com/?country.us)
* [DE](https://vuldb.com/?country.de)
* [TR](https://vuldb.com/?country.tr)
* [DE](https://vuldb.com/?country.de)
* ...
There are 2 more country items available. Please use our online service to access the data.
There are 3 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -48,8 +48,11 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `Illuminate\Broadcasting\PendingBroadcast.php` | High
2 | Library | `FARFLT.SYS` | Medium
3 | Argument | `wan_dyn_hostname` | High
2 | File | `web/upload/UploadHandler.php` | High
3 | Library | `FARFLT.SYS` | Medium
4 | ... | ... | ...
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

67
actors/AsyncRAT/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* ...
There are 11 more country items available. Please use our online service to access the data.
There are 12 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -317,7 +317,7 @@ ID | IP address | Hostname | Campaign | Confidence
294 | [45.137.22.111](https://vuldb.com/?ip.45.137.22.111) | hosted-by.rootlayer.net | - | High
295 | ... | ... | ... | ...
There are 1175 more IOC items available. Please use our online service to access the data.
There are 1176 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -325,10 +325,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-50, CWE-425 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-50 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
@ -344,36 +344,37 @@ ID | Type | Indicator | Confidence
2 | File | `/admin/modal_add_product.php` | High
3 | File | `/admin/positions_add.php` | High
4 | File | `/admin/update_s6.php` | High
5 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
6 | File | `/authenticationendpoint/login.do` | High
7 | File | `/bin/ate` | Medium
8 | File | `/bin/login` | Medium
9 | File | `/cgi-bin/luci` | High
10 | File | `/cgi-bin/wlogin.cgi` | High
11 | File | `/changeimage.php` | High
12 | File | `/classes/Users.php?f=save` | High
13 | File | `/DXR.axd` | Medium
14 | File | `/env` | Low
15 | File | `/forum/away.php` | High
16 | File | `/goform/WifiGuestSet` | High
17 | File | `/HNAP1` | Low
18 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
19 | File | `/mc` | Low
20 | File | `/note/index/delete` | High
21 | File | `/out.php` | Medium
22 | File | `/owa/auth/logon.aspx` | High
23 | File | `/paysystem/branch.php` | High
24 | File | `/php-inventory-management-system/product.php` | High
25 | File | `/php-sms/admin/?page=user/manage_user` | High
26 | File | `/send_order.cgi?parameter=restart` | High
27 | File | `/services/indexing/preview` | High
28 | File | `/tmp/boa-temp` | High
29 | File | `/userfs/bin/tcapi` | High
30 | File | `/var/log/nginx` | High
31 | File | `/wp-admin/admin-ajax.php` | High
32 | ... | ... | ...
5 | File | `/api/geojson` | Medium
6 | File | `/Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML` | High
7 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
8 | File | `/authenticationendpoint/login.do` | High
9 | File | `/bin/ate` | Medium
10 | File | `/bin/login` | Medium
11 | File | `/cgi-bin/luci` | High
12 | File | `/cgi-bin/wlogin.cgi` | High
13 | File | `/changeimage.php` | High
14 | File | `/classes/Users.php?f=save` | High
15 | File | `/DXR.axd` | Medium
16 | File | `/env` | Low
17 | File | `/forum/away.php` | High
18 | File | `/goform/WifiGuestSet` | High
19 | File | `/HNAP1` | Low
20 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
21 | File | `/mc` | Low
22 | File | `/out.php` | Medium
23 | File | `/owa/auth/logon.aspx` | High
24 | File | `/paysystem/branch.php` | High
25 | File | `/php-inventory-management-system/product.php` | High
26 | File | `/php-sms/admin/?page=user/manage_user` | High
27 | File | `/send_order.cgi?parameter=restart` | High
28 | File | `/Taier/API/tenant/listTenant` | High
29 | File | `/tmp/boa-temp` | High
30 | File | `/userfs/bin/tcapi` | High
31 | File | `/var/log/nginx` | High
32 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
33 | ... | ... | ...
There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

172
actors/Ave Maria/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [LA](https://vuldb.com/?country.la)
* ...
There are 5 more country items available. Please use our online service to access the data.
There are 8 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -70,44 +70,47 @@ ID | IP address | Hostname | Campaign | Confidence
47 | [37.120.206.69](https://vuldb.com/?ip.37.120.206.69) | - | - | High
48 | [37.139.129.47](https://vuldb.com/?ip.37.139.129.47) | - | - | High
49 | [37.139.129.100](https://vuldb.com/?ip.37.139.129.100) | - | - | High
50 | [37.220.87.3](https://vuldb.com/?ip.37.220.87.3) | ipn-37-220-87-3.artem-catv.ru | - | High
51 | [38.117.65.122](https://vuldb.com/?ip.38.117.65.122) | 38-117-65-122.static-ip.ravand.ca | - | High
52 | [38.132.114.178](https://vuldb.com/?ip.38.132.114.178) | - | - | High
53 | [41.185.97.216](https://vuldb.com/?ip.41.185.97.216) | - | - | High
54 | [41.216.183.52](https://vuldb.com/?ip.41.216.183.52) | - | - | High
55 | [45.12.253.22](https://vuldb.com/?ip.45.12.253.22) | - | - | High
56 | [45.12.253.146](https://vuldb.com/?ip.45.12.253.146) | - | - | High
57 | [45.12.253.202](https://vuldb.com/?ip.45.12.253.202) | - | - | High
58 | [45.59.119.153](https://vuldb.com/?ip.45.59.119.153) | - | - | High
59 | [45.59.119.212](https://vuldb.com/?ip.45.59.119.212) | - | - | High
60 | [45.66.230.108](https://vuldb.com/?ip.45.66.230.108) | - | - | High
61 | [45.72.96.199](https://vuldb.com/?ip.45.72.96.199) | - | - | High
62 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
63 | [45.81.39.89](https://vuldb.com/?ip.45.81.39.89) | - | - | High
64 | [45.81.150.32](https://vuldb.com/?ip.45.81.150.32) | - | - | High
65 | [45.83.129.166](https://vuldb.com/?ip.45.83.129.166) | - | - | High
66 | [45.87.61.139](https://vuldb.com/?ip.45.87.61.139) | - | - | High
67 | [45.87.62.181](https://vuldb.com/?ip.45.87.62.181) | - | - | High
68 | [45.87.63.121](https://vuldb.com/?ip.45.87.63.121) | - | - | High
69 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
70 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
71 | [45.88.67.103](https://vuldb.com/?ip.45.88.67.103) | - | - | High
72 | [45.88.67.145](https://vuldb.com/?ip.45.88.67.145) | - | - | High
73 | [45.90.222.97](https://vuldb.com/?ip.45.90.222.97) | 45-90-222-97-hostedby.bcr.host | - | High
74 | [45.127.101.18](https://vuldb.com/?ip.45.127.101.18) | - | - | High
75 | [45.132.106.37](https://vuldb.com/?ip.45.132.106.37) | vm4440858.34ssd.had.wf | - | High
76 | [45.133.1.34](https://vuldb.com/?ip.45.133.1.34) | - | - | High
77 | [45.135.164.194](https://vuldb.com/?ip.45.135.164.194) | ibera.togeteheran.com | - | High
78 | [45.137.22.35](https://vuldb.com/?ip.45.137.22.35) | hosted-by.rootlayer.net | - | High
79 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
80 | [45.137.22.79](https://vuldb.com/?ip.45.137.22.79) | hosted-by.rootlayer.net | - | High
81 | [45.137.22.143](https://vuldb.com/?ip.45.137.22.143) | hosted-by.rootlayer.net | - | High
82 | [45.137.65.132](https://vuldb.com/?ip.45.137.65.132) | vm4266462.34ssd.had.wf | - | High
83 | [45.137.65.229](https://vuldb.com/?ip.45.137.65.229) | vm4437484.25ssd.had.wf | - | High
84 | [45.137.116.170](https://vuldb.com/?ip.45.137.116.170) | vps-zap970417-5.zap-srv.com | - | High
85 | ... | ... | ... | ...
50 | [37.187.222.230](https://vuldb.com/?ip.37.187.222.230) | ip230.ip-37-187-222.eu | - | High
51 | [37.220.87.3](https://vuldb.com/?ip.37.220.87.3) | ipn-37-220-87-3.artem-catv.ru | - | High
52 | [38.117.65.122](https://vuldb.com/?ip.38.117.65.122) | 38-117-65-122.static-ip.ravand.ca | - | High
53 | [38.132.114.178](https://vuldb.com/?ip.38.132.114.178) | - | - | High
54 | [41.185.97.216](https://vuldb.com/?ip.41.185.97.216) | - | - | High
55 | [41.216.183.52](https://vuldb.com/?ip.41.216.183.52) | - | - | High
56 | [45.12.253.22](https://vuldb.com/?ip.45.12.253.22) | - | - | High
57 | [45.12.253.146](https://vuldb.com/?ip.45.12.253.146) | - | - | High
58 | [45.12.253.202](https://vuldb.com/?ip.45.12.253.202) | - | - | High
59 | [45.59.119.153](https://vuldb.com/?ip.45.59.119.153) | - | - | High
60 | [45.59.119.212](https://vuldb.com/?ip.45.59.119.212) | - | - | High
61 | [45.61.128.246](https://vuldb.com/?ip.45.61.128.246) | - | - | High
62 | [45.66.230.108](https://vuldb.com/?ip.45.66.230.108) | - | - | High
63 | [45.72.96.199](https://vuldb.com/?ip.45.72.96.199) | - | - | High
64 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
65 | [45.81.39.89](https://vuldb.com/?ip.45.81.39.89) | - | - | High
66 | [45.81.150.32](https://vuldb.com/?ip.45.81.150.32) | - | - | High
67 | [45.83.129.166](https://vuldb.com/?ip.45.83.129.166) | - | - | High
68 | [45.87.61.139](https://vuldb.com/?ip.45.87.61.139) | - | - | High
69 | [45.87.62.181](https://vuldb.com/?ip.45.87.62.181) | - | - | High
70 | [45.87.63.121](https://vuldb.com/?ip.45.87.63.121) | - | - | High
71 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
72 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
73 | [45.88.67.72](https://vuldb.com/?ip.45.88.67.72) | - | - | High
74 | [45.88.67.103](https://vuldb.com/?ip.45.88.67.103) | - | - | High
75 | [45.88.67.145](https://vuldb.com/?ip.45.88.67.145) | - | - | High
76 | [45.90.222.97](https://vuldb.com/?ip.45.90.222.97) | 45-90-222-97-hostedby.bcr.host | - | High
77 | [45.127.101.18](https://vuldb.com/?ip.45.127.101.18) | - | - | High
78 | [45.132.106.37](https://vuldb.com/?ip.45.132.106.37) | vm4440858.34ssd.had.wf | - | High
79 | [45.133.1.34](https://vuldb.com/?ip.45.133.1.34) | - | - | High
80 | [45.135.164.194](https://vuldb.com/?ip.45.135.164.194) | ibera.togeteheran.com | - | High
81 | [45.137.22.35](https://vuldb.com/?ip.45.137.22.35) | hosted-by.rootlayer.net | - | High
82 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
83 | [45.137.22.79](https://vuldb.com/?ip.45.137.22.79) | hosted-by.rootlayer.net | - | High
84 | [45.137.22.143](https://vuldb.com/?ip.45.137.22.143) | hosted-by.rootlayer.net | - | High
85 | [45.137.65.132](https://vuldb.com/?ip.45.137.65.132) | vm4266462.34ssd.had.wf | - | High
86 | [45.137.65.229](https://vuldb.com/?ip.45.137.65.229) | vm4437484.25ssd.had.wf | - | High
87 | [45.137.116.170](https://vuldb.com/?ip.45.137.116.170) | vps-zap970417-5.zap-srv.com | - | High
88 | ... | ... | ... | ...
There are 338 more IOC items available. Please use our online service to access the data.
There are 346 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -115,14 +118,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 21 more TTP items available. Please use our online service to access the data.
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -132,13 +135,13 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/?p=products` | Medium
2 | File | `/admin/?page=product/manage_product&id=2` | High
3 | File | `/admin/ajax.php?action=delete_window` | High
4 | File | `/admin/casedetails.php` | High
5 | File | `/admin/index2.html` | High
6 | File | `/admin/maintenance/brand.php` | High
7 | File | `/admin/mechanics/manage_mechanic.php` | High
8 | File | `/admin/positions_add.php` | High
9 | File | `/admin/user/manage_user.php` | High
3 | File | `/admin/casedetails.php` | High
4 | File | `/admin/index2.html` | High
5 | File | `/admin/maintenance/brand.php` | High
6 | File | `/admin/mechanics/manage_mechanic.php` | High
7 | File | `/admin/positions_add.php` | High
8 | File | `/admin/user/manage_user.php` | High
9 | File | `/admin/userprofile.php` | High
10 | File | `/admin/voters_row.php` | High
11 | File | `/ad_js.php` | Medium
12 | File | `/agc/vicidial.php` | High
@ -147,52 +150,51 @@ ID | Type | Indicator | Confidence
15 | File | `/ajax/myshop` | Medium
16 | File | `/alumni/admin/ajax.php?action=save_settings` | High
17 | File | `/api/gen/clients/{language}` | High
18 | File | `/apply.cgi` | Medium
19 | File | `/APR/signup.php` | High
20 | File | `/authenticationendpoint/login.do` | High
21 | File | `/aux` | Low
22 | File | `/backup.pl` | Medium
23 | File | `/cas/logout` | Medium
24 | File | `/categorypage.php` | High
25 | File | `/cgi-bin/system_mgr.cgi` | High
18 | File | `/APR/signup.php` | High
19 | File | `/authenticationendpoint/login.do` | High
20 | File | `/aux` | Low
21 | File | `/backup.pl` | Medium
22 | File | `/cas/logout` | Medium
23 | File | `/categorypage.php` | High
24 | File | `/cgi-bin/system_mgr.cgi` | High
25 | File | `/cgi-bin/wlogin.cgi` | High
26 | File | `/cha.php` | Medium
27 | File | `/College/admin/teacher.php` | High
28 | File | `/contactform/contactform.php` | High
29 | File | `/dayrui/Fcms/View/system_log.html` | High
30 | File | `/drivers/block/floppy.c` | High
31 | File | `/DXR.axd` | Medium
32 | File | `/ecommerce/admin/category/controller.php` | High
33 | File | `/etc/config/product.ini` | High
34 | File | `/etc/crash` | Medium
29 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
30 | File | `/dayrui/Fcms/View/system_log.html` | High
31 | File | `/dcim/rack-roles/` | High
32 | File | `/drivers/block/floppy.c` | High
33 | File | `/DXR.axd` | Medium
34 | File | `/ecommerce/admin/category/controller.php` | High
35 | File | `/etc/shadow` | Medium
36 | File | `/fos/admin/ajax.php` | High
37 | File | `/goform/aspForm` | High
38 | File | `/goform/WifiBasicSet` | High
36 | File | `/forum/away.php` | High
37 | File | `/fos/admin/ajax.php` | High
38 | File | `/goform/aspForm` | High
39 | File | `/goform/WifiGuestSet` | High
40 | File | `/index.php` | Medium
40 | File | `/inc/topBarNav.php` | High
41 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
42 | File | `/kelasdosen/data` | High
43 | File | `/login/index.php` | High
44 | File | `/medicines/profile.php` | High
45 | File | `/modules/projects/vw_files.php` | High
46 | File | `/Moosikay/order.php` | High
47 | File | `/multi-vendor-shopping-script/product-list.php` | High
48 | File | `/nasm/nasm-parse.c` | High
49 | File | `/ordering/admin/orders/loaddata.php` | High
50 | File | `/ordering/admin/stockin/loaddata.php` | High
51 | File | `/owa/auth/logon.aspx` | High
52 | File | `/philosophy/admin/login.php` | High
53 | File | `/php-opos/login.php` | High
54 | File | `/priv_mgt.html` | High
55 | File | `/queuing/index.php?page=display` | High
42 | File | `/kelas/data` | Medium
43 | File | `/kelasdosen/data` | High
44 | File | `/modules/projects/vw_files.php` | High
45 | File | `/Moosikay/order.php` | High
46 | File | `/multi-vendor-shopping-script/product-list.php` | High
47 | File | `/nasm/nasm-parse.c` | High
48 | File | `/ordering/admin/orders/loaddata.php` | High
49 | File | `/ordering/admin/stockin/loaddata.php` | High
50 | File | `/owa/auth/logon.aspx` | High
51 | File | `/paysystem/branch.php` | High
52 | File | `/paysystem/datatable.php` | High
53 | File | `/philosophy/admin/login.php` | High
54 | File | `/php-opos/login.php` | High
55 | File | `/priv_mgt.html` | High
56 | File | `/resources//../` | High
57 | File | `/see_more_details.php` | High
58 | File | `/services/indexing/preview` | High
59 | File | `/upgrade` | Medium
60 | File | `/user/updatePwd` | High
61 | ... | ... | ...
59 | File | `/Taier/API/tenant/listTenant` | High
60 | ... | ... | ...
There are 532 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 522 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

69
actors/BLM/README.md Normal file
View File

@ -0,0 +1,69 @@
# BLM - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BLM](https://vuldb.com/?actor.blm). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.blm](https://vuldb.com/?actor.blm)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BLM:
* [US](https://vuldb.com/?country.us)
* [PT](https://vuldb.com/?country.pt)
* [SK](https://vuldb.com/?country.sk)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BLM.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
2 | [82.202.65.125](https://vuldb.com/?ip.82.202.65.125) | 125-65-202-82.hicoria.com | - | High
3 | [82.202.65.177](https://vuldb.com/?ip.82.202.65.177) | 177-65-202-82.hicoria.com | - | High
4 | ... | ... | ... | ...
There are 3 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _BLM_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
3 | T1211 | CWE-254 | 7PK Security Features | High
4 | ... | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BLM. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/mc-admin/page.php` | High
2 | File | `ajax_url.php` | Medium
3 | File | `byterun/bigarray.c` | High
4 | ... | ... | ...
There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.fortinet.com/blog/threat-research/global-malicious-spam-campaign-using-black-lives-matter-as-a-lure
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

18
actors/BackdoorDiplomacy/README.md
View File

@ -94,17 +94,17 @@ ID | Type | Indicator | Confidence
34 | File | `/out.php` | Medium
35 | File | `/password.html` | High
36 | File | `/php_action/fetchSelectedUser.php` | High
37 | File | `/proc/ioports` | High
38 | File | `/property-list/property_view.php` | High
39 | File | `/ptms/classes/Users.php` | High
40 | File | `/resources//../` | High
41 | File | `/rest/api/2/search` | High
42 | File | `/s/` | Low
43 | File | `/scripts/cpan_config` | High
44 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
37 | File | `/property-list/property_view.php` | High
38 | File | `/ptms/classes/Users.php` | High
39 | File | `/resources//../` | High
40 | File | `/rest/api/2/search` | High
41 | File | `/s/` | Low
42 | File | `/scripts/cpan_config` | High
43 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
44 | File | `/spip.php` | Medium
45 | ... | ... | ...
There are 392 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

132
actors/Bashlite/README.md
View File

@ -131,43 +131,45 @@ ID | IP address | Hostname | Campaign | Confidence
108 | [45.79.127.90](https://vuldb.com/?ip.45.79.127.90) | 45-79-127-90.ip.linodeusercontent.com | - | High
109 | [45.79.207.123](https://vuldb.com/?ip.45.79.207.123) | se1.izlae.com | - | High
110 | [45.81.39.172](https://vuldb.com/?ip.45.81.39.172) | - | - | High
111 | [45.85.90.172](https://vuldb.com/?ip.45.85.90.172) | lanenap.sa.com | - | High
112 | [45.88.66.177](https://vuldb.com/?ip.45.88.66.177) | - | - | High
113 | [45.90.14.172](https://vuldb.com/?ip.45.90.14.172) | chivalrous.acquiretm.com | - | High
114 | [45.90.160.173](https://vuldb.com/?ip.45.90.160.173) | - | - | High
115 | [45.90.161.73](https://vuldb.com/?ip.45.90.161.73) | - | - | High
116 | [45.90.161.92](https://vuldb.com/?ip.45.90.161.92) | - | - | High
117 | [45.90.162.184](https://vuldb.com/?ip.45.90.162.184) | - | - | High
118 | [45.95.55.54](https://vuldb.com/?ip.45.95.55.54) | flyhosting.de | - | High
119 | [45.95.55.232](https://vuldb.com/?ip.45.95.55.232) | flyhosting.de | - | High
120 | [45.95.169.115](https://vuldb.com/?ip.45.95.169.115) | - | - | High
121 | [45.95.169.119](https://vuldb.com/?ip.45.95.169.119) | 0mrn.hitoritabifans.com | - | High
122 | [45.95.169.133](https://vuldb.com/?ip.45.95.169.133) | - | - | High
123 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
124 | [45.128.153.154](https://vuldb.com/?ip.45.128.153.154) | - | - | High
125 | [45.128.232.144](https://vuldb.com/?ip.45.128.232.144) | 144.232.128.45.pfcloud.io | - | High
126 | [45.128.234.72](https://vuldb.com/?ip.45.128.234.72) | - | - | High
127 | [45.132.88.184](https://vuldb.com/?ip.45.132.88.184) | 45.132.88.184.mc-host24.de | - | High
128 | [45.134.10.88](https://vuldb.com/?ip.45.134.10.88) | hosted-by.infraly.co | - | High
129 | [45.134.11.110](https://vuldb.com/?ip.45.134.11.110) | mail.knowallthings.com | - | High
130 | [45.137.206.188](https://vuldb.com/?ip.45.137.206.188) | hosted-by.varixx.org | - | High
131 | [45.140.188.33](https://vuldb.com/?ip.45.140.188.33) | hosted-by.royalehosting.net | - | High
132 | [45.140.188.40](https://vuldb.com/?ip.45.140.188.40) | minrow.populatively.com | - | High
133 | [45.140.188.109](https://vuldb.com/?ip.45.140.188.109) | hosted-by.royalehosting.net | - | High
134 | [45.141.239.114](https://vuldb.com/?ip.45.141.239.114) | - | - | High
135 | [45.142.107.167](https://vuldb.com/?ip.45.142.107.167) | tube-hosting.com | - | High
136 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
137 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
138 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
139 | [45.148.10.76](https://vuldb.com/?ip.45.148.10.76) | - | - | High
140 | [45.148.10.243](https://vuldb.com/?ip.45.148.10.243) | - | - | High
141 | [45.148.120.80](https://vuldb.com/?ip.45.148.120.80) | - | - | High
142 | [45.148.120.171](https://vuldb.com/?ip.45.148.120.171) | - | - | High
143 | [45.148.120.226](https://vuldb.com/?ip.45.148.120.226) | 45-148-120-226.hosted-by.phanes.cloud | - | High
144 | [45.148.121.228](https://vuldb.com/?ip.45.148.121.228) | - | - | High
145 | ... | ... | ... | ...
111 | [45.81.234.229](https://vuldb.com/?ip.45.81.234.229) | 45.81.234.229.mc-host24.de | - | High
112 | [45.85.90.172](https://vuldb.com/?ip.45.85.90.172) | lanenap.sa.com | - | High
113 | [45.88.66.177](https://vuldb.com/?ip.45.88.66.177) | - | - | High
114 | [45.90.14.172](https://vuldb.com/?ip.45.90.14.172) | chivalrous.acquiretm.com | - | High
115 | [45.90.160.173](https://vuldb.com/?ip.45.90.160.173) | - | - | High
116 | [45.90.161.73](https://vuldb.com/?ip.45.90.161.73) | - | - | High
117 | [45.90.161.92](https://vuldb.com/?ip.45.90.161.92) | - | - | High
118 | [45.90.162.184](https://vuldb.com/?ip.45.90.162.184) | - | - | High
119 | [45.95.55.54](https://vuldb.com/?ip.45.95.55.54) | flyhosting.de | - | High
120 | [45.95.55.232](https://vuldb.com/?ip.45.95.55.232) | flyhosting.de | - | High
121 | [45.95.169.115](https://vuldb.com/?ip.45.95.169.115) | - | - | High
122 | [45.95.169.119](https://vuldb.com/?ip.45.95.169.119) | 0mrn.hitoritabifans.com | - | High
123 | [45.95.169.133](https://vuldb.com/?ip.45.95.169.133) | - | - | High
124 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
125 | [45.128.153.154](https://vuldb.com/?ip.45.128.153.154) | - | - | High
126 | [45.128.232.144](https://vuldb.com/?ip.45.128.232.144) | 144.232.128.45.pfcloud.io | - | High
127 | [45.128.232.180](https://vuldb.com/?ip.45.128.232.180) | - | - | High
128 | [45.128.234.72](https://vuldb.com/?ip.45.128.234.72) | - | - | High
129 | [45.132.88.184](https://vuldb.com/?ip.45.132.88.184) | 45.132.88.184.mc-host24.de | - | High
130 | [45.134.10.88](https://vuldb.com/?ip.45.134.10.88) | hosted-by.infraly.co | - | High
131 | [45.134.11.110](https://vuldb.com/?ip.45.134.11.110) | mail.knowallthings.com | - | High
132 | [45.137.206.188](https://vuldb.com/?ip.45.137.206.188) | hosted-by.varixx.org | - | High
133 | [45.140.188.33](https://vuldb.com/?ip.45.140.188.33) | hosted-by.royalehosting.net | - | High
134 | [45.140.188.40](https://vuldb.com/?ip.45.140.188.40) | minrow.populatively.com | - | High
135 | [45.140.188.109](https://vuldb.com/?ip.45.140.188.109) | hosted-by.royalehosting.net | - | High
136 | [45.141.239.114](https://vuldb.com/?ip.45.141.239.114) | - | - | High
137 | [45.142.107.167](https://vuldb.com/?ip.45.142.107.167) | tube-hosting.com | - | High
138 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
139 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
140 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
141 | [45.148.10.76](https://vuldb.com/?ip.45.148.10.76) | - | - | High
142 | [45.148.10.243](https://vuldb.com/?ip.45.148.10.243) | - | - | High
143 | [45.148.120.80](https://vuldb.com/?ip.45.148.120.80) | - | - | High
144 | [45.148.120.171](https://vuldb.com/?ip.45.148.120.171) | - | - | High
145 | [45.148.120.226](https://vuldb.com/?ip.45.148.120.226) | 45-148-120-226.hosted-by.phanes.cloud | - | High
146 | [45.148.121.228](https://vuldb.com/?ip.45.148.121.228) | - | - | High
147 | ... | ... | ... | ...
There are 574 more IOC items available. Please use our online service to access the data.
There are 584 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -175,14 +177,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 20 more TTP items available. Please use our online service to access the data.
There are 21 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -205,40 +207,38 @@ ID | Type | Indicator | Confidence
13 | File | `/api/stl/actions/search` | High
14 | File | `/api/v2/cli/commands` | High
15 | File | `/apply.cgi` | Medium
16 | File | `/boat/login.php` | High
17 | File | `/bsms_ci/index.php/book` | High
18 | File | `/cgi-bin` | Medium
19 | File | `/cgi-bin/wlogin.cgi` | High
20 | File | `/College/admin/teacher.php` | High
21 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
22 | File | `/ctcprotocol/Protocol` | High
23 | File | `/dcim/rack-roles/` | High
24 | File | `/debug/pprof` | Medium
25 | File | `/ebics-server/ebics.aspx` | High
26 | File | `/env` | Low
27 | File | `/etc/hosts` | Medium
16 | File | `/bin/ate` | Medium
17 | File | `/boat/login.php` | High
18 | File | `/bsms_ci/index.php/book` | High
19 | File | `/cgi-bin` | Medium
20 | File | `/cgi-bin/wlogin.cgi` | High
21 | File | `/College/admin/teacher.php` | High
22 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
23 | File | `/ctcprotocol/Protocol` | High
24 | File | `/dcim/rack-roles/` | High
25 | File | `/debug/pprof` | Medium
26 | File | `/ebics-server/ebics.aspx` | High
27 | File | `/env` | Low
28 | File | `/forum/away.php` | High
29 | File | `/goform/aspForm` | High
30 | File | `/goform/delAd` | High
31 | File | `/HNAP1` | Low
32 | File | `/HNAP1/SetClientInfo` | High
33 | File | `/inc/topBarNav.php` | High
34 | File | `/kelas/data` | Medium
35 | File | `/medicines/profile.php` | High
36 | File | `/menu.html` | Medium
37 | File | `/modules/profile/index.php` | High
38 | File | `/Moosikay/order.php` | High
30 | File | `/HNAP1` | Low
31 | File | `/HNAP1/SetClientInfo` | High
32 | File | `/inc/topBarNav.php` | High
33 | File | `/kelas/data` | Medium
34 | File | `/medicines/profile.php` | High
35 | File | `/menu.html` | Medium
36 | File | `/modules/profile/index.php` | High
37 | File | `/Moosikay/order.php` | High
38 | File | `/php-sms/admin/?page=user/manage_user` | High
39 | File | `/reservation/add_message.php` | High
40 | File | `/resources//../` | High
41 | File | `/spip.php` | Medium
42 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
43 | File | `/sys/dict/queryTableData` | High
44 | File | `/tmp` | Low
45 | File | `/user/updatePwd` | High
46 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
47 | ... | ... | ...
45 | ... | ... | ...
There are 405 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -372,6 +372,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/8f6a2c5d17f924af5435f1d6c42d7af0cbf208fc0296184f1e95e79125cd6e17/
* https://bazaar.abuse.ch/sample/8f24d9c22274b4ecfc02d537ba92f4337d94661586177b8222570e081beb3725/
* https://bazaar.abuse.ch/sample/9a15be7c12fa6ae4a380bada990ab3024d55ec0c1e9fcf6935f18969a085ea6e/
* https://bazaar.abuse.ch/sample/9a76aa2e38d05c282587ccce987482cd25bda872b0f63251ee11437d85151eea/
* https://bazaar.abuse.ch/sample/9a16268c0e9fe89697c55cda80b2f09e9ba6a03ecf456daa07ddb89bef6eef5f/
* https://bazaar.abuse.ch/sample/9ab929ac75e5c3627fd537aeb34d137b246129e5fad1158d845e4021ce6bb3e1/
* https://bazaar.abuse.ch/sample/9ae1feeadd3edd6deee7789debbfb1798274151ab1734c07d86f6d837642cc93/
@ -399,6 +400,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/29ab568f4dbe12031374e3dc4d2c56f76049297dc6c32123e9051f89431fa852/
* https://bazaar.abuse.ch/sample/31c96cfddb7c596bde617d6c072551d0bf04d30b5bccddc5b97d76a4dac54347/
* https://bazaar.abuse.ch/sample/31fa9f121ab7bb10a2a3f789c5e928e309912d1d76377cdde1d499524e472cb2/
* https://bazaar.abuse.ch/sample/32f09deebef50eea2685d082cfaf67f9b0e8fd8a2c2afac56e383364f7aaa657/
* https://bazaar.abuse.ch/sample/33e56b47d123955b3d5d820189a345f9b2b9b9fc394632689d48477357799fa7/
* https://bazaar.abuse.ch/sample/34b404d9cb357730cca3c77261ab7f94c1189148d7d01cea376621051308713a/
* https://bazaar.abuse.ch/sample/34c1646e2d0c27eaecb515e7b3d880a8eb0d548286d99e8460a37959b43ec7aa/
@ -489,6 +491,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/716c8bae6e915d3096635bb6af81f44d8ca977447ec8efb099053633daf781f6/
* https://bazaar.abuse.ch/sample/788db01a3b8ddbdfc3f82858e61102003ba23ebab2dc9a442fa681d4067812e4/
* https://bazaar.abuse.ch/sample/798fd1cb5b6cf836d652a40c6863891381a2b5b7b07f29da33f1c60c14c8558a/
* https://bazaar.abuse.ch/sample/816cc7c06ccc6b156f1709ddfded9605dc250afea795120055d7809efb7fda86/
* https://bazaar.abuse.ch/sample/821daf19dc278c67757faf18294ab37b3358f68e1e67e27332c762162273d891/
* https://bazaar.abuse.ch/sample/825c3aa67440f740887effe8f86e5d4e014eba94f9d8d756aa2c6767bd272eb9/
* https://bazaar.abuse.ch/sample/846c42db64e10fa58af94e47bf5ba98497a0d518e7a49badb11151e3fa0d3b4f/
@ -543,6 +546,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/92194a7fbc46e88dbb9876c458c742cb55426825d25ce7e01279b55927355d60/
* https://bazaar.abuse.ch/sample/92838d046d9253542c557765602e0673ebadc74258f11f362e52a29cc74f778c/
* https://bazaar.abuse.ch/sample/97587e55695db5f8f31133862969a7ce9a60757cfc2a097e89cd6fa8cc16c365/
* https://bazaar.abuse.ch/sample/97854ff0a53e12a5520c938c04efa3821c91b77ee612d11cc8c0c4472b6b5c59/
* https://bazaar.abuse.ch/sample/121191aea9560df7d2a365d4c94a524bbf94d69bc59b0e2ba9bfda93db50184c/
* https://bazaar.abuse.ch/sample/143668b80a595ce4c4e886e5f18ae05afd7ccfa3ffe997070addae6bf25c7bdc/
* https://bazaar.abuse.ch/sample/295001e0d25736437472a9111c3e77f332a21b688b8a1fc6403f8b956df9520d/
@ -673,10 +677,12 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/d34acff690e42b6bb4ec5d1a43b2fafac9611a625643fa55926a48cdd0355f77/
* https://bazaar.abuse.ch/sample/d49a93c84e608ea820329306c6fc9dd5e6e027fb2ea996f2a79d12f4626068a5/
* https://bazaar.abuse.ch/sample/d55bba7134bb5b4f6ab2454b824d0555ebcb5acdcd06006cfc13e5b19f429ebc/
* https://bazaar.abuse.ch/sample/d79ff4439211fb109459bf079b73f48bbff8b8f3aee84d7d536e74d3fde5e355/
* https://bazaar.abuse.ch/sample/d113d6f2b3c4d7a9ddf1ca867e534c0f0388f198b0b17e9db067961008e1e038/
* https://bazaar.abuse.ch/sample/d194f66a093586ecc369ace8e98312ab71cfd02928f89a4d730bafd2587e4248/
* https://bazaar.abuse.ch/sample/d596edf37de6341d372093f89d34611a7f9af4ec9272891e5b31b75779f1f05e/
* https://bazaar.abuse.ch/sample/d1959c7f86ff208f75b5c242b78fa5ecea3984062e8af3805c48f2e75597342c/
* https://bazaar.abuse.ch/sample/d4485aef1c39003e874f76fab675dc2e6586b39ed5d74222f36a47021f3ff73e/
* https://bazaar.abuse.ch/sample/d6051c0f7391dacd4ae8a2613458828b4769c7e60e4f571e8754ed25f42ec65e/
* https://bazaar.abuse.ch/sample/d6919fae25fb5691e7a0065e485d64c2946a8524ec1566e13f11580ae8d51074/
* https://bazaar.abuse.ch/sample/d424799342b67ab3eb6fa9b5aa3ada2501faf25e8774bd9bc4b22c42a92f8405/

179
actors/BianLian/README.md
View File

@ -21,89 +21,91 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [3.82.108.57](https://vuldb.com/?ip.3.82.108.57) | ec2-3-82-108-57.compute-1.amazonaws.com | - | Medium
2 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
3 | [3.236.161.7](https://vuldb.com/?ip.3.236.161.7) | ec2-3-236-161-7.compute-1.amazonaws.com | - | Medium
4 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
5 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
6 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
7 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
8 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
9 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
10 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
11 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
12 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
13 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
14 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
15 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
16 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
17 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
18 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
19 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
20 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
21 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
22 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
23 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
24 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
25 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
26 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
27 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
28 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
29 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
30 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
31 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
32 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
33 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
34 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
35 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
36 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
37 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
38 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
39 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
40 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
41 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
42 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
43 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
44 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
45 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
46 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
47 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
48 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
49 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
50 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
51 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
52 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
53 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
54 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
55 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
56 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
57 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
58 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
59 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
60 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
61 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
62 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
63 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
64 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
65 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
66 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
67 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
68 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
69 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
70 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
71 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
72 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
73 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
74 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
75 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
76 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
77 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
78 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
79 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
80 | [45.128.156.43](https://vuldb.com/?ip.45.128.156.43) | buyetcapp.store | - | High
81 | ... | ... | ... | ...
1 | [3.72.105.50](https://vuldb.com/?ip.3.72.105.50) | ec2-3-72-105-50.eu-central-1.compute.amazonaws.com | - | Medium
2 | [3.82.108.57](https://vuldb.com/?ip.3.82.108.57) | ec2-3-82-108-57.compute-1.amazonaws.com | - | Medium
3 | [3.109.108.143](https://vuldb.com/?ip.3.109.108.143) | ec2-3-109-108-143.ap-south-1.compute.amazonaws.com | - | Medium
4 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
5 | [3.236.161.7](https://vuldb.com/?ip.3.236.161.7) | ec2-3-236-161-7.compute-1.amazonaws.com | - | Medium
6 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
7 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
8 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
9 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
10 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
11 | [5.181.20.110](https://vuldb.com/?ip.5.181.20.110) | - | - | High
12 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
13 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
14 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
15 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
16 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
17 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
18 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
19 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
20 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
21 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
22 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
23 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
24 | [13.38.37.128](https://vuldb.com/?ip.13.38.37.128) | ec2-13-38-37-128.eu-west-3.compute.amazonaws.com | - | Medium
25 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
26 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
27 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
28 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
29 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
30 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
31 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
32 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
33 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
34 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
35 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
36 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
37 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
38 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
39 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
40 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
41 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
42 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
43 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
44 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
45 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
46 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
47 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
48 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
49 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
50 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
51 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
52 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
53 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
54 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
55 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
56 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
57 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
58 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
59 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
60 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
61 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
62 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
63 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
64 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
65 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
66 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
67 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
68 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
69 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
70 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
71 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
72 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
73 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
74 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
75 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
76 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
77 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
78 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
79 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
80 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
81 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
82 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
83 | ... | ... | ... | ...
There are 318 more IOC items available. Please use our online service to access the data.
There are 329 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -201,6 +203,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c0be0b8925a769e0d6d7d541a26d380d3e462752c3a4b0a90a230020a2283bcc%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c0ce6a1b2387e7593f84ea25fda98899c79d00e481fb2f3809cbebac820b2999%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c9cb3353676114a2dd6f4336677a34d369604ac9be7038ce76e0a189e1f4983e%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c37cae2ad2e1f96cc5f86bfe8369418d4b7551818f755057996c8e8e8c57e1ed%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c65e53ea76a8af7ec4f704fd953d3901397d213fbb00a0a5815b95b1a4ff62c6%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c66b5d341d656ef280c1095374c3982ecca1807bc119250be97a527d060a7639%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c95ac37769cf63560afea658b9d5305ab163ef194900b21995ca850a0653cb49%22
@ -225,10 +228,12 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e02965151a24e098e731890d714cf7512a4d8bd3f61f2edb24e2d2a388784a6e%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e079e26331ab421908da3c609f1aa97d58b6c030150498c74aace849c9d7aa12%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e1caf0308e9eb8602a988b80c1cc99b11123733769ffe2f970d969a5421e4c31%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e2e7399fae3b50cfb2d9f2055430ef5a10ff15f8f05e5b090615af121fef0454%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e9ee059af7f17eb82141660167684b7b3e4a4513996fa9b27d918c13b78a4def%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e9fe9545a439564a7c1052eb0e572b8b41609b0f0d96238cff2b8ff567612836%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e51ba208f09bc6e4626291120c559fd76abf1acca7be95a3b9317585f46b1176%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e68b22310a3b37aa797514afcc489366347af5666d9afe3d83b770693173fc2f%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e4357b9507e9ddd2dd566551d30a8d495fea13c42a8df96ce2584eb5cde36dbb%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e8171da4f1059e0b1e48d8ec788a975159f28a0bdc27b4cdba014fb55aa6f236%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e8751ab788f4ff73d0facc30a0b2ec5ea37a18fce1b1aa38f8eadcec19745a5e%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e62160ae86ff880d0516811cb33e8fe31949daf9dee136cec2a96b72dd115518%22
@ -253,6 +258,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220e7705888a9000b0a2c8ca2a4846d890920d19bd6af9c50fb34668b4673f54c7%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220ebaabf79ecaccb878e0ecc68b6c868ef047ac8735a3347ff892c3420b47803f%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221af6ae62dca201286d4b11ee20fd1e8dcf343d2e8500de51f9175bcf3d12e06f%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221b6d4e3302e4407da1693a4e39b4d352656e2fd7053af0c46a6ae9be62e77a9c%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221bd713b603ea09badad645fd38c8e9f75629d122cd81fcecd00ab2a5933feeea%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221de69dde6fa4833818869e3a6b2fb9ee251f63d6692988fc3ba7dcd2ae275200%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221ebe4f6c1b7578cfae6d609d2dc69913cb0ca7fade5c6ae3d4f116e145f50f4d%22
@ -277,6 +283,9 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226c6d464110a46f813722131e8cce268bdccfdfeb705ce25fcc51cabe0b88c8e4%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226cbb0cef1838f2b253613796470b7fcc3cd4453d3f5be8220aeda52f383fb781%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226d64edc2a8867b924b85d762657e103ad3338e1bd40b3ffca92633df41e9003e%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226e1be457dd210298ad9a471567719e10a579b0f4dd460b24e4119a3ed4cc0bf9%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226e4cdc8e537f39275794ab6a39fe278051f6fe3738c78440a24fc9d6b70b078a%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226e260640cd33793e08329bde5c227e42484ec78185bd0a4970dd10d4ddd2a8de%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226ff2935c1dc9d4750155451ca7a63c9183335d11a97bd53c7b3bef1c30dadbe5%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227b15ca0e6613e8f7b008165d20fb40bdbc31805143ff35636dfd60b27eba719d%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227c0104c32dbf057cc59cd672786089d020422bd85264a8f0a69a57f98e7105c9%22
@ -284,14 +293,17 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227d187d521097b1c7fa30d78d0691f33e845069d0b4c6522f81b1ff96e93e920a%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227dc2846444a74b2a4090fea4c48a5e5e8d04ae81be94fac62ce50af24701b83b%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227de4a51d9fd29fe60f6e79a8dd16ca21fd1250a3f76015fca9f1ced7e407ffd3%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228d0a7fb11481882ec86b2711cbf989ed7df024485bb4ad230222ff4ebde80e77%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228d99137fde73683c67b4701cfb75b61cc42a23858d065a47a8e7ae01e6070140%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228f532fe8babcbda860f2916592d90b128b327990fd75e34dff68204efc1c6a47%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ae1a707bdb87aa40ec1139533ee543b5bcdf6ce89f7b9c560520d5868e5353e%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229c71fdb3c7ac17591c355ba028b6a86f243246fac32eb07af552199037c2faf2%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ccaaf6ad700e922565d1947ac46839e4a8c8a18af7a94605f4ebfcbb916b4f4%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229e470e79949459e89b8fb0a496c6d21614c54148e7b5bf0d311f55ae225b8b5b%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229f280c1d40c86e88f341db63b3a55cae35bdfcf345744a9006aa0410ca9a3bd2%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2206fc02e9726474160349c6e7e545bf03d18ada8f74a3fa1159f9fb25a48e5b74%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2207deb33f61bd7d79b0217dbeff588f3f08f262da0432ac97430a582b6ed2f364%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2209ae17b8d2b01e133acca4ada71af97af40c215071d27a8b6fd1115876baecc4%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2210a89450a5e9101d0a34a222fe35f37f56d8ce9714db8622d3cdb6a9a8939cc5%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2213fec9dcab49872fcfa8dc703a7baca213497abb1b5a2f8862be0aa1a9e93c83%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2214c9b49486497c56292f24e25801ed4f76998d4798ca51d801a666b0e2a397d6%22
@ -310,6 +322,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2268f411f453d0f7b4595ea53fd239846565cb3e26eed99a5dcf2173256669bfb6%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2271ca588dc1a7dfbc4cf99efa295310fcb598c20bd5213a8a1af6f7f41d3fb944%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2277f6340d0bf20df9da3554448d58f092560efd91b2d9665fffe294cabbdf40fd%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2278df08112145051aa43df87bf618898a4de212658492b2f7555b5e1099f83d19%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2279ad05f691ad8394b1b2a9bfd89f5d90bb61d54d67d07ae3d3a1decc41bf9432%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2280b4844cfce9fcfaaa849478a079e757eff4c268a26c6895c2a1dd4099fcd5d4%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2284dd10727e6b29b3278e3f64dbbab293711957835f23cc755b3226b58ec5ef51%22
@ -359,7 +372,9 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2201031e2c5206b868aef93bfc97e7f336daaf90f54518e95bcc5c81806a53a536%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2212414ffbbb9d89905eccbb3529cbeec829e492e21f7f8ccce902eebb05061e59%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220743d0b9dbb07cafe875ba9ed1642b630c421c4956b20f3fb7a127b39350b9f%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2227618be62f75be7fe32e7bdf9ee57f1a4762bc45f79a255b77ccd4f943c6ec37%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2231081cb136ebb7f4be19b67a6276964bc79ced2809af089006aaa67d74d7db80%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2234127f3774e3587aff519739334fc5ad92b883b66c70472f91b34b3dc89e81ce%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2241602f8a75499891647fe9c8112af946a12c2b8beefa40470437092c7b388fb4%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2254642a2cadab34dace47c29b487e9e43c4b478efdd16ee409d14838b8fa89b91%22
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2268976f0a08c0ebe81aad2a831b31ad8da59c5293658b60e5d359451d6c7e487a%22

95
actors/BlackEnergy/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [ES](https://vuldb.com/?country.es)
* [LA](https://vuldb.com/?country.la)
* ...
There are 15 more country items available. Please use our online service to access the data.
There are 16 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -44,7 +44,7 @@ ID | Technique | Weakness | Description | Confidence
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 19 more TTP items available. Please use our online service to access the data.
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -52,50 +52,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/about.php` | Medium
2 | File | `/admin.php/accessory/filesdel.html` | High
3 | File | `/admin/?page=user/manage` | High
4 | File | `/admin/add-new.php` | High
5 | File | `/admin/doctors.php` | High
6 | File | `/admin/submit-articles` | High
7 | File | `/ad_js.php` | Medium
8 | File | `/alphaware/summary.php` | High
9 | File | `/api/` | Low
10 | File | `/api/admin/store/product/list` | High
11 | File | `/api/v2/cli/commands` | High
12 | File | `/app/options.py` | High
13 | File | `/attachments` | Medium
14 | File | `/boat/login.php` | High
15 | File | `/bsms_ci/index.php/book` | High
16 | File | `/cgi-bin/luci/api/wireless` | High
17 | File | `/cgi-bin/wlogin.cgi` | High
18 | File | `/context/%2e/WEB-INF/web.xml` | High
19 | File | `/dashboard/reports/logs/view` | High
20 | File | `/debian/patches/load_ppp_generic_if_needed` | High
21 | File | `/debug/pprof` | Medium
22 | File | `/etc/hosts` | Medium
23 | File | `/forum/away.php` | High
24 | File | `/goform/setmac` | High
25 | File | `/goform/wizard_end` | High
26 | File | `/manage-apartment.php` | High
27 | File | `/medicines/profile.php` | High
28 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
29 | File | `/out.php` | Medium
30 | File | `/owa/auth/logon.aspx` | High
31 | File | `/pages/apply_vacancy.php` | High
32 | File | `/pet_shop/admin/?page=maintenance/manage_category` | High
33 | File | `/proc/<PID>/mem` | High
34 | File | `/proxy` | Low
35 | File | `/reservation/add_message.php` | High
36 | File | `/spip.php` | Medium
37 | File | `/tmp` | Low
38 | File | `/uncpath/` | Medium
39 | File | `/upload` | Low
40 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
41 | File | `/vendor/views/add_product.php` | High
42 | ... | ... | ...
1 | File | `/?p=products` | Medium
2 | File | `/about.php` | Medium
3 | File | `/admin.php/accessory/filesdel.html` | High
4 | File | `/admin/?page=user/manage` | High
5 | File | `/admin/add-new.php` | High
6 | File | `/admin/doctors.php` | High
7 | File | `/admin/submit-articles` | High
8 | File | `/ad_js.php` | Medium
9 | File | `/alphaware/summary.php` | High
10 | File | `/api/` | Low
11 | File | `/api/admin/store/product/list` | High
12 | File | `/api/stl/actions/search` | High
13 | File | `/api/v2/cli/commands` | High
14 | File | `/attachments` | Medium
15 | File | `/bin/ate` | Medium
16 | File | `/boat/login.php` | High
17 | File | `/bsms_ci/index.php/book` | High
18 | File | `/cgi-bin` | Medium
19 | File | `/cgi-bin/luci/api/wireless` | High
20 | File | `/cgi-bin/wlogin.cgi` | High
21 | File | `/context/%2e/WEB-INF/web.xml` | High
22 | File | `/dashboard/reports/logs/view` | High
23 | File | `/debian/patches/load_ppp_generic_if_needed` | High
24 | File | `/debug/pprof` | Medium
25 | File | `/DXR.axd` | Medium
26 | File | `/env` | Low
27 | File | `/etc/hosts` | Medium
28 | File | `/forum/away.php` | High
29 | File | `/goform/setmac` | High
30 | File | `/goform/wizard_end` | High
31 | File | `/manage-apartment.php` | High
32 | File | `/medicines/profile.php` | High
33 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
34 | File | `/out.php` | Medium
35 | File | `/owa/auth/logon.aspx` | High
36 | File | `/pages/apply_vacancy.php` | High
37 | File | `/pet_shop/admin/?page=maintenance/manage_category` | High
38 | File | `/php-sms/admin/?page=user/manage_user` | High
39 | File | `/proc/<PID>/mem` | High
40 | File | `/proxy` | Low
41 | File | `/reservation/add_message.php` | High
42 | File | `/spip.php` | Medium
43 | File | `/tmp` | Low
44 | File | `/uncpath/` | Medium
45 | ... | ... | ...
There are 360 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 392 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

76
actors/Brute Ratel C4/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [GB](https://vuldb.com/?country.gb)
* ...
There are 25 more country items available. Please use our online service to access the data.
There are 26 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -44,20 +44,21 @@ ID | IP address | Hostname | Campaign | Confidence
21 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
22 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
23 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
24 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
25 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
26 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
27 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
28 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
29 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
30 | [23.254.167.32](https://vuldb.com/?ip.23.254.167.32) | hwsrv-1075866.hostwindsdns.com | - | High
31 | [31.42.189.61](https://vuldb.com/?ip.31.42.189.61) | caponystmodo.live | - | High
32 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
33 | [34.195.122.225](https://vuldb.com/?ip.34.195.122.225) | ec2-34-195-122-225.compute-1.amazonaws.com | - | Medium
34 | [34.206.147.4](https://vuldb.com/?ip.34.206.147.4) | ec2-34-206-147-4.compute-1.amazonaws.com | - | Medium
35 | ... | ... | ... | ...
24 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
25 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
26 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
27 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
28 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
29 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
30 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
31 | [23.254.167.32](https://vuldb.com/?ip.23.254.167.32) | hwsrv-1075866.hostwindsdns.com | - | High
32 | [24.199.89.40](https://vuldb.com/?ip.24.199.89.40) | - | - | High
33 | [24.199.118.20](https://vuldb.com/?ip.24.199.118.20) | airy-fuse.autonode.net | - | High
34 | [31.42.189.61](https://vuldb.com/?ip.31.42.189.61) | caponystmodo.live | - | High
35 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
36 | ... | ... | ... | ...
There are 134 more IOC items available. Please use our online service to access the data.
There are 141 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -125,29 +126,24 @@ ID | Type | Indicator | Confidence
43 | File | `/uncpath/` | Medium
44 | File | `/uploads/exam_question/` | High
45 | File | `/user/updatePwd` | High
46 | File | `/user/update_booking.php` | High
47 | File | `/var/lib/docker/<remapping>` | High
48 | File | `/wireless/security.asp` | High
49 | File | `/wp-admin/admin-ajax.php` | High
50 | File | `01article.php` | High
51 | File | `a-forms.php` | Medium
52 | File | `AbstractScheduleJob.java` | High
53 | File | `actionphp/download.File.php` | High
54 | File | `activenews_view.asp` | High
55 | File | `adclick.php` | Medium
56 | File | `admin.a6mambocredits.php` | High
57 | File | `admin.cropcanvas.php` | High
58 | File | `admin.php` | Medium
59 | File | `admin/abc.php` | High
60 | File | `admin/admin.php?action=users&mode=info&user=2` | High
61 | File | `admin/admin/adminsave.html` | High
62 | File | `admin/asset/grid-proxy` | High
63 | File | `admin/auditTrail.jsf` | High
64 | File | `admin/conf_users_edit.php` | High
65 | File | `admin/disapprove_user.php` | High
66 | ... | ... | ...
46 | File | `/var/lib/docker/<remapping>` | High
47 | File | `/wireless/security.asp` | High
48 | File | `/wp-admin/admin-ajax.php` | High
49 | File | `01article.php` | High
50 | File | `a-forms.php` | Medium
51 | File | `AbstractScheduleJob.java` | High
52 | File | `actionphp/download.File.php` | High
53 | File | `activenews_view.asp` | High
54 | File | `adclick.php` | Medium
55 | File | `admin.a6mambocredits.php` | High
56 | File | `admin.cropcanvas.php` | High
57 | File | `admin.php` | Medium
58 | File | `admin/abc.php` | High
59 | File | `admin/admin.php?action=users&mode=info&user=2` | High
60 | File | `admin/admin/adminsave.html` | High
61 | ... | ... | ...
There are 574 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 536 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -170,10 +166,13 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/hosts/18.176.20.234
* https://search.censys.io/hosts/18.176.35.161
* https://search.censys.io/hosts/18.177.226.88
* https://search.censys.io/hosts/18.178.161.19
* https://search.censys.io/hosts/18.178.244.246
* https://search.censys.io/hosts/18.182.126.252
* https://search.censys.io/hosts/18.188.54.77
* https://search.censys.io/hosts/18.208.87.99
* https://search.censys.io/hosts/24.199.89.40
* https://search.censys.io/hosts/24.199.118.20
* https://search.censys.io/hosts/31.42.189.61
* https://search.censys.io/hosts/34.206.147.4
* https://search.censys.io/hosts/35.72.0.113
@ -187,6 +186,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/hosts/37.119.57.169
* https://search.censys.io/hosts/37.119.57.195
* https://search.censys.io/hosts/43.207.8.102
* https://search.censys.io/hosts/47.115.215.203
* https://search.censys.io/hosts/47.252.28.13
* https://search.censys.io/hosts/50.16.83.73
* https://search.censys.io/hosts/50.116.29.40
@ -202,6 +202,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/hosts/52.196.8.3
* https://search.censys.io/hosts/52.196.36.24
* https://search.censys.io/hosts/52.197.43.5
* https://search.censys.io/hosts/52.197.222.201
* https://search.censys.io/hosts/52.198.154.115
* https://search.censys.io/hosts/52.198.193.213
* https://search.censys.io/hosts/54.65.93.113
@ -218,8 +219,11 @@ The following list contains _external sources_ which discuss the actor and the a
* https://search.censys.io/hosts/54.249.158.59
* https://search.censys.io/hosts/54.249.216.44
* https://search.censys.io/hosts/64.226.109.199
* https://search.censys.io/hosts/74.234.98.215
* https://search.censys.io/hosts/74.235.81.74
* https://search.censys.io/hosts/82.84.39.65
* https://search.censys.io/hosts/87.121.221.22
* https://search.censys.io/hosts/94.102.49.64
* https://search.censys.io/hosts/94.198.97.58
* https://search.censys.io/hosts/103.25.188.178
* https://search.censys.io/hosts/104.168.117.105

4
actors/Butterfly/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [DE](https://vuldb.com/?country.de)
* ...
There are 14 more country items available. Please use our online service to access the data.
There are 15 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -69,7 +69,7 @@ ID | Type | Indicator | Confidence
19 | File | `admin/orion.extfeedbackform_efbf_forms.php` | High
20 | ... | ... | ...
There are 165 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 166 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

175
actors/Canada Unknown/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [GB](https://vuldb.com/?country.gb)
* ...
There are 18 more country items available. Please use our online service to access the data.
There are 13 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -4922,14 +4922,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28, CWE-36, CWE-425 | Pathname Traversal | High
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -4939,62 +4939,117 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `//WEB-INF` | Medium
2 | File | `/?p=products` | Medium
3 | File | `/about.php` | Medium
4 | File | `/admin.php/update/getFile.html` | High
5 | File | `/admin/cashadvance_row.php` | High
6 | File | `/admin/inquiries/view_inquiry.php` | High
7 | File | `/admin/maintenance/view_designation.php` | High
8 | File | `/admin/report/index.php` | High
9 | File | `/admin/userprofile.php` | High
10 | File | `/api/` | Low
11 | File | `/api/admin/store/product/list` | High
12 | File | `/api/stl/actions/search` | High
13 | File | `/api/v2/cli/commands` | High
14 | File | `/cgi-bin` | Medium
15 | File | `/cgi-bin/wapopen` | High
16 | File | `/cgi-bin/wlogin.cgi` | High
17 | File | `/classes/Master.php?f=delete_service` | High
18 | File | `/classes/Master.php?f=save_course` | High
19 | File | `/debug/pprof` | Medium
20 | File | `/E-mobile/App/System/File/downfile.php` | High
21 | File | `/Electron/download` | High
22 | File | `/feeds/post/publish` | High
23 | File | `/forum/away.php` | High
24 | File | `/inc/jquery/uploadify/uploadify.php` | High
25 | File | `/inc/topBarNav.php` | High
26 | File | `/index.php?app=main&func=passport&action=login` | High
27 | File | `/index.php?page=category_list` | High
28 | File | `/KK_LS9ReportingPortal/GetData` | High
29 | File | `/lan.asp` | Medium
30 | File | `/Moosikay/order.php` | High
31 | File | `/opac/Actions.php?a=login` | High
32 | File | `/PreviewHandler.ashx` | High
33 | File | `/proxy` | Low
34 | File | `/public/launchNewWindow.jsp` | High
35 | File | `/reservation/add_message.php` | High
36 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
37 | File | `/send_order.cgi?parameter=access_detect` | High
38 | File | `/spip.php` | Medium
39 | File | `/text/pdf/PdfReader.java` | High
40 | File | `/user/updatePwd` | High
41 | File | `/vaccinated/admin/maintenance/manage_location.php` | High
42 | File | `/wireless/security.asp` | High
43 | File | `/wp-admin/admin-ajax.php` | High
44 | File | `a-forms.php` | Medium
45 | File | `AcquisiAction.class.php` | High
46 | File | `activenews_view.asp` | High
47 | File | `adclick.php` | Medium
48 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
49 | File | `admin.a6mambocredits.php` | High
50 | File | `admin.cropcanvas.php` | High
51 | File | `admin.jcomments.php` | High
52 | File | `admin/?page=students/view_student` | High
53 | File | `admin/ajax/op_kandidat.php` | High
54 | File | `admin/asset/grid-proxy` | High
55 | File | `admin/auditTrail.jsf` | High
56 | ... | ... | ...
3 | File | `/?r=email/api/mark&op=delFromSend` | High
4 | File | `/?r=report/api/getlist` | High
5 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
6 | File | `/admin/?page=product/manage_product&id=2` | High
7 | File | `/admin/?page=reminders/view_reminder` | High
8 | File | `/admin/?page=system_info` | High
9 | File | `/admin/?page=user` | High
10 | File | `/admin/?page=user/list` | High
11 | File | `/admin/?page=user/manage` | High
12 | File | `/admin/add-new.php` | High
13 | File | `/admin/admin.php` | High
14 | File | `/admin/ajax.php?action=save_area` | High
15 | File | `/admin/assign/assign.php` | High
16 | File | `/admin/attendance_row.php` | High
17 | File | `/admin/ballot_down.php` | High
18 | File | `/admin/ballot_up.php` | High
19 | File | `/admin/bookings/manage_booking.php` | High
20 | File | `/admin/bookings/view_booking.php` | High
21 | File | `/admin/bookings/view_details.php` | High
22 | File | `/admin/budget/manage_budget.php` | High
23 | File | `/admin/candidates_row.php` | High
24 | File | `/admin/cashadvance_row.php` | High
25 | File | `/admin/categories/manage_category.php` | High
26 | File | `/admin/categories/view_category.php` | High
27 | File | `/admin/config_save.php` | High
28 | File | `/admin/contacts/organizations/edit/2` | High
29 | File | `/admin/curriculum/view_curriculum.php` | High
30 | File | `/admin/deduction_row.php` | High
31 | File | `/admin/departments/view_department.php` | High
32 | File | `/admin/doctors.php` | High
33 | File | `/admin/edit-doc.php` | High
34 | File | `/admin/edit_subject.php` | High
35 | File | `/admin/employee_add.php` | High
36 | File | `/admin/employee_edit.php` | High
37 | File | `/admin/employee_row.php` | High
38 | File | `/admin/forgot-password.php` | High
39 | File | `/admin/getallarticleinfo` | High
40 | File | `/admin/index.php` | High
41 | File | `/admin/index3.php` | High
42 | File | `/admin/info_deal.php` | High
43 | File | `/admin/inquiries/view_inquiry.php` | High
44 | File | `/admin/inventory/manage_stock.php` | High
45 | File | `/admin/login.php` | High
46 | File | `/admin/maintenance/view_designation.php` | High
47 | File | `/admin/manage_academic.php` | High
48 | File | `/admin/offenses/view_details.php` | High
49 | File | `/admin/orders/update_status.php` | High
50 | File | `/admin/patient.php` | High
51 | File | `/admin/positions_add.php` | High
52 | File | `/admin/positions_delete.php` | High
53 | File | `/admin/positions_row.php` | High
54 | File | `/admin/products/index.php` | High
55 | File | `/admin/products/manage_product.php` | High
56 | File | `/admin/products/view_product.php` | High
57 | File | `/admin/reminders/manage_reminder.php` | High
58 | File | `/admin/robot/approval/list` | High
59 | File | `/admin/sales/manage_sale.php` | High
60 | File | `/admin/sales/view_details.php` | High
61 | File | `/admin/save_teacher.php` | High
62 | File | `/admin/service.php` | High
63 | File | `/admin/services/manage_service.php` | High
64 | File | `/admin/services/view_service.php` | High
65 | File | `/admin/students/view_details.php` | High
66 | File | `/admin/suppliers/view_details.php` | High
67 | File | `/admin/upload` | High
68 | File | `/admin/user/manage_user.php` | High
69 | File | `/admin/userprofile.php` | High
70 | File | `/admin/voters_row.php` | High
71 | File | `/admin_system/api.php` | High
72 | File | `/adms/admin/?page=user/manage_user` | High
73 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
74 | File | `/adms/admin/?page=vehicles/view_transaction` | High
75 | File | `/adms/classes/Users.php` | High
76 | File | `/ajax.php?action=read_msg` | High
77 | File | `/ajax.php?action=save_company` | High
78 | File | `/alphaware/summary.php` | High
79 | File | `/analysisProject/pagingQueryData` | High
80 | File | `/api/admin/store/product/list` | High
81 | File | `/api/admin/system/store/order/list` | High
82 | File | `/api/stl/actions/search` | High
83 | File | `/APR/signup.php` | High
84 | File | `/author/list?limit=10&offset=0&order=desc` | High
85 | File | `/bin/ate` | Medium
86 | File | `/boafrm/formFilter` | High
87 | File | `/boat/login.php` | High
88 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
89 | File | `/cas/logout` | Medium
90 | File | `/category/list?limit=10&offset=0&order=desc` | High
91 | File | `/cgi-bin/mainfunction.cgi` | High
92 | File | `/cgi-bin/ping.cgi` | High
93 | File | `/classes/Master.php` | High
94 | File | `/classes/Master.php?f=delete_category` | High
95 | File | `/classes/Master.php?f=delete_inquiry` | High
96 | File | `/classes/master.php?f=delete_order` | High
97 | File | `/classes/Master.php?f=save_brand` | High
98 | File | `/classes/Master.php?f=save_service` | High
99 | File | `/classes/Master.php?f=save_sub_category` | High
100 | File | `/classes/Users.php` | High
101 | File | `/classes/Users.phpp` | High
102 | File | `/common/sysFile/list` | High
103 | File | `/config/myfield/test.php` | High
104 | File | `/dayrui/Fcms/View/system_log.html` | High
105 | File | `/dayrui/My/Config/Install.txt` | High
106 | File | `/dayrui/My/View/main.html` | High
107 | File | `/dosen/data` | Medium
108 | File | `/E-mobile/App/System/File/downfile.php` | High
109 | File | `/ecommerce/admin/category/controller.php` | High
110 | File | `/ecommerce/admin/settings/setDiscount.php` | High
111 | ... | ... | ...
There are 492 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 982 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

88
actors/Chimera/README.md
View File

@ -33,13 +33,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-37 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 20 more TTP items available. Please use our online service to access the data.
There are 21 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -47,50 +47,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/.env` | Low
2 | File | `//proc/kcore` | Medium
3 | File | `/?p=products` | Medium
4 | File | `/action/wirelessConnect` | High
5 | File | `/admin` | Low
6 | File | `/admin-ajax.php?action=eps_redirect_save` | High
7 | File | `/admin/assign/assign.php` | High
8 | File | `/admin/cashadvance_row.php` | High
9 | File | `/admin/curriculum/view_curriculum.php` | High
10 | File | `/admin/departments/view_department.php` | High
11 | File | `/admin/login.php` | High
12 | File | `/admin/maintenance/view_designation.php` | High
13 | File | `/admin/patient.php` | High
14 | File | `/admin/suppliers/view_details.php` | High
15 | File | `/admin/user/manage_user.php` | High
16 | File | `/admin/user/uploadImg` | High
17 | File | `/api/admin/store/product/list` | High
18 | File | `/as/authorization.oauth2` | High
19 | File | `/cgi-bin/kerbynet` | High
20 | File | `/cgi-bin/luci/api/auth` | High
21 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
1 | File | `//proc/kcore` | Medium
2 | File | `/?p=products` | Medium
3 | File | `/action/wirelessConnect` | High
4 | File | `/admin-ajax.php?action=eps_redirect_save` | High
5 | File | `/admin/assign/assign.php` | High
6 | File | `/admin/cashadvance_row.php` | High
7 | File | `/admin/contacts/organizations/edit/2` | High
8 | File | `/admin/curriculum/view_curriculum.php` | High
9 | File | `/admin/departments/view_department.php` | High
10 | File | `/admin/login.php` | High
11 | File | `/admin/maintenance/view_designation.php` | High
12 | File | `/admin/suppliers/view_details.php` | High
13 | File | `/admin/user/manage_user.php` | High
14 | File | `/admin/user/uploadImg` | High
15 | File | `/api/admin/store/product/list` | High
16 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
17 | File | `/authenticationendpoint/login.do` | High
18 | File | `/bin/login` | Medium
19 | File | `/cgi-bin/cstecgi.cgi` | High
20 | File | `/cgi-bin/kerbynet` | High
21 | File | `/cgi-bin/luci` | High
22 | File | `/cgi-bin/wlogin.cgi` | High
23 | File | `/churchcrm/EventAttendance.php` | High
24 | File | `/classes/Master.php` | High
25 | File | `/classes/Master.php?f=delete_item` | High
26 | File | `/config/getuser` | High
27 | File | `/Content/Template/root/reverse-shell.aspx` | High
28 | File | `/DXR.axd` | Medium
29 | File | `/filemanager/php/connector.php` | High
30 | File | `/forms/doLogin` | High
31 | File | `/forum/away.php` | High
32 | File | `/licenses` | Medium
23 | File | `/classes/Master.php` | High
24 | File | `/classes/Master.php?f=delete_item` | High
25 | File | `/config/getuser` | High
26 | File | `/Content/Template/root/reverse-shell.aspx` | High
27 | File | `/forms/doLogin` | High
28 | File | `/forum/away.php` | High
29 | File | `/HNAP1` | Low
30 | File | `/lan.asp` | Medium
31 | File | `/licenses` | Medium
32 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
33 | File | `/login/index.php` | High
34 | File | `/mhds/clinic/view_details.php` | High
35 | File | `/mims/login.php` | High
36 | File | `/modules/projects/vw_files.php` | High
37 | File | `/plain` | Low
38 | File | `/public/launchNewWindow.jsp` | High
39 | File | `/qsr_server/device/reboot` | High
40 | File | `/rukovoditel/index.php?module=users/login` | High
41 | File | `/spip.php` | Medium
42 | ... | ... | ...
34 | File | `/mc` | Low
35 | File | `/menu.html` | Medium
36 | File | `/mims/login.php` | High
37 | File | `/out.php` | Medium
38 | File | `/php-inventory-management-system/product.php` | High
39 | File | `/public/launchNewWindow.jsp` | High
40 | ... | ... | ...
There are 366 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 342 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

7354
actors/Cobalt Strike/README.md
View File

File diff suppressed because it is too large Load Diff

120
actors/CoinMiner/README.md
View File

@ -21,23 +21,24 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.196.13.29](https://vuldb.com/?ip.5.196.13.29) | 29.ip-5-196-13.eu | - | High
2 | [5.196.23.240](https://vuldb.com/?ip.5.196.23.240) | 240.ip-5-196-23.eu | - | High
3 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
4 | [18.210.126.40](https://vuldb.com/?ip.18.210.126.40) | ec2-18-210-126-40.compute-1.amazonaws.com | - | Medium
5 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
6 | [23.21.76.253](https://vuldb.com/?ip.23.21.76.253) | ec2-23-21-76-253.compute-1.amazonaws.com | - | Medium
7 | [23.21.126.66](https://vuldb.com/?ip.23.21.126.66) | ec2-23-21-126-66.compute-1.amazonaws.com | - | Medium
8 | [23.21.140.41](https://vuldb.com/?ip.23.21.140.41) | ec2-23-21-140-41.compute-1.amazonaws.com | - | Medium
9 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
10 | [49.12.80.38](https://vuldb.com/?ip.49.12.80.38) | static.38.80.12.49.clients.your-server.de | - | High
11 | [49.12.80.40](https://vuldb.com/?ip.49.12.80.40) | static.40.80.12.49.clients.your-server.de | - | High
12 | [50.19.96.218](https://vuldb.com/?ip.50.19.96.218) | ec2-50-19-96-218.compute-1.amazonaws.com | - | Medium
13 | [50.19.252.36](https://vuldb.com/?ip.50.19.252.36) | ec2-50-19-252-36.compute-1.amazonaws.com | - | Medium
14 | [51.15.54.102](https://vuldb.com/?ip.51.15.54.102) | 102-54-15-51.instances.scw.cloud | - | High
15 | ... | ... | ... | ...
1 | [4.4.0.0](https://vuldb.com/?ip.4.4.0.0) | - | - | High
2 | [5.196.13.29](https://vuldb.com/?ip.5.196.13.29) | 29.ip-5-196-13.eu | - | High
3 | [5.196.23.240](https://vuldb.com/?ip.5.196.23.240) | 240.ip-5-196-23.eu | - | High
4 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
5 | [18.210.126.40](https://vuldb.com/?ip.18.210.126.40) | ec2-18-210-126-40.compute-1.amazonaws.com | - | Medium
6 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
7 | [23.21.76.253](https://vuldb.com/?ip.23.21.76.253) | ec2-23-21-76-253.compute-1.amazonaws.com | - | Medium
8 | [23.21.126.66](https://vuldb.com/?ip.23.21.126.66) | ec2-23-21-126-66.compute-1.amazonaws.com | - | Medium
9 | [23.21.140.41](https://vuldb.com/?ip.23.21.140.41) | ec2-23-21-140-41.compute-1.amazonaws.com | - | Medium
10 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
11 | [49.12.80.38](https://vuldb.com/?ip.49.12.80.38) | static.38.80.12.49.clients.your-server.de | - | High
12 | [49.12.80.40](https://vuldb.com/?ip.49.12.80.40) | static.40.80.12.49.clients.your-server.de | - | High
13 | [50.19.96.218](https://vuldb.com/?ip.50.19.96.218) | ec2-50-19-96-218.compute-1.amazonaws.com | - | Medium
14 | [50.19.252.36](https://vuldb.com/?ip.50.19.252.36) | ec2-50-19-252-36.compute-1.amazonaws.com | - | Medium
15 | [51.15.54.102](https://vuldb.com/?ip.51.15.54.102) | 102-54-15-51.instances.scw.cloud | - | High
16 | ... | ... | ... | ...
There are 56 more IOC items available. Please use our online service to access the data.
There are 58 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -62,50 +63,49 @@ ID | Type | Indicator | Confidence
1 | File | `.imwheelrc` | Medium
2 | File | `.plan` | Low
3 | File | `.tin` | Low
4 | File | `/cgi-bin/editBookmark` | High
5 | File | `/cgi-bin/luci;stok=/locale` | High
6 | File | `/classes/Login.php` | High
7 | File | `/configs/application.ini` | High
8 | File | `/goform/setPicListItem` | High
9 | File | `/home/cavesConsole` | High
10 | File | `/home/kickPlayer` | High
11 | File | `/home/masterConsole` | High
12 | File | `/home/sendBroadcast` | High
13 | File | `/rapi/read_url` | High
14 | File | `/services/Card/findUser` | High
15 | File | `/spacecom/login.php` | High
16 | File | `/sys/dict/queryTableData` | High
17 | File | `/ucenter/active.php` | High
18 | File | `/uncpath/` | Medium
19 | File | `/user/updatePwd` | High
20 | File | `/xampp/guestbook-en.pl` | High
21 | File | `/zm/index.php` | High
22 | File | `123flashchat.php` | High
23 | File | `abook_database.php` | High
24 | File | `action.php` | Medium
25 | File | `admin.php` | Medium
26 | File | `admin/admin_process.php` | High
27 | File | `admin/profile_settings_net.html` | High
28 | File | `admin/vqmods.app/vqmods.inc.php` | High
29 | File | `af.cgi/alienform.cgi` | High
30 | File | `afd.sys` | Low
31 | File | `ajax.php` | Medium
32 | File | `akocomment.php` | High
33 | File | `app/routes/research.js` | High
34 | File | `article.php` | Medium
35 | File | `aviso.php` | Medium
36 | File | `awredir.pl` | Medium
37 | File | `bitmap/bdfread.c` | High
38 | File | `blocks.php` | Medium
39 | File | `blog.cgi` | Medium
40 | File | `bluewrench-video-widget.php` | High
41 | File | `browse.php` | Medium
42 | File | `carsdetail.asp` | High
43 | File | `cartman.php` | Medium
44 | File | `categories.php` | High
45 | ... | ... | ...
4 | File | `/admin/read.php?mudi=announContent` | High
5 | File | `/cgi-bin/editBookmark` | High
6 | File | `/cgi-bin/luci;stok=/locale` | High
7 | File | `/classes/Login.php` | High
8 | File | `/configs/application.ini` | High
9 | File | `/goform/setPicListItem` | High
10 | File | `/home/cavesConsole` | High
11 | File | `/home/kickPlayer` | High
12 | File | `/home/masterConsole` | High
13 | File | `/home/sendBroadcast` | High
14 | File | `/rapi/read_url` | High
15 | File | `/services/Card/findUser` | High
16 | File | `/spacecom/login.php` | High
17 | File | `/sys/dict/queryTableData` | High
18 | File | `/Taier/API/tenant/listTenant` | High
19 | File | `/ucenter/active.php` | High
20 | File | `/uncpath/` | Medium
21 | File | `/user/updatePwd` | High
22 | File | `/xampp/guestbook-en.pl` | High
23 | File | `/zm/index.php` | High
24 | File | `123flashchat.php` | High
25 | File | `abook_database.php` | High
26 | File | `action.php` | Medium
27 | File | `admin.php` | Medium
28 | File | `admin/admin_process.php` | High
29 | File | `admin/profile_settings_net.html` | High
30 | File | `admin/vqmods.app/vqmods.inc.php` | High
31 | File | `af.cgi/alienform.cgi` | High
32 | File | `afd.sys` | Low
33 | File | `akocomment.php` | High
34 | File | `app/routes/research.js` | High
35 | File | `article.php` | Medium
36 | File | `aviso.php` | Medium
37 | File | `awredir.pl` | Medium
38 | File | `bitmap/bdfread.c` | High
39 | File | `blocks.php` | Medium
40 | File | `blog.cgi` | Medium
41 | File | `bluewrench-video-widget.php` | High
42 | File | `browse.php` | Medium
43 | File | `carsdetail.asp` | High
44 | ... | ... | ...
There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -121,9 +121,11 @@ The following list contains _external sources_ which discuss the actor and the a
* https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
* https://blog.talosintelligence.com/2021/06/threat-roundup-0617-0624.html
* https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
* https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
* https://isc.sans.edu/forums/diary/CoinMiners+searching+for+hosts/24364/
* https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/ https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/
* https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/
* https://tria.ge/220416-dv7casgchn
* https://www.trendmicro.com/en_us/research/22/i/a-post-exploitation-look-at-coinminers-abusing-weblogic-vulnerab.html
## Literature

62
actors/Criakl/README.md Normal file
View File

@ -0,0 +1,62 @@
# Criakl - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Criakl](https://vuldb.com/?actor.criakl). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.criakl](https://vuldb.com/?actor.criakl)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Criakl:
* [RU](https://vuldb.com/?country.ru)
* [JO](https://vuldb.com/?country.jo)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Criakl.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [1.5.1.0](https://vuldb.com/?ip.1.5.1.0) | - | - | High
2 | [5.101.152.37](https://vuldb.com/?ip.5.101.152.37) | m2.maru.beget.com | - | High
3 | [79.143.28.242](https://vuldb.com/?ip.79.143.28.242) | - | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Criakl_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059.007 | CWE-80 | Cross Site Scripting | High
2 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
3 | T1505 | CWE-89 | SQL Injection | High
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Criakl. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `directory.php` | High
2 | File | `user_profile.asp` | High
3 | Argument | `cat_id` | Low
4 | ... | ... | ...
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

68
actors/DDG v3014/README.md Normal file
View File

@ -0,0 +1,68 @@
# DDG v3014 - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DDG v3014](https://vuldb.com/?actor.ddg_v3014). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ddg_v3014](https://vuldb.com/?actor.ddg_v3014)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DDG v3014:
* [FR](https://vuldb.com/?country.fr)
* [US](https://vuldb.com/?country.us)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of DDG v3014.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [1.125.125.5](https://vuldb.com/?ip.1.125.125.5) | - | - | High
2 | [47.95.200.188](https://vuldb.com/?ip.47.95.200.188) | - | - | High
3 | [59.2.77.151](https://vuldb.com/?ip.59.2.77.151) | - | - | High
4 | ... | ... | ... | ...
There are 1 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _DDG v3014_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1059 | CWE-94 | Cross Site Scripting | High
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 5 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by DDG v3014. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `aspx` | Low
2 | File | `coders/png.c` | Medium
3 | File | `libtransmission/variant.c` | High
4 | ... | ... | ...
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

5
actors/DEV-1084/README.md
View File

@ -53,9 +53,10 @@ ID | Type | Indicator | Confidence
4 | File | `avahi-core/socket.c` | High
5 | File | `block/bfq-iosched.c` | High
6 | File | `chat.php` | Medium
7 | ... | ... | ...
7 | File | `Crypt32.dll` | Medium
8 | ... | ... | ...
There are 51 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 52 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

7
actors/Darkode/README.md
View File

@ -35,7 +35,7 @@ ID | Technique | Weakness | Description | Confidence
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 14 more TTP items available. Please use our online service to access the data.
There are 15 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -56,9 +56,10 @@ ID | Type | Indicator | Confidence
11 | File | `adminCons.php` | High
12 | File | `ajax_list_accounts.php` | High
13 | File | `auth-options.c` | High
14 | ... | ... | ...
14 | File | `cdf.c` | Low
15 | ... | ... | ...
There are 112 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

2
actors/Dridex/README.md
View File

@ -273,7 +273,7 @@ ID | Type | Indicator | Confidence
36 | File | `/uncpath/` | Medium
37 | ... | ... | ...
There are 315 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

31
actors/Emptiness/README.md Normal file
View File

@ -0,0 +1,31 @@
# Emptiness - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Emptiness](https://vuldb.com/?actor.emptiness). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.emptiness](https://vuldb.com/?actor.emptiness)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Emptiness.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [1.125.125.5](https://vuldb.com/?ip.1.125.125.5) | - | - | High
2 | [34.80.131.135](https://vuldb.com/?ip.34.80.131.135) | 135.131.80.34.bc.googleusercontent.com | - | Medium
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://blog.netlab.360.com/emptiness-a-new-evolving-botnet/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

73
actors/FAKEUPDATES/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [TR](https://vuldb.com/?country.tr)
* ...
There are 8 more country items available. Please use our online service to access the data.
There are 10 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -21,12 +21,15 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.79.66.123](https://vuldb.com/?ip.5.79.66.123) | - | - | High
2 | [35.176.231.198](https://vuldb.com/?ip.35.176.231.198) | ec2-35-176-231-198.eu-west-2.compute.amazonaws.com | - | Medium
3 | [45.130.201.23](https://vuldb.com/?ip.45.130.201.23) | - | - | High
4 | ... | ... | ... | ...
1 | [5.79.66.100](https://vuldb.com/?ip.5.79.66.100) | - | - | High
2 | [5.79.66.123](https://vuldb.com/?ip.5.79.66.123) | - | - | High
3 | [35.176.231.198](https://vuldb.com/?ip.35.176.231.198) | ec2-35-176-231-198.eu-west-2.compute.amazonaws.com | - | Medium
4 | [45.77.195.105](https://vuldb.com/?ip.45.77.195.105) | 45.77.195.105.vultrusercontent.com | - | High
5 | [45.90.57.160](https://vuldb.com/?ip.45.90.57.160) | khalasar.omega.spb.ru | - | High
6 | [45.130.201.23](https://vuldb.com/?ip.45.130.201.23) | - | - | High
7 | ... | ... | ... | ...
There are 12 more IOC items available. Please use our online service to access the data.
There are 22 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -35,7 +38,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
@ -53,38 +56,44 @@ ID | Type | Indicator | Confidence
2 | File | `/admin.php/Admin/adminadd.html` | High
3 | File | `/Admin/add-student.php` | High
4 | File | `/admin/orders/update_status.php` | High
5 | File | `/admin/settings/save.php` | High
6 | File | `/admin/userprofile.php` | High
7 | File | `/apply.cgi` | Medium
8 | File | `/cgi-bin/wlogin.cgi` | High
9 | File | `/College/admin/teacher.php` | High
10 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
11 | File | `/dcim/rack-roles/` | High
12 | File | `/forum/away.php` | High
13 | File | `/getcfg.php` | Medium
14 | File | `/goform/addUserName` | High
15 | File | `/goform/aspForm` | High
16 | File | `/goform/delAd` | High
17 | File | `/goform/wifiSSIDset` | High
18 | File | `/gpac/src/bifs/unquantize.c` | High
19 | File | `/inc/topBarNav.php` | High
20 | File | `/index.asp` | Medium
21 | File | `/jfinal_cms/system/role/list` | High
22 | File | `/kelas/data` | Medium
23 | File | `/Moosikay/order.php` | High
24 | File | `/php-sms/admin/quotes/manage_remark.php` | High
25 | File | `/secure/QueryComponent!Default.jspa` | High
26 | File | `/uncpath/` | Medium
27 | File | `/webman/info.cgi` | High
28 | ... | ... | ...
5 | File | `/admin/profile/save_profile` | High
6 | File | `/admin/settings/save.php` | High
7 | File | `/admin/userprofile.php` | High
8 | File | `/apply.cgi` | Medium
9 | File | `/catalog/admin/categories.php?cPath=&action=new_product` | High
10 | File | `/cgi-bin/wlogin.cgi` | High
11 | File | `/College/admin/teacher.php` | High
12 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
13 | File | `/dcim/rack-roles/` | High
14 | File | `/forum/away.php` | High
15 | File | `/getcfg.php` | Medium
16 | File | `/goform/addUserName` | High
17 | File | `/goform/aspForm` | High
18 | File | `/goform/delAd` | High
19 | File | `/goform/wifiSSIDset` | High
20 | File | `/gpac/src/bifs/unquantize.c` | High
21 | File | `/inc/topBarNav.php` | High
22 | File | `/index.asp` | Medium
23 | File | `/jfinal_cms/system/role/list` | High
24 | File | `/kelas/data` | Medium
25 | File | `/Moosikay/order.php` | High
26 | File | `/out.php` | Medium
27 | File | `/paysystem/datatable.php` | High
28 | File | `/php-sms/admin/quotes/manage_remark.php` | High
29 | File | `/product_list.php` | High
30 | File | `/secure/QueryComponent!Default.jspa` | High
31 | File | `/server/ajax/events_manager.php` | High
32 | File | `/server/ajax/user_manager.php` | High
33 | ... | ... | ...
There are 239 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 285 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://infosec.exchange/@monitorsg/110542478917794644
* https://infosec.exchange/@monitorsg/110594616696514472
* https://infosec.exchange/@rmceoin/110424143980661661
* https://infosec.exchange/@rmceoin/110475220406813517
* https://infosec.exchange/@rmceoin/110492844885251537

57
actors/FIN7/README.md
View File

@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [RU](https://vuldb.com/?country.ru)
* ...
There are 15 more country items available. Please use our online service to access the data.
There are 16 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -141,37 +141,38 @@ ID | Type | Indicator | Confidence
28 | File | `/cgi-bin/wapopen` | High
29 | File | `/cgi-bin/wlogin.cgi` | High
30 | File | `/debug/pprof` | Medium
31 | File | `/dev/block/mmcblk0rpmb` | High
32 | File | `/env` | Low
33 | File | `/feeds/post/publish` | High
34 | File | `/forum/away.php` | High
35 | File | `/fos/admin/ajax.php?action=login` | High
36 | File | `/fos/admin/index.php?page=menu` | High
37 | File | `/home/masterConsole` | High
38 | File | `/home/sendBroadcast` | High
39 | File | `/inc/jquery/uploadify/uploadify.php` | High
40 | File | `/index.php?app=main&func=passport&action=login` | High
41 | File | `/index.php?page=category_list` | High
42 | File | `/jobinfo/` | Medium
43 | File | `/medicines/profile.php` | High
44 | File | `/Moosikay/order.php` | High
45 | File | `/mygym/admin/index.php?view_exercises` | High
46 | File | `/opac/Actions.php?a=login` | High
47 | File | `/php-opos/index.php` | High
48 | File | `/php-sms/admin/?page=user/manage_user` | High
49 | File | `/PreviewHandler.ashx` | High
50 | File | `/public/launchNewWindow.jsp` | High
51 | File | `/reservation/add_message.php` | High
52 | File | `/secure/QueryComponent!Default.jspa` | High
53 | File | `/Session` | Medium
54 | File | `/spip.php` | Medium
55 | File | `/uncpath/` | Medium
31 | File | `/env` | Low
32 | File | `/feeds/post/publish` | High
33 | File | `/forum/away.php` | High
34 | File | `/fos/admin/ajax.php?action=login` | High
35 | File | `/fos/admin/index.php?page=menu` | High
36 | File | `/home/masterConsole` | High
37 | File | `/home/sendBroadcast` | High
38 | File | `/inc/jquery/uploadify/uploadify.php` | High
39 | File | `/index.php?app=main&func=passport&action=login` | High
40 | File | `/index.php?page=category_list` | High
41 | File | `/jobinfo/` | Medium
42 | File | `/medicines/profile.php` | High
43 | File | `/Moosikay/order.php` | High
44 | File | `/mygym/admin/index.php?view_exercises` | High
45 | File | `/opac/Actions.php?a=login` | High
46 | File | `/php-opos/index.php` | High
47 | File | `/php-sms/admin/?page=user/manage_user` | High
48 | File | `/PreviewHandler.ashx` | High
49 | File | `/public/launchNewWindow.jsp` | High
50 | File | `/reservation/add_message.php` | High
51 | File | `/secure/QueryComponent!Default.jspa` | High
52 | File | `/Session` | Medium
53 | File | `/spip.php` | Medium
54 | File | `/uncpath/` | Medium
55 | File | `/uploads/exam_question/` | High
56 | File | `/user/updatePwd` | High
57 | File | `/var/lib/docker/<remapping>` | High
58 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
59 | ... | ... | ...
59 | File | `/video-sharing-script/watch-video.php` | High
60 | ... | ... | ...
There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 529 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

85
actors/FIN8/README.md
View File

@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [ES](https://vuldb.com/?country.es)
* ...
There are 14 more country items available. Please use our online service to access the data.
There are 15 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -47,7 +47,7 @@ ID | Technique | Weakness | Description | Confidence
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
There are 19 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -55,46 +55,49 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/about.php` | Medium
2 | File | `/admin.php/accessory/filesdel.html` | High
3 | File | `/admin/?page=user/manage` | High
4 | File | `/admin/add-new.php` | High
5 | File | `/admin/doctors.php` | High
6 | File | `/admin/submit-articles` | High
7 | File | `/ad_js.php` | Medium
8 | File | `/alphaware/summary.php` | High
9 | File | `/api/` | Low
10 | File | `/api/admin/store/product/list` | High
11 | File | `/api/v2/cli/commands` | High
12 | File | `/app/options.py` | High
13 | File | `/attachments` | Medium
14 | File | `/boat/login.php` | High
15 | File | `/bsms_ci/index.php/book` | High
16 | File | `/cgi-bin/luci/api/wireless` | High
17 | File | `/cgi-bin/wlogin.cgi` | High
18 | File | `/context/%2e/WEB-INF/web.xml` | High
19 | File | `/dashboard/reports/logs/view` | High
20 | File | `/debian/patches/load_ppp_generic_if_needed` | High
21 | File | `/debug/pprof` | Medium
22 | File | `/etc/hosts` | Medium
23 | File | `/forum/away.php` | High
24 | File | `/goform/setmac` | High
25 | File | `/goform/wizard_end` | High
26 | File | `/manage-apartment.php` | High
27 | File | `/medicines/profile.php` | High
28 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
29 | File | `/pages/apply_vacancy.php` | High
30 | File | `/proc/<PID>/mem` | High
31 | File | `/proxy` | Low
32 | File | `/reservation/add_message.php` | High
33 | File | `/spip.php` | Medium
34 | File | `/tmp` | Low
35 | File | `/train_scheduler_app/?action=delete` | High
36 | File | `/uncpath/` | Medium
37 | File | `/upload` | Low
38 | ... | ... | ...
1 | File | `/?p=products` | Medium
2 | File | `/about.php` | Medium
3 | File | `/admin.php/accessory/filesdel.html` | High
4 | File | `/admin/?page=user/manage` | High
5 | File | `/admin/add-new.php` | High
6 | File | `/admin/doctors.php` | High
7 | File | `/admin/submit-articles` | High
8 | File | `/ad_js.php` | Medium
9 | File | `/alphaware/summary.php` | High
10 | File | `/api/` | Low
11 | File | `/api/admin/store/product/list` | High
12 | File | `/api/stl/actions/search` | High
13 | File | `/api/v2/cli/commands` | High
14 | File | `/app/options.py` | High
15 | File | `/attachments` | Medium
16 | File | `/bin/ate` | Medium
17 | File | `/boat/login.php` | High
18 | File | `/bsms_ci/index.php/book` | High
19 | File | `/cgi-bin` | Medium
20 | File | `/cgi-bin/luci/api/wireless` | High
21 | File | `/cgi-bin/wlogin.cgi` | High
22 | File | `/context/%2e/WEB-INF/web.xml` | High
23 | File | `/dashboard/reports/logs/view` | High
24 | File | `/debian/patches/load_ppp_generic_if_needed` | High
25 | File | `/debug/pprof` | Medium
26 | File | `/env` | Low
27 | File | `/etc/hosts` | Medium
28 | File | `/forum/away.php` | High
29 | File | `/goform/setmac` | High
30 | File | `/goform/wizard_end` | High
31 | File | `/manage-apartment.php` | High
32 | File | `/medicines/profile.php` | High
33 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
34 | File | `/pages/apply_vacancy.php` | High
35 | File | `/php-sms/admin/?page=user/manage_user` | High
36 | File | `/proc/<PID>/mem` | High
37 | File | `/proxy` | Low
38 | File | `/reservation/add_message.php` | High
39 | File | `/spip.php` | Medium
40 | File | `/tmp` | Low
41 | ... | ... | ...
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

65
actors/Fallout EK/README.md Normal file
View File

@ -0,0 +1,65 @@
# Fallout EK - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Fallout EK](https://vuldb.com/?actor.fallout_ek). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.fallout_ek](https://vuldb.com/?actor.fallout_ek)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Fallout EK:
* [US](https://vuldb.com/?country.us)
* [IR](https://vuldb.com/?country.ir)
* [RU](https://vuldb.com/?country.ru)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Fallout EK.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [51.15.35.154](https://vuldb.com/?ip.51.15.35.154) | 154-35-15-51.instances.scw.cloud | - | High
2 | [185.56.233.186](https://vuldb.com/?ip.185.56.233.186) | traito.tivill.com | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Fallout EK_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
2 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
3 | T1592 | CWE-200 | Configuration | High
4 | ... | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Fallout EK. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `admin/config/confmgr.php` | High
2 | File | `cgi-bin/hotspotlogin.cgi` | High
3 | File | `mod_authz_svn/mod_authz_svn.c` | High
4 | ... | ... | ...
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://blog.malwarebytes.com/threat-analysis/2019/01/improved-fallout-ek-comes-back-after-short-hiatus/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

80
actors/FritzFrog/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [VN](https://vuldb.com/?country.vn)
* [CN](https://vuldb.com/?country.cn)
* [ES](https://vuldb.com/?country.es)
* [US](https://vuldb.com/?country.us)
* ...
There are 14 more country items available. Please use our online service to access the data.
There are 13 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -328,14 +328,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23, CWE-29, CWE-50 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-50 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-274, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
6 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -344,43 +344,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.FBCIndex` | Medium
2 | File | `//WEB-INF` | Medium
3 | File | `/about.php` | Medium
4 | File | `/admin/contacts/organizations/edit/2` | High
5 | File | `/api/login` | Medium
2 | File | `/admin/contacts/organizations/edit/2` | High
3 | File | `/api/geojson` | Medium
4 | File | `/api/login` | Medium
5 | File | `/api/upload.php` | High
6 | File | `/application/common.php#action_log` | High
7 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
8 | File | `/authenticationendpoint/login.do` | High
9 | File | `/bin/ate` | Medium
10 | File | `/bin/login` | Medium
11 | File | `/bitrix/admin/ldap_server_edit.php` | High
12 | File | `/cas/logout` | Medium
13 | File | `/cgi-bin/wlogin.cgi` | High
14 | File | `/classes/Master.php?f=delete_category` | High
15 | File | `/classes/Master.php?f=save_service` | High
16 | File | `/data/remove` | Medium
17 | File | `/databases/database/list` | High
7 | File | `/Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML` | High
8 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
9 | File | `/authenticationendpoint/login.do` | High
10 | File | `/bin/ate` | Medium
11 | File | `/bin/login` | Medium
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
13 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
14 | File | `/cgi-bin/luci` | High
15 | File | `/cgi-bin/wlogin.cgi` | High
16 | File | `/classes/Master.php?f=delete_category` | High
17 | File | `/classes/Users.php?f=save` | High
18 | File | `/debug/pprof` | Medium
19 | File | `/DXR.axd` | Medium
20 | File | `/forum/away.php` | High
21 | File | `/ghost/preview` | High
22 | File | `/goForm/aspForm` | High
23 | File | `/HNAP1` | Low
24 | File | `/inc/jquery/uploadify/uploadify.php` | High
25 | File | `/index.php?app=main&func=passport&action=login` | High
26 | File | `/index.php?page=category_list` | High
27 | File | `/jobinfo/` | Medium
28 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
29 | File | `/login.php` | Medium
30 | File | `/menu.html` | Medium
31 | File | `/Moosikay/order.php` | High
32 | File | `/news/*.html` | Medium
33 | File | `/out.php` | Medium
34 | File | `/owa/auth/logon.aspx` | High
35 | File | `/PreviewHandler.ashx` | High
36 | ... | ... | ...
22 | File | `/goform/AdvSetLanip` | High
23 | File | `/goForm/aspForm` | High
24 | File | `/goform/fromSetWirelessRepeat` | High
25 | File | `/goform/setmac` | High
26 | File | `/goform/setMacFilterCfg` | High
27 | File | `/goform/SetSysTimeCfg` | High
28 | File | `/goform/WifiGuestSet` | High
29 | File | `/HNAP1` | Low
30 | File | `/index.php?app=main&func=passport&action=login` | High
31 | File | `/index.php?page=category_list` | High
32 | File | `/jobinfo/` | Medium
33 | File | `/kelasdosen/data` | High
34 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
35 | File | `/login.php` | Medium
36 | File | `/mc` | Low
37 | File | `/news/*.html` | Medium
38 | ... | ... | ...
There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

25
actors/GIMF/README.md
View File

@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with GIMF:
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GIMF:
* [LA](https://vuldb.com/?country.la)
* [GB](https://vuldb.com/?country.gb)
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* ...
There are 1 more country items available. Please use our online service to access the data.
There are 2 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -45,7 +45,7 @@ ID | Technique | Weakness | Description | Confidence
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 12 more TTP items available. Please use our online service to access the data.
There are 13 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -55,16 +55,17 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/dl_sendmail.php` | High
2 | File | `/api/v2/cli/commands` | High
3 | File | `/owa/auth/logon.aspx` | High
4 | File | `/spip.php` | Medium
5 | File | `/zm/index.php` | High
6 | File | `admin.jcomments.php` | High
7 | File | `application/modules/admin/views/ecommerce/products.php` | High
8 | File | `base/ErrorHandler.php` | High
9 | File | `blog.php` | Medium
10 | ... | ... | ...
3 | File | `/DXR.axd` | Medium
4 | File | `/forum/away.php` | High
5 | File | `/owa/auth/logon.aspx` | High
6 | File | `/spip.php` | Medium
7 | File | `/zm/index.php` | High
8 | File | `admin.jcomments.php` | High
9 | File | `application/modules/admin/views/ecommerce/products.php` | High
10 | File | `base/ErrorHandler.php` | High
11 | ... | ... | ...
There are 75 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 83 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

45
actors/GZipDe/README.md Normal file
View File

@ -0,0 +1,45 @@
# GZipDe - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GZipDe](https://vuldb.com/?actor.gzipde). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gzipde](https://vuldb.com/?actor.gzipde)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GZipDe:
* [CN](https://vuldb.com/?country.cn)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GZipDe.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [118.193.251.137](https://vuldb.com/?ip.118.193.251.137) | - | - | High
2 | [175.194.42.8](https://vuldb.com/?ip.175.194.42.8) | - | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _GZipDe_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
actors/Gafgyt/README.md
View File

@ -71,7 +71,7 @@ ID | Type | Indicator | Confidence
13 | File | `/var/run/zabbix` | High
14 | ... | ... | ...
There are 111 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 112 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

401
actors/Germany Unknown/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [RO](https://vuldb.com/?country.ro)
* [IO](https://vuldb.com/?country.io)
* ...
There are 25 more country items available. Please use our online service to access the data.
There are 26 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -10125,279 +10125,9 @@ ID | IP address | Hostname | Campaign | Confidence
10102 | [65.108.21.242](https://vuldb.com/?ip.65.108.21.242) | srv1.tnk-constructions.com | - | High
10103 | [65.108.24.140](https://vuldb.com/?ip.65.108.24.140) | cloud.ider.com | - | High
10104 | [65.108.24.143](https://vuldb.com/?ip.65.108.24.143) | static.143.24.108.65.clients.your-server.de | - | High
10105 | [65.108.24.152](https://vuldb.com/?ip.65.108.24.152) | static.152.24.108.65.clients.your-server.de | - | High
10106 | [65.108.24.154](https://vuldb.com/?ip.65.108.24.154) | static.154.24.108.65.clients.your-server.de | - | High
10107 | [65.108.160.0](https://vuldb.com/?ip.65.108.160.0) | static.0.160.108.65.clients.your-server.de | - | High
10108 | [65.109.0.0](https://vuldb.com/?ip.65.109.0.0) | static.0.0.109.65.clients.your-server.de | - | High
10109 | [65.109.44.0](https://vuldb.com/?ip.65.109.44.0) | static.0.44.109.65.clients.your-server.de | - | High
10110 | [65.109.64.0](https://vuldb.com/?ip.65.109.64.0) | static.0.64.109.65.clients.your-server.de | - | High
10111 | [65.109.73.0](https://vuldb.com/?ip.65.109.73.0) | static.0.73.109.65.clients.your-server.de | - | High
10112 | [65.109.74.0](https://vuldb.com/?ip.65.109.74.0) | static.0.74.109.65.clients.your-server.de | - | High
10113 | [65.109.76.0](https://vuldb.com/?ip.65.109.76.0) | static.0.76.109.65.clients.your-server.de | - | High
10114 | [65.109.80.0](https://vuldb.com/?ip.65.109.80.0) | static.0.80.109.65.clients.your-server.de | - | High
10115 | [65.109.82.0](https://vuldb.com/?ip.65.109.82.0) | static.0.82.109.65.clients.your-server.de | - | High
10116 | [65.109.84.0](https://vuldb.com/?ip.65.109.84.0) | static.0.84.109.65.clients.your-server.de | - | High
10117 | [65.109.88.0](https://vuldb.com/?ip.65.109.88.0) | static.0.88.109.65.clients.your-server.de | - | High
10118 | [65.109.96.0](https://vuldb.com/?ip.65.109.96.0) | static.0.96.109.65.clients.your-server.de | - | High
10119 | [65.109.112.0](https://vuldb.com/?ip.65.109.112.0) | static.0.112.109.65.clients.your-server.de | - | High
10120 | [65.109.114.0](https://vuldb.com/?ip.65.109.114.0) | static.0.114.109.65.clients.your-server.de | - | High
10121 | [65.109.116.0](https://vuldb.com/?ip.65.109.116.0) | static.0.116.109.65.clients.your-server.de | - | High
10122 | [65.109.120.0](https://vuldb.com/?ip.65.109.120.0) | static.0.120.109.65.clients.your-server.de | - | High
10123 | [65.109.126.0](https://vuldb.com/?ip.65.109.126.0) | static.0.126.109.65.clients.your-server.de | - | High
10124 | [65.109.128.0](https://vuldb.com/?ip.65.109.128.0) | static.0.128.109.65.clients.your-server.de | - | High
10125 | [65.109.136.0](https://vuldb.com/?ip.65.109.136.0) | static.0.136.109.65.clients.your-server.de | - | High
10126 | [65.109.138.0](https://vuldb.com/?ip.65.109.138.0) | static.0.138.109.65.clients.your-server.de | - | High
10127 | [65.109.140.0](https://vuldb.com/?ip.65.109.140.0) | static.0.140.109.65.clients.your-server.de | - | High
10128 | [65.109.142.0](https://vuldb.com/?ip.65.109.142.0) | static.0.142.109.65.clients.your-server.de | - | High
10129 | [65.109.144.0](https://vuldb.com/?ip.65.109.144.0) | static.0.144.109.65.clients.your-server.de | - | High
10130 | [65.109.146.0](https://vuldb.com/?ip.65.109.146.0) | static.0.146.109.65.clients.your-server.de | - | High
10131 | [65.109.148.0](https://vuldb.com/?ip.65.109.148.0) | static.0.148.109.65.clients.your-server.de | - | High
10132 | [65.109.152.0](https://vuldb.com/?ip.65.109.152.0) | static.0.152.109.65.clients.your-server.de | - | High
10133 | [65.109.160.0](https://vuldb.com/?ip.65.109.160.0) | static.0.160.109.65.clients.your-server.de | - | High
10134 | [65.109.192.0](https://vuldb.com/?ip.65.109.192.0) | static.0.192.109.65.clients.your-server.de | - | High
10135 | [65.126.50.160](https://vuldb.com/?ip.65.126.50.160) | 65-126-50-160.dia.static.qwest.net | - | High
10136 | [65.148.0.4](https://vuldb.com/?ip.65.148.0.4) | - | - | High
10137 | [65.148.0.8](https://vuldb.com/?ip.65.148.0.8) | - | - | High
10138 | [65.148.33.0](https://vuldb.com/?ip.65.148.33.0) | - | - | High
10139 | [65.151.140.0](https://vuldb.com/?ip.65.151.140.0) | - | - | High
10140 | [65.151.140.10](https://vuldb.com/?ip.65.151.140.10) | - | - | High
10141 | [65.151.140.12](https://vuldb.com/?ip.65.151.140.12) | - | - | High
10142 | [65.151.172.0](https://vuldb.com/?ip.65.151.172.0) | - | - | High
10143 | [65.151.172.5](https://vuldb.com/?ip.65.151.172.5) | - | - | High
10144 | [65.151.225.0](https://vuldb.com/?ip.65.151.225.0) | - | - | High
10145 | [65.152.197.0](https://vuldb.com/?ip.65.152.197.0) | - | - | High
10146 | [65.154.234.0](https://vuldb.com/?ip.65.154.234.0) | - | - | High
10147 | [65.154.234.16](https://vuldb.com/?ip.65.154.234.16) | - | - | High
10148 | [65.158.30.0](https://vuldb.com/?ip.65.158.30.0) | - | - | High
10149 | [65.164.94.65](https://vuldb.com/?ip.65.164.94.65) | - | - | High
10150 | [65.175.16.12](https://vuldb.com/?ip.65.175.16.12) | - | - | High
10151 | [65.175.16.44](https://vuldb.com/?ip.65.175.16.44) | - | - | High
10152 | [65.229.158.0](https://vuldb.com/?ip.65.229.158.0) | - | - | High
10153 | [65.255.46.0](https://vuldb.com/?ip.65.255.46.0) | - | - | High
10154 | [66.22.44.0](https://vuldb.com/?ip.66.22.44.0) | - | - | High
10155 | [66.22.120.0](https://vuldb.com/?ip.66.22.120.0) | - | - | High
10156 | [66.22.243.0](https://vuldb.com/?ip.66.22.243.0) | - | - | High
10157 | [66.28.3.88](https://vuldb.com/?ip.66.28.3.88) | - | - | High
10158 | [66.28.4.41](https://vuldb.com/?ip.66.28.4.41) | be2742.ccr41.fra03.atlas.cogentco.com | - | High
10159 | [66.28.7.128](https://vuldb.com/?ip.66.28.7.128) | - | - | High
10160 | [66.36.221.0](https://vuldb.com/?ip.66.36.221.0) | - | - | High
10161 | [66.42.97.0](https://vuldb.com/?ip.66.42.97.0) | 66.42.97.0.vultrusercontent.com | - | High
10162 | [66.42.98.0](https://vuldb.com/?ip.66.42.98.0) | - | - | High
10163 | [66.42.100.0](https://vuldb.com/?ip.66.42.100.0) | - | - | High
10164 | [66.42.104.0](https://vuldb.com/?ip.66.42.104.0) | - | - | High
10165 | [66.42.106.0](https://vuldb.com/?ip.66.42.106.0) | - | - | High
10166 | [66.42.109.0](https://vuldb.com/?ip.66.42.109.0) | 66.42.109.0.vultrusercontent.com | - | High
10167 | [66.42.110.0](https://vuldb.com/?ip.66.42.110.0) | - | - | High
10168 | [66.51.212.0](https://vuldb.com/?ip.66.51.212.0) | - | - | High
10169 | [66.54.86.0](https://vuldb.com/?ip.66.54.86.0) | - | - | High
10170 | [66.59.208.0](https://vuldb.com/?ip.66.59.208.0) | bloom.host | - | High
10171 | [66.59.210.0](https://vuldb.com/?ip.66.59.210.0) | bloom.host | - | High
10172 | [66.81.240.0](https://vuldb.com/?ip.66.81.240.0) | - | - | High
10173 | [66.84.94.0](https://vuldb.com/?ip.66.84.94.0) | host-66-84-94-0.static.sprious.com | - | High
10174 | [66.102.12.48](https://vuldb.com/?ip.66.102.12.48) | - | - | High
10175 | [66.102.12.204](https://vuldb.com/?ip.66.102.12.204) | - | - | High
10176 | [66.102.14.132](https://vuldb.com/?ip.66.102.14.132) | - | - | High
10177 | [66.102.41.0](https://vuldb.com/?ip.66.102.41.0) | - | - | High
10178 | [66.110.2.50](https://vuldb.com/?ip.66.110.2.50) | gin-fnm-obr1.as6453.net | - | High
10179 | [66.110.2.58](https://vuldb.com/?ip.66.110.2.58) | gin-f2c-sw1.as6453.net | - | High
10180 | [66.110.2.125](https://vuldb.com/?ip.66.110.2.125) | gin-fnm-sw1.as6453.net | - | High
10181 | [66.110.2.129](https://vuldb.com/?ip.66.110.2.129) | gin-fr0-sw1.as6453.net | - | High
10182 | [66.110.2.137](https://vuldb.com/?ip.66.110.2.137) | gin-fr1-obr1.as6453.net | - | High
10183 | [66.110.2.152](https://vuldb.com/?ip.66.110.2.152) | gin-fr0-obr2.as6453.net | - | High
10184 | [66.110.2.233](https://vuldb.com/?ip.66.110.2.233) | gin-f2c-obr3.as6453.net | - | High
10185 | [66.110.10.66](https://vuldb.com/?ip.66.110.10.66) | if-lo-0-0.tcore1.fr0-frankfurt.as6453.net | - | High
10186 | [66.110.10.70](https://vuldb.com/?ip.66.110.10.70) | if-lo-0-0.tcore1.fnm-frankfurt.as6453.net | - | High
10187 | [66.110.10.156](https://vuldb.com/?ip.66.110.10.156) | if-lo-0-0.vpe1.fnm-frankfurt.as6453.net | - | High
10188 | [66.114.50.0](https://vuldb.com/?ip.66.114.50.0) | - | - | High
10189 | [66.114.54.0](https://vuldb.com/?ip.66.114.54.0) | - | - | High
10190 | [66.114.58.0](https://vuldb.com/?ip.66.114.58.0) | - | - | High
10191 | [66.119.73.54](https://vuldb.com/?ip.66.119.73.54) | - | - | High
10192 | [66.119.74.234](https://vuldb.com/?ip.66.119.74.234) | - | - | High
10193 | [66.119.82.0](https://vuldb.com/?ip.66.119.82.0) | - | - | High
10194 | [66.119.82.36](https://vuldb.com/?ip.66.119.82.36) | - | - | High
10195 | [66.119.85.194](https://vuldb.com/?ip.66.119.85.194) | - | - | High
10196 | [66.135.206.224](https://vuldb.com/?ip.66.135.206.224) | - | - | High
10197 | [66.135.207.96](https://vuldb.com/?ip.66.135.207.96) | - | - | High
10198 | [66.135.207.144](https://vuldb.com/?ip.66.135.207.144) | - | - | High
10199 | [66.135.214.176](https://vuldb.com/?ip.66.135.214.176) | - | - | High
10200 | [66.155.4.0](https://vuldb.com/?ip.66.155.4.0) | - | - | High
10201 | [66.155.5.4](https://vuldb.com/?ip.66.155.5.4) | - | - | High
10202 | [66.155.94.0](https://vuldb.com/?ip.66.155.94.0) | - | - | High
10203 | [66.155.94.120](https://vuldb.com/?ip.66.155.94.120) | - | - | High
10204 | [66.155.94.162](https://vuldb.com/?ip.66.155.94.162) | - | - | High
10205 | [66.155.94.204](https://vuldb.com/?ip.66.155.94.204) | - | - | High
10206 | [66.155.94.211](https://vuldb.com/?ip.66.155.94.211) | - | - | High
10207 | [66.159.221.0](https://vuldb.com/?ip.66.159.221.0) | - | - | High
10208 | [66.159.222.0](https://vuldb.com/?ip.66.159.222.0) | - | - | High
10209 | [66.159.232.0](https://vuldb.com/?ip.66.159.232.0) | - | - | High
10210 | [66.171.231.0](https://vuldb.com/?ip.66.171.231.0) | - | - | High
10211 | [66.178.137.0](https://vuldb.com/?ip.66.178.137.0) | - | - | High
10212 | [66.198.165.11](https://vuldb.com/?ip.66.198.165.11) | - | - | High
10213 | [66.198.165.12](https://vuldb.com/?ip.66.198.165.12) | - | - | High
10214 | [66.201.188.128](https://vuldb.com/?ip.66.201.188.128) | - | - | High
10215 | [66.201.188.134](https://vuldb.com/?ip.66.201.188.134) | - | - | High
10216 | [66.201.188.154](https://vuldb.com/?ip.66.201.188.154) | - | - | High
10217 | [66.201.188.172](https://vuldb.com/?ip.66.201.188.172) | - | - | High
10218 | [66.201.188.176](https://vuldb.com/?ip.66.201.188.176) | - | - | High
10219 | [66.201.188.188](https://vuldb.com/?ip.66.201.188.188) | - | - | High
10220 | [66.201.188.200](https://vuldb.com/?ip.66.201.188.200) | - | - | High
10221 | [66.201.188.232](https://vuldb.com/?ip.66.201.188.232) | - | - | High
10222 | [66.201.188.236](https://vuldb.com/?ip.66.201.188.236) | - | - | High
10223 | [66.206.2.0](https://vuldb.com/?ip.66.206.2.0) | 66-206-2-0.static.hvvc.us | - | High
10224 | [66.206.24.0](https://vuldb.com/?ip.66.206.24.0) | 66-206-24-0.static.hvvc.us | - | High
10225 | [66.227.118.0](https://vuldb.com/?ip.66.227.118.0) | - | - | High
10226 | [66.239.189.55](https://vuldb.com/?ip.66.239.189.55) | 66.239.189.55.ptr.us.xo.net | - | High
10227 | [66.241.112.0](https://vuldb.com/?ip.66.241.112.0) | - | - | High
10228 | [66.241.114.0](https://vuldb.com/?ip.66.241.114.0) | - | - | High
10229 | [66.250.244.0](https://vuldb.com/?ip.66.250.244.0) | - | - | High
10230 | [66.251.132.0](https://vuldb.com/?ip.66.251.132.0) | - | - | High
10231 | [66.251.140.0](https://vuldb.com/?ip.66.251.140.0) | - | - | High
10232 | [66.251.160.0](https://vuldb.com/?ip.66.251.160.0) | - | - | High
10233 | [66.251.168.0](https://vuldb.com/?ip.66.251.168.0) | 66-251-168-0.besthostingnew.com | - | High
10234 | [66.254.122.0](https://vuldb.com/?ip.66.254.122.0) | - | - | High
10235 | [67.16.110.160](https://vuldb.com/?ip.67.16.110.160) | - | - | High
10236 | [67.16.114.72](https://vuldb.com/?ip.67.16.114.72) | - | - | High
10237 | [67.16.115.32](https://vuldb.com/?ip.67.16.115.32) | - | - | High
10238 | [67.16.117.232](https://vuldb.com/?ip.67.16.117.232) | - | - | High
10239 | [67.16.120.161](https://vuldb.com/?ip.67.16.120.161) | - | - | High
10240 | [67.16.120.162](https://vuldb.com/?ip.67.16.120.162) | - | - | High
10241 | [67.16.125.40](https://vuldb.com/?ip.67.16.125.40) | - | - | High
10242 | [67.16.133.209](https://vuldb.com/?ip.67.16.133.209) | - | - | High
10243 | [67.16.224.44](https://vuldb.com/?ip.67.16.224.44) | - | - | High
10244 | [67.17.159.0](https://vuldb.com/?ip.67.17.159.0) | - | - | High
10245 | [67.17.159.128](https://vuldb.com/?ip.67.17.159.128) | - | - | High
10246 | [67.17.159.192](https://vuldb.com/?ip.67.17.159.192) | - | - | High
10247 | [67.22.60.0](https://vuldb.com/?ip.67.22.60.0) | - | - | High
10248 | [67.26.72.0](https://vuldb.com/?ip.67.26.72.0) | - | - | High
10249 | [67.26.80.0](https://vuldb.com/?ip.67.26.80.0) | - | - | High
10250 | [67.26.112.0](https://vuldb.com/?ip.67.26.112.0) | - | - | High
10251 | [67.26.136.0](https://vuldb.com/?ip.67.26.136.0) | - | - | High
10252 | [67.27.140.0](https://vuldb.com/?ip.67.27.140.0) | - | - | High
10253 | [67.27.144.0](https://vuldb.com/?ip.67.27.144.0) | - | - | High
10254 | [67.27.156.0](https://vuldb.com/?ip.67.27.156.0) | - | - | High
10255 | [67.27.232.0](https://vuldb.com/?ip.67.27.232.0) | - | - | High
10256 | [67.43.86.0](https://vuldb.com/?ip.67.43.86.0) | - | - | High
10257 | [67.148.251.0](https://vuldb.com/?ip.67.148.251.0) | - | - | High
10258 | [67.148.251.32](https://vuldb.com/?ip.67.148.251.32) | - | - | High
10259 | [67.148.251.40](https://vuldb.com/?ip.67.148.251.40) | - | - | High
10260 | [67.148.251.48](https://vuldb.com/?ip.67.148.251.48) | - | - | High
10261 | [67.148.251.56](https://vuldb.com/?ip.67.148.251.56) | - | - | High
10262 | [67.148.251.72](https://vuldb.com/?ip.67.148.251.72) | - | - | High
10263 | [67.148.251.76](https://vuldb.com/?ip.67.148.251.76) | - | - | High
10264 | [67.148.251.84](https://vuldb.com/?ip.67.148.251.84) | - | - | High
10265 | [67.148.251.88](https://vuldb.com/?ip.67.148.251.88) | - | - | High
10266 | [67.148.251.92](https://vuldb.com/?ip.67.148.251.92) | - | - | High
10267 | [67.148.251.96](https://vuldb.com/?ip.67.148.251.96) | - | - | High
10268 | [67.148.251.116](https://vuldb.com/?ip.67.148.251.116) | - | - | High
10269 | [67.148.251.120](https://vuldb.com/?ip.67.148.251.120) | - | - | High
10270 | [67.148.251.124](https://vuldb.com/?ip.67.148.251.124) | - | - | High
10271 | [67.148.251.136](https://vuldb.com/?ip.67.148.251.136) | - | - | High
10272 | [67.148.251.156](https://vuldb.com/?ip.67.148.251.156) | - | - | High
10273 | [67.148.251.172](https://vuldb.com/?ip.67.148.251.172) | - | - | High
10274 | [67.148.251.188](https://vuldb.com/?ip.67.148.251.188) | - | - | High
10275 | [67.148.251.192](https://vuldb.com/?ip.67.148.251.192) | - | - | High
10276 | [67.148.251.196](https://vuldb.com/?ip.67.148.251.196) | - | - | High
10277 | [67.148.251.200](https://vuldb.com/?ip.67.148.251.200) | - | - | High
10278 | [67.148.251.204](https://vuldb.com/?ip.67.148.251.204) | - | - | High
10279 | [67.148.251.228](https://vuldb.com/?ip.67.148.251.228) | - | - | High
10280 | [67.148.251.232](https://vuldb.com/?ip.67.148.251.232) | - | - | High
10281 | [67.148.251.236](https://vuldb.com/?ip.67.148.251.236) | - | - | High
10282 | [67.148.251.244](https://vuldb.com/?ip.67.148.251.244) | - | - | High
10283 | [67.148.251.248](https://vuldb.com/?ip.67.148.251.248) | - | - | High
10284 | [67.199.128.0](https://vuldb.com/?ip.67.199.128.0) | - | - | High
10285 | [67.199.136.0](https://vuldb.com/?ip.67.199.136.0) | - | - | High
10286 | [67.199.140.0](https://vuldb.com/?ip.67.199.140.0) | - | - | High
10287 | [67.207.72.0](https://vuldb.com/?ip.67.207.72.0) | - | - | High
10288 | [67.207.169.0](https://vuldb.com/?ip.67.207.169.0) | - | - | High
10289 | [67.207.172.0](https://vuldb.com/?ip.67.207.172.0) | - | - | High
10290 | [67.207.181.0](https://vuldb.com/?ip.67.207.181.0) | - | - | High
10291 | [67.207.201.0](https://vuldb.com/?ip.67.207.201.0) | - | - | High
10292 | [67.210.18.0](https://vuldb.com/?ip.67.210.18.0) | - | - | High
10293 | [67.210.19.0](https://vuldb.com/?ip.67.210.19.0) | - | - | High
10294 | [67.210.20.0](https://vuldb.com/?ip.67.210.20.0) | - | - | High
10295 | [67.210.22.0](https://vuldb.com/?ip.67.210.22.0) | - | - | High
10296 | [67.210.24.0](https://vuldb.com/?ip.67.210.24.0) | - | - | High
10297 | [67.210.29.0](https://vuldb.com/?ip.67.210.29.0) | - | - | High
10298 | [67.216.224.0](https://vuldb.com/?ip.67.216.224.0) | - | - | High
10299 | [67.216.232.0](https://vuldb.com/?ip.67.216.232.0) | - | - | High
10300 | [67.216.234.0](https://vuldb.com/?ip.67.216.234.0) | - | - | High
10301 | [67.216.239.0](https://vuldb.com/?ip.67.216.239.0) | - | - | High
10302 | [67.217.93.0](https://vuldb.com/?ip.67.217.93.0) | - | - | High
10303 | [67.227.3.0](https://vuldb.com/?ip.67.227.3.0) | - | - | High
10304 | [67.227.7.0](https://vuldb.com/?ip.67.227.7.0) | - | - | High
10305 | [67.227.8.0](https://vuldb.com/?ip.67.227.8.0) | - | - | High
10306 | [67.227.16.0](https://vuldb.com/?ip.67.227.16.0) | - | - | High
10307 | [67.227.28.0](https://vuldb.com/?ip.67.227.28.0) | - | - | High
10308 | [67.227.64.0](https://vuldb.com/?ip.67.227.64.0) | 67.227.64.0.rdns.ColocationAmerica.com | - | High
10309 | [67.227.114.0](https://vuldb.com/?ip.67.227.114.0) | 67.227.114.0.rdns.ColocationAmerica.com | - | High
10310 | [67.227.116.0](https://vuldb.com/?ip.67.227.116.0) | 67.227.116.0.rdns.ColocationAmerica.com | - | High
10311 | [68.70.192.0](https://vuldb.com/?ip.68.70.192.0) | - | - | High
10312 | [68.70.193.0](https://vuldb.com/?ip.68.70.193.0) | - | - | High
10313 | [68.70.194.0](https://vuldb.com/?ip.68.70.194.0) | - | - | High
10314 | [68.70.200.0](https://vuldb.com/?ip.68.70.200.0) | - | - | High
10315 | [68.70.202.0](https://vuldb.com/?ip.68.70.202.0) | - | - | High
10316 | [68.70.204.0](https://vuldb.com/?ip.68.70.204.0) | - | - | High
10317 | [68.70.207.0](https://vuldb.com/?ip.68.70.207.0) | - | - | High
10318 | [68.142.80.34](https://vuldb.com/?ip.68.142.80.34) | cra01.hhn1.llnw.net | - | High
10319 | [68.142.80.96](https://vuldb.com/?ip.68.142.80.96) | flb1.dus1.llnw.net | - | High
10320 | [68.142.80.102](https://vuldb.com/?ip.68.142.80.102) | fr3.fra1.llnw.net | - | High
10321 | [68.142.80.104](https://vuldb.com/?ip.68.142.80.104) | - | - | High
10322 | [68.142.82.16](https://vuldb.com/?ip.68.142.82.16) | v901.fr3.fra1.llnw.net | - | High
10323 | [68.142.88.55](https://vuldb.com/?ip.68.142.88.55) | zlag84.cra01.hef1.llnw.net | - | High
10324 | [68.142.88.57](https://vuldb.com/?ip.68.142.88.57) | - | - | High
10325 | [68.142.88.64](https://vuldb.com/?ip.68.142.88.64) | lag14.fr3.fra1.llnw.net | - | High
10326 | [68.142.88.90](https://vuldb.com/?ip.68.142.88.90) | - | - | High
10327 | [68.142.88.99](https://vuldb.com/?ip.68.142.88.99) | lag25.fr3.fra1.llnw.net | - | High
10328 | [68.142.88.103](https://vuldb.com/?ip.68.142.88.103) | lag24.fr4.fra1.llnw.net | - | High
10329 | [68.142.88.106](https://vuldb.com/?ip.68.142.88.106) | lag28.fr3.fra1.llnw.net | - | High
10330 | [68.142.88.108](https://vuldb.com/?ip.68.142.88.108) | lag25.fr4.fra1.llnw.net | - | High
10331 | [68.142.88.116](https://vuldb.com/?ip.68.142.88.116) | - | - | High
10332 | [68.142.89.218](https://vuldb.com/?ip.68.142.89.218) | - | - | High
10333 | [68.142.89.220](https://vuldb.com/?ip.68.142.89.220) | - | - | High
10334 | [68.142.89.222](https://vuldb.com/?ip.68.142.89.222) | lag69.fr4.dus1.llnw.net | - | High
10335 | [68.183.64.0](https://vuldb.com/?ip.68.183.64.0) | - | - | High
10336 | [68.183.208.0](https://vuldb.com/?ip.68.183.208.0) | - | - | High
10337 | [68.183.240.0](https://vuldb.com/?ip.68.183.240.0) | - | - | High
10338 | [69.4.12.0](https://vuldb.com/?ip.69.4.12.0) | - | - | High
10339 | [69.4.228.0](https://vuldb.com/?ip.69.4.228.0) | - | - | High
10340 | [69.10.35.0](https://vuldb.com/?ip.69.10.35.0) | - | - | High
10341 | [69.16.158.0](https://vuldb.com/?ip.69.16.158.0) | - | - | High
10342 | [69.22.168.0](https://vuldb.com/?ip.69.22.168.0) | - | - | High
10343 | [69.22.170.0](https://vuldb.com/?ip.69.22.170.0) | - | - | High
10344 | [69.22.172.0](https://vuldb.com/?ip.69.22.172.0) | - | - | High
10345 | [69.22.179.0](https://vuldb.com/?ip.69.22.179.0) | - | - | High
10346 | [69.22.184.0](https://vuldb.com/?ip.69.22.184.0) | - | - | High
10347 | [69.28.171.13](https://vuldb.com/?ip.69.28.171.13) | fr3.frf.llnw.net | - | High
10348 | [69.28.171.26](https://vuldb.com/?ip.69.28.171.26) | fr4.frf.llnw.net | - | High
10349 | [69.28.172.20](https://vuldb.com/?ip.69.28.172.20) | - | - | High
10350 | [69.28.172.102](https://vuldb.com/?ip.69.28.172.102) | - | - | High
10351 | [69.28.172.104](https://vuldb.com/?ip.69.28.172.104) | - | - | High
10352 | [69.28.172.120](https://vuldb.com/?ip.69.28.172.120) | - | - | High
10353 | [69.28.172.158](https://vuldb.com/?ip.69.28.172.158) | - | - | High
10354 | [69.28.172.202](https://vuldb.com/?ip.69.28.172.202) | tge1-4.fr4.fra1.llnw.net | - | High
10355 | [69.28.189.161](https://vuldb.com/?ip.69.28.189.161) | tge3-4.fr4.fra1.llnw.net | - | High
10356 | [69.28.189.168](https://vuldb.com/?ip.69.28.189.168) | - | - | High
10357 | [69.28.189.177](https://vuldb.com/?ip.69.28.189.177) | - | - | High
10358 | [69.31.10.192](https://vuldb.com/?ip.69.31.10.192) | . | - | High
10359 | [69.31.10.224](https://vuldb.com/?ip.69.31.10.224) | . | - | High
10360 | [69.31.50.0](https://vuldb.com/?ip.69.31.50.0) | - | - | High
10361 | [69.36.134.18](https://vuldb.com/?ip.69.36.134.18) | - | - | High
10362 | [69.50.228.0](https://vuldb.com/?ip.69.50.228.0) | - | - | High
10363 | [69.52.72.0](https://vuldb.com/?ip.69.52.72.0) | - | - | High
10364 | [69.58.90.0](https://vuldb.com/?ip.69.58.90.0) | host-69-58-90-0.static.sprious.com | - | High
10365 | [69.59.248.0](https://vuldb.com/?ip.69.59.248.0) | - | - | High
10366 | [69.64.45.240](https://vuldb.com/?ip.69.64.45.240) | static-ip-69-64-45-240.inaddr.ip-pool.com | - | High
10367 | [69.64.244.0](https://vuldb.com/?ip.69.64.244.0) | - | - | High
10368 | [69.64.245.0](https://vuldb.com/?ip.69.64.245.0) | - | - | High
10369 | [69.67.33.95](https://vuldb.com/?ip.69.67.33.95) | - | - | High
10370 | [69.67.35.40](https://vuldb.com/?ip.69.67.35.40) | de-frk-ipa-1.cmcnetworks.net | - | High
10371 | [69.67.35.82](https://vuldb.com/?ip.69.67.35.82) | - | - | High
10372 | [69.67.35.137](https://vuldb.com/?ip.69.67.35.137) | - | - | High
10373 | [69.67.35.190](https://vuldb.com/?ip.69.67.35.190) | - | - | High
10374 | [69.67.35.197](https://vuldb.com/?ip.69.67.35.197) | - | - | High
10375 | ... | ... | ... | ...
10105 | ... | ... | ... | ...
There are 41498 more IOC items available. Please use our online service to access the data.
There are 40417 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -10405,7 +10135,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-37, CWE-425 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-29, CWE-36, CWE-37 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
@ -10420,75 +10150,64 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/?p=products` | Medium
2 | File | `/admin.php/update/getFile.html` | High
3 | File | `/admin/?page=product/manage_product&id=2` | High
4 | File | `/admin/?setting-base.htm` | High
5 | File | `/admin/cashadvance_row.php` | High
6 | File | `/admin/inquiries/view_inquiry.php` | High
7 | File | `/admin/maintenance/view_designation.php` | High
8 | File | `/admin/products/manage_product.php` | High
9 | File | `/admin/report/index.php` | High
10 | File | `/admin/sales/view_details.php` | High
11 | File | `/admin/scheprofile.cgi` | High
12 | File | `/admin/userprofile.php` | High
13 | File | `/api/blade-log/api/list` | High
14 | File | `/api/v2/cli/commands` | High
15 | File | `/cgi-bin/activate.cgi` | High
16 | File | `/cgi-bin/kerbynet` | High
17 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
18 | File | `/cgi-bin/ping.cgi` | High
19 | File | `/cgi-bin/wapopen` | High
20 | File | `/cgi-bin/wlogin.cgi` | High
21 | File | `/classes/Master.php` | High
1 | File | `//WEB-INF` | Medium
2 | File | `/?p=products` | Medium
3 | File | `/about.php` | Medium
4 | File | `/admin.php/update/getFile.html` | High
5 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
6 | File | `/admin/edit_subject.php` | High
7 | File | `/admin/index.php` | High
8 | File | `/admin/scheprofile.cgi` | High
9 | File | `/ajax.php?action=read_msg` | High
10 | File | `/api/stl/actions/search` | High
11 | File | `/api/upload.php` | High
12 | File | `/api/v1/snapshots` | High
13 | File | `/application/common.php#action_log` | High
14 | File | `/bin/ate` | Medium
15 | File | `/bitrix/admin/ldap_server_edit.php` | High
16 | File | `/cgi-bin` | Medium
17 | File | `/cgi-bin/adm.cgi` | High
18 | File | `/cgi-bin/kerbynet` | High
19 | File | `/cgi-bin/ping.cgi` | High
20 | File | `/cgi-bin/wapopen` | High
21 | File | `/cgi-bin/wlogin.cgi` | High
22 | File | `/classes/Master.php?f=delete_service` | High
23 | File | `/classes/Master.php?f=save_course` | High
24 | File | `/debug/pprof` | Medium
25 | File | `/dev/shm` | Medium
23 | File | `/classes/Users.php?f=save` | High
24 | File | `/dev/shm` | Medium
25 | File | `/dishes.php` | Medium
26 | File | `/dosen/data` | Medium
27 | File | `/eval/admin/manage_class.php` | High
28 | File | `/export` | Low
29 | File | `/feeds/post/publish` | High
30 | File | `/forum/away.php` | High
31 | File | `/inc/topBarNav.php` | High
32 | File | `/index.php/archives/1/comment` | High
33 | File | `/Items/*/RemoteImages/Download` | High
34 | File | `/jurusan/data` | High
35 | File | `/mahasiswa/data` | High
36 | File | `/messageboard/view.php` | High
37 | File | `/modules/projects/vw_files.php` | High
38 | File | `/opac/Actions.php?a=login` | High
39 | File | `/osm/REGISTER.cmd` | High
40 | File | `/proxy` | Low
41 | File | `/reservation/add_message.php` | High
42 | File | `/send_order.cgi?parameter=access_detect` | High
43 | File | `/servlet/webacc` | High
44 | File | `/textpattern/index.php` | High
45 | File | `/ueditor/net/controller.ashx?action=catchimage` | High
46 | File | `/uncpath/` | Medium
47 | File | `/upload` | Low
48 | File | `/user/updatePwd` | High
49 | File | `/v2/#/` | Low
50 | File | `/v2/customerdb/operator.svc/a` | High
51 | File | `/v2/_catalog` | Medium
52 | File | `/vaccinated/admin/maintenance/manage_location.php` | High
53 | File | `/var/log/webfsd.log` | High
54 | File | `/xxl-job-admin/user/add` | High
55 | File | `20review.asp` | Medium
56 | File | `?page=about` | Medium
57 | File | `a-forms.php` | Medium
58 | File | `account.asp` | Medium
59 | File | `adclick.php` | Medium
60 | File | `additem.asp` | Medium
61 | File | `admin.a6mambocredits.php` | High
62 | File | `admin.cropcanvas.php` | High
63 | File | `admin.jcomments.php` | High
64 | File | `admin.joomlaradiov5.php` | High
65 | File | `admin.php` | Medium
66 | File | `admin.php/index/upload because app/common/service/UploadService.php` | High
67 | ... | ... | ...
27 | File | `/E-mobile/App/System/File/downfile.php` | High
28 | File | `/Electron/download` | High
29 | File | `/env` | Low
30 | File | `/eval/admin/manage_class.php` | High
31 | File | `/export` | Low
32 | File | `/feeds/post/publish` | High
33 | File | `/forum/away.php` | High
34 | File | `/goForm/aspForm` | High
35 | File | `/goform/RgDdns` | High
36 | File | `/goform/RGFirewallEL` | High
37 | File | `/inc/jquery/uploadify/uploadify.php` | High
38 | File | `/index.php?app=main&func=passport&action=login` | High
39 | File | `/index.php?page=category_list` | High
40 | File | `/index/user/user_edit.html` | High
41 | File | `/jobinfo/` | Medium
42 | File | `/jurusan/data` | High
43 | File | `/kelasdosen/data` | High
44 | File | `/login.php` | Medium
45 | File | `/mahasiswa/data` | High
46 | File | `/Moosikay/order.php` | High
47 | File | `/opac/Actions.php?a=login` | High
48 | File | `/osm/REGISTER.cmd` | High
49 | File | `/php-sms/admin/?page=user/manage_user` | High
50 | File | `/PreviewHandler.ashx` | High
51 | File | `/reservation/add_message.php` | High
52 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
53 | File | `/send_order.cgi?parameter=access_detect` | High
54 | File | `/send_order.cgi?parameter=restart` | High
55 | File | `/squashfs-root/etc_ro/custom.conf` | High
56 | ... | ... | ...
There are 585 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 485 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

30
actors/Gh0stRAT/README.md
View File

@ -101,8 +101,7 @@ ID | Technique | Weakness | Description | Confidence
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
6 | ... | ... | ... | ...
5 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
@ -137,20 +136,21 @@ ID | Type | Indicator | Confidence
23 | File | `/forum/away.php` | High
24 | File | `/forum/PostPrivateMessage` | High
25 | File | `/goform/addressNat` | High
26 | File | `/goform/setmac` | High
27 | File | `/goform/setMacFilterCfg` | High
28 | File | `/HNAP1` | Low
29 | File | `/HNAP1/SetClientInfo` | High
30 | File | `/home/www/cgi-bin/login.cgi` | High
31 | File | `/inc/jquery/uploadify/uploadify.php` | High
32 | File | `/js/player/dmplayer/dmku/index.php` | High
33 | File | `/kelasdosen/data` | High
34 | File | `/modules/profile/index.php` | High
35 | File | `/multi-vendor-shopping-script/product-list.php` | High
36 | File | `/net-banking/customer_transactions.php` | High
37 | ... | ... | ...
26 | File | `/goform/AdvSetLanip` | High
27 | File | `/goform/fromSetWirelessRepeat` | High
28 | File | `/goform/setmac` | High
29 | File | `/goform/setMacFilterCfg` | High
30 | File | `/goform/SetSysTimeCfg` | High
31 | File | `/goform/set_LimitClient_cfg` | High
32 | File | `/goform/WifiGuestSet` | High
33 | File | `/HNAP1` | Low
34 | File | `/HNAP1/SetClientInfo` | High
35 | File | `/home/www/cgi-bin/login.cgi` | High
36 | File | `/inc/jquery/uploadify/uploadify.php` | High
37 | File | `/js/player/dmplayer/dmku/index.php` | High
38 | ... | ... | ...
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 330 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

57
actors/Ghostminer/README.md Normal file
View File

@ -0,0 +1,57 @@
# Ghostminer - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ghostminer](https://vuldb.com/?actor.ghostminer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ghostminer](https://vuldb.com/?actor.ghostminer)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Ghostminer:
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Ghostminer.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [103.105.59.68](https://vuldb.com/?ip.103.105.59.68) | - | - | High
2 | [118.24.63.208](https://vuldb.com/?ip.118.24.63.208) | - | - | High
3 | [123.59.68.172](https://vuldb.com/?ip.123.59.68.172) | - | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Ghostminer_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1592 | CWE-200 | Configuration | High
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Ghostminer. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `data/gbconfiguration.dat` | High
2 | File | `gdk/gdkcairo.c` | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-cryptocurrency-miner-ghostminer-weaponizes-wmi-objects-kills-other-cryptocurrency-mining-payloads/
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

30
actors/Golang/README.md Normal file
View File

@ -0,0 +1,30 @@
# Golang - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Golang](https://vuldb.com/?actor.golang). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.golang](https://vuldb.com/?actor.golang)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Golang.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.fortinet.com/blog/threat-research/new-golang-ransomware-targeting-linux-systems.html
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

74
actors/Grizzly Steppe/README.md
View File

@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grizzly Steppe:
* [RU](https://vuldb.com/?country.ru)
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* ...
There are 10 more country items available. Please use our online service to access the data.
There are 11 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -158,9 +158,9 @@ ID | Technique | Weakness | Description | Confidence
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
7 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
@ -184,39 +184,41 @@ ID | Type | Indicator | Confidence
11 | File | `/admin/maintenance/view_designation.php` | High
12 | File | `/admin/mechanics/manage_mechanic.php` | High
13 | File | `/admin/orders/update_status.php` | High
14 | File | `/admin/service.php` | High
15 | File | `/admin/service_requests/manage_inventory.php` | High
16 | File | `/admin/transactions/track_shipment.php` | High
17 | File | `/adms/admin/?page=vehicles/view_transaction` | High
18 | File | `/alphaware/summary.php` | High
19 | File | `/api/` | Low
20 | File | `/api/admin/store/product/list` | High
21 | File | `/api/stl/actions/search` | High
22 | File | `/api/v2/cli/commands` | High
23 | File | `/api2/html/` | Medium
24 | File | `/boat/login.php` | High
25 | File | `/bsms_ci/index.php/book` | High
26 | File | `/cgi-bin` | Medium
27 | File | `/cgi-bin/nightled.cgi` | High
28 | File | `/cgi-bin/wlogin.cgi` | High
29 | File | `/check` | Low
30 | File | `/churchcrm/v2/family/not-found` | High
31 | File | `/classes/Master.php?f=delete_inquiry` | High
32 | File | `/classes/Master.php?f=delete_sub_category` | High
33 | File | `/CPE` | Low
34 | File | `/debug/pprof` | Medium
35 | File | `/etc/pki/pesign` | High
36 | File | `/file_manager/admin/save_user.php` | High
37 | File | `/forum/away.php` | High
38 | File | `/goform/aspForm` | High
39 | File | `/goform/SetFirewallCfg` | High
40 | File | `/inc/topBarNav.php` | High
41 | File | `/iwgallery/pictures/details.asp` | High
42 | File | `/jurusan/data` | High
43 | File | `/kelasdosen/data` | High
44 | ... | ... | ...
14 | File | `/admin/reportupload.aspx` | High
15 | File | `/admin/service.php` | High
16 | File | `/admin/service_requests/manage_inventory.php` | High
17 | File | `/admin/transactions/track_shipment.php` | High
18 | File | `/adms/admin/?page=vehicles/view_transaction` | High
19 | File | `/alphaware/summary.php` | High
20 | File | `/api/` | Low
21 | File | `/api/admin/store/product/list` | High
22 | File | `/api/crontab` | Medium
23 | File | `/api/stl/actions/search` | High
24 | File | `/api/v2/cli/commands` | High
25 | File | `/api2/html/` | Medium
26 | File | `/archibus/login.axvw` | High
27 | File | `/bin/ate` | Medium
28 | File | `/boat/login.php` | High
29 | File | `/cgi-bin` | Medium
30 | File | `/cgi-bin/nightled.cgi` | High
31 | File | `/cgi-bin/wlogin.cgi` | High
32 | File | `/check` | Low
33 | File | `/churchcrm/v2/family/not-found` | High
34 | File | `/classes/Master.php?f=delete_inquiry` | High
35 | File | `/classes/Master.php?f=delete_sub_category` | High
36 | File | `/CPE` | Low
37 | File | `/debug/pprof` | Medium
38 | File | `/env` | Low
39 | File | `/etc/pki/pesign` | High
40 | File | `/file_manager/admin/save_user.php` | High
41 | File | `/forum/away.php` | High
42 | File | `/goform/aspForm` | High
43 | File | `/goform/SetFirewallCfg` | High
44 | File | `/inc/topBarNav.php` | High
45 | File | `/iwgallery/pictures/details.asp` | High
46 | ... | ... | ...
There are 380 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 402 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

68
actors/Hermes 2.1/README.md Normal file
View File

@ -0,0 +1,68 @@
# Hermes 2.1 - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hermes 2.1](https://vuldb.com/?actor.hermes_2.1). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hermes_2.1](https://vuldb.com/?actor.hermes_2.1)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hermes 2.1:
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [DE](https://vuldb.com/?country.de)
* ...
There are 1 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Hermes 2.1.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [47.254.202.63](https://vuldb.com/?ip.47.254.202.63) | - | - | High
2 | [205.185.121.209](https://vuldb.com/?ip.205.185.121.209) | THIS-IS-A-TOR-EXIT.COM | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Hermes 2.1_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 4 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Hermes 2.1. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/etc/tomcat8/Catalina/attack` | High
2 | File | `/mgmt/tm/util/bash` | High
3 | File | `api/settings/values` | High
4 | ... | ... | ...
There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
actors/HyperBro/README.md
View File

@ -54,7 +54,7 @@ ID | Type | Indicator | Confidence
5 | File | `/rapi/read_url` | High
6 | ... | ... | ...
There are 38 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 40 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

81
actors/ISFB/README.md
View File

@ -67,45 +67,47 @@ ID | IP address | Hostname | Campaign | Confidence
44 | [31.214.157.31](https://vuldb.com/?ip.31.214.157.31) | vm12150.ru | - | High
45 | [31.214.157.160](https://vuldb.com/?ip.31.214.157.160) | elijah-nascent.specbowel.net | - | High
46 | [37.10.71.114](https://vuldb.com/?ip.37.10.71.114) | - | - | High
47 | [37.120.206.70](https://vuldb.com/?ip.37.120.206.70) | - | - | High
48 | [37.120.206.119](https://vuldb.com/?ip.37.120.206.119) | - | - | High
49 | [37.120.222.138](https://vuldb.com/?ip.37.120.222.138) | - | - | High
50 | [37.120.222.178](https://vuldb.com/?ip.37.120.222.178) | - | - | High
51 | [37.120.222.188](https://vuldb.com/?ip.37.120.222.188) | - | - | High
52 | [37.120.239.178](https://vuldb.com/?ip.37.120.239.178) | - | - | High
53 | [45.9.20.245](https://vuldb.com/?ip.45.9.20.245) | - | - | High
54 | [45.11.180.140](https://vuldb.com/?ip.45.11.180.140) | boab-exchange.stuffbent.net | - | High
55 | [45.11.180.178](https://vuldb.com/?ip.45.11.180.178) | pleased-process.eitherbar.com | - | High
56 | [45.11.181.28](https://vuldb.com/?ip.45.11.181.28) | sourengine.com | - | High
57 | [45.11.181.122](https://vuldb.com/?ip.45.11.181.122) | - | - | High
58 | [45.11.182.30](https://vuldb.com/?ip.45.11.182.30) | - | - | High
59 | [45.11.182.165](https://vuldb.com/?ip.45.11.182.165) | - | - | High
60 | [45.11.182.208](https://vuldb.com/?ip.45.11.182.208) | - | - | High
61 | [45.11.183.24](https://vuldb.com/?ip.45.11.183.24) | - | - | High
62 | [45.67.230.16](https://vuldb.com/?ip.45.67.230.16) | vm1300397.stark-industries.solutions | - | High
63 | [45.89.67.190](https://vuldb.com/?ip.45.89.67.190) | 13ipv6.ok | - | High
64 | [45.89.189.6](https://vuldb.com/?ip.45.89.189.6) | vds125341.mgnhost.com | - | High
65 | [45.89.189.7](https://vuldb.com/?ip.45.89.189.7) | vds123455.mgn-host.ru | - | High
66 | [45.89.230.121](https://vuldb.com/?ip.45.89.230.121) | - | - | High
67 | [45.90.57.19](https://vuldb.com/?ip.45.90.57.19) | kuzina.val.pserver.ru | - | High
68 | [45.90.58.37](https://vuldb.com/?ip.45.90.58.37) | vps.hostry.com | - | High
69 | [45.130.147.89](https://vuldb.com/?ip.45.130.147.89) | lao89.nengtanyun.cn | - | High
70 | [45.130.151.190](https://vuldb.com/?ip.45.130.151.190) | 526204.msk-kvm.ru | - | High
71 | [45.130.151.191](https://vuldb.com/?ip.45.130.151.191) | godaddy.com | - | High
72 | [45.130.151.195](https://vuldb.com/?ip.45.130.151.195) | 533873.msk-kvm.ru | - | High
73 | [45.130.151.199](https://vuldb.com/?ip.45.130.151.199) | 515904.msk-kvm.ru | - | High
74 | [45.140.167.95](https://vuldb.com/?ip.45.140.167.95) | - | - | High
75 | [45.147.200.47](https://vuldb.com/?ip.45.147.200.47) | mail.ofsekck.cn | - | High
76 | [45.153.230.139](https://vuldb.com/?ip.45.153.230.139) | vm247045.pq.hosting | - | High
77 | [45.155.249.47](https://vuldb.com/?ip.45.155.249.47) | - | - | High
78 | [45.155.249.49](https://vuldb.com/?ip.45.155.249.49) | - | - | High
79 | [45.155.249.65](https://vuldb.com/?ip.45.155.249.65) | - | - | High
80 | [45.155.249.66](https://vuldb.com/?ip.45.155.249.66) | - | - | High
81 | [45.155.249.91](https://vuldb.com/?ip.45.155.249.91) | - | - | High
82 | [45.155.249.94](https://vuldb.com/?ip.45.155.249.94) | - | - | High
83 | ... | ... | ... | ...
47 | [37.46.130.155](https://vuldb.com/?ip.37.46.130.155) | sunchronize00work032.ispvds.com | - | High
48 | [37.120.206.70](https://vuldb.com/?ip.37.120.206.70) | - | - | High
49 | [37.120.206.119](https://vuldb.com/?ip.37.120.206.119) | - | - | High
50 | [37.120.222.138](https://vuldb.com/?ip.37.120.222.138) | - | - | High
51 | [37.120.222.178](https://vuldb.com/?ip.37.120.222.178) | - | - | High
52 | [37.120.222.188](https://vuldb.com/?ip.37.120.222.188) | - | - | High
53 | [37.120.239.178](https://vuldb.com/?ip.37.120.239.178) | - | - | High
54 | [45.9.20.245](https://vuldb.com/?ip.45.9.20.245) | - | - | High
55 | [45.11.180.140](https://vuldb.com/?ip.45.11.180.140) | boab-exchange.stuffbent.net | - | High
56 | [45.11.180.178](https://vuldb.com/?ip.45.11.180.178) | pleased-process.eitherbar.com | - | High
57 | [45.11.181.28](https://vuldb.com/?ip.45.11.181.28) | sourengine.com | - | High
58 | [45.11.181.122](https://vuldb.com/?ip.45.11.181.122) | - | - | High
59 | [45.11.182.30](https://vuldb.com/?ip.45.11.182.30) | - | - | High
60 | [45.11.182.165](https://vuldb.com/?ip.45.11.182.165) | - | - | High
61 | [45.11.182.208](https://vuldb.com/?ip.45.11.182.208) | - | - | High
62 | [45.11.183.24](https://vuldb.com/?ip.45.11.183.24) | - | - | High
63 | [45.67.230.16](https://vuldb.com/?ip.45.67.230.16) | vm1300397.stark-industries.solutions | - | High
64 | [45.89.67.190](https://vuldb.com/?ip.45.89.67.190) | 13ipv6.ok | - | High
65 | [45.89.189.6](https://vuldb.com/?ip.45.89.189.6) | vds125341.mgnhost.com | - | High
66 | [45.89.189.7](https://vuldb.com/?ip.45.89.189.7) | vds123455.mgn-host.ru | - | High
67 | [45.89.230.121](https://vuldb.com/?ip.45.89.230.121) | - | - | High
68 | [45.90.57.19](https://vuldb.com/?ip.45.90.57.19) | kuzina.val.pserver.ru | - | High
69 | [45.90.58.37](https://vuldb.com/?ip.45.90.58.37) | vps.hostry.com | - | High
70 | [45.130.147.89](https://vuldb.com/?ip.45.130.147.89) | lao89.nengtanyun.cn | - | High
71 | [45.130.151.190](https://vuldb.com/?ip.45.130.151.190) | 526204.msk-kvm.ru | - | High
72 | [45.130.151.191](https://vuldb.com/?ip.45.130.151.191) | godaddy.com | - | High
73 | [45.130.151.195](https://vuldb.com/?ip.45.130.151.195) | 533873.msk-kvm.ru | - | High
74 | [45.130.151.199](https://vuldb.com/?ip.45.130.151.199) | 515904.msk-kvm.ru | - | High
75 | [45.140.167.95](https://vuldb.com/?ip.45.140.167.95) | - | - | High
76 | [45.147.200.47](https://vuldb.com/?ip.45.147.200.47) | mail.ofsekck.cn | - | High
77 | [45.153.230.139](https://vuldb.com/?ip.45.153.230.139) | vm247045.pq.hosting | - | High
78 | [45.155.249.47](https://vuldb.com/?ip.45.155.249.47) | - | - | High
79 | [45.155.249.49](https://vuldb.com/?ip.45.155.249.49) | - | - | High
80 | [45.155.249.65](https://vuldb.com/?ip.45.155.249.65) | - | - | High
81 | [45.155.249.66](https://vuldb.com/?ip.45.155.249.66) | - | - | High
82 | [45.155.249.91](https://vuldb.com/?ip.45.155.249.91) | - | - | High
83 | [45.155.249.94](https://vuldb.com/?ip.45.155.249.94) | - | - | High
84 | [45.155.249.129](https://vuldb.com/?ip.45.155.249.129) | - | - | High
85 | ... | ... | ... | ...
There are 330 more IOC items available. Please use our online service to access the data.
There are 338 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -145,7 +147,7 @@ ID | Type | Indicator | Confidence
15 | File | `/owa/auth/logon.aspx` | High
16 | ... | ... | ...
There are 127 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 128 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -191,6 +193,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://twitter.com/JAMESWT_MHT/status/1637767016692973570
* https://twitter.com/JAMESWT_MHT/status/1639161112405975042
* https://twitter.com/JAMESWT_MHT/status/1641002609765916672
* https://twitter.com/JAMESWT_MHT/status/1671438225838161920
* https://twitter.com/luc4m/status/1555095048122949632
* https://twitter.com/reecdeep/status/1414873034234679296
* https://twitter.com/reecdeep/status/1414878988103790593

68
actors/Indexsinas/README.md
View File

@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Indexsinas:
* [VN](https://vuldb.com/?country.vn)
* [US](https://vuldb.com/?country.us)
* [NZ](https://vuldb.com/?country.nz)
* [HK](https://vuldb.com/?country.hk)
* ...
There are 3 more country items available. Please use our online service to access the data.
There are 4 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -287,13 +287,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-29, CWE-425 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-29 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 14 more TTP items available. Please use our online service to access the data.
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -301,27 +302,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/?page=user/list` | High
2 | File | `/admin/ajax.php?action=save_area` | High
3 | File | `/admin/contacts/organizations/edit/2` | High
4 | File | `/admin/modal_add_product.php` | High
5 | File | `/admin/reportupload.aspx` | High
6 | File | `/admin/update_s6.php` | High
7 | File | `/ajax.php?action=read_msg` | High
8 | File | `/ajax.php?action=save_company` | High
9 | File | `/api/user/password/sent-reset-email` | High
10 | File | `/bin/login` | Medium
11 | File | `/bsms_ci/index.php/user/edit_user/` | High
12 | File | `/cgi-bin/upload_vpntar` | High
13 | File | `/cgi-bin/wlogin.cgi` | High
14 | File | `/data/remove` | Medium
15 | File | `/debug/pprof` | Medium
1 | File | `/admin/addproduct.php` | High
2 | File | `/admin/modal_add_product.php` | High
3 | File | `/ajax.php?action=read_msg` | High
4 | File | `/api/user/password/sent-reset-email` | High
5 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
6 | File | `/authenticationendpoint/login.do` | High
7 | File | `/bin/login` | Medium
8 | File | `/bsms_ci/index.php` | High
9 | File | `/bsms_ci/index.php/user/edit_user/` | High
10 | File | `/cgi-bin/luci` | High
11 | File | `/cgi-bin/wlogin.cgi` | High
12 | File | `/changeimage.php` | High
13 | File | `/classes/Users.php?f=save` | High
14 | File | `/download` | Medium
15 | File | `/DXR.axd` | Medium
16 | File | `/forum/away.php` | High
17 | File | `/hrm/controller/employee.php` | High
17 | File | `/HNAP1` | Low
18 | File | `/hrm/employeeadd.php` | High
19 | ... | ... | ...
19 | File | `/link/` | Low
20 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
21 | File | `/mc` | Low
22 | File | `/owa/auth/logon.aspx` | High
23 | File | `/php-inventory-management-system/product.php` | High
24 | File | `/send_order.cgi?parameter=restart` | High
25 | File | `/spip.php` | Medium
26 | File | `/tmp/boa-temp` | High
27 | File | `/userfs/bin/tcapi` | High
28 | File | `/var/log/nginx` | High
29 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
30 | File | `/vendor/views/add_product.php` | High
31 | File | `/wp-admin/admin-ajax.php` | High
32 | File | `?r=dashboard/approval/del` | High
33 | File | `accountrecoveryendpoint/recoverpassword.do` | High
34 | ... | ... | ...
There are 151 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

89
actors/Kimsuky/README.md
View File

@ -17,10 +17,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [MN](https://vuldb.com/?country.mn)
* [KR](https://vuldb.com/?country.kr)
* ...
There are 5 more country items available. Please use our online service to access the data.
There are 7 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -36,9 +36,12 @@ ID | IP address | Hostname | Campaign | Confidence
6 | [27.102.114.63](https://vuldb.com/?ip.27.102.114.63) | - | - | High
7 | [27.102.114.79](https://vuldb.com/?ip.27.102.114.79) | - | - | High
8 | [27.102.114.89](https://vuldb.com/?ip.27.102.114.89) | - | AppleSeed | High
9 | ... | ... | ... | ...
9 | [27.102.127.240](https://vuldb.com/?ip.27.102.127.240) | - | - | High
10 | [27.102.128.169](https://vuldb.com/?ip.27.102.128.169) | - | - | High
11 | [27.255.79.204](https://vuldb.com/?ip.27.255.79.204) | - | - | High
12 | ... | ... | ... | ...
There are 33 more IOC items available. Please use our online service to access the data.
There are 45 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -46,14 +49,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
There are 19 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -61,35 +64,51 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/.env` | Low
2 | File | `/?/admin/snippet/add` | High
3 | File | `/api/upload` | Medium
4 | File | `/assets/something/services/AppModule.class` | High
5 | File | `/bin/false` | Medium
6 | File | `/cgi-bin/luci/api/wireless` | High
7 | File | `/cgi-bin/webproc` | High
8 | File | `/editsettings` | High
9 | File | `/expert_wizard.php` | High
10 | File | `/forum/away.php` | High
11 | File | `/images/browserslide.jpg` | High
12 | File | `/includes/lib/get.php` | High
13 | File | `/lists/index.php` | High
14 | File | `/login` | Low
15 | File | `/main?cmd=invalid_browser` | High
16 | File | `/manager?action=getlogcat` | High
17 | File | `/mc` | Low
18 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
19 | File | `/plugins/Dashboard/Controller.php` | High
20 | File | `/public/plugins/` | High
21 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
22 | File | `/SASWebReportStudio/logonAndRender.do` | High
23 | File | `/scas/admin/` | Medium
24 | File | `/static/ueditor/php/controller.php` | High
25 | File | `/tlogin.cgi` | Medium
26 | File | `/tmp/scfgdndf` | High
27 | ... | ... | ...
1 | File | `%PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\` | High
2 | File | `/.env` | Low
3 | File | `/?/admin/snippet/add` | High
4 | File | `/admin/categories/manage_category.php` | High
5 | File | `/admin/categories/view_category.php` | High
6 | File | `/admin/index.php` | High
7 | File | `/admin/inquiries/view_inquiry.php` | High
8 | File | `/admin/manage_academic.php` | High
9 | File | `/admin/orders/update_status.php` | High
10 | File | `/admin/products/manage_product.php` | High
11 | File | `/admin/products/view_product.php` | High
12 | File | `/admin/reminders/manage_reminder.php` | High
13 | File | `/admin/sales/manage_sale.php` | High
14 | File | `/admin/sales/view_details.php` | High
15 | File | `/admin/services/manage_service.php` | High
16 | File | `/admin/user/manage_user.php` | High
17 | File | `/api/` | Low
18 | File | `/api/upload` | Medium
19 | File | `/assets/something/services/AppModule.class` | High
20 | File | `/bin/false` | Medium
21 | File | `/cgi-bin/luci/api/wireless` | High
22 | File | `/cgi-bin/webproc` | High
23 | File | `/classes/Master.php?f=delete_inquiry` | High
24 | File | `/classes/Master.php?f=save_service` | High
25 | File | `/classes/Users.php` | High
26 | File | `/editsettings` | High
27 | File | `/expert_wizard.php` | High
28 | File | `/export` | Low
29 | File | `/forum/away.php` | High
30 | File | `/function/login.php` | High
31 | File | `/images/browserslide.jpg` | High
32 | File | `/includes/lib/get.php` | High
33 | File | `/lists/index.php` | High
34 | File | `/login` | Low
35 | File | `/main?cmd=invalid_browser` | High
36 | File | `/manager?action=getlogcat` | High
37 | File | `/mc` | Low
38 | File | `/mgmt/tm/util/bash` | High
39 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
40 | File | `/plugins/Dashboard/Controller.php` | High
41 | File | `/public/plugins/` | High
42 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
43 | ... | ... | ...
There are 227 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 374 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -103,8 +122,10 @@ The following list contains _external sources_ which discuss the actor and the a
* https://github.com/blackorbird/APT_REPORT/blob/master/kimsuky/Kimsuky%20APT%20Group%20targeted%20on%20South%20Korean%20defense%20and%20security%20departments.pdf
* https://github.com/blackorbird/APT_REPORT/tree/master/kimsuky
* https://github.com/eset/malware-ioc/tree/master/kimsuky/hotdoge_donutcat_case
* https://threatfox.abuse.ch
* https://twitter.com/shadowchasing1/status/1500778382966939653
* https://twitter.com/souiten/status/1473862308132651011
* https://www.sentinelone.com/labs/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence/
## Literature

42
actors/Kinsing/README.md
View File

@ -112,29 +112,29 @@ ID | Type | Indicator | Confidence
42 | File | `/vendor` | Low
43 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
44 | File | `/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2` | High
45 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
46 | File | `/zm/index.php` | High
47 | File | `a-b-membres.php` | High
48 | File | `actions.php` | Medium
49 | File | `adclick.php` | Medium
50 | File | `add.php` | Low
51 | File | `addtocart.asp` | High
52 | File | `add_2_basket.asp` | High
53 | File | `add_comment.php` | High
54 | File | `add_edit_cat.asp` | High
55 | File | `admin.jcomments.php` | High
56 | File | `admin.php` | Medium
57 | File | `admin.php/comments/batchdel/` | High
58 | File | `admin/aboutus.php` | High
59 | File | `admin/adm/test.php` | High
60 | File | `admin/article_save.php` | High
61 | File | `admin/bitrix.mpbuilder_step2.php` | High
62 | File | `admin/conf_users_edit.php` | High
63 | File | `admin/vqmods.app/vqmods.inc.php` | High
64 | File | `adminer.php` | Medium
45 | File | `/zm/index.php` | High
46 | File | `a-b-membres.php` | High
47 | File | `actions.php` | Medium
48 | File | `adclick.php` | Medium
49 | File | `add.php` | Low
50 | File | `addtocart.asp` | High
51 | File | `add_2_basket.asp` | High
52 | File | `add_comment.php` | High
53 | File | `add_edit_cat.asp` | High
54 | File | `admin.jcomments.php` | High
55 | File | `admin.php` | Medium
56 | File | `admin.php/comments/batchdel/` | High
57 | File | `admin/aboutus.php` | High
58 | File | `admin/adm/test.php` | High
59 | File | `admin/article_save.php` | High
60 | File | `admin/bitrix.mpbuilder_step2.php` | High
61 | File | `admin/conf_users_edit.php` | High
62 | File | `admin/vqmods.app/vqmods.inc.php` | High
63 | File | `adminer.php` | Medium
64 | File | `administrator/components/com_media/helpers/media.php` | High
65 | ... | ... | ...
There are 567 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 565 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

109
actors/Kraken 2.0/README.md Normal file
View File

@ -0,0 +1,109 @@
# Kraken 2.0 - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Kraken 2.0](https://vuldb.com/?actor.kraken_2.0). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.kraken_2.0](https://vuldb.com/?actor.kraken_2.0)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kraken 2.0:
* [VN](https://vuldb.com/?country.vn)
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* ...
There are 9 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Kraken 2.0.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [127.0.0.1](https://vuldb.com/?ip.127.0.0.1) | localhost | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Kraken 2.0_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
6 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Kraken 2.0. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/admin/upload/upload` | High
3 | File | `/api/gen/clients/{language}` | High
4 | File | `/cgi-bin/wlogin.cgi` | High
5 | File | `/config/getuser` | High
6 | File | `/config/myfield/test.php` | High
7 | File | `/debug/pprof` | Medium
8 | File | `/ecshop/admin/template.php` | High
9 | File | `/example/editor` | High
10 | File | `/file/upload/1` | High
11 | File | `/forum/away.php` | High
12 | File | `/forum/PostPrivateMessage` | High
13 | File | `/HNAP1` | Low
14 | File | `/home/www/cgi-bin/login.cgi` | High
15 | File | `/iu-application/controllers/administration/auth.php` | High
16 | File | `/Kofax/KFS/ThinClient/document/upload/` | High
17 | File | `/multi-vendor-shopping-script/product-list.php` | High
18 | File | `/net-banking/customer_transactions.php` | High
19 | File | `/obs/book.php` | High
20 | File | `/ossn/administrator/com_installer` | High
21 | File | `/owa/auth/logon.aspx` | High
22 | File | `/pms/update_user.php?user_id=1` | High
23 | File | `/requests.php` | High
24 | File | `/spip.php` | Medium
25 | File | `/sre/params.php` | High
26 | File | `/tmp` | Low
27 | File | `/uncpath/` | Medium
28 | File | `/user/upload/upload` | High
29 | File | `/Users` | Low
30 | File | `/var/spool/hylafax` | High
31 | File | `/vendor` | Low
32 | File | `accountrecoveryendpoint/recoverpassword.do` | High
33 | File | `action/addproject.php` | High
34 | File | `adclick.php` | Medium
35 | File | `add_contestant.php` | High
36 | File | `admin.php` | Medium
37 | File | `admin/index.php` | High
38 | File | `admin/make_payments.php` | High
39 | File | `Advanced_ASUSDDNS_Content.asp` | High
40 | File | `af_netlink.c` | Medium
41 | File | `album_portal.php` | High
42 | File | `api/auth.go` | Medium
43 | File | `api_jsonrpc.php` | High
44 | ... | ... | ...
There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
actors/Kraken/README.md
View File

@ -52,7 +52,7 @@ ID | Type | Indicator | Confidence
3 | File | `data/gbconfiguration.dat` | High
4 | ... | ... | ...
There are 12 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 13 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

7
actors/LACNIC Unknown/README.md
View File

@ -163,12 +163,9 @@ ID | IP address | Hostname | Campaign | Confidence
143 | [32.104.64.0](https://vuldb.com/?ip.32.104.64.0) | - | - | High
144 | [32.104.66.0](https://vuldb.com/?ip.32.104.66.0) | - | - | High
145 | [32.104.68.0](https://vuldb.com/?ip.32.104.68.0) | - | - | High
146 | [32.104.72.0](https://vuldb.com/?ip.32.104.72.0) | - | - | High
147 | [32.104.80.0](https://vuldb.com/?ip.32.104.80.0) | - | - | High
148 | [32.104.96.0](https://vuldb.com/?ip.32.104.96.0) | - | - | High
149 | ... | ... | ... | ...
146 | ... | ... | ... | ...
There are 591 more IOC items available. Please use our online service to access the data.
There are 580 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures

58
actors/Lampion/README.md Normal file
View File

@ -0,0 +1,58 @@
# Lampion - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Lampion](https://vuldb.com/?actor.lampion). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.lampion](https://vuldb.com/?actor.lampion)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lampion:
* [US](https://vuldb.com/?country.us)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Lampion.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [18.219.52.4](https://vuldb.com/?ip.18.219.52.4) | ec2-18-219-52-4.us-east-2.compute.amazonaws.com | - | Medium
2 | [100.26.189.49](https://vuldb.com/?ip.100.26.189.49) | ec2-100-26-189-49.compute-1.amazonaws.com | - | Medium
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Lampion_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1505 | CWE-89 | SQL Injection | High
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Lampion. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `administrator/classes/ajax/functions.php` | High
2 | File | `coders/jp2.c` | Medium
3 | File | `coders/mat.c` | Medium
4 | ... | ... | ...
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://seguranca-informatica.pt/targeting-portugal-a-new-trojan-lampion-has-spread-using-template-emails-from-the-portuguese-government-finance-tax/#.XgjOH5jhVkz
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

49
actors/Lazarus/README.md
View File

@ -26,7 +26,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [US](https://vuldb.com/?country.us)
* ...
There are 8 more country items available. Please use our online service to access the data.
There are 9 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -279,7 +279,7 @@ ID | Technique | Weakness | Description | Confidence
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 16 more TTP items available. Please use our online service to access the data.
There are 15 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -292,29 +292,30 @@ ID | Type | Indicator | Confidence
3 | File | `/admin/?page=user/list` | High
4 | File | `/admin/addproduct.php` | High
5 | File | `/admin/ajax.php?action=save_area` | High
6 | File | `/admin/contacts/organizations/edit/2` | High
7 | File | `/admin/modal_add_product.php` | High
8 | File | `/admin/reportupload.aspx` | High
9 | File | `/admin/update_s6.php` | High
10 | File | `/ajax.php?action=read_msg` | High
11 | File | `/ajax.php?action=save_company` | High
12 | File | `/bin/login` | Medium
13 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
14 | File | `/changeimage.php` | High
15 | File | `/classes/Users.php?f=save` | High
16 | File | `/DXR.axd` | Medium
17 | File | `/forum/away.php` | High
18 | File | `/ghost/preview` | High
19 | File | `/Login/CheckLogin` | High
20 | File | `/note/index/delete` | High
21 | File | `/out.php` | Medium
22 | File | `/owa/auth/logon.aspx` | High
23 | File | `/send_order.cgi?parameter=restart` | High
24 | File | `/SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc` | High
25 | File | `/SystemManage/Role/GetGridJson?keyword=&page=1&rows=20` | High
26 | ... | ... | ...
6 | File | `/admin/categories/manage_category.php` | High
7 | File | `/admin/contacts/organizations/edit/2` | High
8 | File | `/admin/modal_add_product.php` | High
9 | File | `/admin/reportupload.aspx` | High
10 | File | `/admin/sales/manage_sale.php` | High
11 | File | `/admin/update_s6.php` | High
12 | File | `/ajax.php?action=read_msg` | High
13 | File | `/ajax.php?action=save_company` | High
14 | File | `/bin/login` | Medium
15 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
16 | File | `/changeimage.php` | High
17 | File | `/classes/Users.php?f=save` | High
18 | File | `/DXR.axd` | Medium
19 | File | `/forum/away.php` | High
20 | File | `/ghost/preview` | High
21 | File | `/Login/CheckLogin` | High
22 | File | `/note/index/delete` | High
23 | File | `/out.php` | Medium
24 | File | `/owa/auth/logon.aspx` | High
25 | File | `/send_order.cgi?parameter=restart` | High
26 | File | `/SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc` | High
27 | ... | ... | ...
There are 215 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 228 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

78
actors/LoJax/README.md Normal file
View File

@ -0,0 +1,78 @@
# LoJax - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LoJax](https://vuldb.com/?actor.lojax). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.lojax](https://vuldb.com/?actor.lojax)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LoJax:
* [US](https://vuldb.com/?country.us)
* [RU](https://vuldb.com/?country.ru)
* [RE](https://vuldb.com/?country.re)
* ...
There are 10 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of LoJax.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [1.23.82.72](https://vuldb.com/?ip.1.23.82.72) | - | - | High
2 | [2.2.82.64](https://vuldb.com/?ip.2.2.82.64) | - | - | High
3 | [2.12.51.56](https://vuldb.com/?ip.2.12.51.56) | arennes-655-1-148-56.w2-12.abo.wanadoo.fr | - | High
4 | ... | ... | ... | ...
There are 4 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _LoJax_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 14 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by LoJax. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/api/plugin/uninstall` | High
3 | File | `/bin/boa` | Medium
4 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
5 | File | `/goform/SetNetControlList` | High
6 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
7 | File | `/hrm/employeeadd.php` | High
8 | File | `/jeecg-boot/jmreport/upload` | High
9 | ... | ... | ...
There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
actors/LockFile/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [RU](https://vuldb.com/?country.ru)
* ...
There are 26 more country items available. Please use our online service to access the data.
There are 25 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise

182
actors/Locky/README.md
View File

@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Locky:
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [RU](https://vuldb.com/?country.ru)
* [ES](https://vuldb.com/?country.es)
* ...
There are 11 more country items available. Please use our online service to access the data.
@ -21,16 +21,88 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.173.164.205](https://vuldb.com/?ip.5.173.164.205) | user-5-173-164-205.play-internet.pl | - | High
2 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
3 | [37.187.0.40](https://vuldb.com/?ip.37.187.0.40) | ns3108067.ip-37-187-0.eu | - | High
4 | [46.38.52.225](https://vuldb.com/?ip.46.38.52.225) | free.tel.ru | - | High
5 | [46.101.8.169](https://vuldb.com/?ip.46.101.8.169) | - | - | High
6 | [46.148.20.32](https://vuldb.com/?ip.46.148.20.32) | sa3.net.ua | - | High
7 | [46.183.165.45](https://vuldb.com/?ip.46.183.165.45) | - | - | High
8 | ... | ... | ... | ...
1 | [5.9.253.173](https://vuldb.com/?ip.5.9.253.173) | static.173.253.9.5.clients.your-server.de | - | High
2 | [5.34.180.135](https://vuldb.com/?ip.5.34.180.135) | - | - | High
3 | [5.34.183.21](https://vuldb.com/?ip.5.34.183.21) | - | - | High
4 | [5.34.183.40](https://vuldb.com/?ip.5.34.183.40) | medoc.yura | - | High
5 | [5.34.183.136](https://vuldb.com/?ip.5.34.183.136) | unallocated.layer6.net | - | High
6 | [5.34.183.195](https://vuldb.com/?ip.5.34.183.195) | unallocated.layer6.net | - | High
7 | [5.79.106.152](https://vuldb.com/?ip.5.79.106.152) | - | - | High
8 | [5.135.76.18](https://vuldb.com/?ip.5.135.76.18) | ip18.ip-5-135-76.eu | - | High
9 | [5.152.199.70](https://vuldb.com/?ip.5.152.199.70) | h5-152-199-70.vds.uapeer.eu | - | High
10 | [5.173.164.205](https://vuldb.com/?ip.5.173.164.205) | user-5-173-164-205.play-internet.pl | - | High
11 | [5.187.0.137](https://vuldb.com/?ip.5.187.0.137) | 208593.fornex.cloud | - | High
12 | [5.187.5.171](https://vuldb.com/?ip.5.187.5.171) | dsde677-11781.fornex.org | - | High
13 | [5.188.63.23](https://vuldb.com/?ip.5.188.63.23) | - | - | High
14 | [5.188.63.30](https://vuldb.com/?ip.5.188.63.30) | - | - | High
15 | [5.196.99.239](https://vuldb.com/?ip.5.196.99.239) | buckwild.fr | - | High
16 | [5.196.200.229](https://vuldb.com/?ip.5.196.200.229) | u229.fogileve.com | - | High
17 | [5.196.200.247](https://vuldb.com/?ip.5.196.200.247) | - | - | High
18 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
19 | [31.41.44.21](https://vuldb.com/?ip.31.41.44.21) | vip-classic.example.com | - | High
20 | [31.41.44.45](https://vuldb.com/?ip.31.41.44.45) | lecw3.ru | - | High
21 | [31.41.44.130](https://vuldb.com/?ip.31.41.44.130) | free.cishost.ru | - | High
22 | [31.41.47.37](https://vuldb.com/?ip.31.41.47.37) | ip.cishost.ru | - | High
23 | [31.41.47.41](https://vuldb.com/?ip.31.41.47.41) | 31.41.47.71 | - | High
24 | [31.41.47.50](https://vuldb.com/?ip.31.41.47.50) | free.cishost.ru | - | High
25 | [31.148.99.188](https://vuldb.com/?ip.31.148.99.188) | - | - | High
26 | [31.148.99.241](https://vuldb.com/?ip.31.148.99.241) | - | - | High
27 | [31.184.196.74](https://vuldb.com/?ip.31.184.196.74) | murder-selfer.bestvisions.net | - | High
28 | [31.184.196.75](https://vuldb.com/?ip.31.184.196.75) | - | - | High
29 | [31.184.196.78](https://vuldb.com/?ip.31.184.196.78) | - | - | High
30 | [31.184.197.72](https://vuldb.com/?ip.31.184.197.72) | java-signed.blissuser.com | - | High
31 | [31.184.197.119](https://vuldb.com/?ip.31.184.197.119) | - | - | High
32 | [31.184.197.126](https://vuldb.com/?ip.31.184.197.126) | blissuser.com | - | High
33 | [31.184.233.106](https://vuldb.com/?ip.31.184.233.106) | - | - | High
34 | [31.202.128.249](https://vuldb.com/?ip.31.202.128.249) | 31-202-128-249-kh.maxnet.ua | - | High
35 | [31.202.130.9](https://vuldb.com/?ip.31.202.130.9) | 31-202-130-9-kh.maxnet.ua | - | High
36 | [31.210.120.156](https://vuldb.com/?ip.31.210.120.156) | - | - | High
37 | [37.46.131.153](https://vuldb.com/?ip.37.46.131.153) | dima1.fvds.ru | - | High
38 | [37.139.2.214](https://vuldb.com/?ip.37.139.2.214) | showcase.fm | - | High
39 | [37.139.27.52](https://vuldb.com/?ip.37.139.27.52) | - | - | High
40 | [37.139.30.95](https://vuldb.com/?ip.37.139.30.95) | - | - | High
41 | [37.187.0.40](https://vuldb.com/?ip.37.187.0.40) | ns3108067.ip-37-187-0.eu | - | High
42 | [37.235.50.29](https://vuldb.com/?ip.37.235.50.29) | 29.50.235.37.in-addr.arpa | - | High
43 | [37.235.53.18](https://vuldb.com/?ip.37.235.53.18) | 18.53.235.37.in-addr.arpa | - | High
44 | [37.235.53.210](https://vuldb.com/?ip.37.235.53.210) | 210.53.235.37.in-addr.arpa | - | High
45 | [45.55.192.133](https://vuldb.com/?ip.45.55.192.133) | - | - | High
46 | [46.4.239.76](https://vuldb.com/?ip.46.4.239.76) | static.76.239.4.46.clients.your-server.de | - | High
47 | [46.8.44.39](https://vuldb.com/?ip.46.8.44.39) | - | - | High
48 | [46.8.45.18](https://vuldb.com/?ip.46.8.45.18) | - | - | High
49 | [46.17.40.234](https://vuldb.com/?ip.46.17.40.234) | castle.uiosdhuy.cn | - | High
50 | [46.17.44.153](https://vuldb.com/?ip.46.17.44.153) | cower.enakovach.com | - | High
51 | [46.38.52.225](https://vuldb.com/?ip.46.38.52.225) | free.tel.ru | - | High
52 | [46.101.8.169](https://vuldb.com/?ip.46.101.8.169) | - | - | High
53 | [46.108.39.18](https://vuldb.com/?ip.46.108.39.18) | - | - | High
54 | [46.148.20.32](https://vuldb.com/?ip.46.148.20.32) | sa3.net.ua | - | High
55 | [46.148.20.46](https://vuldb.com/?ip.46.148.20.46) | ip-46-148-20-46.infiumhost.net | - | High
56 | [46.165.253.93](https://vuldb.com/?ip.46.165.253.93) | - | - | High
57 | [46.183.165.45](https://vuldb.com/?ip.46.183.165.45) | - | - | High
58 | [50.28.211.199](https://vuldb.com/?ip.50.28.211.199) | - | - | High
59 | [51.254.19.227](https://vuldb.com/?ip.51.254.19.227) | - | - | High
60 | [51.254.55.171](https://vuldb.com/?ip.51.254.55.171) | - | - | High
61 | [51.254.181.120](https://vuldb.com/?ip.51.254.181.120) | asiaecampaign.com | - | High
62 | [51.254.181.122](https://vuldb.com/?ip.51.254.181.122) | mail2.asiaecampaign.com | - | High
63 | [51.254.240.45](https://vuldb.com/?ip.51.254.240.45) | - | - | High
64 | [51.254.240.60](https://vuldb.com/?ip.51.254.240.60) | - | - | High
65 | [51.254.240.89](https://vuldb.com/?ip.51.254.240.89) | - | - | High
66 | [51.255.105.2](https://vuldb.com/?ip.51.255.105.2) | ip2.ip-51-255-105.eu | - | High
67 | [51.255.107.8](https://vuldb.com/?ip.51.255.107.8) | - | - | High
68 | [51.255.107.10](https://vuldb.com/?ip.51.255.107.10) | - | - | High
69 | [51.255.107.20](https://vuldb.com/?ip.51.255.107.20) | - | - | High
70 | [51.255.107.37](https://vuldb.com/?ip.51.255.107.37) | ip37.ip-51-255-107.eu | - | High
71 | [51.255.172.55](https://vuldb.com/?ip.51.255.172.55) | mail.bdubois.io | - | High
72 | [54.67.27.43](https://vuldb.com/?ip.54.67.27.43) | ec2-54-67-27-43.us-west-1.compute.amazonaws.com | - | Medium
73 | [62.84.69.75](https://vuldb.com/?ip.62.84.69.75) | FiberLink.69-75.lynx.net.lb | - | High
74 | [62.138.11.6](https://vuldb.com/?ip.62.138.11.6) | astra5187.startdedicated.de | - | High
75 | [64.22.100.95](https://vuldb.com/?ip.64.22.100.95) | ez22.ez-web-hosting.com | - | High
76 | [64.207.144.148](https://vuldb.com/?ip.64.207.144.148) | ip-64-207-144-148.ip.secureserver.net | - | High
77 | [66.147.244.210](https://vuldb.com/?ip.66.147.244.210) | box710.bluehost.com | - | High
78 | [67.23.226.139](https://vuldb.com/?ip.67.23.226.139) | super.nseasy.com | - | High
79 | [67.199.41.9](https://vuldb.com/?ip.67.199.41.9) | - | - | High
80 | ... | ... | ... | ...
There are 27 more IOC items available. Please use our online service to access the data.
There are 315 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -38,14 +110,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
4 | T1059 | CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 21 more TTP items available. Please use our online service to access the data.
There are 18 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -53,45 +125,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10` | High
2 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
3 | File | `.authlie` | Medium
4 | File | `.htaccess` | Medium
5 | File | `/+CSCOE+/logon.html` | High
6 | File | `/admin/settings/sites/new` | High
7 | File | `/advanced/adv_dns.xgi` | High
8 | File | `/folder/list` | Medium
9 | File | `/forms/nslookupHandler` | High
10 | File | `/goform/GetNewDir` | High
11 | File | `/goform/right_now_d` | High
12 | File | `/group/comment` | High
13 | File | `/home/home_parent.xgi` | High
14 | File | `/inc/HTTPClient.php` | High
15 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
16 | File | `/ISAPI/Security/users/1` | High
17 | File | `/lookin/info` | Medium
18 | File | `/out.php` | Medium
19 | File | `/plugins/servlet/jira-blockers/` | High
20 | File | `/sessions/sess_<sessionid>` | High
21 | File | `/status/status_log.sys` | High
22 | File | `/themes/<php_file_name>` | High
23 | File | `/tmp` | Low
24 | File | `/uncpath/` | Medium
25 | File | `/upload` | Low
26 | File | `adclick.php` | Medium
27 | File | `addentry.php` | Medium
28 | File | `admin-ajax.php` | High
29 | File | `admin.php` | Medium
30 | File | `admin/fm/` | Medium
31 | File | `admin/pages/*/edit` | High
32 | File | `admincp/attachment.php&do=rebuild&type` | High
33 | File | `administrator/index.php?option=com_pago&view=comments` | High
34 | File | `ajax_mod_security.php` | High
35 | File | `ajax_service.php` | High
36 | File | `appconfig.php` | High
37 | ... | ... | ...
1 | File | `/?p=products` | Medium
2 | File | `/admin.php/accessory/filesdel.html` | High
3 | File | `/admin/?page=user/manage` | High
4 | File | `/admin/add-new.php` | High
5 | File | `/admin/doctors.php` | High
6 | File | `/admin/submit-articles` | High
7 | File | `/alphaware/summary.php` | High
8 | File | `/api/` | Low
9 | File | `/api/admin/store/product/list` | High
10 | File | `/api/stl/actions/search` | High
11 | File | `/api/v2/cli/commands` | High
12 | File | `/attachments` | Medium
13 | File | `/bin/ate` | Medium
14 | File | `/boat/login.php` | High
15 | File | `/bsms_ci/index.php/book` | High
16 | File | `/cgi-bin` | Medium
17 | File | `/cgi-bin/wlogin.cgi` | High
18 | File | `/debug/pprof` | Medium
19 | File | `/env` | Low
20 | File | `/etc/hosts` | Medium
21 | File | `/etc/quagga` | Medium
22 | File | `/forms/doLogin` | High
23 | File | `/forum/away.php` | High
24 | File | `/hrm/employeeview.php` | High
25 | File | `/librarian/bookdetails.php` | High
26 | File | `/medicines/profile.php` | High
27 | File | `/messageboard/view.php` | High
28 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
29 | File | `/out.php` | Medium
30 | File | `/php-sms/admin/?page=user/manage_user` | High
31 | File | `/proxy` | Low
32 | File | `/reservation/add_message.php` | High
33 | File | `/rom-0` | Low
34 | File | `/ServletAPI/accounts/login` | High
35 | File | `/spip.php` | Medium
36 | File | `/textpattern/index.php` | High
37 | File | `/tmp` | Low
38 | File | `/user/updatePwd` | High
39 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
40 | File | `/video-sharing-script/watch-video.php` | High
41 | File | `/wireless/security.asp` | High
42 | ... | ... | ...
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 360 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -105,6 +182,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/
* https://isc.sans.edu/forums/diary/Ongoing+Ykcol+Locky+campaign/22848/
* https://unit42.paloaltonetworks.com/locky-ransomware-installed-through-nuclear-ek/
* https://www.cyber45.com
## Literature

30
actors/Loocipher/README.md Normal file
View File

@ -0,0 +1,30 @@
# Loocipher - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Loocipher](https://vuldb.com/?actor.loocipher). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.loocipher](https://vuldb.com/?actor.loocipher)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Loocipher.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [3.29.17.1](https://vuldb.com/?ip.3.29.17.1) | ec2-3-29-17-1.me-central-1.compute.amazonaws.com | - | Medium
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.bleepingcomputer.com/news/security/new-loocipher-ransomware-spreads-its-evil-through-spam/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

48
actors/LuckyMouse/README.md Normal file
View File

@ -0,0 +1,48 @@
# LuckyMouse - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LuckyMouse](https://vuldb.com/?actor.luckymouse). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.luckymouse](https://vuldb.com/?actor.luckymouse)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LuckyMouse:
* [US](https://vuldb.com/?country.us)
* [NL](https://vuldb.com/?country.nl)
* [CN](https://vuldb.com/?country.cn)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of LuckyMouse.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [103.75.190.28](https://vuldb.com/?ip.103.75.190.28) | - | - | High
2 | [213.109.87.58](https://vuldb.com/?ip.213.109.87.58) | s-213-109-87-58.under.net.ua | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _LuckyMouse_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059 | CWE-94 | Cross Site Scripting | High
2 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

32
actors/Lumma Stealer/README.md
View File

@ -26,9 +26,10 @@ ID | IP address | Hostname | Campaign | Confidence
3 | [45.8.146.130](https://vuldb.com/?ip.45.8.146.130) | vm1266137.stark-industries.solutions | - | High
4 | [45.8.146.213](https://vuldb.com/?ip.45.8.146.213) | vm1266137.stark-industries.solutions | - | High
5 | [45.8.146.227](https://vuldb.com/?ip.45.8.146.227) | vm1266137.stark-industries.solutions | - | High
6 | ... | ... | ... | ...
6 | [45.15.25.190](https://vuldb.com/?ip.45.15.25.190) | - | - | High
7 | ... | ... | ... | ...
There are 22 more IOC items available. Please use our online service to access the data.
There are 23 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -52,26 +53,29 @@ ID | Type | Indicator | Confidence
1 | File | `/api/profile` | Medium
2 | File | `/api/RecordingList/DownloadRecord?file=` | High
3 | File | `/apply.cgi` | Medium
4 | File | `/debug/pprof` | Medium
5 | File | `/etc/grafana/grafana.ini` | High
6 | File | `/forum/PostPrivateMessage` | High
7 | File | `/nova/bin/igmp-proxy` | High
8 | File | `/orrs/admin/?page=user/manage_user` | High
9 | File | `/pages/processlogin.php` | High
10 | File | `/rapi/read_url` | High
11 | File | `/uncpath/` | Medium
12 | File | `/usr/local/psa/admin/sbin/wrapper` | High
13 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
14 | ... | ... | ...
4 | File | `/dataset/data/{id}` | High
5 | File | `/debug/pprof` | Medium
6 | File | `/etc/grafana/grafana.ini` | High
7 | File | `/forum/PostPrivateMessage` | High
8 | File | `/nova/bin/igmp-proxy` | High
9 | File | `/orrs/admin/?page=user/manage_user` | High
10 | File | `/pages/processlogin.php` | High
11 | File | `/rapi/read_url` | High
12 | File | `/uncpath/` | Medium
13 | File | `/usr/local/psa/admin/sbin/wrapper` | High
14 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
15 | ... | ... | ...
There are 112 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 116 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown
* https://app.any.run/tasks/4e682046-d702-46c7-91c5-6f2a6c9a0909/
* https://app.any.run/tasks/9a53fdba-8af6-4d2c-9c2b-e5b86fa34e8b
* https://app.any.run/tasks/330d3bb4-cb91-4311-8bf3-f3d8db2712fb
* https://app.any.run/tasks/b80c5c12-9c12-414d-be8e-818ffdab1e74
* https://threatfox.abuse.ch
* https://tracker.viriback.com/index.php?q=45.8.146.130

65
actors/MARAP/README.md Normal file
View File

@ -0,0 +1,65 @@
# MARAP - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MARAP](https://vuldb.com/?actor.marap). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.marap](https://vuldb.com/?actor.marap)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MARAP:
* [RU](https://vuldb.com/?country.ru)
* [PL](https://vuldb.com/?country.pl)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of MARAP.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [89.223.92.202](https://vuldb.com/?ip.89.223.92.202) | - | - | High
2 | [94.103.81.71](https://vuldb.com/?ip.94.103.81.71) | v1594497.hosted-by-vdsina.ru | - | High
3 | [185.68.93.18](https://vuldb.com/?ip.185.68.93.18) | mail.wintik.co.ua | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _MARAP_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059 | CWE-94 | Cross Site Scripting | High
2 | T1059.007 | CWE-80 | Cross Site Scripting | High
3 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
4 | ... | ... | ... | ...
There are 3 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by MARAP. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/api/crontab` | Medium
2 | File | `/forum/away.php` | High
3 | File | `class.inputfilter.php` | High
4 | ... | ... | ...
There are 7 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

39
actors/MATA/README.md
View File

@ -21,13 +21,13 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [23.227.199.53](https://vuldb.com/?ip.23.227.199.53) | 23-227-199-53.static.hvvc.us | - | High
2 | [23.227.199.69](https://vuldb.com/?ip.23.227.199.69) | 23-227-199-69.static.hvvc.us | - | High
3 | [23.254.119.12](https://vuldb.com/?ip.23.254.119.12) | - | - | High
4 | [67.43.239.146](https://vuldb.com/?ip.67.43.239.146) | - | - | High
1 | [2.4.17.15](https://vuldb.com/?ip.2.4.17.15) | lfbn-mon-1-592-15.w2-4.abo.wanadoo.fr | - | High
2 | [23.227.199.53](https://vuldb.com/?ip.23.227.199.53) | 23-227-199-53.static.hvvc.us | - | High
3 | [23.227.199.69](https://vuldb.com/?ip.23.227.199.69) | 23-227-199-69.static.hvvc.us | - | High
4 | [23.254.119.12](https://vuldb.com/?ip.23.254.119.12) | - | - | High
5 | ... | ... | ... | ...
There are 14 more IOC items available. Please use our online service to access the data.
There are 15 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -50,21 +50,22 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/dl_sendmail.php` | High
2 | File | `/api/v2/cli/commands` | High
3 | File | `/forum/away.php` | High
4 | File | `/out.php` | Medium
5 | File | `/owa/auth/logon.aspx` | High
6 | File | `/phppath/php` | Medium
7 | File | `/spip.php` | Medium
8 | File | `/systemrw/` | Medium
9 | File | `/zm/index.php` | High
10 | File | `adclick.php` | Medium
11 | File | `admin.jcomments.php` | High
12 | File | `application/modules/admin/views/ecommerce/products.php` | High
13 | File | `base/ErrorHandler.php` | High
14 | File | `blog.php` | Medium
15 | ... | ... | ...
3 | File | `/DXR.axd` | Medium
4 | File | `/forum/away.php` | High
5 | File | `/out.php` | Medium
6 | File | `/owa/auth/logon.aspx` | High
7 | File | `/phppath/php` | Medium
8 | File | `/spip.php` | Medium
9 | File | `/systemrw/` | Medium
10 | File | `/zm/index.php` | High
11 | File | `adclick.php` | Medium
12 | File | `admin.jcomments.php` | High
13 | File | `application/modules/admin/views/ecommerce/products.php` | High
14 | File | `base/ErrorHandler.php` | High
15 | File | `blog.php` | Medium
16 | ... | ... | ...
There are 120 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 129 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

56
actors/Magento/README.md Normal file
View File

@ -0,0 +1,56 @@
# Magento - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Magento](https://vuldb.com/?actor.magento). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.magento](https://vuldb.com/?actor.magento)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Magento:
* [CN](https://vuldb.com/?country.cn)
* [DE](https://vuldb.com/?country.de)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Magento.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [8.208.15.67](https://vuldb.com/?ip.8.208.15.67) | - | - | High
2 | [45.114.8.166](https://vuldb.com/?ip.45.114.8.166) | - | - | High
3 | [47.254.202.112](https://vuldb.com/?ip.47.254.202.112) | - | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Magento_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059 | CWE-94 | Cross Site Scripting | High
2 | T1600.001 | CWE-330 | Key Management Error | High
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Magento. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `text/impl/DefaultTextCreator.java` | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://blog.sucuri.net/2019/08/magento-skimmers-from-atob-to-alibaba.html
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
actors/Magic Hound/README.md
View File

@ -103,7 +103,7 @@ ID | Type | Indicator | Confidence
27 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
28 | ... | ... | ...
There are 233 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 235 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

36
actors/Mallox/README.md Normal file
View File

@ -0,0 +1,36 @@
# Mallox - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Mallox](https://vuldb.com/?actor.mallox). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.mallox](https://vuldb.com/?actor.mallox)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mallox:
* [RU](https://vuldb.com/?country.ru)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Mallox.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [80.66.75.116](https://vuldb.com/?ip.80.66.75.116) | - | - | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://blog.cyble.com/2023/06/22/mallox-ransomware-implements-new-infection-strategy/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
actors/Maze/README.md
View File

@ -35,11 +35,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
2 | T1059 | CWE-94 | Cross Site Scripting | High
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 9 more TTP items available. Please use our online service to access the data.
There are 10 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack

4
actors/MetaStealer/README.md
View File

@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MetaStealer:
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* [RU](https://vuldb.com/?country.ru)
* [CN](https://vuldb.com/?country.cn)
* ...
There are 1 more country items available. Please use our online service to access the data.
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
3 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
4 | ... | ... | ... | ...
There are 5 more TTP items available. Please use our online service to access the data.
There are 6 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack

69
actors/Mikey/README.md
View File

@ -64,41 +64,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/?ajax-request=jnews` | High
2 | File | `/Admin/add-student.php` | High
3 | File | `/admin/blog/blogcategory/add/?_to_field=id&_popup=1` | High
4 | File | `/admin/maintenance/view_designation.php` | High
5 | File | `/aya/module/admin/fst_down.inc.php` | High
6 | File | `/boat/login.php` | High
7 | File | `/bsms_ci/index.php/user/edit_user/` | High
8 | File | `/cas/logout` | Medium
9 | File | `/cgi-bin/wlogin.cgi` | High
10 | File | `/cwc/login` | Medium
11 | File | `/etc/tomcat8/Catalina/attack` | High
12 | File | `/forum/away.php` | High
13 | File | `/goform/wizard_end` | High
14 | File | `/ims/login.php` | High
15 | File | `/mhds/clinic/view_details.php` | High
16 | File | `/modules/profile/index.php` | High
17 | File | `/out.php` | Medium
18 | File | `/php-opos/index.php` | High
19 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
20 | File | `/shell` | Low
21 | File | `/tourism/rate_review.php` | High
22 | File | `/uncpath/` | Medium
23 | File | `/usr/www/ja/mnt_cmd.cgi` | High
24 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
25 | File | `/wp-admin/admin-ajax.php` | High
26 | File | `action-visitor.php` | High
27 | File | `action.php` | Medium
28 | File | `adclick.php` | Medium
29 | File | `AdHocQuery_Processor.aspx` | High
30 | File | `admin/ajax.php?action=save_user` | High
31 | File | `admin/expense_report.php` | High
32 | File | `admin/general.php` | High
33 | ... | ... | ...
1 | File | `.FBCIndex` | Medium
2 | File | `/?ajax-request=jnews` | High
3 | File | `/Admin/add-student.php` | High
4 | File | `/admin/blog/blogcategory/add/?_to_field=id&_popup=1` | High
5 | File | `/admin/categories/manage_category.php` | High
6 | File | `/admin/maintenance/view_designation.php` | High
7 | File | `/admin/sales/manage_sale.php` | High
8 | File | `/aya/module/admin/fst_down.inc.php` | High
9 | File | `/boat/login.php` | High
10 | File | `/bsms_ci/index.php/user/edit_user/` | High
11 | File | `/cas/logout` | Medium
12 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
13 | File | `/cgi-bin/wlogin.cgi` | High
14 | File | `/cwc/login` | Medium
15 | File | `/etc/tomcat8/Catalina/attack` | High
16 | File | `/forum/away.php` | High
17 | File | `/ghost/preview` | High
18 | File | `/goform/wizard_end` | High
19 | File | `/ims/login.php` | High
20 | File | `/mhds/clinic/view_details.php` | High
21 | File | `/modules/profile/index.php` | High
22 | File | `/out.php` | Medium
23 | File | `/php-opos/index.php` | High
24 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
25 | File | `/shell` | Low
26 | File | `/tourism/rate_review.php` | High
27 | File | `/uncpath/` | Medium
28 | File | `/usr/www/ja/mnt_cmd.cgi` | High
29 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
30 | File | `/wp-admin/admin-ajax.php` | High
31 | File | `action-visitor.php` | High
32 | File | `action.php` | Medium
33 | File | `adclick.php` | Medium
34 | ... | ... | ...
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

62
actors/Minodo/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [RU](https://vuldb.com/?country.ru)
* ...
There are 9 more country items available. Please use our online service to access the data.
There are 15 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -22,11 +22,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.182.37.118](https://vuldb.com/?ip.5.182.37.118) | vps.hostry.com | - | High
2 | [88.119.175.124](https://vuldb.com/?ip.88.119.175.124) | 19872-33971.bacloud.info | - | High
3 | [94.158.247.72](https://vuldb.com/?ip.94.158.247.72) | no-rdns.mivocloud.com | - | High
4 | ... | ... | ... | ...
2 | [5.252.177.8](https://vuldb.com/?ip.5.252.177.8) | no-rdns.mivocloud.com | - | High
3 | [5.252.177.15](https://vuldb.com/?ip.5.252.177.15) | no-rdns.mivocloud.com | - | High
4 | [23.227.193.141](https://vuldb.com/?ip.23.227.193.141) | arthritisdocs.net | - | High
5 | ... | ... | ... | ...
There are 2 more IOC items available. Please use our online service to access the data.
There are 17 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -34,7 +35,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
@ -48,33 +49,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/api/RecordingList/DownloadRecord?file=` | High
2 | File | `/apply.cgi` | Medium
3 | File | `/card_scan.php` | High
4 | File | `/cgi-bin/wlogin.cgi` | High
5 | File | `/cwc/login` | Medium
6 | File | `/download` | Medium
7 | File | `/etc/quagga` | Medium
8 | File | `/etc/shadow` | Medium
9 | File | `/forms/doLogin` | High
10 | File | `/h/calendar` | Medium
11 | File | `/inc/extensions.php` | High
12 | File | `/netflow/jspui/editProfile.jsp` | High
13 | File | `/nova/bin/console` | High
14 | File | `/nova/bin/detnet` | High
15 | File | `/out.php` | Medium
16 | File | `/rapi/read_url` | High
17 | File | `/req_password_user.php` | High
18 | File | `/rom-0` | Low
19 | ... | ... | ...
1 | File | `%APPDATA%\Securepoint SSL VPN` | High
2 | File | `/api/RecordingList/DownloadRecord?file=` | High
3 | File | `/application/common.php#action_log` | High
4 | File | `/apply.cgi` | Medium
5 | File | `/card_scan.php` | High
6 | File | `/cgi-bin/wlogin.cgi` | High
7 | File | `/cwc/login` | Medium
8 | File | `/download` | Medium
9 | File | `/etc/quagga` | Medium
10 | File | `/etc/shadow` | Medium
11 | File | `/forms/doLogin` | High
12 | File | `/goform/L7Im` | Medium
13 | File | `/h/calendar` | Medium
14 | File | `/icingaweb2/navigation/add` | High
15 | File | `/inc/extensions.php` | High
16 | File | `/netflow/jspui/editProfile.jsp` | High
17 | File | `/nova/bin/console` | High
18 | File | `/nova/bin/detnet` | High
19 | File | `/out.php` | Medium
20 | File | `/php-sms/classes/Master.php?f=save_quote` | High
21 | File | `/rapi/read_url` | High
22 | File | `/req_password_user.php` | High
23 | File | `/rom-0` | Low
24 | File | `/secure/QueryComponent!Default.jspa` | High
25 | File | `/ServletAPI/accounts/login` | High
26 | File | `/setNTP.cgi` | Medium
27 | ... | ... | ...
There are 152 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 230 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-backdoor/
* https://twitter.com/TLP_R3D/status/1647632354926534657
## Literature

30
actors/MirageFox/README.md Normal file
View File

@ -0,0 +1,30 @@
# MirageFox - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MirageFox](https://vuldb.com/?actor.miragefox). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.miragefox](https://vuldb.com/?actor.miragefox)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of MirageFox.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [192.168.0.107](https://vuldb.com/?ip.192.168.0.107) | - | - | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

3887
actors/Mirai/README.md
View File

File diff suppressed because it is too large Load Diff

41
actors/Moobot/README.md
View File

@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [CN](https://vuldb.com/?country.cn)
* ...
There are 15 more country items available. Please use our online service to access the data.
There are 16 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -34,9 +34,10 @@ ID | IP address | Hostname | Campaign | Confidence
4 | [89.248.174.165](https://vuldb.com/?ip.89.248.174.165) | - | UNIX CCTV DVR | High
5 | [89.248.174.166](https://vuldb.com/?ip.89.248.174.166) | - | UNIX CCTV DVR | High
6 | [89.248.174.198](https://vuldb.com/?ip.89.248.174.198) | - | - | High
7 | ... | ... | ... | ...
7 | [89.248.174.203](https://vuldb.com/?ip.89.248.174.203) | no-reverse-dns-configured.com | UNIX CCTV DVR | High
8 | ... | ... | ... | ...
There are 25 more IOC items available. Please use our online service to access the data.
There are 26 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -45,14 +46,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-24 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
7 | ... | ... | ... | ...
There are 23 more TTP items available. Please use our online service to access the data.
There are 22 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -70,15 +71,15 @@ ID | Type | Indicator | Confidence
8 | File | `/admin/payment.php` | High
9 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
10 | File | `/admin/user/manage_user.php` | High
11 | File | `/aqpg/users/login.php` | High
12 | File | `/blog/edit` | Medium
13 | File | `/bsms_ci/index.php/user/edit_user/` | High
14 | File | `/cgi-bin/uploadWeiXinPic` | High
15 | File | `/cgi-bin/wlogin.cgi` | High
16 | File | `/classes/Master.php?f=delete_category` | High
17 | File | `/Default/Bd` | Medium
18 | File | `/dms/admin/reports/daily_collection_report.php` | High
19 | File | `/DsaDataTest` | Medium
11 | File | `/ajax.php?action=read_msg` | High
12 | File | `/aqpg/users/login.php` | High
13 | File | `/blog/edit` | Medium
14 | File | `/bsms_ci/index.php/user/edit_user/` | High
15 | File | `/cgi-bin/wapopen` | High
16 | File | `/cgi-bin/wlogin.cgi` | High
17 | File | `/classes/Master.php?f=delete_category` | High
18 | File | `/Default/Bd` | Medium
19 | File | `/dms/admin/reports/daily_collection_report.php` | High
20 | File | `/etc/networkd-dispatcher` | High
21 | File | `/event/admin/?page=user/list` | High
22 | File | `/filemanager/upload/drop` | High
@ -88,7 +89,7 @@ ID | Type | Indicator | Confidence
26 | File | `/goform/PowerSaveSet` | High
27 | File | `/goform/SetClientState` | High
28 | File | `/goform/SetFirewallCfg` | High
29 | File | `/goform/setWorkmode` | High
29 | File | `/goform/setIPv6Status` | High
30 | File | `/goform/wizard_end` | High
31 | File | `/hrm/employeeview.php` | High
32 | File | `/index.php` | Medium
@ -108,18 +109,24 @@ ID | Type | Indicator | Confidence
46 | File | `/purchase_order/classes/Master.php?f=delete_supplier` | High
47 | File | `/SAP_Information_System/controllers/add_admin.php` | High
48 | File | `/simple_chat_bot/classes/Master.php?f=delete_response` | High
49 | ... | ... | ...
49 | File | `/SiteServer/Ajax/ajaxOtherService.aspx` | High
50 | File | `/sns/classes/Master.php?f=delete_img` | High
51 | File | `/Source/C++/Core/Ap4Array.h` | High
52 | File | `/TestJDBC_Web/test2` | High
53 | ... | ... | ...
There are 424 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 462 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://bazaar.abuse.ch/sample/e09dfc1ba1052e4b5c2c3ff2d9985f6f5024b526aeb8ae4a1d28d8cd81bb0c1e/
* https://blog.netlab.360.com/ddos-botnet-moobot-en/
* https://blog.netlab.360.com/moobot-0day-unixcctv-dvr-en/
* https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/
* https://blog.netlab.360.com/the-botnet-cluster-on-185-244-25-0-24-en/
* https://threatfox.abuse.ch
## Literature

5
actors/MortalKombat/README.md
View File

@ -33,7 +33,8 @@ ID | Technique | Weakness | Description | Confidence
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | ... | ... | ... | ...
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 14 more TTP items available. Please use our online service to access the data.
@ -55,7 +56,7 @@ ID | Type | Indicator | Confidence
10 | File | `admin/class-favicon-by-realfavicongenerator-admin.php` | High
11 | ... | ... | ...
There are 84 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 85 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

105
actors/Muddled Libra/README.md Normal file
View File

@ -0,0 +1,105 @@
# Muddled Libra - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Muddled Libra](https://vuldb.com/?actor.muddled_libra). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.muddled_libra](https://vuldb.com/?actor.muddled_libra)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Muddled Libra:
* [SC](https://vuldb.com/?country.sc)
* [US](https://vuldb.com/?country.us)
* [RU](https://vuldb.com/?country.ru)
* ...
There are 9 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Muddled Libra.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [35.175.153.217](https://vuldb.com/?ip.35.175.153.217) | ec2-35-175-153-217.compute-1.amazonaws.com | - | Medium
2 | [45.32.221.250](https://vuldb.com/?ip.45.32.221.250) | 45.32.221.250.vultrusercontent.com | - | High
3 | [45.156.85.140](https://vuldb.com/?ip.45.156.85.140) | - | - | High
4 | [64.227.30.114](https://vuldb.com/?ip.64.227.30.114) | - | - | High
5 | [79.137.196.160](https://vuldb.com/?ip.79.137.196.160) | moonlit-NL.aeza.network | - | High
6 | ... | ... | ... | ...
There are 22 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Muddled Libra_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Muddled Libra. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/about.php` | Medium
3 | File | `/admin` | Low
4 | File | `/admin/admapi.php` | High
5 | File | `/admin/index2.html` | High
6 | File | `/admin/sign/out` | High
7 | File | `/admin/ztliuyan_sendmail.php` | High
8 | File | `/app1/admin#foo` | High
9 | File | `/CCMAdmin/serverlist.asp` | High
10 | File | `/cgi-bin/editBookmark` | High
11 | File | `/Core/Ap4Utils.h` | High
12 | File | `/ctpms/classes/Master.php?f=delete_application` | High
13 | File | `/downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language` | High
14 | File | `/etc/passwd` | Medium
15 | File | `/forum/away.php` | High
16 | File | `/goform/aspForm` | High
17 | File | `/goform/L7Im` | Medium
18 | File | `/goform/RgDdns` | High
19 | File | `/goform/RgDhcp` | High
20 | File | `/goform/RGFirewallEL` | High
21 | File | `/goform/RgTime` | High
22 | File | `/goform/RgUrlBlock.asp` | High
23 | File | `/goform/wlanPrimaryNetwork` | High
24 | File | `/gofrom/setwanType` | High
25 | File | `/hdf5/src/H5T.c` | High
26 | File | `/horde/imp/search.php` | High
27 | File | `/index.php` | Medium
28 | File | `/installer/upgrade_start` | High
29 | File | `/lan.asp` | Medium
30 | File | `/login/index.php` | High
31 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
32 | File | `/media/?action=cmd` | High
33 | ... | ... | ...
There are 282 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://unit42.paloaltonetworks.com/muddled-libra/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

30
actors/Multicomponent Miner/README.md Normal file
View File

@ -0,0 +1,30 @@
# Multicomponent Miner - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Multicomponent Miner](https://vuldb.com/?actor.multicomponent_miner). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.multicomponent_miner](https://vuldb.com/?actor.multicomponent_miner)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Multicomponent Miner.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [159.89.88.49](https://vuldb.com/?ip.159.89.88.49) | - | - | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.zscaler.com/blogs/research/multicomponent-malware-targeting-cryptocurrency
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

112
actors/Mustang Panda/README.md
View File

@ -19,12 +19,12 @@ There are 2 more campaign items available. Please use our online service to acce
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mustang Panda:
* [DE](https://vuldb.com/?country.de)
* [US](https://vuldb.com/?country.us)
* [DE](https://vuldb.com/?country.de)
* [CN](https://vuldb.com/?country.cn)
* ...
There are 10 more country items available. Please use our online service to access the data.
There are 9 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -59,12 +59,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
6 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
7 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
@ -75,37 +76,80 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `.github/workflows/combine-prs.yml` | High
2 | File | `/admin/?page=orders/manage_request` | High
3 | File | `/admin/settings.php` | High
4 | File | `/admin/uploads.php` | High
5 | File | `/api/geojson` | Medium
6 | File | `/api/user/password/sent-reset-email` | High
7 | File | `/api/v1/attack` | High
8 | File | `/cgi-bin/portal` | High
9 | File | `/Config/service/initModel?` | High
10 | File | `/data/config.ftp.php` | High
11 | File | `/etc/shadow` | Medium
12 | File | `/export` | Low
13 | File | `/file/upload/1` | High
14 | File | `/goform/NTPSyncWithHost` | High
15 | File | `/goform/SetVirtualServerCfg` | High
16 | File | `/HNAP1/SetAccessPointMode` | High
17 | File | `/home/<user>/SecurityOnion/setup/so-setup` | High
18 | File | `/home/www/cgi-bin/diagnostics.cgi` | High
19 | File | `/htmlcode/html/indexdefault.asp` | High
20 | File | `/include/helpers/upload.helper.php` | High
21 | File | `/interface/main/backup.php` | High
22 | File | `/local/domain/$DOMID` | High
23 | File | `/mkshop/Men/profile.php` | High
24 | File | `/MTFWU` | Low
25 | File | `/mygym/admin/index.php` | High
26 | File | `/opt/Citrix/ICAClient/util/ctxwebhelper` | High
27 | File | `/out.php` | Medium
28 | File | `/patient/settings.php` | High
29 | File | `/product/savenewproduct.php?flag=1` | High
30 | ... | ... | ...
2 | File | `/?r=report/api/getlist` | High
3 | File | `/admin.php/appcenter/local.html?type=addon` | High
4 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
5 | File | `/admin/?page=orders/manage_request` | High
6 | File | `/admin/?page=product/manage_product&id=2` | High
7 | File | `/admin/?page=reminders/view_reminder` | High
8 | File | `/admin/?page=system_info` | High
9 | File | `/admin/assign/assign.php` | High
10 | File | `/admin/budget/manage_budget.php` | High
11 | File | `/admin/candidates_row.php` | High
12 | File | `/admin/categories/manage_category.php` | High
13 | File | `/admin/categories/view_category.php` | High
14 | File | `/admin/contacts/organizations/edit/2` | High
15 | File | `/admin/content/index` | High
16 | File | `/admin/employee_add.php` | High
17 | File | `/admin/employee_edit.php` | High
18 | File | `/admin/forgot-password.php` | High
19 | File | `/admin/index3.php` | High
20 | File | `/admin/inventory/manage_stock.php` | High
21 | File | `/admin/manage_academic.php` | High
22 | File | `/admin/mechanics/manage_mechanic.php` | High
23 | File | `/admin/modal_add_product.php` | High
24 | File | `/admin/offenses/view_details.php` | High
25 | File | `/admin/positions_row.php` | High
26 | File | `/admin/product/manage.php` | High
27 | File | `/admin/read.php?mudi=announContent` | High
28 | File | `/admin/report/index.php` | High
29 | File | `/admin/reports/index.php` | High
30 | File | `/admin/robot/approval/list` | High
31 | File | `/admin/service_requests/manage_inventory.php` | High
32 | File | `/admin/settings.php` | High
33 | File | `/admin/students/view_details.php` | High
34 | File | `/admin/uploads.php` | High
35 | File | `/admin/user/manage_user.php` | High
36 | File | `/admin/userprofile.php` | High
37 | File | `/adms/admin/?page=user/manage_user` | High
38 | File | `/adms/classes/Users.php` | High
39 | File | `/ajax.php?action=read_msg` | High
40 | File | `/api/admin/system/store/order/list` | High
41 | File | `/api/geojson` | Medium
42 | File | `/api/upload` | Medium
43 | File | `/api/user/password/sent-reset-email` | High
44 | File | `/api/v1/attack` | High
45 | File | `/author/list?limit=10&offset=0&order=desc` | High
46 | File | `/bilal final/login.php` | High
47 | File | `/boat/login.php` | High
48 | File | `/cgi-bin/portal` | High
49 | File | `/classes/Login.php` | High
50 | File | `/classes/Master.php` | High
51 | File | `/classes/Master.php?f=delete_img` | High
52 | File | `/classes/Master.php?f=save_category` | High
53 | File | `/classes/Master.php?f=save_sub_category` | High
54 | File | `/classes/Master.php?f=update_order_status` | High
55 | File | `/classes/Users.php` | High
56 | File | `/Config/service/initModel?` | High
57 | File | `/data/config.ftp.php` | High
58 | File | `/ecommerce/admin/category/controller.php` | High
59 | File | `/edoc/doctor/patient.php` | High
60 | File | `/etc/shadow` | Medium
61 | File | `/export` | Low
62 | File | `/file/upload/1` | High
63 | File | `/files/list-file` | High
64 | File | `/file_manager/login.php` | High
65 | File | `/forum/PostPrivateMessage` | High
66 | File | `/fos/admin/ajax.php?action=save_settings` | High
67 | File | `/goform/NTPSyncWithHost` | High
68 | File | `/goform/SetVirtualServerCfg` | High
69 | File | `/group1/uploa` | High
70 | File | `/HNAP1/SetAccessPointMode` | High
71 | File | `/home/<user>/SecurityOnion/setup/so-setup` | High
72 | File | `/home/www/cgi-bin/diagnostics.cgi` | High
73 | ... | ... | ...
There are 252 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 646 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

44
actors/Mylobot/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [FR](https://vuldb.com/?country.fr)
* ...
There are 28 more country items available. Please use our online service to access the data.
There are 27 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -73,24 +73,24 @@ ID | Type | Indicator | Confidence
21 | File | `/include/menu_v.inc.php` | High
22 | File | `/include/notify.inc.php` | High
23 | File | `/magnoliaPublic/travel/members/login.html` | High
24 | File | `/mfaslmf/nolicense` | High
25 | File | `/mhds/clinic/view_details.php` | High
26 | File | `/MicroStrategyWS/happyaxis.jsp` | High
27 | File | `/owa/auth/logon.aspx` | High
28 | File | `/proc` | Low
29 | File | `/products/details.asp` | High
30 | File | `/public/plugins/` | High
31 | File | `/RestAPI` | Medium
32 | File | `/school/model/get_teacher.php` | High
33 | File | `/tmp` | Low
34 | File | `/uncpath/` | Medium
35 | File | `/user/loader.php?api=1` | High
36 | File | `/User/saveUser` | High
37 | File | `/viewer/krpano.html` | High
38 | File | `/ViewUserHover.jspa` | High
39 | File | `/WEB-INF/web.xml` | High
40 | File | `/wp-admin/admin-ajax.php` | High
41 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
24 | File | `/mhds/clinic/view_details.php` | High
25 | File | `/MicroStrategyWS/happyaxis.jsp` | High
26 | File | `/owa/auth/logon.aspx` | High
27 | File | `/proc` | Low
28 | File | `/products/details.asp` | High
29 | File | `/public/plugins/` | High
30 | File | `/RestAPI` | Medium
31 | File | `/school/model/get_teacher.php` | High
32 | File | `/tmp` | Low
33 | File | `/uncpath/` | Medium
34 | File | `/user/loader.php?api=1` | High
35 | File | `/User/saveUser` | High
36 | File | `/viewer/krpano.html` | High
37 | File | `/ViewUserHover.jspa` | High
38 | File | `/WEB-INF/web.xml` | High
39 | File | `/wp-admin/admin-ajax.php` | High
40 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
41 | File | `/wp-json/oembed/1.0/embed?url` | High
42 | File | `/wp-json/wc/v3/webhooks` | High
43 | File | `abc-pcie.c` | Medium
44 | File | `account.asp` | Medium
@ -100,9 +100,11 @@ ID | Type | Indicator | Confidence
48 | File | `admin-ajax.php` | High
49 | File | `admin.joomlaflashfun.php` | High
50 | File | `admin.php` | Medium
51 | ... | ... | ...
51 | File | `admin/addons/archive/archive.php` | High
52 | File | `admin/auth.php` | High
53 | ... | ... | ...
There are 441 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 460 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

38
actors/Mystic Stealer/README.md
View File

@ -9,6 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mystic Stealer:
* [DE](https://vuldb.com/?country.de)
* [RU](https://vuldb.com/?country.ru)
* [US](https://vuldb.com/?country.us)
* ...
There are 3 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -16,12 +21,14 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [91.121.118.80](https://vuldb.com/?ip.91.121.118.80) | 1218.rbx.abcvg.ovh | - | High
2 | [94.23.26.20](https://vuldb.com/?ip.94.23.26.20) | 706.rbx.abcvg.ovh | - | High
3 | [94.130.164.47](https://vuldb.com/?ip.94.130.164.47) | static.47.164.130.94.clients.your-server.de | - | High
4 | ... | ... | ... | ...
1 | [5.42.94.125](https://vuldb.com/?ip.5.42.94.125) | juicy-milk.aeza.network | - | High
2 | [5.75.183.169](https://vuldb.com/?ip.5.75.183.169) | static.169.183.75.5.clients.your-server.de | - | High
3 | [23.163.0.179](https://vuldb.com/?ip.23.163.0.179) | mail.pnet-asp.tech | - | High
4 | [43.154.7.225](https://vuldb.com/?ip.43.154.7.225) | - | - | High
5 | [45.9.74.110](https://vuldb.com/?ip.45.9.74.110) | - | - | High
6 | ... | ... | ... | ...
There are 4 more IOC items available. Please use our online service to access the data.
There are 22 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -29,12 +36,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1055 | CWE-74 | Injection | High
2 | T1059 | CWE-94 | Cross Site Scripting | High
3 | T1059.007 | CWE-80 | Cross Site Scripting | High
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 4 more TTP items available. Please use our online service to access the data.
There are 11 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -42,17 +49,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/mgmt/tm/util/bash` | High
2 | File | `adclick.php` | Medium
3 | File | `data/gbconfiguration.dat` | High
4 | ... | ... | ...
1 | File | `/etc/gsissh/sshd_config` | High
2 | File | `/film-rating.php` | High
3 | File | `/index.php/admin/admin_manage/add.html` | High
4 | File | `/index.php?m=tags&f=index&v=add` | High
5 | File | `/mgmt/tm/util/bash` | High
6 | ... | ... | ...
There are 14 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 40 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://github.com/threatlabz/iocs/blob/main/mystic_stealer/c2s.txt
* https://www.zscaler.com/blogs/security-research/mystic-stealer
## Literature

99
actors/N-W0rm/README.md
View File

@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [ES](https://vuldb.com/?country.es)
* [NL](https://vuldb.com/?country.nl)
* ...
There are 17 more country items available. Please use our online service to access the data.
There are 15 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -32,7 +32,7 @@ ID | IP address | Hostname | Campaign | Confidence
9 | [37.120.141.190](https://vuldb.com/?ip.37.120.141.190) | - | - | High
10 | ... | ... | ... | ...
There are 36 more IOC items available. Please use our online service to access the data.
There are 38 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -47,7 +47,7 @@ ID | Technique | Weakness | Description | Confidence
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 19 more TTP items available. Please use our online service to access the data.
There are 22 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -55,51 +55,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/?p=products` | Medium
2 | File | `/about.php` | Medium
1 | File | `//proc/kcore` | Medium
2 | File | `/?p=products` | Medium
3 | File | `/admin.php/accessory/filesdel.html` | High
4 | File | `/admin/?page=user/manage` | High
5 | File | `/admin/add-new.php` | High
6 | File | `/admin/doctors.php` | High
7 | File | `/admin/submit-articles` | High
8 | File | `/ad_js.php` | Medium
9 | File | `/alphaware/summary.php` | High
10 | File | `/api/` | Low
11 | File | `/api/admin/store/product/list` | High
12 | File | `/api/stl/actions/search` | High
13 | File | `/api/v2/cli/commands` | High
14 | File | `/app/options.py` | High
15 | File | `/attachments` | Medium
16 | File | `/bin/ate` | Medium
17 | File | `/boat/login.php` | High
18 | File | `/bsms_ci/index.php/book` | High
19 | File | `/cgi-bin` | Medium
20 | File | `/cgi-bin/luci/api/wireless` | High
21 | File | `/cgi-bin/wlogin.cgi` | High
22 | File | `/context/%2e/WEB-INF/web.xml` | High
23 | File | `/dashboard/reports/logs/view` | High
24 | File | `/debian/patches/load_ppp_generic_if_needed` | High
25 | File | `/debug/pprof` | Medium
26 | File | `/env` | Low
27 | File | `/etc/hosts` | Medium
28 | File | `/forum/away.php` | High
29 | File | `/goform/setmac` | High
30 | File | `/goform/wizard_end` | High
31 | File | `/horde/util/go.php` | High
32 | File | `/index.php` | Medium
33 | File | `/manage-apartment.php` | High
34 | File | `/medicines/profile.php` | High
35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
36 | File | `/pages/apply_vacancy.php` | High
37 | File | `/php-sms/admin/?page=user/manage_user` | High
38 | File | `/proc/<PID>/mem` | High
39 | File | `/proxy` | Low
40 | File | `/reservation/add_message.php` | High
41 | File | `/spip.php` | Medium
42 | File | `/tmp` | Low
43 | ... | ... | ...
4 | File | `/admin.php/Admin/adminadd.html` | High
5 | File | `/admin/?page=user/manage` | High
6 | File | `/admin/add-new.php` | High
7 | File | `/admin/doctors.php` | High
8 | File | `/admin/settings/save.php` | High
9 | File | `/admin/submit-articles` | High
10 | File | `/admin/userprofile.php` | High
11 | File | `/alphaware/summary.php` | High
12 | File | `/api/` | Low
13 | File | `/api/admin/store/product/list` | High
14 | File | `/api/stl/actions/search` | High
15 | File | `/api/v2/cli/commands` | High
16 | File | `/apply.cgi` | Medium
17 | File | `/attachments` | Medium
18 | File | `/bin/ate` | Medium
19 | File | `/boat/login.php` | High
20 | File | `/bsms_ci/index.php/book` | High
21 | File | `/cgi-bin` | Medium
22 | File | `/cgi-bin/wlogin.cgi` | High
23 | File | `/College/admin/teacher.php` | High
24 | File | `/context/%2e/WEB-INF/web.xml` | High
25 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
26 | File | `/dcim/rack-roles/` | High
27 | File | `/debug/pprof` | Medium
28 | File | `/env` | Low
29 | File | `/etc/hosts` | Medium
30 | File | `/forum/away.php` | High
31 | File | `/goform/addUserName` | High
32 | File | `/goform/aspForm` | High
33 | File | `/goform/delAd` | High
34 | File | `/goform/wifiSSIDset` | High
35 | File | `/goform/wizard_end` | High
36 | File | `/gpac/src/bifs/unquantize.c` | High
37 | File | `/horde/util/go.php` | High
38 | File | `/inc/topBarNav.php` | High
39 | File | `/index.asp` | Medium
40 | File | `/index.php` | Medium
41 | File | `/kelas/data` | Medium
42 | File | `/medicines/profile.php` | High
43 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
44 | File | `/Moosikay/order.php` | High
45 | File | `/php-sms/admin/?page=user/manage_user` | High
46 | File | `/php-sms/admin/quotes/manage_remark.php` | High
47 | File | `/proxy` | Low
48 | ... | ... | ...
There are 372 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 412 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

62
actors/NSO Group/README.md
View File

@ -76,37 +76,37 @@ ID | Type | Indicator | Confidence
10 | File | `/cgi?` | Low
11 | File | `/classes/Users.php` | High
12 | File | `/dashboard/updatelogo.php` | High
13 | File | `/etc/controller-agent/agent.conf` | High
14 | File | `/etc/openshift/server_priv.pem` | High
15 | File | `/forms/web_importTFTP` | High
16 | File | `/forum/away.php` | High
17 | File | `/goform/SysToolReboot` | High
18 | File | `/goform/SysToolRestoreSet` | High
19 | File | `/graphql` | Medium
20 | File | `/index.php` | Medium
21 | File | `/jeecg-boot/jmreport/upload` | High
22 | File | `/jeecg-boot/jmreport/view` | High
23 | File | `/jsoa/hntdCustomDesktopActionContent` | High
24 | File | `/localhost/u` | Medium
25 | File | `/mkshop/Men/profile.php` | High
26 | File | `/net` | Low
27 | File | `/Noxen-master/users.php` | High
28 | File | `/opt/bin/cli` | Medium
29 | File | `/out.php` | Medium
30 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
31 | File | `/public/plugins/` | High
32 | File | `/public_html/admin/plugins/bad_behavior2/blacklist.php` | High
33 | File | `/root/run/adm.php?admin-ediy&part=exdiy` | High
34 | File | `/setNTP.cgi` | Medium
35 | File | `/setting/setWanIeCfg` | High
36 | File | `/templates/header.inc.php` | High
37 | File | `/tmp` | Low
38 | File | `/uncpath/` | Medium
39 | File | `/v2/devices/add` | High
40 | File | `/var/ipfire/backup/bin/backup.pl` | High
41 | File | `/wp-json/wc/v3/webhooks` | High
42 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
43 | File | `account.php` | Medium
13 | File | `/dipam/save-delegates.php` | High
14 | File | `/etc/controller-agent/agent.conf` | High
15 | File | `/etc/openshift/server_priv.pem` | High
16 | File | `/forms/web_importTFTP` | High
17 | File | `/forum/away.php` | High
18 | File | `/goform/SysToolReboot` | High
19 | File | `/goform/SysToolRestoreSet` | High
20 | File | `/graphql` | Medium
21 | File | `/index.php` | Medium
22 | File | `/jeecg-boot/jmreport/upload` | High
23 | File | `/jeecg-boot/jmreport/view` | High
24 | File | `/jsoa/hntdCustomDesktopActionContent` | High
25 | File | `/localhost/u` | Medium
26 | File | `/mkshop/Men/profile.php` | High
27 | File | `/net` | Low
28 | File | `/Noxen-master/users.php` | High
29 | File | `/opt/bin/cli` | Medium
30 | File | `/out.php` | Medium
31 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
32 | File | `/public/plugins/` | High
33 | File | `/public_html/admin/plugins/bad_behavior2/blacklist.php` | High
34 | File | `/root/run/adm.php?admin-ediy&part=exdiy` | High
35 | File | `/setNTP.cgi` | Medium
36 | File | `/setting/setWanIeCfg` | High
37 | File | `/templates/header.inc.php` | High
38 | File | `/tmp` | Low
39 | File | `/uncpath/` | Medium
40 | File | `/v2/devices/add` | High
41 | File | `/var/ipfire/backup/bin/backup.pl` | High
42 | File | `/wp-json/wc/v3/webhooks` | High
43 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
44 | ... | ... | ...
There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

416
actors/Nanocore RAT/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [CN](https://vuldb.com/?country.cn)
* ...
There are 11 more country items available. Please use our online service to access the data.
There are 12 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -57,174 +57,175 @@ ID | IP address | Hostname | Campaign | Confidence
34 | [3.95.194.143](https://vuldb.com/?ip.3.95.194.143) | ec2-3-95-194-143.compute-1.amazonaws.com | - | Medium
35 | [3.121.139.82](https://vuldb.com/?ip.3.121.139.82) | ec2-3-121-139-82.eu-central-1.compute.amazonaws.com | - | Medium
36 | [3.124.67.191](https://vuldb.com/?ip.3.124.67.191) | ec2-3-124-67-191.eu-central-1.compute.amazonaws.com | - | Medium
37 | [3.125.188.168](https://vuldb.com/?ip.3.125.188.168) | ec2-3-125-188-168.eu-central-1.compute.amazonaws.com | - | Medium
38 | [3.126.37.18](https://vuldb.com/?ip.3.126.37.18) | ec2-3-126-37-18.eu-central-1.compute.amazonaws.com | - | Medium
39 | [3.126.224.214](https://vuldb.com/?ip.3.126.224.214) | ec2-3-126-224-214.eu-central-1.compute.amazonaws.com | - | Medium
40 | [3.127.59.75](https://vuldb.com/?ip.3.127.59.75) | ec2-3-127-59-75.eu-central-1.compute.amazonaws.com | - | Medium
41 | [3.127.138.57](https://vuldb.com/?ip.3.127.138.57) | ec2-3-127-138-57.eu-central-1.compute.amazonaws.com | - | Medium
42 | [3.127.253.86](https://vuldb.com/?ip.3.127.253.86) | ec2-3-127-253-86.eu-central-1.compute.amazonaws.com | - | Medium
43 | [3.128.107.74](https://vuldb.com/?ip.3.128.107.74) | ec2-3-128-107-74.us-east-2.compute.amazonaws.com | - | Medium
44 | [3.129.187.220](https://vuldb.com/?ip.3.129.187.220) | ec2-3-129-187-220.us-east-2.compute.amazonaws.com | - | Medium
45 | [3.131.147.49](https://vuldb.com/?ip.3.131.147.49) | ec2-3-131-147-49.us-east-2.compute.amazonaws.com | - | Medium
46 | [3.131.207.170](https://vuldb.com/?ip.3.131.207.170) | ec2-3-131-207-170.us-east-2.compute.amazonaws.com | - | Medium
47 | [3.132.159.158](https://vuldb.com/?ip.3.132.159.158) | ec2-3-132-159-158.us-east-2.compute.amazonaws.com | - | Medium
48 | [3.133.207.110](https://vuldb.com/?ip.3.133.207.110) | ec2-3-133-207-110.us-east-2.compute.amazonaws.com | - | Medium
49 | [3.134.39.220](https://vuldb.com/?ip.3.134.39.220) | ec2-3-134-39-220.us-east-2.compute.amazonaws.com | - | Medium
50 | [3.134.125.175](https://vuldb.com/?ip.3.134.125.175) | ec2-3-134-125-175.us-east-2.compute.amazonaws.com | - | Medium
51 | [3.136.65.236](https://vuldb.com/?ip.3.136.65.236) | ec2-3-136-65-236.us-east-2.compute.amazonaws.com | - | Medium
52 | [3.138.45.170](https://vuldb.com/?ip.3.138.45.170) | ec2-3-138-45-170.us-east-2.compute.amazonaws.com | - | Medium
53 | [3.138.180.119](https://vuldb.com/?ip.3.138.180.119) | ec2-3-138-180-119.us-east-2.compute.amazonaws.com | - | Medium
54 | [3.140.223.7](https://vuldb.com/?ip.3.140.223.7) | ec2-3-140-223-7.us-east-2.compute.amazonaws.com | - | Medium
55 | [3.141.142.211](https://vuldb.com/?ip.3.141.142.211) | ec2-3-141-142-211.us-east-2.compute.amazonaws.com | - | Medium
56 | [3.141.177.1](https://vuldb.com/?ip.3.141.177.1) | ec2-3-141-177-1.us-east-2.compute.amazonaws.com | - | Medium
57 | [3.141.210.37](https://vuldb.com/?ip.3.141.210.37) | ec2-3-141-210-37.us-east-2.compute.amazonaws.com | - | Medium
58 | [3.142.81.166](https://vuldb.com/?ip.3.142.81.166) | ec2-3-142-81-166.us-east-2.compute.amazonaws.com | - | Medium
59 | [3.142.129.56](https://vuldb.com/?ip.3.142.129.56) | ec2-3-142-129-56.us-east-2.compute.amazonaws.com | - | Medium
60 | [3.142.167.4](https://vuldb.com/?ip.3.142.167.4) | ec2-3-142-167-4.us-east-2.compute.amazonaws.com | - | Medium
61 | [3.142.167.54](https://vuldb.com/?ip.3.142.167.54) | ec2-3-142-167-54.us-east-2.compute.amazonaws.com | - | Medium
62 | [3.145.201.105](https://vuldb.com/?ip.3.145.201.105) | ec2-3-145-201-105.us-east-2.compute.amazonaws.com | - | Medium
63 | [5.134.196.78](https://vuldb.com/?ip.5.134.196.78) | - | - | High
64 | [5.181.234.149](https://vuldb.com/?ip.5.181.234.149) | - | - | High
65 | [5.252.165.230](https://vuldb.com/?ip.5.252.165.230) | - | - | High
66 | [10.35.70.148](https://vuldb.com/?ip.10.35.70.148) | - | - | High
67 | [13.58.157.220](https://vuldb.com/?ip.13.58.157.220) | ec2-13-58-157-220.us-east-2.compute.amazonaws.com | - | Medium
68 | [13.59.15.185](https://vuldb.com/?ip.13.59.15.185) | ec2-13-59-15-185.us-east-2.compute.amazonaws.com | - | Medium
69 | [13.229.3.203](https://vuldb.com/?ip.13.229.3.203) | ec2-13-229-3-203.ap-southeast-1.compute.amazonaws.com | - | Medium
70 | [18.136.148.247](https://vuldb.com/?ip.18.136.148.247) | ec2-18-136-148-247.ap-southeast-1.compute.amazonaws.com | - | Medium
71 | [18.139.9.214](https://vuldb.com/?ip.18.139.9.214) | ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com | - | Medium
72 | [18.141.129.246](https://vuldb.com/?ip.18.141.129.246) | ec2-18-141-129-246.ap-southeast-1.compute.amazonaws.com | - | Medium
73 | [18.156.13.209](https://vuldb.com/?ip.18.156.13.209) | ec2-18-156-13-209.eu-central-1.compute.amazonaws.com | - | Medium
74 | [18.157.68.73](https://vuldb.com/?ip.18.157.68.73) | ec2-18-157-68-73.eu-central-1.compute.amazonaws.com | - | Medium
75 | [18.158.58.205](https://vuldb.com/?ip.18.158.58.205) | ec2-18-158-58-205.eu-central-1.compute.amazonaws.com | - | Medium
76 | [18.184.222.225](https://vuldb.com/?ip.18.184.222.225) | ec2-18-184-222-225.eu-central-1.compute.amazonaws.com | - | Medium
77 | [18.189.106.45](https://vuldb.com/?ip.18.189.106.45) | ec2-18-189-106-45.us-east-2.compute.amazonaws.com | - | Medium
78 | [18.192.93.86](https://vuldb.com/?ip.18.192.93.86) | ec2-18-192-93-86.eu-central-1.compute.amazonaws.com | - | Medium
79 | [18.197.239.5](https://vuldb.com/?ip.18.197.239.5) | ec2-18-197-239-5.eu-central-1.compute.amazonaws.com | - | Medium
80 | [18.198.77.177](https://vuldb.com/?ip.18.198.77.177) | ec2-18-198-77-177.eu-central-1.compute.amazonaws.com | - | Medium
81 | [20.43.33.61](https://vuldb.com/?ip.20.43.33.61) | - | - | High
82 | [20.52.46.119](https://vuldb.com/?ip.20.52.46.119) | - | - | High
83 | [20.79.206.212](https://vuldb.com/?ip.20.79.206.212) | - | - | High
84 | [20.91.192.34](https://vuldb.com/?ip.20.91.192.34) | - | - | High
85 | [20.185.47.68](https://vuldb.com/?ip.20.185.47.68) | - | - | High
86 | [20.194.35.6](https://vuldb.com/?ip.20.194.35.6) | - | - | High
87 | [20.197.234.75](https://vuldb.com/?ip.20.197.234.75) | - | - | High
88 | [20.203.173.201](https://vuldb.com/?ip.20.203.173.201) | - | - | High
89 | [23.94.54.224](https://vuldb.com/?ip.23.94.54.224) | 23-94-54-224-host.colocrossing.com | - | High
90 | [23.94.82.41](https://vuldb.com/?ip.23.94.82.41) | 23-94-82-41-host.colocrossing.com | - | High
91 | [23.102.1.5](https://vuldb.com/?ip.23.102.1.5) | - | - | High
92 | [23.105.131.137](https://vuldb.com/?ip.23.105.131.137) | mail137.nessfist.com | - | High
93 | [23.105.131.141](https://vuldb.com/?ip.23.105.131.141) | mail141.nessfist.com | - | High
94 | [23.105.131.142](https://vuldb.com/?ip.23.105.131.142) | mail142.nessfist.com | - | High
95 | [23.105.131.161](https://vuldb.com/?ip.23.105.131.161) | mail161.nessfist.com | - | High
96 | [23.105.131.166](https://vuldb.com/?ip.23.105.131.166) | mail166.nessfist.com | - | High
97 | [23.105.131.171](https://vuldb.com/?ip.23.105.131.171) | mail171.nessfist.com | - | High
98 | [23.105.131.186](https://vuldb.com/?ip.23.105.131.186) | mail186.nessfist.com | - | High
99 | [23.105.131.190](https://vuldb.com/?ip.23.105.131.190) | mail190.nessfist.com | - | High
100 | [23.105.131.195](https://vuldb.com/?ip.23.105.131.195) | mail195.nessfist.com | - | High
101 | [23.105.131.196](https://vuldb.com/?ip.23.105.131.196) | mail196.nessfist.com | - | High
102 | [23.105.131.198](https://vuldb.com/?ip.23.105.131.198) | mail198.nessfist.com | - | High
103 | [23.105.131.206](https://vuldb.com/?ip.23.105.131.206) | mail206.nessfist.com | - | High
104 | [23.105.131.216](https://vuldb.com/?ip.23.105.131.216) | mail216.nessfist.com | - | High
105 | [23.105.131.228](https://vuldb.com/?ip.23.105.131.228) | mail228.nessfist.com | - | High
106 | [23.105.131.230](https://vuldb.com/?ip.23.105.131.230) | mail230.nessfist.com | - | High
107 | [23.105.131.237](https://vuldb.com/?ip.23.105.131.237) | mail237.nessfist.com | - | High
108 | [23.105.131.249](https://vuldb.com/?ip.23.105.131.249) | mail249.nessfist.com | - | High
109 | [23.105.171.87](https://vuldb.com/?ip.23.105.171.87) | teluisd.tienda | - | High
110 | [23.146.242.147](https://vuldb.com/?ip.23.146.242.147) | - | - | High
111 | [23.229.34.114](https://vuldb.com/?ip.23.229.34.114) | noncurrent.specialtyway.com | - | High
112 | [23.237.25.128](https://vuldb.com/?ip.23.237.25.128) | - | - | High
113 | [23.237.25.205](https://vuldb.com/?ip.23.237.25.205) | - | - | High
114 | [23.238.217.173](https://vuldb.com/?ip.23.238.217.173) | orja4.teki.notredamians.org | - | High
115 | [23.254.130.71](https://vuldb.com/?ip.23.254.130.71) | hwsrv-964162.hostwindsdns.com | - | High
116 | [24.133.1.29](https://vuldb.com/?ip.24.133.1.29) | - | - | High
117 | [24.135.175.197](https://vuldb.com/?ip.24.135.175.197) | cable-24-135-175-197.dynamic.sbb.rs | - | High
118 | [24.225.113.157](https://vuldb.com/?ip.24.225.113.157) | roseau-pool-157.mncable.net | - | High
119 | [27.254.163.12](https://vuldb.com/?ip.27.254.163.12) | static-27-254-163-12.bangmod.cloud | - | High
120 | [31.210.20.18](https://vuldb.com/?ip.31.210.20.18) | - | - | High
121 | [31.210.20.40](https://vuldb.com/?ip.31.210.20.40) | - | - | High
122 | [31.210.20.60](https://vuldb.com/?ip.31.210.20.60) | - | - | High
123 | [31.210.20.78](https://vuldb.com/?ip.31.210.20.78) | - | - | High
124 | [31.210.20.129](https://vuldb.com/?ip.31.210.20.129) | - | - | High
125 | [31.210.20.215](https://vuldb.com/?ip.31.210.20.215) | - | - | High
126 | [31.210.21.205](https://vuldb.com/?ip.31.210.21.205) | lit4.top | - | High
127 | [31.210.21.252](https://vuldb.com/?ip.31.210.21.252) | ll40.top | - | High
128 | [31.210.55.103](https://vuldb.com/?ip.31.210.55.103) | 31-210-55-103.hostlab.net.tr | - | High
129 | [34.139.92.250](https://vuldb.com/?ip.34.139.92.250) | 250.92.139.34.bc.googleusercontent.com | - | Medium
130 | [34.201.133.83](https://vuldb.com/?ip.34.201.133.83) | ec2-34-201-133-83.compute-1.amazonaws.com | - | Medium
131 | [34.221.57.122](https://vuldb.com/?ip.34.221.57.122) | ec2-34-221-57-122.us-west-2.compute.amazonaws.com | - | Medium
132 | [34.223.5.56](https://vuldb.com/?ip.34.223.5.56) | ec2-34-223-5-56.us-west-2.compute.amazonaws.com | - | Medium
133 | [35.158.159.254](https://vuldb.com/?ip.35.158.159.254) | ec2-35-158-159-254.eu-central-1.compute.amazonaws.com | - | Medium
134 | [35.198.98.125](https://vuldb.com/?ip.35.198.98.125) | 125.98.198.35.bc.googleusercontent.com | - | Medium
135 | [36.90.214.84](https://vuldb.com/?ip.36.90.214.84) | - | - | High
136 | [37.0.8.61](https://vuldb.com/?ip.37.0.8.61) | joneswilson.springtimemartialarts.com | - | High
137 | [37.0.8.88](https://vuldb.com/?ip.37.0.8.88) | hall.capitolreservations.com | - | High
138 | [37.0.8.98](https://vuldb.com/?ip.37.0.8.98) | - | - | High
139 | [37.0.8.115](https://vuldb.com/?ip.37.0.8.115) | brownfarmer.capitolreservations.com | - | High
140 | [37.0.8.138](https://vuldb.com/?ip.37.0.8.138) | holland.athinneru.com | - | High
141 | [37.0.8.164](https://vuldb.com/?ip.37.0.8.164) | sharp.athinneru.com | - | High
142 | [37.0.8.214](https://vuldb.com/?ip.37.0.8.214) | ramos.cartierevannucci.com | - | High
143 | [37.0.8.234](https://vuldb.com/?ip.37.0.8.234) | bradley.cartierevannucci.com | - | High
144 | [37.0.10.22](https://vuldb.com/?ip.37.0.10.22) | - | - | High
145 | [37.0.10.38](https://vuldb.com/?ip.37.0.10.38) | - | - | High
146 | [37.0.10.144](https://vuldb.com/?ip.37.0.10.144) | - | - | High
147 | [37.0.10.190](https://vuldb.com/?ip.37.0.10.190) | - | - | High
148 | [37.0.11.6](https://vuldb.com/?ip.37.0.11.6) | - | - | High
149 | [37.0.11.76](https://vuldb.com/?ip.37.0.11.76) | - | - | High
150 | [37.0.11.114](https://vuldb.com/?ip.37.0.11.114) | - | - | High
151 | [37.0.11.164](https://vuldb.com/?ip.37.0.11.164) | - | - | High
152 | [37.0.11.230](https://vuldb.com/?ip.37.0.11.230) | - | - | High
153 | [37.0.11.250](https://vuldb.com/?ip.37.0.11.250) | - | - | High
154 | [37.0.11.252](https://vuldb.com/?ip.37.0.11.252) | - | - | High
155 | [37.0.14.195](https://vuldb.com/?ip.37.0.14.195) | - | - | High
156 | [37.0.14.196](https://vuldb.com/?ip.37.0.14.196) | - | - | High
157 | [37.0.14.197](https://vuldb.com/?ip.37.0.14.197) | - | - | High
158 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
159 | [37.0.14.203](https://vuldb.com/?ip.37.0.14.203) | - | - | High
160 | [37.0.14.206](https://vuldb.com/?ip.37.0.14.206) | - | - | High
161 | [37.0.14.210](https://vuldb.com/?ip.37.0.14.210) | host-37-0-14-210.static.deli-one.co.uk | - | High
162 | [37.0.14.216](https://vuldb.com/?ip.37.0.14.216) | - | - | High
163 | [37.120.141.153](https://vuldb.com/?ip.37.120.141.153) | - | - | High
164 | [37.120.141.168](https://vuldb.com/?ip.37.120.141.168) | - | - | High
165 | [37.120.210.211](https://vuldb.com/?ip.37.120.210.211) | - | - | High
166 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
167 | [37.139.128.94](https://vuldb.com/?ip.37.139.128.94) | - | - | High
168 | [37.139.129.71](https://vuldb.com/?ip.37.139.129.71) | - | - | High
169 | [37.139.129.91](https://vuldb.com/?ip.37.139.129.91) | - | - | High
170 | [40.71.91.165](https://vuldb.com/?ip.40.71.91.165) | - | - | High
171 | [40.124.7.222](https://vuldb.com/?ip.40.124.7.222) | - | - | High
172 | [41.216.183.49](https://vuldb.com/?ip.41.216.183.49) | - | - | High
173 | [41.216.183.170](https://vuldb.com/?ip.41.216.183.170) | - | - | High
174 | [43.154.234.84](https://vuldb.com/?ip.43.154.234.84) | - | - | High
175 | [45.11.231.129](https://vuldb.com/?ip.45.11.231.129) | 45-11-231-129.freemesh.co.uk | - | High
176 | [45.12.253.26](https://vuldb.com/?ip.45.12.253.26) | - | - | High
177 | [45.12.253.242](https://vuldb.com/?ip.45.12.253.242) | - | - | High
178 | [45.14.165.113](https://vuldb.com/?ip.45.14.165.113) | webserver-ltd.ml | - | High
179 | [45.15.143.169](https://vuldb.com/?ip.45.15.143.169) | - | - | High
180 | [45.15.143.249](https://vuldb.com/?ip.45.15.143.249) | - | - | High
181 | [45.32.193.48](https://vuldb.com/?ip.45.32.193.48) | smtp1c.v.sendmetric.com | - | High
182 | [45.35.64.214](https://vuldb.com/?ip.45.35.64.214) | - | - | High
183 | [45.35.105.148](https://vuldb.com/?ip.45.35.105.148) | unassigned.psychz.net | - | High
184 | [45.59.127.4](https://vuldb.com/?ip.45.59.127.4) | - | - | High
185 | [45.74.0.146](https://vuldb.com/?ip.45.74.0.146) | - | - | High
186 | [45.74.0.226](https://vuldb.com/?ip.45.74.0.226) | - | - | High
187 | [45.74.38.17](https://vuldb.com/?ip.45.74.38.17) | - | - | High
188 | [45.76.82.42](https://vuldb.com/?ip.45.76.82.42) | 45.76.82.42.vultrusercontent.com | - | High
189 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
190 | [45.90.222.128](https://vuldb.com/?ip.45.90.222.128) | 45-90-222-128-hostedby.bcr.host | - | High
191 | [45.132.106.37](https://vuldb.com/?ip.45.132.106.37) | vm4440858.34ssd.had.wf | - | High
192 | [45.133.1.29](https://vuldb.com/?ip.45.133.1.29) | - | - | High
193 | [45.133.1.67](https://vuldb.com/?ip.45.133.1.67) | - | - | High
194 | [45.133.1.119](https://vuldb.com/?ip.45.133.1.119) | - | - | High
195 | [45.133.1.126](https://vuldb.com/?ip.45.133.1.126) | - | - | High
196 | [45.133.1.167](https://vuldb.com/?ip.45.133.1.167) | - | - | High
197 | [45.133.1.211](https://vuldb.com/?ip.45.133.1.211) | - | - | High
198 | [45.137.20.4](https://vuldb.com/?ip.45.137.20.4) | hosted-by.rootlayer.net | - | High
199 | [45.137.22.35](https://vuldb.com/?ip.45.137.22.35) | hosted-by.rootlayer.net | - | High
200 | [45.137.22.36](https://vuldb.com/?ip.45.137.22.36) | hosted-by.rootlayer.net | - | High
201 | [45.137.22.50](https://vuldb.com/?ip.45.137.22.50) | host.pclonline.ga | - | High
202 | ... | ... | ... | ...
37 | [3.125.102.39](https://vuldb.com/?ip.3.125.102.39) | ec2-3-125-102-39.eu-central-1.compute.amazonaws.com | - | Medium
38 | [3.125.188.168](https://vuldb.com/?ip.3.125.188.168) | ec2-3-125-188-168.eu-central-1.compute.amazonaws.com | - | Medium
39 | [3.126.37.18](https://vuldb.com/?ip.3.126.37.18) | ec2-3-126-37-18.eu-central-1.compute.amazonaws.com | - | Medium
40 | [3.126.224.214](https://vuldb.com/?ip.3.126.224.214) | ec2-3-126-224-214.eu-central-1.compute.amazonaws.com | - | Medium
41 | [3.127.59.75](https://vuldb.com/?ip.3.127.59.75) | ec2-3-127-59-75.eu-central-1.compute.amazonaws.com | - | Medium
42 | [3.127.138.57](https://vuldb.com/?ip.3.127.138.57) | ec2-3-127-138-57.eu-central-1.compute.amazonaws.com | - | Medium
43 | [3.127.253.86](https://vuldb.com/?ip.3.127.253.86) | ec2-3-127-253-86.eu-central-1.compute.amazonaws.com | - | Medium
44 | [3.128.107.74](https://vuldb.com/?ip.3.128.107.74) | ec2-3-128-107-74.us-east-2.compute.amazonaws.com | - | Medium
45 | [3.129.187.220](https://vuldb.com/?ip.3.129.187.220) | ec2-3-129-187-220.us-east-2.compute.amazonaws.com | - | Medium
46 | [3.131.147.49](https://vuldb.com/?ip.3.131.147.49) | ec2-3-131-147-49.us-east-2.compute.amazonaws.com | - | Medium
47 | [3.131.207.170](https://vuldb.com/?ip.3.131.207.170) | ec2-3-131-207-170.us-east-2.compute.amazonaws.com | - | Medium
48 | [3.132.159.158](https://vuldb.com/?ip.3.132.159.158) | ec2-3-132-159-158.us-east-2.compute.amazonaws.com | - | Medium
49 | [3.133.207.110](https://vuldb.com/?ip.3.133.207.110) | ec2-3-133-207-110.us-east-2.compute.amazonaws.com | - | Medium
50 | [3.134.39.220](https://vuldb.com/?ip.3.134.39.220) | ec2-3-134-39-220.us-east-2.compute.amazonaws.com | - | Medium
51 | [3.134.125.175](https://vuldb.com/?ip.3.134.125.175) | ec2-3-134-125-175.us-east-2.compute.amazonaws.com | - | Medium
52 | [3.136.65.236](https://vuldb.com/?ip.3.136.65.236) | ec2-3-136-65-236.us-east-2.compute.amazonaws.com | - | Medium
53 | [3.138.45.170](https://vuldb.com/?ip.3.138.45.170) | ec2-3-138-45-170.us-east-2.compute.amazonaws.com | - | Medium
54 | [3.138.180.119](https://vuldb.com/?ip.3.138.180.119) | ec2-3-138-180-119.us-east-2.compute.amazonaws.com | - | Medium
55 | [3.140.223.7](https://vuldb.com/?ip.3.140.223.7) | ec2-3-140-223-7.us-east-2.compute.amazonaws.com | - | Medium
56 | [3.141.142.211](https://vuldb.com/?ip.3.141.142.211) | ec2-3-141-142-211.us-east-2.compute.amazonaws.com | - | Medium
57 | [3.141.177.1](https://vuldb.com/?ip.3.141.177.1) | ec2-3-141-177-1.us-east-2.compute.amazonaws.com | - | Medium
58 | [3.141.210.37](https://vuldb.com/?ip.3.141.210.37) | ec2-3-141-210-37.us-east-2.compute.amazonaws.com | - | Medium
59 | [3.142.81.166](https://vuldb.com/?ip.3.142.81.166) | ec2-3-142-81-166.us-east-2.compute.amazonaws.com | - | Medium
60 | [3.142.129.56](https://vuldb.com/?ip.3.142.129.56) | ec2-3-142-129-56.us-east-2.compute.amazonaws.com | - | Medium
61 | [3.142.167.4](https://vuldb.com/?ip.3.142.167.4) | ec2-3-142-167-4.us-east-2.compute.amazonaws.com | - | Medium
62 | [3.142.167.54](https://vuldb.com/?ip.3.142.167.54) | ec2-3-142-167-54.us-east-2.compute.amazonaws.com | - | Medium
63 | [3.145.201.105](https://vuldb.com/?ip.3.145.201.105) | ec2-3-145-201-105.us-east-2.compute.amazonaws.com | - | Medium
64 | [5.134.196.78](https://vuldb.com/?ip.5.134.196.78) | - | - | High
65 | [5.181.234.149](https://vuldb.com/?ip.5.181.234.149) | - | - | High
66 | [5.252.165.230](https://vuldb.com/?ip.5.252.165.230) | - | - | High
67 | [10.35.70.148](https://vuldb.com/?ip.10.35.70.148) | - | - | High
68 | [13.58.157.220](https://vuldb.com/?ip.13.58.157.220) | ec2-13-58-157-220.us-east-2.compute.amazonaws.com | - | Medium
69 | [13.59.15.185](https://vuldb.com/?ip.13.59.15.185) | ec2-13-59-15-185.us-east-2.compute.amazonaws.com | - | Medium
70 | [13.229.3.203](https://vuldb.com/?ip.13.229.3.203) | ec2-13-229-3-203.ap-southeast-1.compute.amazonaws.com | - | Medium
71 | [18.136.148.247](https://vuldb.com/?ip.18.136.148.247) | ec2-18-136-148-247.ap-southeast-1.compute.amazonaws.com | - | Medium
72 | [18.139.9.214](https://vuldb.com/?ip.18.139.9.214) | ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com | - | Medium
73 | [18.141.129.246](https://vuldb.com/?ip.18.141.129.246) | ec2-18-141-129-246.ap-southeast-1.compute.amazonaws.com | - | Medium
74 | [18.156.13.209](https://vuldb.com/?ip.18.156.13.209) | ec2-18-156-13-209.eu-central-1.compute.amazonaws.com | - | Medium
75 | [18.157.68.73](https://vuldb.com/?ip.18.157.68.73) | ec2-18-157-68-73.eu-central-1.compute.amazonaws.com | - | Medium
76 | [18.158.58.205](https://vuldb.com/?ip.18.158.58.205) | ec2-18-158-58-205.eu-central-1.compute.amazonaws.com | - | Medium
77 | [18.158.249.75](https://vuldb.com/?ip.18.158.249.75) | ec2-18-158-249-75.eu-central-1.compute.amazonaws.com | - | Medium
78 | [18.184.222.225](https://vuldb.com/?ip.18.184.222.225) | ec2-18-184-222-225.eu-central-1.compute.amazonaws.com | - | Medium
79 | [18.189.106.45](https://vuldb.com/?ip.18.189.106.45) | ec2-18-189-106-45.us-east-2.compute.amazonaws.com | - | Medium
80 | [18.192.93.86](https://vuldb.com/?ip.18.192.93.86) | ec2-18-192-93-86.eu-central-1.compute.amazonaws.com | - | Medium
81 | [18.197.239.5](https://vuldb.com/?ip.18.197.239.5) | ec2-18-197-239-5.eu-central-1.compute.amazonaws.com | - | Medium
82 | [18.198.77.177](https://vuldb.com/?ip.18.198.77.177) | ec2-18-198-77-177.eu-central-1.compute.amazonaws.com | - | Medium
83 | [20.43.33.61](https://vuldb.com/?ip.20.43.33.61) | - | - | High
84 | [20.52.46.119](https://vuldb.com/?ip.20.52.46.119) | - | - | High
85 | [20.79.206.212](https://vuldb.com/?ip.20.79.206.212) | - | - | High
86 | [20.91.192.34](https://vuldb.com/?ip.20.91.192.34) | - | - | High
87 | [20.185.47.68](https://vuldb.com/?ip.20.185.47.68) | - | - | High
88 | [20.194.35.6](https://vuldb.com/?ip.20.194.35.6) | - | - | High
89 | [20.197.234.75](https://vuldb.com/?ip.20.197.234.75) | - | - | High
90 | [20.203.173.201](https://vuldb.com/?ip.20.203.173.201) | - | - | High
91 | [23.94.54.224](https://vuldb.com/?ip.23.94.54.224) | 23-94-54-224-host.colocrossing.com | - | High
92 | [23.94.82.41](https://vuldb.com/?ip.23.94.82.41) | 23-94-82-41-host.colocrossing.com | - | High
93 | [23.102.1.5](https://vuldb.com/?ip.23.102.1.5) | - | - | High
94 | [23.105.131.137](https://vuldb.com/?ip.23.105.131.137) | mail137.nessfist.com | - | High
95 | [23.105.131.141](https://vuldb.com/?ip.23.105.131.141) | mail141.nessfist.com | - | High
96 | [23.105.131.142](https://vuldb.com/?ip.23.105.131.142) | mail142.nessfist.com | - | High
97 | [23.105.131.161](https://vuldb.com/?ip.23.105.131.161) | mail161.nessfist.com | - | High
98 | [23.105.131.166](https://vuldb.com/?ip.23.105.131.166) | mail166.nessfist.com | - | High
99 | [23.105.131.171](https://vuldb.com/?ip.23.105.131.171) | mail171.nessfist.com | - | High
100 | [23.105.131.186](https://vuldb.com/?ip.23.105.131.186) | mail186.nessfist.com | - | High
101 | [23.105.131.190](https://vuldb.com/?ip.23.105.131.190) | mail190.nessfist.com | - | High
102 | [23.105.131.195](https://vuldb.com/?ip.23.105.131.195) | mail195.nessfist.com | - | High
103 | [23.105.131.196](https://vuldb.com/?ip.23.105.131.196) | mail196.nessfist.com | - | High
104 | [23.105.131.198](https://vuldb.com/?ip.23.105.131.198) | mail198.nessfist.com | - | High
105 | [23.105.131.206](https://vuldb.com/?ip.23.105.131.206) | mail206.nessfist.com | - | High
106 | [23.105.131.216](https://vuldb.com/?ip.23.105.131.216) | mail216.nessfist.com | - | High
107 | [23.105.131.228](https://vuldb.com/?ip.23.105.131.228) | mail228.nessfist.com | - | High
108 | [23.105.131.230](https://vuldb.com/?ip.23.105.131.230) | mail230.nessfist.com | - | High
109 | [23.105.131.237](https://vuldb.com/?ip.23.105.131.237) | mail237.nessfist.com | - | High
110 | [23.105.131.249](https://vuldb.com/?ip.23.105.131.249) | mail249.nessfist.com | - | High
111 | [23.105.171.87](https://vuldb.com/?ip.23.105.171.87) | teluisd.tienda | - | High
112 | [23.146.242.147](https://vuldb.com/?ip.23.146.242.147) | - | - | High
113 | [23.229.34.114](https://vuldb.com/?ip.23.229.34.114) | noncurrent.specialtyway.com | - | High
114 | [23.237.25.128](https://vuldb.com/?ip.23.237.25.128) | - | - | High
115 | [23.237.25.205](https://vuldb.com/?ip.23.237.25.205) | - | - | High
116 | [23.238.217.173](https://vuldb.com/?ip.23.238.217.173) | orja4.teki.notredamians.org | - | High
117 | [23.254.130.71](https://vuldb.com/?ip.23.254.130.71) | hwsrv-964162.hostwindsdns.com | - | High
118 | [24.133.1.29](https://vuldb.com/?ip.24.133.1.29) | - | - | High
119 | [24.135.175.197](https://vuldb.com/?ip.24.135.175.197) | cable-24-135-175-197.dynamic.sbb.rs | - | High
120 | [24.199.85.225](https://vuldb.com/?ip.24.199.85.225) | - | - | High
121 | [24.225.113.157](https://vuldb.com/?ip.24.225.113.157) | roseau-pool-157.mncable.net | - | High
122 | [27.254.163.12](https://vuldb.com/?ip.27.254.163.12) | static-27-254-163-12.bangmod.cloud | - | High
123 | [31.210.20.18](https://vuldb.com/?ip.31.210.20.18) | - | - | High
124 | [31.210.20.40](https://vuldb.com/?ip.31.210.20.40) | - | - | High
125 | [31.210.20.60](https://vuldb.com/?ip.31.210.20.60) | - | - | High
126 | [31.210.20.78](https://vuldb.com/?ip.31.210.20.78) | - | - | High
127 | [31.210.20.129](https://vuldb.com/?ip.31.210.20.129) | - | - | High
128 | [31.210.20.215](https://vuldb.com/?ip.31.210.20.215) | - | - | High
129 | [31.210.21.205](https://vuldb.com/?ip.31.210.21.205) | lit4.top | - | High
130 | [31.210.21.252](https://vuldb.com/?ip.31.210.21.252) | ll40.top | - | High
131 | [31.210.55.103](https://vuldb.com/?ip.31.210.55.103) | 31-210-55-103.hostlab.net.tr | - | High
132 | [34.139.92.250](https://vuldb.com/?ip.34.139.92.250) | 250.92.139.34.bc.googleusercontent.com | - | Medium
133 | [34.201.133.83](https://vuldb.com/?ip.34.201.133.83) | ec2-34-201-133-83.compute-1.amazonaws.com | - | Medium
134 | [34.221.57.122](https://vuldb.com/?ip.34.221.57.122) | ec2-34-221-57-122.us-west-2.compute.amazonaws.com | - | Medium
135 | [34.223.5.56](https://vuldb.com/?ip.34.223.5.56) | ec2-34-223-5-56.us-west-2.compute.amazonaws.com | - | Medium
136 | [35.158.159.254](https://vuldb.com/?ip.35.158.159.254) | ec2-35-158-159-254.eu-central-1.compute.amazonaws.com | - | Medium
137 | [35.198.98.125](https://vuldb.com/?ip.35.198.98.125) | 125.98.198.35.bc.googleusercontent.com | - | Medium
138 | [36.90.214.84](https://vuldb.com/?ip.36.90.214.84) | - | - | High
139 | [37.0.8.61](https://vuldb.com/?ip.37.0.8.61) | joneswilson.springtimemartialarts.com | - | High
140 | [37.0.8.88](https://vuldb.com/?ip.37.0.8.88) | hall.capitolreservations.com | - | High
141 | [37.0.8.98](https://vuldb.com/?ip.37.0.8.98) | - | - | High
142 | [37.0.8.115](https://vuldb.com/?ip.37.0.8.115) | brownfarmer.capitolreservations.com | - | High
143 | [37.0.8.138](https://vuldb.com/?ip.37.0.8.138) | holland.athinneru.com | - | High
144 | [37.0.8.164](https://vuldb.com/?ip.37.0.8.164) | sharp.athinneru.com | - | High
145 | [37.0.8.214](https://vuldb.com/?ip.37.0.8.214) | ramos.cartierevannucci.com | - | High
146 | [37.0.8.234](https://vuldb.com/?ip.37.0.8.234) | bradley.cartierevannucci.com | - | High
147 | [37.0.10.22](https://vuldb.com/?ip.37.0.10.22) | - | - | High
148 | [37.0.10.38](https://vuldb.com/?ip.37.0.10.38) | - | - | High
149 | [37.0.10.144](https://vuldb.com/?ip.37.0.10.144) | - | - | High
150 | [37.0.10.190](https://vuldb.com/?ip.37.0.10.190) | - | - | High
151 | [37.0.11.6](https://vuldb.com/?ip.37.0.11.6) | - | - | High
152 | [37.0.11.76](https://vuldb.com/?ip.37.0.11.76) | - | - | High
153 | [37.0.11.114](https://vuldb.com/?ip.37.0.11.114) | - | - | High
154 | [37.0.11.164](https://vuldb.com/?ip.37.0.11.164) | - | - | High
155 | [37.0.11.230](https://vuldb.com/?ip.37.0.11.230) | - | - | High
156 | [37.0.11.250](https://vuldb.com/?ip.37.0.11.250) | - | - | High
157 | [37.0.11.252](https://vuldb.com/?ip.37.0.11.252) | - | - | High
158 | [37.0.14.195](https://vuldb.com/?ip.37.0.14.195) | - | - | High
159 | [37.0.14.196](https://vuldb.com/?ip.37.0.14.196) | - | - | High
160 | [37.0.14.197](https://vuldb.com/?ip.37.0.14.197) | - | - | High
161 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
162 | [37.0.14.203](https://vuldb.com/?ip.37.0.14.203) | - | - | High
163 | [37.0.14.206](https://vuldb.com/?ip.37.0.14.206) | - | - | High
164 | [37.0.14.210](https://vuldb.com/?ip.37.0.14.210) | host-37-0-14-210.static.deli-one.co.uk | - | High
165 | [37.0.14.216](https://vuldb.com/?ip.37.0.14.216) | - | - | High
166 | [37.120.141.153](https://vuldb.com/?ip.37.120.141.153) | - | - | High
167 | [37.120.141.168](https://vuldb.com/?ip.37.120.141.168) | - | - | High
168 | [37.120.210.211](https://vuldb.com/?ip.37.120.210.211) | - | - | High
169 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
170 | [37.139.128.94](https://vuldb.com/?ip.37.139.128.94) | - | - | High
171 | [37.139.129.71](https://vuldb.com/?ip.37.139.129.71) | - | - | High
172 | [37.139.129.91](https://vuldb.com/?ip.37.139.129.91) | - | - | High
173 | [40.71.91.165](https://vuldb.com/?ip.40.71.91.165) | - | - | High
174 | [40.124.7.222](https://vuldb.com/?ip.40.124.7.222) | - | - | High
175 | [41.216.183.49](https://vuldb.com/?ip.41.216.183.49) | - | - | High
176 | [41.216.183.170](https://vuldb.com/?ip.41.216.183.170) | - | - | High
177 | [43.154.234.84](https://vuldb.com/?ip.43.154.234.84) | - | - | High
178 | [45.11.231.129](https://vuldb.com/?ip.45.11.231.129) | 45-11-231-129.freemesh.co.uk | - | High
179 | [45.12.253.26](https://vuldb.com/?ip.45.12.253.26) | - | - | High
180 | [45.12.253.242](https://vuldb.com/?ip.45.12.253.242) | - | - | High
181 | [45.14.165.113](https://vuldb.com/?ip.45.14.165.113) | webserver-ltd.ml | - | High
182 | [45.15.143.169](https://vuldb.com/?ip.45.15.143.169) | - | - | High
183 | [45.15.143.249](https://vuldb.com/?ip.45.15.143.249) | - | - | High
184 | [45.32.193.48](https://vuldb.com/?ip.45.32.193.48) | smtp1c.v.sendmetric.com | - | High
185 | [45.35.64.214](https://vuldb.com/?ip.45.35.64.214) | - | - | High
186 | [45.35.105.148](https://vuldb.com/?ip.45.35.105.148) | unassigned.psychz.net | - | High
187 | [45.59.127.4](https://vuldb.com/?ip.45.59.127.4) | - | - | High
188 | [45.74.0.146](https://vuldb.com/?ip.45.74.0.146) | - | - | High
189 | [45.74.0.226](https://vuldb.com/?ip.45.74.0.226) | - | - | High
190 | [45.74.38.17](https://vuldb.com/?ip.45.74.38.17) | - | - | High
191 | [45.76.82.42](https://vuldb.com/?ip.45.76.82.42) | 45.76.82.42.vultrusercontent.com | - | High
192 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
193 | [45.90.222.128](https://vuldb.com/?ip.45.90.222.128) | 45-90-222-128-hostedby.bcr.host | - | High
194 | [45.132.106.37](https://vuldb.com/?ip.45.132.106.37) | vm4440858.34ssd.had.wf | - | High
195 | [45.133.1.29](https://vuldb.com/?ip.45.133.1.29) | - | - | High
196 | [45.133.1.67](https://vuldb.com/?ip.45.133.1.67) | - | - | High
197 | [45.133.1.119](https://vuldb.com/?ip.45.133.1.119) | - | - | High
198 | [45.133.1.126](https://vuldb.com/?ip.45.133.1.126) | - | - | High
199 | [45.133.1.167](https://vuldb.com/?ip.45.133.1.167) | - | - | High
200 | [45.133.1.211](https://vuldb.com/?ip.45.133.1.211) | - | - | High
201 | [45.137.20.4](https://vuldb.com/?ip.45.137.20.4) | hosted-by.rootlayer.net | - | High
202 | [45.137.22.35](https://vuldb.com/?ip.45.137.22.35) | hosted-by.rootlayer.net | - | High
203 | ... | ... | ... | ...
There are 802 more IOC items available. Please use our online service to access the data.
There are 806 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -233,7 +234,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
@ -250,9 +251,9 @@ ID | Type | Indicator | Confidence
1 | File | `/?p=products` | Medium
2 | File | `/admin/?page=product/manage_product&id=2` | High
3 | File | `/admin/casedetails.php` | High
4 | File | `/admin/index2.html` | High
5 | File | `/admin/maintenance/brand.php` | High
6 | File | `/admin/mechanics/manage_mechanic.php` | High
4 | File | `/admin/maintenance/brand.php` | High
5 | File | `/admin/mechanics/manage_mechanic.php` | High
6 | File | `/admin/positions_add.php` | High
7 | File | `/admin/user/manage_user.php` | High
8 | File | `/admin/userprofile.php` | High
9 | File | `/admin/voters_row.php` | High
@ -268,46 +269,38 @@ ID | Type | Indicator | Confidence
19 | File | `/aux` | Low
20 | File | `/backup.pl` | Medium
21 | File | `/cas/logout` | Medium
22 | File | `/categorypage.php` | High
23 | File | `/cgi-bin-sdb/ExportSettings.sh` | High
24 | File | `/cgi-bin/system_mgr.cgi` | High
25 | File | `/cha.php` | Medium
26 | File | `/classes/Master.php?f=save_service` | High
27 | File | `/College/admin/teacher.php` | High
28 | File | `/contactform/contactform.php` | High
29 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
30 | File | `/dayrui/Fcms/View/system_log.html` | High
31 | File | `/dcim/rack-roles/` | High
32 | File | `/drivers/block/floppy.c` | High
33 | File | `/DXR.axd` | Medium
34 | File | `/ecommerce/admin/category/controller.php` | High
35 | File | `/etc/shadow` | Medium
36 | File | `/forum/away.php` | High
37 | File | `/fos/admin/ajax.php` | High
38 | File | `/goform/aspForm` | High
39 | File | `/goform/WifiGuestSet` | High
40 | File | `/HNAP1` | Low
41 | File | `/HNAP1/SetClientInfo` | High
42 | File | `/inc/topBarNav.php` | High
43 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
44 | File | `/kelas/data` | Medium
45 | File | `/kelasdosen/data` | High
46 | File | `/modules/profile/index.php` | High
47 | File | `/modules/projects/vw_files.php` | High
48 | File | `/multi-vendor-shopping-script/product-list.php` | High
49 | File | `/nasm/nasm-parse.c` | High
50 | File | `/ordering/admin/orders/loaddata.php` | High
51 | File | `/ordering/admin/stockin/loaddata.php` | High
52 | File | `/owa/auth/logon.aspx` | High
53 | File | `/philosophy/admin/login.php` | High
54 | File | `/php-opos/login.php` | High
55 | File | `/priv_mgt.html` | High
56 | File | `/resources//../` | High
57 | File | `/see_more_details.php` | High
58 | File | `/services/indexing/preview` | High
59 | ... | ... | ...
22 | File | `/cgi-bin-sdb/ExportSettings.sh` | High
23 | File | `/cgi-bin/system_mgr.cgi` | High
24 | File | `/cha.php` | Medium
25 | File | `/classes/Master.php?f=save_service` | High
26 | File | `/College/admin/teacher.php` | High
27 | File | `/contactform/contactform.php` | High
28 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
29 | File | `/dayrui/Fcms/View/system_log.html` | High
30 | File | `/dcim/rack-roles/` | High
31 | File | `/DXR.axd` | Medium
32 | File | `/ecommerce/admin/category/controller.php` | High
33 | File | `/etc/shadow` | Medium
34 | File | `/forum/away.php` | High
35 | File | `/fos/admin/ajax.php` | High
36 | File | `/goform/aspForm` | High
37 | File | `/goform/WifiGuestSet` | High
38 | File | `/HNAP1` | Low
39 | File | `/HNAP1/SetClientInfo` | High
40 | File | `/inc/topBarNav.php` | High
41 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
42 | File | `/kelas/data` | Medium
43 | File | `/kelasdosen/data` | High
44 | File | `/modules/profile/index.php` | High
45 | File | `/modules/projects/vw_files.php` | High
46 | File | `/multi-vendor-shopping-script/product-list.php` | High
47 | File | `/nasm/nasm-parse.c` | High
48 | File | `/owa/auth/logon.aspx` | High
49 | File | `/paysystem/branch.php` | High
50 | File | `/paysystem/datatable.php` | High
51 | ... | ... | ...
There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -414,6 +407,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/6595059e1d6a17d771d090b4413a8a00d456f489f8d5858464f9f2435abcfa49/
* https://bazaar.abuse.ch/sample/549102148f7e484426b9293dc3d357f30d9d3afe0c9b6cfb3e28096a979eeea7/
* https://bazaar.abuse.ch/sample/6862125231ef2db31b6e1dfec7e447467001110552ca02d0c808ad7459e64cb4/
* https://bazaar.abuse.ch/sample/577047181197a34939a106666deec71d3e91e386deda32d412ef1e8b3de2b000/
* https://bazaar.abuse.ch/sample/862436265855ac8c2d4c8517da3d7f7572c57ccb520f6f76c18348fcaa893503/
* https://bazaar.abuse.ch/sample/a4f2c25ec87ce23bc806750cbd27dc3eb051066ba0a8de8b80914257624cf498/
* https://bazaar.abuse.ch/sample/a6d3661a9cff2af1b242728e8e461985eb08e382124f28b7fb64d49f101b11c7/

4
actors/NetSupportManager RAT/README.md
View File

@ -45,7 +45,8 @@ ID | IP address | Hostname | Campaign | Confidence
22 | [45.77.31.210](https://vuldb.com/?ip.45.77.31.210) | 45.77.31.210.vultrusercontent.com | - | High
23 | [45.133.203.205](https://vuldb.com/?ip.45.133.203.205) | - | - | High
24 | [46.17.106.110](https://vuldb.com/?ip.46.17.106.110) | zaphim2.ru | - | High
25 | ... | ... | ... | ...
25 | [46.17.106.230](https://vuldb.com/?ip.46.17.106.230) | vds2364993.my-ihor.ru | - | High
26 | ... | ... | ... | ...
There are 98 more IOC items available. Please use our online service to access the data.
@ -96,6 +97,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://bazaar.abuse.ch/sample/26cad4ec29bc07d7b2c32c94dbbef397391babf1c78cc533950b325aaf11bba8/
* https://bazaar.abuse.ch/sample/759e159da0592063bb0eb967dd45802caa0a1538867994868d5b883f099286a5/
* https://bazaar.abuse.ch/sample/2174b4c58eb43aac8e5e0061ff0bc45125f4cb64404d552fe25ea6ac1777113d/
* https://bazaar.abuse.ch/sample/ae49d8d6d68069696428ebd3fce5a003af4a6ccaf4f67331eea37a0cd4dfbb77/
* https://bazaar.abuse.ch/sample/c9e6dc44db59f1883e850babac21890e5723d2627a623c47f709e3bb7d073e35/
* https://infosec.exchange/@malware_traffic/109762477310102114
* https://threatfox.abuse.ch

98
actors/NetWire RC/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [RU](https://vuldb.com/?country.ru)
* ...
There are 27 more country items available. Please use our online service to access the data.
There are 22 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -78,14 +78,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36, CWE-37 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-27, CWE-36, CWE-37 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80, CWE-87 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 22 more TTP items available. Please use our online service to access the data.
There are 21 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -97,54 +97,52 @@ ID | Type | Indicator | Confidence
2 | File | `/?ajax-request=jnews` | High
3 | File | `/admin/edit_subject.php` | High
4 | File | `/admin/index2.html` | High
5 | File | `/admin/login.php` | High
6 | File | `/admin/products/manage_product.php` | High
7 | File | `/admin/students/manage.php` | High
8 | File | `/admin/students/view_student.php` | High
9 | File | `/api/user/upsert/<uuid>` | High
10 | File | `/api/v2/cli/commands` | High
11 | File | `/appliance/users?action=edit` | High
12 | File | `/backup.pl` | Medium
13 | File | `/cgi-bin/wlogin.cgi` | High
14 | File | `/dashboard/updatelogo.php` | High
15 | File | `/DXR.axd` | Medium
16 | File | `/E-mobile/App/System/File/downfile.php` | High
17 | File | `/edoc/doctor/patient.php` | High
18 | File | `/etc/ldap.conf` | High
19 | File | `/etc/shadow` | Medium
20 | File | `/forum/away.php` | High
21 | File | `/h/calendar` | Medium
22 | File | `/h/compose` | Medium
23 | File | `/h/search?action=voicemail&action=listen` | High
24 | File | `/hrm/employeeview.php` | High
25 | File | `/index.php` | Medium
26 | File | `/index.php?app=main&func=passport&action=login` | High
27 | File | `/kelasdosen/data` | High
28 | File | `/librarian/bookdetails.php` | High
29 | File | `/loginVaLidation.php` | High
30 | File | `/manager/index.php` | High
31 | File | `/messageboard/view.php` | High
32 | File | `/MIME/INBOX-MM-1/` | High
33 | File | `/mkshop/Men/profile.php` | High
34 | File | `/Noxen-master/users.php` | High
35 | File | `/opac/Actions.php?a=login` | High
36 | File | `/osm/REGISTER.cmd` | High
37 | File | `/out.php` | Medium
38 | File | `/owa/auth/logon.aspx` | High
39 | File | `/php-scrm/login.php` | High
40 | File | `/php-sms/classes/Master.php` | High
41 | File | `/php-sms/classes/SystemSettings.php` | High
42 | File | `/php_action/createOrder.php` | High
43 | File | `/php_action/editProductImage.php` | High
44 | File | `/reservation/add_message.php` | High
45 | File | `/ResiotQueryDBActive` | High
46 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
47 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
48 | File | `/SetTriggerWPS/PIN` | High
49 | File | `/spcgi.cgi` | Medium
50 | ... | ... | ...
5 | File | `/admin/products/manage_product.php` | High
6 | File | `/admin/students/manage.php` | High
7 | File | `/api/user/upsert/<uuid>` | High
8 | File | `/api/v2/cli/commands` | High
9 | File | `/appliance/users?action=edit` | High
10 | File | `/backup.pl` | Medium
11 | File | `/DXR.axd` | Medium
12 | File | `/E-mobile/App/System/File/downfile.php` | High
13 | File | `/edoc/doctor/patient.php` | High
14 | File | `/etc/ldap.conf` | High
15 | File | `/etc/shadow` | Medium
16 | File | `/forum/away.php` | High
17 | File | `/h/calendar` | Medium
18 | File | `/h/compose` | Medium
19 | File | `/h/search?action=voicemail&action=listen` | High
20 | File | `/hrm/employeeview.php` | High
21 | File | `/index.php` | Medium
22 | File | `/index.php?app=main&func=passport&action=login` | High
23 | File | `/kelasdosen/data` | High
24 | File | `/librarian/bookdetails.php` | High
25 | File | `/manager/index.php` | High
26 | File | `/messageboard/view.php` | High
27 | File | `/MIME/INBOX-MM-1/` | High
28 | File | `/opac/Actions.php?a=login` | High
29 | File | `/osm/REGISTER.cmd` | High
30 | File | `/out.php` | Medium
31 | File | `/owa/auth/logon.aspx` | High
32 | File | `/php-scrm/login.php` | High
33 | File | `/php-sms/classes/Master.php` | High
34 | File | `/php-sms/classes/SystemSettings.php` | High
35 | File | `/php_action/createOrder.php` | High
36 | File | `/php_action/editProductImage.php` | High
37 | File | `/reservation/add_message.php` | High
38 | File | `/ResiotQueryDBActive` | High
39 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
40 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
41 | File | `/send_order.cgi?parameter=restart` | High
42 | File | `/SetTriggerWPS/PIN` | High
43 | File | `/spcgi.cgi` | Medium
44 | File | `/spip.php` | Medium
45 | File | `/src/png2swf.c` | High
46 | File | `/textpattern/index.php` | High
47 | File | `/tos/index.php?app/app_start_stop` | High
48 | ... | ... | ...
There are 433 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 416 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

95
actors/Netsuppport/README.md Normal file
View File

@ -0,0 +1,95 @@
# Netsuppport - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Netsuppport](https://vuldb.com/?actor.netsuppport). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.netsuppport](https://vuldb.com/?actor.netsuppport)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Netsuppport:
* [US](https://vuldb.com/?country.us)
* [RU](https://vuldb.com/?country.ru)
* [TR](https://vuldb.com/?country.tr)
* ...
There are 9 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Netsuppport.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [179.43.146.90](https://vuldb.com/?ip.179.43.146.90) | hostedby.privatelayer.com | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Netsuppport_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 20 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Netsuppport. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `//proc/kcore` | Medium
2 | File | `/admin.php/Admin/adminadd.html` | High
3 | File | `/Admin/add-student.php` | High
4 | File | `/admin/settings/save.php` | High
5 | File | `/admin/userprofile.php` | High
6 | File | `/apply.cgi` | Medium
7 | File | `/cgi-bin/wlogin.cgi` | High
8 | File | `/College/admin/teacher.php` | High
9 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
10 | File | `/dcim/rack-roles/` | High
11 | File | `/forum/away.php` | High
12 | File | `/getcfg.php` | Medium
13 | File | `/get_getnetworkconf.cgi` | High
14 | File | `/goform/addUserName` | High
15 | File | `/goform/aspForm` | High
16 | File | `/goform/delAd` | High
17 | File | `/goform/saveParentControlInfo` | High
18 | File | `/goform/wifiSSIDset` | High
19 | File | `/gpac/src/bifs/unquantize.c` | High
20 | File | `/inc/topBarNav.php` | High
21 | File | `/index.asp` | Medium
22 | File | `/jfinal_cms/system/role/list` | High
23 | File | `/kelas/data` | Medium
24 | File | `/Moosikay/order.php` | High
25 | File | `/php-sms/admin/quotes/manage_remark.php` | High
26 | File | `/secure/QueryComponent!Default.jspa` | High
27 | File | `/webman/info.cgi` | High
28 | File | `acloudCosAction.php.SQL` | High
29 | File | `ActiveServices.java` | High
30 | ... | ... | ...
There are 251 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.zscaler.com/blogs/research/netsupport-rat-installed-fake-update-notices
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

79
actors/Ngoiweb/README.md Normal file
View File

@ -0,0 +1,79 @@
# Ngoiweb - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ngoiweb](https://vuldb.com/?actor.ngoiweb). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ngoiweb](https://vuldb.com/?actor.ngoiweb)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Ngoiweb:
* [GB](https://vuldb.com/?country.gb)
* [US](https://vuldb.com/?country.us)
* [CN](https://vuldb.com/?country.cn)
* ...
There are 5 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Ngoiweb.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [1.125.125.5](https://vuldb.com/?ip.1.125.125.5) | - | - | High
2 | [5.135.35.160](https://vuldb.com/?ip.5.135.35.160) | ip160.ip-5-135-35.eu | - | High
3 | [5.135.58.119](https://vuldb.com/?ip.5.135.58.119) | u.competitionhumourumbrella.city | - | High
4 | [5.135.58.121](https://vuldb.com/?ip.5.135.58.121) | 760.impulseratecloud.store | - | High
5 | [5.135.58.123](https://vuldb.com/?ip.5.135.58.123) | 95p0.impulseratecloud.store | - | High
6 | [5.135.58.124](https://vuldb.com/?ip.5.135.58.124) | pwtu32k.groupsensefixed.me | - | High
7 | [5.196.194.209](https://vuldb.com/?ip.5.196.194.209) | ip209.ip-5-196-194.eu | - | High
8 | ... | ... | ... | ...
There are 27 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Ngoiweb_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1059 | CWE-94 | Cross Site Scripting | High
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Ngoiweb. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/catcompany.php` | High
2 | File | `/forum/away.php` | High
3 | File | `/Login` | Low
4 | File | `/usr/bin/pkexec` | High
5 | File | `ajax_invoice.php` | High
6 | File | `ajax_service.php` | High
7 | ... | ... | ...
There are 46 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://blog.netlab.360.com/an-analysis-of-linux-ngioweb-botnet/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

115
actors/Novidade/README.md Normal file
View File

@ -0,0 +1,115 @@
# Novidade - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Novidade](https://vuldb.com/?actor.novidade). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.novidade](https://vuldb.com/?actor.novidade)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Novidade:
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [ES](https://vuldb.com/?country.es)
* ...
There are 14 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Novidade.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [10.0.0.1](https://vuldb.com/?ip.10.0.0.1) | - | - | High
2 | [10.0.0.2](https://vuldb.com/?ip.10.0.0.2) | - | - | High
3 | [10.0.0.3](https://vuldb.com/?ip.10.0.0.3) | - | - | High
4 | [10.0.0.138](https://vuldb.com/?ip.10.0.0.138) | - | - | High
5 | [10.1.1.1](https://vuldb.com/?ip.10.1.1.1) | - | - | High
6 | [23.94.149.242](https://vuldb.com/?ip.23.94.149.242) | 23-94-149-242-host.colocrossing.com | - | High
7 | ... | ... | ... | ...
There are 24 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Novidade_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
There are 19 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Novidade. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/?p=products` | Medium
2 | File | `/about.php` | Medium
3 | File | `/admin.php/accessory/filesdel.html` | High
4 | File | `/admin/?page=user/manage` | High
5 | File | `/admin/add-new.php` | High
6 | File | `/admin/doctors.php` | High
7 | File | `/admin/maintenance/view_designation.php` | High
8 | File | `/admin/submit-articles` | High
9 | File | `/ad_js.php` | Medium
10 | File | `/alphaware/summary.php` | High
11 | File | `/api/` | Low
12 | File | `/api/admin/store/product/list` | High
13 | File | `/api/stl/actions/search` | High
14 | File | `/api/v2/cli/commands` | High
15 | File | `/app/options.py` | High
16 | File | `/attachments` | Medium
17 | File | `/bin/ate` | Medium
18 | File | `/boat/login.php` | High
19 | File | `/bsms_ci/index.php/book` | High
20 | File | `/cgi-bin` | Medium
21 | File | `/cgi-bin/luci/api/wireless` | High
22 | File | `/cgi-bin/wlogin.cgi` | High
23 | File | `/context/%2e/WEB-INF/web.xml` | High
24 | File | `/dashboard/reports/logs/view` | High
25 | File | `/debian/patches/load_ppp_generic_if_needed` | High
26 | File | `/debug/pprof` | Medium
27 | File | `/env` | Low
28 | File | `/etc/hosts` | Medium
29 | File | `/forum/away.php` | High
30 | File | `/goform/setmac` | High
31 | File | `/goform/wizard_end` | High
32 | File | `/manage-apartment.php` | High
33 | File | `/medicines/profile.php` | High
34 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
35 | File | `/pages/apply_vacancy.php` | High
36 | File | `/php-sms/admin/?page=user/manage_user` | High
37 | File | `/proc/<PID>/mem` | High
38 | File | `/proxy` | Low
39 | File | `/reservation/add_message.php` | High
40 | File | `/spip.php` | Medium
41 | File | `/tmp` | Low
42 | ... | ... | ...
There are 361 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

80
actors/Octopus/README.md Normal file
View File

@ -0,0 +1,80 @@
# Octopus - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Octopus](https://vuldb.com/?actor.octopus). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.octopus](https://vuldb.com/?actor.octopus)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Octopus:
* [US](https://vuldb.com/?country.us)
* [RU](https://vuldb.com/?country.ru)
* [CN](https://vuldb.com/?country.cn)
* ...
There are 13 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Octopus.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.8.88.87](https://vuldb.com/?ip.5.8.88.87) | - | - | High
2 | [5.188.231.101](https://vuldb.com/?ip.5.188.231.101) | free.ds | - | High
3 | [5.255.71.84](https://vuldb.com/?ip.5.255.71.84) | - | - | High
4 | [5.255.71.85](https://vuldb.com/?ip.5.255.71.85) | - | - | High
5 | ... | ... | ... | ...
There are 14 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Octopus_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 12 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Octopus. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/forgetpassword.php` | High
2 | File | `/inc/lists/edit-list.php` | High
3 | File | `/index.php` | Medium
4 | File | `/members/view_member.php` | High
5 | File | `/owa/auth/logon.aspx` | High
6 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
7 | File | `/uncpath/` | Medium
8 | File | `adclick.php` | Medium
9 | File | `admin/media.php` | High
10 | File | `bbs/faq.php` | Medium
11 | ... | ... | ...
There are 87 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
actors/Orchard/README.md
View File

@ -74,7 +74,7 @@ ID | Type | Indicator | Confidence
23 | File | `/question/ask` | High
24 | ... | ... | ...
There are 203 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 204 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

57
actors/Outlaw Cryptominer/README.md Normal file
View File

@ -0,0 +1,57 @@
# Outlaw Cryptominer - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Outlaw Cryptominer](https://vuldb.com/?actor.outlaw_cryptominer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.outlaw_cryptominer](https://vuldb.com/?actor.outlaw_cryptominer)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Outlaw Cryptominer:
* [US](https://vuldb.com/?country.us)
* [MN](https://vuldb.com/?country.mn)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Outlaw Cryptominer.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [67.205.129.169](https://vuldb.com/?ip.67.205.129.169) | - | - | High
2 | [167.114.54.15](https://vuldb.com/?ip.167.114.54.15) | - | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Outlaw Cryptominer_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
2 | T1204.001 | CWE-601 | Open Redirect | High
3 | T1592.004 | CWE-16 | Configuration | High
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Outlaw Cryptominer. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `redirector.php` | High
2 | Argument | `url` | Low
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

77
actors/Outlaw Kit/README.md Normal file
View File

@ -0,0 +1,77 @@
# Outlaw Kit - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Outlaw Kit](https://vuldb.com/?actor.outlaw_kit). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.outlaw_kit](https://vuldb.com/?actor.outlaw_kit)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Outlaw Kit:
* [CN](https://vuldb.com/?country.cn)
* [US](https://vuldb.com/?country.us)
* [ES](https://vuldb.com/?country.es)
* ...
There are 2 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Outlaw Kit.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [45.9.148.125](https://vuldb.com/?ip.45.9.148.125) | - | - | High
2 | [45.9.148.129](https://vuldb.com/?ip.45.9.148.129) | - | - | High
3 | [104.236.192.6](https://vuldb.com/?ip.104.236.192.6) | - | - | High
4 | ... | ... | ... | ...
There are 1 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Outlaw Kit_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-425 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | T1059.007 | CWE-79 | Cross Site Scripting | High
5 | ... | ... | ... | ...
There are 15 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Outlaw Kit. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/ajax.php?action=read_msg` | High
2 | File | `/debug/pprof` | Medium
3 | File | `/env` | Low
4 | File | `/goform/SetNetControlList` | High
5 | File | `admin/categories_industry.php` | High
6 | File | `admin/content/postcategory` | High
7 | File | `Adminstrator/Users/Edit/` | High
8 | ... | ... | ...
There are 57 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://blog.trendmicro.com/trendlabs-security-intelligence/outlaw-updates-kit-to-kill-older-miner-versions-targets-more-systems/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

62
actors/PSP Phishing/README.md Normal file
View File

@ -0,0 +1,62 @@
# PSP Phishing - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PSP Phishing](https://vuldb.com/?actor.psp_phishing). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.psp_phishing](https://vuldb.com/?actor.psp_phishing)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PSP Phishing:
* [US](https://vuldb.com/?country.us)
* [JP](https://vuldb.com/?country.jp)
* [CN](https://vuldb.com/?country.cn)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of PSP Phishing.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.53.124.235](https://vuldb.com/?ip.5.53.124.235) | colaste2.representacoescomercial.de | - | High
2 | [47.245.55.198](https://vuldb.com/?ip.47.245.55.198) | - | - | High
3 | [124.156.34.157](https://vuldb.com/?ip.124.156.34.157) | - | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _PSP Phishing_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
2 | T1505 | CWE-89 | SQL Injection | High
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by PSP Phishing. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/maintenance/view_designation.php` | High
2 | File | `page.php` | Medium
3 | File | `wp-admin/post.php` | High
4 | ... | ... | ...
There are 4 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://blog.malwarebytes.com/web-threats/2019/11/web-skimmer-phishes-credit-card-data-via-rogue-payment-service-platform/
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

65
actors/Palau Unknown/README.md
View File

@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [ES](https://vuldb.com/?country.es)
* ...
There are 2 more country items available. Please use our online service to access the data.
There are 7 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -26,7 +26,7 @@ ID | IP address | Hostname | Campaign | Confidence
3 | [45.12.70.186](https://vuldb.com/?ip.45.12.70.186) | rounded-tray.alltieinc.com | - | High
4 | ... | ... | ... | ...
There are 13 more IOC items available. Please use our online service to access the data.
There are 14 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -34,7 +34,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-35 | Pathname Traversal | High
1 | T1006 | CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059 | CWE-94 | Cross Site Scripting | High
4 | ... | ... | ... | ...
@ -51,35 +51,37 @@ ID | Type | Indicator | Confidence
2 | File | `/admin/maintenance/view_designation.php` | High
3 | File | `/APR/signup.php` | High
4 | File | `/cgi-bin/wlogin.cgi` | High
5 | File | `/forum/away.php` | High
6 | File | `/mims/login.php` | High
7 | File | `/php-scrm/login.php` | High
8 | File | `/proxy` | Low
9 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
10 | File | `/send_order.cgi?parameter=access_detect` | High
11 | File | `/textpattern/index.php` | High
12 | File | `/tmp` | Low
13 | File | `/wp-admin/admin-ajax.php` | High
14 | File | `account-signup.php` | High
15 | File | `account/signup.php` | High
16 | File | `addentry.php` | Medium
17 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
18 | File | `admin.jcomments.php` | High
19 | File | `admin.php` | Medium
20 | File | `admin/admin_editor.php` | High
21 | File | `admin/conf_users_edit.php` | High
22 | File | `admin/data.php` | High
23 | File | `admin/edit_category.php` | High
24 | File | `admin/operations/currency.php` | High
25 | File | `album_portal.php` | High
26 | File | `awstats.pl` | Medium
27 | File | `blocks/block-Old_Articles.php` | High
28 | File | `bp_ncom.php` | Medium
29 | File | `buy.php` | Low
30 | File | `changePasswordForEmployee.php` | High
31 | ... | ... | ...
5 | File | `/E-mobile/App/System/File/downfile.php` | High
6 | File | `/Electron/download` | High
7 | File | `/mims/login.php` | High
8 | File | `/php-scrm/login.php` | High
9 | File | `/proxy` | Low
10 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
11 | File | `/send_order.cgi?parameter=access_detect` | High
12 | File | `/text/pdf/PdfReader.java` | High
13 | File | `/textpattern/index.php` | High
14 | File | `/tmp` | Low
15 | File | `/wp-admin/admin-ajax.php` | High
16 | File | `account-signup.php` | High
17 | File | `account/signup.php` | High
18 | File | `addentry.php` | Medium
19 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
20 | File | `admin.jcomments.php` | High
21 | File | `admin.php` | Medium
22 | File | `admin/admin_editor.php` | High
23 | File | `admin/conf_users_edit.php` | High
24 | File | `admin/data.php` | High
25 | File | `admin/edit_category.php` | High
26 | File | `admin/operations/currency.php` | High
27 | File | `album_portal.php` | High
28 | File | `awstats.pl` | Medium
29 | File | `blocks/block-Old_Articles.php` | High
30 | File | `blogger-importer.php` | High
31 | File | `bp_ncom.php` | Medium
32 | File | `buy.php` | Low
33 | ... | ... | ...
There are 261 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 282 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
@ -87,6 +89,7 @@ The following list contains _external sources_ which discuss the actor and the a
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_pw.netset
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_pw.netset
* https://github.com/firehol/blocklist-ipsets/blob/master/ipip_country/ipip_country_pw.netset
## Literature

60
actors/PeaRAT/README.md Normal file
View File

@ -0,0 +1,60 @@
# PeaRAT - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PeaRAT](https://vuldb.com/?actor.pearat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.pearat](https://vuldb.com/?actor.pearat)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PeaRAT:
* [US](https://vuldb.com/?country.us)
* [PL](https://vuldb.com/?country.pl)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of PeaRAT.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [95.140.125.42](https://vuldb.com/?ip.95.140.125.42) | free-125-42.mediaworksit.net | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _PeaRAT_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
2 | T1505 | CWE-89 | SQL Injection | High
3 | T1592 | CWE-200 | Configuration | High
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by PeaRAT. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `wp-includes/class-wp-query.php` | High
2 | Argument | `-v` | Low
3 | Argument | `mail_user` | Medium
4 | ... | ... | ...
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

68
actors/Phobos/README.md Normal file
View File

@ -0,0 +1,68 @@
# Phobos - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Phobos](https://vuldb.com/?actor.phobos). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.phobos](https://vuldb.com/?actor.phobos)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Phobos:
* [US](https://vuldb.com/?country.us)
* [VN](https://vuldb.com/?country.vn)
* [RU](https://vuldb.com/?country.ru)
* ...
There are 2 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Phobos.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [179.43.140.168](https://vuldb.com/?ip.179.43.140.168) | securehosting.capital | - | High
2 | [193.37.69.46](https://vuldb.com/?ip.193.37.69.46) | - | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Phobos_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22 | Pathname Traversal | High
2 | T1055 | CWE-74 | Injection | High
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
4 | ... | ... | ... | ...
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Phobos. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `advertiser.php` | High
2 | File | `at/create_job.cgi` | High
3 | File | `tiki-register.php` | High
4 | ... | ... | ...
There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://exchange.xforce.ibmcloud.com/threats/guid:71f873ec777c3c34917057ccd3b42ed9
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

84
actors/PlugX/README.md
View File

@ -71,8 +71,7 @@ ID | Technique | Weakness | Description | Confidence
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
6 | ... | ... | ... | ...
5 | ... | ... | ... | ...
There are 18 more TTP items available. Please use our online service to access the data.
@ -87,47 +86,48 @@ ID | Type | Indicator | Confidence
3 | File | `/etc/ajenti/config.yml` | High
4 | File | `/forum/away.php` | High
5 | File | `/goform/telnet` | High
6 | File | `/modules/profile/index.php` | High
7 | File | `/proc/self/environ` | High
8 | File | `/rom-0` | Low
9 | File | `/tmp/phpglibccheck` | High
10 | File | `/uncpath/` | Medium
11 | File | `/var/tmp/sess_*` | High
12 | File | `/wp-json/oembed/1.0/embed?url` | High
13 | File | `action.php` | Medium
14 | File | `actionphp/download.File.php` | High
15 | File | `add_comment.php` | High
16 | File | `admin/admin.php` | High
17 | File | `admin/class-favicon-by-realfavicongenerator-admin.php` | High
18 | File | `admin/content.php` | High
19 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
20 | File | `admin/memberviewdetails.php` | High
21 | File | `admin_gallery.php3` | High
22 | File | `affich.php` | Medium
23 | File | `agent/Core/Controller/SendRequest.cpp` | High
24 | File | `akeyActivationLogin.do` | High
25 | File | `album_portal.php` | High
26 | File | `apache-auth.conf` | High
27 | File | `askapache-firefox-adsense.php` | High
28 | File | `attachment.cgi` | High
29 | File | `auth.php` | Medium
30 | File | `blogger-importer.php` | High
31 | File | `blueprints/sections/edit/1` | High
32 | File | `books.php` | Medium
33 | File | `cart_add.php` | Medium
34 | File | `CFS.c` | Low
35 | File | `cgi-bin/webui/admin/tools/app_ping/diag_ping/` | High
36 | File | `cgi/cal?year` | Medium
37 | File | `checktransferstatus.php` | High
38 | File | `class.SystemAction.php` | High
39 | File | `clientarea.php` | High
40 | File | `collectivite.class.php` | High
41 | File | `contact` | Low
42 | File | `control.c` | Medium
43 | File | `core/core.php` | High
44 | ... | ... | ...
6 | File | `/HNAP1` | Low
7 | File | `/modules/profile/index.php` | High
8 | File | `/proc/self/environ` | High
9 | File | `/rom-0` | Low
10 | File | `/tmp/phpglibccheck` | High
11 | File | `/uncpath/` | Medium
12 | File | `/var/tmp/sess_*` | High
13 | File | `/wp-json/oembed/1.0/embed?url` | High
14 | File | `action.php` | Medium
15 | File | `actionphp/download.File.php` | High
16 | File | `add_comment.php` | High
17 | File | `admin/admin.php` | High
18 | File | `admin/class-favicon-by-realfavicongenerator-admin.php` | High
19 | File | `admin/content.php` | High
20 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
21 | File | `admin/memberviewdetails.php` | High
22 | File | `admin_gallery.php3` | High
23 | File | `affich.php` | Medium
24 | File | `agent/Core/Controller/SendRequest.cpp` | High
25 | File | `akeyActivationLogin.do` | High
26 | File | `album_portal.php` | High
27 | File | `apache-auth.conf` | High
28 | File | `askapache-firefox-adsense.php` | High
29 | File | `attachment.cgi` | High
30 | File | `auth.php` | Medium
31 | File | `blogger-importer.php` | High
32 | File | `blueprints/sections/edit/1` | High
33 | File | `books.php` | Medium
34 | File | `cart_add.php` | Medium
35 | File | `CFS.c` | Low
36 | File | `cgi-bin/webui/admin/tools/app_ping/diag_ping/` | High
37 | File | `cgi/cal?year` | Medium
38 | File | `checktransferstatus.php` | High
39 | File | `class.SystemAction.php` | High
40 | File | `clientarea.php` | High
41 | File | `collectivite.class.php` | High
42 | File | `contact` | Low
43 | File | `control.c` | Medium
44 | File | `core/core.php` | High
45 | ... | ... | ...
There are 380 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

8
actors/Ponystealer/README.md
View File

@ -60,7 +60,7 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/.ssh/authorized_keys` | High
2 | File | `/ajax.php?action=read_msg` | High
3 | File | `/ajax/networking/get_netcfg.php` | High
4 | File | `/api/gen/clients/{language}` | High
5 | File | `/app/options.py` | High
@ -102,11 +102,9 @@ ID | Type | Indicator | Confidence
41 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
42 | File | `/spip.php` | Medium
43 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
44 | File | `/sys/dict/queryTableData` | High
45 | File | `/tmp` | Low
46 | ... | ... | ...
44 | ... | ... | ...
There are 398 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

59
actors/PowerGhost/README.md Normal file
View File

@ -0,0 +1,59 @@
# PowerGhost - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PowerGhost](https://vuldb.com/?actor.powerghost). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.powerghost](https://vuldb.com/?actor.powerghost)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PowerGhost:
* [US](https://vuldb.com/?country.us)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of PowerGhost.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [185.128.43.62](https://vuldb.com/?ip.185.128.43.62) | - | - | High
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _PowerGhost_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1059 | CWE-94 | Cross Site Scripting | High
2 | T1204.001 | CWE-601 | Open Redirect | High
3 | T1505 | CWE-89 | SQL Injection | High
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by PowerGhost. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `admin/index.php` | High
2 | File | `inc/config.php` | High
3 | Argument | `basePath` | Medium
4 | ... | ... | ...
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

30
actors/Predator the Thief/README.md Normal file
View File

@ -0,0 +1,30 @@
# Predator the Thief - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Predator the Thief](https://vuldb.com/?actor.predator_the_thief). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.predator_the_thief](https://vuldb.com/?actor.predator_the_thief)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Predator the Thief.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.fortinet.com/blog/threat-research/predator-the-thief-recent-versions.html
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

2
actors/PrivateLoader/README.md
View File

@ -93,7 +93,7 @@ ID | Type | Indicator | Confidence
39 | File | `/MagickCore/quantize.c` | High
40 | ... | ... | ...
There are 345 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 344 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

9
actors/Prophet Spider/README.md
View File

@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
* [ES](https://vuldb.com/?country.es)
* ...
There are 6 more country items available. Please use our online service to access the data.
There are 7 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-94 | Cross Site Scripting | High
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
@ -121,9 +121,10 @@ ID | Type | Indicator | Confidence
59 | File | `/classes/Master.php?f=delete_inquiry` | High
60 | File | `/classes/Master.php?f=delete_item` | High
61 | File | `/classes/Master.php?f=delete_service` | High
62 | ... | ... | ...
62 | File | `/classes/Master.php?f=delete_sub_category` | High
63 | ... | ... | ...
There are 545 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 550 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

64
actors/PseudoGate/README.md Normal file
View File

@ -0,0 +1,64 @@
# PseudoGate - Cyber Threat Intelligence
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PseudoGate](https://vuldb.com/?actor.pseudogate). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.pseudogate](https://vuldb.com/?actor.pseudogate)
## Countries
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PseudoGate:
* [RU](https://vuldb.com/?country.ru)
* [US](https://vuldb.com/?country.us)
## IOC - Indicator of Compromise
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of PseudoGate.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.23.54.158](https://vuldb.com/?ip.5.23.54.158) | 813555-cj16721.tmweb.ru | - | High
2 | [176.57.208.166](https://vuldb.com/?ip.176.57.208.166) | 1105979-manvds.tmweb.ru | - | High
3 | [185.17.122.166](https://vuldb.com/?ip.185.17.122.166) | ndevbox.example.com | - | High
4 | ... | ... | ... | ...
There are 8 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _PseudoGate_. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1055 | CWE-74 | Injection | High
2 | T1608.002 | CWE-434 | Unrestricted Upload | High
## IOA - Indicator of Attack
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by PseudoGate. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `FTP/server_ftp.c` | High
2 | File | `ip/ipaddress.c` | High
3 | File | `tiki-register.php` | High
4 | ... | ... | ...
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References
The following list contains _external sources_ which discuss the actor and the associated activities:
* https://www.cyber45.com
## Literature
The following _articles_ explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

91
actors/PsiXBot/README.md
View File

@ -45,7 +45,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
ID | Technique | Weakness | Description | Confidence
-- | --------- | -------- | ----------- | ----------
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
3 | T1055 | CWE-74 | Injection | High
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
@ -61,50 +61,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `$HOME/.printers` | High
2 | File | `/admin/edit-doc.php` | High
3 | File | `/admin/maintenance/view_designation.php` | High
4 | File | `/admin/news/news_ok.php` | High
5 | File | `/api/plugin/uninstall` | High
6 | File | `/api /v3/auth` | High
7 | File | `/bcms/admin/?page=user/list` | High
8 | File | `/bin/boa` | Medium
9 | File | `/card_scan.php` | High
10 | File | `/cgi-bin/wlogin.cgi` | High
11 | File | `/config/getuser` | High
12 | File | `/cwc/login` | Medium
13 | File | `/de/cgi/dfs_guest/` | High
14 | File | `/debug/pprof` | Medium
15 | File | `/download` | Medium
16 | File | `/etc/gsissh/sshd_config` | High
17 | File | `/etc/passwd` | Medium
18 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
19 | File | `/etc/quagga` | Medium
20 | File | `/etc/quantum/quantum.conf` | High
21 | File | `/etc/shadow` | Medium
22 | File | `/forms/doLogin` | High
23 | File | `/forum/away.php` | High
24 | File | `/getcfg.php` | Medium
25 | File | `/goform/telnet` | High
26 | File | `/goform/WanParameterSetting` | High
27 | File | `/h/calendar` | Medium
28 | File | `/home/cavesConsole` | High
29 | File | `/hrm/employeeadd.php` | High
30 | File | `/inc/extensions.php` | High
31 | File | `/include/makecvs.php` | High
32 | File | `/js/app.js` | Medium
33 | File | `/mgmt/tm/util/bash` | High
34 | File | `/modules/profile/index.php` | High
35 | File | `/modules/tasks/summary.inc.php` | High
36 | File | `/monitoring` | Medium
37 | File | `/nova/bin/console` | High
38 | File | `/nova/bin/detnet` | High
39 | File | `/out.php` | Medium
40 | File | `/payu/icpcheckout/` | High
41 | File | `/php-sms/classes/Master.php?f=save_quote` | High
42 | File | `/property-list/property_view.php` | High
43 | ... | ... | ...
2 | File | `/admin/?page=user/list` | High
3 | File | `/admin/edit-doc.php` | High
4 | File | `/admin/maintenance/view_designation.php` | High
5 | File | `/admin/news/news_ok.php` | High
6 | File | `/admin/service.php` | High
7 | File | `/ajax.php?action=read_msg` | High
8 | File | `/api/plugin/uninstall` | High
9 | File | `/api /v3/auth` | High
10 | File | `/bcms/admin/?page=user/list` | High
11 | File | `/bin/boa` | Medium
12 | File | `/card_scan.php` | High
13 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
14 | File | `/cgi-bin/wlogin.cgi` | High
15 | File | `/config/getuser` | High
16 | File | `/cwc/login` | Medium
17 | File | `/de/cgi/dfs_guest/` | High
18 | File | `/debug/pprof` | Medium
19 | File | `/download` | Medium
20 | File | `/etc/gsissh/sshd_config` | High
21 | File | `/etc/passwd` | Medium
22 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
23 | File | `/etc/quagga` | Medium
24 | File | `/etc/quantum/quantum.conf` | High
25 | File | `/forms/doLogin` | High
26 | File | `/forum/away.php` | High
27 | File | `/getcfg.php` | Medium
28 | File | `/goform/SetNetControlList` | High
29 | File | `/goform/telnet` | High
30 | File | `/goform/WanParameterSetting` | High
31 | File | `/h/calendar` | Medium
32 | File | `/home/cavesConsole` | High
33 | File | `/hrm/employeeadd.php` | High
34 | File | `/inc/extensions.php` | High
35 | File | `/include/makecvs.php` | High
36 | File | `/jeecg-boot/jmreport/upload` | High
37 | File | `/js/app.js` | Medium
38 | File | `/mgmt/tm/util/bash` | High
39 | File | `/modules/profile/index.php` | High
40 | File | `/modules/tasks/summary.inc.php` | High
41 | File | `/monitoring` | Medium
42 | File | `/nova/bin/console` | High
43 | File | `/nova/bin/detnet` | High
44 | File | `/out.php` | Medium
45 | File | `/payu/icpcheckout/` | High
46 | ... | ... | ...
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
There are 402 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
## References

Some files were not shown because too many files have changed in this diff Show More