Update July 2023
This commit is contained in:
parent
0955ba53e2
commit
e41f13e7d4
|
@ -63,37 +63,38 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/admin/employee_row.php` | High
|
||||
7 | File | `/Admin/login.php` | High
|
||||
8 | File | `/admin/products/manage_product.php` | High
|
||||
9 | File | `/admin/user/manage_user.php` | High
|
||||
10 | File | `/ajax.php?action=read_msg` | High
|
||||
11 | File | `/api/upload` | Medium
|
||||
12 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
13 | File | `/cms/category/list` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/Default/Bd` | Medium
|
||||
16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
17 | File | `/domain/add` | Medium
|
||||
18 | File | `/donor-wall` | Medium
|
||||
19 | File | `/ebics-server/ebics.aspx` | High
|
||||
20 | File | `/esbus/servlet/GetSQLData` | High
|
||||
21 | File | `/film-rating.php` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goform/formLogin` | High
|
||||
24 | File | `/HNAP1` | Low
|
||||
25 | File | `/horde/util/go.php` | High
|
||||
26 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
27 | File | `/ishttpd/localweb/java/` | High
|
||||
28 | File | `/KK_LS9ReportingPortal/GetData` | High
|
||||
29 | File | `/mcategory.php` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/p` | Low
|
||||
32 | File | `/pages/processlogin.php` | High
|
||||
33 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
34 | File | `/services/Card/findUser` | High
|
||||
35 | File | `/template/edit` | High
|
||||
36 | File | `/uncpath/` | Medium
|
||||
37 | ... | ... | ...
|
||||
9 | File | `/admin/read.php?mudi=announContent` | High
|
||||
10 | File | `/admin/user/manage_user.php` | High
|
||||
11 | File | `/ajax.php?action=read_msg` | High
|
||||
12 | File | `/api/upload` | Medium
|
||||
13 | File | `/api/wechat/app_auth` | High
|
||||
14 | File | `/changeimage.php` | High
|
||||
15 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
16 | File | `/cms/category/list` | High
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/Default/Bd` | Medium
|
||||
19 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
20 | File | `/domain/add` | Medium
|
||||
21 | File | `/donor-wall` | Medium
|
||||
22 | File | `/ebics-server/ebics.aspx` | High
|
||||
23 | File | `/esbus/servlet/GetSQLData` | High
|
||||
24 | File | `/film-rating.php` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/goform/formLogin` | High
|
||||
27 | File | `/HNAP1` | Low
|
||||
28 | File | `/horde/util/go.php` | High
|
||||
29 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
30 | File | `/ishttpd/localweb/java/` | High
|
||||
31 | File | `/KK_LS9ReportingPortal/GetData` | High
|
||||
32 | File | `/mcategory.php` | High
|
||||
33 | File | `/out.php` | Medium
|
||||
34 | File | `/p` | Low
|
||||
35 | File | `/pages/processlogin.php` | High
|
||||
36 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
37 | File | `/services/Card/findUser` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 325 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -45,45 +45,46 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
11 | [23.227.196.21](https://vuldb.com/?ip.23.227.196.21) | 23-227-196-21.static.hvvc.us | - | High
|
||||
12 | [23.227.196.215](https://vuldb.com/?ip.23.227.196.215) | 23-227-196-215.static.hvvc.us | - | High
|
||||
13 | [23.227.196.217](https://vuldb.com/?ip.23.227.196.217) | 23-227-196-217.static.hvvc.us | - | High
|
||||
14 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | - | High
|
||||
15 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | - | High
|
||||
16 | [31.220.43.99](https://vuldb.com/?ip.31.220.43.99) | - | Sednit | High
|
||||
17 | [31.220.61.251](https://vuldb.com/?ip.31.220.61.251) | - | - | High
|
||||
18 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | - | High
|
||||
19 | [45.32.129.185](https://vuldb.com/?ip.45.32.129.185) | 45.32.129.185.vultr.com | - | Medium
|
||||
20 | [45.32.227.21](https://vuldb.com/?ip.45.32.227.21) | 45.32.227.21.mobiltel.mx | - | High
|
||||
21 | [45.64.105.23](https://vuldb.com/?ip.45.64.105.23) | - | - | High
|
||||
22 | [45.124.132.127](https://vuldb.com/?ip.45.124.132.127) | - | - | High
|
||||
23 | [46.19.138.66](https://vuldb.com/?ip.46.19.138.66) | ab2.alchibasystems.in.net | - | High
|
||||
24 | [46.21.147.55](https://vuldb.com/?ip.46.21.147.55) | 46-21-147-55.static.hvvc.us | - | High
|
||||
25 | [46.21.147.71](https://vuldb.com/?ip.46.21.147.71) | 46-21-147-71.static.hvvc.us | - | High
|
||||
26 | [46.21.147.76](https://vuldb.com/?ip.46.21.147.76) | 46-21-147-76.static.hvvc.us | - | High
|
||||
27 | [46.148.17.227](https://vuldb.com/?ip.46.148.17.227) | - | - | High
|
||||
28 | [46.166.162.90](https://vuldb.com/?ip.46.166.162.90) | - | Pawn Storm | High
|
||||
29 | [46.183.217.74](https://vuldb.com/?ip.46.183.217.74) | ip-217-74.dataclub.info | Pawn Storm | High
|
||||
30 | [51.38.128.110](https://vuldb.com/?ip.51.38.128.110) | vps-0a3489af.vps.ovh.net | - | High
|
||||
31 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
|
||||
32 | [51.254.158.57](https://vuldb.com/?ip.51.254.158.57) | - | - | High
|
||||
33 | [54.37.104.106](https://vuldb.com/?ip.54.37.104.106) | piber.connectedlists.com | - | High
|
||||
34 | [58.49.58.58](https://vuldb.com/?ip.58.49.58.58) | - | - | High
|
||||
35 | [62.113.232.197](https://vuldb.com/?ip.62.113.232.197) | - | - | High
|
||||
36 | [66.172.11.207](https://vuldb.com/?ip.66.172.11.207) | ip-66-172-11-207.chunkhost.com | Carberp | High
|
||||
37 | [66.172.12.133](https://vuldb.com/?ip.66.172.12.133) | - | - | High
|
||||
38 | [68.76.150.97](https://vuldb.com/?ip.68.76.150.97) | 68-76-150-97.lightspeed.hstntx.sbcglobal.net | - | High
|
||||
39 | [69.12.73.174](https://vuldb.com/?ip.69.12.73.174) | 69.12.73.174.static.quadranet.com | Sednit | High
|
||||
40 | [69.16.243.33](https://vuldb.com/?ip.69.16.243.33) | host.tecnode.com | - | High
|
||||
41 | [70.85.221.10](https://vuldb.com/?ip.70.85.221.10) | server002.nilsson-it.dk | - | High
|
||||
42 | [70.85.221.20](https://vuldb.com/?ip.70.85.221.20) | 14.dd.5546.static.theplanet.com | Pawn Storm | High
|
||||
43 | [76.74.177.251](https://vuldb.com/?ip.76.74.177.251) | ip-76-74-177-251.chunkhost.com | - | High
|
||||
44 | [77.81.98.122](https://vuldb.com/?ip.77.81.98.122) | no-rdns.clues.ro | - | High
|
||||
45 | [77.83.247.81](https://vuldb.com/?ip.77.83.247.81) | - | Global Brute Force | High
|
||||
46 | [78.153.151.222](https://vuldb.com/?ip.78.153.151.222) | smtp33.pristavka-fr.ru | - | High
|
||||
47 | [80.83.115.187](https://vuldb.com/?ip.80.83.115.187) | host3.smtpnoida.biz | - | High
|
||||
48 | [80.255.3.93](https://vuldb.com/?ip.80.255.3.93) | - | - | High
|
||||
49 | [80.255.3.94](https://vuldb.com/?ip.80.255.3.94) | set121.com | - | High
|
||||
50 | ... | ... | ... | ...
|
||||
14 | [24.11.70.85](https://vuldb.com/?ip.24.11.70.85) | c-24-11-70-85.hsd1.ut.comcast.net | - | High
|
||||
15 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | - | High
|
||||
16 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | - | High
|
||||
17 | [31.220.43.99](https://vuldb.com/?ip.31.220.43.99) | - | Sednit | High
|
||||
18 | [31.220.61.251](https://vuldb.com/?ip.31.220.61.251) | - | - | High
|
||||
19 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | - | High
|
||||
20 | [45.32.129.185](https://vuldb.com/?ip.45.32.129.185) | 45.32.129.185.vultr.com | - | Medium
|
||||
21 | [45.32.227.21](https://vuldb.com/?ip.45.32.227.21) | 45.32.227.21.mobiltel.mx | - | High
|
||||
22 | [45.64.105.23](https://vuldb.com/?ip.45.64.105.23) | - | - | High
|
||||
23 | [45.124.132.127](https://vuldb.com/?ip.45.124.132.127) | - | - | High
|
||||
24 | [46.19.138.66](https://vuldb.com/?ip.46.19.138.66) | ab2.alchibasystems.in.net | - | High
|
||||
25 | [46.21.147.55](https://vuldb.com/?ip.46.21.147.55) | 46-21-147-55.static.hvvc.us | - | High
|
||||
26 | [46.21.147.71](https://vuldb.com/?ip.46.21.147.71) | 46-21-147-71.static.hvvc.us | - | High
|
||||
27 | [46.21.147.76](https://vuldb.com/?ip.46.21.147.76) | 46-21-147-76.static.hvvc.us | - | High
|
||||
28 | [46.148.17.227](https://vuldb.com/?ip.46.148.17.227) | - | - | High
|
||||
29 | [46.166.162.90](https://vuldb.com/?ip.46.166.162.90) | - | Pawn Storm | High
|
||||
30 | [46.183.217.74](https://vuldb.com/?ip.46.183.217.74) | ip-217-74.dataclub.info | Pawn Storm | High
|
||||
31 | [51.38.128.110](https://vuldb.com/?ip.51.38.128.110) | vps-0a3489af.vps.ovh.net | - | High
|
||||
32 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
|
||||
33 | [51.254.158.57](https://vuldb.com/?ip.51.254.158.57) | - | - | High
|
||||
34 | [54.37.104.106](https://vuldb.com/?ip.54.37.104.106) | piber.connectedlists.com | - | High
|
||||
35 | [58.49.58.58](https://vuldb.com/?ip.58.49.58.58) | - | - | High
|
||||
36 | [62.113.232.197](https://vuldb.com/?ip.62.113.232.197) | - | - | High
|
||||
37 | [66.172.11.207](https://vuldb.com/?ip.66.172.11.207) | ip-66-172-11-207.chunkhost.com | Carberp | High
|
||||
38 | [66.172.12.133](https://vuldb.com/?ip.66.172.12.133) | - | - | High
|
||||
39 | [68.76.150.97](https://vuldb.com/?ip.68.76.150.97) | 68-76-150-97.lightspeed.hstntx.sbcglobal.net | - | High
|
||||
40 | [69.12.73.174](https://vuldb.com/?ip.69.12.73.174) | 69.12.73.174.static.quadranet.com | Sednit | High
|
||||
41 | [69.16.243.33](https://vuldb.com/?ip.69.16.243.33) | host.tecnode.com | - | High
|
||||
42 | [69.28.64.137](https://vuldb.com/?ip.69.28.64.137) | - | - | High
|
||||
43 | [70.85.221.10](https://vuldb.com/?ip.70.85.221.10) | server002.nilsson-it.dk | - | High
|
||||
44 | [70.85.221.20](https://vuldb.com/?ip.70.85.221.20) | 14.dd.5546.static.theplanet.com | Pawn Storm | High
|
||||
45 | [76.74.177.251](https://vuldb.com/?ip.76.74.177.251) | ip-76-74-177-251.chunkhost.com | - | High
|
||||
46 | [77.81.98.122](https://vuldb.com/?ip.77.81.98.122) | no-rdns.clues.ro | - | High
|
||||
47 | [77.83.247.81](https://vuldb.com/?ip.77.83.247.81) | - | Global Brute Force | High
|
||||
48 | [78.153.151.222](https://vuldb.com/?ip.78.153.151.222) | smtp33.pristavka-fr.ru | - | High
|
||||
49 | [80.83.115.187](https://vuldb.com/?ip.80.83.115.187) | host3.smtpnoida.biz | - | High
|
||||
50 | [80.255.3.93](https://vuldb.com/?ip.80.255.3.93) | - | - | High
|
||||
51 | ... | ... | ... | ...
|
||||
|
||||
There are 195 more IOC items available. Please use our online service to access the data.
|
||||
There are 198 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -156,7 +157,7 @@ ID | Type | Indicator | Confidence
|
|||
49 | File | `AdxDSrv.exe` | Medium
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 431 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -164,6 +165,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/
|
||||
* https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/
|
||||
* https://blog.sekoia.io/apt28-leverages-multiple-phishing-techniques-to-target-ukrainian-civil-society/
|
||||
* https://cert.gov.ua/article/40102
|
||||
* https://community.blueliv.com/#!/s/5f6b482482df413eb5350d3b
|
||||
* https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf
|
||||
|
|
|
@ -91,7 +91,7 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `agent.cfg` | Medium
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 211 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 213 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
|
@ -95,10 +95,9 @@ ID | Type | Indicator | Confidence
|
|||
32 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
33 | File | `/PROD_ar/twbkwbis.P_FirstMenu` | High
|
||||
34 | File | `/replication` | Medium
|
||||
35 | File | `/RestAPI` | Medium
|
||||
36 | ... | ... | ...
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 305 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,7 +21,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.180.198.56](https://vuldb.com/?ip.185.180.198.56) | . | - | High
|
||||
1 | [162.244.32.148](https://vuldb.com/?ip.162.244.32.148) | arthurherrera.clientshostname.com | - | High
|
||||
2 | [162.244.32.185](https://vuldb.com/?ip.162.244.32.185) | . | - | High
|
||||
3 | [185.180.198.56](https://vuldb.com/?ip.185.180.198.56) | . | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -36,7 +41,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -44,47 +49,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/ad_js.php` | Medium
|
||||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/app/options.py` | High
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/boat/login.php` | High
|
||||
17 | File | `/bsms_ci/index.php/book` | High
|
||||
18 | File | `/cgi-bin` | Medium
|
||||
19 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
21 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
22 | File | `/dashboard/reports/logs/view` | High
|
||||
23 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/etc/hosts` | Medium
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/goform/setmac` | High
|
||||
28 | File | `/goform/wizard_end` | High
|
||||
29 | File | `/manage-apartment.php` | High
|
||||
30 | File | `/medicines/profile.php` | High
|
||||
31 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
32 | File | `/pages/apply_vacancy.php` | High
|
||||
33 | File | `/proc/<PID>/mem` | High
|
||||
34 | File | `/proxy` | Low
|
||||
35 | File | `/reservation/add_message.php` | High
|
||||
36 | File | `/spip.php` | Medium
|
||||
37 | File | `/tmp` | Low
|
||||
38 | File | `/uncpath/` | Medium
|
||||
39 | ... | ... | ...
|
||||
1 | File | `$HOME/.printers` | High
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
5 | File | `/admin/?page=user/manage` | High
|
||||
6 | File | `/admin/add-new.php` | High
|
||||
7 | File | `/admin/doctors.php` | High
|
||||
8 | File | `/admin/submit-articles` | High
|
||||
9 | File | `/ad_js.php` | Medium
|
||||
10 | File | `/alphaware/summary.php` | High
|
||||
11 | File | `/api/` | Low
|
||||
12 | File | `/api/admin/store/product/list` | High
|
||||
13 | File | `/api/stl/actions/search` | High
|
||||
14 | File | `/api/v2/cli/commands` | High
|
||||
15 | File | `/app/options.py` | High
|
||||
16 | File | `/attachments` | Medium
|
||||
17 | File | `/bin/ate` | Medium
|
||||
18 | File | `/boat/login.php` | High
|
||||
19 | File | `/bsms_ci/index.php/book` | High
|
||||
20 | File | `/cgi-bin` | Medium
|
||||
21 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
24 | File | `/dashboard/reports/logs/view` | High
|
||||
25 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
26 | File | `/debug/pprof` | Medium
|
||||
27 | File | `/env` | Low
|
||||
28 | File | `/etc/hosts` | Medium
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/goform/setmac` | High
|
||||
31 | File | `/goform/wizard_end` | High
|
||||
32 | File | `/manage-apartment.php` | High
|
||||
33 | File | `/medicines/profile.php` | High
|
||||
34 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
35 | File | `/pages/apply_vacancy.php` | High
|
||||
36 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
37 | File | `/proc/<PID>/mem` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/reservation/add_message.php` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,8 +21,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [95.142.46.35](https://vuldb.com/?ip.95.142.46.35) | v798635.hosted-by-vdsina.ru | - | High
|
||||
2 | [194.87.248.102](https://vuldb.com/?ip.194.87.248.102) | ptr.ruvds.com | - | High
|
||||
1 | [89.23.101.20](https://vuldb.com/?ip.89.23.101.20) | - | - | High
|
||||
2 | [95.142.46.35](https://vuldb.com/?ip.95.142.46.35) | v798635.hosted-by-vdsina.ru | - | High
|
||||
3 | [109.172.45.229](https://vuldb.com/?ip.109.172.45.229) | necessary-pet.aeza.network | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -67,6 +71,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://app.any.run/tasks/95fa13b9-fe54-4e3b-9352-b5533dcf5b77/
|
||||
* https://app.any.run/tasks/907c994b-46eb-4722-85f9-2350ebda039a
|
||||
* https://twitter.com/crep1x/status/1670881170567954432
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Alien:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
|
@ -17,9 +18,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.199.173.52](https://vuldb.com/?ip.5.199.173.52) | - | - | High
|
||||
2 | [20.127.122.139](https://vuldb.com/?ip.20.127.122.139) | - | - | High
|
||||
3 | [57.128.54.210](https://vuldb.com/?ip.57.128.54.210) | ip210.ip-57-128-54.eu | - | High
|
||||
1 | [5.78.74.58](https://vuldb.com/?ip.5.78.74.58) | static.58.74.78.5.clients.your-server.de | - | High
|
||||
2 | [5.78.105.58](https://vuldb.com/?ip.5.78.105.58) | static.58.105.78.5.clients.your-server.de | - | High
|
||||
3 | [5.161.178.107](https://vuldb.com/?ip.5.161.178.107) | static.107.178.161.5.clients.your-server.de | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -27,12 +31,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -40,12 +45,24 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
2 | File | `browse.php` | Medium
|
||||
3 | File | `com\mingsoft\basic\action\web\FileAction.java` | High
|
||||
4 | ... | ... | ...
|
||||
1 | File | `/admin.php?controller=admin_commonuser` | High
|
||||
2 | File | `/admin/content/index` | High
|
||||
3 | File | `/admin/convert/export_z3950_new.php` | High
|
||||
4 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
5 | File | `/ajax/update_certificate` | High
|
||||
6 | File | `/api/admin/system/store/order/list` | High
|
||||
7 | File | `/api/jmeter/download/files` | High
|
||||
8 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
9 | File | `/customs/loan_by_class.php?reportView` | High
|
||||
10 | File | `/ecommerce/admin/settings/setDiscount.php` | High
|
||||
11 | File | `/editor/index.php` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/fos/admin/ajax.php` | High
|
||||
14 | File | `/goform/WifiBasicSet` | High
|
||||
15 | File | `/intern/controller.php` | High
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 124 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -48,9 +48,10 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
3 | File | `admin/index.php` | High
|
||||
4 | File | `data/gbconfiguration.dat` | High
|
||||
5 | ... | ... | ...
|
||||
5 | File | `filter.php` | Medium
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 33 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 34 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Anatsa:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -48,8 +48,11 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `Illuminate\Broadcasting\PendingBroadcast.php` | High
|
||||
2 | Library | `FARFLT.SYS` | Medium
|
||||
3 | Argument | `wan_dyn_hostname` | High
|
||||
2 | File | `web/upload/UploadHandler.php` | High
|
||||
3 | Library | `FARFLT.SYS` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -317,7 +317,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
294 | [45.137.22.111](https://vuldb.com/?ip.45.137.22.111) | hosted-by.rootlayer.net | - | High
|
||||
295 | ... | ... | ... | ...
|
||||
|
||||
There are 1175 more IOC items available. Please use our online service to access the data.
|
||||
There are 1176 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -325,10 +325,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-50, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-50 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -344,36 +344,37 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin/modal_add_product.php` | High
|
||||
3 | File | `/admin/positions_add.php` | High
|
||||
4 | File | `/admin/update_s6.php` | High
|
||||
5 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
6 | File | `/authenticationendpoint/login.do` | High
|
||||
7 | File | `/bin/ate` | Medium
|
||||
8 | File | `/bin/login` | Medium
|
||||
9 | File | `/cgi-bin/luci` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/changeimage.php` | High
|
||||
12 | File | `/classes/Users.php?f=save` | High
|
||||
13 | File | `/DXR.axd` | Medium
|
||||
14 | File | `/env` | Low
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/goform/WifiGuestSet` | High
|
||||
17 | File | `/HNAP1` | Low
|
||||
18 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
19 | File | `/mc` | Low
|
||||
20 | File | `/note/index/delete` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/owa/auth/logon.aspx` | High
|
||||
23 | File | `/paysystem/branch.php` | High
|
||||
24 | File | `/php-inventory-management-system/product.php` | High
|
||||
25 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
26 | File | `/send_order.cgi?parameter=restart` | High
|
||||
27 | File | `/services/indexing/preview` | High
|
||||
28 | File | `/tmp/boa-temp` | High
|
||||
29 | File | `/userfs/bin/tcapi` | High
|
||||
30 | File | `/var/log/nginx` | High
|
||||
31 | File | `/wp-admin/admin-ajax.php` | High
|
||||
32 | ... | ... | ...
|
||||
5 | File | `/api/geojson` | Medium
|
||||
6 | File | `/Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML` | High
|
||||
7 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
8 | File | `/authenticationendpoint/login.do` | High
|
||||
9 | File | `/bin/ate` | Medium
|
||||
10 | File | `/bin/login` | Medium
|
||||
11 | File | `/cgi-bin/luci` | High
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/changeimage.php` | High
|
||||
14 | File | `/classes/Users.php?f=save` | High
|
||||
15 | File | `/DXR.axd` | Medium
|
||||
16 | File | `/env` | Low
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/goform/WifiGuestSet` | High
|
||||
19 | File | `/HNAP1` | Low
|
||||
20 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
21 | File | `/mc` | Low
|
||||
22 | File | `/out.php` | Medium
|
||||
23 | File | `/owa/auth/logon.aspx` | High
|
||||
24 | File | `/paysystem/branch.php` | High
|
||||
25 | File | `/php-inventory-management-system/product.php` | High
|
||||
26 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
27 | File | `/send_order.cgi?parameter=restart` | High
|
||||
28 | File | `/Taier/API/tenant/listTenant` | High
|
||||
29 | File | `/tmp/boa-temp` | High
|
||||
30 | File | `/userfs/bin/tcapi` | High
|
||||
31 | File | `/var/log/nginx` | High
|
||||
32 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -70,44 +70,47 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
47 | [37.120.206.69](https://vuldb.com/?ip.37.120.206.69) | - | - | High
|
||||
48 | [37.139.129.47](https://vuldb.com/?ip.37.139.129.47) | - | - | High
|
||||
49 | [37.139.129.100](https://vuldb.com/?ip.37.139.129.100) | - | - | High
|
||||
50 | [37.220.87.3](https://vuldb.com/?ip.37.220.87.3) | ipn-37-220-87-3.artem-catv.ru | - | High
|
||||
51 | [38.117.65.122](https://vuldb.com/?ip.38.117.65.122) | 38-117-65-122.static-ip.ravand.ca | - | High
|
||||
52 | [38.132.114.178](https://vuldb.com/?ip.38.132.114.178) | - | - | High
|
||||
53 | [41.185.97.216](https://vuldb.com/?ip.41.185.97.216) | - | - | High
|
||||
54 | [41.216.183.52](https://vuldb.com/?ip.41.216.183.52) | - | - | High
|
||||
55 | [45.12.253.22](https://vuldb.com/?ip.45.12.253.22) | - | - | High
|
||||
56 | [45.12.253.146](https://vuldb.com/?ip.45.12.253.146) | - | - | High
|
||||
57 | [45.12.253.202](https://vuldb.com/?ip.45.12.253.202) | - | - | High
|
||||
58 | [45.59.119.153](https://vuldb.com/?ip.45.59.119.153) | - | - | High
|
||||
59 | [45.59.119.212](https://vuldb.com/?ip.45.59.119.212) | - | - | High
|
||||
60 | [45.66.230.108](https://vuldb.com/?ip.45.66.230.108) | - | - | High
|
||||
61 | [45.72.96.199](https://vuldb.com/?ip.45.72.96.199) | - | - | High
|
||||
62 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
63 | [45.81.39.89](https://vuldb.com/?ip.45.81.39.89) | - | - | High
|
||||
64 | [45.81.150.32](https://vuldb.com/?ip.45.81.150.32) | - | - | High
|
||||
65 | [45.83.129.166](https://vuldb.com/?ip.45.83.129.166) | - | - | High
|
||||
66 | [45.87.61.139](https://vuldb.com/?ip.45.87.61.139) | - | - | High
|
||||
67 | [45.87.62.181](https://vuldb.com/?ip.45.87.62.181) | - | - | High
|
||||
68 | [45.87.63.121](https://vuldb.com/?ip.45.87.63.121) | - | - | High
|
||||
69 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
70 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
|
||||
71 | [45.88.67.103](https://vuldb.com/?ip.45.88.67.103) | - | - | High
|
||||
72 | [45.88.67.145](https://vuldb.com/?ip.45.88.67.145) | - | - | High
|
||||
73 | [45.90.222.97](https://vuldb.com/?ip.45.90.222.97) | 45-90-222-97-hostedby.bcr.host | - | High
|
||||
74 | [45.127.101.18](https://vuldb.com/?ip.45.127.101.18) | - | - | High
|
||||
75 | [45.132.106.37](https://vuldb.com/?ip.45.132.106.37) | vm4440858.34ssd.had.wf | - | High
|
||||
76 | [45.133.1.34](https://vuldb.com/?ip.45.133.1.34) | - | - | High
|
||||
77 | [45.135.164.194](https://vuldb.com/?ip.45.135.164.194) | ibera.togeteheran.com | - | High
|
||||
78 | [45.137.22.35](https://vuldb.com/?ip.45.137.22.35) | hosted-by.rootlayer.net | - | High
|
||||
79 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
80 | [45.137.22.79](https://vuldb.com/?ip.45.137.22.79) | hosted-by.rootlayer.net | - | High
|
||||
81 | [45.137.22.143](https://vuldb.com/?ip.45.137.22.143) | hosted-by.rootlayer.net | - | High
|
||||
82 | [45.137.65.132](https://vuldb.com/?ip.45.137.65.132) | vm4266462.34ssd.had.wf | - | High
|
||||
83 | [45.137.65.229](https://vuldb.com/?ip.45.137.65.229) | vm4437484.25ssd.had.wf | - | High
|
||||
84 | [45.137.116.170](https://vuldb.com/?ip.45.137.116.170) | vps-zap970417-5.zap-srv.com | - | High
|
||||
85 | ... | ... | ... | ...
|
||||
50 | [37.187.222.230](https://vuldb.com/?ip.37.187.222.230) | ip230.ip-37-187-222.eu | - | High
|
||||
51 | [37.220.87.3](https://vuldb.com/?ip.37.220.87.3) | ipn-37-220-87-3.artem-catv.ru | - | High
|
||||
52 | [38.117.65.122](https://vuldb.com/?ip.38.117.65.122) | 38-117-65-122.static-ip.ravand.ca | - | High
|
||||
53 | [38.132.114.178](https://vuldb.com/?ip.38.132.114.178) | - | - | High
|
||||
54 | [41.185.97.216](https://vuldb.com/?ip.41.185.97.216) | - | - | High
|
||||
55 | [41.216.183.52](https://vuldb.com/?ip.41.216.183.52) | - | - | High
|
||||
56 | [45.12.253.22](https://vuldb.com/?ip.45.12.253.22) | - | - | High
|
||||
57 | [45.12.253.146](https://vuldb.com/?ip.45.12.253.146) | - | - | High
|
||||
58 | [45.12.253.202](https://vuldb.com/?ip.45.12.253.202) | - | - | High
|
||||
59 | [45.59.119.153](https://vuldb.com/?ip.45.59.119.153) | - | - | High
|
||||
60 | [45.59.119.212](https://vuldb.com/?ip.45.59.119.212) | - | - | High
|
||||
61 | [45.61.128.246](https://vuldb.com/?ip.45.61.128.246) | - | - | High
|
||||
62 | [45.66.230.108](https://vuldb.com/?ip.45.66.230.108) | - | - | High
|
||||
63 | [45.72.96.199](https://vuldb.com/?ip.45.72.96.199) | - | - | High
|
||||
64 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
65 | [45.81.39.89](https://vuldb.com/?ip.45.81.39.89) | - | - | High
|
||||
66 | [45.81.150.32](https://vuldb.com/?ip.45.81.150.32) | - | - | High
|
||||
67 | [45.83.129.166](https://vuldb.com/?ip.45.83.129.166) | - | - | High
|
||||
68 | [45.87.61.139](https://vuldb.com/?ip.45.87.61.139) | - | - | High
|
||||
69 | [45.87.62.181](https://vuldb.com/?ip.45.87.62.181) | - | - | High
|
||||
70 | [45.87.63.121](https://vuldb.com/?ip.45.87.63.121) | - | - | High
|
||||
71 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
72 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
|
||||
73 | [45.88.67.72](https://vuldb.com/?ip.45.88.67.72) | - | - | High
|
||||
74 | [45.88.67.103](https://vuldb.com/?ip.45.88.67.103) | - | - | High
|
||||
75 | [45.88.67.145](https://vuldb.com/?ip.45.88.67.145) | - | - | High
|
||||
76 | [45.90.222.97](https://vuldb.com/?ip.45.90.222.97) | 45-90-222-97-hostedby.bcr.host | - | High
|
||||
77 | [45.127.101.18](https://vuldb.com/?ip.45.127.101.18) | - | - | High
|
||||
78 | [45.132.106.37](https://vuldb.com/?ip.45.132.106.37) | vm4440858.34ssd.had.wf | - | High
|
||||
79 | [45.133.1.34](https://vuldb.com/?ip.45.133.1.34) | - | - | High
|
||||
80 | [45.135.164.194](https://vuldb.com/?ip.45.135.164.194) | ibera.togeteheran.com | - | High
|
||||
81 | [45.137.22.35](https://vuldb.com/?ip.45.137.22.35) | hosted-by.rootlayer.net | - | High
|
||||
82 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
83 | [45.137.22.79](https://vuldb.com/?ip.45.137.22.79) | hosted-by.rootlayer.net | - | High
|
||||
84 | [45.137.22.143](https://vuldb.com/?ip.45.137.22.143) | hosted-by.rootlayer.net | - | High
|
||||
85 | [45.137.65.132](https://vuldb.com/?ip.45.137.65.132) | vm4266462.34ssd.had.wf | - | High
|
||||
86 | [45.137.65.229](https://vuldb.com/?ip.45.137.65.229) | vm4437484.25ssd.had.wf | - | High
|
||||
87 | [45.137.116.170](https://vuldb.com/?ip.45.137.116.170) | vps-zap970417-5.zap-srv.com | - | High
|
||||
88 | ... | ... | ... | ...
|
||||
|
||||
There are 338 more IOC items available. Please use our online service to access the data.
|
||||
There are 346 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -115,14 +118,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -132,13 +135,13 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
3 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
4 | File | `/admin/casedetails.php` | High
|
||||
5 | File | `/admin/index2.html` | High
|
||||
6 | File | `/admin/maintenance/brand.php` | High
|
||||
7 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
8 | File | `/admin/positions_add.php` | High
|
||||
9 | File | `/admin/user/manage_user.php` | High
|
||||
3 | File | `/admin/casedetails.php` | High
|
||||
4 | File | `/admin/index2.html` | High
|
||||
5 | File | `/admin/maintenance/brand.php` | High
|
||||
6 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
7 | File | `/admin/positions_add.php` | High
|
||||
8 | File | `/admin/user/manage_user.php` | High
|
||||
9 | File | `/admin/userprofile.php` | High
|
||||
10 | File | `/admin/voters_row.php` | High
|
||||
11 | File | `/ad_js.php` | Medium
|
||||
12 | File | `/agc/vicidial.php` | High
|
||||
|
@ -147,52 +150,51 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/ajax/myshop` | Medium
|
||||
16 | File | `/alumni/admin/ajax.php?action=save_settings` | High
|
||||
17 | File | `/api/gen/clients/{language}` | High
|
||||
18 | File | `/apply.cgi` | Medium
|
||||
19 | File | `/APR/signup.php` | High
|
||||
20 | File | `/authenticationendpoint/login.do` | High
|
||||
21 | File | `/aux` | Low
|
||||
22 | File | `/backup.pl` | Medium
|
||||
23 | File | `/cas/logout` | Medium
|
||||
24 | File | `/categorypage.php` | High
|
||||
25 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
18 | File | `/APR/signup.php` | High
|
||||
19 | File | `/authenticationendpoint/login.do` | High
|
||||
20 | File | `/aux` | Low
|
||||
21 | File | `/backup.pl` | Medium
|
||||
22 | File | `/cas/logout` | Medium
|
||||
23 | File | `/categorypage.php` | High
|
||||
24 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
25 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
26 | File | `/cha.php` | Medium
|
||||
27 | File | `/College/admin/teacher.php` | High
|
||||
28 | File | `/contactform/contactform.php` | High
|
||||
29 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
30 | File | `/drivers/block/floppy.c` | High
|
||||
31 | File | `/DXR.axd` | Medium
|
||||
32 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
33 | File | `/etc/config/product.ini` | High
|
||||
34 | File | `/etc/crash` | Medium
|
||||
29 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
30 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
31 | File | `/dcim/rack-roles/` | High
|
||||
32 | File | `/drivers/block/floppy.c` | High
|
||||
33 | File | `/DXR.axd` | Medium
|
||||
34 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
35 | File | `/etc/shadow` | Medium
|
||||
36 | File | `/fos/admin/ajax.php` | High
|
||||
37 | File | `/goform/aspForm` | High
|
||||
38 | File | `/goform/WifiBasicSet` | High
|
||||
36 | File | `/forum/away.php` | High
|
||||
37 | File | `/fos/admin/ajax.php` | High
|
||||
38 | File | `/goform/aspForm` | High
|
||||
39 | File | `/goform/WifiGuestSet` | High
|
||||
40 | File | `/index.php` | Medium
|
||||
40 | File | `/inc/topBarNav.php` | High
|
||||
41 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
42 | File | `/kelasdosen/data` | High
|
||||
43 | File | `/login/index.php` | High
|
||||
44 | File | `/medicines/profile.php` | High
|
||||
45 | File | `/modules/projects/vw_files.php` | High
|
||||
46 | File | `/Moosikay/order.php` | High
|
||||
47 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
48 | File | `/nasm/nasm-parse.c` | High
|
||||
49 | File | `/ordering/admin/orders/loaddata.php` | High
|
||||
50 | File | `/ordering/admin/stockin/loaddata.php` | High
|
||||
51 | File | `/owa/auth/logon.aspx` | High
|
||||
52 | File | `/philosophy/admin/login.php` | High
|
||||
53 | File | `/php-opos/login.php` | High
|
||||
54 | File | `/priv_mgt.html` | High
|
||||
55 | File | `/queuing/index.php?page=display` | High
|
||||
42 | File | `/kelas/data` | Medium
|
||||
43 | File | `/kelasdosen/data` | High
|
||||
44 | File | `/modules/projects/vw_files.php` | High
|
||||
45 | File | `/Moosikay/order.php` | High
|
||||
46 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
47 | File | `/nasm/nasm-parse.c` | High
|
||||
48 | File | `/ordering/admin/orders/loaddata.php` | High
|
||||
49 | File | `/ordering/admin/stockin/loaddata.php` | High
|
||||
50 | File | `/owa/auth/logon.aspx` | High
|
||||
51 | File | `/paysystem/branch.php` | High
|
||||
52 | File | `/paysystem/datatable.php` | High
|
||||
53 | File | `/philosophy/admin/login.php` | High
|
||||
54 | File | `/php-opos/login.php` | High
|
||||
55 | File | `/priv_mgt.html` | High
|
||||
56 | File | `/resources//../` | High
|
||||
57 | File | `/see_more_details.php` | High
|
||||
58 | File | `/services/indexing/preview` | High
|
||||
59 | File | `/upgrade` | Medium
|
||||
60 | File | `/user/updatePwd` | High
|
||||
61 | ... | ... | ...
|
||||
59 | File | `/Taier/API/tenant/listTenant` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 532 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 522 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
# BLM - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BLM](https://vuldb.com/?actor.blm). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.blm](https://vuldb.com/?actor.blm)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BLM:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* [SK](https://vuldb.com/?country.sk)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BLM.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
2 | [82.202.65.125](https://vuldb.com/?ip.82.202.65.125) | 125-65-202-82.hicoria.com | - | High
|
||||
3 | [82.202.65.177](https://vuldb.com/?ip.82.202.65.177) | 177-65-202-82.hicoria.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _BLM_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BLM. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/mc-admin/page.php` | High
|
||||
2 | File | `ajax_url.php` | Medium
|
||||
3 | File | `byterun/bigarray.c` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.fortinet.com/blog/threat-research/global-malicious-spam-campaign-using-black-lives-matter-as-a-lure
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -94,17 +94,17 @@ ID | Type | Indicator | Confidence
|
|||
34 | File | `/out.php` | Medium
|
||||
35 | File | `/password.html` | High
|
||||
36 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
37 | File | `/proc/ioports` | High
|
||||
38 | File | `/property-list/property_view.php` | High
|
||||
39 | File | `/ptms/classes/Users.php` | High
|
||||
40 | File | `/resources//../` | High
|
||||
41 | File | `/rest/api/2/search` | High
|
||||
42 | File | `/s/` | Low
|
||||
43 | File | `/scripts/cpan_config` | High
|
||||
44 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
37 | File | `/property-list/property_view.php` | High
|
||||
38 | File | `/ptms/classes/Users.php` | High
|
||||
39 | File | `/resources//../` | High
|
||||
40 | File | `/rest/api/2/search` | High
|
||||
41 | File | `/s/` | Low
|
||||
42 | File | `/scripts/cpan_config` | High
|
||||
43 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 392 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -131,43 +131,45 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
108 | [45.79.127.90](https://vuldb.com/?ip.45.79.127.90) | 45-79-127-90.ip.linodeusercontent.com | - | High
|
||||
109 | [45.79.207.123](https://vuldb.com/?ip.45.79.207.123) | se1.izlae.com | - | High
|
||||
110 | [45.81.39.172](https://vuldb.com/?ip.45.81.39.172) | - | - | High
|
||||
111 | [45.85.90.172](https://vuldb.com/?ip.45.85.90.172) | lanenap.sa.com | - | High
|
||||
112 | [45.88.66.177](https://vuldb.com/?ip.45.88.66.177) | - | - | High
|
||||
113 | [45.90.14.172](https://vuldb.com/?ip.45.90.14.172) | chivalrous.acquiretm.com | - | High
|
||||
114 | [45.90.160.173](https://vuldb.com/?ip.45.90.160.173) | - | - | High
|
||||
115 | [45.90.161.73](https://vuldb.com/?ip.45.90.161.73) | - | - | High
|
||||
116 | [45.90.161.92](https://vuldb.com/?ip.45.90.161.92) | - | - | High
|
||||
117 | [45.90.162.184](https://vuldb.com/?ip.45.90.162.184) | - | - | High
|
||||
118 | [45.95.55.54](https://vuldb.com/?ip.45.95.55.54) | flyhosting.de | - | High
|
||||
119 | [45.95.55.232](https://vuldb.com/?ip.45.95.55.232) | flyhosting.de | - | High
|
||||
120 | [45.95.169.115](https://vuldb.com/?ip.45.95.169.115) | - | - | High
|
||||
121 | [45.95.169.119](https://vuldb.com/?ip.45.95.169.119) | 0mrn.hitoritabifans.com | - | High
|
||||
122 | [45.95.169.133](https://vuldb.com/?ip.45.95.169.133) | - | - | High
|
||||
123 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
|
||||
124 | [45.128.153.154](https://vuldb.com/?ip.45.128.153.154) | - | - | High
|
||||
125 | [45.128.232.144](https://vuldb.com/?ip.45.128.232.144) | 144.232.128.45.pfcloud.io | - | High
|
||||
126 | [45.128.234.72](https://vuldb.com/?ip.45.128.234.72) | - | - | High
|
||||
127 | [45.132.88.184](https://vuldb.com/?ip.45.132.88.184) | 45.132.88.184.mc-host24.de | - | High
|
||||
128 | [45.134.10.88](https://vuldb.com/?ip.45.134.10.88) | hosted-by.infraly.co | - | High
|
||||
129 | [45.134.11.110](https://vuldb.com/?ip.45.134.11.110) | mail.knowallthings.com | - | High
|
||||
130 | [45.137.206.188](https://vuldb.com/?ip.45.137.206.188) | hosted-by.varixx.org | - | High
|
||||
131 | [45.140.188.33](https://vuldb.com/?ip.45.140.188.33) | hosted-by.royalehosting.net | - | High
|
||||
132 | [45.140.188.40](https://vuldb.com/?ip.45.140.188.40) | minrow.populatively.com | - | High
|
||||
133 | [45.140.188.109](https://vuldb.com/?ip.45.140.188.109) | hosted-by.royalehosting.net | - | High
|
||||
134 | [45.141.239.114](https://vuldb.com/?ip.45.141.239.114) | - | - | High
|
||||
135 | [45.142.107.167](https://vuldb.com/?ip.45.142.107.167) | tube-hosting.com | - | High
|
||||
136 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
|
||||
137 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
|
||||
138 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
|
||||
139 | [45.148.10.76](https://vuldb.com/?ip.45.148.10.76) | - | - | High
|
||||
140 | [45.148.10.243](https://vuldb.com/?ip.45.148.10.243) | - | - | High
|
||||
141 | [45.148.120.80](https://vuldb.com/?ip.45.148.120.80) | - | - | High
|
||||
142 | [45.148.120.171](https://vuldb.com/?ip.45.148.120.171) | - | - | High
|
||||
143 | [45.148.120.226](https://vuldb.com/?ip.45.148.120.226) | 45-148-120-226.hosted-by.phanes.cloud | - | High
|
||||
144 | [45.148.121.228](https://vuldb.com/?ip.45.148.121.228) | - | - | High
|
||||
145 | ... | ... | ... | ...
|
||||
111 | [45.81.234.229](https://vuldb.com/?ip.45.81.234.229) | 45.81.234.229.mc-host24.de | - | High
|
||||
112 | [45.85.90.172](https://vuldb.com/?ip.45.85.90.172) | lanenap.sa.com | - | High
|
||||
113 | [45.88.66.177](https://vuldb.com/?ip.45.88.66.177) | - | - | High
|
||||
114 | [45.90.14.172](https://vuldb.com/?ip.45.90.14.172) | chivalrous.acquiretm.com | - | High
|
||||
115 | [45.90.160.173](https://vuldb.com/?ip.45.90.160.173) | - | - | High
|
||||
116 | [45.90.161.73](https://vuldb.com/?ip.45.90.161.73) | - | - | High
|
||||
117 | [45.90.161.92](https://vuldb.com/?ip.45.90.161.92) | - | - | High
|
||||
118 | [45.90.162.184](https://vuldb.com/?ip.45.90.162.184) | - | - | High
|
||||
119 | [45.95.55.54](https://vuldb.com/?ip.45.95.55.54) | flyhosting.de | - | High
|
||||
120 | [45.95.55.232](https://vuldb.com/?ip.45.95.55.232) | flyhosting.de | - | High
|
||||
121 | [45.95.169.115](https://vuldb.com/?ip.45.95.169.115) | - | - | High
|
||||
122 | [45.95.169.119](https://vuldb.com/?ip.45.95.169.119) | 0mrn.hitoritabifans.com | - | High
|
||||
123 | [45.95.169.133](https://vuldb.com/?ip.45.95.169.133) | - | - | High
|
||||
124 | [45.124.84.253](https://vuldb.com/?ip.45.124.84.253) | sv-84253.bkns.vn | - | High
|
||||
125 | [45.128.153.154](https://vuldb.com/?ip.45.128.153.154) | - | - | High
|
||||
126 | [45.128.232.144](https://vuldb.com/?ip.45.128.232.144) | 144.232.128.45.pfcloud.io | - | High
|
||||
127 | [45.128.232.180](https://vuldb.com/?ip.45.128.232.180) | - | - | High
|
||||
128 | [45.128.234.72](https://vuldb.com/?ip.45.128.234.72) | - | - | High
|
||||
129 | [45.132.88.184](https://vuldb.com/?ip.45.132.88.184) | 45.132.88.184.mc-host24.de | - | High
|
||||
130 | [45.134.10.88](https://vuldb.com/?ip.45.134.10.88) | hosted-by.infraly.co | - | High
|
||||
131 | [45.134.11.110](https://vuldb.com/?ip.45.134.11.110) | mail.knowallthings.com | - | High
|
||||
132 | [45.137.206.188](https://vuldb.com/?ip.45.137.206.188) | hosted-by.varixx.org | - | High
|
||||
133 | [45.140.188.33](https://vuldb.com/?ip.45.140.188.33) | hosted-by.royalehosting.net | - | High
|
||||
134 | [45.140.188.40](https://vuldb.com/?ip.45.140.188.40) | minrow.populatively.com | - | High
|
||||
135 | [45.140.188.109](https://vuldb.com/?ip.45.140.188.109) | hosted-by.royalehosting.net | - | High
|
||||
136 | [45.141.239.114](https://vuldb.com/?ip.45.141.239.114) | - | - | High
|
||||
137 | [45.142.107.167](https://vuldb.com/?ip.45.142.107.167) | tube-hosting.com | - | High
|
||||
138 | [45.144.29.99](https://vuldb.com/?ip.45.144.29.99) | vm467374.stark-industries.solutions | - | High
|
||||
139 | [45.144.179.23](https://vuldb.com/?ip.45.144.179.23) | zhaibingyeshishabi.xyz | - | High
|
||||
140 | [45.145.226.64](https://vuldb.com/?ip.45.145.226.64) | - | - | High
|
||||
141 | [45.148.10.76](https://vuldb.com/?ip.45.148.10.76) | - | - | High
|
||||
142 | [45.148.10.243](https://vuldb.com/?ip.45.148.10.243) | - | - | High
|
||||
143 | [45.148.120.80](https://vuldb.com/?ip.45.148.120.80) | - | - | High
|
||||
144 | [45.148.120.171](https://vuldb.com/?ip.45.148.120.171) | - | - | High
|
||||
145 | [45.148.120.226](https://vuldb.com/?ip.45.148.120.226) | 45-148-120-226.hosted-by.phanes.cloud | - | High
|
||||
146 | [45.148.121.228](https://vuldb.com/?ip.45.148.121.228) | - | - | High
|
||||
147 | ... | ... | ... | ...
|
||||
|
||||
There are 574 more IOC items available. Please use our online service to access the data.
|
||||
There are 584 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -175,14 +177,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -205,40 +207,38 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `/api/stl/actions/search` | High
|
||||
14 | File | `/api/v2/cli/commands` | High
|
||||
15 | File | `/apply.cgi` | Medium
|
||||
16 | File | `/boat/login.php` | High
|
||||
17 | File | `/bsms_ci/index.php/book` | High
|
||||
18 | File | `/cgi-bin` | Medium
|
||||
19 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
20 | File | `/College/admin/teacher.php` | High
|
||||
21 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
22 | File | `/ctcprotocol/Protocol` | High
|
||||
23 | File | `/dcim/rack-roles/` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/ebics-server/ebics.aspx` | High
|
||||
26 | File | `/env` | Low
|
||||
27 | File | `/etc/hosts` | Medium
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/bsms_ci/index.php/book` | High
|
||||
19 | File | `/cgi-bin` | Medium
|
||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
21 | File | `/College/admin/teacher.php` | High
|
||||
22 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
23 | File | `/ctcprotocol/Protocol` | High
|
||||
24 | File | `/dcim/rack-roles/` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/ebics-server/ebics.aspx` | High
|
||||
27 | File | `/env` | Low
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/goform/aspForm` | High
|
||||
30 | File | `/goform/delAd` | High
|
||||
31 | File | `/HNAP1` | Low
|
||||
32 | File | `/HNAP1/SetClientInfo` | High
|
||||
33 | File | `/inc/topBarNav.php` | High
|
||||
34 | File | `/kelas/data` | Medium
|
||||
35 | File | `/medicines/profile.php` | High
|
||||
36 | File | `/menu.html` | Medium
|
||||
37 | File | `/modules/profile/index.php` | High
|
||||
38 | File | `/Moosikay/order.php` | High
|
||||
30 | File | `/HNAP1` | Low
|
||||
31 | File | `/HNAP1/SetClientInfo` | High
|
||||
32 | File | `/inc/topBarNav.php` | High
|
||||
33 | File | `/kelas/data` | Medium
|
||||
34 | File | `/medicines/profile.php` | High
|
||||
35 | File | `/menu.html` | Medium
|
||||
36 | File | `/modules/profile/index.php` | High
|
||||
37 | File | `/Moosikay/order.php` | High
|
||||
38 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
39 | File | `/reservation/add_message.php` | High
|
||||
40 | File | `/resources//../` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
|
||||
43 | File | `/sys/dict/queryTableData` | High
|
||||
44 | File | `/tmp` | Low
|
||||
45 | File | `/user/updatePwd` | High
|
||||
46 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
47 | ... | ... | ...
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 405 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 387 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -372,6 +372,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/8f6a2c5d17f924af5435f1d6c42d7af0cbf208fc0296184f1e95e79125cd6e17/
|
||||
* https://bazaar.abuse.ch/sample/8f24d9c22274b4ecfc02d537ba92f4337d94661586177b8222570e081beb3725/
|
||||
* https://bazaar.abuse.ch/sample/9a15be7c12fa6ae4a380bada990ab3024d55ec0c1e9fcf6935f18969a085ea6e/
|
||||
* https://bazaar.abuse.ch/sample/9a76aa2e38d05c282587ccce987482cd25bda872b0f63251ee11437d85151eea/
|
||||
* https://bazaar.abuse.ch/sample/9a16268c0e9fe89697c55cda80b2f09e9ba6a03ecf456daa07ddb89bef6eef5f/
|
||||
* https://bazaar.abuse.ch/sample/9ab929ac75e5c3627fd537aeb34d137b246129e5fad1158d845e4021ce6bb3e1/
|
||||
* https://bazaar.abuse.ch/sample/9ae1feeadd3edd6deee7789debbfb1798274151ab1734c07d86f6d837642cc93/
|
||||
|
@ -399,6 +400,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/29ab568f4dbe12031374e3dc4d2c56f76049297dc6c32123e9051f89431fa852/
|
||||
* https://bazaar.abuse.ch/sample/31c96cfddb7c596bde617d6c072551d0bf04d30b5bccddc5b97d76a4dac54347/
|
||||
* https://bazaar.abuse.ch/sample/31fa9f121ab7bb10a2a3f789c5e928e309912d1d76377cdde1d499524e472cb2/
|
||||
* https://bazaar.abuse.ch/sample/32f09deebef50eea2685d082cfaf67f9b0e8fd8a2c2afac56e383364f7aaa657/
|
||||
* https://bazaar.abuse.ch/sample/33e56b47d123955b3d5d820189a345f9b2b9b9fc394632689d48477357799fa7/
|
||||
* https://bazaar.abuse.ch/sample/34b404d9cb357730cca3c77261ab7f94c1189148d7d01cea376621051308713a/
|
||||
* https://bazaar.abuse.ch/sample/34c1646e2d0c27eaecb515e7b3d880a8eb0d548286d99e8460a37959b43ec7aa/
|
||||
|
@ -489,6 +491,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/716c8bae6e915d3096635bb6af81f44d8ca977447ec8efb099053633daf781f6/
|
||||
* https://bazaar.abuse.ch/sample/788db01a3b8ddbdfc3f82858e61102003ba23ebab2dc9a442fa681d4067812e4/
|
||||
* https://bazaar.abuse.ch/sample/798fd1cb5b6cf836d652a40c6863891381a2b5b7b07f29da33f1c60c14c8558a/
|
||||
* https://bazaar.abuse.ch/sample/816cc7c06ccc6b156f1709ddfded9605dc250afea795120055d7809efb7fda86/
|
||||
* https://bazaar.abuse.ch/sample/821daf19dc278c67757faf18294ab37b3358f68e1e67e27332c762162273d891/
|
||||
* https://bazaar.abuse.ch/sample/825c3aa67440f740887effe8f86e5d4e014eba94f9d8d756aa2c6767bd272eb9/
|
||||
* https://bazaar.abuse.ch/sample/846c42db64e10fa58af94e47bf5ba98497a0d518e7a49badb11151e3fa0d3b4f/
|
||||
|
@ -543,6 +546,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/92194a7fbc46e88dbb9876c458c742cb55426825d25ce7e01279b55927355d60/
|
||||
* https://bazaar.abuse.ch/sample/92838d046d9253542c557765602e0673ebadc74258f11f362e52a29cc74f778c/
|
||||
* https://bazaar.abuse.ch/sample/97587e55695db5f8f31133862969a7ce9a60757cfc2a097e89cd6fa8cc16c365/
|
||||
* https://bazaar.abuse.ch/sample/97854ff0a53e12a5520c938c04efa3821c91b77ee612d11cc8c0c4472b6b5c59/
|
||||
* https://bazaar.abuse.ch/sample/121191aea9560df7d2a365d4c94a524bbf94d69bc59b0e2ba9bfda93db50184c/
|
||||
* https://bazaar.abuse.ch/sample/143668b80a595ce4c4e886e5f18ae05afd7ccfa3ffe997070addae6bf25c7bdc/
|
||||
* https://bazaar.abuse.ch/sample/295001e0d25736437472a9111c3e77f332a21b688b8a1fc6403f8b956df9520d/
|
||||
|
@ -673,10 +677,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/d34acff690e42b6bb4ec5d1a43b2fafac9611a625643fa55926a48cdd0355f77/
|
||||
* https://bazaar.abuse.ch/sample/d49a93c84e608ea820329306c6fc9dd5e6e027fb2ea996f2a79d12f4626068a5/
|
||||
* https://bazaar.abuse.ch/sample/d55bba7134bb5b4f6ab2454b824d0555ebcb5acdcd06006cfc13e5b19f429ebc/
|
||||
* https://bazaar.abuse.ch/sample/d79ff4439211fb109459bf079b73f48bbff8b8f3aee84d7d536e74d3fde5e355/
|
||||
* https://bazaar.abuse.ch/sample/d113d6f2b3c4d7a9ddf1ca867e534c0f0388f198b0b17e9db067961008e1e038/
|
||||
* https://bazaar.abuse.ch/sample/d194f66a093586ecc369ace8e98312ab71cfd02928f89a4d730bafd2587e4248/
|
||||
* https://bazaar.abuse.ch/sample/d596edf37de6341d372093f89d34611a7f9af4ec9272891e5b31b75779f1f05e/
|
||||
* https://bazaar.abuse.ch/sample/d1959c7f86ff208f75b5c242b78fa5ecea3984062e8af3805c48f2e75597342c/
|
||||
* https://bazaar.abuse.ch/sample/d4485aef1c39003e874f76fab675dc2e6586b39ed5d74222f36a47021f3ff73e/
|
||||
* https://bazaar.abuse.ch/sample/d6051c0f7391dacd4ae8a2613458828b4769c7e60e4f571e8754ed25f42ec65e/
|
||||
* https://bazaar.abuse.ch/sample/d6919fae25fb5691e7a0065e485d64c2946a8524ec1566e13f11580ae8d51074/
|
||||
* https://bazaar.abuse.ch/sample/d424799342b67ab3eb6fa9b5aa3ada2501faf25e8774bd9bc4b22c42a92f8405/
|
||||
|
|
|
@ -21,89 +21,91 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.82.108.57](https://vuldb.com/?ip.3.82.108.57) | ec2-3-82-108-57.compute-1.amazonaws.com | - | Medium
|
||||
2 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
3 | [3.236.161.7](https://vuldb.com/?ip.3.236.161.7) | ec2-3-236-161-7.compute-1.amazonaws.com | - | Medium
|
||||
4 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
5 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
|
||||
6 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
|
||||
7 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
|
||||
8 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
|
||||
9 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
|
||||
10 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
|
||||
11 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
|
||||
12 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
|
||||
13 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
|
||||
14 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
|
||||
15 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
|
||||
16 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
|
||||
17 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
|
||||
18 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
|
||||
19 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
|
||||
20 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
|
||||
21 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
22 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
23 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
24 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
25 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
26 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
27 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
|
||||
28 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
29 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
30 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
|
||||
31 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
|
||||
32 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
|
||||
33 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
|
||||
34 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
|
||||
35 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
|
||||
36 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
|
||||
37 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
|
||||
38 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
|
||||
39 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
|
||||
40 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
|
||||
41 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
|
||||
42 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
|
||||
43 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
|
||||
44 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
|
||||
45 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
46 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
47 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
48 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
49 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
50 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
|
||||
51 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
|
||||
52 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
|
||||
53 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
|
||||
54 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
|
||||
55 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
|
||||
56 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
|
||||
57 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
|
||||
58 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
|
||||
59 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
|
||||
60 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
|
||||
61 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
|
||||
62 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
|
||||
63 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
|
||||
64 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
65 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
|
||||
66 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
|
||||
67 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
|
||||
68 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
|
||||
69 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
|
||||
70 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
|
||||
71 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
|
||||
72 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
|
||||
73 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
|
||||
74 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
|
||||
75 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
|
||||
76 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
|
||||
77 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
|
||||
78 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
|
||||
79 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
|
||||
80 | [45.128.156.43](https://vuldb.com/?ip.45.128.156.43) | buyetcapp.store | - | High
|
||||
81 | ... | ... | ... | ...
|
||||
1 | [3.72.105.50](https://vuldb.com/?ip.3.72.105.50) | ec2-3-72-105-50.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
2 | [3.82.108.57](https://vuldb.com/?ip.3.82.108.57) | ec2-3-82-108-57.compute-1.amazonaws.com | - | Medium
|
||||
3 | [3.109.108.143](https://vuldb.com/?ip.3.109.108.143) | ec2-3-109-108-143.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
4 | [3.134.86.154](https://vuldb.com/?ip.3.134.86.154) | ec2-3-134-86-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
5 | [3.236.161.7](https://vuldb.com/?ip.3.236.161.7) | ec2-3-236-161-7.compute-1.amazonaws.com | - | Medium
|
||||
6 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
7 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
|
||||
8 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
|
||||
9 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
|
||||
10 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
|
||||
11 | [5.181.20.110](https://vuldb.com/?ip.5.181.20.110) | - | - | High
|
||||
12 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
|
||||
13 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
|
||||
14 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
|
||||
15 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
|
||||
16 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
|
||||
17 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
|
||||
18 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
|
||||
19 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
|
||||
20 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
|
||||
21 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
|
||||
22 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
|
||||
23 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
|
||||
24 | [13.38.37.128](https://vuldb.com/?ip.13.38.37.128) | ec2-13-38-37-128.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
25 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
26 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
27 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
28 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
29 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
30 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
31 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
|
||||
32 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
33 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
34 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
|
||||
35 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
|
||||
36 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
|
||||
37 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
|
||||
38 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
|
||||
39 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
|
||||
40 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
|
||||
41 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
|
||||
42 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
|
||||
43 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
|
||||
44 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
|
||||
45 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
|
||||
46 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
|
||||
47 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
|
||||
48 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
|
||||
49 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
50 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
51 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
52 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
53 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
54 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
|
||||
55 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
|
||||
56 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
|
||||
57 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
|
||||
58 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
|
||||
59 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
|
||||
60 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
|
||||
61 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
|
||||
62 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
|
||||
63 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
|
||||
64 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
|
||||
65 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
|
||||
66 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
|
||||
67 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
|
||||
68 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
69 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
|
||||
70 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
|
||||
71 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
|
||||
72 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
|
||||
73 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
|
||||
74 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
|
||||
75 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
|
||||
76 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
|
||||
77 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
|
||||
78 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
|
||||
79 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
|
||||
80 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
|
||||
81 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
|
||||
82 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
|
||||
83 | ... | ... | ... | ...
|
||||
|
||||
There are 318 more IOC items available. Please use our online service to access the data.
|
||||
There are 329 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -201,6 +203,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c0be0b8925a769e0d6d7d541a26d380d3e462752c3a4b0a90a230020a2283bcc%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c0ce6a1b2387e7593f84ea25fda98899c79d00e481fb2f3809cbebac820b2999%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c9cb3353676114a2dd6f4336677a34d369604ac9be7038ce76e0a189e1f4983e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c37cae2ad2e1f96cc5f86bfe8369418d4b7551818f755057996c8e8e8c57e1ed%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c65e53ea76a8af7ec4f704fd953d3901397d213fbb00a0a5815b95b1a4ff62c6%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c66b5d341d656ef280c1095374c3982ecca1807bc119250be97a527d060a7639%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22c95ac37769cf63560afea658b9d5305ab163ef194900b21995ca850a0653cb49%22
|
||||
|
@ -225,10 +228,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e02965151a24e098e731890d714cf7512a4d8bd3f61f2edb24e2d2a388784a6e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e079e26331ab421908da3c609f1aa97d58b6c030150498c74aace849c9d7aa12%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e1caf0308e9eb8602a988b80c1cc99b11123733769ffe2f970d969a5421e4c31%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e2e7399fae3b50cfb2d9f2055430ef5a10ff15f8f05e5b090615af121fef0454%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e9ee059af7f17eb82141660167684b7b3e4a4513996fa9b27d918c13b78a4def%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e9fe9545a439564a7c1052eb0e572b8b41609b0f0d96238cff2b8ff567612836%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e51ba208f09bc6e4626291120c559fd76abf1acca7be95a3b9317585f46b1176%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e68b22310a3b37aa797514afcc489366347af5666d9afe3d83b770693173fc2f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e4357b9507e9ddd2dd566551d30a8d495fea13c42a8df96ce2584eb5cde36dbb%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e8171da4f1059e0b1e48d8ec788a975159f28a0bdc27b4cdba014fb55aa6f236%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e8751ab788f4ff73d0facc30a0b2ec5ea37a18fce1b1aa38f8eadcec19745a5e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22e62160ae86ff880d0516811cb33e8fe31949daf9dee136cec2a96b72dd115518%22
|
||||
|
@ -253,6 +258,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220e7705888a9000b0a2c8ca2a4846d890920d19bd6af9c50fb34668b4673f54c7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220ebaabf79ecaccb878e0ecc68b6c868ef047ac8735a3347ff892c3420b47803f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221af6ae62dca201286d4b11ee20fd1e8dcf343d2e8500de51f9175bcf3d12e06f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221b6d4e3302e4407da1693a4e39b4d352656e2fd7053af0c46a6ae9be62e77a9c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221bd713b603ea09badad645fd38c8e9f75629d122cd81fcecd00ab2a5933feeea%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221de69dde6fa4833818869e3a6b2fb9ee251f63d6692988fc3ba7dcd2ae275200%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221ebe4f6c1b7578cfae6d609d2dc69913cb0ca7fade5c6ae3d4f116e145f50f4d%22
|
||||
|
@ -277,6 +283,9 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226c6d464110a46f813722131e8cce268bdccfdfeb705ce25fcc51cabe0b88c8e4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226cbb0cef1838f2b253613796470b7fcc3cd4453d3f5be8220aeda52f383fb781%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226d64edc2a8867b924b85d762657e103ad3338e1bd40b3ffca92633df41e9003e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226e1be457dd210298ad9a471567719e10a579b0f4dd460b24e4119a3ed4cc0bf9%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226e4cdc8e537f39275794ab6a39fe278051f6fe3738c78440a24fc9d6b70b078a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226e260640cd33793e08329bde5c227e42484ec78185bd0a4970dd10d4ddd2a8de%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226ff2935c1dc9d4750155451ca7a63c9183335d11a97bd53c7b3bef1c30dadbe5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227b15ca0e6613e8f7b008165d20fb40bdbc31805143ff35636dfd60b27eba719d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227c0104c32dbf057cc59cd672786089d020422bd85264a8f0a69a57f98e7105c9%22
|
||||
|
@ -284,14 +293,17 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227d187d521097b1c7fa30d78d0691f33e845069d0b4c6522f81b1ff96e93e920a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227dc2846444a74b2a4090fea4c48a5e5e8d04ae81be94fac62ce50af24701b83b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%227de4a51d9fd29fe60f6e79a8dd16ca21fd1250a3f76015fca9f1ced7e407ffd3%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228d0a7fb11481882ec86b2711cbf989ed7df024485bb4ad230222ff4ebde80e77%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228d99137fde73683c67b4701cfb75b61cc42a23858d065a47a8e7ae01e6070140%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%228f532fe8babcbda860f2916592d90b128b327990fd75e34dff68204efc1c6a47%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ae1a707bdb87aa40ec1139533ee543b5bcdf6ce89f7b9c560520d5868e5353e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229c71fdb3c7ac17591c355ba028b6a86f243246fac32eb07af552199037c2faf2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229ccaaf6ad700e922565d1947ac46839e4a8c8a18af7a94605f4ebfcbb916b4f4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229e470e79949459e89b8fb0a496c6d21614c54148e7b5bf0d311f55ae225b8b5b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%229f280c1d40c86e88f341db63b3a55cae35bdfcf345744a9006aa0410ca9a3bd2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2206fc02e9726474160349c6e7e545bf03d18ada8f74a3fa1159f9fb25a48e5b74%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2207deb33f61bd7d79b0217dbeff588f3f08f262da0432ac97430a582b6ed2f364%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2209ae17b8d2b01e133acca4ada71af97af40c215071d27a8b6fd1115876baecc4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2210a89450a5e9101d0a34a222fe35f37f56d8ce9714db8622d3cdb6a9a8939cc5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2213fec9dcab49872fcfa8dc703a7baca213497abb1b5a2f8862be0aa1a9e93c83%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2214c9b49486497c56292f24e25801ed4f76998d4798ca51d801a666b0e2a397d6%22
|
||||
|
@ -310,6 +322,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2268f411f453d0f7b4595ea53fd239846565cb3e26eed99a5dcf2173256669bfb6%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2271ca588dc1a7dfbc4cf99efa295310fcb598c20bd5213a8a1af6f7f41d3fb944%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2277f6340d0bf20df9da3554448d58f092560efd91b2d9665fffe294cabbdf40fd%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2278df08112145051aa43df87bf618898a4de212658492b2f7555b5e1099f83d19%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2279ad05f691ad8394b1b2a9bfd89f5d90bb61d54d67d07ae3d3a1decc41bf9432%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2280b4844cfce9fcfaaa849478a079e757eff4c268a26c6895c2a1dd4099fcd5d4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2284dd10727e6b29b3278e3f64dbbab293711957835f23cc755b3226b58ec5ef51%22
|
||||
|
@ -359,7 +372,9 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2201031e2c5206b868aef93bfc97e7f336daaf90f54518e95bcc5c81806a53a536%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2212414ffbbb9d89905eccbb3529cbeec829e492e21f7f8ccce902eebb05061e59%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2220743d0b9dbb07cafe875ba9ed1642b630c421c4956b20f3fb7a127b39350b9f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2227618be62f75be7fe32e7bdf9ee57f1a4762bc45f79a255b77ccd4f943c6ec37%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2231081cb136ebb7f4be19b67a6276964bc79ced2809af089006aaa67d74d7db80%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2234127f3774e3587aff519739334fc5ad92b883b66c70472f91b34b3dc89e81ce%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2241602f8a75499891647fe9c8112af946a12c2b8beefa40470437092c7b388fb4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2254642a2cadab34dace47c29b487e9e43c4b478efdd16ee409d14838b8fa89b91%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2268976f0a08c0ebe81aad2a831b31ad8da59c5293658b60e5d359451d6c7e487a%22
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -44,7 +44,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -52,50 +52,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/doctors.php` | High
|
||||
6 | File | `/admin/submit-articles` | High
|
||||
7 | File | `/ad_js.php` | Medium
|
||||
8 | File | `/alphaware/summary.php` | High
|
||||
9 | File | `/api/` | Low
|
||||
10 | File | `/api/admin/store/product/list` | High
|
||||
11 | File | `/api/v2/cli/commands` | High
|
||||
12 | File | `/app/options.py` | High
|
||||
13 | File | `/attachments` | Medium
|
||||
14 | File | `/boat/login.php` | High
|
||||
15 | File | `/bsms_ci/index.php/book` | High
|
||||
16 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
17 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
18 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
19 | File | `/dashboard/reports/logs/view` | High
|
||||
20 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/etc/hosts` | Medium
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/goform/setmac` | High
|
||||
25 | File | `/goform/wizard_end` | High
|
||||
26 | File | `/manage-apartment.php` | High
|
||||
27 | File | `/medicines/profile.php` | High
|
||||
28 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
29 | File | `/out.php` | Medium
|
||||
30 | File | `/owa/auth/logon.aspx` | High
|
||||
31 | File | `/pages/apply_vacancy.php` | High
|
||||
32 | File | `/pet_shop/admin/?page=maintenance/manage_category` | High
|
||||
33 | File | `/proc/<PID>/mem` | High
|
||||
34 | File | `/proxy` | Low
|
||||
35 | File | `/reservation/add_message.php` | High
|
||||
36 | File | `/spip.php` | Medium
|
||||
37 | File | `/tmp` | Low
|
||||
38 | File | `/uncpath/` | Medium
|
||||
39 | File | `/upload` | Low
|
||||
40 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
41 | File | `/vendor/views/add_product.php` | High
|
||||
42 | ... | ... | ...
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/ad_js.php` | Medium
|
||||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/attachments` | Medium
|
||||
15 | File | `/bin/ate` | Medium
|
||||
16 | File | `/boat/login.php` | High
|
||||
17 | File | `/bsms_ci/index.php/book` | High
|
||||
18 | File | `/cgi-bin` | Medium
|
||||
19 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
21 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
22 | File | `/dashboard/reports/logs/view` | High
|
||||
23 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/DXR.axd` | Medium
|
||||
26 | File | `/env` | Low
|
||||
27 | File | `/etc/hosts` | Medium
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/goform/setmac` | High
|
||||
30 | File | `/goform/wizard_end` | High
|
||||
31 | File | `/manage-apartment.php` | High
|
||||
32 | File | `/medicines/profile.php` | High
|
||||
33 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
34 | File | `/out.php` | Medium
|
||||
35 | File | `/owa/auth/logon.aspx` | High
|
||||
36 | File | `/pages/apply_vacancy.php` | High
|
||||
37 | File | `/pet_shop/admin/?page=maintenance/manage_category` | High
|
||||
38 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
39 | File | `/proc/<PID>/mem` | High
|
||||
40 | File | `/proxy` | Low
|
||||
41 | File | `/reservation/add_message.php` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/tmp` | Low
|
||||
44 | File | `/uncpath/` | Medium
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 360 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 392 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -44,20 +44,21 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
21 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
22 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
23 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
24 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
25 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
26 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
27 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
28 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
29 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
30 | [23.254.167.32](https://vuldb.com/?ip.23.254.167.32) | hwsrv-1075866.hostwindsdns.com | - | High
|
||||
31 | [31.42.189.61](https://vuldb.com/?ip.31.42.189.61) | caponystmodo.live | - | High
|
||||
32 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
|
||||
33 | [34.195.122.225](https://vuldb.com/?ip.34.195.122.225) | ec2-34-195-122-225.compute-1.amazonaws.com | - | Medium
|
||||
34 | [34.206.147.4](https://vuldb.com/?ip.34.206.147.4) | ec2-34-206-147-4.compute-1.amazonaws.com | - | Medium
|
||||
35 | ... | ... | ... | ...
|
||||
24 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
25 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
26 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
27 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
28 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
29 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
30 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
31 | [23.254.167.32](https://vuldb.com/?ip.23.254.167.32) | hwsrv-1075866.hostwindsdns.com | - | High
|
||||
32 | [24.199.89.40](https://vuldb.com/?ip.24.199.89.40) | - | - | High
|
||||
33 | [24.199.118.20](https://vuldb.com/?ip.24.199.118.20) | airy-fuse.autonode.net | - | High
|
||||
34 | [31.42.189.61](https://vuldb.com/?ip.31.42.189.61) | caponystmodo.live | - | High
|
||||
35 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
|
||||
36 | ... | ... | ... | ...
|
||||
|
||||
There are 134 more IOC items available. Please use our online service to access the data.
|
||||
There are 141 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -125,29 +126,24 @@ ID | Type | Indicator | Confidence
|
|||
43 | File | `/uncpath/` | Medium
|
||||
44 | File | `/uploads/exam_question/` | High
|
||||
45 | File | `/user/updatePwd` | High
|
||||
46 | File | `/user/update_booking.php` | High
|
||||
47 | File | `/var/lib/docker/<remapping>` | High
|
||||
48 | File | `/wireless/security.asp` | High
|
||||
49 | File | `/wp-admin/admin-ajax.php` | High
|
||||
50 | File | `01article.php` | High
|
||||
51 | File | `a-forms.php` | Medium
|
||||
52 | File | `AbstractScheduleJob.java` | High
|
||||
53 | File | `actionphp/download.File.php` | High
|
||||
54 | File | `activenews_view.asp` | High
|
||||
55 | File | `adclick.php` | Medium
|
||||
56 | File | `admin.a6mambocredits.php` | High
|
||||
57 | File | `admin.cropcanvas.php` | High
|
||||
58 | File | `admin.php` | Medium
|
||||
59 | File | `admin/abc.php` | High
|
||||
60 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
61 | File | `admin/admin/adminsave.html` | High
|
||||
62 | File | `admin/asset/grid-proxy` | High
|
||||
63 | File | `admin/auditTrail.jsf` | High
|
||||
64 | File | `admin/conf_users_edit.php` | High
|
||||
65 | File | `admin/disapprove_user.php` | High
|
||||
66 | ... | ... | ...
|
||||
46 | File | `/var/lib/docker/<remapping>` | High
|
||||
47 | File | `/wireless/security.asp` | High
|
||||
48 | File | `/wp-admin/admin-ajax.php` | High
|
||||
49 | File | `01article.php` | High
|
||||
50 | File | `a-forms.php` | Medium
|
||||
51 | File | `AbstractScheduleJob.java` | High
|
||||
52 | File | `actionphp/download.File.php` | High
|
||||
53 | File | `activenews_view.asp` | High
|
||||
54 | File | `adclick.php` | Medium
|
||||
55 | File | `admin.a6mambocredits.php` | High
|
||||
56 | File | `admin.cropcanvas.php` | High
|
||||
57 | File | `admin.php` | Medium
|
||||
58 | File | `admin/abc.php` | High
|
||||
59 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
60 | File | `admin/admin/adminsave.html` | High
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 574 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 536 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -170,10 +166,13 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/18.176.20.234
|
||||
* https://search.censys.io/hosts/18.176.35.161
|
||||
* https://search.censys.io/hosts/18.177.226.88
|
||||
* https://search.censys.io/hosts/18.178.161.19
|
||||
* https://search.censys.io/hosts/18.178.244.246
|
||||
* https://search.censys.io/hosts/18.182.126.252
|
||||
* https://search.censys.io/hosts/18.188.54.77
|
||||
* https://search.censys.io/hosts/18.208.87.99
|
||||
* https://search.censys.io/hosts/24.199.89.40
|
||||
* https://search.censys.io/hosts/24.199.118.20
|
||||
* https://search.censys.io/hosts/31.42.189.61
|
||||
* https://search.censys.io/hosts/34.206.147.4
|
||||
* https://search.censys.io/hosts/35.72.0.113
|
||||
|
@ -187,6 +186,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/37.119.57.169
|
||||
* https://search.censys.io/hosts/37.119.57.195
|
||||
* https://search.censys.io/hosts/43.207.8.102
|
||||
* https://search.censys.io/hosts/47.115.215.203
|
||||
* https://search.censys.io/hosts/47.252.28.13
|
||||
* https://search.censys.io/hosts/50.16.83.73
|
||||
* https://search.censys.io/hosts/50.116.29.40
|
||||
|
@ -202,6 +202,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/52.196.8.3
|
||||
* https://search.censys.io/hosts/52.196.36.24
|
||||
* https://search.censys.io/hosts/52.197.43.5
|
||||
* https://search.censys.io/hosts/52.197.222.201
|
||||
* https://search.censys.io/hosts/52.198.154.115
|
||||
* https://search.censys.io/hosts/52.198.193.213
|
||||
* https://search.censys.io/hosts/54.65.93.113
|
||||
|
@ -218,8 +219,11 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/54.249.158.59
|
||||
* https://search.censys.io/hosts/54.249.216.44
|
||||
* https://search.censys.io/hosts/64.226.109.199
|
||||
* https://search.censys.io/hosts/74.234.98.215
|
||||
* https://search.censys.io/hosts/74.235.81.74
|
||||
* https://search.censys.io/hosts/82.84.39.65
|
||||
* https://search.censys.io/hosts/87.121.221.22
|
||||
* https://search.censys.io/hosts/94.102.49.64
|
||||
* https://search.censys.io/hosts/94.198.97.58
|
||||
* https://search.censys.io/hosts/103.25.188.178
|
||||
* https://search.censys.io/hosts/104.168.117.105
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -69,7 +69,7 @@ ID | Type | Indicator | Confidence
|
|||
19 | File | `admin/orion.extfeedbackform_efbf_forms.php` | High
|
||||
20 | ... | ... | ...
|
||||
|
||||
There are 165 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 166 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -4922,14 +4922,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28, CWE-36, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -4939,62 +4939,117 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/cashadvance_row.php` | High
|
||||
6 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/report/index.php` | High
|
||||
9 | File | `/admin/userprofile.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/cgi-bin` | Medium
|
||||
15 | File | `/cgi-bin/wapopen` | High
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/classes/Master.php?f=delete_service` | High
|
||||
18 | File | `/classes/Master.php?f=save_course` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
21 | File | `/Electron/download` | High
|
||||
22 | File | `/feeds/post/publish` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
25 | File | `/inc/topBarNav.php` | High
|
||||
26 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
27 | File | `/index.php?page=category_list` | High
|
||||
28 | File | `/KK_LS9ReportingPortal/GetData` | High
|
||||
29 | File | `/lan.asp` | Medium
|
||||
30 | File | `/Moosikay/order.php` | High
|
||||
31 | File | `/opac/Actions.php?a=login` | High
|
||||
32 | File | `/PreviewHandler.ashx` | High
|
||||
33 | File | `/proxy` | Low
|
||||
34 | File | `/public/launchNewWindow.jsp` | High
|
||||
35 | File | `/reservation/add_message.php` | High
|
||||
36 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
37 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
38 | File | `/spip.php` | Medium
|
||||
39 | File | `/text/pdf/PdfReader.java` | High
|
||||
40 | File | `/user/updatePwd` | High
|
||||
41 | File | `/vaccinated/admin/maintenance/manage_location.php` | High
|
||||
42 | File | `/wireless/security.asp` | High
|
||||
43 | File | `/wp-admin/admin-ajax.php` | High
|
||||
44 | File | `a-forms.php` | Medium
|
||||
45 | File | `AcquisiAction.class.php` | High
|
||||
46 | File | `activenews_view.asp` | High
|
||||
47 | File | `adclick.php` | Medium
|
||||
48 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
|
||||
49 | File | `admin.a6mambocredits.php` | High
|
||||
50 | File | `admin.cropcanvas.php` | High
|
||||
51 | File | `admin.jcomments.php` | High
|
||||
52 | File | `admin/?page=students/view_student` | High
|
||||
53 | File | `admin/ajax/op_kandidat.php` | High
|
||||
54 | File | `admin/asset/grid-proxy` | High
|
||||
55 | File | `admin/auditTrail.jsf` | High
|
||||
56 | ... | ... | ...
|
||||
3 | File | `/?r=email/api/mark&op=delFromSend` | High
|
||||
4 | File | `/?r=report/api/getlist` | High
|
||||
5 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
6 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
7 | File | `/admin/?page=reminders/view_reminder` | High
|
||||
8 | File | `/admin/?page=system_info` | High
|
||||
9 | File | `/admin/?page=user` | High
|
||||
10 | File | `/admin/?page=user/list` | High
|
||||
11 | File | `/admin/?page=user/manage` | High
|
||||
12 | File | `/admin/add-new.php` | High
|
||||
13 | File | `/admin/admin.php` | High
|
||||
14 | File | `/admin/ajax.php?action=save_area` | High
|
||||
15 | File | `/admin/assign/assign.php` | High
|
||||
16 | File | `/admin/attendance_row.php` | High
|
||||
17 | File | `/admin/ballot_down.php` | High
|
||||
18 | File | `/admin/ballot_up.php` | High
|
||||
19 | File | `/admin/bookings/manage_booking.php` | High
|
||||
20 | File | `/admin/bookings/view_booking.php` | High
|
||||
21 | File | `/admin/bookings/view_details.php` | High
|
||||
22 | File | `/admin/budget/manage_budget.php` | High
|
||||
23 | File | `/admin/candidates_row.php` | High
|
||||
24 | File | `/admin/cashadvance_row.php` | High
|
||||
25 | File | `/admin/categories/manage_category.php` | High
|
||||
26 | File | `/admin/categories/view_category.php` | High
|
||||
27 | File | `/admin/config_save.php` | High
|
||||
28 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
29 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
30 | File | `/admin/deduction_row.php` | High
|
||||
31 | File | `/admin/departments/view_department.php` | High
|
||||
32 | File | `/admin/doctors.php` | High
|
||||
33 | File | `/admin/edit-doc.php` | High
|
||||
34 | File | `/admin/edit_subject.php` | High
|
||||
35 | File | `/admin/employee_add.php` | High
|
||||
36 | File | `/admin/employee_edit.php` | High
|
||||
37 | File | `/admin/employee_row.php` | High
|
||||
38 | File | `/admin/forgot-password.php` | High
|
||||
39 | File | `/admin/getallarticleinfo` | High
|
||||
40 | File | `/admin/index.php` | High
|
||||
41 | File | `/admin/index3.php` | High
|
||||
42 | File | `/admin/info_deal.php` | High
|
||||
43 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
44 | File | `/admin/inventory/manage_stock.php` | High
|
||||
45 | File | `/admin/login.php` | High
|
||||
46 | File | `/admin/maintenance/view_designation.php` | High
|
||||
47 | File | `/admin/manage_academic.php` | High
|
||||
48 | File | `/admin/offenses/view_details.php` | High
|
||||
49 | File | `/admin/orders/update_status.php` | High
|
||||
50 | File | `/admin/patient.php` | High
|
||||
51 | File | `/admin/positions_add.php` | High
|
||||
52 | File | `/admin/positions_delete.php` | High
|
||||
53 | File | `/admin/positions_row.php` | High
|
||||
54 | File | `/admin/products/index.php` | High
|
||||
55 | File | `/admin/products/manage_product.php` | High
|
||||
56 | File | `/admin/products/view_product.php` | High
|
||||
57 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
58 | File | `/admin/robot/approval/list` | High
|
||||
59 | File | `/admin/sales/manage_sale.php` | High
|
||||
60 | File | `/admin/sales/view_details.php` | High
|
||||
61 | File | `/admin/save_teacher.php` | High
|
||||
62 | File | `/admin/service.php` | High
|
||||
63 | File | `/admin/services/manage_service.php` | High
|
||||
64 | File | `/admin/services/view_service.php` | High
|
||||
65 | File | `/admin/students/view_details.php` | High
|
||||
66 | File | `/admin/suppliers/view_details.php` | High
|
||||
67 | File | `/admin/upload` | High
|
||||
68 | File | `/admin/user/manage_user.php` | High
|
||||
69 | File | `/admin/userprofile.php` | High
|
||||
70 | File | `/admin/voters_row.php` | High
|
||||
71 | File | `/admin_system/api.php` | High
|
||||
72 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
73 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
74 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
75 | File | `/adms/classes/Users.php` | High
|
||||
76 | File | `/ajax.php?action=read_msg` | High
|
||||
77 | File | `/ajax.php?action=save_company` | High
|
||||
78 | File | `/alphaware/summary.php` | High
|
||||
79 | File | `/analysisProject/pagingQueryData` | High
|
||||
80 | File | `/api/admin/store/product/list` | High
|
||||
81 | File | `/api/admin/system/store/order/list` | High
|
||||
82 | File | `/api/stl/actions/search` | High
|
||||
83 | File | `/APR/signup.php` | High
|
||||
84 | File | `/author/list?limit=10&offset=0&order=desc` | High
|
||||
85 | File | `/bin/ate` | Medium
|
||||
86 | File | `/boafrm/formFilter` | High
|
||||
87 | File | `/boat/login.php` | High
|
||||
88 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
89 | File | `/cas/logout` | Medium
|
||||
90 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
91 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
92 | File | `/cgi-bin/ping.cgi` | High
|
||||
93 | File | `/classes/Master.php` | High
|
||||
94 | File | `/classes/Master.php?f=delete_category` | High
|
||||
95 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
96 | File | `/classes/master.php?f=delete_order` | High
|
||||
97 | File | `/classes/Master.php?f=save_brand` | High
|
||||
98 | File | `/classes/Master.php?f=save_service` | High
|
||||
99 | File | `/classes/Master.php?f=save_sub_category` | High
|
||||
100 | File | `/classes/Users.php` | High
|
||||
101 | File | `/classes/Users.phpp` | High
|
||||
102 | File | `/common/sysFile/list` | High
|
||||
103 | File | `/config/myfield/test.php` | High
|
||||
104 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
105 | File | `/dayrui/My/Config/Install.txt` | High
|
||||
106 | File | `/dayrui/My/View/main.html` | High
|
||||
107 | File | `/dosen/data` | Medium
|
||||
108 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
109 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
110 | File | `/ecommerce/admin/settings/setDiscount.php` | High
|
||||
111 | ... | ... | ...
|
||||
|
||||
There are 492 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 982 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -33,13 +33,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -47,50 +47,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/?p=products` | Medium
|
||||
4 | File | `/action/wirelessConnect` | High
|
||||
5 | File | `/admin` | Low
|
||||
6 | File | `/admin-ajax.php?action=eps_redirect_save` | High
|
||||
7 | File | `/admin/assign/assign.php` | High
|
||||
8 | File | `/admin/cashadvance_row.php` | High
|
||||
9 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
10 | File | `/admin/departments/view_department.php` | High
|
||||
11 | File | `/admin/login.php` | High
|
||||
12 | File | `/admin/maintenance/view_designation.php` | High
|
||||
13 | File | `/admin/patient.php` | High
|
||||
14 | File | `/admin/suppliers/view_details.php` | High
|
||||
15 | File | `/admin/user/manage_user.php` | High
|
||||
16 | File | `/admin/user/uploadImg` | High
|
||||
17 | File | `/api/admin/store/product/list` | High
|
||||
18 | File | `/as/authorization.oauth2` | High
|
||||
19 | File | `/cgi-bin/kerbynet` | High
|
||||
20 | File | `/cgi-bin/luci/api/auth` | High
|
||||
21 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/action/wirelessConnect` | High
|
||||
4 | File | `/admin-ajax.php?action=eps_redirect_save` | High
|
||||
5 | File | `/admin/assign/assign.php` | High
|
||||
6 | File | `/admin/cashadvance_row.php` | High
|
||||
7 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
8 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
9 | File | `/admin/departments/view_department.php` | High
|
||||
10 | File | `/admin/login.php` | High
|
||||
11 | File | `/admin/maintenance/view_designation.php` | High
|
||||
12 | File | `/admin/suppliers/view_details.php` | High
|
||||
13 | File | `/admin/user/manage_user.php` | High
|
||||
14 | File | `/admin/user/uploadImg` | High
|
||||
15 | File | `/api/admin/store/product/list` | High
|
||||
16 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
17 | File | `/authenticationendpoint/login.do` | High
|
||||
18 | File | `/bin/login` | Medium
|
||||
19 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
20 | File | `/cgi-bin/kerbynet` | High
|
||||
21 | File | `/cgi-bin/luci` | High
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/churchcrm/EventAttendance.php` | High
|
||||
24 | File | `/classes/Master.php` | High
|
||||
25 | File | `/classes/Master.php?f=delete_item` | High
|
||||
26 | File | `/config/getuser` | High
|
||||
27 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
28 | File | `/DXR.axd` | Medium
|
||||
29 | File | `/filemanager/php/connector.php` | High
|
||||
30 | File | `/forms/doLogin` | High
|
||||
31 | File | `/forum/away.php` | High
|
||||
32 | File | `/licenses` | Medium
|
||||
23 | File | `/classes/Master.php` | High
|
||||
24 | File | `/classes/Master.php?f=delete_item` | High
|
||||
25 | File | `/config/getuser` | High
|
||||
26 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
27 | File | `/forms/doLogin` | High
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/lan.asp` | Medium
|
||||
31 | File | `/licenses` | Medium
|
||||
32 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
33 | File | `/login/index.php` | High
|
||||
34 | File | `/mhds/clinic/view_details.php` | High
|
||||
35 | File | `/mims/login.php` | High
|
||||
36 | File | `/modules/projects/vw_files.php` | High
|
||||
37 | File | `/plain` | Low
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/qsr_server/device/reboot` | High
|
||||
40 | File | `/rukovoditel/index.php?module=users/login` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | ... | ... | ...
|
||||
34 | File | `/mc` | Low
|
||||
35 | File | `/menu.html` | Medium
|
||||
36 | File | `/mims/login.php` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/php-inventory-management-system/product.php` | High
|
||||
39 | File | `/public/launchNewWindow.jsp` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 366 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 342 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -21,23 +21,24 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.196.13.29](https://vuldb.com/?ip.5.196.13.29) | 29.ip-5-196-13.eu | - | High
|
||||
2 | [5.196.23.240](https://vuldb.com/?ip.5.196.23.240) | 240.ip-5-196-23.eu | - | High
|
||||
3 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
4 | [18.210.126.40](https://vuldb.com/?ip.18.210.126.40) | ec2-18-210-126-40.compute-1.amazonaws.com | - | Medium
|
||||
5 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
|
||||
6 | [23.21.76.253](https://vuldb.com/?ip.23.21.76.253) | ec2-23-21-76-253.compute-1.amazonaws.com | - | Medium
|
||||
7 | [23.21.126.66](https://vuldb.com/?ip.23.21.126.66) | ec2-23-21-126-66.compute-1.amazonaws.com | - | Medium
|
||||
8 | [23.21.140.41](https://vuldb.com/?ip.23.21.140.41) | ec2-23-21-140-41.compute-1.amazonaws.com | - | Medium
|
||||
9 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
|
||||
10 | [49.12.80.38](https://vuldb.com/?ip.49.12.80.38) | static.38.80.12.49.clients.your-server.de | - | High
|
||||
11 | [49.12.80.40](https://vuldb.com/?ip.49.12.80.40) | static.40.80.12.49.clients.your-server.de | - | High
|
||||
12 | [50.19.96.218](https://vuldb.com/?ip.50.19.96.218) | ec2-50-19-96-218.compute-1.amazonaws.com | - | Medium
|
||||
13 | [50.19.252.36](https://vuldb.com/?ip.50.19.252.36) | ec2-50-19-252-36.compute-1.amazonaws.com | - | Medium
|
||||
14 | [51.15.54.102](https://vuldb.com/?ip.51.15.54.102) | 102-54-15-51.instances.scw.cloud | - | High
|
||||
15 | ... | ... | ... | ...
|
||||
1 | [4.4.0.0](https://vuldb.com/?ip.4.4.0.0) | - | - | High
|
||||
2 | [5.196.13.29](https://vuldb.com/?ip.5.196.13.29) | 29.ip-5-196-13.eu | - | High
|
||||
3 | [5.196.23.240](https://vuldb.com/?ip.5.196.23.240) | 240.ip-5-196-23.eu | - | High
|
||||
4 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
5 | [18.210.126.40](https://vuldb.com/?ip.18.210.126.40) | ec2-18-210-126-40.compute-1.amazonaws.com | - | Medium
|
||||
6 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
|
||||
7 | [23.21.76.253](https://vuldb.com/?ip.23.21.76.253) | ec2-23-21-76-253.compute-1.amazonaws.com | - | Medium
|
||||
8 | [23.21.126.66](https://vuldb.com/?ip.23.21.126.66) | ec2-23-21-126-66.compute-1.amazonaws.com | - | Medium
|
||||
9 | [23.21.140.41](https://vuldb.com/?ip.23.21.140.41) | ec2-23-21-140-41.compute-1.amazonaws.com | - | Medium
|
||||
10 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
|
||||
11 | [49.12.80.38](https://vuldb.com/?ip.49.12.80.38) | static.38.80.12.49.clients.your-server.de | - | High
|
||||
12 | [49.12.80.40](https://vuldb.com/?ip.49.12.80.40) | static.40.80.12.49.clients.your-server.de | - | High
|
||||
13 | [50.19.96.218](https://vuldb.com/?ip.50.19.96.218) | ec2-50-19-96-218.compute-1.amazonaws.com | - | Medium
|
||||
14 | [50.19.252.36](https://vuldb.com/?ip.50.19.252.36) | ec2-50-19-252-36.compute-1.amazonaws.com | - | Medium
|
||||
15 | [51.15.54.102](https://vuldb.com/?ip.51.15.54.102) | 102-54-15-51.instances.scw.cloud | - | High
|
||||
16 | ... | ... | ... | ...
|
||||
|
||||
There are 56 more IOC items available. Please use our online service to access the data.
|
||||
There are 58 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -62,50 +63,49 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.imwheelrc` | Medium
|
||||
2 | File | `.plan` | Low
|
||||
3 | File | `.tin` | Low
|
||||
4 | File | `/cgi-bin/editBookmark` | High
|
||||
5 | File | `/cgi-bin/luci;stok=/locale` | High
|
||||
6 | File | `/classes/Login.php` | High
|
||||
7 | File | `/configs/application.ini` | High
|
||||
8 | File | `/goform/setPicListItem` | High
|
||||
9 | File | `/home/cavesConsole` | High
|
||||
10 | File | `/home/kickPlayer` | High
|
||||
11 | File | `/home/masterConsole` | High
|
||||
12 | File | `/home/sendBroadcast` | High
|
||||
13 | File | `/rapi/read_url` | High
|
||||
14 | File | `/services/Card/findUser` | High
|
||||
15 | File | `/spacecom/login.php` | High
|
||||
16 | File | `/sys/dict/queryTableData` | High
|
||||
17 | File | `/ucenter/active.php` | High
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/user/updatePwd` | High
|
||||
20 | File | `/xampp/guestbook-en.pl` | High
|
||||
21 | File | `/zm/index.php` | High
|
||||
22 | File | `123flashchat.php` | High
|
||||
23 | File | `abook_database.php` | High
|
||||
24 | File | `action.php` | Medium
|
||||
25 | File | `admin.php` | Medium
|
||||
26 | File | `admin/admin_process.php` | High
|
||||
27 | File | `admin/profile_settings_net.html` | High
|
||||
28 | File | `admin/vqmods.app/vqmods.inc.php` | High
|
||||
29 | File | `af.cgi/alienform.cgi` | High
|
||||
30 | File | `afd.sys` | Low
|
||||
31 | File | `ajax.php` | Medium
|
||||
32 | File | `akocomment.php` | High
|
||||
33 | File | `app/routes/research.js` | High
|
||||
34 | File | `article.php` | Medium
|
||||
35 | File | `aviso.php` | Medium
|
||||
36 | File | `awredir.pl` | Medium
|
||||
37 | File | `bitmap/bdfread.c` | High
|
||||
38 | File | `blocks.php` | Medium
|
||||
39 | File | `blog.cgi` | Medium
|
||||
40 | File | `bluewrench-video-widget.php` | High
|
||||
41 | File | `browse.php` | Medium
|
||||
42 | File | `carsdetail.asp` | High
|
||||
43 | File | `cartman.php` | Medium
|
||||
44 | File | `categories.php` | High
|
||||
45 | ... | ... | ...
|
||||
4 | File | `/admin/read.php?mudi=announContent` | High
|
||||
5 | File | `/cgi-bin/editBookmark` | High
|
||||
6 | File | `/cgi-bin/luci;stok=/locale` | High
|
||||
7 | File | `/classes/Login.php` | High
|
||||
8 | File | `/configs/application.ini` | High
|
||||
9 | File | `/goform/setPicListItem` | High
|
||||
10 | File | `/home/cavesConsole` | High
|
||||
11 | File | `/home/kickPlayer` | High
|
||||
12 | File | `/home/masterConsole` | High
|
||||
13 | File | `/home/sendBroadcast` | High
|
||||
14 | File | `/rapi/read_url` | High
|
||||
15 | File | `/services/Card/findUser` | High
|
||||
16 | File | `/spacecom/login.php` | High
|
||||
17 | File | `/sys/dict/queryTableData` | High
|
||||
18 | File | `/Taier/API/tenant/listTenant` | High
|
||||
19 | File | `/ucenter/active.php` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/user/updatePwd` | High
|
||||
22 | File | `/xampp/guestbook-en.pl` | High
|
||||
23 | File | `/zm/index.php` | High
|
||||
24 | File | `123flashchat.php` | High
|
||||
25 | File | `abook_database.php` | High
|
||||
26 | File | `action.php` | Medium
|
||||
27 | File | `admin.php` | Medium
|
||||
28 | File | `admin/admin_process.php` | High
|
||||
29 | File | `admin/profile_settings_net.html` | High
|
||||
30 | File | `admin/vqmods.app/vqmods.inc.php` | High
|
||||
31 | File | `af.cgi/alienform.cgi` | High
|
||||
32 | File | `afd.sys` | Low
|
||||
33 | File | `akocomment.php` | High
|
||||
34 | File | `app/routes/research.js` | High
|
||||
35 | File | `article.php` | Medium
|
||||
36 | File | `aviso.php` | Medium
|
||||
37 | File | `awredir.pl` | Medium
|
||||
38 | File | `bitmap/bdfread.c` | High
|
||||
39 | File | `blocks.php` | Medium
|
||||
40 | File | `blog.cgi` | Medium
|
||||
41 | File | `bluewrench-video-widget.php` | High
|
||||
42 | File | `browse.php` | Medium
|
||||
43 | File | `carsdetail.asp` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -121,9 +121,11 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
|
||||
* https://blog.talosintelligence.com/2021/06/threat-roundup-0617-0624.html
|
||||
* https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
|
||||
* https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
|
||||
* https://isc.sans.edu/forums/diary/CoinMiners+searching+for+hosts/24364/
|
||||
* https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/ https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/
|
||||
* https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/
|
||||
* https://tria.ge/220416-dv7casgchn
|
||||
* https://www.trendmicro.com/en_us/research/22/i/a-post-exploitation-look-at-coinminers-abusing-weblogic-vulnerab.html
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -0,0 +1,62 @@
|
|||
# Criakl - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Criakl](https://vuldb.com/?actor.criakl). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.criakl](https://vuldb.com/?actor.criakl)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Criakl:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [JO](https://vuldb.com/?country.jo)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Criakl.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.5.1.0](https://vuldb.com/?ip.1.5.1.0) | - | - | High
|
||||
2 | [5.101.152.37](https://vuldb.com/?ip.5.101.152.37) | m2.maru.beget.com | - | High
|
||||
3 | [79.143.28.242](https://vuldb.com/?ip.79.143.28.242) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Criakl_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Criakl. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `directory.php` | High
|
||||
2 | File | `user_profile.asp` | High
|
||||
3 | Argument | `cat_id` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,68 @@
|
|||
# DDG v3014 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DDG v3014](https://vuldb.com/?actor.ddg_v3014). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ddg_v3014](https://vuldb.com/?actor.ddg_v3014)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DDG v3014:
|
||||
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of DDG v3014.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.125.125.5](https://vuldb.com/?ip.1.125.125.5) | - | - | High
|
||||
2 | [47.95.200.188](https://vuldb.com/?ip.47.95.200.188) | - | - | High
|
||||
3 | [59.2.77.151](https://vuldb.com/?ip.59.2.77.151) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _DDG v3014_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by DDG v3014. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `aspx` | Low
|
||||
2 | File | `coders/png.c` | Medium
|
||||
3 | File | `libtransmission/variant.c` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -53,9 +53,10 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `avahi-core/socket.c` | High
|
||||
5 | File | `block/bfq-iosched.c` | High
|
||||
6 | File | `chat.php` | Medium
|
||||
7 | ... | ... | ...
|
||||
7 | File | `Crypt32.dll` | Medium
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 51 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 52 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -56,9 +56,10 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `adminCons.php` | High
|
||||
12 | File | `ajax_list_accounts.php` | High
|
||||
13 | File | `auth-options.c` | High
|
||||
14 | ... | ... | ...
|
||||
14 | File | `cdf.c` | Low
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 112 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -273,7 +273,7 @@ ID | Type | Indicator | Confidence
|
|||
36 | File | `/uncpath/` | Medium
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 315 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
# Emptiness - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Emptiness](https://vuldb.com/?actor.emptiness). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.emptiness](https://vuldb.com/?actor.emptiness)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Emptiness.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.125.125.5](https://vuldb.com/?ip.1.125.125.5) | - | - | High
|
||||
2 | [34.80.131.135](https://vuldb.com/?ip.34.80.131.135) | 135.131.80.34.bc.googleusercontent.com | - | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.netlab.360.com/emptiness-a-new-evolving-botnet/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,12 +21,15 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.79.66.123](https://vuldb.com/?ip.5.79.66.123) | - | - | High
|
||||
2 | [35.176.231.198](https://vuldb.com/?ip.35.176.231.198) | ec2-35-176-231-198.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
3 | [45.130.201.23](https://vuldb.com/?ip.45.130.201.23) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | [5.79.66.100](https://vuldb.com/?ip.5.79.66.100) | - | - | High
|
||||
2 | [5.79.66.123](https://vuldb.com/?ip.5.79.66.123) | - | - | High
|
||||
3 | [35.176.231.198](https://vuldb.com/?ip.35.176.231.198) | ec2-35-176-231-198.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
4 | [45.77.195.105](https://vuldb.com/?ip.45.77.195.105) | 45.77.195.105.vultrusercontent.com | - | High
|
||||
5 | [45.90.57.160](https://vuldb.com/?ip.45.90.57.160) | khalasar.omega.spb.ru | - | High
|
||||
6 | [45.130.201.23](https://vuldb.com/?ip.45.130.201.23) | - | - | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -35,7 +38,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
|
@ -53,38 +56,44 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin.php/Admin/adminadd.html` | High
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/orders/update_status.php` | High
|
||||
5 | File | `/admin/settings/save.php` | High
|
||||
6 | File | `/admin/userprofile.php` | High
|
||||
7 | File | `/apply.cgi` | Medium
|
||||
8 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
9 | File | `/College/admin/teacher.php` | High
|
||||
10 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
11 | File | `/dcim/rack-roles/` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/getcfg.php` | Medium
|
||||
14 | File | `/goform/addUserName` | High
|
||||
15 | File | `/goform/aspForm` | High
|
||||
16 | File | `/goform/delAd` | High
|
||||
17 | File | `/goform/wifiSSIDset` | High
|
||||
18 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
19 | File | `/inc/topBarNav.php` | High
|
||||
20 | File | `/index.asp` | Medium
|
||||
21 | File | `/jfinal_cms/system/role/list` | High
|
||||
22 | File | `/kelas/data` | Medium
|
||||
23 | File | `/Moosikay/order.php` | High
|
||||
24 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
25 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/webman/info.cgi` | High
|
||||
28 | ... | ... | ...
|
||||
5 | File | `/admin/profile/save_profile` | High
|
||||
6 | File | `/admin/settings/save.php` | High
|
||||
7 | File | `/admin/userprofile.php` | High
|
||||
8 | File | `/apply.cgi` | Medium
|
||||
9 | File | `/catalog/admin/categories.php?cPath=&action=new_product` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/College/admin/teacher.php` | High
|
||||
12 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
13 | File | `/dcim/rack-roles/` | High
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/getcfg.php` | Medium
|
||||
16 | File | `/goform/addUserName` | High
|
||||
17 | File | `/goform/aspForm` | High
|
||||
18 | File | `/goform/delAd` | High
|
||||
19 | File | `/goform/wifiSSIDset` | High
|
||||
20 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
21 | File | `/inc/topBarNav.php` | High
|
||||
22 | File | `/index.asp` | Medium
|
||||
23 | File | `/jfinal_cms/system/role/list` | High
|
||||
24 | File | `/kelas/data` | Medium
|
||||
25 | File | `/Moosikay/order.php` | High
|
||||
26 | File | `/out.php` | Medium
|
||||
27 | File | `/paysystem/datatable.php` | High
|
||||
28 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
29 | File | `/product_list.php` | High
|
||||
30 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
31 | File | `/server/ajax/events_manager.php` | High
|
||||
32 | File | `/server/ajax/user_manager.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 239 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 285 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://infosec.exchange/@monitorsg/110542478917794644
|
||||
* https://infosec.exchange/@monitorsg/110594616696514472
|
||||
* https://infosec.exchange/@rmceoin/110424143980661661
|
||||
* https://infosec.exchange/@rmceoin/110475220406813517
|
||||
* https://infosec.exchange/@rmceoin/110492844885251537
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -141,37 +141,38 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `/cgi-bin/wapopen` | High
|
||||
29 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
30 | File | `/debug/pprof` | Medium
|
||||
31 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
32 | File | `/env` | Low
|
||||
33 | File | `/feeds/post/publish` | High
|
||||
34 | File | `/forum/away.php` | High
|
||||
35 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
36 | File | `/fos/admin/index.php?page=menu` | High
|
||||
37 | File | `/home/masterConsole` | High
|
||||
38 | File | `/home/sendBroadcast` | High
|
||||
39 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
40 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
41 | File | `/index.php?page=category_list` | High
|
||||
42 | File | `/jobinfo/` | Medium
|
||||
43 | File | `/medicines/profile.php` | High
|
||||
44 | File | `/Moosikay/order.php` | High
|
||||
45 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
46 | File | `/opac/Actions.php?a=login` | High
|
||||
47 | File | `/php-opos/index.php` | High
|
||||
48 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
49 | File | `/PreviewHandler.ashx` | High
|
||||
50 | File | `/public/launchNewWindow.jsp` | High
|
||||
51 | File | `/reservation/add_message.php` | High
|
||||
52 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
53 | File | `/Session` | Medium
|
||||
54 | File | `/spip.php` | Medium
|
||||
55 | File | `/uncpath/` | Medium
|
||||
31 | File | `/env` | Low
|
||||
32 | File | `/feeds/post/publish` | High
|
||||
33 | File | `/forum/away.php` | High
|
||||
34 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
35 | File | `/fos/admin/index.php?page=menu` | High
|
||||
36 | File | `/home/masterConsole` | High
|
||||
37 | File | `/home/sendBroadcast` | High
|
||||
38 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
39 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
40 | File | `/index.php?page=category_list` | High
|
||||
41 | File | `/jobinfo/` | Medium
|
||||
42 | File | `/medicines/profile.php` | High
|
||||
43 | File | `/Moosikay/order.php` | High
|
||||
44 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
45 | File | `/opac/Actions.php?a=login` | High
|
||||
46 | File | `/php-opos/index.php` | High
|
||||
47 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
48 | File | `/PreviewHandler.ashx` | High
|
||||
49 | File | `/public/launchNewWindow.jsp` | High
|
||||
50 | File | `/reservation/add_message.php` | High
|
||||
51 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
52 | File | `/Session` | Medium
|
||||
53 | File | `/spip.php` | Medium
|
||||
54 | File | `/uncpath/` | Medium
|
||||
55 | File | `/uploads/exam_question/` | High
|
||||
56 | File | `/user/updatePwd` | High
|
||||
57 | File | `/var/lib/docker/<remapping>` | High
|
||||
58 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
59 | ... | ... | ...
|
||||
59 | File | `/video-sharing-script/watch-video.php` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 529 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -47,7 +47,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -55,46 +55,49 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/doctors.php` | High
|
||||
6 | File | `/admin/submit-articles` | High
|
||||
7 | File | `/ad_js.php` | Medium
|
||||
8 | File | `/alphaware/summary.php` | High
|
||||
9 | File | `/api/` | Low
|
||||
10 | File | `/api/admin/store/product/list` | High
|
||||
11 | File | `/api/v2/cli/commands` | High
|
||||
12 | File | `/app/options.py` | High
|
||||
13 | File | `/attachments` | Medium
|
||||
14 | File | `/boat/login.php` | High
|
||||
15 | File | `/bsms_ci/index.php/book` | High
|
||||
16 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
17 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
18 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
19 | File | `/dashboard/reports/logs/view` | High
|
||||
20 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/etc/hosts` | Medium
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/goform/setmac` | High
|
||||
25 | File | `/goform/wizard_end` | High
|
||||
26 | File | `/manage-apartment.php` | High
|
||||
27 | File | `/medicines/profile.php` | High
|
||||
28 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
29 | File | `/pages/apply_vacancy.php` | High
|
||||
30 | File | `/proc/<PID>/mem` | High
|
||||
31 | File | `/proxy` | Low
|
||||
32 | File | `/reservation/add_message.php` | High
|
||||
33 | File | `/spip.php` | Medium
|
||||
34 | File | `/tmp` | Low
|
||||
35 | File | `/train_scheduler_app/?action=delete` | High
|
||||
36 | File | `/uncpath/` | Medium
|
||||
37 | File | `/upload` | Low
|
||||
38 | ... | ... | ...
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/ad_js.php` | Medium
|
||||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/app/options.py` | High
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/bsms_ci/index.php/book` | High
|
||||
19 | File | `/cgi-bin` | Medium
|
||||
20 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
23 | File | `/dashboard/reports/logs/view` | High
|
||||
24 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/env` | Low
|
||||
27 | File | `/etc/hosts` | Medium
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/goform/setmac` | High
|
||||
30 | File | `/goform/wizard_end` | High
|
||||
31 | File | `/manage-apartment.php` | High
|
||||
32 | File | `/medicines/profile.php` | High
|
||||
33 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
34 | File | `/pages/apply_vacancy.php` | High
|
||||
35 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
36 | File | `/proc/<PID>/mem` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/reservation/add_message.php` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | File | `/tmp` | Low
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
# Fallout EK - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Fallout EK](https://vuldb.com/?actor.fallout_ek). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.fallout_ek](https://vuldb.com/?actor.fallout_ek)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Fallout EK:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Fallout EK.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [51.15.35.154](https://vuldb.com/?ip.51.15.35.154) | 154-35-15-51.instances.scw.cloud | - | High
|
||||
2 | [185.56.233.186](https://vuldb.com/?ip.185.56.233.186) | traito.tivill.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Fallout EK_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1592 | CWE-200 | Configuration | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Fallout EK. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `admin/config/confmgr.php` | High
|
||||
2 | File | `cgi-bin/hotspotlogin.cgi` | High
|
||||
3 | File | `mod_authz_svn/mod_authz_svn.c` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.malwarebytes.com/threat-analysis/2019/01/improved-fallout-ek-comes-back-after-short-hiatus/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -328,14 +328,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-29, CWE-50 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-50 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-274, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -344,43 +344,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.FBCIndex` | Medium
|
||||
2 | File | `//WEB-INF` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
5 | File | `/api/login` | Medium
|
||||
2 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
3 | File | `/api/geojson` | Medium
|
||||
4 | File | `/api/login` | Medium
|
||||
5 | File | `/api/upload.php` | High
|
||||
6 | File | `/application/common.php#action_log` | High
|
||||
7 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
8 | File | `/authenticationendpoint/login.do` | High
|
||||
9 | File | `/bin/ate` | Medium
|
||||
10 | File | `/bin/login` | Medium
|
||||
11 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
12 | File | `/cas/logout` | Medium
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/classes/Master.php?f=delete_category` | High
|
||||
15 | File | `/classes/Master.php?f=save_service` | High
|
||||
16 | File | `/data/remove` | Medium
|
||||
17 | File | `/databases/database/list` | High
|
||||
7 | File | `/Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML` | High
|
||||
8 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
9 | File | `/authenticationendpoint/login.do` | High
|
||||
10 | File | `/bin/ate` | Medium
|
||||
11 | File | `/bin/login` | Medium
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
14 | File | `/cgi-bin/luci` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/classes/Master.php?f=delete_category` | High
|
||||
17 | File | `/classes/Users.php?f=save` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/DXR.axd` | Medium
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/ghost/preview` | High
|
||||
22 | File | `/goForm/aspForm` | High
|
||||
23 | File | `/HNAP1` | Low
|
||||
24 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
25 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
26 | File | `/index.php?page=category_list` | High
|
||||
27 | File | `/jobinfo/` | Medium
|
||||
28 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
29 | File | `/login.php` | Medium
|
||||
30 | File | `/menu.html` | Medium
|
||||
31 | File | `/Moosikay/order.php` | High
|
||||
32 | File | `/news/*.html` | Medium
|
||||
33 | File | `/out.php` | Medium
|
||||
34 | File | `/owa/auth/logon.aspx` | High
|
||||
35 | File | `/PreviewHandler.ashx` | High
|
||||
36 | ... | ... | ...
|
||||
22 | File | `/goform/AdvSetLanip` | High
|
||||
23 | File | `/goForm/aspForm` | High
|
||||
24 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
25 | File | `/goform/setmac` | High
|
||||
26 | File | `/goform/setMacFilterCfg` | High
|
||||
27 | File | `/goform/SetSysTimeCfg` | High
|
||||
28 | File | `/goform/WifiGuestSet` | High
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
31 | File | `/index.php?page=category_list` | High
|
||||
32 | File | `/jobinfo/` | Medium
|
||||
33 | File | `/kelasdosen/data` | High
|
||||
34 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
35 | File | `/login.php` | Medium
|
||||
36 | File | `/mc` | Low
|
||||
37 | File | `/news/*.html` | Medium
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with GIMF:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GIMF:
|
||||
|
||||
* [LA](https://vuldb.com/?country.la)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -45,7 +45,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -55,16 +55,17 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/dl_sendmail.php` | High
|
||||
2 | File | `/api/v2/cli/commands` | High
|
||||
3 | File | `/owa/auth/logon.aspx` | High
|
||||
4 | File | `/spip.php` | Medium
|
||||
5 | File | `/zm/index.php` | High
|
||||
6 | File | `admin.jcomments.php` | High
|
||||
7 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
8 | File | `base/ErrorHandler.php` | High
|
||||
9 | File | `blog.php` | Medium
|
||||
10 | ... | ... | ...
|
||||
3 | File | `/DXR.axd` | Medium
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/owa/auth/logon.aspx` | High
|
||||
6 | File | `/spip.php` | Medium
|
||||
7 | File | `/zm/index.php` | High
|
||||
8 | File | `admin.jcomments.php` | High
|
||||
9 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
10 | File | `base/ErrorHandler.php` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 75 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 83 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
# GZipDe - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GZipDe](https://vuldb.com/?actor.gzipde). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gzipde](https://vuldb.com/?actor.gzipde)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GZipDe:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GZipDe.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [118.193.251.137](https://vuldb.com/?ip.118.193.251.137) | - | - | High
|
||||
2 | [175.194.42.8](https://vuldb.com/?ip.175.194.42.8) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _GZipDe_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -71,7 +71,7 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `/var/run/zabbix` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 111 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 112 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RO](https://vuldb.com/?country.ro)
|
||||
* [IO](https://vuldb.com/?country.io)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -10125,279 +10125,9 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
10102 | [65.108.21.242](https://vuldb.com/?ip.65.108.21.242) | srv1.tnk-constructions.com | - | High
|
||||
10103 | [65.108.24.140](https://vuldb.com/?ip.65.108.24.140) | cloud.ider.com | - | High
|
||||
10104 | [65.108.24.143](https://vuldb.com/?ip.65.108.24.143) | static.143.24.108.65.clients.your-server.de | - | High
|
||||
10105 | [65.108.24.152](https://vuldb.com/?ip.65.108.24.152) | static.152.24.108.65.clients.your-server.de | - | High
|
||||
10106 | [65.108.24.154](https://vuldb.com/?ip.65.108.24.154) | static.154.24.108.65.clients.your-server.de | - | High
|
||||
10107 | [65.108.160.0](https://vuldb.com/?ip.65.108.160.0) | static.0.160.108.65.clients.your-server.de | - | High
|
||||
10108 | [65.109.0.0](https://vuldb.com/?ip.65.109.0.0) | static.0.0.109.65.clients.your-server.de | - | High
|
||||
10109 | [65.109.44.0](https://vuldb.com/?ip.65.109.44.0) | static.0.44.109.65.clients.your-server.de | - | High
|
||||
10110 | [65.109.64.0](https://vuldb.com/?ip.65.109.64.0) | static.0.64.109.65.clients.your-server.de | - | High
|
||||
10111 | [65.109.73.0](https://vuldb.com/?ip.65.109.73.0) | static.0.73.109.65.clients.your-server.de | - | High
|
||||
10112 | [65.109.74.0](https://vuldb.com/?ip.65.109.74.0) | static.0.74.109.65.clients.your-server.de | - | High
|
||||
10113 | [65.109.76.0](https://vuldb.com/?ip.65.109.76.0) | static.0.76.109.65.clients.your-server.de | - | High
|
||||
10114 | [65.109.80.0](https://vuldb.com/?ip.65.109.80.0) | static.0.80.109.65.clients.your-server.de | - | High
|
||||
10115 | [65.109.82.0](https://vuldb.com/?ip.65.109.82.0) | static.0.82.109.65.clients.your-server.de | - | High
|
||||
10116 | [65.109.84.0](https://vuldb.com/?ip.65.109.84.0) | static.0.84.109.65.clients.your-server.de | - | High
|
||||
10117 | [65.109.88.0](https://vuldb.com/?ip.65.109.88.0) | static.0.88.109.65.clients.your-server.de | - | High
|
||||
10118 | [65.109.96.0](https://vuldb.com/?ip.65.109.96.0) | static.0.96.109.65.clients.your-server.de | - | High
|
||||
10119 | [65.109.112.0](https://vuldb.com/?ip.65.109.112.0) | static.0.112.109.65.clients.your-server.de | - | High
|
||||
10120 | [65.109.114.0](https://vuldb.com/?ip.65.109.114.0) | static.0.114.109.65.clients.your-server.de | - | High
|
||||
10121 | [65.109.116.0](https://vuldb.com/?ip.65.109.116.0) | static.0.116.109.65.clients.your-server.de | - | High
|
||||
10122 | [65.109.120.0](https://vuldb.com/?ip.65.109.120.0) | static.0.120.109.65.clients.your-server.de | - | High
|
||||
10123 | [65.109.126.0](https://vuldb.com/?ip.65.109.126.0) | static.0.126.109.65.clients.your-server.de | - | High
|
||||
10124 | [65.109.128.0](https://vuldb.com/?ip.65.109.128.0) | static.0.128.109.65.clients.your-server.de | - | High
|
||||
10125 | [65.109.136.0](https://vuldb.com/?ip.65.109.136.0) | static.0.136.109.65.clients.your-server.de | - | High
|
||||
10126 | [65.109.138.0](https://vuldb.com/?ip.65.109.138.0) | static.0.138.109.65.clients.your-server.de | - | High
|
||||
10127 | [65.109.140.0](https://vuldb.com/?ip.65.109.140.0) | static.0.140.109.65.clients.your-server.de | - | High
|
||||
10128 | [65.109.142.0](https://vuldb.com/?ip.65.109.142.0) | static.0.142.109.65.clients.your-server.de | - | High
|
||||
10129 | [65.109.144.0](https://vuldb.com/?ip.65.109.144.0) | static.0.144.109.65.clients.your-server.de | - | High
|
||||
10130 | [65.109.146.0](https://vuldb.com/?ip.65.109.146.0) | static.0.146.109.65.clients.your-server.de | - | High
|
||||
10131 | [65.109.148.0](https://vuldb.com/?ip.65.109.148.0) | static.0.148.109.65.clients.your-server.de | - | High
|
||||
10132 | [65.109.152.0](https://vuldb.com/?ip.65.109.152.0) | static.0.152.109.65.clients.your-server.de | - | High
|
||||
10133 | [65.109.160.0](https://vuldb.com/?ip.65.109.160.0) | static.0.160.109.65.clients.your-server.de | - | High
|
||||
10134 | [65.109.192.0](https://vuldb.com/?ip.65.109.192.0) | static.0.192.109.65.clients.your-server.de | - | High
|
||||
10135 | [65.126.50.160](https://vuldb.com/?ip.65.126.50.160) | 65-126-50-160.dia.static.qwest.net | - | High
|
||||
10136 | [65.148.0.4](https://vuldb.com/?ip.65.148.0.4) | - | - | High
|
||||
10137 | [65.148.0.8](https://vuldb.com/?ip.65.148.0.8) | - | - | High
|
||||
10138 | [65.148.33.0](https://vuldb.com/?ip.65.148.33.0) | - | - | High
|
||||
10139 | [65.151.140.0](https://vuldb.com/?ip.65.151.140.0) | - | - | High
|
||||
10140 | [65.151.140.10](https://vuldb.com/?ip.65.151.140.10) | - | - | High
|
||||
10141 | [65.151.140.12](https://vuldb.com/?ip.65.151.140.12) | - | - | High
|
||||
10142 | [65.151.172.0](https://vuldb.com/?ip.65.151.172.0) | - | - | High
|
||||
10143 | [65.151.172.5](https://vuldb.com/?ip.65.151.172.5) | - | - | High
|
||||
10144 | [65.151.225.0](https://vuldb.com/?ip.65.151.225.0) | - | - | High
|
||||
10145 | [65.152.197.0](https://vuldb.com/?ip.65.152.197.0) | - | - | High
|
||||
10146 | [65.154.234.0](https://vuldb.com/?ip.65.154.234.0) | - | - | High
|
||||
10147 | [65.154.234.16](https://vuldb.com/?ip.65.154.234.16) | - | - | High
|
||||
10148 | [65.158.30.0](https://vuldb.com/?ip.65.158.30.0) | - | - | High
|
||||
10149 | [65.164.94.65](https://vuldb.com/?ip.65.164.94.65) | - | - | High
|
||||
10150 | [65.175.16.12](https://vuldb.com/?ip.65.175.16.12) | - | - | High
|
||||
10151 | [65.175.16.44](https://vuldb.com/?ip.65.175.16.44) | - | - | High
|
||||
10152 | [65.229.158.0](https://vuldb.com/?ip.65.229.158.0) | - | - | High
|
||||
10153 | [65.255.46.0](https://vuldb.com/?ip.65.255.46.0) | - | - | High
|
||||
10154 | [66.22.44.0](https://vuldb.com/?ip.66.22.44.0) | - | - | High
|
||||
10155 | [66.22.120.0](https://vuldb.com/?ip.66.22.120.0) | - | - | High
|
||||
10156 | [66.22.243.0](https://vuldb.com/?ip.66.22.243.0) | - | - | High
|
||||
10157 | [66.28.3.88](https://vuldb.com/?ip.66.28.3.88) | - | - | High
|
||||
10158 | [66.28.4.41](https://vuldb.com/?ip.66.28.4.41) | be2742.ccr41.fra03.atlas.cogentco.com | - | High
|
||||
10159 | [66.28.7.128](https://vuldb.com/?ip.66.28.7.128) | - | - | High
|
||||
10160 | [66.36.221.0](https://vuldb.com/?ip.66.36.221.0) | - | - | High
|
||||
10161 | [66.42.97.0](https://vuldb.com/?ip.66.42.97.0) | 66.42.97.0.vultrusercontent.com | - | High
|
||||
10162 | [66.42.98.0](https://vuldb.com/?ip.66.42.98.0) | - | - | High
|
||||
10163 | [66.42.100.0](https://vuldb.com/?ip.66.42.100.0) | - | - | High
|
||||
10164 | [66.42.104.0](https://vuldb.com/?ip.66.42.104.0) | - | - | High
|
||||
10165 | [66.42.106.0](https://vuldb.com/?ip.66.42.106.0) | - | - | High
|
||||
10166 | [66.42.109.0](https://vuldb.com/?ip.66.42.109.0) | 66.42.109.0.vultrusercontent.com | - | High
|
||||
10167 | [66.42.110.0](https://vuldb.com/?ip.66.42.110.0) | - | - | High
|
||||
10168 | [66.51.212.0](https://vuldb.com/?ip.66.51.212.0) | - | - | High
|
||||
10169 | [66.54.86.0](https://vuldb.com/?ip.66.54.86.0) | - | - | High
|
||||
10170 | [66.59.208.0](https://vuldb.com/?ip.66.59.208.0) | bloom.host | - | High
|
||||
10171 | [66.59.210.0](https://vuldb.com/?ip.66.59.210.0) | bloom.host | - | High
|
||||
10172 | [66.81.240.0](https://vuldb.com/?ip.66.81.240.0) | - | - | High
|
||||
10173 | [66.84.94.0](https://vuldb.com/?ip.66.84.94.0) | host-66-84-94-0.static.sprious.com | - | High
|
||||
10174 | [66.102.12.48](https://vuldb.com/?ip.66.102.12.48) | - | - | High
|
||||
10175 | [66.102.12.204](https://vuldb.com/?ip.66.102.12.204) | - | - | High
|
||||
10176 | [66.102.14.132](https://vuldb.com/?ip.66.102.14.132) | - | - | High
|
||||
10177 | [66.102.41.0](https://vuldb.com/?ip.66.102.41.0) | - | - | High
|
||||
10178 | [66.110.2.50](https://vuldb.com/?ip.66.110.2.50) | gin-fnm-obr1.as6453.net | - | High
|
||||
10179 | [66.110.2.58](https://vuldb.com/?ip.66.110.2.58) | gin-f2c-sw1.as6453.net | - | High
|
||||
10180 | [66.110.2.125](https://vuldb.com/?ip.66.110.2.125) | gin-fnm-sw1.as6453.net | - | High
|
||||
10181 | [66.110.2.129](https://vuldb.com/?ip.66.110.2.129) | gin-fr0-sw1.as6453.net | - | High
|
||||
10182 | [66.110.2.137](https://vuldb.com/?ip.66.110.2.137) | gin-fr1-obr1.as6453.net | - | High
|
||||
10183 | [66.110.2.152](https://vuldb.com/?ip.66.110.2.152) | gin-fr0-obr2.as6453.net | - | High
|
||||
10184 | [66.110.2.233](https://vuldb.com/?ip.66.110.2.233) | gin-f2c-obr3.as6453.net | - | High
|
||||
10185 | [66.110.10.66](https://vuldb.com/?ip.66.110.10.66) | if-lo-0-0.tcore1.fr0-frankfurt.as6453.net | - | High
|
||||
10186 | [66.110.10.70](https://vuldb.com/?ip.66.110.10.70) | if-lo-0-0.tcore1.fnm-frankfurt.as6453.net | - | High
|
||||
10187 | [66.110.10.156](https://vuldb.com/?ip.66.110.10.156) | if-lo-0-0.vpe1.fnm-frankfurt.as6453.net | - | High
|
||||
10188 | [66.114.50.0](https://vuldb.com/?ip.66.114.50.0) | - | - | High
|
||||
10189 | [66.114.54.0](https://vuldb.com/?ip.66.114.54.0) | - | - | High
|
||||
10190 | [66.114.58.0](https://vuldb.com/?ip.66.114.58.0) | - | - | High
|
||||
10191 | [66.119.73.54](https://vuldb.com/?ip.66.119.73.54) | - | - | High
|
||||
10192 | [66.119.74.234](https://vuldb.com/?ip.66.119.74.234) | - | - | High
|
||||
10193 | [66.119.82.0](https://vuldb.com/?ip.66.119.82.0) | - | - | High
|
||||
10194 | [66.119.82.36](https://vuldb.com/?ip.66.119.82.36) | - | - | High
|
||||
10195 | [66.119.85.194](https://vuldb.com/?ip.66.119.85.194) | - | - | High
|
||||
10196 | [66.135.206.224](https://vuldb.com/?ip.66.135.206.224) | - | - | High
|
||||
10197 | [66.135.207.96](https://vuldb.com/?ip.66.135.207.96) | - | - | High
|
||||
10198 | [66.135.207.144](https://vuldb.com/?ip.66.135.207.144) | - | - | High
|
||||
10199 | [66.135.214.176](https://vuldb.com/?ip.66.135.214.176) | - | - | High
|
||||
10200 | [66.155.4.0](https://vuldb.com/?ip.66.155.4.0) | - | - | High
|
||||
10201 | [66.155.5.4](https://vuldb.com/?ip.66.155.5.4) | - | - | High
|
||||
10202 | [66.155.94.0](https://vuldb.com/?ip.66.155.94.0) | - | - | High
|
||||
10203 | [66.155.94.120](https://vuldb.com/?ip.66.155.94.120) | - | - | High
|
||||
10204 | [66.155.94.162](https://vuldb.com/?ip.66.155.94.162) | - | - | High
|
||||
10205 | [66.155.94.204](https://vuldb.com/?ip.66.155.94.204) | - | - | High
|
||||
10206 | [66.155.94.211](https://vuldb.com/?ip.66.155.94.211) | - | - | High
|
||||
10207 | [66.159.221.0](https://vuldb.com/?ip.66.159.221.0) | - | - | High
|
||||
10208 | [66.159.222.0](https://vuldb.com/?ip.66.159.222.0) | - | - | High
|
||||
10209 | [66.159.232.0](https://vuldb.com/?ip.66.159.232.0) | - | - | High
|
||||
10210 | [66.171.231.0](https://vuldb.com/?ip.66.171.231.0) | - | - | High
|
||||
10211 | [66.178.137.0](https://vuldb.com/?ip.66.178.137.0) | - | - | High
|
||||
10212 | [66.198.165.11](https://vuldb.com/?ip.66.198.165.11) | - | - | High
|
||||
10213 | [66.198.165.12](https://vuldb.com/?ip.66.198.165.12) | - | - | High
|
||||
10214 | [66.201.188.128](https://vuldb.com/?ip.66.201.188.128) | - | - | High
|
||||
10215 | [66.201.188.134](https://vuldb.com/?ip.66.201.188.134) | - | - | High
|
||||
10216 | [66.201.188.154](https://vuldb.com/?ip.66.201.188.154) | - | - | High
|
||||
10217 | [66.201.188.172](https://vuldb.com/?ip.66.201.188.172) | - | - | High
|
||||
10218 | [66.201.188.176](https://vuldb.com/?ip.66.201.188.176) | - | - | High
|
||||
10219 | [66.201.188.188](https://vuldb.com/?ip.66.201.188.188) | - | - | High
|
||||
10220 | [66.201.188.200](https://vuldb.com/?ip.66.201.188.200) | - | - | High
|
||||
10221 | [66.201.188.232](https://vuldb.com/?ip.66.201.188.232) | - | - | High
|
||||
10222 | [66.201.188.236](https://vuldb.com/?ip.66.201.188.236) | - | - | High
|
||||
10223 | [66.206.2.0](https://vuldb.com/?ip.66.206.2.0) | 66-206-2-0.static.hvvc.us | - | High
|
||||
10224 | [66.206.24.0](https://vuldb.com/?ip.66.206.24.0) | 66-206-24-0.static.hvvc.us | - | High
|
||||
10225 | [66.227.118.0](https://vuldb.com/?ip.66.227.118.0) | - | - | High
|
||||
10226 | [66.239.189.55](https://vuldb.com/?ip.66.239.189.55) | 66.239.189.55.ptr.us.xo.net | - | High
|
||||
10227 | [66.241.112.0](https://vuldb.com/?ip.66.241.112.0) | - | - | High
|
||||
10228 | [66.241.114.0](https://vuldb.com/?ip.66.241.114.0) | - | - | High
|
||||
10229 | [66.250.244.0](https://vuldb.com/?ip.66.250.244.0) | - | - | High
|
||||
10230 | [66.251.132.0](https://vuldb.com/?ip.66.251.132.0) | - | - | High
|
||||
10231 | [66.251.140.0](https://vuldb.com/?ip.66.251.140.0) | - | - | High
|
||||
10232 | [66.251.160.0](https://vuldb.com/?ip.66.251.160.0) | - | - | High
|
||||
10233 | [66.251.168.0](https://vuldb.com/?ip.66.251.168.0) | 66-251-168-0.besthostingnew.com | - | High
|
||||
10234 | [66.254.122.0](https://vuldb.com/?ip.66.254.122.0) | - | - | High
|
||||
10235 | [67.16.110.160](https://vuldb.com/?ip.67.16.110.160) | - | - | High
|
||||
10236 | [67.16.114.72](https://vuldb.com/?ip.67.16.114.72) | - | - | High
|
||||
10237 | [67.16.115.32](https://vuldb.com/?ip.67.16.115.32) | - | - | High
|
||||
10238 | [67.16.117.232](https://vuldb.com/?ip.67.16.117.232) | - | - | High
|
||||
10239 | [67.16.120.161](https://vuldb.com/?ip.67.16.120.161) | - | - | High
|
||||
10240 | [67.16.120.162](https://vuldb.com/?ip.67.16.120.162) | - | - | High
|
||||
10241 | [67.16.125.40](https://vuldb.com/?ip.67.16.125.40) | - | - | High
|
||||
10242 | [67.16.133.209](https://vuldb.com/?ip.67.16.133.209) | - | - | High
|
||||
10243 | [67.16.224.44](https://vuldb.com/?ip.67.16.224.44) | - | - | High
|
||||
10244 | [67.17.159.0](https://vuldb.com/?ip.67.17.159.0) | - | - | High
|
||||
10245 | [67.17.159.128](https://vuldb.com/?ip.67.17.159.128) | - | - | High
|
||||
10246 | [67.17.159.192](https://vuldb.com/?ip.67.17.159.192) | - | - | High
|
||||
10247 | [67.22.60.0](https://vuldb.com/?ip.67.22.60.0) | - | - | High
|
||||
10248 | [67.26.72.0](https://vuldb.com/?ip.67.26.72.0) | - | - | High
|
||||
10249 | [67.26.80.0](https://vuldb.com/?ip.67.26.80.0) | - | - | High
|
||||
10250 | [67.26.112.0](https://vuldb.com/?ip.67.26.112.0) | - | - | High
|
||||
10251 | [67.26.136.0](https://vuldb.com/?ip.67.26.136.0) | - | - | High
|
||||
10252 | [67.27.140.0](https://vuldb.com/?ip.67.27.140.0) | - | - | High
|
||||
10253 | [67.27.144.0](https://vuldb.com/?ip.67.27.144.0) | - | - | High
|
||||
10254 | [67.27.156.0](https://vuldb.com/?ip.67.27.156.0) | - | - | High
|
||||
10255 | [67.27.232.0](https://vuldb.com/?ip.67.27.232.0) | - | - | High
|
||||
10256 | [67.43.86.0](https://vuldb.com/?ip.67.43.86.0) | - | - | High
|
||||
10257 | [67.148.251.0](https://vuldb.com/?ip.67.148.251.0) | - | - | High
|
||||
10258 | [67.148.251.32](https://vuldb.com/?ip.67.148.251.32) | - | - | High
|
||||
10259 | [67.148.251.40](https://vuldb.com/?ip.67.148.251.40) | - | - | High
|
||||
10260 | [67.148.251.48](https://vuldb.com/?ip.67.148.251.48) | - | - | High
|
||||
10261 | [67.148.251.56](https://vuldb.com/?ip.67.148.251.56) | - | - | High
|
||||
10262 | [67.148.251.72](https://vuldb.com/?ip.67.148.251.72) | - | - | High
|
||||
10263 | [67.148.251.76](https://vuldb.com/?ip.67.148.251.76) | - | - | High
|
||||
10264 | [67.148.251.84](https://vuldb.com/?ip.67.148.251.84) | - | - | High
|
||||
10265 | [67.148.251.88](https://vuldb.com/?ip.67.148.251.88) | - | - | High
|
||||
10266 | [67.148.251.92](https://vuldb.com/?ip.67.148.251.92) | - | - | High
|
||||
10267 | [67.148.251.96](https://vuldb.com/?ip.67.148.251.96) | - | - | High
|
||||
10268 | [67.148.251.116](https://vuldb.com/?ip.67.148.251.116) | - | - | High
|
||||
10269 | [67.148.251.120](https://vuldb.com/?ip.67.148.251.120) | - | - | High
|
||||
10270 | [67.148.251.124](https://vuldb.com/?ip.67.148.251.124) | - | - | High
|
||||
10271 | [67.148.251.136](https://vuldb.com/?ip.67.148.251.136) | - | - | High
|
||||
10272 | [67.148.251.156](https://vuldb.com/?ip.67.148.251.156) | - | - | High
|
||||
10273 | [67.148.251.172](https://vuldb.com/?ip.67.148.251.172) | - | - | High
|
||||
10274 | [67.148.251.188](https://vuldb.com/?ip.67.148.251.188) | - | - | High
|
||||
10275 | [67.148.251.192](https://vuldb.com/?ip.67.148.251.192) | - | - | High
|
||||
10276 | [67.148.251.196](https://vuldb.com/?ip.67.148.251.196) | - | - | High
|
||||
10277 | [67.148.251.200](https://vuldb.com/?ip.67.148.251.200) | - | - | High
|
||||
10278 | [67.148.251.204](https://vuldb.com/?ip.67.148.251.204) | - | - | High
|
||||
10279 | [67.148.251.228](https://vuldb.com/?ip.67.148.251.228) | - | - | High
|
||||
10280 | [67.148.251.232](https://vuldb.com/?ip.67.148.251.232) | - | - | High
|
||||
10281 | [67.148.251.236](https://vuldb.com/?ip.67.148.251.236) | - | - | High
|
||||
10282 | [67.148.251.244](https://vuldb.com/?ip.67.148.251.244) | - | - | High
|
||||
10283 | [67.148.251.248](https://vuldb.com/?ip.67.148.251.248) | - | - | High
|
||||
10284 | [67.199.128.0](https://vuldb.com/?ip.67.199.128.0) | - | - | High
|
||||
10285 | [67.199.136.0](https://vuldb.com/?ip.67.199.136.0) | - | - | High
|
||||
10286 | [67.199.140.0](https://vuldb.com/?ip.67.199.140.0) | - | - | High
|
||||
10287 | [67.207.72.0](https://vuldb.com/?ip.67.207.72.0) | - | - | High
|
||||
10288 | [67.207.169.0](https://vuldb.com/?ip.67.207.169.0) | - | - | High
|
||||
10289 | [67.207.172.0](https://vuldb.com/?ip.67.207.172.0) | - | - | High
|
||||
10290 | [67.207.181.0](https://vuldb.com/?ip.67.207.181.0) | - | - | High
|
||||
10291 | [67.207.201.0](https://vuldb.com/?ip.67.207.201.0) | - | - | High
|
||||
10292 | [67.210.18.0](https://vuldb.com/?ip.67.210.18.0) | - | - | High
|
||||
10293 | [67.210.19.0](https://vuldb.com/?ip.67.210.19.0) | - | - | High
|
||||
10294 | [67.210.20.0](https://vuldb.com/?ip.67.210.20.0) | - | - | High
|
||||
10295 | [67.210.22.0](https://vuldb.com/?ip.67.210.22.0) | - | - | High
|
||||
10296 | [67.210.24.0](https://vuldb.com/?ip.67.210.24.0) | - | - | High
|
||||
10297 | [67.210.29.0](https://vuldb.com/?ip.67.210.29.0) | - | - | High
|
||||
10298 | [67.216.224.0](https://vuldb.com/?ip.67.216.224.0) | - | - | High
|
||||
10299 | [67.216.232.0](https://vuldb.com/?ip.67.216.232.0) | - | - | High
|
||||
10300 | [67.216.234.0](https://vuldb.com/?ip.67.216.234.0) | - | - | High
|
||||
10301 | [67.216.239.0](https://vuldb.com/?ip.67.216.239.0) | - | - | High
|
||||
10302 | [67.217.93.0](https://vuldb.com/?ip.67.217.93.0) | - | - | High
|
||||
10303 | [67.227.3.0](https://vuldb.com/?ip.67.227.3.0) | - | - | High
|
||||
10304 | [67.227.7.0](https://vuldb.com/?ip.67.227.7.0) | - | - | High
|
||||
10305 | [67.227.8.0](https://vuldb.com/?ip.67.227.8.0) | - | - | High
|
||||
10306 | [67.227.16.0](https://vuldb.com/?ip.67.227.16.0) | - | - | High
|
||||
10307 | [67.227.28.0](https://vuldb.com/?ip.67.227.28.0) | - | - | High
|
||||
10308 | [67.227.64.0](https://vuldb.com/?ip.67.227.64.0) | 67.227.64.0.rdns.ColocationAmerica.com | - | High
|
||||
10309 | [67.227.114.0](https://vuldb.com/?ip.67.227.114.0) | 67.227.114.0.rdns.ColocationAmerica.com | - | High
|
||||
10310 | [67.227.116.0](https://vuldb.com/?ip.67.227.116.0) | 67.227.116.0.rdns.ColocationAmerica.com | - | High
|
||||
10311 | [68.70.192.0](https://vuldb.com/?ip.68.70.192.0) | - | - | High
|
||||
10312 | [68.70.193.0](https://vuldb.com/?ip.68.70.193.0) | - | - | High
|
||||
10313 | [68.70.194.0](https://vuldb.com/?ip.68.70.194.0) | - | - | High
|
||||
10314 | [68.70.200.0](https://vuldb.com/?ip.68.70.200.0) | - | - | High
|
||||
10315 | [68.70.202.0](https://vuldb.com/?ip.68.70.202.0) | - | - | High
|
||||
10316 | [68.70.204.0](https://vuldb.com/?ip.68.70.204.0) | - | - | High
|
||||
10317 | [68.70.207.0](https://vuldb.com/?ip.68.70.207.0) | - | - | High
|
||||
10318 | [68.142.80.34](https://vuldb.com/?ip.68.142.80.34) | cra01.hhn1.llnw.net | - | High
|
||||
10319 | [68.142.80.96](https://vuldb.com/?ip.68.142.80.96) | flb1.dus1.llnw.net | - | High
|
||||
10320 | [68.142.80.102](https://vuldb.com/?ip.68.142.80.102) | fr3.fra1.llnw.net | - | High
|
||||
10321 | [68.142.80.104](https://vuldb.com/?ip.68.142.80.104) | - | - | High
|
||||
10322 | [68.142.82.16](https://vuldb.com/?ip.68.142.82.16) | v901.fr3.fra1.llnw.net | - | High
|
||||
10323 | [68.142.88.55](https://vuldb.com/?ip.68.142.88.55) | zlag84.cra01.hef1.llnw.net | - | High
|
||||
10324 | [68.142.88.57](https://vuldb.com/?ip.68.142.88.57) | - | - | High
|
||||
10325 | [68.142.88.64](https://vuldb.com/?ip.68.142.88.64) | lag14.fr3.fra1.llnw.net | - | High
|
||||
10326 | [68.142.88.90](https://vuldb.com/?ip.68.142.88.90) | - | - | High
|
||||
10327 | [68.142.88.99](https://vuldb.com/?ip.68.142.88.99) | lag25.fr3.fra1.llnw.net | - | High
|
||||
10328 | [68.142.88.103](https://vuldb.com/?ip.68.142.88.103) | lag24.fr4.fra1.llnw.net | - | High
|
||||
10329 | [68.142.88.106](https://vuldb.com/?ip.68.142.88.106) | lag28.fr3.fra1.llnw.net | - | High
|
||||
10330 | [68.142.88.108](https://vuldb.com/?ip.68.142.88.108) | lag25.fr4.fra1.llnw.net | - | High
|
||||
10331 | [68.142.88.116](https://vuldb.com/?ip.68.142.88.116) | - | - | High
|
||||
10332 | [68.142.89.218](https://vuldb.com/?ip.68.142.89.218) | - | - | High
|
||||
10333 | [68.142.89.220](https://vuldb.com/?ip.68.142.89.220) | - | - | High
|
||||
10334 | [68.142.89.222](https://vuldb.com/?ip.68.142.89.222) | lag69.fr4.dus1.llnw.net | - | High
|
||||
10335 | [68.183.64.0](https://vuldb.com/?ip.68.183.64.0) | - | - | High
|
||||
10336 | [68.183.208.0](https://vuldb.com/?ip.68.183.208.0) | - | - | High
|
||||
10337 | [68.183.240.0](https://vuldb.com/?ip.68.183.240.0) | - | - | High
|
||||
10338 | [69.4.12.0](https://vuldb.com/?ip.69.4.12.0) | - | - | High
|
||||
10339 | [69.4.228.0](https://vuldb.com/?ip.69.4.228.0) | - | - | High
|
||||
10340 | [69.10.35.0](https://vuldb.com/?ip.69.10.35.0) | - | - | High
|
||||
10341 | [69.16.158.0](https://vuldb.com/?ip.69.16.158.0) | - | - | High
|
||||
10342 | [69.22.168.0](https://vuldb.com/?ip.69.22.168.0) | - | - | High
|
||||
10343 | [69.22.170.0](https://vuldb.com/?ip.69.22.170.0) | - | - | High
|
||||
10344 | [69.22.172.0](https://vuldb.com/?ip.69.22.172.0) | - | - | High
|
||||
10345 | [69.22.179.0](https://vuldb.com/?ip.69.22.179.0) | - | - | High
|
||||
10346 | [69.22.184.0](https://vuldb.com/?ip.69.22.184.0) | - | - | High
|
||||
10347 | [69.28.171.13](https://vuldb.com/?ip.69.28.171.13) | fr3.frf.llnw.net | - | High
|
||||
10348 | [69.28.171.26](https://vuldb.com/?ip.69.28.171.26) | fr4.frf.llnw.net | - | High
|
||||
10349 | [69.28.172.20](https://vuldb.com/?ip.69.28.172.20) | - | - | High
|
||||
10350 | [69.28.172.102](https://vuldb.com/?ip.69.28.172.102) | - | - | High
|
||||
10351 | [69.28.172.104](https://vuldb.com/?ip.69.28.172.104) | - | - | High
|
||||
10352 | [69.28.172.120](https://vuldb.com/?ip.69.28.172.120) | - | - | High
|
||||
10353 | [69.28.172.158](https://vuldb.com/?ip.69.28.172.158) | - | - | High
|
||||
10354 | [69.28.172.202](https://vuldb.com/?ip.69.28.172.202) | tge1-4.fr4.fra1.llnw.net | - | High
|
||||
10355 | [69.28.189.161](https://vuldb.com/?ip.69.28.189.161) | tge3-4.fr4.fra1.llnw.net | - | High
|
||||
10356 | [69.28.189.168](https://vuldb.com/?ip.69.28.189.168) | - | - | High
|
||||
10357 | [69.28.189.177](https://vuldb.com/?ip.69.28.189.177) | - | - | High
|
||||
10358 | [69.31.10.192](https://vuldb.com/?ip.69.31.10.192) | . | - | High
|
||||
10359 | [69.31.10.224](https://vuldb.com/?ip.69.31.10.224) | . | - | High
|
||||
10360 | [69.31.50.0](https://vuldb.com/?ip.69.31.50.0) | - | - | High
|
||||
10361 | [69.36.134.18](https://vuldb.com/?ip.69.36.134.18) | - | - | High
|
||||
10362 | [69.50.228.0](https://vuldb.com/?ip.69.50.228.0) | - | - | High
|
||||
10363 | [69.52.72.0](https://vuldb.com/?ip.69.52.72.0) | - | - | High
|
||||
10364 | [69.58.90.0](https://vuldb.com/?ip.69.58.90.0) | host-69-58-90-0.static.sprious.com | - | High
|
||||
10365 | [69.59.248.0](https://vuldb.com/?ip.69.59.248.0) | - | - | High
|
||||
10366 | [69.64.45.240](https://vuldb.com/?ip.69.64.45.240) | static-ip-69-64-45-240.inaddr.ip-pool.com | - | High
|
||||
10367 | [69.64.244.0](https://vuldb.com/?ip.69.64.244.0) | - | - | High
|
||||
10368 | [69.64.245.0](https://vuldb.com/?ip.69.64.245.0) | - | - | High
|
||||
10369 | [69.67.33.95](https://vuldb.com/?ip.69.67.33.95) | - | - | High
|
||||
10370 | [69.67.35.40](https://vuldb.com/?ip.69.67.35.40) | de-frk-ipa-1.cmcnetworks.net | - | High
|
||||
10371 | [69.67.35.82](https://vuldb.com/?ip.69.67.35.82) | - | - | High
|
||||
10372 | [69.67.35.137](https://vuldb.com/?ip.69.67.35.137) | - | - | High
|
||||
10373 | [69.67.35.190](https://vuldb.com/?ip.69.67.35.190) | - | - | High
|
||||
10374 | [69.67.35.197](https://vuldb.com/?ip.69.67.35.197) | - | - | High
|
||||
10375 | ... | ... | ... | ...
|
||||
10105 | ... | ... | ... | ...
|
||||
|
||||
There are 41498 more IOC items available. Please use our online service to access the data.
|
||||
There are 40417 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -10405,7 +10135,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-35, CWE-37, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-29, CWE-36, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
|
@ -10420,75 +10150,64 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/admin.php/update/getFile.html` | High
|
||||
3 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
4 | File | `/admin/?setting-base.htm` | High
|
||||
5 | File | `/admin/cashadvance_row.php` | High
|
||||
6 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/products/manage_product.php` | High
|
||||
9 | File | `/admin/report/index.php` | High
|
||||
10 | File | `/admin/sales/view_details.php` | High
|
||||
11 | File | `/admin/scheprofile.cgi` | High
|
||||
12 | File | `/admin/userprofile.php` | High
|
||||
13 | File | `/api/blade-log/api/list` | High
|
||||
14 | File | `/api/v2/cli/commands` | High
|
||||
15 | File | `/cgi-bin/activate.cgi` | High
|
||||
16 | File | `/cgi-bin/kerbynet` | High
|
||||
17 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
18 | File | `/cgi-bin/ping.cgi` | High
|
||||
19 | File | `/cgi-bin/wapopen` | High
|
||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
21 | File | `/classes/Master.php` | High
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
6 | File | `/admin/edit_subject.php` | High
|
||||
7 | File | `/admin/index.php` | High
|
||||
8 | File | `/admin/scheprofile.cgi` | High
|
||||
9 | File | `/ajax.php?action=read_msg` | High
|
||||
10 | File | `/api/stl/actions/search` | High
|
||||
11 | File | `/api/upload.php` | High
|
||||
12 | File | `/api/v1/snapshots` | High
|
||||
13 | File | `/application/common.php#action_log` | High
|
||||
14 | File | `/bin/ate` | Medium
|
||||
15 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
16 | File | `/cgi-bin` | Medium
|
||||
17 | File | `/cgi-bin/adm.cgi` | High
|
||||
18 | File | `/cgi-bin/kerbynet` | High
|
||||
19 | File | `/cgi-bin/ping.cgi` | High
|
||||
20 | File | `/cgi-bin/wapopen` | High
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/classes/Master.php?f=delete_service` | High
|
||||
23 | File | `/classes/Master.php?f=save_course` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/dev/shm` | Medium
|
||||
23 | File | `/classes/Users.php?f=save` | High
|
||||
24 | File | `/dev/shm` | Medium
|
||||
25 | File | `/dishes.php` | Medium
|
||||
26 | File | `/dosen/data` | Medium
|
||||
27 | File | `/eval/admin/manage_class.php` | High
|
||||
28 | File | `/export` | Low
|
||||
29 | File | `/feeds/post/publish` | High
|
||||
30 | File | `/forum/away.php` | High
|
||||
31 | File | `/inc/topBarNav.php` | High
|
||||
32 | File | `/index.php/archives/1/comment` | High
|
||||
33 | File | `/Items/*/RemoteImages/Download` | High
|
||||
34 | File | `/jurusan/data` | High
|
||||
35 | File | `/mahasiswa/data` | High
|
||||
36 | File | `/messageboard/view.php` | High
|
||||
37 | File | `/modules/projects/vw_files.php` | High
|
||||
38 | File | `/opac/Actions.php?a=login` | High
|
||||
39 | File | `/osm/REGISTER.cmd` | High
|
||||
40 | File | `/proxy` | Low
|
||||
41 | File | `/reservation/add_message.php` | High
|
||||
42 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
43 | File | `/servlet/webacc` | High
|
||||
44 | File | `/textpattern/index.php` | High
|
||||
45 | File | `/ueditor/net/controller.ashx?action=catchimage` | High
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/upload` | Low
|
||||
48 | File | `/user/updatePwd` | High
|
||||
49 | File | `/v2/#/` | Low
|
||||
50 | File | `/v2/customerdb/operator.svc/a` | High
|
||||
51 | File | `/v2/_catalog` | Medium
|
||||
52 | File | `/vaccinated/admin/maintenance/manage_location.php` | High
|
||||
53 | File | `/var/log/webfsd.log` | High
|
||||
54 | File | `/xxl-job-admin/user/add` | High
|
||||
55 | File | `20review.asp` | Medium
|
||||
56 | File | `?page=about` | Medium
|
||||
57 | File | `a-forms.php` | Medium
|
||||
58 | File | `account.asp` | Medium
|
||||
59 | File | `adclick.php` | Medium
|
||||
60 | File | `additem.asp` | Medium
|
||||
61 | File | `admin.a6mambocredits.php` | High
|
||||
62 | File | `admin.cropcanvas.php` | High
|
||||
63 | File | `admin.jcomments.php` | High
|
||||
64 | File | `admin.joomlaradiov5.php` | High
|
||||
65 | File | `admin.php` | Medium
|
||||
66 | File | `admin.php/index/upload because app/common/service/UploadService.php` | High
|
||||
67 | ... | ... | ...
|
||||
27 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
28 | File | `/Electron/download` | High
|
||||
29 | File | `/env` | Low
|
||||
30 | File | `/eval/admin/manage_class.php` | High
|
||||
31 | File | `/export` | Low
|
||||
32 | File | `/feeds/post/publish` | High
|
||||
33 | File | `/forum/away.php` | High
|
||||
34 | File | `/goForm/aspForm` | High
|
||||
35 | File | `/goform/RgDdns` | High
|
||||
36 | File | `/goform/RGFirewallEL` | High
|
||||
37 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
38 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
39 | File | `/index.php?page=category_list` | High
|
||||
40 | File | `/index/user/user_edit.html` | High
|
||||
41 | File | `/jobinfo/` | Medium
|
||||
42 | File | `/jurusan/data` | High
|
||||
43 | File | `/kelasdosen/data` | High
|
||||
44 | File | `/login.php` | Medium
|
||||
45 | File | `/mahasiswa/data` | High
|
||||
46 | File | `/Moosikay/order.php` | High
|
||||
47 | File | `/opac/Actions.php?a=login` | High
|
||||
48 | File | `/osm/REGISTER.cmd` | High
|
||||
49 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
50 | File | `/PreviewHandler.ashx` | High
|
||||
51 | File | `/reservation/add_message.php` | High
|
||||
52 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
53 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
54 | File | `/send_order.cgi?parameter=restart` | High
|
||||
55 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 585 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 485 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -101,8 +101,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -137,20 +136,21 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/forum/PostPrivateMessage` | High
|
||||
25 | File | `/goform/addressNat` | High
|
||||
26 | File | `/goform/setmac` | High
|
||||
27 | File | `/goform/setMacFilterCfg` | High
|
||||
28 | File | `/HNAP1` | Low
|
||||
29 | File | `/HNAP1/SetClientInfo` | High
|
||||
30 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
31 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
32 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
33 | File | `/kelasdosen/data` | High
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
35 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
36 | File | `/net-banking/customer_transactions.php` | High
|
||||
37 | ... | ... | ...
|
||||
26 | File | `/goform/AdvSetLanip` | High
|
||||
27 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
28 | File | `/goform/setmac` | High
|
||||
29 | File | `/goform/setMacFilterCfg` | High
|
||||
30 | File | `/goform/SetSysTimeCfg` | High
|
||||
31 | File | `/goform/set_LimitClient_cfg` | High
|
||||
32 | File | `/goform/WifiGuestSet` | High
|
||||
33 | File | `/HNAP1` | Low
|
||||
34 | File | `/HNAP1/SetClientInfo` | High
|
||||
35 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
36 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
37 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 330 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,57 @@
|
|||
# Ghostminer - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ghostminer](https://vuldb.com/?actor.ghostminer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ghostminer](https://vuldb.com/?actor.ghostminer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Ghostminer:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Ghostminer.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [103.105.59.68](https://vuldb.com/?ip.103.105.59.68) | - | - | High
|
||||
2 | [118.24.63.208](https://vuldb.com/?ip.118.24.63.208) | - | - | High
|
||||
3 | [123.59.68.172](https://vuldb.com/?ip.123.59.68.172) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Ghostminer_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Ghostminer. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `data/gbconfiguration.dat` | High
|
||||
2 | File | `gdk/gdkcairo.c` | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.trendmicro.com/trendlabs-security-intelligence/fileless-cryptocurrency-miner-ghostminer-weaponizes-wmi-objects-kills-other-cryptocurrency-mining-payloads/
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Golang - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Golang](https://vuldb.com/?actor.golang). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.golang](https://vuldb.com/?actor.golang)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Golang.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.fortinet.com/blog/threat-research/new-golang-ransomware-targeting-linux-systems.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grizzly Steppe:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -158,9 +158,9 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -184,39 +184,41 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `/admin/maintenance/view_designation.php` | High
|
||||
12 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
13 | File | `/admin/orders/update_status.php` | High
|
||||
14 | File | `/admin/service.php` | High
|
||||
15 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
16 | File | `/admin/transactions/track_shipment.php` | High
|
||||
17 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
18 | File | `/alphaware/summary.php` | High
|
||||
19 | File | `/api/` | Low
|
||||
20 | File | `/api/admin/store/product/list` | High
|
||||
21 | File | `/api/stl/actions/search` | High
|
||||
22 | File | `/api/v2/cli/commands` | High
|
||||
23 | File | `/api2/html/` | Medium
|
||||
24 | File | `/boat/login.php` | High
|
||||
25 | File | `/bsms_ci/index.php/book` | High
|
||||
26 | File | `/cgi-bin` | Medium
|
||||
27 | File | `/cgi-bin/nightled.cgi` | High
|
||||
28 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
29 | File | `/check` | Low
|
||||
30 | File | `/churchcrm/v2/family/not-found` | High
|
||||
31 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
32 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
33 | File | `/CPE` | Low
|
||||
34 | File | `/debug/pprof` | Medium
|
||||
35 | File | `/etc/pki/pesign` | High
|
||||
36 | File | `/file_manager/admin/save_user.php` | High
|
||||
37 | File | `/forum/away.php` | High
|
||||
38 | File | `/goform/aspForm` | High
|
||||
39 | File | `/goform/SetFirewallCfg` | High
|
||||
40 | File | `/inc/topBarNav.php` | High
|
||||
41 | File | `/iwgallery/pictures/details.asp` | High
|
||||
42 | File | `/jurusan/data` | High
|
||||
43 | File | `/kelasdosen/data` | High
|
||||
44 | ... | ... | ...
|
||||
14 | File | `/admin/reportupload.aspx` | High
|
||||
15 | File | `/admin/service.php` | High
|
||||
16 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
17 | File | `/admin/transactions/track_shipment.php` | High
|
||||
18 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
19 | File | `/alphaware/summary.php` | High
|
||||
20 | File | `/api/` | Low
|
||||
21 | File | `/api/admin/store/product/list` | High
|
||||
22 | File | `/api/crontab` | Medium
|
||||
23 | File | `/api/stl/actions/search` | High
|
||||
24 | File | `/api/v2/cli/commands` | High
|
||||
25 | File | `/api2/html/` | Medium
|
||||
26 | File | `/archibus/login.axvw` | High
|
||||
27 | File | `/bin/ate` | Medium
|
||||
28 | File | `/boat/login.php` | High
|
||||
29 | File | `/cgi-bin` | Medium
|
||||
30 | File | `/cgi-bin/nightled.cgi` | High
|
||||
31 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
32 | File | `/check` | Low
|
||||
33 | File | `/churchcrm/v2/family/not-found` | High
|
||||
34 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
35 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
36 | File | `/CPE` | Low
|
||||
37 | File | `/debug/pprof` | Medium
|
||||
38 | File | `/env` | Low
|
||||
39 | File | `/etc/pki/pesign` | High
|
||||
40 | File | `/file_manager/admin/save_user.php` | High
|
||||
41 | File | `/forum/away.php` | High
|
||||
42 | File | `/goform/aspForm` | High
|
||||
43 | File | `/goform/SetFirewallCfg` | High
|
||||
44 | File | `/inc/topBarNav.php` | High
|
||||
45 | File | `/iwgallery/pictures/details.asp` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 380 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 402 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
# Hermes 2.1 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hermes 2.1](https://vuldb.com/?actor.hermes_2.1). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hermes_2.1](https://vuldb.com/?actor.hermes_2.1)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hermes 2.1:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Hermes 2.1.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [47.254.202.63](https://vuldb.com/?ip.47.254.202.63) | - | - | High
|
||||
2 | [205.185.121.209](https://vuldb.com/?ip.205.185.121.209) | THIS-IS-A-TOR-EXIT.COM | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Hermes 2.1_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Hermes 2.1. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
2 | File | `/mgmt/tm/util/bash` | High
|
||||
3 | File | `api/settings/values` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -54,7 +54,7 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/rapi/read_url` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 38 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 40 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -67,45 +67,47 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
44 | [31.214.157.31](https://vuldb.com/?ip.31.214.157.31) | vm12150.ru | - | High
|
||||
45 | [31.214.157.160](https://vuldb.com/?ip.31.214.157.160) | elijah-nascent.specbowel.net | - | High
|
||||
46 | [37.10.71.114](https://vuldb.com/?ip.37.10.71.114) | - | - | High
|
||||
47 | [37.120.206.70](https://vuldb.com/?ip.37.120.206.70) | - | - | High
|
||||
48 | [37.120.206.119](https://vuldb.com/?ip.37.120.206.119) | - | - | High
|
||||
49 | [37.120.222.138](https://vuldb.com/?ip.37.120.222.138) | - | - | High
|
||||
50 | [37.120.222.178](https://vuldb.com/?ip.37.120.222.178) | - | - | High
|
||||
51 | [37.120.222.188](https://vuldb.com/?ip.37.120.222.188) | - | - | High
|
||||
52 | [37.120.239.178](https://vuldb.com/?ip.37.120.239.178) | - | - | High
|
||||
53 | [45.9.20.245](https://vuldb.com/?ip.45.9.20.245) | - | - | High
|
||||
54 | [45.11.180.140](https://vuldb.com/?ip.45.11.180.140) | boab-exchange.stuffbent.net | - | High
|
||||
55 | [45.11.180.178](https://vuldb.com/?ip.45.11.180.178) | pleased-process.eitherbar.com | - | High
|
||||
56 | [45.11.181.28](https://vuldb.com/?ip.45.11.181.28) | sourengine.com | - | High
|
||||
57 | [45.11.181.122](https://vuldb.com/?ip.45.11.181.122) | - | - | High
|
||||
58 | [45.11.182.30](https://vuldb.com/?ip.45.11.182.30) | - | - | High
|
||||
59 | [45.11.182.165](https://vuldb.com/?ip.45.11.182.165) | - | - | High
|
||||
60 | [45.11.182.208](https://vuldb.com/?ip.45.11.182.208) | - | - | High
|
||||
61 | [45.11.183.24](https://vuldb.com/?ip.45.11.183.24) | - | - | High
|
||||
62 | [45.67.230.16](https://vuldb.com/?ip.45.67.230.16) | vm1300397.stark-industries.solutions | - | High
|
||||
63 | [45.89.67.190](https://vuldb.com/?ip.45.89.67.190) | 13ipv6.ok | - | High
|
||||
64 | [45.89.189.6](https://vuldb.com/?ip.45.89.189.6) | vds125341.mgnhost.com | - | High
|
||||
65 | [45.89.189.7](https://vuldb.com/?ip.45.89.189.7) | vds123455.mgn-host.ru | - | High
|
||||
66 | [45.89.230.121](https://vuldb.com/?ip.45.89.230.121) | - | - | High
|
||||
67 | [45.90.57.19](https://vuldb.com/?ip.45.90.57.19) | kuzina.val.pserver.ru | - | High
|
||||
68 | [45.90.58.37](https://vuldb.com/?ip.45.90.58.37) | vps.hostry.com | - | High
|
||||
69 | [45.130.147.89](https://vuldb.com/?ip.45.130.147.89) | lao89.nengtanyun.cn | - | High
|
||||
70 | [45.130.151.190](https://vuldb.com/?ip.45.130.151.190) | 526204.msk-kvm.ru | - | High
|
||||
71 | [45.130.151.191](https://vuldb.com/?ip.45.130.151.191) | godaddy.com | - | High
|
||||
72 | [45.130.151.195](https://vuldb.com/?ip.45.130.151.195) | 533873.msk-kvm.ru | - | High
|
||||
73 | [45.130.151.199](https://vuldb.com/?ip.45.130.151.199) | 515904.msk-kvm.ru | - | High
|
||||
74 | [45.140.167.95](https://vuldb.com/?ip.45.140.167.95) | - | - | High
|
||||
75 | [45.147.200.47](https://vuldb.com/?ip.45.147.200.47) | mail.ofsekck.cn | - | High
|
||||
76 | [45.153.230.139](https://vuldb.com/?ip.45.153.230.139) | vm247045.pq.hosting | - | High
|
||||
77 | [45.155.249.47](https://vuldb.com/?ip.45.155.249.47) | - | - | High
|
||||
78 | [45.155.249.49](https://vuldb.com/?ip.45.155.249.49) | - | - | High
|
||||
79 | [45.155.249.65](https://vuldb.com/?ip.45.155.249.65) | - | - | High
|
||||
80 | [45.155.249.66](https://vuldb.com/?ip.45.155.249.66) | - | - | High
|
||||
81 | [45.155.249.91](https://vuldb.com/?ip.45.155.249.91) | - | - | High
|
||||
82 | [45.155.249.94](https://vuldb.com/?ip.45.155.249.94) | - | - | High
|
||||
83 | ... | ... | ... | ...
|
||||
47 | [37.46.130.155](https://vuldb.com/?ip.37.46.130.155) | sunchronize00work032.ispvds.com | - | High
|
||||
48 | [37.120.206.70](https://vuldb.com/?ip.37.120.206.70) | - | - | High
|
||||
49 | [37.120.206.119](https://vuldb.com/?ip.37.120.206.119) | - | - | High
|
||||
50 | [37.120.222.138](https://vuldb.com/?ip.37.120.222.138) | - | - | High
|
||||
51 | [37.120.222.178](https://vuldb.com/?ip.37.120.222.178) | - | - | High
|
||||
52 | [37.120.222.188](https://vuldb.com/?ip.37.120.222.188) | - | - | High
|
||||
53 | [37.120.239.178](https://vuldb.com/?ip.37.120.239.178) | - | - | High
|
||||
54 | [45.9.20.245](https://vuldb.com/?ip.45.9.20.245) | - | - | High
|
||||
55 | [45.11.180.140](https://vuldb.com/?ip.45.11.180.140) | boab-exchange.stuffbent.net | - | High
|
||||
56 | [45.11.180.178](https://vuldb.com/?ip.45.11.180.178) | pleased-process.eitherbar.com | - | High
|
||||
57 | [45.11.181.28](https://vuldb.com/?ip.45.11.181.28) | sourengine.com | - | High
|
||||
58 | [45.11.181.122](https://vuldb.com/?ip.45.11.181.122) | - | - | High
|
||||
59 | [45.11.182.30](https://vuldb.com/?ip.45.11.182.30) | - | - | High
|
||||
60 | [45.11.182.165](https://vuldb.com/?ip.45.11.182.165) | - | - | High
|
||||
61 | [45.11.182.208](https://vuldb.com/?ip.45.11.182.208) | - | - | High
|
||||
62 | [45.11.183.24](https://vuldb.com/?ip.45.11.183.24) | - | - | High
|
||||
63 | [45.67.230.16](https://vuldb.com/?ip.45.67.230.16) | vm1300397.stark-industries.solutions | - | High
|
||||
64 | [45.89.67.190](https://vuldb.com/?ip.45.89.67.190) | 13ipv6.ok | - | High
|
||||
65 | [45.89.189.6](https://vuldb.com/?ip.45.89.189.6) | vds125341.mgnhost.com | - | High
|
||||
66 | [45.89.189.7](https://vuldb.com/?ip.45.89.189.7) | vds123455.mgn-host.ru | - | High
|
||||
67 | [45.89.230.121](https://vuldb.com/?ip.45.89.230.121) | - | - | High
|
||||
68 | [45.90.57.19](https://vuldb.com/?ip.45.90.57.19) | kuzina.val.pserver.ru | - | High
|
||||
69 | [45.90.58.37](https://vuldb.com/?ip.45.90.58.37) | vps.hostry.com | - | High
|
||||
70 | [45.130.147.89](https://vuldb.com/?ip.45.130.147.89) | lao89.nengtanyun.cn | - | High
|
||||
71 | [45.130.151.190](https://vuldb.com/?ip.45.130.151.190) | 526204.msk-kvm.ru | - | High
|
||||
72 | [45.130.151.191](https://vuldb.com/?ip.45.130.151.191) | godaddy.com | - | High
|
||||
73 | [45.130.151.195](https://vuldb.com/?ip.45.130.151.195) | 533873.msk-kvm.ru | - | High
|
||||
74 | [45.130.151.199](https://vuldb.com/?ip.45.130.151.199) | 515904.msk-kvm.ru | - | High
|
||||
75 | [45.140.167.95](https://vuldb.com/?ip.45.140.167.95) | - | - | High
|
||||
76 | [45.147.200.47](https://vuldb.com/?ip.45.147.200.47) | mail.ofsekck.cn | - | High
|
||||
77 | [45.153.230.139](https://vuldb.com/?ip.45.153.230.139) | vm247045.pq.hosting | - | High
|
||||
78 | [45.155.249.47](https://vuldb.com/?ip.45.155.249.47) | - | - | High
|
||||
79 | [45.155.249.49](https://vuldb.com/?ip.45.155.249.49) | - | - | High
|
||||
80 | [45.155.249.65](https://vuldb.com/?ip.45.155.249.65) | - | - | High
|
||||
81 | [45.155.249.66](https://vuldb.com/?ip.45.155.249.66) | - | - | High
|
||||
82 | [45.155.249.91](https://vuldb.com/?ip.45.155.249.91) | - | - | High
|
||||
83 | [45.155.249.94](https://vuldb.com/?ip.45.155.249.94) | - | - | High
|
||||
84 | [45.155.249.129](https://vuldb.com/?ip.45.155.249.129) | - | - | High
|
||||
85 | ... | ... | ... | ...
|
||||
|
||||
There are 330 more IOC items available. Please use our online service to access the data.
|
||||
There are 338 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -145,7 +147,7 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/owa/auth/logon.aspx` | High
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 127 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 128 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -191,6 +193,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://twitter.com/JAMESWT_MHT/status/1637767016692973570
|
||||
* https://twitter.com/JAMESWT_MHT/status/1639161112405975042
|
||||
* https://twitter.com/JAMESWT_MHT/status/1641002609765916672
|
||||
* https://twitter.com/JAMESWT_MHT/status/1671438225838161920
|
||||
* https://twitter.com/luc4m/status/1555095048122949632
|
||||
* https://twitter.com/reecdeep/status/1414873034234679296
|
||||
* https://twitter.com/reecdeep/status/1414878988103790593
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Indexsinas:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [NZ](https://vuldb.com/?country.nz)
|
||||
* [HK](https://vuldb.com/?country.hk)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -287,13 +287,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-29 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -301,27 +302,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/?page=user/list` | High
|
||||
2 | File | `/admin/ajax.php?action=save_area` | High
|
||||
3 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
4 | File | `/admin/modal_add_product.php` | High
|
||||
5 | File | `/admin/reportupload.aspx` | High
|
||||
6 | File | `/admin/update_s6.php` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/ajax.php?action=save_company` | High
|
||||
9 | File | `/api/user/password/sent-reset-email` | High
|
||||
10 | File | `/bin/login` | Medium
|
||||
11 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
12 | File | `/cgi-bin/upload_vpntar` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/data/remove` | Medium
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
1 | File | `/admin/addproduct.php` | High
|
||||
2 | File | `/admin/modal_add_product.php` | High
|
||||
3 | File | `/ajax.php?action=read_msg` | High
|
||||
4 | File | `/api/user/password/sent-reset-email` | High
|
||||
5 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
6 | File | `/authenticationendpoint/login.do` | High
|
||||
7 | File | `/bin/login` | Medium
|
||||
8 | File | `/bsms_ci/index.php` | High
|
||||
9 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
10 | File | `/cgi-bin/luci` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/changeimage.php` | High
|
||||
13 | File | `/classes/Users.php?f=save` | High
|
||||
14 | File | `/download` | Medium
|
||||
15 | File | `/DXR.axd` | Medium
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/hrm/controller/employee.php` | High
|
||||
17 | File | `/HNAP1` | Low
|
||||
18 | File | `/hrm/employeeadd.php` | High
|
||||
19 | ... | ... | ...
|
||||
19 | File | `/link/` | Low
|
||||
20 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
21 | File | `/mc` | Low
|
||||
22 | File | `/owa/auth/logon.aspx` | High
|
||||
23 | File | `/php-inventory-management-system/product.php` | High
|
||||
24 | File | `/send_order.cgi?parameter=restart` | High
|
||||
25 | File | `/spip.php` | Medium
|
||||
26 | File | `/tmp/boa-temp` | High
|
||||
27 | File | `/userfs/bin/tcapi` | High
|
||||
28 | File | `/var/log/nginx` | High
|
||||
29 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
30 | File | `/vendor/views/add_product.php` | High
|
||||
31 | File | `/wp-admin/admin-ajax.php` | High
|
||||
32 | File | `?r=dashboard/approval/del` | High
|
||||
33 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 151 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -17,10 +17,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [MN](https://vuldb.com/?country.mn)
|
||||
* [KR](https://vuldb.com/?country.kr)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -36,9 +36,12 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
6 | [27.102.114.63](https://vuldb.com/?ip.27.102.114.63) | - | - | High
|
||||
7 | [27.102.114.79](https://vuldb.com/?ip.27.102.114.79) | - | - | High
|
||||
8 | [27.102.114.89](https://vuldb.com/?ip.27.102.114.89) | - | AppleSeed | High
|
||||
9 | ... | ... | ... | ...
|
||||
9 | [27.102.127.240](https://vuldb.com/?ip.27.102.127.240) | - | - | High
|
||||
10 | [27.102.128.169](https://vuldb.com/?ip.27.102.128.169) | - | - | High
|
||||
11 | [27.255.79.204](https://vuldb.com/?ip.27.255.79.204) | - | - | High
|
||||
12 | ... | ... | ... | ...
|
||||
|
||||
There are 33 more IOC items available. Please use our online service to access the data.
|
||||
There are 45 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -46,14 +49,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,35 +64,51 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/?/admin/snippet/add` | High
|
||||
3 | File | `/api/upload` | Medium
|
||||
4 | File | `/assets/something/services/AppModule.class` | High
|
||||
5 | File | `/bin/false` | Medium
|
||||
6 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
7 | File | `/cgi-bin/webproc` | High
|
||||
8 | File | `/editsettings` | High
|
||||
9 | File | `/expert_wizard.php` | High
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/images/browserslide.jpg` | High
|
||||
12 | File | `/includes/lib/get.php` | High
|
||||
13 | File | `/lists/index.php` | High
|
||||
14 | File | `/login` | Low
|
||||
15 | File | `/main?cmd=invalid_browser` | High
|
||||
16 | File | `/manager?action=getlogcat` | High
|
||||
17 | File | `/mc` | Low
|
||||
18 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
19 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
20 | File | `/public/plugins/` | High
|
||||
21 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
|
||||
22 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
23 | File | `/scas/admin/` | Medium
|
||||
24 | File | `/static/ueditor/php/controller.php` | High
|
||||
25 | File | `/tlogin.cgi` | Medium
|
||||
26 | File | `/tmp/scfgdndf` | High
|
||||
27 | ... | ... | ...
|
||||
1 | File | `%PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/?/admin/snippet/add` | High
|
||||
4 | File | `/admin/categories/manage_category.php` | High
|
||||
5 | File | `/admin/categories/view_category.php` | High
|
||||
6 | File | `/admin/index.php` | High
|
||||
7 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
8 | File | `/admin/manage_academic.php` | High
|
||||
9 | File | `/admin/orders/update_status.php` | High
|
||||
10 | File | `/admin/products/manage_product.php` | High
|
||||
11 | File | `/admin/products/view_product.php` | High
|
||||
12 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
13 | File | `/admin/sales/manage_sale.php` | High
|
||||
14 | File | `/admin/sales/view_details.php` | High
|
||||
15 | File | `/admin/services/manage_service.php` | High
|
||||
16 | File | `/admin/user/manage_user.php` | High
|
||||
17 | File | `/api/` | Low
|
||||
18 | File | `/api/upload` | Medium
|
||||
19 | File | `/assets/something/services/AppModule.class` | High
|
||||
20 | File | `/bin/false` | Medium
|
||||
21 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
22 | File | `/cgi-bin/webproc` | High
|
||||
23 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
24 | File | `/classes/Master.php?f=save_service` | High
|
||||
25 | File | `/classes/Users.php` | High
|
||||
26 | File | `/editsettings` | High
|
||||
27 | File | `/expert_wizard.php` | High
|
||||
28 | File | `/export` | Low
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/function/login.php` | High
|
||||
31 | File | `/images/browserslide.jpg` | High
|
||||
32 | File | `/includes/lib/get.php` | High
|
||||
33 | File | `/lists/index.php` | High
|
||||
34 | File | `/login` | Low
|
||||
35 | File | `/main?cmd=invalid_browser` | High
|
||||
36 | File | `/manager?action=getlogcat` | High
|
||||
37 | File | `/mc` | Low
|
||||
38 | File | `/mgmt/tm/util/bash` | High
|
||||
39 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
40 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
41 | File | `/public/plugins/` | High
|
||||
42 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 227 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 374 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -103,8 +122,10 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://github.com/blackorbird/APT_REPORT/blob/master/kimsuky/Kimsuky%20APT%20Group%20targeted%20on%20South%20Korean%20defense%20and%20security%20departments.pdf
|
||||
* https://github.com/blackorbird/APT_REPORT/tree/master/kimsuky
|
||||
* https://github.com/eset/malware-ioc/tree/master/kimsuky/hotdoge_donutcat_case
|
||||
* https://threatfox.abuse.ch
|
||||
* https://twitter.com/shadowchasing1/status/1500778382966939653
|
||||
* https://twitter.com/souiten/status/1473862308132651011
|
||||
* https://www.sentinelone.com/labs/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -112,29 +112,29 @@ ID | Type | Indicator | Confidence
|
|||
42 | File | `/vendor` | Low
|
||||
43 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
44 | File | `/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2` | High
|
||||
45 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
|
||||
46 | File | `/zm/index.php` | High
|
||||
47 | File | `a-b-membres.php` | High
|
||||
48 | File | `actions.php` | Medium
|
||||
49 | File | `adclick.php` | Medium
|
||||
50 | File | `add.php` | Low
|
||||
51 | File | `addtocart.asp` | High
|
||||
52 | File | `add_2_basket.asp` | High
|
||||
53 | File | `add_comment.php` | High
|
||||
54 | File | `add_edit_cat.asp` | High
|
||||
55 | File | `admin.jcomments.php` | High
|
||||
56 | File | `admin.php` | Medium
|
||||
57 | File | `admin.php/comments/batchdel/` | High
|
||||
58 | File | `admin/aboutus.php` | High
|
||||
59 | File | `admin/adm/test.php` | High
|
||||
60 | File | `admin/article_save.php` | High
|
||||
61 | File | `admin/bitrix.mpbuilder_step2.php` | High
|
||||
62 | File | `admin/conf_users_edit.php` | High
|
||||
63 | File | `admin/vqmods.app/vqmods.inc.php` | High
|
||||
64 | File | `adminer.php` | Medium
|
||||
45 | File | `/zm/index.php` | High
|
||||
46 | File | `a-b-membres.php` | High
|
||||
47 | File | `actions.php` | Medium
|
||||
48 | File | `adclick.php` | Medium
|
||||
49 | File | `add.php` | Low
|
||||
50 | File | `addtocart.asp` | High
|
||||
51 | File | `add_2_basket.asp` | High
|
||||
52 | File | `add_comment.php` | High
|
||||
53 | File | `add_edit_cat.asp` | High
|
||||
54 | File | `admin.jcomments.php` | High
|
||||
55 | File | `admin.php` | Medium
|
||||
56 | File | `admin.php/comments/batchdel/` | High
|
||||
57 | File | `admin/aboutus.php` | High
|
||||
58 | File | `admin/adm/test.php` | High
|
||||
59 | File | `admin/article_save.php` | High
|
||||
60 | File | `admin/bitrix.mpbuilder_step2.php` | High
|
||||
61 | File | `admin/conf_users_edit.php` | High
|
||||
62 | File | `admin/vqmods.app/vqmods.inc.php` | High
|
||||
63 | File | `adminer.php` | Medium
|
||||
64 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
65 | ... | ... | ...
|
||||
|
||||
There are 567 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 565 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,109 @@
|
|||
# Kraken 2.0 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Kraken 2.0](https://vuldb.com/?actor.kraken_2.0). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.kraken_2.0](https://vuldb.com/?actor.kraken_2.0)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kraken 2.0:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Kraken 2.0.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [127.0.0.1](https://vuldb.com/?ip.127.0.0.1) | localhost | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Kraken 2.0_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Kraken 2.0. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin/upload/upload` | High
|
||||
3 | File | `/api/gen/clients/{language}` | High
|
||||
4 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
5 | File | `/config/getuser` | High
|
||||
6 | File | `/config/myfield/test.php` | High
|
||||
7 | File | `/debug/pprof` | Medium
|
||||
8 | File | `/ecshop/admin/template.php` | High
|
||||
9 | File | `/example/editor` | High
|
||||
10 | File | `/file/upload/1` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/forum/PostPrivateMessage` | High
|
||||
13 | File | `/HNAP1` | Low
|
||||
14 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
15 | File | `/iu-application/controllers/administration/auth.php` | High
|
||||
16 | File | `/Kofax/KFS/ThinClient/document/upload/` | High
|
||||
17 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
18 | File | `/net-banking/customer_transactions.php` | High
|
||||
19 | File | `/obs/book.php` | High
|
||||
20 | File | `/ossn/administrator/com_installer` | High
|
||||
21 | File | `/owa/auth/logon.aspx` | High
|
||||
22 | File | `/pms/update_user.php?user_id=1` | High
|
||||
23 | File | `/requests.php` | High
|
||||
24 | File | `/spip.php` | Medium
|
||||
25 | File | `/sre/params.php` | High
|
||||
26 | File | `/tmp` | Low
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/user/upload/upload` | High
|
||||
29 | File | `/Users` | Low
|
||||
30 | File | `/var/spool/hylafax` | High
|
||||
31 | File | `/vendor` | Low
|
||||
32 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
33 | File | `action/addproject.php` | High
|
||||
34 | File | `adclick.php` | Medium
|
||||
35 | File | `add_contestant.php` | High
|
||||
36 | File | `admin.php` | Medium
|
||||
37 | File | `admin/index.php` | High
|
||||
38 | File | `admin/make_payments.php` | High
|
||||
39 | File | `Advanced_ASUSDDNS_Content.asp` | High
|
||||
40 | File | `af_netlink.c` | Medium
|
||||
41 | File | `album_portal.php` | High
|
||||
42 | File | `api/auth.go` | Medium
|
||||
43 | File | `api_jsonrpc.php` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -52,7 +52,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 12 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 13 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -163,12 +163,9 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
143 | [32.104.64.0](https://vuldb.com/?ip.32.104.64.0) | - | - | High
|
||||
144 | [32.104.66.0](https://vuldb.com/?ip.32.104.66.0) | - | - | High
|
||||
145 | [32.104.68.0](https://vuldb.com/?ip.32.104.68.0) | - | - | High
|
||||
146 | [32.104.72.0](https://vuldb.com/?ip.32.104.72.0) | - | - | High
|
||||
147 | [32.104.80.0](https://vuldb.com/?ip.32.104.80.0) | - | - | High
|
||||
148 | [32.104.96.0](https://vuldb.com/?ip.32.104.96.0) | - | - | High
|
||||
149 | ... | ... | ... | ...
|
||||
146 | ... | ... | ... | ...
|
||||
|
||||
There are 591 more IOC items available. Please use our online service to access the data.
|
||||
There are 580 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
|
@ -0,0 +1,58 @@
|
|||
# Lampion - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Lampion](https://vuldb.com/?actor.lampion). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.lampion](https://vuldb.com/?actor.lampion)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lampion:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Lampion.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [18.219.52.4](https://vuldb.com/?ip.18.219.52.4) | ec2-18-219-52-4.us-east-2.compute.amazonaws.com | - | Medium
|
||||
2 | [100.26.189.49](https://vuldb.com/?ip.100.26.189.49) | ec2-100-26-189-49.compute-1.amazonaws.com | - | Medium
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Lampion_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Lampion. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `administrator/classes/ajax/functions.php` | High
|
||||
2 | File | `coders/jp2.c` | Medium
|
||||
3 | File | `coders/mat.c` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://seguranca-informatica.pt/targeting-portugal-a-new-trojan-lampion-has-spread-using-template-emails-from-the-portuguese-government-finance-tax/#.XgjOH5jhVkz
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -26,7 +26,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -279,7 +279,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -292,29 +292,30 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin/?page=user/list` | High
|
||||
4 | File | `/admin/addproduct.php` | High
|
||||
5 | File | `/admin/ajax.php?action=save_area` | High
|
||||
6 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
7 | File | `/admin/modal_add_product.php` | High
|
||||
8 | File | `/admin/reportupload.aspx` | High
|
||||
9 | File | `/admin/update_s6.php` | High
|
||||
10 | File | `/ajax.php?action=read_msg` | High
|
||||
11 | File | `/ajax.php?action=save_company` | High
|
||||
12 | File | `/bin/login` | Medium
|
||||
13 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
14 | File | `/changeimage.php` | High
|
||||
15 | File | `/classes/Users.php?f=save` | High
|
||||
16 | File | `/DXR.axd` | Medium
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/ghost/preview` | High
|
||||
19 | File | `/Login/CheckLogin` | High
|
||||
20 | File | `/note/index/delete` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/owa/auth/logon.aspx` | High
|
||||
23 | File | `/send_order.cgi?parameter=restart` | High
|
||||
24 | File | `/SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc` | High
|
||||
25 | File | `/SystemManage/Role/GetGridJson?keyword=&page=1&rows=20` | High
|
||||
26 | ... | ... | ...
|
||||
6 | File | `/admin/categories/manage_category.php` | High
|
||||
7 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
8 | File | `/admin/modal_add_product.php` | High
|
||||
9 | File | `/admin/reportupload.aspx` | High
|
||||
10 | File | `/admin/sales/manage_sale.php` | High
|
||||
11 | File | `/admin/update_s6.php` | High
|
||||
12 | File | `/ajax.php?action=read_msg` | High
|
||||
13 | File | `/ajax.php?action=save_company` | High
|
||||
14 | File | `/bin/login` | Medium
|
||||
15 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
16 | File | `/changeimage.php` | High
|
||||
17 | File | `/classes/Users.php?f=save` | High
|
||||
18 | File | `/DXR.axd` | Medium
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/ghost/preview` | High
|
||||
21 | File | `/Login/CheckLogin` | High
|
||||
22 | File | `/note/index/delete` | High
|
||||
23 | File | `/out.php` | Medium
|
||||
24 | File | `/owa/auth/logon.aspx` | High
|
||||
25 | File | `/send_order.cgi?parameter=restart` | High
|
||||
26 | File | `/SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 215 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 228 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,78 @@
|
|||
# LoJax - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LoJax](https://vuldb.com/?actor.lojax). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.lojax](https://vuldb.com/?actor.lojax)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LoJax:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [RE](https://vuldb.com/?country.re)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of LoJax.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.23.82.72](https://vuldb.com/?ip.1.23.82.72) | - | - | High
|
||||
2 | [2.2.82.64](https://vuldb.com/?ip.2.2.82.64) | - | - | High
|
||||
3 | [2.12.51.56](https://vuldb.com/?ip.2.12.51.56) | arennes-655-1-148-56.w2-12.abo.wanadoo.fr | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _LoJax_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by LoJax. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/api/plugin/uninstall` | High
|
||||
3 | File | `/bin/boa` | Medium
|
||||
4 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
|
||||
5 | File | `/goform/SetNetControlList` | High
|
||||
6 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
7 | File | `/hrm/employeeadd.php` | High
|
||||
8 | File | `/jeecg-boot/jmreport/upload` | High
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Locky:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
@ -21,16 +21,88 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.173.164.205](https://vuldb.com/?ip.5.173.164.205) | user-5-173-164-205.play-internet.pl | - | High
|
||||
2 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
3 | [37.187.0.40](https://vuldb.com/?ip.37.187.0.40) | ns3108067.ip-37-187-0.eu | - | High
|
||||
4 | [46.38.52.225](https://vuldb.com/?ip.46.38.52.225) | free.tel.ru | - | High
|
||||
5 | [46.101.8.169](https://vuldb.com/?ip.46.101.8.169) | - | - | High
|
||||
6 | [46.148.20.32](https://vuldb.com/?ip.46.148.20.32) | sa3.net.ua | - | High
|
||||
7 | [46.183.165.45](https://vuldb.com/?ip.46.183.165.45) | - | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
1 | [5.9.253.173](https://vuldb.com/?ip.5.9.253.173) | static.173.253.9.5.clients.your-server.de | - | High
|
||||
2 | [5.34.180.135](https://vuldb.com/?ip.5.34.180.135) | - | - | High
|
||||
3 | [5.34.183.21](https://vuldb.com/?ip.5.34.183.21) | - | - | High
|
||||
4 | [5.34.183.40](https://vuldb.com/?ip.5.34.183.40) | medoc.yura | - | High
|
||||
5 | [5.34.183.136](https://vuldb.com/?ip.5.34.183.136) | unallocated.layer6.net | - | High
|
||||
6 | [5.34.183.195](https://vuldb.com/?ip.5.34.183.195) | unallocated.layer6.net | - | High
|
||||
7 | [5.79.106.152](https://vuldb.com/?ip.5.79.106.152) | - | - | High
|
||||
8 | [5.135.76.18](https://vuldb.com/?ip.5.135.76.18) | ip18.ip-5-135-76.eu | - | High
|
||||
9 | [5.152.199.70](https://vuldb.com/?ip.5.152.199.70) | h5-152-199-70.vds.uapeer.eu | - | High
|
||||
10 | [5.173.164.205](https://vuldb.com/?ip.5.173.164.205) | user-5-173-164-205.play-internet.pl | - | High
|
||||
11 | [5.187.0.137](https://vuldb.com/?ip.5.187.0.137) | 208593.fornex.cloud | - | High
|
||||
12 | [5.187.5.171](https://vuldb.com/?ip.5.187.5.171) | dsde677-11781.fornex.org | - | High
|
||||
13 | [5.188.63.23](https://vuldb.com/?ip.5.188.63.23) | - | - | High
|
||||
14 | [5.188.63.30](https://vuldb.com/?ip.5.188.63.30) | - | - | High
|
||||
15 | [5.196.99.239](https://vuldb.com/?ip.5.196.99.239) | buckwild.fr | - | High
|
||||
16 | [5.196.200.229](https://vuldb.com/?ip.5.196.200.229) | u229.fogileve.com | - | High
|
||||
17 | [5.196.200.247](https://vuldb.com/?ip.5.196.200.247) | - | - | High
|
||||
18 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
19 | [31.41.44.21](https://vuldb.com/?ip.31.41.44.21) | vip-classic.example.com | - | High
|
||||
20 | [31.41.44.45](https://vuldb.com/?ip.31.41.44.45) | lecw3.ru | - | High
|
||||
21 | [31.41.44.130](https://vuldb.com/?ip.31.41.44.130) | free.cishost.ru | - | High
|
||||
22 | [31.41.47.37](https://vuldb.com/?ip.31.41.47.37) | ip.cishost.ru | - | High
|
||||
23 | [31.41.47.41](https://vuldb.com/?ip.31.41.47.41) | 31.41.47.71 | - | High
|
||||
24 | [31.41.47.50](https://vuldb.com/?ip.31.41.47.50) | free.cishost.ru | - | High
|
||||
25 | [31.148.99.188](https://vuldb.com/?ip.31.148.99.188) | - | - | High
|
||||
26 | [31.148.99.241](https://vuldb.com/?ip.31.148.99.241) | - | - | High
|
||||
27 | [31.184.196.74](https://vuldb.com/?ip.31.184.196.74) | murder-selfer.bestvisions.net | - | High
|
||||
28 | [31.184.196.75](https://vuldb.com/?ip.31.184.196.75) | - | - | High
|
||||
29 | [31.184.196.78](https://vuldb.com/?ip.31.184.196.78) | - | - | High
|
||||
30 | [31.184.197.72](https://vuldb.com/?ip.31.184.197.72) | java-signed.blissuser.com | - | High
|
||||
31 | [31.184.197.119](https://vuldb.com/?ip.31.184.197.119) | - | - | High
|
||||
32 | [31.184.197.126](https://vuldb.com/?ip.31.184.197.126) | blissuser.com | - | High
|
||||
33 | [31.184.233.106](https://vuldb.com/?ip.31.184.233.106) | - | - | High
|
||||
34 | [31.202.128.249](https://vuldb.com/?ip.31.202.128.249) | 31-202-128-249-kh.maxnet.ua | - | High
|
||||
35 | [31.202.130.9](https://vuldb.com/?ip.31.202.130.9) | 31-202-130-9-kh.maxnet.ua | - | High
|
||||
36 | [31.210.120.156](https://vuldb.com/?ip.31.210.120.156) | - | - | High
|
||||
37 | [37.46.131.153](https://vuldb.com/?ip.37.46.131.153) | dima1.fvds.ru | - | High
|
||||
38 | [37.139.2.214](https://vuldb.com/?ip.37.139.2.214) | showcase.fm | - | High
|
||||
39 | [37.139.27.52](https://vuldb.com/?ip.37.139.27.52) | - | - | High
|
||||
40 | [37.139.30.95](https://vuldb.com/?ip.37.139.30.95) | - | - | High
|
||||
41 | [37.187.0.40](https://vuldb.com/?ip.37.187.0.40) | ns3108067.ip-37-187-0.eu | - | High
|
||||
42 | [37.235.50.29](https://vuldb.com/?ip.37.235.50.29) | 29.50.235.37.in-addr.arpa | - | High
|
||||
43 | [37.235.53.18](https://vuldb.com/?ip.37.235.53.18) | 18.53.235.37.in-addr.arpa | - | High
|
||||
44 | [37.235.53.210](https://vuldb.com/?ip.37.235.53.210) | 210.53.235.37.in-addr.arpa | - | High
|
||||
45 | [45.55.192.133](https://vuldb.com/?ip.45.55.192.133) | - | - | High
|
||||
46 | [46.4.239.76](https://vuldb.com/?ip.46.4.239.76) | static.76.239.4.46.clients.your-server.de | - | High
|
||||
47 | [46.8.44.39](https://vuldb.com/?ip.46.8.44.39) | - | - | High
|
||||
48 | [46.8.45.18](https://vuldb.com/?ip.46.8.45.18) | - | - | High
|
||||
49 | [46.17.40.234](https://vuldb.com/?ip.46.17.40.234) | castle.uiosdhuy.cn | - | High
|
||||
50 | [46.17.44.153](https://vuldb.com/?ip.46.17.44.153) | cower.enakovach.com | - | High
|
||||
51 | [46.38.52.225](https://vuldb.com/?ip.46.38.52.225) | free.tel.ru | - | High
|
||||
52 | [46.101.8.169](https://vuldb.com/?ip.46.101.8.169) | - | - | High
|
||||
53 | [46.108.39.18](https://vuldb.com/?ip.46.108.39.18) | - | - | High
|
||||
54 | [46.148.20.32](https://vuldb.com/?ip.46.148.20.32) | sa3.net.ua | - | High
|
||||
55 | [46.148.20.46](https://vuldb.com/?ip.46.148.20.46) | ip-46-148-20-46.infiumhost.net | - | High
|
||||
56 | [46.165.253.93](https://vuldb.com/?ip.46.165.253.93) | - | - | High
|
||||
57 | [46.183.165.45](https://vuldb.com/?ip.46.183.165.45) | - | - | High
|
||||
58 | [50.28.211.199](https://vuldb.com/?ip.50.28.211.199) | - | - | High
|
||||
59 | [51.254.19.227](https://vuldb.com/?ip.51.254.19.227) | - | - | High
|
||||
60 | [51.254.55.171](https://vuldb.com/?ip.51.254.55.171) | - | - | High
|
||||
61 | [51.254.181.120](https://vuldb.com/?ip.51.254.181.120) | asiaecampaign.com | - | High
|
||||
62 | [51.254.181.122](https://vuldb.com/?ip.51.254.181.122) | mail2.asiaecampaign.com | - | High
|
||||
63 | [51.254.240.45](https://vuldb.com/?ip.51.254.240.45) | - | - | High
|
||||
64 | [51.254.240.60](https://vuldb.com/?ip.51.254.240.60) | - | - | High
|
||||
65 | [51.254.240.89](https://vuldb.com/?ip.51.254.240.89) | - | - | High
|
||||
66 | [51.255.105.2](https://vuldb.com/?ip.51.255.105.2) | ip2.ip-51-255-105.eu | - | High
|
||||
67 | [51.255.107.8](https://vuldb.com/?ip.51.255.107.8) | - | - | High
|
||||
68 | [51.255.107.10](https://vuldb.com/?ip.51.255.107.10) | - | - | High
|
||||
69 | [51.255.107.20](https://vuldb.com/?ip.51.255.107.20) | - | - | High
|
||||
70 | [51.255.107.37](https://vuldb.com/?ip.51.255.107.37) | ip37.ip-51-255-107.eu | - | High
|
||||
71 | [51.255.172.55](https://vuldb.com/?ip.51.255.172.55) | mail.bdubois.io | - | High
|
||||
72 | [54.67.27.43](https://vuldb.com/?ip.54.67.27.43) | ec2-54-67-27-43.us-west-1.compute.amazonaws.com | - | Medium
|
||||
73 | [62.84.69.75](https://vuldb.com/?ip.62.84.69.75) | FiberLink.69-75.lynx.net.lb | - | High
|
||||
74 | [62.138.11.6](https://vuldb.com/?ip.62.138.11.6) | astra5187.startdedicated.de | - | High
|
||||
75 | [64.22.100.95](https://vuldb.com/?ip.64.22.100.95) | ez22.ez-web-hosting.com | - | High
|
||||
76 | [64.207.144.148](https://vuldb.com/?ip.64.207.144.148) | ip-64-207-144-148.ip.secureserver.net | - | High
|
||||
77 | [66.147.244.210](https://vuldb.com/?ip.66.147.244.210) | box710.bluehost.com | - | High
|
||||
78 | [67.23.226.139](https://vuldb.com/?ip.67.23.226.139) | super.nseasy.com | - | High
|
||||
79 | [67.199.41.9](https://vuldb.com/?ip.67.199.41.9) | - | - | High
|
||||
80 | ... | ... | ... | ...
|
||||
|
||||
There are 27 more IOC items available. Please use our online service to access the data.
|
||||
There are 315 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -38,14 +110,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -53,45 +125,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10` | High
|
||||
2 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
|
||||
3 | File | `.authlie` | Medium
|
||||
4 | File | `.htaccess` | Medium
|
||||
5 | File | `/+CSCOE+/logon.html` | High
|
||||
6 | File | `/admin/settings/sites/new` | High
|
||||
7 | File | `/advanced/adv_dns.xgi` | High
|
||||
8 | File | `/folder/list` | Medium
|
||||
9 | File | `/forms/nslookupHandler` | High
|
||||
10 | File | `/goform/GetNewDir` | High
|
||||
11 | File | `/goform/right_now_d` | High
|
||||
12 | File | `/group/comment` | High
|
||||
13 | File | `/home/home_parent.xgi` | High
|
||||
14 | File | `/inc/HTTPClient.php` | High
|
||||
15 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
16 | File | `/ISAPI/Security/users/1` | High
|
||||
17 | File | `/lookin/info` | Medium
|
||||
18 | File | `/out.php` | Medium
|
||||
19 | File | `/plugins/servlet/jira-blockers/` | High
|
||||
20 | File | `/sessions/sess_<sessionid>` | High
|
||||
21 | File | `/status/status_log.sys` | High
|
||||
22 | File | `/themes/<php_file_name>` | High
|
||||
23 | File | `/tmp` | Low
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/upload` | Low
|
||||
26 | File | `adclick.php` | Medium
|
||||
27 | File | `addentry.php` | Medium
|
||||
28 | File | `admin-ajax.php` | High
|
||||
29 | File | `admin.php` | Medium
|
||||
30 | File | `admin/fm/` | Medium
|
||||
31 | File | `admin/pages/*/edit` | High
|
||||
32 | File | `admincp/attachment.php&do=rebuild&type` | High
|
||||
33 | File | `administrator/index.php?option=com_pago&view=comments` | High
|
||||
34 | File | `ajax_mod_security.php` | High
|
||||
35 | File | `ajax_service.php` | High
|
||||
36 | File | `appconfig.php` | High
|
||||
37 | ... | ... | ...
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/doctors.php` | High
|
||||
6 | File | `/admin/submit-articles` | High
|
||||
7 | File | `/alphaware/summary.php` | High
|
||||
8 | File | `/api/` | Low
|
||||
9 | File | `/api/admin/store/product/list` | High
|
||||
10 | File | `/api/stl/actions/search` | High
|
||||
11 | File | `/api/v2/cli/commands` | High
|
||||
12 | File | `/attachments` | Medium
|
||||
13 | File | `/bin/ate` | Medium
|
||||
14 | File | `/boat/login.php` | High
|
||||
15 | File | `/bsms_ci/index.php/book` | High
|
||||
16 | File | `/cgi-bin` | Medium
|
||||
17 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/env` | Low
|
||||
20 | File | `/etc/hosts` | Medium
|
||||
21 | File | `/etc/quagga` | Medium
|
||||
22 | File | `/forms/doLogin` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
25 | File | `/librarian/bookdetails.php` | High
|
||||
26 | File | `/medicines/profile.php` | High
|
||||
27 | File | `/messageboard/view.php` | High
|
||||
28 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
29 | File | `/out.php` | Medium
|
||||
30 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
31 | File | `/proxy` | Low
|
||||
32 | File | `/reservation/add_message.php` | High
|
||||
33 | File | `/rom-0` | Low
|
||||
34 | File | `/ServletAPI/accounts/login` | High
|
||||
35 | File | `/spip.php` | Medium
|
||||
36 | File | `/textpattern/index.php` | High
|
||||
37 | File | `/tmp` | Low
|
||||
38 | File | `/user/updatePwd` | High
|
||||
39 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
40 | File | `/video-sharing-script/watch-video.php` | High
|
||||
41 | File | `/wireless/security.asp` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 360 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -105,6 +182,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/
|
||||
* https://isc.sans.edu/forums/diary/Ongoing+Ykcol+Locky+campaign/22848/
|
||||
* https://unit42.paloaltonetworks.com/locky-ransomware-installed-through-nuclear-ek/
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Loocipher - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Loocipher](https://vuldb.com/?actor.loocipher). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.loocipher](https://vuldb.com/?actor.loocipher)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Loocipher.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.29.17.1](https://vuldb.com/?ip.3.29.17.1) | ec2-3-29-17-1.me-central-1.compute.amazonaws.com | - | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.bleepingcomputer.com/news/security/new-loocipher-ransomware-spreads-its-evil-through-spam/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,48 @@
|
|||
# LuckyMouse - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LuckyMouse](https://vuldb.com/?actor.luckymouse). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.luckymouse](https://vuldb.com/?actor.luckymouse)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LuckyMouse:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of LuckyMouse.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [103.75.190.28](https://vuldb.com/?ip.103.75.190.28) | - | - | High
|
||||
2 | [213.109.87.58](https://vuldb.com/?ip.213.109.87.58) | s-213-109-87-58.under.net.ua | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _LuckyMouse_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -26,9 +26,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
3 | [45.8.146.130](https://vuldb.com/?ip.45.8.146.130) | vm1266137.stark-industries.solutions | - | High
|
||||
4 | [45.8.146.213](https://vuldb.com/?ip.45.8.146.213) | vm1266137.stark-industries.solutions | - | High
|
||||
5 | [45.8.146.227](https://vuldb.com/?ip.45.8.146.227) | vm1266137.stark-industries.solutions | - | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | [45.15.25.190](https://vuldb.com/?ip.45.15.25.190) | - | - | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
There are 23 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -52,26 +53,29 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/api/profile` | Medium
|
||||
2 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
3 | File | `/apply.cgi` | Medium
|
||||
4 | File | `/debug/pprof` | Medium
|
||||
5 | File | `/etc/grafana/grafana.ini` | High
|
||||
6 | File | `/forum/PostPrivateMessage` | High
|
||||
7 | File | `/nova/bin/igmp-proxy` | High
|
||||
8 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
9 | File | `/pages/processlogin.php` | High
|
||||
10 | File | `/rapi/read_url` | High
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
13 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
14 | ... | ... | ...
|
||||
4 | File | `/dataset/data/{id}` | High
|
||||
5 | File | `/debug/pprof` | Medium
|
||||
6 | File | `/etc/grafana/grafana.ini` | High
|
||||
7 | File | `/forum/PostPrivateMessage` | High
|
||||
8 | File | `/nova/bin/igmp-proxy` | High
|
||||
9 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
10 | File | `/pages/processlogin.php` | High
|
||||
11 | File | `/rapi/read_url` | High
|
||||
12 | File | `/uncpath/` | Medium
|
||||
13 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
14 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 112 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 116 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown
|
||||
* https://app.any.run/tasks/4e682046-d702-46c7-91c5-6f2a6c9a0909/
|
||||
* https://app.any.run/tasks/9a53fdba-8af6-4d2c-9c2b-e5b86fa34e8b
|
||||
* https://app.any.run/tasks/330d3bb4-cb91-4311-8bf3-f3d8db2712fb
|
||||
* https://app.any.run/tasks/b80c5c12-9c12-414d-be8e-818ffdab1e74
|
||||
* https://threatfox.abuse.ch
|
||||
* https://tracker.viriback.com/index.php?q=45.8.146.130
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
# MARAP - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MARAP](https://vuldb.com/?actor.marap). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.marap](https://vuldb.com/?actor.marap)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MARAP:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of MARAP.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [89.223.92.202](https://vuldb.com/?ip.89.223.92.202) | - | - | High
|
||||
2 | [94.103.81.71](https://vuldb.com/?ip.94.103.81.71) | v1594497.hosted-by-vdsina.ru | - | High
|
||||
3 | [185.68.93.18](https://vuldb.com/?ip.185.68.93.18) | mail.wintik.co.ua | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _MARAP_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by MARAP. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/api/crontab` | Medium
|
||||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `class.inputfilter.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -21,13 +21,13 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.227.199.53](https://vuldb.com/?ip.23.227.199.53) | 23-227-199-53.static.hvvc.us | - | High
|
||||
2 | [23.227.199.69](https://vuldb.com/?ip.23.227.199.69) | 23-227-199-69.static.hvvc.us | - | High
|
||||
3 | [23.254.119.12](https://vuldb.com/?ip.23.254.119.12) | - | - | High
|
||||
4 | [67.43.239.146](https://vuldb.com/?ip.67.43.239.146) | - | - | High
|
||||
1 | [2.4.17.15](https://vuldb.com/?ip.2.4.17.15) | lfbn-mon-1-592-15.w2-4.abo.wanadoo.fr | - | High
|
||||
2 | [23.227.199.53](https://vuldb.com/?ip.23.227.199.53) | 23-227-199-53.static.hvvc.us | - | High
|
||||
3 | [23.227.199.69](https://vuldb.com/?ip.23.227.199.69) | 23-227-199-69.static.hvvc.us | - | High
|
||||
4 | [23.254.119.12](https://vuldb.com/?ip.23.254.119.12) | - | - | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
There are 15 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -50,21 +50,22 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/dl_sendmail.php` | High
|
||||
2 | File | `/api/v2/cli/commands` | High
|
||||
3 | File | `/forum/away.php` | High
|
||||
4 | File | `/out.php` | Medium
|
||||
5 | File | `/owa/auth/logon.aspx` | High
|
||||
6 | File | `/phppath/php` | Medium
|
||||
7 | File | `/spip.php` | Medium
|
||||
8 | File | `/systemrw/` | Medium
|
||||
9 | File | `/zm/index.php` | High
|
||||
10 | File | `adclick.php` | Medium
|
||||
11 | File | `admin.jcomments.php` | High
|
||||
12 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
13 | File | `base/ErrorHandler.php` | High
|
||||
14 | File | `blog.php` | Medium
|
||||
15 | ... | ... | ...
|
||||
3 | File | `/DXR.axd` | Medium
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/out.php` | Medium
|
||||
6 | File | `/owa/auth/logon.aspx` | High
|
||||
7 | File | `/phppath/php` | Medium
|
||||
8 | File | `/spip.php` | Medium
|
||||
9 | File | `/systemrw/` | Medium
|
||||
10 | File | `/zm/index.php` | High
|
||||
11 | File | `adclick.php` | Medium
|
||||
12 | File | `admin.jcomments.php` | High
|
||||
13 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
14 | File | `base/ErrorHandler.php` | High
|
||||
15 | File | `blog.php` | Medium
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 120 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 129 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
# Magento - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Magento](https://vuldb.com/?actor.magento). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.magento](https://vuldb.com/?actor.magento)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Magento:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Magento.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [8.208.15.67](https://vuldb.com/?ip.8.208.15.67) | - | - | High
|
||||
2 | [45.114.8.166](https://vuldb.com/?ip.45.114.8.166) | - | - | High
|
||||
3 | [47.254.202.112](https://vuldb.com/?ip.47.254.202.112) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Magento_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1600.001 | CWE-330 | Key Management Error | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Magento. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `text/impl/DefaultTextCreator.java` | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.sucuri.net/2019/08/magento-skimmers-from-atob-to-alibaba.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -103,7 +103,7 @@ ID | Type | Indicator | Confidence
|
|||
27 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 233 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 235 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
# Mallox - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Mallox](https://vuldb.com/?actor.mallox). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.mallox](https://vuldb.com/?actor.mallox)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mallox:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Mallox.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [80.66.75.116](https://vuldb.com/?ip.80.66.75.116) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.cyble.com/2023/06/22/mallox-ransomware-implements-new-infection-strategy/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -35,11 +35,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MetaStealer:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
@ -64,41 +64,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?ajax-request=jnews` | High
|
||||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/blog/blogcategory/add/?_to_field=id&_popup=1` | High
|
||||
4 | File | `/admin/maintenance/view_designation.php` | High
|
||||
5 | File | `/aya/module/admin/fst_down.inc.php` | High
|
||||
6 | File | `/boat/login.php` | High
|
||||
7 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
8 | File | `/cas/logout` | Medium
|
||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
10 | File | `/cwc/login` | Medium
|
||||
11 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/goform/wizard_end` | High
|
||||
14 | File | `/ims/login.php` | High
|
||||
15 | File | `/mhds/clinic/view_details.php` | High
|
||||
16 | File | `/modules/profile/index.php` | High
|
||||
17 | File | `/out.php` | Medium
|
||||
18 | File | `/php-opos/index.php` | High
|
||||
19 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
20 | File | `/shell` | Low
|
||||
21 | File | `/tourism/rate_review.php` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/usr/www/ja/mnt_cmd.cgi` | High
|
||||
24 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
25 | File | `/wp-admin/admin-ajax.php` | High
|
||||
26 | File | `action-visitor.php` | High
|
||||
27 | File | `action.php` | Medium
|
||||
28 | File | `adclick.php` | Medium
|
||||
29 | File | `AdHocQuery_Processor.aspx` | High
|
||||
30 | File | `admin/ajax.php?action=save_user` | High
|
||||
31 | File | `admin/expense_report.php` | High
|
||||
32 | File | `admin/general.php` | High
|
||||
33 | ... | ... | ...
|
||||
1 | File | `.FBCIndex` | Medium
|
||||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/blog/blogcategory/add/?_to_field=id&_popup=1` | High
|
||||
5 | File | `/admin/categories/manage_category.php` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/admin/sales/manage_sale.php` | High
|
||||
8 | File | `/aya/module/admin/fst_down.inc.php` | High
|
||||
9 | File | `/boat/login.php` | High
|
||||
10 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
11 | File | `/cas/logout` | Medium
|
||||
12 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/cwc/login` | Medium
|
||||
15 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/ghost/preview` | High
|
||||
18 | File | `/goform/wizard_end` | High
|
||||
19 | File | `/ims/login.php` | High
|
||||
20 | File | `/mhds/clinic/view_details.php` | High
|
||||
21 | File | `/modules/profile/index.php` | High
|
||||
22 | File | `/out.php` | Medium
|
||||
23 | File | `/php-opos/index.php` | High
|
||||
24 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
25 | File | `/shell` | Low
|
||||
26 | File | `/tourism/rate_review.php` | High
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/usr/www/ja/mnt_cmd.cgi` | High
|
||||
29 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
30 | File | `/wp-admin/admin-ajax.php` | High
|
||||
31 | File | `action-visitor.php` | High
|
||||
32 | File | `action.php` | Medium
|
||||
33 | File | `adclick.php` | Medium
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -22,11 +22,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.182.37.118](https://vuldb.com/?ip.5.182.37.118) | vps.hostry.com | - | High
|
||||
2 | [88.119.175.124](https://vuldb.com/?ip.88.119.175.124) | 19872-33971.bacloud.info | - | High
|
||||
3 | [94.158.247.72](https://vuldb.com/?ip.94.158.247.72) | no-rdns.mivocloud.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
2 | [5.252.177.8](https://vuldb.com/?ip.5.252.177.8) | no-rdns.mivocloud.com | - | High
|
||||
3 | [5.252.177.15](https://vuldb.com/?ip.5.252.177.15) | no-rdns.mivocloud.com | - | High
|
||||
4 | [23.227.193.141](https://vuldb.com/?ip.23.227.193.141) | arthritisdocs.net | - | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more IOC items available. Please use our online service to access the data.
|
||||
There are 17 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -34,7 +35,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
|
@ -48,33 +49,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
2 | File | `/apply.cgi` | Medium
|
||||
3 | File | `/card_scan.php` | High
|
||||
4 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
5 | File | `/cwc/login` | Medium
|
||||
6 | File | `/download` | Medium
|
||||
7 | File | `/etc/quagga` | Medium
|
||||
8 | File | `/etc/shadow` | Medium
|
||||
9 | File | `/forms/doLogin` | High
|
||||
10 | File | `/h/calendar` | Medium
|
||||
11 | File | `/inc/extensions.php` | High
|
||||
12 | File | `/netflow/jspui/editProfile.jsp` | High
|
||||
13 | File | `/nova/bin/console` | High
|
||||
14 | File | `/nova/bin/detnet` | High
|
||||
15 | File | `/out.php` | Medium
|
||||
16 | File | `/rapi/read_url` | High
|
||||
17 | File | `/req_password_user.php` | High
|
||||
18 | File | `/rom-0` | Low
|
||||
19 | ... | ... | ...
|
||||
1 | File | `%APPDATA%\Securepoint SSL VPN` | High
|
||||
2 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
3 | File | `/application/common.php#action_log` | High
|
||||
4 | File | `/apply.cgi` | Medium
|
||||
5 | File | `/card_scan.php` | High
|
||||
6 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
7 | File | `/cwc/login` | Medium
|
||||
8 | File | `/download` | Medium
|
||||
9 | File | `/etc/quagga` | Medium
|
||||
10 | File | `/etc/shadow` | Medium
|
||||
11 | File | `/forms/doLogin` | High
|
||||
12 | File | `/goform/L7Im` | Medium
|
||||
13 | File | `/h/calendar` | Medium
|
||||
14 | File | `/icingaweb2/navigation/add` | High
|
||||
15 | File | `/inc/extensions.php` | High
|
||||
16 | File | `/netflow/jspui/editProfile.jsp` | High
|
||||
17 | File | `/nova/bin/console` | High
|
||||
18 | File | `/nova/bin/detnet` | High
|
||||
19 | File | `/out.php` | Medium
|
||||
20 | File | `/php-sms/classes/Master.php?f=save_quote` | High
|
||||
21 | File | `/rapi/read_url` | High
|
||||
22 | File | `/req_password_user.php` | High
|
||||
23 | File | `/rom-0` | Low
|
||||
24 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
25 | File | `/ServletAPI/accounts/login` | High
|
||||
26 | File | `/setNTP.cgi` | Medium
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 152 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 230 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-backdoor/
|
||||
* https://twitter.com/TLP_R3D/status/1647632354926534657
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# MirageFox - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MirageFox](https://vuldb.com/?actor.miragefox). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.miragefox](https://vuldb.com/?actor.miragefox)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of MirageFox.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [192.168.0.107](https://vuldb.com/?ip.192.168.0.107) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
File diff suppressed because it is too large
Load Diff
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,9 +34,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
4 | [89.248.174.165](https://vuldb.com/?ip.89.248.174.165) | - | UNIX CCTV DVR | High
|
||||
5 | [89.248.174.166](https://vuldb.com/?ip.89.248.174.166) | - | UNIX CCTV DVR | High
|
||||
6 | [89.248.174.198](https://vuldb.com/?ip.89.248.174.198) | - | - | High
|
||||
7 | ... | ... | ... | ...
|
||||
7 | [89.248.174.203](https://vuldb.com/?ip.89.248.174.203) | no-reverse-dns-configured.com | UNIX CCTV DVR | High
|
||||
8 | ... | ... | ... | ...
|
||||
|
||||
There are 25 more IOC items available. Please use our online service to access the data.
|
||||
There are 26 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -45,14 +46,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -70,15 +71,15 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/admin/payment.php` | High
|
||||
9 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
10 | File | `/admin/user/manage_user.php` | High
|
||||
11 | File | `/aqpg/users/login.php` | High
|
||||
12 | File | `/blog/edit` | Medium
|
||||
13 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
14 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/classes/Master.php?f=delete_category` | High
|
||||
17 | File | `/Default/Bd` | Medium
|
||||
18 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
19 | File | `/DsaDataTest` | Medium
|
||||
11 | File | `/ajax.php?action=read_msg` | High
|
||||
12 | File | `/aqpg/users/login.php` | High
|
||||
13 | File | `/blog/edit` | Medium
|
||||
14 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
15 | File | `/cgi-bin/wapopen` | High
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/classes/Master.php?f=delete_category` | High
|
||||
18 | File | `/Default/Bd` | Medium
|
||||
19 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
20 | File | `/etc/networkd-dispatcher` | High
|
||||
21 | File | `/event/admin/?page=user/list` | High
|
||||
22 | File | `/filemanager/upload/drop` | High
|
||||
|
@ -88,7 +89,7 @@ ID | Type | Indicator | Confidence
|
|||
26 | File | `/goform/PowerSaveSet` | High
|
||||
27 | File | `/goform/SetClientState` | High
|
||||
28 | File | `/goform/SetFirewallCfg` | High
|
||||
29 | File | `/goform/setWorkmode` | High
|
||||
29 | File | `/goform/setIPv6Status` | High
|
||||
30 | File | `/goform/wizard_end` | High
|
||||
31 | File | `/hrm/employeeview.php` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
|
@ -108,18 +109,24 @@ ID | Type | Indicator | Confidence
|
|||
46 | File | `/purchase_order/classes/Master.php?f=delete_supplier` | High
|
||||
47 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
48 | File | `/simple_chat_bot/classes/Master.php?f=delete_response` | High
|
||||
49 | ... | ... | ...
|
||||
49 | File | `/SiteServer/Ajax/ajaxOtherService.aspx` | High
|
||||
50 | File | `/sns/classes/Master.php?f=delete_img` | High
|
||||
51 | File | `/Source/C++/Core/Ap4Array.h` | High
|
||||
52 | File | `/TestJDBC_Web/test2` | High
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 424 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 462 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://bazaar.abuse.ch/sample/e09dfc1ba1052e4b5c2c3ff2d9985f6f5024b526aeb8ae4a1d28d8cd81bb0c1e/
|
||||
* https://blog.netlab.360.com/ddos-botnet-moobot-en/
|
||||
* https://blog.netlab.360.com/moobot-0day-unixcctv-dvr-en/
|
||||
* https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/
|
||||
* https://blog.netlab.360.com/the-botnet-cluster-on-185-244-25-0-24-en/
|
||||
* https://threatfox.abuse.ch
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -33,7 +33,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -55,7 +56,7 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `admin/class-favicon-by-realfavicongenerator-admin.php` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 84 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 85 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,105 @@
|
|||
# Muddled Libra - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Muddled Libra](https://vuldb.com/?actor.muddled_libra). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.muddled_libra](https://vuldb.com/?actor.muddled_libra)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Muddled Libra:
|
||||
|
||||
* [SC](https://vuldb.com/?country.sc)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Muddled Libra.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [35.175.153.217](https://vuldb.com/?ip.35.175.153.217) | ec2-35-175-153-217.compute-1.amazonaws.com | - | Medium
|
||||
2 | [45.32.221.250](https://vuldb.com/?ip.45.32.221.250) | 45.32.221.250.vultrusercontent.com | - | High
|
||||
3 | [45.156.85.140](https://vuldb.com/?ip.45.156.85.140) | - | - | High
|
||||
4 | [64.227.30.114](https://vuldb.com/?ip.64.227.30.114) | - | - | High
|
||||
5 | [79.137.196.160](https://vuldb.com/?ip.79.137.196.160) | moonlit-NL.aeza.network | - | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Muddled Libra_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Muddled Libra. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin` | Low
|
||||
4 | File | `/admin/admapi.php` | High
|
||||
5 | File | `/admin/index2.html` | High
|
||||
6 | File | `/admin/sign/out` | High
|
||||
7 | File | `/admin/ztliuyan_sendmail.php` | High
|
||||
8 | File | `/app1/admin#foo` | High
|
||||
9 | File | `/CCMAdmin/serverlist.asp` | High
|
||||
10 | File | `/cgi-bin/editBookmark` | High
|
||||
11 | File | `/Core/Ap4Utils.h` | High
|
||||
12 | File | `/ctpms/classes/Master.php?f=delete_application` | High
|
||||
13 | File | `/downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language` | High
|
||||
14 | File | `/etc/passwd` | Medium
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/goform/aspForm` | High
|
||||
17 | File | `/goform/L7Im` | Medium
|
||||
18 | File | `/goform/RgDdns` | High
|
||||
19 | File | `/goform/RgDhcp` | High
|
||||
20 | File | `/goform/RGFirewallEL` | High
|
||||
21 | File | `/goform/RgTime` | High
|
||||
22 | File | `/goform/RgUrlBlock.asp` | High
|
||||
23 | File | `/goform/wlanPrimaryNetwork` | High
|
||||
24 | File | `/gofrom/setwanType` | High
|
||||
25 | File | `/hdf5/src/H5T.c` | High
|
||||
26 | File | `/horde/imp/search.php` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/installer/upgrade_start` | High
|
||||
29 | File | `/lan.asp` | Medium
|
||||
30 | File | `/login/index.php` | High
|
||||
31 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
32 | File | `/media/?action=cmd` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 282 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://unit42.paloaltonetworks.com/muddled-libra/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Multicomponent Miner - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Multicomponent Miner](https://vuldb.com/?actor.multicomponent_miner). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.multicomponent_miner](https://vuldb.com/?actor.multicomponent_miner)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Multicomponent Miner.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [159.89.88.49](https://vuldb.com/?ip.159.89.88.49) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.zscaler.com/blogs/research/multicomponent-malware-targeting-cryptocurrency
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -19,12 +19,12 @@ There are 2 more campaign items available. Please use our online service to acce
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mustang Panda:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -59,12 +59,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -75,37 +76,80 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `/admin/?page=orders/manage_request` | High
|
||||
3 | File | `/admin/settings.php` | High
|
||||
4 | File | `/admin/uploads.php` | High
|
||||
5 | File | `/api/geojson` | Medium
|
||||
6 | File | `/api/user/password/sent-reset-email` | High
|
||||
7 | File | `/api/v1/attack` | High
|
||||
8 | File | `/cgi-bin/portal` | High
|
||||
9 | File | `/Config/service/initModel?` | High
|
||||
10 | File | `/data/config.ftp.php` | High
|
||||
11 | File | `/etc/shadow` | Medium
|
||||
12 | File | `/export` | Low
|
||||
13 | File | `/file/upload/1` | High
|
||||
14 | File | `/goform/NTPSyncWithHost` | High
|
||||
15 | File | `/goform/SetVirtualServerCfg` | High
|
||||
16 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
17 | File | `/home/<user>/SecurityOnion/setup/so-setup` | High
|
||||
18 | File | `/home/www/cgi-bin/diagnostics.cgi` | High
|
||||
19 | File | `/htmlcode/html/indexdefault.asp` | High
|
||||
20 | File | `/include/helpers/upload.helper.php` | High
|
||||
21 | File | `/interface/main/backup.php` | High
|
||||
22 | File | `/local/domain/$DOMID` | High
|
||||
23 | File | `/mkshop/Men/profile.php` | High
|
||||
24 | File | `/MTFWU` | Low
|
||||
25 | File | `/mygym/admin/index.php` | High
|
||||
26 | File | `/opt/Citrix/ICAClient/util/ctxwebhelper` | High
|
||||
27 | File | `/out.php` | Medium
|
||||
28 | File | `/patient/settings.php` | High
|
||||
29 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
30 | ... | ... | ...
|
||||
2 | File | `/?r=report/api/getlist` | High
|
||||
3 | File | `/admin.php/appcenter/local.html?type=addon` | High
|
||||
4 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
5 | File | `/admin/?page=orders/manage_request` | High
|
||||
6 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
7 | File | `/admin/?page=reminders/view_reminder` | High
|
||||
8 | File | `/admin/?page=system_info` | High
|
||||
9 | File | `/admin/assign/assign.php` | High
|
||||
10 | File | `/admin/budget/manage_budget.php` | High
|
||||
11 | File | `/admin/candidates_row.php` | High
|
||||
12 | File | `/admin/categories/manage_category.php` | High
|
||||
13 | File | `/admin/categories/view_category.php` | High
|
||||
14 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
15 | File | `/admin/content/index` | High
|
||||
16 | File | `/admin/employee_add.php` | High
|
||||
17 | File | `/admin/employee_edit.php` | High
|
||||
18 | File | `/admin/forgot-password.php` | High
|
||||
19 | File | `/admin/index3.php` | High
|
||||
20 | File | `/admin/inventory/manage_stock.php` | High
|
||||
21 | File | `/admin/manage_academic.php` | High
|
||||
22 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
23 | File | `/admin/modal_add_product.php` | High
|
||||
24 | File | `/admin/offenses/view_details.php` | High
|
||||
25 | File | `/admin/positions_row.php` | High
|
||||
26 | File | `/admin/product/manage.php` | High
|
||||
27 | File | `/admin/read.php?mudi=announContent` | High
|
||||
28 | File | `/admin/report/index.php` | High
|
||||
29 | File | `/admin/reports/index.php` | High
|
||||
30 | File | `/admin/robot/approval/list` | High
|
||||
31 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
32 | File | `/admin/settings.php` | High
|
||||
33 | File | `/admin/students/view_details.php` | High
|
||||
34 | File | `/admin/uploads.php` | High
|
||||
35 | File | `/admin/user/manage_user.php` | High
|
||||
36 | File | `/admin/userprofile.php` | High
|
||||
37 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
38 | File | `/adms/classes/Users.php` | High
|
||||
39 | File | `/ajax.php?action=read_msg` | High
|
||||
40 | File | `/api/admin/system/store/order/list` | High
|
||||
41 | File | `/api/geojson` | Medium
|
||||
42 | File | `/api/upload` | Medium
|
||||
43 | File | `/api/user/password/sent-reset-email` | High
|
||||
44 | File | `/api/v1/attack` | High
|
||||
45 | File | `/author/list?limit=10&offset=0&order=desc` | High
|
||||
46 | File | `/bilal final/login.php` | High
|
||||
47 | File | `/boat/login.php` | High
|
||||
48 | File | `/cgi-bin/portal` | High
|
||||
49 | File | `/classes/Login.php` | High
|
||||
50 | File | `/classes/Master.php` | High
|
||||
51 | File | `/classes/Master.php?f=delete_img` | High
|
||||
52 | File | `/classes/Master.php?f=save_category` | High
|
||||
53 | File | `/classes/Master.php?f=save_sub_category` | High
|
||||
54 | File | `/classes/Master.php?f=update_order_status` | High
|
||||
55 | File | `/classes/Users.php` | High
|
||||
56 | File | `/Config/service/initModel?` | High
|
||||
57 | File | `/data/config.ftp.php` | High
|
||||
58 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
59 | File | `/edoc/doctor/patient.php` | High
|
||||
60 | File | `/etc/shadow` | Medium
|
||||
61 | File | `/export` | Low
|
||||
62 | File | `/file/upload/1` | High
|
||||
63 | File | `/files/list-file` | High
|
||||
64 | File | `/file_manager/login.php` | High
|
||||
65 | File | `/forum/PostPrivateMessage` | High
|
||||
66 | File | `/fos/admin/ajax.php?action=save_settings` | High
|
||||
67 | File | `/goform/NTPSyncWithHost` | High
|
||||
68 | File | `/goform/SetVirtualServerCfg` | High
|
||||
69 | File | `/group1/uploa` | High
|
||||
70 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
71 | File | `/home/<user>/SecurityOnion/setup/so-setup` | High
|
||||
72 | File | `/home/www/cgi-bin/diagnostics.cgi` | High
|
||||
73 | ... | ... | ...
|
||||
|
||||
There are 252 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 646 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -73,24 +73,24 @@ ID | Type | Indicator | Confidence
|
|||
21 | File | `/include/menu_v.inc.php` | High
|
||||
22 | File | `/include/notify.inc.php` | High
|
||||
23 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
24 | File | `/mfaslmf/nolicense` | High
|
||||
25 | File | `/mhds/clinic/view_details.php` | High
|
||||
26 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||
27 | File | `/owa/auth/logon.aspx` | High
|
||||
28 | File | `/proc` | Low
|
||||
29 | File | `/products/details.asp` | High
|
||||
30 | File | `/public/plugins/` | High
|
||||
31 | File | `/RestAPI` | Medium
|
||||
32 | File | `/school/model/get_teacher.php` | High
|
||||
33 | File | `/tmp` | Low
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/user/loader.php?api=1` | High
|
||||
36 | File | `/User/saveUser` | High
|
||||
37 | File | `/viewer/krpano.html` | High
|
||||
38 | File | `/ViewUserHover.jspa` | High
|
||||
39 | File | `/WEB-INF/web.xml` | High
|
||||
40 | File | `/wp-admin/admin-ajax.php` | High
|
||||
41 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
24 | File | `/mhds/clinic/view_details.php` | High
|
||||
25 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||
26 | File | `/owa/auth/logon.aspx` | High
|
||||
27 | File | `/proc` | Low
|
||||
28 | File | `/products/details.asp` | High
|
||||
29 | File | `/public/plugins/` | High
|
||||
30 | File | `/RestAPI` | Medium
|
||||
31 | File | `/school/model/get_teacher.php` | High
|
||||
32 | File | `/tmp` | Low
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/user/loader.php?api=1` | High
|
||||
35 | File | `/User/saveUser` | High
|
||||
36 | File | `/viewer/krpano.html` | High
|
||||
37 | File | `/ViewUserHover.jspa` | High
|
||||
38 | File | `/WEB-INF/web.xml` | High
|
||||
39 | File | `/wp-admin/admin-ajax.php` | High
|
||||
40 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
41 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
42 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
43 | File | `abc-pcie.c` | Medium
|
||||
44 | File | `account.asp` | Medium
|
||||
|
@ -100,9 +100,11 @@ ID | Type | Indicator | Confidence
|
|||
48 | File | `admin-ajax.php` | High
|
||||
49 | File | `admin.joomlaflashfun.php` | High
|
||||
50 | File | `admin.php` | Medium
|
||||
51 | ... | ... | ...
|
||||
51 | File | `admin/addons/archive/archive.php` | High
|
||||
52 | File | `admin/auth.php` | High
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 441 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 460 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,6 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mystic Stealer:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -16,12 +21,14 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [91.121.118.80](https://vuldb.com/?ip.91.121.118.80) | 1218.rbx.abcvg.ovh | - | High
|
||||
2 | [94.23.26.20](https://vuldb.com/?ip.94.23.26.20) | 706.rbx.abcvg.ovh | - | High
|
||||
3 | [94.130.164.47](https://vuldb.com/?ip.94.130.164.47) | static.47.164.130.94.clients.your-server.de | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | [5.42.94.125](https://vuldb.com/?ip.5.42.94.125) | juicy-milk.aeza.network | - | High
|
||||
2 | [5.75.183.169](https://vuldb.com/?ip.5.75.183.169) | static.169.183.75.5.clients.your-server.de | - | High
|
||||
3 | [23.163.0.179](https://vuldb.com/?ip.23.163.0.179) | mail.pnet-asp.tech | - | High
|
||||
4 | [43.154.7.225](https://vuldb.com/?ip.43.154.7.225) | - | - | High
|
||||
5 | [45.9.74.110](https://vuldb.com/?ip.45.9.74.110) | - | - | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -29,12 +36,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -42,17 +49,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/mgmt/tm/util/bash` | High
|
||||
2 | File | `adclick.php` | Medium
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | ... | ... | ...
|
||||
1 | File | `/etc/gsissh/sshd_config` | High
|
||||
2 | File | `/film-rating.php` | High
|
||||
3 | File | `/index.php/admin/admin_manage/add.html` | High
|
||||
4 | File | `/index.php?m=tags&f=index&v=add` | High
|
||||
5 | File | `/mgmt/tm/util/bash` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 14 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 40 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/threatlabz/iocs/blob/main/mystic_stealer/c2s.txt
|
||||
* https://www.zscaler.com/blogs/security-research/mystic-stealer
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -32,7 +32,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
9 | [37.120.141.190](https://vuldb.com/?ip.37.120.141.190) | - | - | High
|
||||
10 | ... | ... | ... | ...
|
||||
|
||||
There are 36 more IOC items available. Please use our online service to access the data.
|
||||
There are 38 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -47,7 +47,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -55,51 +55,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/ad_js.php` | Medium
|
||||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/app/options.py` | High
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/bsms_ci/index.php/book` | High
|
||||
19 | File | `/cgi-bin` | Medium
|
||||
20 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
23 | File | `/dashboard/reports/logs/view` | High
|
||||
24 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/env` | Low
|
||||
27 | File | `/etc/hosts` | Medium
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/goform/setmac` | High
|
||||
30 | File | `/goform/wizard_end` | High
|
||||
31 | File | `/horde/util/go.php` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
33 | File | `/manage-apartment.php` | High
|
||||
34 | File | `/medicines/profile.php` | High
|
||||
35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
36 | File | `/pages/apply_vacancy.php` | High
|
||||
37 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
38 | File | `/proc/<PID>/mem` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/reservation/add_message.php` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/tmp` | Low
|
||||
43 | ... | ... | ...
|
||||
4 | File | `/admin.php/Admin/adminadd.html` | High
|
||||
5 | File | `/admin/?page=user/manage` | High
|
||||
6 | File | `/admin/add-new.php` | High
|
||||
7 | File | `/admin/doctors.php` | High
|
||||
8 | File | `/admin/settings/save.php` | High
|
||||
9 | File | `/admin/submit-articles` | High
|
||||
10 | File | `/admin/userprofile.php` | High
|
||||
11 | File | `/alphaware/summary.php` | High
|
||||
12 | File | `/api/` | Low
|
||||
13 | File | `/api/admin/store/product/list` | High
|
||||
14 | File | `/api/stl/actions/search` | High
|
||||
15 | File | `/api/v2/cli/commands` | High
|
||||
16 | File | `/apply.cgi` | Medium
|
||||
17 | File | `/attachments` | Medium
|
||||
18 | File | `/bin/ate` | Medium
|
||||
19 | File | `/boat/login.php` | High
|
||||
20 | File | `/bsms_ci/index.php/book` | High
|
||||
21 | File | `/cgi-bin` | Medium
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/College/admin/teacher.php` | High
|
||||
24 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
25 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
26 | File | `/dcim/rack-roles/` | High
|
||||
27 | File | `/debug/pprof` | Medium
|
||||
28 | File | `/env` | Low
|
||||
29 | File | `/etc/hosts` | Medium
|
||||
30 | File | `/forum/away.php` | High
|
||||
31 | File | `/goform/addUserName` | High
|
||||
32 | File | `/goform/aspForm` | High
|
||||
33 | File | `/goform/delAd` | High
|
||||
34 | File | `/goform/wifiSSIDset` | High
|
||||
35 | File | `/goform/wizard_end` | High
|
||||
36 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
37 | File | `/horde/util/go.php` | High
|
||||
38 | File | `/inc/topBarNav.php` | High
|
||||
39 | File | `/index.asp` | Medium
|
||||
40 | File | `/index.php` | Medium
|
||||
41 | File | `/kelas/data` | Medium
|
||||
42 | File | `/medicines/profile.php` | High
|
||||
43 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
44 | File | `/Moosikay/order.php` | High
|
||||
45 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
46 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
47 | File | `/proxy` | Low
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 372 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 412 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -76,37 +76,37 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/cgi?` | Low
|
||||
11 | File | `/classes/Users.php` | High
|
||||
12 | File | `/dashboard/updatelogo.php` | High
|
||||
13 | File | `/etc/controller-agent/agent.conf` | High
|
||||
14 | File | `/etc/openshift/server_priv.pem` | High
|
||||
15 | File | `/forms/web_importTFTP` | High
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/goform/SysToolReboot` | High
|
||||
18 | File | `/goform/SysToolRestoreSet` | High
|
||||
19 | File | `/graphql` | Medium
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/jeecg-boot/jmreport/upload` | High
|
||||
22 | File | `/jeecg-boot/jmreport/view` | High
|
||||
23 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
24 | File | `/localhost/u` | Medium
|
||||
25 | File | `/mkshop/Men/profile.php` | High
|
||||
26 | File | `/net` | Low
|
||||
27 | File | `/Noxen-master/users.php` | High
|
||||
28 | File | `/opt/bin/cli` | Medium
|
||||
29 | File | `/out.php` | Medium
|
||||
30 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||
31 | File | `/public/plugins/` | High
|
||||
32 | File | `/public_html/admin/plugins/bad_behavior2/blacklist.php` | High
|
||||
33 | File | `/root/run/adm.php?admin-ediy&part=exdiy` | High
|
||||
34 | File | `/setNTP.cgi` | Medium
|
||||
35 | File | `/setting/setWanIeCfg` | High
|
||||
36 | File | `/templates/header.inc.php` | High
|
||||
37 | File | `/tmp` | Low
|
||||
38 | File | `/uncpath/` | Medium
|
||||
39 | File | `/v2/devices/add` | High
|
||||
40 | File | `/var/ipfire/backup/bin/backup.pl` | High
|
||||
41 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
42 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
43 | File | `account.php` | Medium
|
||||
13 | File | `/dipam/save-delegates.php` | High
|
||||
14 | File | `/etc/controller-agent/agent.conf` | High
|
||||
15 | File | `/etc/openshift/server_priv.pem` | High
|
||||
16 | File | `/forms/web_importTFTP` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/goform/SysToolReboot` | High
|
||||
19 | File | `/goform/SysToolRestoreSet` | High
|
||||
20 | File | `/graphql` | Medium
|
||||
21 | File | `/index.php` | Medium
|
||||
22 | File | `/jeecg-boot/jmreport/upload` | High
|
||||
23 | File | `/jeecg-boot/jmreport/view` | High
|
||||
24 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
25 | File | `/localhost/u` | Medium
|
||||
26 | File | `/mkshop/Men/profile.php` | High
|
||||
27 | File | `/net` | Low
|
||||
28 | File | `/Noxen-master/users.php` | High
|
||||
29 | File | `/opt/bin/cli` | Medium
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||
32 | File | `/public/plugins/` | High
|
||||
33 | File | `/public_html/admin/plugins/bad_behavior2/blacklist.php` | High
|
||||
34 | File | `/root/run/adm.php?admin-ediy&part=exdiy` | High
|
||||
35 | File | `/setNTP.cgi` | Medium
|
||||
36 | File | `/setting/setWanIeCfg` | High
|
||||
37 | File | `/templates/header.inc.php` | High
|
||||
38 | File | `/tmp` | Low
|
||||
39 | File | `/uncpath/` | Medium
|
||||
40 | File | `/v2/devices/add` | High
|
||||
41 | File | `/var/ipfire/backup/bin/backup.pl` | High
|
||||
42 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
43 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -57,174 +57,175 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
34 | [3.95.194.143](https://vuldb.com/?ip.3.95.194.143) | ec2-3-95-194-143.compute-1.amazonaws.com | - | Medium
|
||||
35 | [3.121.139.82](https://vuldb.com/?ip.3.121.139.82) | ec2-3-121-139-82.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
36 | [3.124.67.191](https://vuldb.com/?ip.3.124.67.191) | ec2-3-124-67-191.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
37 | [3.125.188.168](https://vuldb.com/?ip.3.125.188.168) | ec2-3-125-188-168.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
38 | [3.126.37.18](https://vuldb.com/?ip.3.126.37.18) | ec2-3-126-37-18.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
39 | [3.126.224.214](https://vuldb.com/?ip.3.126.224.214) | ec2-3-126-224-214.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
40 | [3.127.59.75](https://vuldb.com/?ip.3.127.59.75) | ec2-3-127-59-75.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
41 | [3.127.138.57](https://vuldb.com/?ip.3.127.138.57) | ec2-3-127-138-57.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
42 | [3.127.253.86](https://vuldb.com/?ip.3.127.253.86) | ec2-3-127-253-86.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
43 | [3.128.107.74](https://vuldb.com/?ip.3.128.107.74) | ec2-3-128-107-74.us-east-2.compute.amazonaws.com | - | Medium
|
||||
44 | [3.129.187.220](https://vuldb.com/?ip.3.129.187.220) | ec2-3-129-187-220.us-east-2.compute.amazonaws.com | - | Medium
|
||||
45 | [3.131.147.49](https://vuldb.com/?ip.3.131.147.49) | ec2-3-131-147-49.us-east-2.compute.amazonaws.com | - | Medium
|
||||
46 | [3.131.207.170](https://vuldb.com/?ip.3.131.207.170) | ec2-3-131-207-170.us-east-2.compute.amazonaws.com | - | Medium
|
||||
47 | [3.132.159.158](https://vuldb.com/?ip.3.132.159.158) | ec2-3-132-159-158.us-east-2.compute.amazonaws.com | - | Medium
|
||||
48 | [3.133.207.110](https://vuldb.com/?ip.3.133.207.110) | ec2-3-133-207-110.us-east-2.compute.amazonaws.com | - | Medium
|
||||
49 | [3.134.39.220](https://vuldb.com/?ip.3.134.39.220) | ec2-3-134-39-220.us-east-2.compute.amazonaws.com | - | Medium
|
||||
50 | [3.134.125.175](https://vuldb.com/?ip.3.134.125.175) | ec2-3-134-125-175.us-east-2.compute.amazonaws.com | - | Medium
|
||||
51 | [3.136.65.236](https://vuldb.com/?ip.3.136.65.236) | ec2-3-136-65-236.us-east-2.compute.amazonaws.com | - | Medium
|
||||
52 | [3.138.45.170](https://vuldb.com/?ip.3.138.45.170) | ec2-3-138-45-170.us-east-2.compute.amazonaws.com | - | Medium
|
||||
53 | [3.138.180.119](https://vuldb.com/?ip.3.138.180.119) | ec2-3-138-180-119.us-east-2.compute.amazonaws.com | - | Medium
|
||||
54 | [3.140.223.7](https://vuldb.com/?ip.3.140.223.7) | ec2-3-140-223-7.us-east-2.compute.amazonaws.com | - | Medium
|
||||
55 | [3.141.142.211](https://vuldb.com/?ip.3.141.142.211) | ec2-3-141-142-211.us-east-2.compute.amazonaws.com | - | Medium
|
||||
56 | [3.141.177.1](https://vuldb.com/?ip.3.141.177.1) | ec2-3-141-177-1.us-east-2.compute.amazonaws.com | - | Medium
|
||||
57 | [3.141.210.37](https://vuldb.com/?ip.3.141.210.37) | ec2-3-141-210-37.us-east-2.compute.amazonaws.com | - | Medium
|
||||
58 | [3.142.81.166](https://vuldb.com/?ip.3.142.81.166) | ec2-3-142-81-166.us-east-2.compute.amazonaws.com | - | Medium
|
||||
59 | [3.142.129.56](https://vuldb.com/?ip.3.142.129.56) | ec2-3-142-129-56.us-east-2.compute.amazonaws.com | - | Medium
|
||||
60 | [3.142.167.4](https://vuldb.com/?ip.3.142.167.4) | ec2-3-142-167-4.us-east-2.compute.amazonaws.com | - | Medium
|
||||
61 | [3.142.167.54](https://vuldb.com/?ip.3.142.167.54) | ec2-3-142-167-54.us-east-2.compute.amazonaws.com | - | Medium
|
||||
62 | [3.145.201.105](https://vuldb.com/?ip.3.145.201.105) | ec2-3-145-201-105.us-east-2.compute.amazonaws.com | - | Medium
|
||||
63 | [5.134.196.78](https://vuldb.com/?ip.5.134.196.78) | - | - | High
|
||||
64 | [5.181.234.149](https://vuldb.com/?ip.5.181.234.149) | - | - | High
|
||||
65 | [5.252.165.230](https://vuldb.com/?ip.5.252.165.230) | - | - | High
|
||||
66 | [10.35.70.148](https://vuldb.com/?ip.10.35.70.148) | - | - | High
|
||||
67 | [13.58.157.220](https://vuldb.com/?ip.13.58.157.220) | ec2-13-58-157-220.us-east-2.compute.amazonaws.com | - | Medium
|
||||
68 | [13.59.15.185](https://vuldb.com/?ip.13.59.15.185) | ec2-13-59-15-185.us-east-2.compute.amazonaws.com | - | Medium
|
||||
69 | [13.229.3.203](https://vuldb.com/?ip.13.229.3.203) | ec2-13-229-3-203.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
70 | [18.136.148.247](https://vuldb.com/?ip.18.136.148.247) | ec2-18-136-148-247.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
71 | [18.139.9.214](https://vuldb.com/?ip.18.139.9.214) | ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
72 | [18.141.129.246](https://vuldb.com/?ip.18.141.129.246) | ec2-18-141-129-246.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
73 | [18.156.13.209](https://vuldb.com/?ip.18.156.13.209) | ec2-18-156-13-209.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
74 | [18.157.68.73](https://vuldb.com/?ip.18.157.68.73) | ec2-18-157-68-73.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
75 | [18.158.58.205](https://vuldb.com/?ip.18.158.58.205) | ec2-18-158-58-205.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
76 | [18.184.222.225](https://vuldb.com/?ip.18.184.222.225) | ec2-18-184-222-225.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
77 | [18.189.106.45](https://vuldb.com/?ip.18.189.106.45) | ec2-18-189-106-45.us-east-2.compute.amazonaws.com | - | Medium
|
||||
78 | [18.192.93.86](https://vuldb.com/?ip.18.192.93.86) | ec2-18-192-93-86.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
79 | [18.197.239.5](https://vuldb.com/?ip.18.197.239.5) | ec2-18-197-239-5.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
80 | [18.198.77.177](https://vuldb.com/?ip.18.198.77.177) | ec2-18-198-77-177.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
81 | [20.43.33.61](https://vuldb.com/?ip.20.43.33.61) | - | - | High
|
||||
82 | [20.52.46.119](https://vuldb.com/?ip.20.52.46.119) | - | - | High
|
||||
83 | [20.79.206.212](https://vuldb.com/?ip.20.79.206.212) | - | - | High
|
||||
84 | [20.91.192.34](https://vuldb.com/?ip.20.91.192.34) | - | - | High
|
||||
85 | [20.185.47.68](https://vuldb.com/?ip.20.185.47.68) | - | - | High
|
||||
86 | [20.194.35.6](https://vuldb.com/?ip.20.194.35.6) | - | - | High
|
||||
87 | [20.197.234.75](https://vuldb.com/?ip.20.197.234.75) | - | - | High
|
||||
88 | [20.203.173.201](https://vuldb.com/?ip.20.203.173.201) | - | - | High
|
||||
89 | [23.94.54.224](https://vuldb.com/?ip.23.94.54.224) | 23-94-54-224-host.colocrossing.com | - | High
|
||||
90 | [23.94.82.41](https://vuldb.com/?ip.23.94.82.41) | 23-94-82-41-host.colocrossing.com | - | High
|
||||
91 | [23.102.1.5](https://vuldb.com/?ip.23.102.1.5) | - | - | High
|
||||
92 | [23.105.131.137](https://vuldb.com/?ip.23.105.131.137) | mail137.nessfist.com | - | High
|
||||
93 | [23.105.131.141](https://vuldb.com/?ip.23.105.131.141) | mail141.nessfist.com | - | High
|
||||
94 | [23.105.131.142](https://vuldb.com/?ip.23.105.131.142) | mail142.nessfist.com | - | High
|
||||
95 | [23.105.131.161](https://vuldb.com/?ip.23.105.131.161) | mail161.nessfist.com | - | High
|
||||
96 | [23.105.131.166](https://vuldb.com/?ip.23.105.131.166) | mail166.nessfist.com | - | High
|
||||
97 | [23.105.131.171](https://vuldb.com/?ip.23.105.131.171) | mail171.nessfist.com | - | High
|
||||
98 | [23.105.131.186](https://vuldb.com/?ip.23.105.131.186) | mail186.nessfist.com | - | High
|
||||
99 | [23.105.131.190](https://vuldb.com/?ip.23.105.131.190) | mail190.nessfist.com | - | High
|
||||
100 | [23.105.131.195](https://vuldb.com/?ip.23.105.131.195) | mail195.nessfist.com | - | High
|
||||
101 | [23.105.131.196](https://vuldb.com/?ip.23.105.131.196) | mail196.nessfist.com | - | High
|
||||
102 | [23.105.131.198](https://vuldb.com/?ip.23.105.131.198) | mail198.nessfist.com | - | High
|
||||
103 | [23.105.131.206](https://vuldb.com/?ip.23.105.131.206) | mail206.nessfist.com | - | High
|
||||
104 | [23.105.131.216](https://vuldb.com/?ip.23.105.131.216) | mail216.nessfist.com | - | High
|
||||
105 | [23.105.131.228](https://vuldb.com/?ip.23.105.131.228) | mail228.nessfist.com | - | High
|
||||
106 | [23.105.131.230](https://vuldb.com/?ip.23.105.131.230) | mail230.nessfist.com | - | High
|
||||
107 | [23.105.131.237](https://vuldb.com/?ip.23.105.131.237) | mail237.nessfist.com | - | High
|
||||
108 | [23.105.131.249](https://vuldb.com/?ip.23.105.131.249) | mail249.nessfist.com | - | High
|
||||
109 | [23.105.171.87](https://vuldb.com/?ip.23.105.171.87) | teluisd.tienda | - | High
|
||||
110 | [23.146.242.147](https://vuldb.com/?ip.23.146.242.147) | - | - | High
|
||||
111 | [23.229.34.114](https://vuldb.com/?ip.23.229.34.114) | noncurrent.specialtyway.com | - | High
|
||||
112 | [23.237.25.128](https://vuldb.com/?ip.23.237.25.128) | - | - | High
|
||||
113 | [23.237.25.205](https://vuldb.com/?ip.23.237.25.205) | - | - | High
|
||||
114 | [23.238.217.173](https://vuldb.com/?ip.23.238.217.173) | orja4.teki.notredamians.org | - | High
|
||||
115 | [23.254.130.71](https://vuldb.com/?ip.23.254.130.71) | hwsrv-964162.hostwindsdns.com | - | High
|
||||
116 | [24.133.1.29](https://vuldb.com/?ip.24.133.1.29) | - | - | High
|
||||
117 | [24.135.175.197](https://vuldb.com/?ip.24.135.175.197) | cable-24-135-175-197.dynamic.sbb.rs | - | High
|
||||
118 | [24.225.113.157](https://vuldb.com/?ip.24.225.113.157) | roseau-pool-157.mncable.net | - | High
|
||||
119 | [27.254.163.12](https://vuldb.com/?ip.27.254.163.12) | static-27-254-163-12.bangmod.cloud | - | High
|
||||
120 | [31.210.20.18](https://vuldb.com/?ip.31.210.20.18) | - | - | High
|
||||
121 | [31.210.20.40](https://vuldb.com/?ip.31.210.20.40) | - | - | High
|
||||
122 | [31.210.20.60](https://vuldb.com/?ip.31.210.20.60) | - | - | High
|
||||
123 | [31.210.20.78](https://vuldb.com/?ip.31.210.20.78) | - | - | High
|
||||
124 | [31.210.20.129](https://vuldb.com/?ip.31.210.20.129) | - | - | High
|
||||
125 | [31.210.20.215](https://vuldb.com/?ip.31.210.20.215) | - | - | High
|
||||
126 | [31.210.21.205](https://vuldb.com/?ip.31.210.21.205) | lit4.top | - | High
|
||||
127 | [31.210.21.252](https://vuldb.com/?ip.31.210.21.252) | ll40.top | - | High
|
||||
128 | [31.210.55.103](https://vuldb.com/?ip.31.210.55.103) | 31-210-55-103.hostlab.net.tr | - | High
|
||||
129 | [34.139.92.250](https://vuldb.com/?ip.34.139.92.250) | 250.92.139.34.bc.googleusercontent.com | - | Medium
|
||||
130 | [34.201.133.83](https://vuldb.com/?ip.34.201.133.83) | ec2-34-201-133-83.compute-1.amazonaws.com | - | Medium
|
||||
131 | [34.221.57.122](https://vuldb.com/?ip.34.221.57.122) | ec2-34-221-57-122.us-west-2.compute.amazonaws.com | - | Medium
|
||||
132 | [34.223.5.56](https://vuldb.com/?ip.34.223.5.56) | ec2-34-223-5-56.us-west-2.compute.amazonaws.com | - | Medium
|
||||
133 | [35.158.159.254](https://vuldb.com/?ip.35.158.159.254) | ec2-35-158-159-254.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
134 | [35.198.98.125](https://vuldb.com/?ip.35.198.98.125) | 125.98.198.35.bc.googleusercontent.com | - | Medium
|
||||
135 | [36.90.214.84](https://vuldb.com/?ip.36.90.214.84) | - | - | High
|
||||
136 | [37.0.8.61](https://vuldb.com/?ip.37.0.8.61) | joneswilson.springtimemartialarts.com | - | High
|
||||
137 | [37.0.8.88](https://vuldb.com/?ip.37.0.8.88) | hall.capitolreservations.com | - | High
|
||||
138 | [37.0.8.98](https://vuldb.com/?ip.37.0.8.98) | - | - | High
|
||||
139 | [37.0.8.115](https://vuldb.com/?ip.37.0.8.115) | brownfarmer.capitolreservations.com | - | High
|
||||
140 | [37.0.8.138](https://vuldb.com/?ip.37.0.8.138) | holland.athinneru.com | - | High
|
||||
141 | [37.0.8.164](https://vuldb.com/?ip.37.0.8.164) | sharp.athinneru.com | - | High
|
||||
142 | [37.0.8.214](https://vuldb.com/?ip.37.0.8.214) | ramos.cartierevannucci.com | - | High
|
||||
143 | [37.0.8.234](https://vuldb.com/?ip.37.0.8.234) | bradley.cartierevannucci.com | - | High
|
||||
144 | [37.0.10.22](https://vuldb.com/?ip.37.0.10.22) | - | - | High
|
||||
145 | [37.0.10.38](https://vuldb.com/?ip.37.0.10.38) | - | - | High
|
||||
146 | [37.0.10.144](https://vuldb.com/?ip.37.0.10.144) | - | - | High
|
||||
147 | [37.0.10.190](https://vuldb.com/?ip.37.0.10.190) | - | - | High
|
||||
148 | [37.0.11.6](https://vuldb.com/?ip.37.0.11.6) | - | - | High
|
||||
149 | [37.0.11.76](https://vuldb.com/?ip.37.0.11.76) | - | - | High
|
||||
150 | [37.0.11.114](https://vuldb.com/?ip.37.0.11.114) | - | - | High
|
||||
151 | [37.0.11.164](https://vuldb.com/?ip.37.0.11.164) | - | - | High
|
||||
152 | [37.0.11.230](https://vuldb.com/?ip.37.0.11.230) | - | - | High
|
||||
153 | [37.0.11.250](https://vuldb.com/?ip.37.0.11.250) | - | - | High
|
||||
154 | [37.0.11.252](https://vuldb.com/?ip.37.0.11.252) | - | - | High
|
||||
155 | [37.0.14.195](https://vuldb.com/?ip.37.0.14.195) | - | - | High
|
||||
156 | [37.0.14.196](https://vuldb.com/?ip.37.0.14.196) | - | - | High
|
||||
157 | [37.0.14.197](https://vuldb.com/?ip.37.0.14.197) | - | - | High
|
||||
158 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
159 | [37.0.14.203](https://vuldb.com/?ip.37.0.14.203) | - | - | High
|
||||
160 | [37.0.14.206](https://vuldb.com/?ip.37.0.14.206) | - | - | High
|
||||
161 | [37.0.14.210](https://vuldb.com/?ip.37.0.14.210) | host-37-0-14-210.static.deli-one.co.uk | - | High
|
||||
162 | [37.0.14.216](https://vuldb.com/?ip.37.0.14.216) | - | - | High
|
||||
163 | [37.120.141.153](https://vuldb.com/?ip.37.120.141.153) | - | - | High
|
||||
164 | [37.120.141.168](https://vuldb.com/?ip.37.120.141.168) | - | - | High
|
||||
165 | [37.120.210.211](https://vuldb.com/?ip.37.120.210.211) | - | - | High
|
||||
166 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
|
||||
167 | [37.139.128.94](https://vuldb.com/?ip.37.139.128.94) | - | - | High
|
||||
168 | [37.139.129.71](https://vuldb.com/?ip.37.139.129.71) | - | - | High
|
||||
169 | [37.139.129.91](https://vuldb.com/?ip.37.139.129.91) | - | - | High
|
||||
170 | [40.71.91.165](https://vuldb.com/?ip.40.71.91.165) | - | - | High
|
||||
171 | [40.124.7.222](https://vuldb.com/?ip.40.124.7.222) | - | - | High
|
||||
172 | [41.216.183.49](https://vuldb.com/?ip.41.216.183.49) | - | - | High
|
||||
173 | [41.216.183.170](https://vuldb.com/?ip.41.216.183.170) | - | - | High
|
||||
174 | [43.154.234.84](https://vuldb.com/?ip.43.154.234.84) | - | - | High
|
||||
175 | [45.11.231.129](https://vuldb.com/?ip.45.11.231.129) | 45-11-231-129.freemesh.co.uk | - | High
|
||||
176 | [45.12.253.26](https://vuldb.com/?ip.45.12.253.26) | - | - | High
|
||||
177 | [45.12.253.242](https://vuldb.com/?ip.45.12.253.242) | - | - | High
|
||||
178 | [45.14.165.113](https://vuldb.com/?ip.45.14.165.113) | webserver-ltd.ml | - | High
|
||||
179 | [45.15.143.169](https://vuldb.com/?ip.45.15.143.169) | - | - | High
|
||||
180 | [45.15.143.249](https://vuldb.com/?ip.45.15.143.249) | - | - | High
|
||||
181 | [45.32.193.48](https://vuldb.com/?ip.45.32.193.48) | smtp1c.v.sendmetric.com | - | High
|
||||
182 | [45.35.64.214](https://vuldb.com/?ip.45.35.64.214) | - | - | High
|
||||
183 | [45.35.105.148](https://vuldb.com/?ip.45.35.105.148) | unassigned.psychz.net | - | High
|
||||
184 | [45.59.127.4](https://vuldb.com/?ip.45.59.127.4) | - | - | High
|
||||
185 | [45.74.0.146](https://vuldb.com/?ip.45.74.0.146) | - | - | High
|
||||
186 | [45.74.0.226](https://vuldb.com/?ip.45.74.0.226) | - | - | High
|
||||
187 | [45.74.38.17](https://vuldb.com/?ip.45.74.38.17) | - | - | High
|
||||
188 | [45.76.82.42](https://vuldb.com/?ip.45.76.82.42) | 45.76.82.42.vultrusercontent.com | - | High
|
||||
189 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
|
||||
190 | [45.90.222.128](https://vuldb.com/?ip.45.90.222.128) | 45-90-222-128-hostedby.bcr.host | - | High
|
||||
191 | [45.132.106.37](https://vuldb.com/?ip.45.132.106.37) | vm4440858.34ssd.had.wf | - | High
|
||||
192 | [45.133.1.29](https://vuldb.com/?ip.45.133.1.29) | - | - | High
|
||||
193 | [45.133.1.67](https://vuldb.com/?ip.45.133.1.67) | - | - | High
|
||||
194 | [45.133.1.119](https://vuldb.com/?ip.45.133.1.119) | - | - | High
|
||||
195 | [45.133.1.126](https://vuldb.com/?ip.45.133.1.126) | - | - | High
|
||||
196 | [45.133.1.167](https://vuldb.com/?ip.45.133.1.167) | - | - | High
|
||||
197 | [45.133.1.211](https://vuldb.com/?ip.45.133.1.211) | - | - | High
|
||||
198 | [45.137.20.4](https://vuldb.com/?ip.45.137.20.4) | hosted-by.rootlayer.net | - | High
|
||||
199 | [45.137.22.35](https://vuldb.com/?ip.45.137.22.35) | hosted-by.rootlayer.net | - | High
|
||||
200 | [45.137.22.36](https://vuldb.com/?ip.45.137.22.36) | hosted-by.rootlayer.net | - | High
|
||||
201 | [45.137.22.50](https://vuldb.com/?ip.45.137.22.50) | host.pclonline.ga | - | High
|
||||
202 | ... | ... | ... | ...
|
||||
37 | [3.125.102.39](https://vuldb.com/?ip.3.125.102.39) | ec2-3-125-102-39.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
38 | [3.125.188.168](https://vuldb.com/?ip.3.125.188.168) | ec2-3-125-188-168.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
39 | [3.126.37.18](https://vuldb.com/?ip.3.126.37.18) | ec2-3-126-37-18.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
40 | [3.126.224.214](https://vuldb.com/?ip.3.126.224.214) | ec2-3-126-224-214.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
41 | [3.127.59.75](https://vuldb.com/?ip.3.127.59.75) | ec2-3-127-59-75.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
42 | [3.127.138.57](https://vuldb.com/?ip.3.127.138.57) | ec2-3-127-138-57.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
43 | [3.127.253.86](https://vuldb.com/?ip.3.127.253.86) | ec2-3-127-253-86.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
44 | [3.128.107.74](https://vuldb.com/?ip.3.128.107.74) | ec2-3-128-107-74.us-east-2.compute.amazonaws.com | - | Medium
|
||||
45 | [3.129.187.220](https://vuldb.com/?ip.3.129.187.220) | ec2-3-129-187-220.us-east-2.compute.amazonaws.com | - | Medium
|
||||
46 | [3.131.147.49](https://vuldb.com/?ip.3.131.147.49) | ec2-3-131-147-49.us-east-2.compute.amazonaws.com | - | Medium
|
||||
47 | [3.131.207.170](https://vuldb.com/?ip.3.131.207.170) | ec2-3-131-207-170.us-east-2.compute.amazonaws.com | - | Medium
|
||||
48 | [3.132.159.158](https://vuldb.com/?ip.3.132.159.158) | ec2-3-132-159-158.us-east-2.compute.amazonaws.com | - | Medium
|
||||
49 | [3.133.207.110](https://vuldb.com/?ip.3.133.207.110) | ec2-3-133-207-110.us-east-2.compute.amazonaws.com | - | Medium
|
||||
50 | [3.134.39.220](https://vuldb.com/?ip.3.134.39.220) | ec2-3-134-39-220.us-east-2.compute.amazonaws.com | - | Medium
|
||||
51 | [3.134.125.175](https://vuldb.com/?ip.3.134.125.175) | ec2-3-134-125-175.us-east-2.compute.amazonaws.com | - | Medium
|
||||
52 | [3.136.65.236](https://vuldb.com/?ip.3.136.65.236) | ec2-3-136-65-236.us-east-2.compute.amazonaws.com | - | Medium
|
||||
53 | [3.138.45.170](https://vuldb.com/?ip.3.138.45.170) | ec2-3-138-45-170.us-east-2.compute.amazonaws.com | - | Medium
|
||||
54 | [3.138.180.119](https://vuldb.com/?ip.3.138.180.119) | ec2-3-138-180-119.us-east-2.compute.amazonaws.com | - | Medium
|
||||
55 | [3.140.223.7](https://vuldb.com/?ip.3.140.223.7) | ec2-3-140-223-7.us-east-2.compute.amazonaws.com | - | Medium
|
||||
56 | [3.141.142.211](https://vuldb.com/?ip.3.141.142.211) | ec2-3-141-142-211.us-east-2.compute.amazonaws.com | - | Medium
|
||||
57 | [3.141.177.1](https://vuldb.com/?ip.3.141.177.1) | ec2-3-141-177-1.us-east-2.compute.amazonaws.com | - | Medium
|
||||
58 | [3.141.210.37](https://vuldb.com/?ip.3.141.210.37) | ec2-3-141-210-37.us-east-2.compute.amazonaws.com | - | Medium
|
||||
59 | [3.142.81.166](https://vuldb.com/?ip.3.142.81.166) | ec2-3-142-81-166.us-east-2.compute.amazonaws.com | - | Medium
|
||||
60 | [3.142.129.56](https://vuldb.com/?ip.3.142.129.56) | ec2-3-142-129-56.us-east-2.compute.amazonaws.com | - | Medium
|
||||
61 | [3.142.167.4](https://vuldb.com/?ip.3.142.167.4) | ec2-3-142-167-4.us-east-2.compute.amazonaws.com | - | Medium
|
||||
62 | [3.142.167.54](https://vuldb.com/?ip.3.142.167.54) | ec2-3-142-167-54.us-east-2.compute.amazonaws.com | - | Medium
|
||||
63 | [3.145.201.105](https://vuldb.com/?ip.3.145.201.105) | ec2-3-145-201-105.us-east-2.compute.amazonaws.com | - | Medium
|
||||
64 | [5.134.196.78](https://vuldb.com/?ip.5.134.196.78) | - | - | High
|
||||
65 | [5.181.234.149](https://vuldb.com/?ip.5.181.234.149) | - | - | High
|
||||
66 | [5.252.165.230](https://vuldb.com/?ip.5.252.165.230) | - | - | High
|
||||
67 | [10.35.70.148](https://vuldb.com/?ip.10.35.70.148) | - | - | High
|
||||
68 | [13.58.157.220](https://vuldb.com/?ip.13.58.157.220) | ec2-13-58-157-220.us-east-2.compute.amazonaws.com | - | Medium
|
||||
69 | [13.59.15.185](https://vuldb.com/?ip.13.59.15.185) | ec2-13-59-15-185.us-east-2.compute.amazonaws.com | - | Medium
|
||||
70 | [13.229.3.203](https://vuldb.com/?ip.13.229.3.203) | ec2-13-229-3-203.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
71 | [18.136.148.247](https://vuldb.com/?ip.18.136.148.247) | ec2-18-136-148-247.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
72 | [18.139.9.214](https://vuldb.com/?ip.18.139.9.214) | ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
73 | [18.141.129.246](https://vuldb.com/?ip.18.141.129.246) | ec2-18-141-129-246.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
74 | [18.156.13.209](https://vuldb.com/?ip.18.156.13.209) | ec2-18-156-13-209.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
75 | [18.157.68.73](https://vuldb.com/?ip.18.157.68.73) | ec2-18-157-68-73.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
76 | [18.158.58.205](https://vuldb.com/?ip.18.158.58.205) | ec2-18-158-58-205.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
77 | [18.158.249.75](https://vuldb.com/?ip.18.158.249.75) | ec2-18-158-249-75.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
78 | [18.184.222.225](https://vuldb.com/?ip.18.184.222.225) | ec2-18-184-222-225.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
79 | [18.189.106.45](https://vuldb.com/?ip.18.189.106.45) | ec2-18-189-106-45.us-east-2.compute.amazonaws.com | - | Medium
|
||||
80 | [18.192.93.86](https://vuldb.com/?ip.18.192.93.86) | ec2-18-192-93-86.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
81 | [18.197.239.5](https://vuldb.com/?ip.18.197.239.5) | ec2-18-197-239-5.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
82 | [18.198.77.177](https://vuldb.com/?ip.18.198.77.177) | ec2-18-198-77-177.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
83 | [20.43.33.61](https://vuldb.com/?ip.20.43.33.61) | - | - | High
|
||||
84 | [20.52.46.119](https://vuldb.com/?ip.20.52.46.119) | - | - | High
|
||||
85 | [20.79.206.212](https://vuldb.com/?ip.20.79.206.212) | - | - | High
|
||||
86 | [20.91.192.34](https://vuldb.com/?ip.20.91.192.34) | - | - | High
|
||||
87 | [20.185.47.68](https://vuldb.com/?ip.20.185.47.68) | - | - | High
|
||||
88 | [20.194.35.6](https://vuldb.com/?ip.20.194.35.6) | - | - | High
|
||||
89 | [20.197.234.75](https://vuldb.com/?ip.20.197.234.75) | - | - | High
|
||||
90 | [20.203.173.201](https://vuldb.com/?ip.20.203.173.201) | - | - | High
|
||||
91 | [23.94.54.224](https://vuldb.com/?ip.23.94.54.224) | 23-94-54-224-host.colocrossing.com | - | High
|
||||
92 | [23.94.82.41](https://vuldb.com/?ip.23.94.82.41) | 23-94-82-41-host.colocrossing.com | - | High
|
||||
93 | [23.102.1.5](https://vuldb.com/?ip.23.102.1.5) | - | - | High
|
||||
94 | [23.105.131.137](https://vuldb.com/?ip.23.105.131.137) | mail137.nessfist.com | - | High
|
||||
95 | [23.105.131.141](https://vuldb.com/?ip.23.105.131.141) | mail141.nessfist.com | - | High
|
||||
96 | [23.105.131.142](https://vuldb.com/?ip.23.105.131.142) | mail142.nessfist.com | - | High
|
||||
97 | [23.105.131.161](https://vuldb.com/?ip.23.105.131.161) | mail161.nessfist.com | - | High
|
||||
98 | [23.105.131.166](https://vuldb.com/?ip.23.105.131.166) | mail166.nessfist.com | - | High
|
||||
99 | [23.105.131.171](https://vuldb.com/?ip.23.105.131.171) | mail171.nessfist.com | - | High
|
||||
100 | [23.105.131.186](https://vuldb.com/?ip.23.105.131.186) | mail186.nessfist.com | - | High
|
||||
101 | [23.105.131.190](https://vuldb.com/?ip.23.105.131.190) | mail190.nessfist.com | - | High
|
||||
102 | [23.105.131.195](https://vuldb.com/?ip.23.105.131.195) | mail195.nessfist.com | - | High
|
||||
103 | [23.105.131.196](https://vuldb.com/?ip.23.105.131.196) | mail196.nessfist.com | - | High
|
||||
104 | [23.105.131.198](https://vuldb.com/?ip.23.105.131.198) | mail198.nessfist.com | - | High
|
||||
105 | [23.105.131.206](https://vuldb.com/?ip.23.105.131.206) | mail206.nessfist.com | - | High
|
||||
106 | [23.105.131.216](https://vuldb.com/?ip.23.105.131.216) | mail216.nessfist.com | - | High
|
||||
107 | [23.105.131.228](https://vuldb.com/?ip.23.105.131.228) | mail228.nessfist.com | - | High
|
||||
108 | [23.105.131.230](https://vuldb.com/?ip.23.105.131.230) | mail230.nessfist.com | - | High
|
||||
109 | [23.105.131.237](https://vuldb.com/?ip.23.105.131.237) | mail237.nessfist.com | - | High
|
||||
110 | [23.105.131.249](https://vuldb.com/?ip.23.105.131.249) | mail249.nessfist.com | - | High
|
||||
111 | [23.105.171.87](https://vuldb.com/?ip.23.105.171.87) | teluisd.tienda | - | High
|
||||
112 | [23.146.242.147](https://vuldb.com/?ip.23.146.242.147) | - | - | High
|
||||
113 | [23.229.34.114](https://vuldb.com/?ip.23.229.34.114) | noncurrent.specialtyway.com | - | High
|
||||
114 | [23.237.25.128](https://vuldb.com/?ip.23.237.25.128) | - | - | High
|
||||
115 | [23.237.25.205](https://vuldb.com/?ip.23.237.25.205) | - | - | High
|
||||
116 | [23.238.217.173](https://vuldb.com/?ip.23.238.217.173) | orja4.teki.notredamians.org | - | High
|
||||
117 | [23.254.130.71](https://vuldb.com/?ip.23.254.130.71) | hwsrv-964162.hostwindsdns.com | - | High
|
||||
118 | [24.133.1.29](https://vuldb.com/?ip.24.133.1.29) | - | - | High
|
||||
119 | [24.135.175.197](https://vuldb.com/?ip.24.135.175.197) | cable-24-135-175-197.dynamic.sbb.rs | - | High
|
||||
120 | [24.199.85.225](https://vuldb.com/?ip.24.199.85.225) | - | - | High
|
||||
121 | [24.225.113.157](https://vuldb.com/?ip.24.225.113.157) | roseau-pool-157.mncable.net | - | High
|
||||
122 | [27.254.163.12](https://vuldb.com/?ip.27.254.163.12) | static-27-254-163-12.bangmod.cloud | - | High
|
||||
123 | [31.210.20.18](https://vuldb.com/?ip.31.210.20.18) | - | - | High
|
||||
124 | [31.210.20.40](https://vuldb.com/?ip.31.210.20.40) | - | - | High
|
||||
125 | [31.210.20.60](https://vuldb.com/?ip.31.210.20.60) | - | - | High
|
||||
126 | [31.210.20.78](https://vuldb.com/?ip.31.210.20.78) | - | - | High
|
||||
127 | [31.210.20.129](https://vuldb.com/?ip.31.210.20.129) | - | - | High
|
||||
128 | [31.210.20.215](https://vuldb.com/?ip.31.210.20.215) | - | - | High
|
||||
129 | [31.210.21.205](https://vuldb.com/?ip.31.210.21.205) | lit4.top | - | High
|
||||
130 | [31.210.21.252](https://vuldb.com/?ip.31.210.21.252) | ll40.top | - | High
|
||||
131 | [31.210.55.103](https://vuldb.com/?ip.31.210.55.103) | 31-210-55-103.hostlab.net.tr | - | High
|
||||
132 | [34.139.92.250](https://vuldb.com/?ip.34.139.92.250) | 250.92.139.34.bc.googleusercontent.com | - | Medium
|
||||
133 | [34.201.133.83](https://vuldb.com/?ip.34.201.133.83) | ec2-34-201-133-83.compute-1.amazonaws.com | - | Medium
|
||||
134 | [34.221.57.122](https://vuldb.com/?ip.34.221.57.122) | ec2-34-221-57-122.us-west-2.compute.amazonaws.com | - | Medium
|
||||
135 | [34.223.5.56](https://vuldb.com/?ip.34.223.5.56) | ec2-34-223-5-56.us-west-2.compute.amazonaws.com | - | Medium
|
||||
136 | [35.158.159.254](https://vuldb.com/?ip.35.158.159.254) | ec2-35-158-159-254.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
137 | [35.198.98.125](https://vuldb.com/?ip.35.198.98.125) | 125.98.198.35.bc.googleusercontent.com | - | Medium
|
||||
138 | [36.90.214.84](https://vuldb.com/?ip.36.90.214.84) | - | - | High
|
||||
139 | [37.0.8.61](https://vuldb.com/?ip.37.0.8.61) | joneswilson.springtimemartialarts.com | - | High
|
||||
140 | [37.0.8.88](https://vuldb.com/?ip.37.0.8.88) | hall.capitolreservations.com | - | High
|
||||
141 | [37.0.8.98](https://vuldb.com/?ip.37.0.8.98) | - | - | High
|
||||
142 | [37.0.8.115](https://vuldb.com/?ip.37.0.8.115) | brownfarmer.capitolreservations.com | - | High
|
||||
143 | [37.0.8.138](https://vuldb.com/?ip.37.0.8.138) | holland.athinneru.com | - | High
|
||||
144 | [37.0.8.164](https://vuldb.com/?ip.37.0.8.164) | sharp.athinneru.com | - | High
|
||||
145 | [37.0.8.214](https://vuldb.com/?ip.37.0.8.214) | ramos.cartierevannucci.com | - | High
|
||||
146 | [37.0.8.234](https://vuldb.com/?ip.37.0.8.234) | bradley.cartierevannucci.com | - | High
|
||||
147 | [37.0.10.22](https://vuldb.com/?ip.37.0.10.22) | - | - | High
|
||||
148 | [37.0.10.38](https://vuldb.com/?ip.37.0.10.38) | - | - | High
|
||||
149 | [37.0.10.144](https://vuldb.com/?ip.37.0.10.144) | - | - | High
|
||||
150 | [37.0.10.190](https://vuldb.com/?ip.37.0.10.190) | - | - | High
|
||||
151 | [37.0.11.6](https://vuldb.com/?ip.37.0.11.6) | - | - | High
|
||||
152 | [37.0.11.76](https://vuldb.com/?ip.37.0.11.76) | - | - | High
|
||||
153 | [37.0.11.114](https://vuldb.com/?ip.37.0.11.114) | - | - | High
|
||||
154 | [37.0.11.164](https://vuldb.com/?ip.37.0.11.164) | - | - | High
|
||||
155 | [37.0.11.230](https://vuldb.com/?ip.37.0.11.230) | - | - | High
|
||||
156 | [37.0.11.250](https://vuldb.com/?ip.37.0.11.250) | - | - | High
|
||||
157 | [37.0.11.252](https://vuldb.com/?ip.37.0.11.252) | - | - | High
|
||||
158 | [37.0.14.195](https://vuldb.com/?ip.37.0.14.195) | - | - | High
|
||||
159 | [37.0.14.196](https://vuldb.com/?ip.37.0.14.196) | - | - | High
|
||||
160 | [37.0.14.197](https://vuldb.com/?ip.37.0.14.197) | - | - | High
|
||||
161 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
162 | [37.0.14.203](https://vuldb.com/?ip.37.0.14.203) | - | - | High
|
||||
163 | [37.0.14.206](https://vuldb.com/?ip.37.0.14.206) | - | - | High
|
||||
164 | [37.0.14.210](https://vuldb.com/?ip.37.0.14.210) | host-37-0-14-210.static.deli-one.co.uk | - | High
|
||||
165 | [37.0.14.216](https://vuldb.com/?ip.37.0.14.216) | - | - | High
|
||||
166 | [37.120.141.153](https://vuldb.com/?ip.37.120.141.153) | - | - | High
|
||||
167 | [37.120.141.168](https://vuldb.com/?ip.37.120.141.168) | - | - | High
|
||||
168 | [37.120.210.211](https://vuldb.com/?ip.37.120.210.211) | - | - | High
|
||||
169 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
|
||||
170 | [37.139.128.94](https://vuldb.com/?ip.37.139.128.94) | - | - | High
|
||||
171 | [37.139.129.71](https://vuldb.com/?ip.37.139.129.71) | - | - | High
|
||||
172 | [37.139.129.91](https://vuldb.com/?ip.37.139.129.91) | - | - | High
|
||||
173 | [40.71.91.165](https://vuldb.com/?ip.40.71.91.165) | - | - | High
|
||||
174 | [40.124.7.222](https://vuldb.com/?ip.40.124.7.222) | - | - | High
|
||||
175 | [41.216.183.49](https://vuldb.com/?ip.41.216.183.49) | - | - | High
|
||||
176 | [41.216.183.170](https://vuldb.com/?ip.41.216.183.170) | - | - | High
|
||||
177 | [43.154.234.84](https://vuldb.com/?ip.43.154.234.84) | - | - | High
|
||||
178 | [45.11.231.129](https://vuldb.com/?ip.45.11.231.129) | 45-11-231-129.freemesh.co.uk | - | High
|
||||
179 | [45.12.253.26](https://vuldb.com/?ip.45.12.253.26) | - | - | High
|
||||
180 | [45.12.253.242](https://vuldb.com/?ip.45.12.253.242) | - | - | High
|
||||
181 | [45.14.165.113](https://vuldb.com/?ip.45.14.165.113) | webserver-ltd.ml | - | High
|
||||
182 | [45.15.143.169](https://vuldb.com/?ip.45.15.143.169) | - | - | High
|
||||
183 | [45.15.143.249](https://vuldb.com/?ip.45.15.143.249) | - | - | High
|
||||
184 | [45.32.193.48](https://vuldb.com/?ip.45.32.193.48) | smtp1c.v.sendmetric.com | - | High
|
||||
185 | [45.35.64.214](https://vuldb.com/?ip.45.35.64.214) | - | - | High
|
||||
186 | [45.35.105.148](https://vuldb.com/?ip.45.35.105.148) | unassigned.psychz.net | - | High
|
||||
187 | [45.59.127.4](https://vuldb.com/?ip.45.59.127.4) | - | - | High
|
||||
188 | [45.74.0.146](https://vuldb.com/?ip.45.74.0.146) | - | - | High
|
||||
189 | [45.74.0.226](https://vuldb.com/?ip.45.74.0.226) | - | - | High
|
||||
190 | [45.74.38.17](https://vuldb.com/?ip.45.74.38.17) | - | - | High
|
||||
191 | [45.76.82.42](https://vuldb.com/?ip.45.76.82.42) | 45.76.82.42.vultrusercontent.com | - | High
|
||||
192 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
|
||||
193 | [45.90.222.128](https://vuldb.com/?ip.45.90.222.128) | 45-90-222-128-hostedby.bcr.host | - | High
|
||||
194 | [45.132.106.37](https://vuldb.com/?ip.45.132.106.37) | vm4440858.34ssd.had.wf | - | High
|
||||
195 | [45.133.1.29](https://vuldb.com/?ip.45.133.1.29) | - | - | High
|
||||
196 | [45.133.1.67](https://vuldb.com/?ip.45.133.1.67) | - | - | High
|
||||
197 | [45.133.1.119](https://vuldb.com/?ip.45.133.1.119) | - | - | High
|
||||
198 | [45.133.1.126](https://vuldb.com/?ip.45.133.1.126) | - | - | High
|
||||
199 | [45.133.1.167](https://vuldb.com/?ip.45.133.1.167) | - | - | High
|
||||
200 | [45.133.1.211](https://vuldb.com/?ip.45.133.1.211) | - | - | High
|
||||
201 | [45.137.20.4](https://vuldb.com/?ip.45.137.20.4) | hosted-by.rootlayer.net | - | High
|
||||
202 | [45.137.22.35](https://vuldb.com/?ip.45.137.22.35) | hosted-by.rootlayer.net | - | High
|
||||
203 | ... | ... | ... | ...
|
||||
|
||||
There are 802 more IOC items available. Please use our online service to access the data.
|
||||
There are 806 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -233,7 +234,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
|
@ -250,9 +251,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
3 | File | `/admin/casedetails.php` | High
|
||||
4 | File | `/admin/index2.html` | High
|
||||
5 | File | `/admin/maintenance/brand.php` | High
|
||||
6 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
4 | File | `/admin/maintenance/brand.php` | High
|
||||
5 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
6 | File | `/admin/positions_add.php` | High
|
||||
7 | File | `/admin/user/manage_user.php` | High
|
||||
8 | File | `/admin/userprofile.php` | High
|
||||
9 | File | `/admin/voters_row.php` | High
|
||||
|
@ -268,46 +269,38 @@ ID | Type | Indicator | Confidence
|
|||
19 | File | `/aux` | Low
|
||||
20 | File | `/backup.pl` | Medium
|
||||
21 | File | `/cas/logout` | Medium
|
||||
22 | File | `/categorypage.php` | High
|
||||
23 | File | `/cgi-bin-sdb/ExportSettings.sh` | High
|
||||
24 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
25 | File | `/cha.php` | Medium
|
||||
26 | File | `/classes/Master.php?f=save_service` | High
|
||||
27 | File | `/College/admin/teacher.php` | High
|
||||
28 | File | `/contactform/contactform.php` | High
|
||||
29 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
30 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
31 | File | `/dcim/rack-roles/` | High
|
||||
32 | File | `/drivers/block/floppy.c` | High
|
||||
33 | File | `/DXR.axd` | Medium
|
||||
34 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
35 | File | `/etc/shadow` | Medium
|
||||
36 | File | `/forum/away.php` | High
|
||||
37 | File | `/fos/admin/ajax.php` | High
|
||||
38 | File | `/goform/aspForm` | High
|
||||
39 | File | `/goform/WifiGuestSet` | High
|
||||
40 | File | `/HNAP1` | Low
|
||||
41 | File | `/HNAP1/SetClientInfo` | High
|
||||
42 | File | `/inc/topBarNav.php` | High
|
||||
43 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
44 | File | `/kelas/data` | Medium
|
||||
45 | File | `/kelasdosen/data` | High
|
||||
46 | File | `/modules/profile/index.php` | High
|
||||
47 | File | `/modules/projects/vw_files.php` | High
|
||||
48 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
49 | File | `/nasm/nasm-parse.c` | High
|
||||
50 | File | `/ordering/admin/orders/loaddata.php` | High
|
||||
51 | File | `/ordering/admin/stockin/loaddata.php` | High
|
||||
52 | File | `/owa/auth/logon.aspx` | High
|
||||
53 | File | `/philosophy/admin/login.php` | High
|
||||
54 | File | `/php-opos/login.php` | High
|
||||
55 | File | `/priv_mgt.html` | High
|
||||
56 | File | `/resources//../` | High
|
||||
57 | File | `/see_more_details.php` | High
|
||||
58 | File | `/services/indexing/preview` | High
|
||||
59 | ... | ... | ...
|
||||
22 | File | `/cgi-bin-sdb/ExportSettings.sh` | High
|
||||
23 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
24 | File | `/cha.php` | Medium
|
||||
25 | File | `/classes/Master.php?f=save_service` | High
|
||||
26 | File | `/College/admin/teacher.php` | High
|
||||
27 | File | `/contactform/contactform.php` | High
|
||||
28 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
29 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
30 | File | `/dcim/rack-roles/` | High
|
||||
31 | File | `/DXR.axd` | Medium
|
||||
32 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
33 | File | `/etc/shadow` | Medium
|
||||
34 | File | `/forum/away.php` | High
|
||||
35 | File | `/fos/admin/ajax.php` | High
|
||||
36 | File | `/goform/aspForm` | High
|
||||
37 | File | `/goform/WifiGuestSet` | High
|
||||
38 | File | `/HNAP1` | Low
|
||||
39 | File | `/HNAP1/SetClientInfo` | High
|
||||
40 | File | `/inc/topBarNav.php` | High
|
||||
41 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
42 | File | `/kelas/data` | Medium
|
||||
43 | File | `/kelasdosen/data` | High
|
||||
44 | File | `/modules/profile/index.php` | High
|
||||
45 | File | `/modules/projects/vw_files.php` | High
|
||||
46 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
47 | File | `/nasm/nasm-parse.c` | High
|
||||
48 | File | `/owa/auth/logon.aspx` | High
|
||||
49 | File | `/paysystem/branch.php` | High
|
||||
50 | File | `/paysystem/datatable.php` | High
|
||||
51 | ... | ... | ...
|
||||
|
||||
There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -414,6 +407,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/6595059e1d6a17d771d090b4413a8a00d456f489f8d5858464f9f2435abcfa49/
|
||||
* https://bazaar.abuse.ch/sample/549102148f7e484426b9293dc3d357f30d9d3afe0c9b6cfb3e28096a979eeea7/
|
||||
* https://bazaar.abuse.ch/sample/6862125231ef2db31b6e1dfec7e447467001110552ca02d0c808ad7459e64cb4/
|
||||
* https://bazaar.abuse.ch/sample/577047181197a34939a106666deec71d3e91e386deda32d412ef1e8b3de2b000/
|
||||
* https://bazaar.abuse.ch/sample/862436265855ac8c2d4c8517da3d7f7572c57ccb520f6f76c18348fcaa893503/
|
||||
* https://bazaar.abuse.ch/sample/a4f2c25ec87ce23bc806750cbd27dc3eb051066ba0a8de8b80914257624cf498/
|
||||
* https://bazaar.abuse.ch/sample/a6d3661a9cff2af1b242728e8e461985eb08e382124f28b7fb64d49f101b11c7/
|
||||
|
|
|
@ -45,7 +45,8 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
22 | [45.77.31.210](https://vuldb.com/?ip.45.77.31.210) | 45.77.31.210.vultrusercontent.com | - | High
|
||||
23 | [45.133.203.205](https://vuldb.com/?ip.45.133.203.205) | - | - | High
|
||||
24 | [46.17.106.110](https://vuldb.com/?ip.46.17.106.110) | zaphim2.ru | - | High
|
||||
25 | ... | ... | ... | ...
|
||||
25 | [46.17.106.230](https://vuldb.com/?ip.46.17.106.230) | vds2364993.my-ihor.ru | - | High
|
||||
26 | ... | ... | ... | ...
|
||||
|
||||
There are 98 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -96,6 +97,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/26cad4ec29bc07d7b2c32c94dbbef397391babf1c78cc533950b325aaf11bba8/
|
||||
* https://bazaar.abuse.ch/sample/759e159da0592063bb0eb967dd45802caa0a1538867994868d5b883f099286a5/
|
||||
* https://bazaar.abuse.ch/sample/2174b4c58eb43aac8e5e0061ff0bc45125f4cb64404d552fe25ea6ac1777113d/
|
||||
* https://bazaar.abuse.ch/sample/ae49d8d6d68069696428ebd3fce5a003af4a6ccaf4f67331eea37a0cd4dfbb77/
|
||||
* https://bazaar.abuse.ch/sample/c9e6dc44db59f1883e850babac21890e5723d2627a623c47f709e3bb7d073e35/
|
||||
* https://infosec.exchange/@malware_traffic/109762477310102114
|
||||
* https://threatfox.abuse.ch
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -78,14 +78,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36, CWE-37 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-27, CWE-36, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80, CWE-87 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -97,54 +97,52 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/admin/edit_subject.php` | High
|
||||
4 | File | `/admin/index2.html` | High
|
||||
5 | File | `/admin/login.php` | High
|
||||
6 | File | `/admin/products/manage_product.php` | High
|
||||
7 | File | `/admin/students/manage.php` | High
|
||||
8 | File | `/admin/students/view_student.php` | High
|
||||
9 | File | `/api/user/upsert/<uuid>` | High
|
||||
10 | File | `/api/v2/cli/commands` | High
|
||||
11 | File | `/appliance/users?action=edit` | High
|
||||
12 | File | `/backup.pl` | Medium
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/dashboard/updatelogo.php` | High
|
||||
15 | File | `/DXR.axd` | Medium
|
||||
16 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
17 | File | `/edoc/doctor/patient.php` | High
|
||||
18 | File | `/etc/ldap.conf` | High
|
||||
19 | File | `/etc/shadow` | Medium
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/h/calendar` | Medium
|
||||
22 | File | `/h/compose` | Medium
|
||||
23 | File | `/h/search?action=voicemail&action=listen` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
25 | File | `/index.php` | Medium
|
||||
26 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
27 | File | `/kelasdosen/data` | High
|
||||
28 | File | `/librarian/bookdetails.php` | High
|
||||
29 | File | `/loginVaLidation.php` | High
|
||||
30 | File | `/manager/index.php` | High
|
||||
31 | File | `/messageboard/view.php` | High
|
||||
32 | File | `/MIME/INBOX-MM-1/` | High
|
||||
33 | File | `/mkshop/Men/profile.php` | High
|
||||
34 | File | `/Noxen-master/users.php` | High
|
||||
35 | File | `/opac/Actions.php?a=login` | High
|
||||
36 | File | `/osm/REGISTER.cmd` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/owa/auth/logon.aspx` | High
|
||||
39 | File | `/php-scrm/login.php` | High
|
||||
40 | File | `/php-sms/classes/Master.php` | High
|
||||
41 | File | `/php-sms/classes/SystemSettings.php` | High
|
||||
42 | File | `/php_action/createOrder.php` | High
|
||||
43 | File | `/php_action/editProductImage.php` | High
|
||||
44 | File | `/reservation/add_message.php` | High
|
||||
45 | File | `/ResiotQueryDBActive` | High
|
||||
46 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
47 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
48 | File | `/SetTriggerWPS/PIN` | High
|
||||
49 | File | `/spcgi.cgi` | Medium
|
||||
50 | ... | ... | ...
|
||||
5 | File | `/admin/products/manage_product.php` | High
|
||||
6 | File | `/admin/students/manage.php` | High
|
||||
7 | File | `/api/user/upsert/<uuid>` | High
|
||||
8 | File | `/api/v2/cli/commands` | High
|
||||
9 | File | `/appliance/users?action=edit` | High
|
||||
10 | File | `/backup.pl` | Medium
|
||||
11 | File | `/DXR.axd` | Medium
|
||||
12 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
13 | File | `/edoc/doctor/patient.php` | High
|
||||
14 | File | `/etc/ldap.conf` | High
|
||||
15 | File | `/etc/shadow` | Medium
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/h/calendar` | Medium
|
||||
18 | File | `/h/compose` | Medium
|
||||
19 | File | `/h/search?action=voicemail&action=listen` | High
|
||||
20 | File | `/hrm/employeeview.php` | High
|
||||
21 | File | `/index.php` | Medium
|
||||
22 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
23 | File | `/kelasdosen/data` | High
|
||||
24 | File | `/librarian/bookdetails.php` | High
|
||||
25 | File | `/manager/index.php` | High
|
||||
26 | File | `/messageboard/view.php` | High
|
||||
27 | File | `/MIME/INBOX-MM-1/` | High
|
||||
28 | File | `/opac/Actions.php?a=login` | High
|
||||
29 | File | `/osm/REGISTER.cmd` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/owa/auth/logon.aspx` | High
|
||||
32 | File | `/php-scrm/login.php` | High
|
||||
33 | File | `/php-sms/classes/Master.php` | High
|
||||
34 | File | `/php-sms/classes/SystemSettings.php` | High
|
||||
35 | File | `/php_action/createOrder.php` | High
|
||||
36 | File | `/php_action/editProductImage.php` | High
|
||||
37 | File | `/reservation/add_message.php` | High
|
||||
38 | File | `/ResiotQueryDBActive` | High
|
||||
39 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
40 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
41 | File | `/send_order.cgi?parameter=restart` | High
|
||||
42 | File | `/SetTriggerWPS/PIN` | High
|
||||
43 | File | `/spcgi.cgi` | Medium
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/src/png2swf.c` | High
|
||||
46 | File | `/textpattern/index.php` | High
|
||||
47 | File | `/tos/index.php?app/app_start_stop` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 433 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 416 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,95 @@
|
|||
# Netsuppport - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Netsuppport](https://vuldb.com/?actor.netsuppport). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.netsuppport](https://vuldb.com/?actor.netsuppport)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Netsuppport:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Netsuppport.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [179.43.146.90](https://vuldb.com/?ip.179.43.146.90) | hostedby.privatelayer.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Netsuppport_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Netsuppport. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin.php/Admin/adminadd.html` | High
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/settings/save.php` | High
|
||||
5 | File | `/admin/userprofile.php` | High
|
||||
6 | File | `/apply.cgi` | Medium
|
||||
7 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
8 | File | `/College/admin/teacher.php` | High
|
||||
9 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
10 | File | `/dcim/rack-roles/` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/getcfg.php` | Medium
|
||||
13 | File | `/get_getnetworkconf.cgi` | High
|
||||
14 | File | `/goform/addUserName` | High
|
||||
15 | File | `/goform/aspForm` | High
|
||||
16 | File | `/goform/delAd` | High
|
||||
17 | File | `/goform/saveParentControlInfo` | High
|
||||
18 | File | `/goform/wifiSSIDset` | High
|
||||
19 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
20 | File | `/inc/topBarNav.php` | High
|
||||
21 | File | `/index.asp` | Medium
|
||||
22 | File | `/jfinal_cms/system/role/list` | High
|
||||
23 | File | `/kelas/data` | Medium
|
||||
24 | File | `/Moosikay/order.php` | High
|
||||
25 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
26 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
27 | File | `/webman/info.cgi` | High
|
||||
28 | File | `acloudCosAction.php.SQL` | High
|
||||
29 | File | `ActiveServices.java` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 251 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.zscaler.com/blogs/research/netsupport-rat-installed-fake-update-notices
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,79 @@
|
|||
# Ngoiweb - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ngoiweb](https://vuldb.com/?actor.ngoiweb). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ngoiweb](https://vuldb.com/?actor.ngoiweb)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Ngoiweb:
|
||||
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Ngoiweb.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.125.125.5](https://vuldb.com/?ip.1.125.125.5) | - | - | High
|
||||
2 | [5.135.35.160](https://vuldb.com/?ip.5.135.35.160) | ip160.ip-5-135-35.eu | - | High
|
||||
3 | [5.135.58.119](https://vuldb.com/?ip.5.135.58.119) | u.competitionhumourumbrella.city | - | High
|
||||
4 | [5.135.58.121](https://vuldb.com/?ip.5.135.58.121) | 760.impulseratecloud.store | - | High
|
||||
5 | [5.135.58.123](https://vuldb.com/?ip.5.135.58.123) | 95p0.impulseratecloud.store | - | High
|
||||
6 | [5.135.58.124](https://vuldb.com/?ip.5.135.58.124) | pwtu32k.groupsensefixed.me | - | High
|
||||
7 | [5.196.194.209](https://vuldb.com/?ip.5.196.194.209) | ip209.ip-5-196-194.eu | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
|
||||
There are 27 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Ngoiweb_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Ngoiweb. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/catcompany.php` | High
|
||||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `/Login` | Low
|
||||
4 | File | `/usr/bin/pkexec` | High
|
||||
5 | File | `ajax_invoice.php` | High
|
||||
6 | File | `ajax_service.php` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 46 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.netlab.360.com/an-analysis-of-linux-ngioweb-botnet/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,115 @@
|
|||
# Novidade - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Novidade](https://vuldb.com/?actor.novidade). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.novidade](https://vuldb.com/?actor.novidade)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Novidade:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Novidade.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [10.0.0.1](https://vuldb.com/?ip.10.0.0.1) | - | - | High
|
||||
2 | [10.0.0.2](https://vuldb.com/?ip.10.0.0.2) | - | - | High
|
||||
3 | [10.0.0.3](https://vuldb.com/?ip.10.0.0.3) | - | - | High
|
||||
4 | [10.0.0.138](https://vuldb.com/?ip.10.0.0.138) | - | - | High
|
||||
5 | [10.1.1.1](https://vuldb.com/?ip.10.1.1.1) | - | - | High
|
||||
6 | [23.94.149.242](https://vuldb.com/?ip.23.94.149.242) | 23-94-149-242-host.colocrossing.com | - | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 24 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Novidade_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Novidade. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/submit-articles` | High
|
||||
9 | File | `/ad_js.php` | Medium
|
||||
10 | File | `/alphaware/summary.php` | High
|
||||
11 | File | `/api/` | Low
|
||||
12 | File | `/api/admin/store/product/list` | High
|
||||
13 | File | `/api/stl/actions/search` | High
|
||||
14 | File | `/api/v2/cli/commands` | High
|
||||
15 | File | `/app/options.py` | High
|
||||
16 | File | `/attachments` | Medium
|
||||
17 | File | `/bin/ate` | Medium
|
||||
18 | File | `/boat/login.php` | High
|
||||
19 | File | `/bsms_ci/index.php/book` | High
|
||||
20 | File | `/cgi-bin` | Medium
|
||||
21 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
24 | File | `/dashboard/reports/logs/view` | High
|
||||
25 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
26 | File | `/debug/pprof` | Medium
|
||||
27 | File | `/env` | Low
|
||||
28 | File | `/etc/hosts` | Medium
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/goform/setmac` | High
|
||||
31 | File | `/goform/wizard_end` | High
|
||||
32 | File | `/manage-apartment.php` | High
|
||||
33 | File | `/medicines/profile.php` | High
|
||||
34 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
35 | File | `/pages/apply_vacancy.php` | High
|
||||
36 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
37 | File | `/proc/<PID>/mem` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/reservation/add_message.php` | High
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | File | `/tmp` | Low
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 361 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,80 @@
|
|||
# Octopus - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Octopus](https://vuldb.com/?actor.octopus). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.octopus](https://vuldb.com/?actor.octopus)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Octopus:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Octopus.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.8.88.87](https://vuldb.com/?ip.5.8.88.87) | - | - | High
|
||||
2 | [5.188.231.101](https://vuldb.com/?ip.5.188.231.101) | free.ds | - | High
|
||||
3 | [5.255.71.84](https://vuldb.com/?ip.5.255.71.84) | - | - | High
|
||||
4 | [5.255.71.85](https://vuldb.com/?ip.5.255.71.85) | - | - | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Octopus_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Octopus. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/forgetpassword.php` | High
|
||||
2 | File | `/inc/lists/edit-list.php` | High
|
||||
3 | File | `/index.php` | Medium
|
||||
4 | File | `/members/view_member.php` | High
|
||||
5 | File | `/owa/auth/logon.aspx` | High
|
||||
6 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | File | `adclick.php` | Medium
|
||||
9 | File | `admin/media.php` | High
|
||||
10 | File | `bbs/faq.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 87 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -74,7 +74,7 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `/question/ask` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 203 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 204 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,57 @@
|
|||
# Outlaw Cryptominer - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Outlaw Cryptominer](https://vuldb.com/?actor.outlaw_cryptominer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.outlaw_cryptominer](https://vuldb.com/?actor.outlaw_cryptominer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Outlaw Cryptominer:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [MN](https://vuldb.com/?country.mn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Outlaw Cryptominer.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [67.205.129.169](https://vuldb.com/?ip.67.205.129.169) | - | - | High
|
||||
2 | [167.114.54.15](https://vuldb.com/?ip.167.114.54.15) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Outlaw Cryptominer_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
2 | T1204.001 | CWE-601 | Open Redirect | High
|
||||
3 | T1592.004 | CWE-16 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Outlaw Cryptominer. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `redirector.php` | High
|
||||
2 | Argument | `url` | Low
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,77 @@
|
|||
# Outlaw Kit - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Outlaw Kit](https://vuldb.com/?actor.outlaw_kit). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.outlaw_kit](https://vuldb.com/?actor.outlaw_kit)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Outlaw Kit:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Outlaw Kit.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.9.148.125](https://vuldb.com/?ip.45.9.148.125) | - | - | High
|
||||
2 | [45.9.148.129](https://vuldb.com/?ip.45.9.148.129) | - | - | High
|
||||
3 | [104.236.192.6](https://vuldb.com/?ip.104.236.192.6) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Outlaw Kit_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-425 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Outlaw Kit. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/ajax.php?action=read_msg` | High
|
||||
2 | File | `/debug/pprof` | Medium
|
||||
3 | File | `/env` | Low
|
||||
4 | File | `/goform/SetNetControlList` | High
|
||||
5 | File | `admin/categories_industry.php` | High
|
||||
6 | File | `admin/content/postcategory` | High
|
||||
7 | File | `Adminstrator/Users/Edit/` | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 57 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.trendmicro.com/trendlabs-security-intelligence/outlaw-updates-kit-to-kill-older-miner-versions-targets-more-systems/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,62 @@
|
|||
# PSP Phishing - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PSP Phishing](https://vuldb.com/?actor.psp_phishing). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.psp_phishing](https://vuldb.com/?actor.psp_phishing)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PSP Phishing:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of PSP Phishing.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.53.124.235](https://vuldb.com/?ip.5.53.124.235) | colaste2.representacoescomercial.de | - | High
|
||||
2 | [47.245.55.198](https://vuldb.com/?ip.47.245.55.198) | - | - | High
|
||||
3 | [124.156.34.157](https://vuldb.com/?ip.124.156.34.157) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _PSP Phishing_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by PSP Phishing. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/maintenance/view_designation.php` | High
|
||||
2 | File | `page.php` | Medium
|
||||
3 | File | `wp-admin/post.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.malwarebytes.com/web-threats/2019/11/web-skimmer-phishes-credit-card-data-via-rogue-payment-service-platform/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -26,7 +26,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
3 | [45.12.70.186](https://vuldb.com/?ip.45.12.70.186) | rounded-tray.alltieinc.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 13 more IOC items available. Please use our online service to access the data.
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -34,7 +34,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-35 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
@ -51,35 +51,37 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin/maintenance/view_designation.php` | High
|
||||
3 | File | `/APR/signup.php` | High
|
||||
4 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
5 | File | `/forum/away.php` | High
|
||||
6 | File | `/mims/login.php` | High
|
||||
7 | File | `/php-scrm/login.php` | High
|
||||
8 | File | `/proxy` | Low
|
||||
9 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
10 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
11 | File | `/textpattern/index.php` | High
|
||||
12 | File | `/tmp` | Low
|
||||
13 | File | `/wp-admin/admin-ajax.php` | High
|
||||
14 | File | `account-signup.php` | High
|
||||
15 | File | `account/signup.php` | High
|
||||
16 | File | `addentry.php` | Medium
|
||||
17 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
|
||||
18 | File | `admin.jcomments.php` | High
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | File | `admin/admin_editor.php` | High
|
||||
21 | File | `admin/conf_users_edit.php` | High
|
||||
22 | File | `admin/data.php` | High
|
||||
23 | File | `admin/edit_category.php` | High
|
||||
24 | File | `admin/operations/currency.php` | High
|
||||
25 | File | `album_portal.php` | High
|
||||
26 | File | `awstats.pl` | Medium
|
||||
27 | File | `blocks/block-Old_Articles.php` | High
|
||||
28 | File | `bp_ncom.php` | Medium
|
||||
29 | File | `buy.php` | Low
|
||||
30 | File | `changePasswordForEmployee.php` | High
|
||||
31 | ... | ... | ...
|
||||
5 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
6 | File | `/Electron/download` | High
|
||||
7 | File | `/mims/login.php` | High
|
||||
8 | File | `/php-scrm/login.php` | High
|
||||
9 | File | `/proxy` | Low
|
||||
10 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
11 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
12 | File | `/text/pdf/PdfReader.java` | High
|
||||
13 | File | `/textpattern/index.php` | High
|
||||
14 | File | `/tmp` | Low
|
||||
15 | File | `/wp-admin/admin-ajax.php` | High
|
||||
16 | File | `account-signup.php` | High
|
||||
17 | File | `account/signup.php` | High
|
||||
18 | File | `addentry.php` | Medium
|
||||
19 | File | `addressbook/backends/ldap/e-book-backend-ldap.c` | High
|
||||
20 | File | `admin.jcomments.php` | High
|
||||
21 | File | `admin.php` | Medium
|
||||
22 | File | `admin/admin_editor.php` | High
|
||||
23 | File | `admin/conf_users_edit.php` | High
|
||||
24 | File | `admin/data.php` | High
|
||||
25 | File | `admin/edit_category.php` | High
|
||||
26 | File | `admin/operations/currency.php` | High
|
||||
27 | File | `album_portal.php` | High
|
||||
28 | File | `awstats.pl` | Medium
|
||||
29 | File | `blocks/block-Old_Articles.php` | High
|
||||
30 | File | `blogger-importer.php` | High
|
||||
31 | File | `bp_ncom.php` | Medium
|
||||
32 | File | `buy.php` | Low
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 261 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 282 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -87,6 +89,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_pw.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_pw.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ipip_country/ipip_country_pw.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
# PeaRAT - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PeaRAT](https://vuldb.com/?actor.pearat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.pearat](https://vuldb.com/?actor.pearat)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PeaRAT:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of PeaRAT.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [95.140.125.42](https://vuldb.com/?ip.95.140.125.42) | free-125-42.mediaworksit.net | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _PeaRAT_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1505 | CWE-89 | SQL Injection | High
|
||||
3 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by PeaRAT. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `wp-includes/class-wp-query.php` | High
|
||||
2 | Argument | `-v` | Low
|
||||
3 | Argument | `mail_user` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,68 @@
|
|||
# Phobos - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Phobos](https://vuldb.com/?actor.phobos). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.phobos](https://vuldb.com/?actor.phobos)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Phobos:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Phobos.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [179.43.140.168](https://vuldb.com/?ip.179.43.140.168) | securehosting.capital | - | High
|
||||
2 | [193.37.69.46](https://vuldb.com/?ip.193.37.69.46) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Phobos_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Phobos. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `advertiser.php` | High
|
||||
2 | File | `at/create_job.cgi` | High
|
||||
3 | File | `tiki-register.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://exchange.xforce.ibmcloud.com/threats/guid:71f873ec777c3c34917057ccd3b42ed9
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -71,8 +71,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -87,47 +86,48 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/etc/ajenti/config.yml` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/goform/telnet` | High
|
||||
6 | File | `/modules/profile/index.php` | High
|
||||
7 | File | `/proc/self/environ` | High
|
||||
8 | File | `/rom-0` | Low
|
||||
9 | File | `/tmp/phpglibccheck` | High
|
||||
10 | File | `/uncpath/` | Medium
|
||||
11 | File | `/var/tmp/sess_*` | High
|
||||
12 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
13 | File | `action.php` | Medium
|
||||
14 | File | `actionphp/download.File.php` | High
|
||||
15 | File | `add_comment.php` | High
|
||||
16 | File | `admin/admin.php` | High
|
||||
17 | File | `admin/class-favicon-by-realfavicongenerator-admin.php` | High
|
||||
18 | File | `admin/content.php` | High
|
||||
19 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
20 | File | `admin/memberviewdetails.php` | High
|
||||
21 | File | `admin_gallery.php3` | High
|
||||
22 | File | `affich.php` | Medium
|
||||
23 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
24 | File | `akeyActivationLogin.do` | High
|
||||
25 | File | `album_portal.php` | High
|
||||
26 | File | `apache-auth.conf` | High
|
||||
27 | File | `askapache-firefox-adsense.php` | High
|
||||
28 | File | `attachment.cgi` | High
|
||||
29 | File | `auth.php` | Medium
|
||||
30 | File | `blogger-importer.php` | High
|
||||
31 | File | `blueprints/sections/edit/1` | High
|
||||
32 | File | `books.php` | Medium
|
||||
33 | File | `cart_add.php` | Medium
|
||||
34 | File | `CFS.c` | Low
|
||||
35 | File | `cgi-bin/webui/admin/tools/app_ping/diag_ping/` | High
|
||||
36 | File | `cgi/cal?year` | Medium
|
||||
37 | File | `checktransferstatus.php` | High
|
||||
38 | File | `class.SystemAction.php` | High
|
||||
39 | File | `clientarea.php` | High
|
||||
40 | File | `collectivite.class.php` | High
|
||||
41 | File | `contact` | Low
|
||||
42 | File | `control.c` | Medium
|
||||
43 | File | `core/core.php` | High
|
||||
44 | ... | ... | ...
|
||||
6 | File | `/HNAP1` | Low
|
||||
7 | File | `/modules/profile/index.php` | High
|
||||
8 | File | `/proc/self/environ` | High
|
||||
9 | File | `/rom-0` | Low
|
||||
10 | File | `/tmp/phpglibccheck` | High
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `/var/tmp/sess_*` | High
|
||||
13 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
14 | File | `action.php` | Medium
|
||||
15 | File | `actionphp/download.File.php` | High
|
||||
16 | File | `add_comment.php` | High
|
||||
17 | File | `admin/admin.php` | High
|
||||
18 | File | `admin/class-favicon-by-realfavicongenerator-admin.php` | High
|
||||
19 | File | `admin/content.php` | High
|
||||
20 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
21 | File | `admin/memberviewdetails.php` | High
|
||||
22 | File | `admin_gallery.php3` | High
|
||||
23 | File | `affich.php` | Medium
|
||||
24 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
25 | File | `akeyActivationLogin.do` | High
|
||||
26 | File | `album_portal.php` | High
|
||||
27 | File | `apache-auth.conf` | High
|
||||
28 | File | `askapache-firefox-adsense.php` | High
|
||||
29 | File | `attachment.cgi` | High
|
||||
30 | File | `auth.php` | Medium
|
||||
31 | File | `blogger-importer.php` | High
|
||||
32 | File | `blueprints/sections/edit/1` | High
|
||||
33 | File | `books.php` | Medium
|
||||
34 | File | `cart_add.php` | Medium
|
||||
35 | File | `CFS.c` | Low
|
||||
36 | File | `cgi-bin/webui/admin/tools/app_ping/diag_ping/` | High
|
||||
37 | File | `cgi/cal?year` | Medium
|
||||
38 | File | `checktransferstatus.php` | High
|
||||
39 | File | `class.SystemAction.php` | High
|
||||
40 | File | `clientarea.php` | High
|
||||
41 | File | `collectivite.class.php` | High
|
||||
42 | File | `contact` | Low
|
||||
43 | File | `control.c` | Medium
|
||||
44 | File | `core/core.php` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 380 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/.ssh/authorized_keys` | High
|
||||
2 | File | `/ajax.php?action=read_msg` | High
|
||||
3 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
4 | File | `/api/gen/clients/{language}` | High
|
||||
5 | File | `/app/options.py` | High
|
||||
|
@ -102,11 +102,9 @@ ID | Type | Indicator | Confidence
|
|||
41 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
|
||||
44 | File | `/sys/dict/queryTableData` | High
|
||||
45 | File | `/tmp` | Low
|
||||
46 | ... | ... | ...
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 398 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,59 @@
|
|||
# PowerGhost - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PowerGhost](https://vuldb.com/?actor.powerghost). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.powerghost](https://vuldb.com/?actor.powerghost)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PowerGhost:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of PowerGhost.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.128.43.62](https://vuldb.com/?ip.185.128.43.62) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _PowerGhost_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1204.001 | CWE-601 | Open Redirect | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by PowerGhost. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `admin/index.php` | High
|
||||
2 | File | `inc/config.php` | High
|
||||
3 | Argument | `basePath` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Predator the Thief - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Predator the Thief](https://vuldb.com/?actor.predator_the_thief). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.predator_the_thief](https://vuldb.com/?actor.predator_the_thief)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Predator the Thief.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.fortinet.com/blog/threat-research/predator-the-thief-recent-versions.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -93,7 +93,7 @@ ID | Type | Indicator | Confidence
|
|||
39 | File | `/MagickCore/quantize.c` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 345 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 344 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
|
@ -121,9 +121,10 @@ ID | Type | Indicator | Confidence
|
|||
59 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
60 | File | `/classes/Master.php?f=delete_item` | High
|
||||
61 | File | `/classes/Master.php?f=delete_service` | High
|
||||
62 | ... | ... | ...
|
||||
62 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
63 | ... | ... | ...
|
||||
|
||||
There are 545 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 550 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
# PseudoGate - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PseudoGate](https://vuldb.com/?actor.pseudogate). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.pseudogate](https://vuldb.com/?actor.pseudogate)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PseudoGate:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of PseudoGate.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.23.54.158](https://vuldb.com/?ip.5.23.54.158) | 813555-cj16721.tmweb.ru | - | High
|
||||
2 | [176.57.208.166](https://vuldb.com/?ip.176.57.208.166) | 1105979-manvds.tmweb.ru | - | High
|
||||
3 | [185.17.122.166](https://vuldb.com/?ip.185.17.122.166) | ndevbox.example.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _PseudoGate_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1608.002 | CWE-434 | Unrestricted Upload | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by PseudoGate. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `FTP/server_ftp.c` | High
|
||||
2 | File | `ip/ipaddress.c` | High
|
||||
3 | File | `tiki-register.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -45,7 +45,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
@ -61,50 +61,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$HOME/.printers` | High
|
||||
2 | File | `/admin/edit-doc.php` | High
|
||||
3 | File | `/admin/maintenance/view_designation.php` | High
|
||||
4 | File | `/admin/news/news_ok.php` | High
|
||||
5 | File | `/api/plugin/uninstall` | High
|
||||
6 | File | `/api /v3/auth` | High
|
||||
7 | File | `/bcms/admin/?page=user/list` | High
|
||||
8 | File | `/bin/boa` | Medium
|
||||
9 | File | `/card_scan.php` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/config/getuser` | High
|
||||
12 | File | `/cwc/login` | Medium
|
||||
13 | File | `/de/cgi/dfs_guest/` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/download` | Medium
|
||||
16 | File | `/etc/gsissh/sshd_config` | High
|
||||
17 | File | `/etc/passwd` | Medium
|
||||
18 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
|
||||
19 | File | `/etc/quagga` | Medium
|
||||
20 | File | `/etc/quantum/quantum.conf` | High
|
||||
21 | File | `/etc/shadow` | Medium
|
||||
22 | File | `/forms/doLogin` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/getcfg.php` | Medium
|
||||
25 | File | `/goform/telnet` | High
|
||||
26 | File | `/goform/WanParameterSetting` | High
|
||||
27 | File | `/h/calendar` | Medium
|
||||
28 | File | `/home/cavesConsole` | High
|
||||
29 | File | `/hrm/employeeadd.php` | High
|
||||
30 | File | `/inc/extensions.php` | High
|
||||
31 | File | `/include/makecvs.php` | High
|
||||
32 | File | `/js/app.js` | Medium
|
||||
33 | File | `/mgmt/tm/util/bash` | High
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
35 | File | `/modules/tasks/summary.inc.php` | High
|
||||
36 | File | `/monitoring` | Medium
|
||||
37 | File | `/nova/bin/console` | High
|
||||
38 | File | `/nova/bin/detnet` | High
|
||||
39 | File | `/out.php` | Medium
|
||||
40 | File | `/payu/icpcheckout/` | High
|
||||
41 | File | `/php-sms/classes/Master.php?f=save_quote` | High
|
||||
42 | File | `/property-list/property_view.php` | High
|
||||
43 | ... | ... | ...
|
||||
2 | File | `/admin/?page=user/list` | High
|
||||
3 | File | `/admin/edit-doc.php` | High
|
||||
4 | File | `/admin/maintenance/view_designation.php` | High
|
||||
5 | File | `/admin/news/news_ok.php` | High
|
||||
6 | File | `/admin/service.php` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/api/plugin/uninstall` | High
|
||||
9 | File | `/api /v3/auth` | High
|
||||
10 | File | `/bcms/admin/?page=user/list` | High
|
||||
11 | File | `/bin/boa` | Medium
|
||||
12 | File | `/card_scan.php` | High
|
||||
13 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/config/getuser` | High
|
||||
16 | File | `/cwc/login` | Medium
|
||||
17 | File | `/de/cgi/dfs_guest/` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/download` | Medium
|
||||
20 | File | `/etc/gsissh/sshd_config` | High
|
||||
21 | File | `/etc/passwd` | Medium
|
||||
22 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
|
||||
23 | File | `/etc/quagga` | Medium
|
||||
24 | File | `/etc/quantum/quantum.conf` | High
|
||||
25 | File | `/forms/doLogin` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/getcfg.php` | Medium
|
||||
28 | File | `/goform/SetNetControlList` | High
|
||||
29 | File | `/goform/telnet` | High
|
||||
30 | File | `/goform/WanParameterSetting` | High
|
||||
31 | File | `/h/calendar` | Medium
|
||||
32 | File | `/home/cavesConsole` | High
|
||||
33 | File | `/hrm/employeeadd.php` | High
|
||||
34 | File | `/inc/extensions.php` | High
|
||||
35 | File | `/include/makecvs.php` | High
|
||||
36 | File | `/jeecg-boot/jmreport/upload` | High
|
||||
37 | File | `/js/app.js` | Medium
|
||||
38 | File | `/mgmt/tm/util/bash` | High
|
||||
39 | File | `/modules/profile/index.php` | High
|
||||
40 | File | `/modules/tasks/summary.inc.php` | High
|
||||
41 | File | `/monitoring` | Medium
|
||||
42 | File | `/nova/bin/console` | High
|
||||
43 | File | `/nova/bin/detnet` | High
|
||||
44 | File | `/out.php` | Medium
|
||||
45 | File | `/payu/icpcheckout/` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 402 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue