Update
This commit is contained in:
parent
0075741c28
commit
fefe3a088d
|
@ -0,0 +1,32 @@
|
|||
# 7ev3n - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [7ev3n](https://vuldb.com/?actor.7ev3n). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.7ev3n](https://vuldb.com/?actor.7ev3n)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of 7ev3n.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [104.16.54.3](https://vuldb.com/?ip.104.16.54.3) | - | - | High
|
||||
2 | [104.16.55.3](https://vuldb.com/?ip.104.16.55.3) | - | - | High
|
||||
3 | [212.56.214.153](https://vuldb.com/?ip.212.56.214.153) | static.212.56.214.153.mldnet.com | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -44,11 +44,11 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/anony/mjpg.cgi` | High
|
||||
2 | File | `/product_list.php` | High
|
||||
3 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
|
||||
2 | File | `/mgmt/tm/util/bash` | High
|
||||
3 | File | `/product_list.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 16 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -79,37 +79,37 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.htpasswd` | Medium
|
||||
2 | File | `/../conf/config.properties` | High
|
||||
3 | File | `/drivers/infiniband/core/cm.c` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/horde/util/go.php` | High
|
||||
6 | File | `/images/` | Medium
|
||||
7 | File | `/inc/parser/xhtml.php` | High
|
||||
8 | File | `/login` | Low
|
||||
9 | File | `/modules/profile/index.php` | High
|
||||
10 | File | `/one_church/userregister.php` | High
|
||||
11 | File | `/out.php` | Medium
|
||||
12 | File | `/public/plugins/` | High
|
||||
13 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
14 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
15 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
16 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
17 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
18 | File | `/system/proxy` | High
|
||||
19 | File | `/tmp/phpglibccheck` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `adclick.php` | Medium
|
||||
22 | File | `add.php` | Low
|
||||
23 | File | `addentry.php` | Medium
|
||||
24 | File | `addressbookprovider.php` | High
|
||||
25 | File | `admin.jcomments.php` | High
|
||||
26 | File | `admin/pageUploadCSV.php` | High
|
||||
27 | File | `ajax_udf.php` | Medium
|
||||
28 | File | `AppCompatCache.exe` | High
|
||||
29 | File | `application.js.php` | High
|
||||
30 | File | `arm/lithium-codegen-arm.cc` | High
|
||||
31 | File | `authenticate.c` | High
|
||||
4 | File | `/files.md5` | Medium
|
||||
5 | File | `/forum/away.php` | High
|
||||
6 | File | `/horde/util/go.php` | High
|
||||
7 | File | `/images/` | Medium
|
||||
8 | File | `/inc/parser/xhtml.php` | High
|
||||
9 | File | `/login` | Low
|
||||
10 | File | `/modules/profile/index.php` | High
|
||||
11 | File | `/one_church/userregister.php` | High
|
||||
12 | File | `/out.php` | Medium
|
||||
13 | File | `/public/plugins/` | High
|
||||
14 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
15 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
16 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
17 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
18 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
19 | File | `/system/proxy` | High
|
||||
20 | File | `/tmp/phpglibccheck` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
23 | File | `adclick.php` | Medium
|
||||
24 | File | `add.php` | Low
|
||||
25 | File | `addentry.php` | Medium
|
||||
26 | File | `addressbookprovider.php` | High
|
||||
27 | File | `admin.jcomments.php` | High
|
||||
28 | File | `admin/pageUploadCSV.php` | High
|
||||
29 | File | `ajax_udf.php` | Medium
|
||||
30 | File | `AppCompatCache.exe` | High
|
||||
31 | File | `application.js.php` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 274 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -14,8 +14,8 @@ The following _campaigns_ are known and can be associated with APT12:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT12:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
@ -46,8 +46,11 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/wp-admin/admin-ajax.php` | High
|
||||
2 | Argument | `repeater` | Medium
|
||||
3 | Network Port | `tcp/264` | Low
|
||||
2 | File | `GponForm/diag_Form` | High
|
||||
3 | Argument | `diag_action=ping` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -61,7 +61,7 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `data/gbconfiguration.dat` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 34 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 38 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -104,10 +104,10 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/category_view.php` | High
|
||||
5 | File | `/file?action=download&file` | High
|
||||
6 | File | `/filemanager/upload.php` | High
|
||||
7 | File | `/medical/inventories.php` | High
|
||||
4 | File | `/file?action=download&file` | High
|
||||
5 | File | `/filemanager/upload.php` | High
|
||||
6 | File | `/medical/inventories.php` | High
|
||||
7 | File | `/mgmt/tm/util/bash` | High
|
||||
8 | File | `/monitoring` | Medium
|
||||
9 | File | `/NAGErrors` | Medium
|
||||
10 | File | `/plugins/servlet/audit/resource` | High
|
||||
|
@ -118,23 +118,23 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/RestAPI` | Medium
|
||||
16 | File | `/tmp` | Low
|
||||
17 | File | `/tmp/speedtest_urls.xml` | High
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/var/log/nginx` | High
|
||||
20 | File | `/wp-admin/admin.php` | High
|
||||
21 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
22 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
23 | File | `admin/app/mediamanager` | High
|
||||
24 | File | `admin\model\catalog\download.php` | High
|
||||
25 | File | `afr.php` | Low
|
||||
26 | File | `apcupsd.pid` | Medium
|
||||
27 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
|
||||
28 | File | `api/sms/send-sms` | High
|
||||
29 | File | `api/v1/alarms` | High
|
||||
30 | File | `application/controller/InstallerController.php` | High
|
||||
31 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
|
||||
18 | File | `/tmp/zarafa-vacation-*` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/upload` | Low
|
||||
21 | File | `/usr/bin/at` | Medium
|
||||
22 | File | `/var/log/nginx` | High
|
||||
23 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
24 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
25 | File | `admin/app/mediamanager` | High
|
||||
26 | File | `admin\model\catalog\download.php` | High
|
||||
27 | File | `afr.php` | Low
|
||||
28 | File | `apcupsd.pid` | Medium
|
||||
29 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
|
||||
30 | File | `api/sms/send-sms` | High
|
||||
31 | File | `api/v1/alarms` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 274 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 271 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -84,38 +84,38 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/admin/user/team` | High
|
||||
7 | File | `/api/upload` | Medium
|
||||
8 | File | `/cgi-bin` | Medium
|
||||
9 | File | `/cgi-bin/kerbynet` | High
|
||||
10 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
11 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
12 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
13 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
14 | File | `/fudforum/adm/hlplist.php` | High
|
||||
15 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
16 | File | `/login` | Low
|
||||
17 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
18 | File | `/monitoring` | Medium
|
||||
19 | File | `/ms/cms/content/list.do` | High
|
||||
20 | File | `/new` | Low
|
||||
21 | File | `/orms/` | Low
|
||||
22 | File | `/plesk-site-preview/` | High
|
||||
23 | File | `/proc/<pid>/status` | High
|
||||
24 | File | `/public/plugins/` | High
|
||||
25 | File | `/rom` | Low
|
||||
26 | File | `/scripts/killpvhost` | High
|
||||
27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
28 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
29 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
30 | File | `/student-grading-system/rms.php?page=grade` | High
|
||||
31 | File | `/tmp` | Low
|
||||
32 | File | `/tmp/redis.ds` | High
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/wp-admin` | Medium
|
||||
35 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
36 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
37 | File | `ABuffer.cpp` | Medium
|
||||
9 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
10 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
13 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
14 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
15 | File | `/login` | Low
|
||||
16 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
17 | File | `/monitoring` | Medium
|
||||
18 | File | `/ms/cms/content/list.do` | High
|
||||
19 | File | `/new` | Low
|
||||
20 | File | `/orms/` | Low
|
||||
21 | File | `/plesk-site-preview/` | High
|
||||
22 | File | `/proc/<pid>/status` | High
|
||||
23 | File | `/public/plugins/` | High
|
||||
24 | File | `/scripts/killpvhost` | High
|
||||
25 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
26 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
27 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
28 | File | `/student-grading-system/rms.php?page=grade` | High
|
||||
29 | File | `/tmp` | Low
|
||||
30 | File | `/tmp/redis.ds` | High
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/wp-admin` | Medium
|
||||
33 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
34 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
35 | File | `ABuffer.cpp` | Medium
|
||||
36 | File | `AccountManagerService.java` | High
|
||||
37 | File | `actions/CompanyDetailsSave.php` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 325 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -46,7 +46,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -65,45 +65,43 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/checkLogin.cgi` | High
|
||||
10 | File | `/cms/print.php` | High
|
||||
11 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
12 | File | `/data/remove` | Medium
|
||||
13 | File | `/etc/passwd` | Medium
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/login` | Low
|
||||
16 | File | `/navigate/navigate_download.php` | High
|
||||
17 | File | `/out.php` | Medium
|
||||
18 | File | `/owa/auth/logon.aspx` | High
|
||||
19 | File | `/p` | Low
|
||||
20 | File | `/password.html` | High
|
||||
21 | File | `/proc/ioports` | High
|
||||
22 | File | `/property-list/property_view.php` | High
|
||||
23 | File | `/ptms/classes/Users.php` | High
|
||||
24 | File | `/rest` | Low
|
||||
25 | File | `/rest/api/2/search` | High
|
||||
26 | File | `/s/` | Low
|
||||
27 | File | `/scripts/cpan_config` | High
|
||||
28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
29 | File | `/services/system/setup.json` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/webconsole/APIController` | High
|
||||
32 | File | `/websocket/exec` | High
|
||||
33 | File | `/wp-admin/admin-ajax.php` | High
|
||||
34 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
35 | File | `/_next` | Low
|
||||
36 | File | `4.edu.php\conn\function.php` | High
|
||||
37 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
38 | File | `adclick.php` | Medium
|
||||
39 | File | `addentry.php` | Medium
|
||||
40 | File | `addressbook.php` | High
|
||||
41 | File | `add_comment.php` | High
|
||||
42 | File | `admin/category.inc.php` | High
|
||||
43 | File | `admin/conf_users_edit.php` | High
|
||||
44 | File | `admin/dl_sendmail.php` | High
|
||||
45 | File | `admin/index.php` | High
|
||||
46 | File | `admin/languages.php` | High
|
||||
47 | File | `admin/password_forgotten.php` | High
|
||||
48 | ... | ... | ...
|
||||
12 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
13 | File | `/data/remove` | Medium
|
||||
14 | File | `/etc/passwd` | Medium
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/goforms/rlminfo` | High
|
||||
17 | File | `/login` | Low
|
||||
18 | File | `/navigate/navigate_download.php` | High
|
||||
19 | File | `/out.php` | Medium
|
||||
20 | File | `/owa/auth/logon.aspx` | High
|
||||
21 | File | `/p` | Low
|
||||
22 | File | `/password.html` | High
|
||||
23 | File | `/proc/ioports` | High
|
||||
24 | File | `/property-list/property_view.php` | High
|
||||
25 | File | `/ptms/classes/Users.php` | High
|
||||
26 | File | `/rest` | Low
|
||||
27 | File | `/rest/api/2/search` | High
|
||||
28 | File | `/s/` | Low
|
||||
29 | File | `/scripts/cpan_config` | High
|
||||
30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
31 | File | `/services/system/setup.json` | High
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/vloggers_merch/?p=view_product` | High
|
||||
34 | File | `/webconsole/APIController` | High
|
||||
35 | File | `/websocket/exec` | High
|
||||
36 | File | `/wp-admin/admin-ajax.php` | High
|
||||
37 | File | `/wp-json` | Medium
|
||||
38 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
39 | File | `/_next` | Low
|
||||
40 | File | `4.edu.php\conn\function.php` | High
|
||||
41 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
42 | File | `adclick.php` | Medium
|
||||
43 | File | `addentry.php` | Medium
|
||||
44 | File | `add_comment.php` | High
|
||||
45 | File | `admin/category.inc.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 417 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 400 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -63,31 +63,32 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/cgiServer.exx` | High
|
||||
2 | File | `/cgi-bin/login_action.cgi` | High
|
||||
3 | File | `/cgi-bin/nobody/Search.cgi` | High
|
||||
4 | File | `/cgi-bin/webviewer_login_page` | High
|
||||
5 | File | `/dev/sg0` | Medium
|
||||
6 | File | `/event/runquery.do` | High
|
||||
7 | File | `/filemanager/php/connector.php` | High
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/goform/setmac` | High
|
||||
10 | File | `/log_download.cgi` | High
|
||||
11 | File | `/manager?action=getlogcat` | High
|
||||
12 | File | `/pages/systemcall.php?command={COMMAND}` | High
|
||||
13 | File | `/password.html` | High
|
||||
14 | File | `/system/ws/v11/ss/email` | High
|
||||
15 | File | `/uncpath/` | Medium
|
||||
16 | File | `add_vhost.php` | High
|
||||
17 | File | `admin/images.aspx` | High
|
||||
18 | File | `admin/index.php` | High
|
||||
19 | File | `adv2.php?action=modify` | High
|
||||
20 | File | `agent.cfg` | Medium
|
||||
21 | File | `arch/x86/include/asm/fpu/internal.h` | High
|
||||
22 | File | `asm/float.c` | Medium
|
||||
23 | ... | ... | ...
|
||||
1 | File | `/admin/` | Low
|
||||
2 | File | `/cgi-bin/cgiServer.exx` | High
|
||||
3 | File | `/cgi-bin/login_action.cgi` | High
|
||||
4 | File | `/cgi-bin/nobody/Search.cgi` | High
|
||||
5 | File | `/cgi-bin/webviewer_login_page` | High
|
||||
6 | File | `/dev/sg0` | Medium
|
||||
7 | File | `/event/runquery.do` | High
|
||||
8 | File | `/filemanager/php/connector.php` | High
|
||||
9 | File | `/forum/away.php` | High
|
||||
10 | File | `/goform/setmac` | High
|
||||
11 | File | `/log_download.cgi` | High
|
||||
12 | File | `/manager?action=getlogcat` | High
|
||||
13 | File | `/mgmt/tm/util/bash` | High
|
||||
14 | File | `/pages/systemcall.php?command={COMMAND}` | High
|
||||
15 | File | `/password.html` | High
|
||||
16 | File | `/system/ws/v11/ss/email` | High
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `add_vhost.php` | High
|
||||
19 | File | `admin/images.aspx` | High
|
||||
20 | File | `admin/index.php` | High
|
||||
21 | File | `adv2.php?action=modify` | High
|
||||
22 | File | `agent.cfg` | Medium
|
||||
23 | File | `arch/x86/include/asm/fpu/internal.h` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 194 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 197 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -16,12 +16,12 @@ The following _campaigns_ are known and can be associated with APT33:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
|
||||
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -54,12 +54,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -67,39 +67,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/admin.php/admin/art/data.html` | High
|
||||
1 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
2 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
||||
3 | File | `/admin/goods/update` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/admin/posts.php` | High
|
||||
6 | File | `/admin/uesrs.php&action=type&userrole=User` | High
|
||||
4 | File | `/admin/posts.php` | High
|
||||
5 | File | `/admin/uesrs.php&action=type&userrole=User` | High
|
||||
6 | File | `/admin/weixin.php` | High
|
||||
7 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
8 | File | `/api/appInternals/1.0/agent/configuration&` | High
|
||||
9 | File | `/api/appInternals/1.0/agent/diagnostic/logs` | High
|
||||
10 | File | `/api/fetch` | Medium
|
||||
11 | File | `/api/user/{ID}` | High
|
||||
12 | File | `/audit/log/log_management.php` | High
|
||||
13 | File | `/blog/blog.php` | High
|
||||
14 | File | `/cloud_config/router_post/register` | High
|
||||
15 | File | `/cmd?cmd=connect` | High
|
||||
16 | File | `/config/list` | Medium
|
||||
17 | File | `/customer_register.php` | High
|
||||
18 | File | `/cwms/admin/?page=articles/view_article/` | High
|
||||
19 | File | `/etc/master.passwd` | High
|
||||
20 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
21 | File | `/hocms/classes/Master.php?f=delete_phase` | High
|
||||
22 | File | `/i/:data/ipa.plist` | High
|
||||
23 | File | `/index.php?page=reserve` | High
|
||||
24 | File | `/ManageRoute/postRoute` | High
|
||||
25 | File | `/module/api.php?mobile/webNasIPS` | High
|
||||
26 | File | `/modules/eligibility/Student.php` | High
|
||||
27 | File | `/plesk-site-preview/` | High
|
||||
28 | File | `/public_html/apply_vacancy` | High
|
||||
29 | File | `/purchase_order/classes/Master.php?f=delete_item` | High
|
||||
30 | File | `/reps/classes/Users.php?f=delete_agent` | High
|
||||
31 | ... | ... | ...
|
||||
8 | File | `/blog/blog.php` | High
|
||||
9 | File | `/cgi-bin/login.cgi` | High
|
||||
10 | File | `/cmd?cmd=connect` | High
|
||||
11 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
12 | File | `/cms/classes/Master.php?f=delete_invoice` | High
|
||||
13 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
14 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
15 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
16 | File | `/etc/networkd-dispatcher` | High
|
||||
17 | File | `/goform/form2Dhcpip` | High
|
||||
18 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
19 | File | `/hocms/classes/Master.php?f=delete_phase` | High
|
||||
20 | File | `/includes/login.php` | High
|
||||
21 | File | `/module/api.php?mobile/webNasIPS` | High
|
||||
22 | File | `/modules/eligibility/Student.php` | High
|
||||
23 | File | `/mtms/classes/Users.php?f=delete` | High
|
||||
24 | File | `/plesk-site-preview/` | High
|
||||
25 | File | `/purchase_order/classes/Master.php?f=delete_item` | High
|
||||
26 | File | `/reps/classes/Users.php?f=delete_agent` | High
|
||||
27 | File | `/resources//../` | High
|
||||
28 | File | `/role/saveOrUpdateRole.do` | High
|
||||
29 | File | `/sec/content/sec_asa_users_local_db_add.html` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 266 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -67,29 +67,28 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/includes/rrdtool.inc.php` | High
|
||||
8 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
9 | File | `/medical/inventories.php` | High
|
||||
10 | File | `/monitoring` | Medium
|
||||
11 | File | `/plugins/servlet/audit/resource` | High
|
||||
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
13 | File | `/replication` | Medium
|
||||
14 | File | `/RestAPI` | Medium
|
||||
15 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
16 | File | `/scas/admin/` | Medium
|
||||
17 | File | `/tmp/speedtest_urls.xml` | High
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/var/log/nginx` | High
|
||||
20 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
21 | File | `actions.hsp` | Medium
|
||||
22 | File | `addentry.php` | Medium
|
||||
23 | File | `add_edit_user.asp` | High
|
||||
24 | File | `add_to_cart.php` | High
|
||||
25 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
26 | File | `admin/config/confmgr.php` | High
|
||||
27 | File | `admin/system_manage/save.html` | High
|
||||
28 | File | `ajax.php` | Medium
|
||||
29 | File | `apcupsd.pid` | Medium
|
||||
30 | ... | ... | ...
|
||||
10 | File | `/mgmt/tm/util/bash` | High
|
||||
11 | File | `/monitoring` | Medium
|
||||
12 | File | `/plugins/servlet/audit/resource` | High
|
||||
13 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
14 | File | `/replication` | Medium
|
||||
15 | File | `/RestAPI` | Medium
|
||||
16 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
17 | File | `/scas/admin/` | Medium
|
||||
18 | File | `/tmp/speedtest_urls.xml` | High
|
||||
19 | File | `/tmp/zarafa-vacation-*` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/upload` | Low
|
||||
22 | File | `/var/log/nginx` | High
|
||||
23 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
24 | File | `actions.hsp` | Medium
|
||||
25 | File | `addentry.php` | Medium
|
||||
26 | File | `add_to_cart.php` | High
|
||||
27 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
28 | File | `admin/config/confmgr.php` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 256 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 246 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -89,9 +89,10 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `clwarn.cgi` | Medium
|
||||
25 | File | `coders/dcm.c` | Medium
|
||||
26 | File | `comment_add.asp` | High
|
||||
27 | ... | ... | ...
|
||||
27 | File | `content.php` | Medium
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 231 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 234 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -63,7 +63,7 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/uncpath/` | Medium
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 62 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 63 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -88,35 +88,36 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/lists/admin/` | High
|
||||
13 | File | `/login.cgi?logout=1` | High
|
||||
14 | File | `/medical/inventories.php` | High
|
||||
15 | File | `/module/admin_logs` | High
|
||||
16 | File | `/nova/bin/console` | High
|
||||
17 | File | `/public/login.htm` | High
|
||||
18 | File | `/public/plugins/` | High
|
||||
19 | File | `/replication` | Medium
|
||||
20 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
21 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
23 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
24 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
25 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
26 | File | `/start-stop` | Medium
|
||||
27 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
28 | File | `/tmp/app/.env` | High
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/upload` | Low
|
||||
31 | File | `/usr/bin/pkexec` | High
|
||||
32 | File | `/WEB-INF/web.xml` | High
|
||||
33 | File | `/wp-admin/admin-ajax.php` | High
|
||||
34 | File | `/_next` | Low
|
||||
35 | File | `adclick.php` | Medium
|
||||
36 | File | `addentry.php` | Medium
|
||||
37 | File | `addrating.php` | High
|
||||
38 | File | `admin.php` | Medium
|
||||
39 | File | `admin.php/comments/batchdel/` | High
|
||||
40 | File | `admin/conf_users_edit.php` | High
|
||||
41 | ... | ... | ...
|
||||
15 | File | `/mgmt/tm/util/bash` | High
|
||||
16 | File | `/module/admin_logs` | High
|
||||
17 | File | `/nova/bin/console` | High
|
||||
18 | File | `/public/login.htm` | High
|
||||
19 | File | `/public/plugins/` | High
|
||||
20 | File | `/replication` | Medium
|
||||
21 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
22 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
23 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
24 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
25 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
26 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
27 | File | `/start-stop` | Medium
|
||||
28 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
29 | File | `/tmp/app/.env` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/upload` | Low
|
||||
32 | File | `/usr/bin/pkexec` | High
|
||||
33 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
34 | File | `/WEB-INF/web.xml` | High
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `/_next` | Low
|
||||
37 | File | `adclick.php` | Medium
|
||||
38 | File | `addentry.php` | Medium
|
||||
39 | File | `addrating.php` | High
|
||||
40 | File | `admin.php` | Medium
|
||||
41 | File | `admin.php/comments/batchdel/` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 354 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 365 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -65,44 +65,44 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/admin/user/manage` | High
|
||||
5 | File | `/anony/mjpg.cgi` | High
|
||||
6 | File | `/artist-display.php` | High
|
||||
7 | File | `/customer_demo/index2.html` | High
|
||||
8 | File | `/file?action=download&file` | High
|
||||
9 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
10 | File | `/html/includes/graphs/port/mac_acc_total.inc.php` | High
|
||||
11 | File | `/install/index.php` | High
|
||||
12 | File | `/layout/class.xblogcomment.php` | High
|
||||
13 | File | `/LEPTON_stable_2.2.2/upload/admins/admintools/tool.php` | High
|
||||
14 | File | `/manager/jsp/test.jsp` | High
|
||||
15 | File | `/medical/inventories.php` | High
|
||||
16 | File | `/monitoring` | Medium
|
||||
17 | File | `/plugins/servlet/audit/resource` | High
|
||||
18 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
19 | File | `/public/login.htm` | High
|
||||
20 | File | `/replication` | Medium
|
||||
21 | File | `/RestAPI` | Medium
|
||||
22 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
23 | File | `/tmp/speedtest_urls.xml` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/usr/bin/at` | Medium
|
||||
26 | File | `/var/log/nginx` | High
|
||||
27 | File | `/_vti_pvt/access.cnf` | High
|
||||
28 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
29 | File | `admin/e_mesaj_yaz.asp` | High
|
||||
30 | File | `admin/profile.php` | High
|
||||
31 | File | `admin/salesadmin.php` | High
|
||||
32 | File | `admin/systemWebAdminConfig.do` | High
|
||||
33 | File | `admin11.cgi` | Medium
|
||||
34 | File | `admincp/auth/checklogin.php` | High
|
||||
35 | File | `agenda2.php3` | Medium
|
||||
36 | File | `ajax-actions.php` | High
|
||||
37 | File | `ajax/deletePage.php` | High
|
||||
38 | File | `ajouter_tva.php` | High
|
||||
4 | File | `/anony/mjpg.cgi` | High
|
||||
5 | File | `/customer_demo/index2.html` | High
|
||||
6 | File | `/file?action=download&file` | High
|
||||
7 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
8 | File | `/html/includes/graphs/port/mac_acc_total.inc.php` | High
|
||||
9 | File | `/layout/class.xblogcomment.php` | High
|
||||
10 | File | `/LEPTON_stable_2.2.2/upload/admins/admintools/tool.php` | High
|
||||
11 | File | `/manager/jsp/test.jsp` | High
|
||||
12 | File | `/medical/inventories.php` | High
|
||||
13 | File | `/monitoring` | Medium
|
||||
14 | File | `/plugins/servlet/audit/resource` | High
|
||||
15 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
16 | File | `/public/login.htm` | High
|
||||
17 | File | `/replication` | Medium
|
||||
18 | File | `/RestAPI` | Medium
|
||||
19 | File | `/tmp/speedtest_urls.xml` | High
|
||||
20 | File | `/tmp/zarafa-vacation-*` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/upload` | Low
|
||||
23 | File | `/usr/bin/at` | Medium
|
||||
24 | File | `/var/log/nginx` | High
|
||||
25 | File | `/_vti_pvt/access.cnf` | High
|
||||
26 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
27 | File | `admin/e_mesaj_yaz.asp` | High
|
||||
28 | File | `admin/profile.php` | High
|
||||
29 | File | `admin/salesadmin.php` | High
|
||||
30 | File | `admin/systemWebAdminConfig.do` | High
|
||||
31 | File | `admin11.cgi` | Medium
|
||||
32 | File | `admincp/auth/checklogin.php` | High
|
||||
33 | File | `agenda2.php3` | Medium
|
||||
34 | File | `ajax-actions.php` | High
|
||||
35 | File | `ajax/deletePage.php` | High
|
||||
36 | File | `ajouter_tva.php` | High
|
||||
37 | File | `apcupsd.pid` | Medium
|
||||
38 | File | `api/sms/send-sms` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 339 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 337 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -28,11 +28,14 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [31.3.251.197](https://vuldb.com/?ip.31.3.251.197) | h31-3-251-197.host.redstation.co.uk | - | High
|
||||
2 | [69.174.99.181](https://vuldb.com/?ip.69.174.99.181) | unassigned.quadranet.com | Phishing Korea | High
|
||||
3 | [103.147.185.68](https://vuldb.com/?ip.103.147.185.68) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
2 | [45.142.215.180](https://vuldb.com/?ip.45.142.215.180) | connectoms.host | - | High
|
||||
3 | [45.156.25.78](https://vuldb.com/?ip.45.156.25.78) | - | - | High
|
||||
4 | [51.68.128.171](https://vuldb.com/?ip.51.68.128.171) | ip171.ip-51-68-128.eu | - | High
|
||||
5 | [51.89.183.99](https://vuldb.com/?ip.51.89.183.99) | 90.eri1.ovh.abcd.network | - | High
|
||||
6 | [62.182.156.179](https://vuldb.com/?ip.62.182.156.179) | - | - | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
There are 25 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -57,56 +60,58 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/api/addusers` | High
|
||||
3 | File | `/cgi-bin/wapopen` | High
|
||||
4 | File | `/etc/ajenti/config.yml` | High
|
||||
5 | File | `/goform/telnet` | High
|
||||
6 | File | `/include/chart_generator.php` | High
|
||||
7 | File | `/modules/profile/index.php` | High
|
||||
8 | File | `/public/login.htm` | High
|
||||
9 | File | `/rom-0` | Low
|
||||
10 | File | `/tmp/phpglibccheck` | High
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
|
||||
13 | File | `/var/log/nginx` | High
|
||||
14 | File | `/var/tmp/sess_*` | High
|
||||
15 | File | `action.php` | Medium
|
||||
16 | File | `actionphp/download.File.php` | High
|
||||
17 | File | `add_comment.php` | High
|
||||
18 | File | `admin.a6mambocredits.php` | High
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | File | `admin/admin.php` | High
|
||||
21 | File | `admin/content.php` | High
|
||||
22 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
23 | File | `admin/memberviewdetails.php` | High
|
||||
24 | File | `admin/sitesettings.php` | High
|
||||
25 | File | `affich.php` | Medium
|
||||
26 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
27 | File | `akeyActivationLogin.do` | High
|
||||
28 | File | `album_portal.php` | High
|
||||
29 | File | `apache-auth.conf` | High
|
||||
30 | File | `askapache-firefox-adsense.php` | High
|
||||
31 | File | `attachment.cgi` | High
|
||||
32 | File | `blueprints/sections/edit/1` | High
|
||||
33 | File | `books.php` | Medium
|
||||
34 | File | `cart_add.php` | Medium
|
||||
35 | File | `category.cfm` | Medium
|
||||
36 | File | `CFS.c` | Low
|
||||
37 | File | `cgi-bin/gnudip.cgi` | High
|
||||
38 | File | `checktransferstatus.php` | High
|
||||
39 | File | `checkuser.php` | High
|
||||
40 | File | `class.SystemAction.php` | High
|
||||
41 | File | `clientarea.php` | High
|
||||
42 | File | `cmdmon.c` | Medium
|
||||
43 | File | `collectivite.class.php` | High
|
||||
44 | File | `confirm.php` | Medium
|
||||
45 | File | `contact` | Low
|
||||
46 | File | `control.c` | Medium
|
||||
5 | File | `/etc/sudoers` | Medium
|
||||
6 | File | `/goform/telnet` | High
|
||||
7 | File | `/include/chart_generator.php` | High
|
||||
8 | File | `/modules/profile/index.php` | High
|
||||
9 | File | `/public/launchNewWindow.jsp` | High
|
||||
10 | File | `/public/login.htm` | High
|
||||
11 | File | `/rom-0` | Low
|
||||
12 | File | `/tmp/phpglibccheck` | High
|
||||
13 | File | `/uncpath/` | Medium
|
||||
14 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
|
||||
15 | File | `/var/log/nginx` | High
|
||||
16 | File | `/var/tmp/sess_*` | High
|
||||
17 | File | `action.php` | Medium
|
||||
18 | File | `actionphp/download.File.php` | High
|
||||
19 | File | `add_comment.php` | High
|
||||
20 | File | `admin.a6mambocredits.php` | High
|
||||
21 | File | `admin.php` | Medium
|
||||
22 | File | `admin/admin.php` | High
|
||||
23 | File | `admin/content.php` | High
|
||||
24 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
25 | File | `admin/memberviewdetails.php` | High
|
||||
26 | File | `admin/sitesettings.php` | High
|
||||
27 | File | `affich.php` | Medium
|
||||
28 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
29 | File | `akeyActivationLogin.do` | High
|
||||
30 | File | `album_portal.php` | High
|
||||
31 | File | `apache-auth.conf` | High
|
||||
32 | File | `askapache-firefox-adsense.php` | High
|
||||
33 | File | `assets/add/category.php` | High
|
||||
34 | File | `attachment.cgi` | High
|
||||
35 | File | `blueprints/sections/edit/1` | High
|
||||
36 | File | `books.php` | Medium
|
||||
37 | File | `btif_hd.cc` | Medium
|
||||
38 | File | `cart_add.php` | Medium
|
||||
39 | File | `cat.php` | Low
|
||||
40 | File | `category.cfm` | Medium
|
||||
41 | File | `CFS.c` | Low
|
||||
42 | File | `checktransferstatus.php` | High
|
||||
43 | File | `class.SystemAction.php` | High
|
||||
44 | File | `clientarea.php` | High
|
||||
45 | File | `collectivite.class.php` | High
|
||||
46 | File | `contact` | Low
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 405 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 409 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://asec.ahnlab.com/en/31083/
|
||||
* https://blog.talosintelligence.com/2020/07/threat-roundup-0724-0731.html
|
||||
* https://blogs.blackberry.com/en/2020/04/threat-spotlight-secret-agent-tesla
|
||||
* https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/AgentTesla/IOCs
|
||||
* https://services.global.ntt/en-us/insights/blog/discovering-a-new-agent-tesla-malware-sample
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -61,46 +61,46 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/checkLogin.cgi` | High
|
||||
11 | File | `/cms/print.php` | High
|
||||
12 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
13 | File | `/data/remove` | Medium
|
||||
14 | File | `/DbXmlInfo.xml` | High
|
||||
15 | File | `/download` | Medium
|
||||
16 | File | `/etc/passwd` | Medium
|
||||
17 | File | `/login` | Low
|
||||
18 | File | `/navigate/navigate_download.php` | High
|
||||
19 | File | `/out.php` | Medium
|
||||
20 | File | `/owa/auth/logon.aspx` | High
|
||||
21 | File | `/p` | Low
|
||||
22 | File | `/password.html` | High
|
||||
23 | File | `/proc/ioports` | High
|
||||
24 | File | `/property-list/property_view.php` | High
|
||||
25 | File | `/ptms/classes/Users.php` | High
|
||||
26 | File | `/rest` | Low
|
||||
27 | File | `/rest/api/2/search` | High
|
||||
28 | File | `/s/` | Low
|
||||
29 | File | `/scripts/cpan_config` | High
|
||||
30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
31 | File | `/services/system/setup.json` | High
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/webconsole/APIController` | High
|
||||
34 | File | `/websocket/exec` | High
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
37 | File | `/_next` | Low
|
||||
38 | File | `4.edu.php\conn\function.php` | High
|
||||
39 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `addentry.php` | Medium
|
||||
42 | File | `add_comment.php` | High
|
||||
43 | File | `admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser` | High
|
||||
44 | File | `admin/category.inc.php` | High
|
||||
45 | File | `admin/conf_users_edit.php` | High
|
||||
46 | File | `admin/dl_sendmail.php` | High
|
||||
47 | File | `admin/google_search_console/class-gsc-table.php` | High
|
||||
48 | File | `admin/index.php` | High
|
||||
49 | File | `admin/password_forgotten.php` | High
|
||||
13 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
14 | File | `/data/remove` | Medium
|
||||
15 | File | `/DbXmlInfo.xml` | High
|
||||
16 | File | `/download` | Medium
|
||||
17 | File | `/etc/passwd` | Medium
|
||||
18 | File | `/login` | Low
|
||||
19 | File | `/navigate/navigate_download.php` | High
|
||||
20 | File | `/out.php` | Medium
|
||||
21 | File | `/owa/auth/logon.aspx` | High
|
||||
22 | File | `/p` | Low
|
||||
23 | File | `/password.html` | High
|
||||
24 | File | `/proc/ioports` | High
|
||||
25 | File | `/property-list/property_view.php` | High
|
||||
26 | File | `/ptms/classes/Users.php` | High
|
||||
27 | File | `/rest` | Low
|
||||
28 | File | `/rest/api/2/search` | High
|
||||
29 | File | `/s/` | Low
|
||||
30 | File | `/scripts/cpan_config` | High
|
||||
31 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
32 | File | `/services/system/setup.json` | High
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/webconsole/APIController` | High
|
||||
35 | File | `/websocket/exec` | High
|
||||
36 | File | `/wp-admin/admin-ajax.php` | High
|
||||
37 | File | `/wp-json` | Medium
|
||||
38 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
39 | File | `/_next` | Low
|
||||
40 | File | `4.edu.php\conn\function.php` | High
|
||||
41 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
42 | File | `adclick.php` | Medium
|
||||
43 | File | `addentry.php` | Medium
|
||||
44 | File | `admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser` | High
|
||||
45 | File | `admin/category.inc.php` | High
|
||||
46 | File | `admin/conf_users_edit.php` | High
|
||||
47 | File | `admin/dl_sendmail.php` | High
|
||||
48 | File | `admin/google_search_console/class-gsc-table.php` | High
|
||||
49 | File | `admin/index.php` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 436 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 432 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
# AmmyyRAT - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AmmyyRAT](https://vuldb.com/?actor.ammyyrat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ammyyrat](https://vuldb.com/?actor.ammyyrat)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AmmyyRAT:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AmmyyRAT.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.99.133.83](https://vuldb.com/?ip.185.99.133.83) | rns.nz.zappiehost.com | - | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AmmyyRAT. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
2 | File | `FileDownload.jsp` | High
|
||||
3 | Argument | `FILENAME` | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.morphisec.com/morphisec-uncovers-pied-piper-campaign
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -14,9 +14,9 @@ The following _campaigns_ are known and can be associated with Amnesia:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Amnesia:
|
||||
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IN](https://vuldb.com/?country.in)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
@ -35,7 +35,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,7 +49,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/public/login.htm` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 3 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 5 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -30,8 +31,9 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | Library | `FARFLT.SYS` | Medium
|
||||
2 | Argument | `wan_dyn_hostname` | High
|
||||
1 | File | `Illuminate\Broadcasting\PendingBroadcast.php` | High
|
||||
2 | Library | `FARFLT.SYS` | Medium
|
||||
3 | Argument | `wan_dyn_hostname` | High
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,83 @@
|
|||
# AveMaria - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AveMaria](https://vuldb.com/?actor.avemaria). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.avemaria](https://vuldb.com/?actor.avemaria)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AveMaria:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IO](https://vuldb.com/?country.io)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AveMaria.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.2.68.67](https://vuldb.com/?ip.5.2.68.67) | - | - | High
|
||||
2 | [185.140.53.174](https://vuldb.com/?ip.185.140.53.174) | - | - | High
|
||||
3 | [185.183.98.169](https://vuldb.com/?ip.185.183.98.169) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AveMaria_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AveMaria. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/syslog` | High
|
||||
2 | File | `/anony/mjpg.cgi` | High
|
||||
3 | File | `/etc/shadow` | Medium
|
||||
4 | File | `/plain` | Low
|
||||
5 | File | `/public/login.htm` | High
|
||||
6 | File | `/service/upload` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | File | `/upload/catalog/controller/account/password.php` | High
|
||||
9 | File | `admin/admin_users.php` | High
|
||||
10 | File | `admin/pageEditGroup.php` | High
|
||||
11 | File | `admin/record_company.php` | High
|
||||
12 | File | `admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list` | High
|
||||
13 | File | `api/account/register` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 111 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://asec.ahnlab.com/en/34102/
|
||||
* https://blog.morphisec.com/threat-alert-ave-maria-infostealer-on-the-rise-with-new-stealthier-delivery
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Azorult:
|
||||
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,8 +21,14 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [149.129.216.194](https://vuldb.com/?ip.149.129.216.194) | - | - | High
|
||||
2 | [209.141.59.124](https://vuldb.com/?ip.209.141.59.124) | buyvm.mpipalia.com | - | High
|
||||
1 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
2 | [23.106.124.148](https://vuldb.com/?ip.23.106.124.148) | - | - | High
|
||||
3 | [37.140.192.153](https://vuldb.com/?ip.37.140.192.153) | scp59.hosting.reg.ru | - | High
|
||||
4 | [37.140.192.166](https://vuldb.com/?ip.37.140.192.166) | scp46.hosting.reg.ru | - | High
|
||||
5 | [45.76.18.39](https://vuldb.com/?ip.45.76.18.39) | 45.76.18.39.vultrusercontent.com | - | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -30,12 +36,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1222 | CWE-275 | Permission Issues | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -43,17 +49,29 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
2 | File | `components/bitrix/mobileapp.list/ajax.php/` | High
|
||||
3 | File | `hbs` | Low
|
||||
4 | ... | ... | ...
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/administration/theme.php` | High
|
||||
3 | File | `/BindAccount/SuccessTips.js` | High
|
||||
4 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
5 | File | `/login.html` | Medium
|
||||
6 | File | `/medical/inventories.php` | High
|
||||
7 | File | `/pages.php` | Medium
|
||||
8 | File | `/uncpath/` | Medium
|
||||
9 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
10 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
11 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
|
||||
12 | File | `abm.aspx` | Medium
|
||||
13 | File | `actions/ChangeConfiguration.html` | High
|
||||
14 | File | `adclick.php` | Medium
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 10 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 116 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2020/01/threat-roundup-0117-0124.html
|
||||
* https://isc.sans.edu/forums/diary/More+malspam+pushing+passwordprotected+Word+docs+for+AZORult+and+Hermes+Ransomware/23992/
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -45,12 +45,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -58,45 +58,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php/Plugins/update.html` | High
|
||||
2 | File | `/admin.php?id=posts&action=display&value=1&postid=` | High
|
||||
3 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
|
||||
4 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
|
||||
5 | File | `/admin.php?r=admin/AdminBackup/del` | High
|
||||
6 | File | `/admin/edit.php` | High
|
||||
7 | File | `/admin/inbox.php&action=delete` | High
|
||||
8 | File | `/admin/inbox.php&action=read` | High
|
||||
9 | File | `/admin/index.php?mode=content&page=media&action=edit` | High
|
||||
10 | File | `/admin/pagerole.php&action=edit` | High
|
||||
11 | File | `/admin/posts.php` | High
|
||||
12 | File | `/admin/posts.php&action=delete` | High
|
||||
13 | File | `/admin/posts.php&action=edit` | High
|
||||
14 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
15 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
|
||||
16 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
||||
17 | File | `/admin/uesrs.php&action=display&value=Hide` | High
|
||||
18 | File | `/admin/uesrs.php&action=display&value=Show` | High
|
||||
19 | File | `/admin/uesrs.php&action=type&userrole=User` | High
|
||||
20 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
21 | File | `/agenttrayicon` | High
|
||||
22 | File | `/api/students/me/messages/` | High
|
||||
23 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
24 | File | `/aqpg/users/login.php` | High
|
||||
25 | File | `/blog/blog.php` | High
|
||||
26 | File | `/category.php` | High
|
||||
27 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
28 | File | `/cdsms/classes/Master.php?f=delete_package` | High
|
||||
29 | File | `/cgi-bin/main.cgi` | High
|
||||
30 | File | `/cmd?cmd=connect` | High
|
||||
31 | File | `/customer_register.php` | High
|
||||
32 | File | `/cwms/admin/?page=articles/view_article/` | High
|
||||
33 | File | `/cwms/classes/Master.php?f=save_contact` | High
|
||||
34 | File | `/demo/module/?module=HERE` | High
|
||||
35 | File | `/goform/WifiExtraSet` | High
|
||||
36 | File | `/hocms/classes/Master.php?f=delete_collection` | High
|
||||
37 | ... | ... | ...
|
||||
1 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
||||
4 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
5 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
|
||||
6 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
7 | File | `/base/SysEveMenuAuthPointMapper.xml` | High
|
||||
8 | File | `/cgi-bin/activate.cgi` | High
|
||||
9 | File | `/cgi-bin/login.cgi` | High
|
||||
10 | File | `/classes/master.php?f=delete_facility` | High
|
||||
11 | File | `/cms/admin/?page=client/view_client` | High
|
||||
12 | File | `/cms/admin/?page=invoice/manage_invoice` | High
|
||||
13 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
14 | File | `/cms/admin/?page=user/manage_user` | High
|
||||
15 | File | `/cms/classes/Master.php?f=delete_designation` | High
|
||||
16 | File | `/cms/classes/Master.php?f=delete_invoice` | High
|
||||
17 | File | `/cms/classes/Users.php?f=delete` | High
|
||||
18 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
19 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
20 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
21 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
22 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
23 | File | `/ctpms/classes/Master.php?f=delete_application` | High
|
||||
24 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
25 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
26 | File | `/ecrire` | Low
|
||||
27 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
28 | File | `/help/treecontent.jsp` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 249 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -50,9 +50,10 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/index.php` | Medium
|
||||
2 | File | `/uncpath/` | Medium
|
||||
3 | File | `add_comment.php` | High
|
||||
4 | ... | ... | ...
|
||||
4 | File | `data/gbconfiguration.dat` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 25 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -59,44 +59,42 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/clientes/visualizar` | High
|
||||
11 | File | `/cms/print.php` | High
|
||||
12 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
13 | File | `/data/remove` | Medium
|
||||
14 | File | `/etc/passwd` | Medium
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/login` | Low
|
||||
17 | File | `/navigate/navigate_download.php` | High
|
||||
18 | File | `/oputilsServlet` | High
|
||||
19 | File | `/out.php` | Medium
|
||||
20 | File | `/owa/auth/logon.aspx` | High
|
||||
21 | File | `/p` | Low
|
||||
22 | File | `/password.html` | High
|
||||
23 | File | `/proc/ioports` | High
|
||||
24 | File | `/property-list/property_view.php` | High
|
||||
25 | File | `/ptms/classes/Users.php` | High
|
||||
26 | File | `/rest` | Low
|
||||
27 | File | `/rest/api/2/search` | High
|
||||
28 | File | `/s/` | Low
|
||||
29 | File | `/scripts/cpan_config` | High
|
||||
30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
31 | File | `/services/system/setup.json` | High
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/webconsole/APIController` | High
|
||||
34 | File | `/websocket/exec` | High
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
37 | File | `/_next` | Low
|
||||
38 | File | `4.edu.php\conn\function.php` | High
|
||||
39 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `addentry.php` | Medium
|
||||
42 | File | `add_comment.php` | High
|
||||
43 | File | `admin/category.inc.php` | High
|
||||
44 | File | `admin/conf_users_edit.php` | High
|
||||
45 | File | `admin/dl_sendmail.php` | High
|
||||
46 | File | `admin/index.php` | High
|
||||
47 | File | `admin/password_forgotten.php` | High
|
||||
48 | ... | ... | ...
|
||||
13 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
14 | File | `/data/remove` | Medium
|
||||
15 | File | `/etc/passwd` | Medium
|
||||
16 | File | `/goforms/rlminfo` | High
|
||||
17 | File | `/login` | Low
|
||||
18 | File | `/navigate/navigate_download.php` | High
|
||||
19 | File | `/oputilsServlet` | High
|
||||
20 | File | `/out.php` | Medium
|
||||
21 | File | `/owa/auth/logon.aspx` | High
|
||||
22 | File | `/p` | Low
|
||||
23 | File | `/password.html` | High
|
||||
24 | File | `/proc/ioports` | High
|
||||
25 | File | `/property-list/property_view.php` | High
|
||||
26 | File | `/ptms/classes/Users.php` | High
|
||||
27 | File | `/rest` | Low
|
||||
28 | File | `/rest/api/2/search` | High
|
||||
29 | File | `/s/` | Low
|
||||
30 | File | `/scripts/cpan_config` | High
|
||||
31 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
32 | File | `/services/system/setup.json` | High
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/vloggers_merch/?p=view_product` | High
|
||||
35 | File | `/webconsole/APIController` | High
|
||||
36 | File | `/websocket/exec` | High
|
||||
37 | File | `/wp-admin/admin-ajax.php` | High
|
||||
38 | File | `/wp-json` | Medium
|
||||
39 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
40 | File | `/_next` | Low
|
||||
41 | File | `4.edu.php\conn\function.php` | High
|
||||
42 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
43 | File | `adclick.php` | Medium
|
||||
44 | File | `addentry.php` | Medium
|
||||
45 | File | `admin/category.inc.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 417 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 403 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -70,38 +70,35 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin/config.php?display=disa&view=form` | High
|
||||
5 | File | `/category_view.php` | High
|
||||
6 | File | `/dev/kmem` | Medium
|
||||
7 | File | `/dev/shm` | Medium
|
||||
8 | File | `/file?action=download&file` | High
|
||||
9 | File | `/medical/inventories.php` | High
|
||||
10 | File | `/monitoring` | Medium
|
||||
11 | File | `/NAGErrors` | Medium
|
||||
12 | File | `/plugins/servlet/audit/resource` | High
|
||||
13 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
14 | File | `/proc/ioports` | High
|
||||
15 | File | `/replication` | Medium
|
||||
16 | File | `/RestAPI` | Medium
|
||||
17 | File | `/rom-0` | Low
|
||||
18 | File | `/tmp` | Low
|
||||
19 | File | `/tmp/speedtest_urls.xml` | High
|
||||
7 | File | `/file?action=download&file` | High
|
||||
8 | File | `/medical/inventories.php` | High
|
||||
9 | File | `/monitoring` | Medium
|
||||
10 | File | `/NAGErrors` | Medium
|
||||
11 | File | `/plugins/servlet/audit/resource` | High
|
||||
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
13 | File | `/proc/ioports` | High
|
||||
14 | File | `/replication` | Medium
|
||||
15 | File | `/RestAPI` | Medium
|
||||
16 | File | `/rom-0` | Low
|
||||
17 | File | `/tmp` | Low
|
||||
18 | File | `/tmp/speedtest_urls.xml` | High
|
||||
19 | File | `/tmp/zarafa-vacation-*` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/var/log/nginx` | High
|
||||
22 | File | `/wp-admin/admin.php` | High
|
||||
23 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
24 | File | `abook_database.php` | High
|
||||
25 | File | `account.asp` | Medium
|
||||
26 | File | `addentry.php` | Medium
|
||||
27 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
28 | File | `admin/index.php` | High
|
||||
29 | File | `admin/login.php` | High
|
||||
30 | File | `admincp.php?app=files` | High
|
||||
31 | File | `admin\model\catalog\download.php` | High
|
||||
32 | File | `ajax/render/widget_php` | High
|
||||
33 | File | `apcupsd.pid` | Medium
|
||||
34 | File | `api/sms/send-sms` | High
|
||||
35 | File | `api/v1/alarms` | High
|
||||
36 | ... | ... | ...
|
||||
21 | File | `/upload` | Low
|
||||
22 | File | `/var/log/nginx` | High
|
||||
23 | File | `/wp-admin/admin.php` | High
|
||||
24 | File | `addentry.php` | Medium
|
||||
25 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
26 | File | `admin/index.php` | High
|
||||
27 | File | `admin/login.php` | High
|
||||
28 | File | `admin\model\catalog\download.php` | High
|
||||
29 | File | `ajax/render/widget_php` | High
|
||||
30 | File | `apcupsd.pid` | Medium
|
||||
31 | File | `api/sms/send-sms` | High
|
||||
32 | File | `api/v1/alarms` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 305 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 281 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,6 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Barys:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -18,14 +23,19 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
2 | [13.107.22.200](https://vuldb.com/?ip.13.107.22.200) | - | - | High
|
||||
3 | [23.225.145.234](https://vuldb.com/?ip.23.225.145.234) | - | - | High
|
||||
4 | [47.246.136.160](https://vuldb.com/?ip.47.246.136.160) | - | - | High
|
||||
5 | [52.137.90.34](https://vuldb.com/?ip.52.137.90.34) | - | - | High
|
||||
6 | [52.185.71.28](https://vuldb.com/?ip.52.185.71.28) | - | - | High
|
||||
7 | [58.215.145.95](https://vuldb.com/?ip.58.215.145.95) | - | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
3 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
|
||||
4 | [23.6.69.99](https://vuldb.com/?ip.23.6.69.99) | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High
|
||||
5 | [23.225.145.234](https://vuldb.com/?ip.23.225.145.234) | - | - | High
|
||||
6 | [31.170.160.103](https://vuldb.com/?ip.31.170.160.103) | srv39.000webhost.com | - | High
|
||||
7 | [34.232.187.93](https://vuldb.com/?ip.34.232.187.93) | ec2-34-232-187-93.compute-1.amazonaws.com | - | Medium
|
||||
8 | [41.38.1.86](https://vuldb.com/?ip.41.38.1.86) | host-41.38.1.86.tedata.net | - | High
|
||||
9 | [41.239.65.189](https://vuldb.com/?ip.41.239.65.189) | host-41.239.65.189.tedata.net | - | High
|
||||
10 | [47.246.136.160](https://vuldb.com/?ip.47.246.136.160) | - | - | High
|
||||
11 | [52.137.90.34](https://vuldb.com/?ip.52.137.90.34) | - | - | High
|
||||
12 | [52.185.71.28](https://vuldb.com/?ip.52.185.71.28) | - | - | High
|
||||
13 | ... | ... | ... | ...
|
||||
|
||||
There are 30 more IOC items available. Please use our online service to access the data.
|
||||
There are 48 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -62,49 +72,54 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/usr/bin/cu` | Medium
|
||||
15 | File | `/var/crash/vmcore.log` | High
|
||||
16 | File | `aclient.exe` | Medium
|
||||
17 | File | `addadmin.asp` | Medium
|
||||
18 | File | `admin` | Low
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | File | `admin.rssreader.php` | High
|
||||
17 | File | `admin` | Low
|
||||
18 | File | `admin.php` | Medium
|
||||
19 | File | `admin.rssreader.php` | High
|
||||
20 | File | `admin/batch_manager_unit.php` | High
|
||||
21 | File | `admin/configuration/modifier.php` | High
|
||||
22 | File | `admin/skins.php` | High
|
||||
23 | File | `adminconsole` | Medium
|
||||
24 | File | `administrator/mail/download.cfm` | High
|
||||
25 | File | `admin_board.php` | High
|
||||
26 | File | `af_netlink.c` | Medium
|
||||
27 | File | `ajax.php` | Medium
|
||||
28 | File | `ajaxRequest/methodCall.do` | High
|
||||
29 | File | `announcements.php` | High
|
||||
30 | File | `apache2/modsecurity.c` | High
|
||||
31 | File | `apply.cgi` | Medium
|
||||
32 | File | `app_new.php` | Medium
|
||||
33 | File | `aspx` | Low
|
||||
34 | File | `AttachmentsList.aspx` | High
|
||||
35 | File | `Atx45.ocx` | Medium
|
||||
36 | File | `auction_details.php` | High
|
||||
37 | File | `auth.php` | Medium
|
||||
38 | File | `aut_verifica.inc.php` | High
|
||||
39 | File | `awsguest.php` | Medium
|
||||
40 | File | `b2edit.showposts.php` | High
|
||||
41 | File | `backend.php/screen.php/comment.php` | High
|
||||
42 | File | `basicfunctions.php` | High
|
||||
43 | File | `board.cgi` | Medium
|
||||
44 | File | `bug_actiongroup_ext_page.php` | High
|
||||
45 | File | `canned_opr.php` | High
|
||||
46 | File | `cart.cgi` | Medium
|
||||
47 | File | `cat.asp` | Low
|
||||
48 | File | `cddbcontrolaol.cddbaolcontrol` | High
|
||||
49 | File | `channel.asp` | Medium
|
||||
50 | File | `class_auth.php` | High
|
||||
51 | File | `compte.php` | Medium
|
||||
23 | File | `admin/system_manage/save.html` | High
|
||||
24 | File | `admin/system_manage/user_config_add.html` | High
|
||||
25 | File | `adminconsole` | Medium
|
||||
26 | File | `administrator/mail/download.cfm` | High
|
||||
27 | File | `admin_board.php` | High
|
||||
28 | File | `af_netlink.c` | Medium
|
||||
29 | File | `ajax.php` | Medium
|
||||
30 | File | `ajaxRequest/methodCall.do` | High
|
||||
31 | File | `announcements.php` | High
|
||||
32 | File | `apache2/modsecurity.c` | High
|
||||
33 | File | `apply.cgi` | Medium
|
||||
34 | File | `app_new.php` | Medium
|
||||
35 | File | `aspx` | Low
|
||||
36 | File | `AttachmentsList.aspx` | High
|
||||
37 | File | `Atx45.ocx` | Medium
|
||||
38 | File | `auction_details.php` | High
|
||||
39 | File | `auth-gss2.c` | Medium
|
||||
40 | File | `auth.php` | Medium
|
||||
41 | File | `aut_verifica.inc.php` | High
|
||||
42 | File | `awsguest.php` | Medium
|
||||
43 | File | `b2edit.showposts.php` | High
|
||||
44 | File | `backend.php/screen.php/comment.php` | High
|
||||
45 | File | `basicfunctions.php` | High
|
||||
46 | File | `board.cgi` | Medium
|
||||
47 | File | `bug_actiongroup_ext_page.php` | High
|
||||
48 | File | `canned_opr.php` | High
|
||||
49 | File | `cart.cgi` | Medium
|
||||
50 | File | `cat.asp` | Low
|
||||
51 | File | `cddbcontrolaol.cddbaolcontrol` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 456 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html
|
||||
* https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
|
||||
* https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-0925-1002.html
|
||||
* https://blog.talosintelligence.com/2020/12/threat-roundup-1127-1204.html
|
||||
* https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
|
||||
* https://blog.talosintelligence.com/2021/08/threat-roundup-0820-0827.html
|
||||
* https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
|
||||
|
|
|
@ -29,30 +29,34 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.101.57.185](https://vuldb.com/?ip.3.101.57.185) | ec2-3-101-57-185.us-west-1.compute.amazonaws.com | - | Medium
|
||||
2 | [13.225.230.232](https://vuldb.com/?ip.13.225.230.232) | server-13-225-230-232.jfk51.r.cloudfront.net | - | High
|
||||
3 | [13.226.32.216](https://vuldb.com/?ip.13.226.32.216) | server-13-226-32-216.ewr53.r.cloudfront.net | - | High
|
||||
4 | [18.67.60.164](https://vuldb.com/?ip.18.67.60.164) | server-18-67-60-164.iad89.r.cloudfront.net | - | High
|
||||
5 | [23.56.10.219](https://vuldb.com/?ip.23.56.10.219) | a23-56-10-219.deploy.static.akamaitechnologies.com | - | High
|
||||
6 | [23.62.25.178](https://vuldb.com/?ip.23.62.25.178) | a23-62-25-178.deploy.static.akamaitechnologies.com | - | High
|
||||
7 | [23.82.19.173](https://vuldb.com/?ip.23.82.19.173) | - | - | High
|
||||
8 | [23.94.51.80](https://vuldb.com/?ip.23.94.51.80) | 23-94-51-80-host.colocrossing.com | Anchor | High
|
||||
9 | [23.95.238.122](https://vuldb.com/?ip.23.95.238.122) | 23-95-238-122-host.colocrossing.com | - | High
|
||||
10 | [23.106.160.77](https://vuldb.com/?ip.23.106.160.77) | - | - | High
|
||||
11 | [23.106.215.61](https://vuldb.com/?ip.23.106.215.61) | - | - | High
|
||||
12 | [23.106.223.174](https://vuldb.com/?ip.23.106.223.174) | - | - | High
|
||||
13 | [23.152.0.22](https://vuldb.com/?ip.23.152.0.22) | anahiem.net | Diavol | High
|
||||
14 | [23.160.193.217](https://vuldb.com/?ip.23.160.193.217) | unknown.ip-xfer.net | - | High
|
||||
15 | [23.193.217.119](https://vuldb.com/?ip.23.193.217.119) | a23-193-217-119.deploy.static.akamaitechnologies.com | - | High
|
||||
16 | [31.171.251.118](https://vuldb.com/?ip.31.171.251.118) | ch.ns.mon0.li | - | High
|
||||
17 | [31.214.240.203](https://vuldb.com/?ip.31.214.240.203) | - | - | High
|
||||
18 | [34.209.40.84](https://vuldb.com/?ip.34.209.40.84) | ec2-34-209-40-84.us-west-2.compute.amazonaws.com | - | Medium
|
||||
19 | [34.210.71.206](https://vuldb.com/?ip.34.210.71.206) | ec2-34-210-71-206.us-west-2.compute.amazonaws.com | Anchor | Medium
|
||||
20 | [34.221.188.35](https://vuldb.com/?ip.34.221.188.35) | ec2-34-221-188-35.us-west-2.compute.amazonaws.com | - | Medium
|
||||
21 | [34.222.222.126](https://vuldb.com/?ip.34.222.222.126) | ec2-34-222-222-126.us-west-2.compute.amazonaws.com | - | Medium
|
||||
22 | [35.165.197.209](https://vuldb.com/?ip.35.165.197.209) | ec2-35-165-197-209.us-west-2.compute.amazonaws.com | - | Medium
|
||||
23 | ... | ... | ... | ...
|
||||
2 | [5.45.97.127](https://vuldb.com/?ip.5.45.97.127) | v22018107054674935.goodsrv.de | - | High
|
||||
3 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | - | High
|
||||
4 | [13.225.230.232](https://vuldb.com/?ip.13.225.230.232) | server-13-225-230-232.jfk51.r.cloudfront.net | - | High
|
||||
5 | [13.226.32.216](https://vuldb.com/?ip.13.226.32.216) | server-13-226-32-216.ewr53.r.cloudfront.net | - | High
|
||||
6 | [18.67.60.164](https://vuldb.com/?ip.18.67.60.164) | server-18-67-60-164.iad89.r.cloudfront.net | - | High
|
||||
7 | [23.56.10.219](https://vuldb.com/?ip.23.56.10.219) | a23-56-10-219.deploy.static.akamaitechnologies.com | - | High
|
||||
8 | [23.62.25.178](https://vuldb.com/?ip.23.62.25.178) | a23-62-25-178.deploy.static.akamaitechnologies.com | - | High
|
||||
9 | [23.82.19.173](https://vuldb.com/?ip.23.82.19.173) | - | - | High
|
||||
10 | [23.94.51.80](https://vuldb.com/?ip.23.94.51.80) | 23-94-51-80-host.colocrossing.com | Anchor | High
|
||||
11 | [23.95.238.122](https://vuldb.com/?ip.23.95.238.122) | 23-95-238-122-host.colocrossing.com | - | High
|
||||
12 | [23.106.160.77](https://vuldb.com/?ip.23.106.160.77) | - | - | High
|
||||
13 | [23.106.215.61](https://vuldb.com/?ip.23.106.215.61) | - | - | High
|
||||
14 | [23.106.223.174](https://vuldb.com/?ip.23.106.223.174) | - | - | High
|
||||
15 | [23.152.0.22](https://vuldb.com/?ip.23.152.0.22) | anahiem.net | Diavol | High
|
||||
16 | [23.160.193.217](https://vuldb.com/?ip.23.160.193.217) | unknown.ip-xfer.net | - | High
|
||||
17 | [23.193.217.119](https://vuldb.com/?ip.23.193.217.119) | a23-193-217-119.deploy.static.akamaitechnologies.com | - | High
|
||||
18 | [31.171.251.118](https://vuldb.com/?ip.31.171.251.118) | ch.ns.mon0.li | - | High
|
||||
19 | [31.214.240.203](https://vuldb.com/?ip.31.214.240.203) | - | - | High
|
||||
20 | [34.209.40.84](https://vuldb.com/?ip.34.209.40.84) | ec2-34-209-40-84.us-west-2.compute.amazonaws.com | - | Medium
|
||||
21 | [34.210.71.206](https://vuldb.com/?ip.34.210.71.206) | ec2-34-210-71-206.us-west-2.compute.amazonaws.com | Anchor | Medium
|
||||
22 | [34.221.188.35](https://vuldb.com/?ip.34.221.188.35) | ec2-34-221-188-35.us-west-2.compute.amazonaws.com | - | Medium
|
||||
23 | [34.222.222.126](https://vuldb.com/?ip.34.222.222.126) | ec2-34-222-222-126.us-west-2.compute.amazonaws.com | - | Medium
|
||||
24 | [35.165.197.209](https://vuldb.com/?ip.35.165.197.209) | ec2-35-165-197-209.us-west-2.compute.amazonaws.com | - | Medium
|
||||
25 | [40.76.4.15](https://vuldb.com/?ip.40.76.4.15) | - | - | High
|
||||
26 | [40.112.72.205](https://vuldb.com/?ip.40.112.72.205) | - | - | High
|
||||
27 | ... | ... | ... | ...
|
||||
|
||||
There are 88 more IOC items available. Please use our online service to access the data.
|
||||
There are 104 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -89,6 +93,7 @@ There are 66 more IOA items available (file, library, argument, input value, pat
|
|||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2021/01/threat-roundup-0108-0115.html
|
||||
* https://blog.talosintelligence.com/2021/05/threat-roundup-0514-0521.html
|
||||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html
|
||||
* https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.html
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -47,35 +47,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.htaccess` | Medium
|
||||
2 | File | `/admin-panel1.php` | High
|
||||
3 | File | `/admin.php/admin/art/data.html` | High
|
||||
4 | File | `/admin.php/admin/ulog/index.html` | High
|
||||
5 | File | `/admin.php/admin/vod/data.html` | High
|
||||
6 | File | `/admin/login.php` | High
|
||||
7 | File | `/admin/templates/template_manage.php` | High
|
||||
8 | File | `/api/servers` | Medium
|
||||
9 | File | `/api /v3/auth` | High
|
||||
10 | File | `/aya/module/admin/ust_tab_e.inc.php` | High
|
||||
11 | File | `/cgi-bin/uploadAccessCodePic` | High
|
||||
12 | File | `/cloud_config/router_post/check_reset_pwd_verify_code` | High
|
||||
13 | File | `/cloud_config/router_post/upgrade_info` | High
|
||||
14 | File | `/data/sqldata` | High
|
||||
15 | File | `/DataPackageTable` | High
|
||||
16 | File | `/download/` | Medium
|
||||
17 | File | `/etc/passwd` | Medium
|
||||
18 | File | `/factor/avx-ecm/vecarith52.c` | High
|
||||
19 | File | `/goform/delAd` | High
|
||||
20 | File | `/goform/form2Reboot.cgi` | High
|
||||
21 | File | `/goform/SetLanInfo` | High
|
||||
22 | File | `/goform/SetPptpServerCfg` | High
|
||||
23 | File | `/i/:data/ipa.plist` | High
|
||||
24 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
|
||||
25 | File | `/js/js-parser.c` | High
|
||||
26 | File | `/mdiy/dict/listExcludeApp` | High
|
||||
27 | ... | ... | ...
|
||||
1 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
|
||||
2 | File | `/admin.php?r=admin/AdminBackup/del` | High
|
||||
3 | File | `/admin/edit.php` | High
|
||||
4 | File | `/admin/goods/update` | High
|
||||
5 | File | `/admin/inbox.php&action=delete` | High
|
||||
6 | File | `/admin/inbox.php&action=read` | High
|
||||
7 | File | `/admin/pagerole.php&action=edit` | High
|
||||
8 | File | `/admin/posts.php` | High
|
||||
9 | File | `/admin/posts.php&action=delete` | High
|
||||
10 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
11 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
|
||||
12 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
||||
13 | File | `/admin/uesrs.php&action=display&value=Hide` | High
|
||||
14 | File | `/admin/uesrs.php&action=display&value=Show` | High
|
||||
15 | File | `/admin/uesrs.php&action=type&userrole=User` | High
|
||||
16 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
17 | File | `/api/eventinstance` | High
|
||||
18 | File | `/appliance/users?action=edit` | High
|
||||
19 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
20 | File | `/blog/blog.php` | High
|
||||
21 | File | `/cdsms/classes/Master.php?f=delete_package` | High
|
||||
22 | File | `/cmd?cmd=connect` | High
|
||||
23 | File | `/coreframe/app/member/admin/group.php` | High
|
||||
24 | File | `/cwms/admin/?page=articles/view_article/` | High
|
||||
25 | File | `/cwms/classes/Master.php?f=save_contact` | High
|
||||
26 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
|
||||
27 | File | `/etc/zarafa/license` | High
|
||||
28 | File | `/goform/login_process` | High
|
||||
29 | File | `/goform/setpptpservercfg` | High
|
||||
30 | File | `/hocms/classes/Master.php?f=delete_member` | High
|
||||
31 | File | `/hocms/classes/Master.php?f=delete_phase` | High
|
||||
32 | File | `/include/make.php` | High
|
||||
33 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
|
||||
34 | File | `/jpg/image.jpg` | High
|
||||
35 | File | `/login` | Low
|
||||
36 | File | `/manager/files` | High
|
||||
37 | File | `/module/api.php?mobile/wapNasIPS` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [IL](https://vuldb.com/?country.il)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,12 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -53,32 +53,37 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin.php/admin/website/data.html` | High
|
||||
5 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
|
||||
6 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
|
||||
7 | File | `/admin/inbox.php&action=read` | High
|
||||
8 | File | `/admin/posts.php` | High
|
||||
9 | File | `/admin/posts.php&action=delete` | High
|
||||
10 | File | `/admin/run_ajax.php` | High
|
||||
11 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
12 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
||||
13 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
|
||||
14 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
15 | File | `/api/crontab` | Medium
|
||||
16 | File | `/blog/blog.php` | High
|
||||
17 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
18 | File | `/cgi-bin/kerbynet` | High
|
||||
19 | File | `/cloud_config/router_post/modify_account_pwd` | High
|
||||
20 | File | `/cloud_config/router_post/register` | High
|
||||
21 | File | `/config/list` | Medium
|
||||
22 | File | `/download/` | Medium
|
||||
23 | File | `/etc/ajenti/config.yml` | High
|
||||
24 | File | `/etc/cobbler` | Medium
|
||||
25 | File | `/etc/passwd` | Medium
|
||||
26 | File | `/export` | Low
|
||||
27 | File | `/goform/delAd` | High
|
||||
28 | File | `/goform/form2Reboot.cgi` | High
|
||||
29 | File | `/home.asp` | Medium
|
||||
30 | ... | ... | ...
|
||||
7 | File | `/admin/edit.php` | High
|
||||
8 | File | `/admin/inbox.php&action=read` | High
|
||||
9 | File | `/admin/new-content` | High
|
||||
10 | File | `/admin/posts.php` | High
|
||||
11 | File | `/admin/posts.php&action=delete` | High
|
||||
12 | File | `/admin/run_ajax.php` | High
|
||||
13 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
14 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
||||
15 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
|
||||
16 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
17 | File | `/api/crontab` | Medium
|
||||
18 | File | `/blog/blog.php` | High
|
||||
19 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
20 | File | `/cgi-bin/kerbynet` | High
|
||||
21 | File | `/cloud_config/router_post/modify_account_pwd` | High
|
||||
22 | File | `/cloud_config/router_post/register` | High
|
||||
23 | File | `/cms/classes/Master.php?f=delete_service` | High
|
||||
24 | File | `/config/list` | Medium
|
||||
25 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
26 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
27 | File | `/download/` | Medium
|
||||
28 | File | `/etc/ajenti/config.yml` | High
|
||||
29 | File | `/etc/passwd` | Medium
|
||||
30 | File | `/export` | Low
|
||||
31 | File | `/goform/AdvSetLanIp` | High
|
||||
32 | File | `/goform/delAd` | High
|
||||
33 | File | `/goform/form2Reboot.cgi` | High
|
||||
34 | File | `/goform/SetNetControlList` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 259 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 299 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -25,11 +25,13 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [65.181.113.87](https://vuldb.com/?ip.65.181.113.87) | mx1.lifestylefundings.com | Boleto Mestre | High
|
||||
2 | [65.181.127.152](https://vuldb.com/?ip.65.181.127.152) | portal2.brewmyidea.com | Boleto Mestre | High
|
||||
3 | [200.98.142.67](https://vuldb.com/?ip.200.98.142.67) | 200-98-142-67.clouduol.com.br | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/
|
||||
* https://unit42.paloaltonetworks.com/unit42-master-channel-the-boleto-mestre-campaign-targets-brazil/
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -0,0 +1,92 @@
|
|||
# Bunitu - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bunitu](https://vuldb.com/?actor.bunitu). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bunitu](https://vuldb.com/?actor.bunitu)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bunitu:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bunitu.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.104.230.200](https://vuldb.com/?ip.5.104.230.200) | hosted-by.snel.com | - | High
|
||||
2 | [62.75.222.235](https://vuldb.com/?ip.62.75.222.235) | rom243.dedicatedpanel.com | - | High
|
||||
3 | [66.199.229.251](https://vuldb.com/?ip.66.199.229.251) | 66-199-229-251.reverse.ezzi.net | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Bunitu_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bunitu. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `..\WWWRoot\CustomPages\aspshell.asp` | High
|
||||
2 | File | `/09/business/upgrade/upcfgAction.php?download=true` | High
|
||||
3 | File | `/32` | Low
|
||||
4 | File | `/cgi-bin/kerbynet` | High
|
||||
5 | File | `/etc/keystone/user-project-map.json` | High
|
||||
6 | File | `/etc/passwd` | Medium
|
||||
7 | File | `/inc/campaign/view-campaign-list.php` | High
|
||||
8 | File | `/include/menu_v.inc.php` | High
|
||||
9 | File | `/servlet/webacc` | High
|
||||
10 | File | `/usr/` | Low
|
||||
11 | File | `/wp-admin/admin.php?page=cpabc_appointments.php` | High
|
||||
12 | File | `admin-ajax.php` | High
|
||||
13 | File | `ajax_crons.php` | High
|
||||
14 | File | `ansi.c` | Low
|
||||
15 | File | `api.php/List/index` | High
|
||||
16 | File | `API/api/Version` | High
|
||||
17 | File | `application/controllers/LSBaseController.php` | High
|
||||
18 | File | `AsusScreenXpertServicec.exe` | High
|
||||
19 | File | `backupDB.php` | Medium
|
||||
20 | File | `bind.cpp` | Medium
|
||||
21 | File | `bits.c` | Low
|
||||
22 | File | `bundles/AdminBundle/Controller/Reports/CustomReportController.php` | High
|
||||
23 | File | `C:\downsoft` | Medium
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 205 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,86 @@
|
|||
# Calypso - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Calypso](https://vuldb.com/?actor.calypso). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.calypso](https://vuldb.com/?actor.calypso)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with Calypso:
|
||||
|
||||
* Kazakhstan
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Calypso:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Calypso.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.183.178.181](https://vuldb.com/?ip.5.183.178.181) | - | Kazakhstan | High
|
||||
2 | [5.188.228.53](https://vuldb.com/?ip.5.188.228.53) | indppur1.example.com | Kazakhstan | High
|
||||
3 | [23.227.207.137](https://vuldb.com/?ip.23.227.207.137) | 23-227-207-137.static.hvvc.us | - | High
|
||||
4 | [45.63.96.120](https://vuldb.com/?ip.45.63.96.120) | 45.63.96.120.vultrusercontent.com | - | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Calypso_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Calypso. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/admin/user/manage/add` | High
|
||||
3 | File | `/export` | Low
|
||||
4 | File | `/iisadmin` | Medium
|
||||
5 | File | `/inc/parser/xhtml.php` | High
|
||||
6 | File | `/includes/lib/detail.php` | High
|
||||
7 | File | `/MIME/INBOX-MM-1/` | High
|
||||
8 | File | `/ptms/classes/Users.php` | High
|
||||
9 | File | `/public/plugins/` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 76 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://st.drweb.com/static/new-www/news/2022/march/telecom_research_en.pdf
|
||||
* https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -58,43 +58,44 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10` | High
|
||||
2 | File | `/.vnc/sesman_${username}_passwd` | High
|
||||
3 | File | `/addsrv` | Low
|
||||
4 | File | `/Admin/Views/FileEditor/` | High
|
||||
5 | File | `/api/user/{ID}` | High
|
||||
6 | File | `/article/add` | Medium
|
||||
7 | File | `/cgi-bin/editBookmark` | High
|
||||
8 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
9 | File | `/controller/pay.class.php` | High
|
||||
10 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
11 | File | `/dev/kmem` | Medium
|
||||
12 | File | `/dev/shm` | Medium
|
||||
13 | File | `/dev/snd/seq` | Medium
|
||||
14 | File | `/device/device=140/tab=wifi/view` | High
|
||||
15 | File | `/dl/dl_print.php` | High
|
||||
16 | File | `/getcfg.php` | Medium
|
||||
17 | File | `/goform/addressNat` | High
|
||||
18 | File | `/htdocs/admin/dict.php?id=3` | High
|
||||
19 | File | `/include/menu_v.inc.php` | High
|
||||
20 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
21 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
|
||||
22 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
|
||||
23 | File | `/login` | Low
|
||||
24 | File | `/module/module_frame/index.php` | High
|
||||
25 | File | `/notice-edit.php` | High
|
||||
26 | File | `/nova/bin/sniffer` | High
|
||||
27 | File | `/ofcms/company-c-47` | High
|
||||
28 | File | `/proc/*/cmdline"` | High
|
||||
29 | File | `/proc/pid/syscall` | High
|
||||
30 | File | `/product_list.php` | High
|
||||
31 | File | `/rest/api/2/user/picker` | High
|
||||
32 | File | `/rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application` | High
|
||||
33 | File | `/services/details.asp` | High
|
||||
34 | File | `/src/core/controllers/cm.php` | High
|
||||
35 | File | `/storage/app/media/evil.svg` | High
|
||||
36 | File | `/transmission/web/` | High
|
||||
37 | ... | ... | ...
|
||||
3 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
4 | File | `/addsrv` | Low
|
||||
5 | File | `/Admin/Views/FileEditor/` | High
|
||||
6 | File | `/api/user/{ID}` | High
|
||||
7 | File | `/article/add` | Medium
|
||||
8 | File | `/cgi-bin/editBookmark` | High
|
||||
9 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
10 | File | `/controller/pay.class.php` | High
|
||||
11 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
12 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
13 | File | `/dev/kmem` | Medium
|
||||
14 | File | `/dev/shm` | Medium
|
||||
15 | File | `/dev/snd/seq` | Medium
|
||||
16 | File | `/device/device=140/tab=wifi/view` | High
|
||||
17 | File | `/dl/dl_print.php` | High
|
||||
18 | File | `/getcfg.php` | Medium
|
||||
19 | File | `/goform/addressNat` | High
|
||||
20 | File | `/htdocs/admin/dict.php?id=3` | High
|
||||
21 | File | `/include/menu_v.inc.php` | High
|
||||
22 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
|
||||
23 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
|
||||
24 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
|
||||
25 | File | `/login` | Low
|
||||
26 | File | `/mngset/authset` | High
|
||||
27 | File | `/module/module_frame/index.php` | High
|
||||
28 | File | `/notice-edit.php` | High
|
||||
29 | File | `/nova/bin/sniffer` | High
|
||||
30 | File | `/ofcms/company-c-47` | High
|
||||
31 | File | `/proc/*/cmdline"` | High
|
||||
32 | File | `/proc/pid/syscall` | High
|
||||
33 | File | `/product_list.php` | High
|
||||
34 | File | `/rest/api/2/user/picker` | High
|
||||
35 | File | `/rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application` | High
|
||||
36 | File | `/services/details.asp` | High
|
||||
37 | File | `/src/core/controllers/cm.php` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 326 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -124,7 +124,7 @@ ID | Type | Indicator | Confidence
|
|||
36 | File | `admin/conf_users_edit.php` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -11,6 +11,9 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -44,17 +47,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/docs/captcha_(number).jpeg` | High
|
||||
2 | File | `/etc/keystone/user-project-map.json` | High
|
||||
3 | File | `/forum/away.php` | High
|
||||
4 | File | `/horde/util/go.php` | High
|
||||
5 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
|
||||
6 | File | `/webapps/Bb-sites-user-profile-BBLEARN/profile.form` | High
|
||||
7 | File | `/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php` | High
|
||||
8 | File | `action/addproject.php` | High
|
||||
9 | ... | ... | ...
|
||||
1 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
2 | File | `/docs/captcha_(number).jpeg` | High
|
||||
3 | File | `/etc/keystone/user-project-map.json` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/horde/util/go.php` | High
|
||||
6 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
|
||||
7 | File | `/webapps/Bb-sites-user-profile-BBLEARN/profile.form` | High
|
||||
8 | File | `/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php` | High
|
||||
9 | File | `action/addproject.php` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 69 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 73 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -80,7 +80,7 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `admin/article_category.php?rec=update` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 246 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -74,36 +74,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
4 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
5 | File | `/file?action=download&file` | High
|
||||
6 | File | `/medical/inventories.php` | High
|
||||
7 | File | `/monitoring` | Medium
|
||||
8 | File | `/new` | Low
|
||||
9 | File | `/plugins/servlet/audit/resource` | High
|
||||
10 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
11 | File | `/proc/<pid>/status` | High
|
||||
12 | File | `/public/plugins/` | High
|
||||
13 | File | `/replication` | Medium
|
||||
14 | File | `/RestAPI` | Medium
|
||||
15 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
16 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
17 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
18 | File | `/tmp` | Low
|
||||
19 | File | `/uncpath/` | Medium
|
||||
2 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
3 | File | `/file?action=download&file` | High
|
||||
4 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
5 | File | `/monitoring` | Medium
|
||||
6 | File | `/new` | Low
|
||||
7 | File | `/plugins/servlet/audit/resource` | High
|
||||
8 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
9 | File | `/proc/<pid>/status` | High
|
||||
10 | File | `/public/plugins/` | High
|
||||
11 | File | `/replication` | Medium
|
||||
12 | File | `/RestAPI` | Medium
|
||||
13 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
14 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
15 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
16 | File | `/tmp` | Low
|
||||
17 | File | `/tmp/zarafa-vacation-*` | High
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/upload` | Low
|
||||
20 | File | `/var/log/nginx` | High
|
||||
21 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
22 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
23 | File | `AccountManagerService.java` | High
|
||||
24 | File | `actions/CompanyDetailsSave.php` | High
|
||||
25 | File | `ActiveServices.java` | High
|
||||
26 | File | `ActivityManagerService.java` | High
|
||||
27 | File | `admin.php` | Medium
|
||||
28 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
29 | ... | ... | ...
|
||||
25 | File | `ActivityManagerService.java` | High
|
||||
26 | File | `admin.php` | Medium
|
||||
27 | File | `admin/add-glossary.php` | High
|
||||
28 | File | `admin/conf_users_edit.php` | High
|
||||
29 | File | `admin/edit-comments.php` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 247 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -33,7 +33,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
3 | [34.92.228.216](https://vuldb.com/?ip.34.92.228.216) | 216.228.92.34.bc.googleusercontent.com | RedXOR | Medium
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more IOC items available. Please use our online service to access the data.
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -46,7 +46,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -54,19 +54,23 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/public/plugins/` | High
|
||||
2 | File | `/rom-0` | Low
|
||||
3 | File | `/uncpath/` | Medium
|
||||
4 | File | `actions/ChangeConfiguration.html` | High
|
||||
5 | File | `ajaxfilemanager.php` | High
|
||||
6 | ... | ... | ...
|
||||
1 | File | `/ajax-files/postComment.php` | High
|
||||
2 | File | `/bin/login.php` | High
|
||||
3 | File | `/public/plugins/` | High
|
||||
4 | File | `/rom-0` | Low
|
||||
5 | File | `/uncpath/` | Medium
|
||||
6 | File | `/wp-content/plugins/forum-server/feed.php` | High
|
||||
7 | File | `actions/ChangeConfiguration.html` | High
|
||||
8 | File | `ajaxfilemanager.php` | High
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 42 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 67 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/08/china-chopper-still-active-9-years-later.html
|
||||
* https://github.com/avast/ioc/tree/master/OperationDragonCastling
|
||||
* https://vxug.fakedoma.in/archive/APTs/2021/2021.03.10(1)/RedXOR.pdf
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Chthonic:
|
||||
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,13 +21,34 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [40.70.224.146](https://vuldb.com/?ip.40.70.224.146) | - | - | High
|
||||
2 | [51.254.83.231](https://vuldb.com/?ip.51.254.83.231) | pob01.mulx.net | - | High
|
||||
3 | [52.137.90.34](https://vuldb.com/?ip.52.137.90.34) | - | - | High
|
||||
4 | [52.185.71.28](https://vuldb.com/?ip.52.185.71.28) | - | - | High
|
||||
5 | ... | ... | ... | ...
|
||||
1 | [5.34.248.225](https://vuldb.com/?ip.5.34.248.225) | ns2.newsnet.li | - | High
|
||||
2 | [5.39.81.111](https://vuldb.com/?ip.5.39.81.111) | pm.theglu.org | - | High
|
||||
3 | [5.103.128.88](https://vuldb.com/?ip.5.103.128.88) | 5.103.128.88.static.fibianet.dk | - | High
|
||||
4 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
5 | [13.107.246.13](https://vuldb.com/?ip.13.107.246.13) | - | - | High
|
||||
6 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
|
||||
7 | [20.41.46.145](https://vuldb.com/?ip.20.41.46.145) | - | - | High
|
||||
8 | [20.45.1.107](https://vuldb.com/?ip.20.45.1.107) | - | - | High
|
||||
9 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
|
||||
10 | [31.28.161.68](https://vuldb.com/?ip.31.28.161.68) | ntp.exact-time.org | - | High
|
||||
11 | [34.107.221.82](https://vuldb.com/?ip.34.107.221.82) | 82.221.107.34.bc.googleusercontent.com | - | Medium
|
||||
12 | [35.229.93.46](https://vuldb.com/?ip.35.229.93.46) | 46.93.229.35.bc.googleusercontent.com | - | Medium
|
||||
13 | [35.231.151.7](https://vuldb.com/?ip.35.231.151.7) | 7.151.231.35.bc.googleusercontent.com | - | Medium
|
||||
14 | [35.244.181.201](https://vuldb.com/?ip.35.244.181.201) | 201.181.244.35.bc.googleusercontent.com | - | Medium
|
||||
15 | [37.187.5.167](https://vuldb.com/?ip.37.187.5.167) | ks3370497.kimsufi.com | - | High
|
||||
16 | [37.187.20.28](https://vuldb.com/?ip.37.187.20.28) | ns397460.ip-37-187-20.eu | - | High
|
||||
17 | [40.67.189.14](https://vuldb.com/?ip.40.67.189.14) | - | - | High
|
||||
18 | [40.70.224.146](https://vuldb.com/?ip.40.70.224.146) | - | - | High
|
||||
19 | [40.76.4.15](https://vuldb.com/?ip.40.76.4.15) | - | - | High
|
||||
20 | [40.90.247.210](https://vuldb.com/?ip.40.90.247.210) | - | - | High
|
||||
21 | [40.91.124.111](https://vuldb.com/?ip.40.91.124.111) | - | - | High
|
||||
22 | [40.112.72.205](https://vuldb.com/?ip.40.112.72.205) | - | - | High
|
||||
23 | [40.113.200.201](https://vuldb.com/?ip.40.113.200.201) | - | - | High
|
||||
24 | [45.87.76.3](https://vuldb.com/?ip.45.87.76.3) | ntp.devrandom.be | - | High
|
||||
25 | [46.17.46.226](https://vuldb.com/?ip.46.17.46.226) | brtnjbjgyi.quest | - | High
|
||||
26 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more IOC items available. Please use our online service to access the data.
|
||||
There are 100 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -37,10 +58,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,18 +69,54 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/tmp` | Low
|
||||
2 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
|
||||
3 | File | `AniGIF.ocx` | Medium
|
||||
4 | File | `config.php` | Medium
|
||||
5 | ... | ... | ...
|
||||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/admin/config.php?display=disa&view=form` | High
|
||||
5 | File | `/category_view.php` | High
|
||||
6 | File | `/dev/kmem` | Medium
|
||||
7 | File | `/file?action=download&file` | High
|
||||
8 | File | `/medical/inventories.php` | High
|
||||
9 | File | `/monitoring` | Medium
|
||||
10 | File | `/NAGErrors` | Medium
|
||||
11 | File | `/plugins/servlet/audit/resource` | High
|
||||
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
13 | File | `/proc/ioports` | High
|
||||
14 | File | `/replication` | Medium
|
||||
15 | File | `/RestAPI` | Medium
|
||||
16 | File | `/rom-0` | Low
|
||||
17 | File | `/tmp` | Low
|
||||
18 | File | `/tmp/speedtest_urls.xml` | High
|
||||
19 | File | `/tmp/zarafa-vacation-*` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/upload` | Low
|
||||
22 | File | `/var/log/nginx` | High
|
||||
23 | File | `/wp-admin/admin.php` | High
|
||||
24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
25 | File | `abook_database.php` | High
|
||||
26 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
27 | File | `admin/index.php` | High
|
||||
28 | File | `admin/login.php` | High
|
||||
29 | File | `admin\model\catalog\download.php` | High
|
||||
30 | File | `ajax/render/widget_php` | High
|
||||
31 | File | `apcupsd.pid` | Medium
|
||||
32 | File | `api/sms/send-sms` | High
|
||||
33 | File | `api/v1/alarms` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 26 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 295 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
|
||||
* https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html
|
||||
* https://blog.talosintelligence.com/2020/05/threat-roundup-0508-0515.html
|
||||
* https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0828-0904.html
|
||||
* https://blog.talosintelligence.com/2020/11/threat-roundup-1030-1106.html
|
||||
* https://blog.talosintelligence.com/2020/12/threat-roundup-1127-1204.html
|
||||
* https://blog.talosintelligence.com/2021/01/threat-roundup-0122.html
|
||||
* https://blog.talosintelligence.com/2021/09/threat-roundup-0903-0910.html
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Group:
|
||||
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
@ -37,7 +37,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1068 | CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -52,29 +52,33 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin/customers.php?page=1&cID` | High
|
||||
3 | File | `/admin/link/link_ok.php` | High
|
||||
4 | File | `/admin/show.php` | High
|
||||
5 | File | `/administrator/components/menu/` | High
|
||||
5 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
6 | File | `/app/register.php` | High
|
||||
7 | File | `/data/sqldata` | High
|
||||
8 | File | `/feedback/post/` | High
|
||||
9 | File | `/goform/SetPptpServerCfg` | High
|
||||
10 | File | `/hdf5/src/H5Fint.c` | High
|
||||
11 | File | `/index.php?page=reserve` | High
|
||||
12 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
|
||||
13 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
|
||||
14 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
|
||||
15 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
|
||||
16 | File | `/public/launchNewWindow.jsp` | High
|
||||
17 | File | `/purchase_order/admin/?page=user` | High
|
||||
18 | File | `/reps/admin/?page=agents/manage_agent` | High
|
||||
19 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
20 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
21 | File | `/servlets/Jmx_dynamic` | High
|
||||
22 | File | `/setting/NTPSyncWithHost` | High
|
||||
23 | File | `/src/njs_object.c` | High
|
||||
24 | File | `/template/unzip.do` | High
|
||||
25 | ... | ... | ...
|
||||
7 | File | `/CommunitySSORedirect.jsp` | High
|
||||
8 | File | `/config` | Low
|
||||
9 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
10 | File | `/data/sqldata` | High
|
||||
11 | File | `/feedback/post/` | High
|
||||
12 | File | `/goform/setDeviceSettings` | High
|
||||
13 | File | `/goform/SetPptpServerCfg` | High
|
||||
14 | File | `/help/treecontent.jsp` | High
|
||||
15 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
16 | File | `/index.php?page=reserve` | High
|
||||
17 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
|
||||
18 | File | `/public/launchNewWindow.jsp` | High
|
||||
19 | File | `/purchase_order/admin/?page=user` | High
|
||||
20 | File | `/reps/admin/?page=agents/manage_agent` | High
|
||||
21 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
22 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
23 | File | `/servlets/Jmx_dynamic` | High
|
||||
24 | File | `/setting/CloudACMunualUpdate` | High
|
||||
25 | File | `/setting/NTPSyncWithHost` | High
|
||||
26 | File | `/setting/setWebWlanIdx` | High
|
||||
27 | File | `/simple_chat_bot/admin/responses/view_response.php` | High
|
||||
28 | File | `/src/njs_object.c` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 212 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 241 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Strike:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -28,10 +28,19 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
5 | [23.108.57.39](https://vuldb.com/?ip.23.108.57.39) | - | - | High
|
||||
6 | [23.108.57.108](https://vuldb.com/?ip.23.108.57.108) | - | - | High
|
||||
7 | [23.227.199.10](https://vuldb.com/?ip.23.227.199.10) | 23-227-199-10.static.hvvc.us | - | High
|
||||
8 | [45.134.26.174](https://vuldb.com/?ip.45.134.26.174) | - | - | High
|
||||
9 | ... | ... | ... | ...
|
||||
8 | [37.120.198.225](https://vuldb.com/?ip.37.120.198.225) | - | - | High
|
||||
9 | [45.134.26.174](https://vuldb.com/?ip.45.134.26.174) | - | - | High
|
||||
10 | [45.144.29.185](https://vuldb.com/?ip.45.144.29.185) | master.pisyandriy.com | - | High
|
||||
11 | [46.165.254.166](https://vuldb.com/?ip.46.165.254.166) | - | - | High
|
||||
12 | [51.15.76.60](https://vuldb.com/?ip.51.15.76.60) | 60-76-15-51.instances.scw.cloud | - | High
|
||||
13 | [51.68.91.152](https://vuldb.com/?ip.51.68.91.152) | - | - | High
|
||||
14 | [51.68.93.185](https://vuldb.com/?ip.51.68.93.185) | - | - | High
|
||||
15 | [51.83.15.56](https://vuldb.com/?ip.51.83.15.56) | - | - | High
|
||||
16 | [62.102.148.68](https://vuldb.com/?ip.62.102.148.68) | - | - | High
|
||||
17 | [62.128.111.176](https://vuldb.com/?ip.62.128.111.176) | - | - | High
|
||||
18 | ... | ... | ... | ...
|
||||
|
||||
There are 33 more IOC items available. Please use our online service to access the data.
|
||||
There are 70 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -40,11 +49,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -52,66 +61,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/success_story.php` | High
|
||||
2 | File | `/category.php` | High
|
||||
3 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
4 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
5 | File | `/movie-portal-script/movie.php` | High
|
||||
6 | File | `/notice-edit.php` | High
|
||||
7 | File | `/objects/getSpiritsFromVideo.php` | High
|
||||
8 | File | `/servlet/webacc` | High
|
||||
9 | File | `/TeamMate/Upload/DomainObjectDocumentUpload.ashx` | High
|
||||
10 | File | `/tmp` | Low
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `/wp-admin/admin-ajax.php` | High
|
||||
13 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
14 | File | `4.2.0.CP08` | Medium
|
||||
15 | File | `account.asp` | Medium
|
||||
16 | File | `acerctrl.ocx` | Medium
|
||||
17 | File | `activate.php` | Medium
|
||||
18 | File | `add.php` | Low
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | File | `admin/admin.php` | High
|
||||
21 | File | `admin/adminaddeditdetails.php` | High
|
||||
22 | File | `admin/class-jtrt-responsive-tables-admin.php` | High
|
||||
23 | File | `admin/images.php` | High
|
||||
24 | File | `admin/import/class-import-settings.php` | High
|
||||
25 | File | `admin/infoclass_update.php` | High
|
||||
26 | File | `admin/member_details.php` | High
|
||||
27 | File | `admin/preview.php` | High
|
||||
28 | File | `ajax/addComment.php` | High
|
||||
29 | File | `allocate_block.cpp` | High
|
||||
30 | File | `and/or` | Low
|
||||
31 | File | `app/code/core/Mage/Rss/Helper/Order.php` | High
|
||||
32 | File | `arch/powerpc/kernel/entry_64.S` | High
|
||||
33 | File | `archive_read_support_format_rar5.c` | High
|
||||
34 | File | `article.php` | Medium
|
||||
35 | File | `asmjs/asmangle.cpp` | High
|
||||
36 | File | `asp:.jpg` | Medium
|
||||
37 | File | `auth2-gss.c` | Medium
|
||||
38 | File | `backup.php` | Medium
|
||||
39 | File | `bios.php` | Medium
|
||||
40 | File | `blanko.preview.php` | High
|
||||
41 | File | `block/bfq-iosched.c` | High
|
||||
42 | File | `books.php` | Medium
|
||||
43 | File | `browse_ladies.php` | High
|
||||
44 | File | `burl.c` | Low
|
||||
45 | File | `cadena_ofertas_ext.php` | High
|
||||
46 | File | `category-delete.php` | High
|
||||
47 | File | `category.php` | Medium
|
||||
48 | File | `CFM File Handler` | High
|
||||
49 | File | `cgi-bin/awstats.pl` | High
|
||||
50 | File | `cgi-bin/write.cgi` | High
|
||||
51 | File | `Change-password.php` | High
|
||||
52 | File | `chat.php` | Medium
|
||||
53 | ... | ... | ...
|
||||
1 | File | `%PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe` | High
|
||||
2 | File | `.nautilus-metafile.xml` | High
|
||||
3 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
4 | File | `/admin.php` | Medium
|
||||
5 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
||||
6 | File | `/admin/uesrs.php&action=display&value=Hide` | High
|
||||
7 | File | `/administrator/components/table_manager/` | High
|
||||
8 | File | `/administrator/templates/default/html/windows/right.php` | High
|
||||
9 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
10 | File | `/api/students/me/courses/` | High
|
||||
11 | File | `/api/students/me/messages/` | High
|
||||
12 | File | `/Applications/Utilities/Terminal` | High
|
||||
13 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
14 | File | `/blog/blog.php` | High
|
||||
15 | File | `/cdsms/classes/Master.php?f=delete_package` | High
|
||||
16 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
17 | File | `/classes/master.php?f=delete_facility` | High
|
||||
18 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
19 | File | `/coreframe/app/member/admin/group.php` | High
|
||||
20 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
21 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
22 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
23 | File | `/default.php?idx=17` | High
|
||||
24 | File | `/ecrire` | Low
|
||||
25 | File | `/eris/index.php?q=result&searchfor=advancesearch` | High
|
||||
26 | File | `/goform/SysToolReboot` | High
|
||||
27 | File | `/hocms/classes/Master.php?f=delete_member` | High
|
||||
28 | File | `/hocms/classes/Master.php?f=delete_phase` | High
|
||||
29 | File | `/html/Solar_Ftp.php` | High
|
||||
30 | File | `/include/chart_generator.php` | High
|
||||
31 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
32 | File | `/info.cgi` | Medium
|
||||
33 | File | `/insurance/editPayment.php` | High
|
||||
34 | File | `/lists/admin/` | High
|
||||
35 | File | `/mgmt/tm/util/bash` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 460 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://asec.ahnlab.com/en/20130/
|
||||
* https://asec.ahnlab.com/en/27646/
|
||||
* https://blog.morphisec.com/log4j-exploit-targets-vulnerable-unifi-network-applications
|
||||
* https://blog.talosintelligence.com/2020/06/indigodrop-maldocs-cobalt-strike.html
|
||||
* https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
|
||||
* https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752/
|
||||
* https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/
|
||||
|
@ -131,6 +127,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/
|
||||
* https://thedfirreport.com/2021/12/13/diavol-ransomware/
|
||||
* https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/
|
||||
* https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/
|
||||
* https://twitter.com/malware_traffic/status/1400876426497253379
|
||||
* https://twitter.com/malware_traffic/status/1415740795622248452
|
||||
* https://twitter.com/TheDFIRReport/status/1508451341844168706
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoinStomp:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
|
|
@ -114,10 +114,9 @@ ID | Type | Indicator | Confidence
|
|||
54 | File | `binder.c` | Medium
|
||||
55 | File | `books.php` | Medium
|
||||
56 | File | `C:\Python27` | Medium
|
||||
57 | File | `C:\Windows\System32\config\SAM` | High
|
||||
58 | ... | ... | ...
|
||||
57 | ... | ... | ...
|
||||
|
||||
There are 502 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 500 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 33 more country items available. Please use our online service to access the data.
|
||||
There are 32 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -116,7 +116,7 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/etc/sudoers` | Medium
|
||||
11 | File | `/export` | Low
|
||||
12 | File | `/iissamples` | Medium
|
||||
13 | File | `/login` | Low
|
||||
13 | File | `/mgmt/tm/util/bash` | High
|
||||
14 | File | `/modules/profile/index.php` | High
|
||||
15 | File | `/monitoring` | Medium
|
||||
16 | File | `/new` | Low
|
||||
|
@ -144,9 +144,10 @@ ID | Type | Indicator | Confidence
|
|||
38 | File | `admin/conf_users_edit.php` | High
|
||||
39 | File | `admin/edit-comments.php` | High
|
||||
40 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
41 | ... | ... | ...
|
||||
41 | File | `admin\db\DoSql.php` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 356 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 362 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoolWebSearch:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -155,11 +155,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -168,40 +168,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.ssh/authorized_keys` | High
|
||||
2 | File | `/car.php` | Medium
|
||||
3 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
4 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
5 | File | `/core/admin/categories.php` | High
|
||||
6 | File | `/dashboards/#` | High
|
||||
7 | File | `/etc/sudoers` | Medium
|
||||
8 | File | `/filemanager/php/connector.php` | High
|
||||
9 | File | `/forum/away.php` | High
|
||||
10 | File | `/fudforum/adm/hlplist.php` | High
|
||||
11 | File | `/GponForm/fsetup_Form` | High
|
||||
12 | File | `/log_download.cgi` | High
|
||||
13 | File | `/modules/profile/index.php` | High
|
||||
14 | File | `/MTFWU` | Low
|
||||
15 | File | `/new` | Low
|
||||
2 | File | `/cgi-bin/luci/api/auth` | High
|
||||
3 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
4 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
5 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
6 | File | `/core/admin/categories.php` | High
|
||||
7 | File | `/etc/groups` | Medium
|
||||
8 | File | `/etc/sudoers` | Medium
|
||||
9 | File | `/filemanager/php/connector.php` | High
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/mgmt/tm/util/bash` | High
|
||||
12 | File | `/modules/profile/index.php` | High
|
||||
13 | File | `/MTFWU` | Low
|
||||
14 | File | `/new` | Low
|
||||
15 | File | `/php/passport/index.php` | High
|
||||
16 | File | `/proc/<pid>/status` | High
|
||||
17 | File | `/public/plugins/` | High
|
||||
18 | File | `/s/` | Low
|
||||
19 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
20 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
21 | File | `/server-info` | Medium
|
||||
22 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
23 | File | `/tmp` | Low
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/updown/upload.cgi` | High
|
||||
26 | File | `/usr/bin/pkexec` | High
|
||||
27 | File | `/way4acs/enroll` | High
|
||||
28 | File | `/WEB-INF/web.xml` | High
|
||||
29 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
30 | File | `4.2.0.CP09` | Medium
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `AccountManagerService.java` | High
|
||||
33 | ... | ... | ...
|
||||
18 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
19 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
20 | File | `/server-info` | Medium
|
||||
21 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
22 | File | `/tmp` | Low
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/updown/upload.cgi` | High
|
||||
25 | File | `/usr/bin/pkexec` | High
|
||||
26 | File | `4.2.0.CP09` | Medium
|
||||
27 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
28 | File | `AccountManagerService.java` | High
|
||||
29 | File | `actions/CompanyDetailsSave.php` | High
|
||||
30 | File | `ActivityManagerService.java` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 281 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 259 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -44,13 +44,14 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
2 | File | `/filemanager/ajax_calls.php` | High
|
||||
3 | File | `/Items/*/RemoteImages/Download` | High
|
||||
4 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
|
||||
5 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
6 | ... | ... | ...
|
||||
2 | File | `/etc/postfix/sender_login` | High
|
||||
3 | File | `/filemanager/ajax_calls.php` | High
|
||||
4 | File | `/Items/*/RemoteImages/Download` | High
|
||||
5 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
|
||||
6 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 37 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 44 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -4,20 +4,67 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cybergate](https://vuldb.com/?actor.cybergate)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cybergate:
|
||||
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Cybergate.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [52.8.126.80](https://vuldb.com/?ip.52.8.126.80) | ec2-52-8-126-80.us-west-1.compute.amazonaws.com | - | Medium
|
||||
2 | [187.58.232.18](https://vuldb.com/?ip.187.58.232.18) | 187.58.232.18.static.host.gvt.net.br | - | High
|
||||
1 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
2 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
|
||||
3 | [23.5.234.11](https://vuldb.com/?ip.23.5.234.11) | a23-5-234-11.deploy.static.akamaitechnologies.com | - | High
|
||||
4 | [23.203.29.190](https://vuldb.com/?ip.23.203.29.190) | a23-203-29-190.deploy.static.akamaitechnologies.com | - | High
|
||||
5 | [52.8.126.80](https://vuldb.com/?ip.52.8.126.80) | ec2-52-8-126-80.us-west-1.compute.amazonaws.com | - | Medium
|
||||
6 | [52.201.110.209](https://vuldb.com/?ip.52.201.110.209) | ec2-52-201-110-209.compute-1.amazonaws.com | - | Medium
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Cybergate_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Cybergate. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/catcompany.php` | High
|
||||
2 | File | `/proc/self/cwd` | High
|
||||
3 | File | `/uncpath/` | Medium
|
||||
4 | File | `admin/movieview.php` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 32 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
|
||||
* https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
|
||||
* https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -53,13 +53,13 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/tmp` | Low
|
||||
3 | File | `AbstractController.php` | High
|
||||
4 | File | `ActBar.ocx` | Medium
|
||||
5 | File | `admin.comms.php` | High
|
||||
6 | File | `admin.php` | Medium
|
||||
7 | File | `admincp.php?app=user&do=save` | High
|
||||
8 | File | `ajax.php?type=../admin-panel/autoload&page=manage-users` | High
|
||||
5 | File | `add_ons.php` | Medium
|
||||
6 | File | `admin.comms.php` | High
|
||||
7 | File | `admin.php` | Medium
|
||||
8 | File | `admin/bad.php` | High
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 62 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 67 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -22,15 +22,15 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.8.55.205](https://vuldb.com/?ip.5.8.55.205) | carpbaboon.com | - | High
|
||||
2 | [23.254.226.52](https://vuldb.com/?ip.23.254.226.52) | client-23-254-226-52.hostwindsdns.com | - | High
|
||||
3 | [31.214.157.12](https://vuldb.com/?ip.31.214.157.12) | mail.private-mail.nl | - | High
|
||||
4 | [45.147.231.79](https://vuldb.com/?ip.45.147.231.79) | - | - | High
|
||||
5 | [46.173.218.13](https://vuldb.com/?ip.46.173.218.13) | - | - | High
|
||||
6 | [47.74.130.165](https://vuldb.com/?ip.47.74.130.165) | - | - | High
|
||||
7 | [84.54.37.102](https://vuldb.com/?ip.84.54.37.102) | - | - | High
|
||||
2 | [23.106.123.224](https://vuldb.com/?ip.23.106.123.224) | - | - | High
|
||||
3 | [23.254.226.52](https://vuldb.com/?ip.23.254.226.52) | client-23-254-226-52.hostwindsdns.com | - | High
|
||||
4 | [31.214.157.12](https://vuldb.com/?ip.31.214.157.12) | mail.private-mail.nl | - | High
|
||||
5 | [45.147.231.79](https://vuldb.com/?ip.45.147.231.79) | - | - | High
|
||||
6 | [46.173.218.13](https://vuldb.com/?ip.46.173.218.13) | - | - | High
|
||||
7 | [47.74.130.165](https://vuldb.com/?ip.47.74.130.165) | - | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
|
||||
There are 27 more IOC items available. Please use our online service to access the data.
|
||||
There are 30 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -40,10 +40,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-358 | 7PK Security Features | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -59,16 +59,18 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/GetSimpleCMS-3.3.15/admin/log.php` | High
|
||||
7 | File | `/lms/admin.php` | High
|
||||
8 | File | `/redpass.cgi` | Medium
|
||||
9 | File | `/secure/admin/ImporterFinishedPage.jspa` | High
|
||||
10 | File | `/uncpath/` | Medium
|
||||
11 | File | `add-category.php` | High
|
||||
12 | File | `add_comment.php` | High
|
||||
13 | File | `admin.php` | Medium
|
||||
14 | File | `admin/admin.shtml` | High
|
||||
15 | File | `admin/content.php` | High
|
||||
16 | ... | ... | ...
|
||||
9 | File | `/rom-0` | Low
|
||||
10 | File | `/secure/admin/ImporterFinishedPage.jspa` | High
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `add-category.php` | High
|
||||
13 | File | `add_comment.php` | High
|
||||
14 | File | `admin.php` | Medium
|
||||
15 | File | `admin/admin.shtml` | High
|
||||
16 | File | `admin/content.php` | High
|
||||
17 | File | `admin/user.php?form=update_f&user_name` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 131 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 149 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -78,6 +80,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://github.com/eset/malware-ioc/tree/master/danabot
|
||||
* https://isc.sans.edu/forums/diary/Example+of+Danabot+distributed+through+malspam/27744/
|
||||
* https://research.checkpoint.com/2019/danabot-demands-a-ransom-payment/
|
||||
* https://twitter.com/CERT_OPL/status/1138810411149643777
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dark Caracal:
|
||||
|
||||
* [CZ](https://vuldb.com/?country.cz)
|
||||
* [LA](https://vuldb.com/?country.la)
|
||||
* [CZ](https://vuldb.com/?country.cz)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
|
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -49,13 +49,13 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/apply.cgi` | Medium
|
||||
2 | File | `/usr/bin/pkexec` | High
|
||||
3 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
4 | File | `apply.cgi` | Medium
|
||||
5 | File | `base/ErrorHandler.php` | High
|
||||
6 | File | `blog.php` | Medium
|
||||
3 | File | `admin/file-manager/attachments` | High
|
||||
4 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
5 | File | `apply.cgi` | Medium
|
||||
6 | File | `base/ErrorHandler.php` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 44 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 50 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,12 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DarkComet:
|
||||
|
||||
* [UA](https://vuldb.com/?country.ua)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -38,11 +34,14 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
15 | [23.64.110.64](https://vuldb.com/?ip.23.64.110.64) | a23-64-110-64.deploy.static.akamaitechnologies.com | - | High
|
||||
16 | [23.67.200.172](https://vuldb.com/?ip.23.67.200.172) | a23-67-200-172.deploy.static.akamaitechnologies.com | - | High
|
||||
17 | [23.78.173.83](https://vuldb.com/?ip.23.78.173.83) | a23-78-173-83.deploy.static.akamaitechnologies.com | - | High
|
||||
18 | [31.170.166.110](https://vuldb.com/?ip.31.170.166.110) | - | - | High
|
||||
19 | [31.193.90.60](https://vuldb.com/?ip.31.193.90.60) | - | - | High
|
||||
20 | ... | ... | ... | ...
|
||||
18 | [25.109.69.178](https://vuldb.com/?ip.25.109.69.178) | - | - | High
|
||||
19 | [31.170.166.110](https://vuldb.com/?ip.31.170.166.110) | - | - | High
|
||||
20 | [31.193.90.60](https://vuldb.com/?ip.31.193.90.60) | - | - | High
|
||||
21 | [31.202.203.58](https://vuldb.com/?ip.31.202.203.58) | 31.202.203.58.format-tv.net | - | High
|
||||
22 | [34.107.221.82](https://vuldb.com/?ip.34.107.221.82) | 82.221.107.34.bc.googleusercontent.com | - | Medium
|
||||
23 | ... | ... | ... | ...
|
||||
|
||||
There are 74 more IOC items available. Please use our online service to access the data.
|
||||
There are 87 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -50,12 +49,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
1 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -63,25 +57,21 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
|
||||
3 | File | `/modules/tasks/summary.inc.php` | High
|
||||
4 | File | `/usr/bin/pkexec` | High
|
||||
5 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
6 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
7 | File | `admin.php` | Medium
|
||||
8 | File | `adminpasswd.cgi` | High
|
||||
9 | File | `ajax.php` | Medium
|
||||
10 | File | `apache2/modsecurity.c` | High
|
||||
11 | ... | ... | ...
|
||||
1 | File | `admin.php` | Medium
|
||||
2 | File | `apache2/modsecurity.c` | High
|
||||
3 | File | `forumrunner/includes/moderation.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/05/threat-roundup-0517-0524.html
|
||||
* https://blog.talosintelligence.com/2019/09/threat-roundup-0906-0913.html
|
||||
* https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html
|
||||
* https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html
|
||||
* https://blog.talosintelligence.com/2021/01/threat-roundup-0122.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0205-0212.html
|
||||
* https://blog.talosintelligence.com/2021/03/threat-roundup-0226-0305.html
|
||||
|
|
|
@ -0,0 +1,96 @@
|
|||
# Dealply - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dealply](https://vuldb.com/?actor.dealply). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dealply](https://vuldb.com/?actor.dealply)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dealply:
|
||||
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dealply.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.9.9.18](https://vuldb.com/?ip.5.9.9.18) | static.18.9.9.5.clients.your-server.de | - | High
|
||||
2 | [13.248.196.204](https://vuldb.com/?ip.13.248.196.204) | a64c2b794233c60a6.awsglobalaccelerator.com | - | High
|
||||
3 | [23.0.52.194](https://vuldb.com/?ip.23.0.52.194) | a23-0-52-194.deploy.static.akamaitechnologies.com | - | High
|
||||
4 | [23.3.126.219](https://vuldb.com/?ip.23.3.126.219) | a23-3-126-219.deploy.static.akamaitechnologies.com | - | High
|
||||
5 | [23.54.219.51](https://vuldb.com/?ip.23.54.219.51) | a23-54-219-51.deploy.static.akamaitechnologies.com | - | High
|
||||
6 | [23.221.50.122](https://vuldb.com/?ip.23.221.50.122) | a23-221-50-122.deploy.static.akamaitechnologies.com | - | High
|
||||
7 | [34.231.131.84](https://vuldb.com/?ip.34.231.131.84) | ec2-34-231-131-84.compute-1.amazonaws.com | - | Medium
|
||||
8 | ... | ... | ... | ...
|
||||
|
||||
There are 29 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Dealply_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Dealply. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
||||
4 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
5 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
|
||||
6 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
7 | File | `/bin/protest` | Medium
|
||||
8 | File | `/cgi-bin/login.cgi` | High
|
||||
9 | File | `/cgi/networkDiag.cgi` | High
|
||||
10 | File | `/cms/admin/?page=invoice/manage_invoice` | High
|
||||
11 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
12 | File | `/cms/admin/?page=user/manage_user` | High
|
||||
13 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
14 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
15 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
16 | File | `/ctpms/classes/Master.php?f=delete_application` | High
|
||||
17 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
18 | File | `/etc/passwd` | Medium
|
||||
19 | File | `/goform/SetSysTimeCfg` | High
|
||||
20 | File | `/ifs` | Low
|
||||
21 | File | `/mtms/admin/?page=user/manage_user` | High
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 181 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2020/01/threat-roundup-0124-0131.html
|
||||
* https://blog.talosintelligence.com/2020/05/threat-roundup-0522-0529.html
|
||||
* https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -4,25 +4,50 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dharma](https://vuldb.com/?actor.dharma)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dharma:
|
||||
|
||||
* [UA](https://vuldb.com/?country.ua)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dharma.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.20.187.20](https://vuldb.com/?ip.185.20.187.20) | 185.20.187.20.deltahost-ptr | - | High
|
||||
1 | [178.239.173.172](https://vuldb.com/?ip.178.239.173.172) | 172.173.239.178.baremetal.zare.com | - | High
|
||||
2 | [185.20.187.20](https://vuldb.com/?ip.185.20.187.20) | 185.20.187.20.deltahost-ptr | - | High
|
||||
3 | [217.138.202.116](https://vuldb.com/?ip.217.138.202.116) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Dharma_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Dharma. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/adm/setmain.php` | High
|
||||
2 | File | `/classes/master.php?f=delete_facility` | High
|
||||
3 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
4 | File | `/ecrire` | Low
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 30 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/sophoslabs/IoCs/blob/master/Ransomware-Dharma-RaaS.csv
|
||||
* https://thedfirreport.com/2020/04/14/dharma-ransomware/
|
||||
* https://thedfirreport.com/2020/06/16/the-little-ransomware-that-couldnt-dharma/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Domestic Kitten:
|
||||
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
@ -50,41 +50,37 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/admin/config.php?display=disa&view=form` | High
|
||||
5 | File | `/appliance/users?action=edit` | High
|
||||
6 | File | `/category_view.php` | High
|
||||
7 | File | `/connectors/index.php` | High
|
||||
8 | File | `/core/model/modx/modmanagerrequest.class.php` | High
|
||||
9 | File | `/dev/kmem` | Medium
|
||||
10 | File | `/file?action=download&file` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/hub/api/user` | High
|
||||
13 | File | `/medical/inventories.php` | High
|
||||
14 | File | `/monitoring` | Medium
|
||||
15 | File | `/NAGErrors` | Medium
|
||||
16 | File | `/plugins/servlet/audit/resource` | High
|
||||
17 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
18 | File | `/proc/ioports` | High
|
||||
19 | File | `/replication` | Medium
|
||||
20 | File | `/RestAPI` | Medium
|
||||
21 | File | `/rom-0` | Low
|
||||
22 | File | `/tmp` | Low
|
||||
23 | File | `/tmp/speedtest_urls.xml` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/var/log/nginx` | High
|
||||
26 | File | `/WEB-INF/web.xml` | High
|
||||
27 | File | `/wp-admin/admin.php` | High
|
||||
28 | File | `account.asp` | Medium
|
||||
29 | File | `addentry.php` | Medium
|
||||
30 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
31 | File | `admin/index.php` | High
|
||||
32 | File | `admins.js` | Medium
|
||||
33 | File | `admin\model\catalog\download.php` | High
|
||||
34 | File | `apcupsd.pid` | Medium
|
||||
35 | File | `api/sms/send-sms` | High
|
||||
36 | ... | ... | ...
|
||||
4 | File | `/appliance/users?action=edit` | High
|
||||
5 | File | `/category_view.php` | High
|
||||
6 | File | `/connectors/index.php` | High
|
||||
7 | File | `/core/model/modx/modmanagerrequest.class.php` | High
|
||||
8 | File | `/dev/kmem` | Medium
|
||||
9 | File | `/file?action=download&file` | High
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/hub/api/user` | High
|
||||
12 | File | `/medical/inventories.php` | High
|
||||
13 | File | `/monitoring` | Medium
|
||||
14 | File | `/NAGErrors` | Medium
|
||||
15 | File | `/plugins/servlet/audit/resource` | High
|
||||
16 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
17 | File | `/replication` | Medium
|
||||
18 | File | `/RestAPI` | Medium
|
||||
19 | File | `/tmp` | Low
|
||||
20 | File | `/tmp/speedtest_urls.xml` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/var/log/nginx` | High
|
||||
23 | File | `/WEB-INF/web.xml` | High
|
||||
24 | File | `/wp-admin/admin.php` | High
|
||||
25 | File | `account.asp` | Medium
|
||||
26 | File | `addentry.php` | Medium
|
||||
27 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
28 | File | `admin/index.php` | High
|
||||
29 | File | `admins.js` | Medium
|
||||
30 | File | `admin\model\catalog\download.php` | High
|
||||
31 | File | `apcupsd.pid` | Medium
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -97,7 +97,7 @@ ID | Type | Indicator | Confidence
|
|||
34 | File | `ampie.swf` | Medium
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 301 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,96 +24,105 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [1.234.20.244](https://vuldb.com/?ip.1.234.20.244) | - | - | High
|
||||
2 | [1.234.21.73](https://vuldb.com/?ip.1.234.21.73) | - | - | High
|
||||
3 | [2.58.16.87](https://vuldb.com/?ip.2.58.16.87) | - | - | High
|
||||
4 | [2.138.111.86](https://vuldb.com/?ip.2.138.111.86) | 86.red-2-138-111.dynamicip.rima-tde.net | - | High
|
||||
5 | [3.223.115.185](https://vuldb.com/?ip.3.223.115.185) | ec2-3-223-115-185.compute-1.amazonaws.com | - | Medium
|
||||
6 | [5.2.70.173](https://vuldb.com/?ip.5.2.70.173) | - | - | High
|
||||
7 | [5.9.44.37](https://vuldb.com/?ip.5.9.44.37) | static.37.44.9.5.clients.your-server.de | - | High
|
||||
8 | [5.9.188.148](https://vuldb.com/?ip.5.9.188.148) | mta5.offerteora.com | - | High
|
||||
9 | [5.39.222.84](https://vuldb.com/?ip.5.39.222.84) | - | - | High
|
||||
10 | [5.39.222.87](https://vuldb.com/?ip.5.39.222.87) | - | - | High
|
||||
11 | [5.39.222.102](https://vuldb.com/?ip.5.39.222.102) | insideappple.com | - | High
|
||||
12 | [5.181.158.4](https://vuldb.com/?ip.5.181.158.4) | no-rdns.mivocloud.com | - | High
|
||||
13 | [5.181.158.185](https://vuldb.com/?ip.5.181.158.185) | eptgaconvic.arveanrackfli.nginpu185tcpy.cyclegakemtirebe.com | - | High
|
||||
14 | [5.181.158.186](https://vuldb.com/?ip.5.181.158.186) | iveclot186hefry.salvecra.vedescribeoff.cyclegakemtirebe.com | - | High
|
||||
15 | [5.181.158.187](https://vuldb.com/?ip.5.181.158.187) | thrivebeau.ywringimmateg.espen187dsca.cyclegakemtirebe.com | - | High
|
||||
16 | [8.210.53.215](https://vuldb.com/?ip.8.210.53.215) | - | - | High
|
||||
17 | [8.248.159.254](https://vuldb.com/?ip.8.248.159.254) | - | - | High
|
||||
18 | [8.249.217.254](https://vuldb.com/?ip.8.249.217.254) | - | - | High
|
||||
19 | [8.249.233.254](https://vuldb.com/?ip.8.249.233.254) | - | - | High
|
||||
20 | [8.253.45.214](https://vuldb.com/?ip.8.253.45.214) | - | - | High
|
||||
21 | [8.253.45.249](https://vuldb.com/?ip.8.253.45.249) | - | - | High
|
||||
22 | [8.253.131.120](https://vuldb.com/?ip.8.253.131.120) | - | - | High
|
||||
23 | [8.253.131.121](https://vuldb.com/?ip.8.253.131.121) | - | - | High
|
||||
24 | [8.253.132.120](https://vuldb.com/?ip.8.253.132.120) | - | - | High
|
||||
25 | [14.98.183.4](https://vuldb.com/?ip.14.98.183.4) | static-4.183.98.14-tataidc.co.in | - | High
|
||||
26 | [18.195.23.231](https://vuldb.com/?ip.18.195.23.231) | ec2-18-195-23-231.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
27 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
28 | [23.3.13.153](https://vuldb.com/?ip.23.3.13.153) | a23-3-13-153.deploy.static.akamaitechnologies.com | - | High
|
||||
29 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
30 | [23.3.13.155](https://vuldb.com/?ip.23.3.13.155) | a23-3-13-155.deploy.static.akamaitechnologies.com | - | High
|
||||
31 | [23.3.13.160](https://vuldb.com/?ip.23.3.13.160) | a23-3-13-160.deploy.static.akamaitechnologies.com | - | High
|
||||
32 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
|
||||
33 | [23.46.238.194](https://vuldb.com/?ip.23.46.238.194) | a23-46-238-194.deploy.static.akamaitechnologies.com | - | High
|
||||
34 | [23.148.145.208](https://vuldb.com/?ip.23.148.145.208) | geo1n3.yourtekpro.com | - | High
|
||||
35 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
|
||||
36 | [23.199.71.136](https://vuldb.com/?ip.23.199.71.136) | a23-199-71-136.deploy.static.akamaitechnologies.com | - | High
|
||||
37 | [23.199.71.185](https://vuldb.com/?ip.23.199.71.185) | a23-199-71-185.deploy.static.akamaitechnologies.com | - | High
|
||||
38 | [23.227.202.174](https://vuldb.com/?ip.23.227.202.174) | 23-227-202-174.static.hvvc.us | - | High
|
||||
39 | [23.227.203.228](https://vuldb.com/?ip.23.227.203.228) | 23-227-203-228.static.hvvc.us | - | High
|
||||
40 | [23.227.203.229](https://vuldb.com/?ip.23.227.203.229) | 23-227-203-229.static.hvvc.us | - | High
|
||||
41 | [23.254.211.213](https://vuldb.com/?ip.23.254.211.213) | client-23-254-211-213.hostwindsdns.com | - | High
|
||||
42 | [23.254.215.238](https://vuldb.com/?ip.23.254.215.238) | hwsrv-900801.hostwindsdns.com | - | High
|
||||
43 | [23.254.217.168](https://vuldb.com/?ip.23.254.217.168) | client-23-254-217-168.hostwindsdns.com | - | High
|
||||
44 | [23.254.247.5](https://vuldb.com/?ip.23.254.247.5) | hwsrv-936430.hostwindsdns.com | - | High
|
||||
45 | [23.254.247.55](https://vuldb.com/?ip.23.254.247.55) | client-23-254-247-55.hostwindsdns.com | - | High
|
||||
46 | [24.40.243.66](https://vuldb.com/?ip.24.40.243.66) | 24-40-243-66.fidnet.com | - | High
|
||||
47 | [27.60.164.164](https://vuldb.com/?ip.27.60.164.164) | - | - | High
|
||||
48 | [31.14.41.212](https://vuldb.com/?ip.31.14.41.212) | a856-motor.variouloco.com | - | High
|
||||
49 | [31.14.41.213](https://vuldb.com/?ip.31.14.41.213) | gain-compress.variouloco.com | - | High
|
||||
50 | [31.14.41.214](https://vuldb.com/?ip.31.14.41.214) | a277-exist.variouloco.com | - | High
|
||||
51 | [31.14.41.215](https://vuldb.com/?ip.31.14.41.215) | dubaibuildings.com | - | High
|
||||
52 | [31.24.30.65](https://vuldb.com/?ip.31.24.30.65) | - | - | High
|
||||
53 | [31.41.45.197](https://vuldb.com/?ip.31.41.45.197) | andrewhrenov.example.com | - | High
|
||||
54 | [31.42.177.51](https://vuldb.com/?ip.31.42.177.51) | antiques.managerpray.uk | - | High
|
||||
55 | [31.42.177.52](https://vuldb.com/?ip.31.42.177.52) | touch.managerpray.uk | - | High
|
||||
56 | [37.1.208.21](https://vuldb.com/?ip.37.1.208.21) | - | - | High
|
||||
57 | [37.1.215.144](https://vuldb.com/?ip.37.1.215.144) | - | - | High
|
||||
58 | [37.34.58.210](https://vuldb.com/?ip.37.34.58.210) | 37-34-58-210.colo.transip.net | - | High
|
||||
59 | [37.49.230.49](https://vuldb.com/?ip.37.49.230.49) | - | - | High
|
||||
60 | [37.59.52.64](https://vuldb.com/?ip.37.59.52.64) | ns3265174.ip-37-59-52.eu | - | High
|
||||
61 | [37.120.222.56](https://vuldb.com/?ip.37.120.222.56) | - | - | High
|
||||
62 | [37.120.239.185](https://vuldb.com/?ip.37.120.239.185) | - | - | High
|
||||
63 | [37.187.115.122](https://vuldb.com/?ip.37.187.115.122) | ns328855.ip-37-187-115.eu | - | High
|
||||
64 | [37.247.35.130](https://vuldb.com/?ip.37.247.35.130) | earthquake.kenic.nl | - | High
|
||||
65 | [40.122.160.14](https://vuldb.com/?ip.40.122.160.14) | - | - | High
|
||||
66 | [43.229.206.212](https://vuldb.com/?ip.43.229.206.212) | 212.subnet43-229-206.static.inet.net.id | - | High
|
||||
67 | [43.229.206.244](https://vuldb.com/?ip.43.229.206.244) | 244.subnet43-229-206.static.inet.net.id | - | High
|
||||
68 | [45.33.94.33](https://vuldb.com/?ip.45.33.94.33) | 45-33-94-33.ip.linodeusercontent.com | - | High
|
||||
69 | [45.55.134.126](https://vuldb.com/?ip.45.55.134.126) | - | - | High
|
||||
70 | [45.55.154.235](https://vuldb.com/?ip.45.55.154.235) | - | - | High
|
||||
71 | [45.58.56.12](https://vuldb.com/?ip.45.58.56.12) | - | - | High
|
||||
72 | [45.79.8.25](https://vuldb.com/?ip.45.79.8.25) | li1107-25.members.linode.com | - | High
|
||||
73 | [45.79.33.48](https://vuldb.com/?ip.45.79.33.48) | li1132-48.members.linode.com | - | High
|
||||
74 | [45.123.40.54](https://vuldb.com/?ip.45.123.40.54) | - | - | High
|
||||
75 | [45.153.241.113](https://vuldb.com/?ip.45.153.241.113) | - | - | High
|
||||
76 | [45.177.120.36](https://vuldb.com/?ip.45.177.120.36) | mail.netlimit.net.br | - | High
|
||||
77 | [46.4.232.200](https://vuldb.com/?ip.46.4.232.200) | static.200.232.4.46.clients.your-server.de | - | High
|
||||
78 | [46.36.217.227](https://vuldb.com/?ip.46.36.217.227) | - | - | High
|
||||
79 | [46.55.222.10](https://vuldb.com/?ip.46.55.222.10) | - | - | High
|
||||
80 | [46.101.90.205](https://vuldb.com/?ip.46.101.90.205) | - | - | High
|
||||
81 | [50.28.35.36](https://vuldb.com/?ip.50.28.35.36) | lprod03.ilsols.com | - | High
|
||||
82 | [51.38.124.206](https://vuldb.com/?ip.51.38.124.206) | 206.ip-51-38-124.eu | - | High
|
||||
83 | [51.77.82.110](https://vuldb.com/?ip.51.77.82.110) | web001.xwebsrv.de | - | High
|
||||
84 | [51.81.254.89](https://vuldb.com/?ip.51.81.254.89) | - | - | High
|
||||
85 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
|
||||
86 | [51.91.156.39](https://vuldb.com/?ip.51.91.156.39) | 39.ip-51-91-156.eu | - | High
|
||||
87 | [51.178.161.32](https://vuldb.com/?ip.51.178.161.32) | srv-web.ffconsulting.com | - | High
|
||||
88 | [52.73.70.149](https://vuldb.com/?ip.52.73.70.149) | ec2-52-73-70-149.compute-1.amazonaws.com | - | Medium
|
||||
89 | [52.114.132.73](https://vuldb.com/?ip.52.114.132.73) | - | - | High
|
||||
90 | [54.38.143.246](https://vuldb.com/?ip.54.38.143.246) | ip246.ip-54-38-143.eu | - | High
|
||||
91 | ... | ... | ... | ...
|
||||
4 | [2.80.178.251](https://vuldb.com/?ip.2.80.178.251) | bl19-178-251.dsl.telepac.pt | - | High
|
||||
5 | [2.138.111.86](https://vuldb.com/?ip.2.138.111.86) | 86.red-2-138-111.dynamicip.rima-tde.net | - | High
|
||||
6 | [3.223.115.185](https://vuldb.com/?ip.3.223.115.185) | ec2-3-223-115-185.compute-1.amazonaws.com | - | Medium
|
||||
7 | [5.2.70.173](https://vuldb.com/?ip.5.2.70.173) | - | - | High
|
||||
8 | [5.9.44.37](https://vuldb.com/?ip.5.9.44.37) | static.37.44.9.5.clients.your-server.de | - | High
|
||||
9 | [5.9.188.148](https://vuldb.com/?ip.5.9.188.148) | mta5.offerteora.com | - | High
|
||||
10 | [5.39.222.84](https://vuldb.com/?ip.5.39.222.84) | - | - | High
|
||||
11 | [5.39.222.87](https://vuldb.com/?ip.5.39.222.87) | - | - | High
|
||||
12 | [5.39.222.102](https://vuldb.com/?ip.5.39.222.102) | insideappple.com | - | High
|
||||
13 | [5.181.158.4](https://vuldb.com/?ip.5.181.158.4) | no-rdns.mivocloud.com | - | High
|
||||
14 | [5.181.158.185](https://vuldb.com/?ip.5.181.158.185) | eptgaconvic.arveanrackfli.nginpu185tcpy.cyclegakemtirebe.com | - | High
|
||||
15 | [5.181.158.186](https://vuldb.com/?ip.5.181.158.186) | iveclot186hefry.salvecra.vedescribeoff.cyclegakemtirebe.com | - | High
|
||||
16 | [5.181.158.187](https://vuldb.com/?ip.5.181.158.187) | thrivebeau.ywringimmateg.espen187dsca.cyclegakemtirebe.com | - | High
|
||||
17 | [8.210.53.215](https://vuldb.com/?ip.8.210.53.215) | - | - | High
|
||||
18 | [8.248.159.254](https://vuldb.com/?ip.8.248.159.254) | - | - | High
|
||||
19 | [8.249.217.254](https://vuldb.com/?ip.8.249.217.254) | - | - | High
|
||||
20 | [8.249.233.254](https://vuldb.com/?ip.8.249.233.254) | - | - | High
|
||||
21 | [8.253.45.214](https://vuldb.com/?ip.8.253.45.214) | - | - | High
|
||||
22 | [8.253.45.249](https://vuldb.com/?ip.8.253.45.249) | - | - | High
|
||||
23 | [8.253.131.120](https://vuldb.com/?ip.8.253.131.120) | - | - | High
|
||||
24 | [8.253.131.121](https://vuldb.com/?ip.8.253.131.121) | - | - | High
|
||||
25 | [8.253.132.120](https://vuldb.com/?ip.8.253.132.120) | - | - | High
|
||||
26 | [14.98.183.4](https://vuldb.com/?ip.14.98.183.4) | static-4.183.98.14-tataidc.co.in | - | High
|
||||
27 | [18.195.23.231](https://vuldb.com/?ip.18.195.23.231) | ec2-18-195-23-231.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
28 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
29 | [23.3.13.153](https://vuldb.com/?ip.23.3.13.153) | a23-3-13-153.deploy.static.akamaitechnologies.com | - | High
|
||||
30 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
31 | [23.3.13.155](https://vuldb.com/?ip.23.3.13.155) | a23-3-13-155.deploy.static.akamaitechnologies.com | - | High
|
||||
32 | [23.3.13.160](https://vuldb.com/?ip.23.3.13.160) | a23-3-13-160.deploy.static.akamaitechnologies.com | - | High
|
||||
33 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
|
||||
34 | [23.46.238.194](https://vuldb.com/?ip.23.46.238.194) | a23-46-238-194.deploy.static.akamaitechnologies.com | - | High
|
||||
35 | [23.46.239.17](https://vuldb.com/?ip.23.46.239.17) | a23-46-239-17.deploy.static.akamaitechnologies.com | - | High
|
||||
36 | [23.46.239.18](https://vuldb.com/?ip.23.46.239.18) | a23-46-239-18.deploy.static.akamaitechnologies.com | - | High
|
||||
37 | [23.148.145.208](https://vuldb.com/?ip.23.148.145.208) | geo1n3.yourtekpro.com | - | High
|
||||
38 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
|
||||
39 | [23.199.71.136](https://vuldb.com/?ip.23.199.71.136) | a23-199-71-136.deploy.static.akamaitechnologies.com | - | High
|
||||
40 | [23.199.71.185](https://vuldb.com/?ip.23.199.71.185) | a23-199-71-185.deploy.static.akamaitechnologies.com | - | High
|
||||
41 | [23.227.202.174](https://vuldb.com/?ip.23.227.202.174) | 23-227-202-174.static.hvvc.us | - | High
|
||||
42 | [23.227.203.228](https://vuldb.com/?ip.23.227.203.228) | 23-227-203-228.static.hvvc.us | - | High
|
||||
43 | [23.227.203.229](https://vuldb.com/?ip.23.227.203.229) | 23-227-203-229.static.hvvc.us | - | High
|
||||
44 | [23.254.211.213](https://vuldb.com/?ip.23.254.211.213) | client-23-254-211-213.hostwindsdns.com | - | High
|
||||
45 | [23.254.215.238](https://vuldb.com/?ip.23.254.215.238) | hwsrv-900801.hostwindsdns.com | - | High
|
||||
46 | [23.254.217.168](https://vuldb.com/?ip.23.254.217.168) | client-23-254-217-168.hostwindsdns.com | - | High
|
||||
47 | [23.254.247.5](https://vuldb.com/?ip.23.254.247.5) | hwsrv-936430.hostwindsdns.com | - | High
|
||||
48 | [23.254.247.55](https://vuldb.com/?ip.23.254.247.55) | client-23-254-247-55.hostwindsdns.com | - | High
|
||||
49 | [24.40.243.66](https://vuldb.com/?ip.24.40.243.66) | 24-40-243-66.fidnet.com | - | High
|
||||
50 | [27.60.164.164](https://vuldb.com/?ip.27.60.164.164) | - | - | High
|
||||
51 | [31.14.41.212](https://vuldb.com/?ip.31.14.41.212) | a856-motor.variouloco.com | - | High
|
||||
52 | [31.14.41.213](https://vuldb.com/?ip.31.14.41.213) | gain-compress.variouloco.com | - | High
|
||||
53 | [31.14.41.214](https://vuldb.com/?ip.31.14.41.214) | a277-exist.variouloco.com | - | High
|
||||
54 | [31.14.41.215](https://vuldb.com/?ip.31.14.41.215) | dubaibuildings.com | - | High
|
||||
55 | [31.24.30.65](https://vuldb.com/?ip.31.24.30.65) | - | - | High
|
||||
56 | [31.41.45.197](https://vuldb.com/?ip.31.41.45.197) | andrewhrenov.example.com | - | High
|
||||
57 | [31.42.177.51](https://vuldb.com/?ip.31.42.177.51) | antiques.managerpray.uk | - | High
|
||||
58 | [31.42.177.52](https://vuldb.com/?ip.31.42.177.52) | touch.managerpray.uk | - | High
|
||||
59 | [37.1.208.21](https://vuldb.com/?ip.37.1.208.21) | - | - | High
|
||||
60 | [37.1.215.144](https://vuldb.com/?ip.37.1.215.144) | - | - | High
|
||||
61 | [37.34.58.210](https://vuldb.com/?ip.37.34.58.210) | 37-34-58-210.colo.transip.net | - | High
|
||||
62 | [37.49.230.49](https://vuldb.com/?ip.37.49.230.49) | - | - | High
|
||||
63 | [37.59.52.64](https://vuldb.com/?ip.37.59.52.64) | ns3265174.ip-37-59-52.eu | - | High
|
||||
64 | [37.120.222.56](https://vuldb.com/?ip.37.120.222.56) | - | - | High
|
||||
65 | [37.120.239.185](https://vuldb.com/?ip.37.120.239.185) | - | - | High
|
||||
66 | [37.187.115.122](https://vuldb.com/?ip.37.187.115.122) | ns328855.ip-37-187-115.eu | - | High
|
||||
67 | [37.247.35.130](https://vuldb.com/?ip.37.247.35.130) | earthquake.kenic.nl | - | High
|
||||
68 | [40.122.160.14](https://vuldb.com/?ip.40.122.160.14) | - | - | High
|
||||
69 | [43.229.206.212](https://vuldb.com/?ip.43.229.206.212) | 212.subnet43-229-206.static.inet.net.id | - | High
|
||||
70 | [43.229.206.244](https://vuldb.com/?ip.43.229.206.244) | 244.subnet43-229-206.static.inet.net.id | - | High
|
||||
71 | [45.33.94.33](https://vuldb.com/?ip.45.33.94.33) | 45-33-94-33.ip.linodeusercontent.com | - | High
|
||||
72 | [45.55.134.126](https://vuldb.com/?ip.45.55.134.126) | - | - | High
|
||||
73 | [45.55.154.235](https://vuldb.com/?ip.45.55.154.235) | - | - | High
|
||||
74 | [45.58.56.12](https://vuldb.com/?ip.45.58.56.12) | - | - | High
|
||||
75 | [45.79.8.25](https://vuldb.com/?ip.45.79.8.25) | li1107-25.members.linode.com | - | High
|
||||
76 | [45.79.33.48](https://vuldb.com/?ip.45.79.33.48) | li1132-48.members.linode.com | - | High
|
||||
77 | [45.123.40.54](https://vuldb.com/?ip.45.123.40.54) | - | - | High
|
||||
78 | [45.153.241.113](https://vuldb.com/?ip.45.153.241.113) | - | - | High
|
||||
79 | [45.177.120.36](https://vuldb.com/?ip.45.177.120.36) | mail.netlimit.net.br | - | High
|
||||
80 | [46.4.232.200](https://vuldb.com/?ip.46.4.232.200) | static.200.232.4.46.clients.your-server.de | - | High
|
||||
81 | [46.36.217.227](https://vuldb.com/?ip.46.36.217.227) | - | - | High
|
||||
82 | [46.55.222.10](https://vuldb.com/?ip.46.55.222.10) | - | - | High
|
||||
83 | [46.101.90.205](https://vuldb.com/?ip.46.101.90.205) | - | - | High
|
||||
84 | [50.28.35.36](https://vuldb.com/?ip.50.28.35.36) | lprod03.ilsols.com | - | High
|
||||
85 | [51.38.124.206](https://vuldb.com/?ip.51.38.124.206) | 206.ip-51-38-124.eu | - | High
|
||||
86 | [51.77.82.110](https://vuldb.com/?ip.51.77.82.110) | web001.xwebsrv.de | - | High
|
||||
87 | [51.81.254.89](https://vuldb.com/?ip.51.81.254.89) | - | - | High
|
||||
88 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
|
||||
89 | [51.91.156.39](https://vuldb.com/?ip.51.91.156.39) | 39.ip-51-91-156.eu | - | High
|
||||
90 | [51.178.161.32](https://vuldb.com/?ip.51.178.161.32) | srv-web.ffconsulting.com | - | High
|
||||
91 | [52.73.70.149](https://vuldb.com/?ip.52.73.70.149) | ec2-52-73-70-149.compute-1.amazonaws.com | - | Medium
|
||||
92 | [52.114.132.73](https://vuldb.com/?ip.52.114.132.73) | - | - | High
|
||||
93 | [54.38.143.246](https://vuldb.com/?ip.54.38.143.246) | ip246.ip-54-38-143.eu | - | High
|
||||
94 | [54.39.34.24](https://vuldb.com/?ip.54.39.34.24) | ip24.ip-54-39-34.net | - | High
|
||||
95 | [54.39.34.26](https://vuldb.com/?ip.54.39.34.26) | ip26.ip-54-39-34.net | - | High
|
||||
96 | [54.84.136.229](https://vuldb.com/?ip.54.84.136.229) | ec2-54-84-136-229.compute-1.amazonaws.com | - | Medium
|
||||
97 | [54.191.98.150](https://vuldb.com/?ip.54.191.98.150) | ec2-54-191-98-150.us-west-2.compute.amazonaws.com | - | Medium
|
||||
98 | [59.148.253.194](https://vuldb.com/?ip.59.148.253.194) | 059148253194.ctinets.com | - | High
|
||||
99 | [62.75.161.205](https://vuldb.com/?ip.62.75.161.205) | euve251241.serverprofi24.de | - | High
|
||||
100 | ... | ... | ... | ...
|
||||
|
||||
There are 362 more IOC items available. Please use our online service to access the data.
|
||||
There are 395 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -180,7 +189,16 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://blog.talosintelligence.com/2015/04/threat-spotlight-spam-served-with-side.html
|
||||
* https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html
|
||||
* https://blog.talosintelligence.com/2019/12/threat-roundup-1213-1220.html
|
||||
* https://blog.talosintelligence.com/2020/05/threat-roundup-0424-0501.html
|
||||
* https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html
|
||||
* https://blog.talosintelligence.com/2020/07/threat-roundup-0710-0717.html
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0918-0925.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-1016-1023.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-1023-1030.html
|
||||
* https://blog.talosintelligence.com/2020/11/threat-roundup-1106-1113.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html
|
||||
* https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.html
|
||||
* https://blog.talosintelligence.com/2021/03/threat-roundup-0319-0326.html
|
||||
|
@ -207,6 +225,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+docs+pushing+Dridex/25042/
|
||||
* https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/
|
||||
* https://pastebin.com/0XNMhLP2
|
||||
* https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/
|
||||
* https://us-cert.cisa.gov/ncas/alerts/aa19-339a
|
||||
* https://vxug.fakedoma.in/archive/APTs/2021/2021.01.04(2)/Dridex.pdf
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# East Europe Unknown - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [East Europe Unknown](https://vuldb.com/?actor.east_europe_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.east_europe_unknown](https://vuldb.com/?actor.east_europe_unknown)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of East Europe Unknown.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [103.153.157.33](https://vuldb.com/?ip.103.153.157.33) | 103-153-157-33.ip.fulltimehosting.net | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://securityintelligence.com/posts/hive00117-fileless-malware-delivery-eastern-europe/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,8 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -26,283 +29,370 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
6 | [2.58.16.86](https://vuldb.com/?ip.2.58.16.86) | - | - | High
|
||||
7 | [2.58.16.89](https://vuldb.com/?ip.2.58.16.89) | - | - | High
|
||||
8 | [2.82.75.215](https://vuldb.com/?ip.2.82.75.215) | bl21-75-215.dsl.telepac.pt | - | High
|
||||
9 | [5.2.84.232](https://vuldb.com/?ip.5.2.84.232) | momos.alastyr.com | - | High
|
||||
10 | [5.2.136.90](https://vuldb.com/?ip.5.2.136.90) | static-5-2-136-90.rdsnet.ro | - | High
|
||||
11 | [5.2.182.7](https://vuldb.com/?ip.5.2.182.7) | static-5-2-182-7.rdsnet.ro | - | High
|
||||
12 | [5.2.212.254](https://vuldb.com/?ip.5.2.212.254) | static-5-2-212-254.rdsnet.ro | - | High
|
||||
13 | [5.9.116.246](https://vuldb.com/?ip.5.9.116.246) | static.246.116.9.5.clients.your-server.de | - | High
|
||||
14 | [5.9.128.163](https://vuldb.com/?ip.5.9.128.163) | static.163.128.9.5.clients.your-server.de | - | High
|
||||
15 | [5.9.189.24](https://vuldb.com/?ip.5.9.189.24) | static.24.189.9.5.clients.your-server.de | - | High
|
||||
16 | [5.12.246.155](https://vuldb.com/?ip.5.12.246.155) | 5-12-246-155.residential.rdsnet.ro | - | High
|
||||
17 | [5.35.249.46](https://vuldb.com/?ip.5.35.249.46) | rs250366.rs.hosteurope.de | - | High
|
||||
18 | [5.39.84.48](https://vuldb.com/?ip.5.39.84.48) | ns3126815.ip-5-39-84.eu | - | High
|
||||
19 | [5.39.91.110](https://vuldb.com/?ip.5.39.91.110) | ns3278366.ip-5-39-91.eu | - | High
|
||||
20 | [5.79.70.250](https://vuldb.com/?ip.5.79.70.250) | - | - | High
|
||||
21 | [5.89.33.136](https://vuldb.com/?ip.5.89.33.136) | net-5-89-33-136.cust.vodafonedsl.it | - | High
|
||||
22 | [5.101.138.188](https://vuldb.com/?ip.5.101.138.188) | uk.mthservers.com | - | High
|
||||
23 | [5.159.57.195](https://vuldb.com/?ip.5.159.57.195) | www-riedle.transfermarkt.de | - | High
|
||||
24 | [5.196.35.138](https://vuldb.com/?ip.5.196.35.138) | vps10.open-techno.net | - | High
|
||||
25 | [5.196.73.150](https://vuldb.com/?ip.5.196.73.150) | ns3000085.ip-5-196-73.eu | - | High
|
||||
26 | [5.196.133.206](https://vuldb.com/?ip.5.196.133.206) | pixelfed.hosnet.fr | - | High
|
||||
27 | [5.230.193.41](https://vuldb.com/?ip.5.230.193.41) | casagarcia-web.sys.netzfabrik.eu | - | High
|
||||
28 | [8.4.9.137](https://vuldb.com/?ip.8.4.9.137) | onlinehorizons.net | - | High
|
||||
29 | [8.247.6.134](https://vuldb.com/?ip.8.247.6.134) | - | - | High
|
||||
30 | [12.6.148.4](https://vuldb.com/?ip.12.6.148.4) | mail.carters.com | - | High
|
||||
31 | [12.6.183.21](https://vuldb.com/?ip.12.6.183.21) | - | - | High
|
||||
32 | [12.32.68.154](https://vuldb.com/?ip.12.32.68.154) | mail.sealscoinc.com | - | High
|
||||
33 | [12.149.72.170](https://vuldb.com/?ip.12.149.72.170) | - | - | High
|
||||
34 | [12.162.84.2](https://vuldb.com/?ip.12.162.84.2) | - | - | High
|
||||
35 | [12.163.208.58](https://vuldb.com/?ip.12.163.208.58) | - | - | High
|
||||
36 | [12.182.146.226](https://vuldb.com/?ip.12.182.146.226) | - | - | High
|
||||
37 | [12.184.217.101](https://vuldb.com/?ip.12.184.217.101) | - | - | High
|
||||
38 | [12.222.134.10](https://vuldb.com/?ip.12.222.134.10) | - | - | High
|
||||
39 | [12.238.114.130](https://vuldb.com/?ip.12.238.114.130) | - | - | High
|
||||
40 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
41 | [14.49.39.215](https://vuldb.com/?ip.14.49.39.215) | - | - | High
|
||||
42 | [17.56.136.171](https://vuldb.com/?ip.17.56.136.171) | p74-smtp.mail.icloud.com | - | High
|
||||
43 | [18.209.113.128](https://vuldb.com/?ip.18.209.113.128) | ec2-18-209-113-128.compute-1.amazonaws.com | - | Medium
|
||||
44 | [18.211.9.206](https://vuldb.com/?ip.18.211.9.206) | ec2-18-211-9-206.compute-1.amazonaws.com | - | Medium
|
||||
45 | [23.5.231.225](https://vuldb.com/?ip.23.5.231.225) | a23-5-231-225.deploy.static.akamaitechnologies.com | - | High
|
||||
46 | [23.6.65.194](https://vuldb.com/?ip.23.6.65.194) | a23-6-65-194.deploy.static.akamaitechnologies.com | - | High
|
||||
47 | [23.6.69.99](https://vuldb.com/?ip.23.6.69.99) | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High
|
||||
48 | [23.36.85.183](https://vuldb.com/?ip.23.36.85.183) | a23-36-85-183.deploy.static.akamaitechnologies.com | - | High
|
||||
49 | [23.41.248.194](https://vuldb.com/?ip.23.41.248.194) | a23-41-248-194.deploy.static.akamaitechnologies.com | - | High
|
||||
50 | [23.46.53.71](https://vuldb.com/?ip.23.46.53.71) | a23-46-53-71.deploy.static.akamaitechnologies.com | - | High
|
||||
51 | [23.52.7.20](https://vuldb.com/?ip.23.52.7.20) | a23-52-7-20.deploy.static.akamaitechnologies.com | - | High
|
||||
52 | [23.95.95.18](https://vuldb.com/?ip.23.95.95.18) | 23-95-95-18-host.colocrossing.com | - | High
|
||||
53 | [23.199.63.11](https://vuldb.com/?ip.23.199.63.11) | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High
|
||||
54 | [23.199.71.185](https://vuldb.com/?ip.23.199.71.185) | a23-199-71-185.deploy.static.akamaitechnologies.com | - | High
|
||||
55 | [23.218.127.164](https://vuldb.com/?ip.23.218.127.164) | a23-218-127-164.deploy.static.akamaitechnologies.com | - | High
|
||||
56 | [23.218.141.31](https://vuldb.com/?ip.23.218.141.31) | a23-218-141-31.deploy.static.akamaitechnologies.com | - | High
|
||||
57 | [23.221.50.122](https://vuldb.com/?ip.23.221.50.122) | a23-221-50-122.deploy.static.akamaitechnologies.com | - | High
|
||||
58 | [23.229.190.0](https://vuldb.com/?ip.23.229.190.0) | ip-23-229-190-0.ip.secureserver.net | - | High
|
||||
59 | [23.239.2.11](https://vuldb.com/?ip.23.239.2.11) | li683-11.members.linode.com | - | High
|
||||
60 | [23.254.203.51](https://vuldb.com/?ip.23.254.203.51) | hwsrv-779084.hostwindsdns.com | - | High
|
||||
61 | [24.40.239.62](https://vuldb.com/?ip.24.40.239.62) | 24-40-239-62.fidnet.com | - | High
|
||||
62 | [24.43.99.75](https://vuldb.com/?ip.24.43.99.75) | rrcs-24-43-99-75.west.biz.rr.com | - | High
|
||||
63 | [24.101.229.82](https://vuldb.com/?ip.24.101.229.82) | dynamic-acs-24-101-229-82.zoominternet.net | - | High
|
||||
64 | [24.116.40.208](https://vuldb.com/?ip.24.116.40.208) | 24-116-40-208.cpe.sparklight.net | - | High
|
||||
65 | [24.119.116.230](https://vuldb.com/?ip.24.119.116.230) | 24-119-116-230.cpe.sparklight.net | - | High
|
||||
66 | [24.121.176.48](https://vuldb.com/?ip.24.121.176.48) | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | - | High
|
||||
67 | [24.137.76.62](https://vuldb.com/?ip.24.137.76.62) | host-24-137-76-62.public.eastlink.ca | - | High
|
||||
68 | [24.178.90.49](https://vuldb.com/?ip.24.178.90.49) | 024-178-090-049.res.spectrum.com | - | High
|
||||
69 | [24.179.13.119](https://vuldb.com/?ip.24.179.13.119) | 024-179-013-119.res.spectrum.com | - | High
|
||||
70 | [24.190.11.79](https://vuldb.com/?ip.24.190.11.79) | ool-18be0b4f.dyn.optonline.net | - | High
|
||||
71 | [24.201.79.34](https://vuldb.com/?ip.24.201.79.34) | modemcable034.79-201-24.mc.videotron.ca | - | High
|
||||
72 | [24.203.4.40](https://vuldb.com/?ip.24.203.4.40) | modemcable040.4-203-24.mc.videotron.ca | - | High
|
||||
73 | [24.217.117.217](https://vuldb.com/?ip.24.217.117.217) | 024-217-117-217.res.spectrum.com | - | High
|
||||
74 | [24.232.228.233](https://vuldb.com/?ip.24.232.228.233) | OL233-228.fibertel.com.ar | - | High
|
||||
75 | [24.244.177.40](https://vuldb.com/?ip.24.244.177.40) | - | - | High
|
||||
76 | [27.50.89.209](https://vuldb.com/?ip.27.50.89.209) | 27-50-89-209.as45671.net | - | High
|
||||
77 | [27.78.27.110](https://vuldb.com/?ip.27.78.27.110) | localhost | - | High
|
||||
78 | [27.82.13.10](https://vuldb.com/?ip.27.82.13.10) | KD027082013010.ppp-bb.dion.ne.jp | - | High
|
||||
79 | [27.109.24.214](https://vuldb.com/?ip.27.109.24.214) | - | - | High
|
||||
80 | [27.114.9.93](https://vuldb.com/?ip.27.114.9.93) | i27-114-9-93.s41.a011.ap.plala.or.jp | - | High
|
||||
81 | [31.24.158.56](https://vuldb.com/?ip.31.24.158.56) | bm.servidoresdedicados.com | - | High
|
||||
82 | [31.167.248.50](https://vuldb.com/?ip.31.167.248.50) | - | - | High
|
||||
83 | [31.172.86.183](https://vuldb.com/?ip.31.172.86.183) | - | - | High
|
||||
84 | [35.190.87.116](https://vuldb.com/?ip.35.190.87.116) | 116.87.190.35.bc.googleusercontent.com | - | Medium
|
||||
85 | [36.91.44.183](https://vuldb.com/?ip.36.91.44.183) | - | - | High
|
||||
86 | [37.9.175.14](https://vuldb.com/?ip.37.9.175.14) | 14.175.9.37.in-addr.arpa.websupport.sk | - | High
|
||||
87 | [37.46.129.215](https://vuldb.com/?ip.37.46.129.215) | we-too.ru | - | High
|
||||
88 | [37.97.135.82](https://vuldb.com/?ip.37.97.135.82) | 37-97-135-82.colo.transip.net | - | High
|
||||
89 | [37.120.175.15](https://vuldb.com/?ip.37.120.175.15) | v220220112692175454.nicesrv.de | - | High
|
||||
90 | [37.139.21.175](https://vuldb.com/?ip.37.139.21.175) | 37.139.21.175-e2-8080-keep-up | - | High
|
||||
91 | [37.179.204.33](https://vuldb.com/?ip.37.179.204.33) | - | - | High
|
||||
92 | [37.187.4.178](https://vuldb.com/?ip.37.187.4.178) | ks2.kku.io | - | High
|
||||
93 | [37.187.57.57](https://vuldb.com/?ip.37.187.57.57) | ns3357940.ovh.net | - | High
|
||||
94 | [37.187.72.193](https://vuldb.com/?ip.37.187.72.193) | ns3362285.ip-37-187-72.eu | - | High
|
||||
95 | [37.187.161.206](https://vuldb.com/?ip.37.187.161.206) | toolbox.alabs.io | - | High
|
||||
96 | [37.205.9.252](https://vuldb.com/?ip.37.205.9.252) | s1.ithelp24.eu | - | High
|
||||
97 | [37.221.70.250](https://vuldb.com/?ip.37.221.70.250) | b2b-customer.inftele.net | - | High
|
||||
98 | [40.97.124.18](https://vuldb.com/?ip.40.97.124.18) | - | - | High
|
||||
99 | [41.76.108.46](https://vuldb.com/?ip.41.76.108.46) | - | - | High
|
||||
100 | [41.169.36.237](https://vuldb.com/?ip.41.169.36.237) | - | - | High
|
||||
101 | [41.185.28.84](https://vuldb.com/?ip.41.185.28.84) | brf01-nix01.wadns.net | - | High
|
||||
102 | [41.185.29.128](https://vuldb.com/?ip.41.185.29.128) | abp79-nix01.wadns.net | - | High
|
||||
103 | [41.204.202.41](https://vuldb.com/?ip.41.204.202.41) | www41.cpt2.host-h.net | - | High
|
||||
104 | [41.231.225.139](https://vuldb.com/?ip.41.231.225.139) | - | - | High
|
||||
105 | [42.62.40.103](https://vuldb.com/?ip.42.62.40.103) | - | - | High
|
||||
106 | [43.229.62.186](https://vuldb.com/?ip.43.229.62.186) | rocket-cheese.bnr.la | - | High
|
||||
107 | [45.16.226.117](https://vuldb.com/?ip.45.16.226.117) | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | - | High
|
||||
108 | [45.33.35.103](https://vuldb.com/?ip.45.33.35.103) | li985-103.members.linode.com | - | High
|
||||
109 | [45.33.77.42](https://vuldb.com/?ip.45.33.77.42) | li1023-42.members.linode.com | - | High
|
||||
110 | [45.46.37.97](https://vuldb.com/?ip.45.46.37.97) | cpe-45-46-37-97.maine.res.rr.com | - | High
|
||||
111 | [45.55.36.51](https://vuldb.com/?ip.45.55.36.51) | - | - | High
|
||||
112 | [45.55.219.163](https://vuldb.com/?ip.45.55.219.163) | - | - | High
|
||||
113 | [45.59.204.133](https://vuldb.com/?ip.45.59.204.133) | rrcs-45-59-204-133.west.biz.rr.com | - | High
|
||||
114 | [45.79.95.107](https://vuldb.com/?ip.45.79.95.107) | li1194-107.members.linode.com | - | High
|
||||
115 | [45.80.148.200](https://vuldb.com/?ip.45.80.148.200) | - | - | High
|
||||
116 | [45.118.115.99](https://vuldb.com/?ip.45.118.115.99) | - | - | High
|
||||
117 | [45.118.135.203](https://vuldb.com/?ip.45.118.135.203) | 45-118-135-203.ip.linodeusercontent.com | - | High
|
||||
118 | [45.142.114.231](https://vuldb.com/?ip.45.142.114.231) | mail.dounutmail.de | - | High
|
||||
119 | [45.176.232.124](https://vuldb.com/?ip.45.176.232.124) | - | - | High
|
||||
120 | [45.230.45.171](https://vuldb.com/?ip.45.230.45.171) | - | - | High
|
||||
121 | [46.4.100.178](https://vuldb.com/?ip.46.4.100.178) | support.wizard-shopservice.de | - | High
|
||||
122 | [46.4.192.185](https://vuldb.com/?ip.46.4.192.185) | static.185.192.4.46.clients.your-server.de | - | High
|
||||
123 | [46.28.111.142](https://vuldb.com/?ip.46.28.111.142) | enkindu.jsuchy.net | - | High
|
||||
124 | [46.30.213.132](https://vuldb.com/?ip.46.30.213.132) | - | - | High
|
||||
125 | [46.32.229.152](https://vuldb.com/?ip.46.32.229.152) | 094882.vps-10.com | - | High
|
||||
126 | [46.32.233.226](https://vuldb.com/?ip.46.32.233.226) | yetitoolusa.com | - | High
|
||||
127 | [46.38.238.8](https://vuldb.com/?ip.46.38.238.8) | v2202109122001163131.happysrv.de | - | High
|
||||
128 | [46.43.2.95](https://vuldb.com/?ip.46.43.2.95) | chris.default.cjenkinson.uk0.bigv.io | - | High
|
||||
129 | [46.55.222.11](https://vuldb.com/?ip.46.55.222.11) | - | - | High
|
||||
130 | [46.101.58.37](https://vuldb.com/?ip.46.101.58.37) | 46.101.58.37-e1-8080 | - | High
|
||||
131 | [46.105.81.76](https://vuldb.com/?ip.46.105.81.76) | myu0.cylipo.sbs | - | High
|
||||
132 | [46.105.114.137](https://vuldb.com/?ip.46.105.114.137) | ns3188253.ip-46-105-114.eu | - | High
|
||||
133 | [46.105.131.68](https://vuldb.com/?ip.46.105.131.68) | http.adven.fr | - | High
|
||||
134 | [46.105.131.69](https://vuldb.com/?ip.46.105.131.69) | epouventaille.adven.fr | - | High
|
||||
135 | [46.105.131.79](https://vuldb.com/?ip.46.105.131.79) | relay.adven.fr | - | High
|
||||
136 | [46.105.131.87](https://vuldb.com/?ip.46.105.131.87) | pop.adven.fr | - | High
|
||||
137 | [46.105.236.18](https://vuldb.com/?ip.46.105.236.18) | - | - | High
|
||||
138 | [46.165.212.76](https://vuldb.com/?ip.46.165.212.76) | - | - | High
|
||||
139 | [46.165.254.206](https://vuldb.com/?ip.46.165.254.206) | - | - | High
|
||||
140 | [46.214.107.142](https://vuldb.com/?ip.46.214.107.142) | 46-214-107-142.next-gen.ro | - | High
|
||||
141 | [47.36.140.164](https://vuldb.com/?ip.47.36.140.164) | 047-036-140-164.res.spectrum.com | - | High
|
||||
142 | [47.52.19.221](https://vuldb.com/?ip.47.52.19.221) | - | - | High
|
||||
143 | [47.146.39.147](https://vuldb.com/?ip.47.146.39.147) | - | - | High
|
||||
144 | [47.150.11.161](https://vuldb.com/?ip.47.150.11.161) | - | - | High
|
||||
145 | [47.188.131.94](https://vuldb.com/?ip.47.188.131.94) | - | - | High
|
||||
146 | [47.201.208.154](https://vuldb.com/?ip.47.201.208.154) | - | - | High
|
||||
147 | [47.246.24.225](https://vuldb.com/?ip.47.246.24.225) | - | - | High
|
||||
148 | [47.246.24.226](https://vuldb.com/?ip.47.246.24.226) | - | - | High
|
||||
149 | [47.246.24.230](https://vuldb.com/?ip.47.246.24.230) | - | - | High
|
||||
150 | [47.246.24.232](https://vuldb.com/?ip.47.246.24.232) | - | - | High
|
||||
151 | [49.12.121.47](https://vuldb.com/?ip.49.12.121.47) | filezilla-project.org | - | High
|
||||
152 | [49.50.209.131](https://vuldb.com/?ip.49.50.209.131) | 131.host-49-50-209.euba.megatel.co.nz | - | High
|
||||
153 | [49.212.135.76](https://vuldb.com/?ip.49.212.135.76) | os3-321-50322.vs.sakura.ne.jp | - | High
|
||||
154 | [49.212.155.94](https://vuldb.com/?ip.49.212.155.94) | os3-325-52340.vs.sakura.ne.jp | - | High
|
||||
155 | [50.23.248.182](https://vuldb.com/?ip.50.23.248.182) | b6.f8.1732.ip4.static.sl-reverse.com | - | High
|
||||
156 | [50.28.51.143](https://vuldb.com/?ip.50.28.51.143) | - | - | High
|
||||
157 | [50.30.40.196](https://vuldb.com/?ip.50.30.40.196) | usve255301.serverprofi24.com | - | High
|
||||
158 | [50.31.146.101](https://vuldb.com/?ip.50.31.146.101) | mail.brillinjurylaw.com | - | High
|
||||
159 | [50.56.135.44](https://vuldb.com/?ip.50.56.135.44) | - | - | High
|
||||
160 | [50.62.176.42](https://vuldb.com/?ip.50.62.176.42) | p3plcpnl0515.prod.phx3.secureserver.net | - | High
|
||||
161 | [50.62.176.244](https://vuldb.com/?ip.50.62.176.244) | p3plcpnl0728.prod.phx3.secureserver.net | - | High
|
||||
162 | [50.62.194.30](https://vuldb.com/?ip.50.62.194.30) | ip-50-62-194-30.ip.secureserver.net | - | High
|
||||
163 | [50.78.167.65](https://vuldb.com/?ip.50.78.167.65) | millcreek.cc | - | High
|
||||
164 | [50.87.59.65](https://vuldb.com/?ip.50.87.59.65) | 50-87-59-65.unifiedlayer.com | - | High
|
||||
165 | [50.87.144.137](https://vuldb.com/?ip.50.87.144.137) | gator3103.hostgator.com | - | High
|
||||
166 | [50.87.144.197](https://vuldb.com/?ip.50.87.144.197) | gator3161.hostgator.com | - | High
|
||||
167 | [50.87.150.177](https://vuldb.com/?ip.50.87.150.177) | 50-87-150-177.unifiedlayer.com | - | High
|
||||
168 | [50.91.114.38](https://vuldb.com/?ip.50.91.114.38) | 050-091-114-038.res.spectrum.com | - | High
|
||||
169 | [50.92.101.60](https://vuldb.com/?ip.50.92.101.60) | d50-92-101-60.bchsia.telus.net | - | High
|
||||
170 | [50.116.54.215](https://vuldb.com/?ip.50.116.54.215) | li440-215.members.linode.com | - | High
|
||||
171 | [50.116.78.109](https://vuldb.com/?ip.50.116.78.109) | intersearchmedia.com | - | High
|
||||
172 | [50.245.107.73](https://vuldb.com/?ip.50.245.107.73) | 50-245-107-73-static.hfc.comcastbusiness.net | - | High
|
||||
173 | [51.15.4.22](https://vuldb.com/?ip.51.15.4.22) | 51-15-4-22.rev.poneytelecom.eu | - | High
|
||||
174 | [51.15.7.145](https://vuldb.com/?ip.51.15.7.145) | 51-15-7-145.rev.poneytelecom.eu | - | High
|
||||
175 | [51.38.201.19](https://vuldb.com/?ip.51.38.201.19) | ip19.ip-51-38-201.eu | - | High
|
||||
176 | [51.75.33.120](https://vuldb.com/?ip.51.75.33.120) | ip120.ip-51-75-33.eu | - | High
|
||||
177 | [51.75.33.127](https://vuldb.com/?ip.51.75.33.127) | ip127.ip-51-75-33.eu | - | High
|
||||
178 | [51.89.36.180](https://vuldb.com/?ip.51.89.36.180) | ip180.ip-51-89-36.eu | - | High
|
||||
179 | [51.89.199.141](https://vuldb.com/?ip.51.89.199.141) | ip141.ip-51-89-199.eu | - | High
|
||||
180 | [51.91.7.5](https://vuldb.com/?ip.51.91.7.5) | ns3147667.ip-51-91-7.eu | - | High
|
||||
181 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
|
||||
182 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
|
||||
183 | [51.159.35.157](https://vuldb.com/?ip.51.159.35.157) | 51-159-35-157.rev.poneytelecom.eu | - | High
|
||||
184 | [51.254.140.238](https://vuldb.com/?ip.51.254.140.238) | 238.ip-51-254-140.eu | - | High
|
||||
185 | [51.255.50.164](https://vuldb.com/?ip.51.255.50.164) | vps-b6cfe010.vps.ovh.net | - | High
|
||||
186 | [51.255.165.160](https://vuldb.com/?ip.51.255.165.160) | 160.ip-51-255-165.eu | - | High
|
||||
187 | [52.31.99.185](https://vuldb.com/?ip.52.31.99.185) | ec2-52-31-99-185.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
188 | [52.66.202.63](https://vuldb.com/?ip.52.66.202.63) | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
189 | [52.96.38.82](https://vuldb.com/?ip.52.96.38.82) | - | - | High
|
||||
190 | [54.38.143.245](https://vuldb.com/?ip.54.38.143.245) | tools.inovato.me | - | High
|
||||
191 | [58.27.215.3](https://vuldb.com/?ip.58.27.215.3) | 58-27-215-3.wateen.net | - | High
|
||||
192 | [58.94.58.13](https://vuldb.com/?ip.58.94.58.13) | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High
|
||||
193 | [58.216.16.130](https://vuldb.com/?ip.58.216.16.130) | - | - | High
|
||||
194 | [58.227.42.236](https://vuldb.com/?ip.58.227.42.236) | - | - | High
|
||||
195 | [59.124.1.19](https://vuldb.com/?ip.59.124.1.19) | 59-124-1-19.hinet-ip.hinet.net | - | High
|
||||
196 | [59.148.253.194](https://vuldb.com/?ip.59.148.253.194) | 059148253194.ctinets.com | - | High
|
||||
197 | [59.152.93.46](https://vuldb.com/?ip.59.152.93.46) | 46.93.152.59.zipnetltd.com | - | High
|
||||
198 | [60.93.23.51](https://vuldb.com/?ip.60.93.23.51) | softbank060093023051.bbtec.net | - | High
|
||||
199 | [60.108.128.186](https://vuldb.com/?ip.60.108.128.186) | softbank060108128186.bbtec.net | - | High
|
||||
200 | [60.125.114.64](https://vuldb.com/?ip.60.125.114.64) | softbank060125114064.bbtec.net | - | High
|
||||
201 | [60.249.78.226](https://vuldb.com/?ip.60.249.78.226) | 60-249-78-226.hinet-ip.hinet.net | - | High
|
||||
202 | [61.19.246.238](https://vuldb.com/?ip.61.19.246.238) | - | - | High
|
||||
203 | [62.30.7.67](https://vuldb.com/?ip.62.30.7.67) | 67.7-30-62.static.virginmediabusiness.co.uk | - | High
|
||||
204 | [62.75.141.82](https://vuldb.com/?ip.62.75.141.82) | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High
|
||||
205 | [62.84.75.50](https://vuldb.com/?ip.62.84.75.50) | mail.saadegrp.com.lb | - | High
|
||||
206 | [62.171.142.179](https://vuldb.com/?ip.62.171.142.179) | vmi499457.contaboserver.net | - | High
|
||||
207 | [62.210.127.136](https://vuldb.com/?ip.62.210.127.136) | 62-210-127-136.rev.poneytelecom.eu | - | High
|
||||
208 | [62.212.34.102](https://vuldb.com/?ip.62.212.34.102) | - | - | High
|
||||
209 | [64.4.244.68](https://vuldb.com/?ip.64.4.244.68) | - | - | High
|
||||
210 | [64.26.60.221](https://vuldb.com/?ip.64.26.60.221) | pop5.csee.onr.siteprotect.com | - | High
|
||||
211 | [64.59.136.142](https://vuldb.com/?ip.64.59.136.142) | mail.shaw.ca | - | High
|
||||
212 | [64.60.82.82](https://vuldb.com/?ip.64.60.82.82) | 64-60-82-82.static-ip.telepacific.net | - | High
|
||||
213 | [64.71.36.11](https://vuldb.com/?ip.64.71.36.11) | - | - | High
|
||||
214 | [64.85.73.16](https://vuldb.com/?ip.64.85.73.16) | - | - | High
|
||||
215 | [64.90.62.162](https://vuldb.com/?ip.64.90.62.162) | pop.dreamhost.com | - | High
|
||||
216 | [64.91.228.45](https://vuldb.com/?ip.64.91.228.45) | - | - | High
|
||||
217 | [64.98.36.5](https://vuldb.com/?ip.64.98.36.5) | mail.b.hostedemail.com | - | High
|
||||
218 | [64.190.63.136](https://vuldb.com/?ip.64.190.63.136) | - | - | High
|
||||
219 | [64.207.182.168](https://vuldb.com/?ip.64.207.182.168) | - | - | High
|
||||
220 | [64.250.117.68](https://vuldb.com/?ip.64.250.117.68) | smtp.movistarcloud.com.ve | - | High
|
||||
221 | [65.49.60.163](https://vuldb.com/?ip.65.49.60.163) | 65-49-60-163.ip.linodeusercontent.com | - | High
|
||||
222 | [65.55.72.183](https://vuldb.com/?ip.65.55.72.183) | origin.sn134w.snt134.mail.live.com | - | High
|
||||
223 | [65.182.102.90](https://vuldb.com/?ip.65.182.102.90) | mail.geantes.com | - | High
|
||||
224 | [65.254.228.100](https://vuldb.com/?ip.65.254.228.100) | customer.hostcentric.com | - | High
|
||||
225 | [66.23.200.58](https://vuldb.com/?ip.66.23.200.58) | - | - | High
|
||||
226 | [66.50.57.73](https://vuldb.com/?ip.66.50.57.73) | 66-50-57-73.prtc.net | - | High
|
||||
227 | [66.54.51.172](https://vuldb.com/?ip.66.54.51.172) | - | - | High
|
||||
228 | [66.71.241.102](https://vuldb.com/?ip.66.71.241.102) | mail.nixhost.net | - | High
|
||||
229 | [66.76.26.33](https://vuldb.com/?ip.66.76.26.33) | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High
|
||||
230 | [66.96.134.1](https://vuldb.com/?ip.66.96.134.1) | 1.134.96.66.static.eigbox.net | - | High
|
||||
231 | [66.96.147.103](https://vuldb.com/?ip.66.96.147.103) | 103.147.96.66.static.eigbox.net | - | High
|
||||
232 | [66.96.147.110](https://vuldb.com/?ip.66.96.147.110) | 110.147.96.66.static.eigbox.net | - | High
|
||||
233 | [66.195.202.115](https://vuldb.com/?ip.66.195.202.115) | mail.navarac.com | - | High
|
||||
234 | [66.209.69.165](https://vuldb.com/?ip.66.209.69.165) | - | - | High
|
||||
235 | [66.216.234.131](https://vuldb.com/?ip.66.216.234.131) | 066-216-234-131.res.spectrum.com | - | High
|
||||
236 | [66.220.110.56](https://vuldb.com/?ip.66.220.110.56) | h66-220-110-56.bendor.broadband.dynamic.tds.net | - | High
|
||||
237 | [66.228.32.31](https://vuldb.com/?ip.66.228.32.31) | li282-31.members.linode.com | - | High
|
||||
238 | [66.228.45.129](https://vuldb.com/?ip.66.228.45.129) | li326-129.members.linode.com | - | High
|
||||
239 | [66.228.61.248](https://vuldb.com/?ip.66.228.61.248) | li318-248.members.linode.com | - | High
|
||||
240 | [67.19.105.107](https://vuldb.com/?ip.67.19.105.107) | ns2.datatrust.com.br | - | High
|
||||
241 | [67.68.235.25](https://vuldb.com/?ip.67.68.235.25) | bas10-montrealak-67-68-235-25.dsl.bell.ca | - | High
|
||||
242 | [67.170.250.203](https://vuldb.com/?ip.67.170.250.203) | c-67-170-250-203.hsd1.ca.comcast.net | - | High
|
||||
243 | [67.177.71.77](https://vuldb.com/?ip.67.177.71.77) | c-67-177-71-77.hsd1.al.comcast.net | - | High
|
||||
244 | [67.195.197.75](https://vuldb.com/?ip.67.195.197.75) | p9ats-i.geo.vip.bf1.yahoo.com | - | High
|
||||
245 | [67.195.228.95](https://vuldb.com/?ip.67.195.228.95) | unknown.yahoo.com | - | High
|
||||
246 | [67.216.131.134](https://vuldb.com/?ip.67.216.131.134) | 134.131.216.67.134.static.hargray.net | - | High
|
||||
247 | [67.222.2.148](https://vuldb.com/?ip.67.222.2.148) | - | - | High
|
||||
248 | [67.225.218.50](https://vuldb.com/?ip.67.225.218.50) | lb01.parklogic.com | - | High
|
||||
249 | [67.225.221.173](https://vuldb.com/?ip.67.225.221.173) | host.hddpool2.net | - | High
|
||||
250 | [67.241.81.253](https://vuldb.com/?ip.67.241.81.253) | cpe-67-241-81-253.twcny.res.rr.com | - | High
|
||||
251 | [68.2.97.91](https://vuldb.com/?ip.68.2.97.91) | ip68-2-97-91.ph.ph.cox.net | - | High
|
||||
252 | [68.66.194.12](https://vuldb.com/?ip.68.66.194.12) | 68.66.194.12.static.a2webhosting.com | - | High
|
||||
253 | [68.178.213.203](https://vuldb.com/?ip.68.178.213.203) | p3plibsmtp03-v01.prod.phx3.secureserver.net | - | High
|
||||
254 | [68.183.170.114](https://vuldb.com/?ip.68.183.170.114) | 68.183.170.114-e1-8080-keep-up | - | High
|
||||
255 | [68.183.190.199](https://vuldb.com/?ip.68.183.190.199) | 68.183.190.199-e1-8080-keep-up | - | High
|
||||
256 | [69.16.228.14](https://vuldb.com/?ip.69.16.228.14) | kurt.duplika.com | - | High
|
||||
257 | [69.17.170.58](https://vuldb.com/?ip.69.17.170.58) | unallocated-static.rogers.com | - | High
|
||||
258 | [69.43.168.200](https://vuldb.com/?ip.69.43.168.200) | ns0.imunplugged.com | - | High
|
||||
259 | [69.43.168.232](https://vuldb.com/?ip.69.43.168.232) | - | - | High
|
||||
260 | [69.45.19.251](https://vuldb.com/?ip.69.45.19.251) | coastinet.com | - | High
|
||||
261 | [69.61.0.198](https://vuldb.com/?ip.69.61.0.198) | alpha01.serverparlor.net | - | High
|
||||
262 | [69.147.92.11](https://vuldb.com/?ip.69.147.92.11) | e1.ycpi.vip.dca.yahoo.com | - | High
|
||||
263 | [69.147.92.12](https://vuldb.com/?ip.69.147.92.12) | e2.ycpi.vip.dca.yahoo.com | - | High
|
||||
264 | [69.156.240.33](https://vuldb.com/?ip.69.156.240.33) | smtp.transportalliance.ca | - | High
|
||||
265 | [69.163.33.82](https://vuldb.com/?ip.69.163.33.82) | - | - | High
|
||||
266 | [69.167.152.111](https://vuldb.com/?ip.69.167.152.111) | - | - | High
|
||||
267 | [69.168.106.36](https://vuldb.com/?ip.69.168.106.36) | mail.windstream.syn-alias.com | - | High
|
||||
268 | [69.175.31.212](https://vuldb.com/?ip.69.175.31.212) | 212.31.175.69.unassigned.ord.singlehop.net | - | High
|
||||
269 | [69.198.17.20](https://vuldb.com/?ip.69.198.17.20) | 69-198-17-20.customerip.birch.net | - | High
|
||||
270 | [69.198.17.49](https://vuldb.com/?ip.69.198.17.49) | 69-198-17-49.customerip.birch.net | - | High
|
||||
271 | [70.32.84.74](https://vuldb.com/?ip.70.32.84.74) | - | - | High
|
||||
272 | [70.32.89.105](https://vuldb.com/?ip.70.32.89.105) | parties-at-sea.com | - | High
|
||||
273 | [70.32.92.133](https://vuldb.com/?ip.70.32.92.133) | popdesigngroup.com | - | High
|
||||
274 | [70.32.115.157](https://vuldb.com/?ip.70.32.115.157) | harpotripofalifetime.com | - | High
|
||||
275 | [70.36.102.35](https://vuldb.com/?ip.70.36.102.35) | - | - | High
|
||||
276 | [70.45.30.28](https://vuldb.com/?ip.70.45.30.28) | dynamic.libertypr.net | - | High
|
||||
277 | [70.168.7.6](https://vuldb.com/?ip.70.168.7.6) | wsip-70-168-7-6.ri.ri.cox.net | - | High
|
||||
278 | [70.182.77.184](https://vuldb.com/?ip.70.182.77.184) | wsip-70-182-77-184.ok.ok.cox.net | - | High
|
||||
279 | [70.183.113.54](https://vuldb.com/?ip.70.183.113.54) | wsip-70-183-113-54.no.no.cox.net | - | High
|
||||
280 | [70.184.86.103](https://vuldb.com/?ip.70.184.86.103) | wsip-70-184-86-103.ph.ph.cox.net | - | High
|
||||
281 | [70.184.125.132](https://vuldb.com/?ip.70.184.125.132) | wsip-70-184-125-132.ph.ph.cox.net | - | High
|
||||
282 | [71.8.1.188](https://vuldb.com/?ip.71.8.1.188) | 071-008-001-188.res.spectrum.com | - | High
|
||||
283 | ... | ... | ... | ...
|
||||
9 | [5.2.75.167](https://vuldb.com/?ip.5.2.75.167) | coms.a9v34.com.cn | - | High
|
||||
10 | [5.2.84.232](https://vuldb.com/?ip.5.2.84.232) | momos.alastyr.com | - | High
|
||||
11 | [5.2.136.90](https://vuldb.com/?ip.5.2.136.90) | static-5-2-136-90.rdsnet.ro | - | High
|
||||
12 | [5.2.182.7](https://vuldb.com/?ip.5.2.182.7) | static-5-2-182-7.rdsnet.ro | - | High
|
||||
13 | [5.2.212.254](https://vuldb.com/?ip.5.2.212.254) | static-5-2-212-254.rdsnet.ro | - | High
|
||||
14 | [5.9.116.246](https://vuldb.com/?ip.5.9.116.246) | static.246.116.9.5.clients.your-server.de | - | High
|
||||
15 | [5.9.128.163](https://vuldb.com/?ip.5.9.128.163) | static.163.128.9.5.clients.your-server.de | - | High
|
||||
16 | [5.9.189.24](https://vuldb.com/?ip.5.9.189.24) | static.24.189.9.5.clients.your-server.de | - | High
|
||||
17 | [5.12.246.155](https://vuldb.com/?ip.5.12.246.155) | 5-12-246-155.residential.rdsnet.ro | - | High
|
||||
18 | [5.35.249.46](https://vuldb.com/?ip.5.35.249.46) | rs250366.rs.hosteurope.de | - | High
|
||||
19 | [5.39.84.48](https://vuldb.com/?ip.5.39.84.48) | ns3126815.ip-5-39-84.eu | - | High
|
||||
20 | [5.39.91.110](https://vuldb.com/?ip.5.39.91.110) | ns3278366.ip-5-39-91.eu | - | High
|
||||
21 | [5.45.108.146](https://vuldb.com/?ip.5.45.108.146) | cosmo.jumpingcrab.com | - | High
|
||||
22 | [5.56.56.146](https://vuldb.com/?ip.5.56.56.146) | sites1.tucomunidad.cloud | - | High
|
||||
23 | [5.79.70.250](https://vuldb.com/?ip.5.79.70.250) | - | - | High
|
||||
24 | [5.89.33.136](https://vuldb.com/?ip.5.89.33.136) | net-5-89-33-136.cust.vodafonedsl.it | - | High
|
||||
25 | [5.101.138.188](https://vuldb.com/?ip.5.101.138.188) | uk.mthservers.com | - | High
|
||||
26 | [5.159.57.195](https://vuldb.com/?ip.5.159.57.195) | www-riedle.transfermarkt.de | - | High
|
||||
27 | [5.196.35.138](https://vuldb.com/?ip.5.196.35.138) | vps10.open-techno.net | - | High
|
||||
28 | [5.196.73.150](https://vuldb.com/?ip.5.196.73.150) | ns3000085.ip-5-196-73.eu | - | High
|
||||
29 | [5.196.133.206](https://vuldb.com/?ip.5.196.133.206) | pixelfed.hosnet.fr | - | High
|
||||
30 | [5.230.193.41](https://vuldb.com/?ip.5.230.193.41) | casagarcia-web.sys.netzfabrik.eu | - | High
|
||||
31 | [8.4.9.137](https://vuldb.com/?ip.8.4.9.137) | onlinehorizons.net | - | High
|
||||
32 | [8.247.6.134](https://vuldb.com/?ip.8.247.6.134) | - | - | High
|
||||
33 | [8.248.153.254](https://vuldb.com/?ip.8.248.153.254) | - | - | High
|
||||
34 | [8.248.163.254](https://vuldb.com/?ip.8.248.163.254) | - | - | High
|
||||
35 | [8.249.219.254](https://vuldb.com/?ip.8.249.219.254) | - | - | High
|
||||
36 | [8.249.241.254](https://vuldb.com/?ip.8.249.241.254) | - | - | High
|
||||
37 | [8.253.45.214](https://vuldb.com/?ip.8.253.45.214) | - | - | High
|
||||
38 | [8.253.131.121](https://vuldb.com/?ip.8.253.131.121) | - | - | High
|
||||
39 | [12.6.148.4](https://vuldb.com/?ip.12.6.148.4) | mail.carters.com | - | High
|
||||
40 | [12.6.183.21](https://vuldb.com/?ip.12.6.183.21) | - | - | High
|
||||
41 | [12.32.68.154](https://vuldb.com/?ip.12.32.68.154) | mail.sealscoinc.com | - | High
|
||||
42 | [12.149.72.170](https://vuldb.com/?ip.12.149.72.170) | - | - | High
|
||||
43 | [12.162.84.2](https://vuldb.com/?ip.12.162.84.2) | - | - | High
|
||||
44 | [12.163.208.58](https://vuldb.com/?ip.12.163.208.58) | - | - | High
|
||||
45 | [12.182.146.226](https://vuldb.com/?ip.12.182.146.226) | - | - | High
|
||||
46 | [12.184.217.101](https://vuldb.com/?ip.12.184.217.101) | - | - | High
|
||||
47 | [12.222.134.10](https://vuldb.com/?ip.12.222.134.10) | - | - | High
|
||||
48 | [12.238.114.130](https://vuldb.com/?ip.12.238.114.130) | - | - | High
|
||||
49 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
50 | [14.49.39.215](https://vuldb.com/?ip.14.49.39.215) | - | - | High
|
||||
51 | [17.36.205.74](https://vuldb.com/?ip.17.36.205.74) | - | - | High
|
||||
52 | [17.56.136.171](https://vuldb.com/?ip.17.56.136.171) | p74-smtp.mail.icloud.com | - | High
|
||||
53 | [18.209.113.128](https://vuldb.com/?ip.18.209.113.128) | ec2-18-209-113-128.compute-1.amazonaws.com | - | Medium
|
||||
54 | [18.211.9.206](https://vuldb.com/?ip.18.211.9.206) | ec2-18-211-9-206.compute-1.amazonaws.com | - | Medium
|
||||
55 | [18.217.99.164](https://vuldb.com/?ip.18.217.99.164) | ec2-18-217-99-164.us-east-2.compute.amazonaws.com | - | Medium
|
||||
56 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
57 | [23.3.13.146](https://vuldb.com/?ip.23.3.13.146) | a23-3-13-146.deploy.static.akamaitechnologies.com | - | High
|
||||
58 | [23.3.13.153](https://vuldb.com/?ip.23.3.13.153) | a23-3-13-153.deploy.static.akamaitechnologies.com | - | High
|
||||
59 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
60 | [23.5.231.225](https://vuldb.com/?ip.23.5.231.225) | a23-5-231-225.deploy.static.akamaitechnologies.com | - | High
|
||||
61 | [23.6.65.194](https://vuldb.com/?ip.23.6.65.194) | a23-6-65-194.deploy.static.akamaitechnologies.com | - | High
|
||||
62 | [23.6.69.99](https://vuldb.com/?ip.23.6.69.99) | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High
|
||||
63 | [23.36.85.183](https://vuldb.com/?ip.23.36.85.183) | a23-36-85-183.deploy.static.akamaitechnologies.com | - | High
|
||||
64 | [23.41.248.194](https://vuldb.com/?ip.23.41.248.194) | a23-41-248-194.deploy.static.akamaitechnologies.com | - | High
|
||||
65 | [23.46.53.71](https://vuldb.com/?ip.23.46.53.71) | a23-46-53-71.deploy.static.akamaitechnologies.com | - | High
|
||||
66 | [23.46.238.193](https://vuldb.com/?ip.23.46.238.193) | a23-46-238-193.deploy.static.akamaitechnologies.com | - | High
|
||||
67 | [23.46.238.194](https://vuldb.com/?ip.23.46.238.194) | a23-46-238-194.deploy.static.akamaitechnologies.com | - | High
|
||||
68 | [23.46.238.232](https://vuldb.com/?ip.23.46.238.232) | a23-46-238-232.deploy.static.akamaitechnologies.com | - | High
|
||||
69 | [23.52.7.20](https://vuldb.com/?ip.23.52.7.20) | a23-52-7-20.deploy.static.akamaitechnologies.com | - | High
|
||||
70 | [23.95.95.18](https://vuldb.com/?ip.23.95.95.18) | 23-95-95-18-host.colocrossing.com | - | High
|
||||
71 | [23.111.156.118](https://vuldb.com/?ip.23.111.156.118) | 23-111-156-118.static.hvvc.us | - | High
|
||||
72 | [23.197.19.180](https://vuldb.com/?ip.23.197.19.180) | a23-197-19-180.deploy.static.akamaitechnologies.com | - | High
|
||||
73 | [23.199.63.11](https://vuldb.com/?ip.23.199.63.11) | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High
|
||||
74 | [23.199.71.185](https://vuldb.com/?ip.23.199.71.185) | a23-199-71-185.deploy.static.akamaitechnologies.com | - | High
|
||||
75 | [23.218.127.164](https://vuldb.com/?ip.23.218.127.164) | a23-218-127-164.deploy.static.akamaitechnologies.com | - | High
|
||||
76 | [23.218.141.31](https://vuldb.com/?ip.23.218.141.31) | a23-218-141-31.deploy.static.akamaitechnologies.com | - | High
|
||||
77 | [23.221.50.122](https://vuldb.com/?ip.23.221.50.122) | a23-221-50-122.deploy.static.akamaitechnologies.com | - | High
|
||||
78 | [23.227.38.64](https://vuldb.com/?ip.23.227.38.64) | shops.myshopify.com | - | High
|
||||
79 | [23.229.115.217](https://vuldb.com/?ip.23.229.115.217) | - | - | High
|
||||
80 | [23.229.190.0](https://vuldb.com/?ip.23.229.190.0) | ip-23-229-190-0.ip.secureserver.net | - | High
|
||||
81 | [23.239.2.11](https://vuldb.com/?ip.23.239.2.11) | li683-11.members.linode.com | - | High
|
||||
82 | [23.254.203.51](https://vuldb.com/?ip.23.254.203.51) | hwsrv-779084.hostwindsdns.com | - | High
|
||||
83 | [24.40.239.62](https://vuldb.com/?ip.24.40.239.62) | 24-40-239-62.fidnet.com | - | High
|
||||
84 | [24.43.99.75](https://vuldb.com/?ip.24.43.99.75) | rrcs-24-43-99-75.west.biz.rr.com | - | High
|
||||
85 | [24.101.229.82](https://vuldb.com/?ip.24.101.229.82) | dynamic-acs-24-101-229-82.zoominternet.net | - | High
|
||||
86 | [24.116.40.208](https://vuldb.com/?ip.24.116.40.208) | 24-116-40-208.cpe.sparklight.net | - | High
|
||||
87 | [24.119.116.230](https://vuldb.com/?ip.24.119.116.230) | 24-119-116-230.cpe.sparklight.net | - | High
|
||||
88 | [24.121.176.48](https://vuldb.com/?ip.24.121.176.48) | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | - | High
|
||||
89 | [24.137.76.62](https://vuldb.com/?ip.24.137.76.62) | host-24-137-76-62.public.eastlink.ca | - | High
|
||||
90 | [24.178.90.49](https://vuldb.com/?ip.24.178.90.49) | 024-178-090-049.res.spectrum.com | - | High
|
||||
91 | [24.179.13.119](https://vuldb.com/?ip.24.179.13.119) | 024-179-013-119.res.spectrum.com | - | High
|
||||
92 | [24.190.11.79](https://vuldb.com/?ip.24.190.11.79) | ool-18be0b4f.dyn.optonline.net | - | High
|
||||
93 | [24.201.79.34](https://vuldb.com/?ip.24.201.79.34) | modemcable034.79-201-24.mc.videotron.ca | - | High
|
||||
94 | [24.203.4.40](https://vuldb.com/?ip.24.203.4.40) | modemcable040.4-203-24.mc.videotron.ca | - | High
|
||||
95 | [24.217.117.217](https://vuldb.com/?ip.24.217.117.217) | 024-217-117-217.res.spectrum.com | - | High
|
||||
96 | [24.232.0.227](https://vuldb.com/?ip.24.232.0.227) | smtp.fibertel.com.ar | - | High
|
||||
97 | [24.232.228.233](https://vuldb.com/?ip.24.232.228.233) | OL233-228.fibertel.com.ar | - | High
|
||||
98 | [24.244.177.40](https://vuldb.com/?ip.24.244.177.40) | - | - | High
|
||||
99 | [27.50.89.209](https://vuldb.com/?ip.27.50.89.209) | 27-50-89-209.as45671.net | - | High
|
||||
100 | [27.78.27.110](https://vuldb.com/?ip.27.78.27.110) | localhost | - | High
|
||||
101 | [27.82.13.10](https://vuldb.com/?ip.27.82.13.10) | KD027082013010.ppp-bb.dion.ne.jp | - | High
|
||||
102 | [27.109.24.214](https://vuldb.com/?ip.27.109.24.214) | - | - | High
|
||||
103 | [27.114.9.93](https://vuldb.com/?ip.27.114.9.93) | i27-114-9-93.s41.a011.ap.plala.or.jp | - | High
|
||||
104 | [27.254.81.87](https://vuldb.com/?ip.27.254.81.87) | cloud-linux09.thaidata.net | - | High
|
||||
105 | [31.24.158.56](https://vuldb.com/?ip.31.24.158.56) | bm.servidoresdedicados.com | - | High
|
||||
106 | [31.167.248.50](https://vuldb.com/?ip.31.167.248.50) | - | - | High
|
||||
107 | [31.172.86.183](https://vuldb.com/?ip.31.172.86.183) | - | - | High
|
||||
108 | [34.192.19.33](https://vuldb.com/?ip.34.192.19.33) | ec2-34-192-19-33.compute-1.amazonaws.com | - | Medium
|
||||
109 | [35.184.245.68](https://vuldb.com/?ip.35.184.245.68) | 68.245.184.35.bc.googleusercontent.com | - | Medium
|
||||
110 | [35.190.87.116](https://vuldb.com/?ip.35.190.87.116) | 116.87.190.35.bc.googleusercontent.com | - | Medium
|
||||
111 | [35.203.98.50](https://vuldb.com/?ip.35.203.98.50) | 50.98.203.35.bc.googleusercontent.com | - | Medium
|
||||
112 | [35.213.151.141](https://vuldb.com/?ip.35.213.151.141) | 141.151.213.35.bc.googleusercontent.com | - | Medium
|
||||
113 | [35.214.151.75](https://vuldb.com/?ip.35.214.151.75) | 75.151.214.35.bc.googleusercontent.com | - | Medium
|
||||
114 | [36.91.44.183](https://vuldb.com/?ip.36.91.44.183) | - | - | High
|
||||
115 | [37.9.175.14](https://vuldb.com/?ip.37.9.175.14) | 14.175.9.37.in-addr.arpa.websupport.sk | - | High
|
||||
116 | [37.46.129.215](https://vuldb.com/?ip.37.46.129.215) | we-too.ru | - | High
|
||||
117 | [37.97.135.82](https://vuldb.com/?ip.37.97.135.82) | 37-97-135-82.colo.transip.net | - | High
|
||||
118 | [37.120.175.15](https://vuldb.com/?ip.37.120.175.15) | v220220112692175454.nicesrv.de | - | High
|
||||
119 | [37.139.21.175](https://vuldb.com/?ip.37.139.21.175) | 37.139.21.175-e2-8080-keep-up | - | High
|
||||
120 | [37.179.204.33](https://vuldb.com/?ip.37.179.204.33) | - | - | High
|
||||
121 | [37.187.4.178](https://vuldb.com/?ip.37.187.4.178) | ks2.kku.io | - | High
|
||||
122 | [37.187.5.82](https://vuldb.com/?ip.37.187.5.82) | ks3370412.kimsufi.com | - | High
|
||||
123 | [37.187.56.166](https://vuldb.com/?ip.37.187.56.166) | - | - | High
|
||||
124 | [37.187.57.57](https://vuldb.com/?ip.37.187.57.57) | ns3357940.ovh.net | - | High
|
||||
125 | [37.187.72.193](https://vuldb.com/?ip.37.187.72.193) | ns3362285.ip-37-187-72.eu | - | High
|
||||
126 | [37.187.161.206](https://vuldb.com/?ip.37.187.161.206) | toolbox.alabs.io | - | High
|
||||
127 | [37.205.9.252](https://vuldb.com/?ip.37.205.9.252) | s1.ithelp24.eu | - | High
|
||||
128 | [37.221.70.250](https://vuldb.com/?ip.37.221.70.250) | b2b-customer.inftele.net | - | High
|
||||
129 | [37.228.137.204](https://vuldb.com/?ip.37.228.137.204) | wiki.lmap.ir | - | High
|
||||
130 | [37.247.101.241](https://vuldb.com/?ip.37.247.101.241) | server241.turkwebdizayn.com | - | High
|
||||
131 | [40.97.124.18](https://vuldb.com/?ip.40.97.124.18) | - | - | High
|
||||
132 | [41.76.108.46](https://vuldb.com/?ip.41.76.108.46) | - | - | High
|
||||
133 | [41.169.20.147](https://vuldb.com/?ip.41.169.20.147) | - | - | High
|
||||
134 | [41.169.36.237](https://vuldb.com/?ip.41.169.36.237) | - | - | High
|
||||
135 | [41.185.28.84](https://vuldb.com/?ip.41.185.28.84) | brf01-nix01.wadns.net | - | High
|
||||
136 | [41.185.29.128](https://vuldb.com/?ip.41.185.29.128) | abp79-nix01.wadns.net | - | High
|
||||
137 | [41.190.32.8](https://vuldb.com/?ip.41.190.32.8) | smtp11.utande.co.zw | - | High
|
||||
138 | [41.203.62.170](https://vuldb.com/?ip.41.203.62.170) | - | - | High
|
||||
139 | [41.204.202.41](https://vuldb.com/?ip.41.204.202.41) | www41.cpt2.host-h.net | - | High
|
||||
140 | [41.231.225.139](https://vuldb.com/?ip.41.231.225.139) | - | - | High
|
||||
141 | [42.62.40.103](https://vuldb.com/?ip.42.62.40.103) | - | - | High
|
||||
142 | [43.229.62.186](https://vuldb.com/?ip.43.229.62.186) | rocket-cheese.bnr.la | - | High
|
||||
143 | [45.16.226.117](https://vuldb.com/?ip.45.16.226.117) | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | - | High
|
||||
144 | [45.33.35.103](https://vuldb.com/?ip.45.33.35.103) | li985-103.members.linode.com | - | High
|
||||
145 | [45.33.54.74](https://vuldb.com/?ip.45.33.54.74) | li1004-74.members.linode.com | - | High
|
||||
146 | [45.33.77.42](https://vuldb.com/?ip.45.33.77.42) | li1023-42.members.linode.com | - | High
|
||||
147 | [45.46.37.97](https://vuldb.com/?ip.45.46.37.97) | cpe-45-46-37-97.maine.res.rr.com | - | High
|
||||
148 | [45.55.36.51](https://vuldb.com/?ip.45.55.36.51) | - | - | High
|
||||
149 | [45.55.82.2](https://vuldb.com/?ip.45.55.82.2) | - | - | High
|
||||
150 | [45.55.179.121](https://vuldb.com/?ip.45.55.179.121) | - | - | High
|
||||
151 | [45.55.219.163](https://vuldb.com/?ip.45.55.219.163) | - | - | High
|
||||
152 | [45.56.88.91](https://vuldb.com/?ip.45.56.88.91) | 45-56-88-91.ip.linodeusercontent.com | - | High
|
||||
153 | [45.56.127.75](https://vuldb.com/?ip.45.56.127.75) | li945-75.members.linode.com | - | High
|
||||
154 | [45.59.204.133](https://vuldb.com/?ip.45.59.204.133) | rrcs-45-59-204-133.west.biz.rr.com | - | High
|
||||
155 | [45.76.176.10](https://vuldb.com/?ip.45.76.176.10) | 45.76.176.10.vultrusercontent.com | - | High
|
||||
156 | [45.77.154.161](https://vuldb.com/?ip.45.77.154.161) | 45.77.154.161.vultrusercontent.com | - | High
|
||||
157 | [45.79.95.107](https://vuldb.com/?ip.45.79.95.107) | li1194-107.members.linode.com | - | High
|
||||
158 | [45.79.188.67](https://vuldb.com/?ip.45.79.188.67) | li1287-67.members.linode.com | - | High
|
||||
159 | [45.80.148.200](https://vuldb.com/?ip.45.80.148.200) | - | - | High
|
||||
160 | [45.118.115.99](https://vuldb.com/?ip.45.118.115.99) | - | - | High
|
||||
161 | [45.118.135.203](https://vuldb.com/?ip.45.118.135.203) | 45-118-135-203.ip.linodeusercontent.com | - | High
|
||||
162 | [45.118.136.92](https://vuldb.com/?ip.45.118.136.92) | - | - | High
|
||||
163 | [45.119.83.237](https://vuldb.com/?ip.45.119.83.237) | - | - | High
|
||||
164 | [45.142.114.231](https://vuldb.com/?ip.45.142.114.231) | mail.dounutmail.de | - | High
|
||||
165 | [45.176.232.124](https://vuldb.com/?ip.45.176.232.124) | - | - | High
|
||||
166 | [45.230.45.171](https://vuldb.com/?ip.45.230.45.171) | - | - | High
|
||||
167 | [45.252.251.10](https://vuldb.com/?ip.45.252.251.10) | - | - | High
|
||||
168 | [46.4.100.178](https://vuldb.com/?ip.46.4.100.178) | support.wizard-shopservice.de | - | High
|
||||
169 | [46.4.192.185](https://vuldb.com/?ip.46.4.192.185) | static.185.192.4.46.clients.your-server.de | - | High
|
||||
170 | [46.28.111.142](https://vuldb.com/?ip.46.28.111.142) | enkindu.jsuchy.net | - | High
|
||||
171 | [46.30.213.132](https://vuldb.com/?ip.46.30.213.132) | - | - | High
|
||||
172 | [46.32.229.152](https://vuldb.com/?ip.46.32.229.152) | 094882.vps-10.com | - | High
|
||||
173 | [46.32.233.226](https://vuldb.com/?ip.46.32.233.226) | yetitoolusa.com | - | High
|
||||
174 | [46.38.238.8](https://vuldb.com/?ip.46.38.238.8) | v2202109122001163131.happysrv.de | - | High
|
||||
175 | [46.43.2.95](https://vuldb.com/?ip.46.43.2.95) | chris.default.cjenkinson.uk0.bigv.io | - | High
|
||||
176 | [46.49.124.53](https://vuldb.com/?ip.46.49.124.53) | - | - | High
|
||||
177 | [46.55.222.11](https://vuldb.com/?ip.46.55.222.11) | - | - | High
|
||||
178 | [46.101.58.37](https://vuldb.com/?ip.46.101.58.37) | 46.101.58.37-e1-8080 | - | High
|
||||
179 | [46.105.81.76](https://vuldb.com/?ip.46.105.81.76) | myu0.cylipo.sbs | - | High
|
||||
180 | [46.105.114.137](https://vuldb.com/?ip.46.105.114.137) | ns3188253.ip-46-105-114.eu | - | High
|
||||
181 | [46.105.131.68](https://vuldb.com/?ip.46.105.131.68) | http.adven.fr | - | High
|
||||
182 | [46.105.131.69](https://vuldb.com/?ip.46.105.131.69) | epouventaille.adven.fr | - | High
|
||||
183 | [46.105.131.79](https://vuldb.com/?ip.46.105.131.79) | relay.adven.fr | - | High
|
||||
184 | [46.105.131.87](https://vuldb.com/?ip.46.105.131.87) | pop.adven.fr | - | High
|
||||
185 | [46.105.236.18](https://vuldb.com/?ip.46.105.236.18) | - | - | High
|
||||
186 | [46.165.212.76](https://vuldb.com/?ip.46.165.212.76) | - | - | High
|
||||
187 | [46.165.254.206](https://vuldb.com/?ip.46.165.254.206) | - | - | High
|
||||
188 | [46.214.107.142](https://vuldb.com/?ip.46.214.107.142) | 46-214-107-142.next-gen.ro | - | High
|
||||
189 | [47.36.140.164](https://vuldb.com/?ip.47.36.140.164) | 047-036-140-164.res.spectrum.com | - | High
|
||||
190 | [47.52.19.221](https://vuldb.com/?ip.47.52.19.221) | - | - | High
|
||||
191 | [47.146.32.175](https://vuldb.com/?ip.47.146.32.175) | - | - | High
|
||||
192 | [47.146.39.147](https://vuldb.com/?ip.47.146.39.147) | - | - | High
|
||||
193 | [47.150.11.161](https://vuldb.com/?ip.47.150.11.161) | - | - | High
|
||||
194 | [47.188.131.94](https://vuldb.com/?ip.47.188.131.94) | - | - | High
|
||||
195 | [47.201.208.154](https://vuldb.com/?ip.47.201.208.154) | - | - | High
|
||||
196 | [47.246.24.225](https://vuldb.com/?ip.47.246.24.225) | - | - | High
|
||||
197 | [47.246.24.226](https://vuldb.com/?ip.47.246.24.226) | - | - | High
|
||||
198 | [47.246.24.230](https://vuldb.com/?ip.47.246.24.230) | - | - | High
|
||||
199 | [47.246.24.232](https://vuldb.com/?ip.47.246.24.232) | - | - | High
|
||||
200 | [49.12.121.47](https://vuldb.com/?ip.49.12.121.47) | filezilla-project.org | - | High
|
||||
201 | [49.50.209.131](https://vuldb.com/?ip.49.50.209.131) | 131.host-49-50-209.euba.megatel.co.nz | - | High
|
||||
202 | [49.212.135.76](https://vuldb.com/?ip.49.212.135.76) | os3-321-50322.vs.sakura.ne.jp | - | High
|
||||
203 | [49.212.155.94](https://vuldb.com/?ip.49.212.155.94) | os3-325-52340.vs.sakura.ne.jp | - | High
|
||||
204 | [50.22.35.194](https://vuldb.com/?ip.50.22.35.194) | c2.23.1632.ip4.static.sl-reverse.com | - | High
|
||||
205 | [50.23.248.182](https://vuldb.com/?ip.50.23.248.182) | b6.f8.1732.ip4.static.sl-reverse.com | - | High
|
||||
206 | [50.28.51.143](https://vuldb.com/?ip.50.28.51.143) | - | - | High
|
||||
207 | [50.30.40.196](https://vuldb.com/?ip.50.30.40.196) | usve255301.serverprofi24.com | - | High
|
||||
208 | [50.31.146.101](https://vuldb.com/?ip.50.31.146.101) | mail.brillinjurylaw.com | - | High
|
||||
209 | [50.31.174.165](https://vuldb.com/?ip.50.31.174.165) | priva28.privatednsorg.com | - | High
|
||||
210 | [50.56.135.44](https://vuldb.com/?ip.50.56.135.44) | - | - | High
|
||||
211 | [50.62.176.42](https://vuldb.com/?ip.50.62.176.42) | p3plcpnl0515.prod.phx3.secureserver.net | - | High
|
||||
212 | [50.62.176.244](https://vuldb.com/?ip.50.62.176.244) | p3plcpnl0728.prod.phx3.secureserver.net | - | High
|
||||
213 | [50.62.194.30](https://vuldb.com/?ip.50.62.194.30) | ip-50-62-194-30.ip.secureserver.net | - | High
|
||||
214 | [50.63.8.21](https://vuldb.com/?ip.50.63.8.21) | ip-50-63-8-21.ip.secureserver.net | - | High
|
||||
215 | [50.78.167.65](https://vuldb.com/?ip.50.78.167.65) | millcreek.cc | - | High
|
||||
216 | [50.87.59.65](https://vuldb.com/?ip.50.87.59.65) | 50-87-59-65.unifiedlayer.com | - | High
|
||||
217 | [50.87.144.137](https://vuldb.com/?ip.50.87.144.137) | gator3103.hostgator.com | - | High
|
||||
218 | [50.87.144.197](https://vuldb.com/?ip.50.87.144.197) | gator3161.hostgator.com | - | High
|
||||
219 | [50.87.150.177](https://vuldb.com/?ip.50.87.150.177) | 50-87-150-177.unifiedlayer.com | - | High
|
||||
220 | [50.91.114.38](https://vuldb.com/?ip.50.91.114.38) | 050-091-114-038.res.spectrum.com | - | High
|
||||
221 | [50.92.101.60](https://vuldb.com/?ip.50.92.101.60) | d50-92-101-60.bchsia.telus.net | - | High
|
||||
222 | [50.116.54.215](https://vuldb.com/?ip.50.116.54.215) | li440-215.members.linode.com | - | High
|
||||
223 | [50.116.78.109](https://vuldb.com/?ip.50.116.78.109) | intersearchmedia.com | - | High
|
||||
224 | [50.116.86.205](https://vuldb.com/?ip.50.116.86.205) | template3.domain.com | - | High
|
||||
225 | [50.121.220.50](https://vuldb.com/?ip.50.121.220.50) | static-50-121-220-50.clbg.wv.frontiernet.net | - | High
|
||||
226 | [50.245.107.73](https://vuldb.com/?ip.50.245.107.73) | 50-245-107-73-static.hfc.comcastbusiness.net | - | High
|
||||
227 | [51.15.4.22](https://vuldb.com/?ip.51.15.4.22) | 51-15-4-22.rev.poneytelecom.eu | - | High
|
||||
228 | [51.15.7.145](https://vuldb.com/?ip.51.15.7.145) | 51-15-7-145.rev.poneytelecom.eu | - | High
|
||||
229 | [51.38.124.206](https://vuldb.com/?ip.51.38.124.206) | 206.ip-51-38-124.eu | - | High
|
||||
230 | [51.38.201.19](https://vuldb.com/?ip.51.38.201.19) | ip19.ip-51-38-201.eu | - | High
|
||||
231 | [51.68.175.8](https://vuldb.com/?ip.51.68.175.8) | vps-9dba3732.vps.ovh.net | - | High
|
||||
232 | [51.68.220.244](https://vuldb.com/?ip.51.68.220.244) | vps-7a400d57.vps.ovh.net | - | High
|
||||
233 | [51.75.33.120](https://vuldb.com/?ip.51.75.33.120) | ip120.ip-51-75-33.eu | - | High
|
||||
234 | [51.75.33.127](https://vuldb.com/?ip.51.75.33.127) | ip127.ip-51-75-33.eu | - | High
|
||||
235 | [51.77.113.100](https://vuldb.com/?ip.51.77.113.100) | titan40.fastworldwideweb.com | - | High
|
||||
236 | [51.89.36.180](https://vuldb.com/?ip.51.89.36.180) | ip180.ip-51-89-36.eu | - | High
|
||||
237 | [51.89.199.141](https://vuldb.com/?ip.51.89.199.141) | ip141.ip-51-89-199.eu | - | High
|
||||
238 | [51.91.7.5](https://vuldb.com/?ip.51.91.7.5) | ns3147667.ip-51-91-7.eu | - | High
|
||||
239 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
|
||||
240 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
|
||||
241 | [51.159.35.157](https://vuldb.com/?ip.51.159.35.157) | 51-159-35-157.rev.poneytelecom.eu | - | High
|
||||
242 | [51.254.137.156](https://vuldb.com/?ip.51.254.137.156) | mail.unolan.net | - | High
|
||||
243 | [51.254.140.238](https://vuldb.com/?ip.51.254.140.238) | 238.ip-51-254-140.eu | - | High
|
||||
244 | [51.255.50.164](https://vuldb.com/?ip.51.255.50.164) | vps-b6cfe010.vps.ovh.net | - | High
|
||||
245 | [51.255.165.160](https://vuldb.com/?ip.51.255.165.160) | 160.ip-51-255-165.eu | - | High
|
||||
246 | [52.31.99.185](https://vuldb.com/?ip.52.31.99.185) | ec2-52-31-99-185.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
247 | [52.66.202.63](https://vuldb.com/?ip.52.66.202.63) | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
248 | [52.96.38.82](https://vuldb.com/?ip.52.96.38.82) | - | - | High
|
||||
249 | [52.96.40.242](https://vuldb.com/?ip.52.96.40.242) | - | - | High
|
||||
250 | [52.96.62.226](https://vuldb.com/?ip.52.96.62.226) | - | - | High
|
||||
251 | [54.36.185.60](https://vuldb.com/?ip.54.36.185.60) | ip60.ip-54-36-185.eu | - | High
|
||||
252 | [54.38.94.197](https://vuldb.com/?ip.54.38.94.197) | ns3140984.ip-54-38-94.eu | - | High
|
||||
253 | [54.38.143.245](https://vuldb.com/?ip.54.38.143.245) | tools.inovato.me | - | High
|
||||
254 | [54.88.144.211](https://vuldb.com/?ip.54.88.144.211) | va-smtp01.263.net | - | High
|
||||
255 | [58.27.215.3](https://vuldb.com/?ip.58.27.215.3) | 58-27-215-3.wateen.net | - | High
|
||||
256 | [58.94.58.13](https://vuldb.com/?ip.58.94.58.13) | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High
|
||||
257 | [58.171.38.26](https://vuldb.com/?ip.58.171.38.26) | - | - | High
|
||||
258 | [58.216.16.130](https://vuldb.com/?ip.58.216.16.130) | - | - | High
|
||||
259 | [58.227.42.236](https://vuldb.com/?ip.58.227.42.236) | - | - | High
|
||||
260 | [59.110.18.236](https://vuldb.com/?ip.59.110.18.236) | - | - | High
|
||||
261 | [59.120.5.154](https://vuldb.com/?ip.59.120.5.154) | 59-120-5-154.hinet-ip.hinet.net | - | High
|
||||
262 | [59.124.1.19](https://vuldb.com/?ip.59.124.1.19) | 59-124-1-19.hinet-ip.hinet.net | - | High
|
||||
263 | [59.148.253.194](https://vuldb.com/?ip.59.148.253.194) | 059148253194.ctinets.com | - | High
|
||||
264 | [59.152.93.46](https://vuldb.com/?ip.59.152.93.46) | 46.93.152.59.zipnetltd.com | - | High
|
||||
265 | [60.36.166.212](https://vuldb.com/?ip.60.36.166.212) | imail.mail.plala.or.jp | - | High
|
||||
266 | [60.93.23.51](https://vuldb.com/?ip.60.93.23.51) | softbank060093023051.bbtec.net | - | High
|
||||
267 | [60.108.128.186](https://vuldb.com/?ip.60.108.128.186) | softbank060108128186.bbtec.net | - | High
|
||||
268 | [60.125.114.64](https://vuldb.com/?ip.60.125.114.64) | softbank060125114064.bbtec.net | - | High
|
||||
269 | [60.249.78.226](https://vuldb.com/?ip.60.249.78.226) | 60-249-78-226.hinet-ip.hinet.net | - | High
|
||||
270 | [61.19.246.238](https://vuldb.com/?ip.61.19.246.238) | - | - | High
|
||||
271 | [61.197.37.169](https://vuldb.com/?ip.61.197.37.169) | pl937.ag1001.nttpc.ne.jp | - | High
|
||||
272 | [62.28.40.155](https://vuldb.com/?ip.62.28.40.155) | exchange.ptasp.com | - | High
|
||||
273 | [62.30.7.67](https://vuldb.com/?ip.62.30.7.67) | 67.7-30-62.static.virginmediabusiness.co.uk | - | High
|
||||
274 | [62.75.141.82](https://vuldb.com/?ip.62.75.141.82) | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High
|
||||
275 | [62.84.75.50](https://vuldb.com/?ip.62.84.75.50) | mail.saadegrp.com.lb | - | High
|
||||
276 | [62.149.128.42](https://vuldb.com/?ip.62.149.128.42) | imaps.aruba.it | - | High
|
||||
277 | [62.149.128.72](https://vuldb.com/?ip.62.149.128.72) | mxd4.aruba.it | - | High
|
||||
278 | [62.149.128.179](https://vuldb.com/?ip.62.149.128.179) | pop3s.aruba.it | - | High
|
||||
279 | [62.149.128.200](https://vuldb.com/?ip.62.149.128.200) | smtp1.aruba.it | - | High
|
||||
280 | [62.149.128.210](https://vuldb.com/?ip.62.149.128.210) | smtpa1.aruba.it | - | High
|
||||
281 | [62.149.152.151](https://vuldb.com/?ip.62.149.152.151) | - | - | High
|
||||
282 | [62.149.152.152](https://vuldb.com/?ip.62.149.152.152) | - | - | High
|
||||
283 | [62.149.157.55](https://vuldb.com/?ip.62.149.157.55) | - | - | High
|
||||
284 | [62.171.142.179](https://vuldb.com/?ip.62.171.142.179) | vmi499457.contaboserver.net | - | High
|
||||
285 | [62.171.178.147](https://vuldb.com/?ip.62.171.178.147) | vmi365451.contaboserver.net | - | High
|
||||
286 | [62.210.127.136](https://vuldb.com/?ip.62.210.127.136) | 62-210-127-136.rev.poneytelecom.eu | - | High
|
||||
287 | [62.212.34.102](https://vuldb.com/?ip.62.212.34.102) | - | - | High
|
||||
288 | [62.234.99.30](https://vuldb.com/?ip.62.234.99.30) | - | - | High
|
||||
289 | [63.142.253.122](https://vuldb.com/?ip.63.142.253.122) | - | - | High
|
||||
290 | [64.4.244.68](https://vuldb.com/?ip.64.4.244.68) | - | - | High
|
||||
291 | [64.26.60.221](https://vuldb.com/?ip.64.26.60.221) | pop5.csee.onr.siteprotect.com | - | High
|
||||
292 | [64.41.126.110](https://vuldb.com/?ip.64.41.126.110) | securesmtp.csee.siteprotect.com | - | High
|
||||
293 | [64.59.136.142](https://vuldb.com/?ip.64.59.136.142) | mail.shaw.ca | - | High
|
||||
294 | [64.60.82.82](https://vuldb.com/?ip.64.60.82.82) | 64-60-82-82.static-ip.telepacific.net | - | High
|
||||
295 | [64.71.36.11](https://vuldb.com/?ip.64.71.36.11) | - | - | High
|
||||
296 | [64.85.73.16](https://vuldb.com/?ip.64.85.73.16) | - | - | High
|
||||
297 | [64.88.202.250](https://vuldb.com/?ip.64.88.202.250) | - | - | High
|
||||
298 | [64.90.62.162](https://vuldb.com/?ip.64.90.62.162) | pop.dreamhost.com | - | High
|
||||
299 | [64.91.228.45](https://vuldb.com/?ip.64.91.228.45) | - | - | High
|
||||
300 | [64.98.36.5](https://vuldb.com/?ip.64.98.36.5) | mail.b.hostedemail.com | - | High
|
||||
301 | [64.98.36.173](https://vuldb.com/?ip.64.98.36.173) | mail.lawyers-mail.com | - | High
|
||||
302 | [64.183.73.122](https://vuldb.com/?ip.64.183.73.122) | rrcs-64-183-73-122.west.biz.rr.com | - | High
|
||||
303 | [64.190.63.136](https://vuldb.com/?ip.64.190.63.136) | - | - | High
|
||||
304 | [64.207.182.168](https://vuldb.com/?ip.64.207.182.168) | - | - | High
|
||||
305 | [64.250.117.68](https://vuldb.com/?ip.64.250.117.68) | smtp.movistarcloud.com.ve | - | High
|
||||
306 | [65.49.60.163](https://vuldb.com/?ip.65.49.60.163) | 65-49-60-163.ip.linodeusercontent.com | - | High
|
||||
307 | [65.55.72.183](https://vuldb.com/?ip.65.55.72.183) | origin.sn134w.snt134.mail.live.com | - | High
|
||||
308 | [65.182.102.90](https://vuldb.com/?ip.65.182.102.90) | mail.geantes.com | - | High
|
||||
309 | [65.254.228.100](https://vuldb.com/?ip.65.254.228.100) | customer.hostcentric.com | - | High
|
||||
310 | [66.23.200.58](https://vuldb.com/?ip.66.23.200.58) | - | - | High
|
||||
311 | [66.42.55.5](https://vuldb.com/?ip.66.42.55.5) | 66.42.55.5.vultrusercontent.com | - | High
|
||||
312 | [66.50.57.73](https://vuldb.com/?ip.66.50.57.73) | 66-50-57-73.prtc.net | - | High
|
||||
313 | [66.54.51.172](https://vuldb.com/?ip.66.54.51.172) | - | - | High
|
||||
314 | [66.71.241.102](https://vuldb.com/?ip.66.71.241.102) | mail.nixhost.net | - | High
|
||||
315 | [66.76.26.33](https://vuldb.com/?ip.66.76.26.33) | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High
|
||||
316 | [66.96.134.1](https://vuldb.com/?ip.66.96.134.1) | 1.134.96.66.static.eigbox.net | - | High
|
||||
317 | [66.96.147.103](https://vuldb.com/?ip.66.96.147.103) | 103.147.96.66.static.eigbox.net | - | High
|
||||
318 | [66.96.147.110](https://vuldb.com/?ip.66.96.147.110) | 110.147.96.66.static.eigbox.net | - | High
|
||||
319 | [66.195.202.115](https://vuldb.com/?ip.66.195.202.115) | mail.navarac.com | - | High
|
||||
320 | [66.209.69.165](https://vuldb.com/?ip.66.209.69.165) | - | - | High
|
||||
321 | [66.216.234.131](https://vuldb.com/?ip.66.216.234.131) | 066-216-234-131.res.spectrum.com | - | High
|
||||
322 | [66.220.110.56](https://vuldb.com/?ip.66.220.110.56) | h66-220-110-56.bendor.broadband.dynamic.tds.net | - | High
|
||||
323 | [66.228.32.31](https://vuldb.com/?ip.66.228.32.31) | li282-31.members.linode.com | - | High
|
||||
324 | [66.228.45.129](https://vuldb.com/?ip.66.228.45.129) | li326-129.members.linode.com | - | High
|
||||
325 | [66.228.61.248](https://vuldb.com/?ip.66.228.61.248) | li318-248.members.linode.com | - | High
|
||||
326 | [67.19.105.107](https://vuldb.com/?ip.67.19.105.107) | ns2.datatrust.com.br | - | High
|
||||
327 | [67.68.235.25](https://vuldb.com/?ip.67.68.235.25) | bas10-montrealak-67-68-235-25.dsl.bell.ca | - | High
|
||||
328 | [67.163.161.107](https://vuldb.com/?ip.67.163.161.107) | c-67-163-161-107.hsd1.pa.comcast.net | - | High
|
||||
329 | [67.170.250.203](https://vuldb.com/?ip.67.170.250.203) | c-67-170-250-203.hsd1.ca.comcast.net | - | High
|
||||
330 | [67.177.71.77](https://vuldb.com/?ip.67.177.71.77) | c-67-177-71-77.hsd1.al.comcast.net | - | High
|
||||
331 | [67.195.197.75](https://vuldb.com/?ip.67.195.197.75) | p9ats-i.geo.vip.bf1.yahoo.com | - | High
|
||||
332 | [67.195.228.95](https://vuldb.com/?ip.67.195.228.95) | unknown.yahoo.com | - | High
|
||||
333 | [67.212.168.237](https://vuldb.com/?ip.67.212.168.237) | 237.168.212.67.unassigned.ord.singlehop.net | - | High
|
||||
334 | [67.216.131.134](https://vuldb.com/?ip.67.216.131.134) | 134.131.216.67.134.static.hargray.net | - | High
|
||||
335 | [67.222.2.148](https://vuldb.com/?ip.67.222.2.148) | - | - | High
|
||||
336 | [67.225.218.50](https://vuldb.com/?ip.67.225.218.50) | lb01.parklogic.com | - | High
|
||||
337 | [67.225.221.173](https://vuldb.com/?ip.67.225.221.173) | host.hddpool2.net | - | High
|
||||
338 | [67.225.229.55](https://vuldb.com/?ip.67.225.229.55) | - | - | High
|
||||
339 | [67.241.81.253](https://vuldb.com/?ip.67.241.81.253) | cpe-67-241-81-253.twcny.res.rr.com | - | High
|
||||
340 | [68.2.97.91](https://vuldb.com/?ip.68.2.97.91) | ip68-2-97-91.ph.ph.cox.net | - | High
|
||||
341 | [68.44.137.144](https://vuldb.com/?ip.68.44.137.144) | c-68-44-137-144.hsd1.in.comcast.net | - | High
|
||||
342 | [68.66.194.12](https://vuldb.com/?ip.68.66.194.12) | 68.66.194.12.static.a2webhosting.com | - | High
|
||||
343 | [68.66.248.6](https://vuldb.com/?ip.68.66.248.6) | nl1-ls1.a2hosting.com | - | High
|
||||
344 | [68.178.213.203](https://vuldb.com/?ip.68.178.213.203) | p3plibsmtp03-v01.prod.phx3.secureserver.net | - | High
|
||||
345 | [68.183.170.114](https://vuldb.com/?ip.68.183.170.114) | 68.183.170.114-e1-8080-keep-up | - | High
|
||||
346 | [68.183.190.199](https://vuldb.com/?ip.68.183.190.199) | 68.183.190.199-e1-8080-keep-up | - | High
|
||||
347 | [69.16.228.14](https://vuldb.com/?ip.69.16.228.14) | kurt.duplika.com | - | High
|
||||
348 | [69.16.254.127](https://vuldb.com/?ip.69.16.254.127) | cloudvpsserver.etelligens.in | - | High
|
||||
349 | [69.17.170.58](https://vuldb.com/?ip.69.17.170.58) | unallocated-static.rogers.com | - | High
|
||||
350 | [69.43.168.200](https://vuldb.com/?ip.69.43.168.200) | ns0.imunplugged.com | - | High
|
||||
351 | [69.43.168.232](https://vuldb.com/?ip.69.43.168.232) | - | - | High
|
||||
352 | [69.45.19.251](https://vuldb.com/?ip.69.45.19.251) | coastinet.com | - | High
|
||||
353 | [69.61.0.198](https://vuldb.com/?ip.69.61.0.198) | alpha01.serverparlor.net | - | High
|
||||
354 | [69.147.92.11](https://vuldb.com/?ip.69.147.92.11) | e1.ycpi.vip.dca.yahoo.com | - | High
|
||||
355 | [69.147.92.12](https://vuldb.com/?ip.69.147.92.12) | e2.ycpi.vip.dca.yahoo.com | - | High
|
||||
356 | [69.156.240.33](https://vuldb.com/?ip.69.156.240.33) | smtp.transportalliance.ca | - | High
|
||||
357 | [69.163.33.82](https://vuldb.com/?ip.69.163.33.82) | - | - | High
|
||||
358 | [69.167.152.111](https://vuldb.com/?ip.69.167.152.111) | - | - | High
|
||||
359 | [69.168.106.36](https://vuldb.com/?ip.69.168.106.36) | mail.windstream.syn-alias.com | - | High
|
||||
360 | [69.175.31.212](https://vuldb.com/?ip.69.175.31.212) | 212.31.175.69.unassigned.ord.singlehop.net | - | High
|
||||
361 | [69.198.17.20](https://vuldb.com/?ip.69.198.17.20) | 69-198-17-20.customerip.birch.net | - | High
|
||||
362 | [69.198.17.49](https://vuldb.com/?ip.69.198.17.49) | 69-198-17-49.customerip.birch.net | - | High
|
||||
363 | [70.32.84.74](https://vuldb.com/?ip.70.32.84.74) | - | - | High
|
||||
364 | [70.32.89.105](https://vuldb.com/?ip.70.32.89.105) | parties-at-sea.com | - | High
|
||||
365 | [70.32.92.133](https://vuldb.com/?ip.70.32.92.133) | popdesigngroup.com | - | High
|
||||
366 | [70.32.94.58](https://vuldb.com/?ip.70.32.94.58) | inkefx.com | - | High
|
||||
367 | [70.32.115.157](https://vuldb.com/?ip.70.32.115.157) | harpotripofalifetime.com | - | High
|
||||
368 | [70.36.102.35](https://vuldb.com/?ip.70.36.102.35) | - | - | High
|
||||
369 | [70.39.251.94](https://vuldb.com/?ip.70.39.251.94) | vps66251.inmotionhosting.com | - | High
|
||||
370 | ... | ... | ... | ...
|
||||
|
||||
There are 1126 more IOC items available. Please use our online service to access the data.
|
||||
There are 1474 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -311,11 +401,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -323,27 +413,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php?id=posts&action=display&value=1&postid=` | High
|
||||
2 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
|
||||
3 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
|
||||
4 | File | `/admin/inbox.php&action=delete` | High
|
||||
5 | File | `/admin/inbox.php&action=read` | High
|
||||
6 | File | `/admin/pagerole.php&action=display&value=1` | High
|
||||
7 | File | `/admin/pagerole.php&action=edit` | High
|
||||
8 | File | `/admin/posts.php` | High
|
||||
9 | File | `/admin/posts.php&action=delete` | High
|
||||
10 | File | `/admin/posts.php&action=edit` | High
|
||||
11 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
12 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
|
||||
13 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
|
||||
14 | ... | ... | ...
|
||||
1 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
||||
4 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
5 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
|
||||
6 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
7 | File | `/anony/mjpg.cgi` | High
|
||||
8 | File | `/cgi-bin/login.cgi` | High
|
||||
9 | File | `/cms/admin/?page=client/view_client` | High
|
||||
10 | File | `/cms/admin/?page=invoice/manage_invoice` | High
|
||||
11 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
12 | File | `/cms/admin/?page=user/manage_user` | High
|
||||
13 | File | `/cms/admin/maintenance/manage_service.php` | High
|
||||
14 | File | `/cms/classes/Users.php?f=delete` | High
|
||||
15 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
16 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
17 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
18 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
19 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
20 | File | `/ctpms/classes/Master.php?f=delete_application` | High
|
||||
21 | File | `/ctpms/classes/Master.php?f=delete_img` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
24 | File | `/goform/SetSysTimeCfg` | High
|
||||
25 | File | `/help/treecontent.jsp` | High
|
||||
26 | File | `/insurance/editAgent.php` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 226 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://asec.ahnlab.com/en/31083/
|
||||
* https://asec.ahnlab.com/en/31429/
|
||||
* https://asec.ahnlab.com/en/31535/
|
||||
* https://blog.talosintelligence.com/2018/01/threat-round-up-0105-0512.html
|
||||
* https://blog.talosintelligence.com/2018/07/threat-roundup-0720-0727.html
|
||||
* https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
|
||||
|
@ -369,8 +475,49 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2019/05/threat-roundup-0517-0524.html
|
||||
* https://blog.talosintelligence.com/2019/05/threat-roundup-0524-0531.html
|
||||
* https://blog.talosintelligence.com/2019/09/emotet-is-back-after-summer-break.html
|
||||
* https://blog.talosintelligence.com/2019/09/threat-roundup-0906-0913.html
|
||||
* https://blog.talosintelligence.com/2019/09/threat-roundup-0913-0920.html
|
||||
* https://blog.talosintelligence.com/2019/09/threat-roundup-0920-0927.html
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.htmlhttps://blog.talosintelligence.com/2019/10/threat-roundup-1004-1011.html
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-for-september-27-to.html
|
||||
* https://blog.talosintelligence.com/2019/11/threat-roundup-1025-1101.html
|
||||
* https://blog.talosintelligence.com/2019/11/threat-roundup-1101-1108.html
|
||||
* https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html
|
||||
* https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html
|
||||
* https://blog.talosintelligence.com/2019/12/threat-roundup-1213-1220.html
|
||||
* https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
|
||||
* https://blog.talosintelligence.com/2020/01/threat-roundup-0117-0124.html
|
||||
* https://blog.talosintelligence.com/2020/01/threat-roundup-0124-0131.html
|
||||
* https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html
|
||||
* https://blog.talosintelligence.com/2020/02/threat-roundup-0221-0228.html
|
||||
* https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html
|
||||
* https://blog.talosintelligence.com/2020/04/threat-roundup-0326-0403.html
|
||||
* https://blog.talosintelligence.com/2020/05/threat-roundup-0424-0501.html
|
||||
* https://blog.talosintelligence.com/2020/05/threat-roundup-0522-0529.html
|
||||
* https://blog.talosintelligence.com/2020/06/threat-roundup-0529-0605.html
|
||||
* https://blog.talosintelligence.com/2020/06/threat-roundup-0605-0612.html
|
||||
* https://blog.talosintelligence.com/2020/06/threat-roundup-0619-0626.html
|
||||
* https://blog.talosintelligence.com/2020/07/threat-roundup-0703-0710.html
|
||||
* https://blog.talosintelligence.com/2020/07/threat-roundup-0710-0717.html
|
||||
* https://blog.talosintelligence.com/2020/08/threat-roundup-0807-0814.html
|
||||
* https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
|
||||
* https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0828-0904.html
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0918-0925.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-0925-1002.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-1002-1009.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-1016-1023.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-1023-1030.html
|
||||
* https://blog.talosintelligence.com/2020/11/threat-roundup-1030-1106.html
|
||||
* https://blog.talosintelligence.com/2020/11/threat-roundup-1106-1113.html
|
||||
* https://blog.talosintelligence.com/2020/12/threat-roundup-1127-1204.html
|
||||
* https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html
|
||||
* https://blog.talosintelligence.com/2021/01/threat-roundup-0115-0122.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0205-0212.html
|
||||
* https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.html
|
||||
* https://blog.talosintelligence.com/2021/06/threat-roundup-0617-0624.html
|
||||
|
@ -387,6 +534,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blogs.blackberry.com/en/2017/12/threat-spotlight-emotet-infostealer-malware
|
||||
* https://blogs.cisco.com/security/emotet-is-back
|
||||
* https://community.blueliv.com/#!/s/5fb2ee2482df413eaf344b29
|
||||
* https://cyber.wtf/2021/11/15/guess-whos-back/
|
||||
* https://ddanchev.blogspot.com/2022/01/profiling-emotet-botnet-c.html
|
||||
* https://github.com/pr0xylife/Emotet/blob/main/e4_emotet_24.03.2022.txt
|
||||
* https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
|
||||
|
|
|
@ -0,0 +1,73 @@
|
|||
# Esfury - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Esfury](https://vuldb.com/?actor.esfury). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.esfury](https://vuldb.com/?actor.esfury)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Esfury:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Esfury.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.79.71.205](https://vuldb.com/?ip.5.79.71.205) | - | - | High
|
||||
2 | [5.79.71.225](https://vuldb.com/?ip.5.79.71.225) | - | - | High
|
||||
3 | [35.229.93.46](https://vuldb.com/?ip.35.229.93.46) | 46.93.229.35.bc.googleusercontent.com | - | Medium
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Esfury_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1495 | CWE-494 | Download of Code Without Integrity Check | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Esfury. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/maint/modules/home/index.php` | High
|
||||
2 | File | `/uncpath/` | Medium
|
||||
3 | File | `/wp-admin/options-general.php` | High
|
||||
4 | File | `cgi.c` | Low
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 29 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,77 @@
|
|||
# Expiro - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Expiro](https://vuldb.com/?actor.expiro). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.expiro](https://vuldb.com/?actor.expiro)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Expiro:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* [CZ](https://vuldb.com/?country.cz)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Expiro.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [18.213.250.117](https://vuldb.com/?ip.18.213.250.117) | ec2-18-213-250-117.compute-1.amazonaws.com | - | Medium
|
||||
2 | [18.215.128.143](https://vuldb.com/?ip.18.215.128.143) | ec2-18-215-128-143.compute-1.amazonaws.com | - | Medium
|
||||
3 | [46.165.220.145](https://vuldb.com/?ip.46.165.220.145) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Expiro_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Expiro. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/ajax-files/followBoard.php` | High
|
||||
3 | File | `/DATAREPORTS` | Medium
|
||||
4 | File | `/etc/gsissh/sshd_config` | High
|
||||
5 | File | `/Forms/` | Low
|
||||
6 | File | `/getcfg.php` | Medium
|
||||
7 | File | `addentry.php` | Medium
|
||||
8 | File | `carbon/resources/add_collection_ajaxprocessor.jsp` | High
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 63 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-for-september-27-to.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -62,7 +62,7 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `ajax/profile-picture-upload.php` | High
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 135 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 138 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -121,7 +121,7 @@ ID | Type | Indicator | Confidence
|
|||
53 | File | `add_edit_cat.asp` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 467 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 466 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -94,61 +94,54 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/bsms/?page=products` | High
|
||||
3 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
4 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
5 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
6 | File | `/debug/pprof` | Medium
|
||||
7 | File | `/ext/phar/phar_object.c` | High
|
||||
8 | File | `/filemanager/php/connector.php` | High
|
||||
1 | File | `/bsms/?page=products` | High
|
||||
2 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
3 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
4 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
5 | File | `/debug/pprof` | Medium
|
||||
6 | File | `/ext/phar/phar_object.c` | High
|
||||
7 | File | `/filemanager/php/connector.php` | High
|
||||
8 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
9 | File | `/get_getnetworkconf.cgi` | High
|
||||
10 | File | `/HNAP1` | Low
|
||||
11 | File | `/include/chart_generator.php` | High
|
||||
12 | File | `/modx/manager/index.php` | High
|
||||
13 | File | `/monitoring` | Medium
|
||||
14 | File | `/new` | Low
|
||||
15 | File | `/proc/<pid>/status` | High
|
||||
16 | File | `/public/login.htm` | High
|
||||
17 | File | `/public/plugins/` | High
|
||||
18 | File | `/replication` | Medium
|
||||
19 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
20 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
21 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
22 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
23 | File | `/tmp` | Low
|
||||
24 | File | `/type.php` | Medium
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/usr/bin/pkexec` | High
|
||||
27 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
28 | File | `4.2.0.CP09` | Medium
|
||||
29 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
30 | File | `802dot1xclientcert.cgi` | High
|
||||
31 | File | `AccountManagerService.java` | High
|
||||
32 | File | `actions/CompanyDetailsSave.php` | High
|
||||
33 | File | `ActivityManagerService.java` | High
|
||||
34 | File | `add.exe` | Low
|
||||
35 | File | `admin.color.php` | High
|
||||
36 | File | `admin.cropcanvas.php` | High
|
||||
37 | File | `admin.joomlaradiov5.php` | High
|
||||
12 | File | `/info.cgi` | Medium
|
||||
13 | File | `/mgmt/tm/util/bash` | High
|
||||
14 | File | `/modx/manager/index.php` | High
|
||||
15 | File | `/new` | Low
|
||||
16 | File | `/proc/<pid>/status` | High
|
||||
17 | File | `/public/login.htm` | High
|
||||
18 | File | `/public/plugins/` | High
|
||||
19 | File | `/replication` | Medium
|
||||
20 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
21 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
22 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
23 | File | `/spip.php` | Medium
|
||||
24 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
25 | File | `/tmp` | Low
|
||||
26 | File | `/type.php` | Medium
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/usr/bin/pkexec` | High
|
||||
29 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
30 | File | `4.2.0.CP09` | Medium
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `802dot1xclientcert.cgi` | High
|
||||
33 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
34 | File | `AccountManagerService.java` | High
|
||||
35 | File | `actions/CompanyDetailsSave.php` | High
|
||||
36 | File | `ActivityManagerService.java` | High
|
||||
37 | File | `add.exe` | Low
|
||||
38 | File | `admin.php` | Medium
|
||||
39 | File | `admin.php?m=Food&a=addsave` | High
|
||||
40 | File | `admin/add-glossary.php` | High
|
||||
41 | File | `admin/conf_users_edit.php` | High
|
||||
42 | File | `admin/edit-comments.php` | High
|
||||
43 | File | `admin/index.php` | High
|
||||
44 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
45 | File | `admin/write-post.php` | High
|
||||
46 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
47 | File | `admin_events.php` | High
|
||||
48 | File | `aidl_const_expressions.cpp` | High
|
||||
49 | File | `ajax/include.php` | High
|
||||
50 | File | `AjaxApplication.java` | High
|
||||
51 | File | `akocomments.php` | High
|
||||
52 | File | `allopass-error.php` | High
|
||||
53 | ... | ... | ...
|
||||
44 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
45 | File | `ahcache.sys` | Medium
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 464 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 395 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/system?action=ServiceAdmin` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 29 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 30 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,83 @@
|
|||
# FickerStealer - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FickerStealer](https://vuldb.com/?actor.fickerstealer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.fickerstealer](https://vuldb.com/?actor.fickerstealer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FickerStealer:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of FickerStealer.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
||||
2 | [23.21.42.25](https://vuldb.com/?ip.23.21.42.25) | ec2-23-21-42-25.compute-1.amazonaws.com | - | Medium
|
||||
3 | [23.21.140.41](https://vuldb.com/?ip.23.21.140.41) | ec2-23-21-140-41.compute-1.amazonaws.com | - | Medium
|
||||
4 | [50.19.243.236](https://vuldb.com/?ip.50.19.243.236) | ec2-50-19-243-236.compute-1.amazonaws.com | - | Medium
|
||||
5 | [54.221.253.252](https://vuldb.com/?ip.54.221.253.252) | ec2-54-221-253-252.compute-1.amazonaws.com | - | Medium
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _FickerStealer_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by FickerStealer. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/category.php` | High
|
||||
3 | File | `/cgi-bin/delete_CA` | High
|
||||
4 | File | `/Config/SaveUploadedHotspotLogoFile` | High
|
||||
5 | File | `/download` | Medium
|
||||
6 | File | `/getcfg.php` | Medium
|
||||
7 | File | `/get_getnetworkconf.cgi` | High
|
||||
8 | File | `/GponForm/device_Form?script/` | High
|
||||
9 | File | `/includes/rrdtool.inc.php` | High
|
||||
10 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
11 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
12 | File | `/NAGErrors` | Medium
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 98 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2021/01/threat-roundup-0108-0115.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -29,30 +29,42 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.143.65.214](https://vuldb.com/?ip.3.143.65.214) | ec2-3-143-65-214.us-east-2.compute.amazonaws.com | - | Medium
|
||||
2 | [3.223.115.185](https://vuldb.com/?ip.3.223.115.185) | ec2-3-223-115-185.compute-1.amazonaws.com | - | Medium
|
||||
3 | [5.134.13.72](https://vuldb.com/?ip.5.134.13.72) | i51.gds.guru.net.uk | - | High
|
||||
4 | [13.59.53.244](https://vuldb.com/?ip.13.59.53.244) | ec2-13-59-53-244.us-east-2.compute.amazonaws.com | - | Medium
|
||||
5 | [13.107.42.12](https://vuldb.com/?ip.13.107.42.12) | 1drv.ms | - | High
|
||||
6 | [13.248.216.40](https://vuldb.com/?ip.13.248.216.40) | afdda383cf24ec8c3.awsglobalaccelerator.com | - | High
|
||||
7 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
|
||||
8 | [23.6.69.99](https://vuldb.com/?ip.23.6.69.99) | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High
|
||||
9 | [23.227.38.74](https://vuldb.com/?ip.23.227.38.74) | - | - | High
|
||||
10 | [23.235.199.50](https://vuldb.com/?ip.23.235.199.50) | - | - | High
|
||||
11 | [34.98.99.30](https://vuldb.com/?ip.34.98.99.30) | 30.99.98.34.bc.googleusercontent.com | - | Medium
|
||||
12 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
13 | [34.214.40.214](https://vuldb.com/?ip.34.214.40.214) | ec2-34-214-40-214.us-west-2.compute.amazonaws.com | - | Medium
|
||||
14 | [34.216.47.14](https://vuldb.com/?ip.34.216.47.14) | ec2-34-216-47-14.us-west-2.compute.amazonaws.com | - | Medium
|
||||
15 | [34.242.63.192](https://vuldb.com/?ip.34.242.63.192) | ec2-34-242-63-192.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
16 | [34.243.160.251](https://vuldb.com/?ip.34.243.160.251) | ec2-34-243-160-251.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
17 | [34.255.61.59](https://vuldb.com/?ip.34.255.61.59) | ec2-34-255-61-59.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
18 | [35.178.125.63](https://vuldb.com/?ip.35.178.125.63) | ec2-35-178-125-63.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
19 | [40.77.18.167](https://vuldb.com/?ip.40.77.18.167) | - | - | High
|
||||
20 | [40.126.26.134](https://vuldb.com/?ip.40.126.26.134) | - | - | High
|
||||
21 | [44.227.65.245](https://vuldb.com/?ip.44.227.65.245) | ec2-44-227-65-245.us-west-2.compute.amazonaws.com | - | Medium
|
||||
22 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
|
||||
23 | [45.135.229.212](https://vuldb.com/?ip.45.135.229.212) | iad.scarletshark.net | - | High
|
||||
24 | ... | ... | ... | ...
|
||||
3 | [3.234.181.234](https://vuldb.com/?ip.3.234.181.234) | ec2-3-234-181-234.compute-1.amazonaws.com | - | Medium
|
||||
4 | [5.134.13.72](https://vuldb.com/?ip.5.134.13.72) | i51.gds.guru.net.uk | - | High
|
||||
5 | [13.52.160.194](https://vuldb.com/?ip.13.52.160.194) | ec2-13-52-160-194.us-west-1.compute.amazonaws.com | - | Medium
|
||||
6 | [13.59.53.244](https://vuldb.com/?ip.13.59.53.244) | ec2-13-59-53-244.us-east-2.compute.amazonaws.com | - | Medium
|
||||
7 | [13.104.158.177](https://vuldb.com/?ip.13.104.158.177) | i-am3p-cor004.api.p001.1drv.com | - | High
|
||||
8 | [13.104.158.180](https://vuldb.com/?ip.13.104.158.180) | - | - | High
|
||||
9 | [13.107.42.12](https://vuldb.com/?ip.13.107.42.12) | 1drv.ms | - | High
|
||||
10 | [13.107.42.13](https://vuldb.com/?ip.13.107.42.13) | - | - | High
|
||||
11 | [13.107.43.13](https://vuldb.com/?ip.13.107.43.13) | - | - | High
|
||||
12 | [13.248.216.40](https://vuldb.com/?ip.13.248.216.40) | afdda383cf24ec8c3.awsglobalaccelerator.com | - | High
|
||||
13 | [15.197.142.173](https://vuldb.com/?ip.15.197.142.173) | a4ec4c6ea1c92e2e6.awsglobalaccelerator.com | - | High
|
||||
14 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
|
||||
15 | [23.6.69.99](https://vuldb.com/?ip.23.6.69.99) | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High
|
||||
16 | [23.20.239.12](https://vuldb.com/?ip.23.20.239.12) | ec2-23-20-239-12.compute-1.amazonaws.com | - | Medium
|
||||
17 | [23.227.38.74](https://vuldb.com/?ip.23.227.38.74) | - | - | High
|
||||
18 | [23.231.239.10](https://vuldb.com/?ip.23.231.239.10) | - | - | High
|
||||
19 | [23.234.27.100](https://vuldb.com/?ip.23.234.27.100) | - | - | High
|
||||
20 | [23.235.199.50](https://vuldb.com/?ip.23.235.199.50) | - | - | High
|
||||
21 | [34.98.99.30](https://vuldb.com/?ip.34.98.99.30) | 30.99.98.34.bc.googleusercontent.com | - | Medium
|
||||
22 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
23 | [34.214.40.214](https://vuldb.com/?ip.34.214.40.214) | ec2-34-214-40-214.us-west-2.compute.amazonaws.com | - | Medium
|
||||
24 | [34.216.47.14](https://vuldb.com/?ip.34.216.47.14) | ec2-34-216-47-14.us-west-2.compute.amazonaws.com | - | Medium
|
||||
25 | [34.242.63.192](https://vuldb.com/?ip.34.242.63.192) | ec2-34-242-63-192.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
26 | [34.243.160.251](https://vuldb.com/?ip.34.243.160.251) | ec2-34-243-160-251.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
27 | [34.255.61.59](https://vuldb.com/?ip.34.255.61.59) | ec2-34-255-61-59.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
28 | [35.178.125.63](https://vuldb.com/?ip.35.178.125.63) | ec2-35-178-125-63.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
29 | [37.123.118.150](https://vuldb.com/?ip.37.123.118.150) | - | - | High
|
||||
30 | [38.63.50.68](https://vuldb.com/?ip.38.63.50.68) | - | - | High
|
||||
31 | [40.77.18.167](https://vuldb.com/?ip.40.77.18.167) | - | - | High
|
||||
32 | [40.126.26.134](https://vuldb.com/?ip.40.126.26.134) | - | - | High
|
||||
33 | [44.194.24.167](https://vuldb.com/?ip.44.194.24.167) | ec2-44-194-24-167.compute-1.amazonaws.com | - | Medium
|
||||
34 | [44.227.65.245](https://vuldb.com/?ip.44.227.65.245) | ec2-44-227-65-245.us-west-2.compute.amazonaws.com | - | Medium
|
||||
35 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
|
||||
36 | ... | ... | ... | ...
|
||||
|
||||
There are 90 more IOC items available. Please use our online service to access the data.
|
||||
There are 141 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -79,27 +91,31 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/exec/` | Low
|
||||
5 | File | `/getcfg.php` | Medium
|
||||
6 | File | `/HNAP1` | Low
|
||||
7 | File | `/modules/projects/vw_files.php` | High
|
||||
8 | File | `/plain` | Low
|
||||
9 | File | `/uncpath/` | Medium
|
||||
10 | File | `/_next` | Low
|
||||
11 | File | `actionHandler/ajax_managed_services.php` | High
|
||||
12 | File | `admin/admin.shtml` | High
|
||||
13 | ... | ... | ...
|
||||
7 | File | `/mgmt/tm/util/bash` | High
|
||||
8 | File | `/modules/projects/vw_files.php` | High
|
||||
9 | File | `/plain` | Low
|
||||
10 | File | `/uncpath/` | Medium
|
||||
11 | File | `/_next` | Low
|
||||
12 | File | `actionHandler/ajax_managed_services.php` | High
|
||||
13 | File | `admin/admin.shtml` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 105 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 108 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.malwarebytes.com/threat-intelligence/2022/03/formbook-spam-campaign-targets-citizens-of-ukraine%ef%b8%8f/
|
||||
* https://blog.talosintelligence.com/2020/01/threat-roundup-0103-0110.html
|
||||
* https://blog.talosintelligence.com/2020/07/threat-roundup-0717-0724.html
|
||||
* https://blog.talosintelligence.com/2021/07/threat-roundup-0625-0702.html
|
||||
* https://blog.talosintelligence.com/2021/07/threat-roundup-0702-0709.html
|
||||
* https://blog.talosintelligence.com/2021/07/threat-roundup-0723-0730.html
|
||||
* https://blog.talosintelligence.com/2021/08/threat-roundup-0813-0820.html
|
||||
* https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
|
||||
* https://blog.talosintelligence.com/2021/11/threat-roundup-1029-1105.html
|
||||
* https://blog.talosintelligence.com/2022/04/threat-roundup-0415-0422.html
|
||||
* https://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -332,11 +332,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -344,45 +344,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.procmailrc` | Medium
|
||||
2 | File | `/#/CampaignManager/users` | High
|
||||
3 | File | `/admin/admin_login.php` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/AvalancheWeb/image` | High
|
||||
6 | File | `/bin/sh` | Low
|
||||
7 | File | `/cgi-bin/portal` | High
|
||||
8 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
9 | File | `/dev/tty` | Medium
|
||||
10 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
|
||||
11 | File | `/etc/groups` | Medium
|
||||
12 | File | `/ghost/preview` | High
|
||||
13 | File | `/login` | Low
|
||||
14 | File | `/login.html` | Medium
|
||||
15 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
16 | File | `/member/index/login.html` | High
|
||||
17 | File | `/nova/bin/detnet` | High
|
||||
18 | File | `/proc/self/setgroups` | High
|
||||
19 | File | `/public/plugins/` | High
|
||||
20 | File | `/rest/api/latest/user/avatar/temporary` | High
|
||||
21 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
22 | File | `/sm/api/v1/firewall/zone/services` | High
|
||||
23 | File | `/src/njs_vmcode.c` | High
|
||||
24 | File | `/system/user/resetPwd` | High
|
||||
25 | File | `/tmp/app/.env` | High
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/user-utils/users/md5.json` | High
|
||||
28 | File | `/var/adm/btmp` | High
|
||||
29 | File | `/websocket/exec` | High
|
||||
30 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
31 | File | `/x_program_center/jaxrs/invoke` | High
|
||||
32 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
33 | File | `add_vhost.php` | High
|
||||
34 | File | `admin.inc.php` | High
|
||||
35 | File | `admin/conf_users_edit.php` | High
|
||||
36 | File | `admin/index.php` | High
|
||||
37 | ... | ... | ...
|
||||
1 | File | `/#/CampaignManager/users` | High
|
||||
2 | File | `/admin/admin_login.php` | High
|
||||
3 | File | `/anony/mjpg.cgi` | High
|
||||
4 | File | `/cgi-bin/luci/api/auth` | High
|
||||
5 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
6 | File | `/data/vendor/tcl` | High
|
||||
7 | File | `/debug/pprof` | Medium
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/HNAP1` | Low
|
||||
10 | File | `/i/:data/ipa.plist` | High
|
||||
11 | File | `/login` | Low
|
||||
12 | File | `/member/index/login.html` | High
|
||||
13 | File | `/mgmt/tm/util/bash` | High
|
||||
14 | File | `/php/passport/index.php` | High
|
||||
15 | File | `/plesk-site-preview/` | High
|
||||
16 | File | `/requests.php` | High
|
||||
17 | File | `/saml/login` | Medium
|
||||
18 | File | `/ScadaBR/login.htm` | High
|
||||
19 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
20 | File | `/ServletAPI/accounts/login` | High
|
||||
21 | File | `/ubus/uci.apply` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/upload` | Low
|
||||
24 | File | `/usr/bin/pkexec` | High
|
||||
25 | File | `/var/adm/btmp` | High
|
||||
26 | File | `/var/log/messages` | High
|
||||
27 | File | `/var/run/zabbix` | High
|
||||
28 | File | `/wp-admin/admin-ajax.php` | High
|
||||
29 | File | `account/login.php` | High
|
||||
30 | File | `ad/login.asp` | Medium
|
||||
31 | File | `adclick.php` | Medium
|
||||
32 | File | `admin.php` | Medium
|
||||
33 | File | `admin.webring.docs.php` | High
|
||||
34 | File | `admin/admin_ping.php` | High
|
||||
35 | File | `admin/login.php` | High
|
||||
36 | File | `admin/viewtheatre.php` | High
|
||||
37 | File | `adminer.php` | Medium
|
||||
38 | File | `agenda.php3` | Medium
|
||||
39 | File | `ajaxp.php` | Medium
|
||||
40 | File | `anonymous/authenticated` | High
|
||||
41 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 365 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -61,12 +61,13 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/Home/GetAttachment` | High
|
||||
5 | File | `/LogoStore/search.php` | High
|
||||
6 | File | `/modules/projects/vw_files.php` | High
|
||||
7 | File | `admin/limits.php` | High
|
||||
8 | File | `AjaxFileUploadHandler.axd` | High
|
||||
9 | File | `auth-gss2.c` | Medium
|
||||
10 | ... | ... | ...
|
||||
7 | File | `/sm/api/v1/firewall/zone/services` | High
|
||||
8 | File | `admin/limits.php` | High
|
||||
9 | File | `AjaxFileUploadHandler.axd` | High
|
||||
10 | File | `auth-gss2.c` | Medium
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 78 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,50 +21,72 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [13.115.40.251](https://vuldb.com/?ip.13.115.40.251) | ec2-13-115-40-251.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
2 | [13.249.38.69](https://vuldb.com/?ip.13.249.38.69) | server-13-249-38-69.iad89.r.cloudfront.net | - | High
|
||||
3 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
|
||||
4 | [20.189.173.22](https://vuldb.com/?ip.20.189.173.22) | - | - | High
|
||||
5 | [23.94.244.17](https://vuldb.com/?ip.23.94.244.17) | 23-94-244-17-host.colocrossing.com | - | High
|
||||
6 | [23.94.244.18](https://vuldb.com/?ip.23.94.244.18) | 23-94-244-18-host.colocrossing.com | - | High
|
||||
7 | [23.95.28.181](https://vuldb.com/?ip.23.95.28.181) | 23-95-28-181-host.colocrossing.com | - | High
|
||||
8 | [23.225.194.93](https://vuldb.com/?ip.23.225.194.93) | - | - | High
|
||||
9 | [23.245.118.14](https://vuldb.com/?ip.23.245.118.14) | - | - | High
|
||||
10 | [27.9.199.217](https://vuldb.com/?ip.27.9.199.217) | - | - | High
|
||||
11 | [27.50.162.226](https://vuldb.com/?ip.27.50.162.226) | - | - | High
|
||||
12 | [27.54.252.252](https://vuldb.com/?ip.27.54.252.252) | - | - | High
|
||||
13 | [27.202.226.109](https://vuldb.com/?ip.27.202.226.109) | - | - | High
|
||||
14 | [36.43.74.215](https://vuldb.com/?ip.36.43.74.215) | - | - | High
|
||||
15 | [36.46.114.54](https://vuldb.com/?ip.36.46.114.54) | - | - | High
|
||||
16 | [39.109.1.246](https://vuldb.com/?ip.39.109.1.246) | - | - | High
|
||||
17 | [39.109.5.112](https://vuldb.com/?ip.39.109.5.112) | - | - | High
|
||||
18 | [42.51.192.3](https://vuldb.com/?ip.42.51.192.3) | - | - | High
|
||||
19 | [42.236.77.185](https://vuldb.com/?ip.42.236.77.185) | hn.kd.ny.adsl | - | High
|
||||
20 | [43.226.152.12](https://vuldb.com/?ip.43.226.152.12) | - | - | High
|
||||
21 | [43.226.159.201](https://vuldb.com/?ip.43.226.159.201) | - | - | High
|
||||
22 | [43.248.201.209](https://vuldb.com/?ip.43.248.201.209) | - | - | High
|
||||
23 | [45.119.125.223](https://vuldb.com/?ip.45.119.125.223) | - | - | High
|
||||
24 | [45.195.203.97](https://vuldb.com/?ip.45.195.203.97) | - | - | High
|
||||
25 | [45.253.67.78](https://vuldb.com/?ip.45.253.67.78) | - | - | High
|
||||
26 | [47.93.52.188](https://vuldb.com/?ip.47.93.52.188) | - | - | High
|
||||
27 | [47.93.245.163](https://vuldb.com/?ip.47.93.245.163) | - | - | High
|
||||
28 | [47.94.138.49](https://vuldb.com/?ip.47.94.138.49) | - | - | High
|
||||
29 | [47.95.233.18](https://vuldb.com/?ip.47.95.233.18) | - | - | High
|
||||
30 | [47.98.248.205](https://vuldb.com/?ip.47.98.248.205) | - | - | High
|
||||
31 | [47.111.82.157](https://vuldb.com/?ip.47.111.82.157) | - | - | High
|
||||
32 | [47.112.30.91](https://vuldb.com/?ip.47.112.30.91) | - | - | High
|
||||
33 | [49.2.123.56](https://vuldb.com/?ip.49.2.123.56) | - | - | High
|
||||
34 | [52.168.117.173](https://vuldb.com/?ip.52.168.117.173) | - | - | High
|
||||
35 | [52.182.143.212](https://vuldb.com/?ip.52.182.143.212) | - | - | High
|
||||
36 | [54.76.135.1](https://vuldb.com/?ip.54.76.135.1) | ec2-54-76-135-1.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
37 | [58.55.149.231](https://vuldb.com/?ip.58.55.149.231) | - | - | High
|
||||
38 | [58.55.154.119](https://vuldb.com/?ip.58.55.154.119) | - | - | High
|
||||
39 | [58.218.66.21](https://vuldb.com/?ip.58.218.66.21) | - | - | High
|
||||
40 | [58.218.67.245](https://vuldb.com/?ip.58.218.67.245) | - | - | High
|
||||
41 | [58.218.199.225](https://vuldb.com/?ip.58.218.199.225) | - | - | High
|
||||
42 | ... | ... | ... | ...
|
||||
1 | [1.15.252.63](https://vuldb.com/?ip.1.15.252.63) | - | - | High
|
||||
2 | [1.93.49.73](https://vuldb.com/?ip.1.93.49.73) | - | - | High
|
||||
3 | [8.7.198.46](https://vuldb.com/?ip.8.7.198.46) | - | - | High
|
||||
4 | [8.129.184.93](https://vuldb.com/?ip.8.129.184.93) | - | - | High
|
||||
5 | [13.115.40.251](https://vuldb.com/?ip.13.115.40.251) | ec2-13-115-40-251.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
6 | [13.249.38.69](https://vuldb.com/?ip.13.249.38.69) | server-13-249-38-69.iad89.r.cloudfront.net | - | High
|
||||
7 | [14.108.240.64](https://vuldb.com/?ip.14.108.240.64) | - | - | High
|
||||
8 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
|
||||
9 | [20.189.173.22](https://vuldb.com/?ip.20.189.173.22) | - | - | High
|
||||
10 | [23.89.5.60](https://vuldb.com/?ip.23.89.5.60) | mtx77mcs683.webex.com | - | High
|
||||
11 | [23.94.244.17](https://vuldb.com/?ip.23.94.244.17) | 23-94-244-17-host.colocrossing.com | - | High
|
||||
12 | [23.94.244.18](https://vuldb.com/?ip.23.94.244.18) | 23-94-244-18-host.colocrossing.com | - | High
|
||||
13 | [23.95.28.181](https://vuldb.com/?ip.23.95.28.181) | 23-95-28-181-host.colocrossing.com | - | High
|
||||
14 | [23.225.194.93](https://vuldb.com/?ip.23.225.194.93) | - | - | High
|
||||
15 | [23.238.148.74](https://vuldb.com/?ip.23.238.148.74) | alsogoingtowardbettringthis.com | - | High
|
||||
16 | [23.238.196.11](https://vuldb.com/?ip.23.238.196.11) | - | - | High
|
||||
17 | [23.239.194.29](https://vuldb.com/?ip.23.239.194.29) | - | - | High
|
||||
18 | [23.245.118.14](https://vuldb.com/?ip.23.245.118.14) | - | - | High
|
||||
19 | [23.248.219.47](https://vuldb.com/?ip.23.248.219.47) | - | - | High
|
||||
20 | [27.9.199.217](https://vuldb.com/?ip.27.9.199.217) | - | - | High
|
||||
21 | [27.50.162.226](https://vuldb.com/?ip.27.50.162.226) | - | - | High
|
||||
22 | [27.54.252.252](https://vuldb.com/?ip.27.54.252.252) | - | - | High
|
||||
23 | [27.154.146.235](https://vuldb.com/?ip.27.154.146.235) | 235.146.154.27.broad.xm.fj.dynamic.163data.com.cn | - | High
|
||||
24 | [27.202.226.109](https://vuldb.com/?ip.27.202.226.109) | - | - | High
|
||||
25 | [27.255.80.206](https://vuldb.com/?ip.27.255.80.206) | - | - | High
|
||||
26 | [36.43.74.215](https://vuldb.com/?ip.36.43.74.215) | - | - | High
|
||||
27 | [36.46.114.54](https://vuldb.com/?ip.36.46.114.54) | - | - | High
|
||||
28 | [39.109.1.246](https://vuldb.com/?ip.39.109.1.246) | - | - | High
|
||||
29 | [39.109.5.112](https://vuldb.com/?ip.39.109.5.112) | - | - | High
|
||||
30 | [39.156.66.108](https://vuldb.com/?ip.39.156.66.108) | - | - | High
|
||||
31 | [42.51.192.3](https://vuldb.com/?ip.42.51.192.3) | - | - | High
|
||||
32 | [42.236.77.185](https://vuldb.com/?ip.42.236.77.185) | hn.kd.ny.adsl | - | High
|
||||
33 | [43.226.152.12](https://vuldb.com/?ip.43.226.152.12) | - | - | High
|
||||
34 | [43.226.159.201](https://vuldb.com/?ip.43.226.159.201) | - | - | High
|
||||
35 | [43.248.201.209](https://vuldb.com/?ip.43.248.201.209) | - | - | High
|
||||
36 | [45.114.11.137](https://vuldb.com/?ip.45.114.11.137) | - | - | High
|
||||
37 | [45.119.125.223](https://vuldb.com/?ip.45.119.125.223) | - | - | High
|
||||
38 | [45.195.203.97](https://vuldb.com/?ip.45.195.203.97) | - | - | High
|
||||
39 | [45.253.67.78](https://vuldb.com/?ip.45.253.67.78) | - | - | High
|
||||
40 | [46.82.174.69](https://vuldb.com/?ip.46.82.174.69) | p2e52ae45.dip0.t-ipconnect.de | - | High
|
||||
41 | [47.93.52.188](https://vuldb.com/?ip.47.93.52.188) | - | - | High
|
||||
42 | [47.93.245.163](https://vuldb.com/?ip.47.93.245.163) | - | - | High
|
||||
43 | [47.94.138.49](https://vuldb.com/?ip.47.94.138.49) | - | - | High
|
||||
44 | [47.95.233.18](https://vuldb.com/?ip.47.95.233.18) | - | - | High
|
||||
45 | [47.98.248.205](https://vuldb.com/?ip.47.98.248.205) | - | - | High
|
||||
46 | [47.111.82.157](https://vuldb.com/?ip.47.111.82.157) | - | - | High
|
||||
47 | [47.112.30.91](https://vuldb.com/?ip.47.112.30.91) | - | - | High
|
||||
48 | [49.2.123.56](https://vuldb.com/?ip.49.2.123.56) | - | - | High
|
||||
49 | [49.7.37.126](https://vuldb.com/?ip.49.7.37.126) | - | - | High
|
||||
50 | [52.168.117.173](https://vuldb.com/?ip.52.168.117.173) | - | - | High
|
||||
51 | [52.182.143.212](https://vuldb.com/?ip.52.182.143.212) | - | - | High
|
||||
52 | [54.76.135.1](https://vuldb.com/?ip.54.76.135.1) | ec2-54-76-135-1.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
53 | [58.55.149.231](https://vuldb.com/?ip.58.55.149.231) | - | - | High
|
||||
54 | [58.55.154.119](https://vuldb.com/?ip.58.55.154.119) | - | - | High
|
||||
55 | [58.218.66.21](https://vuldb.com/?ip.58.218.66.21) | - | - | High
|
||||
56 | [58.218.67.245](https://vuldb.com/?ip.58.218.67.245) | - | - | High
|
||||
57 | [58.218.199.225](https://vuldb.com/?ip.58.218.199.225) | - | - | High
|
||||
58 | [58.221.47.41](https://vuldb.com/?ip.58.221.47.41) | - | - | High
|
||||
59 | [58.221.47.47](https://vuldb.com/?ip.58.221.47.47) | - | - | High
|
||||
60 | [59.13.211.161](https://vuldb.com/?ip.59.13.211.161) | - | - | High
|
||||
61 | [59.24.3.174](https://vuldb.com/?ip.59.24.3.174) | - | - | High
|
||||
62 | [59.46.12.8](https://vuldb.com/?ip.59.46.12.8) | - | - | High
|
||||
63 | [59.46.80.202](https://vuldb.com/?ip.59.46.80.202) | - | - | High
|
||||
64 | ... | ... | ... | ...
|
||||
|
||||
There are 165 more IOC items available. Please use our online service to access the data.
|
||||
There are 254 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -77,7 +99,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -85,55 +107,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\checkmk\agent\local` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/#/CampaignManager/users` | High
|
||||
4 | File | `//` | Low
|
||||
5 | File | `/admin.php?action=themeinstall` | High
|
||||
6 | File | `/admin/?setting-base.htm` | High
|
||||
7 | File | `/admin/admin_login.php` | High
|
||||
8 | File | `/admin/login.php` | High
|
||||
9 | File | `/apply_noauth.cgi` | High
|
||||
10 | File | `/audit/log/log_management.php` | High
|
||||
11 | File | `/bin/login` | Medium
|
||||
12 | File | `/bin/sh` | Low
|
||||
13 | File | `/cgi-bin/login` | High
|
||||
14 | File | `/classes/profile.class.php` | High
|
||||
15 | File | `/dev/tty` | Medium
|
||||
16 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
|
||||
17 | File | `/downloads/` | Medium
|
||||
18 | File | `/etc/groups` | Medium
|
||||
19 | File | `/index.php` | Medium
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/#/CampaignManager/users` | High
|
||||
3 | File | `/admin.php?action=themeinstall` | High
|
||||
4 | File | `/admin/?setting-base.htm` | High
|
||||
5 | File | `/admin/admin_login.php` | High
|
||||
6 | File | `/admin/login.php` | High
|
||||
7 | File | `/apply_noauth.cgi` | High
|
||||
8 | File | `/audit/log/log_management.php` | High
|
||||
9 | File | `/bin/sh` | Low
|
||||
10 | File | `/cgi-bin/luci/api/auth` | High
|
||||
11 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
12 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/dev/tty` | Medium
|
||||
15 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
|
||||
16 | File | `/downloads/` | Medium
|
||||
17 | File | `/etc/groups` | Medium
|
||||
18 | File | `/goforms/rlminfo` | High
|
||||
19 | File | `/HNAP1` | Low
|
||||
20 | File | `/login` | Low
|
||||
21 | File | `/login.html` | Medium
|
||||
22 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
23 | File | `/member/index/login.html` | High
|
||||
24 | File | `/modules/certinfo/index.php` | High
|
||||
25 | File | `/MTFWU` | Low
|
||||
26 | File | `/ptms/classes/Users.php` | High
|
||||
27 | File | `/ScadaBR/login.htm` | High
|
||||
28 | File | `/system/tool/ping.php` | High
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/usr/bin/pkexec` | High
|
||||
24 | File | `/mgmt/tm/util/bash` | High
|
||||
25 | File | `/modules/certinfo/index.php` | High
|
||||
26 | File | `/php/passport/index.php` | High
|
||||
27 | File | `/saml/login` | Medium
|
||||
28 | File | `/ScadaBR/login.htm` | High
|
||||
29 | File | `/system/tool/ping.php` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/var/adm/btmp` | High
|
||||
32 | File | `/wp-json` | Medium
|
||||
33 | File | `?location=search` | High
|
||||
34 | File | `account/login.php` | High
|
||||
32 | File | `/vloggers_merch/?p=view_product` | High
|
||||
33 | File | `/wp-json` | Medium
|
||||
34 | File | `ad/login.asp` | Medium
|
||||
35 | File | `add.php` | Low
|
||||
36 | File | `admin.inc.php` | High
|
||||
37 | File | `admin.php` | Medium
|
||||
38 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
||||
39 | File | `admin/conf_users_edit.php` | High
|
||||
39 | File | `admin/admin_ping.php` | High
|
||||
40 | File | `admin/index.php` | High
|
||||
41 | File | `admin/login.asp` | High
|
||||
42 | File | `admin/login.php` | High
|
||||
43 | File | `admin/nos/login` | High
|
||||
44 | File | `admin\db\DoSql.php` | High
|
||||
45 | File | `agenda.php3` | Medium
|
||||
46 | File | `ajaxp.php` | Medium
|
||||
47 | ... | ... | ...
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 410 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -145,6 +164,19 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html
|
||||
* https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html
|
||||
* https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
|
||||
* https://blog.talosintelligence.com/2019/09/threat-roundup-0906-0913.html
|
||||
* https://blog.talosintelligence.com/2019/09/threat-roundup-0913-0920.html
|
||||
* https://blog.talosintelligence.com/2019/12/threat-roundup-1129-1206.html
|
||||
* https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html
|
||||
* https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html
|
||||
* https://blog.talosintelligence.com/2020/04/threat-roundup-0417-0424.html
|
||||
* https://blog.talosintelligence.com/2020/05/threat-roundup-0501-0508.html
|
||||
* https://blog.talosintelligence.com/2020/08/tru-0731-0807.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-1009-1016.html
|
||||
* https://blog.talosintelligence.com/2020/11/threat-roundup-1030-1106.html
|
||||
* https://blog.talosintelligence.com/2020/12/threat-roundup-1127-1204.html
|
||||
* https://blog.talosintelligence.com/2020/12/threat-roundup-1204-1211.html
|
||||
* https://blog.talosintelligence.com/2021/01/threat-roundup-0115-0122.html
|
||||
* https://blog.talosintelligence.com/2021/01/threat-roundup-0122.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0205-0212.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html
|
||||
|
@ -165,6 +197,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0218-0225.html
|
||||
* https://blog.talosintelligence.com/2022/03/threat-roundup-0225-0304.html
|
||||
* https://blog.talosintelligence.com/2022/04/threat-roundup-0325-0401.html
|
||||
* https://blog.talosintelligence.com/2022/04/threat-roundup-0422-0429.html
|
||||
* https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -45,17 +45,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/index.php` | High
|
||||
3 | File | `/login.html` | Medium
|
||||
4 | File | `/new` | Low
|
||||
5 | File | `/system?action=ServiceAdmin` | High
|
||||
6 | File | `/tlogin.cgi` | Medium
|
||||
7 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
8 | File | `/var/log/nginx` | High
|
||||
9 | File | `add_vhost.php` | High
|
||||
10 | ... | ... | ...
|
||||
2 | File | `/admin/comment.php` | High
|
||||
3 | File | `/admin/index.php` | High
|
||||
4 | File | `/login.html` | Medium
|
||||
5 | File | `/new` | Low
|
||||
6 | File | `/system?action=ServiceAdmin` | High
|
||||
7 | File | `/tlogin.cgi` | Medium
|
||||
8 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
9 | File | `/var/log/nginx` | High
|
||||
10 | File | `add_vhost.php` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Gootloader - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gootloader](https://vuldb.com/?actor.gootloader). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gootloader](https://vuldb.com/?actor.gootloader)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Gootloader.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [35.206.117.64](https://vuldb.com/?ip.35.206.117.64) | 64.117.206.35.bc.googleusercontent.com | - | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,72 @@
|
|||
# Gozi - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gozi](https://vuldb.com/?actor.gozi). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gozi](https://vuldb.com/?actor.gozi)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gozi:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DK](https://vuldb.com/?country.dk)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Gozi.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [51.15.98.97](https://vuldb.com/?ip.51.15.98.97) | 97-98-15-51.instances.scw.cloud | - | High
|
||||
2 | [172.104.136.243](https://vuldb.com/?ip.172.104.136.243) | 172-104-136-243.ip.linodeusercontent.com | - | High
|
||||
3 | [192.71.245.208](https://vuldb.com/?ip.192.71.245.208) | vps-192-71-245-208.prometeus.net | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Gozi_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1222 | CWE-275 | Permission Issues | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Gozi. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/rest/project-templates/1.0/createshared` | High
|
||||
3 | File | `ActionsAndOperations` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 9 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -57,36 +57,36 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/cgi-bin` | Medium
|
||||
7 | File | `/cgi-bin/kerbynet` | High
|
||||
8 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
9 | File | `/fudforum/adm/hlplist.php` | High
|
||||
10 | File | `/login` | Low
|
||||
11 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
12 | File | `/monitoring` | Medium
|
||||
13 | File | `/new` | Low
|
||||
14 | File | `/proc/<pid>/status` | High
|
||||
15 | File | `/public/plugins/` | High
|
||||
16 | File | `/REBOOTSYSTEM` | High
|
||||
17 | File | `/scripts/killpvhost` | High
|
||||
18 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
19 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
20 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
21 | File | `/tmp` | Low
|
||||
22 | File | `/tmp/redis.ds` | High
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/wp-admin` | Medium
|
||||
25 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
26 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
27 | File | `AccountManagerService.java` | High
|
||||
28 | File | `actions/CompanyDetailsSave.php` | High
|
||||
29 | File | `ActiveServices.java` | High
|
||||
30 | File | `ActivityManagerService.java` | High
|
||||
31 | File | `admin.php` | Medium
|
||||
32 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
33 | File | `admin/add-glossary.php` | High
|
||||
34 | File | `admin/conf_users_edit.php` | High
|
||||
35 | File | `admin/edit-comments.php` | High
|
||||
9 | File | `/login` | Low
|
||||
10 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
11 | File | `/monitoring` | Medium
|
||||
12 | File | `/new` | Low
|
||||
13 | File | `/proc/<pid>/status` | High
|
||||
14 | File | `/public/plugins/` | High
|
||||
15 | File | `/REBOOTSYSTEM` | High
|
||||
16 | File | `/scripts/killpvhost` | High
|
||||
17 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
18 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
19 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
20 | File | `/tmp` | Low
|
||||
21 | File | `/tmp/redis.ds` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/wp-admin` | Medium
|
||||
24 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
25 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
26 | File | `AccountManagerService.java` | High
|
||||
27 | File | `actions/CompanyDetailsSave.php` | High
|
||||
28 | File | `ActiveServices.java` | High
|
||||
29 | File | `ActivityManagerService.java` | High
|
||||
30 | File | `admin.php` | Medium
|
||||
31 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
32 | File | `admin/add-glossary.php` | High
|
||||
33 | File | `admin/conf_users_edit.php` | High
|
||||
34 | File | `admin/edit-comments.php` | High
|
||||
35 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 311 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -160,7 +160,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -168,14 +168,14 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `//` | Low
|
||||
3 | File | `/admin-panel1.php` | High
|
||||
4 | File | `/admin.php` | Medium
|
||||
5 | File | `/admin.php/admin/ulog/index.html` | High
|
||||
6 | File | `/admin/configure.php` | High
|
||||
7 | File | `/admin/doctors/view_doctor.php` | High
|
||||
8 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
1 | File | `//` | Low
|
||||
2 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
3 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
|
||||
4 | File | `/admin-panel1.php` | High
|
||||
5 | File | `/admin.php` | Medium
|
||||
6 | File | `/admin.php/admin/ulog/index.html` | High
|
||||
7 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
8 | File | `/anony/mjpg.cgi` | High
|
||||
9 | File | `/api/crontab` | Medium
|
||||
10 | File | `/api/students/me/messages/` | High
|
||||
11 | File | `/api/trackedEntityInstances` | High
|
||||
|
@ -183,29 +183,29 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `/category.php` | High
|
||||
14 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
15 | File | `/cdsms/classes/Master.php?f=delete_package` | High
|
||||
16 | File | `/cgi-bin/uploadAccessCodePic` | High
|
||||
17 | File | `/common/info.cgi` | High
|
||||
18 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
19 | File | `/dev/dri/card1` | High
|
||||
20 | File | `/export` | Low
|
||||
21 | File | `/file?action=download&file` | High
|
||||
22 | File | `/goform/setIPv6Status` | High
|
||||
23 | File | `/goform/WifiExtraSet` | High
|
||||
24 | File | `/images` | Low
|
||||
25 | File | `/include/chart_generator.php` | High
|
||||
26 | File | `/include/make.php` | High
|
||||
27 | File | `/InternalPages/ExecuteTask.aspx` | High
|
||||
28 | File | `/nova/bin/sniffer` | High
|
||||
29 | File | `/principals` | Medium
|
||||
30 | File | `/public/plugins/` | High
|
||||
31 | File | `/reps/admin/?page=agents/manage_agent` | High
|
||||
32 | File | `/reps/classes/Master.php?f=delete_estate` | High
|
||||
33 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
34 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
35 | File | `/system/bin/osi_bin` | High
|
||||
16 | File | `/cgi-bin/login.cgi` | High
|
||||
17 | File | `/cgi-bin/luci/api/switch` | High
|
||||
18 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
19 | File | `/cgi-bin/uploadAccessCodePic` | High
|
||||
20 | File | `/cms/admin/?page=invoice/manage_invoice` | High
|
||||
21 | File | `/cms/classes/Master.php?f=delete_invoice` | High
|
||||
22 | File | `/cms/classes/Users.php?f=delete` | High
|
||||
23 | File | `/common/info.cgi` | High
|
||||
24 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
25 | File | `/export` | Low
|
||||
26 | File | `/file?action=download&file` | High
|
||||
27 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
28 | File | `/goform/WifiExtraSet` | High
|
||||
29 | File | `/guest/s/default/` | High
|
||||
30 | File | `/include/chart_generator.php` | High
|
||||
31 | File | `/include/make.php` | High
|
||||
32 | File | `/Items/*/RemoteImages/Download` | High
|
||||
33 | File | `/login` | Low
|
||||
34 | File | `/mtms/admin/?page=transaction/send` | High
|
||||
35 | File | `/nova/bin/sniffer` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 306 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 312 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hancitor](https://vuldb.com/?actor.hancitor)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with Hancitor:
|
||||
|
||||
* Cobalt Strike
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hancitor:
|
||||
|
@ -40,9 +46,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
17 | [34.213.214.65](https://vuldb.com/?ip.34.213.214.65) | ec2-34-213-214-65.us-west-2.compute.amazonaws.com | - | Medium
|
||||
18 | [45.40.182.1](https://vuldb.com/?ip.45.40.182.1) | ip-45-40-182-1.ip.secureserver.net | - | High
|
||||
19 | [45.49.169.80](https://vuldb.com/?ip.45.49.169.80) | cpe-45-49-169-80.socal.res.rr.com | - | High
|
||||
20 | ... | ... | ... | ...
|
||||
20 | [45.153.73.33](https://vuldb.com/?ip.45.153.73.33) | - | - | High
|
||||
21 | ... | ... | ... | ...
|
||||
|
||||
There are 75 more IOC items available. Please use our online service to access the data.
|
||||
There are 79 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -68,41 +75,39 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
4 | File | `/download` | Medium
|
||||
5 | File | `/drivers/infiniband/core/cm.c` | High
|
||||
6 | File | `/forum/away.php` | High
|
||||
7 | File | `/horde/util/go.php` | High
|
||||
8 | File | `/images/` | Medium
|
||||
9 | File | `/inc/extensions.php` | High
|
||||
10 | File | `/inc/parser/xhtml.php` | High
|
||||
11 | File | `/login` | Low
|
||||
12 | File | `/modules/profile/index.php` | High
|
||||
13 | File | `/nova/bin/console` | High
|
||||
14 | File | `/objects/getImageMP4.php` | High
|
||||
15 | File | `/one_church/userregister.php` | High
|
||||
16 | File | `/out.php` | Medium
|
||||
17 | File | `/public/plugins/` | High
|
||||
18 | File | `/replication` | Medium
|
||||
19 | File | `/req_password_user.php` | High
|
||||
20 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
21 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
23 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
24 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
25 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
26 | File | `/tmp` | Low
|
||||
27 | File | `/tmp/phpglibccheck` | High
|
||||
6 | File | `/files.md5` | Medium
|
||||
7 | File | `/forum/away.php` | High
|
||||
8 | File | `/horde/util/go.php` | High
|
||||
9 | File | `/images/` | Medium
|
||||
10 | File | `/inc/extensions.php` | High
|
||||
11 | File | `/inc/parser/xhtml.php` | High
|
||||
12 | File | `/login` | Low
|
||||
13 | File | `/modules/profile/index.php` | High
|
||||
14 | File | `/nova/bin/console` | High
|
||||
15 | File | `/objects/getImageMP4.php` | High
|
||||
16 | File | `/one_church/userregister.php` | High
|
||||
17 | File | `/out.php` | Medium
|
||||
18 | File | `/public/plugins/` | High
|
||||
19 | File | `/replication` | Medium
|
||||
20 | File | `/req_password_user.php` | High
|
||||
21 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
22 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
23 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
24 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
25 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
26 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
27 | File | `/tmp` | Low
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/usr/syno/etc/mount.conf` | High
|
||||
30 | File | `/WEB-INF/web.xml` | High
|
||||
31 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||
32 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
33 | File | `adclick.php` | Medium
|
||||
34 | File | `addentry.php` | Medium
|
||||
35 | File | `admin.jcomments.php` | High
|
||||
36 | File | `admin.php` | Medium
|
||||
37 | File | `admin/conf_users_edit.php` | High
|
||||
38 | ... | ... | ...
|
||||
30 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
31 | File | `/WEB-INF/web.xml` | High
|
||||
32 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||
33 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
34 | File | `adclick.php` | Medium
|
||||
35 | File | `addentry.php` | Medium
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 325 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 312 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -119,6 +124,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/
|
||||
* https://isc.sans.edu/forums/diary/Malspam+pushing+Word+documents+with+Hancitor+malware/22858/
|
||||
* https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/
|
||||
* https://thedfirreport.com/2021/06/28/hancitor-continues-to-push-cobalt-strike/
|
||||
* https://thedfirreport.com/2021/11/01/from-zero-to-domain-admin/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -45,9 +45,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
16 | [46.249.62.199](https://vuldb.com/?ip.46.249.62.199) | - | - | High
|
||||
17 | [79.141.161.176](https://vuldb.com/?ip.79.141.161.176) | zzs7bp73.copycomdigital.com | - | High
|
||||
18 | [79.141.164.241](https://vuldb.com/?ip.79.141.164.241) | x6ts.mtsgamingpro.fun | - | High
|
||||
19 | ... | ... | ... | ...
|
||||
19 | [79.141.166.39](https://vuldb.com/?ip.79.141.166.39) | webimpa.com | - | High
|
||||
20 | ... | ... | ... | ...
|
||||
|
||||
There are 74 more IOC items available. Please use our online service to access the data.
|
||||
There are 76 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -84,39 +85,39 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/include/menu_v.inc.php` | High
|
||||
15 | File | `/lms/admin.php` | High
|
||||
16 | File | `/mc` | Low
|
||||
17 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
|
||||
18 | File | `/opt/novell/ncl/bin/nwrights` | High
|
||||
19 | File | `/out.php` | Medium
|
||||
20 | File | `/proc/*/cmdline"` | High
|
||||
21 | File | `/proc/pid/syscall` | High
|
||||
22 | File | `/rest/review-coverage-chart/1.0/data/<repository_name>/.json` | High
|
||||
23 | File | `/TeamMate/Upload/DomainObjectDocumentUpload.ashx` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/var/log/pcp/configs.sh` | High
|
||||
26 | File | `/webconsole/APIController` | High
|
||||
27 | File | `/wp-admin/admin-ajax.php` | High
|
||||
28 | File | `/WWW//app/admin/controller/admincontroller.php` | High
|
||||
29 | File | `a-b-membres.php` | High
|
||||
30 | File | `action.php` | Medium
|
||||
31 | File | `admin-search.php` | High
|
||||
32 | File | `admin.jcomments.php` | High
|
||||
33 | File | `admin/adminsignin.html` | High
|
||||
34 | File | `admin/index.php` | High
|
||||
35 | File | `admin/infoclass_update.php` | High
|
||||
36 | File | `admin/plugin.php` | High
|
||||
37 | File | `admin/test.php` | High
|
||||
38 | File | `admin/versions.html` | High
|
||||
39 | File | `administrator/index.php?option=com_pago&view=comments` | High
|
||||
40 | File | `Adminlog.asp` | Medium
|
||||
41 | File | `admin_iplog.php` | High
|
||||
42 | File | `ajax.php` | Medium
|
||||
43 | File | `ajax_admin_apis.php` | High
|
||||
44 | File | `ajax_php_pecl.php` | High
|
||||
45 | File | `allocate_block.cpp` | High
|
||||
46 | File | `api.cc` | Low
|
||||
17 | File | `/mgmt/tm/util/bash` | High
|
||||
18 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
|
||||
19 | File | `/opt/novell/ncl/bin/nwrights` | High
|
||||
20 | File | `/out.php` | Medium
|
||||
21 | File | `/proc/*/cmdline"` | High
|
||||
22 | File | `/proc/pid/syscall` | High
|
||||
23 | File | `/rest/review-coverage-chart/1.0/data/<repository_name>/.json` | High
|
||||
24 | File | `/TeamMate/Upload/DomainObjectDocumentUpload.ashx` | High
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/var/log/pcp/configs.sh` | High
|
||||
27 | File | `/webconsole/APIController` | High
|
||||
28 | File | `/wp-admin/admin-ajax.php` | High
|
||||
29 | File | `/WWW//app/admin/controller/admincontroller.php` | High
|
||||
30 | File | `a-b-membres.php` | High
|
||||
31 | File | `action.php` | Medium
|
||||
32 | File | `admin-search.php` | High
|
||||
33 | File | `admin.jcomments.php` | High
|
||||
34 | File | `admin/adminsignin.html` | High
|
||||
35 | File | `admin/index.php` | High
|
||||
36 | File | `admin/infoclass_update.php` | High
|
||||
37 | File | `admin/plugin.php` | High
|
||||
38 | File | `admin/test.php` | High
|
||||
39 | File | `admin/versions.html` | High
|
||||
40 | File | `administrator/index.php?option=com_pago&view=comments` | High
|
||||
41 | File | `Adminlog.asp` | Medium
|
||||
42 | File | `admin_iplog.php` | High
|
||||
43 | File | `ajax.php` | Medium
|
||||
44 | File | `ajax_admin_apis.php` | High
|
||||
45 | File | `ajax_php_pecl.php` | High
|
||||
46 | File | `allocate_block.cpp` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 407 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 411 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -134,6 +135,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://research.checkpoint.com/2021/melting-ice-tracking-icedid-servers-with-a-few-simple-steps/
|
||||
* https://thedfirreport.com/2021/07/19/icedid-and-cobalt-strike-vs-antivirus/
|
||||
* https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/
|
||||
* https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -14,9 +14,9 @@ The following _campaigns_ are known and can be associated with Inception:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Inception:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
@ -53,35 +53,36 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php?id=posts&action=display&value=1&postid=` | High
|
||||
2 | File | `/admin/inbox.php&action=read` | High
|
||||
3 | File | `/admin/news/news_mod.php` | High
|
||||
4 | File | `/admin/page_edit/3` | High
|
||||
5 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
6 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
7 | File | `/blog/blog.php` | High
|
||||
8 | File | `/cgi-bin/main.cgi` | High
|
||||
9 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
10 | File | `/controller/Adv.php` | High
|
||||
11 | File | `/domain/service/.ewell-known/caldav` | High
|
||||
12 | File | `/dvcset/sysset/set.cgi` | High
|
||||
13 | File | `/example/editor` | High
|
||||
14 | File | `/include/make.php` | High
|
||||
15 | File | `/jquery_file_upload/server/php/index.php` | High
|
||||
16 | File | `/mobile/SelectUsers.jsp` | High
|
||||
17 | File | `/php/ajax.php` | High
|
||||
18 | File | `/ProteinArraySignificanceTest.json` | High
|
||||
19 | File | `/ptms/classes/Users.php` | High
|
||||
20 | File | `/public/admin/index.php?add_product` | High
|
||||
21 | File | `/role/saveOrUpdateRole.do` | High
|
||||
22 | File | `/system/bin/osi_bin` | High
|
||||
23 | File | `/usr/local/bin/mjs` | High
|
||||
24 | File | `/wp-content/uploads/jobmonster/` | High
|
||||
25 | File | `/zbzedit/php/zbz.php` | High
|
||||
26 | File | `ActiveServices.java` | High
|
||||
27 | ... | ... | ...
|
||||
1 | File | `.jboss-cli-history` | High
|
||||
2 | File | `/admin.php?id=posts&action=display&value=1&postid=` | High
|
||||
3 | File | `/admin/inbox.php&action=read` | High
|
||||
4 | File | `/admin/news/news_mod.php` | High
|
||||
5 | File | `/admin/page_edit/3` | High
|
||||
6 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
7 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
8 | File | `/blog/blog.php` | High
|
||||
9 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
10 | File | `/cgi-bin/main.cgi` | High
|
||||
11 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
12 | File | `/cms/classes/Master.php?f=delete_designation` | High
|
||||
13 | File | `/controller/Adv.php` | High
|
||||
14 | File | `/dvcset/sysset/set.cgi` | High
|
||||
15 | File | `/example/editor` | High
|
||||
16 | File | `/goform/setsambacfg` | High
|
||||
17 | File | `/goform/websURLFilter` | High
|
||||
18 | File | `/guest_auth/cfg/upLoadCfg.php` | High
|
||||
19 | File | `/include/make.php` | High
|
||||
20 | File | `/jquery_file_upload/server/php/index.php` | High
|
||||
21 | File | `/mobile/SelectUsers.jsp` | High
|
||||
22 | File | `/php/ajax.php` | High
|
||||
23 | File | `/ptms/classes/Users.php` | High
|
||||
24 | File | `/public/admin/index.php?add_product` | High
|
||||
25 | File | `/resolv/nss_dns/dns-host.c` | High
|
||||
26 | File | `/role/saveOrUpdateRole.do` | High
|
||||
27 | File | `/scbs/admin/?page=facilities/manage_facility` | High
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 224 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 236 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [HK](https://vuldb.com/?country.hk)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -287,12 +287,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -300,23 +300,28 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/index.php` | High
|
||||
2 | File | `/blog/blog.php` | High
|
||||
3 | File | `/cmd?cmd=connect` | High
|
||||
4 | File | `/ghost/preview` | High
|
||||
5 | File | `/nova/bin/detnet` | High
|
||||
6 | File | `/pineapple/ui` | High
|
||||
7 | File | `/proc/stat` | Medium
|
||||
8 | File | `/row/row0mysql.cc` | High
|
||||
9 | File | `/sql/sql_string.h` | High
|
||||
10 | File | `/sql/sql_type.cc` | High
|
||||
11 | File | `/src/njs_vmcode.c` | High
|
||||
12 | File | `/strings/ctype-simple.c` | High
|
||||
13 | File | `/tcpedit/checksum.c` | High
|
||||
14 | File | `/uncpath/` | Medium
|
||||
15 | ... | ... | ...
|
||||
1 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
||||
4 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
5 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
|
||||
6 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
7 | File | `/cgi-bin/login.cgi` | High
|
||||
8 | File | `/cms/admin/?page=client/view_client` | High
|
||||
9 | File | `/cms/admin/?page=invoice/manage_invoice` | High
|
||||
10 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
11 | File | `/cms/admin/?page=user/manage_user` | High
|
||||
12 | File | `/cms/admin/maintenance/manage_service.php` | High
|
||||
13 | File | `/cms/classes/Users.php?f=delete` | High
|
||||
14 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
15 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
16 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
17 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
18 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
19 | File | `/ctpms/classes/Master.php?f=delete_application` | High
|
||||
20 | ... | ... | ...
|
||||
|
||||
There are 121 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 160 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -31,12 +31,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,12 +48,12 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/account/login` | High
|
||||
3 | File | `/adherents/note.php?id=1` | High
|
||||
4 | File | `/admin/ajax.php` | High
|
||||
5 | File | `/admin/gallery.php` | High
|
||||
6 | File | `/Api/ASF` | Medium
|
||||
7 | File | `/bin/sh` | Low
|
||||
8 | File | `/cgi-bin/cgiServer.exx` | High
|
||||
9 | File | `/cgi?1&5` | Medium
|
||||
10 | File | `/clients/editclient.php` | High
|
||||
5 | File | `/Api/ASF` | Medium
|
||||
6 | File | `/bin/sh` | Low
|
||||
7 | File | `/cgi-bin/cgiServer.exx` | High
|
||||
8 | File | `/cgi?1&5` | Medium
|
||||
9 | File | `/clients/editclient.php` | High
|
||||
10 | File | `/CommunitySSORedirect.jsp` | High
|
||||
11 | File | `/dl/dl_sendmail.php` | High
|
||||
12 | File | `/downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language` | High
|
||||
13 | File | `/formStaticDHCP` | High
|
||||
|
@ -76,10 +76,9 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c` | High
|
||||
31 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c` | High
|
||||
32 | File | `/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c` | High
|
||||
33 | File | `/sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c` | High
|
||||
34 | ... | ... | ...
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 288 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 284 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `assets/add/registrar-accounts.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -97,9 +97,10 @@ ID | Type | Indicator | Confidence
|
|||
35 | File | `ashnews.php/ashheadlines.php` | High
|
||||
36 | File | `base/ErrorHandler.php` | High
|
||||
37 | File | `blog.php` | Medium
|
||||
38 | ... | ... | ...
|
||||
38 | File | `board.php` | Medium
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 333 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -11,9 +11,10 @@ The following _campaigns_ are known and can be associated with Lazarus:
|
|||
* AppleJeus
|
||||
* Chemical Sector
|
||||
* Fallchill
|
||||
* Hidden Cobra
|
||||
* ...
|
||||
|
||||
There are 7 more campaign items available. Please use our online service to access the data.
|
||||
There are 8 more campaign items available. Please use our online service to access the data.
|
||||
|
||||
## Countries
|
||||
|
||||
|
@ -21,7 +22,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [IN](https://vuldb.com/?country.in)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
@ -105,119 +106,121 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
71 | [14.141.129.116](https://vuldb.com/?ip.14.141.129.116) | 14.141.129.116.static-Delhi.vsnl.net.in | Volgmer | High
|
||||
72 | [14.149.149.211](https://vuldb.com/?ip.14.149.149.211) | - | Hidden Cobra | High
|
||||
73 | [21.252.107.198](https://vuldb.com/?ip.21.252.107.198) | - | Hoplight | High
|
||||
74 | [23.152.0.232](https://vuldb.com/?ip.23.152.0.232) | betrp-basisto.seemband.com | - | High
|
||||
75 | [26.165.218.44](https://vuldb.com/?ip.26.165.218.44) | - | Hoplight | High
|
||||
76 | [27.96.110.130](https://vuldb.com/?ip.27.96.110.130) | 130.110.96.27.static.m1net.com.sg | Hidden Cobra | High
|
||||
77 | [27.114.187.37](https://vuldb.com/?ip.27.114.187.37) | - | Volgmer | High
|
||||
78 | [27.123.221.66](https://vuldb.com/?ip.27.123.221.66) | 66-221.fiber.net.id | Fallchill | High
|
||||
79 | [27.125.35.229](https://vuldb.com/?ip.27.125.35.229) | - | Hidden Cobra | High
|
||||
80 | [31.47.47.130](https://vuldb.com/?ip.31.47.47.130) | - | Hidden Cobra | High
|
||||
81 | [31.54.73.156](https://vuldb.com/?ip.31.54.73.156) | host31-54-73-156.range31-54.btcentralplus.com | Hidden Cobra | High
|
||||
82 | [31.54.74.176](https://vuldb.com/?ip.31.54.74.176) | host31-54-74-176.range31-54.btcentralplus.com | Hidden Cobra | High
|
||||
83 | [31.146.82.22](https://vuldb.com/?ip.31.146.82.22) | 31-146-82-22.dsl.utg.ge | Volgmer | High
|
||||
84 | [31.146.136.6](https://vuldb.com/?ip.31.146.136.6) | 31-146-136-6.dsl.utg.ge | Hidden Cobra | High
|
||||
85 | [31.168.203.44](https://vuldb.com/?ip.31.168.203.44) | bzq-203-168-31-44.red.bezeqint.net | Hidden Cobra | High
|
||||
86 | [36.71.90.4](https://vuldb.com/?ip.36.71.90.4) | - | Fallchill | High
|
||||
87 | [37.34.240.177](https://vuldb.com/?ip.37.34.240.177) | - | Hidden Cobra | High
|
||||
88 | [37.48.106.69](https://vuldb.com/?ip.37.48.106.69) | high-convey.blockother.com | Hidden Cobra | High
|
||||
89 | [37.71.50.2](https://vuldb.com/?ip.37.71.50.2) | 2.50.71.37.rev.sfr.net | Hidden Cobra | High
|
||||
90 | [37.75.0.98](https://vuldb.com/?ip.37.75.0.98) | - | Hidden Cobra | High
|
||||
91 | [37.75.2.203](https://vuldb.com/?ip.37.75.2.203) | - | Hidden Cobra | High
|
||||
92 | [37.75.10.194](https://vuldb.com/?ip.37.75.10.194) | mail.kplus.com.tr | Hidden Cobra | High
|
||||
93 | [37.75.11.162](https://vuldb.com/?ip.37.75.11.162) | 37-75-11-162.rdns.saglayici.net | Hidden Cobra | High
|
||||
94 | [37.98.114.90](https://vuldb.com/?ip.37.98.114.90) | 90.mobinnet.net | Volgmer | High
|
||||
95 | [37.104.24.220](https://vuldb.com/?ip.37.104.24.220) | - | Hidden Cobra | High
|
||||
96 | [37.104.50.144](https://vuldb.com/?ip.37.104.50.144) | - | Hidden Cobra | High
|
||||
97 | [37.104.67.33](https://vuldb.com/?ip.37.104.67.33) | - | Hidden Cobra | High
|
||||
98 | [37.105.234.200](https://vuldb.com/?ip.37.105.234.200) | - | Hidden Cobra | High
|
||||
99 | [37.106.115.3](https://vuldb.com/?ip.37.106.115.3) | - | Hidden Cobra | High
|
||||
100 | [37.143.29.10](https://vuldb.com/?ip.37.143.29.10) | - | Hidden Cobra | High
|
||||
101 | [37.148.209.156](https://vuldb.com/?ip.37.148.209.156) | 37-148-209-156.cizgi.net.tr | Hidden Cobra | High
|
||||
102 | [37.216.67.155](https://vuldb.com/?ip.37.216.67.155) | - | Volgmer | High
|
||||
103 | [37.216.213.70](https://vuldb.com/?ip.37.216.213.70) | - | Hidden Cobra | High
|
||||
104 | [37.235.21.166](https://vuldb.com/?ip.37.235.21.166) | - | Volgmer | High
|
||||
105 | [37.238.135.70](https://vuldb.com/?ip.37.238.135.70) | - | - | High
|
||||
106 | [38.132.124.161](https://vuldb.com/?ip.38.132.124.161) | - | TraderTraitor | High
|
||||
107 | [41.57.108.68](https://vuldb.com/?ip.41.57.108.68) | - | Hidden Cobra | High
|
||||
108 | [41.67.136.38](https://vuldb.com/?ip.41.67.136.38) | netcomafrica.com | Hidden Cobra | High
|
||||
109 | [41.67.136.39](https://vuldb.com/?ip.41.67.136.39) | netcomafrica.com | Hidden Cobra | High
|
||||
110 | [41.72.99.5](https://vuldb.com/?ip.41.72.99.5) | - | Hidden Cobra | High
|
||||
111 | [41.72.101.138](https://vuldb.com/?ip.41.72.101.138) | - | Hidden Cobra | High
|
||||
112 | [41.74.166.253](https://vuldb.com/?ip.41.74.166.253) | - | Hidden Cobra | High
|
||||
113 | [41.92.208.194](https://vuldb.com/?ip.41.92.208.194) | - | Fallchill | High
|
||||
114 | [41.92.208.196](https://vuldb.com/?ip.41.92.208.196) | - | Fallchill | High
|
||||
115 | [41.92.208.197](https://vuldb.com/?ip.41.92.208.197) | - | Fallchill | High
|
||||
116 | [41.110.179.197](https://vuldb.com/?ip.41.110.179.197) | - | Hidden Cobra | High
|
||||
117 | [41.128.226.60](https://vuldb.com/?ip.41.128.226.60) | - | Hidden Cobra | High
|
||||
118 | [41.131.49.228](https://vuldb.com/?ip.41.131.49.228) | host-41-131-49-228.static.link.com.eg | Hidden Cobra | High
|
||||
119 | [41.131.164.156](https://vuldb.com/?ip.41.131.164.156) | - | Hidden Cobra | High
|
||||
120 | [41.134.208.234](https://vuldb.com/?ip.41.134.208.234) | 41-134-208-234.dsl.mweb.co.za | Hidden Cobra | High
|
||||
121 | [41.182.252.56](https://vuldb.com/?ip.41.182.252.56) | ADSL-41-182-252-56.ipb.na | Hidden Cobra | High
|
||||
122 | [41.205.139.34](https://vuldb.com/?ip.41.205.139.34) | ADSL-41-205-139-34.ipb.na | Hidden Cobra | High
|
||||
123 | [41.208.106.68](https://vuldb.com/?ip.41.208.106.68) | owa.altaqnya.com.ly | Hidden Cobra | High
|
||||
124 | [41.208.106.70](https://vuldb.com/?ip.41.208.106.70) | dc1.Mail.dsmhlc.ly | Hidden Cobra | High
|
||||
125 | [41.215.250.40](https://vuldb.com/?ip.41.215.250.40) | - | Hidden Cobra | High
|
||||
126 | [41.223.30.20](https://vuldb.com/?ip.41.223.30.20) | host30-20.creolink.com | Hidden Cobra | High
|
||||
127 | [41.224.254.90](https://vuldb.com/?ip.41.224.254.90) | - | Hidden Cobra | High
|
||||
128 | [43.249.216.6](https://vuldb.com/?ip.43.249.216.6) | - | Volgmer | High
|
||||
129 | [45.33.2.79](https://vuldb.com/?ip.45.33.2.79) | li956-79.members.linode.com | AppleJeus | High
|
||||
130 | [45.33.23.183](https://vuldb.com/?ip.45.33.23.183) | li977-183.members.linode.com | AppleJeus | High
|
||||
131 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | AppleJeus | High
|
||||
132 | [45.79.19.196](https://vuldb.com/?ip.45.79.19.196) | li1118-196.members.linode.com | AppleJeus | High
|
||||
133 | [45.118.34.215](https://vuldb.com/?ip.45.118.34.215) | - | Volgmer | High
|
||||
134 | [45.120.61.145](https://vuldb.com/?ip.45.120.61.145) | - | Hidden Cobra | High
|
||||
135 | [45.124.169.36](https://vuldb.com/?ip.45.124.169.36) | - | Volgmer | High
|
||||
136 | [45.199.63.220](https://vuldb.com/?ip.45.199.63.220) | - | AppleJeus | High
|
||||
137 | [46.16.62.238](https://vuldb.com/?ip.46.16.62.238) | fnadh-35.srv.cat | TraderTraitor | High
|
||||
138 | [46.19.101.186](https://vuldb.com/?ip.46.19.101.186) | ip-46-19-101-186.gnc.net | Hidden Cobra | High
|
||||
139 | [46.21.147.161](https://vuldb.com/?ip.46.21.147.161) | 46-21-147-161.static.hvvc.us | - | High
|
||||
140 | [46.52.131.102](https://vuldb.com/?ip.46.52.131.102) | - | Hidden Cobra | High
|
||||
141 | [46.121.242.180](https://vuldb.com/?ip.46.121.242.180) | 46-121-242-180.static.012.net.il | Hidden Cobra | High
|
||||
142 | [46.174.116.60](https://vuldb.com/?ip.46.174.116.60) | - | Hidden Cobra | High
|
||||
143 | [46.174.116.87](https://vuldb.com/?ip.46.174.116.87) | - | Hidden Cobra | High
|
||||
144 | [46.174.116.90](https://vuldb.com/?ip.46.174.116.90) | - | Hidden Cobra | High
|
||||
145 | [46.174.116.99](https://vuldb.com/?ip.46.174.116.99) | - | Hidden Cobra | High
|
||||
146 | [46.174.116.221](https://vuldb.com/?ip.46.174.116.221) | - | Hidden Cobra | High
|
||||
147 | [46.174.116.231](https://vuldb.com/?ip.46.174.116.231) | - | Hidden Cobra | High
|
||||
148 | [46.174.116.234](https://vuldb.com/?ip.46.174.116.234) | - | Hidden Cobra | High
|
||||
149 | [46.174.117.15](https://vuldb.com/?ip.46.174.117.15) | - | Hidden Cobra | High
|
||||
150 | [46.174.117.32](https://vuldb.com/?ip.46.174.117.32) | - | Hidden Cobra | High
|
||||
151 | [46.174.117.36](https://vuldb.com/?ip.46.174.117.36) | - | Hidden Cobra | High
|
||||
152 | [46.174.117.42](https://vuldb.com/?ip.46.174.117.42) | - | Hidden Cobra | High
|
||||
153 | [46.174.117.44](https://vuldb.com/?ip.46.174.117.44) | - | Hidden Cobra | High
|
||||
154 | [46.174.117.50](https://vuldb.com/?ip.46.174.117.50) | - | Hidden Cobra | High
|
||||
155 | [46.174.117.61](https://vuldb.com/?ip.46.174.117.61) | - | Hidden Cobra | High
|
||||
156 | [46.174.117.77](https://vuldb.com/?ip.46.174.117.77) | - | Hidden Cobra | High
|
||||
157 | [46.174.117.80](https://vuldb.com/?ip.46.174.117.80) | - | Hidden Cobra | High
|
||||
158 | [46.174.117.97](https://vuldb.com/?ip.46.174.117.97) | - | Hidden Cobra | High
|
||||
159 | [46.174.117.98](https://vuldb.com/?ip.46.174.117.98) | - | Hidden Cobra | High
|
||||
160 | [46.174.117.103](https://vuldb.com/?ip.46.174.117.103) | - | Hidden Cobra | High
|
||||
161 | [46.174.117.116](https://vuldb.com/?ip.46.174.117.116) | - | Hidden Cobra | High
|
||||
162 | [46.174.117.121](https://vuldb.com/?ip.46.174.117.121) | - | Hidden Cobra | High
|
||||
163 | [46.174.117.129](https://vuldb.com/?ip.46.174.117.129) | - | Hidden Cobra | High
|
||||
164 | [46.174.117.134](https://vuldb.com/?ip.46.174.117.134) | - | Hidden Cobra | High
|
||||
165 | [46.174.117.153](https://vuldb.com/?ip.46.174.117.153) | - | Hidden Cobra | High
|
||||
166 | [46.174.117.164](https://vuldb.com/?ip.46.174.117.164) | - | Hidden Cobra | High
|
||||
167 | [46.218.127.110](https://vuldb.com/?ip.46.218.127.110) | reverse.completel.fr | Hidden Cobra | High
|
||||
168 | [47.206.4.145](https://vuldb.com/?ip.47.206.4.145) | static-47-206-4-145.srst.fl.frontiernet.net | Hoplight | High
|
||||
169 | [49.206.1.61](https://vuldb.com/?ip.49.206.1.61) | 49.206.1.61.actcorp.in | Hidden Cobra | High
|
||||
170 | [50.62.168.157](https://vuldb.com/?ip.50.62.168.157) | p3nwvpweb145.shr.prod.phx3.secureserver.net | Fallchill | High
|
||||
171 | [50.87.144.227](https://vuldb.com/?ip.50.87.144.227) | somethingaboutmarketing.com | - | High
|
||||
172 | [51.235.1.216](https://vuldb.com/?ip.51.235.1.216) | - | Hidden Cobra | High
|
||||
173 | [51.235.13.162](https://vuldb.com/?ip.51.235.13.162) | - | Hidden Cobra | High
|
||||
174 | [51.235.17.133](https://vuldb.com/?ip.51.235.17.133) | - | Hidden Cobra | High
|
||||
175 | [51.235.19.202](https://vuldb.com/?ip.51.235.19.202) | - | Hidden Cobra | High
|
||||
176 | [51.235.33.226](https://vuldb.com/?ip.51.235.33.226) | - | Hidden Cobra | High
|
||||
177 | [51.235.49.202](https://vuldb.com/?ip.51.235.49.202) | - | Hidden Cobra | High
|
||||
178 | [52.79.118.195](https://vuldb.com/?ip.52.79.118.195) | ec2-52-79-118-195.ap-northeast-2.compute.amazonaws.com | Chemical Sector | Medium
|
||||
179 | [54.64.30.175](https://vuldb.com/?ip.54.64.30.175) | vega.mh-tec.co.jp | - | High
|
||||
180 | [58.82.155.98](https://vuldb.com/?ip.58.82.155.98) | 98.155.82.58.static-corp.jastel.co.th | Volgmer | High
|
||||
181 | [58.185.197.210](https://vuldb.com/?ip.58.185.197.210) | - | Volgmer | High
|
||||
182 | [59.90.93.97](https://vuldb.com/?ip.59.90.93.97) | static.bb.knl.59.90.93.97.bsnl.in | Typeframe | High
|
||||
183 | [59.90.93.138](https://vuldb.com/?ip.59.90.93.138) | static.bb.knl.59.90.93.138.bsnl.in | Fallchill | High
|
||||
184 | ... | ... | ... | ...
|
||||
74 | [23.81.246.131](https://vuldb.com/?ip.23.81.246.131) | - | South Korea | High
|
||||
75 | [23.152.0.232](https://vuldb.com/?ip.23.152.0.232) | betrp-basisto.seemband.com | - | High
|
||||
76 | [26.165.218.44](https://vuldb.com/?ip.26.165.218.44) | - | Hoplight | High
|
||||
77 | [27.96.110.130](https://vuldb.com/?ip.27.96.110.130) | 130.110.96.27.static.m1net.com.sg | Hidden Cobra | High
|
||||
78 | [27.114.187.37](https://vuldb.com/?ip.27.114.187.37) | - | Volgmer | High
|
||||
79 | [27.123.221.66](https://vuldb.com/?ip.27.123.221.66) | 66-221.fiber.net.id | Fallchill | High
|
||||
80 | [27.125.35.229](https://vuldb.com/?ip.27.125.35.229) | - | Hidden Cobra | High
|
||||
81 | [31.47.47.130](https://vuldb.com/?ip.31.47.47.130) | - | Hidden Cobra | High
|
||||
82 | [31.54.73.156](https://vuldb.com/?ip.31.54.73.156) | host31-54-73-156.range31-54.btcentralplus.com | Hidden Cobra | High
|
||||
83 | [31.54.74.176](https://vuldb.com/?ip.31.54.74.176) | host31-54-74-176.range31-54.btcentralplus.com | Hidden Cobra | High
|
||||
84 | [31.146.82.22](https://vuldb.com/?ip.31.146.82.22) | 31-146-82-22.dsl.utg.ge | Volgmer | High
|
||||
85 | [31.146.136.6](https://vuldb.com/?ip.31.146.136.6) | 31-146-136-6.dsl.utg.ge | Hidden Cobra | High
|
||||
86 | [31.168.203.44](https://vuldb.com/?ip.31.168.203.44) | bzq-203-168-31-44.red.bezeqint.net | Hidden Cobra | High
|
||||
87 | [36.71.90.4](https://vuldb.com/?ip.36.71.90.4) | - | Fallchill | High
|
||||
88 | [37.34.240.177](https://vuldb.com/?ip.37.34.240.177) | - | Hidden Cobra | High
|
||||
89 | [37.48.106.69](https://vuldb.com/?ip.37.48.106.69) | high-convey.blockother.com | Hidden Cobra | High
|
||||
90 | [37.71.50.2](https://vuldb.com/?ip.37.71.50.2) | 2.50.71.37.rev.sfr.net | Hidden Cobra | High
|
||||
91 | [37.75.0.98](https://vuldb.com/?ip.37.75.0.98) | - | Hidden Cobra | High
|
||||
92 | [37.75.2.203](https://vuldb.com/?ip.37.75.2.203) | - | Hidden Cobra | High
|
||||
93 | [37.75.10.194](https://vuldb.com/?ip.37.75.10.194) | mail.kplus.com.tr | Hidden Cobra | High
|
||||
94 | [37.75.11.162](https://vuldb.com/?ip.37.75.11.162) | 37-75-11-162.rdns.saglayici.net | Hidden Cobra | High
|
||||
95 | [37.98.114.90](https://vuldb.com/?ip.37.98.114.90) | 90.mobinnet.net | Volgmer | High
|
||||
96 | [37.104.24.220](https://vuldb.com/?ip.37.104.24.220) | - | Hidden Cobra | High
|
||||
97 | [37.104.50.144](https://vuldb.com/?ip.37.104.50.144) | - | Hidden Cobra | High
|
||||
98 | [37.104.67.33](https://vuldb.com/?ip.37.104.67.33) | - | Hidden Cobra | High
|
||||
99 | [37.105.234.200](https://vuldb.com/?ip.37.105.234.200) | - | Hidden Cobra | High
|
||||
100 | [37.106.115.3](https://vuldb.com/?ip.37.106.115.3) | - | Hidden Cobra | High
|
||||
101 | [37.143.29.10](https://vuldb.com/?ip.37.143.29.10) | - | Hidden Cobra | High
|
||||
102 | [37.148.209.156](https://vuldb.com/?ip.37.148.209.156) | 37-148-209-156.cizgi.net.tr | Hidden Cobra | High
|
||||
103 | [37.216.67.155](https://vuldb.com/?ip.37.216.67.155) | - | Volgmer | High
|
||||
104 | [37.216.213.70](https://vuldb.com/?ip.37.216.213.70) | - | Hidden Cobra | High
|
||||
105 | [37.235.21.166](https://vuldb.com/?ip.37.235.21.166) | - | Volgmer | High
|
||||
106 | [37.238.135.70](https://vuldb.com/?ip.37.238.135.70) | - | - | High
|
||||
107 | [38.132.124.161](https://vuldb.com/?ip.38.132.124.161) | - | TraderTraitor | High
|
||||
108 | [41.57.108.68](https://vuldb.com/?ip.41.57.108.68) | - | Hidden Cobra | High
|
||||
109 | [41.67.136.38](https://vuldb.com/?ip.41.67.136.38) | netcomafrica.com | Hidden Cobra | High
|
||||
110 | [41.67.136.39](https://vuldb.com/?ip.41.67.136.39) | netcomafrica.com | Hidden Cobra | High
|
||||
111 | [41.72.99.5](https://vuldb.com/?ip.41.72.99.5) | - | Hidden Cobra | High
|
||||
112 | [41.72.101.138](https://vuldb.com/?ip.41.72.101.138) | - | Hidden Cobra | High
|
||||
113 | [41.74.166.253](https://vuldb.com/?ip.41.74.166.253) | - | Hidden Cobra | High
|
||||
114 | [41.92.208.194](https://vuldb.com/?ip.41.92.208.194) | - | Fallchill | High
|
||||
115 | [41.92.208.196](https://vuldb.com/?ip.41.92.208.196) | - | Fallchill | High
|
||||
116 | [41.92.208.197](https://vuldb.com/?ip.41.92.208.197) | - | Fallchill | High
|
||||
117 | [41.110.179.197](https://vuldb.com/?ip.41.110.179.197) | - | Hidden Cobra | High
|
||||
118 | [41.128.226.60](https://vuldb.com/?ip.41.128.226.60) | - | Hidden Cobra | High
|
||||
119 | [41.131.49.228](https://vuldb.com/?ip.41.131.49.228) | host-41-131-49-228.static.link.com.eg | Hidden Cobra | High
|
||||
120 | [41.131.164.156](https://vuldb.com/?ip.41.131.164.156) | - | Hidden Cobra | High
|
||||
121 | [41.134.208.234](https://vuldb.com/?ip.41.134.208.234) | 41-134-208-234.dsl.mweb.co.za | Hidden Cobra | High
|
||||
122 | [41.182.252.56](https://vuldb.com/?ip.41.182.252.56) | ADSL-41-182-252-56.ipb.na | Hidden Cobra | High
|
||||
123 | [41.205.139.34](https://vuldb.com/?ip.41.205.139.34) | ADSL-41-205-139-34.ipb.na | Hidden Cobra | High
|
||||
124 | [41.208.106.68](https://vuldb.com/?ip.41.208.106.68) | owa.altaqnya.com.ly | Hidden Cobra | High
|
||||
125 | [41.208.106.70](https://vuldb.com/?ip.41.208.106.70) | dc1.Mail.dsmhlc.ly | Hidden Cobra | High
|
||||
126 | [41.215.250.40](https://vuldb.com/?ip.41.215.250.40) | - | Hidden Cobra | High
|
||||
127 | [41.223.30.20](https://vuldb.com/?ip.41.223.30.20) | host30-20.creolink.com | Hidden Cobra | High
|
||||
128 | [41.224.254.90](https://vuldb.com/?ip.41.224.254.90) | - | Hidden Cobra | High
|
||||
129 | [43.249.216.6](https://vuldb.com/?ip.43.249.216.6) | - | Volgmer | High
|
||||
130 | [45.33.2.79](https://vuldb.com/?ip.45.33.2.79) | li956-79.members.linode.com | AppleJeus | High
|
||||
131 | [45.33.23.183](https://vuldb.com/?ip.45.33.23.183) | li977-183.members.linode.com | AppleJeus | High
|
||||
132 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | AppleJeus | High
|
||||
133 | [45.79.19.196](https://vuldb.com/?ip.45.79.19.196) | li1118-196.members.linode.com | AppleJeus | High
|
||||
134 | [45.118.34.215](https://vuldb.com/?ip.45.118.34.215) | - | Volgmer | High
|
||||
135 | [45.120.61.145](https://vuldb.com/?ip.45.120.61.145) | - | Hidden Cobra | High
|
||||
136 | [45.124.169.36](https://vuldb.com/?ip.45.124.169.36) | - | Volgmer | High
|
||||
137 | [45.199.63.220](https://vuldb.com/?ip.45.199.63.220) | - | AppleJeus | High
|
||||
138 | [46.16.62.238](https://vuldb.com/?ip.46.16.62.238) | fnadh-35.srv.cat | TraderTraitor | High
|
||||
139 | [46.19.101.186](https://vuldb.com/?ip.46.19.101.186) | ip-46-19-101-186.gnc.net | Hidden Cobra | High
|
||||
140 | [46.21.147.161](https://vuldb.com/?ip.46.21.147.161) | 46-21-147-161.static.hvvc.us | - | High
|
||||
141 | [46.52.131.102](https://vuldb.com/?ip.46.52.131.102) | - | Hidden Cobra | High
|
||||
142 | [46.121.242.180](https://vuldb.com/?ip.46.121.242.180) | 46-121-242-180.static.012.net.il | Hidden Cobra | High
|
||||
143 | [46.174.116.60](https://vuldb.com/?ip.46.174.116.60) | - | Hidden Cobra | High
|
||||
144 | [46.174.116.87](https://vuldb.com/?ip.46.174.116.87) | - | Hidden Cobra | High
|
||||
145 | [46.174.116.90](https://vuldb.com/?ip.46.174.116.90) | - | Hidden Cobra | High
|
||||
146 | [46.174.116.99](https://vuldb.com/?ip.46.174.116.99) | - | Hidden Cobra | High
|
||||
147 | [46.174.116.221](https://vuldb.com/?ip.46.174.116.221) | - | Hidden Cobra | High
|
||||
148 | [46.174.116.231](https://vuldb.com/?ip.46.174.116.231) | - | Hidden Cobra | High
|
||||
149 | [46.174.116.234](https://vuldb.com/?ip.46.174.116.234) | - | Hidden Cobra | High
|
||||
150 | [46.174.117.15](https://vuldb.com/?ip.46.174.117.15) | - | Hidden Cobra | High
|
||||
151 | [46.174.117.32](https://vuldb.com/?ip.46.174.117.32) | - | Hidden Cobra | High
|
||||
152 | [46.174.117.36](https://vuldb.com/?ip.46.174.117.36) | - | Hidden Cobra | High
|
||||
153 | [46.174.117.42](https://vuldb.com/?ip.46.174.117.42) | - | Hidden Cobra | High
|
||||
154 | [46.174.117.44](https://vuldb.com/?ip.46.174.117.44) | - | Hidden Cobra | High
|
||||
155 | [46.174.117.50](https://vuldb.com/?ip.46.174.117.50) | - | Hidden Cobra | High
|
||||
156 | [46.174.117.61](https://vuldb.com/?ip.46.174.117.61) | - | Hidden Cobra | High
|
||||
157 | [46.174.117.77](https://vuldb.com/?ip.46.174.117.77) | - | Hidden Cobra | High
|
||||
158 | [46.174.117.80](https://vuldb.com/?ip.46.174.117.80) | - | Hidden Cobra | High
|
||||
159 | [46.174.117.97](https://vuldb.com/?ip.46.174.117.97) | - | Hidden Cobra | High
|
||||
160 | [46.174.117.98](https://vuldb.com/?ip.46.174.117.98) | - | Hidden Cobra | High
|
||||
161 | [46.174.117.103](https://vuldb.com/?ip.46.174.117.103) | - | Hidden Cobra | High
|
||||
162 | [46.174.117.116](https://vuldb.com/?ip.46.174.117.116) | - | Hidden Cobra | High
|
||||
163 | [46.174.117.121](https://vuldb.com/?ip.46.174.117.121) | - | Hidden Cobra | High
|
||||
164 | [46.174.117.129](https://vuldb.com/?ip.46.174.117.129) | - | Hidden Cobra | High
|
||||
165 | [46.174.117.134](https://vuldb.com/?ip.46.174.117.134) | - | Hidden Cobra | High
|
||||
166 | [46.174.117.153](https://vuldb.com/?ip.46.174.117.153) | - | Hidden Cobra | High
|
||||
167 | [46.174.117.164](https://vuldb.com/?ip.46.174.117.164) | - | Hidden Cobra | High
|
||||
168 | [46.218.127.110](https://vuldb.com/?ip.46.218.127.110) | reverse.completel.fr | Hidden Cobra | High
|
||||
169 | [47.206.4.145](https://vuldb.com/?ip.47.206.4.145) | static-47-206-4-145.srst.fl.frontiernet.net | Hoplight | High
|
||||
170 | [49.206.1.61](https://vuldb.com/?ip.49.206.1.61) | 49.206.1.61.actcorp.in | Hidden Cobra | High
|
||||
171 | [49.247.9.177](https://vuldb.com/?ip.49.247.9.177) | - | - | High
|
||||
172 | [50.62.168.157](https://vuldb.com/?ip.50.62.168.157) | p3nwvpweb145.shr.prod.phx3.secureserver.net | Fallchill | High
|
||||
173 | [50.87.144.227](https://vuldb.com/?ip.50.87.144.227) | somethingaboutmarketing.com | - | High
|
||||
174 | [51.235.1.216](https://vuldb.com/?ip.51.235.1.216) | - | Hidden Cobra | High
|
||||
175 | [51.235.13.162](https://vuldb.com/?ip.51.235.13.162) | - | Hidden Cobra | High
|
||||
176 | [51.235.17.133](https://vuldb.com/?ip.51.235.17.133) | - | Hidden Cobra | High
|
||||
177 | [51.235.19.202](https://vuldb.com/?ip.51.235.19.202) | - | Hidden Cobra | High
|
||||
178 | [51.235.33.226](https://vuldb.com/?ip.51.235.33.226) | - | Hidden Cobra | High
|
||||
179 | [51.235.49.202](https://vuldb.com/?ip.51.235.49.202) | - | Hidden Cobra | High
|
||||
180 | [52.79.118.195](https://vuldb.com/?ip.52.79.118.195) | ec2-52-79-118-195.ap-northeast-2.compute.amazonaws.com | Chemical Sector | Medium
|
||||
181 | [54.64.30.175](https://vuldb.com/?ip.54.64.30.175) | vega.mh-tec.co.jp | - | High
|
||||
182 | [58.82.155.98](https://vuldb.com/?ip.58.82.155.98) | 98.155.82.58.static-corp.jastel.co.th | Volgmer | High
|
||||
183 | [58.185.197.210](https://vuldb.com/?ip.58.185.197.210) | - | Volgmer | High
|
||||
184 | [59.8.194.228](https://vuldb.com/?ip.59.8.194.228) | - | - | High
|
||||
185 | [59.90.93.97](https://vuldb.com/?ip.59.90.93.97) | static.bb.knl.59.90.93.97.bsnl.in | Typeframe | High
|
||||
186 | ... | ... | ... | ...
|
||||
|
||||
There are 733 more IOC items available. Please use our online service to access the data.
|
||||
There are 741 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -225,12 +228,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1222 | CWE-275 | Permission Issues | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -238,26 +241,36 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php?id=posts&action=display&value=1&postid=` | High
|
||||
2 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
|
||||
3 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
|
||||
4 | File | `/admin/inbox.php&action=delete` | High
|
||||
5 | File | `/admin/inbox.php&action=read` | High
|
||||
6 | File | `/admin/pagerole.php&action=display&value=1` | High
|
||||
7 | File | `/admin/pagerole.php&action=edit` | High
|
||||
8 | File | `/admin/posts.php` | High
|
||||
9 | File | `/admin/posts.php&action=delete` | High
|
||||
10 | File | `/admin/posts.php&action=edit` | High
|
||||
11 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
12 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
|
||||
13 | ... | ... | ...
|
||||
1 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
3 | File | `/acms/admin/cargo_types/view_cargo_type.php` | High
|
||||
4 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
5 | File | `/acms/classes/Master.php?f=delete_cargo_type` | High
|
||||
6 | File | `/acms/classes/Master.php?f=delete_img` | High
|
||||
7 | File | `/assets/partials/_handleLogin.php` | High
|
||||
8 | File | `/cgi-bin/login.cgi` | High
|
||||
9 | File | `/cms/admin/?page=client/view_client` | High
|
||||
10 | File | `/cms/admin/?page=invoice/manage_invoice` | High
|
||||
11 | File | `/cms/admin/?page=invoice/view_invoice` | High
|
||||
12 | File | `/cms/admin/?page=user/manage_user` | High
|
||||
13 | File | `/cms/admin/maintenance/manage_service.php` | High
|
||||
14 | File | `/cms/classes/Users.php?f=delete` | High
|
||||
15 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
16 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
17 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
18 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
19 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
20 | File | `/ctpms/classes/Master.php?f=delete_application` | High
|
||||
21 | ... | ... | ...
|
||||
|
||||
There are 105 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 171 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://asec.ahnlab.com/en/33801/
|
||||
* https://asec.ahnlab.com/en/34461/
|
||||
* https://github.com/blackorbird/APT_REPORT/tree/master/lazarus
|
||||
* https://github.com/hvs-consulting/ioc_signatures/blob/main/Lazarus_APT37/HvS_APT37_2020_Command_and_Control.csv
|
||||
* https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf
|
||||
|
@ -279,6 +292,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://www.threatminer.org/report.php?q=LAZARUS&WATERING-HOLEATTACKS-BAESystems.pdf&y=2017
|
||||
* https://www.trendmicro.com/en_us/research/18/k/lazarus-continues-heists-mounts-attacks-on-financial-organizations-in-latin-america.html
|
||||
* https://www.trendmicro.com/en_us/research/20/e/new-macos-dacls-rat-backdoor-show-lazarus-multi-platform-attack-capability.html
|
||||
* https://www.zscaler.com/blogs/security-research/naver-ending-game-lazarus-apt
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -105,35 +105,35 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.ssh/authorized_keys` | High
|
||||
2 | File | `/admin.php` | Medium
|
||||
3 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
4 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
5 | File | `/core/admin/categories.php` | High
|
||||
6 | File | `/etc/groups` | Medium
|
||||
7 | File | `/etc/hosts` | Medium
|
||||
8 | File | `/etc/sudoers` | Medium
|
||||
9 | File | `/filemanager/php/connector.php` | High
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/modules/profile/index.php` | High
|
||||
12 | File | `/MTFWU` | Low
|
||||
13 | File | `/new` | Low
|
||||
14 | File | `/proc/<pid>/status` | High
|
||||
15 | File | `/public/plugins/` | High
|
||||
16 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
17 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
18 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
3 | File | `/cgi-bin/luci/api/auth` | High
|
||||
4 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
5 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
6 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
7 | File | `/core/admin/categories.php` | High
|
||||
8 | File | `/etc/groups` | Medium
|
||||
9 | File | `/etc/hosts` | Medium
|
||||
10 | File | `/filemanager/php/connector.php` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/mgmt/tm/util/bash` | High
|
||||
13 | File | `/MTFWU` | Low
|
||||
14 | File | `/php/passport/index.php` | High
|
||||
15 | File | `/proc/<pid>/status` | High
|
||||
16 | File | `/public/plugins/` | High
|
||||
17 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
18 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
19 | File | `/tmp` | Low
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/updown/upload.cgi` | High
|
||||
22 | File | `/usr/bin/pkexec` | High
|
||||
23 | File | `4.2.0.CP09` | Medium
|
||||
24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
25 | File | `AccountManagerService.java` | High
|
||||
26 | File | `actions/CompanyDetailsSave.php` | High
|
||||
27 | File | `ActivityManagerService.java` | High
|
||||
28 | File | `admin.php` | Medium
|
||||
23 | File | `/wp-admin/admin-ajax.php` | High
|
||||
24 | File | `4.2.0.CP09` | Medium
|
||||
25 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
26 | File | `AccountManagerService.java` | High
|
||||
27 | File | `actions/CompanyDetailsSave.php` | High
|
||||
28 | File | `ActivityManagerService.java` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 249 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -54,7 +54,7 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `color.php` | Medium
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 39 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 40 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -45,7 +45,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -64,45 +64,43 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/checkLogin.cgi` | High
|
||||
10 | File | `/cms/print.php` | High
|
||||
11 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
12 | File | `/data/remove` | Medium
|
||||
13 | File | `/etc/passwd` | Medium
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/login` | Low
|
||||
16 | File | `/navigate/navigate_download.php` | High
|
||||
17 | File | `/out.php` | Medium
|
||||
18 | File | `/owa/auth/logon.aspx` | High
|
||||
19 | File | `/p` | Low
|
||||
20 | File | `/password.html` | High
|
||||
21 | File | `/proc/ioports` | High
|
||||
22 | File | `/property-list/property_view.php` | High
|
||||
23 | File | `/ptms/classes/Users.php` | High
|
||||
24 | File | `/rest` | Low
|
||||
25 | File | `/rest/api/2/search` | High
|
||||
26 | File | `/s/` | Low
|
||||
27 | File | `/scripts/cpan_config` | High
|
||||
28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
29 | File | `/services/system/setup.json` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/webconsole/APIController` | High
|
||||
32 | File | `/websocket/exec` | High
|
||||
33 | File | `/wp-admin/admin-ajax.php` | High
|
||||
34 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
35 | File | `/wp-json` | Medium
|
||||
36 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
37 | File | `/_next` | Low
|
||||
38 | File | `4.edu.php\conn\function.php` | High
|
||||
39 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `addentry.php` | Medium
|
||||
42 | File | `add_comment.php` | High
|
||||
43 | File | `admin/category.inc.php` | High
|
||||
44 | File | `admin/conf_users_edit.php` | High
|
||||
45 | File | `admin/dl_sendmail.php` | High
|
||||
46 | File | `admin/index.php` | High
|
||||
47 | File | `admin/password_forgotten.php` | High
|
||||
48 | ... | ... | ...
|
||||
12 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
13 | File | `/data/remove` | Medium
|
||||
14 | File | `/etc/passwd` | Medium
|
||||
15 | File | `/goforms/rlminfo` | High
|
||||
16 | File | `/login` | Low
|
||||
17 | File | `/navigate/navigate_download.php` | High
|
||||
18 | File | `/out.php` | Medium
|
||||
19 | File | `/owa/auth/logon.aspx` | High
|
||||
20 | File | `/p` | Low
|
||||
21 | File | `/password.html` | High
|
||||
22 | File | `/proc/ioports` | High
|
||||
23 | File | `/property-list/property_view.php` | High
|
||||
24 | File | `/ptms/classes/Users.php` | High
|
||||
25 | File | `/rest` | Low
|
||||
26 | File | `/rest/api/2/search` | High
|
||||
27 | File | `/s/` | Low
|
||||
28 | File | `/scripts/cpan_config` | High
|
||||
29 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
30 | File | `/services/system/setup.json` | High
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/vloggers_merch/?p=view_product` | High
|
||||
33 | File | `/webconsole/APIController` | High
|
||||
34 | File | `/websocket/exec` | High
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
37 | File | `/wp-json` | Medium
|
||||
38 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
39 | File | `/_next` | Low
|
||||
40 | File | `4.edu.php\conn\function.php` | High
|
||||
41 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
42 | File | `adclick.php` | Medium
|
||||
43 | File | `addentry.php` | Medium
|
||||
44 | File | `admin/category.inc.php` | High
|
||||
45 | File | `admin/conf_users_edit.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 417 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 399 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Magecart:
|
||||
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
@ -24,13 +24,14 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [5.135.247.141](https://vuldb.com/?ip.5.135.247.141) | ip141.ip-5-135-247.eu | - | High
|
||||
2 | [5.135.247.142](https://vuldb.com/?ip.5.135.247.142) | ip142.ip-5-135-247.eu | - | High
|
||||
3 | [5.188.44.32](https://vuldb.com/?ip.5.188.44.32) | - | - | High
|
||||
4 | [35.246.189.253](https://vuldb.com/?ip.35.246.189.253) | 253.189.246.35.bc.googleusercontent.com | - | Medium
|
||||
5 | [37.59.47.208](https://vuldb.com/?ip.37.59.47.208) | ns3000975.ip-37-59-47.eu | - | High
|
||||
6 | [47.254.175.211](https://vuldb.com/?ip.47.254.175.211) | - | - | High
|
||||
7 | [51.83.209.11](https://vuldb.com/?ip.51.83.209.11) | ip11.ip-51-83-209.eu | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
4 | [8.209.70.103](https://vuldb.com/?ip.8.209.70.103) | - | - | High
|
||||
5 | [8.211.0.55](https://vuldb.com/?ip.8.211.0.55) | - | - | High
|
||||
6 | [8.211.5.139](https://vuldb.com/?ip.8.211.5.139) | - | - | High
|
||||
7 | [35.246.189.253](https://vuldb.com/?ip.35.246.189.253) | 253.189.246.35.bc.googleusercontent.com | - | Medium
|
||||
8 | [37.59.47.208](https://vuldb.com/?ip.37.59.47.208) | ns3000975.ip-37-59-47.eu | - | High
|
||||
9 | ... | ... | ... | ...
|
||||
|
||||
There are 27 more IOC items available. Please use our online service to access the data.
|
||||
There are 33 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -39,11 +40,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -51,42 +52,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin-panel1.php` | High
|
||||
2 | File | `/admin/delete_image.php` | High
|
||||
3 | File | `/admin/login.php` | High
|
||||
4 | File | `/admin/users.php?source=edit_user&id=1` | High
|
||||
5 | File | `/admin/weixin.php` | High
|
||||
6 | File | `/administrator/components/table_manager/` | High
|
||||
7 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
8 | File | `/aqpg/users/login.php` | High
|
||||
1 | File | `/acms/admin/?page=transactions/manage_transaction` | High
|
||||
2 | File | `/admin-panel1.php` | High
|
||||
3 | File | `/admin/users.php?source=edit_user&id=1` | High
|
||||
4 | File | `/admin/weixin.php` | High
|
||||
5 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
6 | File | `/aqpg/users/login.php` | High
|
||||
7 | File | `/assets/partials/_handleLogin.php` | High
|
||||
8 | File | `/cgi-bin/editBookmark` | High
|
||||
9 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/data-service/users/` | High
|
||||
10 | File | `/cms/classes/Master.php?f=delete_designation` | High
|
||||
11 | File | `/ecrire` | Low
|
||||
12 | File | `/etc/config/rpcd` | High
|
||||
13 | File | `/Hospital-Management-System-master/func.php` | High
|
||||
14 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
|
||||
15 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
|
||||
16 | File | `/js/app.js` | Medium
|
||||
17 | File | `/ManageRoute/postRoute` | High
|
||||
18 | File | `/ms/cms/content/list.do` | High
|
||||
19 | File | `/one_church/churchprofile.php` | High
|
||||
20 | File | `/php/ajax.php` | High
|
||||
21 | File | `/public/plugins/` | High
|
||||
22 | File | `/public_html/apply_vacancy` | High
|
||||
23 | File | `/purchase_order/admin/?page=user` | High
|
||||
24 | File | `/rest-service-fecru/server-v1` | High
|
||||
25 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
26 | File | `/student-grading-system/rms.php?page=school_year` | High
|
||||
27 | File | `/tmp` | Low
|
||||
28 | File | `/tmp/swhkd.sock` | High
|
||||
29 | ... | ... | ...
|
||||
13 | File | `/etc/cron.daily/upstart` | High
|
||||
14 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
15 | File | `/goform/setpptpservercfg` | High
|
||||
16 | File | `/help/treecontent.jsp` | High
|
||||
17 | File | `/insurance/editNominee.php` | High
|
||||
18 | File | `/ManageRoute/postRoute` | High
|
||||
19 | File | `/mgmt/tm/util/bash` | High
|
||||
20 | File | `/one_church/churchprofile.php` | High
|
||||
21 | File | `/php/ajax.php` | High
|
||||
22 | File | `/php_action/editProductImage.php` | High
|
||||
23 | File | `/public_html/apply_vacancy` | High
|
||||
24 | File | `/purchase_order/admin/?page=user` | High
|
||||
25 | File | `/rest-service-fecru/server-v1` | High
|
||||
26 | File | `/scbs/admin/bookings/view_booking.php` | High
|
||||
27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
28 | File | `/student-grading-system/rms.php?page=school_year` | High
|
||||
29 | File | `/tmp/swhkd.sock` | High
|
||||
30 | File | `/var/log/nginx/html/ADMINPASS` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 249 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 262 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.bushidotoken.net/2020/08/analysis-of-recent-magecart-campaign.html
|
||||
* https://blog.bushidotoken.net/2020/12/analysis-of-meyhod-javascript-web.html
|
||||
* https://blog.bushidotoken.net/2021/04/mo-money-mo-magecart.html
|
||||
* https://blog.malwarebytes.com/threat-intelligence/2021/09/the-many-tentacles-of-magecart-group-8/
|
||||
* https://github.com/blackorbird/APT_REPORT/tree/master/Magecart
|
||||
|
||||
|
|
|
@ -0,0 +1,109 @@
|
|||
# Middle East Unknown - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Middle East Unknown](https://vuldb.com/?actor.middle_east_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.middle_east_unknown](https://vuldb.com/?actor.middle_east_unknown)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Middle East Unknown:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Middle East Unknown.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.34.180.252](https://vuldb.com/?ip.5.34.180.252) | storage-948074.hosted-by.itldc.com | - | High
|
||||
2 | [5.34.181.13](https://vuldb.com/?ip.5.34.181.13) | backups231.com | - | High
|
||||
3 | [31.192.105.16](https://vuldb.com/?ip.31.192.105.16) | down-it-niscat.donotbargain.com | - | High
|
||||
4 | [31.192.105.17](https://vuldb.com/?ip.31.192.105.17) | - | - | High
|
||||
5 | [31.192.105.28](https://vuldb.com/?ip.31.192.105.28) | - | - | High
|
||||
6 | [38.130.75.20](https://vuldb.com/?ip.38.130.75.20) | h20-us75.fcsrv.net | - | High
|
||||
7 | [51.254.76.54](https://vuldb.com/?ip.51.254.76.54) | - | - | High
|
||||
8 | [62.109.2.52](https://vuldb.com/?ip.62.109.2.52) | ns.leangroup.ru | - | High
|
||||
9 | [66.55.152.164](https://vuldb.com/?ip.66.55.152.164) | 66-55-152-164.choopa.net | - | High
|
||||
10 | [68.232.180.122](https://vuldb.com/?ip.68.232.180.122) | 68-232-180-122.choopa.net | - | High
|
||||
11 | [80.179.42.37](https://vuldb.com/?ip.80.179.42.37) | 80.179.42.37.forward.012.net.il | - | High
|
||||
12 | [80.179.42.44](https://vuldb.com/?ip.80.179.42.44) | lnkrten-dazling.linegrace.com | - | High
|
||||
13 | [86.105.18.5](https://vuldb.com/?ip.86.105.18.5) | - | - | High
|
||||
14 | [93.190.138.137](https://vuldb.com/?ip.93.190.138.137) | 93-190-138-137.hosted-by-worldstream.net | - | High
|
||||
15 | [104.200.128.48](https://vuldb.com/?ip.104.200.128.48) | - | - | High
|
||||
16 | [104.200.128.58](https://vuldb.com/?ip.104.200.128.58) | - | - | High
|
||||
17 | ... | ... | ... | ...
|
||||
|
||||
There are 64 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Middle East Unknown_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Middle East Unknown. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/admin.php?module=admin_group_edit&agID` | High
|
||||
2 | File | `/admin/configure.php` | High
|
||||
3 | File | `/admin/edit.php` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/admin/modules/system/custom_field.php` | High
|
||||
6 | File | `/admin/new-content` | High
|
||||
7 | File | `/admin/weixin.php` | High
|
||||
8 | File | `/alerts/alertLightbox.php` | High
|
||||
9 | File | `/api /v3/auth` | High
|
||||
10 | File | `/apilog.php` | Medium
|
||||
11 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
12 | File | `/box_code_base.c` | High
|
||||
13 | File | `/cloud_config/router_post/upgrade_info` | High
|
||||
14 | File | `/goform/login_process` | High
|
||||
15 | File | `/goform/SetInternetLanInfo` | High
|
||||
16 | File | `/goform/setPicListItem` | High
|
||||
17 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
|
||||
18 | File | `/mngset/authset` | High
|
||||
19 | File | `/ok_png.c` | Medium
|
||||
20 | File | `/one_church/userregister.php` | High
|
||||
21 | File | `/php/ajax.php` | High
|
||||
22 | File | `/reps/classes/Master.php?f=delete_estate` | High
|
||||
23 | File | `/sql/sql_string.h` | High
|
||||
24 | File | `/tmp/swhkd.sock` | High
|
||||
25 | File | `/tos/index.php?app/hand_app` | High
|
||||
26 | File | `AdbService.java` | High
|
||||
27 | File | `admin.php` | Medium
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 233 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2020/01/mideast-tensions-preparations.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Miner:
|
||||
|
||||
* [SC](https://vuldb.com/?country.sc)
|
||||
* [LI](https://vuldb.com/?country.li)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [LI](https://vuldb.com/?country.li)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,9 +21,15 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [91.211.89.29](https://vuldb.com/?ip.91.211.89.29) | - | - | High
|
||||
2 | [185.10.68.123](https://vuldb.com/?ip.185.10.68.123) | 123.68.10.185.ro.ovo.sc | - | High
|
||||
3 | [185.10.68.220](https://vuldb.com/?ip.185.10.68.220) | 220.68.10.185.ro.ovo.sc | - | High
|
||||
1 | [5.9.116.27](https://vuldb.com/?ip.5.9.116.27) | static.27.116.9.5.clients.your-server.de | - | High
|
||||
2 | [5.9.175.19](https://vuldb.com/?ip.5.9.175.19) | static.19.175.9.5.clients.your-server.de | - | High
|
||||
3 | [5.9.176.3](https://vuldb.com/?ip.5.9.176.3) | static.3.176.9.5.clients.your-server.de | - | High
|
||||
4 | [5.9.198.83](https://vuldb.com/?ip.5.9.198.83) | static.83.198.9.5.clients.your-server.de | - | High
|
||||
5 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
6 | [23.6.70.227](https://vuldb.com/?ip.23.6.70.227) | a23-6-70-227.deploy.static.akamaitechnologies.com | - | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -46,18 +52,21 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/sysmon.php` | High
|
||||
2 | File | `/api/content/posts/comments` | High
|
||||
3 | File | `/Home/GetAttachment` | High
|
||||
4 | File | `/members/view_member.php` | High
|
||||
5 | File | `/modules/projects/vw_files.php` | High
|
||||
6 | File | `admin/limits.php` | High
|
||||
7 | ... | ... | ...
|
||||
3 | File | `/example/editor` | High
|
||||
4 | File | `/Home/GetAttachment` | High
|
||||
5 | File | `/members/view_member.php` | High
|
||||
6 | File | `/modules/projects/vw_files.php` | High
|
||||
7 | File | `/var/log/demisto/` | High
|
||||
8 | File | `admin/limits.php` | High
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 51 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 62 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/08/threat-roundup-0726-0802.html
|
||||
* https://blog.talosintelligence.com/2022/03/threat-roundup-0304-0311.html
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -17,11 +17,11 @@ The following _campaigns_ are known and can be associated with Mirai:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mirai:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -30,15 +30,17 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.56.56.78](https://vuldb.com/?ip.2.56.56.78) | - | - | High
|
||||
2 | [5.182.211.5](https://vuldb.com/?ip.5.182.211.5) | - | - | High
|
||||
3 | [34.80.131.135](https://vuldb.com/?ip.34.80.131.135) | 135.131.80.34.bc.googleusercontent.com | - | Medium
|
||||
4 | [45.61.136.130](https://vuldb.com/?ip.45.61.136.130) | - | DDoS Ukraine | High
|
||||
5 | [45.61.186.13](https://vuldb.com/?ip.45.61.186.13) | - | DDoS Ukraine | High
|
||||
6 | [45.88.181.46](https://vuldb.com/?ip.45.88.181.46) | pelko.incifios.org.uk | - | High
|
||||
7 | [45.134.225.20](https://vuldb.com/?ip.45.134.225.20) | - | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
2 | [5.2.69.50](https://vuldb.com/?ip.5.2.69.50) | - | - | High
|
||||
3 | [5.182.211.5](https://vuldb.com/?ip.5.182.211.5) | - | - | High
|
||||
4 | [23.128.248.12](https://vuldb.com/?ip.23.128.248.12) | tor-exit03.stormycloud.org | - | High
|
||||
5 | [23.128.248.24](https://vuldb.com/?ip.23.128.248.24) | tor-exit15.stormycloud.org | - | High
|
||||
6 | [34.80.131.135](https://vuldb.com/?ip.34.80.131.135) | 135.131.80.34.bc.googleusercontent.com | - | Medium
|
||||
7 | [37.187.18.212](https://vuldb.com/?ip.37.187.18.212) | ns3110317.ip-37-187-18.eu | - | High
|
||||
8 | [45.61.136.130](https://vuldb.com/?ip.45.61.136.130) | - | DDoS Ukraine | High
|
||||
9 | [45.61.186.13](https://vuldb.com/?ip.45.61.186.13) | - | DDoS Ukraine | High
|
||||
10 | ... | ... | ... | ...
|
||||
|
||||
There are 27 more IOC items available. Please use our online service to access the data.
|
||||
There are 35 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -47,11 +49,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -59,30 +61,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/etc/skel` | Medium
|
||||
2 | File | `/formSetPortTr` | High
|
||||
3 | File | `/forum/away.php` | High
|
||||
4 | File | `/guest/s/default/` | High
|
||||
5 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
6 | File | `/public/plugins/` | High
|
||||
7 | File | `/question/ask` | High
|
||||
8 | File | `/rest/api/2/search` | High
|
||||
9 | File | `/rom-0` | Low
|
||||
10 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
11 | File | `/tmp` | Low
|
||||
12 | File | `/uncpath/` | Medium
|
||||
13 | File | `/usr/sbin/httpd` | High
|
||||
14 | File | `adclick.php` | Medium
|
||||
15 | File | `admin.php` | Medium
|
||||
16 | File | `admin/scripts/FileUploader/php.php` | High
|
||||
17 | ... | ... | ...
|
||||
1 | File | `/adm/setmain.php` | High
|
||||
2 | File | `/admin.php/Plugins/update.html` | High
|
||||
3 | File | `/admin/new-content` | High
|
||||
4 | File | `/api/students/me/courses/` | High
|
||||
5 | File | `/Applications/Utilities/Terminal` | High
|
||||
6 | File | `/classes/master.php?f=delete_facility` | High
|
||||
7 | File | `/College_Management_System/admin/display-teacher.php` | High
|
||||
8 | File | `/common/info.cgi` | High
|
||||
9 | File | `/coreframe/app/member/admin/group.php` | High
|
||||
10 | File | `/ctpms/admin/?page=applications/view_application` | High
|
||||
11 | File | `/ctpms/admin/?page=individuals/view_individual` | High
|
||||
12 | File | `/ctpms/admin/applications/update_status.php` | High
|
||||
13 | File | `/ctpms/admin/individuals/update_status.php` | High
|
||||
14 | File | `/ctpms/classes/Master.php?f=delete_application` | High
|
||||
15 | File | `/default.php?idx=17` | High
|
||||
16 | File | `/ecrire` | Low
|
||||
17 | File | `/eris/index.php?q=result&searchfor=advancesearch` | High
|
||||
18 | File | `/exports/export.php` | High
|
||||
19 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
20 | File | `/goform/setDeviceSettings` | High
|
||||
21 | File | `/goform/setMacFilterCfg` | High
|
||||
22 | File | `/html/Solar_Ftp.php` | High
|
||||
23 | File | `/include/chart_generator.php` | High
|
||||
24 | File | `/includes/login.php` | High
|
||||
25 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
26 | File | `/insurance/editPayment.php` | High
|
||||
27 | File | `/mgmt/tm/util/bash` | High
|
||||
28 | File | `/page.php` | Medium
|
||||
29 | File | `/public/admin/index.php?add_product` | High
|
||||
30 | File | `/scbs/classes/Users.php?f=save_client` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 136 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 262 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.cyble.com/2022/04/12/springshell-remote-code-execution-vulnerability/
|
||||
* https://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickly-on-port-23-and-2323-en/
|
||||
* https://blog.netlab.360.com/emptiness-a-new-evolving-botnet/
|
||||
* https://blog.netlab.360.com/gpon-exploit-in-the-wild-iii-mettle-hajime-mirai-omni-imgay/
|
||||
|
|
|
@ -0,0 +1,84 @@
|
|||
# MirrorBlast - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MirrorBlast](https://vuldb.com/?actor.mirrorblast). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.mirrorblast](https://vuldb.com/?actor.mirrorblast)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MirrorBlast:
|
||||
|
||||
* [SC](https://vuldb.com/?country.sc)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of MirrorBlast.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.189.222.161](https://vuldb.com/?ip.5.189.222.161) | rfd285-5.com | - | High
|
||||
2 | [23.19.58.52](https://vuldb.com/?ip.23.19.58.52) | - | - | High
|
||||
3 | [45.79.239.23](https://vuldb.com/?ip.45.79.239.23) | sv3front-dev.goya.co | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _MirrorBlast_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by MirrorBlast. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/sysmon.php` | High
|
||||
2 | File | `/api/content/posts/comments` | High
|
||||
3 | File | `/cgi-bin/koha/acqui/supplier.pl?op=enter` | High
|
||||
4 | File | `/Home/GetAttachment` | High
|
||||
5 | File | `/html/device-id` | High
|
||||
6 | File | `/html/devstat.html` | High
|
||||
7 | File | `/html/repository` | High
|
||||
8 | File | `/modules/projects/vw_files.php` | High
|
||||
9 | File | `/nova/bin/console` | High
|
||||
10 | File | `/rapi/read_url` | High
|
||||
11 | File | `/services/config/config.xml` | High
|
||||
12 | File | `/services/system/setup.json` | High
|
||||
13 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
14 | File | `/uncpath/` | Medium
|
||||
15 | File | `/WEB-INF/web.xml` | High
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 129 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.morphisec.com/explosive-new-mirrorblast-campaign-targets-financial-companies
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -40,7 +40,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -54,7 +54,8 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/start-stop` | Medium
|
||||
5 | File | `/usr/etc/rexecd` | High
|
||||
6 | File | `/WEB-INF/web.xml` | High
|
||||
7 | ... | ... | ...
|
||||
7 | File | `ActivityPicker.java` | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 52 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -10,6 +10,12 @@ The following _campaigns_ are known and can be associated with Moses Staff:
|
|||
|
||||
* DriveGuard
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Moses Staff:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Moses Staff.
|
||||
|
@ -20,6 +26,14 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
2 | [95.169.196.52](https://vuldb.com/?ip.95.169.196.52) | - | - | High
|
||||
3 | [185.206.180.138](https://vuldb.com/?ip.185.206.180.138) | 25.http-proxy2.cloudns.net | - | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Moses Staff. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/jpg/image.jpg` | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
|
|
@ -19,12 +19,12 @@ There are 1 more campaign items available. Please use our online service to acce
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MuddyWater:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -57,7 +57,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -72,32 +72,29 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//` | Low
|
||||
2 | File | `/admin/config` | High
|
||||
3 | File | `/admin/configure.php` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/admin/maintenance_actions.php` | High
|
||||
6 | File | `/appliance/users?action=edit` | High
|
||||
7 | File | `/configs/application.ini` | High
|
||||
8 | File | `/css/..%2f` | Medium
|
||||
9 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
10 | File | `/etc/wpa_supplicant.conf` | High
|
||||
11 | File | `/GetCopiedFile` | High
|
||||
4 | File | `/admin/edit.php` | High
|
||||
5 | File | `/admin/login.php` | High
|
||||
6 | File | `/admin/maintenance_actions.php` | High
|
||||
7 | File | `/appliance/users?action=edit` | High
|
||||
8 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
9 | File | `/configs/application.ini` | High
|
||||
10 | File | `/css/..%2f` | Medium
|
||||
11 | File | `/etc/wpa_supplicant.conf` | High
|
||||
12 | File | `/hdf5/src/H5T.c` | High
|
||||
13 | File | `/include/chart_generator.php` | High
|
||||
14 | File | `/jerry-core/parser/js/js-scanner-util.c` | High
|
||||
15 | File | `/music/ajax.php` | High
|
||||
16 | File | `/one_church/churchprofile.php` | High
|
||||
17 | File | `/opensis/functions/GetStuListFnc.php` | High
|
||||
18 | File | `/post/editing` | High
|
||||
19 | File | `/product.php` | Medium
|
||||
20 | File | `/product_list.php` | High
|
||||
21 | File | `/ptms/classes/Users.php` | High
|
||||
22 | File | `/rsms/` | Low
|
||||
23 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
24 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
25 | File | `/tools/run-dev-server` | High
|
||||
26 | File | `/userRpm/PingIframeRpm.htm` | High
|
||||
27 | ... | ... | ...
|
||||
13 | File | `/jerry-core/parser/js/js-scanner-util.c` | High
|
||||
14 | File | `/music/ajax.php` | High
|
||||
15 | File | `/one_church/churchprofile.php` | High
|
||||
16 | File | `/product.php` | Medium
|
||||
17 | File | `/product_list.php` | High
|
||||
18 | File | `/ptms/classes/Users.php` | High
|
||||
19 | File | `/row/row0mysql.cc` | High
|
||||
20 | File | `/rsms/` | Low
|
||||
21 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
22 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
23 | File | `/sql/sql_string.h` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 226 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 203 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -80,17 +80,17 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/proc/pid/syscall` | High
|
||||
13 | File | `/rom-0` | Low
|
||||
14 | File | `/servlet.gupld` | High
|
||||
15 | File | `/status` | Low
|
||||
16 | File | `/tools/developerConsoleOperations.jsp` | High
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `/usr/bin/pkexec` | High
|
||||
19 | File | `/WEB-INF/web.xml` | High
|
||||
20 | File | `ActivityManagerService.java` | High
|
||||
21 | File | `adclick.php` | Medium
|
||||
22 | File | `adm1n/admin_config.php` | High
|
||||
15 | File | `/sql/sql_type.cc` | High
|
||||
16 | File | `/status` | Low
|
||||
17 | File | `/tools/developerConsoleOperations.jsp` | High
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/usr/bin/pkexec` | High
|
||||
20 | File | `/WEB-INF/web.xml` | High
|
||||
21 | File | `ActivityManagerService.java` | High
|
||||
22 | File | `adclick.php` | Medium
|
||||
23 | ... | ... | ...
|
||||
|
||||
There are 193 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 195 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,8 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
The following _campaigns_ are known and can be associated with Mustang Panda:
|
||||
|
||||
* Diànxùn
|
||||
* Europe
|
||||
* Hodur
|
||||
* PlugX
|
||||
* ...
|
||||
|
||||
There are 1 more campaign items available. Please use our online service to access the data.
|
||||
|
||||
## Countries
|
||||
|
||||
|
@ -21,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -29,18 +32,23 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [42.99.117.95](https://vuldb.com/?ip.42.99.117.95) | - | - | High
|
||||
2 | [43.254.217.67](https://vuldb.com/?ip.43.254.217.67) | - | - | High
|
||||
3 | [43.254.218.42](https://vuldb.com/?ip.43.254.218.42) | - | Hodur | High
|
||||
4 | [45.32.50.150](https://vuldb.com/?ip.45.32.50.150) | 45.32.50.150.vultr.com | - | Medium
|
||||
5 | [45.77.184.12](https://vuldb.com/?ip.45.77.184.12) | comm.phiu.pw | - | High
|
||||
6 | [45.131.179.179](https://vuldb.com/?ip.45.131.179.179) | - | Hodur | High
|
||||
7 | [45.134.83.41](https://vuldb.com/?ip.45.134.83.41) | - | PlugX | High
|
||||
8 | [45.154.14.235](https://vuldb.com/?ip.45.154.14.235) | - | Hodur | High
|
||||
9 | [45.248.87.14](https://vuldb.com/?ip.45.248.87.14) | - | - | High
|
||||
10 | ... | ... | ... | ...
|
||||
1 | [5.206.224.167](https://vuldb.com/?ip.5.206.224.167) | hardsysi | Europe | High
|
||||
2 | [18.138.107.235](https://vuldb.com/?ip.18.138.107.235) | ec2-18-138-107-235.ap-southeast-1.compute.amazonaws.com | Europe | Medium
|
||||
3 | [42.99.117.95](https://vuldb.com/?ip.42.99.117.95) | - | - | High
|
||||
4 | [43.254.217.67](https://vuldb.com/?ip.43.254.217.67) | - | - | High
|
||||
5 | [43.254.218.42](https://vuldb.com/?ip.43.254.218.42) | - | Hodur | High
|
||||
6 | [45.32.50.150](https://vuldb.com/?ip.45.32.50.150) | 45.32.50.150.vultr.com | - | Medium
|
||||
7 | [45.43.50.197](https://vuldb.com/?ip.45.43.50.197) | - | Europe | High
|
||||
8 | [45.77.184.12](https://vuldb.com/?ip.45.77.184.12) | comm.phiu.pw | - | High
|
||||
9 | [45.131.179.179](https://vuldb.com/?ip.45.131.179.179) | - | Hodur | High
|
||||
10 | [45.134.83.41](https://vuldb.com/?ip.45.134.83.41) | - | PlugX | High
|
||||
11 | [45.154.14.235](https://vuldb.com/?ip.45.154.14.235) | - | Hodur | High
|
||||
12 | [45.248.87.14](https://vuldb.com/?ip.45.248.87.14) | - | - | High
|
||||
13 | [45.248.87.162](https://vuldb.com/?ip.45.248.87.162) | - | Europe | High
|
||||
14 | [46.8.198.134](https://vuldb.com/?ip.46.8.198.134) | - | Europe | High
|
||||
15 | ... | ... | ... | ...
|
||||
|
||||
There are 34 more IOC items available. Please use our online service to access the data.
|
||||
There are 54 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -53,7 +61,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,32 +69,39 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/Config/service/initModel?` | High
|
||||
2 | File | `/home/<user>/SecurityOnion/setup/so-setup` | High
|
||||
3 | File | `/htmlcode/html/indexdefault.asp` | High
|
||||
4 | File | `/include/helpers/upload.helper.php` | High
|
||||
5 | File | `/interface/main/backup.php` | High
|
||||
6 | File | `/local/domain/$DOMID` | High
|
||||
7 | File | `/settings` | Medium
|
||||
8 | File | `/updater.php` | Medium
|
||||
9 | File | `/uploads/dede` | High
|
||||
10 | File | `/way4acs/enroll` | High
|
||||
11 | File | `/webtools/control/httpService` | High
|
||||
12 | File | `/_error` | Low
|
||||
13 | ... | ... | ...
|
||||
1 | File | `/cgi-bin/portal` | High
|
||||
2 | File | `/Config/service/initModel?` | High
|
||||
3 | File | `/export` | Low
|
||||
4 | File | `/goform/NTPSyncWithHost` | High
|
||||
5 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
6 | File | `/home/<user>/SecurityOnion/setup/so-setup` | High
|
||||
7 | File | `/htmlcode/html/indexdefault.asp` | High
|
||||
8 | File | `/include/helpers/upload.helper.php` | High
|
||||
9 | File | `/interface/main/backup.php` | High
|
||||
10 | File | `/local/domain/$DOMID` | High
|
||||
11 | File | `/MTFWU` | Low
|
||||
12 | File | `/rest/api/2/user/picker` | High
|
||||
13 | File | `/service/upload` | High
|
||||
14 | File | `/settings` | Medium
|
||||
15 | File | `/tmp` | Low
|
||||
16 | File | `/updater.php` | Medium
|
||||
17 | File | `/uploads/dede` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 98 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 144 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2022/05/mustang-panda-targets-europe.html
|
||||
* https://github.com/eset/malware-ioc/tree/master/quarterly_reports/2020_Q2
|
||||
* https://twitter.com/ESETresearch/status/1400165861973966854
|
||||
* https://twitter.com/xorhex/status/1406496693735067650
|
||||
* https://twitter.com/xorhex/status/1422815329684758537
|
||||
* https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations
|
||||
* https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-dianxun.pdf
|
||||
* https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx
|
||||
* https://www.welivesecurity.com/2022/03/23/mustang-panda-hodur-old-tricks-new-korplug-variant/
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [HU](https://vuldb.com/?country.hu)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
@ -98,7 +98,7 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `ajax/api/hook/decodeArguments` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 261 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 262 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -89,8 +89,7 @@ ID | Type | Indicator | Confidence
|
|||
39 | File | `admin/change-password.php` | High
|
||||
40 | File | `admin/index.php` | High
|
||||
41 | File | `admin/killsource` | High
|
||||
42 | File | `admin/scripts/FileUploader/php.php` | High
|
||||
43 | ... | ... | ...
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 367 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -78,9 +78,11 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
17 | File | `adclick.php` | Medium
|
||||
18 | File | `AddEvent.php` | Medium
|
||||
19 | ... | ... | ...
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | File | `admin/scripts/FileUploader/php.php` | High
|
||||
21 | ... | ... | ...
|
||||
|
||||
There are 157 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 170 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue