Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/FritzFrog/README.md

32 KiB
Raw Blame History

FritzFrog - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as FritzFrog. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.fritzfrog

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FritzFrog:

There are 11 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of FritzFrog.

ID IP address Hostname Campaign Confidence
1 1.6.80.1 - - High
2 1.12.223.203 - - High
3 1.12.243.168 - - High
4 1.14.95.58 - - High
5 1.14.166.163 - - High
6 1.14.226.88 - - High
7 1.14.253.207 - - High
8 1.116.55.237 - - High
9 1.116.206.188 - - High
10 1.117.3.72 - - High
11 1.117.16.119 - - High
12 1.117.58.108 - - High
13 1.117.160.142 - - High
14 1.117.229.94 - - High
15 1.165.115.76 1-165-115-76.dynamic-ip.hinet.net - High
16 1.165.118.93 1-165-118-93.dynamic-ip.hinet.net - High
17 1.165.143.43 1-165-143-43.dynamic-ip.hinet.net - High
18 1.165.211.196 1-165-211-196.dynamic-ip.hinet.net - High
19 1.192.94.61 - - High
20 1.220.98.197 - - High
21 2.58.113.123 tube-hosting.de - High
22 2.59.92.14 - - High
23 2.78.61.194 2-78-61-194.kcell.kz - High
24 2.80.12.140 bl19-12-140.dsl.telepac.pt - High
25 2.227.254.144 - - High
26 3.0.206.162 ec2-3-0-206-162.ap-southeast-1.compute.amazonaws.com - Medium
27 3.6.71.245 ec2-3-6-71-245.ap-south-1.compute.amazonaws.com - Medium
28 3.9.188.69 ec2-3-9-188-69.eu-west-2.compute.amazonaws.com - Medium
29 3.14.13.27 ec2-3-14-13-27.us-east-2.compute.amazonaws.com - Medium
30 3.14.153.3 ec2-3-14-153-3.us-east-2.compute.amazonaws.com - Medium
31 3.17.11.48 ec2-3-17-11-48.us-east-2.compute.amazonaws.com - Medium
32 3.17.152.26 ec2-3-17-152-26.us-east-2.compute.amazonaws.com - Medium
33 3.17.188.16 ec2-3-17-188-16.us-east-2.compute.amazonaws.com - Medium
34 3.35.185.49 ec2-3-35-185-49.ap-northeast-2.compute.amazonaws.com - Medium
35 3.38.209.200 ec2-3-38-209-200.ap-northeast-2.compute.amazonaws.com - Medium
36 3.70.67.35 ec2-3-70-67-35.eu-central-1.compute.amazonaws.com - Medium
37 3.82.227.46 ec2-3-82-227-46.compute-1.amazonaws.com - Medium
38 3.86.230.210 ec2-3-86-230-210.compute-1.amazonaws.com - Medium
39 3.88.203.1 ec2-3-88-203-1.compute-1.amazonaws.com - Medium
40 3.91.21.110 ec2-3-91-21-110.compute-1.amazonaws.com - Medium
41 3.112.16.145 ec2-3-112-16-145.ap-northeast-1.compute.amazonaws.com - Medium
42 3.112.27.236 ec2-3-112-27-236.ap-northeast-1.compute.amazonaws.com - Medium
43 3.112.52.252 ec2-3-112-52-252.ap-northeast-1.compute.amazonaws.com - Medium
44 3.113.28.245 ec2-3-113-28-245.ap-northeast-1.compute.amazonaws.com - Medium
45 3.115.18.133 ec2-3-115-18-133.ap-northeast-1.compute.amazonaws.com - Medium
46 3.122.60.196 ec2-3-122-60-196.eu-central-1.compute.amazonaws.com - Medium
47 3.127.114.41 ec2-3-127-114-41.eu-central-1.compute.amazonaws.com - Medium
48 3.127.255.82 ec2-3-127-255-82.eu-central-1.compute.amazonaws.com - Medium
49 3.133.59.250 ec2-3-133-59-250.us-east-2.compute.amazonaws.com - Medium
50 3.138.162.152 ec2-3-138-162-152.us-east-2.compute.amazonaws.com - Medium
51 3.219.216.198 ec2-3-219-216-198.compute-1.amazonaws.com - Medium
52 3.236.39.46 ec2-3-236-39-46.compute-1.amazonaws.com - Medium
53 3.236.44.195 ec2-3-236-44-195.compute-1.amazonaws.com - Medium
54 5.25.247.205 - - High
55 5.26.221.186 - - High
56 5.26.250.165 - - High
57 5.26.251.165 - - High
58 5.26.254.49 - - High
59 5.26.254.72 - - High
60 5.26.254.73 - - High
61 5.28.139.161 - - High
62 5.34.181.108 unallocated.layer6.net - High
63 5.34.181.109 unallocated.layer6.net - High
64 5.35.10.81 - - High
65 5.39.113.106 ip106.ip-5-39-113.eu - High
66 5.42.158.38 - - High
67 5.42.158.71 - - High
68 5.61.57.196 - - High
69 5.182.17.252 vmi726193.contaboserver.net - High
70 5.231.205.137 certo-237-205-231-5.efeitocerto.com.br - High
71 5.253.86.211 - - High
72 8.17.89.11 8-17-89-11.paxio.net - High
73 8.208.89.230 - - High
74 8.215.31.94 - - High
75 8.218.100.52 - - High
76 12.36.229.193 - - High
77 12.160.25.98 - - High
78 12.173.254.230 - - High
79 12.176.121.170 - - High
80 12.222.12.26 - - High
81 12.234.91.165 - - High
82 13.37.158.253 ec2-13-37-158-253.eu-west-3.compute.amazonaws.com - Medium
83 13.52.74.242 ec2-13-52-74-242.us-west-1.compute.amazonaws.com - Medium
84 13.53.127.223 ec2-13-53-127-223.eu-north-1.compute.amazonaws.com - Medium
85 13.53.149.216 ec2-13-53-149-216.eu-north-1.compute.amazonaws.com - Medium
86 13.57.226.95 ec2-13-57-226-95.us-west-1.compute.amazonaws.com - Medium
87 13.59.13.98 ec2-13-59-13-98.us-east-2.compute.amazonaws.com - Medium
88 13.59.67.195 ec2-13-59-67-195.us-east-2.compute.amazonaws.com - Medium
89 13.72.247.133 - - High
90 13.77.163.87 - - High
91 13.78.143.45 - - High
92 13.79.246.35 - - High
93 13.80.144.47 - - High
94 13.80.148.182 - - High
95 13.90.45.216 - - High
96 13.92.247.241 - - High
97 13.113.129.210 ec2-13-113-129-210.ap-northeast-1.compute.amazonaws.com - Medium
98 13.114.10.152 ec2-13-114-10-152.ap-northeast-1.compute.amazonaws.com - Medium
99 13.124.214.6 ec2-13-124-214-6.ap-northeast-2.compute.amazonaws.com - Medium
100 13.124.217.127 ec2-13-124-217-127.ap-northeast-2.compute.amazonaws.com - Medium
101 13.126.18.196 ec2-13-126-18-196.ap-south-1.compute.amazonaws.com - Medium
102 13.126.244.38 ec2-13-126-244-38.ap-south-1.compute.amazonaws.com - Medium
103 13.209.39.176 ec2-13-209-39-176.ap-northeast-2.compute.amazonaws.com - Medium
104 13.211.180.165 ec2-13-211-180-165.ap-southeast-2.compute.amazonaws.com - Medium
105 13.211.234.149 ec2-13-211-234-149.ap-southeast-2.compute.amazonaws.com - Medium
106 13.232.213.134 ec2-13-232-213-134.ap-south-1.compute.amazonaws.com - Medium
107 13.233.60.246 ec2-13-233-60-246.ap-south-1.compute.amazonaws.com - Medium
108 13.233.98.125 ec2-13-233-98-125.ap-south-1.compute.amazonaws.com - Medium
109 13.234.76.179 ec2-13-234-76-179.ap-south-1.compute.amazonaws.com - Medium
110 13.235.82.69 ec2-13-235-82-69.ap-south-1.compute.amazonaws.com - Medium
111 13.235.253.205 ec2-13-235-253-205.ap-south-1.compute.amazonaws.com - Medium
112 13.238.218.177 ec2-13-238-218-177.ap-southeast-2.compute.amazonaws.com - Medium
113 13.251.26.201 ec2-13-251-26-201.ap-southeast-1.compute.amazonaws.com - Medium
114 13.251.89.210 ec2-13-251-89-210.ap-southeast-1.compute.amazonaws.com - Medium
115 13.251.166.37 ec2-13-251-166-37.ap-southeast-1.compute.amazonaws.com - Medium
116 14.37.111.114 - - High
117 14.43.135.243 - - High
118 14.46.100.84 - - High
119 14.54.245.109 - - High
120 14.54.245.220 - - High
121 14.118.208.75 - - High
122 14.118.208.86 - - High
123 14.118.211.158 - - High
124 14.139.122.146 - - High
125 15.206.70.23 ec2-15-206-70-23.ap-south-1.compute.amazonaws.com - Medium
126 15.235.13.210 ns5009092.ip-15-235-13.net - High
127 15.235.13.211 ns5009085.ip-15-235-13.net - High
128 15.235.30.194 ip194.ip-15-235-30.net - High
129 18.27.197.252 - - High
130 18.130.29.105 ec2-18-130-29-105.eu-west-2.compute.amazonaws.com - Medium
131 18.136.203.250 ec2-18-136-203-250.ap-southeast-1.compute.amazonaws.com - Medium
132 18.138.238.88 ec2-18-138-238-88.ap-southeast-1.compute.amazonaws.com - Medium
133 18.141.93.110 ec2-18-141-93-110.ap-southeast-1.compute.amazonaws.com - Medium
134 18.142.77.220 ec2-18-142-77-220.ap-southeast-1.compute.amazonaws.com - Medium
135 18.162.109.213 ec2-18-162-109-213.ap-east-1.compute.amazonaws.com - Medium
136 18.162.120.237 ec2-18-162-120-237.ap-east-1.compute.amazonaws.com - Medium
137 18.162.123.240 ec2-18-162-123-240.ap-east-1.compute.amazonaws.com - Medium
138 18.162.200.166 ec2-18-162-200-166.ap-east-1.compute.amazonaws.com - Medium
139 18.182.6.172 ec2-18-182-6-172.ap-northeast-1.compute.amazonaws.com - Medium
140 18.191.113.196 ec2-18-191-113-196.us-east-2.compute.amazonaws.com - Medium
141 18.202.242.7 ec2-18-202-242-7.eu-west-1.compute.amazonaws.com - Medium
142 18.204.247.146 ec2-18-204-247-146.compute-1.amazonaws.com - Medium
143 18.208.7.231 ec2-18-208-7-231.compute-1.amazonaws.com - Medium
144 18.212.26.134 ec2-18-212-26-134.compute-1.amazonaws.com - Medium
145 18.218.135.210 ec2-18-218-135-210.us-east-2.compute.amazonaws.com - Medium
146 18.219.191.219 ec2-18-219-191-219.us-east-2.compute.amazonaws.com - Medium
147 18.220.148.98 ec2-18-220-148-98.us-east-2.compute.amazonaws.com - Medium
148 18.222.214.151 ec2-18-222-214-151.us-east-2.compute.amazonaws.com - Medium
149 18.228.44.254 ec2-18-228-44-254.sa-east-1.compute.amazonaws.com - Medium
150 18.231.36.105 ec2-18-231-36-105.sa-east-1.compute.amazonaws.com - Medium
151 18.231.122.117 ec2-18-231-122-117.sa-east-1.compute.amazonaws.com - Medium
152 18.231.178.172 ec2-18-231-178-172.sa-east-1.compute.amazonaws.com - Medium
153 20.39.226.165 - - High
154 20.39.240.101 - - High
155 20.49.51.59 - - High
156 20.69.176.137 - - High
157 20.126.58.208 - - High
158 20.127.105.82 - - High
159 20.141.185.205 - - High
160 20.195.193.241 - - High
161 20.205.0.49 - - High
162 23.92.25.109 23-92-25-109.ip.linodeusercontent.com - High
163 23.94.56.185 23-94-56-185-host.colocrossing.com - High
164 23.100.81.44 - - High
165 23.148.146.118 - - High
166 23.148.146.122 - - High
167 23.234.197.173 173-197-234-23-dedicated.multacom.com - High
168 23.234.209.234 host-23-234-209-234-by.multacom.com - High
169 23.237.228.74 - - High
170 23.237.228.90 - - High
171 23.254.217.214 hwsrv-905596.hostwindsdns.com - High
172 24.8.141.118 c-24-8-141-118.hsd1.co.comcast.net - High
173 24.65.42.248 - - High
174 24.152.38.22 - - High
175 24.152.38.152 - - High
176 24.158.63.182 024-158-063-182.biz.spectrum.com - High
177 24.213.210.198 rrcs-24-213-210-198.nys.biz.rr.com - High
178 27.16.238.184 - - High
179 27.54.170.52 - - High
180 27.129.128.235 - - High
181 27.158.196.219 219.196.158.27.broad.zz.fj.dynamic.163data.com.cn - High
182 27.191.107.92 - - High
183 31.15.241.181 cpe-31-15-241-181.cable.telemach.net - High
184 31.19.126.157 ip1f137e9d.dynamic.kabel-deutschland.de - High
185 31.19.237.46 ip1f13ed2e.dynamic.kabel-deutschland.de - High
186 31.19.237.170 ip1f13edaa.dynamic.kabel-deutschland.de - High
187 31.169.25.190 - - High
188 31.206.240.54 - - High
189 34.80.27.207 207.27.80.34.bc.googleusercontent.com - Medium
190 34.80.39.155 155.39.80.34.bc.googleusercontent.com - Medium
191 34.84.213.136 136.213.84.34.bc.googleusercontent.com - Medium
192 34.92.90.235 235.90.92.34.bc.googleusercontent.com - Medium
193 34.125.101.168 168.101.125.34.bc.googleusercontent.com - Medium
194 34.130.214.198 198.214.130.34.bc.googleusercontent.com - Medium
195 34.209.193.171 ec2-34-209-193-171.us-west-2.compute.amazonaws.com - Medium
196 34.218.227.40 ec2-34-218-227-40.us-west-2.compute.amazonaws.com - Medium
197 34.220.197.12 ec2-34-220-197-12.us-west-2.compute.amazonaws.com - Medium
198 34.228.43.200 ec2-34-228-43-200.compute-1.amazonaws.com - Medium
199 34.238.28.208 ec2-34-238-28-208.compute-1.amazonaws.com - Medium
200 34.239.121.245 ec2-34-239-121-245.compute-1.amazonaws.com - Medium
201 35.84.195.246 ec2-35-84-195-246.us-west-2.compute.amazonaws.com - Medium
202 35.154.250.210 ec2-35-154-250-210.ap-south-1.compute.amazonaws.com - Medium
203 35.176.154.160 ec2-35-176-154-160.eu-west-2.compute.amazonaws.com - Medium
204 35.178.109.174 ec2-35-178-109-174.eu-west-2.compute.amazonaws.com - Medium
205 35.181.9.94 ec2-35-181-9-94.eu-west-3.compute.amazonaws.com - Medium
206 35.182.238.155 ec2-35-182-238-155.ca-central-1.compute.amazonaws.com - Medium
207 35.183.109.60 ec2-35-183-109-60.ca-central-1.compute.amazonaws.com - Medium
208 35.192.122.245 245.122.192.35.bc.googleusercontent.com - Medium
209 35.194.155.97 97.155.194.35.bc.googleusercontent.com - Medium
210 35.229.239.179 179.239.229.35.bc.googleusercontent.com - Medium
211 36.22.249.39 - - High
212 36.92.125.163 - - High
213 36.137.217.5 - - High
214 37.25.54.162 - - High
215 37.44.244.231 - - High
216 37.97.206.223 37-97-206-223.colo.transip.net - High
217 37.156.28.213 213.mobinnet.net - High
218 37.182.153.172 - - High
219 37.186.217.20 37-186-217-20.ip270.fastwebnet.it - High
220 37.187.148.130 ns345129.ip-37-187-148.eu - High
221 37.230.137.180 ds1-client.elegacy.ru - High
222 39.86.114.252 - - High
223 39.105.123.135 - - High
224 39.106.111.11 - - High
225 40.77.57.4 - - High
226 41.193.68.46 mail.udwc.co.za - High
227 41.226.18.128 - - High
228 41.231.127.5 - - High
229 42.192.82.25 - - High
230 42.192.141.133 - - High
231 42.192.155.41 - - High
232 42.192.157.181 - - High
233 42.193.55.4 - - High
234 42.193.252.69 - - High
235 42.194.187.28 - - High
236 43.129.181.67 - - High
237 43.129.253.181 - - High
238 43.132.208.88 - - High
239 43.136.128.67 - - High
240 43.154.20.234 - - High
241 43.242.247.139 - - High
242 43.249.206.97 - - High
243 44.201.98.58 ec2-44-201-98-58.compute-1.amazonaws.com - Medium
244 45.6.96.34 - - High
245 45.22.199.195 45-22-199-195.lightspeed.sndgca.sbcglobal.net - High
246 45.32.122.40 45.32.122.40.vultr.com - Medium
247 45.32.128.117 45.32.128.117.vultr.com - Medium
248 45.84.196.108 - - High
249 45.87.207.8 - - High
250 45.119.86.214 - - High
251 45.131.1.72 ip.serverscity.net - High
252 45.137.181.238 - - High
253 45.138.157.66 vm326778.pq.hosting - High
254 45.140.164.177 - - High
255 45.142.122.107 merry-coach.aeza.network - High
256 45.142.122.169 dirty-magic.aeza.network - High
257 45.143.136.213 andreybaksalyar.example.com - High
258 45.153.229.238 vm346100.pq.hosting - High
259 45.154.215.172 - - High
260 45.182.118.100 - - High
261 45.222.204.98 - - High
262 45.229.34.30 - - High
263 45.231.132.133 generated-loan.cursorspec.com - High
264 45.238.23.157 - - High
265 45.249.92.58 - - High
266 46.3.142.226 - - High
267 46.3.197.32 - - High
268 46.3.199.4 - - High
269 46.3.199.5 - - High
270 46.37.77.214 214.red.77.37.46.procono.es - High
271 46.80.25.30 p2e50191e.dip0.t-ipconnect.de - High
272 46.97.44.18 - - High
273 46.101.2.179 - - High
274 46.101.18.240 - - High
275 46.109.34.247 - - High
276 46.148.227.125 cd16.micsotmaster.art - High
277 46.210.111.163 - - High
278 46.217.167.96 - - High
279 46.219.116.22 - - High
280 46.223.163.220 ip-046-223-163-220.um13.pools.vodafone-ip.de - High
281 47.16.155.222 ool-2f109bde.dyn.optonline.net - High
282 47.19.20.130 - - High
283 47.37.138.79 047-037-138-079.res.spectrum.com - High
284 47.74.65.36 - - High
285 47.88.244.157 - - High
286 47.91.87.67 - - High
287 47.100.108.185 - - High
288 47.100.139.58 - - High
289 47.106.180.166 - - High
290 47.240.81.242 - - High
291 47.243.181.71 - - High
292 47.243.181.238 - - High
293 47.245.14.45 - - High
294 49.7.132.22 - - High
295 49.50.106.73 - - High
296 49.69.36.214 - - High
297 49.204.124.253 broadband.actcorp.in - High
298 49.232.80.64 - - High
299 49.232.104.199 - - High
300 49.232.122.130 - - High
301 ... ... ... ...

There are 1200 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by FritzFrog. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
2 T1068 CWE-250, CWE-264, CWE-284 Execution with Unnecessary Privileges High
3 T1110.001 CWE-307 Improper Restriction of Excessive Authentication Attempts High
4 ... ... ... ...

There are 7 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by FritzFrog. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .procmailrc Medium
2 File /#/CampaignManager/users High
3 File /admin/admin_login.php High
4 File /admin/login.php High
5 File /AvalancheWeb/image High
6 File /bin/sh Low
7 File /cgi-bin/portal High
8 File /cgi-bin/system_mgr.cgi High
9 File /dev/tty Medium
10 File /doorgets/app/requests/user/modulecategoryRequest.php High
11 File /etc/groups Medium
12 File /ghost/preview High
13 File /login Low
14 File /login.html Medium
15 File /magnoliaPublic/travel/members/login.html High
16 File /member/index/login.html High
17 File /nova/bin/detnet High
18 File /proc/self/setgroups High
19 File /public/plugins/ High
20 File /rest/api/latest/user/avatar/temporary High
21 File /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf High
22 File /sm/api/v1/firewall/zone/services High
23 File /src/njs_vmcode.c High
24 File /system/user/resetPwd High
25 File /tmp/app/.env High
26 File /uncpath/ Medium
27 File /user-utils/users/md5.json High
28 File /var/adm/btmp High
29 File /websocket/exec High
30 File /wp-content/plugins/woocommerce/templates/emails/plain/ High
31 File /x_program_center/jaxrs/invoke High
32 File 14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi High
33 File add_vhost.php High
34 File admin.inc.php High
35 File admin/conf_users_edit.php High
36 File admin/index.php High
37 ... ... ...

There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!