Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-28 18:03:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
0250199be0
cyber_threat_intelligence/actors/Canada Unknown
History
Marc Ruef 6ff7b0fc1f Update
2022-11-26 12:43:44 +01:00
..
README.md Update 2022-11-26 12:43:44 +01:00

README.md

Canada Unknown - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Canada Unknown. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.canada_unknown

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Canada Unknown:

There are 18 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Canada Unknown.

ID IP address Hostname Campaign Confidence
1 2.56.72.0 - - High
2 2.57.168.0 - - High
3 2.58.36.0 - - High
4 4.16.48.0 - - High
5 4.16.146.0 - - High
6 4.16.146.8 - - High
7 4.16.146.16 - - High
8 4.16.146.32 - - High
9 4.28.136.0 - - High
10 4.28.234.32 - - High
11 4.28.234.64 - - High
12 4.28.234.128 - - High
13 4.31.103.0 - - High
14 4.53.82.96 - - High
15 4.59.234.64 - - High
16 4.78.52.0 - - High
17 5.10.64.8 8.40.0a05.ip4.static.sl-reverse.com - High
18 5.62.47.240 r-240-47-62-5.consumer-pool.prcdn.net - High
19 5.62.57.52 r-52-57-62-5.consumer-pool.prcdn.net - High
20 5.62.59.32 r-32-59-62-5.consumer-pool.prcdn.net - High
21 5.133.116.0 - - High
22 5.149.252.0 - - High
23 5.175.176.0 - - High
24 5.181.233.0 - - High
25 5.189.205.0 - - High
26 5.231.9.16 - - High
27 5.231.9.32 - - High
28 5.231.9.64 - - High
29 5.231.9.128 - - High
30 8.7.244.0 - - High
31 8.18.128.0 - - High
32 8.18.136.0 - - High
33 8.18.172.0 - - High
34 8.20.110.0 - - High
35 8.20.113.0 - - High
36 8.21.37.0 - - High
37 8.21.38.0 - - High
38 8.21.41.0 - - High
39 8.21.51.0 - - High
40 8.24.8.0 - - High
41 8.26.78.0 - - High
42 8.26.94.0 - - High
43 8.29.224.0 - - High
44 8.30.208.0 - - High
45 8.33.96.0 - - High
46 8.33.128.0 - - High
47 8.33.136.0 - - High
48 8.44.6.0 - - High
49 8.44.60.0 - - High
50 8.46.117.0 - - High
51 8.46.118.0 - - High
52 12.20.160.64 - - High
53 12.111.224.0 - - High
54 12.124.172.0 - - High
55 12.129.16.0 - - High
56 12.230.227.192 - - High
57 13.8.112.0 - - High
58 13.71.160.0 - - High
59 13.88.224.0 - - High
60 13.104.42.0 - - High
61 13.104.151.192 yto21prdstp04.fc.core.windows.net - High
62 13.104.152.0 - - High
63 13.104.154.128 yq1prdapp01.fc.core.windows.net - High
64 13.104.232.0 - - High
65 13.106.8.0 - - High
66 13.106.42.0 - - High
67 13.106.48.0 - - High
68 13.106.118.0 - - High
69 13.106.254.0 - - High
70 13.107.185.152 - - High
71 13.107.185.208 - - High
72 13.107.185.224 - - High
73 13.107.194.104 - - High
74 15.222.0.0 ec2-15-222-0-0.ca-central-1.compute.amazonaws.com - Medium
75 17.18.24.0 - - High
76 17.18.32.0 - - High
77 17.19.8.0 - - High
78 17.19.16.0 - - High
79 17.19.96.0 - - High
80 17.20.16.0 - - High
81 17.20.48.0 - - High
82 17.20.96.0 - - High
83 17.20.136.0 - - High
84 17.20.160.0 - - High
85 17.20.184.0 - - High
86 17.20.192.0 - - High
87 17.20.208.0 - - High
88 17.20.224.0 - - High
89 17.20.240.0 - - High
90 17.26.176.0 - - High
91 17.27.64.0 - - High
92 17.27.160.0 - - High
93 17.28.0.0 - - High
94 17.28.16.0 - - High
95 17.28.40.0 - - High
96 17.28.72.0 - - High
97 17.28.80.0 - - High
98 17.28.136.0 - - High
99 17.44.216.0 - - High
100 17.44.224.0 - - High
101 17.45.22.0 - - High
102 17.45.30.0 - - High
103 17.45.64.0 - - High
104 17.45.136.0 - - High
105 17.45.140.0 - - High
106 17.45.200.0 - - High
107 17.45.240.0 - - High
108 20.38.114.0 - - High
109 20.38.121.128 - - High
110 20.38.144.0 - - High
111 20.39.128.0 - - High
112 20.43.0.0 - - High
113 20.150.1.0 - - High
114 20.150.16.0 - - High
115 20.150.31.0 - - High
116 20.150.40.128 - - High
117 20.190.139.0 - - High
118 20.190.161.0 - - High
119 20.190.162.0 - - High
120 20.206.72.0 - - High
121 23.16.0.0 d23-16-0-0.bchsia.telus.net - High
122 23.29.192.0 ip-23-29-192-0.xplore.ca - High
123 23.59.154.92 a23-59-154-92.deploy.static.akamaitechnologies.com - High
124 23.59.154.100 a23-59-154-100.deploy.static.akamaitechnologies.com - High
125 23.59.154.108 a23-59-154-108.deploy.static.akamaitechnologies.com - High
126 23.59.154.116 a23-59-154-116.deploy.static.akamaitechnologies.com - High
127 23.59.154.124 a23-59-154-124.deploy.static.akamaitechnologies.com - High
128 23.59.154.132 a23-59-154-132.deploy.static.akamaitechnologies.com - High
129 23.59.154.140 a23-59-154-140.deploy.static.akamaitechnologies.com - High
130 23.59.154.148 a23-59-154-148.deploy.static.akamaitechnologies.com - High
131 23.59.154.156 a23-59-154-156.deploy.static.akamaitechnologies.com - High
132 23.59.154.164 a23-59-154-164.deploy.static.akamaitechnologies.com - High
133 23.59.154.172 a23-59-154-172.deploy.static.akamaitechnologies.com - High
134 23.59.154.180 a23-59-154-180.deploy.static.akamaitechnologies.com - High
135 23.59.154.188 a23-59-154-188.deploy.static.akamaitechnologies.com - High
136 23.59.154.196 a23-59-154-196.deploy.static.akamaitechnologies.com - High
137 23.59.154.204 a23-59-154-204.deploy.static.akamaitechnologies.com - High
138 23.59.154.212 a23-59-154-212.deploy.static.akamaitechnologies.com - High
139 23.59.154.220 a23-59-154-220.deploy.static.akamaitechnologies.com - High
140 23.59.154.228 a23-59-154-228.deploy.static.akamaitechnologies.com - High
141 23.59.154.236 a23-59-154-236.deploy.static.akamaitechnologies.com - High
142 23.83.208.0 zero.apple.relay.mailchannels.net - High
143 23.83.224.0 23.83.224.0.16clouds.com - High
144 23.91.128.0 - - High
145 23.91.224.0 23-91-224-0.cpe.distributel.net - High
146 23.92.126.0 - - High
147 23.92.128.0 - - High
148 23.103.157.0 - - High
149 23.103.157.64 - - High
150 23.111.64.0 - - High
151 23.128.0.0 host-0.0.128.23.net.hcetelecom.com - High
152 23.128.80.0 - - High
153 23.128.160.0 - - High
154 23.128.224.0 - - High
155 23.129.16.0 - - High
156 23.129.32.0 - - High
157 23.130.32.0 - - High
158 23.131.16.0 - - High
159 23.131.32.0 - - High
160 23.131.112.0 - - High
161 23.132.160.0 - - High
162 23.132.192.0 0.ip-23.132.192.crossfireis.com - High
163 23.133.64.0 - - High
164 23.133.112.0 - - High
165 23.133.208.0 - - High
166 23.134.32.0 net-airvitesse-ipv4-00.airvitesse.net - High
167 23.134.112.0 - - High
168 23.134.160.0 - - High
169 23.134.240.0 - - High
170 23.135.96.0 - - High
171 23.135.144.0 - - High
172 23.135.176.0 - - High
173 23.135.192.0 - - High
174 23.136.80.0 - - High
175 23.136.240.0 ip-23-136-240-0.static.unno.ca - High
176 23.137.0.0 - - High
177 23.137.80.0 - - High
178 23.137.192.0 - - High
179 23.138.48.0 - - High
180 23.138.64.0 - - High
181 23.138.128.0 - - High
182 23.139.16.0 - - High
183 23.139.128.0 - - High
184 23.139.208.0 - - High
185 23.140.0.0 - - High
186 23.140.160.0 - - High
187 23.141.80.0 - - High
188 23.141.128.0 - - High
189 23.142.0.0 - - High
190 23.143.80.0 - - High
191 23.143.112.0 - - High
192 23.144.128.0 - - High
193 23.144.240.0 - - High
194 23.146.32.0 - - High
195 23.146.176.0 - - High
196 23.146.192.0 - - High
197 23.147.16.0 - - High
198 23.147.80.0 - - High
199 23.148.96.0 - - High
200 23.148.128.0 - - High
201 23.148.192.0 - - High
202 23.149.128.0 - - High
203 23.150.0.0 - - High
204 23.151.0.0 - - High
205 23.151.96.0 - - High
206 23.151.128.0 - - High
207 23.151.192.0 - - High
208 23.153.64.0 - - High
209 23.153.128.0 - - High
210 23.154.0.0 - - High
211 23.154.128.0 - - High
212 23.154.192.0 - - High
213 23.155.64.0 - - High
214 23.155.128.0 - - High
215 23.156.160.0 - - High
216 23.158.128.0 - - High
217 23.159.96.0 - - High
218 23.161.64.0 - - High
219 23.163.192.0 - - High
220 23.164.96.0 - - High
221 23.166.0.0 - - High
222 23.167.64.0 - - High
223 23.167.224.0 - - High
224 23.169.32.0 - - High
225 23.170.32.0 ipv4.etinw.net - High
226 23.171.128.0 - - High
227 23.172.224.0 - - High
228 23.174.96.0 - - High
229 23.174.224.0 - - High
230 23.175.32.0 - - High
231 23.175.128.0 - - High
232 23.176.0.0 cgr02.tor1.sys.life - High
233 23.176.192.0 - - High
234 23.177.160.0 - - High
235 23.178.0.0 - - High
236 23.178.64.0 - - High
237 23.179.0.0 - - High
238 23.179.160.0 - - High
239 23.180.64.0 - - High
240 23.181.128.0 - - High
241 23.182.0.0 - - High
242 23.182.128.0 - - High
243 23.183.192.0 - - High
244 23.186.0.0 - - High
245 23.186.192.0 - - High
246 23.190.128.0 - - High
247 23.191.128.0 - - High
248 23.226.208.0 - - High
249 23.226.219.0 - - High
250 23.227.32.0 sy3pjjov3ci.byoip.shopifyedge.com - High
251 23.227.208.0 visit.keznews.com - High
252 23.229.0.0 - - High
253 23.229.0.128 - - High
254 23.229.0.160 - - High
255 23.229.0.184 - - High
256 23.229.0.192 - - High
257 23.229.0.216 - - High
258 23.229.0.224 - - High
259 23.229.1.0 - - High
260 23.229.2.0 - - High
261 23.229.4.0 - - High
262 23.229.5.0 - - High
263 23.229.5.64 - - High
264 23.229.5.96 - - High
265 23.229.5.112 - - High
266 23.229.5.128 - - High
267 23.229.6.0 - - High
268 23.229.8.0 - - High
269 23.229.8.32 msrv2-32.bowl-srv19.com - High
270 23.229.8.56 msrv2-56.bowl-srv19.com - High
271 23.229.8.64 qwe1.xp-apps.com - High
272 23.229.8.128 msrv2-128.bowl-srv20.com - High
273 23.229.9.0 - - High
274 23.229.10.0 - - High
275 23.229.12.0 - - High
276 23.229.14.0 - - High
277 23.229.16.0 - - High
278 23.229.18.0 - - High
279 23.229.20.0 - - High
280 23.229.24.0 - - High
281 23.229.32.0 - - High
282 23.229.36.0 - - High
283 23.229.38.0 - - High
284 23.229.40.0 - - High
285 23.229.48.0 - - High
286 23.229.52.0 - - High
287 23.229.54.0 - - High
288 23.229.55.0 - - High
289 23.229.56.0 - - High
290 23.229.61.0 - - High
291 23.229.62.0 - - High
292 23.229.64.0 - - High
293 23.229.67.0 - - High
294 23.229.68.0 - - High
295 23.229.72.0 visit.keznews.com - High
296 23.229.80.0 - - High
297 23.233.0.0 23-233-0-0.cpe.pppoe.ca - High
298 23.235.64.0 - - High
299 23.236.128.0 - - High
300 23.236.144.0 - - High
301 23.236.152.0 - - High
302 23.236.156.0 - - High
303 23.236.156.72 - - High
304 23.236.156.80 - - High
305 23.236.156.96 - - High
306 23.236.156.128 - - High
307 23.236.157.0 - - High
308 23.236.158.0 - - High
309 23.236.160.0 - - High
310 23.236.192.0 - - High
311 23.236.197.0 - - High
312 23.236.198.0 - - High
313 23.236.200.0 - - High
314 23.236.208.0 - - High
315 23.236.217.0 - - High
316 23.236.218.0 - - High
317 23.236.220.0 - - High
318 23.236.224.0 - - High
319 23.236.240.0 - - High
320 23.236.241.0 - - High
321 23.236.242.128 - - High
322 23.236.243.0 - - High
323 23.236.244.0 - - High
324 23.236.248.128 - - High
325 23.236.249.0 - - High
326 23.236.250.0 - - High
327 23.236.252.24 - - High
328 23.236.252.32 - - High
329 23.236.252.80 - - High
330 23.236.252.104 - - High
331 23.236.252.224 smith.vps79.net - High
332 23.236.253.0 - - High
333 23.236.254.0 - - High
334 23.237.46.0 - - High
335 23.237.48.0 - - High
336 23.237.68.0 - - High
337 23.237.102.0 - - High
338 23.237.102.80 - - High
339 23.237.102.160 - - High
340 23.237.102.192 - - High
341 23.237.103.8 - - High
342 23.237.103.16 - - High
343 23.237.103.32 - - High
344 23.237.103.64 - - High
345 23.237.103.128 - - High
346 23.237.104.0 - - High
347 23.237.140.0 - - High
348 23.239.32.0 ip-23-239-32-0.xplore.ca - High
349 23.239.179.0 - - High
350 23.247.178.0 - - High
351 23.247.188.0 - - High
352 23.247.194.0 - - High
353 23.247.200.0 - - High
354 23.247.208.0 0.208.247.23.fiberfly.com - High
355 23.247.217.0 - - High
356 23.247.228.0 - - High
357 23.247.245.0 - - High
358 23.248.0.0 23-248-0-0.tpia.execulink.com - High
359 23.248.128.0 23-248-128-0.tpia.execulink.com - High
360 23.249.112.0 - - High
361 23.249.175.70 - - High
362 23.249.175.242 - - High
363 23.249.192.0 - - High
364 23.250.0.0 - - High
365 23.250.8.0 - - High
366 23.250.9.0 - - High
367 23.250.9.128 matlockfour.net - High
368 23.250.9.160 - - High
369 23.250.9.184 - - High
370 23.250.9.192 - - High
371 23.250.9.216 - - High
372 23.250.9.224 - - High
373 23.250.10.0 - - High
374 23.250.11.0 - - High
375 23.250.11.64 - - High
376 23.250.11.80 leoutsarfour.net - High
377 23.250.11.96 - - High
378 23.250.11.128 - - High
379 23.250.12.0 - - High
380 23.250.13.0 - - High
381 23.250.13.128 - - High
382 23.250.14.0 - - High
383 23.250.15.64 - - High
384 23.250.15.128 vulcan128.lash-atlas.com - High
385 23.250.16.0 - - High
386 23.250.21.0 - - High
387 23.250.22.0 - - High
388 23.250.24.0 - - High
389 23.250.26.0 - - High
390 23.250.26.192 - - High
391 23.250.27.0 - - High
392 23.250.28.0 - - High
393 23.250.32.0 - - High
394 23.250.36.0 - - High
395 ... ... ... ...

There are 1576 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Canada Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-425 Pathname Traversal High
2 T1055 CWE-74 Injection High
3 T1059 CWE-88, CWE-94, CWE-1321 Cross Site Scripting High
4 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
5 T1068 CWE-264, CWE-269, CWE-284 Execution with Unnecessary Privileges High
6 ... ... ... ...

There are 18 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Canada Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .php.gif Medium
2 File /+CSCOE+/logon.html High
3 File /Admin/login.php High
4 File /admin/submit-articles High
5 File /cgi-bin/supervisor/PwdGrp.cgi High
6 File /cgi-bin/system_mgr.cgi High
7 File /concat?/%2557EB-INF/web.xml High
8 File /coreframe/app/order/admin/index.php High
9 File /employeeview.php High
10 File /etc/sudoers Medium
11 File /filemanager/php/connector.php High
12 File /forum/away.php High
13 File /inc/extensions.php High
14 File /includes/event-management/index.php High
15 File /index.php Medium
16 File /Items/*/RemoteImages/Download High
17 File /KeepAlive.jsp High
18 File /lists/index.php High
19 File /member/index/login.html High
20 File /mkshop/Men/profile.php High
21 File /modules/profile/index.php High
22 File /opt/zimbra/jetty/webapps/zimbra/public High
23 File /phppath/php Medium
24 File /php_action/editProductImage.php High
25 File /products/details.asp High
26 File /replication Medium
27 File /rest/api/1.0/issues/{id}/ActionsAndOperations High
28 File /secure/admin/RestoreDefaults.jspa High
29 File /secure/EditSubscription.jspa High
30 File /secure/QueryComponent!Default.jspa High
31 File /services/details.asp High
32 File /spip.php Medium
33 File /trx_addons/v2/get/sc_layout High
34 File /uncpath/ Medium
35 File /usr/bin/pkexec High
36 File /var/log/qualys/qualys-cloud-agent-scan.log High
37 File /wp-json/oembed/1.0/embed?url High
38 File 4.edu.php Medium
39 File adclick.php Medium
40 File add.exe Low
41 File admin.php Medium
42 File admin/admin.php High
43 File admin/adminlien.php3 High
44 File admin/conf_users_edit.php High
45 File admin/index.php High
46 File admin/vqmods.app/vqmods.inc.php High
47 File admin/_cmdstat.jsp High
48 File admin_delete.php High
49 File admin_view_image.php High
50 File Advance/Premium/Standard High
51 File advsearch_h.asp High
52 File akocomments.php High
53 File album_portal.php High
54 File allopass-error.php High
55 File article.asp Medium
56 ... ... ...

There are 484 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!