mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-28 18:03:20 +00:00

History

Marc Ruef b057cc617d Update June 2023		2023-06-16 08:44:29 +02:00
..
README.md	Update June 2023	2023-06-16 08:44:29 +02:00

README.md

BumbleBee - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as BumbleBee. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.bumblebee

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BumbleBee:

There are 4 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of BumbleBee.

ID	IP address	Hostname	Campaign	Confidence
1	0.151.228.146	-	-	High
2	0.208.210.72	-	-	High
3	1.32.39.22	-	-	High
4	1.39.166.217	1-39-166-217.live.vodafone.in	-	High
5	2.50.39.29	bba-2-50-39-29.alshamil.net.ae	-	High
6	2.56.10.16	-	-	High
7	2.97.24.126	host-2-97-24-126.as13285.net	-	High
8	2.100.7.120	host-2-100-7-120.as13285.net	-	High
9	2.126.13.36	027e0d24.bb.sky.com	-	High
10	2.190.89.140	-	-	High
11	2.211.111.213	dynamic-002-211-111-213.2.211.pool.telefonica.de	-	High
12	2.240.132.127	dynamic-002-240-132-127.2.240.pool.telefonica.de	-	High
13	3.85.198.66	ec2-3-85-198-66.compute-1.amazonaws.com	-	Medium
14	3.144.143.242	ec2-3-144-143-242.us-east-2.compute.amazonaws.com	-	Medium
15	3.172.226.46	-	-	High
16	3.215.24.1	ec2-3-215-24-1.compute-1.amazonaws.com	-	Medium
17	4.13.210.199	-	-	High
18	4.165.175.212	-	-	High
19	4.177.13.86	-	-	High
20	4.236.88.115	-	-	High
21	5.45.54.50	-	-	High
22	5.53.19.66	dhcp-66-19-53-5.metrosg.ru	-	High
23	5.141.46.137	-	-	High
24	5.152.80.211	-	-	High
25	5.237.231.132	-	-	High
26	5.239.33.172	-	-	High
27	6.10.249.12	-	-	High
28	6.30.139.246	-	-	High
29	6.249.22.42	-	-	High
30	7.12.29.221	-	-	High
31	7.71.244.186	-	-	High
32	7.233.9.154	-	-	High
33	8.12.181.20	-	-	High
34	8.76.233.176	-	-	High
35	8.126.95.33	-	-	High
36	8.219.132.142	-	-	High
37	8.222.227.103	-	-	High
38	8.253.171.67	-	-	High
39	9.63.15.101	-	-	High
40	9.240.112.25	-	-	High
41	10.28.17.62	-	-	High
42	11.1.201.27	-	-	High
43	12.75.186.131	131.newark-21-23rs.nj.dial-access.att.net	-	High
44	12.115.36.174	-	-	High
45	12.153.80.238	-	-	High
46	12.194.222.34	-	-	High
47	12.202.229.195	-	-	High
48	12.236.242.155	-	-	High
49	13.2.200.200	-	-	High
50	13.218.205.215	-	-	High
51	13.234.171.104	ec2-13-234-171-104.ap-south-1.compute.amazonaws.com	-	Medium
52	14.7.69.141	-	-	High
53	14.11.77.37	M014011077037.v4.enabler.ne.jp	-	High
54	14.40.68.19	-	-	High
55	14.63.191.213	-	-	High
56	14.102.170.127	cache-ipnet01.nexlogic.ph	-	High
57	14.128.51.19	-	-	High
58	14.155.143.74	-	-	High
59	14.163.179.250	static.vnpt.vn	-	High
60	14.195.237.81	static-81.237.195.14-tataidc.co.in	-	High
61	15.209.19.148	-	-	High
62	15.248.60.137	-	-	High
63	16.86.113.88	-	-	High
64	16.249.204.133	-	-	High
65	17.29.249.188	-	-	High
66	17.147.212.14	-	-	High
67	18.8.71.243	-	-	High
68	18.127.96.221	-	-	High
69	18.141.105.98	ec2-18-141-105-98.ap-southeast-1.compute.amazonaws.com	-	Medium
70	18.151.45.13	-	-	High
71	18.210.196.217	ec2-18-210-196-217.compute-1.amazonaws.com	-	Medium
72	19.32.56.182	-	-	High
73	19.71.13.153	-	-	High
74	19.128.78.21	-	-	High
75	20.150.149.28	-	-	High
76	21.21.141.32	-	-	High
77	21.29.238.98	-	-	High
78	21.175.22.99	-	-	High
79	21.246.85.34	-	-	High
80	22.39.164.0	-	-	High
81	22.83.186.45	-	-	High
82	22.175.0.90	-	-	High
83	22.252.18.49	-	-	High
84	23.19.58.176	i58.176.lofame.net	-	High
85	23.19.58.212	-	-	High
86	23.19.58.251	-	-	High
87	23.29.115.164	23-29-115-164.static.hvvc.us	-	High
88	23.29.115.172	23-29-115-172.static.hvvc.us	-	High
89	23.81.246.17	-	-	High
90	23.81.246.22	-	-	High
91	23.81.246.171	-	-	High
92	23.81.246.187	-	-	High
93	23.81.246.205	-	-	High
94	23.82.19.119	-	-	High
95	23.82.19.208	-	-	High
96	23.82.128.11	-	-	High
97	23.82.128.116	-	-	High
98	23.82.128.127	-	-	High
99	23.82.128.149	-	-	High
100	23.82.140.14	-	-	High
101	23.82.140.100	-	-	High
102	23.82.140.133	-	-	High
103	23.82.140.155	-	-	High
104	23.82.140.180	-	-	High
105	23.82.141.11	-	-	High
106	23.82.141.184	-	-	High
107	23.82.141.185	-	-	High
108	23.83.133.1	v327.er01.dal.ubiquity.io	-	High
109	23.83.133.13	-	-	High
110	23.83.133.182	-	-	High
111	23.83.133.215	-	-	High
112	23.83.133.216	-	-	High
113	23.83.134.110	-	-	High
114	23.83.134.133	-	-	High
115	23.83.134.136	-	-	High
116	23.88.117.246	static.246.117.88.23.clients.your-server.de	-	High
117	23.106.124.23	-	-	High
118	23.106.124.154	-	-	High
119	23.106.160.33	-	-	High
120	23.106.160.39	-	-	High
121	23.106.160.40	-	-	High
122	23.106.160.52	-	-	High
123	23.106.160.82	-	-	High
124	23.106.160.112	-	-	High
125	23.106.160.117	-	-	High
126	23.106.160.120	-	-	High
127	23.106.160.137	-	-	High
128	23.106.160.141	-	-	High
129	23.106.215.45	-	-	High
130	23.106.215.60	-	-	High
131	23.106.215.82	-	-	High
132	23.106.215.123	-	-	High
133	23.106.215.133	-	-	High
134	23.106.215.141	-	-	High
135	23.106.215.165	zootech.click	-	High
136	23.106.215.225	-	-	High
137	23.106.215.230	-	-	High
138	23.106.215.233	-	-	High
139	23.106.223.1	-	-	High
140	23.106.223.14	-	-	High
141	23.106.223.130	-	-	High
142	23.106.223.144	-	-	High
143	23.106.223.182	-	-	High
144	23.106.223.197	-	-	High
145	23.106.223.209	-	-	High
146	23.106.223.219	-	-	High
147	23.106.223.222	-	-	High
148	23.108.57.5	-	-	High
149	23.108.57.13	-	-	High
150	23.108.57.29	-	-	High
151	23.108.57.57	tuks.net	-	High
152	23.108.57.59	-	-	High
153	23.108.57.65	-	-	High
154	23.108.57.66	-	-	High
155	23.108.57.79	-	-	High
156	23.108.57.87	-	-	High
157	23.108.57.161	-	-	High
158	23.108.57.200	-	-	High
159	23.108.57.201	-	-	High
160	23.108.57.250	-	-	High
161	23.136.208.76	-	-	High
162	23.227.198.195	multiatom.com	-	High
163	23.227.198.217	23-227-198-217.static.hvvc.us	-	High
164	23.227.198.241	23-227-198-241.static.hvvc.us	-	High
165	23.227.202.179	trackvous.com	-	High
166	23.227.203.120	23-227-203-120.static.hvvc.us	-	High
167	23.229.117.229	-	-	High
168	23.254.142.159	client-23-254-142-159.hostwindsdns.com	-	High
169	23.254.161.46	hwsrv-1063022.hostwindsdns.com	-	High
170	23.254.167.63	hwsrv-1063920.hostwindsdns.com	-	High
171	23.254.167.143	client-23-254-167-143.hostwindsdns.com	-	High
172	23.254.201.97	hwsrv-974106.hostwindsdns.com	-	High
173	23.254.202.59	hwsrv-987701.hostwindsdns.com	-	High
174	23.254.204.109	client-23-254-204-109.hostwindsdns.com	-	High
175	23.254.204.210	hwsrv-1046249.hostwindsdns.com	-	High
176	23.254.217.20	hwsrv-984041.hostwindsdns.com	-	High
177	23.254.217.222	hwsrv-976272.hostwindsdns.com	-	High
178	23.254.224.200	hwsrv-1001143.hostwindsdns.com	-	High
179	23.254.225.130	hwsrv-1067630.hostwindsdns.com	-	High
180	23.254.225.249	client-23-254-225-249.hostwindsdns.com	-	High
181	23.254.227.53	hwsrv-1057942.hostwindsdns.com	-	High
182	23.254.227.144	hwsrv-982332.hostwindsdns.com	-	High
183	23.254.229.131	ruth.gobuddy.info	-	High
184	23.254.229.210	tigern.throwbackdinos.com	-	High
185	23.254.247.48	hwsrv-1063028.hostwindsdns.com	-	High
186	24.4.68.32	c-24-4-68-32.hsd1.ca.comcast.net	-	High
187	24.57.185.167	d24-57-185-167.home.cgocable.net	-	High
188	24.121.25.160	24-121-25-160.sdoncmtk01.com.dyn.suddenlink.net	-	High
189	24.183.132.242	024-183-132-242.res.spectrum.com	-	High
190	25.5.198.104	-	-	High
191	25.131.252.242	-	-	High
192	25.169.42.242	-	-	High
193	25.170.215.18	-	-	High
194	25.181.64.39	-	-	High
195	26.6.83.53	-	-	High
196	27.31.180.123	-	-	High
197	28.11.143.222	-	-	High
198	28.23.200.103	-	-	High
199	28.53.120.108	-	-	High
200	28.107.38.196	-	-	High
201	28.148.236.16	-	-	High
202	28.183.174.200	-	-	High
203	29.15.120.102	-	-	High
204	29.64.0.111	-	-	High
205	29.122.243.158	-	-	High
206	29.203.98.166	-	-	High
207	30.17.4.146	-	-	High
208	30.65.48.152	-	-	High
209	30.140.193.246	-	-	High
210	30.205.76.70	-	-	High
211	30.225.24.243	-	-	High
212	31.135.71.34	-	-	High
213	31.228.253.114	-	-	High
214	31.232.16.192	-	-	High
215	32.54.188.44	-	-	High
216	32.181.245.23	-	-	High
217	33.93.97.183	-	-	High
218	33.145.184.132	-	-	High
219	33.191.119.32	-	-	High
220	34.1.180.202	-	-	High
221	34.2.221.48	-	-	High
222	34.34.152.166	166.152.34.34.bc.googleusercontent.com	-	Medium
223	34.119.95.6	6.95.119.34.bc.googleusercontent.com	-	Medium
224	34.229.154.31	ec2-34-229-154-31.compute-1.amazonaws.com	-	Medium
225	35.120.155.220	-	-	High
226	36.110.58.103	103.58.110.36.static.bjtelecom.net	-	High
227	36.150.76.13	-	-	High
228	36.201.196.202	-	-	High
229	37.1.214.72	-	-	High
230	37.1.214.229	-	-	High
231	37.28.155.36	d155036.artnet.gda.pl	-	High
232	37.28.156.24	d156024.artnet.gda.pl	-	High
233	37.28.157.29	d157029.artnet.gda.pl	-	High
234	37.42.62.77	-	-	High
235	37.64.220.2	2.220.64.37.rev.sfr.net	-	High
236	37.72.174.9	emailmail.org.uk	-	High
237	37.72.174.23	37-72-174-23.static.hvvc.us	-	High
238	37.120.198.248	-	-	High
239	37.189.74.5	bl28-74-5.dsl.telepac.pt	-	High
240	37.221.67.104	host001	-	High
241	37.221.67.122	finese	-	High
242	38.12.57.131	-	-	High
243	38.48.147.152	-	-	High
244	38.180.4.165	-	-	High
245	38.180.25.71	-	-	High
246	38.180.25.111	-	-	High
247	39.57.152.217	-	-	High
248	40.47.149.113	-	-	High
249	40.72.17.141	-	-	High
250	41.7.15.180	vc-cpt-41-7-15-180.umts.vodacom.co.za	-	High
251	41.15.71.157	vc-gp-n-41-15-71-157.umts.vodacom.co.za	-	High
252	41.28.188.77	vc-gp-s-41-28-188-77.umts.vodacom.co.za	-	High
253	41.56.181.200	-	-	High
254	41.70.42.112	-	-	High
255	42.63.100.82	-	-	High
256	42.104.196.184	-	-	High
257	42.179.23.39	-	-	High
258	43.184.255.110	-	-	High
259	44.94.75.93	-	-	High
260	44.224.48.159	ec2-44-224-48-159.us-west-2.compute.amazonaws.com	-	Medium
261	45.3.236.177	045-003-236-177.biz.spectrum.com	-	High
262	45.11.19.70	-	-	High
263	45.11.19.86	-	-	High
264	45.11.19.208	-	-	High
265	45.11.19.224	-	-	High
266	45.11.19.252	-	-	High
267	45.32.37.109	45.32.37.109.vultrusercontent.com	-	High
268	45.61.184.8	mail.oelke.tec.br	-	High
269	45.61.184.24	-	-	High
270	45.61.184.227	MiamiTorNew1.Quetzalcoatl-relays.org	-	High
271	45.61.185.65	exitrelay40.medvideos-tor.org	-	High
272	45.61.185.227	-	-	High
273	45.61.186.18	-	-	High
274	45.61.186.51	-	-	High
275	45.61.187.10	45-61-187-10.ger.priv.allsafevpn.com	-	High
276	45.61.187.40	-	-	High
277	45.61.187.123	smtp20.shbgura.xyz	-	High
278	45.61.187.160	-	-	High
279	45.61.187.170	-	-	High
280	45.61.187.204	-	-	High
281	45.61.187.225	-	-	High
282	45.66.151.59	-	-	High
283	45.66.151.142	-	-	High
284	45.66.151.150	-	-	High
285	45.66.151.151	-	-	High
286	45.66.151.155	-	-	High
287	45.66.151.193	-	-	High
288	45.66.248.61	parts861.simplestartvideos.com	-	High
289	45.66.248.64	0n3reye0i0.alyanova.com	-	High
290	45.66.248.156	-	-	High
291	45.66.248.216	spam.lastmer.xyz	-	High
292	45.67.231.123	mihome.ru	-	High
293	45.67.231.151	vm1197030.stark-industries.solutions	-	High
294	45.84.0.13	vm523902.stark-industries.solutions	-	High
295	45.84.240.87	-	-	High
296	45.132.180.49	-	-	High
297	45.138.172.22	-	-	High
298	45.138.172.246	-	-	High
299	45.140.146.30	vm542320.stark-industries.solutions	-	High
300	45.140.146.244	-	-	High
301	45.141.58.37	-	-	High
302	45.141.58.139	galorebase.com	-	High
303	45.142.214.120	vm516885.stark-industries.solutions	-	High
304	45.142.214.167	-	-	High
305	45.147.229.23	-	-	High
306	45.147.229.47	-	-	High
307	45.147.229.50	-	-	High
308	45.147.229.101	-	-	High
309	45.147.229.177	-	-	High
310	45.147.229.199	-	-	High
311	45.147.229.223	-	-	High
312	45.147.230.179	-	-	High
313	45.147.230.233	-	-	High
314	45.147.230.245	poppuworls.club	-	High
315	45.147.231.107	-	-	High
316	45.147.231.156	-	-	High
317	45.147.231.202	-	-	High
318	45.147.231.232	-	-	High
319	45.150.67.154	vm1326648.stark-industries.solutions	-	High
320	45.153.240.56	-	-	High
321	45.153.240.94	-	-	High
322	45.153.240.139	-	-	High
323	45.153.240.155	-	-	High
324	45.153.241.19	-	-	High
325	45.153.241.64	-	-	High
326	45.153.241.120	-	-	High
327	45.153.241.187	-	-	High
328	45.153.241.209	-	-	High
329	45.153.241.234	-	-	High
330	45.153.241.245	-	-	High
331	45.153.242.61	-	-	High
332	45.153.242.100	-	-	High
333	45.153.242.105	-	-	High
334	45.153.242.183	-	-	High
335	45.153.242.184	-	-	High
336	45.153.242.242	-	-	High
337	45.153.243.82	-	-	High
338	45.153.243.93	-	-	High
339	45.153.243.111	-	-	High
340	45.153.243.126	-	-	High
341	45.153.243.130	-	-	High
342	45.153.243.222	-	-	High
343	46.21.153.145	145.153.21.46.static.swiftway.net	-	High
344	46.21.153.157	157.153.21.46.static.swiftway.net	-	High
345	46.21.153.246	246.153.21.46.static.swiftway.net	-	High
346	46.44.240.53	46-44-240-53.ip.welcomeitalia.it	-	High
347	46.142.186.28	28-186-142-46.pool.kielnet.net	-	High
348	46.142.187.27	27-187-142-46.pool.kielnet.net	-	High
349	...	...	...	...

There are 1393 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by BumbleBee. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Weakness	Description	Confidence
1	T1006	CWE-22, CWE-23, CWE-24, CWE-29, CWE-425	Pathname Traversal	High
2	T1040	CWE-319	Authentication Bypass by Capture-replay	High
3	T1055	CWE-74	Injection	High
4	T1059	CWE-88, CWE-94	Cross Site Scripting	High
5	...	...	...	...

There are 15 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BumbleBee. This data is unique as it uses our predictive model for actor profiling.

ID	Type	Indicator	Confidence
1	File	`/admin/?page=user/list`	High
2	File	`/admin/addproduct.php`	High
3	File	`/admin/ajax.php?action=save_area`	High
4	File	`/admin/contacts/organizations/edit/2`	High
5	File	`/admin/edit_subject.php`	High
6	File	`/admin/modal_add_product.php`	High
7	File	`/admin/reportupload.aspx`	High
8	File	`/admin/update_s6.php`	High
9	File	`/ajax.php?action=read_msg`	High
10	File	`/ajax.php?action=save_company`	High
11	File	`/Applications/Google\ Drive.app/Contents/MacOS`	High
12	File	`/bin/ate`	Medium
13	File	`/bin/login`	Medium
14	File	`/cgi-bin/wlogin.cgi`	High
15	File	`/changeimage.php`	High
16	File	`/classes/Master.php?f=delete_category`	High
17	File	`/classes/Users.php?f=save`	High
18	File	`/debug/pprof`	Medium
19	File	`/DXR.axd`	Medium
20	File	`/forum/away.php`	High
21	File	`/HNAP1`	Low
22	File	`/news/*.html`	Medium
23	File	`/note/index/delete`	High
24	File	`/owa/auth/logon.aspx`	High
25	File	`/tmp/boa-temp`	High
26	...	...	...

There are 219 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence: