cyber_threat_intelligence/campaigns/Wilted Tulip
2022-06-14 10:04:31 +02:00
..
README.md Update 2022-06-14 10:04:31 +02:00

Wilted Tulip - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the campaign known as Wilted Tulip. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Wilted Tulip:

There are 9 more country items available. Please use our online service to access the data.

Actors

These actors are associated with Wilted Tulip or other actors linked to the campaign.

ID Actor Confidence
1 CopyKittens High

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Wilted Tulip.

ID IP address Hostname Actor Confidence
1 5.34.180.252 vds-uuallex-113169.hosted-by-itldc.com CopyKittens High
2 5.34.181.13 backups231.com CopyKittens High
3 31.192.105.16 down-it-niscat.cosmeticdentistwellesley.com CopyKittens High
4 31.192.105.17 - CopyKittens High
5 31.192.105.28 - CopyKittens High
6 38.130.75.20 h20-us75.fcsrv.net CopyKittens High
7 51.254.76.54 - CopyKittens High
8 62.109.2.52 ns.leangroup.ru CopyKittens High
9 66.55.152.164 66-55-152-164.choopa.net CopyKittens High
10 68.232.180.122 68-232-180-122.choopa.net CopyKittens High
11 80.179.42.37 80.179.42.37.forward.012.net.il CopyKittens High
12 93.190.138.137 93-190-138-137.hosted-by-worldstream.net CopyKittens High
13 104.200.128.48 - CopyKittens High
14 104.200.128.58 - CopyKittens High
15 ... ... ... ...

There are 57 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used within Wilted Tulip. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1040 CWE-294 Authentication Bypass by Capture-replay High
2 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
3 T1068 CWE-250, CWE-264, CWE-274, CWE-284 Execution with Unnecessary Privileges High
4 ... ... ... ...

There are 8 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during Wilted Tulip. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /?module=fileman&section=get&page=grid High
2 File /admin.php/singer/admin/singer/hy High
3 File /admin.php/vod/admin/topic/del High
4 File /admin/edit.php High
5 File /admin/modules/system/custom_field.php High
6 File /admin/new-content High
7 File /admin/weixin.php High
8 File /alerts/alertLightbox.php High
9 File /api /v3/auth High
10 File /apps/acs-commons/content/page-compare.html High
11 File /base/SysEveMenuAuthPointMapper.xml High
12 File /bcms/admin/courts/manage_court.php High
13 File /bcms/classes/Master.php?f=save_court_rental High
14 File /car-rental-management-system/admin/manage_booking.php High
15 File /classes/Users.php?f=save High
16 File /cloud_config/router_post/upgrade_info High
17 File /cms/classes/Master.php?f=delete_client High
18 File /config Low
19 File /defaultui/player/modern.html High
20 File /gaia-job-admin/user/add High
21 File /goform/aspForm High
22 File /goform/login_process High
23 File /goform/SetInternetLanInfo High
24 File /goform/setNetworkLan High
25 File /goform/setPicListItem High
26 File /goform/SetSysTimeCfg High
27 File /html/Solar_Ftp.php High
28 File /lists/admin/ High
29 File /mngset/authset High
30 File /mtms/admin/?page=transaction/send High
31 File /ok_png.c Medium
32 File /one_church/userregister.php High
33 ... ... ...

There are 284 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the campaign and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!