Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-28 18:03:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
2d4f99a727
cyber_threat_intelligence/actors/Denmark Unknown
History
Marc Ruef 3899a47ea9 Update January 2023
2023-01-30 13:54:37 +01:00
..
README.md Update January 2023 2023-01-30 13:54:37 +01:00

README.md

Denmark Unknown - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Denmark Unknown. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.denmark_unknown

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Denmark Unknown:

There are 21 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Denmark Unknown.

ID IP address Hostname Campaign Confidence
1 2.23.172.4 a2-23-172-4.deploy.static.akamaitechnologies.com - High
2 2.23.172.12 a2-23-172-12.deploy.static.akamaitechnologies.com - High
3 2.23.172.20 a2-23-172-20.deploy.static.akamaitechnologies.com - High
4 2.23.172.28 a2-23-172-28.deploy.static.akamaitechnologies.com - High
5 2.23.172.36 a2-23-172-36.deploy.static.akamaitechnologies.com - High
6 2.23.172.44 a2-23-172-44.deploy.static.akamaitechnologies.com - High
7 2.23.172.52 a2-23-172-52.deploy.static.akamaitechnologies.com - High
8 2.23.172.60 a2-23-172-60.deploy.static.akamaitechnologies.com - High
9 2.23.172.68 a2-23-172-68.deploy.static.akamaitechnologies.com - High
10 2.23.172.76 a2-23-172-76.deploy.static.akamaitechnologies.com - High
11 2.23.172.84 a2-23-172-84.deploy.static.akamaitechnologies.com - High
12 2.23.172.92 a2-23-172-92.deploy.static.akamaitechnologies.com - High
13 2.23.172.100 a2-23-172-100.deploy.static.akamaitechnologies.com - High
14 2.23.172.108 a2-23-172-108.deploy.static.akamaitechnologies.com - High
15 2.23.172.116 a2-23-172-116.deploy.static.akamaitechnologies.com - High
16 2.23.172.124 a2-23-172-124.deploy.static.akamaitechnologies.com - High
17 2.23.172.132 a2-23-172-132.deploy.static.akamaitechnologies.com - High
18 2.23.172.140 a2-23-172-140.deploy.static.akamaitechnologies.com - High
19 2.23.172.148 a2-23-172-148.deploy.static.akamaitechnologies.com - High
20 2.23.172.156 a2-23-172-156.deploy.static.akamaitechnologies.com - High
21 2.23.172.164 a2-23-172-164.deploy.static.akamaitechnologies.com - High
22 2.23.172.172 a2-23-172-172.deploy.static.akamaitechnologies.com - High
23 2.23.172.180 a2-23-172-180.deploy.static.akamaitechnologies.com - High
24 2.23.172.188 a2-23-172-188.deploy.static.akamaitechnologies.com - High
25 2.56.0.0 - - High
26 2.58.46.0 - - High
27 2.59.180.0 - - High
28 2.59.184.0 - - High
29 2.104.0.0 - - High
30 2.128.0.0 - - High
31 5.23.18.32 - - High
32 5.33.0.0 - - High
33 5.44.136.0 - - High
34 5.56.144.0 - - High
35 5.57.48.0 - - High
36 5.83.24.0 - - High
37 5.103.0.0 loop-5-103-0-0.fibianet.dk - High
38 5.157.10.0 - - High
39 5.179.80.0 - - High
40 5.180.4.0 - - High
41 5.181.152.0 - - High
42 5.182.128.0 - - High
43 5.183.160.0 - - High
44 5.186.0.0 - - High
45 5.206.192.0 5CEC000.rev.sefiber.dk - High
46 5.254.168.0 - - High
47 8.43.224.0 - - High
48 17.67.116.0 - - High
49 17.72.98.0 - - High
50 17.72.110.0 - - High
51 17.77.184.0 - - High
52 17.253.106.0 - - High
53 20.138.16.0 - - High
54 20.138.19.0 - - High
55 20.138.20.0 - - High
56 23.65.29.84 a23-65-29-84.deploy.static.akamaitechnologies.com - High
57 23.65.29.88 a23-65-29-88.deploy.static.akamaitechnologies.com - High
58 23.65.29.96 a23-65-29-96.deploy.static.akamaitechnologies.com - High
59 23.65.29.104 a23-65-29-104.deploy.static.akamaitechnologies.com - High
60 23.65.29.108 a23-65-29-108.deploy.static.akamaitechnologies.com - High
61 31.3.72.0 - - High
62 31.6.31.0 - - High
63 31.6.50.0 - - High
64 31.25.16.0 - - High
65 31.31.80.0 - - High
66 31.185.64.0 1FB94000.rev.sefiber.dk - High
67 31.193.184.0 - - High
68 31.193.232.0 - - High
69 31.208.35.250 31-208-35-250.cust.bredband2.com - High
70 31.208.158.0 31-208-158-0.cust.bredband2.com - High
71 32.42.24.0 - - High
72 32.42.24.128 - - High
73 32.42.24.160 - - High
74 32.42.24.184 - - High
75 32.42.24.192 - - High
76 32.42.25.0 - - High
77 32.42.25.128 - - High
78 32.42.25.144 - - High
79 32.42.26.0 - - High
80 32.42.28.0 - - High
81 32.42.29.0 - - High
82 32.42.29.160 - - High
83 32.42.29.200 - - High
84 32.42.29.208 - - High
85 32.42.29.224 - - High
86 32.42.30.0 - - High
87 34.99.66.0 0.66.99.34.bc.googleusercontent.com - Medium
88 34.99.74.0 0.74.99.34.bc.googleusercontent.com - Medium
89 34.103.58.0 0.58.103.34.bc.googleusercontent.com - Medium
90 37.18.216.0 - - High
91 37.28.136.0 - - High
92 37.28.144.0 - - High
93 37.35.96.0 - - High
94 37.44.248.0 - - High
95 37.49.128.0 - - High
96 37.59.82.60 ip60.ip-37-59-82.eu - High
97 37.60.164.0 - - High
98 37.60.166.0 - - High
99 37.60.167.16 - - High
100 37.60.167.32 - - High
101 37.60.167.176 - - High
102 37.60.167.192 - - High
103 37.60.167.240 - - High
104 37.75.160.0 - - High
105 37.96.0.0 - - High
106 37.97.0.0 37.97.0.0.dynamic.altibox.net - High
107 37.120.131.0 - - High
108 37.120.145.0 - - High
109 37.120.194.0 - - High
110 37.122.240.0 - - High
111 37.128.208.0 2580D000.rev.sefiber.dk - High
112 37.157.0.0 - - High
113 37.205.120.0 - - High
114 37.230.180.0 - - High
115 45.8.71.0 - - High
116 45.11.240.0 - - High
117 45.12.36.0 - - High
118 45.12.70.59 by-insertion.get-eye.com - High
119 45.12.71.59 - - High
120 45.12.156.0 - - High
121 45.12.221.0 - - High
122 45.13.240.0 - - High
123 45.14.140.0 - - High
124 45.15.4.0 - - High
125 45.65.88.0 - - High
126 45.67.92.0 - - High
127 45.80.40.0 - - High
128 45.80.42.0 - - High
129 45.80.42.2 - - High
130 45.80.42.4 - - High
131 45.80.42.8 - - High
132 45.80.42.16 - - High
133 45.80.42.32 - - High
134 45.80.42.64 - - High
135 45.80.42.128 - - High
136 45.80.43.0 - - High
137 45.80.92.0 - - High
138 45.92.244.0 - - High
139 45.95.88.0 - - High
140 45.128.20.0 - - High
141 45.129.212.0 - - High
142 45.132.188.0 - - High
143 45.133.164.0 - - High
144 45.134.149.0 - - High
145 45.135.64.0 static-45-135-64-0.mywebcity.dk - High
146 45.136.36.0 - - High
147 45.137.240.0 cli-2d89f000.wholesale.adamo.es - High
148 45.145.92.0 - - High
149 45.149.136.0 - - High
150 45.156.8.0 - - High
151 45.156.144.0 - - High
152 45.157.164.0 - - High
153 45.158.208.0 - - High
154 45.159.112.0 - - High
155 45.159.121.0 - - High
156 46.19.248.0 - - High
157 46.21.32.0 ten5-2.asr01.r03.bbal01.fibianet.dk - High
158 46.30.120.0 - - High
159 46.30.208.0 - - High
160 46.31.16.0 - - High
161 46.32.32.0 2E202000.rev.sefiber.dk - High
162 46.32.128.0 - - High
163 46.36.202.196 - - High
164 46.36.202.200 - - High
165 46.36.204.0 sw22.net.dk1.zitcom.dk - High
166 46.36.208.0 ztud-frontend-proxy02.zitcom.dk - High
167 46.183.136.0 - - High
168 46.233.72.128 - - High
169 46.246.106.0 - - High
170 57.86.64.0 - - High
171 62.12.32.0 - - High
172 62.12.33.0 - - High
173 62.12.33.16 - - High
174 62.12.33.32 - - High
175 62.12.33.88 - - High
176 62.12.33.96 - - High
177 62.12.33.136 - - High
178 62.12.33.144 - - High
179 62.12.33.160 - - High
180 62.12.33.192 - - High
181 62.12.34.0 - - High
182 62.12.34.16 - - High
183 62.12.34.32 - - High
184 62.12.34.64 - - High
185 62.12.34.88 - - High
186 62.12.34.152 - - High
187 62.12.34.168 - - High
188 62.12.34.216 - - High
189 62.12.34.232 - - High
190 62.12.34.240 - - High
191 62.12.35.128 - - High
192 62.12.36.0 - - High
193 62.12.36.24 - - High
194 62.12.36.32 - - High
195 62.12.36.48 - - High
196 62.12.36.88 - - High
197 62.12.36.96 - - High
198 62.12.36.112 - - High
199 62.12.36.128 - - High
200 62.12.37.0 - - High
201 62.12.38.0 - - High
202 62.12.40.0 - - High
203 62.12.40.64 - - High
204 62.12.40.96 - - High
205 62.12.40.112 - - High
206 62.12.40.128 - - High
207 62.12.40.140 - - High
208 62.12.40.144 - - High
209 62.12.40.156 - - High
210 62.12.40.160 - - High
211 62.12.40.192 - - High
212 62.12.41.0 - - High
213 62.12.42.0 - - High
214 62.12.44.0 - - High
215 62.12.48.0 - - High
216 62.44.128.0 - - High
217 62.61.128.0 62.61.128.0.dk-tv.net - High
218 62.66.0.0 - - High
219 62.69.152.0 - - High
220 62.79.0.0 - - High
221 62.93.134.0 - - High
222 62.107.0.0 - - High
223 62.116.192.0 - - High
224 62.121.160.0 - - High
225 62.122.160.0 - - High
226 62.135.128.0 - - High
227 62.182.168.0 - - High
228 62.182.248.0 - - High
229 62.184.64.0 - - High
230 62.184.70.0 - - High
231 62.185.198.0 - - High
232 62.185.220.0 - - High
233 62.185.229.0 - - High
234 62.185.231.0 - - High
235 62.186.220.0 - - High
236 62.186.221.0 - - High
237 62.186.221.32 - - High
238 62.186.221.48 - - High
239 62.186.221.64 - - High
240 62.186.221.128 - - High
241 62.187.224.0 - - High
242 62.187.224.128 - - High
243 62.187.224.192 - - High
244 62.187.224.240 - - High
245 62.187.225.0 - - High
246 62.187.225.64 - - High
247 62.192.160.0 - - High
248 62.198.0.0 0x3ec60000.ejb.customer.dk.telia.net - High
249 62.242.0.0 - - High
250 74.125.60.184 - - High
251 74.125.61.48 - - High
252 77.33.0.0 77.33.0.0.dhcp.fibianet.dk - High
253 77.66.0.0 - - High
254 77.67.54.160 - - High
255 77.68.128.0 - - High
256 77.72.48.0 - - High
257 77.75.80.0 - - High
258 77.75.160.0 77.75.160.0.customers.telelet.dk - High
259 77.83.76.0 - - High
260 77.111.240.0 webcluster1.webpod9-cph3.one.com - High
261 77.212.0.0 - - High
262 77.221.224.0 - - High
263 77.233.224.0 - - High
264 77.234.160.0 77-234-160-0.cirque.dk - High
265 77.241.64.0 - - High
266 77.241.128.0 77.241.128.0.mobile.3.dk - High
267 77.243.32.0 - - High
268 77.243.128.0 - - High
269 77.247.64.0 - - High
270 78.31.32.0 0-32-31-78.ptr.skagen-net.dk - High
271 78.31.206.0 - - High
272 78.69.180.0 - - High
273 78.109.208.0 - - High
274 78.111.160.0 - - High
275 78.143.64.0 78.143.64.0.static.fibianet.dk - High
276 78.153.160.0 - - High
277 78.156.96.0 - - High
278 78.156.192.0 - - High
279 78.157.96.0 4E9D6000.rev.sefiber.dk - High
280 79.98.192.0 79.98.192.0.customers.telelet.dk - High
281 79.138.144.0 79.138.144.0.mobile.tre.se - High
282 79.138.168.0 79.138.168.0.mobile.tre.se - High
283 79.138.176.0 - - High
284 79.142.224.0 - - High
285 79.170.128.0 - - High
286 79.171.144.0 - - High
287 79.174.4.0 - - High
288 79.174.152.0 - - High
289 80.62.0.0 80-62-0-0-static.dk.customer.tdc.net - High
290 80.70.0.0 - - High
291 80.71.64.0 - - High
292 80.71.128.0 - - High
293 80.72.144.0 - - High
294 80.77.64.0 - - High
295 80.80.0.0 - - High
296 80.82.96.0 - - High
297 80.88.128.0 - - High
298 80.88.129.0 - - High
299 80.88.129.32 - - High
300 80.88.129.128 - - High
301 80.88.130.0 - - High
302 80.88.131.0 - - High
303 80.88.131.16 - - High
304 80.88.131.32 - - High
305 80.88.131.56 - - High
306 80.88.131.136 - - High
307 80.88.131.160 - - High
308 80.88.131.192 - - High
309 80.88.131.216 - - High
310 80.88.131.232 - - High
311 80.88.131.240 - - High
312 80.88.132.0 - - High
313 80.88.132.16 - - High
314 80.88.132.32 - - High
315 80.88.132.64 - - High
316 80.88.132.88 - - High
317 80.88.132.96 - - High
318 80.88.132.120 - - High
319 80.88.132.128 - - High
320 80.88.132.168 - - High
321 80.88.132.184 - - High
322 80.88.132.192 - - High
323 80.88.132.224 - - High
324 80.88.133.0 - - High
325 80.88.133.128 - - High
326 80.88.133.152 - - High
327 80.88.133.160 - - High
328 80.88.133.192 - - High
329 80.88.133.224 - - High
330 80.88.133.240 - - High
331 80.88.134.0 - - High
332 80.88.134.64 - - High
333 80.88.134.104 - - High
334 80.88.134.112 - - High
335 80.88.134.128 - - High
336 80.88.134.160 - - High
337 80.88.134.176 - - High
338 80.88.134.192 - - High
339 80.88.135.0 - - High
340 80.88.135.32 - - High
341 80.88.135.64 - - High
342 80.88.135.136 - - High
343 80.88.135.144 - - High
344 80.88.135.160 - - High
345 80.88.135.192 - - High
346 80.88.135.240 - - High
347 80.88.136.0 - - High
348 80.88.136.72 - - High
349 80.88.136.80 - - High
350 80.88.136.96 - - High
351 80.88.136.144 - - High
352 80.88.136.160 - - High
353 80.88.136.192 - - High
354 80.88.137.0 - - High
355 80.88.137.32 - - High
356 80.88.137.48 - - High
357 80.88.137.72 - - High
358 80.88.137.80 - - High
359 80.88.137.96 - - High
360 80.88.137.128 - - High
361 80.88.137.192 - - High
362 80.88.137.232 - - High
363 80.88.137.240 - - High
364 80.88.138.0 - - High
365 80.88.138.72 - - High
366 ... ... ... ...

There are 1458 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Denmark Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-35 Pathname Traversal High
2 T1040 CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-88, CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 20 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Denmark Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .github/workflows/combine-prs.yml High
2 File // Low
3 File /dev/block/mmcblk0rpmb High
4 File /etc/shadow Medium
5 File /fos/admin/ajax.php?action=login High
6 File /fos/admin/index.php?page=menu High
7 File /index.php Medium
8 File /login/index.php High
9 File /output/outdbg.c High
10 File /output/outieee.c High
11 File /password/reset High
12 File /proxy Low
13 File /ptippage.cgi High
14 File /ptipupgrade.cgi High
15 File /reports/rwservlet High
16 File /royal_event/userregister.php High
17 File /u/username.json High
18 File /user/loader.php?api=1 High
19 File 01article.php High
20 File adclick.php Medium
21 File admin/abc.php High
22 File admin/admin/adminsave.html High
23 File admin/approve_user.php High
24 File admin/conf_users_edit.php High
25 File admin/expense_report.php High
26 File admin/forget_password.php High
27 File admin/make_payments.php High
28 File admin/manage_user.php High
29 File admin/page-login.php High
30 File admin/panels/entry/admin.entry.list.php High
31 File admin/panels/uploader/admin.uploader.php High
32 File administers Medium
33 File admin_class.php High
34 File agent/listener/templates/tail.html High
35 File ajax_invoice.php High
36 File announce.php Medium
37 File api.php Low
38 File api/?api=add_server High
39 File app.py Low
40 File app/api/songs.py High
41 File app/business/impl/ReviewServiceImpl.java High
42 File app/controllers/code_caller_controller.php High
43 File app/controllers/curupira/passwords_controller.rb High
44 File app/controllers/geopoll_controller.rb High
45 ... ... ...

There are 393 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!