Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-07-05 18:01:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
2d4f99a727
cyber_threat_intelligence/actors/Latvia Unknown/README.md
Marc Ruef 2d4f99a727 Update February 2023
2023-02-20 20:18:09 +01:00

14 KiB
Raw Blame History

Latvia Unknown - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Latvia Unknown. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.latvia_unknown

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Latvia Unknown:

There are 21 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Latvia Unknown.

ID IP address Hostname Campaign Confidence
1 2.58.16.0 - - High
2 5.44.216.0 subnet.camelhost.lv - High
3 5.45.44.0 - - High
4 5.62.60.212 r-212-60-62-5.consumer-pool.prcdn.net - High
5 5.62.62.204 r-204-62-62-5.consumer-pool.prcdn.net - High
6 5.62.154.0 - - High
7 5.101.220.128 - - High
8 5.152.224.0 - - High
9 5.179.0.0 - - High
10 5.180.45.0 0.45-180-5.rdns.scalabledns.com - High
11 8.40.29.0 - - High
12 31.6.23.0 - - High
13 31.24.192.0 - - High
14 31.42.80.0 - - High
15 31.170.16.0 - - High
16 37.148.168.0 - - High
17 37.203.32.0 rev-37-203-32-0.deac.net - High
18 37.209.160.0 - - High
19 45.12.70.136 vm0-static.alltieinc.com - High
20 45.12.71.136 - - High
21 45.13.96.0 - - High
22 45.65.124.0 45-65-124-0.kvantanetas.com - High
23 45.80.42.1 - - High
24 45.80.52.0 - - High
25 45.128.44.0 - - High
26 45.130.148.0 - - High
27 46.19.144.0 - - High
28 46.19.200.0 - - High
29 46.23.32.0 - - High
30 46.28.56.0 - - High
31 46.109.0.0 - - High
32 46.183.216.0 - - High
33 57.87.144.0 - - High
34 62.63.128.0 - - High
35 62.84.0.0 - - High
36 62.85.0.0 - - High
37 62.122.16.0 - - High
38 62.128.107.0 - - High
39 62.205.192.0 - - High
40 64.64.105.120 - - High
41 77.38.128.0 r0-128-38-77-broadband.btv.lv - High
42 77.93.0.0 balticom-0-0.balticom.lv - High
43 77.219.0.0 m77-219-0-0.cust.tele2.lv - High
44 77.240.244.0 77-240-244-0.csc.lv - High
45 77.241.160.0 - - High
46 78.28.192.0 - - High
47 78.84.0.0 - - High
48 78.154.128.0 - - High
49 79.132.64.0 r0-64-132-79-broadband.btv.lv - High
50 79.135.128.0 0.128.135.79.microlines.lv - High
51 80.70.16.0 - - High
52 80.81.32.0 - - High
53 80.89.72.0 host-80-89-72-0.lmt.lv - High
54 80.90.0.0 ip-80-90-0-0.ax5z.com - High
55 80.232.128.0 - - High
56 80.233.128.0 - - High
57 80.246.31.0 - - High
58 80.250.48.0 - - High
59 80.254.208.0 r0-208-254-80-broadband.btv.lv - High
60 80.255.224.0 - - High
61 81.31.196.0 - - High
62 81.92.27.248 - - High
63 81.94.224.0 rev-81-94-224-0.deac.net - High
64 81.163.72.0 - - High
65 81.198.0.0 - - High
66 82.193.64.0 balticom-64-0.balticom.lv - High
67 83.99.128.0 balticom-128-0.balticom.lv - High
68 83.136.136.0 - - High
69 83.176.130.0 m83-176-130-0.cust.tele2.hr - High
70 83.176.148.0 m83-176-148-0.cust.tele2.hr - High
71 83.176.152.0 m83-176-152-0.cust.tele2.hr - High
72 83.177.128.0 m83-177-128-0.cust.tele2.lv - High
73 83.177.168.0 s83-177-168-0.cust.comviq.se - High
74 83.177.176.1 s83-177-176-1.cust.comviq.se - High
75 83.177.176.2 s83-177-176-2.cust.comviq.se - High
76 83.177.176.4 s83-177-176-4.cust.comviq.se - High
77 83.177.176.8 s83-177-176-8.cust.comviq.se - High
78 83.177.176.16 s83-177-176-16.cust.comviq.se - High
79 83.177.176.32 s83-177-176-32.cust.comviq.se - High
80 83.177.176.64 s83-177-176-64.cust.comviq.se - High
81 83.177.176.128 s83-177-176-128.cust.comviq.se - High
82 83.177.177.0 s83-177-177-0.cust.comviq.se - High
83 83.177.178.0 s83-177-178-0.cust.comviq.se - High
84 83.177.180.0 s83-177-180-0.cust.comviq.se - High
85 83.177.184.0 s83-177-184-0.cust.comviq.se - High
86 83.177.188.0 s83-177-188-0.cust.comviq.se - High
87 83.177.188.128 s83-177-188-128.cust.comviq.se - High
88 83.177.188.160 s83-177-188-160.cust.comviq.se - High
89 83.177.188.162 s83-177-188-162.cust.comviq.se - High
90 83.177.188.164 s83-177-188-164.cust.comviq.se - High
91 83.177.188.168 s83-177-188-168.cust.comviq.se - High
92 83.177.188.176 s83-177-188-176.cust.comviq.se - High
93 83.177.188.192 s83-177-188-192.cust.comviq.se - High
94 83.177.189.0 s83-177-189-0.cust.comviq.se - High
95 83.177.190.0 s83-177-190-0.cust.comviq.se - High
96 83.178.188.0 - - High
97 83.178.206.0 - - High
98 83.178.228.0 - - High
99 83.187.152.0 - - High
100 ... ... ... ...

There are 396 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Latvia Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22 Pathname Traversal High
2 T1040 CWE-294 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-88, CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 19 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Latvia Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .github/workflows/combine-prs.yml High
2 File .htaccess Medium
3 File /Admin/add-student.php High
4 File /admin/api/admin/articles/ High
5 File /admin/conferences/list/ High
6 File /admin/edit_admin_details.php?id=admin High
7 File /admin/generalsettings.php High
8 File /Admin/login.php High
9 File /admin/payment.php High
10 File /admin/reports.php High
11 File /admin/showbad.php High
12 File /adms/admin/?page=vehicles/sell_vehicle High
13 File /adms/admin/?page=vehicles/view_transaction High
14 File /apilog.php Medium
15 File /bin/httpd Medium
16 File /cgi-bin/wlogin.cgi High
17 File /connectors/index.php High
18 File /dev/block/mmcblk0rpmb High
19 File /DocSystem/Repos/getReposAllUsers.do High
20 File /face-recognition-php/facepay-master/camera.php High
21 File /forum/away.php High
22 File /fos/admin/ajax.php?action=login High
23 File /fos/admin/index.php?page=menu High
24 File /home/masterConsole High
25 File /home/sendBroadcast High
26 File /hrm/employeeadd.php High
27 File /hrm/employeeview.php High
28 File /index.php Medium
29 File /Items/*/RemoteImages/Download High
30 File /items/view_item.php High
31 File /jsoa/hntdCustomDesktopActionContent High
32 File /lookin/info Medium
33 File /MagickCore/image.c High
34 File /manager/index.php High
35 File /medical/inventories.php High
36 File /modules/profile/index.php High
37 File /modules/projects/vw_files.php High
38 File /modules/public/calendar.php High
39 File /newsDia.php Medium
40 File /out.php Medium
41 File /proxy Low
42 File /public/launchNewWindow.jsp High
43 File /Redcock-Farm/farm/category.php High
44 File /reports/rwservlet High
45 File /sacco_shield/manage_user.php High
46 File /spip.php Medium
47 File /sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072 High
48 File /staff/bookdetails.php High
49 File /TeleoptiWFM/Administration/GetOneTenant High
50 File /uncpath/ Medium
51 File /user/update_booking.php High
52 File /WEB-INF/web.xml High
53 File /Wedding-Management-PHP/admin/photos_add.php High
54 File /wireless/security.asp High
55 File /wordpress/wp-admin/options-general.php High
56 File /wp-content/plugins/woocommerce/templates/emails/plain/ High
57 File 01article.php High
58 File AbstractScheduleJob.java High
59 File actionphp/download.File.php High
60 File AdClass.php Medium
61 ... ... ...

There are 534 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!