mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-07-09 03:41:50 +00:00
405 lines
28 KiB
Markdown
405 lines
28 KiB
Markdown
# UNC2452 - Cyber Threat Intelligence
|
|
|
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [UNC2452](https://vuldb.com/?actor.unc2452). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
|
|
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.unc2452](https://vuldb.com/?actor.unc2452)
|
|
|
|
## Campaigns
|
|
|
|
The following _campaigns_ are known and can be associated with UNC2452:
|
|
|
|
* Sunburst
|
|
|
|
## Countries
|
|
|
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with UNC2452:
|
|
|
|
* [US](https://vuldb.com/?country.us)
|
|
* [JP](https://vuldb.com/?country.jp)
|
|
* [ES](https://vuldb.com/?country.es)
|
|
* ...
|
|
|
|
There are 17 more country items available. Please use our online service to access the data.
|
|
|
|
## IOC - Indicator of Compromise
|
|
|
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of UNC2452.
|
|
|
|
ID | IP address | Hostname | Campaign | Confidence
|
|
-- | ---------- | -------- | -------- | ----------
|
|
1 | [3.101.88.204](https://vuldb.com/?ip.3.101.88.204) | ec2-3-101-88-204.us-west-1.compute.amazonaws.com | Sunburst | Medium
|
|
2 | [5.252.177.21](https://vuldb.com/?ip.5.252.177.21) | no-rdns.mivocloud.com | - | High
|
|
3 | [5.252.177.25](https://vuldb.com/?ip.5.252.177.25) | no-rdns.mivocloud.com | - | High
|
|
4 | [8.18.144.1](https://vuldb.com/?ip.8.18.144.1) | - | Sunburst | High
|
|
5 | [8.18.144.2](https://vuldb.com/?ip.8.18.144.2) | 7201-1.va.diaperscorp.com | Sunburst | High
|
|
6 | [8.18.144.3](https://vuldb.com/?ip.8.18.144.3) | 7201-2.va.diaperscorp.com | Sunburst | High
|
|
7 | [8.18.144.8](https://vuldb.com/?ip.8.18.144.8) | 3845-1.va.diaperscorp.com | Sunburst | High
|
|
8 | [8.18.144.9](https://vuldb.com/?ip.8.18.144.9) | - | Sunburst | High
|
|
9 | [8.18.144.10](https://vuldb.com/?ip.8.18.144.10) | - | Sunburst | High
|
|
10 | [8.18.144.11](https://vuldb.com/?ip.8.18.144.11) | 3845-2.va.diaperscorp.com | Sunburst | High
|
|
11 | [8.18.144.28](https://vuldb.com/?ip.8.18.144.28) | - | Sunburst | High
|
|
12 | [8.18.144.30](https://vuldb.com/?ip.8.18.144.30) | - | Sunburst | High
|
|
13 | [8.18.144.32](https://vuldb.com/?ip.8.18.144.32) | - | Sunburst | High
|
|
14 | [8.18.144.33](https://vuldb.com/?ip.8.18.144.33) | - | Sunburst | High
|
|
15 | [8.18.144.34](https://vuldb.com/?ip.8.18.144.34) | - | Sunburst | High
|
|
16 | [8.18.144.35](https://vuldb.com/?ip.8.18.144.35) | - | Sunburst | High
|
|
17 | [8.18.144.40](https://vuldb.com/?ip.8.18.144.40) | - | Sunburst | High
|
|
18 | [8.18.144.41](https://vuldb.com/?ip.8.18.144.41) | - | Sunburst | High
|
|
19 | [8.18.144.42](https://vuldb.com/?ip.8.18.144.42) | - | Sunburst | High
|
|
20 | [8.18.144.43](https://vuldb.com/?ip.8.18.144.43) | - | Sunburst | High
|
|
21 | [8.18.144.53](https://vuldb.com/?ip.8.18.144.53) | - | Sunburst | High
|
|
22 | [8.18.144.54](https://vuldb.com/?ip.8.18.144.54) | - | Sunburst | High
|
|
23 | [8.18.144.62](https://vuldb.com/?ip.8.18.144.62) | - | Sunburst | High
|
|
24 | [8.18.144.63](https://vuldb.com/?ip.8.18.144.63) | - | Sunburst | High
|
|
25 | [8.18.144.64](https://vuldb.com/?ip.8.18.144.64) | - | Sunburst | High
|
|
26 | [8.18.144.65](https://vuldb.com/?ip.8.18.144.65) | - | Sunburst | High
|
|
27 | [8.18.144.74](https://vuldb.com/?ip.8.18.144.74) | - | Sunburst | High
|
|
28 | [8.18.144.96](https://vuldb.com/?ip.8.18.144.96) | - | Sunburst | High
|
|
29 | [8.18.144.97](https://vuldb.com/?ip.8.18.144.97) | - | Sunburst | High
|
|
30 | [8.18.144.99](https://vuldb.com/?ip.8.18.144.99) | - | Sunburst | High
|
|
31 | [8.18.144.106](https://vuldb.com/?ip.8.18.144.106) | - | Sunburst | High
|
|
32 | [8.18.144.107](https://vuldb.com/?ip.8.18.144.107) | - | Sunburst | High
|
|
33 | [8.18.144.112](https://vuldb.com/?ip.8.18.144.112) | - | Sunburst | High
|
|
34 | [8.18.144.128](https://vuldb.com/?ip.8.18.144.128) | - | Sunburst | High
|
|
35 | [8.18.144.129](https://vuldb.com/?ip.8.18.144.129) | - | Sunburst | High
|
|
36 | [8.18.144.130](https://vuldb.com/?ip.8.18.144.130) | - | Sunburst | High
|
|
37 | [8.18.144.131](https://vuldb.com/?ip.8.18.144.131) | - | Sunburst | High
|
|
38 | [8.18.144.136](https://vuldb.com/?ip.8.18.144.136) | - | Sunburst | High
|
|
39 | [8.18.144.137](https://vuldb.com/?ip.8.18.144.137) | - | Sunburst | High
|
|
40 | [8.18.144.138](https://vuldb.com/?ip.8.18.144.138) | - | Sunburst | High
|
|
41 | [8.18.144.139](https://vuldb.com/?ip.8.18.144.139) | - | Sunburst | High
|
|
42 | [8.18.144.149](https://vuldb.com/?ip.8.18.144.149) | - | Sunburst | High
|
|
43 | [8.18.144.157](https://vuldb.com/?ip.8.18.144.157) | - | Sunburst | High
|
|
44 | [8.18.144.159](https://vuldb.com/?ip.8.18.144.159) | - | Sunburst | High
|
|
45 | [8.18.144.160](https://vuldb.com/?ip.8.18.144.160) | - | Sunburst | High
|
|
46 | [8.18.144.161](https://vuldb.com/?ip.8.18.144.161) | - | Sunburst | High
|
|
47 | [8.18.144.162](https://vuldb.com/?ip.8.18.144.162) | - | Sunburst | High
|
|
48 | [8.18.144.163](https://vuldb.com/?ip.8.18.144.163) | - | Sunburst | High
|
|
49 | [8.18.144.168](https://vuldb.com/?ip.8.18.144.168) | - | Sunburst | High
|
|
50 | [8.18.144.169](https://vuldb.com/?ip.8.18.144.169) | - | Sunburst | High
|
|
51 | [8.18.144.170](https://vuldb.com/?ip.8.18.144.170) | - | Sunburst | High
|
|
52 | [8.18.144.171](https://vuldb.com/?ip.8.18.144.171) | - | Sunburst | High
|
|
53 | [8.18.144.180](https://vuldb.com/?ip.8.18.144.180) | - | Sunburst | High
|
|
54 | [8.18.144.182](https://vuldb.com/?ip.8.18.144.182) | - | Sunburst | High
|
|
55 | [8.18.144.188](https://vuldb.com/?ip.8.18.144.188) | - | Sunburst | High
|
|
56 | [8.18.144.190](https://vuldb.com/?ip.8.18.144.190) | - | Sunburst | High
|
|
57 | [8.18.144.193](https://vuldb.com/?ip.8.18.144.193) | - | Sunburst | High
|
|
58 | [8.18.144.225](https://vuldb.com/?ip.8.18.144.225) | - | Sunburst | High
|
|
59 | [8.18.144.234](https://vuldb.com/?ip.8.18.144.234) | - | Sunburst | High
|
|
60 | [8.18.144.235](https://vuldb.com/?ip.8.18.144.235) | - | Sunburst | High
|
|
61 | [8.18.144.240](https://vuldb.com/?ip.8.18.144.240) | - | Sunburst | High
|
|
62 | [8.18.145.1](https://vuldb.com/?ip.8.18.145.1) | - | Sunburst | High
|
|
63 | [8.18.145.2](https://vuldb.com/?ip.8.18.145.2) | - | Sunburst | High
|
|
64 | [8.18.145.8](https://vuldb.com/?ip.8.18.145.8) | - | Sunburst | High
|
|
65 | [8.18.145.9](https://vuldb.com/?ip.8.18.145.9) | - | Sunburst | High
|
|
66 | [8.18.145.10](https://vuldb.com/?ip.8.18.145.10) | - | Sunburst | High
|
|
67 | [8.18.145.11](https://vuldb.com/?ip.8.18.145.11) | - | Sunburst | High
|
|
68 | [8.18.145.20](https://vuldb.com/?ip.8.18.145.20) | - | Sunburst | High
|
|
69 | [8.18.145.22](https://vuldb.com/?ip.8.18.145.22) | - | Sunburst | High
|
|
70 | [8.18.145.23](https://vuldb.com/?ip.8.18.145.23) | - | Sunburst | High
|
|
71 | [8.18.145.28](https://vuldb.com/?ip.8.18.145.28) | - | Sunburst | High
|
|
72 | [8.18.145.32](https://vuldb.com/?ip.8.18.145.32) | - | Sunburst | High
|
|
73 | [8.18.145.33](https://vuldb.com/?ip.8.18.145.33) | - | Sunburst | High
|
|
74 | [8.18.145.34](https://vuldb.com/?ip.8.18.145.34) | - | Sunburst | High
|
|
75 | [8.18.145.35](https://vuldb.com/?ip.8.18.145.35) | - | Sunburst | High
|
|
76 | [8.18.145.40](https://vuldb.com/?ip.8.18.145.40) | - | Sunburst | High
|
|
77 | [8.18.145.41](https://vuldb.com/?ip.8.18.145.41) | - | Sunburst | High
|
|
78 | [8.18.145.42](https://vuldb.com/?ip.8.18.145.42) | - | Sunburst | High
|
|
79 | [8.18.145.43](https://vuldb.com/?ip.8.18.145.43) | - | Sunburst | High
|
|
80 | [8.18.145.52](https://vuldb.com/?ip.8.18.145.52) | - | Sunburst | High
|
|
81 | [8.18.145.53](https://vuldb.com/?ip.8.18.145.53) | - | Sunburst | High
|
|
82 | [8.18.145.55](https://vuldb.com/?ip.8.18.145.55) | - | Sunburst | High
|
|
83 | [8.18.145.66](https://vuldb.com/?ip.8.18.145.66) | - | Sunburst | High
|
|
84 | [8.18.145.75](https://vuldb.com/?ip.8.18.145.75) | - | Sunburst | High
|
|
85 | [8.18.145.81](https://vuldb.com/?ip.8.18.145.81) | - | Sunburst | High
|
|
86 | [8.18.145.98](https://vuldb.com/?ip.8.18.145.98) | - | Sunburst | High
|
|
87 | [8.18.145.106](https://vuldb.com/?ip.8.18.145.106) | - | Sunburst | High
|
|
88 | [8.18.145.107](https://vuldb.com/?ip.8.18.145.107) | - | Sunburst | High
|
|
89 | [8.18.145.128](https://vuldb.com/?ip.8.18.145.128) | - | Sunburst | High
|
|
90 | [8.18.145.129](https://vuldb.com/?ip.8.18.145.129) | - | Sunburst | High
|
|
91 | [8.18.145.130](https://vuldb.com/?ip.8.18.145.130) | - | Sunburst | High
|
|
92 | [8.18.145.131](https://vuldb.com/?ip.8.18.145.131) | - | Sunburst | High
|
|
93 | [8.18.145.136](https://vuldb.com/?ip.8.18.145.136) | - | Sunburst | High
|
|
94 | [8.18.145.137](https://vuldb.com/?ip.8.18.145.137) | - | Sunburst | High
|
|
95 | [8.18.145.138](https://vuldb.com/?ip.8.18.145.138) | - | Sunburst | High
|
|
96 | [8.18.145.139](https://vuldb.com/?ip.8.18.145.139) | - | Sunburst | High
|
|
97 | [8.18.145.148](https://vuldb.com/?ip.8.18.145.148) | - | Sunburst | High
|
|
98 | [8.18.145.151](https://vuldb.com/?ip.8.18.145.151) | - | Sunburst | High
|
|
99 | [8.18.145.156](https://vuldb.com/?ip.8.18.145.156) | - | Sunburst | High
|
|
100 | [8.18.145.158](https://vuldb.com/?ip.8.18.145.158) | - | Sunburst | High
|
|
101 | [8.18.145.159](https://vuldb.com/?ip.8.18.145.159) | - | Sunburst | High
|
|
102 | [8.18.145.160](https://vuldb.com/?ip.8.18.145.160) | - | Sunburst | High
|
|
103 | [8.18.145.161](https://vuldb.com/?ip.8.18.145.161) | - | Sunburst | High
|
|
104 | [8.18.145.162](https://vuldb.com/?ip.8.18.145.162) | - | Sunburst | High
|
|
105 | [8.18.145.163](https://vuldb.com/?ip.8.18.145.163) | - | Sunburst | High
|
|
106 | [8.18.145.168](https://vuldb.com/?ip.8.18.145.168) | - | Sunburst | High
|
|
107 | [8.18.145.169](https://vuldb.com/?ip.8.18.145.169) | - | Sunburst | High
|
|
108 | [8.18.145.170](https://vuldb.com/?ip.8.18.145.170) | - | Sunburst | High
|
|
109 | [8.18.145.171](https://vuldb.com/?ip.8.18.145.171) | - | Sunburst | High
|
|
110 | [8.18.145.182](https://vuldb.com/?ip.8.18.145.182) | - | Sunburst | High
|
|
111 | [8.18.145.188](https://vuldb.com/?ip.8.18.145.188) | - | Sunburst | High
|
|
112 | [8.18.145.189](https://vuldb.com/?ip.8.18.145.189) | - | Sunburst | High
|
|
113 | [8.18.145.190](https://vuldb.com/?ip.8.18.145.190) | - | Sunburst | High
|
|
114 | [8.18.145.191](https://vuldb.com/?ip.8.18.145.191) | - | Sunburst | High
|
|
115 | [8.18.145.192](https://vuldb.com/?ip.8.18.145.192) | - | Sunburst | High
|
|
116 | [8.18.145.193](https://vuldb.com/?ip.8.18.145.193) | - | Sunburst | High
|
|
117 | [8.18.145.200](https://vuldb.com/?ip.8.18.145.200) | - | Sunburst | High
|
|
118 | [8.18.145.201](https://vuldb.com/?ip.8.18.145.201) | - | Sunburst | High
|
|
119 | [8.18.145.217](https://vuldb.com/?ip.8.18.145.217) | - | Sunburst | High
|
|
120 | [8.18.145.223](https://vuldb.com/?ip.8.18.145.223) | - | Sunburst | High
|
|
121 | [8.18.145.240](https://vuldb.com/?ip.8.18.145.240) | kindle-user.whispernet.com | Sunburst | High
|
|
122 | [13.56.226.124](https://vuldb.com/?ip.13.56.226.124) | ec2-13-56-226-124.us-west-1.compute.amazonaws.com | Sunburst | Medium
|
|
123 | [13.59.205.66](https://vuldb.com/?ip.13.59.205.66) | ec2-13-59-205-66.us-east-2.compute.amazonaws.com | - | Medium
|
|
124 | [13.65.251.83](https://vuldb.com/?ip.13.65.251.83) | - | Sunburst | High
|
|
125 | [13.84.134.105](https://vuldb.com/?ip.13.84.134.105) | - | Sunburst | High
|
|
126 | [13.90.103.231](https://vuldb.com/?ip.13.90.103.231) | - | Sunburst | High
|
|
127 | [13.92.233.22](https://vuldb.com/?ip.13.92.233.22) | - | Sunburst | High
|
|
128 | [18.130.193.22](https://vuldb.com/?ip.18.130.193.22) | ec2-18-130-193-22.eu-west-2.compute.amazonaws.com | Sunburst | Medium
|
|
129 | [20.140.0.81](https://vuldb.com/?ip.20.140.0.81) | - | Sunburst | High
|
|
130 | [20.140.0.185](https://vuldb.com/?ip.20.140.0.185) | - | Sunburst | High
|
|
131 | [20.140.1.170](https://vuldb.com/?ip.20.140.1.170) | - | Sunburst | High
|
|
132 | [20.140.6.165](https://vuldb.com/?ip.20.140.6.165) | - | Sunburst | High
|
|
133 | [20.140.10.221](https://vuldb.com/?ip.20.140.10.221) | - | Sunburst | High
|
|
134 | [20.140.16.213](https://vuldb.com/?ip.20.140.16.213) | - | Sunburst | High
|
|
135 | [20.140.22.238](https://vuldb.com/?ip.20.140.22.238) | - | Sunburst | High
|
|
136 | [20.140.23.106](https://vuldb.com/?ip.20.140.23.106) | - | Sunburst | High
|
|
137 | [20.140.33.21](https://vuldb.com/?ip.20.140.33.21) | - | Sunburst | High
|
|
138 | [20.140.35.209](https://vuldb.com/?ip.20.140.35.209) | - | Sunburst | High
|
|
139 | [20.140.37.193](https://vuldb.com/?ip.20.140.37.193) | - | Sunburst | High
|
|
140 | [20.140.39.249](https://vuldb.com/?ip.20.140.39.249) | - | Sunburst | High
|
|
141 | [20.140.42.134](https://vuldb.com/?ip.20.140.42.134) | - | Sunburst | High
|
|
142 | [20.140.53.77](https://vuldb.com/?ip.20.140.53.77) | - | Sunburst | High
|
|
143 | [20.140.58.231](https://vuldb.com/?ip.20.140.58.231) | - | Sunburst | High
|
|
144 | [20.140.60.142](https://vuldb.com/?ip.20.140.60.142) | - | Sunburst | High
|
|
145 | [20.140.60.229](https://vuldb.com/?ip.20.140.60.229) | - | Sunburst | High
|
|
146 | [20.140.61.217](https://vuldb.com/?ip.20.140.61.217) | - | Sunburst | High
|
|
147 | [20.140.62.111](https://vuldb.com/?ip.20.140.62.111) | - | Sunburst | High
|
|
148 | [20.140.65.188](https://vuldb.com/?ip.20.140.65.188) | - | Sunburst | High
|
|
149 | [20.140.71.226](https://vuldb.com/?ip.20.140.71.226) | - | Sunburst | High
|
|
150 | [20.140.73.228](https://vuldb.com/?ip.20.140.73.228) | - | Sunburst | High
|
|
151 | [20.140.73.242](https://vuldb.com/?ip.20.140.73.242) | - | Sunburst | High
|
|
152 | [20.140.74.185](https://vuldb.com/?ip.20.140.74.185) | - | Sunburst | High
|
|
153 | [20.140.75.245](https://vuldb.com/?ip.20.140.75.245) | - | Sunburst | High
|
|
154 | [20.140.77.215](https://vuldb.com/?ip.20.140.77.215) | - | Sunburst | High
|
|
155 | [20.140.80.233](https://vuldb.com/?ip.20.140.80.233) | - | Sunburst | High
|
|
156 | [20.140.88.52](https://vuldb.com/?ip.20.140.88.52) | - | Sunburst | High
|
|
157 | [20.140.91.208](https://vuldb.com/?ip.20.140.91.208) | - | Sunburst | High
|
|
158 | [20.140.92.229](https://vuldb.com/?ip.20.140.92.229) | - | Sunburst | High
|
|
159 | [20.140.92.255](https://vuldb.com/?ip.20.140.92.255) | - | Sunburst | High
|
|
160 | [20.140.93.134](https://vuldb.com/?ip.20.140.93.134) | - | Sunburst | High
|
|
161 | [20.140.98.16](https://vuldb.com/?ip.20.140.98.16) | - | Sunburst | High
|
|
162 | [20.140.98.35](https://vuldb.com/?ip.20.140.98.35) | - | Sunburst | High
|
|
163 | [20.140.100.139](https://vuldb.com/?ip.20.140.100.139) | - | Sunburst | High
|
|
164 | [20.140.104.94](https://vuldb.com/?ip.20.140.104.94) | - | Sunburst | High
|
|
165 | [20.140.107.234](https://vuldb.com/?ip.20.140.107.234) | - | Sunburst | High
|
|
166 | [20.140.112.220](https://vuldb.com/?ip.20.140.112.220) | - | Sunburst | High
|
|
167 | [20.140.112.243](https://vuldb.com/?ip.20.140.112.243) | - | Sunburst | High
|
|
168 | [20.140.114.106](https://vuldb.com/?ip.20.140.114.106) | - | Sunburst | High
|
|
169 | [20.140.114.189](https://vuldb.com/?ip.20.140.114.189) | - | Sunburst | High
|
|
170 | [20.140.114.200](https://vuldb.com/?ip.20.140.114.200) | - | Sunburst | High
|
|
171 | [20.140.116.15](https://vuldb.com/?ip.20.140.116.15) | - | Sunburst | High
|
|
172 | [20.140.119.154](https://vuldb.com/?ip.20.140.119.154) | - | Sunburst | High
|
|
173 | [20.140.119.196](https://vuldb.com/?ip.20.140.119.196) | - | Sunburst | High
|
|
174 | [20.140.122.138](https://vuldb.com/?ip.20.140.122.138) | - | Sunburst | High
|
|
175 | [20.140.122.210](https://vuldb.com/?ip.20.140.122.210) | - | Sunburst | High
|
|
176 | [20.140.123.240](https://vuldb.com/?ip.20.140.123.240) | - | Sunburst | High
|
|
177 | [20.140.124.8](https://vuldb.com/?ip.20.140.124.8) | - | Sunburst | High
|
|
178 | [20.140.128.33](https://vuldb.com/?ip.20.140.128.33) | - | Sunburst | High
|
|
179 | [20.140.130.157](https://vuldb.com/?ip.20.140.130.157) | - | Sunburst | High
|
|
180 | [20.140.131.21](https://vuldb.com/?ip.20.140.131.21) | - | Sunburst | High
|
|
181 | [20.140.137.231](https://vuldb.com/?ip.20.140.137.231) | - | Sunburst | High
|
|
182 | [20.140.139.227](https://vuldb.com/?ip.20.140.139.227) | - | Sunburst | High
|
|
183 | [20.140.141.136](https://vuldb.com/?ip.20.140.141.136) | - | Sunburst | High
|
|
184 | [20.140.145.112](https://vuldb.com/?ip.20.140.145.112) | - | Sunburst | High
|
|
185 | [20.140.145.166](https://vuldb.com/?ip.20.140.145.166) | - | Sunburst | High
|
|
186 | [20.140.146.62](https://vuldb.com/?ip.20.140.146.62) | - | Sunburst | High
|
|
187 | [20.140.146.105](https://vuldb.com/?ip.20.140.146.105) | - | Sunburst | High
|
|
188 | [20.140.153.181](https://vuldb.com/?ip.20.140.153.181) | - | Sunburst | High
|
|
189 | [20.140.154.101](https://vuldb.com/?ip.20.140.154.101) | - | Sunburst | High
|
|
190 | [20.140.154.172](https://vuldb.com/?ip.20.140.154.172) | - | Sunburst | High
|
|
191 | [20.140.156.151](https://vuldb.com/?ip.20.140.156.151) | - | Sunburst | High
|
|
192 | [20.140.159.169](https://vuldb.com/?ip.20.140.159.169) | - | Sunburst | High
|
|
193 | [20.140.160.147](https://vuldb.com/?ip.20.140.160.147) | - | Sunburst | High
|
|
194 | [20.140.160.240](https://vuldb.com/?ip.20.140.160.240) | - | Sunburst | High
|
|
195 | [20.140.161.165](https://vuldb.com/?ip.20.140.161.165) | - | Sunburst | High
|
|
196 | [20.140.162.103](https://vuldb.com/?ip.20.140.162.103) | - | Sunburst | High
|
|
197 | [20.140.162.161](https://vuldb.com/?ip.20.140.162.161) | - | Sunburst | High
|
|
198 | [20.140.164.117](https://vuldb.com/?ip.20.140.164.117) | - | Sunburst | High
|
|
199 | [20.140.168.245](https://vuldb.com/?ip.20.140.168.245) | - | Sunburst | High
|
|
200 | [20.140.169.31](https://vuldb.com/?ip.20.140.169.31) | - | Sunburst | High
|
|
201 | [20.140.171.1](https://vuldb.com/?ip.20.140.171.1) | - | Sunburst | High
|
|
202 | [20.140.173.31](https://vuldb.com/?ip.20.140.173.31) | - | Sunburst | High
|
|
203 | [20.140.173.218](https://vuldb.com/?ip.20.140.173.218) | - | Sunburst | High
|
|
204 | [20.140.174.227](https://vuldb.com/?ip.20.140.174.227) | - | Sunburst | High
|
|
205 | [20.140.180.78](https://vuldb.com/?ip.20.140.180.78) | - | Sunburst | High
|
|
206 | [20.140.182.97](https://vuldb.com/?ip.20.140.182.97) | - | Sunburst | High
|
|
207 | [20.140.186.9](https://vuldb.com/?ip.20.140.186.9) | - | Sunburst | High
|
|
208 | [20.140.187.224](https://vuldb.com/?ip.20.140.187.224) | - | Sunburst | High
|
|
209 | [20.140.190.142](https://vuldb.com/?ip.20.140.190.142) | - | Sunburst | High
|
|
210 | [20.140.192.20](https://vuldb.com/?ip.20.140.192.20) | - | Sunburst | High
|
|
211 | [20.140.195.178](https://vuldb.com/?ip.20.140.195.178) | - | Sunburst | High
|
|
212 | [20.140.196.230](https://vuldb.com/?ip.20.140.196.230) | - | Sunburst | High
|
|
213 | [20.140.198.77](https://vuldb.com/?ip.20.140.198.77) | - | Sunburst | High
|
|
214 | [20.140.199.190](https://vuldb.com/?ip.20.140.199.190) | - | Sunburst | High
|
|
215 | [20.140.200.89](https://vuldb.com/?ip.20.140.200.89) | - | Sunburst | High
|
|
216 | [20.140.201.138](https://vuldb.com/?ip.20.140.201.138) | - | Sunburst | High
|
|
217 | [20.140.203.164](https://vuldb.com/?ip.20.140.203.164) | - | Sunburst | High
|
|
218 | [20.140.208.247](https://vuldb.com/?ip.20.140.208.247) | - | Sunburst | High
|
|
219 | [20.140.209.163](https://vuldb.com/?ip.20.140.209.163) | - | Sunburst | High
|
|
220 | [20.140.210.8](https://vuldb.com/?ip.20.140.210.8) | - | Sunburst | High
|
|
221 | [20.140.211.161](https://vuldb.com/?ip.20.140.211.161) | - | Sunburst | High
|
|
222 | [20.140.212.45](https://vuldb.com/?ip.20.140.212.45) | - | Sunburst | High
|
|
223 | [20.140.212.62](https://vuldb.com/?ip.20.140.212.62) | - | Sunburst | High
|
|
224 | [20.140.213.144](https://vuldb.com/?ip.20.140.213.144) | - | Sunburst | High
|
|
225 | [20.140.215.25](https://vuldb.com/?ip.20.140.215.25) | - | Sunburst | High
|
|
226 | [20.140.216.43](https://vuldb.com/?ip.20.140.216.43) | - | Sunburst | High
|
|
227 | [20.140.220.20](https://vuldb.com/?ip.20.140.220.20) | - | Sunburst | High
|
|
228 | [20.140.221.17](https://vuldb.com/?ip.20.140.221.17) | - | Sunburst | High
|
|
229 | [20.140.227.4](https://vuldb.com/?ip.20.140.227.4) | - | Sunburst | High
|
|
230 | [20.140.229.31](https://vuldb.com/?ip.20.140.229.31) | - | Sunburst | High
|
|
231 | [20.140.230.9](https://vuldb.com/?ip.20.140.230.9) | - | Sunburst | High
|
|
232 | [20.140.230.252](https://vuldb.com/?ip.20.140.230.252) | - | Sunburst | High
|
|
233 | [20.140.235.69](https://vuldb.com/?ip.20.140.235.69) | - | Sunburst | High
|
|
234 | [20.140.236.165](https://vuldb.com/?ip.20.140.236.165) | - | Sunburst | High
|
|
235 | [20.140.238.11](https://vuldb.com/?ip.20.140.238.11) | - | Sunburst | High
|
|
236 | [20.140.240.57](https://vuldb.com/?ip.20.140.240.57) | - | Sunburst | High
|
|
237 | [20.140.241.12](https://vuldb.com/?ip.20.140.241.12) | - | Sunburst | High
|
|
238 | [20.140.244.106](https://vuldb.com/?ip.20.140.244.106) | - | Sunburst | High
|
|
239 | [20.140.248.124](https://vuldb.com/?ip.20.140.248.124) | - | Sunburst | High
|
|
240 | [20.140.248.170](https://vuldb.com/?ip.20.140.248.170) | - | Sunburst | High
|
|
241 | [20.140.250.63](https://vuldb.com/?ip.20.140.250.63) | - | Sunburst | High
|
|
242 | [20.140.251.174](https://vuldb.com/?ip.20.140.251.174) | - | Sunburst | High
|
|
243 | [20.140.251.188](https://vuldb.com/?ip.20.140.251.188) | - | Sunburst | High
|
|
244 | [20.140.253.160](https://vuldb.com/?ip.20.140.253.160) | - | Sunburst | High
|
|
245 | [20.141.0.77](https://vuldb.com/?ip.20.141.0.77) | - | Sunburst | High
|
|
246 | [20.141.9.167](https://vuldb.com/?ip.20.141.9.167) | - | Sunburst | High
|
|
247 | [20.141.11.87](https://vuldb.com/?ip.20.141.11.87) | - | Sunburst | High
|
|
248 | [20.141.15.1](https://vuldb.com/?ip.20.141.15.1) | - | Sunburst | High
|
|
249 | [20.141.15.111](https://vuldb.com/?ip.20.141.15.111) | - | Sunburst | High
|
|
250 | [20.141.16.202](https://vuldb.com/?ip.20.141.16.202) | - | Sunburst | High
|
|
251 | [20.141.17.3](https://vuldb.com/?ip.20.141.17.3) | - | Sunburst | High
|
|
252 | [20.141.20.48](https://vuldb.com/?ip.20.141.20.48) | - | Sunburst | High
|
|
253 | [20.141.25.180](https://vuldb.com/?ip.20.141.25.180) | - | Sunburst | High
|
|
254 | [20.141.34.27](https://vuldb.com/?ip.20.141.34.27) | - | Sunburst | High
|
|
255 | [20.141.34.98](https://vuldb.com/?ip.20.141.34.98) | - | Sunburst | High
|
|
256 | [20.141.36.50](https://vuldb.com/?ip.20.141.36.50) | - | Sunburst | High
|
|
257 | [20.141.40.176](https://vuldb.com/?ip.20.141.40.176) | - | Sunburst | High
|
|
258 | [20.141.42.89](https://vuldb.com/?ip.20.141.42.89) | - | Sunburst | High
|
|
259 | [20.141.42.116](https://vuldb.com/?ip.20.141.42.116) | - | Sunburst | High
|
|
260 | [20.141.47.31](https://vuldb.com/?ip.20.141.47.31) | - | Sunburst | High
|
|
261 | [20.141.48.63](https://vuldb.com/?ip.20.141.48.63) | - | Sunburst | High
|
|
262 | [20.141.49.192](https://vuldb.com/?ip.20.141.49.192) | - | Sunburst | High
|
|
263 | [20.141.51.22](https://vuldb.com/?ip.20.141.51.22) | - | Sunburst | High
|
|
264 | [20.141.51.230](https://vuldb.com/?ip.20.141.51.230) | - | Sunburst | High
|
|
265 | [20.141.52.223](https://vuldb.com/?ip.20.141.52.223) | - | Sunburst | High
|
|
266 | [20.141.53.10](https://vuldb.com/?ip.20.141.53.10) | - | Sunburst | High
|
|
267 | [20.141.55.22](https://vuldb.com/?ip.20.141.55.22) | - | Sunburst | High
|
|
268 | [20.141.59.57](https://vuldb.com/?ip.20.141.59.57) | - | Sunburst | High
|
|
269 | [20.141.59.224](https://vuldb.com/?ip.20.141.59.224) | - | Sunburst | High
|
|
270 | [20.141.63.17](https://vuldb.com/?ip.20.141.63.17) | - | Sunburst | High
|
|
271 | [20.141.64.21](https://vuldb.com/?ip.20.141.64.21) | - | Sunburst | High
|
|
272 | [20.141.68.74](https://vuldb.com/?ip.20.141.68.74) | - | Sunburst | High
|
|
273 | [20.141.69.131](https://vuldb.com/?ip.20.141.69.131) | - | Sunburst | High
|
|
274 | [20.141.71.54](https://vuldb.com/?ip.20.141.71.54) | - | Sunburst | High
|
|
275 | [20.141.72.37](https://vuldb.com/?ip.20.141.72.37) | - | Sunburst | High
|
|
276 | [20.141.72.50](https://vuldb.com/?ip.20.141.72.50) | - | Sunburst | High
|
|
277 | [20.141.73.28](https://vuldb.com/?ip.20.141.73.28) | - | Sunburst | High
|
|
278 | [20.141.73.97](https://vuldb.com/?ip.20.141.73.97) | - | Sunburst | High
|
|
279 | [20.141.74.151](https://vuldb.com/?ip.20.141.74.151) | - | Sunburst | High
|
|
280 | [20.141.75.180](https://vuldb.com/?ip.20.141.75.180) | - | Sunburst | High
|
|
281 | [20.141.80.1](https://vuldb.com/?ip.20.141.80.1) | - | Sunburst | High
|
|
282 | [20.141.81.210](https://vuldb.com/?ip.20.141.81.210) | - | Sunburst | High
|
|
283 | [20.141.82.242](https://vuldb.com/?ip.20.141.82.242) | - | Sunburst | High
|
|
284 | [20.141.83.205](https://vuldb.com/?ip.20.141.83.205) | - | Sunburst | High
|
|
285 | [20.141.90.48](https://vuldb.com/?ip.20.141.90.48) | - | Sunburst | High
|
|
286 | [20.141.92.85](https://vuldb.com/?ip.20.141.92.85) | - | Sunburst | High
|
|
287 | [20.141.95.77](https://vuldb.com/?ip.20.141.95.77) | - | Sunburst | High
|
|
288 | [20.141.95.188](https://vuldb.com/?ip.20.141.95.188) | - | Sunburst | High
|
|
289 | ... | ... | ... | ...
|
|
|
|
There are 1150 more IOC items available. Please use our online service to access the data.
|
|
|
|
## TTP - Tactics, Techniques, Procedures
|
|
|
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _UNC2452_. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Technique | Weakness | Description | Confidence
|
|
-- | --------- | -------- | ----------- | ----------
|
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-35 | Pathname Traversal | High
|
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
|
3 | T1055 | CWE-74 | Injection | High
|
|
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
|
6 | ... | ... | ... | ...
|
|
|
|
There are 18 more TTP items available. Please use our online service to access the data.
|
|
|
|
## IOA - Indicator of Attack
|
|
|
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by UNC2452. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Type | Indicator | Confidence
|
|
-- | ---- | --------- | ----------
|
|
1 | File | `$HOME/.printers` | High
|
|
2 | File | `//` | Low
|
|
3 | File | `/CPE` | Low
|
|
4 | File | `/forum/PostPrivateMessage` | High
|
|
5 | File | `/home/cavesConsole` | High
|
|
6 | File | `/home/kickPlayer` | High
|
|
7 | File | `/home/masterConsole` | High
|
|
8 | File | `/home/sendBroadcast` | High
|
|
9 | File | `/login/index.php` | High
|
|
10 | File | `/oews/classes/Master.php?f=update_cart` | High
|
|
11 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
|
12 | File | `/output/outdbg.c` | High
|
|
13 | File | `/output/outieee.c` | High
|
|
14 | File | `/param.file.tgz` | High
|
|
15 | File | `/password/reset` | High
|
|
16 | File | `/ptippage.cgi` | High
|
|
17 | File | `/ptipupgrade.cgi` | High
|
|
18 | File | `/royal_event/userregister.php` | High
|
|
19 | File | `/setnetworksettings/IPAddress` | High
|
|
20 | File | `/SetNetworkSettings/SubnetMask` | High
|
|
21 | File | `/u/username.json` | High
|
|
22 | File | `/user/s.php` | Medium
|
|
23 | File | `/user/updatePwd` | High
|
|
24 | File | `/wireless/basic.asp` | High
|
|
25 | File | `/wireless/guestnetwork.asp` | High
|
|
26 | File | `01article.php` | High
|
|
27 | File | `add-locker-form.php` | High
|
|
28 | File | `admin/abc.php` | High
|
|
29 | File | `admin/add_payment.php` | High
|
|
30 | File | `admin/approve_user.php` | High
|
|
31 | File | `admin/disapprove_user.php` | High
|
|
32 | File | `admin/expense_report.php` | High
|
|
33 | File | `admin/forget_password.php` | High
|
|
34 | File | `admin/make_payments.php` | High
|
|
35 | File | `admin/manage_user.php` | High
|
|
36 | File | `admin/page-login.php` | High
|
|
37 | File | `admin/practice_pdf.php` | High
|
|
38 | File | `admin\model\catalog\download.php` | High
|
|
39 | File | `admin_class.php` | High
|
|
40 | File | `agent/listener/templates/tail.html` | High
|
|
41 | File | `ajax_invoice.php` | High
|
|
42 | ... | ... | ...
|
|
|
|
There are 364 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
|
|
|
## References
|
|
|
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
|
|
|
* https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/
|
|
* https://github.com/bambenek/research/blob/main/sunburst/ipv4-addresses.txt
|
|
|
|
## Literature
|
|
|
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
|
|
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
|
|
|
## License
|
|
|
|
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|