cyber_threat_intelligence/actors/Bumblebee/README.md
2023-10-16 15:34:26 +02:00

36 KiB

BumbleBee - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as BumbleBee. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.bumblebee

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BumbleBee:

There are 3 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of BumbleBee.

ID IP address Hostname Campaign Confidence
1 0.151.228.146 - - High
2 0.208.210.72 - - High
3 1.32.39.22 - - High
4 1.39.166.217 1-39-166-217.live.vodafone.in - High
5 2.50.39.29 bba-2-50-39-29.alshamil.net.ae - High
6 2.56.10.16 - - High
7 2.97.24.126 host-2-97-24-126.as13285.net - High
8 2.100.7.120 host-2-100-7-120.as13285.net - High
9 2.126.13.36 027e0d24.bb.sky.com - High
10 2.190.89.140 - - High
11 2.211.111.213 dynamic-002-211-111-213.2.211.pool.telefonica.de - High
12 2.240.132.127 dynamic-002-240-132-127.2.240.pool.telefonica.de - High
13 3.85.198.66 ec2-3-85-198-66.compute-1.amazonaws.com - Medium
14 3.144.143.242 ec2-3-144-143-242.us-east-2.compute.amazonaws.com - Medium
15 3.172.226.46 - - High
16 3.215.24.1 ec2-3-215-24-1.compute-1.amazonaws.com - Medium
17 4.13.210.199 - - High
18 4.165.175.212 - - High
19 4.177.13.86 - - High
20 4.236.88.115 - - High
21 5.45.54.50 - - High
22 5.53.19.66 dhcp-66-19-53-5.metrosg.ru - High
23 5.141.46.137 - - High
24 5.152.80.211 - - High
25 5.237.231.132 - - High
26 5.239.33.172 - - High
27 6.10.249.12 - - High
28 6.30.139.246 - - High
29 6.249.22.42 - - High
30 7.12.29.221 - - High
31 7.71.244.186 - - High
32 7.233.9.154 - - High
33 8.12.181.20 - - High
34 8.76.233.176 - - High
35 8.126.95.33 - - High
36 8.219.132.142 - - High
37 8.222.182.83 - - High
38 8.222.227.103 - - High
39 8.253.171.67 - - High
40 9.63.15.101 - - High
41 9.240.112.25 - - High
42 10.28.17.62 - - High
43 11.1.201.27 - - High
44 12.75.186.131 131.newark-21-23rs.nj.dial-access.att.net - High
45 12.115.36.174 - - High
46 12.153.80.238 - - High
47 12.194.222.34 - - High
48 12.202.229.195 - - High
49 12.236.242.155 - - High
50 13.2.200.200 - - High
51 13.218.205.215 - - High
52 13.234.171.104 ec2-13-234-171-104.ap-south-1.compute.amazonaws.com - Medium
53 14.7.69.141 - - High
54 14.11.77.37 M014011077037.v4.enabler.ne.jp - High
55 14.40.68.19 - - High
56 14.63.191.213 - - High
57 14.102.170.127 cache-ipnet01.nexlogic.ph - High
58 14.128.51.19 - - High
59 14.155.143.74 - - High
60 14.163.179.250 static.vnpt.vn - High
61 14.195.237.81 static-81.237.195.14-tataidc.co.in - High
62 15.209.19.148 - - High
63 15.248.60.137 - - High
64 16.86.113.88 - - High
65 16.249.204.133 - - High
66 17.29.249.188 - - High
67 17.147.212.14 - - High
68 18.8.71.243 - - High
69 18.127.96.221 - - High
70 18.141.105.98 ec2-18-141-105-98.ap-southeast-1.compute.amazonaws.com - Medium
71 18.151.45.13 - - High
72 18.210.196.217 ec2-18-210-196-217.compute-1.amazonaws.com - Medium
73 19.32.56.182 - - High
74 19.71.13.153 - - High
75 19.128.78.21 - - High
76 20.150.149.28 - - High
77 21.21.141.32 - - High
78 21.29.238.98 - - High
79 21.175.22.99 - - High
80 21.246.85.34 - - High
81 22.39.164.0 - - High
82 22.83.186.45 - - High
83 22.175.0.90 - - High
84 22.252.18.49 - - High
85 23.19.58.176 i58.176.lofame.net - High
86 23.19.58.212 - - High
87 23.19.58.251 - - High
88 23.29.115.164 23-29-115-164.static.hvvc.us - High
89 23.29.115.172 23-29-115-172.static.hvvc.us - High
90 23.81.246.17 - - High
91 23.81.246.22 - - High
92 23.81.246.171 - - High
93 23.81.246.187 - - High
94 23.81.246.205 - - High
95 23.82.19.119 - - High
96 23.82.19.208 - - High
97 23.82.128.11 - - High
98 23.82.128.116 - - High
99 23.82.128.127 - - High
100 23.82.128.149 - - High
101 23.82.140.14 - - High
102 23.82.140.100 - - High
103 23.82.140.133 - - High
104 23.82.140.155 - - High
105 23.82.140.180 - - High
106 23.82.141.11 - - High
107 23.82.141.184 - - High
108 23.82.141.185 - - High
109 23.83.133.1 v327.er01.dal.ubiquity.io - High
110 23.83.133.13 - - High
111 23.83.133.182 - - High
112 23.83.133.215 - - High
113 23.83.133.216 - - High
114 23.83.134.110 - - High
115 23.83.134.133 - - High
116 23.83.134.136 - - High
117 23.88.117.246 static.246.117.88.23.clients.your-server.de - High
118 23.106.124.23 - - High
119 23.106.124.154 - - High
120 23.106.160.33 - - High
121 23.106.160.39 - - High
122 23.106.160.40 - - High
123 23.106.160.52 - - High
124 23.106.160.82 - - High
125 23.106.160.112 - - High
126 23.106.160.117 - - High
127 23.106.160.120 - - High
128 23.106.160.137 - - High
129 23.106.160.141 - - High
130 23.106.215.45 - - High
131 23.106.215.60 - - High
132 23.106.215.82 - - High
133 23.106.215.123 - - High
134 23.106.215.133 - - High
135 23.106.215.141 - - High
136 23.106.215.165 zootech.click - High
137 23.106.215.225 - - High
138 23.106.215.230 - - High
139 23.106.215.233 - - High
140 23.106.223.1 - - High
141 23.106.223.14 - - High
142 23.106.223.130 - - High
143 23.106.223.144 - - High
144 23.106.223.182 - - High
145 23.106.223.197 - - High
146 23.106.223.209 - - High
147 23.106.223.219 - - High
148 23.106.223.222 - - High
149 23.108.57.5 - - High
150 23.108.57.13 - - High
151 23.108.57.29 - - High
152 23.108.57.57 tuks.net - High
153 23.108.57.59 - - High
154 23.108.57.65 - - High
155 23.108.57.66 - - High
156 23.108.57.79 - - High
157 23.108.57.87 - - High
158 23.108.57.161 - - High
159 23.108.57.200 - - High
160 23.108.57.201 - - High
161 23.108.57.250 - - High
162 23.136.208.76 - - High
163 23.227.198.195 multiatom.com - High
164 23.227.198.217 23-227-198-217.static.hvvc.us - High
165 23.227.198.241 23-227-198-241.static.hvvc.us - High
166 23.227.202.179 trackvous.com - High
167 23.227.203.120 23-227-203-120.static.hvvc.us - High
168 23.229.117.229 - - High
169 23.254.142.159 client-23-254-142-159.hostwindsdns.com - High
170 23.254.161.46 hwsrv-1063022.hostwindsdns.com - High
171 23.254.167.63 hwsrv-1063920.hostwindsdns.com - High
172 23.254.167.143 client-23-254-167-143.hostwindsdns.com - High
173 23.254.201.97 hwsrv-974106.hostwindsdns.com - High
174 23.254.202.59 hwsrv-987701.hostwindsdns.com - High
175 23.254.204.109 client-23-254-204-109.hostwindsdns.com - High
176 23.254.204.210 hwsrv-1046249.hostwindsdns.com - High
177 23.254.217.20 hwsrv-984041.hostwindsdns.com - High
178 23.254.217.222 hwsrv-976272.hostwindsdns.com - High
179 23.254.224.200 hwsrv-1001143.hostwindsdns.com - High
180 23.254.225.130 hwsrv-1067630.hostwindsdns.com - High
181 23.254.225.249 client-23-254-225-249.hostwindsdns.com - High
182 23.254.227.53 hwsrv-1057942.hostwindsdns.com - High
183 23.254.227.144 hwsrv-982332.hostwindsdns.com - High
184 23.254.229.131 ruth.gobuddy.info - High
185 23.254.229.210 tigern.throwbackdinos.com - High
186 23.254.247.48 hwsrv-1063028.hostwindsdns.com - High
187 24.4.68.32 c-24-4-68-32.hsd1.ca.comcast.net - High
188 24.57.185.167 d24-57-185-167.home.cgocable.net - High
189 24.121.25.160 24-121-25-160.sdoncmtk01.com.dyn.suddenlink.net - High
190 24.183.132.242 024-183-132-242.res.spectrum.com - High
191 25.5.198.104 - - High
192 25.131.252.242 - - High
193 25.169.42.242 - - High
194 25.170.215.18 - - High
195 25.181.64.39 - - High
196 26.6.83.53 - - High
197 27.31.180.123 - - High
198 28.11.143.222 - - High
199 28.23.200.103 - - High
200 28.53.120.108 - - High
201 28.107.38.196 - - High
202 28.148.236.16 - - High
203 28.183.174.200 - - High
204 29.15.120.102 - - High
205 29.64.0.111 - - High
206 29.122.243.158 - - High
207 29.203.98.166 - - High
208 30.17.4.146 - - High
209 30.65.48.152 - - High
210 30.140.193.246 - - High
211 30.205.76.70 - - High
212 30.225.24.243 - - High
213 31.135.71.34 - - High
214 31.228.253.114 - - High
215 31.232.16.192 - - High
216 32.54.188.44 - - High
217 32.181.245.23 - - High
218 33.93.97.183 - - High
219 33.145.184.132 - - High
220 33.191.119.32 - - High
221 34.1.180.202 - - High
222 34.2.221.48 - - High
223 34.34.152.166 166.152.34.34.bc.googleusercontent.com - Medium
224 34.77.116.45 45.116.77.34.bc.googleusercontent.com - Medium
225 34.119.95.6 6.95.119.34.bc.googleusercontent.com - Medium
226 34.229.154.31 ec2-34-229-154-31.compute-1.amazonaws.com - Medium
227 35.120.155.220 - - High
228 35.239.11.197 197.11.239.35.bc.googleusercontent.com - Medium
229 36.110.58.103 103.58.110.36.static.bjtelecom.net - High
230 36.150.76.13 - - High
231 36.201.196.202 - - High
232 37.1.214.72 - - High
233 37.1.214.229 - - High
234 37.28.155.36 d155036.artnet.gda.pl - High
235 37.28.156.24 d156024.artnet.gda.pl - High
236 37.28.157.29 d157029.artnet.gda.pl - High
237 37.42.62.77 - - High
238 37.64.220.2 2.220.64.37.rev.sfr.net - High
239 37.72.174.9 emailmail.org.uk - High
240 37.72.174.23 37-72-174-23.static.hvvc.us - High
241 37.120.198.248 - - High
242 37.189.74.5 bl28-74-5.dsl.telepac.pt - High
243 37.221.67.104 host001 - High
244 37.221.67.122 finese - High
245 38.12.57.131 - - High
246 38.48.147.152 - - High
247 38.180.4.165 - - High
248 38.180.25.71 - - High
249 38.180.25.111 - - High
250 39.57.152.217 - - High
251 40.47.149.113 - - High
252 40.72.17.141 - - High
253 41.7.15.180 vc-cpt-41-7-15-180.umts.vodacom.co.za - High
254 41.15.71.157 vc-gp-n-41-15-71-157.umts.vodacom.co.za - High
255 41.28.188.77 vc-gp-s-41-28-188-77.umts.vodacom.co.za - High
256 41.56.181.200 - - High
257 41.70.42.112 - - High
258 42.63.100.82 - - High
259 42.104.196.184 - - High
260 42.179.23.39 - - High
261 43.184.255.110 - - High
262 44.94.75.93 - - High
263 44.224.48.159 ec2-44-224-48-159.us-west-2.compute.amazonaws.com - Medium
264 45.3.236.177 045-003-236-177.biz.spectrum.com - High
265 45.11.19.70 - - High
266 45.11.19.86 - - High
267 45.11.19.208 - - High
268 45.11.19.224 - - High
269 45.11.19.252 - - High
270 45.32.37.109 45.32.37.109.vultrusercontent.com - High
271 45.61.184.8 mail.oelke.tec.br - High
272 45.61.184.24 - - High
273 45.61.184.227 MiamiTorNew1.Quetzalcoatl-relays.org - High
274 45.61.185.65 exitrelay40.medvideos-tor.org - High
275 45.61.185.227 - - High
276 45.61.186.18 - - High
277 45.61.186.51 - - High
278 45.61.187.10 45-61-187-10.ger.priv.allsafevpn.com - High
279 45.61.187.40 - - High
280 45.61.187.123 smtp20.shbgura.xyz - High
281 45.61.187.160 - - High
282 45.61.187.170 - - High
283 45.61.187.204 - - High
284 45.61.187.225 - - High
285 45.66.151.59 - - High
286 45.66.151.142 - - High
287 45.66.151.150 - - High
288 45.66.151.151 - - High
289 45.66.151.155 - - High
290 45.66.151.193 - - High
291 45.66.248.61 parts861.simplestartvideos.com - High
292 45.66.248.64 0n3reye0i0.alyanova.com - High
293 45.66.248.156 - - High
294 45.66.248.216 spam.lastmer.xyz - High
295 45.67.231.123 mihome.ru - High
296 45.67.231.151 vm1197030.stark-industries.solutions - High
297 45.84.0.13 vm523902.stark-industries.solutions - High
298 45.84.240.87 - - High
299 45.132.180.49 - - High
300 45.138.172.22 - - High
301 45.138.172.246 - - High
302 45.140.146.30 vm542320.stark-industries.solutions - High
303 45.140.146.244 - - High
304 45.141.58.37 - - High
305 45.141.58.139 galorebase.com - High
306 45.142.214.120 vm516885.stark-industries.solutions - High
307 45.142.214.167 - - High
308 45.147.229.23 - - High
309 45.147.229.47 - - High
310 45.147.229.50 - - High
311 45.147.229.101 - - High
312 45.147.229.177 - - High
313 45.147.229.199 - - High
314 45.147.229.223 - - High
315 45.147.230.179 - - High
316 45.147.230.233 - - High
317 45.147.230.245 poppuworls.club - High
318 45.147.231.107 - - High
319 45.147.231.156 - - High
320 45.147.231.202 - - High
321 45.147.231.232 - - High
322 45.150.67.154 vm1326648.stark-industries.solutions - High
323 45.153.240.56 - - High
324 45.153.240.94 - - High
325 45.153.240.139 - - High
326 45.153.240.155 - - High
327 45.153.241.19 - - High
328 45.153.241.64 - - High
329 45.153.241.120 - - High
330 45.153.241.187 - - High
331 45.153.241.209 - - High
332 45.153.241.234 - - High
333 45.153.241.245 - - High
334 45.153.242.61 - - High
335 45.153.242.100 - - High
336 45.153.242.105 - - High
337 45.153.242.183 - - High
338 45.153.242.184 - - High
339 45.153.242.242 - - High
340 45.153.243.82 - - High
341 45.153.243.93 - - High
342 45.153.243.111 - - High
343 45.153.243.126 - - High
344 45.153.243.130 - - High
345 45.153.243.222 - - High
346 46.21.153.145 145.153.21.46.static.swiftway.net - High
347 46.21.153.157 157.153.21.46.static.swiftway.net - High
348 46.21.153.246 246.153.21.46.static.swiftway.net - High
349 46.44.240.53 46-44-240-53.ip.welcomeitalia.it - High
350 46.142.186.28 28-186-142-46.pool.kielnet.net - High
351 46.142.187.27 27-187-142-46.pool.kielnet.net - High
352 46.142.187.96 96-187-142-46.pool.kielnet.net - High
353 ... ... ... ...

There are 1410 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by BumbleBee. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-35 Pathname Traversal High
2 T1040 CWE-294 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 T1068 CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 J2EE Misconfiguration: Weak Access Permissions for EJB Methods High
7 ... ... ... ...

There are 24 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BumbleBee. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /academy/home/courses High
2 File /admin.php?c=upload&f=zip&_noCache=0.1683794968 High
3 File /admin/adclass.php High
4 File /admin/students/view_details.php High
5 File /ajax-files/followBoard.php High
6 File /ajax.php?action=read_msg High
7 File /api/baskets/{name} High
8 File /app/search/table High
9 File /auth/callback High
10 File /authenticationendpoint/login.do High
11 File /cgi-bin/wlogin.cgi High
12 File /cgi.cgi Medium
13 File /collection/all High
14 File /Content/Template/root/reverse-shell.aspx High
15 File /ctcprotocol/Protocol High
16 File /dashboard/add-blog.php High
17 File /debug/pprof Medium
18 File /DXR.axd Medium
19 File /emap/devicePoint_addImgIco?hasSubsystem=true High
20 File /file/upload/1 High
21 File /files/ Low
22 File /forum/away.php High
23 File /fusion/portal/action/Link High
24 File /getcfg.php Medium
25 File /goform/setportList High
26 File /gracemedia-media-player/templates/files/ajax_controller.php High
27 File /group1/uploa High
28 File /h/autoSaveDraft High
29 File /importexport.php High
30 File /inc/parser/xhtml.php High
31 File /index.php/sysmanage/Login/login_auth/ High
32 File /index.php?p=admin/actions/users/send-password-reset-email High
33 File /index.php?page=member High
34 File /jurusanmatkul/data High
35 File /log/decodmail.php High
36 File /login.php?do=login High
37 File /pf/idprofile.ping High
38 File /preview.php Medium
39 File /public/login.htm High
40 File /QueryView.php High
41 File /romfile.cfg Medium
42 File /squashfs-root/etc_ro/custom.conf High
43 File /staff/bookdetails.php High
44 File /staff/edit_book_details.php High
45 File /student/bookdetails.php High
46 ... ... ...

There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!