Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-07-03 08:58:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
3899a47ea9
cyber_threat_intelligence/actors/Austria Unknown
History
Marc Ruef 3899a47ea9 Update January 2023
2023-01-30 13:54:37 +01:00
..
README.md Update January 2023 2023-01-30 13:54:37 +01:00

README.md

Austria Unknown - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Austria Unknown. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.austria_unknown

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Austria Unknown:

There are 33 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Austria Unknown.

ID IP address Hostname Campaign Confidence
1 2.21.88.0 a2-21-88-0.deploy.static.akamaitechnologies.com - High
2 2.21.92.0 a2-21-92-0.deploy.static.akamaitechnologies.com - High
3 2.21.96.0 a2-21-96-0.deploy.static.akamaitechnologies.com - High
4 2.21.172.132 a2-21-172-132.deploy.static.akamaitechnologies.com - High
5 2.21.172.140 a2-21-172-140.deploy.static.akamaitechnologies.com - High
6 2.21.172.148 a2-21-172-148.deploy.static.akamaitechnologies.com - High
7 2.21.172.156 a2-21-172-156.deploy.static.akamaitechnologies.com - High
8 2.21.172.164 a2-21-172-164.deploy.static.akamaitechnologies.com - High
9 2.21.172.172 a2-21-172-172.deploy.static.akamaitechnologies.com - High
10 2.21.172.180 a2-21-172-180.deploy.static.akamaitechnologies.com - High
11 2.21.246.0 a2-21-246-0.deploy.static.akamaitechnologies.com - High
12 2.23.97.4 a2-23-97-4.deploy.static.akamaitechnologies.com - High
13 2.23.97.28 a2-23-97-28.deploy.static.akamaitechnologies.com - High
14 2.23.97.61 a2-23-97-61.deploy.static.akamaitechnologies.com - High
15 2.23.97.62 a2-23-97-62.deploy.static.akamaitechnologies.com - High
16 2.23.97.70 a2-23-97-70.deploy.static.akamaitechnologies.com - High
17 2.23.97.76 a2-23-97-76.deploy.static.akamaitechnologies.com - High
18 2.23.97.84 a2-23-97-84.deploy.static.akamaitechnologies.com - High
19 2.23.97.92 a2-23-97-92.deploy.static.akamaitechnologies.com - High
20 2.23.97.100 a2-23-97-100.deploy.static.akamaitechnologies.com - High
21 2.23.97.108 a2-23-97-108.deploy.static.akamaitechnologies.com - High
22 2.23.97.116 a2-23-97-116.deploy.static.akamaitechnologies.com - High
23 2.23.97.124 a2-23-97-124.deploy.static.akamaitechnologies.com - High
24 2.56.160.0 2.56.160.0.dyn.kraftcom.at - High
25 2.56.208.0 2-56-208-0.kt-net.net - High
26 2.57.48.0 - - High
27 2.57.104.0 host.domain - High
28 2.57.156.0 - - High
29 2.57.180.0 - - High
30 2.58.60.0 - - High
31 2.58.144.0 - - High
32 5.11.0.0 - - High
33 5.23.22.8 - - High
34 5.23.22.32 - - High
35 5.44.208.0 - - High
36 5.104.68.0 - - High
37 5.104.216.0 host-5-104-216-0.infotech.at - High
38 5.132.137.0 - - High
39 5.132.144.0 - - High
40 5.132.157.0 - - High
41 5.132.158.0 - - High
42 5.132.160.0 - - High
43 5.159.0.0 5.159.0.0.power-speed.at - High
44 5.175.183.176 asrlh.host1dns.com - High
45 5.180.8.0 - - High
46 5.181.228.0 - - High
47 5.182.232.0 - - High
48 5.183.172.0 ip005183172000.rev.nessus.at - High
49 5.183.216.0 - - High
50 5.183.244.0 - - High
51 5.198.144.0 - - High
52 5.206.200.0 - - High
53 5.231.74.0 - - High
54 5.253.207.0 - - High
55 5.253.216.0 - - High
56 5.254.80.0 - - High
57 5.254.83.0 - - High
58 5.254.184.0 - - High
59 8.40.111.0 - - High
60 17.67.24.0 - - High
61 17.68.48.0 - - High
62 17.72.69.0 - - High
63 23.6.113.62 a23-6-113-62.deploy.static.akamaitechnologies.com - High
64 23.6.113.68 a23-6-113-68.deploy.static.akamaitechnologies.com - High
65 23.6.113.76 a23-6-113-76.deploy.static.akamaitechnologies.com - High
66 23.6.113.159 a23-6-113-159.deploy.static.akamaitechnologies.com - High
67 23.6.113.164 a23-6-113-164.deploy.static.akamaitechnologies.com - High
68 23.6.113.172 a23-6-113-172.deploy.static.akamaitechnologies.com - High
69 23.6.113.180 a23-6-113-180.deploy.static.akamaitechnologies.com - High
70 23.6.113.188 a23-6-113-188.deploy.static.akamaitechnologies.com - High
71 23.6.113.212 a23-6-113-212.deploy.static.akamaitechnologies.com - High
72 23.6.113.220 a23-6-113-220.deploy.static.akamaitechnologies.com - High
73 23.6.113.228 a23-6-113-228.deploy.static.akamaitechnologies.com - High
74 23.6.113.230 a23-6-113-230.deploy.static.akamaitechnologies.com - High
75 23.103.132.32 - - High
76 23.103.132.64 - - High
77 23.103.132.96 - - High
78 23.103.132.144 - - High
79 23.103.133.192 - - High
80 23.103.134.0 - - High
81 23.103.134.48 - - High
82 23.103.135.160 - - High
83 23.103.135.184 - - High
84 23.103.236.80 - - High
85 23.103.236.144 - - High
86 23.103.236.208 - - High
87 23.103.237.16 - - High
88 23.103.246.160 - - High
89 23.103.246.224 - - High
90 23.103.247.32 - - High
91 23.103.247.96 - - High
92 23.103.247.160 - - High
93 23.103.248.224 - - High
94 27.0.233.0 - - High
95 27.0.233.8 - - High
96 27.0.233.13 - - High
97 27.0.233.15 - - High
98 27.0.233.16 - - High
99 27.0.233.32 - - High
100 27.0.233.64 - - High
101 27.0.233.128 - - High
102 31.6.55.0 - - High
103 31.12.0.0 - - High
104 31.193.160.0 - - High
105 31.210.9.112 - - High
106 31.210.9.192 - - High
107 31.210.10.80 - - High
108 31.210.11.0 - - High
109 31.210.11.16 - - High
110 31.217.216.0 - - High
111 32.106.99.0 bb.32-106-99-0.vi.at.prserv.net - High
112 32.106.100.0 bb.32-106-100-0.vi.at.prserv.net - High
113 34.99.138.0 0.138.99.34.bc.googleusercontent.com - Medium
114 34.99.210.0 0.210.99.34.bc.googleusercontent.com - Medium
115 34.103.154.0 0.154.103.34.bc.googleusercontent.com - Medium
116 37.44.220.0 - - High
117 37.61.184.0 - - High
118 37.75.136.0 unassigned000.net136.selfnet.at - High
119 37.120.155.0 - - High
120 37.120.212.0 - - High
121 37.122.220.0 - - High
122 37.143.176.0 - - High
123 37.186.0.0 - - High
124 37.186.16.0 - - High
125 37.186.144.0 - - High
126 37.230.191.0 - - High
127 37.235.0.0 host.domain - High
128 37.235.48.0 - - High
129 37.252.184.0 - - High
130 37.252.233.0 - - High
131 37.252.235.0 - - High
132 37.252.236.0 - - High
133 37.252.241.0 - - High
134 37.252.242.0 - - High
135 37.252.248.96 - - High
136 37.252.250.0 - - High
137 37.252.252.0 - - High
138 40.78.213.0 - - High
139 40.80.28.0 - - High
140 40.92.17.0 - - High
141 40.92.48.0 - - High
142 40.92.66.0 - - High
143 40.92.69.0 - - High
144 40.92.72.0 - - High
145 40.92.75.0 - - High
146 40.92.90.0 - - High
147 40.93.50.0 - - High
148 40.93.66.0 - - High
149 40.93.69.0 - - High
150 40.93.72.0 - - High
151 40.93.75.0 - - High
152 40.93.90.0 - - High
153 40.93.94.0 - - High
154 40.94.67.0 - - High
155 40.94.72.0 - - High
156 40.94.104.0 - - High
157 40.94.105.0 - - High
158 40.95.50.0 - - High
159 40.95.66.0 - - High
160 40.95.69.0 - - High
161 40.95.72.0 - - High
162 40.95.75.0 - - High
163 40.95.89.0 - - High
164 40.95.94.0 - - High
165 40.96.5.0 - - High
166 40.96.16.208 - - High
167 40.96.16.224 - - High
168 40.96.21.64 - - High
169 40.96.21.128 - - High
170 40.96.21.192 - - High
171 40.96.24.136 - - High
172 40.96.24.144 - - High
173 40.96.25.32 - - High
174 40.96.28.80 - - High
175 40.96.28.96 - - High
176 40.96.28.128 - - High
177 40.96.30.64 - - High
178 40.96.30.80 - - High
179 40.96.35.16 - - High
180 40.96.35.32 - - High
181 40.96.35.64 - - High
182 40.96.35.128 - - High
183 40.96.35.160 - - High
184 40.96.39.168 - - High
185 40.96.39.176 - - High
186 40.96.51.64 - - High
187 40.96.51.128 - - High
188 40.96.51.192 - - High
189 40.101.4.0 - - High
190 40.101.52.0 - - High
191 40.101.53.0 - - High
192 40.101.53.32 - - High
193 40.101.53.232 - - High
194 40.101.53.240 - - High
195 40.101.54.0 - - High
196 40.101.68.0 - - High
197 40.101.76.0 - - High
198 40.103.0.48 - - High
199 40.103.0.112 - - High
200 40.103.0.176 - - High
201 40.103.0.240 - - High
202 40.103.1.48 - - High
203 40.103.1.112 - - High
204 40.103.1.176 - - High
205 40.103.1.240 - - High
206 40.103.5.240 - - High
207 40.103.6.48 - - High
208 40.103.6.112 - - High
209 40.103.6.176 - - High
210 40.103.6.240 - - High
211 40.103.12.32 - - High
212 40.103.12.96 - - High
213 40.103.12.160 - - High
214 40.103.12.224 - - High
215 40.103.13.32 - - High
216 40.103.13.96 - - High
217 40.103.13.160 - - High
218 40.103.13.224 - - High
219 40.103.14.32 - - High
220 40.103.14.96 - - High
221 40.103.22.16 - - High
222 40.103.22.80 - - High
223 40.103.22.144 - - High
224 40.103.22.208 - - High
225 40.103.23.16 - - High
226 40.103.31.208 - - High
227 40.103.32.16 - - High
228 40.103.32.80 - - High
229 40.103.32.144 - - High
230 40.103.32.208 - - High
231 40.103.33.16 - - High
232 40.103.33.80 - - High
233 40.103.33.144 - - High
234 40.103.33.208 - - High
235 40.103.34.16 - - High
236 40.103.37.48 - - High
237 40.103.37.112 - - High
238 40.103.37.176 - - High
239 40.103.37.240 - - High
240 40.103.38.48 - - High
241 40.103.38.112 - - High
242 40.103.38.176 - - High
243 40.103.38.240 - - High
244 40.103.39.48 - - High
245 40.103.39.112 - - High
246 40.103.44.128 - - High
247 40.103.44.192 - - High
248 40.103.45.0 - - High
249 40.103.45.64 - - High
250 40.103.45.128 - - High
251 40.103.45.192 - - High
252 40.103.46.0 - - High
253 40.103.46.64 - - High
254 40.103.46.128 - - High
255 40.103.46.192 - - High
256 40.103.58.0 - - High
257 40.103.58.64 - - High
258 40.103.58.128 - - High
259 40.103.58.192 - - High
260 40.103.59.0 - - High
261 40.107.2.0 mail-eopbgr20000.outbound.protection.outlook.com - High
262 40.107.5.0 mail-eopbgr50000.outbound.protection.outlook.com - High
263 40.107.8.0 mail-eopbgr80000.outbound.protection.outlook.com - High
264 40.107.14.0 mail-eopbgr140000.outbound.protection.outlook.com - High
265 40.107.21.0 mail-eopbgr210000.outbound.protection.outlook.com - High
266 40.107.26.0 mail-eopbgr260000.outbound.protection.outlook.com - High
267 40.107.195.0 - - High
268 40.107.201.0 - - High
269 40.107.241.0 - - High
270 43.225.190.0 - - High
271 44.190.2.0 - - High
272 45.8.60.0 - - High
273 45.9.96.0 host-45-9-96-0.access.redder.net - High
274 45.9.220.0 - - High
275 45.9.248.196 - - High
276 45.10.144.0 45-10-144-0.kt-net.net - High
277 45.11.68.0 - - High
278 45.12.44.0 - - High
279 45.12.70.12 demons.get-eye.com - High
280 45.12.71.12 - - High
281 45.12.96.0 45-12-96-0.static.digitalnova.at - High
282 45.12.244.0 - - High
283 45.15.52.0 - - High
284 45.67.44.0 - - High
285 45.67.168.0 - - High
286 45.82.192.0 n540-p116-barkhausenweg-10.v2759.b900.pop116-asr.ipv4.wtnet.de - High
287 45.84.144.0 - - High
288 45.84.228.0 - - High
289 45.84.252.0 host.domain - High
290 45.85.12.0 - - High
291 45.86.116.0 mta-2d567400.ip4.emsmtp.us - High
292 45.86.164.0 - - High
293 45.86.192.0 - - High
294 45.87.192.0 - - High
295 45.88.128.0 - - High
296 45.88.240.0 - - High
297 45.89.160.0 - - High
298 45.90.24.0 unassigned000.net24.datamagic.at - High
299 45.90.68.0 - - High
300 45.90.76.0 - - High
301 45.91.44.0 - - High
302 45.91.94.0 - - High
303 45.91.244.0 - - High
304 45.92.212.0 - - High
305 45.93.252.0 - - High
306 45.95.124.0 45-95-124-0.kt-net.net - High
307 45.95.140.0 - - High
308 45.95.152.0 - - High
309 45.130.204.0 - - High
310 45.131.16.0 - - High
311 45.132.60.0 host.domain - High
312 45.133.42.0 - - High
313 45.134.36.0 - - High
314 45.134.244.0 - - High
315 45.135.188.0 - - High
316 45.136.60.0 aquila0.revadonni.com - High
317 45.137.4.0 - - High
318 45.137.71.255 - - High
319 45.138.20.0 - - High
320 45.138.168.0 - - High
321 45.139.0.0 - - High
322 45.139.60.0 - - High
323 45.140.148.0 - - High
324 45.140.152.0 - - High
325 45.140.248.0 - - High
326 45.141.55.0 - - High
327 45.141.58.0 - - High
328 45.142.240.0 - - High
329 45.143.24.0 sta-024-000.mmc.at - High
330 45.143.64.0 - - High
331 45.144.84.0 45-144-84-0.kt-net.net - High
332 45.144.200.0 - - High
333 45.144.208.0 - - High
334 45.145.192.0 - - High
335 45.145.200.0 host-45-145-200-0.mywic.eu - High
336 45.145.227.255 - - High
337 45.146.130.0 - - High
338 45.146.216.0 - - High
339 45.147.108.0 - - High
340 45.149.32.0 45-149-32-0.kt-net.net - High
341 45.150.96.0 - - High
342 45.151.56.0 - - High
343 45.151.204.0 - - High
344 45.152.40.0 - - High
345 45.152.52.0 - - High
346 45.153.140.0 - - High
347 45.153.232.0 - - High
348 45.154.248.0 contingency.gottingen.basecamp.ask4.de - High
349 45.155.184.0 - - High
350 45.155.244.0 - - High
351 45.156.4.0 - - High
352 45.156.240.0 - - High
353 46.17.224.0 - - High
354 46.20.16.0 - - High
355 46.29.32.0 - - High
356 46.43.128.0 - - High
357 46.57.0.0 46.57.0.0.dsl.dyn.drei.com - High
358 46.74.0.0 046074000000.atmpu0001.highway.a1.net - High
359 46.124.0.0 046124000000.public.t-mobile.at - High
360 46.151.200.0 - - High
361 46.183.188.0 - - High
362 46.189.67.104 - - High
363 46.189.67.232 - - High
364 46.189.121.64 - - High
365 46.206.0.0 046206000000.atmpu0017.highway.a1.net - High
366 46.220.0.0 46.220.0.0.wireless.dyn.drei.com - High
367 46.243.104.0 - - High
368 46.243.221.0 - - High
369 46.245.200.0 static-46-245-200-0.wnt.at - High
370 46.247.192.0 46-247-192-0.stat.cablelink.at - High
371 46.255.176.0 network-46-255-176-0.neotelecoms.com - High
372 46.255.180.16 - - High
373 46.255.180.32 - - High
374 46.255.180.64 - - High
375 46.255.180.128 - - High
376 46.255.181.0 network-46-255-181-0.neotelecoms.com - High
377 46.255.181.128 - - High
378 46.255.181.192 - - High
379 46.255.181.224 - - High
380 46.255.182.0 - - High
381 50.7.113.0 - - High
382 50.7.115.0 - - High
383 50.7.184.0 - - High
384 52.97.128.0 - - High
385 52.97.133.0 - - High
386 52.97.138.128 - - High
387 52.97.138.224 - - High
388 52.97.141.0 - - High
389 52.97.142.0 - - High
390 52.97.143.160 - - High
391 52.97.143.192 - - High
392 52.97.148.128 - - High
393 52.97.152.0 - - High
394 52.97.153.128 - - High
395 ... ... ... ...

There are 1576 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Austria Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23 Pathname Traversal High
2 T1040 CWE-294 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-88, CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80, CWE-87 Cross Site Scripting High
6 ... ... ... ...

There are 21 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Austria Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .../gogo/ Medium
2 File .github/workflows/combine-prs.yml High
3 File /?admin/user.html High
4 File /Admin/add-student.php High
5 File /admin/api/admin/articles/ High
6 File /Admin/login.php High
7 File /admin/students/manage.php High
8 File /api/user/upsert/<uuid> High
9 File /apilog.php Medium
10 File /cgi-bin/webadminget.cgi High
11 File /cgi-bin/wlogin.cgi High
12 File /connectors/index.php High
13 File /dev/block/mmcblk0rpmb High
14 File /DocSystem/Repos/getReposAllUsers.do High
15 File /etc/ldap.conf High
16 File /etc/shadow Medium
17 File /face-recognition-php/facepay-master/camera.php High
18 File /forum/away.php High
19 File /fos/admin/ajax.php?action=login High
20 File /fos/admin/index.php?page=menu High
21 File /h/calendar Medium
22 File /h/compose Medium
23 File /h/search?action=voicemail&action=listen High
24 File /hrm/employeeadd.php High
25 File /hrm/employeeview.php High
26 File /index.php Medium
27 File /items/view_item.php High
28 File /jsoa/hntdCustomDesktopActionContent High
29 File /lookin/info Medium
30 File /manager/index.php High
31 File /medical/inventories.php High
32 File /modules/profile/index.php High
33 File /modules/projects/vw_files.php High
34 File /modules/public/calendar.php High
35 File /net/nfc/netlink.c High
36 File /newsDia.php Medium
37 File /opac/Actions.php?a=login High
38 File /out.php Medium
39 File /php-sms/classes/Master.php High
40 File /php-sms/classes/SystemSettings.php High
41 File /php_action/createOrder.php High
42 File /php_action/editProductImage.php High
43 File /proxy Low
44 File /Redcock-Farm/farm/category.php High
45 File /reports/rwservlet High
46 File /ResiotQueryDBActive High
47 File /sacco_shield/manage_user.php High
48 File /SetTriggerWPS/PIN High
49 File /spip.php Medium
50 File /sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072 High
51 File /src/png2swf.c High
52 File /staff/bookdetails.php High
53 File /tos/index.php?app/app_start_stop High
54 File /user/update_booking.php High
55 File /vendor/htmlawed/htmlawed/htmLawedTest.php High
56 File /Wedding-Management-PHP/admin/photos_add.php High
57 File /wordpress/wp-admin/options-general.php High
58 File /wp-admin/admin-ajax.php High
59 File 01article.php High
60 File AbstractScheduleJob.java High
61 File actionphp/download.File.php High
62 File adclick.php Medium
63 File add-patient.php High
64 ... ... ...

There are 562 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!