Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-25 00:18:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
4357a66095
cyber_threat_intelligence/actors/Bashlite
History
Marc Ruef 4357a66095 Update June 2023
2023-06-06 10:26:07 +02:00
..
README.md Update June 2023 2023-06-06 10:26:07 +02:00

README.md

Bashlite - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Bashlite. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.bashlite

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bashlite:

There are 17 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Bashlite.

ID IP address Hostname Campaign Confidence
1 2.56.56.94 nutos.top - High
2 2.58.149.40 - - High
3 2.58.149.173 - - High
4 3.69.60.58 ec2-3-69-60-58.eu-central-1.compute.amazonaws.com - Medium
5 3.75.95.184 ec2-3-75-95-184.eu-central-1.compute.amazonaws.com - Medium
6 3.143.112.92 ec2-3-143-112-92.us-east-2.compute.amazonaws.com - Medium
7 5.2.70.22 - - High
8 5.2.73.241 - - High
9 5.154.181.68 667477-vds-nisik737.gmhost.pp.ua - High
10 5.181.80.13 - - High
11 5.181.80.18 innovproduct.com - High
12 5.181.80.119 rate-lead.cheapjerseysbrewers.com - High
13 5.181.159.19 5-181-159-19.mivocloud.com - High
14 5.181.159.128 no-rdns.mivocloud.com - High
15 5.182.210.145 - - High
16 5.188.6.139 roy9.ren.example.com - High
17 5.189.141.159 vmi1293024.contaboserver.net - High
18 5.199.169.12 - - High
19 5.199.169.21 - - High
20 5.206.227.11 - - High
21 5.206.227.77 neptun - High
22 5.206.227.132 ioweytqwd.423.com - High
23 5.249.162.136 - - High
24 5.252.199.138 - - High
25 5.255.98.75 - - High
26 5.255.101.135 - - High
27 13.250.126.74 ec2-13-250-126-74.ap-southeast-1.compute.amazonaws.com - Medium
28 15.235.131.10 ip10.ip-15-235-131.net - High
29 20.25.153.134 - - High
30 20.63.103.150 - - High
31 23.88.113.7 static.7.113.88.23.clients.your-server.de - High
32 23.94.7.153 ac13.xxmails.com - High
33 23.94.7.197 23-94-7-197-host.colocrossing.com - High
34 23.94.22.112 23-94-22-112-host.colocrossing.com - High
35 23.94.24.109 23-94-24-109-host.colocrossing.com - High
36 23.94.26.138 23-94-26-138-host.colocrossing.com - High
37 23.94.27.204 23-94-27-204-host.colocrossing.com - High
38 23.94.36.134 23-94-36-134-host.colocrossing.com - High
39 23.94.77.150 23-94-77-150-host.colocrossing.com - High
40 23.94.138.109 23-94-138-109-host.colocrossing.com - High
41 23.94.182.29 23-94-182-29-host.colocrossing.com - High
42 23.94.190.149 23-94-190-149-host.colocrossing.com - High
43 23.94.245.9 23-94-245-9-host.colocrossing.com - High
44 23.95.9.231 23-95-9-231-host.colocrossing.com - High
45 23.95.213.111 23-95-213-111-host.colocrossing.com - High
46 23.95.222.185 - - High
47 23.95.226.100 100-226-tizess.hornbe.sbs - High
48 23.95.230.108 108-230-kharoshthi.conessf.cloud - High
49 23.160.192.157 unknown.ip-xfer.net - High
50 23.160.193.38 unknown.ip-xfer.net - High
51 23.160.193.99 unknown.ip-xfer.net - High
52 23.160.193.123 unknown.ip-xfer.net - High
53 23.224.189.182 - - High
54 23.225.14.201 - - High
55 23.225.14.209 - - High
56 23.227.146.106 - - High
57 23.227.184.194 glad.allrico.in - High
58 31.7.62.22 amaz0nprime.club - High
59 31.42.186.52 remaintaintinue.com - High
60 31.42.186.77 itay.org.uk - High
61 31.210.20.60 - - High
62 31.214.243.29 - - High
63 31.214.243.99 - - High
64 31.220.51.145 - - High
65 31.222.202.229 - - High
66 34.127.55.77 77.55.127.34.bc.googleusercontent.com - Medium
67 35.204.65.246 246.65.204.35.bc.googleusercontent.com - Medium
68 37.0.10.182 - - High
69 37.0.10.210 - - High
70 37.0.10.214 - - High
71 37.44.238.172 ssd2-1227.9023 - High
72 37.44.238.182 ssd1-2031.9321 - High
73 37.44.238.191 - - High
74 37.44.238.234 - - High
75 37.49.229.52 - - High
76 37.49.230.83 - - High
77 37.49.230.122 - - High
78 37.221.65.77 vivid - High
79 37.221.65.228 cenmiesteamul1989 - High
80 37.221.92.202 static-202-37.bulletvm.io - High
81 38.48.123.55 - - High
82 41.216.182.17 - - High
83 41.216.182.42 - - High
84 41.216.182.131 - - High
85 41.216.182.140 - - High
86 41.216.182.144 - - High
87 41.216.182.203 - - High
88 41.216.182.214 - - High
89 43.153.37.45 - - High
90 45.9.168.102 - - High
91 45.11.181.37 - - High
92 45.14.226.72 hml03.pugginesl.info - High
93 45.32.202.111 45.32.202.111.vultrusercontent.com - High
94 45.33.63.122 45-33-63-122.ip.linodeusercontent.com - High
95 45.56.96.91 45-56-96-91.ip.linodeusercontent.com - High
96 45.61.144.146 - - High
97 45.61.186.4 - - High
98 45.61.187.108 sayonara.hp - High
99 45.61.188.118 ms2.hostwithlove.com - High
100 45.61.188.150 - - High
101 45.61.188.220 - - High
102 45.76.253.113 45.76.253.113.vultrusercontent.com - High
103 45.77.46.118 8.8.8.8.google.com - High
104 45.79.207.123 se1.izlae.com - High
105 45.81.39.172 - - High
106 45.85.90.172 lanenap.sa.com - High
107 45.88.66.177 - - High
108 45.90.160.173 - - High
109 45.90.161.92 - - High
110 45.90.162.184 - - High
111 45.95.55.54 flyhosting.de - High
112 45.95.55.232 flyhosting.de - High
113 45.95.169.115 - - High
114 45.95.169.119 0mrn.hitoritabifans.com - High
115 45.95.169.133 - - High
116 45.124.84.253 sv-84253.bkns.vn - High
117 45.128.153.154 - - High
118 45.128.232.144 144.232.128.45.pfcloud.io - High
119 45.128.234.72 - - High
120 45.132.88.184 45.132.88.184.mc-host24.de - High
121 45.134.10.88 hosted-by.infraly.co - High
122 45.134.11.110 mail.knowallthings.com - High
123 45.137.206.188 hosted-by.varixx.org - High
124 45.140.188.33 hosted-by.royalehosting.net - High
125 45.140.188.40 minrow.populatively.com - High
126 45.140.188.109 hosted-by.royalehosting.net - High
127 45.141.239.114 - - High
128 45.142.107.167 tube-hosting.com - High
129 45.144.29.99 vm467374.stark-industries.solutions - High
130 45.144.179.23 zhaibingyeshishabi.xyz - High
131 45.145.226.64 - - High
132 45.148.10.76 - - High
133 45.148.10.243 - - High
134 45.148.120.80 - - High
135 45.148.120.171 - - High
136 45.148.120.226 45-148-120-226.hosted-by.phanes.cloud - High
137 45.148.121.228 - - High
138 45.148.123.10 - - High
139 45.148.123.58 - - High
140 ... ... ... ...

There are 557 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Bashlite. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-28 Pathname Traversal High
2 T1040 CWE-294, CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-88, CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 19 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bashlite. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /+CSCOE+/logon.html High
2 File /?p=products Medium
3 File /admin.php/accessory/filesdel.html High
4 File /admin/?page=user/manage High
5 File /admin/add-new.php High
6 File /admin/doctors.php High
7 File /admin/submit-articles High
8 File /admin/user/manage_user.php High
9 File /alphaware/summary.php High
10 File /api/ Low
11 File /api/admin/store/product/list High
12 File /api/gen/clients/{language} High
13 File /api/RecordingList/DownloadRecord?file= High
14 File /api/stl/actions/search High
15 File /api/sys_username_passwd.cmd High
16 File /api/v2/cli/commands High
17 File /apply.cgi Medium
18 File /attachments Medium
19 File /boat/login.php High
20 File /bsms_ci/index.php/book High
21 File /cgi-bin Medium
22 File /cgi-bin/wlogin.cgi High
23 File /classes/Master.php?f=delete_appointment High
24 File /context/%2e/WEB-INF/web.xml High
25 File /ctcprotocol/Protocol High
26 File /debug/pprof Medium
27 File /ebics-server/ebics.aspx High
28 File /etc/hosts Medium
29 File /forum/away.php High
30 File /goform/wizard_end High
31 File /HNAP1 Low
32 File /HNAP1/SetClientInfo High
33 File /medicines/profile.php High
34 File /menu.html Medium
35 File /modules/caddyhttp/rewrite/rewrite.go High
36 File /modules/profile/index.php High
37 File /out.php Medium
38 File /php_action/fetchSelectedUser.php High
39 File /proxy Low
40 File /requests.php High
41 File /reservation/add_message.php High
42 File /resources//../ High
43 File /spip.php Medium
44 File /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php High
45 ... ... ...

There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!