mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-25 16:39:06 +00:00

History

Marc Ruef 4e0d577a2c Update		2022-04-23 11:50:32 +02:00
..
README.md	Update	2022-04-23 11:50:32 +02:00

README.md

Indexsinas - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Indexsinas. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.indexsinas

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Indexsinas:

There are 4 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Indexsinas.

ID	IP address	Hostname	Campaign	Confidence
1	1.1.194.65	node-d35.pool-1-1.dynamic.totinternet.net	-	High
2	1.1.204.168	node-f54.pool-1-1.dynamic.totinternet.net	-	High
3	1.1.233.39	node-krr.pool-1-1.dynamic.totinternet.net	-	High
4	1.2.195.2	node-d8i.pool-1-2.dynamic.totinternet.net	-	High
5	1.4.132.77	node-ul.pool-1-4.dynamic.totinternet.net	-	High
6	1.6.120.155	-	-	High
7	1.20.137.117	-	-	High
8	1.20.225.113	-	-	High
9	1.22.181.165	mail.adwaithtextiles.in	-	High
10	1.52.173.100	-	-	High
11	1.52.181.249	-	-	High
12	1.52.207.255	-	-	High
13	1.53.6.57	-	-	High
14	1.53.36.101	-	-	High
15	1.53.39.211	-	-	High
16	1.53.75.172	-	-	High
17	1.53.157.25	-	-	High
18	1.53.158.83	-	-	High
19	1.53.163.215	-	-	High
20	1.53.205.175	-	-	High
21	1.53.239.188	-	-	High
22	1.54.22.167	-	-	High
23	1.55.49.5	-	-	High
24	1.55.86.223	-	-	High
25	1.55.94.121	-	-	High
26	1.55.109.37	-	-	High
27	1.55.171.204	-	-	High
28	1.55.250.252	-	-	High
29	1.55.255.32	-	-	High
30	1.179.159.61	-	-	High
31	1.187.109.234	-	-	High
32	1.192.2.158	-	-	High
33	5.2.39.75	host-5-2-39-75.ugmk-telecom.ru	-	High
34	5.11.129.160	-	-	High
35	14.0.136.247	14-0-136-247.static.pccw-hkt.com	-	High
36	14.13.96.225	M014013096225.v4.enabler.ne.jp	-	High
37	14.99.91.9	static-9.91.99.14-tataidc.co.in	-	High
38	14.102.155.49	IP-155.49.skyline.net.id	-	High
39	14.140.249.74	14.140.249.74.static-Hyderabad.vsnl.net.in	-	High
40	14.160.0.138	static.vnpt.vn	-	High
41	14.160.235.184	static.vnpt.vn	-	High
42	14.161.2.168	static.vnpt.vn	-	High
43	14.161.18.104	static.vnpt.vn	-	High
44	14.161.27.139	static.vnpt.vn	-	High
45	14.161.197.115	static.vnpt.vn	-	High
46	14.162.54.120	static.vnpt.vn	-	High
47	14.162.181.197	static.vnpt.vn	-	High
48	14.162.190.182	static.vnpt.vn	-	High
49	14.162.242.230	static.vnpt.vn	-	High
50	14.163.166.255	static.vnpt.vn	-	High
51	14.163.174.205	static.vnpt.vn	-	High
52	14.165.25.17	static.vnpt.vn	-	High
53	14.165.145.99	static.vnpt.vn	-	High
54	14.167.8.109	static.vnpt.vn	-	High
55	14.168.18.5	static.vnpt.vn	-	High
56	14.170.154.89	static.vnpt.vn	-	High
57	14.171.54.10	static.vnpt.vn	-	High
58	14.171.69.83	static.vnpt.vn	-	High
59	14.172.51.182	static.vnpt.vn	-	High
60	14.172.90.15	static.vnpt.vn	-	High
61	14.174.104.135	static.vnpt.vn	-	High
62	14.174.149.115	static.vnpt.vn	-	High
63	14.174.214.194	static.vnpt.vn	-	High
64	14.175.88.124	static.vnpt.vn	-	High
65	14.177.68.91	static.vnpt.vn	-	High
66	14.177.158.233	static.vnpt.vn	-	High
67	14.177.159.7	static.vnpt.vn	-	High
68	14.178.58.157	static.vnpt.vn	-	High
69	14.179.77.144	static.vnpt.vn	-	High
70	14.180.86.212	static.vnpt.vn	-	High
71	14.180.239.114	static.vnpt.vn	-	High
72	14.182.28.1	static.vnpt.vn	-	High
73	14.183.57.40	static.vnpt.vn	-	High
74	14.185.5.171	static.vnpt.vn	-	High
75	14.185.142.126	static.vnpt.vn	-	High
76	14.186.141.11	static.vnpt.vn	-	High
77	14.188.22.251	static.vnpt.vn	-	High
78	14.188.231.130	static.vnpt.vn	-	High
79	14.188.238.211	static.vnpt.vn	-	High
80	14.190.254.218	static.vnpt.vn	-	High
81	14.191.63.112	static.vnpt.vn	-	High
82	14.201.130.198	14-201-130-198.static.tpgi.com.au	-	High
83	14.207.4.180	mx-ll-14.207.4-180.dynamic.3bb.co.th	-	High
84	14.207.167.148	mx-ll-14.207.167-148.dynamic.3bb.in.th	-	High
85	14.224.129.118	-	-	High
86	14.227.227.169	static.vnpt.vn	-	High
87	14.228.100.77	static.vnpt.vn	-	High
88	14.229.20.112	static.vnpt.vn	-	High
89	14.229.86.39	static.vnpt.vn	-	High
90	14.230.213.97	static.vnpt.vn	-	High
91	14.231.191.228	static.vnpt.vn	-	High
92	14.232.69.140	static.vnpt.vn	-	High
93	14.232.127.52	static.vnpt.vn	-	High
94	14.232.164.251	static.vnpt.vn	-	High
95	14.232.200.231	static.vnpt.vn	-	High
96	14.232.210.115	-	-	High
97	14.232.245.105	static.vnpt.vn	-	High
98	14.233.145.94	static.vnpt.vn	-	High
99	14.233.208.196	static.vnpt.vn	-	High
100	14.233.228.233	static.vnpt.vn	-	High
101	14.233.239.236	static.vnpt.vn	-	High
102	14.234.241.108	static.vnpt.vn	-	High
103	14.236.18.203	static.vnpt.vn	-	High
104	14.236.61.80	static.vnpt.vn	-	High
105	14.237.2.58	static.vnpt.vn	-	High
106	14.237.13.246	static.vnpt.vn	-	High
107	14.237.224.86	static.vnpt.vn	-	High
108	14.239.48.75	static.vnpt.vn	-	High
109	14.239.137.173	static.vnpt.vn	-	High
110	14.241.75.152	static.vnpt.vn	-	High
111	14.241.110.97	static.vnpt.vn	-	High
112	14.241.212.16	static.vnpt.vn	-	High
113	14.243.116.96	static.vnpt.vn	-	High
114	14.243.125.122	static.vnpt.vn	-	High
115	14.243.233.224	static.vnpt.vn	-	High
116	14.244.182.164	static.vnpt.vn	-	High
117	14.245.7.119	static.vnpt.vn	-	High
118	14.245.45.34	static.vnpt.vn	-	High
119	14.245.95.116	static.vnpt.vn	-	High
120	14.245.219.40	static.vnpt.vn	-	High
121	14.247.36.124	static.vnpt.vn	-	High
122	14.247.48.41	static.vnpt.vn	-	High
123	14.248.68.45	static.vnpt.vn	-	High
124	14.248.76.134	static.vnpt.vn	-	High
125	14.248.77.251	static.vnpt.vn	-	High
126	14.248.137.124	static.vnpt.vn	-	High
127	14.251.169.133	static.vnpt.vn	-	High
128	14.252.247.220	static.vnpt.vn	-	High
129	18.138.91.163	ec2-18-138-91-163.ap-southeast-1.compute.amazonaws.com	-	Medium
130	23.239.7.84	23-239-7-84.ip.linodeusercontent.com	-	High
131	23.244.61.44	d-23-244-61-44.oh.cpe.atlanticbb.net	-	High
132	27.3.88.84	-	-	High
133	27.50.18.125	ip-18-125.moratelindo.co.id	-	High
134	27.66.37.17	localhost	-	High
135	27.66.103.220	localhost	-	High
136	27.67.4.204	localhost	-	High
137	27.72.29.86	dynamic-ip-adsl.viettel.vn	-	High
138	27.72.31.185	-	-	High
139	27.72.80.215	dynamic-ip-adsl.viettel.vn	-	High
140	27.72.147.109	-	-	High
141	27.74.74.120	localhost	-	High
142	27.74.241.221	-	-	High
143	27.75.129.180	localhost	-	High
144	27.75.215.86	localhost	-	High
145	27.76.11.196	localhost	-	High
146	27.76.130.16	localhost	-	High
147	27.77.199.7	localhost	-	High
148	27.79.35.111	localhost	-	High
149	27.79.249.72	localhost	-	High
150	27.112.70.210	-	-	High
151	27.123.1.33	ip123-1-33.tgg.net.id	-	High
152	27.255.75.185	-	-	High
153	27.255.79.105	break-cscript.boxypear.net	-	High
154	31.134.122.36	-	-	High
155	31.207.133.129	pool-31-207-133-129.is74.ru	-	High
156	35.185.156.238	238.156.185.35.bc.googleusercontent.com	-	Medium
157	36.22.90.90	-	-	High
158	36.22.120.17	-	-	High
159	36.37.75.182	-	-	High
160	36.37.125.21	-	-	High
161	36.65.124.254	-	-	High
162	36.66.36.58	-	-	High
163	36.66.72.5	-	-	High
164	36.66.80.34	-	-	High
165	36.66.112.254	-	-	High
166	36.66.118.42	-	-	High
167	36.66.173.77	-	-	High
168	36.66.243.114	-	-	High
169	36.67.181.149	-	-	High
170	36.68.6.192	-	-	High
171	36.68.54.50	-	-	High
172	36.68.87.100	-	-	High
173	36.68.145.188	-	-	High
174	36.68.236.189	-	-	High
175	36.69.13.197	-	-	High
176	36.71.30.170	-	-	High
177	36.71.37.196	-	-	High
178	36.71.235.86	-	-	High
179	36.72.145.33	-	-	High
180	36.72.205.250	-	-	High
181	36.72.212.180	-	-	High
182	36.72.214.2	-	-	High
183	36.72.214.97	-	-	High
184	36.72.214.160	-	-	High
185	36.72.216.119	-	-	High
186	36.72.245.203	-	-	High
187	36.73.26.56	-	-	High
188	36.73.35.226	-	-	High
189	36.73.69.8	-	-	High
190	36.73.113.131	-	-	High
191	36.73.176.154	-	-	High
192	36.74.204.142	-	-	High
193	36.75.140.144	-	-	High
194	36.75.143.198	-	-	High
195	36.75.218.221	-	-	High
196	36.76.84.43	-	-	High
197	36.76.148.105	-	-	High
198	36.76.178.40	-	-	High
199	36.76.198.83	-	-	High
200	36.76.203.169	-	-	High
201	36.76.245.179	-	-	High
202	36.76.247.237	-	-	High
203	36.77.92.56	-	-	High
204	36.77.92.189	-	-	High
205	36.77.94.127	-	-	High
206	36.77.96.161	-	-	High
207	36.77.147.219	-	-	High
208	36.77.201.235	-	-	High
209	36.78.40.225	-	-	High
210	36.78.65.44	-	-	High
211	36.78.74.20	-	-	High
212	36.78.75.143	-	-	High
213	36.78.202.223	-	-	High
214	36.79.22.247	-	-	High
215	36.79.32.56	-	-	High
216	36.79.74.198	-	-	High
217	36.79.161.254	-	-	High
218	36.79.215.45	-	-	High
219	36.79.230.77	-	-	High
220	36.79.255.29	-	-	High
221	36.80.92.201	-	-	High
222	36.81.6.228	-	-	High
223	36.81.195.154	-	-	High
224	36.82.3.56	-	-	High
225	36.82.96.103	-	-	High
226	36.82.97.152	-	-	High
227	36.82.98.148	-	-	High
228	36.82.98.163	-	-	High
229	36.83.100.177	-	-	High
230	36.84.118.132	-	-	High
231	36.84.144.100	-	-	High
232	36.84.227.135	-	-	High
233	36.84.227.208	-	-	High
234	36.85.104.242	-	-	High
235	36.85.112.41	-	-	High
236	36.88.105.146	-	-	High
237	36.90.48.213	-	-	High
238	36.90.160.237	-	-	High
239	36.90.166.50	-	-	High
240	36.90.170.131	-	-	High
241	36.90.180.69	-	-	High
242	36.90.183.110	-	-	High
243	36.90.215.194	-	-	High
244	36.90.219.179	-	-	High
245	36.90.226.4	-	-	High
246	36.90.227.223	-	-	High
247	36.91.105.2	-	-	High
248	36.92.44.52	-	-	High
249	36.92.93.37	-	-	High
250	36.92.213.53	-	-	High
251	36.93.93.114	-	-	High
252	36.94.166.145	-	-	High
253	36.94.233.34	-	-	High
254	36.95.18.73	-	-	High
255	36.231.140.210	36-231-140-210.dynamic-ip.hinet.net	-	High
256	37.73.91.198	-	-	High
257	...	...	...	...

There are 1024 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Indexsinas. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Weakness	Description	Confidence
1	T1059.007	CWE-79	Cross Site Scripting	High
2	T1068	CWE-264, CWE-284	Execution with Unnecessary Privileges	High
3	T1110.001	CWE-798	Improper Restriction of Excessive Authentication Attempts	High
4	...	...	...	...

There are 6 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Indexsinas. This data is unique as it uses our predictive model for actor profiling.

ID	Type	Indicator	Confidence
1	File	`/admin/index.php`	High
2	File	`/blog/blog.php`	High
3	File	`/cmd?cmd=connect`	High
4	File	`/ghost/preview`	High
5	File	`/nova/bin/detnet`	High
6	File	`/pineapple/ui`	High
7	File	`/proc/stat`	Medium
8	File	`/row/row0mysql.cc`	High
9	File	`/sql/sql_string.h`	High
10	File	`/sql/sql_type.cc`	High
11	File	`/src/njs_vmcode.c`	High
12	File	`/strings/ctype-simple.c`	High
13	File	`/tcpedit/checksum.c`	High
14	File	`/uncpath/`	Medium
15	...	...	...

There are 121 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

https://github.com/guardicore/labs_campaigns/tree/master/Indexsinas

Literature

The following articles explain our unique predictive cyber threat intelligence: