cyber_threat_intelligence/campaigns/DDoS Ukraine/README.md
2022-04-23 11:50:32 +02:00

7.6 KiB

DDoS Ukraine - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the campaign known as DDoS Ukraine. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DDoS Ukraine:

Actors

These actors are associated with DDoS Ukraine or other actors linked to the campaign.

ID Actor Confidence
1 Mirai High
2 Gafgyt High
3 Moobot High
4 ... ...

There are 1 more actor items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of DDoS Ukraine.

ID IP address Hostname Actor Confidence
1 45.61.136.130 - Mirai High
2 45.61.186.13 - Mirai High
3 46.29.166.105 - Mirai High
4 ... ... ... ...

There are 14 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used within DDoS Ukraine. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
2 T1068 CWE-264, CWE-284 Execution with Unnecessary Privileges High
3 T1222 CWE-275 Permission Issues High
4 ... ... ... ...

There are 1 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during DDoS Ukraine. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /about.php Medium
2 File /adherents/note.php?id=1 High
3 File /admin.php Medium
4 File /admin/doctors/view_doctor.php High
5 File /admin/modules/bibliography/index.php High
6 File /adminlogin.asp High
7 File /app/controller/Books.php High
8 File /aqpg/users/login.php High
9 File /controller/Index.php High
10 File /coreframe/app/content/admin/content.php High
11 File /dl/dl_print.php High
12 File /dus_en/medieninfo_detail/index.php High
13 File /Hospital-Management-System-master/contact.php High
14 File /include/friends.inc.php High
15 File /master/article.php High
16 File /members/profiles.php High
17 File /members/view_member.php High
18 File /servlet/webacc High
19 File /sitemagic/upgrade.php High
20 File /tmp Low
21 File /userman/inbox.php High
22 File /userui/ticket_list.php High
23 File /wp-admin/options-general.php High
24 File /zm/index.php High
25 File adaptive-images-script.php High
26 File additem.asp Medium
27 File addtocart.asp High
28 File adherents/subscription/info.php High
29 File admin.asp Medium
30 File admin.php Medium
31 File admin/admin.php High
32 File admin/general.php High
33 File admin/header.php High
34 File admin/inc/change_action.php High
35 File admin/index.php High
36 File admin/index.php?id=users/action=edit/user_id=1 High
37 File admin/info.php High
38 File admin/login.asp High
39 File admin/manage-comments.php High
40 File admin/manage-news.php High
41 File admin/plugin-settings.php High
42 File admin/specials.php High
43 File admin:de Medium
44 File admincp/auth/checklogin.php High
45 File admincp/auth/secure.php High
46 File administrator/index.php High
47 File admin_login.asp High
48 File adv_search.asp High
49 File ajax.php Medium
50 File ajax_url.php Medium
51 File album_portal.php High
52 File al_initialize.php High
53 File anjel.index.php High
54 File annonces-p-f.php High
55 File announce.php Medium
56 File announcement.php High
57 File announcements.php High
58 File app/admin/routing/edit-bgp-mapping-search.php High
59 File apply.cgi Medium
60 File apps/app_article/controller/rating.php High
61 File article.php Medium
62 File articles.php Medium
63 File artikel_anzeige.php High
64 File auktion.cgi Medium
65 File auth.php Medium
66 File basket.php Medium
67 File boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php High
68 File books.php Medium
69 File browse-category.php High
70 File browse.php Medium
71 File browse_videos.php High
72 File BrudaNews/BrudaGB High
73 File bwlist_inc.html High
74 File calendar.php Medium
75 File cart.php Medium
76 File cart_add.php Medium
77 File case.filemanager.php High
78 File catalog.php Medium
79 File catalogshop.php High
80 File catalogue.asp High
81 File category.cfm Medium
82 File category.php Medium
83 File category_list.php High
84 File cgi-bin/awstats.pl High
85 File channel.asp Medium
86 File ChooseCpSearch.php High
87 File comentarii.php High
88 File comments.php Medium
89 File config.inc.php High
90 File config.php Medium
91 File contact.php Medium
92 ... ... ...

There are 813 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the campaign and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!