Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-27 09:28:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
5304286881
cyber_threat_intelligence/campaigns/BumbleBee/README.md
Marc Ruef 5304286881 Update
2022-07-23 08:39:44 +02:00

18 KiB
Raw Blame History

BumbleBee - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the campaign known as BumbleBee. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BumbleBee:

There are 2 more country items available. Please use our online service to access the data.

Actors

These actors are associated with BumbleBee or other actors linked to the campaign.

ID Actor Confidence
1 xHunt High
2 Exotic Lily High
3 Bumblebee High
4 ... ...

There are 1 more actor items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of BumbleBee.

ID IP address Hostname Actor Confidence
1 0.42.131.123 - Bumblebee High
2 0.134.23.62 - Bumblebee High
3 0.151.228.146 - Bumblebee High
4 1.32.39.22 - Bumblebee High
5 1.39.166.217 1-39-166-217.live.vodafone.in Bumblebee High
6 2.97.24.126 host-2-97-24-126.as13285.net Bumblebee High
7 2.190.89.140 - Bumblebee High
8 2.211.111.213 dynamic-002-211-111-213.2.211.pool.telefonica.de Bumblebee High
9 3.172.226.46 - Bumblebee High
10 4.165.175.212 - Bumblebee High
11 5.152.80.211 - Bumblebee High
12 5.239.33.172 - Bumblebee High
13 6.30.139.246 - Bumblebee High
14 6.249.22.42 - Bumblebee High
15 7.233.9.154 - Bumblebee High
16 8.12.181.20 - Bumblebee High
17 9.63.15.101 - Bumblebee High
18 9.240.112.25 - Bumblebee High
19 10.28.17.62 - Bumblebee High
20 11.1.201.27 - Bumblebee High
21 12.75.186.131 131.newark-21-23rs.nj.dial-access.att.net Bumblebee High
22 12.115.36.174 - Bumblebee High
23 12.153.80.238 - Bumblebee High
24 12.202.229.195 - Bumblebee High
25 12.236.242.155 - Bumblebee High
26 13.2.200.200 - Bumblebee High
27 13.218.205.215 - Bumblebee High
28 14.7.69.141 - Bumblebee High
29 14.40.68.19 - Bumblebee High
30 14.102.170.127 cache-ipnet01.nexlogic.ph Bumblebee High
31 14.155.143.74 - Bumblebee High
32 14.163.179.250 static.vnpt.vn Bumblebee High
33 15.209.19.148 - Bumblebee High
34 18.8.71.243 - Bumblebee High
35 18.127.96.221 - Bumblebee High
36 19.32.56.182 - Bumblebee High
37 19.71.13.153 - Bumblebee High
38 20.150.149.28 - Bumblebee High
39 21.21.141.32 - Bumblebee High
40 21.29.238.98 - Bumblebee High
41 21.175.22.99 - Bumblebee High
42 21.246.85.34 - Bumblebee High
43 22.83.186.45 - Bumblebee High
44 22.175.0.90 - Bumblebee High
45 23.81.246.187 - Bumblebee High
46 23.92.127.18 - xHunt High
47 23.254.201.97 hwsrv-974106.hostwindsdns.com Bumblebee High
48 23.254.217.222 hwsrv-976272.hostwindsdns.com Bumblebee High
49 24.4.68.32 c-24-4-68-32.hsd1.ca.comcast.net Bumblebee High
50 24.57.185.167 d24-57-185-167.home.cgocable.net Bumblebee High
51 24.121.25.160 24-121-25-160.sdoncmtk01.com.dyn.suddenlink.net Bumblebee High
52 25.5.198.104 - Bumblebee High
53 25.170.215.18 - Bumblebee High
54 25.181.64.39 - Bumblebee High
55 26.6.83.53 - Bumblebee High
56 28.53.120.108 - Bumblebee High
57 28.107.38.196 - Bumblebee High
58 28.148.236.16 - Bumblebee High
59 29.64.0.111 - Bumblebee High
60 29.122.243.158 - Bumblebee High
61 30.17.4.146 - Bumblebee High
62 30.65.48.152 - Bumblebee High
63 30.205.76.70 - Bumblebee High
64 31.228.253.114 - Bumblebee High
65 32.181.245.23 - Bumblebee High
66 33.93.97.183 - Bumblebee High
67 33.145.184.132 - Bumblebee High
68 34.229.154.31 ec2-34-229-154-31.compute-1.amazonaws.com Bumblebee Medium
69 35.120.155.220 - Bumblebee High
70 36.110.58.103 103.58.110.36.static.bjtelecom.net Bumblebee High
71 37.64.220.2 2.220.64.37.rev.sfr.net Bumblebee High
72 37.72.174.23 37-72-174-23.static.hvvc.us Bumblebee High
73 37.120.198.248 - Bumblebee High
74 38.12.57.131 - Bumblebee High
75 39.57.152.217 - Bumblebee High
76 40.72.17.141 - Bumblebee High
77 41.28.188.77 vc-gp-s-41-28-188-77.umts.vodacom.co.za Bumblebee High
78 41.56.181.200 - Bumblebee High
79 45.3.236.177 045-003-236-177.biz.spectrum.com Bumblebee High
80 45.84.0.13 vm523902.stark-industries.solutions Bumblebee High
81 45.138.172.246 - Bumblebee High
82 45.142.214.120 vm516885.stark-industries.solutions Bumblebee High
83 45.142.214.167 - Bumblebee High
84 45.147.229.50 - Bumblebee High
85 45.147.229.101 - Bumblebee High
86 45.147.229.199 - Bumblebee High
87 45.147.231.202 - Bumblebee High
88 45.153.240.139 - Bumblebee High
89 45.153.241.187 - Bumblebee High
90 45.153.241.234 - Bumblebee High
91 46.21.153.145 145.153.21.46.static.swiftway.net Bumblebee High
92 46.44.240.53 46-44-240-53.ip.welcomeitalia.it Bumblebee High
93 46.246.3.253 - xHunt High
94 46.246.3.254 - xHunt High
95 47.27.63.45 047-027-063-045.res.spectrum.com Bumblebee High
96 47.58.200.234 47-58-200-234.red-acceso.airtel.net Bumblebee High
97 48.165.175.199 - Bumblebee High
98 48.209.106.172 - Bumblebee High
99 49.12.153.53 static.53.153.12.49.clients.your-server.de Bumblebee High
100 49.57.156.149 - Bumblebee High
101 49.179.166.100 pa49-179-166-100.pa.nsw.optusnet.com.au Bumblebee High
102 50.41.225.93 - Bumblebee High
103 ... ... ... ...

There are 408 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used within BumbleBee. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-22 Pathname Traversal High
2 T1040 CWE-294 Authentication Bypass by Capture-replay High
3 T1059 CWE-94 Cross Site Scripting High
4 T1059.007 CWE-79 Cross Site Scripting High
5 ... ... ... ...

There are 15 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during BumbleBee. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /app/options.py High
2 File /auth/callback High
3 File /bin/posix/src/ports/POSIX/OpENer High
4 File /dashboard/menu-list.php High
5 File /dashboard/profile.php High
6 File /dashboard/table-list.php High
7 File /data/vendor/tcl High
8 File /etc/lighttpd.d/ca.pem High
9 File /ffos/classes/Master.php?f=save_category High
10 File /home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf High
11 ... ... ...

There are 87 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the campaign and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!