Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-28 09:53:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
5e84854492
cyber_threat_intelligence/actors/Alien
History
Marc Ruef 5e84854492 Update October 2023
2023-10-27 13:52:44 +02:00
..
README.md Update October 2023 2023-10-27 13:52:44 +02:00

README.md

Alien - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Alien. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.alien

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Alien:

There are 2 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Alien.

ID IP address Hostname Campaign Confidence
1 1.34.58.110 1-34-58-110.hinet-ip.hinet.net - High
2 1.34.226.50 1-34-226-50.hinet-ip.hinet.net - High
3 1.161.219.86 1-161-219-86.dynamic-ip.hinet.net - High
4 1.171.103.192 1-171-103-192.dynamic-ip.hinet.net - High
5 1.173.242.161 1-173-242-161.dynamic-ip.hinet.net - High
6 1.246.222.20 - - High
7 1.246.222.134 - - High
8 1.246.222.234 - - High
9 1.246.223.191 - - High
10 2.57.149.141 - - High
11 2.106.156.53 2-106-156-53-dynamic.dk.customer.tdc.net - High
12 3.21.74.31 scanner-2.fortifydata.com - High
13 4.71.37.45 - - High
14 4.71.37.46 - - High
15 5.75.176.47 static.47.176.75.5.clients.your-server.de - High
16 5.78.71.159 static.159.71.78.5.clients.your-server.de - High
17 5.78.74.58 static.58.74.78.5.clients.your-server.de - High
18 5.78.105.58 static.58.105.78.5.clients.your-server.de - High
19 5.161.113.183 static.183.113.161.5.clients.your-server.de - High
20 5.161.178.107 static.107.178.161.5.clients.your-server.de - High
21 5.161.217.34 static.34.217.161.5.clients.your-server.de - High
22 5.199.162.217 - - High
23 5.199.168.237 - - High
24 5.199.173.52 - - High
25 14.34.157.101 - - High
26 14.42.145.172 - - High
27 14.111.220.134 - - High
28 14.241.244.250 - - High
29 18.117.69.135 ec2-18-117-69-135.us-east-2.compute.amazonaws.com - Medium
30 18.188.148.80 scanner.fortifydata.com - High
31 20.127.122.139 - - High
32 23.88.40.50 static.50.40.88.23.clients.your-server.de - High
33 23.247.108.44 - - High
34 24.188.100.85 ool-18bc6455.dyn.optonline.net - High
35 27.21.147.209 - - High
36 27.35.154.75 - - High
37 27.38.61.75 - - High
38 27.38.61.120 - - High
39 27.41.36.239 - - High
40 27.43.119.144 - - High
41 27.43.178.112 - - High
42 27.47.116.249 - - High
43 27.158.79.129 129.79.158.27.broad.sm.fj.dynamic.163data.com.cn - High
44 27.159.92.181 - - High
45 27.194.89.189 - - High
46 27.194.122.23 - - High
47 27.197.24.223 - - High
48 27.199.237.162 - - High
49 27.203.233.132 - - High
50 27.207.195.126 - - High
51 27.215.53.111 - - High
52 27.215.109.196 - - High
53 27.215.114.223 - - High
54 27.215.122.160 - - High
55 27.217.163.40 - - High
56 27.217.243.163 - - High
57 36.228.50.77 36-228-50-77.dynamic-ip.hinet.net - High
58 36.231.35.185 36-231-35-185.dynamic-ip.hinet.net - High
59 37.0.10.31 - - High
60 37.27.8.83 static.83.8.27.37.clients.your-server.de - High
61 39.66.73.50 - - High
62 39.74.177.167 - - High
63 39.81.71.78 - - High
64 41.86.5.232 - - High
65 41.86.18.34 - - High
66 41.86.18.165 - - High
67 41.86.19.146 - - High
68 42.51.55.157 - - High
69 42.115.33.98 - - High
70 42.228.193.67 hn.kd.ny.adsl - High
71 42.231.171.245 hn.kd.ny.adsl - High
72 43.251.99.6 - - High
73 44.192.244.178 ec2-44-192-244-178.compute-1.amazonaws.com - Medium
74 45.146.164.110 - - High
75 45.229.54.55 55-54-229-45.redevirtualnet.com.br - High
76 45.229.54.83 83-54-229-45.redevirtualnet.com.br - High
77 45.229.54.143 143-54-229-45.redevirtualnet.com.br - High
78 45.229.54.193 193-54-229-45.redevirtualnet.com.br - High
79 45.229.54.199 199-54-229-45.redevirtualnet.com.br - High
80 45.229.54.212 212-54-229-45.redevirtualnet.com.br - High
81 45.229.55.57 57-55-229-45.redevirtualnet.com.br - High
82 45.229.55.69 69-55-229-45.redevirtualnet.com.br - High
83 45.229.55.112 112-55-229-45.redevirtualnet.com.br - High
84 45.248.192.48 - - High
85 46.4.123.15 ullirsrv2.servebbs.net - High
86 46.101.13.94 - - High
87 46.183.218.151 ip-218-151.dataclub.info - High
88 49.76.60.132 - - High
89 49.89.62.252 - - High
90 49.89.90.173 - - High
91 49.89.93.21 - - High
92 49.89.95.159 - - High
93 49.143.32.6 - - High
94 49.158.196.18 49-158-196-18.dynamic.elinx.com.tw - High
95 49.213.183.219 219-183-213-49.tinp.net.tw - High
96 49.213.187.246 246-187-213-49.tinp.net.tw - High
97 51.15.228.117 117-228-15-51.instances.scw.cloud - High
98 51.15.246.104 n1.crossmods.com - High
99 51.158.64.113 113-64-158-51.instances.scw.cloud - High
100 51.158.102.132 132-102-158-51.instances.scw.cloud - High
101 51.158.108.237 237-108-158-51.instances.scw.cloud - High
102 51.158.117.164 164-117-158-51.instances.scw.cloud - High
103 51.158.125.226 226-125-158-51.instances.scw.cloud - High
104 51.211.24.160 - - High
105 51.211.112.79 - - High
106 51.211.117.109 - - High
107 57.128.54.210 ip210.ip-57-128-54.eu - High
108 58.58.41.106 - - High
109 58.99.99.34 34-99-99-58.tinp.net.tw - High
110 58.219.232.140 - - High
111 58.248.147.64 - - High
112 58.248.193.3 - - High
113 58.248.193.50 - - High
114 58.248.193.88 - - High
115 58.248.193.97 - - High
116 58.248.193.105 - - High
117 58.248.193.132 - - High
118 58.248.193.141 - - High
119 58.248.193.232 - - High
120 58.248.193.246 - - High
121 58.249.12.95 - - High
122 58.249.87.78 - - High
123 58.249.110.198 - - High
124 58.253.12.9 - - High
125 59.63.204.76 - - High
126 59.63.204.245 - - High
127 59.63.207.69 - - High
128 59.126.96.5 59-126-96-5.hinet-ip.hinet.net - High
129 59.127.209.88 59-127-209-88.hinet-ip.hinet.net - High
130 ... ... ... ...

There are 517 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Alien. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-24 Pathname Traversal High
2 T1040 CWE-294, CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 T1068 CWE-250, CWE-264, CWE-269, CWE-284 J2EE Misconfiguration: Weak Access Permissions for EJB Methods High
7 ... ... ... ...

There are 25 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Alien. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /academy/home/courses High
2 File /admin.php?c=upload&f=zip&_noCache=0.1683794968 High
3 File /admin/adclass.php High
4 File /admin/add-category.php High
5 File /admin/admin-profile.php High
6 File /admin/orders/update_status.php High
7 File /admin/sales/view_details.php High
8 File /ajax-files/followBoard.php High
9 File /api/cron/settings/setJob/ High
10 File /api/v1/snapshots High
11 File /audit/log/log_management.php High
12 File /authenticationendpoint/login.do High
13 File /billing/home.php High
14 File /cgi-bin/mainfunction.cgi High
15 File /cgi-bin/wlogin.cgi High
16 File /cgi.cgi Medium
17 File /classes/Users.php High
18 File /collection/all High
19 File /Content/Template/root/reverse-shell.aspx High
20 File /ctcprotocol/Protocol High
21 File /dashboard/add-blog.php High
22 File /dottie.js Medium
23 File /DXR.axd Medium
24 File /emap/devicePoint_addImgIco?hasSubsystem=true High
25 File /env Low
26 File /files/ Low
27 File /forms/doLogin High
28 File /forum/away.php High
29 File /group1/uploa High
30 File /h/autoSaveDraft High
31 File /home/cavesConsole High
32 File /importexport.php High
33 File /index.php Medium
34 File /index.php/sysmanage/Login/login_auth/ High
35 File /index.php?p=admin/actions/users/send-password-reset-email High
36 File /items/search High
37 File /jurusanmatkul/data High
38 File /librarian/bookdetails.php High
39 File /log/decodmail.php High
40 ... ... ...

There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!