mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-28 09:53:30 +00:00

History

Marc Ruef 5e84854492 Update October 2023		2023-10-27 13:52:44 +02:00
..
README.md	Update October 2023	2023-10-27 13:52:44 +02:00

README.md

Colombia Unknown - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Colombia Unknown. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.colombia_unknown

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Colombia Unknown:

There are 20 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Colombia Unknown.

ID	IP address	Hostname	Campaign	Confidence
1	2.19.162.0	lo0.r01.border.bog01.sdn.netarch.akamai.com	-	High
2	2.19.172.0	a2-19-172-0.deploy.static.akamaitechnologies.com	-	High
3	4.7.44.66	ETB-S.A.ESP.ear2.Miami2.Level3.net	-	High
4	4.33.232.0	-	-	High
5	4.68.144.144	-	-	High
6	5.8.46.128	-	-	High
7	5.62.56.60	r-60-56-62-5.consumer-pool.prcdn.net	-	High
8	5.62.58.56	r-56-58-62-5.consumer-pool.prcdn.net	-	High
9	5.182.120.0	-	-	High
10	5.255.146.194	-	-	High
11	5.255.146.198	-	-	High
12	8.51.9.0	-	-	High
13	8.51.41.0	-	-	High
14	8.51.42.0	-	-	High
15	8.242.80.0	-	-	High
16	8.242.120.0	-	-	High
17	8.242.128.0	-	-	High
18	8.242.142.0	-	-	High
19	8.242.164.0	8-242-164-0.cirion-tech.com.co	-	High
20	8.242.168.0	-	-	High
21	8.242.176.0	8-242-176-0.dia.static.centurylink.com.co	-	High
22	8.242.184.0	-	-	High
23	8.242.208.0	-	-	High
24	8.242.223.0	-	-	High
25	8.243.64.0	-	-	High
26	8.243.160.0	-	-	High
27	8.243.160.40	-	-	High
28	8.243.160.48	-	-	High
29	8.243.160.64	-	-	High
30	8.243.160.84	-	-	High
31	8.243.160.92	-	-	High
32	8.243.160.96	-	-	High
33	8.243.160.104	-	-	High
34	8.243.160.144	-	-	High
35	8.243.164.0	-	-	High
36	8.243.164.16	-	-	High
37	8.243.165.0	-	-	High
38	8.243.166.0	-	-	High
39	8.243.169.0	-	-	High
40	13.35.63.0	server-13-35-63-0.bog50.r.cloudfront.net	-	High
41	13.104.141.4	-	-	High
42	13.104.184.240	-	-	High
43	13.227.5.0	server-13-227-5-0.bog50.r.cloudfront.net	-	High
44	13.227.6.0	server-13-227-6-0.bog50.r.cloudfront.net	-	High
45	13.227.16.0	server-13-227-16-0.bog50.r.cloudfront.net	-	High
46	13.227.20.0	server-13-227-20-0.bog50.r.cloudfront.net	-	High
47	13.227.24.0	server-13-227-24-0.bog50.r.cloudfront.net	-	High
48	13.248.104.128	-	-	High
49	15.158.147.0	-	-	High
50	15.230.0.0	-	-	High
51	17.45.148.0	-	-	High
52	17.45.170.111	-	-	High
53	18.155.239.0	server-18-155-239-0.bog50.r.cloudfront.net	-	High
54	18.155.240.0	server-18-155-240-0.bog50.r.cloudfront.net	-	High
55	18.155.248.0	server-18-155-248-0.bog50.r.cloudfront.net	-	High
56	18.155.252.0	server-18-155-252-0.bog50.r.cloudfront.net	-	High
57	23.7.0.0	a23-7-0-0.deploy.static.akamaitechnologies.com	-	High
58	23.7.64.0	a23-7-64-0.deploy.static.akamaitechnologies.com	-	High
59	23.7.144.0	a23-7-144-0.deploy.static.akamaitechnologies.com	-	High
60	23.9.48.0	a23-9-48-0.deploy.static.akamaitechnologies.com	-	High
61	23.14.16.0	a23-14-16-0.deploy.static.akamaitechnologies.com	-	High
62	23.14.32.0	a23-14-32-0.deploy.static.akamaitechnologies.com	-	High
63	23.14.48.0	a23-14-48-0.deploy.static.akamaitechnologies.com	-	High
64	23.14.80.0	a23-14-80-0.deploy.static.akamaitechnologies.com	-	High
65	23.32.192.0	a23-32-192-0.deploy.static.akamaitechnologies.com	-	High
66	23.32.208.0	a23-32-208-0.deploy.static.akamaitechnologies.com	-	High
67	23.36.184.0	a23-36-184-0.deploy.static.akamaitechnologies.com	-	High
68	23.46.2.0	a23-46-2-0.deploy.static.akamaitechnologies.com	-	High
69	23.46.192.0	a23-46-192-0.deploy.static.akamaitechnologies.com	-	High
70	23.52.112.0	a23-52-112-0.deploy.static.akamaitechnologies.com	-	High
71	23.56.64.0	a23-56-64-0.deploy.static.akamaitechnologies.com	-	High
72	23.61.2.0	a23-61-2-0.deploy.static.akamaitechnologies.com	-	High
73	23.61.245.0	a23-61-245-0.deploy.static.akamaitechnologies.com	-	High
74	23.61.247.0	a23-61-247-0.deploy.static.akamaitechnologies.com	-	High
75	23.67.16.0	a23-67-16-0.deploy.static.akamaitechnologies.com	-	High
76	23.75.128.0	a23-75-128-0.deploy.static.akamaitechnologies.com	-	High
77	23.168.112.0	-	-	High
78	23.213.192.0	a23-213-192-0.deploy.static.akamaitechnologies.com	-	High
79	23.213.202.0	a23-213-202-0.deploy.static.akamaitechnologies.com	-	High
80	23.219.48.0	a23-219-48-0.deploy.static.akamaitechnologies.com	-	High
81	23.220.64.0	a23-220-64-0.deploy.static.akamaitechnologies.com	-	High
82	23.221.96.0	a23-221-96-0.deploy.static.akamaitechnologies.com	-	High
83	23.232.253.0	-	-	High
84	23.235.44.0	-	-	High
85	24.152.56.0	-	-	High
86	24.152.58.0	-	-	High
87	24.239.162.0	-	-	High
88	31.169.121.0	-	-	High
89	32.59.72.0	-	-	High
90	32.59.144.0	-	-	High
91	32.59.147.0	-	-	High
92	32.59.147.40	-	-	High
93	32.59.147.56	-	-	High
94	32.59.147.200	-	-	High
95	32.115.32.36	-	-	High
96	32.115.32.112	-	-	High
97	32.115.32.140	-	-	High
98	32.115.32.152	-	-	High
99	32.115.32.196	-	-	High
100	32.115.32.200	-	-	High
101	32.115.63.36	-	-	High
102	32.115.63.144	-	-	High
103	34.100.24.0	0.24.100.34.bc.googleusercontent.com	-	Medium
104	34.100.56.0	0.56.100.34.bc.googleusercontent.com	-	Medium
105	38.10.180.0	-	-	High
106	38.28.20.5	lo0.agr11.bog01.atlas.cogentco.com	-	High
107	38.28.20.13	lo0.ccr51.bog01.atlas.cogentco.com	-	High
108	38.41.48.0	-	-	High
109	38.50.50.0	-	-	High
110	38.51.186.0	-	-	High
111	38.51.232.0	-	-	High
112	38.51.243.0	-	-	High
113	38.51.244.0	-	-	High
114	38.52.144.0	-	-	High
115	38.229.54.0	-	-	High
116	40.90.1.228	-	-	High
117	40.90.64.0	-	-	High
118	45.5.160.0	-	-	High
119	45.5.172.0	-	-	High
120	45.5.180.0	-	-	High
121	45.5.184.0	-	-	High
122	45.7.132.0	45-7-132-0.ims-ipv4.com	-	High
123	45.12.70.49	files-clock.get-eye.com	-	High
124	45.12.71.49	-	-	High
125	45.65.136.0	-	-	High
126	45.65.200.0	-	-	High
127	45.65.232.0	-	-	High
128	45.68.24.0	-	-	High
129	45.70.168.0	-	-	High
130	45.71.7.0	-	-	High
131	45.71.180.0	-	-	High
132	45.87.11.0	-	-	High
133	45.87.117.0	-	-	High
134	45.129.32.0	-	-	High
135	45.130.137.0	-	-	High
136	45.131.162.0	-	-	High
137	45.135.184.0	-	-	High
138	45.139.253.0	-	-	High
139	45.144.227.0	-	-	High
140	45.149.3.0	-	-	High
141	45.162.0.0	-	-	High
142	45.162.76.0	-	-	High
143	45.162.82.0	0-82-162-45.static-col.wifaocolombia.com	-	High
144	45.162.84.0	0-84-162-45.static-col.wifaocolombia.com	-	High
145	45.162.126.0	-	-	High
146	45.163.0.0	-	-	High
147	45.163.28.0	-	-	High
148	45.163.30.0	-	-	High
149	45.167.124.0	-	-	High
150	45.167.126.0	-	-	High
151	45.167.248.0	-	-	High
152	45.168.104.0	-	-	High
153	45.169.98.0	rede-45.169.98.netcomunicaciones.com	-	High
154	45.169.253.0	-	-	High
155	45.170.124.0	-	-	High
156	45.170.132.0	-	-	High
157	45.170.240.0	-	-	High
158	45.171.118.0	-	-	High
159	45.171.180.0	-	-	High
160	45.172.9.0	-	-	High
161	45.172.178.0	-	-	High
162	45.172.184.0	-	-	High
163	45.172.218.0	-	-	High
164	45.172.222.0	-	-	High
165	45.173.0.0	-	-	High
166	45.173.4.0	45-173-4-0.ims-ipv4.com	-	High
167	45.173.8.0	mymnetworks.com	-	High
168	45.173.12.0	-	-	High
169	45.173.14.0	45-173-14-0.tvisla.net.co	-	High
170	45.173.44.0	45-173-44-0.tvisla.net.co	-	High
171	45.173.68.0	-	-	High
172	45.174.196.0	-	-	High
173	45.174.224.0	-	-	High
174	45.174.227.0	-	-	High
175	45.175.20.0	-	-	High
176	45.175.139.0	-	-	High
177	45.176.70.0	-	-	High
178	45.176.188.0	45.176.188.0.ipcomsistemas.co	-	High
179	45.176.193.0	-	-	High
180	45.176.232.0	-	-	High
181	45.177.52.0	-	-	High
182	45.177.54.0	-	-	High
183	45.177.108.0	45-177-108-0.ims-ipv4.com	-	High
184	45.178.4.0	hostedby.packetbunker.com	-	High
185	45.178.12.0	-	-	High
186	45.178.64.0	-	-	High
187	45.179.160.0	-	-	High
188	45.179.200.0	-	-	High
189	45.179.244.0	-	-	High
190	45.180.22.0	-	-	High
191	45.180.44.0	-	-	High
192	45.180.82.0	-	-	High
193	45.180.112.0	-	-	High
194	45.181.156.0	45-181-156-0.odatacolocation.com.br	-	High
195	45.181.188.0	-	-	High
196	45.181.204.0	-	-	High
197	45.182.41.0	-	-	High
198	45.182.190.0	-	-	High
199	45.183.40.0	-	-	High
200	45.183.196.0	-	-	High
201	45.183.247.0	0.247.183.45.static.luma.cloud	-	High
202	45.185.31.0	-	-	High
203	45.187.48.0	-	-	High
204	45.188.212.0	-	-	High
205	45.189.119.0	-	-	High
206	45.189.235.0	0.235.189.45.inttercom.net.co	-	High
207	45.190.86.0	-	-	High
208	45.191.0.0	0.0.191.45.host.as64114.com	-	High
209	45.191.2.0	0.2.191.45.host.as64114.com	-	High
210	45.191.44.0	-	-	High
211	45.191.74.0	-	-	High
212	45.191.232.0	-	-	High
213	45.224.186.0	-	-	High
214	45.225.224.0	-	-	High
215	45.225.226.0	-	-	High
216	45.226.112.0	-	-	High
217	45.226.186.0	-	-	High
218	45.227.5.0	-	-	High
219	45.227.88.0	-	-	High
220	45.229.72.0	-	-	High
221	45.229.192.0	-	-	High
222	45.230.33.0	-	-	High
223	45.231.184.0	-	-	High
224	45.233.4.0	-	-	High
225	45.233.72.0	-	-	High
226	45.233.168.0	-	-	High
227	45.235.40.0	-	-	High
228	45.237.36.0	-	-	High
229	45.238.98.110	-	-	High
230	45.238.144.0	-	-	High
231	45.238.180.0	-	-	High
232	45.238.196.0	-	-	High
233	45.239.88.0	-	-	High
234	45.239.115.0	-	-	High
235	50.7.27.0	-	-	High
236	50.7.48.0	-	-	High
237	54.240.246.192	-	-	High
238	57.74.192.0	-	-	High
239	62.197.145.0	-	-	High
240	63.163.180.0	-	-	High
241	63.168.93.0	-	-	High
242	63.171.232.0	-	-	High
243	63.174.200.0	-	-	High
244	63.222.128.0	-	-	High
245	63.243.236.0	-	-	High
246	63.243.236.4	-	-	High
247	63.243.236.8	-	-	High
248	63.243.236.12	ix-ae-2-1343.tcore1.bogt7-bogota.as6453.net	-	High
249	63.243.236.16	-	-	High
250	63.243.236.32	ix-xe-0-0-0-2-0.tcore1.bogt7-bogota.as6453.net	-	High
251	63.243.236.64	-	-	High
252	63.243.236.128	-	-	High
253	63.245.5.215	-	-	High
254	63.245.64.0	-	-	High
255	63.245.79.70	-	-	High
256	63.245.79.97	-	-	High
257	63.245.80.0	-	-	High
258	63.245.85.0	-	-	High
259	63.245.96.0	-	-	High
260	64.12.148.0	-	-	High
261	64.76.48.0	-	-	High
262	64.76.56.0	-	-	High
263	64.76.56.64	-	-	High
264	64.76.56.80	-	-	High
265	64.76.56.92	-	-	High
266	64.76.56.96	-	-	High
267	64.76.56.128	-	-	High
268	64.76.57.0	-	-	High
269	64.76.58.0	-	-	High
270	64.76.80.0	-	-	High
271	64.76.82.0	-	-	High
272	64.76.82.128	c647682-128.static.impsat.com.co	-	High
273	64.76.82.194	mail6.pacificrubiales.com.co	-	High
274	64.76.82.196	c647682-196.static.impsat.com.co	-	High
275	64.76.82.200	c647682-200.static.impsat.com.co	-	High
276	64.76.82.208	c647682-208.static.impsat.com.co	-	High
277	64.76.82.224	c647682-224.static.impsat.com.co	-	High
278	64.76.83.0	-	-	High
279	64.76.84.0	-	-	High
280	64.76.88.0	-	-	High
281	64.76.90.0	-	-	High
282	64.76.112.0	c6476112-0.dynamic.impsat.com.co	-	High
283	64.76.116.0	-	-	High
284	64.76.118.0	-	-	High
285	64.76.118.32	64-76-118-32.static.impsat.com.co	-	High
286	64.76.118.48	64-76-118-48.static.impsat.com.co	-	High
287	64.76.118.54	64-76-118-54.static.impsat.com.co	-	High
288	64.76.118.56	64-76-118-56.static.impsat.com.co	-	High
289	64.76.118.64	64-76-118-64.static.impsat.com.co	-	High
290	64.76.118.128	64-76-118-128.static.impsat.com.co	-	High
291	64.76.119.0	-	-	High
292	64.76.142.156	-	-	High
293	64.76.176.0	-	-	High
294	64.76.184.0	-	-	High
295	64.76.188.0	-	-	High
296	64.76.208.0	-	-	High
297	64.86.224.0	-	-	High
298	64.116.0.25	0.lo0.GW2.BOG1.ALTER.NET	-	High
299	64.116.16.176	-	-	High
300	64.116.16.192	-	-	High
301	64.116.32.154	0.lo0.XT3.BOG1.ALTER.NET	-	High
302	64.116.36.8	-	-	High
303	64.116.36.16	-	-	High
304	64.116.36.22	0.ge-11-0-1.XT3.BOG1.ALTER.NET	-	High
305	64.116.36.26	0.ge-11-0-1.XT4.BOG1.ALTER.NET	-	High
306	64.116.36.88	-	-	High
307	64.116.40.40	-	-	High
308	64.116.41.108	-	-	High
309	64.116.41.112	-	-	High
310	64.116.96.0	-	-	High
311	64.116.97.0	-	-	High
312	64.116.97.16	-	-	High
313	64.116.97.25	25.ge-5-1-3.GW2.BOG1.ALTER.NET	-	High
314	64.116.97.29	2.ge-5-0-1.GW2.BOG1.ALTER.NET	-	High
315	64.116.97.33	0.ge-5-1-1.GW2.BOG1.ALTER.NET	-	High
316	64.116.97.34	MCI-COLOMBIA-SA.customer.alter.net	-	High
317	64.116.97.36	-	-	High
318	64.116.97.45	500.Serial3-1-2-0.GW2.BOG1.ALTER.NET	-	High
319	64.116.97.49	8.ge-5-0-2.GW2.BOG1.ALTER.NET	-	High
320	64.116.97.50	DRAEGERWERK-AG---CO--KGAA.customer.alter.net	-	High
321	64.116.97.56	-	-	High
322	64.116.97.65	45.ge-5-0-1.GW2.BOG1.ALTER.NET	-	High
323	64.116.97.69	2.ge-5-0-2.GW2.BOG1.ALTER.NET	-	High
324	64.116.97.73	57.xe-2-0-0.GW2.BOG1.ALTER.NET	-	High
325	64.116.97.76	-	-	High
326	64.116.97.88	-	-	High
327	64.116.97.92	-	-	High
328	64.116.97.96	-	-	High
329	64.116.98.0	-	-	High
330	64.116.100.0	-	-	High
331	64.116.104.0	-	-	High
332	64.116.112.0	-	-	High
333	64.140.143.128	-	-	High
334	64.190.166.0	-	-	High
335	64.191.220.0	-	-	High
336	64.210.66.240	-	-	High
337	64.214.33.0	-	-	High
338	64.215.99.52	-	-	High
339	64.215.99.152	-	-	High
340	64.215.99.212	-	-	High
341	64.215.99.216	-	-	High
342	64.252.186.0	server-64-252-186-0.bog50.r.cloudfront.net	-	High
343	65.167.48.0	-	-	High
344	65.167.80.0	-	-	High
345	65.168.52.0	-	-	High
346	65.199.244.0	-	-	High
347	65.199.245.0	-	-	High
348	65.208.64.0	-	-	High
349	65.243.120.0	-	-	High
350	65.247.206.0	-	-	High
351	65.247.240.0	-	-	High
352	65.247.244.0	-	-	High
353	66.90.66.0	-	-	High
354	66.90.82.0	-	-	High
355	66.90.89.0	-	-	High
356	66.90.127.0	-	-	High
357	66.205.0.0	-	-	High
358	66.231.64.0	host-66-231-64-0.telecu.es	-	High
359	66.231.68.0	-	-	High
360	67.16.225.156	-	-	High
361	67.73.14.0	-	-	High
362	67.73.22.0	-	-	High
363	67.73.30.0	-	-	High
364	67.73.68.0	-	-	High
365	67.73.89.92	-	-	High
366	67.73.132.4	-	-	High
367	67.73.132.32	-	-	High
368	67.73.132.216	-	-	High
369	67.73.152.0	-	-	High
370	67.73.184.0	-	-	High
371	67.73.224.0	-	-	High
372	67.73.240.0	-	-	High
373	67.73.248.0	-	-	High
374	67.73.252.0	-	-	High
375	68.142.88.3	-	-	High
376	68.142.88.15	-	-	High
377	69.42.114.0	-	-	High
378	69.79.100.59	-	-	High
379	69.174.45.32	ns1648.ztomy.com	-	High
380	69.195.210.0	-	-	High
381	69.195.211.0	-	-	High
382	69.197.10.0	-	-	High
383	70.35.154.0	-	-	High
384	70.35.156.0	-	-	High
385	70.35.159.0	-	-	High
386	70.105.78.0	-	-	High
387	71.152.106.0	-	-	High
388	72.14.200.18	-	-	High
389	...	...	...	...

There are 1552 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Colombia Unknown. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Weakness	Description	Confidence
1	T1006	CWE-21, CWE-22, CWE-23, CWE-36	Pathname Traversal	High
2	T1040	CWE-319	Authentication Bypass by Capture-replay	High
3	T1055	CWE-74	Injection	High
4	T1059	CWE-88, CWE-94, CWE-1321	Cross Site Scripting	High
5	T1059.007	CWE-79, CWE-80	Cross Site Scripting	High
6	...	...	...	...

There are 20 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Colombia Unknown. This data is unique as it uses our predictive model for actor profiling.

ID	Type	Indicator	Confidence
1	File	`//WEB-INF`	Medium
2	File	`/about.php`	Medium
3	File	`/admin.php/update/getFile.html`	High
4	File	`/admin/list_addr_fwresource_ip.php`	High
5	File	`/admin/save.php`	High
6	File	`/admin/sys_sql_query.php`	High
7	File	`/api/baskets/{name}`	High
8	File	`/api/download`	High
9	File	`/api/runscript`	High
10	File	`/api/v1/alerts`	High
11	File	`/api/v1/terminal/sessions/?limit=1`	High
12	File	`/bitrix/admin/ldap_server_edit.php`	High
13	File	`/category.php`	High
14	File	`/categorypage.php`	High
15	File	`/cgi-bin/luci/api/wireless`	High
16	File	`/cgi-bin/vitogate.cgi`	High
17	File	`/cgi-bin/wlogin.cgi`	High
18	File	`/classes/Master.php?f=delete_service`	High
19	File	`/company/store`	High
20	File	`/Content/Template/root/reverse-shell.aspx`	High
21	File	`/Controller/Ajaxfileupload.ashx`	High
22	File	`/core/conditions/AbstractWrapper.java`	High
23	File	`/Duty/AjaxHandle/UploadHandler.ashx`	High
24	File	`/E-mobile/App/System/File/downfile.php`	High
25	File	`/Electron/download`	High
26	File	`/etc/passwd`	Medium
27	File	`/fcgi/scrut_fcgi.fcgi`	High
28	File	`/feeds/post/publish`	High
29	File	`/forum/away.php`	High
30	File	`/h/`	Low
31	File	`/HNAP1`	Low
32	File	`/inc/jquery/uploadify/uploadify.php`	High
33	File	`/index.php?app=main&func=passport&action=login`	High
34	File	`/index.php?page=category_list`	High
35	File	`/jeecg-boot/sys/common/upload`	High
36	File	`/jobinfo/`	Medium
37	File	`/Moosikay/order.php`	High
38	File	`/OA_HTML/cabo/jsps/a.jsp`	High
39	File	`/opac/Actions.php?a=login`	High
40	File	`/out.php`	Medium
41	File	`/PreviewHandler.ashx`	High
42	File	`/recipe-result`	High
43	File	`/register.do`	Medium
44	File	`/reservation/add_message.php`	High
45	File	`/reviewer/system/system/admins/manage/users/user-update.php`	High
46	File	`/RPS2019Service/status.html`	High
47	File	`/send_order.cgi?parameter=access_detect`	High
48	...	...	...

There are 419 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence: