Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-28 09:53:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
5e84854492
cyber_threat_intelligence/actors/TAG-53
History
Marc Ruef 5e84854492 Update October 2023
2023-10-27 13:52:44 +02:00
..
README.md Update October 2023 2023-10-27 13:52:44 +02:00

README.md

TAG-53 - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as TAG-53. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.tag-53

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TAG-53:

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of TAG-53.

ID IP address Hostname Campaign Confidence
1 5.61.63.19 - - High
2 23.94.96.12 23-94-96-12-host.colocrossing.com - High
3 23.94.99.19 23-94-99-19-host.colocrossing.com - High
4 23.94.99.22 23-94-99-22-host.colocrossing.com - High
5 23.94.99.26 23-94-99-26-host.colocrossing.com - High
6 23.94.99.30 23-94-99-30-host.colocrossing.com - High
7 23.94.152.50 23-94-152-50-host.colocrossing.com - High
8 23.94.231.161 23-94-231-161-host.colocrossing.com - High
9 23.94.236.80 23-94-236-80-host.colocrossing.com - High
10 23.254.201.243 hwsrv-1007024.hostwindsdns.com - High
11 23.254.253.127 client-23-254-253-127.hostwindsdns.com - High
12 45.8.146.119 vm1538642.stark-industries.solutions - High
13 45.8.146.213 jbreak.com - High
14 45.8.146.227 vm1562338.stark-industries.solutions - High
15 45.66.248.9 - - High
16 45.66.249.83 - - High
17 45.66.249.101 mta0.containers-xchange.com - High
18 45.86.230.61 - - High
19 45.86.230.104 rtgfv6j8k5.seafood24x7here.info - High
20 45.86.230.171 6qd0xg42xj.alantrislifecoaching.com - High
21 45.86.230.198 - - High
22 45.137.155.33 son.hfcegytp.com - High
23 45.144.30.160 vm1241811.stark-industries.solutions - High
24 45.144.31.92 vm854909.stark-industries.solutions - High
25 45.153.229.79 vm726095.stark-industries.solutions - High
26 ... ... ... ...

There are 99 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by TAG-53. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1059.007 CWE-79 Cross Site Scripting High
2 T1505 CWE-89 SQL Injection High
3 T1592 CWE-200 Configuration High

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by TAG-53. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /secure/QueryComponent!Default.jspa High
2 File /v1/tasks/create/ High
3 File /xxl-job-admin/jobinfo High
4 ... ... ...

There are 5 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!