Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/CoolWebSearch
History
Marc Ruef a963970493 Update 2022-08-04 12:18:19 +02:00
..
README.md Update 2022-08-04 12:18:19 +02:00

README.md

CoolWebSearch - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as CoolWebSearch. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.coolwebsearch

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoolWebSearch:

There are 13 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of CoolWebSearch.

ID IP address Hostname Campaign Confidence
1 38.113.3.122 - - High
2 38.113.198.80 - - High
3 38.113.198.81 - - High
4 38.113.198.235 - - High
5 38.113.198.243 - - High
6 38.113.198.249 - - High
7 38.113.198.252 - - High
8 38.113.199.63 - - High
9 38.113.204.40 - - High
10 38.113.204.182 - - High
11 38.117.144.30 - - High
12 38.117.144.50 - - High
13 38.117.144.51 - - High
14 38.117.144.162 - - High
15 61.152.242.111 - - High
16 62.65.252.93 62.65.252.93.cable.starman.ee - High
17 62.65.252.226 62.65.252.226.cable.starman.ee - High
18 62.129.133.193 HOSTED-BY.VIRTUALXS.COM - High
19 63.160.243.7 - - High
20 63.208.158.126 unknown.Level3.net - High
21 63.217.29.115 - - High
22 63.219.176.203 63-219-176-203.static.pccwglobal.net - High
23 63.219.178.91 63-219-178-91.supercreate.net - High
24 63.219.181.7 web-r2-h7.globecorp.net - High
25 63.219.181.10 web-r2-h10.globecorp.net - High
26 63.219.181.64 web-r2-h64.globecorp.net - High
27 63.246.42.13 - - High
28 63.246.131.19 - - High
29 63.246.146.142 - - High
30 63.246.146.147 - - High
31 63.251.83.54 - - High
32 63.251.83.56 - - High
33 64.7.197.6 - - High
34 64.7.205.18 - - High
35 64.7.207.118 NET-allocation-0011058.ix.sitestream.net - High
36 64.7.209.58 NET-allocation-00025837.ix.sitestream.net - High
37 64.7.212.98 gxb.nastydollars.com - High
38 64.38.226.6 maxcash.cavecreek.net - High
39 64.94.3.243 - - High
40 64.124.210.76 64.124.210.76.t00517.above.net - High
41 64.124.210.98 64.124.210.98.t00517.above.net - High
42 64.124.210.111 64.124.210.111.t00517.above.net - High
43 64.124.222.167 64.124.222.167.T01708-02.above.net - High
44 64.124.222.236 64.124.222.236.T01708-02.above.net - High
45 64.125.84.23 - - High
46 64.127.104.144 - - High
47 64.154.5.9 - - High
48 64.154.5.38 - - High
49 64.157.143.86 unknown.Level3.net - High
50 64.185.230.223 64-185-230-223.static.webnx.com - High
51 64.186.129.250 - - High
52 64.186.129.252 - - High
53 64.186.152.83 - - High
54 64.200.25.75 - - High
55 64.200.25.86 - - High
56 64.202.105.82 unknown.ord.scnet.net - High
57 64.202.167.129 ip-64-202-167-129.ip.secureserver.net - High
58 64.202.167.192 ip-64-202-167-192.ip.secureserver.net - High
59 64.237.37.152 - - High
60 64.237.39.70 - - High
61 64.237.39.76 - - High
62 64.237.39.77 - - High
63 64.237.39.80 - - High
64 64.237.39.226 64-237-39-226.choopa.net - High
65 64.237.41.215 64-237-41-215.choopa.com - High
66 64.237.44.247 64-237-44-247.constant.com - High
67 64.237.45.18 64-237-45-18.constant.com - High
68 64.237.47.178 64-237-47-178.constant.com - High
69 64.237.47.210 64-237-47-210.choopa.net - High
70 64.237.53.3 64.237.53.3.choopa.net - High
71 64.237.53.4 64.237.53.4.choopa.net - High
72 64.237.56.64 64-237-56-64.choopa.net - High
73 64.237.57.37 64.237.57.37.choopa.com - High
74 64.237.57.92 tsca-057092.toscaa.com - High
75 64.237.57.202 64.237.57.202.choopa.com - High
76 64.237.57.205 64.237.57.205.choopa.com - High
77 64.237.57.206 64.237.57.206.choopa.com - High
78 64.237.57.215 64-237-57-215.reliableservers.com - High
79 64.246.18.41 ev1s-64-246-18-41.theplanet.com - High
80 64.246.33.179 ev1s-64-246-33-179.theplanet.com - High
81 64.246.33.191 bignaturalboobs.org - High
82 64.246.40.84 ev1s-64-246-40-84.theplanet.com - High
83 64.250.235.140 ip-64-250-235-140.lasvegas.net - High
84 64.255.161.101 64-255-161-101.jupiter.navisite.com - High
85 65.39.191.71 - - High
86 65.75.143.119 ip-65-75-143-119.local - High
87 65.75.161.13 galt1.seowebhosting.net - High
88 65.75.175.64 ip-65-75-175-64.local - High
89 65.75.187.94 ip-65-75-187-94.local - High
90 65.77.129.178 - - High
91 65.77.129.212 - - High
92 65.110.40.789 - - High
93 65.115.110.251 - - High
94 66.28.176.79 - - High
95 66.28.176.138 - - High
96 66.28.176.154 - - High
97 66.40.28.3 host3.maxim.net - High
98 66.40.28.12 host12.maxim.net - High
99 66.40.28.51 host51.maxim.net - High
100 66.40.28.61 host61.maxim.net - High
101 66.45.237.99 athostech.website - High
102 66.55.128.76 66.55.128.76.choopa.com - High
103 66.55.134.98 66-55-134-98.choopa.net - High
104 66.55.136.82 66.55.136.82.choopa.com - High
105 66.55.136.84 66.55.136.84.choopa.com - High
106 66.55.136.87 66.55.136.87.choopa.com - High
107 66.55.136.93 66-55-136-93.constant.com - High
108 66.55.139.28 66-55-139-28.choopa.net - High
109 66.55.139.29 66-55-139-29.choopa.net - High
110 66.55.140.119 - - High
111 66.55.141.3 - - High
112 66.55.144.200 66.55.144.200.choopa.net - High
113 66.70.44.60 tunders.com - High
114 66.70.68.147 - - High
115 66.79.171.70 - - High
116 66.79.171.75 - - High
117 66.79.183.140 - - High
118 66.79.189.120 - - High
119 66.79.191.231 - - High
120 66.90.65.252 - - High
121 66.98.142.163 ns106.ehostpros.com - High
122 66.98.176.62 ev1s-66-98-176-62.theplanet.com - High
123 66.98.194.89 ns1.mygreatwebsite.net - High
124 ... ... ... ...

There are 494 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by CoolWebSearch. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23 Pathname Traversal High
2 T1040 CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-88, CWE-94 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 19 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by CoolWebSearch. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File //proc/kcore Medium
2 File /Ap4RtpAtom.cpp High
3 File /app/options.py High
4 File /bcms/admin/?page=user/list High
5 File /bsms/?page=manage_account High
6 File /cgi-bin/login.cgi High
7 File /cgi-bin/luci/api/auth High
8 File /cgi-bin/luci/api/diagnose High
9 File /ci_hms/massage_room/edit/1 High
10 File /dashboard/reports/logs/view High
11 File /debug/pprof Medium
12 File /etc/config/image_sign High
13 File /etc/groups Medium
14 File /etc/hosts Medium
15 File /forum/away.php High
16 File /fuel/index.php/fuel/logs/items High
17 File /fuel/sitevariables/delete/4 High
18 File /ghost/preview High
19 File /hprms/admin/doctors/manage_doctor.php High
20 File /index/jobfairol/show/ High
21 File /librarian/bookdetails.php High
22 File /Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp High
23 File /mgmt/tm/util/bash High
24 File /modules/caddyhttp/rewrite/rewrite.go High
25 File /php/passport/index.php High
26 File /proc/<PID>/mem High
27 File /servlet/AdapterHTTP High
28 ... ... ...

There are 233 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!