28 KiB

Raw Blame History

UNC2452 - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as UNC2452. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.unc2452

Campaigns

The following campaigns are known and can be associated with UNC2452:

Sunburst

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with UNC2452:

There are 19 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of UNC2452.

ID	IP address	Hostname	Campaign	Confidence
1	3.101.88.204	ec2-3-101-88-204.us-west-1.compute.amazonaws.com	Sunburst	Medium
2	5.252.177.21	no-rdns.mivocloud.com	-	High
3	5.252.177.25	no-rdns.mivocloud.com	-	High
4	8.18.144.1	-	Sunburst	High
5	8.18.144.2	7201-1.va.diaperscorp.com	Sunburst	High
6	8.18.144.3	7201-2.va.diaperscorp.com	Sunburst	High
7	8.18.144.8	3845-1.va.diaperscorp.com	Sunburst	High
8	8.18.144.9	-	Sunburst	High
9	8.18.144.10	-	Sunburst	High
10	8.18.144.11	3845-2.va.diaperscorp.com	Sunburst	High
11	8.18.144.28	-	Sunburst	High
12	8.18.144.30	-	Sunburst	High
13	8.18.144.32	-	Sunburst	High
14	8.18.144.33	-	Sunburst	High
15	8.18.144.34	-	Sunburst	High
16	8.18.144.35	-	Sunburst	High
17	8.18.144.40	-	Sunburst	High
18	8.18.144.41	-	Sunburst	High
19	8.18.144.42	-	Sunburst	High
20	8.18.144.43	-	Sunburst	High
21	8.18.144.53	-	Sunburst	High
22	8.18.144.54	-	Sunburst	High
23	8.18.144.62	-	Sunburst	High
24	8.18.144.63	-	Sunburst	High
25	8.18.144.64	-	Sunburst	High
26	8.18.144.65	-	Sunburst	High
27	8.18.144.74	-	Sunburst	High
28	8.18.144.96	-	Sunburst	High
29	8.18.144.97	-	Sunburst	High
30	8.18.144.99	-	Sunburst	High
31	8.18.144.106	-	Sunburst	High
32	8.18.144.107	-	Sunburst	High
33	8.18.144.112	-	Sunburst	High
34	8.18.144.128	-	Sunburst	High
35	8.18.144.129	-	Sunburst	High
36	8.18.144.130	-	Sunburst	High
37	8.18.144.131	-	Sunburst	High
38	8.18.144.136	-	Sunburst	High
39	8.18.144.137	-	Sunburst	High
40	8.18.144.138	-	Sunburst	High
41	8.18.144.139	-	Sunburst	High
42	8.18.144.149	-	Sunburst	High
43	8.18.144.157	-	Sunburst	High
44	8.18.144.159	-	Sunburst	High
45	8.18.144.160	-	Sunburst	High
46	8.18.144.161	-	Sunburst	High
47	8.18.144.162	-	Sunburst	High
48	8.18.144.163	-	Sunburst	High
49	8.18.144.168	-	Sunburst	High
50	8.18.144.169	-	Sunburst	High
51	8.18.144.170	-	Sunburst	High
52	8.18.144.171	-	Sunburst	High
53	8.18.144.180	-	Sunburst	High
54	8.18.144.182	-	Sunburst	High
55	8.18.144.188	-	Sunburst	High
56	8.18.144.190	-	Sunburst	High
57	8.18.144.193	-	Sunburst	High
58	8.18.144.225	-	Sunburst	High
59	8.18.144.234	-	Sunburst	High
60	8.18.144.235	-	Sunburst	High
61	8.18.144.240	-	Sunburst	High
62	8.18.145.1	-	Sunburst	High
63	8.18.145.2	-	Sunburst	High
64	8.18.145.8	-	Sunburst	High
65	8.18.145.9	-	Sunburst	High
66	8.18.145.10	-	Sunburst	High
67	8.18.145.11	-	Sunburst	High
68	8.18.145.20	-	Sunburst	High
69	8.18.145.22	-	Sunburst	High
70	8.18.145.23	-	Sunburst	High
71	8.18.145.28	-	Sunburst	High
72	8.18.145.32	-	Sunburst	High
73	8.18.145.33	-	Sunburst	High
74	8.18.145.34	-	Sunburst	High
75	8.18.145.35	-	Sunburst	High
76	8.18.145.40	-	Sunburst	High
77	8.18.145.41	-	Sunburst	High
78	8.18.145.42	-	Sunburst	High
79	8.18.145.43	-	Sunburst	High
80	8.18.145.52	-	Sunburst	High
81	8.18.145.53	-	Sunburst	High
82	8.18.145.55	-	Sunburst	High
83	8.18.145.66	-	Sunburst	High
84	8.18.145.75	-	Sunburst	High
85	8.18.145.81	-	Sunburst	High
86	8.18.145.98	-	Sunburst	High
87	8.18.145.106	-	Sunburst	High
88	8.18.145.107	-	Sunburst	High
89	8.18.145.128	-	Sunburst	High
90	8.18.145.129	-	Sunburst	High
91	8.18.145.130	-	Sunburst	High
92	8.18.145.131	-	Sunburst	High
93	8.18.145.136	-	Sunburst	High
94	8.18.145.137	-	Sunburst	High
95	8.18.145.138	-	Sunburst	High
96	8.18.145.139	-	Sunburst	High
97	8.18.145.148	-	Sunburst	High
98	8.18.145.151	-	Sunburst	High
99	8.18.145.156	-	Sunburst	High
100	8.18.145.158	-	Sunburst	High
101	8.18.145.159	-	Sunburst	High
102	8.18.145.160	-	Sunburst	High
103	8.18.145.161	-	Sunburst	High
104	8.18.145.162	-	Sunburst	High
105	8.18.145.163	-	Sunburst	High
106	8.18.145.168	-	Sunburst	High
107	8.18.145.169	-	Sunburst	High
108	8.18.145.170	-	Sunburst	High
109	8.18.145.171	-	Sunburst	High
110	8.18.145.182	-	Sunburst	High
111	8.18.145.188	-	Sunburst	High
112	8.18.145.189	-	Sunburst	High
113	8.18.145.190	-	Sunburst	High
114	8.18.145.191	-	Sunburst	High
115	8.18.145.192	-	Sunburst	High
116	8.18.145.193	-	Sunburst	High
117	8.18.145.200	-	Sunburst	High
118	8.18.145.201	-	Sunburst	High
119	8.18.145.217	-	Sunburst	High
120	8.18.145.223	-	Sunburst	High
121	8.18.145.240	kindle-user.whispernet.com	Sunburst	High
122	13.56.226.124	ec2-13-56-226-124.us-west-1.compute.amazonaws.com	Sunburst	Medium
123	13.59.205.66	ec2-13-59-205-66.us-east-2.compute.amazonaws.com	-	Medium
124	13.65.251.83	-	Sunburst	High
125	13.84.134.105	-	Sunburst	High
126	13.90.103.231	-	Sunburst	High
127	13.92.233.22	-	Sunburst	High
128	18.130.193.22	ec2-18-130-193-22.eu-west-2.compute.amazonaws.com	Sunburst	Medium
129	20.140.0.81	-	Sunburst	High
130	20.140.0.185	-	Sunburst	High
131	20.140.1.170	-	Sunburst	High
132	20.140.6.165	-	Sunburst	High
133	20.140.10.221	-	Sunburst	High
134	20.140.16.213	-	Sunburst	High
135	20.140.22.238	-	Sunburst	High
136	20.140.23.106	-	Sunburst	High
137	20.140.33.21	-	Sunburst	High
138	20.140.35.209	-	Sunburst	High
139	20.140.37.193	-	Sunburst	High
140	20.140.39.249	-	Sunburst	High
141	20.140.42.134	-	Sunburst	High
142	20.140.53.77	-	Sunburst	High
143	20.140.58.231	-	Sunburst	High
144	20.140.60.142	-	Sunburst	High
145	20.140.60.229	-	Sunburst	High
146	20.140.61.217	-	Sunburst	High
147	20.140.62.111	-	Sunburst	High
148	20.140.65.188	-	Sunburst	High
149	20.140.71.226	-	Sunburst	High
150	20.140.73.228	-	Sunburst	High
151	20.140.73.242	-	Sunburst	High
152	20.140.74.185	-	Sunburst	High
153	20.140.75.245	-	Sunburst	High
154	20.140.77.215	-	Sunburst	High
155	20.140.80.233	-	Sunburst	High
156	20.140.88.52	-	Sunburst	High
157	20.140.91.208	-	Sunburst	High
158	20.140.92.229	-	Sunburst	High
159	20.140.92.255	-	Sunburst	High
160	20.140.93.134	-	Sunburst	High
161	20.140.98.16	-	Sunburst	High
162	20.140.98.35	-	Sunburst	High
163	20.140.100.139	-	Sunburst	High
164	20.140.104.94	-	Sunburst	High
165	20.140.107.234	-	Sunburst	High
166	20.140.112.220	-	Sunburst	High
167	20.140.112.243	-	Sunburst	High
168	20.140.114.106	-	Sunburst	High
169	20.140.114.189	-	Sunburst	High
170	20.140.114.200	-	Sunburst	High
171	20.140.116.15	-	Sunburst	High
172	20.140.119.154	-	Sunburst	High
173	20.140.119.196	-	Sunburst	High
174	20.140.122.138	-	Sunburst	High
175	20.140.122.210	-	Sunburst	High
176	20.140.123.240	-	Sunburst	High
177	20.140.124.8	-	Sunburst	High
178	20.140.128.33	-	Sunburst	High
179	20.140.130.157	-	Sunburst	High
180	20.140.131.21	-	Sunburst	High
181	20.140.137.231	-	Sunburst	High
182	20.140.139.227	-	Sunburst	High
183	20.140.141.136	-	Sunburst	High
184	20.140.145.112	-	Sunburst	High
185	20.140.145.166	-	Sunburst	High
186	20.140.146.62	-	Sunburst	High
187	20.140.146.105	-	Sunburst	High
188	20.140.153.181	-	Sunburst	High
189	20.140.154.101	-	Sunburst	High
190	20.140.154.172	-	Sunburst	High
191	20.140.156.151	-	Sunburst	High
192	20.140.159.169	-	Sunburst	High
193	20.140.160.147	-	Sunburst	High
194	20.140.160.240	-	Sunburst	High
195	20.140.161.165	-	Sunburst	High
196	20.140.162.103	-	Sunburst	High
197	20.140.162.161	-	Sunburst	High
198	20.140.164.117	-	Sunburst	High
199	20.140.168.245	-	Sunburst	High
200	20.140.169.31	-	Sunburst	High
201	20.140.171.1	-	Sunburst	High
202	20.140.173.31	-	Sunburst	High
203	20.140.173.218	-	Sunburst	High
204	20.140.174.227	-	Sunburst	High
205	20.140.180.78	-	Sunburst	High
206	20.140.182.97	-	Sunburst	High
207	20.140.186.9	-	Sunburst	High
208	20.140.187.224	-	Sunburst	High
209	20.140.190.142	-	Sunburst	High
210	20.140.192.20	-	Sunburst	High
211	20.140.195.178	-	Sunburst	High
212	20.140.196.230	-	Sunburst	High
213	20.140.198.77	-	Sunburst	High
214	20.140.199.190	-	Sunburst	High
215	20.140.200.89	-	Sunburst	High
216	20.140.201.138	-	Sunburst	High
217	20.140.203.164	-	Sunburst	High
218	20.140.208.247	-	Sunburst	High
219	20.140.209.163	-	Sunburst	High
220	20.140.210.8	-	Sunburst	High
221	20.140.211.161	-	Sunburst	High
222	20.140.212.45	-	Sunburst	High
223	20.140.212.62	-	Sunburst	High
224	20.140.213.144	-	Sunburst	High
225	20.140.215.25	-	Sunburst	High
226	20.140.216.43	-	Sunburst	High
227	20.140.220.20	-	Sunburst	High
228	20.140.221.17	-	Sunburst	High
229	20.140.227.4	-	Sunburst	High
230	20.140.229.31	-	Sunburst	High
231	20.140.230.9	-	Sunburst	High
232	20.140.230.252	-	Sunburst	High
233	20.140.235.69	-	Sunburst	High
234	20.140.236.165	-	Sunburst	High
235	20.140.238.11	-	Sunburst	High
236	20.140.240.57	-	Sunburst	High
237	20.140.241.12	-	Sunburst	High
238	20.140.244.106	-	Sunburst	High
239	20.140.248.124	-	Sunburst	High
240	20.140.248.170	-	Sunburst	High
241	20.140.250.63	-	Sunburst	High
242	20.140.251.174	-	Sunburst	High
243	20.140.251.188	-	Sunburst	High
244	20.140.253.160	-	Sunburst	High
245	20.141.0.77	-	Sunburst	High
246	20.141.9.167	-	Sunburst	High
247	20.141.11.87	-	Sunburst	High
248	20.141.15.1	-	Sunburst	High
249	20.141.15.111	-	Sunburst	High
250	20.141.16.202	-	Sunburst	High
251	20.141.17.3	-	Sunburst	High
252	20.141.20.48	-	Sunburst	High
253	20.141.25.180	-	Sunburst	High
254	20.141.34.27	-	Sunburst	High
255	20.141.34.98	-	Sunburst	High
256	20.141.36.50	-	Sunburst	High
257	20.141.40.176	-	Sunburst	High
258	20.141.42.89	-	Sunburst	High
259	20.141.42.116	-	Sunburst	High
260	20.141.47.31	-	Sunburst	High
261	20.141.48.63	-	Sunburst	High
262	20.141.49.192	-	Sunburst	High
263	20.141.51.22	-	Sunburst	High
264	20.141.51.230	-	Sunburst	High
265	20.141.52.223	-	Sunburst	High
266	20.141.53.10	-	Sunburst	High
267	20.141.55.22	-	Sunburst	High
268	20.141.59.57	-	Sunburst	High
269	20.141.59.224	-	Sunburst	High
270	20.141.63.17	-	Sunburst	High
271	20.141.64.21	-	Sunburst	High
272	20.141.68.74	-	Sunburst	High
273	20.141.69.131	-	Sunburst	High
274	20.141.71.54	-	Sunburst	High
275	20.141.72.37	-	Sunburst	High
276	20.141.72.50	-	Sunburst	High
277	20.141.73.28	-	Sunburst	High
278	20.141.73.97	-	Sunburst	High
279	20.141.74.151	-	Sunburst	High
280	20.141.75.180	-	Sunburst	High
281	20.141.80.1	-	Sunburst	High
282	20.141.81.210	-	Sunburst	High
283	20.141.82.242	-	Sunburst	High
284	20.141.83.205	-	Sunburst	High
285	20.141.90.48	-	Sunburst	High
286	20.141.92.85	-	Sunburst	High
287	20.141.95.77	-	Sunburst	High
288	20.141.95.188	-	Sunburst	High
289	...	...	...	...

There are 1150 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by UNC2452. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Weakness	Description	Confidence
1	T1006	CWE-21, CWE-22	Pathname Traversal	High
2	T1040	CWE-319	Authentication Bypass by Capture-replay	High
3	T1055	CWE-74	Injection	High
4	T1059	CWE-88, CWE-94	Cross Site Scripting	High
5	T1059.007	CWE-79, CWE-80	Cross Site Scripting	High
6	...	...	...	...

There are 20 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by UNC2452. This data is unique as it uses our predictive model for actor profiling.

ID	Type	Indicator	Confidence
1	File	`//`	Low
2	File	`/addQuestion.php`	High
3	File	`/adm/setmain.php`	High
4	File	`/admin`	Low
5	File	`/admin/add_exercises.php`	High
6	File	`/admin/add_trainers.php`	High
7	File	`/admin/conferences/get-all-status/`	High
8	File	`/admin/conferences/list/`	High
9	File	`/admin/edit.php`	High
10	File	`/admin/edit_admin_details.php?id=admin`	High
11	File	`/admin/general.cgi`	High
12	File	`/admin/general/change-lang`	High
13	File	`/admin/group/list/`	High
14	File	`/admin/lab.php`	High
15	File	`/admin/newsletter1.php`	High
16	File	`/admin/scheprofile.cgi`	High
17	File	`/admin/searchview.php`	High
18	File	`/admin/service/stop/`	High
19	File	`/admin/students/view_student.php`	High
20	File	`/admin/usermanagement.php`	High
21	File	`/api/`	Low
22	File	`/api/user/userData?userCode=admin`	High
23	File	`/api/v1/user`	Medium
24	File	`/artist-display.php`	High
25	File	`/catcompany.php`	High
26	File	`/category.php`	High
27	File	`/cgi-bin/ExportAllSettings.sh`	High
28	File	`/cgi-bin/mesh.cgi?page=upgrade`	High
29	File	`/cgi-bin/nightled.cgi`	High
30	File	`/cgi-bin/touchlist_sync.cgi`	High
31	File	`/ci_hms/massage_room/edit/1`	High
32	File	`/ci_hms/search`	High
33	File	`/ci_spms/admin/category`	High
34	File	`/ci_spms/admin/search/searching/`	High
35	File	`/claire_blake`	High
36	File	`/config/getuser`	High
37	File	`/dashboard/add-portfolio.php`	High
38	File	`/dashboard/add-service.php`	High
39	File	`/dashboard/settings`	High
40	File	`/dashboard/updatelogo.php`	High
41	File	`/ecrire`	Low
42	File	`/editbrand.php`	High
43	File	`/edituser.php`	High
44	File	`/etc/networkd-dispatcher`	High
45	File	`/etc/shadow`	Medium
46	File	`/etc/shadow.sample`	High
47	File	`/film-rating.php`	High
48	File	`/front/roomtype-details.php`	High
49	File	`/fw.login.php`	High
50	...	...	...

There are 432 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

28 KiB Raw Blame History