Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/campaigns/Sunburst/README.md

38 KiB
Raw Blame History

Sunburst - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the campaign known as Sunburst. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Sunburst:

There are 19 more country items available. Please use our online service to access the data.

Actors

These actors are associated with Sunburst or other actors linked to the campaign.

ID Actor Confidence
1 UNC2452 High

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Sunburst.

ID IP address Hostname Actor Confidence
1 3.101.88.204 ec2-3-101-88-204.us-west-1.compute.amazonaws.com UNC2452 Medium
2 8.18.144.1 - UNC2452 High
3 8.18.144.2 7201-1.va.diaperscorp.com UNC2452 High
4 8.18.144.3 7201-2.va.diaperscorp.com UNC2452 High
5 8.18.144.8 3845-1.va.diaperscorp.com UNC2452 High
6 8.18.144.9 - UNC2452 High
7 8.18.144.10 - UNC2452 High
8 8.18.144.11 3845-2.va.diaperscorp.com UNC2452 High
9 8.18.144.28 - UNC2452 High
10 8.18.144.30 - UNC2452 High
11 8.18.144.32 - UNC2452 High
12 8.18.144.33 - UNC2452 High
13 8.18.144.34 - UNC2452 High
14 8.18.144.35 - UNC2452 High
15 8.18.144.40 - UNC2452 High
16 8.18.144.41 - UNC2452 High
17 8.18.144.42 - UNC2452 High
18 8.18.144.43 - UNC2452 High
19 8.18.144.53 - UNC2452 High
20 8.18.144.54 - UNC2452 High
21 8.18.144.62 - UNC2452 High
22 8.18.144.63 - UNC2452 High
23 8.18.144.64 - UNC2452 High
24 8.18.144.65 - UNC2452 High
25 8.18.144.74 - UNC2452 High
26 8.18.144.96 - UNC2452 High
27 8.18.144.97 - UNC2452 High
28 8.18.144.99 - UNC2452 High
29 8.18.144.106 - UNC2452 High
30 8.18.144.107 - UNC2452 High
31 8.18.144.112 - UNC2452 High
32 8.18.144.128 - UNC2452 High
33 8.18.144.129 - UNC2452 High
34 8.18.144.130 - UNC2452 High
35 8.18.144.131 - UNC2452 High
36 8.18.144.136 - UNC2452 High
37 8.18.144.137 - UNC2452 High
38 8.18.144.138 - UNC2452 High
39 8.18.144.139 - UNC2452 High
40 8.18.144.149 - UNC2452 High
41 8.18.144.157 - UNC2452 High
42 8.18.144.159 - UNC2452 High
43 8.18.144.160 - UNC2452 High
44 8.18.144.161 - UNC2452 High
45 8.18.144.162 - UNC2452 High
46 8.18.144.163 - UNC2452 High
47 8.18.144.168 - UNC2452 High
48 8.18.144.169 - UNC2452 High
49 8.18.144.170 - UNC2452 High
50 8.18.144.171 - UNC2452 High
51 8.18.144.180 - UNC2452 High
52 8.18.144.182 - UNC2452 High
53 8.18.144.188 - UNC2452 High
54 8.18.144.190 - UNC2452 High
55 8.18.144.193 - UNC2452 High
56 8.18.144.225 - UNC2452 High
57 8.18.144.234 - UNC2452 High
58 8.18.144.235 - UNC2452 High
59 8.18.144.240 - UNC2452 High
60 8.18.145.1 - UNC2452 High
61 8.18.145.2 - UNC2452 High
62 8.18.145.8 - UNC2452 High
63 8.18.145.9 - UNC2452 High
64 8.18.145.10 - UNC2452 High
65 8.18.145.11 - UNC2452 High
66 8.18.145.20 - UNC2452 High
67 8.18.145.22 - UNC2452 High
68 8.18.145.23 - UNC2452 High
69 8.18.145.28 - UNC2452 High
70 8.18.145.32 - UNC2452 High
71 8.18.145.33 - UNC2452 High
72 8.18.145.34 - UNC2452 High
73 8.18.145.35 - UNC2452 High
74 8.18.145.40 - UNC2452 High
75 8.18.145.41 - UNC2452 High
76 8.18.145.42 - UNC2452 High
77 8.18.145.43 - UNC2452 High
78 8.18.145.52 - UNC2452 High
79 8.18.145.53 - UNC2452 High
80 8.18.145.55 - UNC2452 High
81 8.18.145.66 - UNC2452 High
82 8.18.145.75 - UNC2452 High
83 8.18.145.81 - UNC2452 High
84 8.18.145.98 - UNC2452 High
85 8.18.145.106 - UNC2452 High
86 8.18.145.107 - UNC2452 High
87 8.18.145.128 - UNC2452 High
88 8.18.145.129 - UNC2452 High
89 8.18.145.130 - UNC2452 High
90 8.18.145.131 - UNC2452 High
91 8.18.145.136 - UNC2452 High
92 8.18.145.137 - UNC2452 High
93 8.18.145.138 - UNC2452 High
94 8.18.145.139 - UNC2452 High
95 8.18.145.148 - UNC2452 High
96 8.18.145.151 - UNC2452 High
97 8.18.145.156 - UNC2452 High
98 8.18.145.158 - UNC2452 High
99 8.18.145.159 - UNC2452 High
100 8.18.145.160 - UNC2452 High
101 8.18.145.161 - UNC2452 High
102 8.18.145.162 - UNC2452 High
103 8.18.145.163 - UNC2452 High
104 8.18.145.168 - UNC2452 High
105 8.18.145.169 - UNC2452 High
106 8.18.145.170 - UNC2452 High
107 8.18.145.171 - UNC2452 High
108 8.18.145.182 - UNC2452 High
109 8.18.145.188 - UNC2452 High
110 8.18.145.189 - UNC2452 High
111 8.18.145.190 - UNC2452 High
112 8.18.145.191 - UNC2452 High
113 8.18.145.192 - UNC2452 High
114 8.18.145.193 - UNC2452 High
115 8.18.145.200 - UNC2452 High
116 8.18.145.201 - UNC2452 High
117 8.18.145.217 - UNC2452 High
118 8.18.145.223 - UNC2452 High
119 8.18.145.240 kindle-user.whispernet.com UNC2452 High
120 13.56.226.124 ec2-13-56-226-124.us-west-1.compute.amazonaws.com UNC2452 Medium
121 13.65.251.83 - UNC2452 High
122 13.84.134.105 - UNC2452 High
123 13.90.103.231 - UNC2452 High
124 13.92.233.22 - UNC2452 High
125 18.130.193.22 ec2-18-130-193-22.eu-west-2.compute.amazonaws.com UNC2452 Medium
126 20.140.0.81 - UNC2452 High
127 20.140.0.185 - UNC2452 High
128 20.140.1.170 - UNC2452 High
129 20.140.6.165 - UNC2452 High
130 20.140.10.221 - UNC2452 High
131 20.140.16.213 - UNC2452 High
132 20.140.22.238 - UNC2452 High
133 20.140.23.106 - UNC2452 High
134 20.140.33.21 - UNC2452 High
135 20.140.35.209 - UNC2452 High
136 20.140.37.193 - UNC2452 High
137 20.140.39.249 - UNC2452 High
138 20.140.42.134 - UNC2452 High
139 20.140.53.77 - UNC2452 High
140 20.140.58.231 - UNC2452 High
141 20.140.60.142 - UNC2452 High
142 20.140.60.229 - UNC2452 High
143 20.140.61.217 - UNC2452 High
144 20.140.62.111 - UNC2452 High
145 20.140.65.188 - UNC2452 High
146 20.140.71.226 - UNC2452 High
147 20.140.73.228 - UNC2452 High
148 20.140.73.242 - UNC2452 High
149 20.140.74.185 - UNC2452 High
150 20.140.75.245 - UNC2452 High
151 20.140.77.215 - UNC2452 High
152 20.140.80.233 - UNC2452 High
153 20.140.88.52 - UNC2452 High
154 20.140.91.208 - UNC2452 High
155 20.140.92.229 - UNC2452 High
156 20.140.92.255 - UNC2452 High
157 20.140.93.134 - UNC2452 High
158 20.140.98.16 - UNC2452 High
159 20.140.98.35 - UNC2452 High
160 20.140.100.139 - UNC2452 High
161 20.140.104.94 - UNC2452 High
162 20.140.107.234 - UNC2452 High
163 20.140.112.220 - UNC2452 High
164 20.140.112.243 - UNC2452 High
165 20.140.114.106 - UNC2452 High
166 20.140.114.189 - UNC2452 High
167 20.140.114.200 - UNC2452 High
168 20.140.116.15 - UNC2452 High
169 20.140.119.154 - UNC2452 High
170 20.140.119.196 - UNC2452 High
171 20.140.122.138 - UNC2452 High
172 20.140.122.210 - UNC2452 High
173 20.140.123.240 - UNC2452 High
174 20.140.124.8 - UNC2452 High
175 20.140.128.33 - UNC2452 High
176 20.140.130.157 - UNC2452 High
177 20.140.131.21 - UNC2452 High
178 20.140.137.231 - UNC2452 High
179 20.140.139.227 - UNC2452 High
180 20.140.141.136 - UNC2452 High
181 20.140.145.112 - UNC2452 High
182 20.140.145.166 - UNC2452 High
183 20.140.146.62 - UNC2452 High
184 20.140.146.105 - UNC2452 High
185 20.140.153.181 - UNC2452 High
186 20.140.154.101 - UNC2452 High
187 20.140.154.172 - UNC2452 High
188 20.140.156.151 - UNC2452 High
189 20.140.159.169 - UNC2452 High
190 20.140.160.147 - UNC2452 High
191 20.140.160.240 - UNC2452 High
192 20.140.161.165 - UNC2452 High
193 20.140.162.103 - UNC2452 High
194 20.140.162.161 - UNC2452 High
195 20.140.164.117 - UNC2452 High
196 20.140.168.245 - UNC2452 High
197 20.140.169.31 - UNC2452 High
198 20.140.171.1 - UNC2452 High
199 20.140.173.31 - UNC2452 High
200 20.140.173.218 - UNC2452 High
201 20.140.174.227 - UNC2452 High
202 20.140.180.78 - UNC2452 High
203 20.140.182.97 - UNC2452 High
204 20.140.186.9 - UNC2452 High
205 20.140.187.224 - UNC2452 High
206 20.140.190.142 - UNC2452 High
207 20.140.192.20 - UNC2452 High
208 20.140.195.178 - UNC2452 High
209 20.140.196.230 - UNC2452 High
210 20.140.198.77 - UNC2452 High
211 20.140.199.190 - UNC2452 High
212 20.140.200.89 - UNC2452 High
213 20.140.201.138 - UNC2452 High
214 20.140.203.164 - UNC2452 High
215 20.140.208.247 - UNC2452 High
216 20.140.209.163 - UNC2452 High
217 20.140.210.8 - UNC2452 High
218 20.140.211.161 - UNC2452 High
219 20.140.212.45 - UNC2452 High
220 20.140.212.62 - UNC2452 High
221 20.140.213.144 - UNC2452 High
222 20.140.215.25 - UNC2452 High
223 20.140.216.43 - UNC2452 High
224 20.140.220.20 - UNC2452 High
225 20.140.221.17 - UNC2452 High
226 20.140.227.4 - UNC2452 High
227 20.140.229.31 - UNC2452 High
228 20.140.230.9 - UNC2452 High
229 20.140.230.252 - UNC2452 High
230 20.140.235.69 - UNC2452 High
231 20.140.236.165 - UNC2452 High
232 20.140.238.11 - UNC2452 High
233 20.140.240.57 - UNC2452 High
234 20.140.241.12 - UNC2452 High
235 20.140.244.106 - UNC2452 High
236 20.140.248.124 - UNC2452 High
237 20.140.248.170 - UNC2452 High
238 20.140.250.63 - UNC2452 High
239 20.140.251.174 - UNC2452 High
240 20.140.251.188 - UNC2452 High
241 20.140.253.160 - UNC2452 High
242 20.141.0.77 - UNC2452 High
243 20.141.9.167 - UNC2452 High
244 20.141.11.87 - UNC2452 High
245 20.141.15.1 - UNC2452 High
246 20.141.15.111 - UNC2452 High
247 20.141.16.202 - UNC2452 High
248 20.141.17.3 - UNC2452 High
249 20.141.20.48 - UNC2452 High
250 20.141.25.180 - UNC2452 High
251 20.141.34.27 - UNC2452 High
252 20.141.34.98 - UNC2452 High
253 20.141.36.50 - UNC2452 High
254 20.141.40.176 - UNC2452 High
255 20.141.42.89 - UNC2452 High
256 20.141.42.116 - UNC2452 High
257 20.141.47.31 - UNC2452 High
258 20.141.48.63 - UNC2452 High
259 20.141.49.192 - UNC2452 High
260 20.141.51.22 - UNC2452 High
261 20.141.51.230 - UNC2452 High
262 20.141.52.223 - UNC2452 High
263 20.141.53.10 - UNC2452 High
264 20.141.55.22 - UNC2452 High
265 20.141.59.57 - UNC2452 High
266 20.141.59.224 - UNC2452 High
267 20.141.63.17 - UNC2452 High
268 20.141.64.21 - UNC2452 High
269 20.141.68.74 - UNC2452 High
270 20.141.69.131 - UNC2452 High
271 20.141.71.54 - UNC2452 High
272 20.141.72.37 - UNC2452 High
273 20.141.72.50 - UNC2452 High
274 20.141.73.28 - UNC2452 High
275 20.141.73.97 - UNC2452 High
276 20.141.74.151 - UNC2452 High
277 20.141.75.180 - UNC2452 High
278 20.141.80.1 - UNC2452 High
279 20.141.81.210 - UNC2452 High
280 20.141.82.242 - UNC2452 High
281 20.141.83.205 - UNC2452 High
282 20.141.90.48 - UNC2452 High
283 20.141.92.85 - UNC2452 High
284 20.141.95.77 - UNC2452 High
285 20.141.95.188 - UNC2452 High
286 20.141.101.195 - UNC2452 High
287 ... ... ... ...

There are 1142 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used within Sunburst. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22 Pathname Traversal High
2 T1040 CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-88, CWE-94 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 20 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during Sunburst. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File // Low
2 File /addQuestion.php High
3 File /adm/setmain.php High
4 File /admin Low
5 File /admin/add_exercises.php High
6 File /admin/add_trainers.php High
7 File /admin/conferences/get-all-status/ High
8 File /admin/conferences/list/ High
9 File /admin/edit.php High
10 File /admin/edit_admin_details.php?id=admin High
11 File /admin/general.cgi High
12 File /admin/general/change-lang High
13 File /admin/group/list/ High
14 File /admin/lab.php High
15 File /admin/newsletter1.php High
16 File /admin/scheprofile.cgi High
17 File /admin/searchview.php High
18 File /admin/service/stop/ High
19 File /admin/students/view_student.php High
20 File /admin/usermanagement.php High
21 File /api/ Low
22 File /api/user/userData?userCode=admin High
23 File /api/v1/user Medium
24 File /artist-display.php High
25 File /catcompany.php High
26 File /category.php High
27 File /cgi-bin/ExportAllSettings.sh High
28 File /cgi-bin/mesh.cgi?page=upgrade High
29 File /cgi-bin/nightled.cgi High
30 File /cgi-bin/touchlist_sync.cgi High
31 File /ci_hms/massage_room/edit/1 High
32 File /ci_hms/search High
33 File /ci_spms/admin/category High
34 File /ci_spms/admin/search/searching/ High
35 File /claire_blake High
36 File /config/getuser High
37 File /dashboard/add-portfolio.php High
38 File /dashboard/add-service.php High
39 File /dashboard/settings High
40 File /dashboard/updatelogo.php High
41 File /ecrire Low
42 File /editbrand.php High
43 File /edituser.php High
44 File /etc/networkd-dispatcher High
45 File /etc/shadow Medium
46 File /etc/shadow.sample High
47 File /film-rating.php High
48 File /front/roomtype-details.php High
49 File /fw.login.php High
50 ... ... ...

There are 431 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the campaign and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!