Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-07-03 08:58:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
6ff7b0fc1f
cyber_threat_intelligence/actors/Belgium Unknown
History
Marc Ruef 6ff7b0fc1f Update
2022-11-26 12:43:44 +01:00
..
README.md Update 2022-11-26 12:43:44 +01:00

README.md

Belgium Unknown - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Belgium Unknown. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.belgium_unknown

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Belgium Unknown:

There are 22 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Belgium Unknown.

ID IP address Hostname Campaign Confidence
1 2.56.220.0 - - High
2 2.57.40.0 - - High
3 2.57.152.0 - - High
4 2.57.212.0 - - High
5 2.58.108.0 - - High
6 2.59.64.0 - - High
7 2.59.204.0 - - High
8 5.23.128.0 5-23-128-0.access.telenet.be - High
9 5.39.101.32 register.dogmanet.net - High
10 5.62.20.0 - - High
11 5.62.39.212 r-212.39.62.5.ptr.avast.com - High
12 5.62.39.216 r-216.39.62.5.ptr.avast.com - High
13 5.62.39.224 r-224.39.62.5.ptr.avast.com - High
14 5.62.39.240 r-240.39.62.5.ptr.avast.com - High
15 5.62.39.248 r-248.39.62.5.ptr.avast.com - High
16 5.134.0.0 - - High
17 5.135.35.208 ip208.ip-5-135-35.eu - High
18 5.135.58.224 - - High
19 5.135.114.128 ip128.ip-5-135-114.eu - High
20 5.135.214.224 zimbra1.cloud.it-optics.com - High
21 5.135.241.60 ip60.ip-5-135-241.eu - High
22 5.149.112.0 - - High
23 5.149.136.0 - - High
24 5.175.188.176 obgqh.host1dns.com - High
25 5.180.224.0 5-180-224-0.voiped.eu - High
26 5.183.236.0 - - High
27 5.196.50.80 ip80.ip-5-196-50.eu - High
28 5.196.115.128 ip128.ip-5-196-115.eu - High
29 5.196.120.0 - - High
30 5.196.123.176 ip176.ip-5-196-123.eu - High
31 5.196.143.80 - - High
32 5.196.186.116 ip116.ip-5-196-186.eu - High
33 5.196.192.68 - - High
34 5.196.220.128 a1.a.ciumbek.com - High
35 5.231.76.0 - - High
36 5.253.205.0 - - High
37 5.255.128.0 - - High
38 5.255.146.64 - - High
39 5.255.146.96 - - High
40 8.44.2.0 - - High
41 17.67.208.0 - - High
42 17.68.16.0 - - High
43 17.72.116.0 - - High
44 17.77.208.0 - - High
45 31.6.24.0 - - High
46 31.6.33.0 - - High
47 31.12.64.0 - - High
48 31.14.50.0 31-14-50-0.static.nucleus.be - High
49 31.22.16.0 - - High
50 31.24.112.0 mx0.zabun.be - High
51 31.31.128.0 - - High
52 31.44.108.0 lan-31-44-108-0.vln.penki.lt - High
53 31.193.40.0 - - High
54 31.193.176.0 - - High
55 31.209.128.0 0.128.209.31.as43256.net - High
56 32.42.23.144 - - High
57 32.106.214.0 bb.32-106-214-0.bru.be.prserv.net - High
58 32.106.224.0 bb.32-106-224-0.bru.be.prserv.net - High
59 32.106.226.0 bb.32-106-226-0.bru.be.prserv.net - High
60 34.99.64.0 0.64.99.34.bc.googleusercontent.com - Medium
61 34.99.72.0 0.72.99.34.bc.googleusercontent.com - Medium
62 34.103.56.0 0.56.103.34.bc.googleusercontent.com - Medium
63 34.124.84.0 0.84.124.34.bc.googleusercontent.com - Medium
64 35.184.160.12 12.160.184.35.bc.googleusercontent.com - Medium
65 35.201.123.214 214.123.201.35.bc.googleusercontent.com - Medium
66 35.205.1.0 0.1.205.35.bc.googleusercontent.com - Medium
67 37.19.8.0 - - High
68 37.35.105.176 nsorg6.peak-science.org - High
69 37.44.240.0 - - High
70 37.58.40.0 - - High
71 37.59.141.224 - - High
72 37.59.173.160 - - High
73 37.59.184.152 ip152.ip-37-59-184.eu - High
74 37.59.200.208 ip208.ip-37-59-200.eu - High
75 37.59.211.224 ip224.ip-37-59-211.eu - High
76 37.59.227.80 - - High
77 37.59.255.181 ip181.ip-37-59-255.eu - High
78 37.59.255.182 ip182.ip-37-59-255.eu - High
79 37.62.0.0 0-0-62-37.mobileinternet.proximus.be - High
80 37.72.160.0 n-0.static-37-72-160.as30961.net - High
81 37.120.143.0 bcw0.slipteach.us - High
82 37.120.218.0 - - High
83 37.123.232.0 - - High
84 37.143.0.0 - - High
85 37.148.176.0 37.148.176.0.static.hosted.by.combell.com - High
86 37.168.224.42 - - High
87 37.184.0.0 - - High
88 37.187.196.64 ip64.ip-37-187-196.eu - High
89 37.187.220.192 ip192.ip-37-187-220.eu - High
90 37.208.56.0 - - High
91 37.208.88.0 - - High
92 37.230.120.0 - - High
93 37.247.94.8 37-247-94-8.staticip.skydsl.eu - High
94 44.144.0.0 - - High
95 44.144.128.0 - - High
96 44.144.144.0 - - High
97 44.144.146.0 - - High
98 44.144.148.0 - - High
99 44.144.152.0 - - High
100 44.144.160.0 - - High
101 44.144.192.0 - - High
102 45.8.69.0 - - High
103 45.11.164.0 - - High
104 45.12.70.20 nice-travel.get-eye.com - High
105 45.12.71.20 - - High
106 45.12.172.0 - - High
107 45.13.100.0 - - High
108 45.13.116.0 - - High
109 45.13.118.0 - - High
110 45.14.132.0 - - High
111 45.85.20.0 - - High
112 45.85.28.0 - - High
113 45.86.92.0 - - High
114 45.87.76.2 ras.devrandom.be - High
115 45.88.56.0 - - High
116 45.88.56.112 - - High
117 45.88.56.128 - - High
118 45.88.57.0 - - High
119 45.88.58.0 - - High
120 45.90.160.0 - - High
121 45.90.184.0 - - High
122 45.91.140.0 - - High
123 45.92.196.0 - - High
124 45.128.133.0 - - High
125 45.129.68.0 - - High
126 45.129.94.0 45-129-94-0.rev.red-panda.be - High
127 45.134.76.0 - - High
128 45.138.120.0 - - High
129 45.139.1.0 - - High
130 45.139.208.0 - - High
131 45.140.171.0 - - High
132 45.143.44.0 - - High
133 45.148.100.0 - - High
134 45.149.64.0 - - High
135 45.149.96.0 - - High
136 45.152.68.0 - - High
137 45.152.80.0 - - High
138 45.153.152.0 - - High
139 45.154.96.0 - - High
140 45.154.162.0 - - High
141 45.154.228.0 - - High
142 45.156.152.0 - - High
143 46.16.240.0 - - High
144 46.16.244.0 - - High
145 46.16.246.0 - - High
146 46.16.247.0 - - High
147 46.16.247.128 - - High
148 46.18.32.0 - - High
149 46.19.0.0 - - High
150 46.28.40.0 - - High
151 46.31.88.0 - - High
152 46.105.80.160 ip160.ip-46-105-80.eu - High
153 46.105.84.240 ip240.ip-46-105-84.eu - High
154 46.105.91.128 ip128.ip-46-105-91.eu - High
155 46.105.162.81 ip81.ip-46-105-162.eu - High
156 46.105.165.240 227.sbg2.ovh.abcd.network - High
157 46.105.170.128 ops.flylinking.top - High
158 46.105.231.176 - - High
159 46.105.236.224 ip224.ip-46-105-236.eu - High
160 46.151.96.0 - - High
161 46.161.61.128 pinspb.ru - High
162 46.178.0.0 0-0-178-46.mobileinternet.proximus.be - High
163 46.182.192.0 - - High
164 46.189.28.210 - - High
165 46.233.69.192 - - High
166 46.243.140.0 - - High
167 46.243.217.0 - - High
168 46.243.218.0 - - High
169 46.243.248.0 - - High
170 46.248.4.0 - - High
171 46.253.160.0 void.coditel.net - High
172 51.38.2.0 ip0.ip-51-38-2.eu - High
173 51.38.21.144 vpnout101-107-1-be.ciberprotector.com - High
174 51.38.96.64 ip64.ip-51-38-96.eu - High
175 51.38.107.176 ip176.ip-51-38-107.eu - High
176 51.38.119.16 clinicaveterinariacuritiba.com.br - High
177 51.38.120.144 mail2.send4mail.com - High
178 51.38.122.24 ip24.ip-51-38-122.eu - High
179 51.68.3.0 ip0.ip-51-68-3.eu - High
180 51.68.160.64 croixste.courtworker.com - High
181 51.68.171.48 ip48.ip-51-68-171.eu - High
182 51.68.252.128 ip128.ip-51-68-252.eu - High
183 51.75.84.112 3gb.infiale.org - High
184 51.75.86.64 ip64.ip-51-75-86.eu - High
185 51.75.87.80 ip80.ip-51-75-87.eu - High
186 51.75.87.240 ip240.ip-51-75-87.eu - High
187 51.75.102.128 ip128.ip-51-75-102.eu - High
188 51.75.151.128 ip128.ip-51-75-151.eu - High
189 51.75.153.128 05.str.cloudns.cl - High
190 51.77.30.0 cloud6.elitewebseo.fr - High
191 51.77.73.48 ip48.ip-51-77-73.eu - High
192 51.77.83.32 ip32.ip-51-77-83.eu - High
193 51.77.92.144 ip144.ip-51-77-92.eu - High
194 51.89.0.160 ip160.ip-51-89-0.eu - High
195 51.89.1.0 ip0.ip-51-89-1.eu - High
196 51.89.2.32 i6b.ithrisa.com - High
197 51.89.2.144 remain.lambalord.com - High
198 51.89.3.128 ip128.ip-51-89-3.eu - High
199 51.89.3.160 ip160.ip-51-89-3.eu - High
200 51.89.8.80 ip80.ip-51-89-8.eu - High
201 51.89.8.128 ip128.ip-51-89-8.eu - High
202 51.89.16.160 lamda-04.fraciner.com - High
203 51.89.19.48 ip48.ip-51-89-19.eu - High
204 51.89.37.176 owncast.renshosting.nl - High
205 51.89.38.32 ip32.ip-51-89-38.eu - High
206 51.89.39.160 ip160.ip-51-89-39.eu - High
207 51.89.46.176 ip176.ip-51-89-46.eu - High
208 51.89.53.128 ip128.ip-51-89-53.eu - High
209 51.89.105.48 ip48.ip-51-89-105.eu - High
210 51.89.105.80 ov-hc6.r7yg.in - High
211 51.89.114.144 - - High
212 51.89.115.224 ip224.ip-51-89-115.eu - High
213 51.89.122.48 ip48.ip-51-89-122.eu - High
214 51.91.163.0 ip0.ip-51-91-163.eu - High
215 51.91.183.0 ip0.ip-51-91-183.eu - High
216 51.91.226.128 ip128.ip-51-91-226.eu - High
217 51.178.226.128 ip128.ip-51-178-226.eu - High
218 51.254.14.0 alin1.qansee.com - High
219 51.254.24.112 ip112.ip-51-254-24.eu - High
220 51.254.24.160 ip160.ip-51-254-24.eu - High
221 51.254.30.232 ip232.ip-51-254-30.eu - High
222 51.254.78.184 ip184.ip-51-254-78.eu - High
223 51.254.105.192 ip192.ip-51-254-105.eu - High
224 51.254.165.96 ip96.ip-51-254-165.eu - High
225 51.254.189.64 mta01.businessmenbapi.com - High
226 51.254.213.193 193.ip-51-254-213.eu - High
227 51.254.252.128 ip128.ip-51-254-252.eu - High
228 51.255.2.64 ip64.ip-51-255-2.eu - High
229 51.255.19.192 ip192.ip-51-255-19.eu - High
230 51.255.106.64 ip64.ip-51-255-106.eu - High
231 51.255.110.64 ip64.ip-51-255-110.eu - High
232 51.255.138.192 mailing.matedex.be - High
233 51.255.162.63 63.ip-51-255-162.eu - High
234 51.255.169.245 - - High
235 51.255.218.64 vm817.cloud.dare.systems - High
236 54.36.25.0 loge-athena.be - High
237 54.36.45.0 ip0.ip-54-36-45.eu - High
238 54.36.75.128 - - High
239 54.36.94.0 digitaldesign.be - High
240 54.36.217.0 ip0.ip-54-36-217.eu - High
241 54.36.240.0 has.itmax.store - High
242 54.36.248.0 ha1.130.biz-linking.co - High
243 54.37.175.0 ip0.ip-54-37-175.eu - High
244 54.37.190.128 cloud-be-128.irc.webcam - High
245 54.37.193.128 ip128.ip-54-37-193.eu - High
246 54.37.200.144 ip144.ip-54-37-200.eu - High
247 54.38.16.0 ip0.ip-54-38-16.eu - High
248 54.38.31.0 ip0.ip-54-38-31.eu - High
249 54.38.125.0 sanetja.pl - High
250 54.38.162.224 ip224.ip-54-38-162.eu - High
251 54.38.217.96 - - High
252 57.0.0.0 - - High
253 57.67.160.0 - - High
254 57.128.0.0 ip0.ip-57-128-0.eu - High
255 57.160.0.0 - - High
256 57.176.0.0 - - High
257 57.184.0.0 - - High
258 57.188.4.0 - - High
259 57.188.8.0 - - High
260 57.188.16.0 - - High
261 57.188.32.0 - - High
262 57.188.64.0 - - High
263 57.188.128.0 - - High
264 57.189.0.0 - - High
265 57.191.0.0 - - High
266 57.224.0.0 - - High
267 62.4.128.0 0.128-4-62.wifi-dyn.isp.proximus.be - High
268 62.72.96.0 - - High
269 62.88.0.0 - - High
270 62.112.15.0 - - High
271 62.112.16.0 - - High
272 62.112.24.0 - - High
273 62.112.29.0 - - High
274 62.112.31.0 - - High
275 62.122.36.0 powered.by.as35701.net - High
276 62.166.192.0 0-192-166-62.ftth.glasoperator.nl - High
277 62.166.196.0 0-196-166-62.ftth.glasoperator.nl - High
278 62.166.200.0 0-200-166-62.ftth.glasoperator.nl - High
279 62.166.208.0 0-208-166-62.ftth.glasoperator.nl - High
280 62.182.56.0 - - High
281 62.184.8.80 - - High
282 62.184.80.0 - - High
283 62.184.88.64 - - High
284 62.184.101.0 - - High
285 62.184.165.40 - - High
286 62.184.174.16 - - High
287 62.185.0.64 - - High
288 62.185.1.64 - - High
289 62.185.1.80 - - High
290 62.185.23.160 - - High
291 62.185.33.128 - - High
292 62.185.94.0 - - High
293 62.185.113.48 - - High
294 62.185.138.24 - - High
295 62.185.146.192 - - High
296 62.185.161.224 - - High
297 62.185.193.32 - - High
298 62.185.195.0 - - High
299 62.185.195.128 - - High
300 62.185.195.160 - - High
301 62.185.195.192 - - High
302 62.185.207.0 - - High
303 62.185.208.0 - - High
304 62.185.212.0 - - High
305 62.185.213.0 - - High
306 62.185.214.0 - - High
307 62.185.215.0 - - High
308 62.185.215.128 - - High
309 62.185.216.0 - - High
310 62.186.76.64 - - High
311 62.186.89.128 - - High
312 62.186.94.0 - - High
313 62.186.95.0 - - High
314 62.186.95.128 - - High
315 62.186.122.64 - - High
316 62.186.128.96 - - High
317 62.186.128.192 - - High
318 62.186.148.0 - - High
319 62.186.160.0 - - High
320 62.186.164.0 - - High
321 62.186.186.120 - - High
322 62.186.187.192 - - High
323 62.186.200.192 - - High
324 62.186.204.128 - - High
325 62.186.208.0 - - High
326 62.186.208.64 - - High
327 62.186.208.128 - - High
328 62.186.209.0 - - High
329 62.186.210.0 - - High
330 62.186.212.0 - - High
331 62.186.216.0 - - High
332 62.186.238.0 - - High
333 62.186.239.0 - - High
334 62.187.72.240 - - High
335 62.187.111.0 - - High
336 62.187.192.0 - - High
337 62.187.196.0 - - High
338 62.187.198.0 - - High
339 62.187.199.128 - - High
340 62.187.200.0 - - High
341 62.187.203.0 - - High
342 62.187.204.0 - - High
343 62.187.206.0 - - High
344 62.187.206.64 - - High
345 62.187.206.128 - - High
346 62.187.206.224 - - High
347 62.187.207.0 - - High
348 62.197.64.0 - - High
349 62.200.124.220 - - High
350 62.200.218.8 - - High
351 62.200.218.92 - - High
352 62.200.218.96 - - High
353 62.200.218.108 - - High
354 62.200.218.112 - - High
355 62.200.218.180 - - High
356 62.205.64.0 62-205-64-0.access.telenet.be - High
357 62.213.192.0 62-213-192-0.ip.stuart.be - High
358 62.233.0.0 - - High
359 62.235.0.0 ip-62-235-0-0.dsl.scarlet.be - High
360 63.165.209.33 - - High
361 64.20.61.0 - - High
362 65.115.57.24 65-115-57-24.dia.static.qwest.net - High
363 69.41.57.0 - - High
364 69.41.58.0 - - High
365 69.67.52.160 colo.gothamweb.net - High
366 74.125.16.192 - - High
367 74.125.17.0 - - High
368 74.125.47.0 - - High
369 74.125.60.8 - - High
370 74.125.61.8 - - High
371 74.125.73.0 - - High
372 74.125.73.16 - - High
373 74.125.73.20 - - High
374 74.125.73.22 - - High
375 74.125.73.24 - - High
376 74.125.73.32 - - High
377 74.125.73.64 - - High
378 74.125.73.128 - - High
379 74.125.181.0 - - High
380 77.67.55.192 - - High
381 77.67.107.240 - - High
382 77.72.232.0 - - High
383 77.73.96.0 77-73-96-0.ant.nucleus.be - High
384 77.73.176.0 77-73-176-0.netnoc.eu - High
385 77.74.88.0 - - High
386 77.109.64.0 - - High
387 77.109.77.0 - - High
388 77.109.82.0 - - High
389 77.109.84.0 - - High
390 ... ... ... ...

There are 1556 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Belgium Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-37 Pathname Traversal High
2 T1055 CWE-74 Injection High
3 T1059 CWE-88, CWE-94, CWE-1321 Cross Site Scripting High
4 T1059.007 CWE-79, CWE-80, CWE-87 Cross Site Scripting High
5 T1068 CWE-264, CWE-269, CWE-284 Execution with Unnecessary Privileges High
6 ... ... ... ...

There are 19 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Belgium Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File %PROGRAMFILES(X86)%\Steam High
2 File /action/iperf High
3 File /action/wirelessConnect High
4 File /Admin/add-student.php High
5 File /Admin/login.php High
6 File /admin/sign/out High
7 File /admin/students/manage.php High
8 File /api/discoveries/ High
9 File /api/user/upsert/<uuid> High
10 File /api/v1/attack High
11 File /api/v1/attack/falco High
12 File /api/v1/attack/token High
13 File /api/v1/bait/set High
14 File /api/v2/open/rowsInfo High
15 File /api/v2/open/tablesInfo High
16 File /apilog.php Medium
17 File /balance/service/list High
18 File /bin/proc.cgi High
19 File /category.php High
20 File /changePassword High
21 File /connectors/index.php High
22 File /Core/Ap4File.cpp High
23 File /csms/admin/?page=user/manage_user High
24 File /depotHead/list High
25 File /egroupware/index.php High
26 File /forum/away.php High
27 File /goform/form2WizardStep4 High
28 File /goform/formSetClientState High
29 File /goform/fromSetIpMacBind High
30 File /h/calendar Medium
31 File /h/compose Medium
32 File /h/search?action=voicemail&action=listen High
33 File /hy-cgi/devices.cgi High
34 File /index.asp Medium
35 File /index.php Medium
36 File /index.php/purchase_order/browse_data High
37 File /items/view_item.php High
38 File /jsoa/hntdCustomDesktopActionContent High
39 File /LEPTON_stable_2.2.2/upload/account/logout.php High
40 File /lilac/main.php High
41 File /login Low
42 File /manager/index.php High
43 File /medical/inventories.php High
44 File /module/admin_bp/add_application.php High
45 File /modules/profile/index.php High
46 File /modules/projects/vw_files.php High
47 File /modules/public/calendar.php High
48 File /newsDia.php Medium
49 File /omos/admin/?page=user/list High
50 File /opac/Actions.php?a=login High
51 File /opt/zimbra/jetty/webapps/zimbra/public High
52 File /out.php Medium
53 File /php-sms/admin/ High
54 File /php-sms/classes/Master.php High
55 File /php-sms/classes/SystemSettings.php High
56 ... ... ...

There are 493 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!