Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-30 19:03:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
6ff7b0fc1f
cyber_threat_intelligence/campaigns/BumbleBee
History
Marc Ruef 6ff7b0fc1f Update
2022-11-26 12:43:44 +01:00
..
README.md Update 2022-11-26 12:43:44 +01:00

README.md

BumbleBee - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the campaign known as BumbleBee. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BumbleBee:

There are 6 more country items available. Please use our online service to access the data.

Actors

These actors are associated with BumbleBee or other actors linked to the campaign.

ID Actor Confidence
1 xHunt High
2 Exotic Lily High
3 Bumblebee High
4 ... ...

There are 1 more actor items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of BumbleBee.

ID IP address Hostname Actor Confidence
1 0.42.131.123 - Bumblebee High
2 0.134.23.62 - Bumblebee High
3 0.151.228.146 - Bumblebee High
4 1.32.39.22 - Bumblebee High
5 1.39.166.217 1-39-166-217.live.vodafone.in Bumblebee High
6 2.97.24.126 host-2-97-24-126.as13285.net Bumblebee High
7 2.190.89.140 - Bumblebee High
8 2.211.111.213 dynamic-002-211-111-213.2.211.pool.telefonica.de Bumblebee High
9 3.85.198.66 ec2-3-85-198-66.compute-1.amazonaws.com Bumblebee Medium
10 3.144.143.242 ec2-3-144-143-242.us-east-2.compute.amazonaws.com Bumblebee Medium
11 3.172.226.46 - Bumblebee High
12 4.165.175.212 - Bumblebee High
13 5.152.80.211 - Bumblebee High
14 5.239.33.172 - Bumblebee High
15 6.30.139.246 - Bumblebee High
16 6.249.22.42 - Bumblebee High
17 7.233.9.154 - Bumblebee High
18 8.12.181.20 - Bumblebee High
19 9.63.15.101 - Bumblebee High
20 9.240.112.25 - Bumblebee High
21 10.28.17.62 - Bumblebee High
22 11.1.201.27 - Bumblebee High
23 12.75.186.131 131.newark-21-23rs.nj.dial-access.att.net Bumblebee High
24 12.115.36.174 - Bumblebee High
25 12.153.80.238 - Bumblebee High
26 12.202.229.195 - Bumblebee High
27 12.236.242.155 - Bumblebee High
28 13.2.200.200 - Bumblebee High
29 13.218.205.215 - Bumblebee High
30 14.7.69.141 - Bumblebee High
31 14.40.68.19 - Bumblebee High
32 14.102.170.127 cache-ipnet01.nexlogic.ph Bumblebee High
33 14.155.143.74 - Bumblebee High
34 14.163.179.250 static.vnpt.vn Bumblebee High
35 15.209.19.148 - Bumblebee High
36 18.8.71.243 - Bumblebee High
37 18.127.96.221 - Bumblebee High
38 19.32.56.182 - Bumblebee High
39 19.71.13.153 - Bumblebee High
40 20.150.149.28 - Bumblebee High
41 21.21.141.32 - Bumblebee High
42 21.29.238.98 - Bumblebee High
43 21.175.22.99 - Bumblebee High
44 21.246.85.34 - Bumblebee High
45 22.83.186.45 - Bumblebee High
46 22.175.0.90 - Bumblebee High
47 23.81.246.187 - Bumblebee High
48 23.82.19.208 - Bumblebee High
49 23.82.140.133 - Bumblebee High
50 23.82.141.184 - Bumblebee High
51 23.83.133.1 v327.er01.dal.ubiquity.io Bumblebee High
52 23.83.133.182 - Bumblebee High
53 23.83.133.216 - Bumblebee High
54 23.83.134.110 - Bumblebee High
55 23.83.134.136 - Bumblebee High
56 23.92.127.18 - xHunt High
57 23.106.160.39 - Bumblebee High
58 23.106.160.120 - Bumblebee High
59 23.106.215.123 - Bumblebee High
60 23.108.57.13 - Bumblebee High
61 23.227.198.217 23-227-198-217.static.hvvc.us Bumblebee High
62 23.254.201.97 hwsrv-974106.hostwindsdns.com Bumblebee High
63 23.254.202.59 hwsrv-987701.hostwindsdns.com Bumblebee High
64 23.254.217.20 hwsrv-984041.hostwindsdns.com Bumblebee High
65 23.254.217.222 hwsrv-976272.hostwindsdns.com Bumblebee High
66 23.254.227.144 hwsrv-982332.hostwindsdns.com Bumblebee High
67 23.254.229.131 ruth.gobuddy.info Bumblebee High
68 24.4.68.32 c-24-4-68-32.hsd1.ca.comcast.net Bumblebee High
69 24.57.185.167 d24-57-185-167.home.cgocable.net Bumblebee High
70 24.121.25.160 24-121-25-160.sdoncmtk01.com.dyn.suddenlink.net Bumblebee High
71 25.5.198.104 - Bumblebee High
72 25.170.215.18 - Bumblebee High
73 25.181.64.39 - Bumblebee High
74 26.6.83.53 - Bumblebee High
75 28.11.143.222 - Bumblebee High
76 28.53.120.108 - Bumblebee High
77 28.107.38.196 - Bumblebee High
78 28.148.236.16 - Bumblebee High
79 29.64.0.111 - Bumblebee High
80 29.122.243.158 - Bumblebee High
81 30.17.4.146 - Bumblebee High
82 30.65.48.152 - Bumblebee High
83 30.205.76.70 - Bumblebee High
84 31.228.253.114 - Bumblebee High
85 32.181.245.23 - Bumblebee High
86 33.93.97.183 - Bumblebee High
87 33.145.184.132 - Bumblebee High
88 34.229.154.31 ec2-34-229-154-31.compute-1.amazonaws.com Bumblebee Medium
89 35.120.155.220 - Bumblebee High
90 36.110.58.103 103.58.110.36.static.bjtelecom.net Bumblebee High
91 37.64.220.2 2.220.64.37.rev.sfr.net Bumblebee High
92 37.72.174.9 emailmail.org.uk Bumblebee High
93 37.72.174.23 37-72-174-23.static.hvvc.us Bumblebee High
94 37.120.198.248 - Bumblebee High
95 38.12.57.131 - Bumblebee High
96 39.57.152.217 - Bumblebee High
97 40.72.17.141 - Bumblebee High
98 41.28.188.77 vc-gp-s-41-28-188-77.umts.vodacom.co.za Bumblebee High
99 41.56.181.200 - Bumblebee High
100 45.3.236.177 045-003-236-177.biz.spectrum.com Bumblebee High
101 45.11.19.224 - Bumblebee High
102 45.66.151.155 - Bumblebee High
103 45.84.0.13 vm523902.stark-industries.solutions Bumblebee High
104 45.138.172.246 - Bumblebee High
105 45.140.146.30 vm542320.stark-industries.solutions Bumblebee High
106 45.140.146.244 - Bumblebee High
107 45.142.214.120 vm516885.stark-industries.solutions Bumblebee High
108 45.142.214.167 - Bumblebee High
109 45.147.229.23 - Bumblebee High
110 45.147.229.50 - Bumblebee High
111 45.147.229.101 - Bumblebee High
112 45.147.229.177 - Bumblebee High
113 45.147.229.199 - Bumblebee High
114 45.147.231.107 - Bumblebee High
115 45.147.231.202 - Bumblebee High
116 45.153.240.139 - Bumblebee High
117 45.153.241.187 - Bumblebee High
118 45.153.241.234 - Bumblebee High
119 46.21.153.145 145.153.21.46.static.swiftway.net Bumblebee High
120 46.44.240.53 46-44-240-53.ip.welcomeitalia.it Bumblebee High
121 46.246.3.253 - xHunt High
122 46.246.3.254 - xHunt High
123 47.27.63.45 047-027-063-045.res.spectrum.com Bumblebee High
124 47.58.200.234 47-58-200-234.red-acceso.airtel.net Bumblebee High
125 ... ... ... ...

There are 494 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used within BumbleBee. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23 Pathname Traversal High
2 T1040 CWE-294, CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-88, CWE-94, CWE-1321 Cross Site Scripting High
5 ... ... ... ...

There are 18 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during BumbleBee. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /admin/admin.php High
2 File /admin/controller/JobLogController.java High
3 File /Admin/dashboard.php High
4 File /admin/problem_judge.php High
5 File /api/user/password/sent-reset-email High
6 File /asms/admin/mechanics/manage_mechanic.php High
7 File /asms/classes/Master.php?f=delete_mechanic High
8 File /asms/classes/Master.php?f=delete_service High
9 File /balance/service/list High
10 File /cgi-bin/wlogin.cgi High
11 File /CommunitySSORedirect.jsp High
12 File /diagnostic/editclient.php High
13 File /diag_ping_admin.asp High
14 File /diag_tracert_admin.asp High
15 File /etc/passwd Medium
16 File /foms/place-order.php High
17 File /FormLogin Medium
18 File /index.php Medium
19 File /lilac/main.php High
20 File /module/report_event/index.php High
21 File /okm:root Medium
22 File /opt/zimbra/jetty/webapps/zimbra/public High
23 File /php-sms/classes/Master.php?f=save_quote High
24 ... ... ...

There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the campaign and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!