Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/Cerber/README.md

22 KiB
Raw Blame History

Cerber - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Cerber. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.cerber

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cerber:

There are 15 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Cerber.

ID IP address Hostname Campaign Confidence
1 3.225.205.112 ec2-3-225-205-112.compute-1.amazonaws.com - Medium
2 5.9.49.12 static.12.49.9.5.clients.your-server.de - High
3 5.9.72.48 cpanelbk.pcready.me - High
4 5.135.183.146 freya.stelas.de - High
5 5.196.159.173 - - High
6 13.107.21.200 - - High
7 17.1.32.0 - - High
8 19.48.17.0 - - High
9 20.42.65.92 - - High
10 20.189.173.20 - - High
11 20.189.173.21 - - High
12 20.189.173.22 - - High
13 23.94.5.133 23-94-5-133-host.colocrossing.com - High
14 23.94.223.93 23-94-223-93-host.colocrossing.com - High
15 23.152.0.36 tcts-000036.techtrapes.com - High
16 23.152.0.137 mljb-000137.melajobs.com - High
17 31.3.135.232 mirror.tillo.ch - High
18 31.184.234.0 - - High
19 31.184.234.1 - - High
20 31.184.234.2 - - High
21 31.184.234.3 - - High
22 31.184.234.4 - - High
23 31.184.234.5 - - High
24 31.184.234.6 - - High
25 31.184.234.7 - - High
26 31.184.234.8 - - High
27 31.184.234.9 - - High
28 31.184.234.10 - - High
29 31.184.234.11 - - High
30 31.184.234.12 - - High
31 31.184.234.13 - - High
32 31.184.234.14 - - High
33 31.184.234.15 - - High
34 31.184.234.16 - - High
35 31.184.234.17 - - High
36 31.184.234.18 - - High
37 31.184.234.19 - - High
38 31.184.234.20 - - High
39 31.184.234.21 - - High
40 31.184.234.22 - - High
41 31.184.234.23 - - High
42 31.184.234.24 - - High
43 31.184.234.25 - - High
44 31.184.234.26 - - High
45 31.184.234.27 - - High
46 31.184.234.28 - - High
47 31.184.234.29 - - High
48 31.184.234.30 - - High
49 31.184.234.31 - - High
50 31.184.234.32 - - High
51 31.184.234.33 - - High
52 31.184.234.34 - - High
53 31.184.234.35 - - High
54 31.184.234.36 - - High
55 31.184.234.37 - - High
56 31.184.234.38 - - High
57 31.184.234.39 - - High
58 31.184.234.40 - - High
59 31.184.234.41 - - High
60 31.184.234.42 - - High
61 31.184.234.43 - - High
62 31.184.234.44 - - High
63 31.184.234.45 - - High
64 31.184.234.46 - - High
65 31.184.234.47 - - High
66 31.184.234.48 - - High
67 31.184.234.49 - - High
68 31.184.234.50 - - High
69 31.184.234.51 - - High
70 31.184.234.52 - - High
71 31.184.234.53 - - High
72 31.184.234.54 - - High
73 31.184.234.55 - - High
74 31.184.234.56 - - High
75 31.184.234.57 - - High
76 31.184.234.58 - - High
77 31.184.234.59 - - High
78 31.184.234.60 - - High
79 31.184.234.61 - - High
80 31.184.234.62 - - High
81 31.184.234.63 - - High
82 31.184.234.64 - - High
83 31.184.234.65 - - High
84 31.184.234.66 - - High
85 31.184.234.67 - - High
86 31.184.234.68 - - High
87 31.184.234.69 - - High
88 31.184.234.70 - - High
89 31.184.234.71 - - High
90 31.184.234.72 - - High
91 31.184.234.73 - - High
92 31.184.234.74 - - High
93 31.184.234.75 - - High
94 31.184.234.76 - - High
95 31.184.234.77 - - High
96 31.184.234.78 - - High
97 31.184.234.79 - - High
98 31.184.234.80 - - High
99 31.184.234.81 - - High
100 31.184.234.82 - - High
101 31.184.234.83 - - High
102 31.184.234.84 - - High
103 31.184.234.85 - - High
104 31.184.234.86 - - High
105 31.184.234.87 - - High
106 31.184.234.88 - - High
107 31.184.234.89 - - High
108 31.184.234.90 - - High
109 31.184.234.91 - - High
110 31.184.234.92 - - High
111 31.184.234.93 - - High
112 31.184.234.94 - - High
113 31.184.234.95 - - High
114 31.184.234.96 - - High
115 31.184.234.97 - - High
116 31.184.234.98 - - High
117 31.184.234.99 - - High
118 31.184.234.100 - - High
119 31.184.234.101 - - High
120 31.184.234.102 - - High
121 31.184.234.103 - - High
122 31.184.234.104 - - High
123 31.184.234.105 - - High
124 31.184.234.106 - - High
125 31.184.234.107 - - High
126 31.184.234.108 - - High
127 31.184.234.109 - - High
128 31.184.234.110 - - High
129 31.184.234.111 - - High
130 31.184.234.112 - - High
131 31.184.234.113 - - High
132 31.184.234.114 - - High
133 31.184.234.115 - - High
134 31.184.234.116 - - High
135 31.184.234.117 - - High
136 31.184.234.118 - - High
137 31.184.234.119 - - High
138 31.184.234.120 - - High
139 31.184.234.121 - - High
140 31.184.234.122 - - High
141 31.184.234.123 - - High
142 31.184.234.124 - - High
143 31.184.234.125 - - High
144 31.184.234.126 - - High
145 31.184.234.127 - - High
146 31.184.234.128 - - High
147 31.184.234.129 - - High
148 31.184.234.130 - - High
149 31.184.234.131 - - High
150 31.184.234.132 - - High
151 31.184.234.133 - - High
152 31.184.234.134 - - High
153 31.184.234.135 - - High
154 31.184.234.136 - - High
155 31.184.234.137 - - High
156 31.184.234.138 - - High
157 31.184.234.139 - - High
158 31.184.234.140 - - High
159 31.184.234.141 - - High
160 31.184.234.142 - - High
161 31.184.234.143 - - High
162 31.184.234.144 - - High
163 31.184.234.145 - - High
164 31.184.234.146 - - High
165 31.184.234.147 - - High
166 31.184.234.148 - - High
167 31.184.234.149 - - High
168 31.184.234.150 - - High
169 31.184.234.151 - - High
170 31.184.234.152 - - High
171 31.184.234.153 - - High
172 31.184.234.154 - - High
173 31.184.234.155 - - High
174 31.184.234.156 - - High
175 31.184.234.157 - - High
176 31.184.234.158 - - High
177 31.184.234.159 - - High
178 31.184.234.160 - - High
179 31.184.234.161 - - High
180 31.184.234.162 - - High
181 31.184.234.163 - - High
182 31.184.234.164 - - High
183 31.184.234.165 - - High
184 31.184.234.166 - - High
185 31.184.234.167 - - High
186 31.184.234.168 - - High
187 31.184.234.169 - - High
188 31.184.234.170 - - High
189 31.184.234.171 - - High
190 31.184.234.172 - - High
191 31.184.234.173 - - High
192 ... ... ... ...

There are 764 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Cerber. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-425 Pathname Traversal High
2 T1040 CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 21 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Cerber. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File %SYSTEMDRIVE%\node_modules\.bin\wmic.exe High
2 File /admin/ Low
3 File /admin/admin_user.php High
4 File /admin/category/save High
5 File /admin/subject.php High
6 File /auth/auth.php?user=1 High
7 File /b2b-supermarket/shopping-cart High
8 File /boaform/device_reset.cgi High
9 File /cgi-bin/cstecgi.cgi High
10 File /cgi-bin/cstecgi.cgi?action=login High
11 File /cgi-bin/cstecgi.cgi?action=login&flag=1 High
12 File /cgi-bin/wlogin.cgi High
13 File /cgi/cpaddons_report.pl High
14 File /change-language/de_DE High
15 File /debug/pprof Medium
16 File /dist/index.js High
17 File /DXR.axd Medium
18 File /forum/away.php High
19 File /geoserver/gwc/rest.html High
20 File /goform/formSysCmd High
21 File /goform/goform_get_cmd_process High
22 File /HNAP1/ Low
23 File /hosts/firewall/ip High
24 File /importexport.php High
25 File /index.php/ccm/system/file/upload High
26 File /log/decodmail.php High
27 File /main/doctype.php High
28 File /main/webservices/additional_webservices.php High
29 File /mc Low
30 File /oauth/idp/.well-known/openid-configuration High
31 File /opt/zimbra/jetty/webapps/zimbra/public High
32 File /php/ping.php High
33 File /register.php High
34 File /s/index.php?action=statistics High
35 File /setting Medium
36 File /setting/NTPSyncWithHost High
37 File /spip.php Medium
38 File /system/role/list High
39 File /terminal/handle-command.php High
40 File /TMS/admin/setting/mail/createorupdate High
41 ... ... ...

There are 357 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2024 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!