mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-06-20 05:59:00 +00:00
345 lines
22 KiB
Markdown
345 lines
22 KiB
Markdown
# Cerber - Cyber Threat Intelligence
|
|
|
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cerber](https://vuldb.com/?actor.cerber). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
|
|
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cerber](https://vuldb.com/?actor.cerber)
|
|
|
|
## Countries
|
|
|
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cerber:
|
|
|
|
* [CN](https://vuldb.com/?country.cn)
|
|
* [US](https://vuldb.com/?country.us)
|
|
* [VN](https://vuldb.com/?country.vn)
|
|
* ...
|
|
|
|
There are 15 more country items available. Please use our online service to access the data.
|
|
|
|
## IOC - Indicator of Compromise
|
|
|
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Cerber.
|
|
|
|
ID | IP address | Hostname | Campaign | Confidence
|
|
-- | ---------- | -------- | -------- | ----------
|
|
1 | [3.225.205.112](https://vuldb.com/?ip.3.225.205.112) | ec2-3-225-205-112.compute-1.amazonaws.com | - | Medium
|
|
2 | [5.9.49.12](https://vuldb.com/?ip.5.9.49.12) | static.12.49.9.5.clients.your-server.de | - | High
|
|
3 | [5.9.72.48](https://vuldb.com/?ip.5.9.72.48) | cpanelbk.pcready.me | - | High
|
|
4 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | - | High
|
|
5 | [5.196.159.173](https://vuldb.com/?ip.5.196.159.173) | - | - | High
|
|
6 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
|
7 | [17.1.32.0](https://vuldb.com/?ip.17.1.32.0) | - | - | High
|
|
8 | [19.48.17.0](https://vuldb.com/?ip.19.48.17.0) | - | - | High
|
|
9 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
|
|
10 | [20.189.173.20](https://vuldb.com/?ip.20.189.173.20) | - | - | High
|
|
11 | [20.189.173.21](https://vuldb.com/?ip.20.189.173.21) | - | - | High
|
|
12 | [20.189.173.22](https://vuldb.com/?ip.20.189.173.22) | - | - | High
|
|
13 | [23.94.5.133](https://vuldb.com/?ip.23.94.5.133) | 23-94-5-133-host.colocrossing.com | - | High
|
|
14 | [23.94.223.93](https://vuldb.com/?ip.23.94.223.93) | 23-94-223-93-host.colocrossing.com | - | High
|
|
15 | [23.152.0.36](https://vuldb.com/?ip.23.152.0.36) | tcts-000036.techtrapes.com | - | High
|
|
16 | [23.152.0.137](https://vuldb.com/?ip.23.152.0.137) | mljb-000137.melajobs.com | - | High
|
|
17 | [31.3.135.232](https://vuldb.com/?ip.31.3.135.232) | mirror.tillo.ch | - | High
|
|
18 | [31.184.234.0](https://vuldb.com/?ip.31.184.234.0) | - | - | High
|
|
19 | [31.184.234.1](https://vuldb.com/?ip.31.184.234.1) | - | - | High
|
|
20 | [31.184.234.2](https://vuldb.com/?ip.31.184.234.2) | - | - | High
|
|
21 | [31.184.234.3](https://vuldb.com/?ip.31.184.234.3) | - | - | High
|
|
22 | [31.184.234.4](https://vuldb.com/?ip.31.184.234.4) | - | - | High
|
|
23 | [31.184.234.5](https://vuldb.com/?ip.31.184.234.5) | - | - | High
|
|
24 | [31.184.234.6](https://vuldb.com/?ip.31.184.234.6) | - | - | High
|
|
25 | [31.184.234.7](https://vuldb.com/?ip.31.184.234.7) | - | - | High
|
|
26 | [31.184.234.8](https://vuldb.com/?ip.31.184.234.8) | - | - | High
|
|
27 | [31.184.234.9](https://vuldb.com/?ip.31.184.234.9) | - | - | High
|
|
28 | [31.184.234.10](https://vuldb.com/?ip.31.184.234.10) | - | - | High
|
|
29 | [31.184.234.11](https://vuldb.com/?ip.31.184.234.11) | - | - | High
|
|
30 | [31.184.234.12](https://vuldb.com/?ip.31.184.234.12) | - | - | High
|
|
31 | [31.184.234.13](https://vuldb.com/?ip.31.184.234.13) | - | - | High
|
|
32 | [31.184.234.14](https://vuldb.com/?ip.31.184.234.14) | - | - | High
|
|
33 | [31.184.234.15](https://vuldb.com/?ip.31.184.234.15) | - | - | High
|
|
34 | [31.184.234.16](https://vuldb.com/?ip.31.184.234.16) | - | - | High
|
|
35 | [31.184.234.17](https://vuldb.com/?ip.31.184.234.17) | - | - | High
|
|
36 | [31.184.234.18](https://vuldb.com/?ip.31.184.234.18) | - | - | High
|
|
37 | [31.184.234.19](https://vuldb.com/?ip.31.184.234.19) | - | - | High
|
|
38 | [31.184.234.20](https://vuldb.com/?ip.31.184.234.20) | - | - | High
|
|
39 | [31.184.234.21](https://vuldb.com/?ip.31.184.234.21) | - | - | High
|
|
40 | [31.184.234.22](https://vuldb.com/?ip.31.184.234.22) | - | - | High
|
|
41 | [31.184.234.23](https://vuldb.com/?ip.31.184.234.23) | - | - | High
|
|
42 | [31.184.234.24](https://vuldb.com/?ip.31.184.234.24) | - | - | High
|
|
43 | [31.184.234.25](https://vuldb.com/?ip.31.184.234.25) | - | - | High
|
|
44 | [31.184.234.26](https://vuldb.com/?ip.31.184.234.26) | - | - | High
|
|
45 | [31.184.234.27](https://vuldb.com/?ip.31.184.234.27) | - | - | High
|
|
46 | [31.184.234.28](https://vuldb.com/?ip.31.184.234.28) | - | - | High
|
|
47 | [31.184.234.29](https://vuldb.com/?ip.31.184.234.29) | - | - | High
|
|
48 | [31.184.234.30](https://vuldb.com/?ip.31.184.234.30) | - | - | High
|
|
49 | [31.184.234.31](https://vuldb.com/?ip.31.184.234.31) | - | - | High
|
|
50 | [31.184.234.32](https://vuldb.com/?ip.31.184.234.32) | - | - | High
|
|
51 | [31.184.234.33](https://vuldb.com/?ip.31.184.234.33) | - | - | High
|
|
52 | [31.184.234.34](https://vuldb.com/?ip.31.184.234.34) | - | - | High
|
|
53 | [31.184.234.35](https://vuldb.com/?ip.31.184.234.35) | - | - | High
|
|
54 | [31.184.234.36](https://vuldb.com/?ip.31.184.234.36) | - | - | High
|
|
55 | [31.184.234.37](https://vuldb.com/?ip.31.184.234.37) | - | - | High
|
|
56 | [31.184.234.38](https://vuldb.com/?ip.31.184.234.38) | - | - | High
|
|
57 | [31.184.234.39](https://vuldb.com/?ip.31.184.234.39) | - | - | High
|
|
58 | [31.184.234.40](https://vuldb.com/?ip.31.184.234.40) | - | - | High
|
|
59 | [31.184.234.41](https://vuldb.com/?ip.31.184.234.41) | - | - | High
|
|
60 | [31.184.234.42](https://vuldb.com/?ip.31.184.234.42) | - | - | High
|
|
61 | [31.184.234.43](https://vuldb.com/?ip.31.184.234.43) | - | - | High
|
|
62 | [31.184.234.44](https://vuldb.com/?ip.31.184.234.44) | - | - | High
|
|
63 | [31.184.234.45](https://vuldb.com/?ip.31.184.234.45) | - | - | High
|
|
64 | [31.184.234.46](https://vuldb.com/?ip.31.184.234.46) | - | - | High
|
|
65 | [31.184.234.47](https://vuldb.com/?ip.31.184.234.47) | - | - | High
|
|
66 | [31.184.234.48](https://vuldb.com/?ip.31.184.234.48) | - | - | High
|
|
67 | [31.184.234.49](https://vuldb.com/?ip.31.184.234.49) | - | - | High
|
|
68 | [31.184.234.50](https://vuldb.com/?ip.31.184.234.50) | - | - | High
|
|
69 | [31.184.234.51](https://vuldb.com/?ip.31.184.234.51) | - | - | High
|
|
70 | [31.184.234.52](https://vuldb.com/?ip.31.184.234.52) | - | - | High
|
|
71 | [31.184.234.53](https://vuldb.com/?ip.31.184.234.53) | - | - | High
|
|
72 | [31.184.234.54](https://vuldb.com/?ip.31.184.234.54) | - | - | High
|
|
73 | [31.184.234.55](https://vuldb.com/?ip.31.184.234.55) | - | - | High
|
|
74 | [31.184.234.56](https://vuldb.com/?ip.31.184.234.56) | - | - | High
|
|
75 | [31.184.234.57](https://vuldb.com/?ip.31.184.234.57) | - | - | High
|
|
76 | [31.184.234.58](https://vuldb.com/?ip.31.184.234.58) | - | - | High
|
|
77 | [31.184.234.59](https://vuldb.com/?ip.31.184.234.59) | - | - | High
|
|
78 | [31.184.234.60](https://vuldb.com/?ip.31.184.234.60) | - | - | High
|
|
79 | [31.184.234.61](https://vuldb.com/?ip.31.184.234.61) | - | - | High
|
|
80 | [31.184.234.62](https://vuldb.com/?ip.31.184.234.62) | - | - | High
|
|
81 | [31.184.234.63](https://vuldb.com/?ip.31.184.234.63) | - | - | High
|
|
82 | [31.184.234.64](https://vuldb.com/?ip.31.184.234.64) | - | - | High
|
|
83 | [31.184.234.65](https://vuldb.com/?ip.31.184.234.65) | - | - | High
|
|
84 | [31.184.234.66](https://vuldb.com/?ip.31.184.234.66) | - | - | High
|
|
85 | [31.184.234.67](https://vuldb.com/?ip.31.184.234.67) | - | - | High
|
|
86 | [31.184.234.68](https://vuldb.com/?ip.31.184.234.68) | - | - | High
|
|
87 | [31.184.234.69](https://vuldb.com/?ip.31.184.234.69) | - | - | High
|
|
88 | [31.184.234.70](https://vuldb.com/?ip.31.184.234.70) | - | - | High
|
|
89 | [31.184.234.71](https://vuldb.com/?ip.31.184.234.71) | - | - | High
|
|
90 | [31.184.234.72](https://vuldb.com/?ip.31.184.234.72) | - | - | High
|
|
91 | [31.184.234.73](https://vuldb.com/?ip.31.184.234.73) | - | - | High
|
|
92 | [31.184.234.74](https://vuldb.com/?ip.31.184.234.74) | - | - | High
|
|
93 | [31.184.234.75](https://vuldb.com/?ip.31.184.234.75) | - | - | High
|
|
94 | [31.184.234.76](https://vuldb.com/?ip.31.184.234.76) | - | - | High
|
|
95 | [31.184.234.77](https://vuldb.com/?ip.31.184.234.77) | - | - | High
|
|
96 | [31.184.234.78](https://vuldb.com/?ip.31.184.234.78) | - | - | High
|
|
97 | [31.184.234.79](https://vuldb.com/?ip.31.184.234.79) | - | - | High
|
|
98 | [31.184.234.80](https://vuldb.com/?ip.31.184.234.80) | - | - | High
|
|
99 | [31.184.234.81](https://vuldb.com/?ip.31.184.234.81) | - | - | High
|
|
100 | [31.184.234.82](https://vuldb.com/?ip.31.184.234.82) | - | - | High
|
|
101 | [31.184.234.83](https://vuldb.com/?ip.31.184.234.83) | - | - | High
|
|
102 | [31.184.234.84](https://vuldb.com/?ip.31.184.234.84) | - | - | High
|
|
103 | [31.184.234.85](https://vuldb.com/?ip.31.184.234.85) | - | - | High
|
|
104 | [31.184.234.86](https://vuldb.com/?ip.31.184.234.86) | - | - | High
|
|
105 | [31.184.234.87](https://vuldb.com/?ip.31.184.234.87) | - | - | High
|
|
106 | [31.184.234.88](https://vuldb.com/?ip.31.184.234.88) | - | - | High
|
|
107 | [31.184.234.89](https://vuldb.com/?ip.31.184.234.89) | - | - | High
|
|
108 | [31.184.234.90](https://vuldb.com/?ip.31.184.234.90) | - | - | High
|
|
109 | [31.184.234.91](https://vuldb.com/?ip.31.184.234.91) | - | - | High
|
|
110 | [31.184.234.92](https://vuldb.com/?ip.31.184.234.92) | - | - | High
|
|
111 | [31.184.234.93](https://vuldb.com/?ip.31.184.234.93) | - | - | High
|
|
112 | [31.184.234.94](https://vuldb.com/?ip.31.184.234.94) | - | - | High
|
|
113 | [31.184.234.95](https://vuldb.com/?ip.31.184.234.95) | - | - | High
|
|
114 | [31.184.234.96](https://vuldb.com/?ip.31.184.234.96) | - | - | High
|
|
115 | [31.184.234.97](https://vuldb.com/?ip.31.184.234.97) | - | - | High
|
|
116 | [31.184.234.98](https://vuldb.com/?ip.31.184.234.98) | - | - | High
|
|
117 | [31.184.234.99](https://vuldb.com/?ip.31.184.234.99) | - | - | High
|
|
118 | [31.184.234.100](https://vuldb.com/?ip.31.184.234.100) | - | - | High
|
|
119 | [31.184.234.101](https://vuldb.com/?ip.31.184.234.101) | - | - | High
|
|
120 | [31.184.234.102](https://vuldb.com/?ip.31.184.234.102) | - | - | High
|
|
121 | [31.184.234.103](https://vuldb.com/?ip.31.184.234.103) | - | - | High
|
|
122 | [31.184.234.104](https://vuldb.com/?ip.31.184.234.104) | - | - | High
|
|
123 | [31.184.234.105](https://vuldb.com/?ip.31.184.234.105) | - | - | High
|
|
124 | [31.184.234.106](https://vuldb.com/?ip.31.184.234.106) | - | - | High
|
|
125 | [31.184.234.107](https://vuldb.com/?ip.31.184.234.107) | - | - | High
|
|
126 | [31.184.234.108](https://vuldb.com/?ip.31.184.234.108) | - | - | High
|
|
127 | [31.184.234.109](https://vuldb.com/?ip.31.184.234.109) | - | - | High
|
|
128 | [31.184.234.110](https://vuldb.com/?ip.31.184.234.110) | - | - | High
|
|
129 | [31.184.234.111](https://vuldb.com/?ip.31.184.234.111) | - | - | High
|
|
130 | [31.184.234.112](https://vuldb.com/?ip.31.184.234.112) | - | - | High
|
|
131 | [31.184.234.113](https://vuldb.com/?ip.31.184.234.113) | - | - | High
|
|
132 | [31.184.234.114](https://vuldb.com/?ip.31.184.234.114) | - | - | High
|
|
133 | [31.184.234.115](https://vuldb.com/?ip.31.184.234.115) | - | - | High
|
|
134 | [31.184.234.116](https://vuldb.com/?ip.31.184.234.116) | - | - | High
|
|
135 | [31.184.234.117](https://vuldb.com/?ip.31.184.234.117) | - | - | High
|
|
136 | [31.184.234.118](https://vuldb.com/?ip.31.184.234.118) | - | - | High
|
|
137 | [31.184.234.119](https://vuldb.com/?ip.31.184.234.119) | - | - | High
|
|
138 | [31.184.234.120](https://vuldb.com/?ip.31.184.234.120) | - | - | High
|
|
139 | [31.184.234.121](https://vuldb.com/?ip.31.184.234.121) | - | - | High
|
|
140 | [31.184.234.122](https://vuldb.com/?ip.31.184.234.122) | - | - | High
|
|
141 | [31.184.234.123](https://vuldb.com/?ip.31.184.234.123) | - | - | High
|
|
142 | [31.184.234.124](https://vuldb.com/?ip.31.184.234.124) | - | - | High
|
|
143 | [31.184.234.125](https://vuldb.com/?ip.31.184.234.125) | - | - | High
|
|
144 | [31.184.234.126](https://vuldb.com/?ip.31.184.234.126) | - | - | High
|
|
145 | [31.184.234.127](https://vuldb.com/?ip.31.184.234.127) | - | - | High
|
|
146 | [31.184.234.128](https://vuldb.com/?ip.31.184.234.128) | - | - | High
|
|
147 | [31.184.234.129](https://vuldb.com/?ip.31.184.234.129) | - | - | High
|
|
148 | [31.184.234.130](https://vuldb.com/?ip.31.184.234.130) | - | - | High
|
|
149 | [31.184.234.131](https://vuldb.com/?ip.31.184.234.131) | - | - | High
|
|
150 | [31.184.234.132](https://vuldb.com/?ip.31.184.234.132) | - | - | High
|
|
151 | [31.184.234.133](https://vuldb.com/?ip.31.184.234.133) | - | - | High
|
|
152 | [31.184.234.134](https://vuldb.com/?ip.31.184.234.134) | - | - | High
|
|
153 | [31.184.234.135](https://vuldb.com/?ip.31.184.234.135) | - | - | High
|
|
154 | [31.184.234.136](https://vuldb.com/?ip.31.184.234.136) | - | - | High
|
|
155 | [31.184.234.137](https://vuldb.com/?ip.31.184.234.137) | - | - | High
|
|
156 | [31.184.234.138](https://vuldb.com/?ip.31.184.234.138) | - | - | High
|
|
157 | [31.184.234.139](https://vuldb.com/?ip.31.184.234.139) | - | - | High
|
|
158 | [31.184.234.140](https://vuldb.com/?ip.31.184.234.140) | - | - | High
|
|
159 | [31.184.234.141](https://vuldb.com/?ip.31.184.234.141) | - | - | High
|
|
160 | [31.184.234.142](https://vuldb.com/?ip.31.184.234.142) | - | - | High
|
|
161 | [31.184.234.143](https://vuldb.com/?ip.31.184.234.143) | - | - | High
|
|
162 | [31.184.234.144](https://vuldb.com/?ip.31.184.234.144) | - | - | High
|
|
163 | [31.184.234.145](https://vuldb.com/?ip.31.184.234.145) | - | - | High
|
|
164 | [31.184.234.146](https://vuldb.com/?ip.31.184.234.146) | - | - | High
|
|
165 | [31.184.234.147](https://vuldb.com/?ip.31.184.234.147) | - | - | High
|
|
166 | [31.184.234.148](https://vuldb.com/?ip.31.184.234.148) | - | - | High
|
|
167 | [31.184.234.149](https://vuldb.com/?ip.31.184.234.149) | - | - | High
|
|
168 | [31.184.234.150](https://vuldb.com/?ip.31.184.234.150) | - | - | High
|
|
169 | [31.184.234.151](https://vuldb.com/?ip.31.184.234.151) | - | - | High
|
|
170 | [31.184.234.152](https://vuldb.com/?ip.31.184.234.152) | - | - | High
|
|
171 | [31.184.234.153](https://vuldb.com/?ip.31.184.234.153) | - | - | High
|
|
172 | [31.184.234.154](https://vuldb.com/?ip.31.184.234.154) | - | - | High
|
|
173 | [31.184.234.155](https://vuldb.com/?ip.31.184.234.155) | - | - | High
|
|
174 | [31.184.234.156](https://vuldb.com/?ip.31.184.234.156) | - | - | High
|
|
175 | [31.184.234.157](https://vuldb.com/?ip.31.184.234.157) | - | - | High
|
|
176 | [31.184.234.158](https://vuldb.com/?ip.31.184.234.158) | - | - | High
|
|
177 | [31.184.234.159](https://vuldb.com/?ip.31.184.234.159) | - | - | High
|
|
178 | [31.184.234.160](https://vuldb.com/?ip.31.184.234.160) | - | - | High
|
|
179 | [31.184.234.161](https://vuldb.com/?ip.31.184.234.161) | - | - | High
|
|
180 | [31.184.234.162](https://vuldb.com/?ip.31.184.234.162) | - | - | High
|
|
181 | [31.184.234.163](https://vuldb.com/?ip.31.184.234.163) | - | - | High
|
|
182 | [31.184.234.164](https://vuldb.com/?ip.31.184.234.164) | - | - | High
|
|
183 | [31.184.234.165](https://vuldb.com/?ip.31.184.234.165) | - | - | High
|
|
184 | [31.184.234.166](https://vuldb.com/?ip.31.184.234.166) | - | - | High
|
|
185 | [31.184.234.167](https://vuldb.com/?ip.31.184.234.167) | - | - | High
|
|
186 | [31.184.234.168](https://vuldb.com/?ip.31.184.234.168) | - | - | High
|
|
187 | [31.184.234.169](https://vuldb.com/?ip.31.184.234.169) | - | - | High
|
|
188 | [31.184.234.170](https://vuldb.com/?ip.31.184.234.170) | - | - | High
|
|
189 | [31.184.234.171](https://vuldb.com/?ip.31.184.234.171) | - | - | High
|
|
190 | [31.184.234.172](https://vuldb.com/?ip.31.184.234.172) | - | - | High
|
|
191 | [31.184.234.173](https://vuldb.com/?ip.31.184.234.173) | - | - | High
|
|
192 | ... | ... | ... | ...
|
|
|
|
There are 764 more IOC items available. Please use our online service to access the data.
|
|
|
|
## TTP - Tactics, Techniques, Procedures
|
|
|
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Cerber_. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Technique | Weakness | Description | Confidence
|
|
-- | --------- | -------- | ----------- | ----------
|
|
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-425 | Pathname Traversal | High
|
|
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
|
3 | T1055 | CWE-74 | Injection | High
|
|
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
|
6 | ... | ... | ... | ...
|
|
|
|
There are 21 more TTP items available. Please use our online service to access the data.
|
|
|
|
## IOA - Indicator of Attack
|
|
|
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Cerber. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Type | Indicator | Confidence
|
|
-- | ---- | --------- | ----------
|
|
1 | File | `%SYSTEMDRIVE%\node_modules\.bin\wmic.exe` | High
|
|
2 | File | `/admin/` | Low
|
|
3 | File | `/admin/admin_user.php` | High
|
|
4 | File | `/admin/category/save` | High
|
|
5 | File | `/admin/subject.php` | High
|
|
6 | File | `/auth/auth.php?user=1` | High
|
|
7 | File | `/b2b-supermarket/shopping-cart` | High
|
|
8 | File | `/boaform/device_reset.cgi` | High
|
|
9 | File | `/cgi-bin/cstecgi.cgi` | High
|
|
10 | File | `/cgi-bin/cstecgi.cgi?action=login` | High
|
|
11 | File | `/cgi-bin/cstecgi.cgi?action=login&flag=1` | High
|
|
12 | File | `/cgi-bin/wlogin.cgi` | High
|
|
13 | File | `/cgi/cpaddons_report.pl` | High
|
|
14 | File | `/change-language/de_DE` | High
|
|
15 | File | `/debug/pprof` | Medium
|
|
16 | File | `/dist/index.js` | High
|
|
17 | File | `/DXR.axd` | Medium
|
|
18 | File | `/forum/away.php` | High
|
|
19 | File | `/geoserver/gwc/rest.html` | High
|
|
20 | File | `/goform/formSysCmd` | High
|
|
21 | File | `/goform/goform_get_cmd_process` | High
|
|
22 | File | `/HNAP1/` | Low
|
|
23 | File | `/hosts/firewall/ip` | High
|
|
24 | File | `/importexport.php` | High
|
|
25 | File | `/index.php/ccm/system/file/upload` | High
|
|
26 | File | `/log/decodmail.php` | High
|
|
27 | File | `/main/doctype.php` | High
|
|
28 | File | `/main/webservices/additional_webservices.php` | High
|
|
29 | File | `/mc` | Low
|
|
30 | File | `/oauth/idp/.well-known/openid-configuration` | High
|
|
31 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
|
32 | File | `/php/ping.php` | High
|
|
33 | File | `/register.php` | High
|
|
34 | File | `/s/index.php?action=statistics` | High
|
|
35 | File | `/setting` | Medium
|
|
36 | File | `/setting/NTPSyncWithHost` | High
|
|
37 | File | `/spip.php` | Medium
|
|
38 | File | `/system/role/list` | High
|
|
39 | File | `/terminal/handle-command.php` | High
|
|
40 | File | `/TMS/admin/setting/mail/createorupdate` | High
|
|
41 | ... | ... | ...
|
|
|
|
There are 357 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
|
|
|
## References
|
|
|
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
|
|
|
* https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
|
|
* https://blog.talosintelligence.com/2019/04/threat-roundup-0405-0412.html
|
|
* https://blog.talosintelligence.com/2019/04/threat-roundup-0412-0419.html
|
|
* https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
|
|
* https://blog.talosintelligence.com/2019/06/threat-roundup-0531-0607.html
|
|
* https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html
|
|
* https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
|
|
* https://blog.talosintelligence.com/2019/09/threat-roundup-0913-0920.html
|
|
* https://blog.talosintelligence.com/2019/09/threat-roundup-0920-0927.html
|
|
* https://blog.talosintelligence.com/2019/10/threat-roundup-1018-1025.html
|
|
* https://blog.talosintelligence.com/2019/11/threat-roundup-1115-1122.html
|
|
* https://blog.talosintelligence.com/2019/12/threat-roundup-1206-1213.html
|
|
* https://blog.talosintelligence.com/2020/01/threat-roundup-0110-0117.html
|
|
* https://blog.talosintelligence.com/2020/02/threat-roundup-0131-0207.html
|
|
* https://blog.talosintelligence.com/2020/04/threat-roundup-0403-0410.html
|
|
* https://blog.talosintelligence.com/2020/04/threat-roundup-0417-0424.html
|
|
* https://blog.talosintelligence.com/2020/07/threat-roundup-0724-0731.html
|
|
* https://blog.talosintelligence.com/2020/08/threat-roundup-0814-0821.html
|
|
* https://blog.talosintelligence.com/2020/10/threat-roundup-1002-1009.html
|
|
* https://blog.talosintelligence.com/2020/10/threat-roundup-1023-1030.html
|
|
* https://blog.talosintelligence.com/2020/11/threat-roundup-1106-1113.html
|
|
* https://blog.talosintelligence.com/2021/01/threat-roundup-0122.html
|
|
* https://blog.talosintelligence.com/2021/02/threat-roundup-0129-0205.html
|
|
* https://blog.talosintelligence.com/2021/02/threat-roundup-0205-0212.html
|
|
* https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html
|
|
* https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.html
|
|
* https://blog.talosintelligence.com/2021/04/threat-roundup-0402-0409.html
|
|
* https://blog.talosintelligence.com/2021/09/threat-roundup-0917-0924.html
|
|
* https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
|
|
* https://blog.talosintelligence.com/2021/11/threat-roundup-1029-1105.html
|
|
* https://blog.talosintelligence.com/2022/02/threat-roundup-0128-0204.html
|
|
* https://blog.talosintelligence.com/2022/04/threat-roundup-0415-0422.html
|
|
* https://blog.talosintelligence.com/2022/05/threat-roundup-0506-0513.html
|
|
* https://blog.talosintelligence.com/2022/05/threat-roundup-0513-0520.html
|
|
* https://blog.talosintelligence.com/2022/06/threat-roundup-0610-0617.html
|
|
* https://blog.talosintelligence.com/2022/06/threat-roundup-0617-0624.html
|
|
* https://blog.talosintelligence.com/2022/07/threat-roundup-0701-0708.html
|
|
* https://blog.talosintelligence.com/2022/08/threat-roundup-0729-0805.html
|
|
* https://blog.talosintelligence.com/2022/10/threat-roundup-1007-1014.html
|
|
* https://blog.talosintelligence.com/threat-roundup-0120-0127/
|
|
* https://blog.talosintelligence.com/threat-roundup-0317-0324/
|
|
* https://blog.talosintelligence.com/threat-roundup-0421-0428-2/
|
|
* https://redcanary.com/blog/confluence-exploit-ransomware/
|
|
* https://www.cyber45.com
|
|
* https://www.sentinelone.com/blog/c3rb3r-ransomware-ongoing-exploitation-of-cve-2023-22518-targets-unpatched-confluence-servers/
|
|
* https://www.trendmicro.com/en_us/research/23/k/cerber-ransomware-exploits-cve-2023-22518.html
|
|
|
|
## Literature
|
|
|
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
|
|
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
|
|
|
## License
|
|
|
|
(c) [1997-2024](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|