Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-27 09:28:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
9acd7aff46
cyber_threat_intelligence/actors/CoolWebSearch
History
Marc Ruef 819a7a8241 Update January 2024
2024-01-26 07:53:33 +01:00
..
README.md Update January 2024 2024-01-26 07:53:33 +01:00

README.md

CoolWebSearch - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as CoolWebSearch. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.coolwebsearch

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoolWebSearch:

There are 11 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of CoolWebSearch.

ID IP address Hostname Campaign Confidence
1 38.113.3.122 - - High
2 38.113.198.80 - - High
3 38.113.198.81 - - High
4 38.113.198.235 - - High
5 38.113.198.243 - - High
6 38.113.198.249 - - High
7 38.113.198.252 - - High
8 38.113.199.63 - - High
9 38.113.204.40 - - High
10 38.113.204.182 - - High
11 38.117.144.30 - - High
12 38.117.144.50 - - High
13 38.117.144.51 - - High
14 38.117.144.162 - - High
15 61.152.242.111 - - High
16 62.65.252.93 62.65.252.93.cable.starman.ee - High
17 62.65.252.226 62.65.252.226.cable.starman.ee - High
18 62.129.133.193 HOSTED-BY.VIRTUALXS.COM - High
19 63.160.243.7 - - High
20 63.208.158.126 unknown.Level3.net - High
21 63.217.29.115 - - High
22 63.219.176.203 63-219-176-203.static.pccwglobal.net - High
23 63.219.178.91 63-219-178-91.supercreate.net - High
24 63.219.181.7 web-r2-h7.globecorp.net - High
25 63.219.181.10 web-r2-h10.globecorp.net - High
26 63.219.181.64 web-r2-h64.globecorp.net - High
27 63.246.42.13 - - High
28 63.246.131.19 - - High
29 63.246.146.142 - - High
30 63.246.146.147 - - High
31 63.251.83.54 - - High
32 63.251.83.56 - - High
33 64.7.197.6 - - High
34 64.7.205.18 - - High
35 64.7.207.118 NET-allocation-0011058.ix.sitestream.net - High
36 64.7.209.58 NET-allocation-00025837.ix.sitestream.net - High
37 64.7.212.98 gxb.nastydollars.com - High
38 64.38.226.6 maxcash.cavecreek.net - High
39 64.94.3.243 - - High
40 64.124.210.76 64.124.210.76.t00517.above.net - High
41 64.124.210.98 64.124.210.98.t00517.above.net - High
42 64.124.210.111 64.124.210.111.t00517.above.net - High
43 64.124.222.167 64.124.222.167.T01708-02.above.net - High
44 64.124.222.236 64.124.222.236.T01708-02.above.net - High
45 64.125.84.23 - - High
46 64.127.104.144 - - High
47 64.154.5.9 - - High
48 64.154.5.38 - - High
49 64.157.143.86 unknown.Level3.net - High
50 64.185.230.223 64-185-230-223.static.webnx.com - High
51 64.186.129.250 - - High
52 64.186.129.252 - - High
53 64.186.152.83 - - High
54 64.200.25.75 - - High
55 64.200.25.86 - - High
56 64.202.105.82 unknown.ord.scnet.net - High
57 64.202.167.129 ip-64-202-167-129.ip.secureserver.net - High
58 64.202.167.192 ip-64-202-167-192.ip.secureserver.net - High
59 64.237.37.152 - - High
60 64.237.39.70 - - High
61 64.237.39.76 - - High
62 64.237.39.77 - - High
63 64.237.39.80 - - High
64 64.237.39.226 64-237-39-226.choopa.net - High
65 64.237.41.215 64-237-41-215.choopa.com - High
66 64.237.44.247 64-237-44-247.constant.com - High
67 64.237.45.18 64-237-45-18.constant.com - High
68 64.237.47.178 64-237-47-178.constant.com - High
69 64.237.47.210 64-237-47-210.choopa.net - High
70 64.237.53.3 64.237.53.3.choopa.net - High
71 64.237.53.4 64.237.53.4.choopa.net - High
72 64.237.56.64 64-237-56-64.choopa.net - High
73 64.237.57.37 64.237.57.37.choopa.com - High
74 64.237.57.92 tsca-057092.toscaa.com - High
75 64.237.57.202 64.237.57.202.choopa.com - High
76 64.237.57.205 64.237.57.205.choopa.com - High
77 64.237.57.206 64.237.57.206.choopa.com - High
78 64.237.57.215 64-237-57-215.reliableservers.com - High
79 64.246.18.41 ev1s-64-246-18-41.theplanet.com - High
80 64.246.33.179 ev1s-64-246-33-179.theplanet.com - High
81 64.246.33.191 bignaturalboobs.org - High
82 64.246.40.84 ev1s-64-246-40-84.theplanet.com - High
83 64.250.235.140 ip-64-250-235-140.lasvegas.net - High
84 64.255.161.101 64-255-161-101.jupiter.navisite.com - High
85 65.39.191.71 - - High
86 65.75.143.119 ip-65-75-143-119.local - High
87 65.75.161.13 galt1.seowebhosting.net - High
88 65.75.175.64 ip-65-75-175-64.local - High
89 65.75.187.94 ip-65-75-187-94.local - High
90 65.77.129.178 - - High
91 65.77.129.212 - - High
92 65.110.40.789 - - High
93 65.115.110.251 - - High
94 66.28.176.79 - - High
95 66.28.176.138 - - High
96 66.28.176.154 - - High
97 66.40.28.3 host3.maxim.net - High
98 66.40.28.12 host12.maxim.net - High
99 66.40.28.51 host51.maxim.net - High
100 66.40.28.61 host61.maxim.net - High
101 66.45.237.99 athostech.website - High
102 66.55.128.76 66.55.128.76.choopa.com - High
103 66.55.134.98 66-55-134-98.choopa.net - High
104 66.55.136.82 66.55.136.82.choopa.com - High
105 66.55.136.84 66.55.136.84.choopa.com - High
106 66.55.136.87 66.55.136.87.choopa.com - High
107 66.55.136.93 66-55-136-93.constant.com - High
108 66.55.139.28 66-55-139-28.choopa.net - High
109 66.55.139.29 66-55-139-29.choopa.net - High
110 66.55.140.119 - - High
111 66.55.141.3 - - High
112 66.55.144.200 66.55.144.200.choopa.net - High
113 66.70.44.60 tunders.com - High
114 66.70.68.147 - - High
115 66.79.171.70 - - High
116 66.79.171.75 - - High
117 66.79.183.140 - - High
118 66.79.189.120 - - High
119 66.79.191.231 - - High
120 66.90.65.252 - - High
121 66.98.142.163 ns106.ehostpros.com - High
122 ... ... ... ...

There are 483 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by CoolWebSearch. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-24 Pathname Traversal High
2 T1055 CWE-74 Injection High
3 T1059 CWE-94, CWE-1321 Cross Site Scripting High
4 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
5 T1068 CWE-264, CWE-266, CWE-269, CWE-284 J2EE Misconfiguration: Weak Access Permissions for EJB Methods High
6 T1078.001 CWE-259 Use of Hard-coded Password High
7 ... ... ... ...

There are 23 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by CoolWebSearch. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File $HOME/.terminfo High
2 File /admin/ Low
3 File /admin/admin_user.php High
4 File /admin/category/save High
5 File /admin/controller/JobLogController.java High
6 File /admin/subject.php High
7 File /admin/theme-edit.php High
8 File /api/sys/login High
9 File /api/sys/set_passwd High
10 File /api/trackedEntityInstances High
11 File /auth/auth.php?user=1 High
12 File /aux Low
13 File /bin/login Medium
14 File /bin/mini_upnpd High
15 File /boaform/device_reset.cgi High
16 File /cgi-bin/cstecgi.cgi High
17 File /cgi-bin/cstecgi.cgi?action=login High
18 File /cgi-bin/cstecgi.cgi?action=login&flag=1 High
19 File /cgi-bin/wlogin.cgi High
20 File /cgi/cpaddons_report.pl High
21 File /changePassword High
22 File /Content/Template/root/reverse-shell.aspx High
23 File /dashboard/add-blog.php High
24 File /data/remove Medium
25 File /debug/pprof Medium
26 File /DXR.axd Medium
27 File /ecshop/admin/template.php High
28 File /forum/away.php High
29 File /goform/goform_get_cmd_process High
30 File /h/autoSaveDraft High
31 File /h/search?action High
32 File /HNAP1/ Low
33 File /importexport.php High
34 File /index.php Medium
35 File /index.php?app=main&func=passport&action=login High
36 File /main/doctype.php High
37 File /main/webservices/additional_webservices.php High
38 File /mc Low
39 ... ... ...

There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2024 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!