Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-27 09:28:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
9acd7aff46
cyber_threat_intelligence/actors/TrickBot
History
Marc Ruef 9acd7aff46 Update February 2024
2024-02-02 10:19:44 +01:00
..
README.md Update February 2024 2024-02-02 10:19:44 +01:00

README.md

TrickBot - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as TrickBot. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.trickbot

Campaigns

The following campaigns are known and can be associated with TrickBot:

  • AnchorMail
  • Bitzlato
  • CVE-2022-35803

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TrickBot:

There are 7 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of TrickBot.

ID IP address Hostname Campaign Confidence
1 3.130.204.160 ec2-3-130-204-160.us-east-2.compute.amazonaws.com Bitzlato Medium
2 3.131.233.90 ec2-3-131-233-90.us-east-2.compute.amazonaws.com Bitzlato Medium
3 3.209.171.143 ec2-3-209-171-143.compute-1.amazonaws.com - Medium
4 3.217.175.153 ec2-3-217-175-153.compute-1.amazonaws.com - Medium
5 3.224.145.145 ec2-3-224-145-145.compute-1.amazonaws.com - Medium
6 3.231.23.10 ec2-3-231-23-10.compute-1.amazonaws.com - Medium
7 5.1.81.68 mx4.tarifvergleichbhv.net - High
8 5.2.70.145 merlinsbeard.co.uk - High
9 5.2.72.84 cipixia.com - High
10 5.2.75.93 - - High
11 5.2.75.137 - - High
12 5.2.75.167 coms.a9v34.com.cn - High
13 5.2.76.122 mx3.ximple.eu - High
14 5.2.78.118 - - High
15 5.34.74.210 - - High
16 5.34.176.184 billing2.pserver.ru - High
17 5.34.177.50 unallocated.layer6.net - High
18 5.34.177.194 unallocated.layer6.net - High
19 5.34.178.126 yhlas111410.pserver.ru - High
20 5.34.180.173 - - High
21 5.34.180.180 stportal.com.ua - High
22 5.34.180.185 vt-bak-scan-0.antkar.hosted-by.itldc.com - High
23 5.39.47.22 mail.dmgs.site - High
24 5.53.124.49 dgbtechnologies.com - High
25 5.59.205.32 dhcp-32-205-59-5.metro86.ru - High
26 5.79.68.107 - Bitzlato High
27 5.79.68.108 - Bitzlato High
28 5.79.68.109 - Bitzlato High
29 5.79.68.110 - Bitzlato High
30 5.133.179.108 5-133-179-108.freeucouponsnow.ru - High
31 5.135.37.87 ip87.ip-5-135-37.eu - High
32 5.149.253.99 - - High
33 5.152.175.57 - - High
34 5.182.210.30 realestatepromotion.ru - High
35 5.182.210.109 - - High
36 5.182.210.120 120.210.182.5.hosted-by.phanes.cloud - High
37 5.182.210.132 - - High
38 5.182.210.178 mail.rainingdreams.to - High
39 5.182.210.226 - - High
40 5.182.210.230 - - High
41 5.182.210.246 - - High
42 5.182.210.254 n01-nlam.kdktech.com - High
43 5.182.211.44 - - High
44 5.182.211.76 5-182-211-76.hosted-by.phanes.cloud - High
45 5.196.247.14 ip14.ip-5-196-247.eu - High
46 5.199.173.152 - - High
47 5.202.120.150 - - High
48 5.230.22.40 - - High
49 5.255.96.119 - - High
50 5.255.96.153 - - High
51 5.255.96.217 vps11.host1.be - High
52 5.255.96.218 - - High
53 6.43.51.17 - - High
54 8.247.119.126 - - High
55 8.253.38.248 - - High
56 8.253.140.118 - - High
57 8.253.141.249 - - High
58 8.253.154.236 - - High
59 10.4.20.4 - - High
60 10.4.20.101 - - High
61 13.107.21.200 - - High
62 14.102.15.100 - - High
63 14.102.15.101 - - High
64 14.102.46.9 - - High
65 14.102.72.204 - - High
66 14.102.188.227 axntech-dynamic-227.188.102.14.axntechnologies.in - High
67 14.232.161.45 - - High
68 14.241.244.60 - - High
69 18.139.111.104 ec2-18-139-111-104.ap-southeast-1.compute.amazonaws.com - Medium
70 18.213.79.189 ec2-18-213-79-189.compute-1.amazonaws.com - Medium
71 18.213.250.117 ec2-18-213-250-117.compute-1.amazonaws.com Bitzlato Medium
72 18.215.128.143 ec2-18-215-128-143.compute-1.amazonaws.com Bitzlato Medium
73 18.233.90.151 ec2-18-233-90-151.compute-1.amazonaws.com - Medium
74 23.3.13.88 a23-3-13-88.deploy.static.akamaitechnologies.com - High
75 23.3.13.154 a23-3-13-154.deploy.static.akamaitechnologies.com - High
76 23.3.125.111 a23-3-125-111.deploy.static.akamaitechnologies.com - High
77 23.19.31.135 - - High
78 23.19.227.147 - - High
79 23.20.220.174 ec2-23-20-220-174.compute-1.amazonaws.com - Medium
80 23.20.239.12 ec2-23-20-239-12.compute-1.amazonaws.com Bitzlato Medium
81 23.21.27.29 ec2-23-21-27-29.compute-1.amazonaws.com - Medium
82 23.21.48.44 ec2-23-21-48-44.compute-1.amazonaws.com - Medium
83 23.21.121.219 ec2-23-21-121-219.compute-1.amazonaws.com - Medium
84 23.21.252.4 ec2-23-21-252-4.compute-1.amazonaws.com - Medium
85 23.23.83.153 ec2-23-23-83-153.compute-1.amazonaws.com - Medium
86 23.23.243.154 ec2-23-23-243-154.compute-1.amazonaws.com - Medium
87 23.46.150.43 a23-46-150-43.deploy.static.akamaitechnologies.com - High
88 23.46.150.58 a23-46-150-58.deploy.static.akamaitechnologies.com - High
89 23.46.150.81 a23-46-150-81.deploy.static.akamaitechnologies.com - High
90 23.62.6.161 a23-62-6-161.deploy.static.akamaitechnologies.com - High
91 23.62.6.170 a23-62-6-170.deploy.static.akamaitechnologies.com - High
92 23.94.70.12 23-94-70-12-host.colocrossing.com - High
93 23.94.233.210 23-94-233-210-host.colocrossing.com - High
94 23.95.97.59 23-95-97-59-host.colocrossing.com - High
95 23.95.227.159 23-95-227-159-host.colocrossing.com - High
96 23.95.231.187 23-95-231-187-host.colocrossing.com - High
97 23.95.231.200 200-231-lentiviruss.floodsvi.cfd - High
98 23.96.30.229 - - High
99 23.160.192.125 unknown.ip-xfer.net - High
100 23.160.193.106 unknown.ip-xfer.net - High
101 23.202.231.166 a23-202-231-166.deploy.static.akamaitechnologies.com - High
102 23.202.231.167 a23-202-231-167.deploy.static.akamaitechnologies.com Bitzlato High
103 23.217.138.107 a23-217-138-107.deploy.static.akamaitechnologies.com - High
104 23.217.138.108 a23-217-138-108.deploy.static.akamaitechnologies.com Bitzlato High
105 23.227.196.5 23-227-196-5.static.hvvc.us - High
106 23.227.206.170 23-227-206-170.static.hvvc.us - High
107 23.254.224.2 hwsrv-1062664.hostwindsdns.com - High
108 24.28.12.23 cpe-24-28-12-23.austin.res.rr.com - High
109 24.32.202.68 - - High
110 24.153.175.236 rrcs-24-153-175-236.sw.biz.rr.com - High
111 24.162.214.166 cpe-24-162-214-166.elp.res.rr.com - High
112 24.182.101.64 024-182-101-064.res.spectrum.com - High
113 24.227.152.42 rrcs-24-227-152-42.sw.biz.rr.com - High
114 24.247.181.125 024-247-181-125.res.spectrum.com - High
115 27.72.107.215 dynamic-adsl.viettel.vn - High
116 27.147.173.227 173.227.cetus.link3.net - High
117 30.10.121.157 - - High
118 31.31.204.59 cluster25.reg.ru Bitzlato High
119 31.31.204.61 parking.reg.ru Bitzlato High
120 31.128.13.45 31-128-13-45.ip.oxynet.pl - High
121 31.129.228.122 - - High
122 31.131.21.30 - - High
123 31.131.21.184 - - High
124 31.131.26.122 - - High
125 31.134.52.42 31-134-52-42.telico.pl - High
126 31.134.60.181 31-134-60-181.telico.pl - High
127 31.134.124.90 - - High
128 31.172.177.90 poczta.mp-lift.pl - High
129 31.173.137.39 - - High
130 31.173.137.47 - - High
131 31.173.137.49 - - High
132 31.184.253.6 - - High
133 31.184.253.37 models9.vixgrafica.de - High
134 31.202.132.22 - - High
135 31.211.85.110 - - High
136 31.214.138.207 f0a4213918138.rev.snt.net.pl - High
137 31.220.16.53 - Bitzlato High
138 34.117.59.81 81.59.117.34.bc.googleusercontent.com - Medium
139 34.160.111.145 145.111.160.34.bc.googleusercontent.com - Medium
140 34.192.250.175 ec2-34-192-250-175.compute-1.amazonaws.com - Medium
141 34.196.181.158 ec2-34-196-181-158.compute-1.amazonaws.com - Medium
142 34.198.132.204 ec2-34-198-132-204.compute-1.amazonaws.com - Medium
143 34.233.102.38 ec2-34-233-102-38.compute-1.amazonaws.com - Medium
144 36.37.99.242 - - High
145 36.37.176.6 - - High
146 36.66.111.251 - - High
147 36.66.115.180 - - High
148 36.66.188.251 - - High
149 36.66.218.117 - - High
150 36.67.97.127 - - High
151 36.67.109.15 - - High
152 36.71.150.118 - - High
153 36.89.85.103 - - High
154 36.89.98.183 - - High
155 36.89.106.69 - - High
156 36.89.182.225 - - High
157 36.89.191.119 - - High
158 36.89.193.181 - - High
159 36.89.193.235 - - High
160 36.89.228.201 - - High
161 36.89.243.241 - - High
162 36.91.36.29 - - High
163 36.91.45.10 - - High
164 36.91.87.227 - - High
165 36.91.88.164 - - High
166 36.91.98.231 - - High
167 36.91.117.231 - - High
168 36.91.186.235 - - High
169 36.92.19.205 - - High
170 36.92.59.93 - - High
171 36.92.93.5 - - High
172 36.94.27.124 - - High
173 36.94.33.102 - - High
174 36.94.62.207 - - High
175 36.94.100.202 - - High
176 36.94.202.131 - - High
177 36.95.4.29 - - High
178 36.95.23.89 - - High
179 36.95.27.243 - - High
180 36.95.110.19 - - High
181 37.7.123.244 apn-37-7-123-244.dynamic.gprs.plus.pl - High
182 37.44.212.179 - - High
183 37.44.212.216 - - High
184 37.48.65.136 - Bitzlato High
185 37.48.65.143 - Bitzlato High
186 37.48.65.145 - Bitzlato High
187 37.48.65.148 - Bitzlato High
188 37.48.65.149 - Bitzlato High
189 37.48.65.150 - Bitzlato High
190 37.48.65.151 - Bitzlato High
191 37.48.65.152 - Bitzlato High
192 37.48.65.153 - Bitzlato High
193 37.48.65.154 - Bitzlato High
194 37.48.65.155 - Bitzlato High
195 37.57.82.112 112.82.57.37.triolan.net - High
196 37.59.183.142 - - High
197 37.139.129.216 - CVE-2022-35803 High
198 37.143.150.186 - - High
199 37.228.70.134 - - High
200 37.228.117.146 metobor.ru - High
201 37.228.117.250 janome.ru - High
202 37.230.112.146 audiotop.ru - High
203 37.230.114.93 admin1.fvds.ru - High
204 37.230.114.248 kosmolot.com - High
205 37.230.115.129 dvcarry.fvds.ru - High
206 37.230.115.133 wdai.io - High
207 37.230.115.138 i2.com - High
208 37.230.115.171 geobrox.com - High
209 37.230.115.184 21922vdscom.com - High
210 37.235.230.123 37-235-230-123.dynamic.customer.lanta.me - High
211 38.110.100.33 - - High
212 38.110.100.104 - - High
213 38.110.100.142 - - High
214 38.110.100.242 - - High
215 38.110.103.18 - - High
216 38.110.103.113 - - High
217 38.110.103.124 - - High
218 38.110.103.136 - - High
219 38.132.99.174 - - High
220 41.57.156.203 - - High
221 41.60.233.170 - - High
222 41.77.134.250 cliente6386477933.clubnet.mz - High
223 41.159.31.227 - - High
224 41.175.22.226 - - High
225 41.189.214.11 - - High
226 41.216.166.142 - - High
227 41.243.29.182 182-29-243-41.r.airtel.cd - High
228 43.225.148.118 - - High
229 43.245.216.116 - - High
230 43.252.158.104 ipv4-104-158-252.as55666.net - High
231 45.4.29.26 - - High
232 45.5.152.39 - - High
233 45.6.16.68 - - High
234 45.7.56.172 - - High
235 45.14.226.101 - - High
236 45.14.226.115 - - High
237 45.36.99.184 cpe-45-36-99-184.triad.res.rr.com - High
238 45.65.249.154 - - High
239 45.66.11.116 vm1488716.2ssd.had.wf - High
240 45.70.4.108 - - High
241 45.70.14.98 host-45-70-14-98.nedetel.net - High
242 45.77.55.61 45.77.55.61.vultrusercontent.com Bitzlato High
243 45.79.90.143 45-79-90-143.ip.linodeusercontent.com - High
244 45.79.126.97 45-79-126-97.ip.linodeusercontent.com - High
245 45.79.155.9 45-79-155-9.ip.linodeusercontent.com - High
246 45.79.212.97 45-79-212-97.ip.linodeusercontent.com - High
247 45.79.253.142 45-79-253-142.ip.linodeusercontent.com - High
248 45.80.148.30 - - High
249 45.83.129.224 - - High
250 45.83.151.103 - - High
251 45.86.74.111 - - High
252 45.89.125.214 - - High
253 45.89.127.70 - - High
254 45.89.127.92 - - High
255 45.89.127.240 - - High
256 45.93.4.134 - - High
257 45.115.172.105 - - High
258 45.116.106.45 - - High
259 45.125.1.34 45.125.1.34.static.xtom.hk - High
260 45.127.222.8 - - High
261 45.137.151.198 ourdiaspora.net - High
262 45.138.72.155 sp200177.example.com - High
263 45.138.158.32 - - High
264 45.142.213.58 vm372119.pq.hosting - High
265 45.142.213.70 support7.example.com - High
266 45.142.215.235 vm1246284.stark-industries.solutions - High
267 45.144.113.168 - - High
268 45.148.120.153 - - High
269 45.148.120.195 pe195.peryon.web.tr - High
270 45.155.173.242 - - High
271 45.155.173.248 - - High
272 45.160.145.11 - - High
273 45.160.145.179 - - High
274 45.160.145.216 - - High
275 45.161.33.88 - - High
276 45.164.80.94 - - High
277 45.167.249.126 - - High
278 45.178.142.14 - - High
279 45.181.207.101 - - High
280 45.181.207.156 - - High
281 45.182.190.142 - - High
282 45.201.134.202 - - High
283 45.201.136.3 - - High
284 45.201.209.29 - - High
285 45.224.214.34 clientes-214-34.intercommtech.com.br - High
286 45.226.124.226 45-226-124-226.gilsonnet.com.br - High
287 45.229.71.211 static-45-229-71-211.extrememt.com.br - High
288 45.229.162.233 - - High
289 45.230.244.20 - - High
290 45.233.116.8 - - High
291 45.233.170.75 ip-cr4523316975.clientesimectgroup.com - High
292 45.234.248.66 45.-234.248-66.rev.voanet.br - High
293 45.234.248.146 45.-234.248-146.rev.voanet.br - High
294 45.234.248.154 45.-234.248-154.rev.voanet.br - High
295 45.235.5.162 45-235-5-162.aknet.net.br - High
296 45.235.213.126 - - High
297 45.239.233.131 45-239-233-131.speednetinformatica.com.br - High
298 45.239.234.2 - - High
299 45.250.65.9 - - High
300 46.4.167.227 static.227.167.4.46.clients.your-server.de - High
301 46.4.167.250 ip-subnet46-4-167.unassigned.theideahosting.net - High
302 46.8.21.10 53980.web.hosting-russia.ru - High
303 46.8.21.113 64403.web.hosting-russia.ru - High
304 46.30.41.229 vm494526.eurodir.ru - High
305 46.30.45.208 vm418209.eurodir.ru - High
306 46.99.175.149 - - High
307 46.99.175.217 - - High
308 46.99.188.223 - - High
309 46.105.84.141 - - High
310 46.166.182.54 suggest-wrong.shamrockuser.com Bitzlato High
311 46.166.182.62 all-multiuser.aboveoption.com Bitzlato High
312 46.173.218.172 - - High
313 46.173.218.175 - - High
314 46.174.235.36 host36.net46-174-235.interkam.pl - High
315 46.209.140.220 - - High
316 46.237.117.193 - - High
317 46.254.128.174 46.254.128.174.lanultra.net - High
318 47.37.90.57 047-037-090-057.res.spectrum.com - High
319 47.51.21.82 047-051-021-082.biz.spectrum.com - High
320 47.51.219.98 047-051-219-098.biz.spectrum.com - High
321 47.190.2.12 static-47-190-2-12.crtn.tx.frontiernet.net - High
322 49.156.34.134 - - High
323 49.156.39.150 - - High
324 49.176.188.184 static-n49-176-188-184.bla2.nsw.optusnet.com.au - High
325 49.248.217.170 static-170.217.248.49-tataidc.co.in - High
326 50.16.229.140 ec2-50-16-229-140.compute-1.amazonaws.com - Medium
327 50.19.247.198 ec2-50-19-247-198.compute-1.amazonaws.com - Medium
328 50.63.202.53 53.202.63.50.host.secureserver.net Bitzlato High
329 50.63.202.64 64.202.63.50.host.secureserver.net Bitzlato High
330 50.63.202.65 65.202.63.50.host.secureserver.net Bitzlato High
331 50.63.202.69 69.202.63.50.host.secureserver.net Bitzlato High
332 50.63.202.93 93.202.63.50.host.secureserver.net Bitzlato High
333 50.75.131.6 rrcs-50-75-131-6.nys.biz.rr.com - High
334 50.84.233.214 rrcs-50-84-233-214.sw.biz.rr.com - High
335 50.197.243.125 50-197-243-125-static.hfc.comcastbusiness.net - High
336 50.208.68.153 50-208-68-153-static.hfc.comcastbusiness.net - High
337 51.38.101.194 - - High
338 51.68.247.62 ip62.ip-51-68-247.eu - High
339 51.77.92.215 - - High
340 51.77.124.137 - - High
341 51.81.112.144 - - High
342 51.81.113.25 - - High
343 51.89.73.159 theladbible.site - High
344 51.89.115.99 4f09rl5gw0.friscoinsuranceguy.com - High
345 51.89.115.101 secure-3111.buzztary.com - High
346 51.89.115.103 ip103.ip-51-89-115.eu - High
347 51.89.115.108 coms.jt120.com.cn - High
348 51.89.115.110 pocket-usage.nationfox.net - High
349 51.89.115.112 brides-crude.nationfox.net - High
350 51.89.115.116 tombe.nationfox.net - High
351 51.89.115.121 mail1.cmailer.online - High
352 51.89.115.124 mta.ga-emailcamel.com - High
353 51.89.177.20 ip20.ip-51-89-177.eu - High
354 51.159.23.217 jambold.co.uk - High
355 51.254.25.115 ip115.ip-51-254-25.eu - High
356 51.254.69.244 - - High
357 51.254.83.17 ip17.ip-51-254-83.eu - High
358 51.254.164.243 amortizserv.info - High
359 51.254.164.244 y9gs.gaurented.com - High
360 51.254.164.245 ip245.ip-51-254-164.eu - High
361 51.254.164.249 ip249.ip-51-254-164.eu - High
362 52.0.197.231 ec2-52-0-197-231.compute-1.amazonaws.com - Medium
363 52.0.217.44 ec2-52-0-217-44.compute-1.amazonaws.com Bitzlato Medium
364 52.4.209.250 ec2-52-4-209-250.compute-1.amazonaws.com Bitzlato Medium
365 52.6.128.155 ec2-52-6-128-155.compute-1.amazonaws.com Bitzlato Medium
366 52.20.78.240 ec2-52-20-78-240.compute-1.amazonaws.com - Medium
367 52.20.197.7 ec2-52-20-197-7.compute-1.amazonaws.com - Medium
368 52.44.169.135 ec2-52-44-169-135.compute-1.amazonaws.com - Medium
369 52.54.24.134 ec2-52-54-24-134.compute-1.amazonaws.com Bitzlato Medium
370 52.55.255.113 ec2-52-55-255-113.compute-1.amazonaws.com - Medium
371 52.73.179.54 ec2-52-73-179-54.compute-1.amazonaws.com Bitzlato Medium
372 52.202.139.131 ec2-52-202-139-131.compute-1.amazonaws.com - Medium
373 52.204.109.97 ec2-52-204-109-97.compute-1.amazonaws.com - Medium
374 52.206.161.133 ec2-52-206-161-133.compute-1.amazonaws.com - Medium
375 52.206.178.1 ec2-52-206-178-1.compute-1.amazonaws.com - Medium
376 53.182.82.27 - - High
377 54.39.106.25 ns560342.ip-54-39-106.net - High
378 54.111.105.80 - - High
379 54.161.222.85 ec2-54-161-222-85.compute-1.amazonaws.com Bitzlato Medium
380 54.204.36.156 ec2-54-204-36-156.compute-1.amazonaws.com - Medium
381 54.221.253.252 ec2-54-221-253-252.compute-1.amazonaws.com - Medium
382 54.225.159.35 ec2-54-225-159-35.compute-1.amazonaws.com - Medium
383 54.235.124.112 ec2-54-235-124-112.compute-1.amazonaws.com - Medium
384 54.235.203.7 ec2-54-235-203-7.compute-1.amazonaws.com - Medium
385 54.235.220.229 ec2-54-235-220-229.compute-1.amazonaws.com - Medium
386 54.243.147.226 ec2-54-243-147-226.compute-1.amazonaws.com - Medium
387 54.243.198.12 ec2-54-243-198-12.compute-1.amazonaws.com - Medium
388 54.243.208.112 ec2-54-243-208-112.compute-1.amazonaws.com - Medium
389 58.97.72.83 58-97-72-83.static.asianet.co.th - High
390 60.51.47.65 - - High
391 61.19.116.53 - - High
392 61.69.102.170 61-69-102-170.mel.static-ipl.aapt.com.au - High
393 62.64.9.237 clients-62.64.9.237.misp.ru - High
394 62.69.241.103 62-69-241-103.internetia.net.pl - High
395 62.99.76.213 213.62-99-76.static.clientes.euskaltel.es - High
396 ... ... ... ...

There are 1579 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by TrickBot. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-425 Pathname Traversal High
2 T1055 CWE-74 Injection High
3 T1059 CWE-94 Cross Site Scripting High
4 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
5 ... ... ... ...

There are 18 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by TrickBot. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /.env Low
2 File /admin/action/delete-vaccine.php High
3 File /admin/action/new-father.php High
4 File /admin/clientview.php High
5 File /admin/edit_teacher.php High
6 File /admin/fields/manage_field.php High
7 File /admin/manage-users.php High
8 File /admin/regester.php High
9 File /admin/update-clients.php High
10 File /admin_ping.htm High
11 File /admin_route/dec_service_credits.php High
12 File /admin_route/inc_service_credits.php High
13 File /api/cron/settings/setJob/ High
14 File /api/sys/set_passwd High
15 File /api/v1/terminal/sessions/?limit=1 High
16 File /app/api/controller/default/Sqlite.php High
17 File /app/index/controller/Common.php High
18 File /apply.cgi Medium
19 File /arch/x86/mm/cpu_entry_area.c High
20 File /authenticationendpoint/login.do High
21 File /aux Low
22 File /b2b-supermarket/shopping-cart High
23 File /bin/boa Medium
24 File /boaform/device_reset.cgi High
25 File /boafrm/formMapDelDevice High
26 File /bsms_ci/index.php/user/edit_user/ High
27 File /cgi-bin/cstecgi.cgi High
28 File /cgi-bin/cstecgi.cgi?action=login High
29 File /cgi-bin/koha/catalogue/search.pl High
30 File /cgi-bin/R14.2/cgi-bin/R14.2/host.pl High
31 File /cgi-bin/R14.2/easy1350.pl High
32 File /config/getuser High
33 File /core/redirect High
34 File /dashboard/snapshot/*?orgId=0 High
35 File /data/remove Medium
36 File /dayrui/My/Config/Install.txt High
37 File /debug/pprof Medium
38 File /endpoint/add-user.php High
39 File /forms/doLogin High
40 File /forum/away.php High
41 File /forums/editforum.php High
42 File /goform/WifiMacFilterGet High
43 File /goform/wifiSSIDset High
44 ... ... ...

There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2024 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!