mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-27 09:28:52 +00:00

History

Marc Ruef 9acd7aff46 Update February 2024		2024-02-02 10:19:44 +01:00
..
README.md	Update February 2024	2024-02-02 10:19:44 +01:00

README.md

United Arab Emirates Unknown - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as United Arab Emirates Unknown. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.united_arab_emirates_unknown

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with United Arab Emirates Unknown:

There are 20 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of United Arab Emirates Unknown.

ID	IP address	Hostname	Campaign	Confidence
1	2.16.158.0	a2-16-158-0.deploy.static.akamaitechnologies.com	-	High
2	2.16.158.22	a2-16-158-22.deploy.static.akamaitechnologies.com	-	High
3	2.16.158.28	a2-16-158-28.deploy.static.akamaitechnologies.com	-	High
4	2.16.158.36	a2-16-158-36.deploy.static.akamaitechnologies.com	-	High
5	2.16.158.44	a2-16-158-44.deploy.static.akamaitechnologies.com	-	High
6	2.16.158.52	a2-16-158-52.deploy.static.akamaitechnologies.com	-	High
7	2.16.158.60	a2-16-158-60.deploy.static.akamaitechnologies.com	-	High
8	2.16.158.68	a2-16-158-68.deploy.static.akamaitechnologies.com	-	High
9	2.16.158.76	a2-16-158-76.deploy.static.akamaitechnologies.com	-	High
10	2.16.158.84	a2-16-158-84.deploy.static.akamaitechnologies.com	-	High
11	2.16.158.92	a2-16-158-92.deploy.static.akamaitechnologies.com	-	High
12	2.20.249.0	a2-20-249-0.deploy.static.akamaitechnologies.com	-	High
13	2.20.249.69	a2-20-249-69.deploy.static.akamaitechnologies.com	-	High
14	2.20.249.70	a2-20-249-70.deploy.static.akamaitechnologies.com	-	High
15	2.20.249.72	a2-20-249-72.deploy.static.akamaitechnologies.com	-	High
16	2.20.249.77	a2-20-249-77.deploy.static.akamaitechnologies.com	-	High
17	2.20.249.78	a2-20-249-78.deploy.static.akamaitechnologies.com	-	High
18	2.20.249.80	a2-20-249-80.deploy.static.akamaitechnologies.com	-	High
19	2.20.249.85	a2-20-249-85.deploy.static.akamaitechnologies.com	-	High
20	2.20.249.86	a2-20-249-86.deploy.static.akamaitechnologies.com	-	High
21	2.20.249.88	a2-20-249-88.deploy.static.akamaitechnologies.com	-	High
22	2.20.249.93	a2-20-249-93.deploy.static.akamaitechnologies.com	-	High
23	2.20.249.94	a2-20-249-94.deploy.static.akamaitechnologies.com	-	High
24	2.20.249.96	a2-20-249-96.deploy.static.akamaitechnologies.com	-	High
25	2.20.249.101	a2-20-249-101.deploy.static.akamaitechnologies.com	-	High
26	2.20.249.102	a2-20-249-102.deploy.static.akamaitechnologies.com	-	High
27	2.20.249.104	a2-20-249-104.deploy.static.akamaitechnologies.com	-	High
28	2.20.249.109	a2-20-249-109.deploy.static.akamaitechnologies.com	-	High
29	2.20.249.110	a2-20-249-110.deploy.static.akamaitechnologies.com	-	High
30	2.20.249.112	a2-20-249-112.deploy.static.akamaitechnologies.com	-	High
31	2.20.249.117	a2-20-249-117.deploy.static.akamaitechnologies.com	-	High
32	2.20.249.118	a2-20-249-118.deploy.static.akamaitechnologies.com	-	High
33	2.20.249.120	a2-20-249-120.deploy.static.akamaitechnologies.com	-	High
34	2.20.249.125	a2-20-249-125.deploy.static.akamaitechnologies.com	-	High
35	2.20.249.126	a2-20-249-126.deploy.static.akamaitechnologies.com	-	High
36	2.20.249.128	a2-20-249-128.deploy.static.akamaitechnologies.com	-	High
37	2.20.249.134	a2-20-249-134.deploy.static.akamaitechnologies.com	-	High
38	2.20.249.136	a2-20-249-136.deploy.static.akamaitechnologies.com	-	High
39	2.20.249.141	a2-20-249-141.deploy.static.akamaitechnologies.com	-	High
40	2.20.249.142	a2-20-249-142.deploy.static.akamaitechnologies.com	-	High
41	2.20.249.144	a2-20-249-144.deploy.static.akamaitechnologies.com	-	High
42	2.20.249.150	a2-20-249-150.deploy.static.akamaitechnologies.com	-	High
43	2.20.249.152	a2-20-249-152.deploy.static.akamaitechnologies.com	-	High
44	2.20.249.157	a2-20-249-157.deploy.static.akamaitechnologies.com	-	High
45	2.20.249.159	a2-20-249-159.deploy.static.akamaitechnologies.com	-	High
46	2.20.249.160	a2-20-249-160.deploy.static.akamaitechnologies.com	-	High
47	2.20.249.165	a2-20-249-165.deploy.static.akamaitechnologies.com	-	High
48	2.20.249.166	a2-20-249-166.deploy.static.akamaitechnologies.com	-	High
49	2.21.231.0	a2-21-231-0.deploy.static.akamaitechnologies.com	-	High
50	2.21.231.4	a2-21-231-4.deploy.static.akamaitechnologies.com	-	High
51	2.21.231.12	a2-21-231-12.deploy.static.akamaitechnologies.com	-	High
52	2.21.231.20	a2-21-231-20.deploy.static.akamaitechnologies.com	-	High
53	2.21.231.28	a2-21-231-28.deploy.static.akamaitechnologies.com	-	High
54	2.21.231.36	a2-21-231-36.deploy.static.akamaitechnologies.com	-	High
55	2.21.231.44	a2-21-231-44.deploy.static.akamaitechnologies.com	-	High
56	2.21.231.52	a2-21-231-52.deploy.static.akamaitechnologies.com	-	High
57	2.21.231.60	a2-21-231-60.deploy.static.akamaitechnologies.com	-	High
58	2.21.231.84	a2-21-231-84.deploy.static.akamaitechnologies.com	-	High
59	2.21.231.92	a2-21-231-92.deploy.static.akamaitechnologies.com	-	High
60	2.21.231.94	a2-21-231-94.deploy.static.akamaitechnologies.com	-	High
61	2.21.231.100	a2-21-231-100.deploy.static.akamaitechnologies.com	-	High
62	2.21.231.108	a2-21-231-108.deploy.static.akamaitechnologies.com	-	High
63	2.21.231.110	a2-21-231-110.deploy.static.akamaitechnologies.com	-	High
64	2.21.231.116	a2-21-231-116.deploy.static.akamaitechnologies.com	-	High
65	2.21.231.124	a2-21-231-124.deploy.static.akamaitechnologies.com	-	High
66	2.21.231.132	a2-21-231-132.deploy.static.akamaitechnologies.com	-	High
67	2.23.168.0	a2-23-168-0.deploy.static.akamaitechnologies.com	-	High
68	2.48.0.0	-	-	High
69	2.58.12.0	-	-	High
70	3.5.48.0	-	-	High
71	3.28.0.0	ec2-3-28-0-0.me-central-1.compute.amazonaws.com	-	Medium
72	4.161.0.0	-	-	High
73	4.162.0.0	-	-	High
74	5.1.44.0	-	-	High
75	5.30.0.0	-	-	High
76	5.32.0.0	-	-	High
77	5.38.0.0	-	-	High
78	5.42.206.0	-	-	High
79	5.44.42.0	subnet.gir.network	-	High
80	5.53.96.0	-	-	High
81	5.62.61.200	r-200-61-62-5.consumer-pool.prcdn.net	-	High
82	5.62.63.188	r-188-63-62-5.consumer-pool.prcdn.net	-	High
83	5.83.112.0	-	-	High
84	5.107.0.0	-	-	High
85	5.132.154.0	-	-	High
86	5.133.80.0	-	-	High
87	5.133.81.64	-	-	High
88	5.133.81.128	-	-	High
89	5.133.82.0	-	-	High
90	5.152.248.0	-	-	High
91	5.175.142.0	-	-	High
92	5.175.150.128	-	-	High
93	5.178.17.0	-	-	High
94	5.178.18.0	-	-	High
95	5.178.19.0	-	-	High
96	5.178.21.0	-	-	High
97	5.182.124.0	-	-	High
98	5.192.0.0	-	-	High
99	5.236.152.0	-	-	High
100	8.5.251.0	-	-	High
101	8.209.48.0	-	-	High
102	8.241.98.0	-	-	High
103	8.251.76.0	-	-	High
104	8.254.153.0	-	-	High
105	13.34.34.128	-	-	High
106	13.34.35.0	-	-	High
107	13.34.35.128	-	-	High
108	13.35.169.0	server-13-35-169-0.fjr50.r.cloudfront.net	-	High
109	13.35.170.0	server-13-35-170-0.fjr50.r.cloudfront.net	-	High
110	13.35.172.0	server-13-35-172-0.fjr50.r.cloudfront.net	-	High
111	13.35.176.0	server-13-35-176-0.fjr50.r.cloudfront.net	-	High
112	13.35.184.0	server-13-35-184-0.fjr50.r.cloudfront.net	-	High
113	13.104.111.128	-	-	High
114	13.104.140.189	-	-	High
115	13.104.140.190	-	-	High
116	13.104.140.205	-	-	High
117	13.104.140.206	-	-	High
118	13.104.140.208	-	-	High
119	13.104.140.224	-	-	High
120	13.104.151.0	mrs20prdstp01.fc.core.windows.net	-	High
121	13.104.151.64	-	-	High
122	13.104.151.128	-	-	High
123	13.104.159.128	-	-	High
124	13.104.252.176	-	-	High
125	13.104.254.192	-	-	High
126	13.105.15.104	-	-	High
127	13.105.61.16	-	-	High
128	13.105.61.64	-	-	High
129	13.105.81.192	-	-	High
130	13.105.86.192	-	-	High
131	13.105.102.128	-	-	High
132	13.105.102.160	-	-	High
133	13.105.102.192	-	-	High
134	13.105.120.0	-	-	High
135	13.105.162.64	-	-	High
136	13.105.168.0	-	-	High
137	13.107.194.8	-	-	High
138	13.107.194.148	-	-	High
139	13.107.218.8	-	-	High
140	13.248.66.0	-	-	High
141	13.248.105.64	-	-	High
142	13.248.105.128	-	-	High
143	14.0.34.0	-	-	High
144	14.0.61.0	-	-	High
145	15.158.23.0	-	-	High
146	15.158.33.0	-	-	High
147	15.158.99.0	-	-	High
148	15.158.100.0	-	-	High
149	15.158.114.0	-	-	High
150	15.158.159.0	-	-	High
151	15.158.172.0	-	-	High
152	15.177.93.0	-	-	High
153	15.230.177.0	-	-	High
154	15.230.219.0	-	-	High
155	15.248.4.176	-	-	High
156	17.67.212.0	-	-	High
157	17.68.112.0	-	-	High
158	17.69.224.0	-	-	High
159	17.73.8.0	-	-	High
160	17.73.16.0	-	-	High
161	17.77.124.0	-	-	High
162	17.79.38.192	-	-	High
163	17.79.246.30	-	-	High
164	17.79.246.32	-	-	High
165	17.79.250.24	-	-	High
166	18.161.57.0	server-18-161-57-0.dxb52.r.cloudfront.net	-	High
167	18.161.58.0	server-18-161-58-0.dxb52.r.cloudfront.net	-	High
168	18.161.60.0	server-18-161-60-0.dxb52.r.cloudfront.net	-	High
169	18.161.64.0	server-18-161-64-0.dxb52.r.cloudfront.net	-	High
170	20.37.64.0	uaec03.rnm.core.windows.net	-	High
171	20.38.124.0	-	-	High
172	20.38.136.0	uaen05.rnm.core.windows.net	-	High
173	20.38.152.0	-	-	High
174	20.45.64.0	-	-	High
175	20.46.32.0	-	-	High
176	20.46.144.0	-	-	High
177	20.46.192.0	-	-	High
178	20.47.54.0	-	-	High
179	20.47.94.0	-	-	High
180	20.60.21.0	-	-	High
181	20.60.212.0	-	-	High
182	20.74.128.0	-	-	High
183	20.135.36.0	-	-	High
184	20.135.114.0	-	-	High
185	20.135.116.0	-	-	High
186	20.150.6.0	-	-	High
187	20.150.115.0	-	-	High
188	20.157.20.0	-	-	High
189	20.157.74.0	-	-	High
190	20.157.131.0	-	-	High
191	20.157.141.0	-	-	High
192	20.174.0.0	-	-	High
193	20.190.187.0	-	-	High
194	20.190.188.0	-	-	High
195	20.196.0.0	-	-	High
196	20.202.72.0	-	-	High
197	20.202.102.0	-	-	High
198	20.203.0.0	-	-	High
199	20.209.50.0	-	-	High
200	20.216.0.0	-	-	High
201	20.233.0.0	-	-	High
202	23.32.70.0	a23-32-70-0.deploy.static.akamaitechnologies.com	-	High
203	23.34.136.0	a23-34-136-0.deploy.static.akamaitechnologies.com	-	High
204	23.36.16.0	a23-36-16-0.deploy.static.akamaitechnologies.com	-	High
205	23.37.176.0	a23-37-176-0.deploy.static.akamaitechnologies.com	-	High
206	23.45.126.0	a23-45-126-0.deploy.static.akamaitechnologies.com	-	High
207	23.47.112.0	a23-47-112-0.deploy.static.akamaitechnologies.com	-	High
208	23.55.112.0	a23-55-112-0.deploy.static.akamaitechnologies.com	-	High
209	23.63.235.0	a23-63-235-0.deploy.static.akamaitechnologies.com	-	High
210	23.63.236.0	a23-63-236-0.deploy.static.akamaitechnologies.com	-	High
211	23.90.172.0	-	-	High
212	23.90.180.0	-	-	High
213	23.92.222.48	-	-	High
214	23.103.134.64	-	-	High
215	23.103.134.224	-	-	High
216	23.194.192.0	a23-194-192-0.deploy.static.akamaitechnologies.com	-	High
217	23.195.60.0	a23-195-60-0.deploy.static.akamaitechnologies.com	-	High
218	23.207.64.0	a23-207-64-0.deploy.static.akamaitechnologies.com	-	High
219	23.208.172.0	a23-208-172-0.deploy.static.akamaitechnologies.com	-	High
220	23.208.212.0	a23-208-212-0.deploy.static.akamaitechnologies.com	-	High
221	23.208.224.0	a23-208-224-0.deploy.static.akamaitechnologies.com	-	High
222	23.209.106.0	a23-209-106-0.deploy.static.akamaitechnologies.com	-	High
223	23.212.6.0	a23-212-6-0.deploy.static.akamaitechnologies.com	-	High
224	23.218.42.0	a23-218-42-0.deploy.static.akamaitechnologies.com	-	High
225	23.248.184.0	-	-	High
226	23.249.55.0	-	-	High
227	23.251.116.0	-	-	High
228	24.206.96.0	-	-	High
229	24.206.102.0	-	-	High
230	31.6.9.0	-	-	High
231	31.6.10.0	-	-	High
232	31.6.17.0	-	-	High
233	31.6.18.0	-	-	High
234	31.6.20.0	-	-	High
235	31.6.30.0	-	-	High
236	31.6.41.0	-	-	High
237	31.6.42.0	-	-	High
238	31.6.44.0	-	-	High
239	31.6.58.0	-	-	High
240	31.6.60.0	-	-	High
241	31.6.62.0	-	-	High
242	31.29.64.0	-	-	High
243	31.44.105.0	lan-31-44-105-0.vln.penki.lt	-	High
244	31.47.88.0	-	-	High
245	31.132.56.0	-	-	High
246	31.187.65.0	-	-	High
247	31.215.0.0	-	-	High
248	31.217.129.0	-	-	High
249	31.218.0.0	-	-	High
250	31.219.0.0	-	-	High
251	31.219.128.0	-	-	High
252	31.219.160.0	-	-	High
253	31.219.176.0	-	-	High
254	31.219.178.0	-	-	High
255	31.219.179.0	-	-	High
256	31.219.179.2	-	-	High
257	31.219.179.4	-	-	High
258	31.219.179.8	-	-	High
259	31.219.179.16	-	-	High
260	31.219.179.32	-	-	High
261	31.219.179.64	-	-	High
262	31.219.179.128	-	-	High
263	31.219.180.0	-	-	High
264	31.219.180.2	-	-	High
265	31.219.180.4	-	-	High
266	31.219.180.8	-	-	High
267	31.219.180.16	-	-	High
268	31.219.180.32	-	-	High
269	31.219.180.64	-	-	High
270	31.219.180.128	-	-	High
271	31.219.181.0	-	-	High
272	31.219.182.0	-	-	High
273	31.219.184.0	-	-	High
274	31.219.192.0	-	-	High
275	34.65.98.0	34-65-98-0.gaedx.bluecoatcloud.com	-	High
276	34.99.196.0	0.196.99.34.bc.googleusercontent.com	-	Medium
277	34.103.140.0	0.140.103.34.bc.googleusercontent.com	-	Medium
278	34.103.212.0	0.212.103.34.bc.googleusercontent.com	-	Medium
279	34.103.250.0	0.250.103.34.bc.googleusercontent.com	-	Medium
280	34.124.78.0	0.78.124.34.bc.googleusercontent.com	-	Medium
281	35.71.104.0	-	-	High
282	37.19.219.0	unn-37-19-219-0.cdn77.com	-	High
283	37.75.146.0	-	-	High
284	37.75.147.0	-	-	High
285	37.218.224.0	-	-	High
286	37.245.0.0	-	-	High
287	37.252.245.0	-	-	High
288	38.21.197.0	-	-	High
289	38.21.198.0	-	-	High
290	38.54.8.0	-	-	High
291	38.54.75.0	-	-	High
292	38.54.76.0	-	-	High
293	38.54.127.0	-	-	High
294	38.60.202.0	-	-	High
295	40.66.0.35	-	-	High
296	40.66.0.36	-	-	High
297	40.66.0.53	-	-	High
298	40.66.0.54	-	-	High
299	40.66.68.0	-	-	High
300	40.66.78.0	-	-	High
301	40.66.165.0	-	-	High
302	40.66.166.0	-	-	High
303	40.82.52.0	-	-	High
304	40.82.56.0	-	-	High
305	40.90.1.162	-	-	High
306	40.90.16.64	-	-	High
307	40.90.65.52	-	-	High
308	40.90.128.48	-	-	High
309	40.90.128.64	-	-	High
310	40.90.151.224	msnbot-40-90-151-224.search.msn.com	-	High
311	40.90.152.128	msnbot-40-90-152-128.search.msn.com	-	High
312	40.92.238.0	-	-	High
313	40.93.238.0	-	-	High
314	40.94.229.0	-	-	High
315	40.94.230.0	-	-	High
316	40.95.238.0	-	-	High
317	40.99.4.224	-	-	High
318	40.99.5.0	-	-	High
319	40.99.5.192	-	-	High
320	40.99.6.128	-	-	High
321	40.99.7.192	-	-	High
322	40.99.8.0	-	-	High
323	40.99.9.128	-	-	High
324	40.99.32.96	-	-	High
325	40.99.55.168	-	-	High
326	40.99.55.176	-	-	High
327	40.99.56.120	-	-	High
328	40.99.56.208	-	-	High
329	40.99.57.96	-	-	High
330	40.99.58.168	-	-	High
331	40.99.59.16	-	-	High
332	40.99.59.32	-	-	High
333	...	...	...	...

There are 1326 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by United Arab Emirates Unknown. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Weakness	Description	Confidence
1	T1006	CWE-21, CWE-22, CWE-23, CWE-24, CWE-25, CWE-425	Pathname Traversal	High
2	T1040	CWE-319	Authentication Bypass by Capture-replay	High
3	T1055	CWE-74	Injection	High
4	T1059	CWE-94, CWE-1321	Cross Site Scripting	High
5	T1059.007	CWE-79, CWE-80	Cross Site Scripting	High
6	...	...	...	...

There are 22 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by United Arab Emirates Unknown. This data is unique as it uses our predictive model for actor profiling.

ID	Type	Indicator	Confidence
1	File	`%SYSTEMDRIVE%\node_modules\.bin\wmic.exe`	High
2	File	`/adfs/ls`	Medium
3	File	`/admin/action/delete-vaccine.php`	High
4	File	`/admin/add-category.php`	High
5	File	`/admin/add-services.php`	High
6	File	`/admin/borrow_add.php`	High
7	File	`/admin/edit_teacher.php`	High
8	File	`/admin/save.php`	High
9	File	`/api/download`	High
10	File	`/api/v1/alerts`	High
11	File	`/api/v1/terminal/sessions/?limit=1`	High
12	File	`/b2b-supermarket/shopping-cart`	High
13	File	`/category.php`	High
14	File	`/categorypage.php`	High
15	File	`/cgi-bin/cstecgi.cgi`	High
16	File	`/cgi-bin/cstecgi.cgi?action=login`	High
17	File	`/cgi-bin/luci/api/wireless`	High
18	File	`/cgi-bin/vitogate.cgi`	High
19	File	`/change-language/de_DE`	High
20	File	`/debug/pprof`	Medium
21	File	`/devinfo`	Medium
22	File	`/dist/index.js`	High
23	File	`/fcgi/scrut_fcgi.fcgi`	High
24	File	`/forum/away.php`	High
25	File	`/geoserver/gwc/rest.html`	High
26	File	`/goform/formSysCmd`	High
27	File	`/group1/uploa`	High
28	File	`/HNAP1`	Low
29	File	`/hosts/firewall/ip`	High
30	File	`/importexport.php`	High
31	File	`/index.php/ccm/system/file/upload`	High
32	File	`/jeecg-boot/sys/common/upload`	High
33	File	`/log/decodmail.php`	High
34	File	`/login`	Low
35	File	`/oauth/idp/.well-known/openid-configuration`	High
36	File	`/OA_HTML/cabo/jsps/a.jsp`	High
37	File	`/php/ping.php`	High
38	File	`/protocol/iscgwtunnel/uploadiscgwrouteconf.php`	High
39	File	`/proxy`	Low
40	File	`/register.php`	High
41	File	`/RPS2019Service/status.html`	High
42	File	`/s/index.php?action=statistics`	High
43	File	`/scripts/unlock_tasks.php`	High
44	File	`/secure/QueryComponent!Default.jspa`	High
45	File	`/setting`	Medium
46	...	...	...

There are 398 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence: