Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-26 00:48:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
9acd7aff46
cyber_threat_intelligence/campaigns/CVE-2008-4250
History
Marc Ruef 819a7a8241 Update January 2024
2024-01-26 07:53:33 +01:00
..
README.md Update January 2024 2024-01-26 07:53:33 +01:00

README.md

CVE-2008-4250 - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the campaign known as CVE-2008-4250. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CVE-2008-4250:

There are 9 more country items available. Please use our online service to access the data.

Actors

These actors are associated with CVE-2008-4250 or other actors linked to the campaign.

ID Actor Confidence
1 Conficker High

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of CVE-2008-4250.

ID IP address Hostname Actor Confidence
1 1.47.15.159 - Conficker High
2 1.54.176.131 - Conficker High
3 1.55.246.28 - Conficker High
4 1.179.153.18 - Conficker High
5 1.198.30.242 198.1.broad.ha.dynamic.163data.com.cn Conficker High
6 2.39.158.38 net-2-39-158-38.cust.vodafonedsl.it Conficker High
7 2.47.54.201 net-2-47-54-201.cust.vodafonedsl.it Conficker High
8 2.50.19.17 bba-2-50-19-17.alshamil.net.ae Conficker High
9 2.63.250.54 - Conficker High
10 2.63.251.0 - Conficker High
11 2.63.251.13 - Conficker High
12 2.90.171.84 - Conficker High
13 2.180.24.232 - Conficker High
14 2.184.53.194 - Conficker High
15 2.188.166.162 - Conficker High
16 2.192.65.117 - Conficker High
17 2.228.82.5 2-228-82-5.ip190.fastwebnet.it Conficker High
18 4.231.231.201 - Conficker High
19 5.97.176.194 host-5-97-176-194.business.telecomitalia.it Conficker High
20 5.98.143.25 host-5-98-143-25.business.telecomitalia.it Conficker High
21 5.142.42.28 - Conficker High
22 5.143.237.110 - Conficker High
23 5.143.254.210 - Conficker High
24 5.196.13.186 vps-252bf2f7.vps.ovh.net Conficker High
25 5.217.36.161 - Conficker High
26 5.234.129.73 - Conficker High
27 5.251.29.17 - Conficker High
28 8.219.133.34 - Conficker High
29 12.180.92.10 - Conficker High
30 13.76.4.134 - Conficker High
31 13.79.27.146 - Conficker High
32 14.97.34.130 static-130.34.97.14-tataidc.co.in Conficker High
33 14.97.41.58 allset.org.in Conficker High
34 14.102.91.18 - Conficker High
35 14.136.151.182 014136151182.ctinets.com Conficker High
36 14.140.167.186 14.140.167.186.STATIC-Chennai-vsnl.net.in Conficker High
37 14.155.53.62 - Conficker High
38 14.160.33.254 static.vnpt.vn Conficker High
39 14.194.49.6 static-6.49.194.14-tataidc.co.in Conficker High
40 14.194.169.242 static-242.169.194.14-tataidc.co.in Conficker High
41 14.216.88.38 - Conficker High
42 15.204.234.29 vps-d3401283.vps.ovh.us Conficker High
43 20.89.62.52 - Conficker High
44 20.223.168.112 - Conficker High
45 27.54.120.7 ll.skytelecom.com.pk Conficker High
46 27.72.26.108 dynamic-ip-adsl.viettel.vn Conficker High
47 27.72.116.110 - Conficker High
48 27.105.113.222 27-105-113-222-adsl-TPE.static.so-net.net.tw Conficker High
49 31.11.91.241 ctel-31-11-91-241.cabletel.com.mk Conficker High
50 31.129.163.50 - Conficker High
51 31.141.253.49 - Conficker High
52 31.153.8.217 31-8-217.netrun.cytanet.com.cy Conficker High
53 31.216.244.146 31-216-244-146-dsl.dsl.ascotlc.com Conficker High
54 31.223.49.58 58.49.223.31.srv.turk.net Conficker High
55 35.239.7.149 149.7.239.35.bc.googleusercontent.com Conficker Medium
56 36.26.7.82 - Conficker High
57 36.26.43.62 - Conficker High
58 36.26.58.34 - Conficker High
59 36.37.99.44 - Conficker High
60 36.66.191.196 - Conficker High
61 36.67.115.225 - Conficker High
62 36.74.51.117 - Conficker High
63 36.93.84.197 - Conficker High
64 36.109.197.182 - Conficker High
65 36.233.223.126 36-233-223-126.dynamic-ip.hinet.net Conficker High
66 37.34.242.161 - Conficker High
67 37.71.79.146 146.79.71.37.rev.sfr.net Conficker High
68 37.76.238.202 - Conficker High
69 37.76.239.22 - Conficker High
70 37.114.217.30 - Conficker High
71 37.151.244.37 37.151.244.37.megaline.telecom.kz Conficker High
72 37.156.14.42 - Conficker High
73 37.182.248.151 net-37-182-248-151.cust.vodafonedsl.it Conficker High
74 37.191.76.57 - Conficker High
75 37.193.76.190 l37-193-76-190.novotelecom.ru Conficker High
76 37.205.31.115 - Conficker High
77 37.211.38.208 - Conficker High
78 37.229.13.0 37-229-13-0.broadband.kyivstar.net Conficker High
79 38.9.160.149 - Conficker High
80 38.45.32.117 - Conficker High
81 38.45.33.47 - Conficker High
82 38.51.176.172 - Conficker High
83 38.76.73.5 - Conficker High
84 38.76.73.6 - Conficker High
85 38.83.88.4 - Conficker High
86 38.83.89.51 - Conficker High
87 39.62.16.103 - Conficker High
88 39.152.221.146 - Conficker High
89 39.153.241.118 - Conficker High
90 39.153.252.196 - Conficker High
91 41.33.60.129 host-41.33.60.129.tedata.net Conficker High
92 41.33.131.108 host-41.33.131.108.tedata.net Conficker High
93 41.33.169.163 host-41.33.169.163.tedata.net Conficker High
94 41.33.178.25 host-41.33.178.25.tedata.net Conficker High
95 41.33.178.26 host-41.33.178.26.tedata.net Conficker High
96 41.33.178.27 host-41.33.178.27.tedata.net Conficker High
97 41.33.178.28 host-41.33.178.28.tedata.net Conficker High
98 41.33.178.29 host-41.33.178.29.tedata.net Conficker High
99 41.33.178.30 host-41.33.178.30.tedata.net Conficker High
100 41.33.178.31 host-41.33.178.31.tedata.net Conficker High
101 41.33.179.93 host-41.33.179.93.tedata.net Conficker High
102 41.65.68.70 HOST-70-68.65.41.nile-online.net Conficker High
103 41.83.192.123 - Conficker High
104 41.87.27.2 - Conficker High
105 41.139.137.203 eonoka.net Conficker High
106 41.162.56.37 - Conficker High
107 41.174.104.229 - Conficker High
108 41.210.131.212 h3d4.n1.ips.mtn.co.ug Conficker High
109 41.223.108.76 - Conficker High
110 41.225.11.68 - Conficker High
111 42.100.232.104 - Conficker High
112 42.200.150.157 42-200-150-157.static.imsbiz.com Conficker High
113 42.200.218.97 42-200-218-97.static.imsbiz.com Conficker High
114 43.129.33.99 - Conficker High
115 43.129.35.207 - Conficker High
116 43.129.36.145 - Conficker High
117 43.129.39.176 - Conficker High
118 43.129.40.155 - Conficker High
119 43.130.10.173 - Conficker High
120 43.130.11.228 - Conficker High
121 43.130.57.239 - Conficker High
122 43.131.23.30 - Conficker High
123 43.131.43.27 - Conficker High
124 43.131.52.47 - Conficker High
125 43.131.242.173 - Conficker High
126 43.131.247.244 - Conficker High
127 43.133.5.165 - Conficker High
128 43.133.11.82 - Conficker High
129 43.133.64.54 - Conficker High
130 43.133.68.16 - Conficker High
131 43.133.162.70 - Conficker High
132 43.133.183.49 - Conficker High
133 43.153.169.80 - Conficker High
134 43.153.178.146 - Conficker High
135 43.155.152.6 - Conficker High
136 43.155.159.89 - Conficker High
137 43.155.160.194 - Conficker High
138 43.157.5.232 - Conficker High
139 43.157.20.143 - Conficker High
140 43.157.32.103 - Conficker High
141 43.157.50.168 - Conficker High
142 43.157.54.73 - Conficker High
143 43.157.62.27 - Conficker High
144 43.157.65.152 - Conficker High
145 43.163.219.230 - Conficker High
146 43.251.220.154 - Conficker High
147 43.254.132.111 - Conficker High
148 45.7.33.29 - Conficker High
149 45.10.175.72 - Conficker High
150 45.64.105.44 - Conficker High
151 45.116.112.86 rainbowisp.in Conficker High
152 45.119.8.186 undefined.hostname.localhost Conficker High
153 45.150.24.66 - Conficker High
154 45.150.24.70 - Conficker High
155 45.160.181.63 ip-45-160-181-63.conectnet.inf.br Conficker High
156 45.169.86.125 - Conficker High
157 45.171.149.17 - Conficker High
158 45.174.148.5 host148005.cvi.net.ar Conficker High
159 45.178.1.223 - Conficker High
160 45.201.196.108 - Conficker High
161 45.229.215.83 215-229-45-83.mobtelecom.com.br Conficker High
162 45.234.63.14 - Conficker High
163 45.248.163.186 - Conficker High
164 46.19.41.122 - Conficker High
165 46.26.235.102 static-102-235-26-46.ipcom.comunitel.net Conficker High
166 46.72.92.52 - Conficker High
167 46.99.137.12 - Conficker High
168 46.99.206.8 - Conficker High
169 46.148.45.196 - Conficker High
170 46.152.212.104 - Conficker High
171 46.165.54.2 2.54.165.46.access-pools.setitagila.ru Conficker High
172 46.197.136.112 - Conficker High
173 46.235.85.50 - Conficker High
174 47.101.216.23 - Conficker High
175 47.181.226.110 - Conficker High
176 49.148.246.172 dsl.49.148.246.172.pldt.net Conficker High
177 49.204.130.201 49.204.130.201.actcorp.in Conficker High
178 49.205.76.214 49.205.76.214.actcorp.in Conficker High
179 49.231.4.10 49-231-4-10.sbn-idc.com Conficker High
180 49.231.4.38 49-231-4-38.sbn-idc.com Conficker High
181 49.231.146.68 - Conficker High
182 49.231.146.205 - Conficker High
183 51.38.8.20 ip20.ip-51-38-8.eu Conficker High
184 51.38.51.48 vps-f3861520.vps.ovh.net Conficker High
185 51.39.227.113 - Conficker High
186 51.144.252.140 - Conficker High
187 51.211.66.85 - Conficker High
188 52.62.230.171 ec2-52-62-230-171.ap-southeast-2.compute.amazonaws.com Conficker Medium
189 52.144.46.125 starz.idlesia.com Conficker High
190 52.174.144.106 - Conficker High
191 52.178.47.34 - Conficker High
192 54.36.235.81 ip81.ip-54-36-235.eu Conficker High
193 58.27.218.147 58-27-218-147.wateen.net Conficker High
194 58.27.230.131 58-27-230-131.wateen.net Conficker High
195 58.33.208.2 2.208.33.58.broad.xw.sh.dynamic.163data.com.cn Conficker High
196 58.56.87.194 - Conficker High
197 58.57.1.213 - Conficker High
198 ... ... ... ...

There are 790 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used within CVE-2008-4250. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-29, CWE-37 Pathname Traversal High
2 T1055 CWE-74 Injection High
3 T1059 CWE-94, CWE-1321 Cross Site Scripting High
4 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
5 ... ... ... ...

There are 16 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during CVE-2008-4250. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /.env Low
2 File /act/ActDao.xml High
3 File /admin/ Low
4 File /admin/admin_user.php High
5 File /admin/clientview.php High
6 File /admin/pages/update_go.php High
7 File /admin/regester.php High
8 File /admin/update-clients.php High
9 File /api/cron/settings/setJob/ High
10 File /api/sys/set_passwd High
11 File /api/v1/terminal/sessions/?limit=1 High
12 File /apply.cgi Medium
13 File /authenticationendpoint/login.do High
14 File /b2b-supermarket/shopping-cart High
15 File /boaform/device_reset.cgi High
16 File /bsms_ci/index.php/user/edit_user/ High
17 File /cgi-bin/cstecgi.cgi High
18 File /cgi-bin/cstecgi.cgi?action=login High
19 File /cgi-bin/cstecgi.cgi?action=login&flag=1 High
20 File /cgi-bin/kerbynet High
21 File /cgi-bin/R14.2/cgi-bin/R14.2/host.pl High
22 File /cgi-bin/R14.2/easy1350.pl High
23 File /cgi-bin/wlogin.cgi High
24 File /cgi/cpaddons_report.pl High
25 File /change-language/de_DE High
26 File /clinic/disease_symptoms_view.php High
27 File /config/getuser High
28 File /dashboard/snapshot/*?orgId=0 High
29 File /debug/pprof Medium
30 File /dist/index.js High
31 File /DXR.axd Medium
32 File /endpoint/add-user.php High
33 File /forum/away.php High
34 File /forums/editforum.php High
35 File /goform/goform_get_cmd_process High
36 File /home/courses High
37 File /hosts/firewall/ip High
38 File /importexport.php High
39 File /index.php/ccm/system/file/upload High
40 File /log/decodmail.php High
41 File /login Low
42 File /main/doctype.php High
43 File /Main_AdmStatus_Content.asp High
44 File /manager?action=getlogcat High
45 File /mehah/otclient High
46 File /modals/class_form.php High
47 ... ... ...

There are 403 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the campaign and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2024 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!