mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-26 00:48:54 +00:00

History

Marc Ruef 9acd7aff46 Update February 2024		2024-02-02 10:19:44 +01:00
..
README.md	Update February 2024	2024-02-02 10:19:44 +01:00

README.md

South Korea - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the campaign known as South Korea. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with South Korea:

There are 23 more country items available. Please use our online service to access the data.

Actors

These actors are associated with South Korea or other actors linked to the campaign.

ID	Actor	Confidence
1	Lazarus	High
2	South Korea Unknown	High
3	Dalbit	High
4	...	...

There are 1 more actor items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of South Korea.

ID	IP address	Hostname	Actor	Confidence
1	1.11.0.0	-	South Korea Unknown	High
2	1.16.0.0	-	South Korea Unknown	High
3	1.96.0.0	-	South Korea Unknown	High
4	1.176.0.0	-	South Korea Unknown	High
5	1.201.0.0	-	South Korea Unknown	High
6	1.208.0.0	-	South Korea Unknown	High
7	1.224.0.0	-	South Korea Unknown	High
8	2.59.153.0	-	South Korea Unknown	High
9	5.62.35.32	r-32.35.62.5.ptr.avast.com	South Korea Unknown	High
10	5.189.200.128	-	South Korea Unknown	High
11	5.231.77.0	-	South Korea Unknown	High
12	8.38.149.0	-	South Korea Unknown	High
13	13.104.47.0	-	South Korea Unknown	High
14	13.104.56.0	-	South Korea Unknown	High
15	13.104.60.0	-	South Korea Unknown	High
16	13.104.62.0	-	South Korea Unknown	High
17	13.104.63.0	-	South Korea Unknown	High
18	13.104.96.88	-	South Korea Unknown	High
19	13.104.96.176	-	South Korea Unknown	High
20	13.104.96.192	-	South Korea Unknown	High
21	13.104.96.200	-	South Korea Unknown	High
22	13.104.157.0	-	South Korea Unknown	High
23	13.106.90.0	-	South Korea Unknown	High
24	13.106.92.0	-	South Korea Unknown	High
25	13.106.224.0	-	South Korea Unknown	High
26	13.107.185.148	-	South Korea Unknown	High
27	13.107.185.160	-	South Korea Unknown	High
28	13.107.194.20	-	South Korea Unknown	High
29	13.124.0.0	ec2-13-124-0-0.ap-northeast-2.compute.amazonaws.com	South Korea Unknown	Medium
30	13.209.0.0	ec2-13-209-0-0.ap-northeast-2.compute.amazonaws.com	South Korea Unknown	Medium
31	14.0.32.0	-	South Korea Unknown	High
32	14.0.64.0	-	South Korea Unknown	High
33	14.4.0.0	-	South Korea Unknown	High
34	14.32.0.0	-	South Korea Unknown	High
35	14.64.0.0	-	South Korea Unknown	High
36	14.128.48.0	-	South Korea Unknown	High
37	14.128.128.0	-	South Korea Unknown	High
38	14.129.0.0	-	South Korea Unknown	High
39	14.138.0.0	-	South Korea Unknown	High
40	14.192.80.0	-	South Korea Unknown	High
41	14.206.0.0	-	South Korea Unknown	High
42	15.164.0.0	ec2-15-164-0-0.ap-northeast-2.compute.amazonaws.com	South Korea Unknown	Medium
43	17.91.200.0	-	South Korea Unknown	High
44	17.253.114.0	-	South Korea Unknown	High
45	20.39.168.0	-	South Korea Unknown	High
46	20.39.184.0	-	South Korea Unknown	High
47	20.39.192.0	-	South Korea Unknown	High
48	20.41.64.0	-	South Korea Unknown	High
49	20.44.24.0	-	South Korea Unknown	High
50	20.150.4.0	-	South Korea Unknown	High
51	20.150.14.0	-	South Korea Unknown	High
52	20.190.144.128	-	South Korea Unknown	High
53	20.190.148.0	-	South Korea Unknown	High
54	20.190.179.0	-	South Korea Unknown	High
55	20.190.180.0	-	South Korea Unknown	High
56	23.15.13.0	a23-15-13-0.deploy.static.akamaitechnologies.com	South Korea Unknown	High
57	23.35.218.4	a23-35-218-4.deploy.static.akamaitechnologies.com	South Korea Unknown	High
58	23.35.218.12	a23-35-218-12.deploy.static.akamaitechnologies.com	South Korea Unknown	High
59	23.35.218.20	a23-35-218-20.deploy.static.akamaitechnologies.com	South Korea Unknown	High
60	23.35.218.28	a23-35-218-28.deploy.static.akamaitechnologies.com	South Korea Unknown	High
61	23.35.218.36	a23-35-218-36.deploy.static.akamaitechnologies.com	South Korea Unknown	High
62	23.35.218.44	a23-35-218-44.deploy.static.akamaitechnologies.com	South Korea Unknown	High
63	23.35.218.52	a23-35-218-52.deploy.static.akamaitechnologies.com	South Korea Unknown	High
64	23.35.218.60	a23-35-218-60.deploy.static.akamaitechnologies.com	South Korea Unknown	High
65	23.35.218.68	a23-35-218-68.deploy.static.akamaitechnologies.com	South Korea Unknown	High
66	23.35.218.76	a23-35-218-76.deploy.static.akamaitechnologies.com	South Korea Unknown	High
67	23.35.218.84	a23-35-218-84.deploy.static.akamaitechnologies.com	South Korea Unknown	High
68	23.35.218.92	a23-35-218-92.deploy.static.akamaitechnologies.com	South Korea Unknown	High
69	23.35.218.100	a23-35-218-100.deploy.static.akamaitechnologies.com	South Korea Unknown	High
70	23.35.218.108	a23-35-218-108.deploy.static.akamaitechnologies.com	South Korea Unknown	High
71	23.35.218.116	a23-35-218-116.deploy.static.akamaitechnologies.com	South Korea Unknown	High
72	23.35.218.124	a23-35-218-124.deploy.static.akamaitechnologies.com	South Korea Unknown	High
73	23.44.173.4	a23-44-173-4.deploy.static.akamaitechnologies.com	South Korea Unknown	High
74	23.44.173.12	a23-44-173-12.deploy.static.akamaitechnologies.com	South Korea Unknown	High
75	23.44.173.20	a23-44-173-20.deploy.static.akamaitechnologies.com	South Korea Unknown	High
76	23.44.173.28	a23-44-173-28.deploy.static.akamaitechnologies.com	South Korea Unknown	High
77	23.44.173.36	a23-44-173-36.deploy.static.akamaitechnologies.com	South Korea Unknown	High
78	23.44.173.44	a23-44-173-44.deploy.static.akamaitechnologies.com	South Korea Unknown	High
79	23.44.173.52	a23-44-173-52.deploy.static.akamaitechnologies.com	South Korea Unknown	High
80	23.44.173.60	a23-44-173-60.deploy.static.akamaitechnologies.com	South Korea Unknown	High
81	23.44.173.68	a23-44-173-68.deploy.static.akamaitechnologies.com	South Korea Unknown	High
82	23.44.173.76	a23-44-173-76.deploy.static.akamaitechnologies.com	South Korea Unknown	High
83	23.44.173.84	a23-44-173-84.deploy.static.akamaitechnologies.com	South Korea Unknown	High
84	23.59.72.78	a23-59-72-78.deploy.static.akamaitechnologies.com	South Korea Unknown	High
85	23.59.72.84	a23-59-72-84.deploy.static.akamaitechnologies.com	South Korea Unknown	High
86	23.59.72.92	a23-59-72-92.deploy.static.akamaitechnologies.com	South Korea Unknown	High
87	23.59.72.100	a23-59-72-100.deploy.static.akamaitechnologies.com	South Korea Unknown	High
88	23.59.72.108	a23-59-72-108.deploy.static.akamaitechnologies.com	South Korea Unknown	High
89	23.59.72.116	a23-59-72-116.deploy.static.akamaitechnologies.com	South Korea Unknown	High
90	23.59.72.132	a23-59-72-132.deploy.static.akamaitechnologies.com	South Korea Unknown	High
91	23.59.72.140	a23-59-72-140.deploy.static.akamaitechnologies.com	South Korea Unknown	High
92	23.59.72.148	a23-59-72-148.deploy.static.akamaitechnologies.com	South Korea Unknown	High
93	23.59.72.156	a23-59-72-156.deploy.static.akamaitechnologies.com	South Korea Unknown	High
94	23.59.72.164	a23-59-72-164.deploy.static.akamaitechnologies.com	South Korea Unknown	High
95	23.59.72.172	a23-59-72-172.deploy.static.akamaitechnologies.com	South Korea Unknown	High
96	23.59.72.180	a23-59-72-180.deploy.static.akamaitechnologies.com	South Korea Unknown	High
97	23.59.72.196	a23-59-72-196.deploy.static.akamaitechnologies.com	South Korea Unknown	High
98	23.59.151.4	a23-59-151-4.deploy.static.akamaitechnologies.com	South Korea Unknown	High
99	23.59.151.12	a23-59-151-12.deploy.static.akamaitechnologies.com	South Korea Unknown	High
100	23.59.151.20	a23-59-151-20.deploy.static.akamaitechnologies.com	South Korea Unknown	High
101	23.59.151.28	a23-59-151-28.deploy.static.akamaitechnologies.com	South Korea Unknown	High
102	23.59.151.36	a23-59-151-36.deploy.static.akamaitechnologies.com	South Korea Unknown	High
103	23.59.151.44	a23-59-151-44.deploy.static.akamaitechnologies.com	South Korea Unknown	High
104	23.59.151.52	a23-59-151-52.deploy.static.akamaitechnologies.com	South Korea Unknown	High
105	23.59.151.60	a23-59-151-60.deploy.static.akamaitechnologies.com	South Korea Unknown	High
106	23.59.151.68	a23-59-151-68.deploy.static.akamaitechnologies.com	South Korea Unknown	High
107	23.59.151.76	a23-59-151-76.deploy.static.akamaitechnologies.com	South Korea Unknown	High
108	23.59.151.84	a23-59-151-84.deploy.static.akamaitechnologies.com	South Korea Unknown	High
109	23.59.151.92	a23-59-151-92.deploy.static.akamaitechnologies.com	South Korea Unknown	High
110	23.59.151.100	a23-59-151-100.deploy.static.akamaitechnologies.com	South Korea Unknown	High
111	23.59.151.108	a23-59-151-108.deploy.static.akamaitechnologies.com	South Korea Unknown	High
112	23.59.151.116	a23-59-151-116.deploy.static.akamaitechnologies.com	South Korea Unknown	High
113	23.59.151.124	a23-59-151-124.deploy.static.akamaitechnologies.com	South Korea Unknown	High
114	23.65.188.30	a23-65-188-30.deploy.static.akamaitechnologies.com	South Korea Unknown	High
115	23.65.188.36	a23-65-188-36.deploy.static.akamaitechnologies.com	South Korea Unknown	High
116	23.65.188.44	a23-65-188-44.deploy.static.akamaitechnologies.com	South Korea Unknown	High
117	23.65.188.52	a23-65-188-52.deploy.static.akamaitechnologies.com	South Korea Unknown	High
118	23.65.188.60	a23-65-188-60.deploy.static.akamaitechnologies.com	South Korea Unknown	High
119	23.65.188.68	a23-65-188-68.deploy.static.akamaitechnologies.com	South Korea Unknown	High
120	23.67.53.55	a23-67-53-55.deploy.static.akamaitechnologies.com	South Korea Unknown	High
121	23.67.53.60	a23-67-53-60.deploy.static.akamaitechnologies.com	South Korea Unknown	High
122	23.67.53.62	a23-67-53-62.deploy.static.akamaitechnologies.com	South Korea Unknown	High
123	23.67.53.68	a23-67-53-68.deploy.static.akamaitechnologies.com	South Korea Unknown	High
124	23.67.53.76	a23-67-53-76.deploy.static.akamaitechnologies.com	South Korea Unknown	High
125	23.67.53.84	a23-67-53-84.deploy.static.akamaitechnologies.com	South Korea Unknown	High
126	23.67.53.92	a23-67-53-92.deploy.static.akamaitechnologies.com	South Korea Unknown	High
127	23.67.53.100	a23-67-53-100.deploy.static.akamaitechnologies.com	South Korea Unknown	High
128	23.67.53.117	a23-67-53-117.deploy.static.akamaitechnologies.com	South Korea Unknown	High
129	23.67.53.118	a23-67-53-118.deploy.static.akamaitechnologies.com	South Korea Unknown	High
130	23.67.53.196	a23-67-53-196.deploy.static.akamaitechnologies.com	South Korea Unknown	High
131	23.67.53.204	a23-67-53-204.deploy.static.akamaitechnologies.com	South Korea Unknown	High
132	23.67.53.206	a23-67-53-206.deploy.static.akamaitechnologies.com	South Korea Unknown	High
133	23.81.246.131	-	Lazarus	High
134	23.103.138.0	-	South Korea Unknown	High
135	23.103.141.128	-	South Korea Unknown	High
136	23.103.141.192	-	South Korea Unknown	High
137	23.211.117.55	a23-211-117-55.deploy.static.akamaitechnologies.com	South Korea Unknown	High
138	23.211.117.60	a23-211-117-60.deploy.static.akamaitechnologies.com	South Korea Unknown	High
139	23.211.117.68	a23-211-117-68.deploy.static.akamaitechnologies.com	South Korea Unknown	High
140	23.211.117.70	a23-211-117-70.deploy.static.akamaitechnologies.com	South Korea Unknown	High
141	23.248.160.0	-	South Korea Unknown	High
142	23.251.124.0	-	South Korea Unknown	High
143	27.0.236.0	-	South Korea Unknown	High
144	27.1.0.0	-	South Korea Unknown	High
145	27.35.0.0	-	South Korea Unknown	High
146	27.96.128.0	-	South Korea Unknown	High
147	27.100.128.0	-	South Korea Unknown	High
148	27.101.0.0	-	South Korea Unknown	High
149	27.102.0.0	-	South Korea Unknown	High
150	27.111.96.0	-	South Korea Unknown	High
151	27.112.128.0	-	South Korea Unknown	High
152	27.113.0.0	-	South Korea Unknown	High
153	27.115.128.0	-	South Korea Unknown	High
154	27.116.64.0	-	South Korea Unknown	High
155	27.116.128.0	-	South Korea Unknown	High
156	27.117.0.0	-	South Korea Unknown	High
157	27.118.64.0	-	South Korea Unknown	High
158	27.118.128.0	-	South Korea Unknown	High
159	27.119.0.0	-	South Korea Unknown	High
160	27.120.0.0	-	South Korea Unknown	High
161	27.122.128.0	-	South Korea Unknown	High
162	27.124.8.0	-	South Korea Unknown	High
163	27.124.128.0	-	South Korea Unknown	High
164	27.125.0.0	-	South Korea Unknown	High
165	27.126.0.0	-	South Korea Unknown	High
166	27.160.0.0	-	South Korea Unknown	High
167	27.176.0.0	-	South Korea Unknown	High
168	27.232.0.0	-	South Korea Unknown	High
169	27.255.64.0	-	South Korea Unknown	High
170	34.98.164.0	0.164.98.34.bc.googleusercontent.com	South Korea Unknown	Medium
171	34.98.174.0	0.174.98.34.bc.googleusercontent.com	South Korea Unknown	Medium
172	36.38.0.0	-	South Korea Unknown	High
173	37.153.134.128	-	South Korea Unknown	High
174	37.156.6.0	-	South Korea Unknown	High
175	37.252.244.0	-	South Korea Unknown	High
176	39.4.0.0	-	South Korea Unknown	High
177	39.16.0.0	-	South Korea Unknown	High
178	39.112.0.0	-	South Korea Unknown	High
179	40.66.64.136	-	South Korea Unknown	High
180	40.66.92.0	-	South Korea Unknown	High
181	40.79.220.0	-	South Korea Unknown	High
182	40.80.32.0	-	South Korea Unknown	High
183	40.80.168.0	koreasouth03.rnm.core.windows.net	South Korea Unknown	High
184	40.80.224.0	-	South Korea Unknown	High
185	40.82.128.0	-	South Korea Unknown	High
186	40.89.192.0	-	South Korea Unknown	High
187	40.90.17.224	-	South Korea Unknown	High
188	40.90.128.176	-	South Korea Unknown	High
189	40.90.131.128	-	South Korea Unknown	High
190	40.90.139.128	-	South Korea Unknown	High
191	40.90.156.64	msnbot-40-90-156-64.search.msn.com	South Korea Unknown	High
192	40.90.157.32	msnbot-40-90-157-32.search.msn.com	South Korea Unknown	High
193	40.92.84.0	-	South Korea Unknown	High
194	40.92.242.0	-	South Korea Unknown	High
195	40.92.254.0	-	South Korea Unknown	High
196	40.93.86.0	-	South Korea Unknown	High
197	40.93.242.0	-	South Korea Unknown	High
198	40.93.254.0	-	South Korea Unknown	High
199	40.94.227.0	-	South Korea Unknown	High
200	40.94.233.0	-	South Korea Unknown	High
201	40.94.234.0	-	South Korea Unknown	High
202	40.94.241.0	-	South Korea Unknown	High
203	40.94.242.0	-	South Korea Unknown	High
204	40.94.244.0	-	South Korea Unknown	High
205	40.94.246.0	-	South Korea Unknown	High
206	40.94.254.0	-	South Korea Unknown	High
207	40.95.83.0	-	South Korea Unknown	High
208	40.95.242.0	-	South Korea Unknown	High
209	40.95.254.0	-	South Korea Unknown	High
210	40.96.2.144	-	South Korea Unknown	High
211	40.96.2.160	-	South Korea Unknown	High
212	40.96.2.192	-	South Korea Unknown	High
213	40.96.3.0	-	South Korea Unknown	High
214	40.96.7.160	-	South Korea Unknown	High
215	40.96.17.64	-	South Korea Unknown	High
216	40.96.17.128	-	South Korea Unknown	High
217	40.96.17.160	-	South Korea Unknown	High
218	40.96.47.8	-	South Korea Unknown	High
219	40.96.47.64	-	South Korea Unknown	High
220	40.96.47.128	-	South Korea Unknown	High
221	40.96.47.192	-	South Korea Unknown	High
222	40.100.20.0	-	South Korea Unknown	High
223	40.100.44.0	-	South Korea Unknown	High
224	40.100.48.0	-	South Korea Unknown	High
225	40.103.28.64	-	South Korea Unknown	High
226	40.103.28.128	-	South Korea Unknown	High
227	40.103.28.192	-	South Korea Unknown	High
228	40.103.29.0	-	South Korea Unknown	High
229	40.107.128.0	mail-eopbgr1280000.outbound.protection.outlook.com	South Korea Unknown	High
230	40.107.132.0	mail-eopbgr1320000.outbound.protection.outlook.com	South Korea Unknown	High
231	40.107.226.0	-	South Korea Unknown	High
232	40.107.230.0	-	South Korea Unknown	High
233	40.107.233.0	-	South Korea Unknown	High
234	40.108.153.0	-	South Korea Unknown	High
235	40.108.156.0	-	South Korea Unknown	High
236	40.126.16.128	-	South Korea Unknown	High
237	40.126.20.0	-	South Korea Unknown	High
238	40.126.51.0	-	South Korea Unknown	High
239	40.126.51.32	-	South Korea Unknown	High
240	40.126.52.0	-	South Korea Unknown	High
241	40.126.52.128	-	South Korea Unknown	High
242	42.8.0.0	-	South Korea Unknown	High
243	42.16.0.0	-	South Korea Unknown	High
244	42.32.0.0	-	South Korea Unknown	High
245	42.82.0.0	-	South Korea Unknown	High
246	43.224.104.0	-	South Korea Unknown	High
247	43.226.228.0	-	South Korea Unknown	High
248	43.226.231.0	-	South Korea Unknown	High
249	43.227.116.0	-	South Korea Unknown	High
250	43.227.120.0	-	South Korea Unknown	High
251	43.228.160.0	-	South Korea Unknown	High
252	43.229.0.0	-	South Korea Unknown	High
253	43.230.0.0	-	South Korea Unknown	High
254	43.230.76.0	-	South Korea Unknown	High
255	43.230.80.0	-	South Korea Unknown	High
256	43.230.216.0	-	South Korea Unknown	High
257	43.241.44.0	-	South Korea Unknown	High
258	43.241.104.0	-	South Korea Unknown	High
259	43.242.0.0	-	South Korea Unknown	High
260	43.242.112.0	-	South Korea Unknown	High
261	43.243.216.0	-	South Korea Unknown	High
262	43.246.152.0	-	South Korea Unknown	High
263	43.246.180.0	-	South Korea Unknown	High
264	43.247.104.0	-	South Korea Unknown	High
265	43.247.192.0	-	South Korea Unknown	High
266	43.249.128.0	-	South Korea Unknown	High
267	43.249.129.0	-	South Korea Unknown	High
268	43.249.130.128	-	South Korea Unknown	High
269	43.249.131.128	-	South Korea Unknown	High
270	43.250.152.0	-	South Korea Unknown	High
271	43.251.28.0	-	South Korea Unknown	High
272	43.251.68.0	-	South Korea Unknown	High
273	43.251.120.0	-	South Korea Unknown	High
274	43.254.244.0	-	South Korea Unknown	High
275	43.255.248.0	-	South Korea Unknown	High
276	45.12.70.123	halflearned.yourbandinc.com	South Korea Unknown	High
277	45.12.71.123	-	South Korea Unknown	High
278	45.43.40.0	-	South Korea Unknown	High
279	45.64.140.0	-	South Korea Unknown	High
280	45.64.144.0	-	South Korea Unknown	High
281	45.64.152.0	-	South Korea Unknown	High
282	45.64.172.0	-	South Korea Unknown	High
283	45.67.97.0	-	South Korea Unknown	High
284	45.91.225.0	-	South Korea Unknown	High
285	45.93.28.103	-	Dalbit	High
286	45.93.31.75	-	Dalbit	High
287	45.93.31.122	-	Dalbit	High
288	45.94.152.0	-	South Korea Unknown	High
289	45.112.88.0	-	South Korea Unknown	High
290	45.112.96.0	-	South Korea Unknown	High
291	45.112.112.0	-	South Korea Unknown	High
292	45.112.152.0	-	South Korea Unknown	High
293	45.112.160.0	-	South Korea Unknown	High
294	45.112.168.0	-	South Korea Unknown	High
295	45.113.44.0	-	South Korea Unknown	High
296	45.113.48.0	-	South Korea Unknown	High
297	45.113.82.0	-	South Korea Unknown	High
298	45.114.128.0	-	South Korea Unknown	High
299	45.114.131.0	-	South Korea Unknown	High
300	45.115.25.0	-	South Korea Unknown	High
301	45.115.152.0	-	South Korea Unknown	High
302	45.117.12.0	-	South Korea Unknown	High
303	45.119.40.0	-	South Korea Unknown	High
304	45.119.144.0	-	South Korea Unknown	High
305	45.120.64.0	-	South Korea Unknown	High
306	45.120.200.0	-	South Korea Unknown	High
307	45.121.164.0	-	South Korea Unknown	High
308	45.125.232.0	-	South Korea Unknown	High
309	45.126.148.0	-	South Korea Unknown	High
310	45.130.33.0	-	South Korea Unknown	High
311	45.136.186.19	45.136.186.19.static.xtom.com	Dalbit	High
312	45.136.186.175	45.136.186.175.static.xtom.com	Dalbit	High
313	45.138.209.0	-	South Korea Unknown	High
314	45.142.153.0	-	South Korea Unknown	High
315	...	...	...	...

There are 1256 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used within South Korea. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Weakness	Description	Confidence
1	T1006	CWE-21, CWE-22, CWE-23, CWE-25, CWE-425	Pathname Traversal	High
2	T1040	CWE-319	Authentication Bypass by Capture-replay	High
3	T1055	CWE-74	Injection	High
4	T1059	CWE-94, CWE-1321	Cross Site Scripting	High
5	T1059.007	CWE-79, CWE-80	Cross Site Scripting	High
6	...	...	...	...

There are 22 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during South Korea. This data is unique as it uses our predictive model for actor profiling.

ID	Type	Indicator	Confidence
1	File	`%SYSTEMDRIVE%\node_modules\.bin\wmic.exe`	High
2	File	`/admin/add-category.php`	High
3	File	`/admin/save.php`	High
4	File	`/admin/sys_sql_query.php`	High
5	File	`/api/baskets/{name}`	High
6	File	`/api/download`	High
7	File	`/api/v1/alerts`	High
8	File	`/api/v1/terminal/sessions/?limit=1`	High
9	File	`/b2b-supermarket/shopping-cart`	High
10	File	`/bitrix/admin/ldap_server_edit.php`	High
11	File	`/category.php`	High
12	File	`/categorypage.php`	High
13	File	`/cgi-bin/luci/api/wireless`	High
14	File	`/cgi-bin/vitogate.cgi`	High
15	File	`/change-language/de_DE`	High
16	File	`/company/store`	High
17	File	`/Content/Template/root/reverse-shell.aspx`	High
18	File	`/Controller/Ajaxfileupload.ashx`	High
19	File	`/core/conditions/AbstractWrapper.java`	High
20	File	`/debug/pprof`	Medium
21	File	`/devinfo`	Medium
22	File	`/dist/index.js`	High
23	File	`/etc/passwd`	Medium
24	File	`/fcgi/scrut_fcgi.fcgi`	High
25	File	`/forum/away.php`	High
26	File	`/geoserver/gwc/rest.html`	High
27	File	`/goform/formSysCmd`	High
28	File	`/HNAP1`	Low
29	File	`/hosts/firewall/ip`	High
30	File	`/index.php/ccm/system/file/upload`	High
31	File	`/jeecg-boot/sys/common/upload`	High
32	File	`/log/decodmail.php`	High
33	File	`/oauth/idp/.well-known/openid-configuration`	High
34	File	`/OA_HTML/cabo/jsps/a.jsp`	High
35	File	`/php/ping.php`	High
36	File	`/proxy`	Low
37	File	`/recipe-result`	High
38	File	`/register.do`	Medium
39	File	`/RPS2019Service/status.html`	High
40	File	`/s/index.php?action=statistics`	High
41	File	`/scripts/unlock_tasks.php`	High
42	File	`/Service/ImageStationDataService.asmx`	High
43	File	`/setting`	Medium
44	...	...	...

There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the campaign and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence: