mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-07-03 08:58:21 +00:00
71 lines
4.9 KiB
Markdown
71 lines
4.9 KiB
Markdown
# Cyclops Blink - Cyber Threat Intelligence
|
|
|
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cyclops Blink](https://vuldb.com/?actor.cyclops_blink). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
|
|
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cyclops_blink](https://vuldb.com/?actor.cyclops_blink)
|
|
|
|
## IOC - Indicator of Compromise
|
|
|
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Cyclops Blink.
|
|
|
|
ID | IP address | Hostname | Campaign | Confidence
|
|
-- | ---------- | -------- | -------- | ----------
|
|
1 | [1.9.85.247](https://vuldb.com/?ip.1.9.85.247) | - | - | High
|
|
2 | [1.9.85.248](https://vuldb.com/?ip.1.9.85.248) | - | - | High
|
|
3 | [1.9.85.249](https://vuldb.com/?ip.1.9.85.249) | - | - | High
|
|
4 | [1.9.85.252](https://vuldb.com/?ip.1.9.85.252) | - | - | High
|
|
5 | [1.9.85.253](https://vuldb.com/?ip.1.9.85.253) | - | - | High
|
|
6 | [1.9.85.254](https://vuldb.com/?ip.1.9.85.254) | - | - | High
|
|
7 | [2.192.0.94](https://vuldb.com/?ip.2.192.0.94) | - | - | High
|
|
8 | [2.192.1.120](https://vuldb.com/?ip.2.192.1.120) | - | - | High
|
|
9 | [2.192.6.144](https://vuldb.com/?ip.2.192.6.144) | - | - | High
|
|
10 | [2.192.7.244](https://vuldb.com/?ip.2.192.7.244) | - | - | High
|
|
11 | [2.192.67.0](https://vuldb.com/?ip.2.192.67.0) | - | - | High
|
|
12 | [2.192.71.115](https://vuldb.com/?ip.2.192.71.115) | - | - | High
|
|
13 | [2.192.74.124](https://vuldb.com/?ip.2.192.74.124) | - | - | High
|
|
14 | [2.229.24.16](https://vuldb.com/?ip.2.229.24.16) | 2-229-24-16.ip194.fastwebnet.it | - | High
|
|
15 | [2.229.32.106](https://vuldb.com/?ip.2.229.32.106) | 2-229-32-106.ip194.fastwebnet.it | - | High
|
|
16 | [2.230.110.137](https://vuldb.com/?ip.2.230.110.137) | - | - | High
|
|
17 | [12.34.226.34](https://vuldb.com/?ip.12.34.226.34) | - | - | High
|
|
18 | [12.172.90.242](https://vuldb.com/?ip.12.172.90.242) | - | - | High
|
|
19 | [12.191.39.162](https://vuldb.com/?ip.12.191.39.162) | - | - | High
|
|
20 | [12.191.39.163](https://vuldb.com/?ip.12.191.39.163) | - | - | High
|
|
21 | [12.191.39.164](https://vuldb.com/?ip.12.191.39.164) | - | - | High
|
|
22 | [12.191.39.165](https://vuldb.com/?ip.12.191.39.165) | - | - | High
|
|
23 | [12.191.39.166](https://vuldb.com/?ip.12.191.39.166) | - | - | High
|
|
24 | [24.39.220.218](https://vuldb.com/?ip.24.39.220.218) | rrcs-24-39-220-218.nys.biz.rr.com | - | High
|
|
25 | [24.96.94.11](https://vuldb.com/?ip.24.96.94.11) | static-24-96-94-11.knology.net | - | High
|
|
26 | [24.199.247.222](https://vuldb.com/?ip.24.199.247.222) | webmail.capefearclinic.org | - | High
|
|
27 | [24.227.240.210](https://vuldb.com/?ip.24.227.240.210) | rrcs-24-227-240-210.sw.biz.rr.com | - | High
|
|
28 | [24.227.240.211](https://vuldb.com/?ip.24.227.240.211) | rrcs-24-227-240-211.sw.biz.rr.com | - | High
|
|
29 | [37.26.183.94](https://vuldb.com/?ip.37.26.183.94) | 37.26.183.94.not.updated.openip-cs.net | - | High
|
|
30 | [37.71.147.186](https://vuldb.com/?ip.37.71.147.186) | 186.147.71.37.rev.sfr.net | - | High
|
|
31 | [37.99.163.162](https://vuldb.com/?ip.37.99.163.162) | 37.99.163-162.static.go.com.sa | - | High
|
|
32 | [37.99.163.163](https://vuldb.com/?ip.37.99.163.163) | - | - | High
|
|
33 | [37.99.163.164](https://vuldb.com/?ip.37.99.163.164) | mail.ftl.com.sa | - | High
|
|
34 | [37.99.163.165](https://vuldb.com/?ip.37.99.163.165) | 37.99.163-165.static.go.com.sa | - | High
|
|
35 | [37.99.163.166](https://vuldb.com/?ip.37.99.163.166) | 37.99.163-166.static.go.com.sa | - | High
|
|
36 | [41.142.240.197](https://vuldb.com/?ip.41.142.240.197) | - | - | High
|
|
37 | [50.192.49.210](https://vuldb.com/?ip.50.192.49.210) | 50-192-49-210-static.hfc.comcastbusiness.net | - | High
|
|
38 | ... | ... | ... | ...
|
|
|
|
There are 146 more IOC items available. Please use our online service to access the data.
|
|
|
|
## References
|
|
|
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
|
|
|
* https://1275.ru/ioc/45/cyclops-blink-botnet-ioc/
|
|
* https://www.ncsc.gov.uk/files/Cyclops-Blink-Malware-Analysis-Report.pdf
|
|
|
|
## Literature
|
|
|
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
|
|
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
|
|
|
## License
|
|
|
|
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|