mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-07-03 08:58:21 +00:00
369 lines
26 KiB
Markdown
369 lines
26 KiB
Markdown
# Raccoon - Cyber Threat Intelligence
|
|
|
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Raccoon](https://vuldb.com/?actor.raccoon). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
|
|
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.raccoon](https://vuldb.com/?actor.raccoon)
|
|
|
|
## Countries
|
|
|
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Raccoon:
|
|
|
|
* [SH](https://vuldb.com/?country.sh)
|
|
* [US](https://vuldb.com/?country.us)
|
|
* [CN](https://vuldb.com/?country.cn)
|
|
* ...
|
|
|
|
There are 16 more country items available. Please use our online service to access the data.
|
|
|
|
## IOC - Indicator of Compromise
|
|
|
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Raccoon.
|
|
|
|
ID | IP address | Hostname | Campaign | Confidence
|
|
-- | ---------- | -------- | -------- | ----------
|
|
1 | [2.58.56.247](https://vuldb.com/?ip.2.58.56.247) | powered.by.rdp.sh | - | High
|
|
2 | [3.232.242.170](https://vuldb.com/?ip.3.232.242.170) | ec2-3-232-242-170.compute-1.amazonaws.com | - | Medium
|
|
3 | [5.39.117.99](https://vuldb.com/?ip.5.39.117.99) | - | - | High
|
|
4 | [5.42.64.6](https://vuldb.com/?ip.5.42.64.6) | - | - | High
|
|
5 | [5.42.64.7](https://vuldb.com/?ip.5.42.64.7) | - | - | High
|
|
6 | [5.42.64.8](https://vuldb.com/?ip.5.42.64.8) | - | - | High
|
|
7 | [5.42.64.9](https://vuldb.com/?ip.5.42.64.9) | - | - | High
|
|
8 | [5.42.64.10](https://vuldb.com/?ip.5.42.64.10) | - | - | High
|
|
9 | [5.42.64.11](https://vuldb.com/?ip.5.42.64.11) | - | - | High
|
|
10 | [5.42.64.12](https://vuldb.com/?ip.5.42.64.12) | - | - | High
|
|
11 | [5.42.64.13](https://vuldb.com/?ip.5.42.64.13) | - | - | High
|
|
12 | [5.42.64.17](https://vuldb.com/?ip.5.42.64.17) | - | - | High
|
|
13 | [5.42.65.12](https://vuldb.com/?ip.5.42.65.12) | - | - | High
|
|
14 | [5.42.65.14](https://vuldb.com/?ip.5.42.65.14) | - | - | High
|
|
15 | [5.42.65.15](https://vuldb.com/?ip.5.42.65.15) | - | - | High
|
|
16 | [5.42.65.16](https://vuldb.com/?ip.5.42.65.16) | - | - | High
|
|
17 | [5.42.65.17](https://vuldb.com/?ip.5.42.65.17) | - | - | High
|
|
18 | [5.42.65.18](https://vuldb.com/?ip.5.42.65.18) | - | - | High
|
|
19 | [5.42.65.62](https://vuldb.com/?ip.5.42.65.62) | - | - | High
|
|
20 | [5.42.65.69](https://vuldb.com/?ip.5.42.65.69) | - | - | High
|
|
21 | [5.42.66.1](https://vuldb.com/?ip.5.42.66.1) | - | - | High
|
|
22 | [5.42.66.2](https://vuldb.com/?ip.5.42.66.2) | - | - | High
|
|
23 | [5.42.66.6](https://vuldb.com/?ip.5.42.66.6) | - | - | High
|
|
24 | [5.42.66.8](https://vuldb.com/?ip.5.42.66.8) | - | - | High
|
|
25 | [5.42.94.204](https://vuldb.com/?ip.5.42.94.204) | elegant-parcel.aeza.network | - | High
|
|
26 | [5.61.51.73](https://vuldb.com/?ip.5.61.51.73) | - | - | High
|
|
27 | [5.75.129.114](https://vuldb.com/?ip.5.75.129.114) | static.114.129.75.5.clients.your-server.de | - | High
|
|
28 | [5.75.138.1](https://vuldb.com/?ip.5.75.138.1) | static.1.138.75.5.clients.your-server.de | - | High
|
|
29 | [5.75.159.229](https://vuldb.com/?ip.5.75.159.229) | static.229.159.75.5.clients.your-server.de | - | High
|
|
30 | [5.75.182.199](https://vuldb.com/?ip.5.75.182.199) | static.199.182.75.5.clients.your-server.de | - | High
|
|
31 | [5.75.186.33](https://vuldb.com/?ip.5.75.186.33) | static.33.186.75.5.clients.your-server.de | - | High
|
|
32 | [5.75.186.50](https://vuldb.com/?ip.5.75.186.50) | static.50.186.75.5.clients.your-server.de | - | High
|
|
33 | [5.75.225.209](https://vuldb.com/?ip.5.75.225.209) | static.209.225.75.5.clients.your-server.de | - | High
|
|
34 | [5.75.242.235](https://vuldb.com/?ip.5.75.242.235) | static.235.242.75.5.clients.your-server.de | - | High
|
|
35 | [5.75.243.212](https://vuldb.com/?ip.5.75.243.212) | static.212.243.75.5.clients.your-server.de | - | High
|
|
36 | [5.75.251.66](https://vuldb.com/?ip.5.75.251.66) | static.66.251.75.5.clients.your-server.de | - | High
|
|
37 | [5.78.53.188](https://vuldb.com/?ip.5.78.53.188) | static.188.53.78.5.clients.your-server.de | - | High
|
|
38 | [5.78.74.115](https://vuldb.com/?ip.5.78.74.115) | static.115.74.78.5.clients.your-server.de | - | High
|
|
39 | [5.78.75.80](https://vuldb.com/?ip.5.78.75.80) | static.80.75.78.5.clients.your-server.de | - | High
|
|
40 | [5.78.85.103](https://vuldb.com/?ip.5.78.85.103) | static.103.85.78.5.clients.your-server.de | - | High
|
|
41 | [5.78.98.26](https://vuldb.com/?ip.5.78.98.26) | static.26.98.78.5.clients.your-server.de | - | High
|
|
42 | [5.78.111.161](https://vuldb.com/?ip.5.78.111.161) | static.161.111.78.5.clients.your-server.de | - | High
|
|
43 | [5.181.156.252](https://vuldb.com/?ip.5.181.156.252) | no-rdns.mivocloud.com | - | High
|
|
44 | [5.181.159.66](https://vuldb.com/?ip.5.181.159.66) | 5-181-159-66.mivocloud.com | - | High
|
|
45 | [5.181.159.86](https://vuldb.com/?ip.5.181.159.86) | 5-181-159-86.mivocloud.com | - | High
|
|
46 | [5.182.36.75](https://vuldb.com/?ip.5.182.36.75) | vm937417.stark-industries.solutions | - | High
|
|
47 | [5.182.37.217](https://vuldb.com/?ip.5.182.37.217) | - | - | High
|
|
48 | [5.252.22.62](https://vuldb.com/?ip.5.252.22.62) | vm1204553.stark-industries.solutions | - | High
|
|
49 | [5.252.22.66](https://vuldb.com/?ip.5.252.22.66) | s-germany.rocks | - | High
|
|
50 | [5.252.22.107](https://vuldb.com/?ip.5.252.22.107) | vm868975.stark-industries.solutions | - | High
|
|
51 | [5.252.23.27](https://vuldb.com/?ip.5.252.23.27) | vm1058478.stark-industries.solutions | - | High
|
|
52 | [5.252.23.112](https://vuldb.com/?ip.5.252.23.112) | vm713221.stark-industries.solutions | - | High
|
|
53 | [5.252.118.36](https://vuldb.com/?ip.5.252.118.36) | overrated-flavor.aeza.network | - | High
|
|
54 | [5.252.118.139](https://vuldb.com/?ip.5.252.118.139) | polite-death.aeza.network | - | High
|
|
55 | [5.252.118.232](https://vuldb.com/?ip.5.252.118.232) | obsolete-discussion.aeza.network | - | High
|
|
56 | [5.252.177.22](https://vuldb.com/?ip.5.252.177.22) | no-rdns.mivocloud.com | - | High
|
|
57 | [5.252.177.36](https://vuldb.com/?ip.5.252.177.36) | no-rdns.mivocloud.com | - | High
|
|
58 | [5.252.177.50](https://vuldb.com/?ip.5.252.177.50) | edc0.dealsfromthenet.com | - | High
|
|
59 | [5.252.177.71](https://vuldb.com/?ip.5.252.177.71) | no-rdns.mivocloud.com | - | High
|
|
60 | [5.252.178.5](https://vuldb.com/?ip.5.252.178.5) | no-rdns.mivocloud.com | - | High
|
|
61 | [5.252.178.86](https://vuldb.com/?ip.5.252.178.86) | 5-252-178-86.mivocloud.com | - | High
|
|
62 | [5.252.178.139](https://vuldb.com/?ip.5.252.178.139) | no-rdns.mivocloud.com | - | High
|
|
63 | [5.253.19.65](https://vuldb.com/?ip.5.253.19.65) | helmsman.coolomotion.com | - | High
|
|
64 | [5.254.118.211](https://vuldb.com/?ip.5.254.118.211) | 4j4.biz | - | High
|
|
65 | [5.254.118.254](https://vuldb.com/?ip.5.254.118.254) | - | - | High
|
|
66 | [5.255.97.178](https://vuldb.com/?ip.5.255.97.178) | - | - | High
|
|
67 | [5.255.100.41](https://vuldb.com/?ip.5.255.100.41) | - | - | High
|
|
68 | [5.255.103.158](https://vuldb.com/?ip.5.255.103.158) | - | - | High
|
|
69 | [5.255.111.137](https://vuldb.com/?ip.5.255.111.137) | - | - | High
|
|
70 | [5.255.127.159](https://vuldb.com/?ip.5.255.127.159) | - | - | High
|
|
71 | [8.248.161.254](https://vuldb.com/?ip.8.248.161.254) | - | - | High
|
|
72 | [8.249.225.254](https://vuldb.com/?ip.8.249.225.254) | - | - | High
|
|
73 | [8.249.241.254](https://vuldb.com/?ip.8.249.241.254) | - | - | High
|
|
74 | [8.249.245.254](https://vuldb.com/?ip.8.249.245.254) | - | - | High
|
|
75 | [8.253.132.120](https://vuldb.com/?ip.8.253.132.120) | - | - | High
|
|
76 | [8.253.156.120](https://vuldb.com/?ip.8.253.156.120) | - | - | High
|
|
77 | [18.238.4.79](https://vuldb.com/?ip.18.238.4.79) | server-18-238-4-79.phl51.r.cloudfront.net | - | High
|
|
78 | [18.238.4.82](https://vuldb.com/?ip.18.238.4.82) | server-18-238-4-82.phl51.r.cloudfront.net | - | High
|
|
79 | [18.238.4.84](https://vuldb.com/?ip.18.238.4.84) | server-18-238-4-84.phl51.r.cloudfront.net | - | High
|
|
80 | [20.115.112.33](https://vuldb.com/?ip.20.115.112.33) | - | - | High
|
|
81 | [20.166.60.250](https://vuldb.com/?ip.20.166.60.250) | - | - | High
|
|
82 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
|
83 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
|
84 | [23.19.58.152](https://vuldb.com/?ip.23.19.58.152) | i58.152.lofame.net | - | High
|
|
85 | [23.46.238.194](https://vuldb.com/?ip.23.46.238.194) | a23-46-238-194.deploy.static.akamaitechnologies.com | - | High
|
|
86 | [23.88.55.150](https://vuldb.com/?ip.23.88.55.150) | bth3t1t2.myraidbox.de | - | High
|
|
87 | [23.134.168.112](https://vuldb.com/?ip.23.134.168.112) | hot2.classificationpick2.xyz | - | High
|
|
88 | [23.134.168.143](https://vuldb.com/?ip.23.134.168.143) | carvalhodds.store | - | High
|
|
89 | [23.134.168.173](https://vuldb.com/?ip.23.134.168.173) | cfzo.ir | - | High
|
|
90 | [31.13.195.44](https://vuldb.com/?ip.31.13.195.44) | - | - | High
|
|
91 | [31.41.244.153](https://vuldb.com/?ip.31.41.244.153) | - | - | High
|
|
92 | [34.76.8.115](https://vuldb.com/?ip.34.76.8.115) | 115.8.76.34.bc.googleusercontent.com | - | Medium
|
|
93 | [34.88.52.57](https://vuldb.com/?ip.34.88.52.57) | 57.52.88.34.bc.googleusercontent.com | - | Medium
|
|
94 | [34.89.184.90](https://vuldb.com/?ip.34.89.184.90) | 90.184.89.34.bc.googleusercontent.com | - | Medium
|
|
95 | [34.105.169.29](https://vuldb.com/?ip.34.105.169.29) | 29.169.105.34.bc.googleusercontent.com | - | Medium
|
|
96 | [34.105.219.83](https://vuldb.com/?ip.34.105.219.83) | 83.219.105.34.bc.googleusercontent.com | - | Medium
|
|
97 | [34.105.255.170](https://vuldb.com/?ip.34.105.255.170) | 170.255.105.34.bc.googleusercontent.com | - | Medium
|
|
98 | [34.135.32.61](https://vuldb.com/?ip.34.135.32.61) | 61.32.135.34.bc.googleusercontent.com | - | Medium
|
|
99 | [34.251.53.237](https://vuldb.com/?ip.34.251.53.237) | ec2-34-251-53-237.eu-west-1.compute.amazonaws.com | - | Medium
|
|
100 | [35.198.88.195](https://vuldb.com/?ip.35.198.88.195) | 195.88.198.35.bc.googleusercontent.com | - | Medium
|
|
101 | [35.204.89.50](https://vuldb.com/?ip.35.204.89.50) | 50.89.204.35.bc.googleusercontent.com | - | Medium
|
|
102 | [35.228.95.80](https://vuldb.com/?ip.35.228.95.80) | 80.95.228.35.bc.googleusercontent.com | - | Medium
|
|
103 | [37.1.208.22](https://vuldb.com/?ip.37.1.208.22) | - | - | High
|
|
104 | [37.1.212.243](https://vuldb.com/?ip.37.1.212.243) | spinkl.org.uk | - | High
|
|
105 | [37.27.3.21](https://vuldb.com/?ip.37.27.3.21) | static.21.3.27.37.clients.your-server.de | - | High
|
|
106 | [37.49.230.54](https://vuldb.com/?ip.37.49.230.54) | - | - | High
|
|
107 | [37.49.230.114](https://vuldb.com/?ip.37.49.230.114) | - | - | High
|
|
108 | [37.120.237.242](https://vuldb.com/?ip.37.120.237.242) | - | - | High
|
|
109 | [37.120.238.179](https://vuldb.com/?ip.37.120.238.179) | - | - | High
|
|
110 | [37.220.87.7](https://vuldb.com/?ip.37.220.87.7) | ipn-37-220-87-7.artem-catv.ru | - | High
|
|
111 | [37.220.87.12](https://vuldb.com/?ip.37.220.87.12) | ipn-37-220-87-12.artem-catv.ru | - | High
|
|
112 | [37.220.87.17](https://vuldb.com/?ip.37.220.87.17) | ipn-37-220-87-17.artem-catv.ru | - | High
|
|
113 | [37.220.87.18](https://vuldb.com/?ip.37.220.87.18) | ipn-37-220-87-18.artem-catv.ru | - | High
|
|
114 | [37.220.87.25](https://vuldb.com/?ip.37.220.87.25) | ipn-37-220-87-25.artem-catv.ru | - | High
|
|
115 | [37.220.87.29](https://vuldb.com/?ip.37.220.87.29) | ipn-37-220-87-29.artem-catv.ru | - | High
|
|
116 | [37.220.87.34](https://vuldb.com/?ip.37.220.87.34) | ipn-37-220-87-34.artem-catv.ru | - | High
|
|
117 | [37.220.87.35](https://vuldb.com/?ip.37.220.87.35) | ipn-37-220-87-35.artem-catv.ru | - | High
|
|
118 | [37.220.87.36](https://vuldb.com/?ip.37.220.87.36) | ipn-37-220-87-36.artem-catv.ru | - | High
|
|
119 | [37.220.87.38](https://vuldb.com/?ip.37.220.87.38) | ipn-37-220-87-38.artem-catv.ru | - | High
|
|
120 | [37.220.87.47](https://vuldb.com/?ip.37.220.87.47) | ipn-37-220-87-47.artem-catv.ru | - | High
|
|
121 | [37.220.87.48](https://vuldb.com/?ip.37.220.87.48) | ipn-37-220-87-48.artem-catv.ru | - | High
|
|
122 | [37.220.87.49](https://vuldb.com/?ip.37.220.87.49) | ipn-37-220-87-49.artem-catv.ru | - | High
|
|
123 | [37.220.87.63](https://vuldb.com/?ip.37.220.87.63) | ipn-37-220-87-63.artem-catv.ru | - | High
|
|
124 | [37.220.87.66](https://vuldb.com/?ip.37.220.87.66) | ipn-37-220-87-66.artem-catv.ru | - | High
|
|
125 | [37.220.87.68](https://vuldb.com/?ip.37.220.87.68) | ipn-37-220-87-68.artem-catv.ru | - | High
|
|
126 | [37.220.87.86](https://vuldb.com/?ip.37.220.87.86) | ipn-37-220-87-86.artem-catv.ru | - | High
|
|
127 | [43.130.118.228](https://vuldb.com/?ip.43.130.118.228) | - | - | High
|
|
128 | [45.8.144.61](https://vuldb.com/?ip.45.8.144.61) | vm1323244.stark-industries.solutions | - | High
|
|
129 | [45.8.144.73](https://vuldb.com/?ip.45.8.144.73) | vm1182705.stark-industries.solutions | - | High
|
|
130 | [45.8.144.148](https://vuldb.com/?ip.45.8.144.148) | vm1332653.stark-industries.solutions | - | High
|
|
131 | [45.8.146.72](https://vuldb.com/?ip.45.8.146.72) | vm1066019.stark-industries.solutions | - | High
|
|
132 | [45.9.74.6](https://vuldb.com/?ip.45.9.74.6) | - | - | High
|
|
133 | [45.9.74.21](https://vuldb.com/?ip.45.9.74.21) | - | - | High
|
|
134 | [45.9.74.22](https://vuldb.com/?ip.45.9.74.22) | - | - | High
|
|
135 | [45.9.74.34](https://vuldb.com/?ip.45.9.74.34) | - | - | High
|
|
136 | [45.9.74.35](https://vuldb.com/?ip.45.9.74.35) | - | - | High
|
|
137 | [45.9.74.36](https://vuldb.com/?ip.45.9.74.36) | - | - | High
|
|
138 | [45.9.74.50](https://vuldb.com/?ip.45.9.74.50) | - | - | High
|
|
139 | [45.9.74.54](https://vuldb.com/?ip.45.9.74.54) | - | - | High
|
|
140 | [45.9.74.56](https://vuldb.com/?ip.45.9.74.56) | - | - | High
|
|
141 | [45.9.74.60](https://vuldb.com/?ip.45.9.74.60) | - | - | High
|
|
142 | [45.9.74.68](https://vuldb.com/?ip.45.9.74.68) | - | - | High
|
|
143 | [45.9.74.69](https://vuldb.com/?ip.45.9.74.69) | - | - | High
|
|
144 | [45.9.74.70](https://vuldb.com/?ip.45.9.74.70) | - | - | High
|
|
145 | [45.9.74.71](https://vuldb.com/?ip.45.9.74.71) | - | - | High
|
|
146 | [45.9.74.81](https://vuldb.com/?ip.45.9.74.81) | - | - | High
|
|
147 | [45.9.74.82](https://vuldb.com/?ip.45.9.74.82) | - | - | High
|
|
148 | [45.9.74.90](https://vuldb.com/?ip.45.9.74.90) | - | - | High
|
|
149 | [45.9.74.97](https://vuldb.com/?ip.45.9.74.97) | - | - | High
|
|
150 | [45.9.74.99](https://vuldb.com/?ip.45.9.74.99) | - | - | High
|
|
151 | [45.9.74.119](https://vuldb.com/?ip.45.9.74.119) | - | - | High
|
|
152 | [45.9.74.151](https://vuldb.com/?ip.45.9.74.151) | - | - | High
|
|
153 | [45.9.74.152](https://vuldb.com/?ip.45.9.74.152) | - | - | High
|
|
154 | [45.9.74.160](https://vuldb.com/?ip.45.9.74.160) | - | - | High
|
|
155 | [45.9.74.165](https://vuldb.com/?ip.45.9.74.165) | - | - | High
|
|
156 | [45.9.74.170](https://vuldb.com/?ip.45.9.74.170) | - | - | High
|
|
157 | [45.9.74.171](https://vuldb.com/?ip.45.9.74.171) | - | - | High
|
|
158 | [45.9.74.172](https://vuldb.com/?ip.45.9.74.172) | - | - | High
|
|
159 | [45.9.74.173](https://vuldb.com/?ip.45.9.74.173) | - | - | High
|
|
160 | [45.9.74.174](https://vuldb.com/?ip.45.9.74.174) | - | - | High
|
|
161 | [45.9.74.175](https://vuldb.com/?ip.45.9.74.175) | - | - | High
|
|
162 | [45.9.74.176](https://vuldb.com/?ip.45.9.74.176) | - | - | High
|
|
163 | [45.9.148.139](https://vuldb.com/?ip.45.9.148.139) | - | - | High
|
|
164 | [45.15.156.2](https://vuldb.com/?ip.45.15.156.2) | - | - | High
|
|
165 | [45.15.156.8](https://vuldb.com/?ip.45.15.156.8) | - | - | High
|
|
166 | [45.15.156.11](https://vuldb.com/?ip.45.15.156.11) | - | - | High
|
|
167 | [45.15.156.31](https://vuldb.com/?ip.45.15.156.31) | - | - | High
|
|
168 | [45.15.156.36](https://vuldb.com/?ip.45.15.156.36) | - | - | High
|
|
169 | [45.15.156.38](https://vuldb.com/?ip.45.15.156.38) | - | - | High
|
|
170 | [45.15.156.40](https://vuldb.com/?ip.45.15.156.40) | - | - | High
|
|
171 | [45.15.156.42](https://vuldb.com/?ip.45.15.156.42) | - | - | High
|
|
172 | [45.15.156.50](https://vuldb.com/?ip.45.15.156.50) | - | - | High
|
|
173 | [45.15.156.62](https://vuldb.com/?ip.45.15.156.62) | - | - | High
|
|
174 | [45.15.156.72](https://vuldb.com/?ip.45.15.156.72) | - | - | High
|
|
175 | [45.15.156.75](https://vuldb.com/?ip.45.15.156.75) | - | - | High
|
|
176 | [45.15.156.79](https://vuldb.com/?ip.45.15.156.79) | - | - | High
|
|
177 | [45.15.156.87](https://vuldb.com/?ip.45.15.156.87) | - | - | High
|
|
178 | [45.15.156.96](https://vuldb.com/?ip.45.15.156.96) | - | - | High
|
|
179 | [45.15.156.105](https://vuldb.com/?ip.45.15.156.105) | - | - | High
|
|
180 | [45.15.156.120](https://vuldb.com/?ip.45.15.156.120) | - | - | High
|
|
181 | [45.15.156.151](https://vuldb.com/?ip.45.15.156.151) | - | - | High
|
|
182 | [45.15.156.164](https://vuldb.com/?ip.45.15.156.164) | - | - | High
|
|
183 | [45.15.156.168](https://vuldb.com/?ip.45.15.156.168) | - | - | High
|
|
184 | [45.15.156.169](https://vuldb.com/?ip.45.15.156.169) | - | - | High
|
|
185 | [45.15.156.178](https://vuldb.com/?ip.45.15.156.178) | - | - | High
|
|
186 | [45.15.156.179](https://vuldb.com/?ip.45.15.156.179) | - | - | High
|
|
187 | [45.15.156.192](https://vuldb.com/?ip.45.15.156.192) | - | - | High
|
|
188 | [45.15.156.198](https://vuldb.com/?ip.45.15.156.198) | - | - | High
|
|
189 | [45.15.156.201](https://vuldb.com/?ip.45.15.156.201) | - | - | High
|
|
190 | [45.15.156.208](https://vuldb.com/?ip.45.15.156.208) | - | - | High
|
|
191 | [45.15.156.225](https://vuldb.com/?ip.45.15.156.225) | - | - | High
|
|
192 | [45.15.156.226](https://vuldb.com/?ip.45.15.156.226) | - | - | High
|
|
193 | [45.15.156.227](https://vuldb.com/?ip.45.15.156.227) | - | - | High
|
|
194 | [45.15.156.233](https://vuldb.com/?ip.45.15.156.233) | - | - | High
|
|
195 | [45.15.156.238](https://vuldb.com/?ip.45.15.156.238) | - | - | High
|
|
196 | [45.15.156.239](https://vuldb.com/?ip.45.15.156.239) | - | - | High
|
|
197 | [45.15.156.251](https://vuldb.com/?ip.45.15.156.251) | - | - | High
|
|
198 | [45.15.157.7](https://vuldb.com/?ip.45.15.157.7) | - | - | High
|
|
199 | [45.15.159.197](https://vuldb.com/?ip.45.15.159.197) | royal-attack.aeza.network | - | High
|
|
200 | [45.61.136.191](https://vuldb.com/?ip.45.61.136.191) | - | - | High
|
|
201 | [45.61.136.194](https://vuldb.com/?ip.45.61.136.194) | - | - | High
|
|
202 | [45.61.137.163](https://vuldb.com/?ip.45.61.137.163) | - | - | High
|
|
203 | [45.61.138.12](https://vuldb.com/?ip.45.61.138.12) | - | - | High
|
|
204 | [45.61.138.130](https://vuldb.com/?ip.45.61.138.130) | - | - | High
|
|
205 | [45.61.138.138](https://vuldb.com/?ip.45.61.138.138) | - | - | High
|
|
206 | [45.61.139.2](https://vuldb.com/?ip.45.61.139.2) | - | - | High
|
|
207 | [45.66.230.38](https://vuldb.com/?ip.45.66.230.38) | - | - | High
|
|
208 | [45.67.34.234](https://vuldb.com/?ip.45.67.34.234) | vm1200564.stark-industries.solutions | - | High
|
|
209 | [45.67.35.52](https://vuldb.com/?ip.45.67.35.52) | vm1245055.stark-industries.solutions | - | High
|
|
210 | [45.67.35.164](https://vuldb.com/?ip.45.67.35.164) | vm1323097.stark-industries.solutions | - | High
|
|
211 | [45.67.35.241](https://vuldb.com/?ip.45.67.35.241) | vm1349287.stark-industries.solutions | - | High
|
|
212 | [45.67.35.251](https://vuldb.com/?ip.45.67.35.251) | vm1333466.stark-industries.solutions | - | High
|
|
213 | [45.67.228.180](https://vuldb.com/?ip.45.67.228.180) | vm1330387.stark-industries.solutions | - | High
|
|
214 | [45.67.231.132](https://vuldb.com/?ip.45.67.231.132) | ironfish.com | - | High
|
|
215 | [45.82.13.17](https://vuldb.com/?ip.45.82.13.17) | MSK-H-1674545172.msk.host | - | High
|
|
216 | [45.82.71.192](https://vuldb.com/?ip.45.82.71.192) | papidu.com.ua | - | High
|
|
217 | [45.82.73.28](https://vuldb.com/?ip.45.82.73.28) | - | - | High
|
|
218 | ... | ... | ... | ...
|
|
|
|
There are 870 more IOC items available. Please use our online service to access the data.
|
|
|
|
## TTP - Tactics, Techniques, Procedures
|
|
|
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Raccoon_. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Technique | Weakness | Description | Confidence
|
|
-- | --------- | -------- | ----------- | ----------
|
|
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
|
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
|
3 | T1055 | CWE-74 | Injection | High
|
|
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
|
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
|
6 | ... | ... | ... | ...
|
|
|
|
There are 20 more TTP items available. Please use our online service to access the data.
|
|
|
|
## IOA - Indicator of Attack
|
|
|
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Raccoon. This data is unique as it uses our predictive model for actor profiling.
|
|
|
|
ID | Type | Indicator | Confidence
|
|
-- | ---- | --------- | ----------
|
|
1 | File | `//WEB-INF` | Medium
|
|
2 | File | `/?p=products` | Medium
|
|
3 | File | `/about.php` | Medium
|
|
4 | File | `/admin.php/update/getFile.html` | High
|
|
5 | File | `/admin/modal_add_product.php` | High
|
|
6 | File | `/admin/positions_add.php` | High
|
|
7 | File | `/admin/user/manage_user.php` | High
|
|
8 | File | `/ajax.php?action=save_company` | High
|
|
9 | File | `/ajax.php?action=save_user` | High
|
|
10 | File | `/ajax/myshop` | Medium
|
|
11 | File | `/api/baskets/{name}` | High
|
|
12 | File | `/api/stl/actions/search` | High
|
|
13 | File | `/api/v2/cli/commands` | High
|
|
14 | File | `/authenticationendpoint/login.do` | High
|
|
15 | File | `/backup.pl` | Medium
|
|
16 | File | `/bin/ate` | Medium
|
|
17 | File | `/booking/show_bookings/` | High
|
|
18 | File | `/cas/logout` | Medium
|
|
19 | File | `/category.php` | High
|
|
20 | File | `/cgi-bin` | Medium
|
|
21 | File | `/cgi-bin/system_mgr.cgi` | High
|
|
22 | File | `/contactform/contactform.php` | High
|
|
23 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
|
24 | File | `/dcim/rack-roles/` | High
|
|
25 | File | `/DXR.axd` | Medium
|
|
26 | File | `/ecommerce/support_ticket` | High
|
|
27 | File | `/env` | Low
|
|
28 | File | `/feeds/post/publish` | High
|
|
29 | File | `/forum/away.php` | High
|
|
30 | File | `/goform/WifiGuestSet` | High
|
|
31 | File | `/h/` | Low
|
|
32 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
|
33 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
|
34 | File | `/index.php?app=main&func=passport&action=login` | High
|
|
35 | File | `/index.php?page=category_list` | High
|
|
36 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
|
37 | File | `/jobinfo/` | Medium
|
|
38 | File | `/kelas/data` | Medium
|
|
39 | File | `/kelasdosen/data` | High
|
|
40 | File | `/modules/projects/vw_files.php` | High
|
|
41 | File | `/Moosikay/order.php` | High
|
|
42 | File | `/opac/Actions.php?a=login` | High
|
|
43 | File | `/paysystem/branch.php` | High
|
|
44 | File | `/paysystem/datatable.php` | High
|
|
45 | File | `/php-sms/admin/?page=user/manage_user` | High
|
|
46 | ... | ... | ...
|
|
|
|
There are 398 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
|
|
|
## References
|
|
|
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
|
|
|
* https://app.any.run/tasks/6c910d55-f846-46f8-bfa5-b6af3986466c
|
|
* https://app.any.run/tasks/ae0c74b8-df62-4015-8a4f-1c80e4dec0fb
|
|
* https://bazaar.abuse.ch/sample/2d1b607ec47972b278c48eea4fa955e00b07dcc02fe7d950defe55490a129c8c/
|
|
* https://bazaar.abuse.ch/sample/5bbe4ff9dc3e2fb44d356785216d39faa2ea386b1a5227798aea9c2d18b8b3fa/
|
|
* https://bazaar.abuse.ch/sample/7b0d940175c7c440f5bc5b54bf72b899fc5cef36ff62e65c2f52856e75d0b05b/
|
|
* https://bazaar.abuse.ch/sample/9c7a967f46a139f886c96f027a26caf6bc8446dfdf9d689c84116816a6b64954/
|
|
* https://bazaar.abuse.ch/sample/2475b6b24c1117002dfdb64795080ea401a25a2a23e08f3e9f809dfaa01a05c1/
|
|
* https://bazaar.abuse.ch/sample/ac13be532798f0d6dd37d8eed2b8d4ef0f8dc0ead80cc7c18db57d3052cdefd8/
|
|
* https://bazaar.abuse.ch/sample/ad469dd1d1a2d39ac6a1562243ea2205b43eacbb8b62b084916d9a0974189554/
|
|
* https://bazaar.abuse.ch/sample/c1bf213d08c31ff5e897cf21a65a6140474c100bc16e10306a689529d8cb5570/
|
|
* https://bazaar.abuse.ch/sample/f9806a31364a4f864f7018e2f827d6bd5cc0052eab849f9fda1e7af45625ed93/
|
|
* https://bazaar.abuse.ch/sample/fa17fefdcdc4cee37749806163652d8d2987014c7d4cd84931ce4337fb3547d6/
|
|
* https://blog.group-ib.com/fakesecurity_raccoon
|
|
* https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/
|
|
* https://blog.talosintelligence.com/2021/07/threat-roundup-0716-0723.html
|
|
* https://blog.talosintelligence.com/2021/12/threat-roundup-1203-1210.html
|
|
* https://blog.talosintelligence.com/threat-roundup-feb-24-march-3-2023/
|
|
* https://blogs.blackberry.com/en/2021/08/threat-spotlight-lockbit-2-0-ransomware-takes-on-top-consulting-firm
|
|
* https://github.com/threatlabz/iocs/blob/main/raccoon/c2_ips.txt
|
|
* https://threatfox.abuse.ch
|
|
* https://tria.ge/221022-14m2cafae9
|
|
* https://twitter.com/0xrb/status/1610512844222763008?s=20
|
|
* https://twitter.com/0xrb/status/1610512844222763008?s=20&t=4RpntLoIt8ejrPFpHwiyvw
|
|
* https://twitter.com/0xrb/status/1610512844222763008?s=20&t=5vScF2139MIjix15B5tnNw
|
|
* https://twitter.com/0xrb/status/1610512844222763008?s=20&t=FqLf4uB88aXH-PzMsvNcGQ
|
|
* https://twitter.com/0xrb/status/1610512844222763008?s=20&t=OO63TME-iu6JvI8EnVvlZw
|
|
* https://twitter.com/0xrb/status/1610512844222763008?s=20&t=oVBjfHXUAquhlArc9LuZ1A
|
|
* https://twitter.com/crep1x/status/1553840512376967171
|
|
* https://twitter.com/crep1x/status/1584254866150416386
|
|
* https://twitter.com/crep1x/status/1588297309313699842
|
|
* https://twitter.com/crep1x/status/1592270229190881280
|
|
* https://twitter.com/crep1x/status/1635034096949940224
|
|
* https://twitter.com/Gi7w0rm/status/1610872426492985344
|
|
* https://twitter.com/Iamdeadlyz/status/1562823487932100608
|
|
* https://www.zscaler.com/blogs/security-research/raccoon-stealer-v2-latest-generation-raccoon-family
|
|
* https://yaraify.abuse.ch/sample/1f95990060b03445fd1054877c0ed2116a1434a3d1f7358a90d455df3fe1e172/
|
|
* https://yaraify.abuse.ch/sample/640c45085849413f89851ffa4aba1956b59b6f9e77bc874d0dedb6a8d373201f/
|
|
* https://yaraify.abuse.ch/sample/31019cb931f96fc8859b3a96f2b2f0186827846cbadff3b6c3e0d5dc8f6dccb7/
|
|
* https://yaraify.abuse.ch/sample/e1f781fcae67afcf92d2266366c3aa32773853688849df7abb0f5415ea6d8c5d/
|
|
|
|
## Literature
|
|
|
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
|
|
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
|
|
|
## License
|
|
|
|
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|