mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-29 02:12:51 +00:00

History

Marc Ruef e41f13e7d4 Update July 2023		2023-07-01 08:50:45 +02:00
..
README.md	Update July 2023	2023-07-01 08:50:45 +02:00

README.md

RecordBreaker - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as RecordBreaker. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.recordbreaker

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with RecordBreaker:

There are 15 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of RecordBreaker.

ID	IP address	Hostname	Campaign	Confidence
1	2.56.10.122	mta.ecuaseguridad.com	-	High
2	5.2.70.65	-	-	High
3	5.42.64.6	-	-	High
4	5.42.64.7	-	-	High
5	5.42.64.8	-	-	High
6	5.42.64.9	-	-	High
7	5.42.64.10	-	-	High
8	5.42.64.11	-	-	High
9	5.42.64.12	-	-	High
10	5.42.64.13	-	-	High
11	5.42.64.17	-	-	High
12	5.42.65.12	-	-	High
13	5.42.65.14	-	-	High
14	5.42.65.15	-	-	High
15	5.42.65.16	-	-	High
16	5.42.65.17	-	-	High
17	5.42.65.18	-	-	High
18	5.42.65.62	-	-	High
19	5.42.65.69	-	-	High
20	5.42.66.1	-	-	High
21	5.42.66.2	-	-	High
22	5.42.199.17	-	-	High
23	5.45.66.129	mafia777.com	-	High
24	5.45.67.19	-	-	High
25	5.61.42.196	-	-	High
26	5.61.50.161	-	-	High
27	5.61.51.73	-	-	High
28	5.78.74.115	static.115.74.78.5.clients.your-server.de	-	High
29	5.181.159.185	no-rdns.mivocloud.com	-	High
30	5.182.36.165	vm1276877.stark-industries.solutions	-	High
31	5.182.36.167	node.5	-	High
32	5.182.36.180	node.6	-	High
33	5.182.36.192	vm1267096.stark-industries.solutions	-	High
34	5.182.36.230	mail.ad-astras.live	-	High
35	5.182.36.232	vm1001223.stark-industries.solutions	-	High
36	5.182.36.233	vm1236183.stark-industries.solutions	-	High
37	5.182.36.239	node.4	-	High
38	5.182.39.34	vm1324830.stark-industries.solutions	-	High
39	5.182.39.73	vm682415.stark-industries.solutions	-	High
40	5.182.39.74	vm932222.stark-industries.solutions	-	High
41	5.182.39.75	vm683633.stark-industries.solutions	-	High
42	5.182.39.76	vm1328575.stark-industries.solutions	-	High
43	5.182.39.77	vrubportu.ru	-	High
44	5.252.21.28	vm628578.stark-industries.solutions	-	High
45	5.252.21.191	vm1263142.stark-industries.solutions	-	High
46	5.252.22.43	vm622378.stark-industries.solutions	-	High
47	5.252.22.119	vm622746.stark-industries.solutions	-	High
48	5.252.23.18	mail.tidy-entrance.com	-	High
49	5.252.23.100	doma.lillys.sk	-	High
50	5.252.23.142	vm605096.stark-industries.solutions	-	High
51	5.252.118.129	web-pterodactyl.aeza.network	-	High
52	5.252.118.228	enchanting-spring.aeza.network	-	High
53	5.252.177.20	no-rdns.mivocloud.com	-	High
54	5.252.177.234	5-252-177-234.mivocloud.com	-	High
55	5.252.178.210	5-252-178-210.mivocloud.com	-	High
56	5.253.19.61	coolomotion.com	-	High
57	5.253.19.133	salesperson.coolomotion.com	-	High
58	5.253.19.142	-	-	High
59	5.253.84.117	-	-	High
60	15.235.89.55	-	-	High
61	23.229.117.245	-	-	High
62	23.229.117.249	-	-	High
63	31.41.244.88	-	-	High
64	37.27.3.211	static.211.3.27.37.clients.your-server.de	-	High
65	37.49.230.139	-	-	High
66	37.220.87.6	ipn-37-220-87-6.artem-catv.ru	-	High
67	37.220.87.22	ipn-37-220-87-22.artem-catv.ru	-	High
68	37.220.87.44	ipn-37-220-87-44.artem-catv.ru	-	High
69	37.220.87.67	ipn-37-220-87-67.artem-catv.ru	-	High
70	37.220.87.68	ipn-37-220-87-68.artem-catv.ru	-	High
71	37.220.87.69	ipn-37-220-87-69.artem-catv.ru	-	High
72	37.220.87.71	ipn-37-220-87-71.artem-catv.ru	-	High
73	37.220.87.76	ipn-37-220-87-76.artem-catv.ru	-	High
74	37.220.87.79	ipn-37-220-87-79.artem-catv.ru	-	High
75	37.220.87.88	ipn-37-220-87-88.artem-catv.ru	-	High
76	37.220.87.89	ipn-37-220-87-89.artem-catv.ru	-	High
77	37.220.87.91	ipn-37-220-87-91.artem-catv.ru	-	High
78	37.220.87.93	ipn-37-220-87-93.artem-catv.ru	-	High
79	45.8.144.53	vm1338738.stark-industries.solutions	-	High
80	45.8.144.151	vm1272059.stark-industries.solutions	-	High
81	45.8.144.152	vm1238283.stark-industries.solutions	-	High
82	45.8.144.153	samuraipaint.jp	-	High
83	45.8.144.183	vm1301531.stark-industries.solutions	-	High
84	45.8.144.227	vm1304275.stark-industries.solutions	-	High
85	45.8.145.76	vm1089663.stark-industries.solutions	-	High
86	45.8.145.174	vm1077085.stark-industries.solutions	-	High
87	45.8.145.203	vm658895.stark-industries.solutions	-	High
88	45.8.145.243	shardeum.collins.com	-	High
89	45.8.146.34	vm819154.stark-industries.solutions	-	High
90	45.8.146.190	vm1094169.stark-industries.solutions	-	High
91	45.9.74.6	-	-	High
92	45.9.74.21	-	-	High
93	45.9.74.22	-	-	High
94	45.9.74.34	-	-	High
95	45.9.74.35	-	-	High
96	45.9.74.36	-	-	High
97	45.9.74.50	-	-	High
98	45.9.74.54	-	-	High
99	45.9.74.56	-	-	High
100	45.9.74.60	-	-	High
101	45.9.74.68	-	-	High
102	45.9.74.69	-	-	High
103	45.9.74.70	-	-	High
104	45.9.74.71	-	-	High
105	45.9.74.81	-	-	High
106	45.9.74.82	-	-	High
107	45.9.74.90	-	-	High
108	45.9.74.97	-	-	High
109	45.9.74.99	-	-	High
110	45.9.74.133	-	-	High
111	45.9.74.140	-	-	High
112	45.9.74.166	-	-	High
113	45.11.19.40	-	-	High
114	45.11.19.99	-	-	High
115	45.11.19.199	-	-	High
116	45.15.156.16	-	-	High
117	45.15.156.17	-	-	High
118	45.15.156.27	-	-	High
119	45.15.156.56	-	-	High
120	45.15.156.65	-	-	High
121	45.15.156.90	-	-	High
122	45.15.156.94	-	-	High
123	45.15.156.95	-	-	High
124	45.15.156.102	-	-	High
125	45.15.156.116	-	-	High
126	45.15.156.122	-	-	High
127	45.15.156.143	-	-	High
128	45.15.156.144	-	-	High
129	45.15.156.145	-	-	High
130	45.15.156.159	-	-	High
131	45.15.156.177	-	-	High
132	45.15.156.178	-	-	High
133	45.15.156.209	-	-	High
134	45.15.156.214	-	-	High
135	45.15.156.215	-	-	High
136	45.15.156.222	-	-	High
137	45.15.159.27	malicious-dock.aeza.network	-	High
138	45.15.159.95	premium-yoke.aeza.network	-	High
139	45.15.159.199	heady-insect.aeza.network	-	High
140	45.15.159.249	iron-man.aeza.network	-	High
141	45.67.35.17	vm1268873.stark-industries.solutions	-	High
142	45.67.35.52	vm1245055.stark-industries.solutions	-	High
143	45.67.35.151	vm626927.stark-industries.solutions	-	High
144	45.67.228.8	newsbr.us.com	-	High
145	45.67.229.149	sevfvffffsxnofab.xyz	-	High
146	45.67.231.11	crypto-citadel.org	-	High
147	45.67.231.93	vm941933.stark-industries.solutions	-	High
148	...	...	...	...

There are 587 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by RecordBreaker. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Weakness	Description	Confidence
1	T1006	CWE-21, CWE-22, CWE-23, CWE-28	Pathname Traversal	High
2	T1040	CWE-294, CWE-319	Authentication Bypass by Capture-replay	High
3	T1055	CWE-74	Injection	High
4	T1059	CWE-94	Cross Site Scripting	High
5	T1059.007	CWE-79, CWE-80	Cross Site Scripting	High
6	...	...	...	...

There are 20 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by RecordBreaker. This data is unique as it uses our predictive model for actor profiling.

ID	Type	Indicator	Confidence
1	File	`/+CSCOE+/logon.html`	High
2	File	`/?p=products`	Medium
3	File	`/about.php`	Medium
4	File	`/admin.php/accessory/filesdel.html`	High
5	File	`/admin/?page=user/manage`	High
6	File	`/admin/add-new.php`	High
7	File	`/admin/api/theme-edit/`	High
8	File	`/admin/doctors.php`	High
9	File	`/admin/inquiries/view_inquiry.php`	High
10	File	`/admin/maintenance/manage_category.php`	High
11	File	`/admin/submit-articles`	High
12	File	`/alphaware/summary.php`	High
13	File	`/api/`	Low
14	File	`/api/admin/store/product/list`	High
15	File	`/api/RecordingList/DownloadRecord?file=`	High
16	File	`/api/stl/actions/search`	High
17	File	`/api/v2/cli/commands`	High
18	File	`/apply.cgi`	Medium
19	File	`/attachments`	Medium
20	File	`/bin/ate`	Medium
21	File	`/boat/login.php`	High
22	File	`/bsms_ci/index.php/book`	High
23	File	`/card_scan.php`	High
24	File	`/cas/logout`	Medium
25	File	`/cgi-bin`	Medium
26	File	`/cgi-bin/luci/api/wireless`	High
27	File	`/cgi-bin/wlogin.cgi`	High
28	File	`/context/%2e/WEB-INF/web.xml`	High
29	File	`/cwc/login`	Medium
30	File	`/debug/pprof`	Medium
31	File	`/DXR.axd`	Medium
32	File	`/env`	Low
33	File	`/etc/hosts`	Medium
34	File	`/etc/quagga`	Medium
35	File	`/film-rating.php`	High
36	File	`/forms/doLogin`	High
37	File	`/forum/away.php`	High
38	File	`/goform/setmac`	High
39	File	`/goform/wizard_end`	High
40	File	`/h/calendar`	Medium
41	File	`/index.php`	Medium
42	File	`/librarian/bookdetails.php`	High
43	File	`/medicines/profile.php`	High
44	File	`/modules/caddyhttp/rewrite/rewrite.go`	High
45	File	`/nova/bin/detnet`	High
46	File	`/owa/auth/logon.aspx`	High
47	File	`/php-sms/admin/?page=user/manage_user`	High
48	File	`/proxy`	Low
49	File	`/requests.php`	High
50	File	`/reservation/add_message.php`	High
51	File	`/rom-0`	Low
52	File	`/ServletAPI/accounts/login`	High
53	File	`/spip.php`	Medium
54	...	...	...

There are 473 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence: