Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-30 19:03:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
b8ed0a8117
cyber_threat_intelligence/campaigns/BumbleBee
History
Marc Ruef b8ed0a8117 Update May 2023
2023-05-01 08:17:50 +02:00
..
README.md Update May 2023 2023-05-01 08:17:50 +02:00

README.md

BumbleBee - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the campaign known as BumbleBee. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BumbleBee:

There are 10 more country items available. Please use our online service to access the data.

Actors

These actors are associated with BumbleBee or other actors linked to the campaign.

ID Actor Confidence
1 xHunt High
2 Exotic Lily High
3 Bumblebee High
4 ... ...

There are 1 more actor items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of BumbleBee.

ID IP address Hostname Actor Confidence
1 1.32.39.22 - Bumblebee High
2 1.39.166.217 1-39-166-217.live.vodafone.in Bumblebee High
3 2.97.24.126 host-2-97-24-126.as13285.net Bumblebee High
4 2.190.89.140 - Bumblebee High
5 2.211.111.213 dynamic-002-211-111-213.2.211.pool.telefonica.de Bumblebee High
6 3.85.198.66 ec2-3-85-198-66.compute-1.amazonaws.com Bumblebee Medium
7 3.144.143.242 ec2-3-144-143-242.us-east-2.compute.amazonaws.com Bumblebee Medium
8 3.172.226.46 - Bumblebee High
9 4.165.175.212 - Bumblebee High
10 5.152.80.211 - Bumblebee High
11 5.239.33.172 - Bumblebee High
12 6.30.139.246 - Bumblebee High
13 6.249.22.42 - Bumblebee High
14 7.233.9.154 - Bumblebee High
15 8.12.181.20 - Bumblebee High
16 9.63.15.101 - Bumblebee High
17 9.240.112.25 - Bumblebee High
18 10.28.17.62 - Bumblebee High
19 11.1.201.27 - Bumblebee High
20 12.75.186.131 131.newark-21-23rs.nj.dial-access.att.net Bumblebee High
21 12.115.36.174 - Bumblebee High
22 12.153.80.238 - Bumblebee High
23 12.202.229.195 - Bumblebee High
24 12.236.242.155 - Bumblebee High
25 13.2.200.200 - Bumblebee High
26 13.218.205.215 - Bumblebee High
27 14.7.69.141 - Bumblebee High
28 14.40.68.19 - Bumblebee High
29 14.102.170.127 cache-ipnet01.nexlogic.ph Bumblebee High
30 14.155.143.74 - Bumblebee High
31 14.163.179.250 static.vnpt.vn Bumblebee High
32 15.209.19.148 - Bumblebee High
33 18.8.71.243 - Bumblebee High
34 18.127.96.221 - Bumblebee High
35 19.32.56.182 - Bumblebee High
36 19.71.13.153 - Bumblebee High
37 20.150.149.28 - Bumblebee High
38 21.21.141.32 - Bumblebee High
39 21.29.238.98 - Bumblebee High
40 21.175.22.99 - Bumblebee High
41 21.246.85.34 - Bumblebee High
42 22.83.186.45 - Bumblebee High
43 22.175.0.90 - Bumblebee High
44 23.81.246.187 - Bumblebee High
45 23.82.19.208 - Bumblebee High
46 23.82.140.133 - Bumblebee High
47 23.82.141.184 - Bumblebee High
48 23.83.133.1 v327.er01.dal.ubiquity.io Bumblebee High
49 23.83.133.182 - Bumblebee High
50 23.83.133.216 - Bumblebee High
51 23.83.134.110 - Bumblebee High
52 23.83.134.136 - Bumblebee High
53 23.92.127.18 - xHunt High
54 23.106.160.39 - Bumblebee High
55 23.106.160.120 - Bumblebee High
56 23.106.215.123 - Bumblebee High
57 23.108.57.13 - Bumblebee High
58 23.227.198.217 23-227-198-217.static.hvvc.us Bumblebee High
59 23.254.201.97 hwsrv-974106.hostwindsdns.com Bumblebee High
60 23.254.202.59 hwsrv-987701.hostwindsdns.com Bumblebee High
61 23.254.217.20 hwsrv-984041.hostwindsdns.com Bumblebee High
62 23.254.217.222 hwsrv-976272.hostwindsdns.com Bumblebee High
63 23.254.227.144 hwsrv-982332.hostwindsdns.com Bumblebee High
64 23.254.229.131 ruth.gobuddy.info Bumblebee High
65 24.4.68.32 c-24-4-68-32.hsd1.ca.comcast.net Bumblebee High
66 24.57.185.167 d24-57-185-167.home.cgocable.net Bumblebee High
67 24.121.25.160 24-121-25-160.sdoncmtk01.com.dyn.suddenlink.net Bumblebee High
68 25.5.198.104 - Bumblebee High
69 25.170.215.18 - Bumblebee High
70 25.181.64.39 - Bumblebee High
71 26.6.83.53 - Bumblebee High
72 28.11.143.222 - Bumblebee High
73 28.53.120.108 - Bumblebee High
74 28.107.38.196 - Bumblebee High
75 28.148.236.16 - Bumblebee High
76 29.64.0.111 - Bumblebee High
77 29.122.243.158 - Bumblebee High
78 30.17.4.146 - Bumblebee High
79 30.65.48.152 - Bumblebee High
80 30.205.76.70 - Bumblebee High
81 31.228.253.114 - Bumblebee High
82 32.181.245.23 - Bumblebee High
83 33.93.97.183 - Bumblebee High
84 33.145.184.132 - Bumblebee High
85 34.229.154.31 ec2-34-229-154-31.compute-1.amazonaws.com Bumblebee Medium
86 35.120.155.220 - Bumblebee High
87 36.110.58.103 103.58.110.36.static.bjtelecom.net Bumblebee High
88 37.64.220.2 2.220.64.37.rev.sfr.net Bumblebee High
89 37.72.174.9 emailmail.org.uk Bumblebee High
90 37.72.174.23 37-72-174-23.static.hvvc.us Bumblebee High
91 37.120.198.248 - Bumblebee High
92 38.12.57.131 - Bumblebee High
93 39.57.152.217 - Bumblebee High
94 40.72.17.141 - Bumblebee High
95 41.28.188.77 vc-gp-s-41-28-188-77.umts.vodacom.co.za Bumblebee High
96 41.56.181.200 - Bumblebee High
97 45.3.236.177 045-003-236-177.biz.spectrum.com Bumblebee High
98 45.11.19.224 - Bumblebee High
99 45.66.151.155 - Bumblebee High
100 45.84.0.13 vm523902.stark-industries.solutions Bumblebee High
101 45.138.172.246 - Bumblebee High
102 45.140.146.30 vm542320.stark-industries.solutions Bumblebee High
103 45.140.146.244 - Bumblebee High
104 45.142.214.120 vm516885.stark-industries.solutions Bumblebee High
105 45.142.214.167 - Bumblebee High
106 45.147.229.23 - Bumblebee High
107 45.147.229.50 - Bumblebee High
108 45.147.229.101 - Bumblebee High
109 45.147.229.177 - Bumblebee High
110 45.147.229.199 - Bumblebee High
111 45.147.231.107 - Bumblebee High
112 45.147.231.202 - Bumblebee High
113 45.153.240.139 - Bumblebee High
114 45.153.241.187 - Bumblebee High
115 45.153.241.234 - Bumblebee High
116 46.21.153.145 145.153.21.46.static.swiftway.net Bumblebee High
117 46.44.240.53 46-44-240-53.ip.welcomeitalia.it Bumblebee High
118 46.246.3.253 - xHunt High
119 46.246.3.254 - xHunt High
120 47.27.63.45 047-027-063-045.res.spectrum.com Bumblebee High
121 47.58.200.234 47-58-200-234.red-acceso.airtel.net Bumblebee High
122 48.165.175.199 - Bumblebee High
123 48.209.106.172 - Bumblebee High
124 ... ... ... ...

There are 492 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used within BumbleBee. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-22, CWE-23, CWE-29, CWE-36, CWE-37 Pathname Traversal High
2 T1040 CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94, CWE-1321 Cross Site Scripting High
5 ... ... ... ...

There are 17 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during BumbleBee. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /?p=products Medium
2 File /admin-ajax.php?action=eps_redirect_save High
3 File /admin/?page=reminders/view_reminder High
4 File /admin/cashadvance_row.php High
5 File /admin/categories/manage_category.php High
6 File /admin/categories/view_category.php High
7 File /admin/curriculum/view_curriculum.php High
8 File /admin/departments/view_department.php High
9 File /admin/index.php High
10 File /admin/inquiries/view_inquiry.php High
11 File /admin/inventory/manage_stock.php High
12 File /admin/maintenance/manage_category.php High
13 File /admin/maintenance/view_designation.php High
14 File /admin/manage_academic.php High
15 File /admin/mechanics/manage_mechanic.php High
16 File /admin/offenses/view_details.php High
17 File /admin/orders/update_status.php High
18 File /admin/products/manage_product.php High
19 File /admin/products/view_product.php High
20 File /admin/reminders/manage_reminder.php High
21 File /admin/report/index.php High
22 File /admin/sales/manage_sale.php High
23 File /admin/sales/view_details.php High
24 File /admin/services/manage_service.php High
25 File /admin/service_requests/manage_inventory.php High
26 File /admin/students/view_details.php High
27 File /admin/suppliers/view_details.php High
28 File /admin/user/manage_user.php High
29 File /admin/userprofile.php High
30 File /api/admin/store/product/list High
31 File /api/geojson Medium
32 File /cgi-bin/DownloadFlash High
33 File /cgi-bin/kerbynet High
34 File /cgi-bin/wlogin.cgi High
35 File /classes/Login.php High
36 File /classes/Master.php High
37 File /classes/Master.php?f=delete_img High
38 ... ... ...

There are 326 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the campaign and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!