Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-30 19:03:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
ba159a068d
cyber_threat_intelligence/actors/Latvia Unknown
History
Marc Ruef ba159a068d Update
2023-01-13 23:50:29 +01:00
..
README.md Update 2023-01-13 23:50:29 +01:00

README.md

Latvia Unknown - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Latvia Unknown. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.latvia_unknown

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Latvia Unknown:

There are 20 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Latvia Unknown.

ID IP address Hostname Campaign Confidence
1 2.58.16.0 - - High
2 5.44.216.0 subnet.camelhost.lv - High
3 5.45.44.0 - - High
4 5.62.60.212 r-212-60-62-5.consumer-pool.prcdn.net - High
5 5.62.62.204 r-204-62-62-5.consumer-pool.prcdn.net - High
6 5.62.154.0 - - High
7 5.101.220.128 - - High
8 5.152.224.0 - - High
9 5.179.0.0 - - High
10 5.180.45.0 0.45-180-5.rdns.scalabledns.com - High
11 8.40.29.0 - - High
12 31.6.23.0 - - High
13 31.24.192.0 - - High
14 31.42.80.0 - - High
15 31.170.16.0 - - High
16 37.148.168.0 - - High
17 37.203.32.0 rev-37-203-32-0.deac.net - High
18 37.209.160.0 - - High
19 45.12.70.136 vm0-static.alltieinc.com - High
20 45.12.71.136 - - High
21 45.13.96.0 - - High
22 45.65.124.0 45-65-124-0.kvantanetas.com - High
23 45.80.42.1 - - High
24 45.80.52.0 - - High
25 45.128.44.0 - - High
26 45.130.148.0 - - High
27 46.19.144.0 - - High
28 46.19.200.0 - - High
29 46.23.32.0 - - High
30 46.28.56.0 - - High
31 46.109.0.0 - - High
32 46.183.216.0 - - High
33 57.87.144.0 - - High
34 62.63.128.0 - - High
35 62.84.0.0 - - High
36 62.85.0.0 - - High
37 62.122.16.0 - - High
38 62.128.107.0 - - High
39 62.205.192.0 - - High
40 64.64.105.120 - - High
41 77.38.128.0 r0-128-38-77-broadband.btv.lv - High
42 77.93.0.0 balticom-0-0.balticom.lv - High
43 77.219.0.0 m77-219-0-0.cust.tele2.lv - High
44 77.240.244.0 77-240-244-0.csc.lv - High
45 77.241.160.0 - - High
46 78.28.192.0 - - High
47 78.84.0.0 - - High
48 78.154.128.0 - - High
49 79.132.64.0 r0-64-132-79-broadband.btv.lv - High
50 79.135.128.0 0.128.135.79.microlines.lv - High
51 80.70.16.0 - - High
52 80.81.32.0 - - High
53 80.89.72.0 host-80-89-72-0.lmt.lv - High
54 80.90.0.0 ip-80-90-0-0.ax5z.com - High
55 80.232.128.0 - - High
56 80.233.128.0 - - High
57 80.246.31.0 - - High
58 80.250.48.0 - - High
59 80.254.208.0 r0-208-254-80-broadband.btv.lv - High
60 80.255.224.0 - - High
61 81.31.196.0 - - High
62 81.92.27.248 - - High
63 81.94.224.0 rev-81-94-224-0.deac.net - High
64 81.163.72.0 - - High
65 81.198.0.0 - - High
66 82.193.64.0 balticom-64-0.balticom.lv - High
67 83.99.128.0 balticom-128-0.balticom.lv - High
68 83.136.136.0 - - High
69 83.176.130.0 m83-176-130-0.cust.tele2.hr - High
70 83.176.148.0 m83-176-148-0.cust.tele2.hr - High
71 83.176.152.0 m83-176-152-0.cust.tele2.hr - High
72 83.177.128.0 m83-177-128-0.cust.tele2.lv - High
73 83.177.168.0 s83-177-168-0.cust.comviq.se - High
74 83.177.176.1 s83-177-176-1.cust.comviq.se - High
75 83.177.176.2 s83-177-176-2.cust.comviq.se - High
76 83.177.176.4 s83-177-176-4.cust.comviq.se - High
77 83.177.176.8 s83-177-176-8.cust.comviq.se - High
78 83.177.176.16 s83-177-176-16.cust.comviq.se - High
79 83.177.176.32 s83-177-176-32.cust.comviq.se - High
80 83.177.176.64 s83-177-176-64.cust.comviq.se - High
81 83.177.176.128 s83-177-176-128.cust.comviq.se - High
82 83.177.177.0 s83-177-177-0.cust.comviq.se - High
83 83.177.178.0 s83-177-178-0.cust.comviq.se - High
84 83.177.180.0 s83-177-180-0.cust.comviq.se - High
85 83.177.184.0 s83-177-184-0.cust.comviq.se - High
86 83.177.188.0 s83-177-188-0.cust.comviq.se - High
87 83.177.188.128 s83-177-188-128.cust.comviq.se - High
88 83.177.188.160 s83-177-188-160.cust.comviq.se - High
89 83.177.188.162 s83-177-188-162.cust.comviq.se - High
90 83.177.188.164 s83-177-188-164.cust.comviq.se - High
91 83.177.188.168 s83-177-188-168.cust.comviq.se - High
92 83.177.188.176 s83-177-188-176.cust.comviq.se - High
93 83.177.188.192 s83-177-188-192.cust.comviq.se - High
94 83.177.189.0 s83-177-189-0.cust.comviq.se - High
95 83.177.190.0 s83-177-190-0.cust.comviq.se - High
96 83.178.188.0 - - High
97 83.178.206.0 - - High
98 83.178.228.0 - - High
99 83.187.152.0 - - High
100 ... ... ... ...

There are 396 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Latvia Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23 Pathname Traversal High
2 T1040 CWE-294, CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94, CWE-1321 Cross Site Scripting High
5 ... ... ... ...

There are 18 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Latvia Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .github/workflows/combine-prs.yml High
2 File .htaccess Medium
3 File /Admin/add-student.php High
4 File /admin/api/admin/articles/ High
5 File /admin/conferences/list/ High
6 File /admin/edit_admin_details.php?id=admin High
7 File /admin/generalsettings.php High
8 File /Admin/login.php High
9 File /admin/payment.php High
10 File /admin/reports.php High
11 File /admin/showbad.php High
12 File /admin_page/all-files-update-ajax.php High
13 File /apilog.php Medium
14 File /bsms/?page=products High
15 File /cgi-bin/kerbynet High
16 File /cgi-bin/system_mgr.cgi High
17 File /cgi-bin/wlogin.cgi High
18 File /cloud_config/router_post/check_reg_verify_code High
19 File /connectors/index.php High
20 File /dms/admin/reports/daily_collection_report.php High
21 File /DocSystem/Repos/getReposAllUsers.do High
22 File /face-recognition-php/facepay-master/camera.php High
23 File /forum/away.php High
24 File /hrm/employeeadd.php High
25 File /hrm/employeeview.php High
26 File /include/chart_generator.php High
27 File /index.php Medium
28 File /info.cgi Medium
29 File /Items/*/RemoteImages/Download High
30 File /items/view_item.php High
31 File /jsoa/hntdCustomDesktopActionContent High
32 File /lists/admin/ High
33 File /lookin/info Medium
34 File /MagickCore/image.c High
35 File /manager/index.php High
36 File /medical/inventories.php High
37 File /mgmt/tm/util/bash High
38 File /modules/profile/index.php High
39 File /modules/projects/vw_files.php High
40 File /modules/public/calendar.php High
41 File /newsDia.php Medium
42 File /out.php Medium
43 File /proxy Low
44 File /public/launchNewWindow.jsp High
45 File /Redcock-Farm/farm/category.php High
46 File /sacco_shield/manage_user.php High
47 File /spip.php Medium
48 File /sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072 High
49 File /staff/bookdetails.php High
50 File /TeleoptiWFM/Administration/GetOneTenant High
51 File /user/update_booking.php High
52 File /usr/bin/pkexec High
53 File /WEB-INF/web.xml High
54 File /Wedding-Management-PHP/admin/photos_add.php High
55 File /Wedding-Management/package_detail.php High
56 File /wordpress/wp-admin/options-general.php High
57 File /wp-content/plugins/woocommerce/templates/emails/plain/ High
58 File a2billing/customer/iridium_threed.php High
59 File AbstractScheduleJob.java High
60 File actionphp/download.File.php High
61 File AdClass.php Medium
62 ... ... ...

There are 546 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!