Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-07-05 18:01:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
ba159a068d
cyber_threat_intelligence/actors/Serbia Unknown/README.md
Marc Ruef ba159a068d Update
2023-01-13 23:50:29 +01:00

13 KiB
Raw Blame History

Serbia Unknown - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Serbia Unknown. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.serbia_unknown

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Serbia Unknown:

There are 27 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Serbia Unknown.

ID IP address Hostname Campaign Confidence
1 5.22.160.0 - - High
2 5.57.72.0 - - High
3 5.62.61.132 r-132-61-62-5.consumer-pool.prcdn.net - High
4 5.62.63.112 r-112-63-62-5.consumer-pool.prcdn.net - High
5 5.132.153.0 - - High
6 5.134.104.0 - - High
7 5.154.225.0 - - High
8 5.172.32.0 ip-5-172-32-0.oriontelekom.rs - High
9 5.175.149.128 - - High
10 5.183.24.0 - - High
11 5.252.236.0 - - High
12 8.44.1.0 - - High
13 24.135.0.0 cable-24-135-0-0.dynamic.sbb.rs - High
14 31.14.33.0 - - High
15 37.18.184.0 - - High
16 37.19.104.0 - - High
17 37.35.8.0 - - High
18 37.46.115.0 rs.as51430.net - High
19 37.77.168.0 - - High
20 37.120.193.0 - - High
21 37.153.174.0 - - High
22 37.220.64.0 - - High
23 43.113.225.128 - - High
24 45.10.48.0 - - High
25 45.12.70.191 bay0-mc2-f-bay0.alltieinc.com - High
26 45.12.71.191 - - High
27 45.15.44.0 - - High
28 45.80.132.0 host-45-80-132-0.superhosting.rs - High
29 45.86.56.0 - - High
30 45.130.112.0 - - High
31 45.130.124.0 - - High
32 45.158.16.0 - - High
33 46.16.104.0 - - High
34 46.17.120.0 - - High
35 46.17.144.0 cable-46-17-144-0.dynamic.kdsinter.net - High
36 46.19.229.128 - - High
37 46.22.144.0 - - High
38 46.40.0.0 - - High
39 46.151.120.0 - - High
40 46.151.128.0 - - High
41 46.163.59.0 - - High
42 46.174.96.0 - - High
43 46.235.96.0 dynamic-46-235-96-0.cpe.sn.co.rs - High
44 46.240.128.0 - - High
45 62.4.112.0 - - High
46 62.67.184.224 - - High
47 62.108.96.0 - - High
48 62.182.152.0 - - High
49 62.193.128.0 - - High
50 62.240.0.0 - - High
51 63.169.158.38 - - High
52 63.246.142.0 - - High
53 77.46.128.0 - - High
54 77.67.111.216 - - High
55 77.74.248.0 - - High
56 77.105.0.0 - - High
57 77.243.16.0 - - High
58 77.247.100.0 - - High
59 77.247.200.0 - - High
60 77.247.249.0 - - High
61 77.247.250.0 - - High
62 77.247.255.0 - - High
63 78.24.104.0 - - High
64 78.30.128.0 - - High
65 78.109.96.0 - - High
66 79.101.0.0 - - High
67 79.110.144.0 - - High
68 79.170.112.0 - - High
69 79.175.64.0 79-175-64-0.adsl-a-1.sezampro.rs - High
70 80.70.240.0 - - High
71 80.74.160.0 - - High
72 80.93.224.0 - - High
73 80.240.144.0 - - High
74 80.243.232.0 - - High
75 81.17.230.0 - - High
76 81.18.48.0 IP-48-0.zapadbanka.me - High
77 81.24.240.0 - - High
78 82.117.192.0 - - High
79 82.208.192.0 - - High
80 82.214.81.0 c82-214-81-0.loc.akton.net - High
81 82.214.82.0 c82-214-82-0.loc.akton.net - High
82 82.214.86.0 c82-214-86-0.loc.akton.net - High
83 82.214.88.0 c82-214-88-0.loc.akton.net - High
84 82.214.126.0 - - High
85 84.22.32.0 - - High
86 84.22.40.0 - - High
87 84.22.44.0 - - High
88 84.22.46.0 - - High
89 84.22.48.0 - - High
90 84.22.56.0 - - High
91 84.22.60.0 - - High
92 84.22.62.0 - - High
93 84.22.62.128 - - High
94 ... ... ... ...

There are 373 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Serbia Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23 Pathname Traversal High
2 T1040 CWE-294 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 18 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Serbia Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .github/workflows/combine-prs.yml High
2 File .htaccess Medium
3 File /Admin/add-student.php High
4 File /admin/api/admin/articles/ High
5 File /admin/conferences/list/ High
6 File /admin/edit_admin_details.php?id=admin High
7 File /admin/generalsettings.php High
8 File /Admin/login.php High
9 File /admin/payment.php High
10 File /admin/reports.php High
11 File /admin/showbad.php High
12 File /api/user/password/sent-reset-email High
13 File /apilog.php Medium
14 File /appliance/users?action=edit High
15 File /cgi-bin/kerbynet High
16 File /cgi-bin/wlogin.cgi High
17 File /client.php Medium
18 File /connectors/index.php High
19 File /DocSystem/Repos/getReposAllUsers.do High
20 File /face-recognition-php/facepay-master/camera.php High
21 File /forum/away.php High
22 File /goform/Diagnosis High
23 File /hrm/employeeadd.php High
24 File /hrm/employeeview.php High
25 File /index.php Medium
26 File /index.php/purchase_order/browse_data High
27 File /Items/*/RemoteImages/Download High
28 File /items/view_item.php High
29 File /jsoa/hntdCustomDesktopActionContent High
30 File /lists/admin/ High
31 File /lookin/info Medium
32 File /MagickCore/image.c High
33 File /manager/index.php High
34 File /medical/inventories.php High
35 File /modules/profile/index.php High
36 File /modules/projects/vw_files.php High
37 File /modules/public/calendar.php High
38 File /newsDia.php Medium
39 File /out.php Medium
40 File /pms/update_patient.php High
41 File /print.php Medium
42 File /proxy Low
43 File /public/launchNewWindow.jsp High
44 File /Redcock-Farm/farm/category.php High
45 File /reports/rwservlet High
46 File /sacco_shield/manage_user.php High
47 File /spip.php Medium
48 File /sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072 High
49 File /staff/bookdetails.php High
50 File /TeleoptiWFM/Administration/GetOneTenant High
51 File /user/update_booking.php High
52 File /WEB-INF/web.xml High
53 File /Wedding-Management-PHP/admin/photos_add.php High
54 File /wordpress/wp-admin/options-general.php High
55 File /wp-content/plugins/woocommerce/templates/emails/plain/ High
56 File AbstractScheduleJob.java High
57 File actionphp/download.File.php High
58 File AdClass.php Medium
59 ... ... ...

There are 512 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!