Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-07-05 18:01:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
ba159a068d
cyber_threat_intelligence/actors/Turkey Unknown/README.md
Marc Ruef ba159a068d Update
2023-01-13 23:50:29 +01:00

30 KiB
Raw Blame History

Turkey Unknown - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Turkey Unknown. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.turkey_unknown

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Turkey Unknown:

There are 27 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Turkey Unknown.

ID IP address Hostname Campaign Confidence
1 2.16.88.4 a2-16-88-4.deploy.static.akamaitechnologies.com - High
2 2.16.88.12 a2-16-88-12.deploy.static.akamaitechnologies.com - High
3 2.16.88.20 a2-16-88-20.deploy.static.akamaitechnologies.com - High
4 2.16.88.28 a2-16-88-28.deploy.static.akamaitechnologies.com - High
5 2.16.88.36 a2-16-88-36.deploy.static.akamaitechnologies.com - High
6 2.16.88.44 a2-16-88-44.deploy.static.akamaitechnologies.com - High
7 2.16.88.52 a2-16-88-52.deploy.static.akamaitechnologies.com - High
8 2.16.88.60 a2-16-88-60.deploy.static.akamaitechnologies.com - High
9 2.16.88.68 a2-16-88-68.deploy.static.akamaitechnologies.com - High
10 2.16.88.76 a2-16-88-76.deploy.static.akamaitechnologies.com - High
11 2.16.88.84 a2-16-88-84.deploy.static.akamaitechnologies.com - High
12 2.16.88.92 a2-16-88-92.deploy.static.akamaitechnologies.com - High
13 2.16.88.100 a2-16-88-100.deploy.static.akamaitechnologies.com - High
14 2.16.88.108 a2-16-88-108.deploy.static.akamaitechnologies.com - High
15 2.16.88.116 a2-16-88-116.deploy.static.akamaitechnologies.com - High
16 2.16.88.124 a2-16-88-124.deploy.static.akamaitechnologies.com - High
17 2.56.60.0 host-2-56-60-0.ttnetdc.com - High
18 2.56.152.0 - - High
19 2.57.188.0 - - High
20 2.58.40.0 - - High
21 2.58.124.0 - - High
22 2.58.140.0 - - High
23 2.59.116.0 - - High
24 5.2.80.0 - - High
25 5.11.128.0 - - High
26 5.23.8.0 - - High
27 5.23.16.8 - - High
28 5.23.120.0 - - High
29 5.24.0.0 - - High
30 5.44.80.0 - - High
31 5.44.144.0 - - High
32 5.46.0.0 - - High
33 5.100.156.0 - - High
34 5.104.0.0 - - High
35 5.104.72.0 - - High
36 5.132.151.0 - - High
37 5.132.152.0 - - High
38 5.133.100.0 - - High
39 5.133.124.0 - - High
40 5.159.248.0 - - High
41 5.176.0.0 - - High
42 5.180.40.0 0.40-180-5.rdns.scalabledns.com - High
43 5.180.104.0 - - High
44 5.180.176.0 - - High
45 5.180.184.0 - - High
46 5.181.16.0 - - High
47 5.181.140.0 - - High
48 5.181.212.0 - - High
49 5.182.76.0 - - High
50 5.182.204.0 - - High
51 5.182.224.0 - - High
52 5.182.244.0 - - High
53 5.183.88.0 - - High
54 5.183.112.0 - - High
55 5.188.168.0 subnet.gcore.lu - High
56 5.226.192.0 - - High
57 5.229.0.0 - - High
58 5.250.240.0 hosted.by.aysima.net - High
59 5.252.4.0 - - High
60 5.252.96.0 - - High
61 5.252.204.0 0.204.252.5.in-addr.arpa.makdos-arpa.com - High
62 5.253.140.0 - - High
63 5.253.168.0 - - High
64 5.253.220.0 - - High
65 5.253.247.0 - - High
66 5.253.248.0 - - High
67 5.254.65.9 fra-in3-01c.voxility.net - High
68 5.255.195.0 - - High
69 5.255.251.128 - - High
70 8.18.196.0 - - High
71 8.39.214.0 - - High
72 17.67.198.0 - - High
73 17.69.240.0 - - High
74 17.73.40.0 - - High
75 17.75.224.0 - - High
76 17.75.248.0 - - High
77 17.77.164.0 - - High
78 23.58.223.4 a23-58-223-4.deploy.static.akamaitechnologies.com - High
79 23.58.223.12 a23-58-223-12.deploy.static.akamaitechnologies.com - High
80 23.58.223.20 a23-58-223-20.deploy.static.akamaitechnologies.com - High
81 23.58.223.28 a23-58-223-28.deploy.static.akamaitechnologies.com - High
82 23.58.223.36 a23-58-223-36.deploy.static.akamaitechnologies.com - High
83 23.58.223.44 a23-58-223-44.deploy.static.akamaitechnologies.com - High
84 23.58.223.52 a23-58-223-52.deploy.static.akamaitechnologies.com - High
85 23.58.223.60 a23-58-223-60.deploy.static.akamaitechnologies.com - High
86 23.58.223.68 a23-58-223-68.deploy.static.akamaitechnologies.com - High
87 23.58.223.77 a23-58-223-77.deploy.static.akamaitechnologies.com - High
88 23.58.223.78 a23-58-223-78.deploy.static.akamaitechnologies.com - High
89 23.58.223.84 a23-58-223-84.deploy.static.akamaitechnologies.com - High
90 23.58.223.92 a23-58-223-92.deploy.static.akamaitechnologies.com - High
91 23.58.223.100 a23-58-223-100.deploy.static.akamaitechnologies.com - High
92 23.58.223.108 a23-58-223-108.deploy.static.akamaitechnologies.com - High
93 23.58.223.116 a23-58-223-116.deploy.static.akamaitechnologies.com - High
94 23.229.3.64 - - High
95 23.229.3.104 - - High
96 23.247.238.0 - - High
97 23.252.66.0 . - High
98 23.252.68.0 . - High
99 23.252.71.255 . - High
100 23.252.72.0 23-252-72-0.customers.wareconsult.net - High
101 23.252.76.0 . - High
102 24.133.0.0 - - High
103 31.3.0.0 - - High
104 31.6.37.0 - - High
105 31.6.38.128 - - High
106 31.6.80.0 - - High
107 31.7.32.0 - - High
108 31.14.52.0 - - High
109 31.14.75.0 - - High
110 31.25.168.0 - - High
111 31.40.196.0 - - High
112 31.40.204.0 - - High
113 31.40.220.0 - - High
114 31.40.228.0 - - High
115 31.44.106.0 lan-31-44-106-0.vln.penki.lt - High
116 31.44.192.0 - - High
117 31.140.0.0 - - High
118 31.145.0.0 - - High
119 31.155.0.0 - - High
120 31.169.64.0 - - High
121 31.176.0.0 - - High
122 31.177.128.0 - - High
123 31.186.0.0 - - High
124 31.192.208.0 - - High
125 31.200.0.0 - - High
126 31.206.0.0 - - High
127 31.207.80.0 - - High
128 31.209.96.0 - - High
129 31.209.100.0 - - High
130 31.209.104.0 - - High
131 31.210.8.0 - - High
132 31.210.32.0 static-0-32-210-31.sadecehosting.net - High
133 31.210.64.0 server-31.210.64.0.as42926.net - High
134 31.210.152.0 host-31.210.152.0.routergate.com - High
135 31.214.129.0 hosted-by.muvhost.com - High
136 31.214.152.0 hosted-by.muvhost.com - High
137 31.223.0.0 - - High
138 32.106.129.0 slip32-106-129-0.ibl.tr.prserv.net - High
139 32.106.130.0 - - High
140 34.99.192.0 0.192.99.34.bc.googleusercontent.com - Medium
141 34.103.134.0 0.134.103.34.bc.googleusercontent.com - Medium
142 34.103.208.0 0.208.103.34.bc.googleusercontent.com - Medium
143 37.9.200.0 - - High
144 37.18.96.0 37.18.96.0.ip.goknet.com.tr - High
145 37.34.0.0 - - High
146 37.44.194.0 - - High
147 37.44.228.0 - - High
148 37.58.16.0 - - High
149 37.72.48.0 0-48-72-37.gold-surf.com - High
150 37.75.8.0 - - High
151 37.77.0.0 - - High
152 37.122.136.0 37.122.136.0.dynamic-pppoe.dt.ipv4.wtnet.de - High
153 37.122.224.0 - - High
154 37.123.0.0 - - High
155 37.123.96.0 spd.net.tr - High
156 37.130.64.0 - - High
157 37.131.248.0 - - High
158 37.140.208.0 - - High
159 37.148.208.0 37-148-208-0.cizgi.net.tr - High
160 37.152.72.0 - - High
161 37.154.0.0 - - High
162 37.156.246.0 - - High
163 37.202.48.0 37-202-48-0.servers.3c1b.net - High
164 37.205.0.0 - - High
165 37.221.76.0 - - High
166 37.230.104.0 - - High
167 37.235.72.0 - - High
168 37.247.96.0 host-37-247-96-0.routergate.com - High
169 37.247.112.0 37-247-112-0.static.internetadresi.com - High
170 43.225.191.0 - - High
171 45.8.24.0 - - High
172 45.10.56.0 - - High
173 45.10.72.0 - - High
174 45.10.148.0 - - High
175 45.10.252.0 - - High
176 45.11.40.0 - - High
177 45.11.96.0 - - High
178 45.11.184.0 - - High
179 45.11.200.0 ns2.oristelekom.com - High
180 45.12.20.0 - - High
181 45.12.52.0 - - High
182 45.12.64.0 - - High
183 45.12.70.226 clung-reaper.globalhilive.com - High
184 45.12.71.226 - - High
185 45.12.84.0 - - High
186 45.14.32.0 - - High
187 45.14.80.0 - - High
188 45.67.152.0 - - High
189 45.67.232.0 0.232.67.45.in-addr.arpa.makdos-arpa.com - High
190 45.80.172.0 - - High
191 45.81.100.0 ns1.oristelekom.com - High
192 45.81.140.0 - - High
193 45.82.92.0 - - High
194 45.82.140.0 - - High
195 45.83.32.0 - - High
196 45.83.180.0 - - High
197 45.84.16.0 - - High
198 45.84.188.0 0p1nlyu.guzel.net.tr - High
199 45.86.116.0 mta-2d567400.ip4.emsmtp.us - High
200 45.88.32.0 - - High
201 45.89.48.0 - - High
202 45.89.236.0 45-89-236-0.faraso.org - High
203 45.90.148.0 - - High
204 45.91.148.0 - - High
205 45.91.252.0 - - High
206 45.93.244.0 - - High
207 45.94.4.0 - - High
208 45.94.80.0 - - High
209 45.94.148.0 0-148-94-45.ip.netbone.com.tr - High
210 45.94.212.0 - - High
211 45.94.244.0 - - High
212 45.95.48.0 - - High
213 45.123.116.0 - - High
214 45.129.120.0 - - High
215 45.130.12.0 network.bulutistan.com - High
216 45.130.156.0 - - High
217 45.131.0.0 ip.serverscity.net - High
218 45.131.112.0 - - High
219 45.131.144.0 - - High
220 45.131.196.0 hosted.dynet.net - High
221 45.133.36.0 - - High
222 45.133.40.0 - - High
223 45.133.44.0 - - High
224 45.134.192.0 45.134.192.0.not.updated.openip-cs.net - High
225 45.134.212.0 unn-45-134-212-0.datapacket.com - High
226 45.135.204.0 45.135.204.0.netspeed.com.tr - High
227 45.136.4.0 host-45.136.4.0.saga.net.tr - High
228 45.136.104.0 - - High
229 45.136.152.0 unn-45-136-152-0.datapacket.com - High
230 45.136.212.0 - - High
231 45.138.24.0 - - High
232 45.138.124.0 - - High
233 45.139.4.0 - - High
234 45.139.196.0 - - High
235 45.139.200.0 - - High
236 45.139.220.0 - - High
237 45.141.148.0 - - High
238 45.141.224.0 - - High
239 45.143.96.0 - - High
240 45.143.188.0 - - High
241 45.144.108.0 - - High
242 45.145.20.0 - - High
243 45.145.28.0 45-145-28-0.g3ns.net - High
244 45.145.156.0 - - High
245 45.147.16.0 - - High
246 45.147.44.0 host-45.147.44.0.hostinget.com - High
247 45.149.131.0 - - High
248 45.151.12.0 45-151-12-0.ip.welcomeitalia.it - High
249 45.151.64.0 45-151-64-0.ip.welcomeitalia.it - High
250 45.151.248.0 - - High
251 45.153.248.0 hermes.sendersbox.com - High
252 45.155.72.0 - - High
253 45.155.124.0 - - High
254 45.156.12.0 - - High
255 45.156.28.0 - - High
256 45.156.72.0 orbittelekom.com - High
257 45.157.244.0 - - High
258 45.158.12.0 - - High
259 45.158.136.0 static.orbittelekom.com - High
260 45.159.28.0 - - High
261 45.221.96.0 - - High
262 46.1.0.0 - - High
263 46.2.0.0 - - High
264 46.17.128.0 - - High
265 46.20.0.0 host-46-20-0-0.oxv - High
266 46.20.144.0 static.doratelekom.com - High
267 46.28.232.0 - - High
268 46.29.0.0 0.0.29.46.static.freenetsk.sk - High
269 46.30.176.0 - - High
270 46.31.76.0 protectme-ddos-LT.secureuplink.com.tr - High
271 46.31.112.0 - - High
272 46.31.144.0 - - High
273 46.34.64.0 - - High
274 46.34.90.0 - - High
275 46.45.128.0 ns1648.ztomy.com - High
276 46.102.106.0 subnet.spec.ispiria.net - High
277 46.104.0.0 - - High
278 46.106.0.0 - - High
279 46.149.160.0 - - High
280 46.154.0.0 - - High
281 46.161.57.0 - - High
282 46.182.64.0 - - High
283 46.196.0.0 - - High
284 46.221.0.0 - - High
285 46.234.0.0 - - High
286 46.235.8.0 - - High
287 46.245.160.0 - - High
288 46.252.96.0 - - High
289 46.254.48.0 46-254-48-0.aa.net.tr - High
290 57.90.240.0 - - High
291 57.94.32.0 - - High
292 57.94.64.0 - - High
293 57.94.128.0 - - High
294 62.29.0.0 - - High
295 62.108.64.0 - - High
296 62.133.44.0 - - High
297 62.182.32.0 - - High
298 62.184.58.0 - - High
299 62.184.178.96 - - High
300 62.185.166.64 - - High
301 62.186.77.0 - - High
302 62.244.192.0 - - High
303 62.248.0.0 - - High
304 ... ... ... ...

There are 1214 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Turkey Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23, CWE-28 Pathname Traversal High
2 T1055 CWE-74 Injection High
3 T1059 CWE-94, CWE-1321 Cross Site Scripting High
4 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
5 T1068 CWE-264, CWE-269, CWE-284 Execution with Unnecessary Privileges High
6 ... ... ... ...

There are 20 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Turkey Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .github/workflows/combine-prs.yml High
2 File /?admin/user.html High
3 File /about.php Medium
4 File /Admin/add-student.php High
5 File /admin/addemployee.php High
6 File /admin/api/admin/articles/ High
7 File /Admin/login.php High
8 File /admin/submit-articles High
9 File /apilog.php Medium
10 File /attachments Medium
11 File /cgi-bin/luci/api/wireless High
12 File /cgi-bin/webadminget.cgi High
13 File /cgi-bin/wlogin.cgi High
14 File /connectors/index.php High
15 File /Content/Template/root/reverse-shell.aspx High
16 File /context/%2e/WEB-INF/web.xml High
17 File /debug/pprof Medium
18 File /DocSystem/Repos/getReposAllUsers.do High
19 File /etc/hosts Medium
20 File /face-recognition-php/facepay-master/camera.php High
21 File /forum/away.php High
22 File /goform/setmac High
23 File /goform/wizard_end High
24 File /hrm/employeeadd.php High
25 File /hrm/employeeview.php High
26 File /index.php Medium
27 File /items/view_item.php High
28 File /jsoa/hntdCustomDesktopActionContent High
29 File /lookin/info Medium
30 File /manager/index.php High
31 File /medical/inventories.php High
32 File /modules/caddyhttp/rewrite/rewrite.go High
33 File /modules/profile/index.php High
34 File /modules/projects/vw_files.php High
35 File /modules/public/calendar.php High
36 File /net/nfc/netlink.c High
37 File /newsDia.php Medium
38 File /out.php Medium
39 File /php-sms/admin/orders/update_status.php High
40 File /php-sms/classes/Master.php?f=delete_product High
41 File /proxy Low
42 File /Redcock-Farm/farm/category.php High
43 File /reports/rwservlet High
44 File /sacco_shield/manage_user.php High
45 File /spip.php Medium
46 File /sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072 High
47 File /staff/bookdetails.php High
48 File /tmp Low
49 File /uncpath/ Medium
50 File /user/update_booking.php High
51 File /WebInterface/UserManager/ High
52 File /Wedding-Management-PHP/admin/photos_add.php High
53 File /wordpress/wp-admin/options-general.php High
54 File AbstractScheduleJob.java High
55 File actionphp/download.File.php High
56 File ActivityRecord.java High
57 File adclick.php Medium
58 File addtocart.asp High
59 ... ... ...

There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!