Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/Bumblebee/README.md

38 KiB
Raw Blame History

BumbleBee - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as BumbleBee. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.bumblebee

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BumbleBee:

There are 4 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of BumbleBee.

ID IP address Hostname Campaign Confidence
1 0.151.228.146 - - High
2 0.208.210.72 - - High
3 1.32.39.22 - - High
4 1.39.166.217 1-39-166-217.live.vodafone.in - High
5 2.50.39.29 bba-2-50-39-29.alshamil.net.ae - High
6 2.56.10.16 - - High
7 2.97.24.126 host-2-97-24-126.as13285.net - High
8 2.100.7.120 host-2-100-7-120.as13285.net - High
9 2.126.13.36 027e0d24.bb.sky.com - High
10 2.190.89.140 - - High
11 2.211.111.213 dynamic-002-211-111-213.2.211.pool.telefonica.de - High
12 2.240.132.127 dynamic-002-240-132-127.2.240.pool.telefonica.de - High
13 3.85.198.66 ec2-3-85-198-66.compute-1.amazonaws.com - Medium
14 3.144.143.242 ec2-3-144-143-242.us-east-2.compute.amazonaws.com - Medium
15 3.172.226.46 - - High
16 3.215.24.1 ec2-3-215-24-1.compute-1.amazonaws.com - Medium
17 4.13.210.199 - - High
18 4.165.175.212 - - High
19 4.177.13.86 - - High
20 4.236.88.115 - - High
21 5.45.54.50 - - High
22 5.53.19.66 dhcp-66-19-53-5.metrosg.ru - High
23 5.141.46.137 - - High
24 5.152.80.211 - - High
25 5.237.231.132 - - High
26 5.239.33.172 - - High
27 6.10.249.12 - - High
28 6.30.139.246 - - High
29 6.249.22.42 - - High
30 7.12.29.221 - - High
31 7.71.244.186 - - High
32 7.233.9.154 - - High
33 8.12.181.20 - - High
34 8.76.233.176 - - High
35 8.126.95.33 - - High
36 8.219.132.142 - - High
37 8.222.182.83 - - High
38 8.222.227.103 - - High
39 8.253.171.67 - - High
40 9.63.15.101 - - High
41 9.240.112.25 - - High
42 10.28.17.62 - - High
43 11.1.201.27 - - High
44 12.75.186.131 131.newark-21-23rs.nj.dial-access.att.net - High
45 12.115.36.174 - - High
46 12.153.80.238 - - High
47 12.194.222.34 - - High
48 12.202.229.195 - - High
49 12.236.242.155 - - High
50 13.2.200.200 - - High
51 13.218.205.215 - - High
52 13.234.171.104 ec2-13-234-171-104.ap-south-1.compute.amazonaws.com - Medium
53 14.7.69.141 - - High
54 14.11.77.37 M014011077037.v4.enabler.ne.jp - High
55 14.40.68.19 - - High
56 14.63.191.213 - - High
57 14.102.170.127 cache-ipnet01.nexlogic.ph - High
58 14.128.51.19 - - High
59 14.155.143.74 - - High
60 14.163.179.250 static.vnpt.vn - High
61 14.195.237.81 static-81.237.195.14-tataidc.co.in - High
62 15.209.19.148 - - High
63 15.248.60.137 - - High
64 16.86.113.88 - - High
65 16.249.204.133 - - High
66 17.29.249.188 - - High
67 17.147.212.14 - - High
68 18.8.71.243 - - High
69 18.127.96.221 - - High
70 18.141.105.98 ec2-18-141-105-98.ap-southeast-1.compute.amazonaws.com - Medium
71 18.151.45.13 - - High
72 18.210.196.217 ec2-18-210-196-217.compute-1.amazonaws.com - Medium
73 19.32.56.182 - - High
74 19.71.13.153 - - High
75 19.128.78.21 - - High
76 20.22.18.80 - - High
77 20.150.149.28 - - High
78 21.21.141.32 - - High
79 21.29.238.98 - - High
80 21.175.22.99 - - High
81 21.246.85.34 - - High
82 22.39.164.0 - - High
83 22.83.186.45 - - High
84 22.175.0.90 - - High
85 22.252.18.49 - - High
86 23.19.58.176 i58.176.lofame.net - High
87 23.19.58.212 - - High
88 23.19.58.251 - - High
89 23.29.115.164 23-29-115-164.static.hvvc.us - High
90 23.29.115.172 23-29-115-172.static.hvvc.us - High
91 23.81.246.17 - - High
92 23.81.246.22 - - High
93 23.81.246.171 - - High
94 23.81.246.187 - - High
95 23.81.246.205 - - High
96 23.82.19.119 - - High
97 23.82.19.208 - - High
98 23.82.128.11 - - High
99 23.82.128.116 - - High
100 23.82.128.127 - - High
101 23.82.128.149 - - High
102 23.82.140.14 - - High
103 23.82.140.100 - - High
104 23.82.140.133 - - High
105 23.82.140.155 - - High
106 23.82.140.180 - - High
107 23.82.141.11 - - High
108 23.82.141.184 - - High
109 23.82.141.185 - - High
110 23.83.133.1 v327.er01.dal.ubiquity.io - High
111 23.83.133.13 - - High
112 23.83.133.182 - - High
113 23.83.133.215 - - High
114 23.83.133.216 - - High
115 23.83.134.110 - - High
116 23.83.134.133 - - High
117 23.83.134.136 - - High
118 23.88.117.246 static.246.117.88.23.clients.your-server.de - High
119 23.106.124.23 - - High
120 23.106.124.154 - - High
121 23.106.160.33 - - High
122 23.106.160.39 - - High
123 23.106.160.40 - - High
124 23.106.160.52 - - High
125 23.106.160.82 - - High
126 23.106.160.112 - - High
127 23.106.160.117 - - High
128 23.106.160.120 - - High
129 23.106.160.137 - - High
130 23.106.160.141 - - High
131 23.106.215.45 - - High
132 23.106.215.60 - - High
133 23.106.215.82 - - High
134 23.106.215.123 - - High
135 23.106.215.133 - - High
136 23.106.215.141 - - High
137 23.106.215.165 zootech.click - High
138 23.106.215.225 - - High
139 23.106.215.230 - - High
140 23.106.215.233 - - High
141 23.106.223.1 - - High
142 23.106.223.14 - - High
143 23.106.223.130 - - High
144 23.106.223.144 - - High
145 23.106.223.182 - - High
146 23.106.223.197 - - High
147 23.106.223.209 - - High
148 23.106.223.219 - - High
149 23.106.223.222 - - High
150 23.108.57.5 - - High
151 23.108.57.13 - - High
152 23.108.57.29 - - High
153 23.108.57.57 tuks.net - High
154 23.108.57.59 - - High
155 23.108.57.65 - - High
156 23.108.57.66 - - High
157 23.108.57.79 - - High
158 23.108.57.87 - - High
159 23.108.57.161 - - High
160 23.108.57.200 - - High
161 23.108.57.201 - - High
162 23.108.57.250 - - High
163 23.136.208.76 - - High
164 23.227.198.195 multiatom.com - High
165 23.227.198.217 23-227-198-217.static.hvvc.us - High
166 23.227.198.241 23-227-198-241.static.hvvc.us - High
167 23.227.202.179 trackvous.com - High
168 23.227.203.120 23-227-203-120.static.hvvc.us - High
169 23.229.117.229 - - High
170 23.254.142.159 client-23-254-142-159.hostwindsdns.com - High
171 23.254.161.46 hwsrv-1063022.hostwindsdns.com - High
172 23.254.167.63 hwsrv-1063920.hostwindsdns.com - High
173 23.254.167.143 client-23-254-167-143.hostwindsdns.com - High
174 23.254.201.97 hwsrv-974106.hostwindsdns.com - High
175 23.254.202.59 hwsrv-987701.hostwindsdns.com - High
176 23.254.204.109 client-23-254-204-109.hostwindsdns.com - High
177 23.254.204.210 hwsrv-1046249.hostwindsdns.com - High
178 23.254.217.20 hwsrv-984041.hostwindsdns.com - High
179 23.254.217.222 hwsrv-976272.hostwindsdns.com - High
180 23.254.224.200 hwsrv-1001143.hostwindsdns.com - High
181 23.254.225.130 hwsrv-1067630.hostwindsdns.com - High
182 23.254.225.249 client-23-254-225-249.hostwindsdns.com - High
183 23.254.227.53 hwsrv-1057942.hostwindsdns.com - High
184 23.254.227.144 hwsrv-982332.hostwindsdns.com - High
185 23.254.229.131 ruth.gobuddy.info - High
186 23.254.229.210 tigern.throwbackdinos.com - High
187 23.254.247.48 hwsrv-1063028.hostwindsdns.com - High
188 24.4.68.32 c-24-4-68-32.hsd1.ca.comcast.net - High
189 24.57.185.167 d24-57-185-167.home.cgocable.net - High
190 24.121.25.160 24-121-25-160.sdoncmtk01.com.dyn.suddenlink.net - High
191 24.183.132.242 024-183-132-242.res.spectrum.com - High
192 25.5.198.104 - - High
193 25.131.252.242 - - High
194 25.169.42.242 - - High
195 25.170.215.18 - - High
196 25.181.64.39 - - High
197 26.6.83.53 - - High
198 27.31.180.123 - - High
199 28.11.143.222 - - High
200 28.23.200.103 - - High
201 28.53.120.108 - - High
202 28.107.38.196 - - High
203 28.148.236.16 - - High
204 28.183.174.200 - - High
205 29.15.120.102 - - High
206 29.64.0.111 - - High
207 29.122.243.158 - - High
208 29.203.98.166 - - High
209 30.17.4.146 - - High
210 30.65.48.152 - - High
211 30.140.193.246 - - High
212 30.205.76.70 - - High
213 30.225.24.243 - - High
214 31.135.71.34 - - High
215 31.228.253.114 - - High
216 31.232.16.192 - - High
217 32.54.188.44 - - High
218 32.181.245.23 - - High
219 33.93.97.183 - - High
220 33.145.184.132 - - High
221 33.191.119.32 - - High
222 34.1.180.202 - - High
223 34.2.221.48 - - High
224 34.34.152.166 166.152.34.34.bc.googleusercontent.com - Medium
225 34.77.116.45 45.116.77.34.bc.googleusercontent.com - Medium
226 34.119.95.6 6.95.119.34.bc.googleusercontent.com - Medium
227 34.229.154.31 ec2-34-229-154-31.compute-1.amazonaws.com - Medium
228 35.120.155.220 - - High
229 35.239.11.197 197.11.239.35.bc.googleusercontent.com - Medium
230 36.110.58.103 103.58.110.36.static.bjtelecom.net - High
231 36.150.76.13 - - High
232 36.201.196.202 - - High
233 37.1.214.72 - - High
234 37.1.214.229 - - High
235 37.28.155.36 d155036.artnet.gda.pl - High
236 37.28.156.24 d156024.artnet.gda.pl - High
237 37.28.157.29 d157029.artnet.gda.pl - High
238 37.42.62.77 - - High
239 37.64.220.2 2.220.64.37.rev.sfr.net - High
240 37.72.174.9 emailmail.org.uk - High
241 37.72.174.23 37-72-174-23.static.hvvc.us - High
242 37.120.198.248 - - High
243 37.189.74.5 bl28-74-5.dsl.telepac.pt - High
244 37.221.67.104 host001 - High
245 37.221.67.122 finese - High
246 38.12.57.131 - - High
247 38.48.147.152 - - High
248 38.180.4.165 - - High
249 38.180.25.71 - - High
250 38.180.25.111 - - High
251 39.57.152.217 - - High
252 40.47.149.113 - - High
253 40.72.17.141 - - High
254 41.7.15.180 vc-cpt-41-7-15-180.umts.vodacom.co.za - High
255 41.15.71.157 vc-gp-n-41-15-71-157.umts.vodacom.co.za - High
256 41.28.188.77 vc-gp-s-41-28-188-77.umts.vodacom.co.za - High
257 41.56.181.200 - - High
258 41.70.42.112 - - High
259 42.63.100.82 - - High
260 42.104.196.184 - - High
261 42.179.23.39 - - High
262 43.155.161.152 - - High
263 43.184.255.110 - - High
264 44.94.75.93 - - High
265 44.224.48.159 ec2-44-224-48-159.us-west-2.compute.amazonaws.com - Medium
266 45.3.236.177 045-003-236-177.biz.spectrum.com - High
267 45.11.19.70 - - High
268 45.11.19.86 - - High
269 45.11.19.208 - - High
270 45.11.19.224 - - High
271 45.11.19.252 - - High
272 45.32.37.109 45.32.37.109.vultrusercontent.com - High
273 45.61.184.8 mail.oelke.tec.br - High
274 45.61.184.24 - - High
275 45.61.184.227 MiamiTorNew1.Quetzalcoatl-relays.org - High
276 45.61.185.65 exitrelay40.medvideos-tor.org - High
277 45.61.185.227 - - High
278 45.61.186.18 - - High
279 45.61.186.51 - - High
280 45.61.187.10 45-61-187-10.ger.priv.allsafevpn.com - High
281 45.61.187.40 - - High
282 45.61.187.123 smtp20.shbgura.xyz - High
283 45.61.187.160 - - High
284 45.61.187.170 - - High
285 45.61.187.204 - - High
286 45.61.187.225 - - High
287 45.66.151.59 - - High
288 45.66.151.142 - - High
289 45.66.151.150 - - High
290 45.66.151.151 - - High
291 45.66.151.155 - - High
292 45.66.151.193 - - High
293 45.66.248.61 parts861.simplestartvideos.com - High
294 45.66.248.64 0n3reye0i0.alyanova.com - High
295 45.66.248.156 - - High
296 45.66.248.216 spam.lastmer.xyz - High
297 45.67.231.123 mihome.ru - High
298 45.67.231.151 vm1197030.stark-industries.solutions - High
299 45.84.0.13 vm523902.stark-industries.solutions - High
300 45.84.240.87 - - High
301 45.132.180.49 - - High
302 45.138.172.22 - - High
303 45.138.172.246 - - High
304 45.140.146.30 vm542320.stark-industries.solutions - High
305 45.140.146.244 - - High
306 45.141.58.37 - - High
307 45.141.58.139 galorebase.com - High
308 45.142.214.120 vm516885.stark-industries.solutions - High
309 45.142.214.167 - - High
310 45.147.229.23 - - High
311 45.147.229.47 - - High
312 45.147.229.50 - - High
313 45.147.229.101 - - High
314 45.147.229.177 - - High
315 45.147.229.199 - - High
316 45.147.229.223 - - High
317 45.147.230.179 - - High
318 45.147.230.233 - - High
319 45.147.230.245 poppuworls.club - High
320 45.147.231.107 - - High
321 45.147.231.156 - - High
322 45.147.231.202 - - High
323 45.147.231.232 - - High
324 45.150.67.154 vm1326648.stark-industries.solutions - High
325 45.153.240.56 - - High
326 45.153.240.94 - - High
327 45.153.240.139 - - High
328 45.153.240.155 - - High
329 45.153.241.19 - - High
330 45.153.241.64 - - High
331 45.153.241.120 - - High
332 45.153.241.187 - - High
333 45.153.241.209 - - High
334 45.153.241.234 - - High
335 45.153.241.245 - - High
336 45.153.242.61 - - High
337 45.153.242.100 - - High
338 45.153.242.105 - - High
339 45.153.242.183 - - High
340 45.153.242.184 - - High
341 45.153.242.242 - - High
342 45.153.243.82 - - High
343 45.153.243.93 - - High
344 45.153.243.111 - - High
345 45.153.243.126 - - High
346 45.153.243.130 - - High
347 45.153.243.222 - - High
348 46.21.153.145 145.153.21.46.static.swiftway.net - High
349 46.21.153.157 157.153.21.46.static.swiftway.net - High
350 46.21.153.246 246.153.21.46.static.swiftway.net - High
351 46.44.240.53 46-44-240-53.ip.welcomeitalia.it - High
352 46.142.186.28 28-186-142-46.pool.kielnet.net - High
353 46.142.187.27 27-187-142-46.pool.kielnet.net - High
354 46.142.187.96 96-187-142-46.pool.kielnet.net - High
355 46.214.226.37 46-214-226-37.next-gen.ro - High
356 46.240.5.92 - - High
357 46.249.38.114 - - High
358 46.249.38.141 - - High
359 47.26.53.19 047-026-053-019.res.spectrum.com - High
360 47.27.63.45 047-027-063-045.res.spectrum.com - High
361 47.58.200.234 47-58-200-234.red-acceso.airtel.net - High
362 ... ... ... ...

There are 1445 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by BumbleBee. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-22, CWE-23, CWE-36 Path Traversal High
2 T1040 CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94, CWE-1321 Argument Injection High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 20 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BumbleBee. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /admin_ping.htm High
2 File /app/index/controller/Common.php High
3 File /application/index/controller/Databasesource.php High
4 File /application/index/controller/Icon.php High
5 File /application/index/controller/Screen.php High
6 File /application/plugins/controller/Upload.php High
7 File /application/websocket/controller/Setting.php High
8 File /belegungsplan/wochenuebersicht.inc.php High
9 File /calendar/minimizer/index.php High
10 File /cgi-bin/mainfunction.cgi High
11 File /cgi-bin/nobody/VerifyCode.cgi High
12 File /cgi-bin/supervisor/PwdGrp.cgi High
13 File /cgi-bin/wlogin.cgi High
14 File /cgi.cgi Medium
15 File /core/tools/update_menu.php High
16 File /counter/index2.php High
17 File /DXR.axd Medium
18 File /forum/away.php High
19 File /general/attendance/manage/ask_duty/delete.php High
20 File /highlight/index.html High
21 File /iisadmin Medium
22 File /iissamples Medium
23 File /include/dialog/select_templets_post.php High
24 File /includes/js/admin.php High
25 File /index.php?menu=asterisk_cli High
26 File /install/ Medium
27 File /modx/manager/index.php High
28 File /php-opos/index.php High
29 File /search-result/ High
30 File /search.php Medium
31 File /server-status High
32 File /sgms/reports/scheduledreports/configure/scheduleProps.jsp High
33 File /SysInfo1.htm High
34 File /templates/header.inc.php High
35 File /useratte/userattestation.php High
36 File /webmail/ Medium
37 File /webmail/server/webmail.php High
38 ... ... ...

There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2024 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!