cyber_threat_intelligence/campaigns/DDoS Ukraine/README.md
2022-04-01 12:05:45 +02:00

7.2 KiB

DDoS Ukraine - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the campaign known as DDoS Ukraine. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DDoS Ukraine:

There are 1 more country items available. Please use our online service to access the data.

Actors

These actors are associated with DDoS Ukraine or other actors linked to the campaign.

ID Actor Confidence
1 Mirai High
2 Gafgyt High
3 Moobot High
4 ... ...

There are 1 more actor items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of DDoS Ukraine.

ID IP address Hostname Actor Confidence
1 45.61.136.130 - Mirai High
2 45.61.186.13 - Mirai High
3 46.29.166.105 - Mirai High
4 ... ... ... ...

There are 14 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used within DDoS Ukraine. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
2 T1068 CWE-264, CWE-266, CWE-284 Execution with Unnecessary Privileges High
3 T1110.001 CWE-307 Improper Restriction of Excessive Authentication Attempts High
4 ... ... ... ...

There are 5 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during DDoS Ukraine. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /about.php Medium
2 File /adherents/note.php?id=1 High
3 File /admin.php Medium
4 File /aqpg/users/login.php High
5 File /coreframe/app/content/admin/content.php High
6 File /dl/dl_print.php High
7 File /dus_en/medieninfo_detail/index.php High
8 File /etc/passwd Medium
9 File /formSetPortTr High
10 File /Hospital-Management-System-master/contact.php High
11 File /jeecg-boot/sys/common/upload High
12 File /LogoStore/search.php High
13 File /master/article.php High
14 File /members/profiles.php High
15 File /navigate/navigate_download.php High
16 File /question/ask High
17 File /rest/api/2/search High
18 File /servlet/webacc High
19 File /sitemagic/upgrade.php High
20 File /thruk/#cgi-bin/extinfo.cgi?type=2 High
21 File /tmp Low
22 File /uncpath/ Medium
23 File /userman/inbox.php High
24 File /usr/sbin/httpd High
25 File 123flashchat.php High
26 File acme_accountkeys_edit.php High
27 File additem.asp Medium
28 File addtocart.asp High
29 File admin.asp Medium
30 File admin.cropcanvas.php High
31 File admin.joomlaradiov5.php High
32 File admin.php Medium
33 File admin.webring.docs.php High
34 File admin/admin.php High
35 File admin/dashboard.php High
36 File admin/general.php High
37 File admin/inc/change_action.php High
38 File admin/index.php?id=users/action=edit/user_id=1 High
39 File admin/info.php High
40 File admin/login.asp High
41 File admin/specials.php High
42 File admin:de Medium
43 File admincp/auth/checklogin.php High
44 File admincp/auth/secure.php High
45 File administrator/index.php High
46 File admin_login.asp High
47 File advsearch_h.asp High
48 File adv_search.asp High
49 File ajax.php Medium
50 File ajax/telemetry.php High
51 File ajax_url.php Medium
52 File akocomments.php High
53 File album_portal.php High
54 File al_initialize.php High
55 File AndroidManifest.xml High
56 File anjel.index.php High
57 File annonces-p-f.php High
58 File announce.php Medium
59 File announcement.php High
60 File announcements.php High
61 File App\Manage\Controller\DownloadController.class.php High
62 File article.php Medium
63 File articles.php Medium
64 File artikel_anzeige.php High
65 File ashnews.php/ashheadlines.php High
66 File auth.php Medium
67 File authent.php4 Medium
68 File awstats.pl Medium
69 File backupmgt/getAlias.php High
70 File basket.php Medium
71 File bb_usage_stats.php High
72 File boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php High
73 File books.php Medium
74 File bridge/yabbse.inc.php High
75 File browse-category.php High
76 File browse.php Medium
77 ... ... ...

There are 673 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the campaign and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!