Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-30 19:03:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
d310d3c976
cyber_threat_intelligence/actors/Philippines Unknown
History
Marc Ruef ba159a068d Update
2023-01-13 23:50:29 +01:00
..
README.md Update 2023-01-13 23:50:29 +01:00

README.md

Philippines Unknown - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Philippines Unknown. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.philippines_unknown

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Philippines Unknown:

There are 24 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Philippines Unknown.

ID IP address Hostname Campaign Confidence
1 1.37.0.0 - - High
2 4.7.138.64 - - High
3 5.62.56.184 r-184-56-62-5.consumer-pool.prcdn.net - High
4 5.62.61.88 r-88-61-62-5.consumer-pool.prcdn.net - High
5 5.181.64.0 - - High
6 14.0.62.0 - - High
7 14.102.168.0 p2p-ipnet01.nexlogic.ph - High
8 27.50.0.0 - - High
9 27.106.216.0 - - High
10 27.108.0.0 - - High
11 27.109.64.0 - - High
12 27.110.128.0 - - High
13 27.111.84.0 server-0-server.ipv4.ceb02.ds.network - High
14 27.126.152.0 - - High
15 34.98.232.0 0.232.98.34.bc.googleusercontent.com - Medium
16 34.98.248.0 0.248.98.34.bc.googleusercontent.com - Medium
17 34.103.8.0 0.8.103.34.bc.googleusercontent.com - Medium
18 36.255.60.0 - - High
19 36.255.97.0 - - High
20 36.255.106.0 - - High
21 36.255.214.0 - - High
22 36.255.244.0 - - High
23 41.223.53.11 - - High
24 43.224.190.0 43-224-190-0.static.rise.as - High
25 43.226.4.0 43-226-4-0.static.rise.as - High
26 43.230.109.0 - - High
27 43.230.181.128 - - High
28 43.230.182.128 - - High
29 43.231.228.0 - - High
30 43.243.124.0 - - High
31 43.245.221.0 - - High
32 43.247.16.0 - - High
33 43.250.224.0 - - High
34 43.251.64.0 - - High
35 43.255.216.0 - - High
36 45.10.212.0 - - High
37 45.12.70.178 clinker.alltieinc.com - High
38 45.12.71.178 - - High
39 45.41.234.0 - - High
40 45.42.138.0 - - High
41 45.43.50.0 - - High
42 45.56.146.0 - - High
43 45.59.157.0 - - High
44 45.64.80.0 - - High
45 45.64.120.0 - - High
46 45.91.237.0 - - High
47 45.91.238.0 - - High
48 45.112.82.0 - - High
49 45.114.20.0 - - High
50 45.114.132.0 - - High
51 45.118.36.0 - - High
52 45.120.108.0 - - High
53 45.124.16.0 - - High
54 45.124.56.0 - - High
55 45.125.248.0 - - High
56 45.126.84.0 - - High
57 45.127.164.0 - - High
58 45.133.90.0 - - High
59 45.250.156.0 - - High
60 45.251.24.0 - - High
61 45.253.88.0 - - High
62 45.254.245.0 - - High
63 49.144.0.0 dsl.49.144.0.0.pldt.net - High
64 49.157.0.0 - - High
65 57.93.0.0 - - High
66 58.69.0.0 58.69.0.0.pldt.net - High
67 58.71.0.0 - - High
68 58.82.209.0 - - High
69 58.82.210.0 - - High
70 58.82.242.0 - - High
71 58.97.160.0 - - High
72 59.152.45.0 - - High
73 61.9.0.0 - - High
74 61.14.188.0 - - High
75 61.14.192.0 - - High
76 61.28.128.0 - - High
77 61.28.197.0 - - High
78 63.80.216.0 - - High
79 63.216.197.0 63-216-197-0.static.pccwglobal.net - High
80 63.243.182.0 - - High
81 65.49.14.166 - - High
82 65.209.192.0 - - High
83 66.198.139.0 - - High
84 66.249.82.217 google-proxy-66-249-82-217.google.com - High
85 69.41.35.0 - - High
86 69.94.98.0 - - High
87 74.80.102.0 - - High
88 82.100.184.0 - - High
89 83.150.220.0 - - High
90 85.92.152.0 - - High
91 86.106.26.0 - - High
92 86.107.102.0 - - High
93 95.87.112.0 - - High
94 101.0.22.0 - - High
95 101.0.30.0 - - High
96 101.79.147.0 - - High
97 102.168.254.254 - - High
98 103.1.116.0 - - High
99 103.3.80.0 - - High
100 103.5.0.0 - - High
101 103.5.60.0 - - High
102 103.6.96.0 - - High
103 103.6.104.0 - - High
104 103.6.181.0 - - High
105 103.6.248.0 - - High
106 103.7.146.0 - - High
107 103.7.224.0 - - High
108 103.10.152.0 - - High
109 103.10.176.0 - - High
110 103.10.200.0 - - High
111 103.10.254.0 - - High
112 103.11.40.0 - - High
113 103.11.112.0 - - High
114 103.12.88.0 - - High
115 103.13.134.0 - - High
116 103.13.184.0 - - High
117 103.14.60.0 - - High
118 103.14.194.0 - - High
119 103.16.168.0 - - High
120 103.16.253.80 - - High
121 103.17.20.0 - - High
122 103.17.248.0 - - High
123 103.18.228.0 - - High
124 103.19.16.0 - - High
125 103.19.32.0 - - High
126 103.21.12.0 - - High
127 103.21.168.0 - - High
128 103.23.96.0 - - High
129 103.24.16.0 - - High
130 103.25.176.0 ip-static.ixs.ph - High
131 103.25.198.0 - - High
132 103.26.36.0 - - High
133 103.27.122.0 - - High
134 103.27.144.0 - - High
135 103.27.228.0 - - High
136 103.27.230.128 - - High
137 103.28.202.0 - - High
138 103.29.20.0 - - High
139 103.29.250.0 - - High
140 103.29.252.0 - - High
141 103.31.252.99 svrbibmgnh.tad1ada5d.com - High
142 103.31.252.100 ribpfuqrah.tad1ada5d.com - High
143 103.31.252.104 aotawjgdzs.tad1ada5d.com - High
144 103.31.252.112 sllwswvitd.tad1ada5d.com - High
145 103.31.252.128 fcxojiogjj.tad1ada5d.com - High
146 103.31.252.192 vdzsypihnf.tad1ada5d.com - High
147 103.31.252.224 fxsjjjwpbr.tad1ada5d.com - High
148 103.31.252.226 fiehgydhje.tad1ada5d.com - High
149 103.31.253.99 prrngmvdxf.tad1ada5d.com - High
150 103.31.253.100 ooifptwzmr.tad1ada5d.com - High
151 103.31.253.104 gnuttfwovc.tad1ada5d.com - High
152 103.31.253.112 ecpisevtiu.tad1ada5d.com - High
153 103.31.253.128 rohikyjejg.tad1ada5d.com - High
154 103.31.253.130 gfabtmizcu.tad1ada5d.com - High
155 103.31.253.195 ngogknahrf.tad1ada5d.com - High
156 103.31.253.196 rvezcmdubv.tad1ada5d.com - High
157 103.31.253.200 uzlzkxrohi.tad1ada5d.com - High
158 103.31.253.208 yahainllrh.tad1ada5d.com - High
159 103.31.253.224 bhxthycedm.tad1ada5d.com - High
160 103.31.253.226 tedjpzlyke.tad1ada5d.com.253.31.103.in-addr.arpa - High
161 103.31.254.3 gguifjgubv.fdjsk4802gierdf.net - High
162 103.31.254.4 ycjlanvriw.fdjsk4802gierdf.net - High
163 ... ... ... ...

There are 648 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Philippines Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-23 Pathname Traversal High
2 T1040 CWE-294 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94, CWE-1321 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 18 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Philippines Unknown. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File .github/workflows/combine-prs.yml High
2 File .htaccess Medium
3 File /?admin/user.html High
4 File /Admin/add-student.php High
5 File /admin/addemployee.php High
6 File /admin/api/admin/articles/ High
7 File /Admin/login.php High
8 File /admin/showbad.php High
9 File /admin/subnets/ripe-query.php High
10 File /apilog.php Medium
11 File /cgi-bin/wlogin.cgi High
12 File /connectors/index.php High
13 File /DocSystem/Repos/getReposAllUsers.do High
14 File /face-recognition-php/facepay-master/camera.php High
15 File /forum/away.php High
16 File /hrm/employeeadd.php High
17 File /hrm/employeeview.php High
18 File /index.php Medium
19 File /items/view_item.php High
20 File /jsoa/hntdCustomDesktopActionContent High
21 File /lookin/info Medium
22 File /manager/index.php High
23 File /medical/inventories.php High
24 File /mkshop/Men/profile.php High
25 File /mobile/downloadfile.aspx High
26 File /modules/profile/index.php High
27 File /modules/projects/vw_files.php High
28 File /modules/public/calendar.php High
29 File /net/nfc/netlink.c High
30 File /newsDia.php Medium
31 File /out.php Medium
32 File /outgoing.php High
33 File /proxy Low
34 File /Redcock-Farm/farm/category.php High
35 File /reports/rwservlet High
36 File /sacco_shield/manage_user.php High
37 File /spip.php Medium
38 File /sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072 High
39 File /staff/bookdetails.php High
40 File /staff/delete.php High
41 File /user/update_booking.php High
42 File /Wedding-Management-PHP/admin/photos_add.php High
43 File /wordpress/wp-admin/options-general.php High
44 File /wp-content/plugins/woocommerce/templates/emails/plain/ High
45 File /_vti_pvt/access.cnf High
46 File AbstractScheduleJob.java High
47 File actionphp/download.File.php High
48 File adclick.php Medium
49 File addtocart.asp High
50 File admin.jcomments.php High
51 File admin.php Medium
52 File admin/conf_users_edit.php High
53 File admin/panels/entry/admin.entry.list.php High
54 File admin/panels/uploader/admin.uploader.php High
55 File admincp.php Medium
56 File admincp/search.php?do=dosearch High
57 File administers Medium
58 ... ... ...

There are 511 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!