Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-07-05 18:01:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
d310d3c976
cyber_threat_intelligence/actors/Upatre/README.md
Marc Ruef d310d3c976 Update January 2023
2023-01-23 12:25:30 +01:00

11 KiB
Raw Blame History

Upatre - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Upatre. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.upatre

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Upatre:

There are 1 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Upatre.

ID IP address Hostname Campaign Confidence
1 3.33.152.147 a4ec4c6ea1c92e2e6.awsglobalaccelerator.com - High
2 3.64.163.50 ec2-3-64-163-50.eu-central-1.compute.amazonaws.com - Medium
3 3.114.58.184 ec2-3-114-58-184.ap-northeast-1.compute.amazonaws.com - Medium
4 5.39.73.158 dns1.rbx-3.cdn.ovh.net - High
5 5.149.250.99 - - High
6 8.248.153.254 - - High
7 8.248.155.254 - - High
8 8.253.45.239 - - High
9 8.253.45.248 - - High
10 8.253.132.120 - - High
11 15.197.142.173 a4ec4c6ea1c92e2e6.awsglobalaccelerator.com - High
12 18.207.122.59 ec2-18-207-122-59.compute-1.amazonaws.com - Medium
13 18.233.6.11 ec2-18-233-6-11.compute-1.amazonaws.com - Medium
14 23.3.13.88 a23-3-13-88.deploy.static.akamaitechnologies.com - High
15 23.3.13.154 a23-3-13-154.deploy.static.akamaitechnologies.com - High
16 23.10.206.162 a23-10-206-162.deploy.static.akamaitechnologies.com - High
17 23.46.150.40 a23-46-150-40.deploy.static.akamaitechnologies.com - High
18 23.46.150.48 a23-46-150-48.deploy.static.akamaitechnologies.com - High
19 23.46.150.72 a23-46-150-72.deploy.static.akamaitechnologies.com - High
20 23.46.238.193 a23-46-238-193.deploy.static.akamaitechnologies.com - High
21 23.46.238.194 a23-46-238-194.deploy.static.akamaitechnologies.com - High
22 23.46.238.232 a23-46-238-232.deploy.static.akamaitechnologies.com - High
23 23.62.6.161 a23-62-6-161.deploy.static.akamaitechnologies.com - High
24 23.196.74.222 a23-196-74-222.deploy.static.akamaitechnologies.com - High
25 23.199.63.11 a23-199-63-11.deploy.static.akamaitechnologies.com - High
26 23.199.63.83 a23-199-63-83.deploy.static.akamaitechnologies.com - High
27 23.218.129.107 a23-218-129-107.deploy.static.akamaitechnologies.com - High
28 23.221.72.10 a23-221-72-10.deploy.static.akamaitechnologies.com - High
29 23.221.72.27 a23-221-72-27.deploy.static.akamaitechnologies.com - High
30 23.253.126.58 - - High
31 24.19.25.40 c-24-19-25-40.hsd1.wa.comcast.net - High
32 24.33.131.116 cpe-24-33-131-116.cinci.res.rr.com - High
33 24.148.217.188 - - High
34 24.220.92.193 24-220-92-193-dynamic.midco.net - High
35 24.240.107.12 024-240-107-012.res.spectrum.com - High
36 31.31.196.102 server139.hosting.reg.ru - High
37 34.97.69.225 225.69.97.34.bc.googleusercontent.com - Medium
38 34.102.136.180 180.136.102.34.bc.googleusercontent.com - Medium
39 34.117.59.81 81.59.117.34.bc.googleusercontent.com - Medium
40 35.208.217.200 200.217.208.35.bc.googleusercontent.com - Medium
41 35.214.107.94 94.107.214.35.bc.googleusercontent.com - Medium
42 37.0.8.235 - - High
43 37.0.10.214 - - High
44 37.0.10.236 - - High
45 37.0.11.8 - - High
46 37.57.144.177 177.144.57.37.triolan.net - High
47 37.58.63.231 - - High
48 38.65.142.12 - - High
49 38.123.202.3 - - High
50 ... ... ... ...

There are 198 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Upatre. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-22 Pathname Traversal High
2 T1059 CWE-94 Cross Site Scripting High
3 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
4 ... ... ... ...

There are 4 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Upatre. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File drivers/media/video/videobuf-vmalloc.c High
2 File FileDownload.jsp High
3 File forumrunner/includes/moderation.php High
4 ... ... ...

There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2023 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!