Mirrors/cyber_threat_intelligence
6
0
Fork 0
mirror of https://github.com/vuldb/cyber_threat_intelligence synced 2024-06-25 16:39:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
d8bfb92c48
cyber_threat_intelligence/actors/Zeus
History
Marc Ruef d8bfb92c48 Update
2022-03-28 13:51:27 +02:00
..
README.md Update 2022-03-28 13:51:27 +02:00

README.md

Zeus - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Zeus. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.zeus

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Zeus:

There are 25 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Zeus.

ID IP address Hostname Campaign Confidence
1 27.159.239.77 77.239.159.27.broad.pt.fj.dynamic.163data.com.cn - High
2 31.7.63.146 game.bignamegamereviewz.com - High
3 31.28.27.17 - - High
4 31.220.15.147 offsite.swanseahost.co.uk - High
5 31.220.43.72 - - High
6 37.123.99.188 sv1.jojobulten.com - High
7 37.143.11.189 hosted-by.ihc.ru - High
8 45.34.161.13 zambusing.com - High
9 46.4.150.111 static.111.150.4.46.clients.your-server.de - High
10 46.151.52.48 - - High
11 46.151.52.61 - - High
12 46.151.52.191 - - High
13 46.151.54.46 - - High
14 46.166.131.154 svr508.redium.net - High
15 46.166.145.113 . - High
16 46.183.221.240 ip-221-240.dataclub.info - High
17 58.195.1.4 - - High
18 59.157.4.2 v-59-157-4-2.ub-freebit.net - High
19 60.13.186.5 - - High
20 60.241.184.209 60-241-184-209.static.tpgi.com.au - High
21 62.14.215.109 109.215.14.62.static.jazztel.es - High
22 63.249.131.74 - - High
23 63.249.133.74 - - High
24 63.249.138.74 - - High
25 63.249.141.74 - - High
26 63.249.142.74 - - High
27 63.249.143.70 - - High
28 63.249.143.74 - - High
29 63.249.146.74 - - High
30 63.249.147.74 - - High
31 63.249.148.74 - - High
32 64.70.19.202 mailrelay.202.website.ws - High
33 64.74.223.48 - - High
34 64.85.233.8 astound-64-85-233-8.ca.astound.net - High
35 64.90.187.131 64.90.187.131.static.nyinternet.net - High
36 64.127.71.73 vcg2-4.slc1.tnltd.net - High
37 64.182.0.64 - - High
38 64.182.1.64 - - High
39 64.182.6.64 - - High
40 64.182.10.64 - - High
41 64.182.12.64 hobart2.dal01.corespace.com - High
42 64.182.13.64 - - High
43 64.182.16.64 - - High
44 64.182.17.64 - - High
45 64.182.20.64 - - High
46 64.182.215.70 - - High
47 64.182.215.73 - - High
48 ... ... ... ...

There are 187 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Zeus. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
2 T1068 CWE-250, CWE-264, CWE-266, CWE-284 Execution with Unnecessary Privileges High
3 T1110.001 CWE-307, CWE-798 Improper Restriction of Excessive Authentication Attempts High
4 ... ... ... ...

There are 6 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Zeus. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /?module=users&section=cpanel&page=list High
2 File /admin/powerline High
3 File /admin/syslog High
4 File /api/upload Medium
5 File /cgi-bin Medium
6 File /cgi-bin/kerbynet High
7 File /context/%2e/WEB-INF/web.xml High
8 File /dcim/sites/add/ High
9 File /EXCU_SHELL Medium
10 File /forum/away.php High
11 File /fudforum/adm/hlplist.php High
12 File /login Low
13 File /Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp High
14 File /monitoring Medium
15 File /new Low
16 File /objects/getImageMP4.php High
17 File /proc/<pid>/status High
18 File /public/plugins/ High
19 File /rom Low
20 File /scripts/killpvhost High
21 File /secure/admin/InsightDefaultCustomFieldConfig.jspa High
22 File /secure/QueryComponent!Default.jspa High
23 File /src/main/java/com/dotmarketing/filters/CMSFilter.java High
24 File /tmp Low
25 File /tmp/redis.ds High
26 File /uncpath/ Medium
27 File /ViewUserHover.jspa High
28 File /web/MCmsAction.java High
29 File /wp-admin Medium
30 File /wp-json/wc/v3/webhooks High
31 File 14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi High
32 File AccountManagerService.java High
33 File actions/CompanyDetailsSave.php High
34 File ActiveServices.java High
35 File ActivityManagerService.java High
36 File addlink.php Medium
37 ... ... ...

There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!