Unknown Analysis
IOB - Indicator of Behavior (1000)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
Campaigns (56)
These are the campaigns that can be associated with the actor:
- Accellion FTA Webshell
- Alternate Data Streams
- Asylum Ambuscade
- BugDrop
- Canadian Banks
- Cisco
- COVID-19
- Credit Card Shop
- Cryptomining
- CVE-2017-11882
- CVE-2020-14882
- CVE-2021-25094
- CVE-2021-26855
- CVE-2021-40539
- CVE-2021-42237
- CVE-2021-44077
- CVE-2021-44228
- CVE-2022-22954 and CVE-2022-22960
- CVE-2022-26134
- Xxx-xxxx-xxxxx
- Xxx-xxxx-xxxxx
- Xxxxxxxxxxxxxx
- Xxx Xxxxxxxxx
- Xxxxxxx Xxxxxx Xxxxxxx
- Xxxxxx
- Xxxxxx Xx
- Xxxxx/xxxxxxxxxx
- Xxxxxxxxxxx Xxxxx
- Xxxxxx
- Xxxxxxxxxx
- Xxxxxxxxxx Xxx Xxxxxxxxxx
- Xxxxx
- Xxxxxxxxx
- Xxxx Xxxxxxxx Xxxx Xxx
- Xxxxxxxxx Xxxxxxxxxx
- Xxxxxxxxx Xxxxxxxx
- Xxxxxx Xxxxxxxxxxxxxx Xxxxxx
- Xxxxxxxx
- Xxxxxxxx Xxxxx-xx
- Xxxxx
- Xxxxxxxxxx
- Xxxxxx Xxxxx
- Xxxxxx
- Xxxxxx Xxx Xxxxxxx Xxxxxxxx
- Xxxx
- Xxxx Xxx-xxxx-xxxxx
- Xxxxxxxx
- Xxxx
- Xxxxxxxxxxxx
- Xxxxxx Xxxxx
- Xxxxxxx
- Xxxxxxx
- Xxxxxx
- Xxxxxx Xxxxxxxxx Xxx Xxxxxx
- Xxxxxxxxx
- Xxx
IOC - Indicator of Compromise (83376)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (22)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (322)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
| ID | Class | Indicator | Type | Confidence |
|---|---|---|---|---|
| 1 | File | %PROGRAMDATA%\Razer\Synapse3\Service\bin | predictive | High |
| 2 | File | /admin/DBbackup/ | predictive | High |
| 3 | File | /admin/tpl_edit.inc.php | predictive | High |
| 4 | File | /advanced-tools/nova/bin/netwatch | predictive | High |
| 5 | File | /appliance/users?action=edit | predictive | High |
| 6 | File | /apply.cgi | predictive | Medium |
| 7 | File | /aya/module/admin/fst_down.inc.php | predictive | High |
| 8 | File | /cgi-bin/luci/api/wireless | predictive | High |
| 9 | File | /cimom | predictive | Low |
| 10 | File | /formSysLog | predictive | Medium |
| 11 | File | /forum/away.php | predictive | High |
| 12 | File | /forum/PostPrivateMessage | predictive | High |
| 13 | File | /goform/fromSetWirelessRepeat | predictive | High |
| 14 | File | /graphql | predictive | Medium |
| 15 | File | /login/index.php | predictive | High |
| 16 | File | /nova/bin/detnet | predictive | High |
| 17 | File | /opencats/index.php?m=settings&a=ajax_tags_upd | predictive | High |
| 18 | File | /opt/Citrix/ICAClient/util/ctxwebhelper | predictive | High |
| 19 | File | /out.php | predictive | Medium |
| 20 | File | /setnetworksettings/IPAddress | predictive | High |
| 21 | File | /SetNetworkSettings/SubnetMask | predictive | High |
| 22 | File | /setNTP.cgi | predictive | Medium |
| 23 | File | /shell | predictive | Low |
| 24 | File | /SkycaijiApp/admin/controller/Mystore.php | predictive | High |
| 25 | File | /spip.php | predictive | Medium |
| 26 | File | /storage/poc.svg | predictive | High |
| 27 | File | /tmp | predictive | Low |
| 28 | File | /tpts/manage_user.php | predictive | High |
| 29 | File | /uncpath/ | predictive | Medium |
| 30 | File | /upload | predictive | Low |
| 31 | File | /user/s.php | predictive | Medium |
| 32 | File | /usr/etc/restore0.9 | predictive | High |
| 33 | File | /webif/SecurityModule | predictive | High |
| 34 | File | /wp-json/oembed/1.0/embed?url | predictive | High |
| 35 | File | /www/include/filesave.php | predictive | High |
| 36 | File | Access.app/Contents/Resources/kcproxy | predictive | High |
| 37 | File | adclick.php | predictive | Medium |
| 38 | File | add-locker-form.php | predictive | High |
| 39 | File | xxxxx/xxx.xxx | predictive | High |
| 40 | File | xxxxx/xxx_xxxxxxx.xxx | predictive | High |
| 41 | File | xxxxx/xxxxx/xxxxxxxxx.xxxx | predictive | High |
| 42 | File | xxxxx/xxxxxxx_xxxx.xxx | predictive | High |
| 43 | File | xxxxx/xxxxxxx_xxxxxx.xxx | predictive | High |
| 44 | File | xxxxx/xxxxxxxxxx_xxxx.xxx | predictive | High |
| 45 | File | xxxxx/xxxxxxx_xxxxxx.xxx | predictive | High |
| 46 | File | xxxxx/xxxxxx_xxxxxxxx.xxx | predictive | High |
| 47 | File | xxxxx/xxxxxxx.xxx | predictive | High |
| 48 | File | xxxxx/xxxxxx_xxxx.xxx | predictive | High |
| 49 | File | xxxxx/xxxx-xxxxx.xxx | predictive | High |
| 50 | File | xxxxx/xxxxxxxx_xxx.xxx | predictive | High |
| 51 | File | xxxxx_xxxxx.xxx | predictive | High |
| 52 | File | xxxxx.xxx | predictive | Medium |
| 53 | File | xxxx/xxxxxxxxx.xxx | predictive | High |
| 54 | File | xxxx_xxxxxxx.xxx | predictive | High |
| 55 | File | xxxxxxxx.xxx | predictive | Medium |
| 56 | File | xxx/xxx/xxxxx.xx | predictive | High |
| 57 | File | xxx/xxxxxxxx/xxxx/xxxxxxxxxxxxxxxxx.xxxx | predictive | High |
| 58 | File | xxx/xxxxxxxxxxx/xxxxxxxx/xxxxxxxxx_xxxxxxxxxx.xx | predictive | High |
| 59 | File | xxx/xxxxxxx.xxx | predictive | High |
| 60 | File | xxxxxxxx.xxx | predictive | Medium |
| 61 | File | xxxx-xxxxxx.x | predictive | High |
| 62 | File | xxxxx-xxx.x | predictive | Medium |
| 63 | File | xxxxx/xxxx_xxx.x | predictive | High |
| 64 | File | xxxxxxx.xx | predictive | Medium |
| 65 | File | xxxxxxx/xxxx/xxxxx.xxxxx.xxx | predictive | High |
| 66 | File | xxxxxxx.xxx | predictive | Medium |
| 67 | File | xxxxxx.xxx | predictive | Medium |
| 68 | File | xxxxxxxxxxxxx.xxx | predictive | High |
| 69 | File | xxxxxx/xxxx/xxxxxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxx | predictive | High |
| 70 | File | xxx-xxx/xxxxxxx.xx | predictive | High |
| 71 | File | xxx-xxx/xxx/xxxxxxxx_xxx.xxx | predictive | High |
| 72 | File | xxx-xxx/xxxxx/xxxxx/xxxxx/xxx_xxxx/xxxx_xxxx/ | predictive | High |
| 73 | File | xxx.x | predictive | Low |
| 74 | File | xxx/xxxx.xxx | predictive | Medium |
| 75 | File | xxx/xxxxxxx/xxxxxxx | predictive | High |
| 76 | File | xxxxxx.xxx | predictive | Medium |
| 77 | File | xxxxx_xxxxxx.xxx | predictive | High |
| 78 | File | xxxxxx-xxxxxxxx-xxxxxxxx.xxxxxxx.xxx | predictive | High |
| 79 | File | xxxxxxx/xxxxxx.xxx | predictive | High |
| 80 | File | xxxxx.xxx | predictive | Medium |
| 81 | File | xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
| 82 | File | xxxxxx/xxxxxxxxxxxx/xxx_xxxxxxxxx_xxxxxxxx_x_x.xx | predictive | High |
| 83 | File | xxxxxxx/x-xxxxxxxxx/xxxxxxxx.xxx | predictive | High |
| 84 | File | xxxxxxxxxx.xxx | predictive | High |
| 85 | File | xxxxxxxxxx/xxxx-xxxxxx-xxxxxxx.xx | predictive | High |
| 86 | File | xxxxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxx.xxxx | predictive | High |
| 87 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
| 88 | File | xxxx/xxxxx.xx | predictive | High |
| 89 | File | xxxx_xxxxx.xxx | predictive | High |
| 90 | File | xxxxx.x | predictive | Low |
| 91 | File | xxx_xxxx/xxxxxx_xxxx/xxxxxxxx/xxx.xxx | predictive | High |
| 92 | File | xxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxx_xxx.x | predictive | High |
| 93 | File | xxxxx.xxx | predictive | Medium |
| 94 | File | xxx/xxxx_xxxx | predictive | High |
| 95 | File | xxxxxxx_xxxx.xxxx.xxx/xxxxxxx_xxxx.xxx | predictive | High |
| 96 | File | xxxx.xxx | predictive | Medium |
| 97 | File | xxxxxxxxxxxxxxx.xxx | predictive | High |
| 98 | File | xxx/xxxx/xxxx.x | predictive | High |
| 99 | File | xxx/xxx/xxx_xxxxxxxx.x | predictive | High |
| 100 | File | xxxxxxxxxxx.xxx | predictive | High |
| 101 | File | xxxxxxxxx.xxx | predictive | High |
| 102 | File | xxxxxxxxxxxxxxxxx.xxx | predictive | High |
| 103 | File | xx/xxxxx/xxxxxxx.x | predictive | High |
| 104 | File | xxxxxxxxx/xxxx.xxx | predictive | High |
| 105 | File | xxxxx.xxx | predictive | Medium |
| 106 | File | xxxxxxxx/xxxx_xxxx | predictive | High |
| 107 | File | xxxxxxxxxxxxx/xxx/xxx/xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxx | predictive | High |
| 108 | File | xxxxxxxxx.xxx | predictive | High |
| 109 | File | xxxxxxx/xxxxxx/xxxxxxx/xx/xxxxxxx.xxxxxxxxx.xx | predictive | High |
| 110 | File | xxxx/xxx | predictive | Medium |
| 111 | File | xxxxxxxx/xxxxx.xxx | predictive | High |
| 112 | File | xxxx.xx | predictive | Low |
| 113 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
| 114 | File | xxx/xxxxx.xxxxxxxxxxx.xxx | predictive | High |
| 115 | File | xxx/xxxxxx.xxx | predictive | High |
| 116 | File | xxx/xxxxxxxxxxx/xxxxxxx.xxx | predictive | High |
| 117 | File | xxx/xxxxx.xxx | predictive | High |
| 118 | File | xxxxx.xxxx | predictive | Medium |
| 119 | File | xxxxx.xxx | predictive | Medium |
| 120 | File | xxxxx.xxx?xxxxx=xxxxxxxxx/xxxxxx/xx_xxxxxxxxx_xxxxxx_xxxxx/xxxxxxxxxx | predictive | High |
| 121 | File | xxxxx.xxx?xxx=xxxxxxx/xxxxxxxxxx&xxxx=xxxxxxxxxx/xxxxx_xxxx | predictive | High |
| 122 | File | xxxxx:/xxxxxxxx/xxxxxxxxxxxx.xxxx | predictive | High |
| 123 | File | xxx.x | predictive | Low |
| 124 | File | xxxxxx.xxx/xxxxxx.xxx | predictive | High |
| 125 | File | xxxxxxx/xxx/xxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxx | predictive | High |
| 126 | File | xxxxx_xxxxx.xxx | predictive | High |
| 127 | File | xxxxxx.x | predictive | Medium |
| 128 | File | xxxxxx/xxxx/xxxxxxxxxxxxxx.xxx | predictive | High |
| 129 | File | xxxxx/xxxxx.xx | predictive | High |
| 130 | File | xxx/xxxxx/xxxx.xxx | predictive | High |
| 131 | File | xxx/xxxx.xxxxxx | predictive | High |
| 132 | File | xxx/xxxxxxxx.xx | predictive | High |
| 133 | File | xxx/xxxxxx.xx | predictive | High |
| 134 | File | xxx/xxxxxxx/xxxxxx.xx | predictive | High |
| 135 | File | xxx/xxxxxxx.xx | predictive | High |
| 136 | File | xxxxxxxxxxxxxxx.xxx | predictive | High |
| 137 | File | xxxxxxx.xx | predictive | Medium |
| 138 | File | xxxxx/xxxx_xxxxxxx/xxxxxxxxx/xxxx.xxx | predictive | High |
| 139 | File | xxxxxxx-xx/xxxxxx/xxx.xx | predictive | High |
| 140 | File | xxxxxxx/xxxxxxx/xxxxx/xxxxx.xxx | predictive | High |
| 141 | File | xxx_xxxxx_xxxx.x | predictive | High |
| 142 | File | xxx.x | predictive | Low |
| 143 | File | xxx/xxxx/xxxxx.x | predictive | High |
| 144 | File | xxx/xxxx/xxx.x | predictive | High |
| 145 | File | xxxxxxxxxx.xx | predictive | High |
| 146 | File | xxxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxxx/xxx/xxxxxxxxxxxx.xxxx | predictive | High |
| 147 | File | xxx.xxxxxx.xxxxxx.xxxxxxxxxx.xxxx.xxxxxx.xxxx.xxxxx.xxxxxxxxxxx | predictive | High |
| 148 | File | xxx-xxxxxxxxxxx/xxx/xxxxxx/xxx/xxxxxxxxxx.xx | predictive | High |
| 149 | File | xxxxxxxx.xxx | predictive | Medium |
| 150 | File | xxxx.xxx | predictive | Medium |
| 151 | File | xxxxxx/xxx/xxxxxx/xxxxx-xxxx.xxx | predictive | High |
| 152 | File | xxxxxx/xxx/xxxxxx/xxxxxxxxxxxxx.xxx | predictive | High |
| 153 | File | xxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
| 154 | File | xxxxxxxxxx/xxxxxxxx.xx | predictive | High |
| 155 | File | xxxxxx_xxxx/xxx_xxxxxxx/xxx_xxxxxxx_xxx.xxx | predictive | High |
| 156 | File | xxxx.xxx | predictive | Medium |
| 157 | File | xxxxxxx.xxx | predictive | Medium |
| 158 | File | xxxxx.xxx | predictive | Medium |
| 159 | File | xxxxx.xxx | predictive | Medium |
| 160 | File | xxxxxxxx-xxxx/xxxxxxxx/xxxxx.xx | predictive | High |
| 161 | File | xxxxxxx.xxx | predictive | Medium |
| 162 | File | xxxxxxxxxx/xxxxxxx/xxxx_xxxxxxx.xx | predictive | High |
| 163 | File | xxxxxxxxxxx/xxxxxxxxx.xx | predictive | High |
| 164 | File | xxxxxx_xxxxxx.xxx | predictive | High |
| 165 | File | xxxxxx/xxxx.xx | predictive | High |
| 166 | File | xxx.xxx | predictive | Low |
| 167 | File | xxxx.x | predictive | Low |
| 168 | File | xxx.x | predictive | Low |
| 169 | File | xxxxxx-xxxxxxx.xxx | predictive | High |
| 170 | File | xxxxxx.xxx | predictive | Medium |
| 171 | File | xxxxxx/xxxxx.xxx | predictive | High |
| 172 | File | xxxxxxx/xxxxxxxxxxxxx | predictive | High |
| 173 | File | xxxxxxxx-xxxxxx_xxxxx.xxx | predictive | High |
| 174 | File | xxxxxxxxx/xxxxxxxxx.xxxxx.xxx | predictive | High |
| 175 | File | xxxx.x | predictive | Low |
| 176 | File | xxxxxxxxxxxx.xxx | predictive | High |
| 177 | File | xxx/xxxxxxxxxx.xxx | predictive | High |
| 178 | File | xxx/xxxxxxxxx.xxxx | predictive | High |
| 179 | File | xxx/xxxxxxx/xx-xxxxxx.x | predictive | High |
| 180 | File | xxx/xxxx/xx/xxx/xxxxxxxx/xxx/xxxxxxxxxx.xxxx | predictive | High |
| 181 | File | xxx/xxxx/xxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxxxx.xxxx | predictive | High |
| 182 | File | xxx/xxxxx/xxxxx.xxx | predictive | High |
| 183 | File | xxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx.xx | predictive | High |
| 184 | File | xxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
| 185 | File | xxxxxxx-xxxxxxx.xxx | predictive | High |
| 186 | File | xxx.xxx | predictive | Low |
| 187 | File | xxxx-xxxxx.xxx | predictive | High |
| 188 | File | xxxx-xxxxxxxx.xxx | predictive | High |
| 189 | File | xxxxxxxxx/xxxxx/xxxxxx.xx | predictive | High |
| 190 | File | xxxxxxxx.xxx | predictive | Medium |
| 191 | File | xxxx/xxxxxx_xxxxxxxx.xxx | predictive | High |
| 192 | File | xxxxx.xxx | predictive | Medium |
| 193 | File | xxxx\xxxxxxxxxx\xxxxxxx_xxxxxxxxx.xxx | predictive | High |
| 194 | File | xxx/xxxx/xxxx | predictive | High |
| 195 | File | xxxx/xxx/xxxx-xxxxx.xxx | predictive | High |
| 196 | File | xxxxxxxxx/xx_xxxxxxxxx.xxx | predictive | High |
| 197 | File | xxxxxxxxxxx.xxx | predictive | High |
| 198 | File | xxxxx/xxxxx.xx | predictive | High |
| 199 | File | xxxx_xxxx.xxx | predictive | High |
| 200 | File | xxxxxx.x | predictive | Medium |
| 201 | File | xxxxxxxxxxx.xxx | predictive | High |
| 202 | File | xxxxxxx/xxxxxx/xxxxx.xxx | predictive | High |
| 203 | File | xxxx/xxxxxx.xx | predictive | High |
| 204 | File | xx_xxxxx/xxxxxx/xxxxxxx/xxx/xxxxxx_xxxxxxx.xxx | predictive | High |
| 205 | File | _xxxxx.xxx | predictive | Medium |
| 206 | File | ~/xxxxxxxx-xxxxxxxx.xxx | predictive | High |
| 207 | Library | /xxx/xxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxxx.xxx | predictive | High |
| 208 | Library | /_xxx_xxx/xxxxx.xxx | predictive | High |
| 209 | Library | xxxxxxxxxxxxx.xxx | predictive | High |
| 210 | Library | xxxxxxxxxxx.xxx | predictive | High |
| 211 | Library | x:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxx | predictive | High |
| 212 | Library | xxxxxxx/xxx/xxxxxx.xxx.xxx | predictive | High |
| 213 | Library | xxxxx.xxx | predictive | Medium |
| 214 | Library | xxx/xxxxx/xxxxxxxx.xx | predictive | High |
| 215 | Library | xxxxxxxxxx | predictive | Medium |
| 216 | Library | xxxxxxx/xxxxxxxx.xxx | predictive | High |
| 217 | Library | xxxxxx.xxx | predictive | Medium |
| 218 | Library | xxxxxx.xxx | predictive | Medium |
| 219 | Library | xxxxxxxx.xxx | predictive | Medium |
| 220 | Library | xxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxx | predictive | High |
| 221 | Argument | $xxxxxxx['xx_xxxxxxx'] | predictive | High |
| 222 | Argument | $_xxxxxx['xxxx_xxxx_xxxxx'] | predictive | High |
| 223 | Argument | $_xxxxxx['xxxxxx_xxxxxxxx'] | predictive | High |
| 224 | Argument | xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx: | predictive | High |
| 225 | Argument | xxxxxx | predictive | Low |
| 226 | Argument | xxxx | predictive | Low |
| 227 | Argument | xx | predictive | Low |
| 228 | Argument | xxxxxx_xxxx | predictive | Medium |
| 229 | Argument | xxxxxxxxxx | predictive | Medium |
| 230 | Argument | xxxxxxxx | predictive | Medium |
| 231 | Argument | xxxxxxx_xx | predictive | Medium |
| 232 | Argument | xxxxxxxxxx | predictive | Medium |
| 233 | Argument | xxxxxxx | predictive | Low |
| 234 | Argument | xxxxxx | predictive | Low |
| 235 | Argument | xxxxxxxxx | predictive | Medium |
| 236 | Argument | xxxxxx | predictive | Low |
| 237 | Argument | xxxxxxx/xxxx | predictive | Medium |
| 238 | Argument | xxxx/xxxx | predictive | Medium |
| 239 | Argument | xxxx_xxxxx | predictive | Medium |
| 240 | Argument | xxxxxx_xxxx | predictive | Medium |
| 241 | Argument | xxxx | predictive | Low |
| 242 | Argument | xxxxxxxxxxx | predictive | Medium |
| 243 | Argument | xxxx_xxxxxx=xxxx | predictive | High |
| 244 | Argument | xxxxx | predictive | Low |
| 245 | Argument | xxxxx | predictive | Low |
| 246 | Argument | xxxxx | predictive | Low |
| 247 | Argument | xxxxx | predictive | Low |
| 248 | Argument | xxxx | predictive | Low |
| 249 | Argument | xxxxxxxx | predictive | Medium |
| 250 | Argument | xxxx_xxxx | predictive | Medium |
| 251 | Argument | xxxxxxxx | predictive | Medium |
| 252 | Argument | xxxx | predictive | Low |
| 253 | Argument | xx | predictive | Low |
| 254 | Argument | xxx/xxx | predictive | Low |
| 255 | Argument | xxxxxxxxxxxxxx | predictive | High |
| 256 | Argument | xxx | predictive | Low |
| 257 | Argument | xxxxxxxxx | predictive | Medium |
| 258 | Argument | xxxxxxxx | predictive | Medium |
| 259 | Argument | xxxxxxxxx | predictive | Medium |
| 260 | Argument | xxxxxxxxxx_xx/xxxxxxxxxx_xxxx | predictive | High |
| 261 | Argument | xxxxxxx | predictive | Low |
| 262 | Argument | xxxx/xxxxxx_xxxx | predictive | High |
| 263 | Argument | xxxx | predictive | Low |
| 264 | Argument | xxxx_xxxx | predictive | Medium |
| 265 | Argument | xxxx | predictive | Low |
| 266 | Argument | xxxxxxxxxx | predictive | Medium |
| 267 | Argument | xxxx x xxxx | predictive | Medium |
| 268 | Argument | xxxxxxx/xxxxxxxx | predictive | High |
| 269 | Argument | xxxx | predictive | Low |
| 270 | Argument | xxxx | predictive | Low |
| 271 | Argument | xxxxxxxxx | predictive | Medium |
| 272 | Argument | xxx | predictive | Low |
| 273 | Argument | xxxxxxx/xxxxxxxxx | predictive | High |
| 274 | Argument | xxxxxxxx/xxxxxxxxx | predictive | High |
| 275 | Argument | xxxx | predictive | Low |
| 276 | Argument | xxxxxxxx | predictive | Medium |
| 277 | Argument | xxxxxxxx | predictive | Medium |
| 278 | Argument | xxxxxxx | predictive | Low |
| 279 | Argument | xxxxx_xxxxxx | predictive | Medium |
| 280 | Argument | xxxxxxxxxx | predictive | Medium |
| 281 | Argument | xxxxxxxx_xxxx | predictive | High |
| 282 | Argument | xxxxxxx | predictive | Low |
| 283 | Argument | xxxxxx | predictive | Low |
| 284 | Argument | xxxxxxxxxx | predictive | Medium |
| 285 | Argument | xxxxxxxxxxxx | predictive | Medium |
| 286 | Argument | xxx | predictive | Low |
| 287 | Argument | xxxx_xx | predictive | Low |
| 288 | Argument | xxxxxx | predictive | Low |
| 289 | Argument | xxx | predictive | Low |
| 290 | Argument | xxxxx/xxxxxx | predictive | Medium |
| 291 | Argument | xxx | predictive | Low |
| 292 | Argument | xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx | predictive | High |
| 293 | Argument | xxxxxxxx_xx | predictive | Medium |
| 294 | Argument | xxxxxxx/xxxxxxx | predictive | High |
| 295 | Argument | xxxxxx-xxx | predictive | Medium |
| 296 | Argument | xxxx_xxxxxx/xxxxxx/xxxxxx | predictive | High |
| 297 | Argument | xxxxxx/xxxxxxxxx/xxxxxxx | predictive | High |
| 298 | Argument | xxx | predictive | Low |
| 299 | Argument | xxxxxx | predictive | Low |
| 300 | Argument | xxx | predictive | Low |
| 301 | Argument | xxxxxxx | predictive | Low |
| 302 | Argument | xxxx | predictive | Low |
| 303 | Argument | xxx | predictive | Low |
| 304 | Argument | xxxxx | predictive | Low |
| 305 | Argument | xx_xxxx | predictive | Low |
| 306 | Argument | xxxxxxxxx | predictive | Medium |
| 307 | Argument | xxx | predictive | Low |
| 308 | Argument | xxx | predictive | Low |
| 309 | Argument | xxxx-xxxxx | predictive | Medium |
| 310 | Argument | xxxx/xxxx | predictive | Medium |
| 311 | Argument | xxxxxxxx | predictive | Medium |
| 312 | Argument | xxxxxxxx/xxxxxx | predictive | High |
| 313 | Argument | xxxxxxxx/xxxxxxxx | predictive | High |
| 314 | Argument | _xxxxx | predictive | Low |
| 315 | Input Value | "><xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx> | predictive | High |
| 316 | Input Value | $xxxxxx | predictive | Low |
| 317 | Input Value | <x xxxxxxx=xxxxx(x)>xxxxx</x> | predictive | High |
| 318 | Input Value | x=x | predictive | Low |
| 319 | Pattern | xxxxxxxx.xxxx | predictive | High |
| 320 | Network Port | xxxxx xxx-xxx, xxx | predictive | High |
| 321 | Network Port | xxx/xxxx | predictive | Medium |
| 322 | Network Port | xxx/xxxx | predictive | Medium |
References (409)
The following list contains external sources which discuss the actor and the associated activities:
- http://cinsscore.com/list/ci-badguys.txt
- https://asec.ahnlab.com/en/15959/
- https://asec.ahnlab.com/en/26274/
- https://asec.ahnlab.com/en/34549/
- https://asec.ahnlab.com/en/34756/
- https://asec.ahnlab.com/en/35343/
- https://asec.ahnlab.com/en/36397/
- https://blog.alyac.co.kr/4709
- https://blog.alyac.co.kr/4826
- https://blog.bushidotoken.net/2020/04/mydoom-persists-into-2020.html
- https://blog.bushidotoken.net/2020/11/one-persistent-phish.html
- https://blog.bushidotoken.net/2022/01/tracking-renewable-energy-intelligence.html
- https://blog.bushidotoken.net/2022/02/mobile-banking-phishing-campaign.html
- https://blog.bushidotoken.net/2022/05/ofgem-energy-bill-rebate-phishing-fraud.html
- https://blog.cyble.com/2021/07/28/a-deep-dive-analysis-of-a-fake-coronapp-targeting-android-users-from-colombia/
- https://blog.cyble.com/2021/09/14/apt-group-targets-indian-defense-officials-through-enhanced-ttps/
- https://blog.cyble.com/2021/09/30/a-new-variant-of-hydra-banking-trojan-targeting-european-banking-users/
- https://blog.cyble.com/2022/01/28/indian-army-personnel-face-remote-access-trojan-attacks/
- https://blog.cyble.com/2022/05/12/f5-big-ip-remote-code-execution-vulnerability-cve-2022-1388/
- https://blog.cyble.com/2022/05/31/new-zero-day-exploit-spotted-in-the-wild/
- https://blog.cyble.com/2022/08/05/compromised-youtube-accounts-spreading-malware/
- https://blog.cyble.com/2022/09/02/zanubis-new-android-banking-trojan/
- https://blog.cyble.com/2022/09/13/phishing-campaign-targets-japanese-tax-payers/
- https://blog.cyble.com/2022/09/19/new-malware-campaign-targets-zoom-users/
- https://blog.cyble.com/2022/09/21/netsupport-rat-distributed-via-socgholish/
- https://blog.cyble.com/2022/09/29/fabricated-bank-website-distributes-android-spyware/
- https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
- https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/
- https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
- https://blog.group-ib.com/bootkits
- https://blog.group-ib.com/fakeapt28
- https://blog.group-ib.com/prometheus-tds
- https://blog.group-ib.com/task
- https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2017/03/new-targeted-attack-saudi-arabia-government/
- https://blog.malwarebytes.com/malwarebytes-news/2022/05/unknown-apt-group-has-targeted-russia-repeatedly-since-ukraine-invasion/
- https://blog.malwarebytes.com/threat-analysis/2015/08/whos-behind-your-proxy-uncovering-bunitus-secrets/
- https://blog.malwarebytes.com/threat-analysis/2015/11/blast-from-the-past-blackhole-exploit-kit-resurfaces-in-live-attacks/
- https://blog.malwarebytes.com/threat-analysis/2015/12/comcast-customers-targeted-in-elaborate-malvertising-attack/
- https://blog.malwarebytes.com/threat-analysis/2015/12/safebrowsing-scam-from-amazon-to-rackspace/
- https://blog.malwarebytes.com/threat-analysis/2015/12/spike-in-malvertising-attacks-via-nuclear-ek-pushes-ransomware/
- https://blog.malwarebytes.com/threat-analysis/2016/03/teslacrypt-spam-campaign-unpaid-issue/
- https://blog.malwarebytes.com/threat-analysis/2016/05/cbs-affiliated-television-stations-expose-visitors-to-angler-exploit-kit/
- https://blog.malwarebytes.com/threat-analysis/2016/05/top-chilean-news-website-emol-pushes-angler-exploit-kit/
- https://blog.malwarebytes.com/threat-analysis/2017/04/binary-options-malvertising-campaign-drops-isfb-banking-trojan/
- https://blog.malwarebytes.com/threat-analysis/2017/04/malvertising-on-ios-pushes-eyebrow-raising-vpn-app/
- https://blog.malwarebytes.com/threat-analysis/2017/04/sundown-ek-gone-missing-terror-ek-flavours-seen-in-active-drive-by-campaigns/
- https://blog.malwarebytes.com/threat-analysis/2017/08/cerber-ransomware-delivered-format-different-order-magnitude/
- https://blog.malwarebytes.com/threat-analysis/2017/08/locky-ransomware-adds-anti-sandbox-feature/
- https://blog.malwarebytes.com/threat-analysis/2017/09/cve-2017-0199-used-to-deliver-modified-rms-agent-rat/
- https://blog.malwarebytes.com/threat-analysis/2017/09/drive-by-mining-and-ads-the-wild-wild-west/
- https://blog.malwarebytes.com/threat-analysis/2017/09/elaborate-scripting-fu-used-in-espionage-attack-against-saudi-arabia-government_entity/
- https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/
- https://blog.malwarebytes.com/threat-analysis/2017/11/terror-exploit-kit-goes-https-all-the-way/
- https://blog.malwarebytes.com/threat-analysis/2017/12/seamless-campaign-caught-using-punycode/
- https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/
- https://blog.malwarebytes.com/threat-analysis/2018/01/rig-exploit-kit-campaign-gets-deep-into-crypto-craze/
- https://blog.malwarebytes.com/threat-analysis/2018/02/chinese-criminal-experiments-with-exploits-in-drive-by-download-campaign/
- https://blog.malwarebytes.com/threat-analysis/2018/02/new-rig-malvertising-campaign-uses-cryptocurrency-theme-decoy/
- https://blog.malwarebytes.com/threat-analysis/2018/03/hancitor-fileless-attack-with-a-copy-trick/
- https://blog.malwarebytes.com/threat-analysis/2018/03/hermes-ransomware-distributed-to-south-koreans-via-recent-flash-zero-day/
- https://blog.malwarebytes.com/threat-analysis/2018/04/fakeupdates-campaign-leverages-multiple-website-platforms/
- https://blog.malwarebytes.com/threat-analysis/2018/05/look-drupalgeddon-client-side-attacks/
- https://blog.malwarebytes.com/threat-analysis/2018/05/tech-scam-lures-thousands/
- https://blog.malwarebytes.com/threat-analysis/2018/07/hidden-bee-miner-delivered-via-improved-drive-by-download-toolkit/
- https://blog.malwarebytes.com/threat-analysis/2018/07/magniber-ransomware-improves-expands-within-asia/
- https://blog.malwarebytes.com/threat-analysis/2018/07/obfuscated-coinhive-shortlink-reveals-larger-mining-operation/
- https://blog.malwarebytes.com/threat-analysis/2018/09/buggy-implementation-of-cve-2018-8373-used-to-deliver-quasar-rat/
- https://blog.malwarebytes.com/threat-analysis/2018/09/mass-wordpress-compromises-tech-support-scams/
- https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/
- https://blog.malwarebytes.com/threat-analysis/2018/12/underminer-exploit-kit-improves-latest-iteration/
- https://blog.malwarebytes.com/threat-analysis/2019/01/improved-fallout-ek-comes-back-after-short-hiatus/
- https://blog.malwarebytes.com/threat-analysis/2019/02/new-golang-brute-forcer-discovered-amid-rise-e-commerce-attacks/
- https://blog.malwarebytes.com/threat-analysis/2019/03/plugin-vulnerabilities-exploited-traffic-monetization-schemes/
- https://blog.malwarebytes.com/threat-analysis/2019/03/spotlight-troldesh-ransomware-aka-shade/
- https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/
- https://blog.malwarebytes.com/threat-analysis/2019/08/magecart-criminals-caught-stealing-poker-face/
- https://blog.malwarebytes.com/threat-analysis/2019/12/hundreds-of-counterfeit-online-shoe-stores-injected-with-credit-card-skimmer/
- https://blog.malwarebytes.com/threat-analysis/2019/12/spelevo-exploit-kit-debuts-new-social-engineering-trick/
- https://blog.malwarebytes.com/threat-analysis/2020/01/woof-locker-stealthy-browser-locker-tech-support-scam/
- https://blog.malwarebytes.com/threat-analysis/2020/03/rocket-loader-skimmer-impersonates-cloudflare-library-in-clever-scheme/
- https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/
- https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/
- https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/
- https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/
- https://blog.malwarebytes.com/threat-analysis/2020/07/malspam-campaign-caught-using-guloader-after-service-relaunch/
- https://blog.malwarebytes.com/threat-analysis/2020/08/inter-skimming-kit-used-in-homoglyph-attacks/
- https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/
- https://blog.malwarebytes.com/threat-analysis/2021/03/new-steganography-attack-targets-azerbaijan/
- https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/07/a-look-into-some-rig-exploit-kit-campaigns/
- https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/08/a-look-into-neutrinos-jquerygate/
- https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2017/03/canada-u-k-hit-ramnit-trojan-new-malvertising-campaign/
- https://blog.malwarebytes.com/threat-analysis/social-engineering-threat-analysis/2016/11/an-overview-of-malvertising-on-the-mac/
- https://blog.morphisec.com/agent-tesla-a-day-in-a-life-of-ir
- https://blog.morphisec.com/connectwise-control-abused-again-to-deliver-zeppelin-ransomware
- https://blog.morphisec.com/log4j-exploit-hits-again-vulnerable-vmware-horizon-servers-at-risk
- https://blog.morphisec.com/log4j-exploit-targets-vulnerable-unifi-network-applications
- https://blog.morphisec.com/morphisec-uncovers-pied-piper-campaign
- https://blog.morphisec.com/new-global-attack-on-point-of-sale-systems
- https://blog.morphisec.com/new-jupyter-evasive-delivery-through-msi-installer
- https://blog.morphisec.com/nft-buyers-beware-journey-of-a-crypto-scammer-how-to-stop-them
- https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities
- https://blog.morphisec.com/vmware-identity-manager-attack-backdoor
- https://blog.netlab.360.com/public-cloud-threat-intelligence-202201/
- https://blog.netlab.360.com/public-cloud-threat-intelligence-202202/
- https://blog.netlab.360.com/public-cloud-threat-intelligence-202203/
- https://blog.netlab.360.com/what-our-honeypot-sees-just-one-day-after-the-spring4shell-advisory-en/
- https://blog.reversinglabs.com/blog/data-exfiltrator
- https://blog.reversinglabs.com/blog/threat-analysis-follina-exploit-powers-live-off-the-land-attacks
- https://blog.reversinglabs.com/blog/threat-analysis-malicious-npm-package-mimicks-material-tailwind-css-tool
- https://blog.talosintelligence.com/2015/03/threat-spotlight-poseidon-deep-dive.html
- https://blog.talosintelligence.com/2015/04/threat-spotlight-sshpsychos.html
- https://blog.talosintelligence.com/2015/04/threat-spotlight-upatre-say-no-to.html
- https://blog.talosintelligence.com/2015/06/hook-line-sinker-catching-unsuspecting.html
- https://blog.talosintelligence.com/2016/04/nuclear-tor.html
- https://blog.talosintelligence.com/2016/07/ranscam.html
- https://blog.talosintelligence.com/2016/09/tofsee-spam.html
- https://blog.talosintelligence.com/2017/12/recam-redux-deconfusing-confuserex.html
- https://blog.talosintelligence.com/2017/12/threat-round-up-1201-1208.html
- https://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html
- https://blog.talosintelligence.com/2018/01/threat-round-up-0105-0512.html
- https://blog.talosintelligence.com/2018/02/threat-round-up-0202-0209.html
- https://blog.talosintelligence.com/2018/02/threat-round-up-0216-0223.html
- https://blog.talosintelligence.com/2018/03/goscanssh-analysis.html
- https://blog.talosintelligence.com/2018/04/threat-round-up-0406-0413.html
- https://blog.talosintelligence.com/2018/04/threat-round-up-0420-0427.html
- https://blog.talosintelligence.com/2018/05/threat-round-up-0427-0504.html
- https://blog.talosintelligence.com/2018/05/threat-roundup-0504-0511.html
- https://blog.talosintelligence.com/2018/05/threat-roundup-0518-0525.html
- https://blog.talosintelligence.com/2018/05/VPNFilter.html
- https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
- https://blog.talosintelligence.com/2018/07/threat-roundup-0706-0713.html
- https://blog.talosintelligence.com/2018/10/threat-roundup-1019-1026.html
- https://blog.talosintelligence.com/2018/12/cryptomining-campaigns-2018.html
- https://blog.talosintelligence.com/2019/04/hawkeye-reborn.html
- https://blog.talosintelligence.com/2019/09/divergent-analysis.html
- https://blog.talosintelligence.com/2019/11/custom-dropper-hide-and-seek.html
- https://blog.talosintelligence.com/2020/09/salfram-robbing-place-without-removing.html
- https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html
- https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
- https://blog.talosintelligence.com/2022/05/threat-advisory-critical-f5-big-ip-vuln.html
- https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
- https://blog.trendmicro.co.jp/archives/20418
- https://blogs.360.cn/post/Attack-on-Sikh-separatist-movement.html
- https://blogs.360.cn/post/Three_years_of_attacks_on_Israel_and_Palestine_are_revealed.html
- https://blogs.blackberry.com/en/2017/03/threat-spotlight-operation-bugdrop
- https://blogs.blackberry.com/en/2019/10/threat-spotlight-citadel-banking-trojan
- https://blogs.blackberry.com/en/2022/09/some-kind-of-monster-raas-hides-itself-using-traits-from-other-malware
- https://blogs.blackberry.com/en/2023/01/gamaredon-abuses-telegram-to-target-ukrainian-organizations
- https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/log4j-exploit-harvesting/
- https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/log4j-indicators-of-compromise-to-date/
- https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory-hidden-cobra-blindingcan-rat-variants/
- https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/cyber-threat-advisory-darkside-ransomware-attack-on-colonial-pipeline/
- https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/cyber-threat-advisory-darkside-ransomware-variant/
- https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/cyber-threat-advisory-hidden-cobra-applejeus-cryptocurrency-threats/
- https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/fancy-bear-brute-force-attacks/
- https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/onepercent-group-ransomware-campaign/
- https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/solarwinds-second-update/
- https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/vast-malvertising-network-hijacks-browser-settings-to-spread-riskware/
- https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/vextrio-ddga-domains-spread-adware-spyware-and-scam-web-forms/
- https://blogs.infoblox.com/cyber-threat-intelligence/iranian-apt-exploits-election-websites/
- https://blogs.infoblox.com/cyber-threat-intelligence/malicious-activity-reports/new-malware-capturador-hijacker/
- https://blogs.jpcert.or.jp/en/2017/04/redleaves---malware-based-on-open-source-rat.html
- https://blogs.jpcert.or.jp/en/2018/03/malware-tscooki-7aa0.html
- https://blogs.jpcert.or.jp/en/2018/06/plead-downloader-used-by-blacktech.html
- https://blogs.jpcert.or.jp/en/2018/07/malware-wellmes-9b78.html
- https://blogs.jpcert.or.jp/en/2020/04/attacks-exploiting-vulnerabilities-in-pulse-connect-secure.html
- https://blogs.jpcert.or.jp/en/2021/06/php_malware.html
- https://blogs.jpcert.or.jp/en/2021/07/water_pamola.html
- https://blogs.jpcert.or.jp/ja/2019/07/shorten_url_lnk.html
- https://blogs.mcafee.jp/is-there-really-such-a-thing-as-a-low-paid-ransomware-operator
- https://blogs.mcafee.jp/prime-ministers-office-compromised
- https://cert.gov.ua/article/2728
- https://cert.gov.ua/article/10011
- https://cert.gov.ua/article/13156
- https://cert.gov.ua/article/18101
- https://cert.gov.ua/article/18163
- https://cert.gov.ua/article/39253
- https://cert.gov.ua/article/39606
- https://cert.gov.ua/article/39727
- https://cert.gov.ua/article/40125
- https://cert.gov.ua/article/40263
- https://cert.gov.ua/article/160530
- https://cert.gov.ua/article/375404
- https://checkmarx.com/blog/attacker-uses-a-popular-tiktok-challenge-to-lure-users-into-installing-malicious-package/
- https://citizenlab.ca/2017/07/insider-information-an-intrusion-campaign-targeting-chinese-language-news-sites/
- https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-with-targets-in-the-tibetan-community/
- https://citizenlab.ca/2019/05/burned-after-reading-endless-mayflys-ephemeral-disinformation-campaign/
- https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/
- https://community.blueliv.com/#!/s/5f6da53f82df413ea9344786
- https://community.blueliv.com/#!/s/5f7f317382df413eb2352195
- https://community.blueliv.com/#!/s/5fa00a7a82df413eac34d7bc
- https://community.blueliv.com/#!/s/5fa520fc82df413eb23524be
- https://community.blueliv.com/#!/s/5fc7d9f982df413ea934ae07
- https://community.blueliv.com/#!/s/5fc7d89782df413eb235265e
- https://community.blueliv.com/#!/s/5fdccfcf82df413ea934b100
- https://community.blueliv.com/#!/s/61fce4b982df413eb23554b5
- https://community.blueliv.com/#!/s/62ba9eab82df417ed03312f2
- https://community.blueliv.com/#!/s/62f1ffe082df413eb535988f
- https://community.blueliv.com/#!/s/604be61282df413eb5355b5f
- https://community.blueliv.com/#!/s/624fdd2182df417ed0330c3d
- https://community.blueliv.com/#!/s/630f929282df41552632fd7b
- https://community.blueliv.com/#!/s/6225bd4c82df417ed0330980
- https://community.blueliv.com/#!/s/6256721582df413eb2355a0d
- https://ddanchev.blogspot.com/2007/11/another-massive-embedded-malware-attack.html
- https://ddanchev.blogspot.com/2008/02/inside-botnet-phishing-activities.html
- https://ddanchev.blogspot.com/2022/02/the-cyber-war-between-russia-and.html
- https://ddanchev.blogspot.com/2022/10/exposing-compilation-of-stolen-credit.html
- https://exchange.xforce.ibmcloud.com/collection/SSH-Brute-Force-Honeypot-Live-56b3f3072e05dab76987bfcd3ba18fea
- https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt
- https://gblogs.cisco.com/jp/2022/09/talos-lazarus-three-rats/
- https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
- https://github.com/aanubhav-ioc/random/blob/main/redline_WS
- https://github.com/b3b0/evil-ip-addresses/blob/main/latest.txt
- https://github.com/blackorbird/APT_REPORT/blob/master/bitter/2022/Quarterly-Adversarial-Threat-Report-Q2-2022.pdf
- https://github.com/blackorbird/APT_REPORT/blob/master/CyberMerceNary/wp-void-balaur-tracking-a-cybermercenarys-activities.pdf
- https://github.com/blackorbird/APT_REPORT/blob/master/Donot/Donot%20Group%20%26%20Innefu%20Labs.pdf
- https://github.com/blackorbird/APT_REPORT/blob/master/group123/ESRC-1808-TLP-White-IR002_RocketMan_English.pdf
- https://github.com/blackorbird/APT_REPORT/blob/master/International%20Strategic/Iran/ClearSky-Fox-Kitten-Campaign-v1.pdf
- https://github.com/blackorbird/APT_REPORT/blob/master/International%20Strategic/Iran/Iranian-Nation-State-APT-Leak-Analysis-and-Overview.pdf
- https://github.com/blackorbird/APT_REPORT/blob/master/Metador/metador_An_Unattributed_Threat_Hiding_in_Telcos_SPs_and_Universities.pdf
- https://github.com/blackorbird/APT_REPORT/blob/master/Oceanlotus/ESET_OceanLotus.pdf
- https://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/russia-nexus-uac-0113-emulating-telecommunication-providers-in-ukraine.pdf
- https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
- https://github.com/blackorbird/APT_REPORT/blob/master/summary/2020/APT-blackberry-mobile-malware-report.pdf
- https://github.com/blackorbird/APT_REPORT/blob/master/SunBurst/Nobelium2021.pdf
- https://github.com/blackorbird/APT_REPORT/tree/master/Lamberts/DePriMon
- https://github.com/Cisco-Talos/IOCs/blob/main/2022/09/new-campaign-uses-government-union.txt
- https://github.com/Cisco-Talos/IOCs/blob/main/2022/09/threat-advisory-exchange-server-vulns.txt
- https://github.com/Cisco-Talos/IOCs/blob/main/2022/11/ipfs-abuse.txt
- https://github.com/CYBERCOM-Malware-Alert/IOCs/blob/main/Ukraine%20Network%20IOCs%20July%2020%202022.xlsx
- https://github.com/eset/malware-ioc/tree/master/badiis
- https://github.com/eset/malware-ioc/tree/master/quarterly_reports/2020_Q3
- https://github.com/executemalware/Malware-IOCs/blob/main/2021-11-17%20Unknown%20Loader
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-14%20JavaStealer%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-12%20Unknown%20Malware%20IOCs
- https://github.com/executemalware/Malware-IOCs/blob/main/2022-04-20%20Redline%20IOCs
- https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/anonymous.netset
- https://github.com/hvs-consulting/ioc_signatures/blob/main/M365_MFA_Phishing/HvS_M365_MFA_Phishing_2022-01_IOCs.csv
- https://github.com/hvs-consulting/ioc_signatures/blob/main/SiteCore_CVE-2021-42237/HvS_SiteCoreCVE-2021-42237_2021_11_IOCs.csv
- https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201901.csv
- https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201902.csv
- https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201903.csv
- https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201904.csv
- https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201905.csv
- https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201906.csv
- https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201907.csv
- https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201908.csv
- https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201909.csv
- https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201910.csv
- https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201911.csv
- https://github.com/JPCERTCC/phishurl-list/blob/main/2019/201912.csv
- https://github.com/LittleJake/ip-blacklist/blob/main/abuseipdb_blacklist_ip_score_75.txt
- https://github.com/LittleJake/ip-blacklist/blob/main/abuseipdb_blacklist_ip_score_100.txt
- https://github.com/LittleJake/ip-blacklist/blob/main/all_blacklist.txt
- https://github.com/MelihOzturk/cyber-security-ip-blacklist/blob/main/forbidden-zone.txt
- https://github.com/MelihOzturk/cyber-security-ip-blacklist/blob/main/log4j.txt
- https://github.com/MelihOzturk/cyber-security-ip-blacklist/blob/main/permanent-list.txt
- https://github.com/MelihOzturk/cyber-security-ip-blacklist/blob/main/tempory-list.txt
- https://github.com/mitchellkrogza/Suspicious.Snooping.Sniffing.Hacking.IP.Addresses/blob/master/ips.list
- https://github.com/scriptzteam/IP-BlockList-v4/blob/main/ips.txt
- https://github.com/SecOps-Institute/SpamhausIPLists/blob/master/drop.txt
- https://github.com/Skabunkel/banned-ip-addresses/blob/main/banned-ips.txt
- https://github.com/vishalyadav70/Proxy-Server/blob/main/proxy/blacklist.txt
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/Unknown
- https://helpdesk.kaseya.com/hc/en-gb/articles/4403584098961-Incident-Overview-Technical-Details
- https://isc.sans.edu/forums/diary/10+Most+Popular+Targeted+Ports+in+the+Past+3+Weeks/28242/
- https://isc.sans.edu/forums/diary/A+few+IoCs+related+to+CVE20205902/26378/
- https://isc.sans.edu/forums/diary/A+Good+Old+Equation+Editor+Vulnerability+Delivering+Malware/28368/
- https://isc.sans.edu/forums/diary/A+look+through+the+spam+filters+examining+waves+of+Upatre+malspam/20135/
- https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/
- https://isc.sans.edu/forums/diary/Active+Exploit+Attempts+Targeting+Recent+Citrix+ADC+Vulnerabilities+CTX276688/26330/
- https://isc.sans.edu/forums/diary/Actor+that+tried+Neutrino+exploit+kit+now+back+to+Angler/20075/
- https://isc.sans.edu/forums/diary/Actor+using+Angler+exploit+kit+switched+to+Neutrino/20059/
- https://isc.sans.edu/forums/diary/Adwind+another+payload+for+botnetbased+malspam/20041/
- https://isc.sans.edu/forums/diary/An+Alternative+to+Shodan+Censys+with+UserAgent+CensysInspect11/26718/
- https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/
- https://isc.sans.edu/forums/diary/Anatomy+of+a+Redis+mining+worm/23673/
- https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/
- https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
- https://isc.sans.edu/forums/diary/BizCN+gate+actor+changes+from+Fiesta+to+Nuclear+exploit+kit/19875/
- https://isc.sans.edu/forums/diary/Botnetbased+malicious+spam+seen+this+week/19807/
- https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
- https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/
- https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Overview+of+Observed+Payloads/25704/
- https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/
- https://isc.sans.edu/forums/diary/Crypto+community+target+of+MacOS+malware/23816/
- https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050/
- https://isc.sans.edu/forums/diary/Cryptojacking+Targeting+WebLogic+TCP7001/26768/
- https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/
- https://isc.sans.edu/forums/diary/CVE20190604+Attack/24952/
- https://isc.sans.edu/forums/diary/CVE20199670+Zimbra+Collaboration+Suite+XXE+vulnerability/27570/
- https://isc.sans.edu/forums/diary/DalexisCTBLocker+malspam+campaign/19641/
- https://isc.sans.edu/forums/diary/Detecting+XCodeGhost+Activity/20171/
- https://isc.sans.edu/forums/diary/DHLthemed+malspam+reveals+embedded+malware+in+animated+gif/23944/
- https://isc.sans.edu/forums/diary/Domaincop+malpsam/21821/
- https://isc.sans.edu/forums/diary/Email+attachment+using+CVE20178759+exploit+targets+Argentina/22850/
- https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/
- https://isc.sans.edu/forums/diary/Example+of+how+attackers+are+trying+to+push+crypto+miners+via+Log4Shell/28172/
- https://isc.sans.edu/forums/diary/Fake+browser+update+pages+are+still+a+thing/25774/
- https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/
- https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/
- https://isc.sans.edu/forums/diary/Google+ad+traffic+leads+to+stealer+packages+based+on+free+software/29376/
- https://isc.sans.edu/forums/diary/Guest+Diary+Xavier+Mertens+Playing+with+IP+Reputation+with+Dshield+OSSEC/19757/
- https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512/
- https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/
- https://isc.sans.edu/forums/diary/Honey+Pot+Entertainment+SSH/19121/
- https://isc.sans.edu/forums/diary/How+are+people+fooled+by+this+Email+to+sign+a+contract+provides+malware+instead/22696/
- https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/
- https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/
- https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/
- https://isc.sans.edu/forums/diary/Maldoc+Analysis+by+a+Reader/24694/
- https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/
- https://isc.sans.edu/forums/diary/Malicious+spam+continues+to+serve+zip+archives+of+javascript+files/19973/
- https://isc.sans.edu/forums/diary/Malicious+spam+Subject+RE+Bill/20417/
- https://isc.sans.edu/forums/diary/Malicious+spam+with+Word+document/20225/
- https://isc.sans.edu/forums/diary/Malicious+spam+with+zip+attachments+containing+js+files/20153/
- https://isc.sans.edu/forums/diary/Malspam+distributing+Troldesh+ransomware/21717/
- https://isc.sans.edu/forums/diary/Malspam+on+20170411+pushes+yet+another+ransomware+variant/22290/
- https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/22888/
- https://isc.sans.edu/forums/diary/Malspam+pushing+Quasar+RAT/25354/
- https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+docs+pushes+Hermes+ransomware/23920/
- https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+documents/22203/
- https://isc.sans.edu/forums/diary/Malspam+with+Word+docs+uses+macro+to+run+Powershell+script+and+steal+system+data/24564/
- https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/
- https://isc.sans.edu/forums/diary/Merry+XMas+ransomware+from+Sunday+20170108/21905/
- https://isc.sans.edu/forums/diary/More+malspam+using+passwordprotected+Word+docs/24262/
- https://isc.sans.edu/forums/diary/Not+so+FastCGI/26208/
- https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/
- https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
- https://isc.sans.edu/forums/diary/One+if+by+email+and+two+if+by+EK+The+Cerbers+are+coming/21823/
- https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/
- https://isc.sans.edu/forums/diary/Phishing+emails+for+fake+MyEtherWallet+login+page/23655/
- https://isc.sans.edu/forums/diary/Pivoting+and+Hunting+for+Shenanigans+from+a+Reported+Phishing+Domain/27710/
- https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/
- https://isc.sans.edu/forums/diary/Recent+Dridex+activity/19687/
- https://isc.sans.edu/forums/diary/Recent+example+of+MedusaHTTP+malware/25234/
- https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/
- https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245/
- https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/
- https://isc.sans.edu/forums/diary/Scanning+Activity+for+ZeroShell+Unauthenticated+Access/26368/
- https://isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/
- https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/
- https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Secure+Socket+Tunneling+Protocol/27622/
- https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/
- https://isc.sans.edu/forums/diary/Scanning+Home+Internet+Facing+Devices+to+Exploit/26340/
- https://isc.sans.edu/forums/diary/Searching+for+malspam/21145/
- https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/
- https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/
- https://isc.sans.edu/forums/diary/TR069+NewNTPServer+Exploits+What+we+know+so+far/21763/
- https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolkit+II/27664/
- https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolkit/27456/
- https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/
- https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/
- https://isc.sans.edu/forums/diary/Voice+Message+Notifications+Deliver+Ransomware/21397/
- https://isc.sans.edu/forums/diary/WebLogic+Exploited+in+the+Wild+Again/23617/
- https://isc.sans.edu/forums/diary/What+is+going+on+with+port+3333/23215/
- https://isc.sans.edu/forums/diary/Word+docs+with+macros+for+IcedID+Bokbot/26352/
- https://isc.sans.edu/forums/diary/XPCTRA+Malware+Steals+Banking+and+Digital+Wallet+Users+Credentials/22868/
- https://loreto.ccn-cert.cni.es/index.php/s/oDcNr5Jqqpd5cjn#editor
- https://news.drweb.com/show/?i=14451
- https://pastebin.com/PhnaB0ac
- https://research.checkpoint.com/2019/a-new-infostealer-campaign-targets-apac-windows-servers/
- https://research.checkpoint.com/2019/canadian-banks-targeted-in-a-massive-phishing-campaign/
- https://research.checkpoint.com/2019/the-eye-on-the-nile/
- https://research.checkpoint.com/2021/uyghurs-a-turkic-ethnic-minority-in-china-targeted-via-fake-foundations/
- https://research.checkpoint.com/2023/16th-january-threat-intelligence-report/
- https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479
- https://securityintelligence.com/ibm-x-force-iris-uncovers-active-business-email-compromise-campaign-targeting-fortune-500-companies/
- https://socprime.com/blog/stealthphish-investigation-528-domains-involved-in-bec-attack-against-fortune-500-companies/
- https://st.drweb.co.jp/static/new-www/news/2020/july/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf
- https://thedfirreport.com/2020/07/13/ransomware-again-but-we-changed-the-rdp-port/
- https://thedfirreport.com/2020/11/12/cryptominers-exploiting-weblogic-rce-cve-2020-14882/
- https://thedfirreport.com/2021/01/18/all-that-for-a-coinminer/
- https://thedfirreport.com/2021/02/28/laravel-debug-leaking-secrets/
- https://thedfirreport.com/2021/11/01/from-zero-to-domain-admin/
- https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/
- https://thedfirreport.com/2022/06/06/will-the-real-msiexec-please-stand-up-exploit-leads-to-data-exfiltration/
- https://twitter.com/bad_packets/status/1532844850298597376
- https://twitter.com/malwrhunterteam/status/1562741109171752960
- https://twitter.com/ShadowChasing1/status/1505893006070583301
- https://twitter.com/threatinsight/status/1532830739208732673
- https://twitter.com/threatinsight/status/1532831184522080256
- https://twitter.com/__0XYC__/status/1502593457201811459
- https://unit42.paloaltonetworks.com/cybersquatting/
- https://unit42.paloaltonetworks.com/digium-phones-web-shell/
- https://unit42.paloaltonetworks.com/exchange-server-credential-harvesting/
- https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
- https://unit42.paloaltonetworks.com/unit42-large-scale-monero-cryptocurrency-mining-operation-using-xmrig/
- https://us-cert.cisa.gov/ncas/alerts/aa20-225a
- https://us-cert.cisa.gov/ncas/analysis-reports/ar21-055a
- https://www.cisa.gov/uscert/ncas/alerts/AA19-024A
- https://www.cisa.gov/uscert/ncas/alerts/aa22-138b
- https://www.cisa.gov/uscert/ncas/alerts/aa22-174a
- https://www.fortiguard.com/psirt/FG-IR-22-398
- https://www.ironnet.com/hubfs/Threat%20Intelligence%20Monthly%20Reports/IronNet%20Threat%20Intelligence%20Brief_August%202021%20(1).pdf
- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/targeted-attacks-on-french-company-exploit-multiple-word-vulnerabilities/
- https://www.microsoft.com/en-us/security/blog/2022/09/29/zinc-weaponizing-open-source-software/
- https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/
- https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails
- https://www.threatminer.org/report.php?q=Compromise_Greece_Beijing.pdf&y=2014
- https://www.threatminer.org/report.php?q=FTA_1014_Bots_Machines_and_the_Matrix.pdf&y=2014
- https://www.threatminer.org/report.php?q=Targeted_Attacks_Lense_NGO.pdf&y=2014
- https://www.threatminer.org/report.php?q=The_Monju_Incident.pdf&y=2014
- https://www.trendmicro.com/content/dam/trendmicro/global/en/research/21/l/patch-now-apache-log4j-vulnerability-called-log4shell-being-actively-exploited/IOCs-PatchNow-Log4Shell-Vulnerability.txt
- https://www.trendmicro.com/de_de/research/22/i/a-post-exploitation-look-at-coinminers-abusing-weblogic-vulnerab.html
- https://www.trendmicro.com/en_us/research/21/k/analyzing-proxyshell-related-incidents-via-trend-micro-managed-x.html
- https://www.trendmicro.com/en_us/research/22/a/defending-systems-against-attacks-with-layers-of-remote-control.html
- https://www.wordfence.com/blog/2022/05/millions-of-attacks-target-tatsu-builder-plugin/
- https://www.wordfence.com/blog/2022/12/psa-yith-woocommerce-gift-cards-premium-plugin-exploited-in-the-wild/