Update

actors/APT10/README.md

@@ -63,12 +63,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...
 
-There are 3 more TTP items available. Please use our online service to access the data.
+There are 15 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
@@ -107,8 +108,7 @@ ID | Type | Indicator | Confidence
 29 | File | `admin/pageUploadCSV.php` | High
 30 | File | `ajax_udf.php` | Medium
 31 | File | `AppCompatCache.exe` | High
-32 | File | `application.js.php` | High
-33 | ... | ... | ...
+32 | ... | ... | ...
 
 There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 

actors/APT17/README.md

@@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...
 
-There are 4 more country items available. Please use our online service to access the data.
+There are 5 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 

actors/APT2/README.md

@@ -42,12 +42,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
-3 | T1211 | CWE-254 | 7PK Security Features | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
 
-There are 1 more TTP items available. Please use our online service to access the data.
+There are 6 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 

actors/APT28/README.md

@@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * ...
 
-There are 4 more country items available. Please use our online service to access the data.
+There are 3 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -111,13 +111,13 @@ ID | Type | Indicator | Confidence
 6 | File | `/medical/inventories.php` | High
 7 | File | `/mgmt/tm/util/bash` | High
 8 | File | `/monitoring` | Medium
-9 | File | `/plugins/servlet/audit/resource` | High
-10 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
-11 | File | `/REBOOTSYSTEM` | High
-12 | File | `/replication` | Medium
-13 | File | `/reports/rwservlet` | High
-14 | File | `/RestAPI` | Medium
-15 | File | `/tmp` | Low
+9 | File | `/plugin/LiveChat/getChat.json.php` | High
+10 | File | `/plugins/servlet/audit/resource` | High
+11 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
+12 | File | `/REBOOTSYSTEM` | High
+13 | File | `/replication` | Medium
+14 | File | `/reports/rwservlet` | High
+15 | File | `/RestAPI` | Medium
 16 | File | `/tmp/speedtest_urls.xml` | High
 17 | File | `/tmp/zarafa-vacation-*` | High
 18 | File | `/uncpath/` | Medium
@@ -127,15 +127,14 @@ ID | Type | Indicator | Confidence
 22 | File | `/var/run/watchman.pid` | High
 23 | File | `/wp-json/wc/v3/webhooks` | High
 24 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
-25 | File | `admin/app/mediamanager` | High
-26 | File | `admin\model\catalog\download.php` | High
-27 | File | `afr.php` | Low
-28 | File | `apcupsd.pid` | Medium
-29 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
-30 | File | `api/sms/send-sms` | High
-31 | ... | ... | ...
-
-There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+25 | File | `AdxDSrv.exe` | Medium
+26 | File | `afr.php` | Low
+27 | File | `apcupsd.pid` | Medium
+28 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
+29 | File | `api/sms/send-sms` | High
+30 | ... | ... | ...
+
+There are 258 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT29/README.md

@@ -20,11 +20,11 @@ There are 1 more campaign items available. Please use our online service to acce
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT29:
 
 * [CN](https://vuldb.com/?country.cn)
-* [US](https://vuldb.com/?country.us)
 * [ES](https://vuldb.com/?country.es)
+* [US](https://vuldb.com/?country.us)
 * ...
 
-There are 21 more country items available. Please use our online service to access the data.
+There are 16 more country items available. Please use our online service to access the data.
 
 ## IOC - Indicator of Compromise
 
@@ -67,7 +67,8 @@ ID | Technique | Weakness | Description | Confidence
 2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
-5 | ... | ... | ... | ...
+5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+6 | ... | ... | ... | ...
 
 There are 18 more TTP items available. Please use our online service to access the data.
 
@@ -83,38 +84,34 @@ ID | Type | Indicator | Confidence
 4 | File | `/admin/login.php` | High
 5 | File | `/admin/produts/controller.php` | High
 6 | File | `/Ap4RtpAtom.cpp` | High
-7 | File | `/bcms/admin/?page=user/list` | High
-8 | File | `/bsms/?page=manage_account` | High
-9 | File | `/cgi-bin/login.cgi` | High
-10 | File | `/ci_hms/massage_room/edit/1` | High
-11 | File | `/context/%2e/WEB-INF/web.xml` | High
-12 | File | `/dashboard/reports/logs/view` | High
-13 | File | `/debug/pprof` | Medium
-14 | File | `/fuel/index.php/fuel/logs/items` | High
-15 | File | `/fuel/sitevariables/delete/4` | High
-16 | File | `/goform/aspForm` | High
-17 | File | `/hocms/classes/Master.php?f=delete_collection` | High
-18 | File | `/hprms/admin/doctors/manage_doctor.php` | High
-19 | File | `/index/jobfairol/show/` | High
-20 | File | `/librarian/bookdetails.php` | High
-21 | File | `/mgmt/tm/util/bash` | High
-22 | File | `/monitoring` | Medium
-23 | File | `/ms/cms/content/list.do` | High
-24 | File | `/new` | Low
-25 | File | `/orms/` | Low
-26 | File | `/plesk-site-preview/` | High
-27 | File | `/proc/<pid>/status` | High
-28 | File | `/public/plugins/` | High
-29 | File | `/school/model/get_admin_profile.php` | High
-30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-31 | File | `/secure/QueryComponent!Default.jspa` | High
-32 | File | `/simple_chat_bot/admin/?page=user/manage_user` | High
-33 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-34 | File | `/student-grading-system/rms.php?page=grade` | High
-35 | File | `/timeline2.php` | High
-36 | ... | ... | ...
-
-There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+7 | File | `/app/options.py` | High
+8 | File | `/bcms/admin/?page=user/list` | High
+9 | File | `/bsms/?page=manage_account` | High
+10 | File | `/cgi-bin/login.cgi` | High
+11 | File | `/ci_hms/massage_room/edit/1` | High
+12 | File | `/context/%2e/WEB-INF/web.xml` | High
+13 | File | `/dashboard/reports/logs/view` | High
+14 | File | `/debug/pprof` | Medium
+15 | File | `/etc/hosts` | Medium
+16 | File | `/fuel/index.php/fuel/logs/items` | High
+17 | File | `/fuel/sitevariables/delete/4` | High
+18 | File | `/goform/aspForm` | High
+19 | File | `/hocms/classes/Master.php?f=delete_collection` | High
+20 | File | `/hprms/admin/doctors/manage_doctor.php` | High
+21 | File | `/index/jobfairol/show/` | High
+22 | File | `/librarian/bookdetails.php` | High
+23 | File | `/mgmt/tm/util/bash` | High
+24 | File | `/ms/cms/content/list.do` | High
+25 | File | `/new` | Low
+26 | File | `/orms/` | Low
+27 | File | `/plesk-site-preview/` | High
+28 | File | `/proc/<PID>/mem` | High
+29 | File | `/proc/<pid>/status` | High
+30 | File | `/public/plugins/` | High
+31 | File | `/school/model/get_admin_profile.php` | High
+32 | ... | ... | ...
+
+There are 273 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References
 

actors/APT31/README.md

@@ -30,7 +30,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1222 | CWE-275 | Permission Issues | High
+1 | T1006 | CWE-22 | Pathname Traversal | High
+2 | T1059 | CWE-94 | Cross Site Scripting | High
+3 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
+4 | ... | ... | ... | ...
+
+There are 5 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 

actors/APT32/README.md

@@ -50,12 +50,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ... | ...
+1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
+2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+3 | T1055 | CWE-74 | Injection | High
+4 | T1059 | CWE-94 | Cross Site Scripting | High
+5 | ... | ... | ... | ...
 
-There are 6 more TTP items available. Please use our online service to access the data.
+There are 18 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 

actors/APT33/README.md

@@ -17,8 +17,8 @@ The following _campaigns_ are known and can be associated with APT33:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
 
 * [PT](https://vuldb.com/?country.pt)
-* [FR](https://vuldb.com/?country.fr)
 * [SV](https://vuldb.com/?country.sv)
+* [DE](https://vuldb.com/?country.de)
 * ...
 
 There are 7 more country items available. Please use our online service to access the data.
@@ -55,53 +55,49 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
-2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
+2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
 3 | T1055 | CWE-74 | Injection | High
 4 | T1059 | CWE-94 | Cross Site Scripting | High
 5 | ... | ... | ... | ...
 
-There are 16 more TTP items available. Please use our online service to access the data.
+There are 17 more TTP items available. Please use our online service to access the data.
 
 ## IOA - Indicator of Attack
 
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by APT33. This data is unique as it uses our predictive model for actor profiling.
 
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `../FILEDIR` | Medium
-2 | File | `/(((a\2)|(a*)\g&lt/-1&gt/))*/` | High
-3 | File | `/admin/?page=system_info/contact_info` | High
-4 | File | `/admin/add_post.php` | High
-5 | File | `/admin/conferences/list/` | High
-6 | File | `/admin/dl_sendmail.php` | High
-7 | File | `/admin/featured.php` | High
-8 | File | `/admin/general.cgi` | High
-9 | File | `/admin/general/change-lang` | High
-10 | File | `/admin/renewaldue.php` | High
-11 | File | `/admin/showbad.php` | High
-12 | File | `/admin/ztliuyan_sendmail.php` | High
-13 | File | `/ajax/config_rollback/` | High
-14 | File | `/ajax/remove_sniffer_raw_log/` | High
-15 | File | `/Ap4RtpAtom.cpp` | High
-16 | File | `/bcms/admin/?page=reports/daily_sales_report` | High
-17 | File | `/bsms/?page=manage_account` | High
-18 | File | `/car-rental-management-system/admin/manage_booking.php` | High
-19 | File | `/car-rental-management-system/admin/manage_user.php` | High
-20 | File | `/category.php` | High
-21 | File | `/cgi-bin` | Medium
-22 | File | `/checklogin.jsp` | High
-23 | File | `/ci_hms/massage_room/edit/1` | High
-24 | File | `/classes/Master.php?f=delete_schedule` | High
-25 | File | `/dashboard/blocks/stacks/view_details/` | High
-26 | File | `/ffos/admin/sales/receipt.php` | High
-27 | File | `/goform/aspForm` | High
-28 | File | `/goform/RgDhcp` | High
-29 | File | `/goform/RgUrlBlock.asp` | High
-30 | File | `/hprms/admin/rooms/manage_room.php` | High
-31 | File | `/hprms/admin/rooms/view_room.php` | High
-32 | ... | ... | ...
-
-There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+1 | File | `/(((a\2)|(a*)\g&lt/-1&gt/))*/` | High
+2 | File | `/admin/conferences/list/` | High
+3 | File | `/admin/dl_sendmail.php` | High
+4 | File | `/admin/featured.php` | High
+5 | File | `/admin/general.cgi` | High
+6 | File | `/admin/general/change-lang` | High
+7 | File | `/admin/renewaldue.php` | High
+8 | File | `/admin/showbad.php` | High
+9 | File | `/admin/ztliuyan_sendmail.php` | High
+10 | File | `/ajax/config_rollback/` | High
+11 | File | `/ajax/remove_sniffer_raw_log/` | High
+12 | File | `/bsms/?page=manage_account` | High
+13 | File | `/category.php` | High
+14 | File | `/ci_hms/massage_room/edit/1` | High
+15 | File | `/ci_spms/admin/category` | High
+16 | File | `/classes/Master.php?f=delete_schedule` | High
+17 | File | `/dashboard/blocks/stacks/view_details/` | High
+18 | File | `/dashboard/menu-list.php` | High
+19 | File | `/dev/pts/` | Medium
+20 | File | `/ffos/classes/Master.php?f=save_category` | High
+21 | File | `/film-rating.php` | High
+22 | File | `/jfinal_cms/system/dict/list` | High
+23 | File | `/list` | Low
+24 | File | `/mnotice.php?id=2` | High
+25 | File | `/orrs/admin/reservations/view_details.php` | High
+26 | File | `/pms/admin/actions/manage_action.php` | High
+27 | File | `/pms/admin/inmates/view_inmate.php` | High
+28 | ... | ... | ...
+
+There are 240 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 
 ## References