Saint Bot 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (205)

タイムライン

言語

en178
fr14
pl4
de4
it2

国・地域

us62
fr14
ru12
it2
es2

アクター

Saint Bot4
Cobalt Strike2
RedLine Stealer2
Prophet Spider1
Mirai1

アクティビティ

関心

タイムライン

タイプ

Not Defined78
Content Management System20
Programming Language Software12
Router Operating System6
Photo Gallery Software4

ベンダー

Not Defined62
Microsoft6
Adobe4
Cisco4
Francisco Burzi2

製品

LibreNMS4
Microsoft Windows4
Adobe ColdFusion4
MeGaCheatZ2
WordPress2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1HP SAN/iQ hydra.exe 特権昇格4.33.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002830.00CVE-2012-4362
2Hydra HTTP Header read.c process_header_end サービス拒否6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001170.02CVE-2019-17502
3IW Guestbook badwords_edit.asp SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
4Hydra 弱い認証5.75.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.00CVE-2020-5300
5PHPGurukul Hospital Management System dashboard.php 特権昇格5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.006670.04CVE-2020-35745
6OmniSecure AddUrlShield index.php SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.06
7ORY Hydra error Reflected クロスサイトスクリプティング5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2019-8400
8phpLinkat showcat.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.001020.00CVE-2008-3406
9SourceCodester Customer Relationship Management login.php SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.006450.00CVE-2021-43130
10moziloCMS download.php ディレクトリトラバーサル5.34.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.015780.00CVE-2008-3589
11Sam Crew MyBlog games.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.006090.00CVE-2007-1990
12HP SAN/iQ Login hydra.exe メモリ破損10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.486430.00CVE-2011-4157
13HP LeftHand Virtual SAN Appliance hydra メモリ破損10.09.5$25k-$100k$0-$5kHighOfficial Fix0.787330.00CVE-2013-2343
14spip Login spip_login.php3 特権昇格7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.050540.04CVE-2006-1702
15Linksys WVC11B main.cgi クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.015690.00CVE-2004-2508
16Jelsoft impex ImpExData.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.043170.04CVE-2006-1382
17PHP php URL error_log 特権昇格6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000690.03CVE-2006-3011
18Cisco Linksys EA2700 URL 情報の漏洩4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.00
19MidiCart PHP Shopping Cart item_show.php SQLインジェクション6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
20PHP URL Validation filter_var 特権昇格5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.005600.04CVE-2020-7071

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
131.42.185.63fvr.xyzSaint Bot2024年02月12日verified
2XX.XXX.XXX.XXXxxxx Xxx2024年02月12日verified
3XXX.XXX.XXX.XXXXxxxx Xxx2024年02月12日verified
4XXX.XX.XXX.XXXxxxxxxx.xxx.xxXxxxx Xxx2024年02月12日verified
5XXX.XXX.XXX.XXXXxxxx Xxx2024年02月12日verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4TXXXXCAPEC-242CWE-XXXxxxxxxx Xxxxxxxxxpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (155)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/+CSCOE+/logon.htmlpredictive
2File/admin/login.phppredictive
3File/adminPage/main/uploadpredictive
4File/cwc/loginpredictive
5File/includes/rrdtool.inc.phppredictive
6File/intern/controller.phppredictive
7File/iwguestbook/admin/badwords_edit.asppredictive
8File/iwguestbook/admin/messages_edit.asppredictive
9File/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.phppredictive
10File/www/ping_response.cgipredictive
11Fileadmin.phppredictive
12Fileadmin/dashboard.phppredictive
13Fileadmin/gallery.phppredictive
14Fileadmin/manage-departments.phppredictive
15Fileadmin/sellerupd.phppredictive
16Fileadmin/vqmods.app/vqmods.inc.phppredictive
17Fileadministrator/logviewer/searchlog.cfmpredictive
18Filebackend/utilities/terminal.jspredictive
19Filebb_usage_stats.phppredictive
20Fileboard.phppredictive
21Filexxxxx.xxxpredictive
22Filexxx.xxxpredictive
23Filexxxxxxxx.xxxpredictive
24Filexxx-xxxx.xxxpredictive
25Filexxx-xxx/xxxxxxxxxxxx.xxxpredictive
26Filexxxx_xxxxxxxx/xx.xxxpredictive
27Filexxxxxx.xxx.xxxpredictive
28Filexxxxxxxx/xxxxx.xxxpredictive
29Filexxxxxxxxx.xxx.xxxpredictive
30Filexxxxxx.xxxpredictive
31Filexxxxxxx.xxxpredictive
32Filexxxxxxx.xxxpredictive
33Filexxxxxxxx.xxxpredictive
34Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxxxxxxx/xxx.xpredictive
35Filexxxxx.xxxpredictive
36Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictive
37Filexxxxxxx.xxxpredictive
38Filexxxxx.xxxpredictive
39Filexxxxxxx.xxxpredictive
40Filexxxx_xxxxxxx.xxx.xxxpredictive
41Filexxxx/xxxxx/xxxxxxx.xxx.xxxpredictive
42Filexxxxx.xxxpredictive
43Filexxxxxxxxx.xxxpredictive
44Filexxx.xxxpredictive
45Filexxxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictive
46Filexxxxxxxx/xxxxxxxx.xxx.xxxpredictive
47Filexxxxx.xxxpredictive
48Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictive
49Filexxxxxx.xxxpredictive
50Filexxxx.xxxxpredictive
51Filexxxxxxxxxx.xxxpredictive
52Filexxxx_xxxxxxx.xxxxpredictive
53Filexxxx_xxxx.xxxpredictive
54Filexxxx.xxxpredictive
55Filexxxxx.xxxpredictive
56Filexxxxx.xxxpredictive
57Filexxxxx_xx.xxxxpredictive
58Filexxxx.xxxpredictive
59Filexxxx.xxxpredictive
60Filexxxxxx.xxxpredictive
61Filexxxxxxx/xxxxxxxx/xxxxx.xxxpredictive
62Filexxxxxx/xxxxxxxxx/xxxxxpredictive
63Filexxx_xxxx.xxx.xxxpredictive
64Filexxxxx.xxxpredictive
65Filexxxx/xxxxx.xxxpredictive
66Filexxxxxxx.xxxpredictive
67Filexxxxxxxxxx.xxx.xxxpredictive
68Filexxxx/xxxxxxxxx.xxxpredictive
69Filexxxx.xpredictive
70Filexxxxxxxxxxxx-xxxx.xxxxpredictive
71Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictive
72Filexxxxxxxx.xxxpredictive
73Filexxxx.xxxpredictive
74Filexxxxxxxx.xxxpredictive
75Filexxxx-xxx.xxxpredictive
76Filexxxxxxx.xxxpredictive
77Filexxxxxxxxxxx.xxxpredictive
78Filexxxxxxxxx/xxxxxxxx.xxxpredictive
79Filexxxx_xxxxx.xxxxpredictive
80Filexxxx.xxxpredictive
81Filexxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictive
82Filexxxxxx.xxxpredictive
83Filexxxxxxxx.xxxpredictive
84Filexxxxxxxxx.xxxpredictive
85Filexxxxxxx.xxxpredictive
86Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxpredictive
87Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictive
88Filexx-xxxxx.xxxpredictive
89Filexxxxxxxxxxxx.xxxpredictive
90Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictive
91Argument$_xxxxxpredictive
92Argument$_xxxx['xxxxxxxxx']predictive
93Argument$_xxxxxx['xxxxxx_xxxx']predictive
94Argumentxxxxxxxpredictive
95Argumentxxxxxxxpredictive
96Argumentxxxx_xxxpredictive
97Argumentxx_xxxx_xxxxpredictive
98Argumentxxxxxxpredictive
99Argumentxxxpredictive
100Argumentxxxxxxxxxxpredictive
101Argumentxxxxxpredictive
102Argumentxxxxxpredictive
103Argumentxxx_xxpredictive
104Argumentxxx[xxxxxx][xxxxxxxxx]predictive
105Argumentxxxpredictive
106Argumentxxxxxxxxxxxxxxxpredictive
107Argumentxxxxxxxxxpredictive
108Argumentxxxx_xxpredictive
109Argumentxxxxxxxpredictive
110Argumentxxxxxxxxxxxpredictive
111Argumentxxxxxxx-xxxxxxpredictive
112Argumentxxxx_xxxpredictive
113Argumentxxxxxx_xxpredictive
114Argumentxxxxx_xxxxpredictive
115Argumentxxxxxpredictive
116Argumentxxxxpredictive
117Argumentxxxxxxpredictive
118Argumentxxxxxxpredictive
119Argumentxxxxxx$xxxxxpredictive
120Argumentxxxxxxx[xx_xxx_xxxx]predictive
121Argumentxxxxpredictive
122Argumentxxpredictive
123Argumentxxxxxpredictive
124Argumentxx_xxxxpredictive
125Argumentxxxxxxpredictive
126Argumentxxxxxxpredictive
127Argumentxxxxpredictive
128Argumentxxxxxxxxxpredictive
129Argumentxxxxxxpredictive
130Argumentxxx_xxxxxxx_xxxpredictive
131Argumentxxxxxxxxxpredictive
132Argumentxxxx[xxxxx]predictive
133Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
134Argumentxxxx/xxxxxpredictive
135Argumentxxxx_xxxxpredictive
136Argumentxxxxxxxxpredictive
137Argumentxxxxx_xxxx_xxxxpredictive
138Argumentxxxx_xxpredictive
139Argumentxx_xxxxpredictive
140Argumentxxxxxxpredictive
141Argumentxxxxxxpredictive
142Argumentxxxxxpredictive
143Argumentxxxxpredictive
144Argumentxxxxxxxxpredictive
145Argumentxxxxxpredictive
146Argumentxxxxxxpredictive
147Argumentxxxxxxxxpredictive
148Argumentxxxxxxxxxxpredictive
149Argumentxxxxxpredictive
150Argumentxxxxxxpredictive
151Argumentxxxxxxxxpredictive
152Argument\xxxxxx\predictive
153Argument_xxxx[_xxx_xxxx_xxxxpredictive
154Input Value../predictive
155Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!