Cryptbot Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (15)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	14
ar	2

Country

de	12
us	2

Actors

Vidar	1
RecordBreaker	1
Ave Maria	1
RedLine	1
Mirai	1

Activities

Interest

Timeline

Type

Not Defined	10
Virtualization Software	2
Network Management Software	2
Network Authentication Software	2

Vendor

Not Defined	6
TOTOLINK	4
VMware	2
IBM	2
Apache	2

Product

libvirt	2
OpenX	2
Zabbix	2
TOTOLINK EX300	2
TOTOLINK A800R	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	perfSONAR file URL Privilege Escalation	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00075	0.00	CVE-2022-45213
2	La-souris-verte Com Svmap index.php path traversal	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01334	0.00	CVE-2010-1308
3	OpenX adclick.php redirect	5.3	4.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00440	0.24	CVE-2014-2230
4	Goahead Software Webserver HTTP Request aux denial of service	5.3	4.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.06949	0.00	CVE-2001-0385
5	Facebook WhatsApp Video Call heap-based overflow	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00435	0.02	CVE-2022-36934
6	SourceCodester Simple Parking Management System cross site scripting	3.9	3.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00054	0.06	CVE-2022-2363
7	Snipe-IT Update Branding Settings unrestricted upload	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.00	CVE-2022-32060
8	TOTOLINK EX300 MQTT Data Packet setLanguageCfg command injection	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.17797	0.00	CVE-2022-32449
9	IBM Security Access Manager Appliance inadequate encryption	5.7	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00106	0.02	CVE-2022-22464
10	Apache Commons Configuration Variable Interpolation Privilege Escalation	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.27601	0.03	CVE-2022-33980
11	TOTOLINK A800R/A810R/A830R/A950RG/A3000RU/A3100R command injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00706	0.00	CVE-2022-28935
12	Huawei ACXXXX/SXXXX SSH Packet input validation	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00246	0.07	CVE-2014-8572
13	libvirt libxl Driver locking	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2021-4147
14	Zabbix SAML authentication spoofing	8.2	8.2	$0-$5k	$0-$5k	High	Not Defined	0.97186	0.00	CVE-2022-23131
15	VMware Spring Framework neutralization for logs	4.5	4.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00079	0.00	CVE-2021-22096

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	8.248.153.254		Cryptbot	10/16/2021	verified	High
2	8.248.163.254		Cryptbot	10/16/2021	verified	High
3	8.248.167.254		Cryptbot	10/16/2021	verified	High
4	8.249.223.254		Cryptbot	10/16/2021	verified	High
5	X.XXX.XXX.XXX		Xxxxxxxx	10/16/2021	verified	High
6	X.XXX.XX.XXX		Xxxxxxxx	10/16/2021	verified	High
7	X.XXX.XXX.XXX		Xxxxxxxx	10/16/2021	verified	High
8	X.XXX.XXX.XXX		Xxxxxxxx	10/16/2021	verified	High
9	XX.XXX.XXX.XXX	xxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx	10/16/2021	verified	Medium
10	XX.XXX.XX.XXX	xx-xx.xxx	Xxxxxxxx	10/16/2021	verified	High
11	XX.XXX.X.X	xxxxx-xx-xxx-x-x.xxx.xxxx.xxx	Xxxxxxxx	10/16/2021	verified	High
12	XX.XXX.X.XXX	xxxxx-xx-xxx-x-xxx.xxx.xxxx.xxx	Xxxxxxxx	10/16/2021	verified	High
13	XX.XXX.XXX.XX		Xxxxxxxx	01/31/2023	verified	High
14	XX.XX.XX.XX	xxxxxx.xx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxxx	10/16/2021	verified	High
15	XXX.XXX.XXX.X		Xxxxxxxx	10/16/2021	verified	High
16	XXX.X.XXX.XX	xx-xx-xxxx.xxx-xxxxxxx.xxx	Xxxxxxxx	10/16/2021	verified	High
17	XXX.XX.XXX.X	xx-xxx.xxx	Xxxxxxxx	10/16/2021	verified	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
4	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
5	TXXXX	CAPEC-112	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/aux	predictive	Low
2	File	/ci_spms/admin/search/searching/	predictive	High
3	File	xxxxxxx.xxx	predictive	Medium
4	File	xxxxx.xxx	predictive	Medium
5	Argument	xxxxxxxxxx	predictive	Medium
6	Argument	xxxx	predictive	Low
7	Argument	xxxxxxxx	predictive	Medium
8	Argument	xxxxxx	predictive	Low
9	Input Value	"><xxxxxx>xxxxx("xxx")</xxxxxx>	predictive	High

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!