CryptBot Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (174)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en142
sv6
fr6
ru6
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA72
RU: Russia14
DE: Germany12
CN: China4
IR: Iran4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

AsyncRAT6
Cobalt Strike5
Stealc5
Mirai5
Remcos5

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined84
Content Management System12
WordPress Plugin8
Programming Language Software8
Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined70
Microsoft4
Linux4
TOTOLINK4
ScienceLogic2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
PHPMailer4
WordPress4
PHP4
ScienceLogic SL12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042770.87CVE-2006-6168
2Check Point Quantum Gateway/Spark Gateway/CloudGuard Network Remote Access VPN information disclosure7.57.5$0-$5k$0-$5kAttackedNot definedverified0.943270.05CVE-2024-24919
3Fortinet FortiOS SSL-VPN out-of-bounds write9.89.7$100k and more$25k-$100kAttackedOfficial fixverified0.925160.00CVE-2024-21762
4TOTOLINK A860R downloadFile.cgi command injection7.67.5$0-$5k$0-$5kNot definedNot defined 0.014540.08CVE-2022-40475
5Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.002230.06CVE-2022-28507
6Phorum register.php sql injection7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.004310.00CVE-2004-2110
7ZLMediaKit HTTP API Interface hard-coded password7.57.4$0-$5k$0-$5kNot definedNot defined 0.003270.00CVE-2024-27488
8HuangDou UTCMS cli.php os command injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.804940.05CVE-2024-9916
9Tenda FH1203 WriteFacMac formWriteFacMac command injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.061000.06CVE-2024-2991
10Tenda AC15 WriteFacMac formWriteFacMac os command injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.046450.06CVE-2024-2812
11Adobe Bridge heap-based overflow7.06.9$5k-$25k$0-$5kNot definedOfficial fix 0.000290.07CVE-2025-27193
12Linux Kernel NILFS File System inode.c security_inode_alloc use after free8.38.1$25k-$100k$0-$5kNot definedOfficial fix 0.000140.00CVE-2022-2978
13itsourcecode Online Book Store edit_book.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000370.08CVE-2024-6008
14keerti1924 PHP-MYSQL-User-Login-System signup.php cross site scripting4.74.5$0-$5k$0-$5kProof-of-ConceptNot defined 0.001190.06CVE-2024-1700
15Qualcomm Snapdragon Auto GPU Kernel Driver code injection6.56.3$5k-$25k$0-$5kNot definedOfficial fix 0.002680.06CVE-2019-10567
16CCt99 Chichen Tech CMS Parameter product_list.php sql injection6.36.1$0-$5k$0-$5kNot definedNot defined 0.003030.06CVE-2020-28960
17ALPACA improper authentication5.65.4$0-$5k$0-$5kNot definedOfficial fix 0.004500.06CVE-2021-3618
18phpipam sql injection5.95.8$0-$5k$0-$5kNot definedOfficial fix 0.000640.08CVE-2023-1211
19PrestaShop Product Search sql injection7.17.0$0-$5k$0-$5kNot definedOfficial fix 0.003120.00CVE-2023-39524
20Microsoft .NET Framework Username Parser access control8.87.9$5k-$25k$0-$5kProof-of-ConceptOfficial fixexpected0.866320.06CVE-2011-3416

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • MustardSandwich

IOC - Indicator of Compromise (33)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
18.248.153.254Cryptbot10/16/2021verifiedLow
28.248.163.254Cryptbot10/16/2021verifiedLow
38.248.167.254Cryptbot10/16/2021verifiedLow
48.249.223.254Cryptbot10/16/2021verifiedLow
58.249.233.254Cryptbot10/16/2021verifiedLow
68.253.45.239Cryptbot10/16/2021verifiedLow
78.253.132.120Cryptbot10/16/2021verifiedLow
8X.XXX.XXX.XXXXxxxxxxx10/16/2021verifiedLow
9XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxx10/16/2021verifiedLow
10XX.XXX.XX.XXXxx-xx.xxxXxxxxxxx10/16/2021verifiedLow
11XX.XXX.X.Xxxxxx-xx-xxx-x-x.xxx.xxxx.xxxXxxxxxxx10/16/2021verifiedLow
12XX.XXX.X.XXXxxxxx-xx-xxx-x-xxx.xxx.xxxx.xxxXxxxxxxx10/16/2021verifiedLow
13XX.XX.XXX.XXXxxx.xxxXxxxxxxx12/09/2024verifiedVery High
14XX.XXX.XXX.XXXxxxxxxx01/31/2023verifiedMedium
15XX.XXX.XXX.XXXXxxxxxxx12/09/2024verifiedVery High
16XX.XX.XX.XXxxxxxx.xx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx10/16/2021verifiedVery Low
17XX.XX.XXX.XXxxxxx-x.xx-xxx.xxxxXxxxxxxx09/22/2024verifiedVery High
18XX.XXX.XXX.XXXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxXxxxxxxxxxxxxxx10/07/2024verifiedVery High
19XXX.XXX.XXX.XXXXxxxxxxx09/22/2024verifiedVery High
20XXX.XXX.XXX.XXxxxxxxx10/16/2021verifiedLow
21XXX.XXX.XX.XXXxxxxxxx12/09/2024verifiedVery High
22XXX.XXX.XX.XXXXxxxxxxx12/09/2024verifiedVery High
23XXX.XXX.XX.XXXXxxxxxxx12/09/2024verifiedVery High
24XXX.XXX.XX.XXXXxxxxxxx12/09/2024verifiedVery High
25XXX.X.XXX.XXxx-xx-xxxx.xxx-xxxxxxx.xxxXxxxxxxx10/16/2021verifiedVery Low
26XXX.XXX.XX.XXXXxxxxxxx12/24/2024verifiedVery High
27XXX.XXX.X.XXXxxxxxxx12/09/2024verifiedVery High
28XXX.XXX.X.XXXxxxxxxx12/09/2024verifiedVery High
29XXX.XXX.XX.XXXxxxxxxx12/09/2024verifiedVery High
30XXX.XXX.XXX.XXXxxxxxxx04/26/2025verifiedVery High
31XXX.XXX.XXX.XXxxxxxx-xx.xxxxxxxxxx.xxxXxxxxxxx12/09/2024verifiedHigh
32XXX.XXX.XX.XXXXxxxxxxx12/09/2024verifiedVery High
33XXX.XX.XXX.Xxx-xxx.xxxXxxxxxxx10/16/2021verifiedLow

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (86)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/apipredictiveLow
3File/auxpredictiveLow
4File/cgi-bin/downloadFile.cgipredictiveHigh
5File/ci_spms/admin/search/searching/predictiveHigh
6File/edit_book.phppredictiveHigh
7File/goform/WriteFacMacpredictiveHigh
8File/hospital/hms/admin/patient-search.phppredictiveHigh
9File/jsoa/hntdCustomDesktopActionContentpredictiveHigh
10File/modules/announcement/index.php?view=editpredictiveHigh
11File/port_3480/data_requestpredictiveHigh
12File/xxxxxx/xxxxxpredictiveHigh
13File/xxxxxx.xxxpredictiveMedium
14File/xxxxxxx/xxxxxxx_xxxxxxxxx/xxxx_xx_xxxxxxx.xxxpredictiveHigh
15File/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
18Filexxx_xxxx.xxxpredictiveMedium
19Filexxx/xxxxxxx/xx-xxx/xxxxx/xxx.xxxpredictiveHigh
20Filexxxxxx/xxxxxxx/xxxx/xxxxxxx/xxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
21Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
22Filexxx.xxxpredictiveLow
23Filexxx-xxxx.xxxpredictiveMedium
24Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
25Filexxx_xxxxxxx_xxxxxxxxx_xxxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxx_xxxxx.xxxpredictiveHigh
27Filexxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxx.xpredictiveMedium
29Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
30Filexxx/xxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx.xpredictiveLow
33Filexxxxxxxxxx/xxxxx.xxpredictiveHigh
34Filexxxxxxxxxx/xxxxx.xxpredictiveHigh
35Filexxxxxxx.xxpredictiveMedium
36Filexxxxxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
37Filexx-xxxxx/xxxxx.xxx?xxx=xxxx&xxx=xxxxxxpredictiveHigh
38Filexxxxxxx_xxxx.xxxpredictiveHigh
39Filexxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxx_xxxxxxxx.xxxpredictiveHigh
42Filexxxx_xxxxxx.xxxpredictiveHigh
43FilexxxxxxpredictiveLow
44Filexxxx-xxxxxxxx.xxxpredictiveHigh
45Filexxx.xpredictiveLow
46Filexxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
48Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxxxx.xxxpredictiveHigh
49Filexx-xxxxx/xxxx.xxxpredictiveHigh
50Libraryxxx/xxxx_xxxxxxx.xpredictiveHigh
51Argumentxxx_xxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxxxpredictiveLow
54ArgumentxxxxxpredictiveLow
55ArgumentxxxxxxxxxxxxxxxpredictiveHigh
56Argumentxxxxxx-xxpredictiveMedium
57ArgumentxxxxpredictiveLow
58ArgumentxxxxxxxxxxpredictiveMedium
59ArgumentxxxxpredictiveLow
60Argumentxxxxxx_xxx_xxpredictiveHigh
61Argumentxxxx_xxxxxpredictiveMedium
62ArgumentxxpredictiveLow
63Argumentxx/xxxpredictiveLow
64ArgumentxxxxxpredictiveLow
65ArgumentxxxxxxxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxxxpredictiveLow
68ArgumentxxxxxxxxpredictiveMedium
69ArgumentxxxpredictiveLow
70ArgumentxxxxpredictiveLow
71ArgumentxxxxpredictiveLow
72ArgumentxxxxxxxpredictiveLow
73Argumentxxxxxx/xxxxxx/xxxxxx/xxxxxpredictiveHigh
74Argumentxxxx xxxxpredictiveMedium
75ArgumentxxxxxxxxxpredictiveMedium
76ArgumentxxxxxxpredictiveLow
77Argumentxxxxxx xx xxxxxxx xxxxpredictiveHigh
78ArgumentxxxxxxpredictiveLow
79ArgumentxxpredictiveLow
80ArgumentxxxxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxpredictiveLow
83Input Value"><xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
84Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
85Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
86Network PortxxxpredictiveLow

References (6)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!