Ircbot Analysis

IOB - Indicator of Behavior (108)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en94
fr6
de2
it2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ca66
us16
de6
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cybergate1
Chthonic1
VertexNet1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined44
Programming Language Software10
Web Browser8
Firewall Software6
Web Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined22
Oracle10
Cisco6
Microsoft6
IBM4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Oracle Java SE6
JFrog Artifactory2
EmbedThis GoAhead2
Oracle Communications Cloud Native Core Network Fu ...2
Cisco Unity Connection2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.560.25090CVE-2017-0055
2Omron CX-One CX-Programmer Password Storage information disclosure5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2015-0988
3JFrog Artifactory Pro SAML SSO Signature Validator signature verification8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.01018CVE-2018-19971
4IBM QRadar SIEM improper authentication7.77.7$5k-$25k$5k-$25kNot DefinedNot Defined0.060.00890CVE-2019-4210
5Audacity DLL Loader avformat-55.dll access control6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01102CVE-2017-1000010
6Banana Dance search.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.040.01136CVE-2011-5175
7MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.720.02800CVE-2007-0354
8Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined4.440.00000
9E-Blah Platinum Routines.pl cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.060.01974CVE-2006-0829
10FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.220.01213CVE-2008-5928
11centreon Contact Groups Form formContactGroup.php sql injection6.35.8$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2022-3827
12Oracle Communications Cloud Native Core Network Function Cloud Native Environment Configuration information disclosure5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01547CVE-2021-3426
13F5 BIG-IP vCMP Hypervisor cleartext storage3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2019-6670
14Apple QuickTime memory corruption7.36.6$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.050.05701CVE-2015-5751
15Oracle Java SE JAXP denial of service5.35.1$5k-$25kCalculatingNot DefinedOfficial Fix0.030.04358CVE-2015-4893
16McAfee Endpoint Security Installer EPSetup.exe code injection5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.030.00885CVE-2019-3652
17HP 3PAR Service Processor SP information disclosure4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.020.01055CVE-2015-5443
18IBM DB2 link following7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00950CVE-2018-1781
19windows-selenium-chromedriver Download cryptographic issues6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.040.01156CVE-2016-10687
203PAR Service Processor path traversal6.46.1$0-$5kCalculatingNot DefinedOfficial Fix0.000.00885CVE-2018-7098

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
135.229.93.4646.93.229.35.bc.googleusercontent.comIrcbotverifiedMedium
235.231.151.77.151.231.35.bc.googleusercontent.comIrcbotverifiedMedium
364.70.19.203mailrelay.203.website.wsIrcbotverifiedHigh
469.49.96.16hostingc6-4.megawebservers.comIrcbotverifiedHigh
5XX.XX.XX.XXXxxx.x.xxXxxxxxverifiedHigh
6XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxverifiedHigh
7XX.XXX.XXX.XXXxxxxxverifiedHigh
8XX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
9XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xxxxxx.xxxxxxxxxxxx.xxxxxx.xxxXxxxxxverifiedHigh
10XXX.X.XXX.XXxxxxxxxxx.xxxx.xxXxxxxxverifiedHigh
11XXX.XX.X.XXXXxxxxxverifiedHigh
12XXX.XXX.XXX.XXXXxxxxxverifiedHigh
13XXX.XX.XXX.XXxxxxxverifiedHigh
14XXX.XX.XXX.XXxxxx-xxxxxx-xx-xxxxxxxxx-xx.xxxxx.xxXxxxxxverifiedHigh
15XXX.X.XXX.XXXxxxxxverifiedHigh
16XXX.XX.XX.XXXxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
17XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
18XXX.XXX.XXX.XXxxxx-xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
19XXX.XXX.XX.XXXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (65)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/catcompany.phppredictiveHigh
2File/proc/self/cwdpredictiveHigh
3File/uncpath/predictiveMedium
4File/wp-admin/options-general.phppredictiveHigh
5Fileadmin/movieview.phppredictiveHigh
6Fileadmincp/attachment.phppredictiveHigh
7Fileauth2-chall.cpredictiveHigh
8Filebase/ttinterp.cpredictiveHigh
9Filexxx.xpredictiveLow
10Filexxxxx.xxxpredictiveMedium
11Filexxxx/xxxxxxxx.xxpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxxxxx/xxx/xxx.xxx.xxxpredictiveHigh
18Filexxxxxxxxxxxx.xxxpredictiveHigh
19Filexx_xxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
22Filexxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxx_xxxxxxx.xxxpredictiveHigh
24Filexxxxxx.xpredictiveMedium
25Filexxxxxxx.xpredictiveMedium
26Filexxxxx.xxxpredictiveMedium
27Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
28Filexxxxxx.xxxpredictiveMedium
29Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
31Filexxxx_xxxx.xxxpredictiveHigh
32Filexxxxxx.xxxpredictiveMedium
33Filexxxxxxxx/xxxxxxxxxx.xpredictiveHigh
34Filexxx.xxxxxxxx.xxxpredictiveHigh
35Libraryxxxxxxxx.xxxpredictiveMedium
36Libraryxxxxxxxx-xx.xxxpredictiveHigh
37Libraryxxxxxxx.xxxpredictiveMedium
38Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
39ArgumentxxxxxxxxpredictiveMedium
40ArgumentxxxxxxxxxxpredictiveMedium
41ArgumentxxxxxxxxxxpredictiveMedium
42Argumentxxx_xxpredictiveLow
43Argumentxx_xxpredictiveLow
44Argumentxxxx_xxpredictiveLow
45ArgumentxxxxxxxxpredictiveMedium
46Argumentxxxx/xxxx/xxxxxxxxxpredictiveHigh
47ArgumentxxxxxxxxpredictiveMedium
48ArgumentxxxxpredictiveLow
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxxxxxpredictiveLow
51ArgumentxxxxxxpredictiveLow
52ArgumentxxpredictiveLow
53ArgumentxxxxxxxpredictiveLow
54ArgumentxxxxxxxpredictiveLow
55ArgumentxxxxxxxpredictiveLow
56ArgumentxxxxxpredictiveLow
57ArgumentxxxxxxxxpredictiveMedium
58Argumentxxxxxxxx-xxxx-xxpredictiveHigh
59Input Value-xpredictiveLow
60Input ValuexxxxxxpredictiveLow
61Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
62Pattern|xx|predictiveLow
63Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
64Network Portxxx/xxxpredictiveLow
65Network Portxxx xxxxxx xxxxpredictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!