Ircbot Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en92
de6
fr2
es1
it1

Country

ca60
us16
de6
gb1
fr1

Actors

VertexNet77
Shiz13
Ircbot11
APT331

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.99CVE-2017-0055
2Omron CX-One CX-Programmer Password Storage information disclosure5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2015-0988
3JFrog Artifactory Pro SAML SSO Signature Validator signature verification8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2018-19971
4IBM QRadar SIEM improper authentication7.77.7$5k-$25k$5k-$25kNot DefinedNot Defined0.02CVE-2019-4210
5Audacity DLL Loader avformat-55.dll access control6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2017-1000010
6Banana Dance search.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2011-5175
7F5 BIG-IP vCMP Hypervisor cleartext storage3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-6670
8Apple QuickTime memory corruption7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2015-5751
9Oracle Java SE JAXP denial of service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2015-4893
10McAfee Endpoint Security Installer EPSetup.exe code injection5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.02CVE-2019-3652
11HP 3PAR Service Processor SP information disclosure4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2015-5443
12IBM DB2 link following7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2018-1781
13windows-selenium-chromedriver Download cryptographic issues6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2016-10687
143PAR Service Processor path traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-7098
15Cisco NX-OS/FXOS CLI command injection7.37.3$25k-$100k$5k-$25kNot DefinedNot Defined0.04CVE-2019-1795
16Oracle Fusion Middleware Tuxedo access control8.78.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-10272
17Microsoft Internet Explorer information disclosure4.33.8$25k-$100k$0-$5kUnprovenOfficial Fix0.00CVE-2014-6346
18ZKTeco ZKTime Web cross-site request forgery6.15.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2017-13129
19Microsoft Internet Explorer FTP Download unknown vulnerability4.33.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2005-2126
20Jelsoft vBulletin attachment.php cross site scriting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2007-0869

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
135.229.93.4646.93.229.35.bc.googleusercontent.comIrcbotverifiedMedium
235.231.151.77.151.231.35.bc.googleusercontent.comIrcbotverifiedMedium
364.70.19.203mailrelay.203.website.wsIrcbotverifiedHigh
469.49.96.16hostingc6-4.megawebservers.comIrcbotverifiedHigh
5XX.XX.XX.XXXxxx.x.xxXxxxxxverifiedHigh
6XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxverifiedHigh
7XX.XXX.XXX.XXXxxxxxverifiedHigh
8XX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
9XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xxxxxx.xxxxxxxxxxxx.xxxxxx.xxxXxxxxxverifiedHigh
10XXX.X.XXX.XXxxxxxxxxx.xxxx.xxXxxxxxverifiedHigh
11XXX.XX.X.XXXXxxxxxverifiedHigh
12XXX.XXX.XXX.XXXXxxxxxverifiedHigh
13XXX.XX.XXX.XXxxxxxverifiedHigh
14XXX.XX.XXX.XXxxxx-xxxxxx-xx-xxxxxxxxx-xx.xxxxx.xxXxxxxxverifiedHigh
15XXX.X.XXX.XXXxxxxxverifiedHigh
16XXX.XX.XX.XXXxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
17XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
18XXX.XXX.XXX.XXxxxx-xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
19XXX.XXX.XX.XXXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (58)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/catcompany.phppredictiveHigh
2File/proc/self/cwdpredictiveHigh
3File/uncpath/predictiveMedium
4File/wp-admin/options-general.phppredictiveHigh
5Fileadmin/movieview.phppredictiveHigh
6Fileadmincp/attachment.phppredictiveHigh
7Fileauth2-chall.cpredictiveHigh
8Filexxxx/xxxxxxxx.xpredictiveHigh
9Filexxx.xpredictiveLow
10Filexxxxx.xxxpredictiveMedium
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxxxx/xxx/xxx.xxx.xxxpredictiveHigh
15Filexxxxxxxxxxxx.xxxpredictiveHigh
16Filexx_xxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
18Filexxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxx_xxxxxxx.xxxpredictiveHigh
20Filexxxxxx.xpredictiveMedium
21Filexxxxxxx.xpredictiveMedium
22Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
23Filexxxxxx.xxxpredictiveMedium
24Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
26Filexxxx_xxxx.xxxpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxxxx/xxxxxxxxxx.xpredictiveHigh
29Filexxx.xxxxxxxx.xxxpredictiveHigh
30Libraryxxxxxxxx.xxxpredictiveMedium
31Libraryxxxxxxxx-xx.xxxpredictiveHigh
32Libraryxxxxxxx.xxxpredictiveMedium
33Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
34ArgumentxxxxxxxxpredictiveMedium
35ArgumentxxxxxxxxxxpredictiveMedium
36Argumentxxx_xxpredictiveLow
37Argumentxxxx_xxpredictiveLow
38ArgumentxxxxxxxxpredictiveMedium
39Argumentxxxx/xxxx/xxxxxxxxxpredictiveHigh
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxxxpredictiveLow
42ArgumentxxxxxxxxpredictiveMedium
43ArgumentxxxxxxpredictiveLow
44ArgumentxxxxxxpredictiveLow
45ArgumentxxpredictiveLow
46ArgumentxxxxxxxpredictiveLow
47ArgumentxxxxxxxpredictiveLow
48ArgumentxxxxxxxpredictiveLow
49ArgumentxxxxxpredictiveLow
50ArgumentxxxxxxxxpredictiveMedium
51Argumentxxxxxxxx-xxxx-xxpredictiveHigh
52Input Value-xpredictiveLow
53Input ValuexxxxxxpredictiveLow
54Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
55Pattern|xx|predictiveLow
56Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
57Network Portxxx/xxxpredictiveLow
58Network Portxxx xxxxxx xxxxpredictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!