SharkBot Analysis

IOB - Indicator of Behavior (413)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en350
ru24
de22
fr4
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us274
ru52
cn18
ir12
de8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

nginx12
Microsoft Windows10
SugarCRM8
Microsoft Exchange Server8
WordPress6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.770.00943CVE-2010-0966
3SugarCRM sql injection5.85.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00208CVE-2020-17373
4jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00289CVE-2019-7550
5nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.350.00241CVE-2020-12440
6SugarCRM Emails sql injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00087CVE-2019-17319
7IBM CTSS Text Editor Password information disclosure3.33.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00000
8JumpServer path traversal7.77.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00053CVE-2023-42819
92daybiz Auction Script Login login.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.000.00380CVE-2010-1706
10Synacor Zimbra Collaboration Suite Calendar Invite ZmMailMsgView.js cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00155CVE-2021-35208
11SugarCRM Configurator input validation5.95.8$0-$5kCalculatingNot DefinedOfficial Fix0.000.00090CVE-2019-17306
12SugarCRM Administration sql injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00087CVE-2019-17298
13Apple macOS wifivelocityd default permission8.27.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00148CVE-2020-3838
14nginx Range Filter integer overflow6.46.3$0-$5k$0-$5kNot DefinedWorkaround0.080.96283CVE-2017-7529
15jQuery Property extend Pollution cross site scripting6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.03625CVE-2019-11358
16OpenSSH scp scp.c os command injection6.46.4$25k-$100k$5k-$25kNot DefinedUnavailable0.030.00289CVE-2020-15778
17jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01900CVE-2020-11023
18Microsoft Windows HTML Remote Code Execution5.85.7$25k-$100k$25k-$100kFunctionalOfficial Fix0.020.52458CVE-2023-36884
19Fortinet FortiOS/FortiProxy FortiGate SSL-VPN heap-based overflow9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.15407CVE-2023-27997
20Sunny WebBox cross-site request forgery7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.010.00150CVE-2019-13529

IOC - Indicator of Compromise (66)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.10.71.172SharkBot01/27/2023verifiedHigh
245.11.180.20help-extract.paststreak.netSharkBot03/25/2023verifiedHigh
345.11.180.28sftp.novacoral.comSharkBot03/08/2024verifiedHigh
445.11.180.82SharkBot03/06/2023verifiedHigh
545.11.180.179SharkBot11/15/2022verifiedHigh
645.11.180.240SharkBot03/06/2023verifiedHigh
745.11.182.33SharkBot03/10/2023verifiedHigh
845.11.182.62SharkBot03/14/2023verifiedHigh
945.11.183.78SharkBot03/23/2024verifiedHigh
1045.61.152.227SharkBot03/08/2024verifiedHigh
1145.147.229.134SharkBot04/04/2024verifiedHigh
1245.155.250.106SharkBot04/04/2024verifiedHigh
1345.155.250.207SharkBot03/08/2024verifiedHigh
1467.223.117.90SharkBot11/20/2023verifiedHigh
15XX.XXX.XXX.XXXxxxxxxx11/26/2022verifiedHigh
16XX.XXX.XXX.XXXXxxxxxxx01/07/2023verifiedHigh
17XX.XXX.XXX.XXXXxxxxxxx03/11/2023verifiedHigh
18XX.XX.XX.XXXxxxxxxx03/08/2024verifiedHigh
19XX.XXX.XXX.XXXXxxxxxxx09/02/2022verifiedHigh
20XX.XXX.XXX.XXXXxxxxxxx03/04/2022verifiedHigh
21XX.XXX.XXX.XXXXxxxxxxx03/08/2024verifiedHigh
22XX.XXX.XX.XXXXxxxxxxx03/06/2023verifiedHigh
23XX.XXX.XXX.XXXXxxxxxxx01/06/2023verifiedHigh
24XX.XXX.XX.XXXXxxxxxxx03/08/2024verifiedHigh
25XXX.XXX.XXX.XXXxxxxxxx06/26/2022verifiedHigh
26XXX.XXX.XXX.XXXxxxxxxx03/04/2022verifiedHigh
27XXX.XXX.XXX.XXXXxxxxxxx09/02/2022verifiedHigh
28XXX.XXX.XXX.XXXXxxxxxxx09/02/2022verifiedHigh
29XXX.XX.XXX.XXXXxxxxxxx03/08/2024verifiedHigh
30XXX.XX.XXX.XXXXxxxxxxx03/08/2024verifiedHigh
31XXX.XX.XX.XXXxxxxxxx03/08/2024verifiedHigh
32XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx03/06/2023verifiedHigh
33XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx03/06/2023verifiedHigh
34XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx03/11/2023verifiedHigh
35XXX.XX.XXX.XXXXxxxxxxx06/26/2022verifiedHigh
36XXX.XX.XXX.XXXxxxxxxxx.xxxXxxxxxxx04/23/2022verifiedHigh
37XXX.XX.XXX.XXXxxx.xxxxxxxxxxxxxxxxxxx.xxxxXxxxxxxx03/04/2022verifiedHigh
38XXX.XX.XXX.XXXxxxxxxx06/22/2022verifiedHigh
39XXX.XXX.XXX.XXXxxxxxxx11/07/2022verifiedHigh
40XXX.XXX.XXX.XXXxxxxxxx06/22/2022verifiedHigh
41XXX.XXX.XXX.XXxxxxxxxxxxxxxxxxx.xxxXxxxxxxx03/13/2022verifiedHigh
42XXX.XXX.XXX.XXxxxxxxxxxx.xxxxXxxxxxxx09/02/2022verifiedHigh
43XXX.XXX.XXX.XXXXxxxxxxx03/04/2022verifiedHigh
44XXX.XXX.XXX.XXXxxxxxxx03/23/2024verifiedHigh
45XXX.XXX.XXX.XXXxxxxxxx07/28/2022verifiedHigh
46XXX.XXX.XXX.XXXXxxxxxxx07/05/2022verifiedHigh
47XXX.XXX.XXX.XXXxxxxxx.xxxxxxXxxxxxxx05/25/2022verifiedHigh
48XXX.XXX.XX.XXXxxxxxxx03/08/2024verifiedHigh
49XXX.XXX.XX.XXXXxxxxxxx10/08/2022verifiedHigh
50XXX.XXX.XX.XXXxxxxxxx09/02/2022verifiedHigh
51XXX.XXX.XX.XXXxxxxx.xxxxxxxxxx.xxxxXxxxxxxx10/10/2022verifiedHigh
52XXX.XXX.XX.XXXXxxxxxxx03/13/2022verifiedHigh
53XXX.XXX.XX.XXXXxxxxxxx11/25/2022verifiedHigh
54XXX.XXX.XX.XXXXxxxxxxx11/24/2022verifiedHigh
55XXX.XXX.XX.XXXxxxxx.xxxxxx.xxxxxxXxxxxxxx11/27/2022verifiedHigh
56XXX.XXX.XX.XXXXxxxxxxx06/22/2022verifiedHigh
57XXX.XXX.XXX.XXXxxxxxxx03/06/2023verifiedHigh
58XXX.XXX.XXX.XXXXxxxxxxx03/06/2023verifiedHigh
59XXX.XXX.XXX.XXXXxxxxxxx10/26/2022verifiedHigh
60XXX.XXX.XXX.XXxxxxx.xxxxxxx-xxx.xxxXxxxxxxx06/05/2022verifiedHigh
61XXX.XXX.XXX.XXxxxxxxxxxxxx.xxxxxxxxx.xxxXxxxxxxx10/10/2022verifiedHigh
62XXX.XXX.XXX.XXXXxxxxxxx06/22/2022verifiedHigh
63XXX.XXX.XXX.XXXXxxxxxxx09/02/2022verifiedHigh
64XXX.XX.XXX.XXxxxxx.xxxxxxxx-xx.xxxXxxxxxxx06/22/2022verifiedHigh
65XXX.XX.XXX.XXXXxxxxxxx11/18/2022verifiedHigh
66XXX.XX.XXX.XXXXxxxxxxx03/11/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (127)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File%PROGRAMFILES(X86)%\Teradici\PCoIP.exepredictiveHigh
2File/.vnc/sesman_${username}_passwdpredictiveHigh
3File/api/RecordingList/DownloadRecord?file=predictiveHigh
4File/api/v2/cli/commandspredictiveHigh
5File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
6File/cgi/loginDefaultUserpredictiveHigh
7File/Duty/AjaxHandle/UpLoadFloodPlanFile.ashxpredictiveHigh
8File/mics/j_spring_security_checkpredictiveHigh
9File/oauth/tokenpredictiveMedium
10File/opt/bin/clipredictiveMedium
11File/rom-0predictiveLow
12File/uncpath/predictiveMedium
13File/usr/local/WowzaStreamingEngine/bin/predictiveHigh
14File/video-sharing-script/watch-video.phppredictiveHigh
15File/wp-adminpredictiveMedium
16File/_xxxxxpredictiveLow
17File/_xxxxpredictiveLow
18Filexxxxxxxxxxx.xxxxpredictiveHigh
19Filexxx.xpredictiveLow
20Filexxxxxxx.xxxpredictiveMedium
21Filexxx_xxxxxxx.xxxpredictiveHigh
22Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
23Filexxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xpredictiveHigh
24Filexx_xxxxxx_xxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
27Filexx_xxxxx_xxxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
30Filexxxxxxx_xxx.xxxpredictiveHigh
31Filexxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxx\xxxxxx.xxxpredictiveHigh
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexxx/xxxxx/xxxxx.xpredictiveHigh
37Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxx.xxxpredictiveMedium
39Filexxxxxxxxxx/xxx/xxxx/xxxx/xxx/xxx/xxxxxx/xxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
40Filexxx/xxxxxx.xxxpredictiveHigh
41Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
42Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxx/xxxxx_xxxxxx.xxxpredictiveHigh
44Filexxxxxxxx/xxxxxx-xxxx-xxxxxxxxx-xxxpredictiveHigh
45Filex_xxxxxxxx_xxxxxpredictiveHigh
46Filexxxxx/xxx_xxxxxxxxpredictiveHigh
47Filexxxxx/xxxxxxxxxpredictiveHigh
48Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
49Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
50Filexxxxx.xxxpredictiveMedium
51Filexxxx.xpredictiveLow
52Filexxxx.xxxpredictiveMedium
53Filexxxxxxxxxx.xxx?xxxxxx=xxxxxxxpredictiveHigh
54Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
55Filexxxxxxxxxxxx.xxxxpredictiveHigh
56Filexxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxxx.xxxpredictiveHigh
57Filexxx/xxxx/xxxxxxxxx/xx_xxx_xxxx_xxxxx_xxxx.xpredictiveHigh
58Filexxxxx_xxxxxxxx.xxxpredictiveHigh
59Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
60Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
61Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
62Filexxxxxxxxxxxxx.xpredictiveHigh
63Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
64Filexxxxxxxx.xxxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxxxxxxxx.xxxpredictiveHigh
67Filexxxxxxxx.xxxpredictiveMedium
68Filexxxxxxxx.xxxpredictiveMedium
69Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
70Filexxxxxxx.xxxpredictiveMedium
71Filexxx_xxxxx_xxxxxxx.xpredictiveHigh
72Filexxxxxx_xxxx.xpredictiveHigh
73Filexxx.xpredictiveLow
74Filexxxx-xxxxxx.xpredictiveHigh
75Filexxxx.xxxpredictiveMedium
76Filexxxxxx/predictiveLow
77Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
78Filexxxx.xxxpredictiveMedium
79Filexxxxxx.xxxpredictiveMedium
80Filexx-xxxxx/xxxx-xxx-xxxx.xxxpredictiveHigh
81Filexx-xxxxx/xxxxx.xxxpredictiveHigh
82Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
83Filexxxxxxx.xxxxpredictiveMedium
84Filexxxxxxxxxxxxx.xxpredictiveHigh
85Argument$xxxxx_xxxxxxxxxxpredictiveHigh
86Argument--xxxx=xxxpredictiveMedium
87Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictiveHigh
88ArgumentxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxxxxxxxpredictiveMedium
91ArgumentxxxpredictiveLow
92Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxpredictiveHigh
93ArgumentxxxxxxxpredictiveLow
94Argumentxxxx_xxxxpredictiveMedium
95ArgumentxxxxpredictiveLow
96ArgumentxxxxxxxxxxxpredictiveMedium
97Argumentxxxx_xxxxxx_xxxxxxxxxpredictiveHigh
98ArgumentxxxxxpredictiveLow
99ArgumentxxxxpredictiveLow
100ArgumentxxxxxxxxpredictiveMedium
101ArgumentxxxxxxxxpredictiveMedium
102Argumentxxx_xxxxx_xxxx_xxxxxxxpredictiveHigh
103ArgumentxxpredictiveLow
104Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
105Argumentx_xxxxxxxxpredictiveMedium
106Argumentx_xxxxxxxxpredictiveMedium
107ArgumentxxxpredictiveLow
108Argumentxxxx_xxpredictiveLow
109Argumentxxxx_xxxxpredictiveMedium
110ArgumentxxxxxxxxpredictiveMedium
111Argumentxxx_xx_xxxxpredictiveMedium
112ArgumentxxxxxxxxpredictiveMedium
113Argumentxxxxx_xxxx_xxxxpredictiveHigh
114ArgumentxxxxxxxpredictiveLow
115ArgumentxxxxxxpredictiveLow
116ArgumentxxxxpredictiveLow
117Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictiveHigh
118ArgumentxxxxxxpredictiveLow
119ArgumentxxxxxpredictiveLow
120ArgumentxxxpredictiveLow
121Argumentxxxx/xx/xxxxpredictiveMedium
122ArgumentxxxxxxxxpredictiveMedium
123ArgumentxxxxxxxxpredictiveMedium
124Argument_xxx_xxxxxxx_xxxxxxxxxxx_xxx_xxxxxxxx_xxxxxxx_xxxxxxxxxxxxxxxxxx_xxxxxxxxpredictiveHigh
125Network PortxxxxpredictiveLow
126Network Portxxx/xxpredictiveLow
127Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!