Sharkbot Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en14
sv2
de1

Country

us17

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Synacor Zimbra Collaboration Suite Calendar Invite ZmMailMsgView.js cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00950CVE-2021-35208
2Synacor Zimbra Collaboration Suite Element Attribute injection5.55.1$0-$5k$0-$5kFunctionalOfficial Fix0.050.01018CVE-2022-24682
3AlienVault Open Source Security Information Management radar-iso27001-potential.php sql injection7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00986CVE-2013-5967
4Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.61804CVE-2021-34473
5Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.240.04187CVE-2011-0643
6DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.610.04187CVE-2010-0966
7Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.31667CVE-2021-42321
8Adobe Acrobat Reader use after free5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.01223CVE-2021-35983
9Microsoft Windows Hyper-V VmsIfrInfoParams_OID_SWITCH_NIC_REQUEST Privilege Escalation9.98.6$100k and more$0-$5kProof-of-ConceptOfficial Fix0.040.25101CVE-2021-28476
10Oracle Application Server Privilege Escalation8.87.9$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.030.01282CVE-2008-1814
11Oracle Application Server 10g unknown vulnerability5.34.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.01955CVE-2008-7236
12Kentico CMS Security Header Validation deserialization8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.43385CVE-2019-10068

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1185.212.47.113panel.twonetwork.hostSharkbotverifiedHigh
2XXX.XXX.XXX.XXxxxxxxxxxxxx.xxxxxxxxx.xxxXxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74InjectionpredictiveHigh
2TXXXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileadmin/conf_users_edit.phppredictiveHigh
2Fileinc/config.phppredictiveHigh
3Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
4Filexxxxxxxxxxxxx.xxpredictiveHigh
5ArgumentxxxxxxxxpredictiveMedium
6Argumentxxxx_xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!