Shellbot Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (472)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en332
es112
it6
zh6
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ES: Spain112
US: USA52
RU: Russia6
IT: Italy4
UA: Ukraine4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Shellbot11
Mirai3
Cobalt Strike3
Remcos2
IcedID2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined202
Operating System28
WordPress Plugin22
Web Browser18
Programming Language Software14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined118
Microsoft20
IBM16
SourceCodester10
Google8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel8
Microsoft Windows6
Opera Web Browser6
Investintech SlimPDF Reader4
Google Android4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked:

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.038280.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028200.19CVE-2010-0966
3PMB Services resa_func.inc.php code injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.410440.03CVE-2007-1415
4Fortinet FortiOS Endpoint Monitor Persistent cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
5IBM TRIRIGA Application Platform Error Message information disclosure5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.001070.02CVE-2020-4277
6IBM Security Secret Server URL Parameter information disclosure3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000910.00CVE-2021-20582
7Ultimate PHP Board UPB users.dat Password input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.004490.00CVE-2002-2322
8Microsoft Windows Netlogon input validation7.57.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.013170.00CVE-2016-3228
9DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection7.36.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.08CVE-2024-12987
10Selesta Visual Access Manager POST Parameter s_scheduledfile.php sql injection5.14.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.07CVE-2023-42240
11Linux Kernel Bluetooth iso_conn_big_sync deadlock5.75.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-54191
12Linux Kernel drm_mode_vrefresh divide by zero4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2024-56369
13Drupal SVG Embed cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.06CVE-2024-13286
14Drupal Tooltip cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-13292
15Google Android devicemem_server.c DevmemtMapPages use after free7.07.0$25k-$100k$25k-$100kNot DefinedNot Defined0.000430.02CVE-2023-35685
16IBM Concert Software neutralization for logs5.45.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000450.05CVE-2024-52891
17Novell iPrint memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.058950.04CVE-2012-0411
18Codezips Gym Management System submit_payments.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001640.11CVE-2025-0231
19Trimble SPS851 Receiver Status Identity Tab cross site scripting2.42.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.08CVE-2025-0219
20code-projects Point of Sales and Inventory Management System update_account.php sql injection6.46.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.001450.08CVE-2025-0201

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2020-17496

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
134.225.57.146ec2-34-225-57-146.compute-1.amazonaws.comShellbot03/18/2024verifiedHigh
239.99.218.78Shellbot03/18/2024verifiedVery High
339.107.61.230Shellbot03/18/2024verifiedVery High
439.165.53.17Shellbot03/18/2024verifiedVery High
5XX.XXX.XXX.XXXxxxxxxxxxx.xxxxxx.xx.xxXxxxxxxx03/18/2024verifiedVery High
6XX.XXX.XX.XXxx-xxxxxxxxxx.xxxXxxxxxxx03/18/2024verifiedVery High
7XX.X.XXX.XXXxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxXxx-xxxx-xxxxx09/04/2021verifiedLow
8XX.XX.XXX.Xxxxx.xxxxxxxxxx.xxxXxxxxxxx03/18/2024verifiedVery High
9XX.XX.XX.XXXXxxxxxxx03/18/2024verifiedVery High
10XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxxxx03/18/2024verifiedHigh
11XXX.XX.XXX.XXXxxxxxxx03/18/2024verifiedVery High
12XXX.XXX.XXX.XXXxxx-xxxxxxxx.xxx.xxx.xxxXxxxxxxx03/18/2024verifiedHigh
13XXX.XXX.X.XXxxxxxxx03/18/2024verifiedVery High
14XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxxxxxxXxx-xxxx-xxxxx09/04/2021verifiedLow
15XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx-xxxXxxxxxxx03/18/2024verifiedVery High
16XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxx03/18/2024verifiedVery High
17XXX.XXX.XXX.XXXxxxxx.xxxxxxXxxxxxxx03/18/2024verifiedVery High
18XXX.XXX.XXX.XXXXxxxxxxx03/18/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-XCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (180)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.phppredictiveLow
2File/admin/emp-profile-avatar.phppredictiveHigh
3File/admin/network/wifi_schedulepredictiveHigh
4File/admin/quote-details.phppredictiveHigh
5File/admin/save.phppredictiveHigh
6File/admin/team_save.phppredictiveHigh
7File/admin/user/user-move-run.phppredictiveHigh
8File/ajax.php?action=loginpredictiveHigh
9File/animalsadd.phppredictiveHigh
10File/cgi-bin/mainfunction.cgi/apmcfguploadpredictiveHigh
11File/cgi-bin/web_index.cgi?lang=en&src=AwSystem.html&ertqVvnKV4TjU9VtpredictiveHigh
12File/chetc/shutdownpredictiveHigh
13File/classes/Master.php?f=delete_productpredictiveHigh
14File/classes/Users.php?f=save_userpredictiveHigh
15File/cms/classes/Users.php?f=delete_clientpredictiveHigh
16File/control/activate.phppredictiveHigh
17File/dashboard/admin/submit_payments.phppredictiveHigh
18File/endpoint/delete-account.phppredictiveHigh
19File/endpoint/delete-task.phppredictiveHigh
20File/etc/networkd-dispatcherpredictiveHigh
21File/goform/formLogDnsquerypredictiveHigh
22File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
23File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
24File/xxxxxxxxxxxx.xxxxpredictiveHigh
25File/xx/xxxxxx/xxxxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
26File/xxxxxxx/x_xxxxxxxxxxxxx.xxxpredictiveHigh
27File/xxx_xxx_xxxxxx.xxxpredictiveHigh
28File/xxxx/xxx/xxxxxxxxxxpredictiveHigh
29File/xxxxx/xxxxxxx/xxxx/xxxxxxx.xxxpredictiveHigh
30File/xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
31File/xxxxxxxx_xxxxx/xxxxxxx/xxxxxx.xxx?x=xxxxxx_xxxxpredictiveHigh
32File/xxxx/xxxx_xxxpredictiveHigh
33File/xxxxxxxx.xxxpredictiveHigh
34File/xxxxxxx/xxxxxxx_xxxxxxxxx/xxxxxxx_xxxxxxxxx.xxxpredictiveHigh
35File/xxxxxxx.xxxpredictiveMedium
36File/xxxxxx_xxx_xxxxxxx.xxxpredictiveHigh
37File/xxxx/xxxxxx_xxxxxxx.xxxpredictiveHigh
38File/xxx/xxx/xxxxpredictiveHigh
39File/xxxx.xxxpredictiveMedium
40Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexxxxx/xxxxxxxxx.xxxpredictiveHigh
43Filexxxxx/xxxxx.xxx/xxxxxxxx/xxxxxxpredictiveHigh
44Filexxxxx_xxxx.xxxpredictiveHigh
45Filexxx_xxxxxx_xxxxxx.xxxpredictiveHigh
46Filexxx.xxx?x=xxxxxxxx&x=xxxxxpredictiveHigh
47Filexxxxxxx.xxxpredictiveMedium
48Filexxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxxxxxx_xxxxxx.xxxpredictiveHigh
50Filexxxx_xxxx.xxpredictiveMedium
51Filexxxxxx_xxxx.xxxpredictiveHigh
52Filexxxxxxxxx.xxpredictiveMedium
53Filexxxxxxxx.xpredictiveMedium
54FilexxxxxxxpredictiveLow
55Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
56Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
57Filexxx.xxxxxxxxxx.xxxxxxxxxxx.xxxxxxxxxxxxpredictiveHigh
58Filexxxxxx.xxxpredictiveMedium
59Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxxx_xxxxxx.xpredictiveHigh
61Filexxxxxxx/xxx/xxxx_xxxxx.xpredictiveHigh
62Filexxxxxxxx.xxxxpredictiveHigh
63Filexxx.xpredictiveLow
64Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
65Filexxxxxxx/xx/xxxxxx/xxxxx_xxxxx_xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
66Filexxxxxxx/xx/xxxxxxx/xxxxxxxxxxx/xxxxxx.xxxpredictiveHigh
67Filexxxxxxxxxxxxx.xxxxxpredictiveHigh
68Filexxx.xxxpredictiveLow
69Filexxx/xxxxxx.xxxpredictiveHigh
70Filexxx/xxxxxxx.xxxpredictiveHigh
71Filexxxxxxxx/xxxx_xxxx.xxx.xxxpredictiveHigh
72Filexxxxxxxxx/xxxxxxx_xxxx/xxxxxx.xxxpredictiveHigh
73Filexxxxxxxxxxxx.xxxpredictiveHigh
74Filexxxxx.xpredictiveLow
75Filexxxxxxxxx.xxpredictiveMedium
76Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
77Filexxxxxxxxxx/xxxxxxxpredictiveHigh
78Filexxxxx.xxxpredictiveMedium
79Filexxxxxxx.xxxpredictiveMedium
80Filexxxxxx.xxxpredictiveMedium
81FilexxxxxxxxxpredictiveMedium
82Filexxxxxxxxx.xxxpredictiveHigh
83Filexxxxxxx.xxxpredictiveMedium
84Filexxxxxxx/xxxxxxxx/xxxx/xxxx-xx.xpredictiveHigh
85Filexxx_xxxxx.xxxx/xxx_xxxxxxxx.xxxxpredictiveHigh
86Filexxx/xxxx/xxx.xpredictiveHigh
87Filexxx.xxxpredictiveLow
88Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
89Filexxxxx_xxxxxxx.xxxpredictiveHigh
90Filexxxxxxx.xxxpredictiveMedium
91Filexxxxxx_xxxxx_xxxxxxx.xxxpredictiveHigh
92Filexxxxxxx.xxpredictiveMedium
93Filexxxxx\xxxx.xxxpredictiveHigh
94Filexxxx.xxpredictiveLow
95Filexxxx-xxx/xxxxxxxx.xxxpredictiveHigh
96Filexxxxxx_xxxx.xxxpredictiveHigh
97Filexxxxxx-xxxx.xpredictiveHigh
98Filexxxxxxxxxxxxxxxxxxx?xxxxxx=xxxxxxxxxxxxxxxxxxxpredictiveHigh
99Filexxxxxxxxxxxx.xxpredictiveHigh
100Filexxxxx.xxxpredictiveMedium
101Filexxxxx.xxxpredictiveMedium
102Filexxxxxxxxxx.xxxxpredictiveHigh
103Filexxxxxxx.xxxpredictiveMedium
104Filexxxxxxx.xxxpredictiveMedium
105Filexxxxxxxxxx.xxxpredictiveHigh
106Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
107Filexxxxxxxxxxx.xxxxpredictiveHigh
108Library/xxx/xxx/xxx_xx-xxxxx-xxx/xxxxxxx.xx.xpredictiveHigh
109Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
110Libraryxxxxxxxxx.xxxpredictiveHigh
111Libraryxxx/xxxx/xxxxxx.xpredictiveHigh
112Libraryxxxxxx_xxx.xxxpredictiveHigh
113Libraryxxxxxx.xxxpredictiveMedium
114Libraryxxxxxxxx.xxxpredictiveMedium
115Argument-xpredictiveLow
116Argumentxxxxx/xxxxxpredictiveMedium
117ArgumentxxxxxxpredictiveLow
118Argumentxxx::xxxxxxx::xxxxxx/xxx::xxxxxxx::xxxxxxxxxxpredictiveHigh
119ArgumentxxxxpredictiveLow
120ArgumentxxxxxxxxpredictiveMedium
121ArgumentxxxpredictiveLow
122Argumentxxxxxx/xxxxxxxxxx/xxxxpredictiveHigh
123ArgumentxxxxxxxxxxxxpredictiveMedium
124Argumentxxxxxxxx/xxxxxxpredictiveHigh
125ArgumentxxxxxxxxxxxxxxxpredictiveHigh
126Argumentxxxxx/xxx/xxxpredictiveHigh
127ArgumentxxxxxxxxxpredictiveMedium
128Argumentxxxxxx_xxxxxxpredictiveHigh
129ArgumentxxxxxxxpredictiveLow
130ArgumentxxxxxxxpredictiveLow
131ArgumentxxxxxxxxxxxxpredictiveMedium
132Argumentxx_xxx_xxxxxpredictiveMedium
133Argumentx/xxxxpredictiveLow
134ArgumentxxxxxpredictiveLow
135Argumentxxxxxxxxxx_xxpredictiveHigh
136ArgumentxxxxpredictiveLow
137ArgumentxxxxxxxxpredictiveMedium
138ArgumentxxxxpredictiveLow
139ArgumentxxxpredictiveLow
140ArgumentxxxpredictiveLow
141ArgumentxxxxpredictiveLow
142ArgumentxxpredictiveLow
143Argumentxxxxxxx_xxxxpredictiveMedium
144ArgumentxxxxxpredictiveLow
145ArgumentxxxxpredictiveLow
146Argumentxxxxxxxx_xxxpredictiveMedium
147ArgumentxxxpredictiveLow
148Argumentx_xxpredictiveLow
149Argumentxxxx/xxxxxxxxxxxpredictiveHigh
150Argumentxxxx/xxxxxxxpredictiveMedium
151Argumentxxx xxxxxpredictiveMedium
152Argumentxxxxxxxxxxxxxxx/xxxx_xxxxpredictiveHigh
153ArgumentxxxxpredictiveLow
154ArgumentxxxxxxxxpredictiveMedium
155ArgumentxxxxxxpredictiveLow
156ArgumentxxxxxxxpredictiveLow
157Argumentxxxxxxx_xxpredictiveMedium
158ArgumentxxxxxpredictiveLow
159Argumentxxxxxxxxxxx_xxpredictiveHigh
160Argumentxxxxxx_xxxxpredictiveMedium
161ArgumentxxxxxxxpredictiveLow
162Argumentxxxxxx$xxxpredictiveMedium
163ArgumentxxpredictiveLow
164ArgumentxxxxxxxxxxxxpredictiveMedium
165Argumentxxxxxx xxxxpredictiveMedium
166ArgumentxxxxpredictiveLow
167ArgumentxxxxpredictiveLow
168ArgumentxxxxxxxxpredictiveMedium
169ArgumentxxxpredictiveLow
170ArgumentxxxxpredictiveLow
171ArgumentxxxxxpredictiveLow
172ArgumentxxxxpredictiveLow
173ArgumentxxxxxxxxpredictiveMedium
174ArgumentxxxxxxxxpredictiveMedium
175Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
176ArgumentxxxxxpredictiveLow
177Argumentxxxx_xxxxxxxx_xxx_xx_xpredictiveHigh
178Input Valuex%xxxxx%xxx*x*x%xxx%xxxxx%xxxxx%xxxxxpredictiveHigh
179Network PortxxxxpredictiveLow
180Network Portxxx xxxx/xxxx/xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!