Saint Bot Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (202)

Langue

en	182
fr	10
es	4
it	2
de	2

De campagne

us	70
fr	10
ru	10
es	4
it	2

Acteurs

Saint Bot	4
RedLine Stealer	2
Cobalt Strike	2
AvosLocker	1
Tofsee	1

Intérêt

Taper

Not Defined	86
Content Management System	16
Programming Language Software	10
Operating System	8
Forum Software	6

Fournisseur

Not Defined	50
Microsoft	12
Observium	6
Coinsoft Technologies	4
Chadha	4

Produit

Microsoft Windows	8
Coinsoft Technologies phpCOIN	4
Chadha PHPKB Standard Multi-Language	4
Observium Professional	4
Observium Enterprise	4

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	HP SAN/iQ hydra.exe elévation de privilèges	4.3	3.9	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00277	0.00	CVE-2012-4362
2	Hydra HTTP Header read.c process_header_end dénie de service	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00117	0.02	CVE-2019-17502
3	IW Guestbook badwords_edit.asp sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
4	Hydra authentification faible	5.6	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00099	0.00	CVE-2020-5300
5	PHPGurukul Hospital Management System dashboard.php elévation de privilèges	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00661	0.02	CVE-2020-35745
6	OmniSecure AddUrlShield index.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.02
7	ORY Hydra error Reflected cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00097	0.00	CVE-2019-8400
8	phpLinkat showcat.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00102	0.02	CVE-2008-3406
9	SourceCodester Customer Relationship Management login.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00645	0.00	CVE-2021-43130
10	moziloCMS download.php directory traversal	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.01578	0.02	CVE-2008-3589
11	Sam Crew MyBlog games.php elévation de privilèges	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00609	0.00	CVE-2007-1990
12	HP SAN/iQ Login hydra.exe buffer overflow	10.0	9.5	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.46643	0.00	CVE-2011-4157
13	HP LeftHand Virtual SAN Appliance hydra buffer overflow	10.0	9.5	$25k-$100k	$0-$5k	High	Official Fix	0.77622	0.00	CVE-2013-2343
14	spip Login spip_login.php3 elévation de privilèges	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.05054	0.04	CVE-2006-1702
15	Linksys WVC11B main.cgi cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01569	0.04	CVE-2004-2508
16	Jelsoft impex ImpExData.php elévation de privilèges	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04317	0.04	CVE-2006-1382
17	PHP php URL error_log elévation de privilèges	6.5	5.9	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00069	0.02	CVE-2006-3011
18	Cisco Linksys EA2700 URL divulgation de l'information	4.3	4.1	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.08
19	MidiCart PHP Shopping Cart item_show.php sql injection	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.05
20	PHP URL Validation filter_var elévation de privilèges	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00560	0.04	CVE-2020-7071

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	31.42.185.63	fvr.xyz	Saint Bot	12/02/2024	verified	Élevé
2	XX.XXX.XXX.XX		Xxxxx Xxx	12/02/2024	verified	Élevé
3	XXX.XXX.XXX.XXX		Xxxxx Xxx	12/02/2024	verified	Élevé
4	XXX.XX.XXX.XXX	xxxxxxx.xxx.xx	Xxxxx Xxx	12/02/2024	verified	Élevé
5	XXX.XXX.XXX.XXX		Xxxxx Xxx	12/02/2024	verified	Élevé

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Élevé
2	T1040	CAPEC-102	CWE-294	Authentication Bypass by Capture-replay	predictive	Élevé
3	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Élevé
4	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
9	TXXXX	CAPEC-50	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
10	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
11	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (154)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/+CSCOE+/logon.html	predictive	Élevé
2	File	/admin/login.php	predictive	Élevé
3	File	/adminPage/main/upload	predictive	Élevé
4	File	/cwc/login	predictive	Moyen
5	File	/includes/rrdtool.inc.php	predictive	Élevé
6	File	/intern/controller.php	predictive	Élevé
7	File	/iwguestbook/admin/badwords_edit.asp	predictive	Élevé
8	File	/iwguestbook/admin/messages_edit.asp	predictive	Élevé
9	File	/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php	predictive	Élevé
10	File	/www/ping_response.cgi	predictive	Élevé
11	File	admin.php	predictive	Moyen
12	File	admin/dashboard.php	predictive	Élevé
13	File	admin/gallery.php	predictive	Élevé
14	File	admin/manage-departments.php	predictive	Élevé
15	File	admin/sellerupd.php	predictive	Élevé
16	File	admin/vqmods.app/vqmods.inc.php	predictive	Élevé
17	File	administrator/logviewer/searchlog.cfm	predictive	Élevé
18	File	backend/utilities/terminal.js	predictive	Élevé
19	File	bb_usage_stats.php	predictive	Élevé
20	File	board.php	predictive	Moyen
21	File	xxxxx.xxx	predictive	Moyen
22	File	xxx.xxx	predictive	Faible
23	File	xxxxxxxx.xxx	predictive	Moyen
24	File	xxx-xxxx.xxx	predictive	Moyen
25	File	xxx-xxx/xxxxxxxxxxxx.xxx	predictive	Élevé
26	File	xxxx_xxxxxxxx/xx.xxx	predictive	Élevé
27	File	xxxxxx.xxx.xxx	predictive	Élevé
28	File	xxxxxxxx/xxxxx.xxx	predictive	Élevé
29	File	xxxxxxxxx.xxx.xxx	predictive	Élevé
30	File	xxxxxx.xxx	predictive	Moyen
31	File	xxxxxxx.xxx	predictive	Moyen
32	File	xxxxxxx.xxx	predictive	Moyen
33	File	xxxxxxxx.xxx	predictive	Moyen
34	File	xxxxx.xxx	predictive	Moyen
35	File	xxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.x	predictive	Élevé
36	File	xxxxxxx.xxx	predictive	Moyen
37	File	xxxxx.xxx	predictive	Moyen
38	File	xxxxxxx.xxx	predictive	Moyen
39	File	xxxx_xxxxxxx.xxx.xxx	predictive	Élevé
40	File	xxxx/xxxxx/xxxxxxx.xxx.xxx	predictive	Élevé
41	File	xxxxx.xxx	predictive	Moyen
42	File	xxxxxxxxx.xxx	predictive	Élevé
43	File	xxx.xxx	predictive	Faible
44	File	xxxxxxxx/xxxxx-xxxx-xxxxxxx.xxx	predictive	Élevé
45	File	xxxxxxxx/xxxxxxxx.xxx.xxx	predictive	Élevé
46	File	xxxxx.xxx	predictive	Moyen
47	File	xxxxx.xxx/xxxxxxxxxxxxx/xxx	predictive	Élevé
48	File	xxxxxx.xxx	predictive	Moyen
49	File	xxxx.xxxx	predictive	Moyen
50	File	xxxxxxxxxx.xxx	predictive	Élevé
51	File	xxxx_xxxxxxx.xxxx	predictive	Élevé
52	File	xxxx_xxxx.xxx	predictive	Élevé
53	File	xxxx.xxx	predictive	Moyen
54	File	xxxxx.xxx	predictive	Moyen
55	File	xxxxx.xxx	predictive	Moyen
56	File	xxxxx_xx.xxxx	predictive	Élevé
57	File	xxxx.xxx	predictive	Moyen
58	File	xxxx.xxx	predictive	Moyen
59	File	xxxxxx.xxx	predictive	Moyen
60	File	xxxxxxx/xxxxxxxx/xxxxx.xxx	predictive	Élevé
61	File	xxxxxx/xxxxxxxxx/xxxxx	predictive	Élevé
62	File	xxx_xxxx.xxx.xxx	predictive	Élevé
63	File	xxxxx.xxx	predictive	Moyen
64	File	xxxx/xxxxx.xxx	predictive	Élevé
65	File	xxxxxxx.xxx	predictive	Moyen
66	File	xxxxxxxxxx.xxx.xxx	predictive	Élevé
67	File	xxxx/xxxxxxxxx.xxx	predictive	Élevé
68	File	xxxx.x	predictive	Faible
69	File	xxxxxxxxxxxx-xxxx.xxxx	predictive	Élevé
70	File	xxxxxxxxxxxx_xxxxxxxx.xxx.xxx	predictive	Élevé
71	File	xxxxxxxx.xxx	predictive	Moyen
72	File	xxxx.xxx	predictive	Moyen
73	File	xxxxxxxx.xxx	predictive	Moyen
74	File	xxxx-xxx.xxx	predictive	Moyen
75	File	xxxxxxx.xxx	predictive	Moyen
76	File	xxxxxxxxxxx.xxx	predictive	Élevé
77	File	xxxxxxxxx/xxxxxxxx.xxx	predictive	Élevé
78	File	xxxx_xxxxx.xxxx	predictive	Élevé
79	File	xxxx.xxx	predictive	Moyen
80	File	xxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxx	predictive	Élevé
81	File	xxxxxx.xxx	predictive	Moyen
82	File	xxxxxxxx.xxx	predictive	Moyen
83	File	xxxxxxxxx.xxx	predictive	Élevé
84	File	xxxxxxx.xxx	predictive	Moyen
85	File	xx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxx	predictive	Élevé
86	File	xx-xxxxx/xxxxx-xxxxxx.xxx	predictive	Élevé
87	File	xx-xxxxx.xxx	predictive	Moyen
88	File	xxxxxxxxxxxx.xxx	predictive	Élevé
89	Library	xxxxxxxx_xxxxxxxxx.xxx.xxx	predictive	Élevé
90	Argument	$_xxxxx	predictive	Faible
91	Argument	$_xxxx['xxxxxxxxx']	predictive	Élevé
92	Argument	$_xxxxxx['xxxxxx_xxxx']	predictive	Élevé
93	Argument	xxxxxxx	predictive	Faible
94	Argument	xxxxxxx	predictive	Faible
95	Argument	xxxx_xxx	predictive	Moyen
96	Argument	xx_xxxx_xxxx	predictive	Moyen
97	Argument	xxxxxx	predictive	Faible
98	Argument	xxx	predictive	Faible
99	Argument	xxxxxxxxxx	predictive	Moyen
100	Argument	xxxxx	predictive	Faible
101	Argument	xxxxx	predictive	Faible
102	Argument	xxx_xx	predictive	Faible
103	Argument	xxx[xxxxxx][xxxxxxxxx]	predictive	Élevé
104	Argument	xxx	predictive	Faible
105	Argument	xxxxxxxxxxxxxxx	predictive	Élevé
106	Argument	xxxxxxxxx	predictive	Moyen
107	Argument	xxxx_xx	predictive	Faible
108	Argument	xxxxxxx	predictive	Faible
109	Argument	xxxxxxxxxxx	predictive	Moyen
110	Argument	xxxxxxx-xxxxxx	predictive	Élevé
111	Argument	xxxx_xxx	predictive	Moyen
112	Argument	xxxxxx_xx	predictive	Moyen
113	Argument	xxxxx_xxxx	predictive	Moyen
114	Argument	xxxxx	predictive	Faible
115	Argument	xxxx	predictive	Faible
116	Argument	xxxxxx	predictive	Faible
117	Argument	xxxxxx	predictive	Faible
118	Argument	xxxxxx$xxxxx	predictive	Moyen
119	Argument	xxxxxxx[xx_xxx_xxxx]	predictive	Élevé
120	Argument	xxxx	predictive	Faible
121	Argument	xx	predictive	Faible
122	Argument	xxxxx	predictive	Faible
123	Argument	xx_xxxx	predictive	Faible
124	Argument	xxxxxx	predictive	Faible
125	Argument	xxxxxx	predictive	Faible
126	Argument	xxxx	predictive	Faible
127	Argument	xxxxxxxxx	predictive	Moyen
128	Argument	xxxxxx	predictive	Faible
129	Argument	xxx_xxxxxxx_xxx	predictive	Élevé
130	Argument	xxxxxxxxx	predictive	Moyen
131	Argument	xxxx[xxxxx]	predictive	Moyen
132	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Élevé
133	Argument	xxxx/xxxxx	predictive	Moyen
134	Argument	xxxx_xxxx	predictive	Moyen
135	Argument	xxxxxxxx	predictive	Moyen
136	Argument	xxxxx_xxxx_xxxx	predictive	Élevé
137	Argument	xxxx_xx	predictive	Faible
138	Argument	xx_xxxx	predictive	Faible
139	Argument	xxxxxx	predictive	Faible
140	Argument	xxxxxx	predictive	Faible
141	Argument	xxxxx	predictive	Faible
142	Argument	xxxx	predictive	Faible
143	Argument	xxxxxxxx	predictive	Moyen
144	Argument	xxxxx	predictive	Faible
145	Argument	xxxxxx	predictive	Faible
146	Argument	xxxxxxxx	predictive	Moyen
147	Argument	xxxxxxxxxx	predictive	Moyen
148	Argument	xxxxx	predictive	Faible
149	Argument	xxxxxx	predictive	Faible
150	Argument	xxxxxxxx	predictive	Moyen
151	Argument	\xxxxxx\	predictive	Moyen
152	Argument	_xxxx[_xxx_xxxx_xxxx	predictive	Élevé
153	Input Value	../	predictive	Faible
154	Input Value	x+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#	predictive	Élevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!