Shellbot Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (353)

Curso de tempo

Idioma

en196
es130
it10
de4
fr4

País

es130
us50
it10
fr4
de2

Actores

Shellbot10
Mirai3
Cobalt Strike3
Remcos2
IcedID2

Actividades

Interesse

Curso de tempo

Tipo

Not Defined146
Operating System24
Content Management System14
Web Browser12
WordPress Plugin8

Fabricante

Not Defined112
Microsoft14
Oracle12
IBM10
Cisco8

Produto

Microsoft Windows8
MyBB6
Google Android4
HP HP-UX4
Adobe Acrobat Reader4

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.78CVE-2010-0966
3Fortinet FortiOS Endpoint Monitor Persistent Roteiro Cruzado de Sítios3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
4IBM TRIRIGA Application Platform Error Message Divulgação de Informação5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001070.00CVE-2020-4277
5IBM Security Secret Server URL Parameter Divulgação de Informação3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000640.00CVE-2021-20582
6Ultimate PHP Board UPB users.dat Password direitos alargados5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002260.02CVE-2002-2322
7Microsoft Windows Netlogon direitos alargados7.57.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.013170.03CVE-2016-3228
8Cisco Unified Communications Manager Mobile/Remote Access Services direitos alargados5.45.4$5k-$25k$0-$5kNot DefinedNot Defined0.000950.00CVE-2015-6410
9Magnolia CMS Edit Contact Roteiro Cruzado de Sítios4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000690.04CVE-2022-33098
10Tongda OA 2017 delete.php Injecção SQL6.76.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000790.09CVE-2023-5285
11SourceCodester Engineers Online Portal remove_inbox_message.php Injecção SQL7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.04CVE-2023-5281
12Caphyon Advanced Installer WinSxS DLL direitos alargados7.87.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000420.13CVE-2022-4956
13ZZZCMS Database Backup File save.php restore direitos alargados7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.13CVE-2023-5263
14Tongda OA 2017 delete.php Injecção SQL6.96.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000770.03CVE-2023-5261
15SourceCodester Online Computer and Laptop Store Master.php register Injecção SQL8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.09CVE-2023-5373
16Xinhu RockOA Password direitos alargados5.45.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000540.00CVE-2023-5296
17yasm nasm-pp.c if_condition Negação de Serviço4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.000570.00CVE-2021-33460
18Multi-Vendor Online Groceries Management System view_product.php Injecção SQL6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.002550.02CVE-2022-26632
19Linux Kernel KVM Excesso de tampão5.55.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000420.00CVE-2021-22543
20vBulletin XMLRPC API breadcrumbs_create.php Injecção SQL6.36.3$0-$5k$0-$5kHighUnavailable0.001020.02CVE-2014-2022

Campanhas (1)

These are the campaigns that can be associated with the actor:

  • CVE-2020-17496

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
134.225.57.146ec2-34-225-57-146.compute-1.amazonaws.comShellbot18/03/2024verifiedMédio
239.99.218.78Shellbot18/03/2024verifiedAlto
339.107.61.230Shellbot18/03/2024verifiedAlto
439.165.53.17Shellbot18/03/2024verifiedAlto
5XX.XXX.XXX.XXXxxxxxxxxxx.xxxxxx.xx.xxXxxxxxxx18/03/2024verifiedAlto
6XX.XXX.XX.XXxx-xxxxxxxxxx.xxxXxxxxxxx18/03/2024verifiedAlto
7XX.X.XXX.XXXxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxXxx-xxxx-xxxxx04/09/2021verifiedAlto
8XX.XX.XXX.Xxxxx.xxxxxxxxxx.xxxXxxxxxxx18/03/2024verifiedAlto
9XX.XX.XX.XXXXxxxxxxx18/03/2024verifiedAlto
10XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxxxx18/03/2024verifiedAlto
11XXX.XX.XXX.XXXxxxxxxx18/03/2024verifiedAlto
12XXX.XXX.XXX.XXXxxx-xxxxxxxx.xxx.xxx.xxxXxxxxxxx18/03/2024verifiedAlto
13XXX.XXX.X.XXxxxxxxx18/03/2024verifiedAlto
14XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxxxxxxXxx-xxxx-xxxxx04/09/2021verifiedAlto
15XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx-xxxXxxxxxxx18/03/2024verifiedAlto
16XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxx18/03/2024verifiedAlto
17XXX.XXX.XXX.XXXxxxxx.xxxxxxXxxxxxxx18/03/2024verifiedAlto
18XXX.XXX.XXX.XXXXxxxxxxx18/03/2024verifiedAlto

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-0CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCAPEC-0CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveAlto
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
17TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
18TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (122)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File.phppredictiveBaixo
2File/admin/save.phppredictiveAlto
3File/cgi-bin/web_index.cgi?lang=en&src=AwSystem.html&ertqVvnKV4TjU9VtpredictiveAlto
4File/chetc/shutdownpredictiveAlto
5File/etc/networkd-dispatcherpredictiveAlto
6File/integrations.jsonpredictiveAlto
7File/nav_bar_action.phppredictiveAlto
8File/nova/bin/traceroutepredictiveAlto
9File/photo/include/blog/article.phppredictiveAlto
10File/products/view_product.phppredictiveAlto
11File/purchase_order/classes/Master.php?f=delete_itempredictiveAlto
12File/rapi/read_urlpredictiveAlto
13File/var/adm/btmppredictiveAlto
14Fileactions/authenticate.phppredictiveAlto
15Filexxxxx.xxxpredictiveMédio
16Filexxxxx/xxxxxxxxx.xxxpredictiveAlto
17Filexxxxx/xxxxx.xxx/xxxxxxxx/xxxxxxpredictiveAlto
18Filexxx_xxxxxx_xxxxxx.xxxpredictiveAlto
19Filexxx.xxx?x=xxxxxxxx&x=xxxxxpredictiveAlto
20Filexxxxxxx.xxxpredictiveMédio
21Filexxxxxxxxxxx.xxxpredictiveAlto
22Filexxxxxxxxxxx_xxxxxx.xxxpredictiveAlto
23Filexxxx_xxxx.xxpredictiveMédio
24Filexxxxxx_xxxx.xxxpredictiveAlto
25Filexxxxxxxxx.xxpredictiveMédio
26Filexxxxxxxx.xpredictiveMédio
27FilexxxxxxxpredictiveBaixo
28Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
29Filexxxxxxxxxx_xxxxx.xxxpredictiveAlto
30Filexxx.xxxxxxxxxx.xxxxxxxxxxx.xxxxxxxxxxxxpredictiveAlto
31Filexxxxxx.xxxpredictiveMédio
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
33Filexxxxxxxx.xxxxpredictiveAlto
34Filexxx.xpredictiveBaixo
35Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
36Filexxxxxxx/xx/xxxxxx/xxxxx_xxxxx_xxxxxxxxxx/xxxxxx.xxxpredictiveAlto
37Filexxxxxxx/xx/xxxxxxx/xxxxxxxxxxx/xxxxxx.xxxpredictiveAlto
38Filexxxxxxxxxxxxx.xxxxxpredictiveAlto
39Filexxx.xxxpredictiveBaixo
40Filexxx/xxxxxx.xxxpredictiveAlto
41Filexxx/xxxxxxx.xxxpredictiveAlto
42Filexxxxxxxxx/xxxxxxx_xxxx/xxxxxx.xxxpredictiveAlto
43Filexxxxxxxxxxxx.xxxpredictiveAlto
44Filexxxxx.xpredictiveBaixo
45Filexxxxxxxxx.xxpredictiveMédio
46Filexxxxxxxxxx/xxxxxxxpredictiveAlto
47Filexxxxxx.xxxpredictiveMédio
48FilexxxxxxxxxpredictiveMédio
49Filexxxxxxxxx.xxxpredictiveAlto
50Filexxxxxxx.xxxpredictiveMédio
51Filexxxxxxx/xxxxxxxx/xxxx/xxxx-xx.xpredictiveAlto
52Filexxx_xxxxx.xxxx/xxx_xxxxxxxx.xxxxpredictiveAlto
53Filexxx/xxxx/xxx.xpredictiveAlto
54Filexxx.xxxpredictiveBaixo
55Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
56Filexxxxxxx.xxxpredictiveMédio
57Filexxxxxx_xxxxx_xxxxxxx.xxxpredictiveAlto
58Filexxxxxxx.xxpredictiveMédio
59Filexxxxx\xxxx.xxxpredictiveAlto
60Filexxxx-xxx/xxxxxxxx.xxxpredictiveAlto
61Filexxxxxx_xxxx.xxxpredictiveAlto
62Filexxxxxx-xxxx.xpredictiveAlto
63Filexxxxxxxxxxxxxxxxxxx?xxxxxx=xxxxxxxxxxxxxxxxxxxpredictiveAlto
64Filexxxxx.xxxpredictiveMédio
65Filexxxxx.xxxpredictiveMédio
66Filexxxxxxxxxx.xxxxpredictiveAlto
67Filexxxxxxx.xxxpredictiveMédio
68Filexxxxxxx.xxxpredictiveMédio
69Filexxxxxxxxxx.xxxpredictiveAlto
70Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
71Library/xxx/xxx/xxx_xx-xxxxx-xxx/xxxxxxx.xx.xpredictiveAlto
72Library/_xxx_xxx/xxxxx.xxxpredictiveAlto
73Libraryxxxxxxxxx.xxxpredictiveAlto
74Libraryxxx/xxxx/xxxxxx.xpredictiveAlto
75Libraryxxxxxx_xxx.xxxpredictiveAlto
76Libraryxxxxxx.xxxpredictiveMédio
77Libraryxxxxxxxx.xxxpredictiveMédio
78Argument-xpredictiveBaixo
79Argumentxxxxx/xxxxxpredictiveMédio
80ArgumentxxxxxxpredictiveBaixo
81Argumentxxx::xxxxxxx::xxxxxx/xxx::xxxxxxx::xxxxxxxxxxpredictiveAlto
82ArgumentxxxxpredictiveBaixo
83ArgumentxxxxxxxxpredictiveMédio
84Argumentxxxxxx/xxxxxxxxxx/xxxxpredictiveAlto
85ArgumentxxxxxxxxxxxxpredictiveMédio
86Argumentxxxxxxxx/xxxxxxpredictiveAlto
87ArgumentxxxxxxxxxxxxxxxpredictiveAlto
88ArgumentxxxxxxxxxpredictiveMédio
89Argumentxxxxxx_xxxxxxpredictiveAlto
90ArgumentxxxxxxxxxxxxpredictiveMédio
91Argumentxx_xxx_xxxxxpredictiveMédio
92ArgumentxxxxxpredictiveBaixo
93Argumentxxxxxxxxxx_xxpredictiveAlto
94ArgumentxxxxpredictiveBaixo
95ArgumentxxxxxxxxpredictiveMédio
96ArgumentxxxxpredictiveBaixo
97ArgumentxxxpredictiveBaixo
98ArgumentxxxpredictiveBaixo
99ArgumentxxxxpredictiveBaixo
100ArgumentxxpredictiveBaixo
101ArgumentxxxxxpredictiveBaixo
102ArgumentxxxxpredictiveBaixo
103Argumentxxxxxxxx_xxxpredictiveMédio
104ArgumentxxxpredictiveBaixo
105Argumentxxxx/xxxxxxxxxxxpredictiveAlto
106Argumentxxx xxxxxpredictiveMédio
107Argumentxxxxxxxxxxxxxxx/xxxx_xxxxpredictiveAlto
108ArgumentxxxxxxxxpredictiveMédio
109ArgumentxxxxxxpredictiveBaixo
110ArgumentxxxxxxxpredictiveBaixo
111ArgumentxxxxxpredictiveBaixo
112Argumentxxxxxxxxxxx_xxpredictiveAlto
113Argumentxxxxxx_xxxxpredictiveMédio
114Argumentxxxxxx$xxxpredictiveMédio
115ArgumentxxxxxxxxxxxxpredictiveMédio
116ArgumentxxxxxxxxpredictiveMédio
117ArgumentxxxxxpredictiveBaixo
118ArgumentxxxxpredictiveBaixo
119ArgumentxxxxxxxxpredictiveMédio
120ArgumentxxxxxpredictiveBaixo
121Input Valuex%xxxxx%xxx*x*x%xxx%xxxxx%xxxxx%xxxxxpredictiveAlto
122Network Portxxx xxxx/xxxx/xxxxpredictiveAlto

Referências (4)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!