SharkBot 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (407)

时间轴

语言

en334
de30
ru20
sv8
fr6

国家/地区

us274
ru68
cn16
ir14
de8

演员

SharkBot21
Gozi15
ISFB9
Cobalt Strike7
Conti6

活动

利益

时间轴

类型

Not Defined104
Firewall Software14
Programming Language Software12
Web Server12
SCADA Software12

供应商

Not Defined106
Microsoft16
Oracle10
Sophos8
Google6

产品

nginx8
Google Chrome6
OpenSSH6
Sophos Firewall6
PHP6

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.430.00943CVE-2010-0966
3SugarCRM SQL注入5.85.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00208CVE-2020-17373
4jforum User 权限升级5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00289CVE-2019-7550
5nginx 权限升级6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.310.00241CVE-2020-12440
6SugarCRM Emails SQL注入7.57.4$0-$5k计算Not DefinedOfficial Fix0.000.00087CVE-2019-17319
7IBM CTSS Text Editor Password 信息公开3.33.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00000
8JumpServer 目录遍历7.77.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00053CVE-2023-42819
92daybiz Auction Script Login login.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.000.00380CVE-2010-1706
10Synacor Zimbra Collaboration Suite Calendar Invite ZmMailMsgView.js 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00155CVE-2021-35208
11SugarCRM Configurator 权限升级5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00090CVE-2019-17306
12SugarCRM Administration SQL注入7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00087CVE-2019-17298
13Apple macOS wifivelocityd 权限升级8.27.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00148CVE-2020-3838
14jQuery Property extend Pollution 跨网站脚本6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.03625CVE-2019-11358
15OpenSSH scp scp.c 权限升级6.46.4$25k-$100k$25k-$100kNot DefinedUnavailable0.000.00289CVE-2020-15778
16jQuery html 跨网站脚本5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01900CVE-2020-11023
17Microsoft Windows HTML Remote Code Execution5.85.7$25k-$100k$25k-$100kFunctionalOfficial Fix0.020.50789CVE-2023-36884
18Fortinet FortiOS/FortiProxy FortiGate SSL-VPN 内存损坏9.89.6$25k-$100k$25k-$100kNot DefinedOfficial Fix0.040.15407CVE-2023-27997
19Sunny WebBox 跨网站请求伪造7.57.5$0-$5k计算Not DefinedNot Defined0.010.00150CVE-2019-13529
20Synacor Zimbra Collaboration Suite Element Attribute 权限升级5.55.1$0-$5k$0-$5kFunctionalOfficial Fix0.020.01933CVE-2022-24682

IOC - Indicator of Compromise (64)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
137.10.71.172SharkBot2023-01-27verified
245.11.180.20help-extract.paststreak.netSharkBot2023-03-25verified
345.11.180.28sftp.novacoral.comSharkBot2024-03-08verified
445.11.180.82SharkBot2023-03-06verified
545.11.180.179SharkBot2022-11-15verified
645.11.180.240SharkBot2023-03-06verified
745.11.182.33SharkBot2023-03-10verified
845.11.182.62SharkBot2023-03-14verified
945.11.183.78SharkBot2024-03-23verified
1045.61.152.227SharkBot2024-03-08verified
1145.155.250.207SharkBot2024-03-08verified
1267.223.117.90SharkBot2023-11-20verified
1379.132.128.91SharkBot2022-11-26verified
14XX.XXX.XXX.XXXXxxxxxxx2023-01-07verified
15XX.XXX.XXX.XXXXxxxxxxx2023-03-11verified
16XX.XX.XX.XXXxxxxxxx2024-03-08verified
17XX.XXX.XXX.XXXXxxxxxxx2022-09-02verified
18XX.XXX.XXX.XXXXxxxxxxx2022-03-04verified
19XX.XXX.XXX.XXXXxxxxxxx2024-03-08verified
20XX.XXX.XX.XXXXxxxxxxx2023-03-06verified
21XX.XXX.XXX.XXXXxxxxxxx2023-01-06verified
22XX.XXX.XX.XXXXxxxxxxx2024-03-08verified
23XXX.XXX.XXX.XXXxxxxxxx2022-06-26verified
24XXX.XXX.XXX.XXXxxxxxxx2022-03-04verified
25XXX.XXX.XXX.XXXXxxxxxxx2022-09-02verified
26XXX.XXX.XXX.XXXXxxxxxxx2022-09-02verified
27XXX.XX.XXX.XXXXxxxxxxx2024-03-08verified
28XXX.XX.XXX.XXXXxxxxxxx2024-03-08verified
29XXX.XX.XX.XXXxxxxxxx2024-03-08verified
30XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx2023-03-06verified
31XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx2023-03-06verified
32XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx2023-03-11verified
33XXX.XX.XXX.XXXXxxxxxxx2022-06-26verified
34XXX.XX.XXX.XXXxxxxxxxx.xxxXxxxxxxx2022-04-23verified
35XXX.XX.XXX.XXXxxx.xxxxxxxxxxxxxxxxxxx.xxxxXxxxxxxx2022-03-04verified
36XXX.XX.XXX.XXXxxxxxxx2022-06-22verified
37XXX.XXX.XXX.XXXxxxxxxx2022-11-07verified
38XXX.XXX.XXX.XXXxxxxxxx2022-06-22verified
39XXX.XXX.XXX.XXxxxxxxxxxxxxxxxxx.xxxXxxxxxxx2022-03-13verified
40XXX.XXX.XXX.XXxxxxxxxxxx.xxxxXxxxxxxx2022-09-02verified
41XXX.XXX.XXX.XXXXxxxxxxx2022-03-04verified
42XXX.XXX.XXX.XXXxxxxxxx2024-03-23verified
43XXX.XXX.XXX.XXXxxxxxxx2022-07-28verified
44XXX.XXX.XXX.XXXXxxxxxxx2022-07-05verified
45XXX.XXX.XXX.XXXxxxxxx.xxxxxxXxxxxxxx2022-05-25verified
46XXX.XXX.XX.XXXxxxxxxx2024-03-08verified
47XXX.XXX.XX.XXXXxxxxxxx2022-10-08verified
48XXX.XXX.XX.XXXxxxxxxx2022-09-02verified
49XXX.XXX.XX.XXXxxxxx.xxxxxxxxxx.xxxxXxxxxxxx2022-10-10verified
50XXX.XXX.XX.XXXXxxxxxxx2022-03-13verified
51XXX.XXX.XX.XXXXxxxxxxx2022-11-25verified
52XXX.XXX.XX.XXXXxxxxxxx2022-11-24verified
53XXX.XXX.XX.XXXxxxxx.xxxxxx.xxxxxxXxxxxxxx2022-11-27verified
54XXX.XXX.XX.XXXXxxxxxxx2022-06-22verified
55XXX.XXX.XXX.XXXxxxxxxx2023-03-06verified
56XXX.XXX.XXX.XXXXxxxxxxx2023-03-06verified
57XXX.XXX.XXX.XXXXxxxxxxx2022-10-26verified
58XXX.XXX.XXX.XXxxxxx.xxxxxxx-xxx.xxxXxxxxxxx2022-06-05verified
59XXX.XXX.XXX.XXxxxxxxxxxxxx.xxxxxxxxx.xxxXxxxxxxx2022-10-10verified
60XXX.XXX.XXX.XXXXxxxxxxx2022-06-22verified
61XXX.XXX.XXX.XXXXxxxxxxx2022-09-02verified
62XXX.XX.XXX.XXxxxxx.xxxxxxxx-xx.xxxXxxxxxxx2022-06-22verified
63XXX.XX.XXX.XXXXxxxxxxx2022-11-18verified
64XXX.XX.XXX.XXXXxxxxxxx2023-03-11verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22, CWE-37, CWE-425Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94Argument Injectionpredictive
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
18TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (125)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File%PROGRAMFILES(X86)%\Teradici\PCoIP.exepredictive
2File/.vnc/sesman_${username}_passwdpredictive
3File/api/RecordingList/DownloadRecord?file=predictive
4File/api/v2/cli/commandspredictive
5File/cgi-bin/supervisor/PwdGrp.cgipredictive
6File/cgi/loginDefaultUserpredictive
7File/Duty/AjaxHandle/UpLoadFloodPlanFile.ashxpredictive
8File/mics/j_spring_security_checkpredictive
9File/oauth/tokenpredictive
10File/opt/bin/clipredictive
11File/rom-0predictive
12File/uncpath/predictive
13File/usr/local/WowzaStreamingEngine/bin/predictive
14File/video-sharing-script/watch-video.phppredictive
15File/wp-adminpredictive
16File/_xxxxxpredictive
17File/_xxxxpredictive
18Filexxxxxxxxxxx.xxxxpredictive
19Filexxx.xpredictive
20Filexxxxxxx.xxxpredictive
21Filexxx_xxxxxxx.xxxpredictive
22Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
23Filexxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xpredictive
24Filexx_xxxxxx_xxxxxxx.xxxpredictive
25Filexxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictive
26Filexxxx/xxxxxxxxxxxx.xxxpredictive
27Filexxxxx.xxxpredictive
28Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictive
29Filexxxxxxx_xxx.xxxpredictive
30Filexxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictive
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
32Filexxxx\xxxxxx.xxxpredictive
33Filexxxxxxxx.xxxpredictive
34Filexxxxx.xxxpredictive
35Filexxx/xxxxx/xxxxx.xpredictive
36Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictive
37Filexxxx.xxxpredictive
38Filexxxxxxxxxx/xxx/xxxx/xxxx/xxx/xxx/xxxxxx/xxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
39Filexxx/xxxxxx.xxxpredictive
40Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
41Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
42Filexxxxxxxx/xxxxx_xxxxxx.xxxpredictive
43Filexxxxxxxx/xxxxxx-xxxx-xxxxxxxxx-xxxpredictive
44Filex_xxxxxxxx_xxxxxpredictive
45Filexxxxx/xxx_xxxxxxxxpredictive
46Filexxxxx/xxxxxxxxxpredictive
47Filexxxxxxxxxxx/xxxxx.xpredictive
48Filexxxxxxxxxxxxxxxxxx.xxxpredictive
49Filexxxxx.xxxpredictive
50Filexxxx.xpredictive
51Filexxxx.xxxpredictive
52Filexxxxxxxxxx.xxx?xxxxxx=xxxxxxxpredictive
53Filexxxxxxxxxxxxxxxxxx.xxxxpredictive
54Filexxxxxxxxxxxx.xxxxpredictive
55Filexxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxxx.xxxpredictive
56Filexxx/xxxx/xxxxxxxxx/xx_xxx_xxxx_xxxxx_xxxx.xpredictive
57Filexxxxx_xxxxxxxx.xxxpredictive
58Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictive
59Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictive
60Filexxxxxxx_xxxxxxx.xxxpredictive
61Filexxxxxxxxxxxxx.xpredictive
62Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictive
63Filexxxxxxxx.xxxpredictive
64Filexxxxx.xxxpredictive
65Filexxxxxxxxxx.xxxpredictive
66Filexxxxxxxx.xxxpredictive
67Filexxxxxxxx.xxxpredictive
68Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
69Filexxxxxxx.xxxpredictive
70Filexxx_xxxxx_xxxxxxx.xpredictive
71Filexxxxxx_xxxx.xpredictive
72Filexxx.xpredictive
73Filexxxx-xxxxxx.xpredictive
74Filexxxx.xxxpredictive
75Filexxxxxx/predictive
76Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictive
77Filexxxx.xxxpredictive
78Filexxxxxx.xxxpredictive
79Filexx-xxxxx/xxxx-xxx-xxxx.xxxpredictive
80Filexx-xxxxx/xxxxx.xxxpredictive
81Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
82Filexxxxxxx.xxxxpredictive
83Filexxxxxxxxxxxxx.xxpredictive
84Argument$xxxxx_xxxxxxxxxxpredictive
85Argument--xxxx=xxxpredictive
86Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictive
87Argumentxxxxxxxxpredictive
88Argumentxxxxxxxxpredictive
89Argumentxxxxxxxxxxpredictive
90Argumentxxxpredictive
91Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxpredictive
92Argumentxxxxxxxpredictive
93Argumentxxxx_xxxxpredictive
94Argumentxxxxpredictive
95Argumentxxxxxxxxxxxpredictive
96Argumentxxxx_xxxxxx_xxxxxxxxxpredictive
97Argumentxxxxxpredictive
98Argumentxxxxpredictive
99Argumentxxxxxxxxpredictive
100Argumentxxxxxxxxpredictive
101Argumentxxx_xxxxx_xxxx_xxxxxxxpredictive
102Argumentxxpredictive
103Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictive
104Argumentx_xxxxxxxxpredictive
105Argumentx_xxxxxxxxpredictive
106Argumentxxxpredictive
107Argumentxxxx_xxpredictive
108Argumentxxxx_xxxxpredictive
109Argumentxxxxxxxxpredictive
110Argumentxxx_xx_xxxxpredictive
111Argumentxxxxxxxxpredictive
112Argumentxxxxxxxpredictive
113Argumentxxxxxxpredictive
114Argumentxxxxpredictive
115Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictive
116Argumentxxxxxxpredictive
117Argumentxxxxxpredictive
118Argumentxxxpredictive
119Argumentxxxx/xx/xxxxpredictive
120Argumentxxxxxxxxpredictive
121Argumentxxxxxxxxpredictive
122Argument_xxx_xxxxxxx_xxxxxxxxxxx_xxx_xxxxxxxx_xxxxxxx_xxxxxxxxxxxxxxxxxx_xxxxxxxxpredictive
123Network Portxxxxpredictive
124Network Portxxx/xxpredictive
125Network Portxxx xxxxxx xxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you know our Splunk app?

Download it now for free!