Saint Bot Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (204)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en176
fr12
pl4
de4
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us68
ru16
fr10
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Saint Bot4
Cobalt Strike2
RedLine Stealer2
Mirai1
Bashlite1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined82
Programming Language Software14
Content Management System14
Operating System12
WordPress Plugin4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined58
Microsoft14
Chadha4
Adobe4
SteelSeries2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
PHP6
Chadha PHPKB Standard Multi-Language4
WordPress4
phpLinkat4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1HP SAN/iQ hydra.exe credentials management4.33.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002830.00CVE-2012-4362
2Hydra HTTP Header read.c process_header_end null pointer dereference6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001170.02CVE-2019-17502
3IW Guestbook badwords_edit.asp sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
4Hydra authentication replay5.65.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.00CVE-2020-5300
5PHPGurukul Hospital Management System dashboard.php access control5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.006610.02CVE-2020-35745
6OmniSecure AddUrlShield index.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02
7ORY Hydra error Reflected cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2019-8400
8phpLinkat showcat.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001020.00CVE-2008-3406
9SourceCodester Customer Relationship Management login.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.006450.00CVE-2021-43130
10moziloCMS download.php path traversal5.34.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.015780.00CVE-2008-3589
11Sam Crew MyBlog games.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.006090.00CVE-2007-1990
12HP SAN/iQ Login hydra.exe memory corruption10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.466430.00CVE-2011-4157
13HP LeftHand Virtual SAN Appliance hydra memory corruption10.09.5$25k-$100k$0-$5kHighOfficial Fix0.784010.00CVE-2013-2343
14spip Login spip_login.php3 file inclusion7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.050540.04CVE-2006-1702
15Linksys WVC11B main.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.015690.04CVE-2004-2508
16Jelsoft impex ImpExData.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.043170.04CVE-2006-1382
17PHP php URL error_log access control6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000690.02CVE-2006-3011
18Cisco Linksys EA2700 URL information disclosure4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.00
19MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
20PHP URL Validation filter_var input validation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.005600.04CVE-2020-7071

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.42.185.63fvr.xyzSaint Bot02/12/2024verifiedHigh
2XX.XXX.XXX.XXXxxxx Xxx02/12/2024verifiedHigh
3XXX.XXX.XXX.XXXXxxxx Xxx02/12/2024verifiedHigh
4XXX.XX.XXX.XXXxxxxxxx.xxx.xxXxxxx Xxx02/12/2024verifiedHigh
5XXX.XXX.XXX.XXXXxxxx Xxx02/12/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (155)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/admin/login.phppredictiveHigh
3File/adminPage/main/uploadpredictiveHigh
4File/cwc/loginpredictiveMedium
5File/includes/rrdtool.inc.phppredictiveHigh
6File/intern/controller.phppredictiveHigh
7File/iwguestbook/admin/badwords_edit.asppredictiveHigh
8File/iwguestbook/admin/messages_edit.asppredictiveHigh
9File/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.phppredictiveHigh
10File/www/ping_response.cgipredictiveHigh
11Fileadmin.phppredictiveMedium
12Fileadmin/dashboard.phppredictiveHigh
13Fileadmin/gallery.phppredictiveHigh
14Fileadmin/manage-departments.phppredictiveHigh
15Fileadmin/sellerupd.phppredictiveHigh
16Fileadmin/vqmods.app/vqmods.inc.phppredictiveHigh
17Fileadministrator/logviewer/searchlog.cfmpredictiveHigh
18Filebackend/utilities/terminal.jspredictiveHigh
19Filebb_usage_stats.phppredictiveHigh
20Fileboard.phppredictiveMedium
21Filexxxxx.xxxpredictiveMedium
22Filexxx.xxxpredictiveLow
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxx-xxxx.xxxpredictiveMedium
25Filexxx-xxx/xxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxx_xxxxxxxx/xx.xxxpredictiveHigh
27Filexxxxxx.xxx.xxxpredictiveHigh
28Filexxxxxxxx/xxxxx.xxxpredictiveHigh
29Filexxxxxxxxx.xxx.xxxpredictiveHigh
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxxxxxxx/xxx.xpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxxx.xxxpredictiveMedium
40Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
41Filexxxx/xxxxx/xxxxxxx.xxx.xxxpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxxxxx.xxxpredictiveHigh
44Filexxx.xxxpredictiveLow
45Filexxxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
46Filexxxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
47Filexxxxx.xxxpredictiveMedium
48Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveHigh
49Filexxxxxx.xxxpredictiveMedium
50Filexxxx.xxxxpredictiveMedium
51Filexxxxxxxxxx.xxxpredictiveHigh
52Filexxxx_xxxxxxx.xxxxpredictiveHigh
53Filexxxx_xxxx.xxxpredictiveHigh
54Filexxxx.xxxpredictiveMedium
55Filexxxxx.xxxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxxx_xx.xxxxpredictiveHigh
58Filexxxx.xxxpredictiveMedium
59Filexxxx.xxxpredictiveMedium
60Filexxxxxx.xxxpredictiveMedium
61Filexxxxxxx/xxxxxxxx/xxxxx.xxxpredictiveHigh
62Filexxxxxx/xxxxxxxxx/xxxxxpredictiveHigh
63Filexxx_xxxx.xxx.xxxpredictiveHigh
64Filexxxxx.xxxpredictiveMedium
65Filexxxx/xxxxx.xxxpredictiveHigh
66Filexxxxxxx.xxxpredictiveMedium
67Filexxxxxxxxxx.xxx.xxxpredictiveHigh
68Filexxxx/xxxxxxxxx.xxxpredictiveHigh
69Filexxxx.xpredictiveLow
70Filexxxxxxxxxxxx-xxxx.xxxxpredictiveHigh
71Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
72Filexxxxxxxx.xxxpredictiveMedium
73Filexxxx.xxxpredictiveMedium
74Filexxxxxxxx.xxxpredictiveMedium
75Filexxxx-xxx.xxxpredictiveMedium
76Filexxxxxxx.xxxpredictiveMedium
77Filexxxxxxxxxxx.xxxpredictiveHigh
78Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
79Filexxxx_xxxxx.xxxxpredictiveHigh
80Filexxxx.xxxpredictiveMedium
81Filexxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
82Filexxxxxx.xxxpredictiveMedium
83Filexxxxxxxx.xxxpredictiveMedium
84Filexxxxxxxxx.xxxpredictiveHigh
85Filexxxxxxx.xxxpredictiveMedium
86Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxpredictiveHigh
87Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
88Filexx-xxxxx.xxxpredictiveMedium
89Filexxxxxxxxxxxx.xxxpredictiveHigh
90Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictiveHigh
91Argument$_xxxxxpredictiveLow
92Argument$_xxxx['xxxxxxxxx']predictiveHigh
93Argument$_xxxxxx['xxxxxx_xxxx']predictiveHigh
94ArgumentxxxxxxxpredictiveLow
95ArgumentxxxxxxxpredictiveLow
96Argumentxxxx_xxxpredictiveMedium
97Argumentxx_xxxx_xxxxpredictiveMedium
98ArgumentxxxxxxpredictiveLow
99ArgumentxxxpredictiveLow
100ArgumentxxxxxxxxxxpredictiveMedium
101ArgumentxxxxxpredictiveLow
102ArgumentxxxxxpredictiveLow
103Argumentxxx_xxpredictiveLow
104Argumentxxx[xxxxxx][xxxxxxxxx]predictiveHigh
105ArgumentxxxpredictiveLow
106ArgumentxxxxxxxxxxxxxxxpredictiveHigh
107ArgumentxxxxxxxxxpredictiveMedium
108Argumentxxxx_xxpredictiveLow
109ArgumentxxxxxxxpredictiveLow
110ArgumentxxxxxxxxxxxpredictiveMedium
111Argumentxxxxxxx-xxxxxxpredictiveHigh
112Argumentxxxx_xxxpredictiveMedium
113Argumentxxxxxx_xxpredictiveMedium
114Argumentxxxxx_xxxxpredictiveMedium
115ArgumentxxxxxpredictiveLow
116ArgumentxxxxpredictiveLow
117ArgumentxxxxxxpredictiveLow
118ArgumentxxxxxxpredictiveLow
119Argumentxxxxxx$xxxxxpredictiveMedium
120Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
121ArgumentxxxxpredictiveLow
122ArgumentxxpredictiveLow
123ArgumentxxxxxpredictiveLow
124Argumentxx_xxxxpredictiveLow
125ArgumentxxxxxxpredictiveLow
126ArgumentxxxxxxpredictiveLow
127ArgumentxxxxpredictiveLow
128ArgumentxxxxxxxxxpredictiveMedium
129ArgumentxxxxxxpredictiveLow
130Argumentxxx_xxxxxxx_xxxpredictiveHigh
131ArgumentxxxxxxxxxpredictiveMedium
132Argumentxxxx[xxxxx]predictiveMedium
133Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
134Argumentxxxx/xxxxxpredictiveMedium
135Argumentxxxx_xxxxpredictiveMedium
136ArgumentxxxxxxxxpredictiveMedium
137Argumentxxxxx_xxxx_xxxxpredictiveHigh
138Argumentxxxx_xxpredictiveLow
139Argumentxx_xxxxpredictiveLow
140ArgumentxxxxxxpredictiveLow
141ArgumentxxxxxxpredictiveLow
142ArgumentxxxxxpredictiveLow
143ArgumentxxxxpredictiveLow
144ArgumentxxxxxxxxpredictiveMedium
145ArgumentxxxxxpredictiveLow
146ArgumentxxxxxxpredictiveLow
147ArgumentxxxxxxxxpredictiveMedium
148ArgumentxxxxxxxxxxpredictiveMedium
149ArgumentxxxxxpredictiveLow
150ArgumentxxxxxxpredictiveLow
151ArgumentxxxxxxxxpredictiveMedium
152Argument\xxxxxx\predictiveMedium
153Argument_xxxx[_xxx_xxxx_xxxxpredictiveHigh
154Input Value../predictiveLow
155Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!