SharkBot Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (420)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en356
ru26
de22
sv6
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us276
ru64
cn20
gb12
de10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

SharkBot23
Gozi16
ISFB10
Cobalt Strike9
RedLine Stealer8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined108
Web Server18
Content Management System14
Firewall Software12
Groupware Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined100
Microsoft20
Apple8
Oracle6
Apache6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS8
nginx8
Microsoft Exchange Server8
SugarCRM8
PHP6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.33CVE-2010-0966
3SugarCRM sql injection5.85.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002480.02CVE-2020-17373
4jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
5nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.20CVE-2020-12440
6SugarCRM Emails sql injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2019-17319
7IBM CTSS Text Editor Password information disclosure3.33.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.08
8JumpServer path traversal7.77.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.05CVE-2023-42819
92daybiz Auction Script Login login.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.003800.00CVE-2010-1706
10Synacor Zimbra Collaboration Suite Calendar Invite ZmMailMsgView.js cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001550.03CVE-2021-35208
11SugarCRM Configurator input validation5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.00CVE-2019-17306
12SugarCRM Administration sql injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2019-17298
13Fortinet FortiOS SSL-VPN out-of-bounds write9.89.6$25k-$100k$5k-$25kHighOfficial Fix0.018420.03CVE-2024-21762
14Palo Alto Networks PAN-OS GlobalProtect command injection8.98.7$0-$5k$0-$5kHighOfficial Fix0.953590.08CVE-2024-3400
15Apple macOS wifivelocityd default permission8.28.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001480.00CVE-2020-3838
16nginx Range Filter integer overflow6.46.3$0-$5k$0-$5kNot DefinedWorkaround0.962830.06CVE-2017-7529
17jQuery Property extend Pollution cross site scripting6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.035350.05CVE-2019-11358
18OpenSSH scp scp.c os command injection6.46.4$25k-$100k$25k-$100kNot DefinedUnavailable0.002890.00CVE-2020-15778
19jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.019000.00CVE-2020-11023
20Microsoft Windows HTML Remote Code Execution5.85.7$25k-$100k$25k-$100kHighOfficial Fix0.491190.03CVE-2023-36884

IOC - Indicator of Compromise (66)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.10.71.172SharkBot01/27/2023verifiedHigh
245.11.180.20help-extract.paststreak.netSharkBot03/25/2023verifiedHigh
345.11.180.28sftp.novacoral.comSharkBot03/08/2024verifiedHigh
445.11.180.82SharkBot03/06/2023verifiedHigh
545.11.180.179SharkBot11/15/2022verifiedHigh
645.11.180.240SharkBot03/06/2023verifiedHigh
745.11.182.33SharkBot03/10/2023verifiedHigh
845.11.182.62SharkBot03/14/2023verifiedHigh
945.11.183.78SharkBot03/23/2024verifiedHigh
1045.61.152.227SharkBot03/08/2024verifiedHigh
1145.147.229.134SharkBot04/04/2024verifiedHigh
1245.155.250.106SharkBot04/04/2024verifiedHigh
1345.155.250.207SharkBot03/08/2024verifiedHigh
1467.223.117.90SharkBot11/20/2023verifiedHigh
15XX.XXX.XXX.XXXxxxxxxx11/26/2022verifiedHigh
16XX.XXX.XXX.XXXXxxxxxxx01/07/2023verifiedHigh
17XX.XXX.XXX.XXXXxxxxxxx03/11/2023verifiedHigh
18XX.XX.XX.XXXxxxxxxx03/08/2024verifiedHigh
19XX.XXX.XXX.XXXXxxxxxxx09/02/2022verifiedHigh
20XX.XXX.XXX.XXXXxxxxxxx03/04/2022verifiedHigh
21XX.XXX.XXX.XXXXxxxxxxx03/08/2024verifiedHigh
22XX.XXX.XX.XXXXxxxxxxx03/06/2023verifiedHigh
23XX.XXX.XXX.XXXXxxxxxxx01/06/2023verifiedHigh
24XX.XXX.XX.XXXXxxxxxxx03/08/2024verifiedHigh
25XXX.XXX.XXX.XXXxxxxxxx06/26/2022verifiedHigh
26XXX.XXX.XXX.XXXxxxxxxx03/04/2022verifiedHigh
27XXX.XXX.XXX.XXXXxxxxxxx09/02/2022verifiedHigh
28XXX.XXX.XXX.XXXXxxxxxxx09/02/2022verifiedHigh
29XXX.XX.XXX.XXXXxxxxxxx03/08/2024verifiedHigh
30XXX.XX.XXX.XXXXxxxxxxx03/08/2024verifiedHigh
31XXX.XX.XX.XXXxxxxxxx03/08/2024verifiedHigh
32XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx03/06/2023verifiedHigh
33XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx03/06/2023verifiedHigh
34XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx03/11/2023verifiedHigh
35XXX.XX.XXX.XXXXxxxxxxx06/26/2022verifiedHigh
36XXX.XX.XXX.XXXxxxxxxxx.xxxXxxxxxxx04/23/2022verifiedHigh
37XXX.XX.XXX.XXXxxx.xxxxxxxxxxxxxxxxxxx.xxxxXxxxxxxx03/04/2022verifiedHigh
38XXX.XX.XXX.XXXxxxxxxx06/22/2022verifiedHigh
39XXX.XXX.XXX.XXXxxxxxxx11/07/2022verifiedHigh
40XXX.XXX.XXX.XXXxxxxxxx06/22/2022verifiedHigh
41XXX.XXX.XXX.XXxxxxxxxxxxxxxxxxx.xxxXxxxxxxx03/13/2022verifiedHigh
42XXX.XXX.XXX.XXxxxxxxxxxx.xxxxXxxxxxxx09/02/2022verifiedHigh
43XXX.XXX.XXX.XXXXxxxxxxx03/04/2022verifiedHigh
44XXX.XXX.XXX.XXXxxxxxxx03/23/2024verifiedHigh
45XXX.XXX.XXX.XXXxxxxxxx07/28/2022verifiedHigh
46XXX.XXX.XXX.XXXXxxxxxxx07/05/2022verifiedHigh
47XXX.XXX.XXX.XXXxxxxxx.xxxxxxXxxxxxxx05/25/2022verifiedHigh
48XXX.XXX.XX.XXXxxxxxxx03/08/2024verifiedHigh
49XXX.XXX.XX.XXXXxxxxxxx10/08/2022verifiedHigh
50XXX.XXX.XX.XXXxxxxxxx09/02/2022verifiedHigh
51XXX.XXX.XX.XXXxxxxx.xxxxxxxxxx.xxxxXxxxxxxx10/10/2022verifiedHigh
52XXX.XXX.XX.XXXXxxxxxxx03/13/2022verifiedHigh
53XXX.XXX.XX.XXXXxxxxxxx11/25/2022verifiedHigh
54XXX.XXX.XX.XXXXxxxxxxx11/24/2022verifiedHigh
55XXX.XXX.XX.XXXxxxxx.xxxxxx.xxxxxxXxxxxxxx11/27/2022verifiedHigh
56XXX.XXX.XX.XXXXxxxxxxx06/22/2022verifiedHigh
57XXX.XXX.XXX.XXXxxxxxxx03/06/2023verifiedHigh
58XXX.XXX.XXX.XXXXxxxxxxx03/06/2023verifiedHigh
59XXX.XXX.XXX.XXXXxxxxxxx10/26/2022verifiedHigh
60XXX.XXX.XXX.XXxxxxx.xxxxxxx-xxx.xxxXxxxxxxx06/05/2022verifiedHigh
61XXX.XXX.XXX.XXxxxxxxxxxxxx.xxxxxxxxx.xxxXxxxxxxx10/10/2022verifiedHigh
62XXX.XXX.XXX.XXXXxxxxxxx06/22/2022verifiedHigh
63XXX.XXX.XXX.XXXXxxxxxxx09/02/2022verifiedHigh
64XXX.XX.XXX.XXxxxxx.xxxxxxxx-xx.xxxXxxxxxxx06/22/2022verifiedHigh
65XXX.XX.XXX.XXXXxxxxxxx11/18/2022verifiedHigh
66XXX.XX.XXX.XXXXxxxxxxx03/11/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-37, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (128)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File%PROGRAMFILES(X86)%\Teradici\PCoIP.exepredictiveHigh
2File/.vnc/sesman_${username}_passwdpredictiveHigh
3File/api/RecordingList/DownloadRecord?file=predictiveHigh
4File/api/runs/search/run/predictiveHigh
5File/api/v2/cli/commandspredictiveHigh
6File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
7File/cgi/loginDefaultUserpredictiveHigh
8File/Duty/AjaxHandle/UpLoadFloodPlanFile.ashxpredictiveHigh
9File/mics/j_spring_security_checkpredictiveHigh
10File/oauth/tokenpredictiveMedium
11File/opt/bin/clipredictiveMedium
12File/rom-0predictiveLow
13File/uncpath/predictiveMedium
14File/usr/local/WowzaStreamingEngine/bin/predictiveHigh
15File/video-sharing-script/watch-video.phppredictiveHigh
16File/xx-xxxxxpredictiveMedium
17File/_xxxxxpredictiveLow
18File/_xxxxpredictiveLow
19Filexxxxxxxxxxx.xxxxpredictiveHigh
20Filexxx.xpredictiveLow
21Filexxxxxxx.xxxpredictiveMedium
22Filexxx_xxxxxxx.xxxpredictiveHigh
23Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
24Filexxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xpredictiveHigh
25Filexx_xxxxxx_xxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
28Filexx_xxxxx_xxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
31Filexxxxxxx_xxx.xxxpredictiveHigh
32Filexxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
33Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxx\xxxxxx.xxxpredictiveHigh
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxxxx.xxxpredictiveMedium
37Filexxx/xxxxx/xxxxx.xpredictiveHigh
38Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxxxxxxxxx/xxx/xxxx/xxxx/xxx/xxx/xxxxxx/xxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxx/xxxxxx.xxxpredictiveHigh
42Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
43Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxx/xxxxx_xxxxxx.xxxpredictiveHigh
45Filexxxxxxxx/xxxxxx-xxxx-xxxxxxxxx-xxxpredictiveHigh
46Filex_xxxxxxxx_xxxxxpredictiveHigh
47Filexxxxx/xxx_xxxxxxxxpredictiveHigh
48Filexxxxx/xxxxxxxxxpredictiveHigh
49Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
50Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxx.xpredictiveLow
53Filexxxx.xxxpredictiveMedium
54Filexxxxxxxxxx.xxx?xxxxxx=xxxxxxxpredictiveHigh
55Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
56Filexxxxxxxxxxxx.xxxxpredictiveHigh
57Filexxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxxx.xxxpredictiveHigh
58Filexxx/xxxx/xxxxxxxxx/xx_xxx_xxxx_xxxxx_xxxx.xpredictiveHigh
59Filexxxxx_xxxxxxxx.xxxpredictiveHigh
60Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
61Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
62Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
63Filexxxxxxxxxxxxx.xpredictiveHigh
64Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
65Filexxxxxxxx.xxxpredictiveMedium
66Filexxxxx.xxxpredictiveMedium
67Filexxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxxx.xxxpredictiveMedium
69Filexxxxxxxx.xxxpredictiveMedium
70Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
71Filexxxxxxx.xxxpredictiveMedium
72Filexxx_xxxxx_xxxxxxx.xpredictiveHigh
73Filexxxxxx_xxxx.xpredictiveHigh
74Filexxx.xpredictiveLow
75Filexxxx-xxxxxx.xpredictiveHigh
76Filexxxx.xxxpredictiveMedium
77Filexxxxxx/predictiveLow
78Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
79Filexxxx.xxxpredictiveMedium
80Filexxxxxx.xxxpredictiveMedium
81Filexx-xxxxx/xxxx-xxx-xxxx.xxxpredictiveHigh
82Filexx-xxxxx/xxxxx.xxxpredictiveHigh
83Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
84Filexxxxxxx.xxxxpredictiveMedium
85Filexxxxxxxxxxxxx.xxpredictiveHigh
86Argument$xxxxx_xxxxxxxxxxpredictiveHigh
87Argument--xxxx=xxxpredictiveMedium
88Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictiveHigh
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxxxxxpredictiveMedium
91ArgumentxxxxxxxxxxpredictiveMedium
92ArgumentxxxpredictiveLow
93Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxpredictiveHigh
94ArgumentxxxxxxxpredictiveLow
95Argumentxxxx_xxxxpredictiveMedium
96ArgumentxxxxpredictiveLow
97ArgumentxxxxxxxxxxxpredictiveMedium
98Argumentxxxx_xxxxxx_xxxxxxxxxpredictiveHigh
99ArgumentxxxxxpredictiveLow
100ArgumentxxxxpredictiveLow
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxxxxxpredictiveMedium
103Argumentxxx_xxxxx_xxxx_xxxxxxxpredictiveHigh
104ArgumentxxpredictiveLow
105Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
106Argumentx_xxxxxxxxpredictiveMedium
107Argumentx_xxxxxxxxpredictiveMedium
108ArgumentxxxpredictiveLow
109Argumentxxxx_xxpredictiveLow
110Argumentxxxx_xxxxpredictiveMedium
111ArgumentxxxxxxxxpredictiveMedium
112Argumentxxx_xx_xxxxpredictiveMedium
113ArgumentxxxxxxxxpredictiveMedium
114Argumentxxxxx_xxxx_xxxxpredictiveHigh
115ArgumentxxxxxxxpredictiveLow
116ArgumentxxxxxxpredictiveLow
117ArgumentxxxxpredictiveLow
118Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictiveHigh
119ArgumentxxxxxxpredictiveLow
120ArgumentxxxxxpredictiveLow
121ArgumentxxxpredictiveLow
122Argumentxxxx/xx/xxxxpredictiveMedium
123ArgumentxxxxxxxxpredictiveMedium
124ArgumentxxxxxxxxpredictiveMedium
125Argument_xxx_xxxxxxx_xxxxxxxxxxx_xxx_xxxxxxxx_xxxxxxx_xxxxxxxxxxxxxxxxxx_xxxxxxxxpredictiveHigh
126Network PortxxxxpredictiveLow
127Network Portxxx/xxpredictiveLow
128Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!