VBREVSHELL Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (125)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en120
zh6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us100
cn14
gb2
br2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

VBREVSHELL6
Cobalt Strike3
HyperBro1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Content Management System4
Smartphone Operating System4
Router Operating System2
Network Camera Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Google4
Cisco2
AVTECH2
Palo Alto2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android4
Cisco NX-OS2
AVTECH IP Camera2
AVTECH NVR2
AVTECH DVR2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.05CVE-2018-25085
2Microsoft Windows NetBIOS WinNuke denial of service7.57.2$25k-$100k$0-$5kHighOfficial Fix0.003040.09CVE-1999-0153
3jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
4Palo Alto PAN-OS Web Interface os command injection7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001820.02CVE-2021-3050
5Cisco Packaged Contact Center Enterprise deserialization9.99.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001620.04CVE-2024-20253
6Paddle divide by zero5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.04CVE-2023-38677
7DolphinPHP Incomplete Fix CVE-2021-46097 common.php os command injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.012830.22CVE-2023-0935
8PbootCMS GET Request sql injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001090.05CVE-2021-37497
9October CMS Admin Panel code injection5.85.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000810.06CVE-2022-35944
10WordPress cross site scripting4.34.1$5k-$25k$0-$5kHighOfficial Fix0.001920.00CVE-2008-2068
11Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.07CVE-2017-0055
12Goahead Web Server Multi-Part Request use after free9.08.9$0-$5k$0-$5kNot DefinedWorkaround0.478180.04CVE-2019-5096
13Bitcoin wallet.dat AES Encryption Padding missing encryption7.16.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
14QNAP QTS Helpdesk command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002740.03CVE-2018-0714
15Linux Kernel Call tcp_collapse_ofo_queue input validation6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.783020.04CVE-2018-5390
16Cisco Linksys Router tmUnblock.cgi privileges management9.89.2$25k-$100k$0-$5kHighWorkaround0.000000.00
17AVTECH IP Camera/NVR/DVR PwdGrp.cgi command injection9.89.2$5k-$25k$0-$5kHighUnavailable0.000000.04
18vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.04CVE-2018-6200
19Google Android Ashmem out-of-bounds write6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.001010.03CVE-2017-13216
20Sony IPELA ENGINE IP Camera backdoor9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000000.04

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
18.134.126.121VBREVSHELL04/01/2024verifiedHigh
227.124.47.147VBREVSHELL10/15/2023verifiedHigh
345.77.250.19645.77.250.196.vultrusercontent.comVBREVSHELL11/29/2023verifiedHigh
4XX.XXX.XXX.XXXxxxxxxxxx10/21/2023verifiedHigh
5XX.XXX.XXX.XXXxxxxxxxxx11/03/2023verifiedHigh
6XX.XX.XX.XXXxxxxxxxxx11/29/2023verifiedHigh
7XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx03/09/2024verifiedHigh
8XXX.XXX.XXX.XXxxx-xxx-xxx-xxx-xx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxxxxxx10/29/2023verifiedHigh
9XXX.XXX.XXX.XXXxxxxxxxxx11/10/2023verifiedHigh
10XXX.XXX.XXX.XXXxxxxxxxxx10/15/2023verifiedHigh
11XXX.XXX.XX.XXXXxxxxxxxxx10/15/2023verifiedHigh
12XXX.XX.XX.XXXxxx-xx-xx-xxx-xxxxxxxxx.xxxxxxxx.xxxXxxxxxxxxx10/15/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
9TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
2File/uncpath/predictiveMedium
3Filecommon.phppredictiveMedium
4Filexxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
6Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxxxxxxx.xxxpredictiveHigh
9Filexxxxxx.xxxpredictiveMedium
10ArgumentxxpredictiveLow
11ArgumentxxxxxxxxpredictiveMedium
12Argumentxxxx_xxpredictiveLow
13ArgumentxxxpredictiveLow
14Network Portxxx/xxxxpredictiveMedium

References (13)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!