Antibot.pw Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (61)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en62

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us40
cn14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Antibot.pw3
OceanLotus1
Cobalt Strike1
Carderbee1
FAKEUPDATES1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Content Management System6
Database Software2
Programming Language Software2
Application Server Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Oracle6
Thomas R. Pasawicz2
Gempar2
MGB2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Oracle MySQL Server2
Oracle Retail Customer Insights2
Thomas R. Pasawicz HyperBook Guestbook2
UliCMS2
Gempar Script Toko Online2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2NCH Axon PBX cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000580.00CVE-2021-37456
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.69CVE-2010-0966
4WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
5MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
6Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
7Red Hat WildFly Blacklist Filter File information disclosure7.57.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.098170.00CVE-2016-0793
8Intel AMT SDK/SCS/MEBx USB Provisioning insufficiently protected credentials2.42.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000640.02CVE-2021-33107
9Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001920.03CVE-2014-2120
10Palo Alto PAN-OS GlobalProtect Portal stack-based overflow9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002340.04CVE-2021-3064
11EDK II DxeCore memory corruption6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001810.00CVE-2018-12183
12Zoho ManageEngine ManageEngine OpManager NewThresholdConfiguration.jsp sql injection7.57.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.007550.00CVE-2019-15104
13Debian tss access control4.03.7$5k-$25k$0-$5kUnprovenUnavailable0.000420.04CVE-2008-1877
14AXIS 2110 Network Camera virtualinput.cgi privileges management7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.056840.00CVE-2004-2425
15MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.93CVE-2007-0354
16UliCMS index.php cross site scripting5.75.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.006610.04CVE-2019-11398
17PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.03CVE-2007-1287
18AFFcommerce ItemReview.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
19TeamPass Access Control items.queries.php access control7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.03CVE-2017-15055
20HotScripts Clone Script software-description.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001600.00CVE-2007-6084

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.63.85.13845.63.85.138.vultrusercontent.comAntibot.pw09/02/2023verifiedHigh
245.76.179.10945.76.179.109.vultrusercontent.comAntibot.pw09/02/2023verifiedHigh
3XXX.XX.XX.XXXXxxxxxx.xx09/02/2023verifiedHigh
4XXX.XX.XX.XXXxxxxxx.xx09/02/2023verifiedHigh
5XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx.xx09/02/2023verifiedHigh
6XXX.XX.XXX.XXXXxxxxxx.xx09/02/2023verifiedHigh
7XXX.XX.XXX.XXXxxxxxx.xx09/02/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/forum/away.phppredictiveHigh
3Fileaddentry.phppredictiveMedium
4Fileadmin/index.phppredictiveHigh
5Filedata/gbconfiguration.datpredictiveHigh
6Filexxxxx.xxxpredictiveMedium
7Filexxx/xxxxxx.xxxpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxxxxxx.xxxpredictiveHigh
10Filexxxxx.xxxxxxx.xxxpredictiveHigh
11Filexxxx_xxxx.xxxpredictiveHigh
12Filexxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxx.xxxpredictiveMedium
14Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
15Filexxxx-xxx/xxxxxxxx.xxxpredictiveHigh
16Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxx.xxxpredictiveMedium
20Argument-xpredictiveLow
21ArgumentxxxxxxxxpredictiveMedium
22Argumentxxxxxxxxx xx xxxxxxxpredictiveHigh
23ArgumentxxxpredictiveLow
24Argumentxxx_xxpredictiveLow
25Argumentxxxx_xxpredictiveLow
26ArgumentxxpredictiveLow
27ArgumentxxpredictiveLow
28Argumentxxxx_xxpredictiveLow
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxxxxxxxxpredictiveMedium
31ArgumentxxxxxxxpredictiveLow
32Argumentxxxxxxxx/xxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!