BoatBotnet Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (104)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en96
it2
es2
ja2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us104

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mirai3
BoatBotnet3
Cobalt Strike2
Rhadamanthys2
Bashlite2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined40
Content Management System6
Forum Software6
Router Operating System6
Cloud Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
Apple10
Microsoft8
Oracle4
SourceCodester4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

e-Quick Cart6
Apple iCloud6
Apple iOS4
Microsoft Office4
Conceptronic CIPCAMPTIWL2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DrayTek Vigor 2960 Web Management Interface mainfunction.cgi command injection7.47.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002730.09CVE-2023-1162
2e-Quick Cart shoptellafriend.asp sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
3e-Quick Cart shopprojectlogin.asp cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
4e-Quick Cart shopprojectlogin.asp sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
5Oracle WebLogic Server WebLogic Console unknown vulnerability5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.001790.06CVE-2013-1504
6Iatek ASPapp links.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000970.02CVE-2008-1430
7Comersus Open Technologies Comersus Cart comersus_optreviewreadexec.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.003810.06CVE-2007-3323
8phpBB XS bb_usage_stats.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.079550.02CVE-2006-4893
9phpBB install.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.006420.00CVE-2002-1707
10Mamboxchange Extended Registration registration_detailed.inc.php file inclusion7.36.4$0-$5k$0-$5kUnprovenUnavailable0.050540.04CVE-2006-5254
11DeltaScripts PHP Classifieds detail.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.000870.04CVE-2008-5805
12ananich bitstorm announce.php sql injection6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.09CVE-2014-125062
13VICIdial admin.php sql injection6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001890.02CVE-2022-34876
14AutoLinks al_initialize.php file inclusion7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.054730.04CVE-2005-2782
15NPDS meta.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
16ONEdotOH Simple File Manager fm.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.005870.03CVE-2006-3160
17ONEdotOH Simple File Manager fm.php memory corruption7.37.1$0-$5k$0-$5kHighUnavailable0.021590.03CVE-2006-6376
18Oracle MySQL Server InnoDB denial of service4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003860.00CVE-2013-2389
19Microsoft Windows NNTP Response memory corruption7.36.6$100k and more$0-$5kProof-of-ConceptOfficial Fix0.958230.06CVE-2007-3897
20NOD32 Antivirus File Action stack-based overflow7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.146940.07CVE-2007-2852

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.249.32.102BoatBotnet09/19/2023verifiedHigh
285.217.144.191BoatBotnet09/19/2023verifiedHigh
3XX.XXX.XX.XXXXxxxxxxxxx09/19/2023verifiedHigh
4XX.XXX.XX.XXXXxxxxxxxxx09/19/2023verifiedHigh
5XXX.XX.XXX.XXXXxxxxxxxxx09/19/2023verifiedHigh
6XXX.XX.XX.XXXxxxxxxxxx09/19/2023verifiedHigh
7XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx09/19/2023verifiedHigh
8XXX.XX.XXX.XXXXxxxxxxxxx09/19/2023verifiedHigh
9XXX.XX.XXX.XXXXxxxxxxxxx09/19/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (127)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/blob/master/legacy/application/modules/rest/controllers/ShowImageController.phppredictiveHigh
2File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
3File/lan.asppredictiveMedium
4File/LogoStore/search.phppredictiveHigh
5File/pages/faculty_sched.phppredictiveHigh
6File/vicidial/admin.phppredictiveHigh
7Fileaccount.asppredictiveMedium
8Fileadmin/versions.htmlpredictiveHigh
9Fileadmindocumentworker.jsppredictiveHigh
10Filealbum_portal.phppredictiveHigh
11Fileal_initialize.phppredictiveHigh
12Fileannounce.phppredictiveMedium
13Fileapply.cgipredictiveMedium
14Fileart.phppredictiveLow
15Filexx_xxxxx_xxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxx.xxxpredictiveHigh
18Filexx-xxxx-xxxxxxxx.xxxpredictiveHigh
19Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
20Filexxx-xxx/xxxxx_xxxx.xxx?xxxxxx=xxxxxxxpredictiveHigh
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxx.xxxpredictiveMedium
24Filexx_xxx.xxxpredictiveMedium
25Filexx.xxxpredictiveLow
26Filexxxxx.xxxpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxxx.xxxpredictiveMedium
29Filexxxxx.xpredictiveLow
30Filexx-xxx/xxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxxx.xxxpredictiveMedium
34Filexxx.xxxpredictiveLow
35Filexxx_xxxxxx_xxx.xxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxx.xx/xxxxxxxxxxx.xxx/xxxxx.xxxpredictiveHigh
38Filexxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxxxxxxx.xxxpredictiveHigh
40Filexxx/xxxx_xxx.xxxpredictiveHigh
41Filexxxx.xxxpredictiveMedium
42Filexxxxxxxx.xxxpredictiveMedium
43Filexx_xxxxxxxx.xxxpredictiveHigh
44Filexxxxxxx.xxxpredictiveMedium
45Filexxx/xxxxx.xxxxpredictiveHigh
46Filexxxxxxxxxx.xxx.xxxpredictiveHigh
47Filexxxxx-xxx.xpredictiveMedium
48Filexx-xxxxxxx/xx-xxxxxxx.xxxpredictiveHigh
49Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
50Filexxxxxxxxxxx-xxxxxxx.xxxpredictiveHigh
51Filexxx.xxxxxxxxxxxpredictiveHigh
52Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
53Filexxxxxx.xxxpredictiveMedium
54Filexxxxxxxx.xxxpredictiveMedium
55Filexx-xxxxxxx.xxxpredictiveHigh
56Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
58Filexxxxxxx.xxxpredictiveMedium
59Filexxxxx.xxxpredictiveMedium
60Filexxxxx.xxxpredictiveMedium
61Filexxx.xxxpredictiveLow
62Filexxx.xxxpredictiveLow
63Filexxxx.xxxpredictiveMedium
64Filexxxxxxxxxxxxx.xxxpredictiveHigh
65Filexxxxxxx.xxxxpredictiveMedium
66Filexxxxxxxxxx.xxxxpredictiveHigh
67Libraryxxxxxxxxxxx.xxxpredictiveHigh
68Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
69ArgumentxxxxxxpredictiveLow
70ArgumentxxxxxpredictiveLow
71ArgumentxxxxxpredictiveLow
72Argumentxx_xxxx_xxpredictiveMedium
73Argumentxxxxxx_xx/xxxx/xxxxxxxpredictiveHigh
74ArgumentxxxxxxxxxxxpredictiveMedium
75Argumentxxxxxx xxxxpredictiveMedium
76Argumentxxxxxxxxxx[xxxx_xxxxxxxxxxxxx.xxxxxxxxx_xxxxxxxx]predictiveHigh
77ArgumentxxxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79ArgumentxxxxxpredictiveLow
80ArgumentxxxxxxxpredictiveLow
81Argumentxxxx_xxpredictiveLow
82Argumentxxxxx_xxpredictiveMedium
83ArgumentxxxxxxxxxxpredictiveMedium
84ArgumentxxxxxxxpredictiveLow
85ArgumentxxpredictiveLow
86Argumentxx=predictiveLow
87ArgumentxxxxxxxxxpredictiveMedium
88ArgumentxxxxxxxxxxxpredictiveMedium
89ArgumentxxxxxxpredictiveLow
90ArgumentxxxxxxxxpredictiveMedium
91ArgumentxxxxpredictiveLow
92Argumentxxxxxx_xxxxx_xxxxxxxx/xxxxxx_xxxxxxxxxx/xxxxxxxxx_xxxxxpredictiveHigh
93ArgumentxxxxxxxxpredictiveMedium
94Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
95ArgumentxxxpredictiveLow
96Argumentxxxx_xxxxpredictiveMedium
97Argumentxxxx_xxxpredictiveMedium
98ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
99Argumentxxxxxxx xxxxxxpredictiveHigh
100ArgumentxxxxxxpredictiveLow
101ArgumentxxxxxxxxpredictiveMedium
102Argumentxxxxx_xxxx_xxxpredictiveHigh
103Argumentxxxxx_xxxx_xxxxpredictiveHigh
104ArgumentxxxxxpredictiveLow
105ArgumentxxxxxxxxxpredictiveMedium
106ArgumentxxxxxxpredictiveLow
107Argumentxxxxxxxxxxx_xxxxxxxx_x.x.x.xpredictiveHigh
108ArgumentxxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxxxpredictiveMedium
110ArgumentxxxpredictiveLow
111Argumentxxxxx_xxxxxx_xxxxxxxxpredictiveHigh
112ArgumentxxxxxxpredictiveLow
113ArgumentxxxxpredictiveLow
114ArgumentxxxxpredictiveLow
115ArgumentxxxxpredictiveLow
116ArgumentxxxxxxxxxpredictiveMedium
117ArgumentxxxxxxpredictiveLow
118ArgumentxxxxxxpredictiveLow
119ArgumentxxxxxpredictiveLow
120ArgumentxxxpredictiveLow
121ArgumentxxxpredictiveLow
122ArgumentxxxxpredictiveLow
123Input Value' xx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxx xxxxx xx x)x)-- xxxxpredictiveHigh
124Input Value-xpredictiveLow
125Input Valuexxxx' xxxxx xxx xxxxxx xxxxxx(xxxxxx('xxxxx','xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'),'xxxxx'),xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx-- xxxx&xxxxxx=predictiveHigh
126Patternxxxxxxx-xxxx|xx|predictiveHigh
127Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!