Ircbot Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (168)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en158
fr4
es2
zh2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ca58
us24
de6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Chthonic2
Ircbot2
Cybergate1
Dridex1
VertexNet1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined84
Programming Language Software6
WordPress Plugin4
File Transfer Software4
Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

SourceCodester28
Not Defined20
Oracle8
IBM6
code-projects4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SourceCodester Online Exam System10
SourceCodester Lost and Found Information System4
Oracle Java SE4
IBM QRadar SIEM4
Razer Synapse2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.13CVE-2017-0055
2Omron CX-One CX-Programmer Password Storage information disclosure5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2015-0988
3Lexar F35 Authentication Module access control4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001380.07CVE-2021-46390
4SourceCodester Online Exam System GET Parameter updateCourse.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.00CVE-2023-2642
5SourceCodester Online Internship Management System POST Parameter login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.04CVE-2023-2641
6OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.09CVE-2023-2618
7OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.09CVE-2023-2617
8SourceCodester Online Reviewer System GET Parameter user-update.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.04CVE-2023-2596
9SourceCodester Billing Management System POST Parameter ajax_service.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.04CVE-2023-2595
10SourceCodester Food Ordering Management System Registration sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.04CVE-2023-2594
11SourceCodester Multi Language Hotel Management Software POST Parameter ajax.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000620.04CVE-2023-2565
12jja8 NewBingGoGo cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.08CVE-2023-2560
13External Media without Import Plugin external-media-without-import.php print_media_new_panel cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.08CVE-2017-20183
14SourceCodester Online Tours & Travels Management System disapprove_delete.php exec sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.04CVE-2023-2619
15PHP-Login POST Parameter class.loginscript.php checkLogin sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000590.09CVE-2016-15031
16JFrog Artifactory Pro SAML SSO Signature Validator signature verification8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002690.02CVE-2018-19971
17IBM QRadar SIEM improper authentication7.77.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000880.00CVE-2019-4210
18Audacity DLL Loader avformat-55.dll access control6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001100.00CVE-2017-1000010
19Banana Dance search.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001490.00CVE-2011-5175
20RoadFlow Visual Process Engine .NET Core Mvc Login sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000670.05CVE-2023-3208

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
135.229.93.4646.93.229.35.bc.googleusercontent.comIrcbot04/14/2022verifiedMedium
235.231.151.77.151.231.35.bc.googleusercontent.comIrcbot04/14/2022verifiedMedium
364.70.19.203mailrelay.203.website.wsIrcbot04/14/2022verifiedHigh
469.49.96.16hostingc6-4.megawebservers.comIrcbot04/14/2022verifiedHigh
5XX.XX.XX.XXXxxx.x.xxXxxxxx07/18/2021verifiedHigh
6XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx04/12/2022verifiedHigh
7XX.XXX.XXX.XXXxxxxx07/18/2021verifiedHigh
8XX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxx.xxxXxxxxx07/18/2021verifiedHigh
9XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xxxxxx.xxxxxxxxxxxx.xxxxxx.xxxXxxxxx04/12/2022verifiedHigh
10XXX.X.XXX.XXxxxxxxxxx.xxxx.xxXxxxxx04/12/2022verifiedHigh
11XXX.XX.X.XXXXxxxxx04/12/2022verifiedHigh
12XXX.XXX.XXX.XXXXxxxxx07/18/2021verifiedHigh
13XXX.XX.XXX.XXxxxxx04/12/2022verifiedHigh
14XXX.XX.XXX.XXxxxx-xxxxxx-xx-xxxxxxxxx-xx.xxxxx.xxXxxxxx04/12/2022verifiedHigh
15XXX.X.XXX.XXXxxxxx04/12/2022verifiedHigh
16XXX.XX.XX.XXXxxx.xxxxxxxx.xxxXxxxxx04/12/2022verifiedHigh
17XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxxx.xxxXxxxxx04/14/2022verifiedHigh
18XXX.XXX.XXX.XXxxxx-xx.xxxxxxxxxxxx.xxxXxxxxx04/14/2022verifiedHigh
19XXX.XXX.XX.XXXxxxxx04/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
5TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
12TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (131)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/budget/manage_budget.phppredictiveHigh
2File/admin/edit_subject.phppredictiveHigh
3File/admin/save_teacher.phppredictiveHigh
4File/admin/service.phppredictiveHigh
5File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
6File/cas/logoutpredictiveMedium
7File/catcompany.phppredictiveHigh
8File/changeimage.phppredictiveHigh
9File/dosen/datapredictiveMedium
10File/jurusan/datapredictiveHigh
11File/kelas/datapredictiveMedium
12File/kelasdosen/datapredictiveHigh
13File/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05predictiveHigh
14File/mahasiswa/datapredictiveHigh
15File/paysystem/branch.phppredictiveHigh
16File/proc/self/cwdpredictiveHigh
17File/xxxxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxx/xxxx-xxxxxx.xxxpredictiveHigh
18File/xxxx_xxxxx.xxx?xxxxxxxxx=xxxxxxxpredictiveHigh
19File/xxxxxxxx-xxxx/xxx_xx/xxxxxx.xxxxpredictiveHigh
20File/xxxxxxx/predictiveMedium
21File/xx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
22Filexxxxx/predictiveLow
23Filexxxxx/?xxxx=xxxxxxxxxx/xxxxxx_xxxxxxxxpredictiveHigh
24Filexxxxx/xxxxx.xxxpredictiveHigh
25Filexxxxx/xxxxxxxxx.xxxpredictiveHigh
26Filexxxxx/xxxxxxxx_xxxxx_xxxx.xxxpredictiveHigh
27Filexxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxx_xxx.xxx?xxxxxx=xxxpredictiveHigh
30Filexxxx.xxxpredictiveMedium
31Filexxxx_xxxxxxx.xxxpredictiveHigh
32Filexxxxx-xxxxx.xpredictiveHigh
33Filexxxx/xxxxxxxx.xpredictiveHigh
34Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveHigh
35Filexxx.xpredictiveLow
36Filexxxxxxx/xxxxxx.xxx?x=xxxx_xxxxxxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxx/xxxxxxxx.xxpredictiveHigh
39Filexxxxx.xxxpredictiveMedium
40Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxxxxxxx_xxxxxx.xxxpredictiveHigh
43Filexxxxx.xxxpredictiveMedium
44Filexxxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxx.xxxpredictiveMedium
46Filexxxxxxxx/xxx/xxx.xxx.xxxpredictiveHigh
47Filexxxxxxxx-xxxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
48Filexxxxxxxxxxxx.xxxpredictiveHigh
49Filexx_xxxxxxx.xxxpredictiveHigh
50Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
51Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
52Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxxxxx.xxxpredictiveHigh
54Filexxxxx/xxxx.xxxpredictiveHigh
55Filexxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictiveHigh
56Filexxxxxx_xxxxxxx.xxxpredictiveHigh
57Filexxxxxx.xpredictiveMedium
58Filexxxxxxx.xpredictiveMedium
59Filexxxxxx.xpredictiveMedium
60Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveHigh
61Filexxxxx.xxxpredictiveMedium
62Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
63Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
64Filexxxxxx.xxxpredictiveMedium
65Filexxxxxxx_xxxxxxxxxxxxx.xxxpredictiveHigh
66Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
67Filexxxx_xxxx.xxxpredictiveHigh
68Filexxxxxx.xxxpredictiveMedium
69Filexxxxxxxx.xxxpredictiveMedium
70Filexxxxxxxx/xxxxxxxxxx.xpredictiveHigh
71Filexxxxx/xxxx_xxxx.xxxpredictiveHigh
72Filexxxx_xxxxxx.xxxpredictiveHigh
73Filexxx.xxxxxxxx.xxxpredictiveHigh
74Filexxxxxxx.xxxxpredictiveMedium
75Libraryxxxxxxxx.xxxpredictiveMedium
76Libraryxxxxxxxx-xx.xxxpredictiveHigh
77Libraryxxxxxxx.xxxpredictiveMedium
78Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
79Argumentxxxxxxxx_xxxxpredictiveHigh
80ArgumentxxxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxxxxxxxxpredictiveMedium
84ArgumentxxxxxxxxxxpredictiveMedium
85Argumentxxx_xxpredictiveLow
86Argumentxx_xxpredictiveLow
87Argumentxxxxxx_xxpredictiveMedium
88Argumentxxxx_xxpredictiveLow
89Argumentxxxxxxx[x][xxxx]predictiveHigh
90Argumentxxxxxxxxx_xxxxpredictiveHigh
91ArgumentxxxxxxxxpredictiveMedium
92Argumentxxxx_xxxxxxxxpredictiveHigh
93Argumentxxxx/xxxx/xxxxxxxxxpredictiveHigh
94ArgumentxxxxxpredictiveLow
95ArgumentxxxxxxxxpredictiveMedium
96ArgumentxxxxpredictiveLow
97ArgumentxxxxxxxxpredictiveMedium
98ArgumentxxxxxxpredictiveLow
99Argumentxxxxxxxx/xxxxxxx/xxxxxxxpredictiveHigh
100ArgumentxxxxxxpredictiveLow
101ArgumentxxpredictiveLow
102ArgumentxxxxxpredictiveLow
103ArgumentxxxxxxxpredictiveLow
104ArgumentxxxxxxxpredictiveLow
105ArgumentxxxxxxxxxxpredictiveMedium
106ArgumentxxxxpredictiveLow
107ArgumentxxxxxxpredictiveLow
108Argumentxxx_xxxxxxxxpredictiveMedium
109ArgumentxxxxpredictiveLow
110ArgumentxxxxxxxpredictiveLow
111ArgumentxxxxxxxpredictiveLow
112ArgumentxxxxxxxpredictiveLow
113Argumentxxxx/xxxxpredictiveMedium
114ArgumentxxxxxxpredictiveLow
115ArgumentxxxxxpredictiveLow
116ArgumentxxxpredictiveLow
117Argumentxxx/xxxxx/xxxxx/xxxxxx/xxxx-xxxxpredictiveHigh
118ArgumentxxxxxxxxpredictiveMedium
119Argumentxxxxxxxx-xxxx-xxpredictiveHigh
120Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
121Argumentxxxx_xxpredictiveLow
122Input Value-xpredictiveLow
123Input ValuexxxxxxpredictiveLow
124Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
125Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
126Input ValuexxxxxpredictiveLow
127Input ValuexxxxxxpredictiveLow
128Pattern|xx|predictiveLow
129Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
130Network Portxxx/xxxpredictiveLow
131Network Portxxx xxxxxx xxxxpredictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!