Shellbot Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (353)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en196
es128
it10
zh4
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

es130
us38
it10
ru4
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Shellbot9
Remcos2
Mirai2
Cobalt Strike2
IcedID2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined164
Operating System24
Content Management System18
Web Browser10
Firewall Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined102
Microsoft18
Adobe8
Apple8
IBM8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
Adobe Acrobat Reader6
Qualcomm Snapdragon Auto4
Qualcomm Snapdragon Compute4
Qualcomm Snapdragon Connectivity4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.73CVE-2010-0966
3Fortinet FortiOS Endpoint Monitor Persistent cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
4IBM TRIRIGA Application Platform Error Message information disclosure5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001070.00CVE-2020-4277
5IBM Security Secret Server URL Parameter information disclosure3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000640.00CVE-2021-20582
6Ultimate PHP Board UPB users.dat Password input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002470.02CVE-2002-2322
7Microsoft Windows Netlogon input validation7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.013170.03CVE-2016-3228
8Cisco Unified Communications Manager Mobile/Remote Access Services input validation5.45.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000950.00CVE-2015-6410
9Magnolia CMS Edit Contact cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000690.04CVE-2022-33098
10Tongda OA 2017 delete.php sql injection6.76.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000790.21CVE-2023-5285
11SourceCodester Engineers Online Portal remove_inbox_message.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.00CVE-2023-5281
12Caphyon Advanced Installer WinSxS DLL uncontrolled search path7.87.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000420.09CVE-2022-4956
13ZZZCMS Database Backup File save.php restore permission7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.03CVE-2023-5263
14Tongda OA 2017 delete.php sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000770.09CVE-2023-5261
15SourceCodester Online Computer and Laptop Store Master.php register sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.15CVE-2023-5373
16Xinhu RockOA Password password recovery5.45.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000540.03CVE-2023-5296
17yasm nasm-pp.c if_condition null pointer dereference4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.000570.00CVE-2021-33460
18Multi-Vendor Online Groceries Management System view_product.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.002550.02CVE-2022-26632
19Linux Kernel KVM memory corruption5.55.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000420.00CVE-2021-22543
20vBulletin XMLRPC API breadcrumbs_create.php sql injection6.36.3$0-$5k$0-$5kHighUnavailable0.001020.00CVE-2014-2022

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2020-17496

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
134.225.57.146ec2-34-225-57-146.compute-1.amazonaws.comShellbot03/18/2024verifiedMedium
239.99.218.78Shellbot03/18/2024verifiedHigh
339.107.61.230Shellbot03/18/2024verifiedHigh
439.165.53.17Shellbot03/18/2024verifiedHigh
5XX.XXX.XXX.XXXxxxxxxxxxx.xxxxxx.xx.xxXxxxxxxx03/18/2024verifiedHigh
6XX.XXX.XX.XXxx-xxxxxxxxxx.xxxXxxxxxxx03/18/2024verifiedHigh
7XX.X.XXX.XXXxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxXxx-xxxx-xxxxx09/04/2021verifiedHigh
8XX.XX.XXX.Xxxxx.xxxxxxxxxx.xxxXxxxxxxx03/18/2024verifiedHigh
9XX.XX.XX.XXXXxxxxxxx03/18/2024verifiedHigh
10XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxxxx03/18/2024verifiedHigh
11XXX.XX.XXX.XXXxxxxxxx03/18/2024verifiedHigh
12XXX.XXX.XXX.XXXxxx-xxxxxxxx.xxx.xxx.xxxXxxxxxxx03/18/2024verifiedHigh
13XXX.XXX.X.XXxxxxxxx03/18/2024verifiedHigh
14XXX.XXX.XXX.XXxxxx.xxxxx.xxxXxxxxxxxXxx-xxxx-xxxxx09/04/2021verifiedHigh
15XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx-xxxXxxxxxxx03/18/2024verifiedHigh
16XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxx03/18/2024verifiedHigh
17XXX.XXX.XXX.XXXxxxxx.xxxxxxXxxxxxxx03/18/2024verifiedHigh
18XXX.XXX.XXX.XXXXxxxxxxx03/18/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (122)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.phppredictiveLow
2File/admin/save.phppredictiveHigh
3File/cgi-bin/web_index.cgi?lang=en&src=AwSystem.html&ertqVvnKV4TjU9VtpredictiveHigh
4File/chetc/shutdownpredictiveHigh
5File/etc/networkd-dispatcherpredictiveHigh
6File/integrations.jsonpredictiveHigh
7File/nav_bar_action.phppredictiveHigh
8File/nova/bin/traceroutepredictiveHigh
9File/photo/include/blog/article.phppredictiveHigh
10File/products/view_product.phppredictiveHigh
11File/purchase_order/classes/Master.php?f=delete_itempredictiveHigh
12File/rapi/read_urlpredictiveHigh
13File/var/adm/btmppredictiveHigh
14Fileactions/authenticate.phppredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxxx/xxxxxxxxx.xxxpredictiveHigh
17Filexxxxx/xxxxx.xxx/xxxxxxxx/xxxxxxpredictiveHigh
18Filexxx_xxxxxx_xxxxxx.xxxpredictiveHigh
19Filexxx.xxx?x=xxxxxxxx&x=xxxxxpredictiveHigh
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxxxx_xxxxxx.xxxpredictiveHigh
23Filexxxx_xxxx.xxpredictiveMedium
24Filexxxxxx_xxxx.xxxpredictiveHigh
25Filexxxxxxxxx.xxpredictiveMedium
26Filexxxxxxxx.xpredictiveMedium
27FilexxxxxxxpredictiveLow
28Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
29Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
30Filexxx.xxxxxxxxxx.xxxxxxxxxxx.xxxxxxxxxxxxpredictiveHigh
31Filexxxxxx.xxxpredictiveMedium
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxx.xxxxpredictiveHigh
34Filexxx.xpredictiveLow
35Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
36Filexxxxxxx/xx/xxxxxx/xxxxx_xxxxx_xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
37Filexxxxxxx/xx/xxxxxxx/xxxxxxxxxxx/xxxxxx.xxxpredictiveHigh
38Filexxxxxxxxxxxxx.xxxxxpredictiveHigh
39Filexxx.xxxpredictiveLow
40Filexxx/xxxxxx.xxxpredictiveHigh
41Filexxx/xxxxxxx.xxxpredictiveHigh
42Filexxxxxxxxx/xxxxxxx_xxxx/xxxxxx.xxxpredictiveHigh
43Filexxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxx.xpredictiveLow
45Filexxxxxxxxx.xxpredictiveMedium
46Filexxxxxxxxxx/xxxxxxxpredictiveHigh
47Filexxxxxx.xxxpredictiveMedium
48FilexxxxxxxxxpredictiveMedium
49Filexxxxxxxxx.xxxpredictiveHigh
50Filexxxxxxx.xxxpredictiveMedium
51Filexxxxxxx/xxxxxxxx/xxxx/xxxx-xx.xpredictiveHigh
52Filexxx_xxxxx.xxxx/xxx_xxxxxxxx.xxxxpredictiveHigh
53Filexxx/xxxx/xxx.xpredictiveHigh
54Filexxx.xxxpredictiveLow
55Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
56Filexxxxxxx.xxxpredictiveMedium
57Filexxxxxx_xxxxx_xxxxxxx.xxxpredictiveHigh
58Filexxxxxxx.xxpredictiveMedium
59Filexxxxx\xxxx.xxxpredictiveHigh
60Filexxxx-xxx/xxxxxxxx.xxxpredictiveHigh
61Filexxxxxx_xxxx.xxxpredictiveHigh
62Filexxxxxx-xxxx.xpredictiveHigh
63Filexxxxxxxxxxxxxxxxxxx?xxxxxx=xxxxxxxxxxxxxxxxxxxpredictiveHigh
64Filexxxxx.xxxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxxxxxxxx.xxxxpredictiveHigh
67Filexxxxxxx.xxxpredictiveMedium
68Filexxxxxxx.xxxpredictiveMedium
69Filexxxxxxxxxx.xxxpredictiveHigh
70Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
71Library/xxx/xxx/xxx_xx-xxxxx-xxx/xxxxxxx.xx.xpredictiveHigh
72Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
73Libraryxxxxxxxxx.xxxpredictiveHigh
74Libraryxxx/xxxx/xxxxxx.xpredictiveHigh
75Libraryxxxxxx_xxx.xxxpredictiveHigh
76Libraryxxxxxx.xxxpredictiveMedium
77Libraryxxxxxxxx.xxxpredictiveMedium
78Argument-xpredictiveLow
79Argumentxxxxx/xxxxxpredictiveMedium
80ArgumentxxxxxxpredictiveLow
81Argumentxxx::xxxxxxx::xxxxxx/xxx::xxxxxxx::xxxxxxxxxxpredictiveHigh
82ArgumentxxxxpredictiveLow
83ArgumentxxxxxxxxpredictiveMedium
84Argumentxxxxxx/xxxxxxxxxx/xxxxpredictiveHigh
85ArgumentxxxxxxxxxxxxpredictiveMedium
86Argumentxxxxxxxx/xxxxxxpredictiveHigh
87ArgumentxxxxxxxxxxxxxxxpredictiveHigh
88ArgumentxxxxxxxxxpredictiveMedium
89Argumentxxxxxx_xxxxxxpredictiveHigh
90ArgumentxxxxxxxxxxxxpredictiveMedium
91Argumentxx_xxx_xxxxxpredictiveMedium
92ArgumentxxxxxpredictiveLow
93Argumentxxxxxxxxxx_xxpredictiveHigh
94ArgumentxxxxpredictiveLow
95ArgumentxxxxxxxxpredictiveMedium
96ArgumentxxxxpredictiveLow
97ArgumentxxxpredictiveLow
98ArgumentxxxpredictiveLow
99ArgumentxxxxpredictiveLow
100ArgumentxxpredictiveLow
101ArgumentxxxxxpredictiveLow
102ArgumentxxxxpredictiveLow
103Argumentxxxxxxxx_xxxpredictiveMedium
104ArgumentxxxpredictiveLow
105Argumentxxxx/xxxxxxxxxxxpredictiveHigh
106Argumentxxx xxxxxpredictiveMedium
107Argumentxxxxxxxxxxxxxxx/xxxx_xxxxpredictiveHigh
108ArgumentxxxxxxxxpredictiveMedium
109ArgumentxxxxxxpredictiveLow
110ArgumentxxxxxxxpredictiveLow
111ArgumentxxxxxpredictiveLow
112Argumentxxxxxxxxxxx_xxpredictiveHigh
113Argumentxxxxxx_xxxxpredictiveMedium
114Argumentxxxxxx$xxxpredictiveMedium
115ArgumentxxxxxxxxxxxxpredictiveMedium
116ArgumentxxxxxxxxpredictiveMedium
117ArgumentxxxxxpredictiveLow
118ArgumentxxxxpredictiveLow
119ArgumentxxxxxxxxpredictiveMedium
120ArgumentxxxxxpredictiveLow
121Input Valuex%xxxxx%xxx*x*x%xxx%xxxxx%xxxxx%xxxxxpredictiveHigh
122Network Portxxx xxxx/xxxx/xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!