Amadey Bot 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (134)

言語

en	114
ru	12
es	4
fr	2
it	2

国・地域

ru	70
us	6
fr	2
it	2

アクター

RedLine Stealer	2
Amadey	2
Amadey Bot	2
Rhadamanthys	2
Meterpreter	1

関心

タイプ

Not Defined	82
Content Management System	6
Web Server	4
Enterprise Resource Planning Software	4
Wireless LAN Software	4

ベンダー

Not Defined	48
SourceCodester	10
Kostac	4
Dolibarr	4
Netgear	4

製品

Croc	8
SourceCodester Human Resource Management System	4
Kostac PLC Programming Software	4
Dolibarr ERP CRM	4
Netgear WNDR3700v2	4

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	openSUSE welcome Local Privilege Escalation	4.5	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00055	0.02	CVE-2023-32184
2	SourceCodester Medical Certificate Generator App action.php SQLインジェクション	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00116	0.00	CVE-2023-0774
3	Microsoft Exchange Server Remote Code Execution	7.6	7.1	$25k-$100k	$0-$5k	Functional	Official Fix	0.23441	0.04	CVE-2021-31206
4	nginx 特権昇格	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.22	CVE-2020-12440
5	JetBrains TeamCity 弱い認証	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.97043	0.06	CVE-2023-42793
6	Nagios XI POST Request banner_message-ajaxhelper.php SQLインジェクション	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00085	0.04	CVE-2023-40931
7	Openupload Stable compress-inc.php 特権昇格	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00097	0.00	CVE-2023-36319
8	Dolibarr ERP CRM 特権昇格	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00097	0.22	CVE-2023-38887
9	NVIDIA DGX H100 BMC Host KVM Daemon メモリ破損	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.05	CVE-2023-25527
10	NVIDIA Cumulus Linux VxLAN-encapsulated IPv6 Packet 情報の漏洩	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.00	CVE-2023-25525
11	Mitsubishi Electric GX Works3 Incomplete Fix CVE-2020-14496 特権昇格	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.04	CVE-2023-4088
12	NVIDIA DGX H100 BMC Web Server Plugin メモリ破損	9.1	9.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00119	0.00	CVE-2023-25528
13	Dolibarr ERP CRM Command Privilege Escalation	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00160	0.07	CVE-2023-38886
14	Dolibarr ERP CRM REST API Module testSqlAndScriptject クロスサイトスクリプティング	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00178	0.04	CVE-2023-38888
15	IOBit Malware Fighter ImfHpRegFilter.sys サービス拒否	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.05	CVE-2020-24089
16	ISL ARP Guard クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2023-39575
17	Nagios XI Custom Logo クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00053	0.04	CVE-2023-40932
18	graphql Query Parser OverlappingFieldsCanBeMergedRule サービス拒否	4.5	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.04	CVE-2023-26144
19	Linux Kernel BPF verifier.c backtrack_insn Remote Code Execution	9.5	9.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00043	0.03	CVE-2023-2163
20	Croc Custom Shared Secret Privilege Escalation	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00052	0.00	CVE-2023-43617

キャンペーン (2)

These are the campaigns that can be associated with the actor:

Azorult
Xxxxxxxxxxx

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	2.59.42.63	vds-cw08597.timeweb.ru	Amadey Bot	Azorult	2022年03月04日	verified	高
2	XX.XXX.XX.XXX		Xxxxxx Xxx		2024年04月02日	verified	高
3	XXX.XX.X.XX	xxxxxxxxxxxx.xxxx.xxxxxxx	Xxxxxx Xxx	Xxxxxxxxxxx	2022年08月02日	verified	高
4	XXX.XX.X.XX	xxxxxxxxxx.xxxx.xxxxxxx	Xxxxxx Xxx	Xxxxxxxxxxx	2022年08月02日	verified	高

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	predictive	高
3	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
4	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	高
5	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
7	TXXXX	CAPEC-	CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	高
8	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
9	TXXXX	CAPEC-	CWE-XXXX	Xxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx Xxxxxx	predictive	高
10	TXXXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
11	TXXXX	CAPEC-108	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	高
12	TXXXX	CAPEC-102	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
13	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
14	TXXXX	CAPEC-157	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
15	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (101)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	.ssh/authorized_keys	predictive	高
2	File	/admin/api/theme-edit/	predictive	高
3	File	/face-recognition-php/facepay-master/camera.php	predictive	高
4	File	/forum/PostPrivateMessage	predictive	高
5	File	/home/masterConsole	predictive	高
6	File	/hrm/employeeadd.php	predictive	高
7	File	/hrm/employeeview.php	predictive	高
8	File	/m4pdf/pdf.php	predictive	高
9	File	/nagiosxi/admin/banner_message-ajaxhelper.php	predictive	高
10	File	action.php	predictive	中
11	File	admin.php&r=article/AdminContent/edit	predictive	高
12	File	admin.xml	predictive	中
13	File	xxxxx/?xxxx=xxxxx	predictive	高
14	File	xxxx/xx_*.xxx	predictive	高
15	File	xxx.xxx	predictive	低
16	File	xxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxx.xxx	predictive	高
17	File	xxxxxx/xxxxx/xxxxx.xxx	predictive	高
18	File	xxxxxxxx-xxx.xxx	predictive	高
19	File	xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxx	predictive	高
20	File	xxxxxx.xxxx	predictive	中
21	File	xxxxx_xxxx.x	predictive	中
22	File	xxxx_xxxxxx.xxx	predictive	高
23	File	xxxx_xxxxxxxxx.xxxxx	predictive	高
24	File	xx/xxxxx.xxx	predictive	中
25	File	xxx/xxxxx.xxxxxxxxxxx.xxx	predictive	高
26	File	xxx/xxxxxx.xxx	predictive	高
27	File	xxxxx.xxx	predictive	中
28	File	xxxxx.xxx?xxxx=xxxxx	predictive	高
29	File	xxxx_xxxx.xxx	predictive	高
30	File	xxxxxx.xxxxxxxxxx.xx	predictive	高
31	File	xxxxxx/xxx/xxxxxxxx.x	predictive	高
32	File	xxx/xxxxxxx/xxxxxx.xx	predictive	高
33	File	xxx/xxxxxx.xx	predictive	高
34	File	xxxxx.xxx	predictive	中
35	File	xxxxx.xxx	predictive	中
36	File	xxxx/xxx/xxxx/xxxx/xxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	高
37	File	xxxx/xxx/xxxx/xxxxxx/xxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxx	predictive	高
38	File	xxxxxxxxxx.xx	predictive	高
39	File	xxxx_xxxxxxxx.xxx	predictive	高
40	File	xxxxxxxx.xxx	predictive	中
41	File	xxxxx_xxxxxx.xxx	predictive	高
42	File	xxxxx.x	predictive	低
43	File	xxxxxxx_xxxxx.xxx	predictive	高
44	File	xxxxxxx/xxxxxxxxxx.xx	predictive	高
45	File	xxx_xxx.xxx	predictive	中
46	File	xxxxxx-xxxxxxxx.xxx	predictive	高
47	File	xxxxxxxxx/xxxx/xxxxxxxx+xxxxxxxxx.x	predictive	高
48	File	xxxx_xxxxx.xxxx	predictive	高
49	File	xxx/xxxx/xxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxx.xxxx	predictive	高
50	File	xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxx	predictive	高
51	File	xxx/xxxxxxxxx.x	predictive	高
52	File	xxxxx_xxxxx.xxx	predictive	高
53	File	xxxxxx-xxxxxx.xxx	predictive	高
54	File	xxx/xxx.xxxxx.xxx	predictive	高
55	File	xxxxxxxx.xxx	predictive	中
56	File	xxxx_xxxxxxxx.xxx	predictive	高
57	File	xxxxxxx.xxxx.xxx	predictive	高
58	Library	xxxxxx[xxxxxx_xxxx	predictive	高
59	Library	xxxxxxxxxxxxxx.xxx	predictive	高
60	Library	xxxxxx.xxx	predictive	中
61	Library	xxxxx.xxx	predictive	中
62	Argument	xxxxxx	predictive	低
63	Argument	xxxxx	predictive	低
64	Argument	xxxxxxxx	predictive	中
65	Argument	xxxxxxxxxxxx	predictive	中
66	Argument	xx	predictive	低
67	Argument	xxxx_xx	predictive	低
68	Argument	xxxxxxx	predictive	低
69	Argument	xxxxxxxxxxxxx	predictive	高
70	Argument	xxxxxx[xxxxxx_xxxx]	predictive	高
71	Argument	xxxxxxx	predictive	低
72	Argument	xxxxx	predictive	低
73	Argument	xxxxxxxx	predictive	中
74	Argument	xxxx_xx	predictive	低
75	Argument	xx_xx	predictive	低
76	Argument	xx	predictive	低
77	Argument	xx	predictive	低
78	Argument	xx_xxxxx	predictive	中
79	Argument	xxxxxxxx	predictive	中
80	Argument	xxxxx/xxxxxx	predictive	中
81	Argument	xxxx	predictive	低
82	Argument	xxxx	predictive	低
83	Argument	xxxxx	predictive	低
84	Argument	xxx_xxxx	predictive	中
85	Argument	xxxx	predictive	低
86	Argument	xxxx_xxxxxxxxxx	predictive	高
87	Argument	xxxxx	predictive	低
88	Argument	xxxx_xxxx	predictive	中
89	Argument	xxxxxxxx	predictive	中
90	Argument	xxxx	predictive	低
91	Argument	xxxxxx	predictive	低
92	Argument	xxxxxxxxxxxxx	predictive	高
93	Argument	xxxxxx_xxxxxxxx	predictive	高
94	Argument	xxxxxxx/xxxxxxx	predictive	高
95	Argument	xxxx/xxxxxx xxxx	predictive	高
96	Argument	xxxx_xxx	predictive	中
97	Argument	xxx	predictive	低
98	Argument	xxx_xxx	predictive	低
99	Argument	xxxxxx	predictive	低
100	Argument	xxxxxxxx	predictive	中
101	Argument	xxxxx	predictive	低

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!