Amadey Bot Analysis

IOB - Indicator of Behavior (134)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en118
es4
ru4
ar2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru56
us16
de2
it2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dolibarr ERP CRM6
Croc6
D-Link DI-7200GV2.E14
7-zip4
D-Link DWL-66104

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1openSUSE welcome Local Privilege Escalation4.54.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000550.02CVE-2023-32184
2SourceCodester Medical Certificate Generator App action.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001160.00CVE-2023-0774
3Microsoft Exchange Server Remote Code Execution7.67.1$25k-$100k$0-$5kFunctionalOfficial Fix0.234410.06CVE-2021-31206
4nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.66CVE-2020-12440
5JetBrains TeamCity authentication bypass8.58.4$0-$5k$0-$5kHighOfficial Fix0.971040.00CVE-2023-42793
6Nagios XI POST Request banner_message-ajaxhelper.php sql injection6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000850.04CVE-2023-40931
7Openupload Stable compress-inc.php unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000970.00CVE-2023-36319
8Dolibarr ERP CRM unrestricted upload7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000970.03CVE-2023-38887
9NVIDIA DGX H100 BMC Host KVM Daemon memory corruption7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000420.05CVE-2023-25527
10NVIDIA Cumulus Linux VxLAN-encapsulated IPv6 Packet information disclosure5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2023-25525
11Mitsubishi Electric GX Works3 Incomplete Fix CVE-2020-14496 default permission8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2023-4088
12NVIDIA DGX H100 BMC Web Server Plugin stack-based overflow9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.001190.00CVE-2023-25528
13Dolibarr ERP CRM Command Privilege Escalation6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.001600.00CVE-2023-38886
14Dolibarr ERP CRM REST API Module testSqlAndScriptject cross site scripting6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001780.02CVE-2023-38888
15IOBit Malware Fighter ImfHpRegFilter.sys denial of service4.44.3$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2020-24089
16ISL ARP Guard cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.02CVE-2023-39575
17Nagios XI Custom Logo cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000530.05CVE-2023-40932
18graphql Query Parser OverlappingFieldsCanBeMergedRule denial of service4.54.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2023-26144
19Linux Kernel BPF verifier.c backtrack_insn calculation9.59.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000430.00CVE-2023-2163
20Croc Custom Shared Secret Privilege Escalation5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000520.03CVE-2023-43617

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (101)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.ssh/authorized_keyspredictiveHigh
2File/admin/api/theme-edit/predictiveHigh
3File/face-recognition-php/facepay-master/camera.phppredictiveHigh
4File/forum/PostPrivateMessagepredictiveHigh
5File/home/masterConsolepredictiveHigh
6File/hrm/employeeadd.phppredictiveHigh
7File/hrm/employeeview.phppredictiveHigh
8File/m4pdf/pdf.phppredictiveHigh
9File/nagiosxi/admin/banner_message-ajaxhelper.phppredictiveHigh
10Fileaction.phppredictiveMedium
11Fileadmin.php&r=article/AdminContent/editpredictiveHigh
12Fileadmin.xmlpredictiveMedium
13Filexxxxx/?xxxx=xxxxxpredictiveHigh
14Filexxxx/xx_*.xxxpredictiveHigh
15Filexxx.xxxpredictiveLow
16Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
17Filexxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
18Filexxxxxxxx-xxx.xxxpredictiveHigh
19Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
20Filexxxxxx.xxxxpredictiveMedium
21Filexxxxx_xxxx.xpredictiveMedium
22Filexxxx_xxxxxx.xxxpredictiveHigh
23Filexxxx_xxxxxxxxx.xxxxxpredictiveHigh
24Filexx/xxxxx.xxxpredictiveMedium
25Filexxx/xxxxx.xxxxxxxxxxx.xxxpredictiveHigh
26Filexxx/xxxxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxx.xxx?xxxx=xxxxxpredictiveHigh
29Filexxxx_xxxx.xxxpredictiveHigh
30Filexxxxxx.xxxxxxxxxx.xxpredictiveHigh
31Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
32Filexxx/xxxxxxx/xxxxxx.xxpredictiveHigh
33Filexxx/xxxxxx.xxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexxxx/xxx/xxxx/xxxx/xxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
37Filexxxx/xxx/xxxx/xxxxxx/xxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxxxx.xxpredictiveHigh
39Filexxxx_xxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxx_xxxxxx.xxxpredictiveHigh
42Filexxxxx.xpredictiveLow
43Filexxxxxxx_xxxxx.xxxpredictiveHigh
44Filexxxxxxx/xxxxxxxxxx.xxpredictiveHigh
45Filexxx_xxx.xxxpredictiveMedium
46Filexxxxxx-xxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxxx/xxxx/xxxxxxxx+xxxxxxxxx.xpredictiveHigh
48Filexxxx_xxxxx.xxxxpredictiveHigh
49Filexxx/xxxx/xxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxx.xxxxpredictiveHigh
50Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
51Filexxx/xxxxxxxxx.xpredictiveHigh
52Filexxxxx_xxxxx.xxxpredictiveHigh
53Filexxxxxx-xxxxxx.xxxpredictiveHigh
54Filexxx/xxx.xxxxx.xxxpredictiveHigh
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxxx_xxxxxxxx.xxxpredictiveHigh
57Filexxxxxxx.xxxx.xxxpredictiveHigh
58Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
59Libraryxxxxxxxxxxxxxx.xxxpredictiveHigh
60Libraryxxxxxx.xxxpredictiveMedium
61Libraryxxxxx.xxxpredictiveMedium
62ArgumentxxxxxxpredictiveLow
63ArgumentxxxxxpredictiveLow
64ArgumentxxxxxxxxpredictiveMedium
65ArgumentxxxxxxxxxxxxpredictiveMedium
66ArgumentxxpredictiveLow
67Argumentxxxx_xxpredictiveLow
68ArgumentxxxxxxxpredictiveLow
69ArgumentxxxxxxxxxxxxxpredictiveHigh
70Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
71ArgumentxxxxxxxpredictiveLow
72ArgumentxxxxxpredictiveLow
73ArgumentxxxxxxxxpredictiveMedium
74Argumentxxxx_xxpredictiveLow
75Argumentxx_xxpredictiveLow
76ArgumentxxpredictiveLow
77ArgumentxxpredictiveLow
78Argumentxx_xxxxxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80Argumentxxxxx/xxxxxxpredictiveMedium
81ArgumentxxxxpredictiveLow
82ArgumentxxxxpredictiveLow
83ArgumentxxxxxpredictiveLow
84Argumentxxx_xxxxpredictiveMedium
85ArgumentxxxxpredictiveLow
86Argumentxxxx_xxxxxxxxxxpredictiveHigh
87ArgumentxxxxxpredictiveLow
88Argumentxxxx_xxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxpredictiveLow
91ArgumentxxxxxxpredictiveLow
92ArgumentxxxxxxxxxxxxxpredictiveHigh
93Argumentxxxxxx_xxxxxxxxpredictiveHigh
94Argumentxxxxxxx/xxxxxxxpredictiveHigh
95Argumentxxxx/xxxxxx xxxxpredictiveHigh
96Argumentxxxx_xxxpredictiveMedium
97ArgumentxxxpredictiveLow
98Argumentxxx_xxxpredictiveLow
99ArgumentxxxxxxpredictiveLow
100ArgumentxxxxxxxxpredictiveMedium
101ArgumentxxxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!