Amadey Bot Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (136)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en116
ru14
de2
it2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

RU: Russia76
US: USA10
DE: Germany2
IT: Italy2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Amadey Bot3
RedLine Stealer2
RedLine2
Rhadamanthys2
Amadey1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined94
Enterprise Resource Planning Software6
Health Information Software4
Wireless LAN Software4
Content Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined38
D-Link12
SourceCodester10
Dolibarr6
OpenMRS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Croc8
D-Link DI-7200GV2.E16
Dolibarr ERP CRM6
D-Link DWL-66106
Telstra Smart Modem Gen 24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1openSUSE welcome Local Privilege Escalation4.54.3$0-$5k$0-$5kNot definedOfficial fix 0.000680.00CVE-2023-32184
2SourceCodester Medical Certificate Generator App action.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.04CVE-2023-0774
3nodemailer Email Address command injection8.58.2$0-$5k$0-$5kNot definedOfficial fix 0.005090.00CVE-2020-7769
4Ajax Load More Plugin admin-ajax.php sql injection6.76.1$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.005340.03CVE-2021-24140
5Microsoft Exchange Server Remote Code Execution7.67.1$25k-$100k$0-$5kFunctionalOfficial fix 0.065500.06CVE-2021-31206
6nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000000.12CVE-2020-12440
7JetBrains TeamCity authentication bypass9.08.9$0-$5k$0-$5kAttackedOfficial fixverified0.945840.06CVE-2023-42793
8Nagios XI POST Request banner_message-ajaxhelper.php sql injection6.06.0$0-$5k$0-$5kNot definedNot definedexpected0.879100.02CVE-2023-40931
9Openupload Stable compress-inc.php unrestricted upload7.57.4$0-$5k$0-$5kNot definedNot defined 0.254370.00CVE-2023-36319
10Dolibarr ERP CRM unrestricted upload8.08.0$0-$5k$0-$5kNot definedNot defined 0.030220.02CVE-2023-38887
11NVIDIA DGX H100 BMC Host KVM Daemon memory corruption7.87.8$0-$5k$0-$5kNot definedNot defined 0.000620.04CVE-2023-25527
12NVIDIA Cumulus Linux VxLAN-encapsulated IPv6 Packet information disclosure5.95.9$0-$5k$0-$5kNot definedNot defined 0.002020.00CVE-2023-25525
13Mitsubishi Electric GX Works3 Incomplete Fix CVE-2020-14496 default permission8.38.3$0-$5k$0-$5kNot definedNot defined 0.000340.00CVE-2023-4088
14NVIDIA DGX H100 BMC Web Server Plugin stack-based overflow9.19.1$0-$5k$0-$5kNot definedNot defined 0.004920.06CVE-2023-25528
15Dolibarr ERP CRM Command privilege escalation6.76.7$0-$5k$0-$5kNot definedNot definedpossible0.484940.02CVE-2023-38886
16Dolibarr ERP CRM REST API Module testSqlAndScriptject cross site scripting6.56.5$0-$5k$0-$5kNot definedNot defined 0.030430.00CVE-2023-38888
17IOBit Malware Fighter ImfHpRegFilter.sys denial of service4.44.3$0-$5k$0-$5kNot definedNot defined 0.000710.06CVE-2020-24089
18ISL ARP Guard cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.001550.00CVE-2023-39575
19Nagios XI Custom Logo cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.019590.00CVE-2023-40932
20graphql Query Parser OverlappingFieldsCanBeMergedRule denial of service4.54.4$0-$5k$0-$5kNot definedOfficial fix 0.009660.00CVE-2023-26144

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.59.42.63vds-cw08597.timeweb.ruAmadey BotAzorult03/04/2022verifiedLow
2XX.XXX.XX.XXXXxxxxx Xxx04/02/2024verifiedHigh
3XXX.XX.X.XXxxxxxxxxxxxx.xxxx.xxxxxxxXxxxxx XxxXxxxxxxxxxx08/02/2022verifiedMedium
4XXX.XX.X.XXxxxxxxxxxx.xxxx.xxxxxxxXxxxxx XxxXxxxxxxxxxx08/02/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-XCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (103)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.ssh/authorized_keyspredictiveHigh
2File/admin/api/theme-edit/predictiveHigh
3File/face-recognition-php/facepay-master/camera.phppredictiveHigh
4File/forum/PostPrivateMessagepredictiveHigh
5File/home/masterConsolepredictiveHigh
6File/hrm/employeeadd.phppredictiveHigh
7File/hrm/employeeview.phppredictiveHigh
8File/m4pdf/pdf.phppredictiveHigh
9File/nagiosxi/admin/banner_message-ajaxhelper.phppredictiveHigh
10File/wp-admin/admin-ajax.phppredictiveHigh
11Fileaction.phppredictiveMedium
12Fileadmin.php&r=article/AdminContent/editpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxxx/?xxxx=xxxxxpredictiveHigh
15Filexxxx/xx_*.xxxpredictiveHigh
16Filexxx.xxxpredictiveLow
17Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
18Filexxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
19Filexxxxxxxx-xxx.xxxpredictiveHigh
20Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
21Filexxxxxx.xxxxpredictiveMedium
22Filexxxxx_xxxx.xpredictiveMedium
23Filexxxx_xxxxxx.xxxpredictiveHigh
24Filexxxx_xxxxxxxxx.xxxxxpredictiveHigh
25Filexx/xxxxx.xxxpredictiveMedium
26Filexxx/xxxxx.xxxxxxxxxxx.xxxpredictiveHigh
27Filexxx/xxxxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxx.xxx?xxxx=xxxxxpredictiveHigh
30Filexxxx_xxxx.xxxpredictiveHigh
31Filexxxxxx.xxxxxxxxxx.xxpredictiveHigh
32Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
33Filexxx/xxxxxxx/xxxxxx.xxpredictiveHigh
34Filexxx/xxxxxx.xxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxx.xxxpredictiveMedium
37Filexxxx/xxx/xxxx/xxxx/xxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
38Filexxxx/xxx/xxxx/xxxxxx/xxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxxxxx.xxpredictiveHigh
40Filexxxx_xxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxx_xxxxxx.xxxpredictiveHigh
43Filexxxxx.xpredictiveLow
44Filexxxxxxx_xxxxx.xxxpredictiveHigh
45Filexxxxxxx/xxxxxxxxxx.xxpredictiveHigh
46Filexxx_xxx.xxxpredictiveMedium
47Filexxxxxx-xxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxx/xxxx/xxxxxxxx+xxxxxxxxx.xpredictiveHigh
49Filexxxx_xxxxx.xxxxpredictiveHigh
50Filexxx/xxxx/xxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxx.xxxxpredictiveHigh
51Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
52Filexxx/xxxxxxxxx.xpredictiveHigh
53Filexxxxx_xxxxx.xxxpredictiveHigh
54Filexxxxxx-xxxxxx.xxxpredictiveHigh
55Filexxx/xxx.xxxxx.xxxpredictiveHigh
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxx_xxxxxxxx.xxxpredictiveHigh
58Filexxxxxxx.xxxx.xxxpredictiveHigh
59Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
60Libraryxxxxxxxxxxxxxx.xxxpredictiveHigh
61Libraryxxxxxx.xxxpredictiveMedium
62Libraryxxxxx.xxxpredictiveMedium
63ArgumentxxxxxxpredictiveLow
64ArgumentxxxxxpredictiveLow
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxxxxxxxxxxpredictiveMedium
67ArgumentxxpredictiveLow
68Argumentxxxx_xxpredictiveLow
69ArgumentxxxxxxxpredictiveLow
70ArgumentxxxxxxxxxxxxxpredictiveHigh
71Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
72ArgumentxxxxxxxpredictiveLow
73ArgumentxxxxxpredictiveLow
74ArgumentxxxxxxxxpredictiveMedium
75Argumentxxxx_xxpredictiveLow
76Argumentxx_xxpredictiveLow
77ArgumentxxpredictiveLow
78ArgumentxxpredictiveLow
79Argumentxx_xxxxxpredictiveMedium
80ArgumentxxxxxxxxpredictiveMedium
81Argumentxxxxx/xxxxxxpredictiveMedium
82ArgumentxxxxpredictiveLow
83ArgumentxxxxpredictiveLow
84ArgumentxxxxxpredictiveLow
85Argumentxxx_xxxxpredictiveMedium
86ArgumentxxxxpredictiveLow
87Argumentxxxx_xxxxxxxxxxpredictiveHigh
88ArgumentxxxxxpredictiveLow
89Argumentxxxx_xxxxpredictiveMedium
90ArgumentxxxxxxxxpredictiveMedium
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxxxxpredictiveMedium
93ArgumentxxxxxxpredictiveLow
94ArgumentxxxxxxxxxxxxxpredictiveHigh
95Argumentxxxxxx_xxxxxxxxpredictiveHigh
96Argumentxxxxxxx/xxxxxxxpredictiveHigh
97Argumentxxxx/xxxxxx xxxxpredictiveHigh
98Argumentxxxx_xxxpredictiveMedium
99ArgumentxxxpredictiveLow
100Argumentxxx_xxxpredictiveLow
101ArgumentxxxxxxpredictiveLow
102ArgumentxxxxxxxxpredictiveMedium
103ArgumentxxxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!